Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/group.rb:225

GroupUser.joins("RIGHT JOIN (#{case name
when :admins then
  "SELECT u.id FROM users u WHERE u.admin"
when :moderators then
  "SELECT u.id FROM users u WHERE u.moderator"
when :staff then
  "SELECT u.id FROM users u WHERE u.moderator OR u.admin"
when :trust_level_1, :trust_level_2, :trust_level_3, :trust_level_4 then
  "SELECT u.id FROM users u WHERE u.trust_level >= #{({ :everyone => 0, :admins => 1, :moderators => 2, :staff => 3, :trust_level_0 => 10, :trust_level_1 => 11, :trust_level_2 => 12, :trust_level_3 => 13, :trust_level_4 => 14 }[name] - 10)}"
when :trust_level_0 then
  "SELECT u.id FROM users u"
else
  # do nothing
end}) X ON X.id = user_id AND group_id = #{(self.lookup_group(name) or Group.new(:name => name.to_s, :automatic => true)).id}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/group.rb or mark it as false positive.