How to secure code against sql injection on Ruby-sinatra

Supelec · March 10, 2022, 12:38pm

Hi,

I would like to put a security through Ruby-sinatra code.
Do exist the specific gem to install in order to secure the code ?
Thanks by advance.

Supelec

SouravGoswami · March 11, 2022, 8:33pm

Why don’t you just use ActiveRecord?

Here are the steps to setup ActiveRecord:

# Setting up Sinatra Project

create an empty project and add a Gemfile

```bash
cd ~/Desktop
mkdir project-name
cd project-name
touch Gemfile
```

This file has been truncated. show original

I’m suggesting active record because it’s used by a lot of people and it’s tested against SQL injection.

To keep things safe, I also suggest you updating this gem on gemfile once it’s updated!

Aune1994 · March 12, 2022, 5:09am

Use param_hash instead of using params hash
Using param_hash will prevent SQL Injection attack. I had seen this in some popular websites like facebook.com etc.
Sinatra uses Rack::MockRequest to handle your request. You can use this mock request to check if parameters are passed correctly or not.
mock_request rack::mock_request()
response mock_request.get(‘/’, {‘a’: ‘b’})
If its false then something went wrong from client side.

Supelec · March 14, 2022, 5:22pm

Hello,

Thank you for your help !

I will implement the test.

Best regards,

Supelec

Supelec · March 14, 2022, 5:23pm

Hello,

Thank you very much for your suggestion.

Best regards,

Supelec