Overly permissive request parameters detected.

Rule ID: ruby_rails_permissive_parameters
Languages: ruby
Source: <a class="text-main dark:text-main-300 hover:underline" href="https://github.com/bearer/bearer-rules/blob/main/ruby/rails/permissive_parameters.yml">permissive_parameters.yml

Description

Being overly permissive with request parameters can allow an attacker to update arbitrary model attributes.

❌ Avoid blanket permitting of parameters:

params.permit!

✅ Only permit parameters the user should be able to update:

params.permit(:name, :email)