avoid-tainted-http-request
avoid-tainted-http-request
Using user input when accessing files is potentially dangerous. A malicious actor could use this to modify or access files they have no right to.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)
avoid-session-manipulation
avoid-session-manipulation
This gets data from session using user inputs. A malicious user may be able to retrieve information from your session that you didn’t intend them to. Do not use user input as a session key.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-276: Incorrect Default Permissions
OWASP:
- A01:2021 - Broken Access Control
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-276: Incorrect Default Permissions
OWASP:
- A01:2021 - Broken Access Control
avoid-tainted-shell-call
avoid-tainted-shell-call
Using user input when accessing files is potentially dangerous. A malicious actor could use this to modify or access files they have no right to.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection
detailed-exceptions
detailed-exceptions
Found that the setting for providing detailed exception reports in Rails is set to true. This can lead to information exposure, where sensitive system or internal information is displayed to the end user. Instead, turn this setting off.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
OWASP:
- A01:2021 - Broken Access Control
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
OWASP:
- A01:2021 - Broken Access Control
avoid-tainted-ftp-call
avoid-tainted-ftp-call
Using user input when accessing files is potentially dangerous. A malicious actor could use this to modify or access files they have no right to.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
avoid-tainted-file-access
avoid-tainted-file-access
Using user input when accessing files is potentially dangerous. A malicious actor could use this to modify or access files they have no right to.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
rails-skip-forgery-protection
rails-skip-forgery-protection
This call turns off CSRF protection allowing CSRF attacks against the application
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control