Use of eval detected RB-SC1001
Kernel#eval and Binding#eval must never be used against untrusted user input.
Insecure JSON method detected RB-SC1002
These methods are meant to serialise data from trusted user input, like from your own database server or clients under your control, it could be dangerous to allow untrusted users to pass JSON sources into it.
link_to has _blank, but no rel: 'noopener' RB-RL1033
Calls to link_to that contain a target: '_blank' but no rel: 'noopener' can be a security risk, as the loaded page will have control over the previous page and could change its location for phishing purposes. The option rel: 'noreferrer' also blocks this behavior and removes the http-referrer header.
Use of insecure Marshal class method detected RB-SC1003
By design, load can deserialize almost any class loaded into the Ruby process. In many cases this can lead to remote code execution if the Marshal data is loaded from an untrusted source. As a result, load is not suitable as a general purpose serialization format and you should never unmarshal user supplied input or other untrusted data.
Use of Kernel#open detected RB-SC1004
Kernel#open enables not only file access but also process invocation by prefixing a pipe symbol (e.g., open("| ls")). So, it may lead to a serious security risk by using variable input to the argument of Kernel#open. It would be better to use File.open, IO.popen or URI#open explicitly.
rails version is susceptible to DOS attack via Mime type caching RB-A1008
Selected versions of Rails till version 4.2.5 do not properly restrict the use of the MIME type caches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header. Upgrading to newer versions of Rails can help fix this issue.
sprockets gem version is susceptible to path traversal vulnerability RB-A1009
Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory when the Sprockets server is used in production. Upgrading to newer versions of the gem can help fix this issue.
rails version specified in Gemfile does not encode JSON keys RB-A1010
When a Hash containing user-controlled data is encode as JSON (either through Hash#to_json or ActiveSupport::JSON.encode), Rails does not perform adequate escaping that matches the guarantee implied by the escape_html_entities_in_json option (which is enabled by default). If this resulting JSON string is subsequently inserted directly into an HTML page, the page will be vulnerable to XSS attacks. Upgrading to newer versions of Rails can help fix this issue.
Rails version with CSRF token forgery vulnerability detected RB-A1001
All versions of Rails below 5.2.4.2, and some versions of Rails 6 till 6.0.3 make it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
Rails version with XML DOS vulnerability detected RB-A1002
Selected versions of Rails 2, 3 & 4 are vulnerable to denial of service attacks via XML. Upgrading to newer versions of Rails can help fix this issue.
Rails version with file disclosure vulnerability detected RB-A1003
Selected versions of Rails 2, 3 & 4 are vulnerable to file disclosures. Upgrading to newer versions of Rails or disabling serving of static assets, if enabled, can help fix this issue.
Rails version with ActiveRecord symbol DOS vulnerability detected RB-A1004
Selected versions of Rails 2 & 3 are vulnerable to ActiveRecord symbol denial of service attacks. Upgrading to newer versions of Rails can help fix this issue.
Rails version vulnerable to timing attack in basic auth detected RB-A1006
Selected versions of Rails till version 4.2.5 are susceptible to timing attack in basic auth. Upgrading to newer versions of Rails can help fix this issue.
Project's rails & i18n gem versions are vulnerable to cross-site scripting (XSS) RB-A1007
The internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem. Upgrading to newer versions of Rails & i18n gem can help fix this issue.
Project's rails version is vulnerable to DoS on using render :text RB-A1011
Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the render: :text option, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers. Upgrading to newer versions of Rails can help fix this issue.
Rails version with SafeBuffer manipulation bug detected RB-A1005
Selected versions of Rails 3 contain the SafeBuffer bug. Upgrading to newer versions of Rails can help fix this issue.
Potential SSL verification bypass detected RB-DS1011
Requests to secure endpoints must not be made without verifying the SSL certificate. It can be fixed by setting use_ssl in the Net::HTTP object to true.
Audit: Calls to methods in IO class must be avoided RB-A1012
Calls to methods in the IO class must be avoided unless a command needs to be invoked intentionally.
Using insecure network protocol source RB-S1000
Passing symbol arguments to source (e.g. source :rubygems) is deprecated because they default to using HTTP requests. Instead, specify 'https://rubygems.org' if possible, or 'http://rubygems.org' if not.
Use of insecure YAML method detected RB-SC1005
Do not use YAML to load untrusted data. Doing so is unsafe and could allow malicious input to execute arbitrary code inside your application.