@runsec/mcp 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/dist/index.js +578 -0
  2. package/package.json +43 -0
  3. package/src/rules/data/rule-compliance-map.json +43563 -0
  4. package/src/rules/data/semgrep-rules/README-taint-overlays.md +21 -0
  5. package/src/rules/data/semgrep-rules/advanced-agent-cloud.yaml +802 -0
  6. package/src/rules/data/semgrep-rules/app-logic.yaml +445 -0
  7. package/src/rules/data/semgrep-rules/auth-keycloak.yaml +831 -0
  8. package/src/rules/data/semgrep-rules/browser-agent.yaml +260 -0
  9. package/src/rules/data/semgrep-rules/cloud-secrets.yaml +316 -0
  10. package/src/rules/data/semgrep-rules/csharp-dotnet.yaml +4864 -0
  11. package/src/rules/data/semgrep-rules/desktop-electron-pro.yaml +30 -0
  12. package/src/rules/data/semgrep-rules/desktop-vsto-suite.yaml +2759 -0
  13. package/src/rules/data/semgrep-rules/devops-security.yaml +393 -0
  14. package/src/rules/data/semgrep-rules/domain-access-management.yaml +1023 -0
  15. package/src/rules/data/semgrep-rules/domain-data-privacy.yaml +852 -0
  16. package/src/rules/data/semgrep-rules/domain-input-validation.yaml +2894 -0
  17. package/src/rules/data/semgrep-rules/domain-platform-hardening.yaml +1715 -0
  18. package/src/rules/data/semgrep-rules/ds-ml-security.yaml +2431 -0
  19. package/src/rules/data/semgrep-rules/fastapi-async.yaml +5953 -0
  20. package/src/rules/data/semgrep-rules/frontend-react.yaml +4035 -0
  21. package/src/rules/data/semgrep-rules/frontend-security.yaml +200 -0
  22. package/src/rules/data/semgrep-rules/go-core.yaml +4959 -0
  23. package/src/rules/data/semgrep-rules/hft-cpp-security.yaml +631 -0
  24. package/src/rules/data/semgrep-rules/infra-k8s-helm.yaml +4968 -0
  25. package/src/rules/data/semgrep-rules/integration-security.yaml +2362 -0
  26. package/src/rules/data/semgrep-rules/java-enterprise.yaml +14756 -0
  27. package/src/rules/data/semgrep-rules/java-spring.yaml +397 -0
  28. package/src/rules/data/semgrep-rules/license-compliance.yaml +186 -0
  29. package/src/rules/data/semgrep-rules/mobile-flutter.yaml +37 -0
  30. package/src/rules/data/semgrep-rules/mobile-security.yaml +721 -0
  31. package/src/rules/data/semgrep-rules/nodejs-nestjs.yaml +5164 -0
  32. package/src/rules/data/semgrep-rules/nodejs-security.yaml +326 -0
  33. package/src/rules/data/semgrep-rules/observability.yaml +381 -0
  34. package/src/rules/data/semgrep-rules/php-security.yaml +3601 -0
  35. package/src/rules/data/semgrep-rules/python-backend-pro.yaml +30 -0
  36. package/src/rules/data/semgrep-rules/python-django.yaml +181 -0
  37. package/src/rules/data/semgrep-rules/python-security.yaml +284 -0
  38. package/src/rules/data/semgrep-rules/ru-regulatory.yaml +496 -0
  39. package/src/rules/data/semgrep-rules/ruby-rails.yaml +3078 -0
  40. package/src/rules/data/semgrep-rules/rust-security.yaml +2701 -0
package/src/rules/data/semgrep-rules/ruby-rails.yaml ADDED
@@ -0,0 +1,3078 @@
1
+ rules:
2
+ - id: runsec.ruby-rails.ruby-001
3
+ metadata:
4
+ runsec_version: v1.0
5
+ confidence: |-
6
+ 0.9
7
+ exploit_scenario: |-
8
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
9
+ fix_template: |-
10
+ expr = params[:expr] raise "invalid" unless expr =~ /\\A[0-9+\\-*\\/(). ]{1,64}\\z/ ... result = safe_math_eval(expr)
11
+ pattern-either:
12
+ - pattern: |-
13
+ expr = params[:expr]
14
+ ...
15
+ result = eval(expr)
16
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-001\\b'
17
+ message: |-
18
+ RunSec Detection [RUBY-001]: CWE-94
19
+ languages:
20
+ - ruby
21
+ severity: WARNING
22
+ - id: runsec.ruby-rails.ruby-002
23
+ metadata:
24
+ runsec_version: v1.0
25
+ confidence: |-
26
+ 0.9
27
+ exploit_scenario: |-
28
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
29
+ fix_template: |-
30
+ action = params[:action] allowed = { "uptime" => ["uptime"] } raise "blocked" unless allowed.key?(action) ... Open3.capture2e(*allowed[action])
31
+ pattern-either:
32
+ - pattern: |-
33
+ cmd = params[:cmd]
34
+ ...
35
+ system(cmd)
36
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-002\\b'
37
+ message: |-
38
+ RunSec Detection [RUBY-002]: CWE-78
39
+ languages:
40
+ - ruby
41
+ severity: WARNING
42
+ - id: runsec.ruby-rails.ruby-003
43
+ metadata:
44
+ runsec_version: v1.0
45
+ confidence: |-
46
+ 0.9
47
+ exploit_scenario: |-
48
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
49
+ fix_template: |-
50
+ host = params[:host] raise "invalid" unless host =~ /\\A[a-zA-Z0-9.-]{1,255}\\z/ ... out, _ = Open3.capture2e("ping", "-c", "1", host)
51
+ pattern-either:
52
+ - pattern: |-
53
+ host = params[:host]
54
+ ...
55
+ out = ping -c 1 #{host}
56
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-003\\b'
57
+ message: |-
58
+ RunSec Detection [RUBY-003]: CWE-77
59
+ languages:
60
+ - ruby
61
+ severity: WARNING
62
+ - id: runsec.ruby-rails.ruby-004
63
+ metadata:
64
+ runsec_version: v1.0
65
+ confidence: |-
66
+ 0.9
67
+ exploit_scenario: |-
68
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
69
+ fix_template: |-
70
+ allow = { "HealthHandler" => HealthHandler } key = params[:klass] raise "blocked" unless allow.key?(key) ... allow[key].new.call
71
+ pattern-either:
72
+ - pattern: |-
73
+ klass = params[:klass].constantize
74
+ ...
75
+ klass.new.call
76
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-004\\b'
77
+ message: |-
78
+ RunSec Detection [RUBY-004]: CWE-470
79
+ languages:
80
+ - ruby
81
+ severity: WARNING
82
+ - id: runsec.ruby-rails.ruby-005
83
+ metadata:
84
+ runsec_version: v1.0
85
+ confidence: |-
86
+ 0.9
87
+ exploit_scenario: |-
88
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
89
+ fix_template: |-
90
+ method = params[:method] allowed = %w[health status] raise "blocked" unless allowed.include?(method) ... service.public_send(method)
91
+ pattern-either:
92
+ - pattern: |-
93
+ method = params[:method]
94
+ ...
95
+ service.send(method)
96
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-005\\b'
97
+ message: |-
98
+ RunSec Detection [RUBY-005]: CWE-74
99
+ languages:
100
+ - ruby
101
+ severity: WARNING
102
+ - id: runsec.ruby-rails.ruby-006
103
+ metadata:
104
+ runsec_version: v1.0
105
+ confidence: |-
106
+ 0.9
107
+ exploit_scenario: |-
108
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
109
+ fix_template: |-
110
+ name = params[:template_name] allowed = %w[welcome invoice] raise "blocked" unless allowed.include?(name) ... render template: "safe/#{name}"
111
+ pattern-either:
112
+ - pattern: |-
113
+ tpl = params[:template]
114
+ ...
115
+ ERB.new(tpl).result(binding)
116
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-006\\b'
117
+ message: |-
118
+ RunSec Detection [RUBY-006]: CWE-94
119
+ languages:
120
+ - ruby
121
+ severity: WARNING
122
+ - id: runsec.ruby-rails.ruby-007
123
+ metadata:
124
+ runsec_version: v1.0
125
+ confidence: |-
126
+ 0.9
127
+ exploit_scenario: |-
128
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
129
+ fix_template: |-
130
+ order = params[:order] order = "name" unless %w[name created_at].include?(order) ... User.order(order)
131
+ pattern-either:
132
+ - pattern: |-
133
+ order = params[:order]
134
+ ...
135
+ User.order(order)
136
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-007\\b'
137
+ message: |-
138
+ RunSec Detection [RUBY-007]: CWE-74
139
+ languages:
140
+ - ruby
141
+ severity: WARNING
142
+ - id: runsec.ruby-rails.ruby-008
143
+ metadata:
144
+ runsec_version: v1.0
145
+ confidence: |-
146
+ 0.9
147
+ exploit_scenario: |-
148
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
149
+ fix_template: |-
150
+ blob = params[:blob] ... obj = YAML.safe_load(blob, permitted_classes: [], aliases: false)
151
+ pattern-either:
152
+ - pattern: |-
153
+ blob = params[:blob]
154
+ ...
155
+ obj = YAML.load(blob)
156
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-008\\b'
157
+ message: |-
158
+ RunSec Detection [RUBY-008]: CWE-95
159
+ languages:
160
+ - ruby
161
+ severity: WARNING
162
+ - id: runsec.ruby-rails.ruby-009
163
+ metadata:
164
+ runsec_version: v1.0
165
+ confidence: |-
166
+ 0.9
167
+ exploit_scenario: |-
168
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
169
+ fix_template: |-
170
+ allowed = params.require(:user).permit(:email, :display_name) user.update(allowed)
171
+ pattern-either:
172
+ - pattern: |-
173
+ user.update(params[:user])
174
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-009\\b'
175
+ message: |-
176
+ RunSec Detection [RUBY-009]: CWE-915
177
+ languages:
178
+ - ruby
179
+ severity: WARNING
180
+ - id: runsec.ruby-rails.ruby-010
181
+ metadata:
182
+ runsec_version: v1.0
183
+ confidence: |-
184
+ 0.9
185
+ exploit_scenario: |-
186
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
187
+ fix_template: |-
188
+ name = params[:name] raise "blocked" unless %w[home about].include?(name) render template: "pages/#{name}"
189
+ pattern-either:
190
+ - pattern: |-
191
+ render file: params[:path]
192
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-010\\b'
193
+ message: |-
194
+ RunSec Detection [RUBY-010]: CWE-22
195
+ languages:
196
+ - ruby
197
+ severity: WARNING
198
+ - id: runsec.ruby-rails.ruby-011
199
+ metadata:
200
+ runsec_version: v1.0
201
+ confidence: |-
202
+ 0.9
203
+ exploit_scenario: |-
204
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
205
+ fix_template: |-
206
+ obj = YAML.safe_load(params[:payload], permitted_classes: [], aliases: false)
207
+ pattern-either:
208
+ - pattern: |-
209
+ obj = YAML.load(params[:payload])
210
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-011\\b'
211
+ message: |-
212
+ RunSec Detection [RUBY-011]: CWE-502
213
+ languages:
214
+ - ruby
215
+ severity: WARNING
216
+ - id: runsec.ruby-rails.ruby-012
217
+ metadata:
218
+ runsec_version: v1.0
219
+ confidence: |-
220
+ 0.9
221
+ exploit_scenario: |-
222
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
223
+ fix_template: |-
224
+ allowed = {"uptime" => ["uptime"]} cmd = params[:action] raise "blocked" unless allowed.key?(cmd) Open3.capture2e(*allowed[cmd])
225
+ pattern-either:
226
+ - pattern: |-
227
+ out = %x(#{params[:cmd]})
228
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-012\\b'
229
+ message: |-
230
+ RunSec Detection [RUBY-012]: CWE-78
231
+ languages:
232
+ - ruby
233
+ severity: WARNING
234
+ - id: runsec.ruby-rails.ruby-013
235
+ metadata:
236
+ runsec_version: v1.0
237
+ confidence: |-
238
+ 0.9
239
+ exploit_scenario: |-
240
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
241
+ fix_template: |-
242
+ next_url = params[:next] next_url = root_path unless next_url&.start_with?("/") redirect_to next_url
243
+ pattern-either:
244
+ - pattern: |-
245
+ redirect_to params[:next]
246
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-013\\b'
247
+ message: |-
248
+ RunSec Detection [RUBY-013]: CWE-601
249
+ languages:
250
+ - ruby
251
+ severity: WARNING
252
+ - id: runsec.ruby-rails.ruby-014
253
+ metadata:
254
+ runsec_version: v1.0
255
+ confidence: |-
256
+ 0.9
257
+ exploit_scenario: |-
258
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
259
+ fix_template: |-
260
+ cookies[:session] = { value: token, httponly: true, secure: true, same_site: :strict }
261
+ pattern-either:
262
+ - pattern: |-
263
+ cookies[:session] = token
264
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-014\\b'
265
+ message: |-
266
+ RunSec Detection [RUBY-014]: CWE-614
267
+ languages:
268
+ - ruby
269
+ severity: WARNING
270
+ - id: runsec.ruby-rails.ruby-015
271
+ metadata:
272
+ runsec_version: v1.0
273
+ confidence: |-
274
+ 0.9
275
+ exploit_scenario: |-
276
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
277
+ fix_template: |-
278
+ JWT_SECRET = ENV.fetch("JWT_SECRET")
279
+ pattern-either:
280
+ - pattern: |-
281
+ JWT_SECRET = "prod-secret-123"
282
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-015\\b'
283
+ message: |-
284
+ RunSec Detection [RUBY-015]: CWE-798
285
+ languages:
286
+ - ruby
287
+ severity: WARNING
288
+ - id: runsec.ruby-rails.ruby-016
289
+ metadata:
290
+ runsec_version: v1.0
291
+ confidence: |-
292
+ 0.9
293
+ exploit_scenario: |-
294
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
295
+ fix_template: |-
296
+ Digest::SHA256.hexdigest(password + salt)
297
+ pattern-either:
298
+ - pattern: |-
299
+ Digest::MD5.hexdigest(password)
300
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-016\\b'
301
+ message: |-
302
+ RunSec Detection [RUBY-016]: CWE-327
303
+ languages:
304
+ - ruby
305
+ severity: WARNING
306
+ - id: runsec.ruby-rails.ruby-017
307
+ metadata:
308
+ runsec_version: v1.0
309
+ confidence: |-
310
+ 0.9
311
+ exploit_scenario: |-
312
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
313
+ fix_template: |-
314
+ uri = URI(params[:url]) raise "blocked" unless ALLOWED_HOSTS.include?(uri.host) Net::HTTP.get(uri)
315
+ pattern-either:
316
+ - pattern: |-
317
+ uri = URI(params[:url])
318
+ Net::HTTP.get(uri)
319
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-017\\b'
320
+ message: |-
321
+ RunSec Detection [RUBY-017]: CWE-918
322
+ languages:
323
+ - ruby
324
+ severity: WARNING
325
+ - id: runsec.ruby-rails.ruby-018
326
+ metadata:
327
+ runsec_version: v1.0
328
+ confidence: |-
329
+ 0.9
330
+ exploit_scenario: |-
331
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
332
+ fix_template: |-
333
+ allow = {"ReportJob" => ReportJob} klass = allow.fetch(params[:klass])
334
+ pattern-either:
335
+ - pattern: |-
336
+ klass = params[:klass].constantize
337
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-018\\b'
338
+ message: |-
339
+ RunSec Detection [RUBY-018]: CWE-470
340
+ languages:
341
+ - ruby
342
+ severity: WARNING
343
+ - id: runsec.ruby-rails.ruby-019
344
+ metadata:
345
+ runsec_version: v1.0
346
+ confidence: |-
347
+ 0.9
348
+ exploit_scenario: |-
349
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
350
+ fix_template: |-
351
+ if Rails.env.development? get "/debug/env", to: "debug#env" end
352
+ pattern-either:
353
+ - pattern: |-
354
+ get "/debug/env", to: proc { [200, {}, [ENV.to_h.to_s]] }
355
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-019\\b'
356
+ message: |-
357
+ RunSec Detection [RUBY-019]: CWE-489
358
+ languages:
359
+ - ruby
360
+ severity: WARNING
361
+ - id: runsec.ruby-rails.ruby-020
362
+ metadata:
363
+ runsec_version: v1.0
364
+ confidence: |-
365
+ 0.9
366
+ exploit_scenario: |-
367
+ Атакующий доставляет входные данные, соответствующие anti-pattern; реальный ущерб зависит от приёмника (sink), конфигурации и границ доверия.
368
+ fix_template: |-
369
+ Rails.logger.error(e.full_message) render json: { error: "internal server error" }, status: 500
370
+ pattern-either:
371
+ - pattern: |-
372
+ render json: { error: e.message, backtrace: e.backtrace }, status: 500
373
+ - pattern-regex: 'Vulnerable:\\s*RUBY\\-020\\b'
374
+ message: |-
375
+ RunSec Detection [RUBY-020]: CWE-209
376
+ languages:
377
+ - ruby
378
+ severity: WARNING
379
+ - id: runsec.ruby-rails.rubyx-021
380
+ metadata:
381
+ runsec_version: v1.0
382
+ confidence: |-
383
+ 0.9
384
+ exploit_scenario: |-
385
+ Unfiltered params permit privilege field overwrite.
386
+ fix_template: |-
387
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
388
+ pattern-either:
389
+ - pattern: |-
390
+ user.update(params[:user])
391
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-021\\b'
392
+ message: |-
393
+ RunSec Detection [RUBYX-021]: CWE-915
394
+ languages:
395
+ - ruby
396
+ severity: WARNING
397
+ - id: runsec.ruby-rails.rubyx-022
398
+ metadata:
399
+ runsec_version: v1.0
400
+ confidence: |-
401
+ 0.9
402
+ exploit_scenario: |-
403
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
404
+ fix_template: |-
405
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
406
+ pattern-either:
407
+ - pattern: |-
408
+ render file: params[:path]
409
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-022\\b'
410
+ message: |-
411
+ RunSec Detection [RUBYX-022]: CWE-22
412
+ languages:
413
+ - ruby
414
+ severity: WARNING
415
+ - id: runsec.ruby-rails.rubyx-023
416
+ metadata:
417
+ runsec_version: v1.0
418
+ confidence: |-
419
+ 0.9
420
+ exploit_scenario: |-
421
+ YAML object deserialization can invoke attacker-controlled classes.
422
+ fix_template: |-
423
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
424
+ pattern-either:
425
+ - pattern: |-
426
+ obj = YAML.load(params[:payload])
427
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-023\\b'
428
+ message: |-
429
+ RunSec Detection [RUBYX-023]: CWE-502
430
+ languages:
431
+ - ruby
432
+ severity: WARNING
433
+ - id: runsec.ruby-rails.rubyx-024
434
+ metadata:
435
+ runsec_version: v1.0
436
+ confidence: |-
437
+ 0.9
438
+ exploit_scenario: |-
439
+ Marshal payload can trigger gadget chain execution.
440
+ fix_template: |-
441
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
442
+ pattern-either:
443
+ - pattern: |-
444
+ obj = Marshal.load(Base64.decode64(params[:blob]))
445
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-024\\b'
446
+ message: |-
447
+ RunSec Detection [RUBYX-024]: CWE-502
448
+ languages:
449
+ - ruby
450
+ severity: WARNING
451
+ - id: runsec.ruby-rails.rubyx-025
452
+ metadata:
453
+ runsec_version: v1.0
454
+ confidence: |-
455
+ 0.9
456
+ exploit_scenario: |-
457
+ Direct object lookup by id allows cross-account data access.
458
+ fix_template: |-
459
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
460
+ pattern-either:
461
+ - pattern: |-
462
+ order = Order.find(params[:id])
463
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-025\\b'
464
+ message: |-
465
+ RunSec Detection [RUBYX-025]: CWE-639
466
+ languages:
467
+ - ruby
468
+ severity: WARNING
469
+ - id: runsec.ruby-rails.rubyx-026
470
+ metadata:
471
+ runsec_version: v1.0
472
+ confidence: |-
473
+ 0.9
474
+ exploit_scenario: |-
475
+ Unfiltered params permit privilege field overwrite.
476
+ fix_template: |-
477
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
478
+ pattern-either:
479
+ - pattern: |-
480
+ user.update(params[:user])
481
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-026\\b'
482
+ message: |-
483
+ RunSec Detection [RUBYX-026]: CWE-915
484
+ languages:
485
+ - ruby
486
+ severity: WARNING
487
+ - id: runsec.ruby-rails.rubyx-027
488
+ metadata:
489
+ runsec_version: v1.0
490
+ confidence: |-
491
+ 0.9
492
+ exploit_scenario: |-
493
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
494
+ fix_template: |-
495
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
496
+ pattern-either:
497
+ - pattern: |-
498
+ render file: params[:path]
499
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-027\\b'
500
+ message: |-
501
+ RunSec Detection [RUBYX-027]: CWE-22
502
+ languages:
503
+ - ruby
504
+ severity: WARNING
505
+ - id: runsec.ruby-rails.rubyx-028
506
+ metadata:
507
+ runsec_version: v1.0
508
+ confidence: |-
509
+ 0.9
510
+ exploit_scenario: |-
511
+ YAML object deserialization can invoke attacker-controlled classes.
512
+ fix_template: |-
513
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
514
+ pattern-either:
515
+ - pattern: |-
516
+ obj = YAML.load(params[:payload])
517
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-028\\b'
518
+ message: |-
519
+ RunSec Detection [RUBYX-028]: CWE-502
520
+ languages:
521
+ - ruby
522
+ severity: WARNING
523
+ - id: runsec.ruby-rails.rubyx-029
524
+ metadata:
525
+ runsec_version: v1.0
526
+ confidence: |-
527
+ 0.9
528
+ exploit_scenario: |-
529
+ Marshal payload can trigger gadget chain execution.
530
+ fix_template: |-
531
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
532
+ pattern-either:
533
+ - pattern: |-
534
+ obj = Marshal.load(Base64.decode64(params[:blob]))
535
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-029\\b'
536
+ message: |-
537
+ RunSec Detection [RUBYX-029]: CWE-502
538
+ languages:
539
+ - ruby
540
+ severity: WARNING
541
+ - id: runsec.ruby-rails.rubyx-030
542
+ metadata:
543
+ runsec_version: v1.0
544
+ confidence: |-
545
+ 0.9
546
+ exploit_scenario: |-
547
+ Direct object lookup by id allows cross-account data access.
