Rails plugin. check SQL escape
Ruby
Switch branches/tags
Nothing to show
Pull request Compare This branch is 5 commits behind authorNari:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
tasks
test
MIT-LICENSE
README
Rakefile
init.rb
install.rb
uninstall.rb

README

= Safe Record

== Overview

Safe Record is a Rails plugin to detect potential SQL injection
vulenerabilities with the taint mechanism of Ruby.  It will raise an
exception when a tainted string is passed as SQL.

Safe Record is experimental, so do NOT use in a production environment.

== Example

  # raises an exception!!
  post = Post.find(:first,
    :conditions => "title = '#{params[:title]}'")

  # OK :)
  post = Post.find(:first,
    :conditions => [
      "title = ?",
      params[:title]
    ])

  # Good :)
  post = Post.find_by_title(params[:title])

== Installation

This plugin depends on a Rails plugin, Safe ERB.
((<URL|http://wiki.rubyonrails.com/rails/pages/Safe+ERB>))

Please perform the following steps to install Safe ERB and Safe Record.

(1) install Safe ERB

      $ script/plugin install \
        http://safe-erb.rubyforge.org/svn/plugins/safe_erb/

(2) install Safe Record

      $ script/plugin install \
        git://github.com/authorNari/safe_record.git

== Original Author

Shugo Maeda

== Maintainer

Narihiro Nakamura

== Special Thanks

Shinya Kasatani (the author of Safe ERB)

== Contact

Narihiro Nakamura <authorNari at gmail.com>