Created
May 6, 2014 17:45
-
-
Save hoffm/4e04a2f7782c33338308 to your computer and use it in GitHub Desktop.
This gist contains a script that will check for collisions between the database table names and column names associated with ActiveRecord models. This type of collision was just revealed to be a security risk in this advisory: https://groups.google.com/forum/#!topic/rubyonrails-security/8CVoclw-Xkk
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def check | |
ActiveRecord::Base.send(:subclasses).each do |klass| | |
if klass.column_names.include?(klass.table_name) | |
raise "#{klass.to_s}'s table name collides with column #{klass.table_name}" | |
end | |
end | |
puts "All Clear." | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment