Basics
This check is disabled by default.
Learn how to enable it via .credo.exs.
This check has a base priority of high and works with any version of Elixir.
Explanation
Actions that accept privilege-related fields like :is_admin or
:permissions can allow users to escalate their own permissions.
Set these fields via change modules instead.
create :register do
accept [:name, :email]
change set_attribute(:role, :user)
endCheck-Specific Parameters
Use the following parameters to configure this check:
:dangerous_fields
Field names that should not appear in accept lists.
This parameter defaults to [:is_admin, :admin, :permissions, :api_key, :secret_key].
General Parameters
Like with all checks, general params can be applied.
Parameters can be configured via the .credo.exs config file.