Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Rails plugin. check SQL escape
Ruby
branch: master

This branch is 5 commits behind authorNari:master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib
tasks
test
MIT-LICENSE
README
Rakefile
init.rb
install.rb
uninstall.rb

README

= Safe Record

== Overview

Safe Record is a Rails plugin to detect potential SQL injection
vulenerabilities with the taint mechanism of Ruby.  It will raise an
exception when a tainted string is passed as SQL.

Safe Record is experimental, so do NOT use in a production environment.

== Example

  # raises an exception!!
  post = Post.find(:first,
    :conditions => "title = '#{params[:title]}'")

  # OK :)
  post = Post.find(:first,
    :conditions => [
      "title = ?",
      params[:title]
    ])

  # Good :)
  post = Post.find_by_title(params[:title])

== Installation

This plugin depends on a Rails plugin, Safe ERB.
((<URL|http://wiki.rubyonrails.com/rails/pages/Safe+ERB>))

Please perform the following steps to install Safe ERB and Safe Record.

(1) install Safe ERB

      $ script/plugin install \
        http://safe-erb.rubyforge.org/svn/plugins/safe_erb/

(2) install Safe Record

      $ script/plugin install \
        git://github.com/authorNari/safe_record.git

== Original Author

Shugo Maeda

== Maintainer

Narihiro Nakamura

== Special Thanks

Shinya Kasatani (the author of Safe ERB)

== Contact

Narihiro Nakamura <authorNari at gmail.com>
Something went wrong with that request. Please try again.