每当有人尝试批量分配受保护的属性时抛出异常
我正在修复客户端应用程序中的一些批量分配漏洞,并且我想确保 Rails 不会默默地放弃批量分配受保护属性的尝试。相反,我想抛出一个异常,以便我可以进行调查。
即,每当这通常出现在日志中时:
WARNING: Can't mass-assign these protected attributes: ...
我想改为抛出异常(或另外)
编辑:我正在使用 Rails 2.3.4
I'm fixing some mass assignment vulnerabilities in a client's application and I want to make sure Rails isn't silently dropping attempts to mass assign protected attributes. Instead, I want to throw an exception so I can investigate.
I.e., whenever this would normally appear in the logs:
WARNING: Can't mass-assign these protected attributes: ...
I'd like to throw an exception instead (or in addition)
Edit: I'm using Rails 2.3.4
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您必须对 Rails 进行一些猴子修补才能做到这一点。请务必仅在开发和/或测试中使用此代码,因为如果用户尝试批量分配,您不希望应用程序引发错误。我会将以下内容添加到 config/initializers/error_mass_assign.rb 中:
这将引发常规警告,但在测试和开发环境中随时都会引发 RuntimeError 并显示消息“批量分配错误”受保护的属性是批量分配的。如果您更喜欢其他异常,您还可以修改上面代码中的错误消息或错误。
请务必重新启动控制台或服务器才能生效。
PS:在 Rails 2 中,您需要执行以下操作:
You'll have to do some Rails monkey-patching to do this. Be sure to only use this code in development and/or test though since you don't want your app raising errors if a user tries to mass-assign. I would add the following to
config/initializers/error_mass_assign.rb:This will raise the regular warning, but it will also raise a RuntimeError with the message "Mass assignment error" when in test and development environments anytime protected attributes are mass-assigned. You can also modify the error message or error in the code above if you prefer another exception.
Be sure to restart your console or server for this to take effect.
P.S: In Rails 2 you'll want to do the following: