Ruby Snippet #02

This challenge covers the review of a snippet of code written in Ruby

< 1 Hr.


In this challenge, you are presented with a Ruby method used in a controller to claim gifts. The method first checks if a gift exists and whether it has already been claimed. If the gift is unclaimed, it creates a new user, adds the gift to the user's account, and updates the gift's status to "Claimed". The video explains that while the code avoids SQL injection and properly uses Active Records, it lacks a mechanism to handle simultaneous requests. This can result in the same gift being claimed by multiple users at the same time.

The video highlights that without a locking mechanism or database transaction, the code is vulnerable to race conditions. This issue arises when two users attempt to claim the same gift simultaneously, potentially allowing both to claim it. To prevent this, the code should implement a lock or transaction to ensure that only one request can change the gift's status at a time.

Want to learn more? Get started with PentesterLab Pro! GO PRO