Ruby method and class injection - Ruby on Rails Security Project
17-Sep-2018 2146
Ruby method and class injection and a growing number of other Ruby on Rails security topics. A class name in user input.A user could provide an arbitrary model name in params[:type] and thus find an object in a different model than expected. Now, there might be other code that will fail if the item doesn’t respond to a certain attribute name.
Ruby method and class injection - Ruby on Rails Security Project #ruby #rubydeveloper #rubyonrails #method #class #injection #Rails #Security #Project #class #security https://www.rubyonrails.ba/link/ruby-method-and-class-injection-ruby-on-rails-security-project