Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
64
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
130
The Evolution of Rails Security
presidentbeef
1
780
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
130
Practical Static Analysis for Continuous Application Security
presidentbeef
0
190
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
420
Continuous Security with Practical Static Analysis
presidentbeef
1
290
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
220
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.2k
Tales from the Crypt
presidentbeef
1
220
Other Decks in Programming
See All in Programming
Bedrock × Confluenceで簡単(?)社内RAG
iharuoru
1
100
PHP で学ぶ OAuth 入門
azuki
1
220
Enterprise Web App. Development (1): Build Tool Training Ver. 5
knakagawa
1
120
メモリウォールを超えて:キャッシュメモリ技術の進歩
kawayu
0
1.9k
By the way Google Cloud Next 2025に行ってみてどうだった
ymd65536
0
110
新しいPHP拡張モジュールインストール方法「PHP Installer for Extensions (PIE)」を使ってみよう!
cocoeyes02
0
440
インプロセスQAにおいて大事にしていること / In-process QA Meetup
medley
0
100
Bedrock×MCPで社内ブログ執筆文化を育てたい!
har1101
6
1.3k
VitestのIn-Source Testingが便利
taro28
8
2.3k
Make Parsers Compatible Using Automata Learning
makenowjust
2
6.1k
Lambda(Python)の リファクタリングが好きなんです
komakichi
3
230
2ヶ月で生産性2倍、お買い物アプリ「カウシェ」4チーム同時改善の取り組み
ike002jp
1
110
Featured
See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
How to Ace a Technical Interview
jacobian
276
23k
Why You Should Never Use an ORM
jnunemaker
PRO
56
9.3k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
227
22k
RailsConf 2023
tenderlove
30
1.1k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
47
2.7k
KATA
mclloyd
29
14k
Faster Mobile Websites
deanohume
306
31k
VelocityConf: Rendering Performance Case Studies
addyosmani
329
24k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2k
Side Projects
sachag
453
42k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1