hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/ruby/ql/test/query-tests/security/cwe-089/ArelInjection.rb
Joe Farebrother 2257df5c6f Model Arel::Nodes::SqlLiteral.new
2024-02-26 10:09:33 +00:00

9 lines
306 B
Ruby
Raw Permalink Blame History

class PotatoController < ActionController::Base
def unsafe_action
name = params[:user_name]
# BAD: SQL statement constructed from user input
sql = Arel.sql("SELECT * FROM users WHERE name = #{name}")
sql = Arel::Nodes::SqlLiteral.new("SELECT * FROM users WHERE name = #{name}")
end
end
Reference in New Issue View Git Blame Copy Permalink