diff options
author | andrew brown <aebrownz11@gmail.com> | 2017-04-09 12:41:23 -0700 |
---|---|---|
committer | andrew brown <aebrownz11@gmail.com> | 2017-04-09 12:56:46 -0700 |
commit | 8559a900641806b54a78737679060099e34b2baa (patch) | |
tree | 30b72c6f46d5da8b58bab11930a8e125a468f4e8 | |
parent | 5e1a802b15af4ba991f9ed85a691f1a925cc0edf (diff) | |
download | gitlab-ce-8559a900641806b54a78737679060099e34b2baa.tar.gz |
Use the hashie-forbideen_attributes gem
This gem prevents Mash from responding to :permitted?, disabling mass
assignment protection for the Grape API
-rw-r--r-- | Gemfile | 3 | ||||
-rw-r--r-- | Gemfile.lock | 5 | ||||
-rw-r--r-- | changelogs/unreleased/use-hashie-forbidden_attributes.yml | 4 |
3 files changed, 11 insertions, 1 deletions
@@ -73,6 +73,9 @@ gem 'grape', '~> 0.19.0' gem 'grape-entity', '~> 0.6.0' gem 'rack-cors', '~> 0.4.0', require: 'rack/cors' +# Disable strong_params so that Mash does not respond to :permitted? +gem 'hashie-forbidden_attributes' + # Pagination gem 'kaminari', '~> 0.17.0' diff --git a/Gemfile.lock b/Gemfile.lock index d7e3f7343d0..bb91db1e805 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -346,6 +346,8 @@ GEM tilt hashdiff (0.3.2) hashie (3.5.5) + hashie-forbidden_attributes (0.1.1) + hashie (>= 3.0) health_check (2.6.0) rails (>= 4.0) hipchat (1.5.2) @@ -915,6 +917,7 @@ DEPENDENCIES grape-entity (~> 0.6.0) haml_lint (~> 0.21.0) hamlit (~> 2.6.1) + hashie-forbidden_attributes health_check (~> 2.6.0) hipchat (~> 1.5.0) html-pipeline (~> 1.11.0) @@ -1035,4 +1038,4 @@ DEPENDENCIES wikicloth (= 0.8.1) BUNDLED WITH - 1.14.5 + 1.14.6 diff --git a/changelogs/unreleased/use-hashie-forbidden_attributes.yml b/changelogs/unreleased/use-hashie-forbidden_attributes.yml new file mode 100644 index 00000000000..4f429b03a0d --- /dev/null +++ b/changelogs/unreleased/use-hashie-forbidden_attributes.yml @@ -0,0 +1,4 @@ +--- +title: Add hashie-forbidden_attributes gem +merge_request: 10579 +author: Andy Brown |