Skip to content

Instantly share code, notes, and snippets.

@hoffm
Created May 6, 2014 17:45
Show Gist options
  • Save hoffm/4e04a2f7782c33338308 to your computer and use it in GitHub Desktop.
Save hoffm/4e04a2f7782c33338308 to your computer and use it in GitHub Desktop.
This gist contains a script that will check for collisions between the database table names and column names associated with ActiveRecord models. This type of collision was just revealed to be a security risk in this advisory: https://groups.google.com/forum/#!topic/rubyonrails-security/8CVoclw-Xkk
def check
ActiveRecord::Base.send(:subclasses).each do |klass|
if klass.column_names.include?(klass.table_name)
raise "#{klass.to_s}'s table name collides with column #{klass.table_name}"
end
end
puts "All Clear."
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment