Improper Input Validation High

Improper input validation can result in potential exploits, leaving systems vulnerable to malicious attacks, compromising data integrity, and undermining overall system security, which should always be a top priority.

Detector ID
ruby/improper-input-validation@v1.0
Category
Common Weakness Enumeration (CWE) external icon
Tags
-

Noncompliant example

1class InputValidation
2  # Noncompliant: Improperly bounded regex passed to validates.
3  validates :username, :length => 6..20, :format => /([a-z][0-9])+/i
4
5  accepts_nested_attributes_for :author, :pages
6end

Compliant example

1class InputValidation
2  # Compliant: Properly bounded regex passed to validates.
3  validates_format_of :good_valid, :with => /\A[a-zA-Z]\z/
4end