Upgrade to Pro — share decks privately, control downloads, hide ads and more …

"Recent Rails SQL Issues" - 2012

Justin Collins
April 23, 2015
Programming
0
62

"Recent Rails SQL Issues" - 2012

Justin Collins

April 23, 2015
Tweet

More Decks by Justin Collins

See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
120
The Evolution of Rails Security
presidentbeef
1
740
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
110
Practical Static Analysis for Continuous Application Security
presidentbeef
0
160
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
370
Continuous Security with Practical Static Analysis
presidentbeef
1
270
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
190
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.1k
Tales from the Crypt
presidentbeef
1
190

Other Decks in Programming

See All in Programming
よくできたテンプレート言語として TypeScript + JSX を利用する試み / Using TypeScript + JSX outside of Web Frontend #TSKaigiKansai
izumin5210
6
1.7k
エンジニアとして関わる要件と仕様(公開用)
murabayashi
0
280
レガシーシステムにどう立ち向かうか 複雑さと理想と現実/vs-legacy
suzukihoge
14
2.2k
Why Jakarta EE Matters to Spring - and Vice Versa
ivargrimstad
0
1.1k
Click-free releases & the making of a CLI app
oheyadam
2
110
Pinia Colada が実現するスマートな非同期処理
naokihaba
4
220
Flutterを言い訳にしない!アプリの使い心地改善テクニック5選🔥
kno3a87
1
150
役立つログに取り組もう
irof
28
9.6k
Arm移行タイムアタック
qnighy
0
310
Tauriでネイティブアプリを作りたい
tsucchinoko
0
370
アジャイルを支えるテストアーキテクチャ設計/Test Architecting for Agile
goyoki
9
3.3k
2024/11/8 関西Kaggler会 2024 #3 / Kaggle Kernel で Gemma 2 × vLLM を動かす。
kohecchi
5
910

Featured

See All Featured
Designing for humans not robots
tammielis
250
25k
Gamification - CAS2011
davidbonilla
80
5k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Designing the Hi-DPI Web
ddemaree
280
34k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k

Transcript

  1. Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661

  2. CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x

    and 3.x

  3. ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end

  4. Query Parameters ?name[] {"name"=>[nil]}

  5. ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end

  6. Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL

  7. CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query

    keys Affects Rails 3.x

  8. ActiveRecord Query User.where(:name => params[:name])

  9. ActiveRecord Query User.where("users.name" => params[:name])

  10. Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}

  11. ActiveRecord Query User.where(:name => {"users.id" => "1"})

  12. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1

  13. Unreleased Vulnerability Allows some manipulation of WHERE clause via nested

    hashes in query values Affects 2.3.x and 3.x

  14. ActiveRecord Query User.where(:name => params[:name], :password => params[:password])

  15. Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}

  16. ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )

  17. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1 AND "users"."id" = 1