Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
69
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
150
The Evolution of Rails Security
presidentbeef
1
820
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
140
Practical Static Analysis for Continuous Application Security
presidentbeef
0
200
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
450
Continuous Security with Practical Static Analysis
presidentbeef
1
320
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
240
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.2k
Tales from the Crypt
presidentbeef
1
240
Other Decks in Programming
See All in Programming
Devvox Belgium - Agentic AI Patterns
kdubois
1
130
品質ワークショップをやってみた
nealle
0
570
Leading Effective Engineering Teams in the AI Era
addyosmani
7
510
いま中途半端なSwift 6対応をするより、Default ActorやApproachable Concurrencyを有効にしてからでいいんじゃない?
yimajo
2
440
iOSエンジニア向けの英語学習アプリを作る!
yukawashouhei
0
200
When Dependencies Fail: Building Antifragile Applications in a Fragile World
selcukusta
0
110
バッチ処理を「状態の記録」から「事実の記録」へ
panda728
PRO
0
170
contribution to astral-sh/uv
shunsock
0
120
理論と実務のギャップを超える
eycjur
0
170
iOSでSVG画像を扱う
kishikawakatsumi
0
140
大規模アプリのDIフレームワーク刷新戦略 ~過去最大規模の並行開発を止めずにアプリ全体に導入するまで~
mot_techtalk
1
470
デミカツ切り抜きで面倒くさいことはPythonにやらせよう
aokswork3
0
250
Featured
See All Featured
The Pragmatic Product Professional
lauravandoore
36
7k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.7k
What's in a price? How to price your products and services
michaelherold
246
12k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.2k
Testing 201, or: Great Expectations
jmmastey
45
7.7k
The World Runs on Bad Software
bkeepers
PRO
72
11k
Being A Developer After 40
akosma
91
590k
A better future with KSS
kneath
239
18k
BBQ
matthewcrist
89
9.8k
Building Better People: How to give real-time feedback that sticks.
wjessup
369
20k
A designer walks into a library…
pauljervisheath
209
24k
Context Engineering - Making Every Token Count
addyosmani
7
270
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1