hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 07:45:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
a45366e426137ae1192c2139bf35db520a914223
codeql/ql/test/library-tests/frameworks/ActiveRecordInjection.rb
Alex Ford 214532516b try to avoid a future merge conflict
2021-06-17 14:41:51 +01:00

52 lines
1.1 KiB
Ruby
Raw Blame History

class UserGroup < ActiveRecord::Base
has_many :users
end
class User < ApplicationRecord
belongs_to :user_group
end
class Admin < User
end
class FooController < ActionController::Base
MAX_USER_ID = 100_000
# A string tainted by user input is inserted into an SQL query
def some_request_handler
# SELECT AVG(#{params[:column]}) FROM "users"
User.calculate(:average, params[:column])
# DELETE FROM "users" WHERE (id = #{params[:id]})
User.delete_all("id = #{params[:id]}")
# SELECT "users".* FROM "users" WHERE (id = #{params[:id]})
User.destroy_all(["id = #{params[:id]}"])
# SELECT "users".* FROM "users" WHERE id BETWEEN #{params[:min_id]} AND 100000
User.where(<<-SQL, MAX_USER_ID)
id BETWEEN #{params[:min_id]} AND ?
SQL
UserGroup.joins(:users).where("user.id = #{params[:id]}")
end
end
class BarController < ApplicationController
def some_other_request_handler
ps = params
uid = ps[:id]
# DELETE FROM "users" WHERE (id = #{uid})
User.delete_all("id = " + uid)
end
end
class BazController < BarController
end
Reference in New Issue View Git Blame Copy Permalink