codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

Ruby: ActiveRecord - refine `conditions` argument as an SQLi sink

Open alexrford opened this issue 1 year ago • 0 comments

See https://guides.rubyonrails.org/v2.3/active_record_querying.html#conditions

We previously assumed a string argument - but array arguments are only vulnerable if the first element is tainted.

alexrford avatar Apr 11 '24 12:04 alexrford