Skip to content

authorNari/safe_record

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
lib
lib
 
 
tasks
tasks
 
 
test
test
 
 
MIT-LICENSE
MIT-LICENSE
 
 
README
README
 
 
Rakefile
Rakefile
 
 
init.rb
init.rb
 
 
install.rb
install.rb
 
 
uninstall.rb
uninstall.rb
 
 

Repository files navigation

= Safe Record

== Overview

Safe Record is a Rails plugin to detect potential SQL injection
vulnerabilities with the taint mechanism of Ruby.  It will raise an
exception when a tainted string is passed as SQL.

Safe Record is experimental, so do NOT use in a production environment.

== Example

  # raises an exception!!
  post = Post.find(:first,
    :conditions => "title = '#{params[:title]}'")

  # OK :)
  post = Post.find(:first,
    :conditions => [
      "title = ?",
      params[:title]
    ])

  # Good :)
  post = Post.find_by_title(params[:title])

== Installation

This plugin depends on a Rails plugin, Safe ERB.
((<URL|http://wiki.rubyonrails.com/rails/pages/Safe+ERB>))

Please perform the following steps to install Safe ERB and Safe Record.

(1) install Safe ERB

      $ script/plugin install \
        http://safe-erb.rubyforge.org/svn/plugins/safe_erb/

(2) install Safe Record

      $ script/plugin install \
        git://github.com/authorNari/safe_record.git

== Original Author

Shugo Maeda

== Maintainer

Narihiro Nakamura

== Special Thanks

Shinya Kasatani (the author of Safe ERB)

== Contact

Narihiro Nakamura <authorNari at gmail.com>

About

Rails plugin. check SQL escape

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages