Example Ruby Blog

Used to test CodeQL, contains vulnerabilities. Do not use as a real application under any circumstances.

Contains the following vulnerabilities

app/controllers/articles_controller.rb

  def show
    @article = Article.where("id = #{params[:id]}").first # SQL injection
  end

app/api/blogapi/api.rb - currently undetectable due to lack of Rack/Grape support

  desc 'Return an article'
  params do
    requires :id, type: String, desc: 'Article ID'
  end
  route_param :id do
    get do
      system("/bin/echo #{params[:id]}") # Command injection
      Article.where("id = #{params[:id]}") # SQL injection
    end
  end

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
app		app
bin		bin
config		config
db		db
lib		lib
log		log
public		public
storage		storage
test		test
tmp		tmp
vendor		vendor
.dockerignore		.dockerignore
.gitattributes		.gitattributes
.gitignore		.gitignore
.ruby-version		.ruby-version
Dockerfile		Dockerfile
Gemfile		Gemfile
Gemfile.lock		Gemfile.lock
README.md		README.md
Rakefile		Rakefile
config.ru		config.ru

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Example Ruby Blog

About

Uh oh!

Releases

Packages

Uh oh!

Languages

ctcampbellcom-demo/example-ghas-ruby

Folders and files

Latest commit

History

Repository files navigation

Example Ruby Blog

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages