AshCredo.Check.Warning.SensitiveFieldInAccept (ash_credo v0.16.1)

Copy Markdown View Source

Basics

This check is disabled by default.

Learn how to enable it via .credo.exs.

This check has a base priority of high and works with any version of Elixir.

Explanation

Actions that accept privilege-related fields like :is_admin or :permissions can allow users to escalate their own permissions. Set these fields via change modules instead.

create :register do
  accept [:name, :email]

  change set_attribute(:role, :user)
end

Create, update, and soft destroy actions are checked. Hard destroy actions are not: Ash resets their accept to [] at compile time, so an accept list there takes no input.

Test directories are excluded by default, since test factories and seeds often accept these fields on purpose. Override excluded_paths to scope the check differently.

Check-Specific Parameters

Use the following parameters to configure this check:

:dangerous_fields

Field names that should not appear in accept lists. Atom entries match exactly; Regex entries (e.g. ~r/_token$/) match against the field name.

This parameter defaults to [:is_admin, :admin, :permissions, :api_key, :secret_key].

:excluded_paths

List of paths or regexes to exclude from this check. Defaults to test directories, since accepting these fields is often intentional in test setup.

This parameter defaults to [~r/\/test\//, "test"].

General Parameters

Like with all checks, general params can be applied.

Parameters can be configured via the .credo.exs config file.