Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Check for unsafe query risk in active_record in Postgres
-- Check for vulnerability to the unsafe query risk in Rails mentioned here: https://groups.google.com/forum/#!topic/rubyonrails-security/8CVoclw-Xkk
-- Are any columns named the same as their table? (high risk)
select * from information_schema.columns where table_name = column_name;
-- Are any columns named the same as any other table (might pose a risk during join)
select * from information_schema.columns where column_name in (select distinct table_name from information_schema.columns);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment