Hi All,
I noticed that my model class becomes tainted, after referencing to a different table in find_by_sql + using a transaction. Both, the User model and the Profile model will become tainted, however all other tables will stay untainted.
if either condition 1 or condition 2 is commented out, the model will not be tainted. After the model is being tainted, all derived objects will be tainted to, thus the last call will fail with an SecurityError (cause the safe level will be turned to 4 on call if the method is being tainted)
Please, anybody, tell me why this happens???!!!
module ModelBecomesTaintedOnTransaction_Why__ShortUncommentedTestVersion def self.test class << ActiveRecord::Base alias find_by_sql__WRAPPED find_by_sql
def find_by_sql(*args, &block) result = find_by_sql__WRAPPED *args, &block result[0].profile if result[0].class.to_s=="User" # condition 1 return result end end
User.module_eval "def pedit; self.class.transaction(self){}; end" # condition 2
User.find(:first).method(:pedit).call # first call can be done in any way(thus direct, with send or with call), condition 3 User.find(:first).method(:pedit).call # second call must be with "call", condition 4 end end
Thanks in advance
Mars
