Skip to content

Commit

Permalink
Add additional params methods
Browse files Browse the repository at this point in the history
  • Loading branch information
@mschwager
mschwager committed Dec 16, 2024
1 parent 6283f58 commit 22a8f8a
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 0 deletions.
6 changes: 6 additions & 0 deletions ruby/rails-params-json.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ def create
# ok: rails-params-json
id4 = params[:something][:id]

# ruleid: rails-params-json
id5 = params.fetch(:_json)

# ruleid: rails-params-json
id6 = params.fetch(:_json, {})

# ruleid: rails-params-json
product_params = params.require(:_json).map do |product|
product.permit(:name, :price)
Expand Down
5 changes: 5 additions & 0 deletions ruby/rails-params-json.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,13 @@ rules:
references:
- https://nastystereo.com/security/rails-_json-juggling-attack.html
- https://api.rubyonrails.org/v5.1.7/classes/ActionDispatch/Http/Parameters.html
- https://api.rubyonrails.org/classes/ActionController/Parameters.html
pattern-either:
- pattern: "params[:_json]"
- pattern: "params['_json']"
- pattern: "params.require(:_json)"
- pattern: "params.require('_json')"
- pattern: "params.fetch(:_json, ...)"
- pattern: "params.fetch('_json', ...)"
- pattern: "params.dig(:_json, ...)"
- pattern: "params.dig('_json', ...)"

0 comments on commit 22a8f8a

Please sign in to comment.