-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathWeakParams.qhelp
More file actions
28 lines (26 loc) · 920 Bytes
/
WeakParams.qhelp
File metadata and controls
28 lines (26 loc) · 920 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
Directly checking request parameters without following a strong params
pattern can lead to unintentional avenues for injection attacks.
</p>
</overview>
<recommendation>
<p>
Instead of manually checking parameters from the `param` object, it is
recommended that you follow the strong parameters pattern established in
Rails: https://api.rubyonrails.org/classes/ActionController/StrongParameters.html
</p>
<p>
In the strong parameters pattern, you are able to specify required and allowed
parameters for each action called by your controller methods. This acts as an
additional layer of data validation before being passed along to other areas
of your application, such as the model.
</p>
</recommendation>
<references>
</references>
</qhelp>