Skip to content

Commit

Permalink
Fix ActiveRecord::Encryption protection
Browse files Browse the repository at this point in the history 
It's currently possible to override the encryption context set by `console1984` to protect encrypted data. It looks like we intended to add a protection to this, but an unexisting constant was added to the protection list instead.

This commit fixes this protection by changing the protected constant from `ActiveRecord::ActiveRecordEncryption` to `ActiveRecord::Encryption`

Closes #120
  • Loading branch information
@neilvcarvalho @rosa
neilvcarvalho authored and rosa committed Aug 21, 2024
1 parent f7b85df commit dc1af9f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion config/protections.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ validations:
protected:
- PG
- Mysql2
- ActiveRecord::ActiveRecordEncryption
- ActiveRecord::Encryption
suspicious_terms:
- console_1984
- Console1984
Expand Down

0 comments on commit dc1af9f

Please sign in to comment.