ruby
SQL injection - Ruby
Need Implementation of secure coding practices to prevent SQL injection attacks Context Usage of Ruby version 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Usage of ActiveRecord for Object-Relational ...
Inappropriate coding practices - Cyclomatic complexity - Ruby
Need Improvement of coding practices to reduce cyclomatic complexity Context Usage of Ruby for building dynamic and object-oriented applications Usage of Ruby for building dynamic and object-oriented applications Description Non compliant code def ...
Sensitive information in source code - API Key - Ruby
Need Secure storage and management of sensitive information such as API keys Context Usage of Ruby for building dynamic and object-oriented applications Usage of HTTParty for making HTTP requests in Node.js Description Non compliant code class ...
Lack of data validation - URL - Ruby
Need Implementation of robust data validation for URL parameters Context Requirement of Ruby 2.0 or higher for running the application Usage of Ruby on Rails for building web applications Description Non compliant code class DocumentsController < ...
Insecure exceptions - Empty or no catch - Ruby
Need Proper exception handling and error management Context Usage of Ruby for building dynamic and object-oriented applications Usage of Ruby for building dynamic and object-oriented applications Description Non compliant code def vulnerable_method ...
Inappropriate coding practices - Ruby
Need Enforcement of proper encapsulation in coding practices Context Usage of Ruby for building dynamic and object-oriented applications Description Non compliant code class User public attr_accessor :name, :email, :password end In the code snippet ...
Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies - Ruby
Need Secure and properly set HTTP headers - X-Permitted-Cross-Domain-Policies Context Usage of Ruby for building dynamic and object-oriented applications Usage of ActionController for handling and managing actions in a Ruby on Rails application ...
Insecure or unset HTTP headers - Cache Control - Ruby
Need Implementation of secure and appropriate Cache Control headers Context Usage of Ruby for building dynamic and object-oriented applications Usage of ActionPack for handling web requests and generating responses in a Ruby on Rails application ...
Insecure or unset HTTP headers - X-XSS Protection - Ruby
Need Implementation of secure and properly configured HTTP headers Context Usage of Ruby 2.0+ for Ruby language development Usage of Rails framework for building web applications Description Non compliant code class ApplicationController < ...
Insecure or unset HTTP headers - CORS - Ruby
Need Enforcement of secure and specific HTTP headers for Cross-Origin Resource Sharing (CORS) Context Requirement of Ruby version 2.0 or higher Usage of Rails for building web applications Usage of rack-cors for enabling Cross-Origin Resource Sharing ...
Insecure encryption algorithm - Perfect Forward Secrecy - Ruby
Need Implementation of a secure and robust encryption algorithm with Perfect Forward Secrecy (PFS) Context Usage of Ruby for building dynamic and object-oriented applications Usage of OpenSSL for secure communication and encryption Description Non ...
Insecure or unset HTTP headers - X-Content-Type-Options - Ruby
Need Enforcement of secure content type options through the X-Content-Type-Options HTTP header Context Usage of Ruby for building dynamic and object-oriented applications Description Non compliant code # app/controllers/application_controller.rb ...
Insecure or unset HTTP headers - Strict Transport Security - Ruby
Need Enforcement of Strict Transport Security (HSTS) headers Context Usage of Ruby 2.0+ for Ruby programming language version compatibility Usage of Ruby for building dynamic and object-oriented applications Usage of Rails framework for building web ...
Insecurely generated cookies - Secure - Ruby
Need Secure generation and transmission of cookies Context Usage of Ruby 2.5 for developing Ruby applications Usage of ActionPack for handling web requests and generating responses in Ruby on Rails Description Non compliant code class ...
Insecurely generated cookies - SameSite - Ruby
Need Secure generation of cookies with proper SameSite attribute Context Usage of Ruby for developing web applications and scripting Usage of ActionController::Base for handling controller actions in Ruby on Rails Usage of cookies for managing HTTP ...
Insecurely generated cookies - HttpOnly - Ruby
Need Securely generate cookies with the HttpOnly attribute Context Usage of Ruby for building dynamic and object-oriented applications Usage of ActionController for handling actions and requests in a Ruby on Rails application Description Non ...
Lack of data validation - Type confusion - Ruby
Need Implementation of strict data validation to prevent type confusion Context Usage of Ruby for building dynamic and object-oriented applications Description Non compliant code def process_data(data) number = data[:number] result = number * 10 ...
Directory listing - Ruby
Need Prevention of directory listing and unauthorized access to sensitive files Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code # ...
Race condition - Ruby
Need Ensuring proper synchronization and order of inputs to prevent race conditions Context Usage of Ruby for Object-Oriented Programming Usage of ActiveRecord for Object-Relational Mapping (ORM) in database operations Description Non compliant code ...
Local file inclusion - Ruby
Need Prevention of unauthorized access to local files Context Requirement of Ruby 2.0 or higher for running the application Usage of Ruby on Rails for building web applications Description Non compliant code def download file_path = ...
HTTP parameter pollution - Ruby
Need Prevention of HTTP parameter pollution Context Requirement of Ruby version 2.0 or higher Usage of Rails framework for building web applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in database operations Description Non ...
Improper dependency pinning - Ruby
Need Ensure proper dependency management and version control Context Usage of Ruby 2.5.0 as the programming language for development Usage of Rails framework for building web applications Usage of pg for connecting and interacting with PostgreSQL ...
Metadata with sensitive information - Ruby
Need Protection of sensitive information in metadata Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails for building web applications with Ruby Description Non compliant code class UsersController < ApplicationController def ...
XS-Leaks - Ruby
Need Protection of sensitive user information from being leaked through browser side-channels Context Usage of Ruby 2.7 for Ruby programming language development Usage of Rails framework for building web applications Usage of ActiveRecord for ...
Security controls bypass or absence - Ruby
Need Implementation of robust security controls Context Usage of Ruby 2.5.0 for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code # app/controllers/application_controller.rb class ...
Improper type assignation - Ruby
Need Enforce proper type declaration and assignment in the source code Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code def show var = params[:id] @user ...
Improper control of interaction frequency - Ruby
Need Enforce proper control of interaction frequency to prevent abuse and ensure fair resource allocation Context Usage of Ruby 2.7.4 for Ruby programming and development Usage of Rails framework for building web applications Usage of ActiveRecord ...
LDAP injection - Ruby
Need Prevention of LDAP injection attacks Context Usage of Ruby for building dynamic and object-oriented applications Usage of net-ldap for LDAP (Lightweight Directory Access Protocol) operations Description Non compliant code def search_ldap(query) ...
NoSQL injection - Ruby
Need Prevention of NoSQL injection attacks Context Usage of Ruby 2.0 for developing Ruby applications Usage of Rails framework for building web applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in a Node.js application ...
Apache lucene query injection - Ruby
Need Prevention of Apache Lucene query injection Context Usage of Ruby for building dynamic and object-oriented applications Usage of Lucene for full-text search and indexing Description Non compliant code def search(query) index = ...
Email uniqueness not properly verified - Ruby
Need Enforce strict email uniqueness verification during the registration process Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Usage of ActiveRecord for Object-Relational Mapping ...
Server-side request forgery (SSRF) - Ruby
Need Prevention of unauthorized server-side requests to arbitrary domains Context Usage of Ruby for building web applications and scripting Usage of net-http for handling HTTP requests and responses in a Node.js application Description Non compliant ...
External control of file name or path - Ruby
Need Enforce secure file handling and prevent unauthorized access to sensitive files Context Usage of Ruby for building dynamic and object-oriented applications Usage of Rails framework for building web applications Description Non compliant code def ...
Insecure deserialization - Ruby
Need Secure deserialization process Context Usage of Ruby 2.7 as a programming language for development Usage of Rails framework for building web applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in database operations ...
Data uniqueness not properly verified - Ruby
Need Ensuring proper validation of data uniqueness Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code class UsersController < ApplicationController def ...
Insecure encryption algorithm - Cipher Block Chaining - Ruby
Need Secure encryption algorithm for data protection Context Usage of Ruby for web development and scripting Usage of OpenSSL for secure communication and encryption Description Non compliant code require 'openssl' def encrypt_data(data, key, iv) ...
Hidden fields manipulation - Ruby
Need Prevention of unauthorized manipulation of hidden fields Context Usage of Ruby 2.7.1 as the programming language for development Usage of Rails framework for building web applications Description Non compliant code class UsersController < ...
Insecure encryption algorithm - Anonymous cipher suites - Ruby
Need Secure encryption algorithm for secure connections Context Usage of Ruby for building dynamic and object-oriented applications Usage of OpenSSL for secure communication and encryption Usage of Socket for real-time communication and event-based ...
Log injection - Ruby
Need Prevention of log injection attacks Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code def create @user = User.new(user_params) if @user.save ...
CSV injection - Ruby
Need Prevention of CSV injection attacks Context Usage of Ruby for building dynamic and object-oriented applications Usage of CSV for reading and writing CSV files Usage of the User dependency for managing user-related functionality Description Non ...
Next page