Created
May 7, 2014 09:42
-
-
Save ideasasylum/3e85fb520f03d5b672d7 to your computer and use it in GitHub Desktop.
Check for unsafe query risk in active_record in Postgres
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Check for vulnerability to the unsafe query risk in Rails mentioned here: https://groups.google.com/forum/#!topic/rubyonrails-security/8CVoclw-Xkk | |
| -- Are any columns named the same as their table? (high risk) | |
| select * from information_schema.columns where table_name = column_name; | |
| -- Are any columns named the same as any other table (might pose a risk during join) | |
| select * from information_schema.columns where column_name in (select distinct table_name from information_schema.columns); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment