Ruby detectors

Showing all detectors for the Ruby language.

Browse by tags
Browse all detectors by tags.
Browse by severity
Browse all detectors by severity.
Browse by category
Browse all detectors by category.

Browse all detectors

SQL Injection

User input may run unintended SQL commands.

Divide by Zero

Potentially dividing by zero without proper handling.

Sensitive HTTP Action

Issue found with request.get? block, potential unexpected behavior.

Insufficient Protected Credentials

The credentials provided are not adequately protected against security threats.

Sensitive Information Leak

Neglecting sensitive information can lead to severe data leaks and breaches.

Untrusted Deserialization

User input is deserialized.

Log Injection

Input from the user may be logged, giving false data.

XML External Entity

Objects that parse or handle XML can lead to XML External Entity (XXE) attacks when misconfigured.

Path Injection

User input may lead to opening unintended files.

Http to File Access

Hardcoded download and writing of potentially harmful file.

Code Injection

User input is used in eval command.

OS Command Injection

Possible unintended system commands could be executed through user input.

Resource leak

Allocated resources are not released properly.

Cross Site Scripting (XSS)

Improper neutralization of input during web page generation ('Cross-site Scripting')

Untrusted Open

Non-static variables used to open files.

Improper Input Validation

Improper input validation can lead to security vulnerabilities and data breaches.

Stack Trace Exposure

Stack trace shows software architecture.

Improper Certificate Validation

Lack of validation of a security certificate can lead to host impersonation and sensitive data leaks.

send_file Injection

External Control of File Name or Path.

Unsafe File Permissions

Setting potentially harmful access rights

Tainted Format

User input decides output information.