API tools faq
paste
Guest User

testSanitizer.rb

a guest
Oct 30th, 2017
31
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 0.72 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/ruby
  2. require 'active_record'
  3.  
  4. ActiveRecord::Base.establish_connection(
  5.   adapter: 'postgresql',
  6.   database: 'pgservice_development',
  7.   username: 'webuser',
  8.   password: 'qwer',
  9.   host:     'localhost',
  10.   port:       5432
  11. )
  12.  
  13. class User < ActiveRecord::Base
  14. end
  15.  
  16. param = ARGV[0]
  17. sanitizedParam = ActiveRecord::Base::sanitize(ARGV[0])
  18. sanitizedQuery = "Sanitized Query: select * from login where userid=#{sanitizedParam}"
  19. query = "Normal query: select * from login where userid='#{param}'"
  20.  
  21. puts sanitizedQuery
  22. puts query
  23.  
  24.  
  25. #Sample usage: ruby testSanitizer.rb "' or 1=1--"
  26. # => The above query returns first row of the table if not sanitized. By using ActiveRecord::Base.sanitize, this problem is prevented.
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!