Insecure Use of SQL Queries

Why is this important?

SQL injections are dangerous because they can be easily identified by attackers. Hackers can use SQL injections to read from and sometimes even write to your database. SQL injections are very common and have been the cause of many high-profile breaches.

Also, Ruby Gems with combined total downloads of over 400 million were affected by this security issue.

Check out this video for a high-level explanation:

SQL Injection Explanation Video

This is a biggie, read below to find out how to fix it.

Fixing Insecure Use of SQL Queries

Option A: Use the Built-in Filter for Special SQL Characters

  1. Go through the issues that GuardRails identified in the PR.
  2. Replace the code that has either Model.where(...) like:

     Project.where("name = '#{params[:name]}'")
    

    or Model.find_by(...) like:

     User.find_by("login = '#{params[:name]}' AND password = '#{params[:password]}'")
    

    with either an Array, where the first string is hard-coded and contains a ? for every following variable:

     Model.where("login = ? AND password = ?", entered_user_name, entered_password).first
    

    or a Hash for all variables:

     Model.where(login: entered_user_name, password: entered_password).first
    
  3. The solution works for both Model.where(...) and Model.find_by(...)

  4. Test it
  5. Ship it 🚢 and relax 🌴

Option B: Use sanitize_sql()

  1. Go through the issues that GuardRails identified in the PR.
  2. Replace the code that has either Model.where(...) like:

     Project.where("name = '#{params[:name]}'")
    

    or Model.find_by(...) like:

     User.find_by("login = '#{params[:name]}' AND password = '#{params[:password]}'")
    

    like so:

     Project.where("name = '#{sanitize_sql(params[:name])}'")
    
  3. The solution works for both Model.where(...) and Model.find_by(...)

  4. Test it
  5. Ship it 🚢 and relax 🌴

More information: