Created
June 4, 2015 20:47
-
-
Save eddanger/9408317d5d508d8e9ba7 to your computer and use it in GitHub Desktop.
Mongo BSON Injection: Ruby Regexps Strike Again
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html | |
| # There’s a subtle bug in BSON-ruby implementation, leading in best case | |
| # scenario to low-severity DoS, but most likely to critical BSON Injection | |
| # (similar to SQL injection) - depends on gem versions you use. | |
| # b = Moped::BSON::ObjectId | |
| # puts "Injection!" if b.legal? "a"*24+"\na" | |
| # puts "DOS" if b.legal? "a"*24+"\n" | |
| module Moped | |
| module BSON | |
| class ObjectId | |
| def self.legal?(s) | |
| /\A\h{24}\z/ === s.to_s | |
| end | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment