ruby
Insecure object reference - Session management - Ruby
Need Secure session management Context Usage of Ruby 2.6.3 as the programming language for development Usage of Rails framework for building web applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in database operations Description ...
Sensitive information in source code - Dependencies - Ruby
Need Secure storage of sensitive information in a protected environment Context Usage of Ruby for building dynamic and object-oriented applications Usage of Rails framework for building web applications Description Non compliant code # ...
Insecure functionality - User management - Ruby
Need Secure user management functionality Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Detection of Vulnerabilities in Node.js Packages Usage of UserMailer for sending email ...
Insecurely generated token - Lifespan - Ruby
Need Securely generate session tokens with shorter expiration times Context Usage of Ruby for building dynamic and object-oriented applications Usage of Ruby on Rails for building web applications Description Non compliant code class ...
Lack of data validation - HTML code - Ruby
Need Implementation of proper data validation for HTML code Context Usage of Ruby 2.7 for developing Ruby applications Usage of Rails framework for building web applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in a Node.js ...
Insecurely generated token - Validation - Ruby
Need Secure token generation and validation Context Usage of Ruby 2.7 for Ruby programming and development Usage of JWT for secure authentication and authorization Usage of Rails framework for building web applications Description Non compliant code ...
Improper resource allocation - Memory leak - Ruby
Need Proper management of resources to prevent memory leaks Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code def create user = User.new(user_params) if ...
Unauthorized access to screen - Ruby
Need Prevention of unauthorized access to client information on the GLIA application Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code class ...
Insecurely generated token - JWT - Ruby
Need Securely generate tokens for user creation service Context Usage of Ruby for building dynamic and object-oriented applications Usage of JWT for secure authentication and authorization Description Non compliant code require 'jwt' payload = { ...
Enabled default configuration - Ruby
Need Disable default configurations to prevent unauthorized access and information leakage. Context Usage of Ruby for building dynamic and object-oriented applications Usage of Rails framework for building web applications Description Non compliant ...
Insecure object reference - Data - Ruby
Need Secure access control and data validation Context Requirement of Ruby 2.0 or higher for executing the code Usage of Ruby on Rails for building web applications Description Non compliant code class StoresController < ApplicationController def ...
Insecure object reference - Files - Ruby
Need Secure access control for files to prevent unauthorized access and manipulation Context Usage of Ruby 2.5.0 as the programming language for development Usage of Rails framework for building web applications Description Non compliant code class ...
Security controls bypass or absence - Data creation - Ruby
Need Enforcement of security controls for data creation Context Requirement of Ruby 2.0 or higher for executing the code Usage of Ruby on Rails for building web applications Description Non compliant code class PolicyController < ...
Insecure functionality - Session management - Ruby
Need Secure session management Context Requirement of Ruby 2.0 or higher for running the application Usage of Ruby on Rails for building web applications Description Non compliant code class SessionsController < ApplicationController def create user ...
Concurrent sessions control bypass - Ruby
Need Enforcement of concurrent session control Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code # app/controllers/application_controller.rb class ...
SQL injection - Code - Ruby
Need Implementation of proper input validation and the use of parameterized statements or stored procedures to prevent SQL injection attacks. Context Usage of Ruby for building web applications and scripting Usage of ActiveRecord for ...
Weak credential policy - Password Change Limit - Ruby
Need Enforcement of password change limits Context Usage of Ruby version 2.7.2 for Ruby programming and development Usage of Rails framework for building web applications Description Non compliant code class UsersController < ApplicationController ...
Insecure session management - Change Password - Ruby
Need Secure session management after changing passwords Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code class UsersController < ApplicationController ...
Technical information leak - IPs - Ruby
Need Prevention of internal IP address exposure Context Requirement of Ruby 2.0 or newer for running the application Usage of Rails framework for building web applications Description Non compliant code class HomeController < ApplicationController ...
Technical information leak - Logs - Ruby
Need Protection of sensitive technical information from unauthorized access Context Usage of Ruby 2.7 for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code # ...
Insecure object reference - Financial information - Ruby
Need Secure access control for financial information Context Requirement of Ruby 2.0 or later for running the application Usage of Ruby on Rails for building web applications Description Non compliant code class CreditCardController < ...
Insecure object reference - Corporate information - Ruby
Need Secure handling of object references and access control for corporate information Context Usage of Ruby for building web applications and scripting Usage of ExcelParser for parsing and reading Excel files Usage of the Employee package for ...
