Skip to content

Commit

Permalink
Add change note and update severity
Browse files Browse the repository at this point in the history
  • Loading branch information
@joefarebrother
joefarebrother committed Mar 22, 2024
1 parent b741453 commit 01f7124
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
4 changes: 4 additions & 0 deletions ruby/ql/src/change-notes/2024-03-22-mass-assignment.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: newQuery
---
* Added a new query, `ruby/insecure-mass-assignment`, for finding instances of mass assignment operations accepting arbitrary parameters from remote user input.
2 changes: 1 addition & 1 deletion ruby/ql/src/queries/security/cwe-915/MassAssignment.ql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* @description Using mass assignment with user-controlled attributes allows unintended parameters to be set.
* @kind path-problem
* @problem.severity error
* @security-severity 7.5
* @security-severity 9.8
* @precision high
* @id ruby/insecure-mass-assignment
* @tags security
Expand Down

0 comments on commit 01f7124

Please sign in to comment.