bookworm/bookworm-smart-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34f304881f
bookworm-smart-assistant/skills/gstack/test/fixtures/review-eval-vuln.rb

15 lines
420 B
Ruby
Raw Normal View History

Initial: Bookworm Smart Assistant v6.5.1 (byte-preserved, 809 files, fp 26b83e1b38cdf64a)
2026-04-21 17:57:05 +08:00
class UserController < ApplicationController
def show
# SQL injection — interpolating user input directly into query
@user = User.where("id = #{params[:id]}").first
render json: @user
end
def promote
# Bypasses ActiveRecord validations — update_column skips callbacks + validation
@user = User.find(params[:id])
@user.update_column(:role, 'admin')
head :ok
end
end
Reference in New Issue Copy Permalink