Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
55
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
110
The Evolution of Rails Security
presidentbeef
1
670
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
100
Practical Static Analysis for Continuous Application Security
presidentbeef
0
150
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
330
Continuous Security with Practical Static Analysis
presidentbeef
1
250
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
170
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.1k
Tales from the Crypt
presidentbeef
1
170
Other Decks in Programming
See All in Programming
GoでParserを書く
karupanerura
3
450
『WordPressコミュニティで学ぶ』OSS貢献の多様性
ippey
0
290
ts-morphを使ってコードリプレイスとASTへのハードルを下げる!
nyawach
5
330
RuboCop: LSP and Prism
koic
1
110
How to implement a RubyVM with PHP?
memory1994
PRO
2
1.1k
TypeScriptから始める VR生活
tamagokakeg
2
140
Open standards for building event-driven applications in the cloud
meteatamel
0
240
戦略的DDDは重いのか? / Is strategic DDD heavy?
pictiny
3
2.2k
酒飲んでたらテックリードになった話
spbaya0141
0
210
ペパボOpenTelemetry革命
pyama86
2
1.2k
Next.js App Router
quramy
14
2.3k
freeeのエンジニアが 就活で出そうな コーディングテストを 解説してみる
freee
1
180
Featured
See All Featured
Atom: Resistance is Futile
akmur
260
25k
GitHub's CSS Performance
jonrohan
1025
450k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
21
2k
Teambox: Starting and Learning
jrom
128
8.4k
Building Applications with DynamoDB
mza
88
5.7k
Art, The Web, and Tiny UX
lynnandtonic
290
19k
The Mythical Team-Month
searls
217
42k
Designing with Data
zakiwarfel
96
4.8k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
14
8.4k
Building Your Own Lightsaber
phodgson
100
5.7k
Stop Working from a Prison Cell
hatefulcrawdad
266
19k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1