Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

fix serialization vulnerability

  • Loading branch information...
commit 073d5a613727acd18267e43b2a0e51dce3f4b164 1 parent 2dfd512
@kratob kratob authored tenderlove committed
View
9 activerecord/lib/active_record/attribute_methods/write.rb
@@ -10,7 +10,14 @@ module Write
module ClassMethods
protected
def define_method_attribute=(attr_name)
- if attr_name =~ /^[a-zA-Z_]\w*[!?=]?$/
+ if self.serialized_attributes[attr_name]
+ generated_attribute_methods.send(:define_method, "#{attr_name}=") do |new_value|
+ if new_value.is_a?(String) and new_value =~ /^---/
+ raise ActiveRecordError, "You tried to assign already serialized content to #{attr_name}. This is disabled due to security issues."
+ end
+ write_attribute(attr_name, new_value)
+ end
+ elsif attr_name =~ /^[a-zA-Z_]\w*[!?=]?$/
generated_attribute_methods.module_eval("def #{attr_name}=(new_value); write_attribute('#{attr_name}', new_value); end", __FILE__, __LINE__)
else
generated_attribute_methods.send(:define_method, "#{attr_name}=") do |new_value|
View
6 activerecord/test/cases/base_test.rb
@@ -1040,6 +1040,12 @@ def test_nil_serialized_attribute_with_class_constraint
assert_nil topic.content
end
+ def test_should_raise_exception_on_assigning_already_serialized_content
+ topic = Topic.new
+ serialized_content = %w[foo bar].to_yaml
+ assert_raise(ActiveRecord::ActiveRecordError) { topic.content = serialized_content }
+ end
+
def test_should_raise_exception_on_serialized_attribute_with_type_mismatch
myobj = MyObject.new('value1', 'value2')
topic = Topic.new(:content => myobj)
Please sign in to comment.
Something went wrong with that request. Please try again.