Mass Assignment Testing

Understand how mass assignment poses security risks in Rails applications and learn to write tests that verify proper use of strong parameters. Explore techniques to prevent unauthorized attribute updates by testing controller methods and workflows.

We'll cover the following...

Mass assignment testing
Whitelisting attributes
Strong parameters definition
Mass assignment testing workflow
Testing strong parameters

Mass assignment testing

Mass assignment is a common Rails security issue, caused by Rails’s ability to save an arbitrary hash of attribute names and values to an instance by sending an entire hash as a parameter, as in new(params[:user]), create(params[:user]), or update_attributes(params[:user]). The security issue happens when somebody hacks a request and adds unexpected attributes to the incoming parameters, typically an attribute that we wouldn’t want an arbitrary user to change, such as User#admin or Project#public. (GitHub was famously hacked via this ...

1.Introduction

2.Test-Driven Fable

3.Test-Driven Development Basics

4.Test-Driven Rails

Project

5.What Makes a Great Test?

6.Testing Models

7.Adding Data to Tests

8.Using Test Doubles as Mocks and Stubs

9.Integration Testing with Capybara and Cucumber

10.Testing JavaScript: Integration Testing

11.Unit-Testing Javascript

12.Testing Rails Display Elements

13.Minitest

14.Testing for Security

15.Testing External Services

16.Troubleshooting and Debugging

17.Running Tests Faster and Running Faster Tests

18.Testing Legacy Code

Mass Assignment Testing

Mass assignment testing