We are sunsetting Hakiri on January 31 2022. To learn more please refer to this document.

Discovered 6 months ago
Source: static code analysis
Category: Mass Assignment
Confidence level: Weak


Unprotected mass assignment



IgnoredUser.create!(:user => current_user, :ignored_user => fetch_user_from_params, :expiring_at => Time.parse(params[:expiring_at]))

Category description: Unprotected model attributes give the attacker a way to rewrite them. E.g., change the admin flag to true.

Solution: fix the issue in app/controllers/users_controller.rb or mark it as false positive.