ruby
Automatic information enumeration - Credit Cards - Ruby
Need Implementation of proper credit card validation and security measures Context Usage of Ruby 2.7 for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code class CreditCardController < ...
Automatic information enumeration - Open ports - Ruby
Need Restriction of open ports to only necessary services Context Usage of Ruby for building dynamic and object-oriented applications Usage of Socket for real-time communication and event-driven programming Description Non compliant code require ...
Technical information leak - Errors - Ruby
Need Prevention of technical information leaks through error messages Context Usage of Ruby for building dynamic and object-oriented applications Usage of ActionController for handling actions and requests in a Ruby on Rails application Usage of ...
Technical information leak - API - Ruby
Need Protection of sensitive technical information in API responses Context Usage of Ruby 2.7 for developing Ruby applications Usage of Rails framework for building web applications Usage of GraphQL for querying and manipulating data Description Non ...
Technical information leak - Print Functions - Ruby
Need Prevention of sensitive information exposure through print functions Context Usage of Ruby 2.7 for Ruby programming and development Usage of Rails framework for building web applications Description Non compliant code def login begin user = ...
Technical information leak - SourceMap - Ruby
Need Protection of sensitive technical information Context Usage of Ruby for building dynamic and object-oriented applications Usage of Rails framework for building web applications Description Non compliant code # config/environments/production.rb ...
Technical information leak - Headers - Ruby
Need Protection of sensitive technical information in server response headers Context Usage of Ruby for building web applications and scripting Usage of Rails framework for building web applications Usage of Rack for building web applications in Ruby ...
Technical information leak - Stacktrace - Ruby
Need Prevention of technical information leakage from system error traces Context Usage of Ruby for building dynamic and object-oriented applications Description Non compliant code begin # Some operation that can raise an exception 1 / 0 rescue => e ...
Incomplete funcional code - Ruby
Need Ensuring complete and secure code functionality Context Usage of Ruby programming language for web development Usage of File for reading and writing files in Node.js Description Non compliant code # This is a simulation of the binary file ...
Asymmetric denial of service - ReDoS - Ruby
Need Prevention of Regular Expression Denial of Service (ReDoS) Context Usage of Ruby for building web applications and scripting Usage of Ruby for building dynamic and object-oriented applications Description Non compliant code # This is a simple ...
Insufficient data authenticity validation - Ruby
Need Enhanced data authenticity validation and permission control Context Usage of Ruby 2.7 for Ruby programming and development Usage of Ruby for building dynamic and object-oriented applications Usage of Rails framework for building web ...
Unauthorized access to files - Ruby
Need Prevention of unauthorized access to files and functionalities Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code class UsersController < ...
Traceability loss - Ruby
Need Improved traceability and logging capabilities Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code def create @user = User.new(user_params) ...
Lack of data validation - Emails - Ruby
Need Implementation of email validation to prevent the use of disposable mailboxes Context Usage of Ruby for building dynamic and object-oriented applications Usage of Ruby on Rails for building web applications Description Non compliant code class ...
Lack of data validation - Out of range - Ruby
Need Improved data validation to prevent unauthorized access Context Usage of Ruby 2.7 for developing Ruby applications Usage of Rails framework for building web applications Usage of Devise for User Authentication and Authorization Description Non ...
Lack of data validation - Numbers - Ruby
Need Implementation of robust data validation for numbers Context Requirement of Ruby 2.0+ for running the application Usage of Ruby on Rails framework for web application development Description Non compliant code def update_user_age age = ...
Lack of data validation - Dates - Ruby
Need Implementation of robust data validation for date fields Context Requirement of Ruby 2.0 or later for running the application Usage of Rails framework for building web applications Description Non compliant code class ApplicationController < ...
Lack of data validation - Headers - Ruby
Need Implementation of proper data validation for HTTP headers Context Usage of Ruby 2.5.0 for Ruby programming and development Usage of Ruby for building dynamic and object-oriented applications Usage of Rails framework for building web applications ...
Lack of data validation - Input Length - Ruby
Need Enforce input length validation to prevent excessive data submission and potential security vulnerabilities. Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Description ...
Lack of data validation - Host Header Injection - Ruby
Need Implementation of proper data validation and sanitization for the host header input Context Usage of Ruby for building web applications and scripting Usage of ActionController for handling actions and requests in a Ruby on Rails application ...
Lack of data validation - Reflected Parameters - Ruby
Need Implementation of proper input validation and sanitization Context Usage of Ruby for building web applications and scripting Usage of params for handling request parameters in a web application Usage of render for rendering views or templates in ...
Lack of data validation - Responses - Ruby
Need Implementation of data validation for response data Context Usage of Ruby 2.0+ for executing Ruby code Usage of Ruby on Rails for web application development Description Non compliant code class UsersController < ApplicationController def show ...
Lack of data validation - Session Cookie - Ruby
Need Implementation of secure session cookie generation and validation Context Requirement of Ruby 2.0 or higher for running the application Usage of Ruby on Rails for building web applications Description Non compliant code class SessionsController ...
Lack of data validation - Modify DOM Elements - Ruby
Need Implementation of robust data validation and sanitization mechanisms Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code def create @post = ...
Lack of data validation - Source Code - Ruby
Need Implementation of robust data validation in the source code Context Usage of Ruby for building dynamic and object-oriented applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in database operations Description Non compliant ...
Lack of data validation - Web Service - Ruby
Need Implementation of robust data validation and input sanitization mechanisms Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails for building web applications in Ruby Description Non compliant code class UsersController < ...
Lack of data validation - Header x-amzn-RequestId - Ruby
Need Implementation of secure data validation for the x-amzn-RequestId Header Context Usage of Ruby 2.0+ for developing Ruby applications Usage of ActionPack for handling web requests and generating responses in a Ruby on Rails application Usage of ...
Lack of data validation - Ruby
Need Implementation of robust data validation mechanisms Context Requirement of Ruby 2.0 or higher for running the application Usage of Ruby on Rails for building web applications Description Non compliant code class UsersController < ...
Debugging enabled in production - Ruby
Need Disabling debugging mode in production environment Context Requirement of Ruby 2.0 or later for executing the code Usage of Rails framework for building web applications Description Non compliant code # config/environments/production.rb ...
Excessive privileges - Temporary Files - Ruby
Need Restriction of privileges and access modes for temporary files Context Usage of Ruby for building dynamic and object-oriented applications Usage of tempfile for creating temporary files and directories Description Non compliant code def ...
Excessive privileges - Ruby
Need Restriction of user privileges and access control Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code class ApplicationController < ...
Uncontrolled external site redirect - Ruby
Need Controlled and secure external site redirects Context Requirement of Ruby 2.0 or higher for executing the code Usage of Rails for building web applications with Ruby Description Non compliant code def redirect redirect_to params[:url] end In the ...
SQL Injection - Headers - Ruby
Need Prevention of SQL injection attacks in the application headers Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in ...
Time-based SQL Injection - Ruby
Need Prevention of time-based SQL injection attacks Context Usage of Ruby for building dynamic and object-oriented applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in database operations Description Non compliant code def search ...
Insecure or unset HTTP headers - Accept - Ruby
Need Implementation of secure and restricted HTTP headers - Accept Context Usage of Ruby for building web applications and scripting Usage of ActionController for handling actions and routing in a Ruby on Rails application Description Non compliant ...
Insecure or unset HTTP headers - X-Frame Options - Ruby
Need Implementation of secure and properly configured HTTP headers Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails for building web applications in Ruby Description Non compliant code # ...
Use of an insecure channel - Telnet - Ruby
Need Secure communication channel for transmitting customer information Context Usage of Ruby for building dynamic and object-oriented applications Usage of net-telnet for Telnet communication in Node.js Description Non compliant code require ...
Use of an insecure channel - SMTP - Ruby
Need Secure communication channel for SMTP Context Usage of Ruby for building web applications and scripting Usage of net/smtp for sending emails via SMTP protocol Description Non compliant code require 'net/smtp' message = < To: A Test User Subject: ...
Use of an insecure channel - FTP - Ruby
Need Secure transmission of customer information Context Usage of Ruby for building dynamic and object-oriented applications Usage of net/ftp for FTP (File Transfer Protocol) operations Description Non compliant code require 'net/ftp' ftp = ...
Insecure encryption algorithm - SSLContext - Ruby
Need Secure encryption algorithm for SSLContext Context Usage of Ruby for building dynamic and object-oriented applications Usage of net/http for building HTTP servers in a Node.js application Usage of OpenSSL for secure communication and encryption ...
Next page