548
+ fix_template: |-
549
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
550
+ pattern-either:
551
+ - pattern: |-
552
+ order = Order.find(params[:id])
553
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-030\\b'
554
+ message: |-
555
+ RunSec Detection [RUBYX-030]: CWE-639
556
+ languages:
557
+ - ruby
558
+ severity: WARNING
559
+ - id: runsec.ruby-rails.rubyx-031
560
+ metadata:
561
+ runsec_version: v1.0
562
+ confidence: |-
563
+ 0.9
564
+ exploit_scenario: |-
565
+ Unfiltered params permit privilege field overwrite.
566
+ fix_template: |-
567
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
568
+ pattern-either:
569
+ - pattern: |-
570
+ user.update(params[:user])
571
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-031\\b'
572
+ message: |-
573
+ RunSec Detection [RUBYX-031]: CWE-915
574
+ languages:
575
+ - ruby
576
+ severity: WARNING
577
+ - id: runsec.ruby-rails.rubyx-032
578
+ metadata:
579
+ runsec_version: v1.0
580
+ confidence: |-
581
+ 0.9
582
+ exploit_scenario: |-
583
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
584
+ fix_template: |-
585
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
586
+ pattern-either:
587
+ - pattern: |-
588
+ render file: params[:path]
589
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-032\\b'
590
+ message: |-
591
+ RunSec Detection [RUBYX-032]: CWE-22
592
+ languages:
593
+ - ruby
594
+ severity: WARNING
595
+ - id: runsec.ruby-rails.rubyx-033
596
+ metadata:
597
+ runsec_version: v1.0
598
+ confidence: |-
599
+ 0.9
600
+ exploit_scenario: |-
601
+ YAML object deserialization can invoke attacker-controlled classes.
602
+ fix_template: |-
603
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
604
+ pattern-either:
605
+ - pattern: |-
606
+ obj = YAML.load(params[:payload])
607
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-033\\b'
608
+ message: |-
609
+ RunSec Detection [RUBYX-033]: CWE-502
610
+ languages:
611
+ - ruby
612
+ severity: WARNING
613
+ - id: runsec.ruby-rails.rubyx-034
614
+ metadata:
615
+ runsec_version: v1.0
616
+ confidence: |-
617
+ 0.9
618
+ exploit_scenario: |-
619
+ Marshal payload can trigger gadget chain execution.
620
+ fix_template: |-
621
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
622
+ pattern-either:
623
+ - pattern: |-
624
+ obj = Marshal.load(Base64.decode64(params[:blob]))
625
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-034\\b'
626
+ message: |-
627
+ RunSec Detection [RUBYX-034]: CWE-502
628
+ languages:
629
+ - ruby
630
+ severity: WARNING
631
+ - id: runsec.ruby-rails.rubyx-035
632
+ metadata:
633
+ runsec_version: v1.0
634
+ confidence: |-
635
+ 0.9
636
+ exploit_scenario: |-
637
+ Direct object lookup by id allows cross-account data access.
638
+ fix_template: |-
639
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
640
+ pattern-either:
641
+ - pattern: |-
642
+ order = Order.find(params[:id])
643
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-035\\b'
644
+ message: |-
645
+ RunSec Detection [RUBYX-035]: CWE-639
646
+ languages:
647
+ - ruby
648
+ severity: WARNING
649
+ - id: runsec.ruby-rails.rubyx-036
650
+ metadata:
651
+ runsec_version: v1.0
652
+ confidence: |-
653
+ 0.9
654
+ exploit_scenario: |-
655
+ Unfiltered params permit privilege field overwrite.
656
+ fix_template: |-
657
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
658
+ pattern-either:
659
+ - pattern: |-
660
+ user.update(params[:user])
661
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-036\\b'
662
+ message: |-
663
+ RunSec Detection [RUBYX-036]: CWE-915
664
+ languages:
665
+ - ruby
666
+ severity: WARNING
667
+ - id: runsec.ruby-rails.rubyx-037
668
+ metadata:
669
+ runsec_version: v1.0
670
+ confidence: |-
671
+ 0.9
672
+ exploit_scenario: |-
673
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
674
+ fix_template: |-
675
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
676
+ pattern-either:
677
+ - pattern: |-
678
+ render file: params[:path]
679
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-037\\b'
680
+ message: |-
681
+ RunSec Detection [RUBYX-037]: CWE-22
682
+ languages:
683
+ - ruby
684
+ severity: WARNING
685
+ - id: runsec.ruby-rails.rubyx-038
686
+ metadata:
687
+ runsec_version: v1.0
688
+ confidence: |-
689
+ 0.9
690
+ exploit_scenario: |-
691
+ YAML object deserialization can invoke attacker-controlled classes.
692
+ fix_template: |-
693
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
694
+ pattern-either:
695
+ - pattern: |-
696
+ obj = YAML.load(params[:payload])
697
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-038\\b'
698
+ message: |-
699
+ RunSec Detection [RUBYX-038]: CWE-502
700
+ languages:
701
+ - ruby
702
+ severity: WARNING
703
+ - id: runsec.ruby-rails.rubyx-039
704
+ metadata:
705
+ runsec_version: v1.0
706
+ confidence: |-
707
+ 0.9
708
+ exploit_scenario: |-
709
+ Marshal payload can trigger gadget chain execution.
710
+ fix_template: |-
711
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
712
+ pattern-either:
713
+ - pattern: |-
714
+ obj = Marshal.load(Base64.decode64(params[:blob]))
715
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-039\\b'
716
+ message: |-
717
+ RunSec Detection [RUBYX-039]: CWE-502
718
+ languages:
719
+ - ruby
720
+ severity: WARNING
721
+ - id: runsec.ruby-rails.rubyx-040
722
+ metadata:
723
+ runsec_version: v1.0
724
+ confidence: |-
725
+ 0.9
726
+ exploit_scenario: |-
727
+ Direct object lookup by id allows cross-account data access.
728
+ fix_template: |-
729
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
730
+ pattern-either:
731
+ - pattern: |-
732
+ order = Order.find(params[:id])
733
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-040\\b'
734
+ message: |-
735
+ RunSec Detection [RUBYX-040]: CWE-639
736
+ languages:
737
+ - ruby
738
+ severity: WARNING
739
+ - id: runsec.ruby-rails.rubyx-041
740
+ metadata:
741
+ runsec_version: v1.0
742
+ confidence: |-
743
+ 0.9
744
+ exploit_scenario: |-
745
+ Unfiltered params permit privilege field overwrite.
746
+ fix_template: |-
747
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
748
+ pattern-either:
749
+ - pattern: |-
750
+ user.update(params[:user])
751
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-041\\b'
752
+ message: |-
753
+ RunSec Detection [RUBYX-041]: CWE-915
754
+ languages:
755
+ - ruby
756
+ severity: WARNING
757
+ - id: runsec.ruby-rails.rubyx-042
758
+ metadata:
759
+ runsec_version: v1.0
760
+ confidence: |-
761
+ 0.9
762
+ exploit_scenario: |-
763
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
764
+ fix_template: |-
765
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
766
+ pattern-either:
767
+ - pattern: |-
768
+ render file: params[:path]
769
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-042\\b'
770
+ message: |-
771
+ RunSec Detection [RUBYX-042]: CWE-22
772
+ languages:
773
+ - ruby
774
+ severity: WARNING
775
+ - id: runsec.ruby-rails.rubyx-043
776
+ metadata:
777
+ runsec_version: v1.0
778
+ confidence: |-
779
+ 0.9
780
+ exploit_scenario: |-
781
+ YAML object deserialization can invoke attacker-controlled classes.
782
+ fix_template: |-
783
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
784
+ pattern-either:
785
+ - pattern: |-
786
+ obj = YAML.load(params[:payload])
787
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-043\\b'
788
+ message: |-
789
+ RunSec Detection [RUBYX-043]: CWE-502
790
+ languages:
791
+ - ruby
792
+ severity: WARNING
793
+ - id: runsec.ruby-rails.rubyx-044
794
+ metadata:
795
+ runsec_version: v1.0
796
+ confidence: |-
797
+ 0.9
798
+ exploit_scenario: |-
799
+ Marshal payload can trigger gadget chain execution.
800
+ fix_template: |-
801
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
802
+ pattern-either:
803
+ - pattern: |-
804
+ obj = Marshal.load(Base64.decode64(params[:blob]))
805
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-044\\b'
806
+ message: |-
807
+ RunSec Detection [RUBYX-044]: CWE-502
808
+ languages:
809
+ - ruby
810
+ severity: WARNING
811
+ - id: runsec.ruby-rails.rubyx-045
812
+ metadata:
813
+ runsec_version: v1.0
814
+ confidence: |-
815
+ 0.9
816
+ exploit_scenario: |-
817
+ Direct object lookup by id allows cross-account data access.
