Q
Detector Library
Ruby detectors (21/21)
SQL InjectionDivide by ZeroSensitive HTTP ActionInsufficient Protected CredentialsSensitive Information LeakUntrusted DeserializationLog InjectionXML External EntityPath InjectionHttp to File AccessCode InjectionOS Command InjectionResource leakCross Site Scripting (XSS)Untrusted OpenImproper Input ValidationStack Trace ExposureImproper Certificate Validationsend_file InjectionUnsafe File PermissionsTainted Format
Security detectors
SQL Injection
User input may run unintended SQL commands.
Divide by Zero
Potentially dividing by zero without proper handling.
Sensitive HTTP Action
Issue found with
request.get? block, potential unexpected behavior.Insufficient Protected Credentials
The credentials provided are not adequately protected against security threats.
Sensitive Information Leak
Neglecting sensitive information can lead to severe data leaks and breaches.
Untrusted Deserialization
User input is deserialized.
Log Injection
Input from the user may be logged, giving false data.
XML External Entity
Objects that parse or handle XML can lead to XML External Entity (XXE) attacks when misconfigured.
Path Injection
User input may lead to opening unintended files.
Http to File Access
Hardcoded download and writing of potentially harmful file.
Code Injection
User input is used in eval command.
OS Command Injection
Possible unintended system commands could be executed through user input.
Resource leak
Allocated resources are not released properly.
Cross Site Scripting (XSS)
Improper neutralization of input during web page generation ('Cross-site Scripting')
Untrusted Open
Non-static variables used to open files.
Improper Input Validation
Improper input validation can lead to security vulnerabilities and data breaches.
Stack Trace Exposure
Stack trace shows software architecture.
Improper Certificate Validation
Lack of validation of a security certificate can lead to host impersonation and sensitive data leaks.
send_file Injection
External Control of File Name or Path.
Unsafe File Permissions
Setting potentially harmful access rights
Tainted Format
User input decides output information.