Groovy and Grails Security: Denial of Service (DoS) Case 2

August 9, 2010

Denial of Service Case 2:

Scenario: For showing list of Clients with pagination (max 10 per page).
def list = {
if(!params.max) params.max = 10
[clientList: Client.list(params)]
}

Possible Attack: Changing the max value to 100000000 in the request

Result: Query result loads 100000000 client data and again occurs an out of memory error

Possible Solutions in Groovy and Grails:
def list = {
params.max = Math.min( params.max?.toInteger() ?: 0, 100)
[clientList: Client.list(params)]
}

at worst case it will load just 100 records.

Reference: The Definite Guide to Grails, 2nd Edition

1 Comment | Grails, Groovy, Security | Tagged: , , , , | Permalink
Posted by Md. Shahjalal

Groovy and Grails Security: Denial of Service (DoS) Case 1

August 9, 2010

Denial of Service:

Scenario: We have a client object with not null last name. A search query like following:
search = {
Client.findAll("from Client where lastName='"+ params.lastName +"'")
}

Possible Attack:
if param.lastName = ‘ or id > 0 send with request the query becomes:
search = {
Client.findAll("from Client where lastName='' or id > 0")
}

Result:
All the client from the database will be fetched and resulted out of memory error

Possible Solutions in Groovy and Grails:

search = {
Client.findAll("from Client where lastName= :lastName", [lastName: params.lastName)
}
or
search = {
Client.findAll("from Client where lastName= ?", [lastName: params.lastName)
}
or
Client.withCriteria {
eq('lastName', params.lastName)
}
or
Client.findAllByLastName(params.lastName)
Reference: Definite Guide to Grails, 2nd Edition

Leave a Comment » | Grails, Groovy, Security | Tagged: , , , | Permalink
Posted by Md. Shahjalal

Follow

Get every new post delivered to your Inbox.