You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# app/models/user.rb
class User
enum status: [:sad, :bored, :happy]
end
In a controller, I want to receive params[:status] and return all users with that status
i.e.
# app/controllers/users_controller.rb
class UsersController << ApplicationController
def index_status
status = "#{params[:status]}"
if User.statuses.include? status
@status = status.to_sym
@countries = User.send(@status)
else
redirect_to root_path, notice: 'Invalid status'
end
end
*** What problem are you seeing?
The code works, but Brakeman gives me a dangerous send - User controlled method execution warning for the line
@countries = User.send(@status)
This was asked as a question on SO, and Justin posted a comment that Brakeman does not understand enums
The text was updated successfully, but these errors were encountered:
Background
Brakeman version: 4.8.2
Rails version: 6.0.3.2
Ruby version: 2.6.6
Rails application code
Consider a User model
In a controller, I want to receive
params[:status]
and return all users with that statusi.e.
*** What problem are you seeing?
The code works, but
Brakeman
gives me adangerous send - User controlled method execution
warning for the lineThis was asked as a question on SO, and Justin posted a comment that Brakeman does not understand enums
The text was updated successfully, but these errors were encountered: