Basics
This check is disabled by default.
Learn how to enable it via .credo.exs.
This check has a base priority of high and works with any version of Elixir.
Explanation
Actions that accept privilege-related fields like :is_admin or
:permissions can allow users to escalate their own permissions.
Set these fields via change modules instead.
create :register do
accept [:name, :email]
change set_attribute(:role, :user)
endCreate, update, and soft destroy actions are checked. Hard destroy
actions are not: Ash resets their accept to [] at compile time,
so an accept list there takes no input.
Test directories are excluded by default, since test factories and seeds
often accept these fields on purpose. Override excluded_paths to scope
the check differently.
Check-Specific Parameters
Use the following parameters to configure this check:
:dangerous_fields
Field names that should not appear in accept lists. Atom entries match exactly; Regex entries (e.g. ~r/_token$/) match against the field name.
This parameter defaults to [:is_admin, :admin, :permissions, :api_key, :secret_key].
:excluded_paths
List of paths or regexes to exclude from this check. Defaults to test directories, since accepting these fields is often intentional in test setup.
This parameter defaults to [~r/\/test\//, "test"].
General Parameters
Like with all checks, general params can be applied.
Parameters can be configured via the .credo.exs config file.