Monthly Archives: January 2013

Rails: seed data from fixtures

Suppose you want to collect your seed data from your fixtures…

past the following in you db/seeds.rb – file:
Dir.glob('test/fixtures/*.yml').each do |file|
ActiveRecord::Fixtures.create_fixtures("#{Rails.root}/test/fixtures", File.basename(file).split(".").first)

Works in my new Rails 3.2.10 environment using ruby 1.9.3

automated patching against SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)

Suppose you have a server with multiple rubies, rvms, gemsets, etc…

Manually finding and patching all affected activerecord-gems would be pretty cumbersome.

The following script does the job for you:

#!/usr/bin/env ruby

SEARCH_DIR = "/" # by default search the entire filesystem
ACTIVERECORD_GEM_VERSIONS = ['2.3','3.0','3.1','3.2']
'2.3' => '',
'3.0' => '',
'3.1' => '',
'3.2' => '',

#1. Find all activerecord 2.3.x, 3.0.x, 3.1.x, 3.2.x gems on this machine
gem_paths = {}
puts "Searching for activerecord gems inside #{SEARCH_DIR} ... "
gem_paths[version] = `find #{SEARCH_DIR} -path '*/gems/activerecord*' -name 'activerecord-#{version}.*' -type d`.split("\n")
puts "Found the following activerecord gems for version #{version}:"
puts gem_paths[version]

#2. Download the 4 patches here
puts "Downloading the patches ... "
`wget -O patch-#{version}.patch --no-check-certificate #{PATCHES[version]}`
puts " ... done"

#3. Apply the patches
gem_paths[version].each do |gem|
puts "--------------------------\nApplying patch for gem #{gem}"
puts `cd '#{gem}'; patch -tN -p2 < '#{File.expand_path(File.dirname(__FILE__))+"/patch-"+version+".patch"}'` end end

This script searches for affected activerecord gems, downloads the required patches and applies them individually.

You might need to run it as root, and it could take a while searching your entire filesystem...
If you know where all your gems are located change the
SEARCH_DIR = "/yougemrepository"

Tested on linux, freebsd