ruby
Account lockout - Ruby
Need Prevention of unauthorized account lockouts and ensuring continuous user access Context Usage of Ruby 2.6.0 as the programming language for development Usage of Ruby on Rails for web application development Description Non compliant code class ...
Missing subresource integrity check - Ruby
Need Enforcement of subresource integrity checks Context Usage of Ruby for building dynamic and object-oriented applications Usage of Ruby on Rails for web application development Description Non compliant code # ...
Sensitive data stored in client-side storage - Ruby
Need Secure storage of sensitive data on the client-side Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Ruby on Rails for building web applications Description Non compliant code # In a controller action def store ...
XML injection (XXE) - Ruby
Need Prevention of XML injection attacks Context Usage of Ruby for building dynamic and object-oriented applications Usage of Nokogiri for HTML and XML parsing and manipulation Description Non compliant code require 'nokogiri' def parse_xml(input) ...
Insecurely deleted files - Ruby
Need Secure file deletion mechanism Context Usage of Ruby for developing dynamic and object-oriented applications Usage of the File module for file manipulation and operations Description Non compliant code def delete_file(file_path) ...
Lack of multi-factor authentication - Ruby
Need Implementation of multi-factor authentication for critical services Context Usage of Ruby 2.7.3 as the programming language for development Usage of Rails framework for building web applications Description Non compliant code class ...
Insecurely generated token - Ruby
Need Secure token generation Context Usage of Ruby for building dynamic and object-oriented applications Usage of digest for generating and verifying message digests Description Non compliant code require 'digest' def generate_token(user) ...
Insecure session management - Ruby
Need Secure session management Context Usage of Ruby 2.5.0 as the programming language for development Usage of Ruby on Rails for building web applications Description Non compliant code class SessionsController < ApplicationController def create ...
Insecure or unset HTTP headers - Referrer-Policy - Ruby
Need Implementation of secure and properly configured HTTP headers - Referrer-Policy Context Usage of Ruby for building dynamic and object-oriented applications Usage of Rails framework for building web applications Description Non compliant code # ...
Insecure session expiration time - Ruby
Need Enforce secure session expiration time Context Requirement of Ruby version 2.0 or higher Usage of ActionPack for handling web requests and managing controllers in a Ruby on Rails application Usage of ActiveRecord for Object-Relational Mapping ...
Improper resource allocation - Ruby
Need Efficient resource allocation and management Context Usage of Ruby for building dynamic and object-oriented applications Usage of Rails framework for building web applications Description Non compliant code class UsersController < ...
Technical information leak - Console functions - Ruby
Need Secure logging and information handling Context Usage of Ruby 2.5.0 as the programming language for development Usage of Rails framework for building web applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in database ...
Cached form fields - Ruby
Need Prevention of sensitive information leakage through cached form fields Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code class ...
Lack of data validation - Path Traversal - Ruby
Need Implementation of proper data validation and sanitization to prevent path traversal attacks Context Usage of Ruby for building dynamic and object-oriented applications Usage of Ruby on Rails for building web applications Description Non ...
Concurrent sessions - Ruby
Need Enforce session management and limit concurrent user sessions Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Ruby on Rails for web application development Description Non compliant code class SessionsController < ...
Remote File Inclusion - Ruby
Need Prevention of remote file inclusion and execution Context Usage of Ruby 2.5 for executing Ruby code and running Ruby applications Usage of Rails framework for building web applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in ...
Sensitive information stored in logs - Ruby
Need Secure handling of sensitive information in log files Context Usage of Ruby 2.7.0 for Ruby programming and development Usage of Rails framework for building web applications Description Non compliant code class UserController < ...
Asymmetric denial of service - Content length - Ruby
Need Prevention of Content-Length field manipulation and resource exhaustion Context Usage of Ruby for building dynamic and object-oriented applications Usage of Ruby for building dynamic and object-oriented applications Description Non compliant ...
Anonymous connection - Ruby
Need Proper configuration to prevent anonymous connections and unauthorized access Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code # ...
Lack of protection against brute force attacks - Ruby
Need Implementation of strong and effective protection against brute force attacks Context Usage of Ruby for building web applications and scripting Usage of Ruby on Rails for building web applications Description Non compliant code class ...
