I promise this is not related to or prompted by the Rails CVEs today - just coincidental timing.

I’ve put a small blog post together about rails-sqli.org, a list of dangerous methods in ActiveRecord. The list includes example queries and injection code.

In addition, you can play with injecting code into the same examples by cloning the code repo and running it locally.