# Unguarded Models Analyzer

Category Severity Time To Fix
🛡️ Security Major 30 minutes

Class: Enlightn\Enlightn\Analyzers\Security\UnguardedModelsAnalyzer

# Introduction

This analyzer checks whether your application unguards models. Unguarding models can expose your application to mass assignment vulnerabilities.

# Why Not Unguard?

Guarding models is Laravel's mechanism to protect against mass assignment. While properly validating requests can mitigate the risk of mass assignment, guarding models by default makes your code more readable towards mass assignment vulnerabilities.

Consider the following code:

$user->fill($request->all())->save();

If the User model is unguarded, the above code can result in a mass assignment vulnerability.

However, if you have the User model as guarded, you would need to change the above code to:

$user->forceFill($request->all())->save();

This code is much more readable. A simple scan of the above code signals to the code reviewer that there may be a possible mass assignment vulnerability in play.

This is why it is not recommended to unguard models.

# References