From 7df68a300c9395e3edf8c603b6fea3db9eaff003 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?=
 <rafaelmfranca@gmail.com>
Date: Thu, 5 Jun 2014 14:08:40 -0300
Subject: Fix SQL injection when querying against ranges and bitstrings

Fix CVE-2014-3483 and protect against CVE-2014-3482.
---
 activerecord/test/cases/adapters/postgresql/quoting_test.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'activerecord/test/cases')

diff --git a/activerecord/test/cases/adapters/postgresql/quoting_test.rb b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
index 218c59247e..134c037a83 100644
--- a/activerecord/test/cases/adapters/postgresql/quoting_test.rb
+++ b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
@@ -57,6 +57,17 @@ module ActiveRecord
           assert_equal "'1970-01-01 00:00:00.000000'", @conn.quote(Time.at(0))
           assert_equal "'1970-01-01 00:00:00.000000'", @conn.quote(Time.at(0).to_datetime)
         end
+
+        def test_quote_range
+          range = "1,2]'; SELECT * FROM users; --".."a"
+          c = PostgreSQLColumn.new(nil, nil, OID::Range.new(Type::Integer.new, :int8range))
+          assert_equal "[1,2]''; SELECT * FROM users; --,a]::int8range", @conn.quote(range, c)
+        end
+
+        def test_quote_bit_string
+          c = PostgreSQLColumn.new(nil, 1, OID::Bit.new)
+          assert_equal nil, @conn.quote("'); SELECT * FORM users; /*\n01\n*/--", c)
+        end
       end
     end
   end
-- 
cgit v1.2.3