screened_ip_addresses_controller.rb
code Critical
SQL Injection
Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: High

Problem

Possible SQL injection

Location

app/controllers/admin/screened_ip_addresses_controller.rb:12

ScreenedIpAddress.where("cidr '#{IPAddr.handle_wildcards(params[:filter])}' >>= ip_address")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/controllers/admin/screened_ip_addresses_controller.rb or mark it as false positive.

directory_items_controller.rb
code Critical
SQL Injection
Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: High

Problem

Possible SQL injection

Location

app/controllers/directory_items_controller.rb:16

DirectoryItem.where(:period_type => DirectoryItem.period_types[params.require(:period).to_sym]).includes(:user).order("directory_items.#{(params[:order] or DirectoryItem.headings.first)} #{("ASC" or "DESC")}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/controllers/directory_items_controller.rb or mark it as false positive.

topic.rb
code Severe
SQL Injection
Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/topic.rb:729

Post.where(:topic_id => id).sum("#{type}_count")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/topic.rb or mark it as false positive.

user_search.rb
code Severe
SQL Injection
Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/user_search.rb:93

User.joins("JOIN (SELECT unnest uid, row_number() OVER () AS rn\n      FROM unnest('{#{search_ids.join(",")}}'::int[])\n    ) x on uid = users.id")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/user_search.rb or mark it as false positive.

topic.rb
code Severe
SQL Injection
Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/topic.rb:441

Topic.visible.secured(Guardian.new(user)).listable_topics.joins("JOIN topic_search_data s ON topics.id = s.topic_id").where("search_data @@ #{Search.ts_query(Search.prepare_data(((title + " ") + raw[(0...200)])), nil, "|")}").order("ts_rank(search_data, #{Search.ts_query(Search.prepare_data(((title + " ") + raw[(0...200)])), nil, "|")}) DESC")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/topic.rb or mark it as false positive.

post_action.rb
code Severe
SQL Injection
Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/post_action.rb:438

Post.where(:topic_id => Post.with_deleted.where(:id => post_id).pluck(:topic_id).first).sum("#{post_action_type_key}_count")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/post_action.rb or mark it as false positive.

group.rb
code Severe
SQL Injection
Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/group.rb:207

GroupUser.joins("RIGHT JOIN (#{case name
when :admins then
  "SELECT u.id FROM users u WHERE u.admin"
when :moderators then
  "SELECT u.id FROM users u WHERE u.moderator"
when :staff then
  "SELECT u.id FROM users u WHERE u.moderator OR u.admin"
when :trust_level_1, :trust_level_2, :trust_level_3, :trust_level_4 then
  "SELECT u.id FROM users u WHERE u.trust_level >= #{({ :everyone => 0, :admins => 1, :moderators => 2, :staff => 3, :trust_level_0 => 10, :trust_level_1 => 11, :trust_level_2 => 12, :trust_level_3 => 13, :trust_level_4 => 14 }[name] - 10)}"
when :trust_level_0 then
  "SELECT u.id FROM users u"
else
  # do nothing
end}) X ON X.id = user_id AND group_id = #{(self.lookup_group(name) or Group.new(:name => name.to_s, :automatic => true)).id}")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/group.rb or mark it as false positive.

user_history.rb
code Severe
SQL Injection
Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/user_history.rb:112

self.where(:action => filters[:action_id]).where(:custom_type => filters[:custom_type]).where("#{key}_id = ?", User.where(:username_lower => filters[key].downcase).pluck(:id))

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/user_history.rb or mark it as false positive.

post_action.rb
code Severe
SQL Injection
Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/post_action.rb:439

Topic.where(:id => Post.with_deleted.where(:id => post_id).pluck(:topic_id).first).update_all(["#{"#{post_action_type_key}_count"} = ?", Post.where(:topic_id => Post.with_deleted.where(:id => post_id).pluck(:topic_id).first).sum("#{post_action_type_key}_count")])

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/post_action.rb or mark it as false positive.

post_action.rb
code Severe
SQL Injection
Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/post_action.rb:425

Post.where(:id => post_id).update_all(["#{"#{post_action_type_key}_count"} = ?", 1.where(:post_id => post_id).where(:post_action_type_id => post_action_type_id).count])

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/post_action.rb or mark it as false positive.

list_controller.rb
code Severe
SQL Injection
Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/controllers/list_controller.rb:332

TopTopic.where("#{period}_score > 0")

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/controllers/list_controller.rb or mark it as false positive.

topic.rb
code Severe
SQL Injection
Discovered almost 5 years ago
Source: static code analysis
Category: SQL Injection
Confidence level: Medium

Problem

Possible SQL injection

Location

app/models/topic.rb:152

where("topics.category_id IS NULL OR topics.category_id IN (SELECT id FROM categories WHERE #{(["NOT read_restricted OR id IN (:cats)", { :cats => guardian.secure_category_ids }] or ["NOT read_restricted"])[0]})", (["NOT read_restricted OR id IN (:cats)", { :cats => guardian.secure_category_ids }] or ["NOT read_restricted"])[1])

Category description: SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query.

Solution: fix the issue in app/models/topic.rb or mark it as false positive.