CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
        • Aws-lambda
        • Aws-sdk-core
        • Cassandra
        • Excon
        • Faraday
        • Jwt
        • Lang
        • Mongo
        • Mysql2
        • Octokit
        • Pg
        • Rails
          • Correctness
          • Performance
          • Security
            • Audit
            • Audit
            • Brakeman
            • Injection
        • Redis
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Security

    Brakeman

    check-redirect-to

    Found potentially unsafe handling of redirect behavior $X. Do not pass params to redirect_to without the :only_path => true hash value.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
    OWASP:
    - A01:2021 - Broken Access Control

    check-cookie-store-session-security-attributes

    Found a Rails cookie_store session configuration setting the $KEY attribute to false. If using a cookie-based session store, the HttpOnly and Secure flags should be set.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
    OWASP:
    - A05:2021 - Security Misconfiguration

    check-http-verb-confusion

    Found an improperly constructed control flow block with request.get?. Rails will route HEAD requests as GET requests but they will fail the request.get? check, potentially causing unexpected behavior unless an elif condition is used.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-650: Trusting HTTP Permission Methods on the Server Side
    OWASP:
    - A04:2021 - Insecure Design

    check-rails-session-secret-handling

    Found a string literal assignment to a Rails session secret $KEY. Do not commit secret values to source control! Any user in possession of this value may falsify arbitrary session data in your application. Read this value from an environment variable, KMS, or file on disk outside of source control.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-540: Inclusion of Sensitive Information in Source Code
    OWASP:
    - A01:2021 - Broken Access Control

    check-unsafe-reflection-methods

    Found user-controllable input to a reflection method. This may allow a user to alter program behavior and potentially execute arbitrary instructions in the context of the process. Do not provide arbitrary user input to tap, method, or to_proc
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-94: Improper Control of Generation of Code (‘Code Injection’)
    OWASP:
    - A03:2021 - Injection

    check-secrets

    Found a Brakeman-style secret - a variable with the name password/secret/api_key/rest_auth_site_key and a non-empty string literal value.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
    OWASP:
    - A01:2021 - Broken Access Control

    check-reverse-tabnabbing

    Setting an anchor target of _blank without the noopener or noreferrer attribute allows reverse tabnabbing on Internet Explorer, Opera, and Android Webview.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-1022: Use of Web Link to Untrusted Target with window.opener Access

    check-permit-attributes-high

    Calling permit on security-critical properties like $ATTRIBUTE may leave your application vulnerable to mass assignment.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes
    OWASP:
    - A08:2021 - Software and Data Integrity Failures

    check-validation-regex

    $V Found an incorrectly-bounded regex passed to validates_format_of or validate ... format => .... Ruby regex behavior is multiline by default and lines should be terminated by \A for beginning of line and \Z for end of line, respectively.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-185: Incorrect Regular Expression
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    check-dynamic-render-local-file-include

    Found request parameters in a call to render in a dynamic context. This can allow end users to request arbitrary local files which may result in leaking sensitive information persisted on disk.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    check-send-file

    Allowing user input to send_file allows a malicious user to potentially read arbitrary files from the server. Avoid accepting user input in send_file or normalize with File.basename(...)
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-73: External Control of File Name or Path
    OWASP:
    - A04:2021 - Insecure Design

    check-unscoped-find

    Found an unscoped find(...) with user-controllable input. If the ActiveRecord model being searched against is sensitive, this may lead to Insecure Direct Object Reference (IDOR) behavior and allow users to read arbitrary records. Scope the find to the current user, e.g. current_user.accounts.find(params[:id]).
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-639: Authorization Bypass Through User-Controlled Key
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    check-sql

    Found potential SQL injection due to unsafe SQL query construction via $X. Where possible, prefer parameterized queries.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
    OWASP:
    - A01:2017 - Injection
    - A03:2021 - Injection

    check-permit-attributes-medium

    Calling permit on security-critical properties like $ATTRIBUTE may leave your application vulnerable to mass assignment.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes
    OWASP:
    - A08:2021 - Software and Data Integrity Failures

    check-regex-dos

    Found a potentially user-controllable argument in the construction of a regular expressions. This may result in excessive resource consumption when applied to certain inputs, or when the user is allowed to control the match target. Avoid allowing users to specify regular expressions processed by the server. If you must support user-controllable input in a regular expression, use an allow-list to restrict the expressions users may supply to limit catastrophic backtracking.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-1333: Inefficient Regular Expression Complexity
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    check-rails-secret-yaml

    $VALUE Found a string literal assignment to a production Rails session secret in secrets.yaml. Do not commit secret values to source control! Any user in possession of this value may falsify arbitrary session data in your application. Read this value from an environment variable, KMS, or file on disk outside of source control.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-540: Inclusion of Sensitive Information in Source Code
    OWASP:
    - A01:2021 - Broken Access Control

    check-before-filter

    Disabled-by-default Rails controller checks make it much easier to introduce access control mistakes. Prefer an allowlist approach with :only => [...] rather than except: => [...]
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    check-render-local-file-include

    Found request parameters in a call to render. This can allow end users to request arbitrary local files which may result in leaking sensitive information persisted on disk. Where possible, avoid letting users specify template paths for render. If you must allow user input, use an allow-list of known templates or normalize the user-supplied value with File.basename(...).
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    check-unsafe-reflection

    Found user-controllable input to Ruby reflection functionality. This allows a remote user to influence runtime behavior, up to and including arbitrary remote code execution. Do not provide user-controllable input to reflection functionality. Do not call symbol conversion on user-controllable input.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-94: Improper Control of Generation of Code (‘Code Injection’)
    OWASP:
    - A03:2021 - Injection
    XxeInjection
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.