Insecure object reference - Personal information - Ruby
Need Secure access control and user data protection Context Usage of Ruby 2.7.2 as the programming language for development Usage of Ruby for building dynamic and object-oriented applications Usage of Rails framework for building web applications ...
Automatic information enumeration - Personal Information - Ruby
Need Prevention of unauthorized access to personal information Context Requirement of Ruby 2.0 or later for executing the code Usage of Rails for building web applications in Ruby Description Non compliant code class UsersController < ...
Session Fixation - Ruby
Need Prevention of session fixation attacks Context Usage of Ruby 2.5.0 as the programming language for development Usage of Ruby on Rails for building web applications Description Non compliant code class SessionsController < ApplicationController ...
Insecure exceptions - NullPointerException - Ruby
Need Ensure secure exception handling to prevent unexpected behavior Context Usage of Ruby for building dynamic and object-oriented applications Usage of the User dependency for user-related functionality Description Non compliant code def ...
Weak credential policy - Password Expiration - Ruby
Need Enforcement of strong credential policy - Password Expiration Context Usage of Ruby for building dynamic and object-oriented applications Usage of aws-sdk-iam for managing AWS Identity and Access Management (IAM) resources Description Non ...
Sensitive information sent via URL parameters - Session - Ruby
Need Secure transmission of sensitive information in session tokens Context Usage of Ruby programming language for web development Usage of Ruby on Rails for building web applications Description Non compliant code class SessionsController < ...
Restricted fields manipulation - Ruby
Need Prevention of unauthorized access and manipulation of restricted fields Context Usage of Ruby 2.7.0 for Ruby programming and development Usage of Rails framework for building web applications Description Non compliant code class ...
Insecure functionality - Fingerprint - Ruby
Need Enforce secure and authorized user data updates Context Usage of Ruby 2.7 for Ruby programming and development Usage of Rails framework for building web applications Description Non compliant code class UsersController < ApplicationController ...
Insecure functionality - Masking - Ruby
Need Protection of sensitive data through proper masking techniques Context Usage of Ruby 2.7 for developing Ruby applications Usage of Rails for building web applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in database ...
Insecure functionality - Password management - Ruby
Need Secure password management Context Requirement of Ruby 2.0 or higher for running the application Usage of Ruby on Rails for building web applications Description Non compliant code class UsersController < ApplicationController def ...
Insecure functionality - File Creation - Ruby
Need Enforce server-side validation and authorization for file creation operations Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code class FileController ...
Insecure encryption algorithm - Blowfish - Ruby
Need Implementation of secure encryption algorithms Context Usage of Ruby for building web applications and scripting Usage of blowfish for encryption and decryption operations Description Non compliant code require 'blowfish' key = "secret_key" ...
Insecure encryption algorithm - AES - Ruby
Need Implementation of secure encryption algorithms Context Usage of Ruby for building dynamic and object-oriented applications Usage of OpenSSL for secure communication and encryption Usage of base64 for encoding and decoding data in base64 format ...
Insecure encryption algorithm - TripleDES - Ruby
Need Secure encryption algorithm and configuration Context Usage of Ruby for building dynamic and object-oriented applications Usage of OpenSSL for secure communication and encryption Usage of base64 for encoding and decoding data in Base64 format ...
Insecure encryption algorithm - MD5 - Ruby
Need Implementation of secure encryption algorithms for password hashing Context Usage of Ruby for building dynamic and object-oriented applications Usage of digest for generating hash values for data or messages Description Non compliant code ...
Insecure encryption algorithm - SHA1 - Ruby
Need Upgrade encryption algorithm to a secure and robust one Context Usage of Ruby for building dynamic and object-oriented applications Usage of digest for cryptographic hash functions Description Non compliant code require 'digest' class ...
Insecure encryption algorithm - DSA - Ruby
Need Implementation of a secure encryption algorithm Context Usage of Ruby for building dynamic and object-oriented applications Usage of OpenSSL for secure communication and encryption Description Non compliant code require 'openssl' private_key = ...
Insecure functionality - Pass the hash - Ruby
Need Secure authentication and authorization mechanisms Context Usage of Ruby for building dynamic and object-oriented applications Usage of digest for generating hash values or checksums Description Non compliant code require 'digest' def ...
Next page