ruby
Insecure encryption algorithm - SSL/TLS - Ruby
Need Implementation of secure encryption algorithms for SSL/TLS communication Context Usage of Ruby for building dynamic and object-oriented applications Usage of net/http for building HTTP servers in a Node.js application Description Non compliant ...
Insecure authentication method - Basic - Ruby
Need Implementation of secure authentication methods Context Usage of Ruby for building dynamic and object-oriented applications Usage of ActionController::Base for handling HTTP requests and defining controller actions in Ruby on Rails Usage of ...
Insecure functionality - Ruby
Need Secure functionality implementation Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code class UsersController < ApplicationController def update @user ...
Insecure object reference - Ruby
Need Secure and robust object reference management Context Usage of Ruby 2.5.0 as the programming language for development Usage of Rails framework for building web applications Usage of ActiveRecord for Object-Relational Mapping (ORM) in database ...
Use of software with known vulnerabilities - Ruby
Need Updating software and dependencies to versions without known vulnerabilities Context Usage of Ruby 2.6.3 as the programming language for development Usage of Rails for building web applications Usage of SQLite3 for database management and ...
Stored cross-site scripting (XSS) - Ruby
Need Prevention of persistent cross-site scripting (XSS) attacks Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code class UsersController < ...
Sensitive information in source code - Ruby
Need Protection of sensitive information in source code Context Usage of Ruby 2.0+ for developing Ruby applications Usage of aws-sdk for interacting with Amazon Web Services (AWS) services Description Non compliant code # config/initializers/aws.rb ...
Reflected cross-site scripting (XSS) - Ruby
Need Implementation of input validation and output encoding to prevent the execution of malicious scripts in user-generated content. Context Usage of Ruby 2.7 for Ruby programming and development Usage of Rails framework for building web applications ...
Cross-site request forgery - Ruby
Need Protection against cross-site request forgery attacks Context Usage of Ruby 2.0+ for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code class UsersController < ApplicationController ...
Privilege escalation - Ruby
Need Prevention of unauthorized privilege escalation Context Usage of Ruby 2.5.0 as the programming language for development Usage of Rails framework for building web applications Description Non compliant code class UsersController < ...
Remote command execution - Ruby
Need Prevention of unauthorized remote command execution Context Usage of Ruby for building dynamic and object-oriented applications Usage of the system library for interacting with the operating system and managing system resources. Description Non ...
Symmetric denial of service - Ruby
Need Prevention of service outages caused by repeated resource-intensive requests Context Usage of Ruby 2.7 for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code class ...
Asymmetric denial of service - Ruby
Need The need is to implement measures to mitigate and prevent asymmetric denial of service attacks. Context Usage of Ruby 2.7 for developing Ruby applications Usage of Rails framework for building web applications Description Non compliant code ...