Forum: Ruby on Rails ModelBecomesTaintedOnTransaction

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Debajo (Guest)
on 2006-12-26 12:53
(Received via mailing list)
Hi All,

I noticed that my model class becomes tainted, after referencing to a
different table in find_by_sql + using a transaction. Both, the User
model and the Profile model will become tainted, however all other
tables will stay untainted.

if either condition 1 or condition 2 is commented out, the model will
not be tainted. After the model is being tainted, all derived objects
will be tainted to, thus the last call will fail with an SecurityError
(cause the safe level will be turned to 4 on call if the method is
being tainted)

Please, anybody, tell me why this happens???!!!

module
ModelBecomesTaintedOnTransaction_Why__ShortUncommentedTestVersion
	def self.test
		class << ActiveRecord::Base
			alias find_by_sql__WRAPPED find_by_sql

			def find_by_sql(*args, &block)
				result = find_by_sql__WRAPPED *args, &block
				result[0].profile if result[0].class.to_s=="User" # condition 1
				return result
			end
		end

		User.module_eval "def pedit; self.class.transaction(self){}; end"  #
condition 2

		User.find(:first).method(:pedit).call # first call can be done in any
way(thus direct, with send or with call), condition 3
		User.find(:first).method(:pedit).call # second call must be with
"call", condition 4
	end
end

Thanks in advance

Mars
This topic is locked and can not be replied to.