Insecure encryption algorithm - Ruby
Need Implementation of secure encryption algorithms Context Usage of Ruby for developing dynamic and object-oriented applications Usage of digest for generating and verifying message digests Description Non compliant code require 'digest/md5' def ...
Cracked weak credentials - Ruby
Need Enhancement of password security Context Usage of Ruby for building dynamic and object-oriented applications Usage of digest for generating and verifying message digests Description Non compliant code require 'digest' class User < ...
Guessed weak credentials - Ruby
Need Enhancement of credential security Context Requirement of Ruby 2.3 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code class User < ApplicationRecord has_secure_password ...
Automatic information enumeration - Ruby
Need Prevention of automatic information enumeration and unauthorized access to system information. Context Usage of Ruby for developing web applications and scripting Usage of Socket for real-time communication and event-based messaging Description ...
HTML code injection - Ruby
Need Prevention of HTML code injection and protection against malicious user input Context Usage of Ruby for building web applications and scripting Usage of Ruby on Rails for building web applications Description Non compliant code class ...
Insecure HTTP methods enabled - Ruby
Need Restriction of insecure HTTP methods Context Usage of Ruby for building dynamic and object-oriented applications Usage of Rails framework for building web applications Usage of Rack for building web applications in Ruby Description Non compliant ...
Insecure or unset HTTP headers - Content-Security-Policy - Ruby
Need Implementation of secure and properly configured Content-Security-Policy headers Context Requirement of Ruby 2.0 or later for running the application Usage of Rails framework for building web applications Description Non compliant code # ...
Insecurely generated cookies - Ruby
Need Secure generation and handling of cookies Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails for building web applications Description Non compliant code class ApplicationController < ActionController::Base def set_cookie ...
Enabled default credentials - Ruby
Need Implementation of strong and unique credentials for all system resources Context Usage of Ruby programming language for web development Usage of PostgreSQL for database management and data storage Description Non compliant code # ...
Technical information leak - Ruby
Need Protection of sensitive technical information Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Description Non compliant code # config/environments/production.rb ...
Insecure generation of random numbers - Ruby
Need Secure generation of random numbers Context Usage of Ruby for building dynamic and object-oriented applications Usage of Ruby for building dynamic and object-oriented applications Description Non compliant code def insecure_random_number ...
Password change without identity check - Ruby
Need Enforce strong identity verification for password changes Context Usage of Ruby for building dynamic and object-oriented applications Usage of Ruby on Rails for building web applications Description Non compliant code class UsersController < ...
Inadequate file size control - Ruby
Need Implementation of file size restrictions and validation Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code class UploadController < ...
Insecure temporary files - Ruby
Need Secure handling of temporary files Context Usage of Ruby for building dynamic and object-oriented applications Usage of tempfile for creating temporary files and directories Description Non compliant code def temp_file temp = ...
Insecure file upload - Ruby
Need Secure file upload process Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code def upload uploaded_io = params[:file] ...
User enumeration - Ruby
Need Prevention of user enumeration Context Requirement of Ruby 2.0 or higher for running the application Usage of Rails framework for building web applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in database operations ...
Uncontrolled external site redirect - Host Header Injection - Ruby
Need Prevention of uncontrolled external site redirects Context Usage of Ruby for scripting and web development Usage of ActionController for handling actions and routing in a Ruby on Rails application Description Non compliant code class ...
XPath injection - Ruby
Need Implementation of input validation and sanitization to prevent XPath injection attacks. Context Usage of Ruby for building dynamic and object-oriented applications Usage of nokogiri for parsing and manipulating XML and HTML documents Description ...
Administrative credentials stored in cache memory - Ruby
Need Secure storage of administrative credentials Context Usage of Ruby 2.7 for Ruby programming and development Usage of Rails framework for building web applications Usage of bcrypt for password hashing and encryption Description Non compliant code ...
Sensitive information sent insecurely - Ruby
Need Secure transmission of sensitive information Context Usage of Ruby 2.7 for developing Ruby applications Usage of net-http for handling HTTP requests and responses in Node.js Usage of URI for parsing and manipulating Uniform Resource Identifiers ...
Next page