Breakman is static analysis security scanner for Ruby on Rails. It's open source vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.
I will share some trick to avoid Breakman SQL Injection medium settings warning.
1. Example Case "IN query":
Wrong Format :
id = [1,2,3,4,5]
query = self.find(:all, :conditions =>["id in ("+id.joins(",")+")"])
Correct Format :
id = [1,2,3,4,5]
query = self.find(:all, :conditions =>["id in (?)", id])
or
query = self.where("id in (?)", id)
2. Example Case "string query":
Wrong Format :
query = self.where("id = '"+id+"' and place = '"+place+"' and user = '"+user+"' ")
Correct Format :
query_conditions = []
unless id.blank?
query_conditions << {"id = '"+id+"'"}
end
unless id.blank?
query_conditions << {"place= '"+place+"'"}
end
unless id.blank?
query_conditions << {"user = '"+user+"'"}
end
query_where = query_conditions.joins("and")
result = self.where(query_where)
I will share some trick to avoid Breakman SQL Injection medium settings warning.
1. Example Case "IN query":
Wrong Format :
id = [1,2,3,4,5]
query = self.find(:all, :conditions =>["id in ("+id.joins(",")+")"])
Correct Format :
id = [1,2,3,4,5]
query = self.find(:all, :conditions =>["id in (?)", id])
or
query = self.where("id in (?)", id)
2. Example Case "string query":
Wrong Format :
query = self.where("id = '"+id+"' and place = '"+place+"' and user = '"+user+"' ")
Correct Format :
query_conditions = []
unless id.blank?
query_conditions << {"id = '"+id+"'"}
end
unless id.blank?
query_conditions << {"place= '"+place+"'"}
end
unless id.blank?
query_conditions << {"user = '"+user+"'"}
end
query_where = query_conditions.joins("and")
result = self.where(query_where)