Use the hashie-forbideen_attributes gem

This gem prevents Mash from responding to :permitted?, disabling mass assignment protection for the Grape API

Use the hashie-forbideen_attributes gem
This gem prevents Mash from responding to :permitted?, disabling mass assignment protection for the Grape API
8559a900 · andrew brown · 5e1a802b · 8559a900 · 8559a900 · 8559a900
Commit 8559a900 authored Apr 09, 2017 by andrew brown
Showing with 11 additions and 1 deletion

Gemfile Gemfile +3 -0

Gemfile.lock Gemfile.lock +4 -1

changelogs/unreleased/use-hashie-forbidden_attributes.yml changelogs/unreleased/use-hashie-forbidden_attributes.yml +4 -0

No files found.
--- a/Gemfile
+++ b/Gemfile
@@ -73,6 +73,9 @@ gem 'grape', '~> 0.19.0'
 gem 'grape-entity', '~> 0.6.0'
 gem 'rack-cors', '~> 0.4.0', require: 'rack/cors'

+# Disable strong_params so that Mash does not respond to :permitted?
+gem 'hashie-forbidden_attributes'
+
 # Pagination
 gem 'kaminari', '~> 0.17.0'


--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -346,6 +346,8 @@ GEM
      tilt
    hashdiff (0.3.2)
    hashie (3.5.5)
+    hashie-forbidden_attributes (0.1.1)
+      hashie (>= 3.0)
    health_check (2.6.0)
      rails (>= 4.0)
    hipchat (1.5.2)
@@ -915,6 +917,7 @@ DEPENDENCIES
  grape-entity (~> 0.6.0)
  haml_lint (~> 0.21.0)
  hamlit (~> 2.6.1)
+  hashie-forbidden_attributes
  health_check (~> 2.6.0)
  hipchat (~> 1.5.0)
  html-pipeline (~> 1.11.0)
@@ -1035,4 +1038,4 @@ DEPENDENCIES
  wikicloth (= 0.8.1)

 BUNDLED WITH
-   1.14.5
+   1.14.6
--- a/changelogs/unreleased/use-hashie-forbidden_attributes.yml
+++ b/changelogs/unreleased/use-hashie-forbidden_attributes.yml
+---
+title: Add hashie-forbidden_attributes gem
+merge_request: 10579
+author: Andy Brown