818
+ fix_template: |-
819
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
820
+ pattern-either:
821
+ - pattern: |-
822
+ order = Order.find(params[:id])
823
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-045\\b'
824
+ message: |-
825
+ RunSec Detection [RUBYX-045]: CWE-639
826
+ languages:
827
+ - ruby
828
+ severity: WARNING
829
+ - id: runsec.ruby-rails.rubyx-046
830
+ metadata:
831
+ runsec_version: v1.0
832
+ confidence: |-
833
+ 0.9
834
+ exploit_scenario: |-
835
+ Unfiltered params permit privilege field overwrite.
836
+ fix_template: |-
837
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
838
+ pattern-either:
839
+ - pattern: |-
840
+ user.update(params[:user])
841
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-046\\b'
842
+ message: |-
843
+ RunSec Detection [RUBYX-046]: CWE-915
844
+ languages:
845
+ - ruby
846
+ severity: WARNING
847
+ - id: runsec.ruby-rails.rubyx-047
848
+ metadata:
849
+ runsec_version: v1.0
850
+ confidence: |-
851
+ 0.9
852
+ exploit_scenario: |-
853
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
854
+ fix_template: |-
855
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
856
+ pattern-either:
857
+ - pattern: |-
858
+ render file: params[:path]
859
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-047\\b'
860
+ message: |-
861
+ RunSec Detection [RUBYX-047]: CWE-22
862
+ languages:
863
+ - ruby
864
+ severity: WARNING
865
+ - id: runsec.ruby-rails.rubyx-048
866
+ metadata:
867
+ runsec_version: v1.0
868
+ confidence: |-
869
+ 0.9
870
+ exploit_scenario: |-
871
+ YAML object deserialization can invoke attacker-controlled classes.
872
+ fix_template: |-
873
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
874
+ pattern-either:
875
+ - pattern: |-
876
+ obj = YAML.load(params[:payload])
877
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-048\\b'
878
+ message: |-
879
+ RunSec Detection [RUBYX-048]: CWE-502
880
+ languages:
881
+ - ruby
882
+ severity: WARNING
883
+ - id: runsec.ruby-rails.rubyx-049
884
+ metadata:
885
+ runsec_version: v1.0
886
+ confidence: |-
887
+ 0.9
888
+ exploit_scenario: |-
889
+ Marshal payload can trigger gadget chain execution.
890
+ fix_template: |-
891
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
892
+ pattern-either:
893
+ - pattern: |-
894
+ obj = Marshal.load(Base64.decode64(params[:blob]))
895
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-049\\b'
896
+ message: |-
897
+ RunSec Detection [RUBYX-049]: CWE-502
898
+ languages:
899
+ - ruby
900
+ severity: WARNING
901
+ - id: runsec.ruby-rails.rubyx-050
902
+ metadata:
903
+ runsec_version: v1.0
904
+ confidence: |-
905
+ 0.9
906
+ exploit_scenario: |-
907
+ Direct object lookup by id allows cross-account data access.
908
+ fix_template: |-
909
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
910
+ pattern-either:
911
+ - pattern: |-
912
+ order = Order.find(params[:id])
913
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-050\\b'
914
+ message: |-
915
+ RunSec Detection [RUBYX-050]: CWE-639
916
+ languages:
917
+ - ruby
918
+ severity: WARNING
919
+ - id: runsec.ruby-rails.rubyx-051
920
+ metadata:
921
+ runsec_version: v1.0
922
+ confidence: |-
923
+ 0.9
924
+ exploit_scenario: |-
925
+ Unfiltered params permit privilege field overwrite.
926
+ fix_template: |-
927
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
928
+ pattern-either:
929
+ - pattern: |-
930
+ user.update(params[:user])
931
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-051\\b'
932
+ message: |-
933
+ RunSec Detection [RUBYX-051]: CWE-915
934
+ languages:
935
+ - ruby
936
+ severity: WARNING
937
+ - id: runsec.ruby-rails.rubyx-052
938
+ metadata:
939
+ runsec_version: v1.0
940
+ confidence: |-
941
+ 0.9
942
+ exploit_scenario: |-
943
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
944
+ fix_template: |-
945
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
946
+ pattern-either:
947
+ - pattern: |-
948
+ render file: params[:path]
949
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-052\\b'
950
+ message: |-
951
+ RunSec Detection [RUBYX-052]: CWE-22
952
+ languages:
953
+ - ruby
954
+ severity: WARNING
955
+ - id: runsec.ruby-rails.rubyx-053
956
+ metadata:
957
+ runsec_version: v1.0
958
+ confidence: |-
959
+ 0.9
960
+ exploit_scenario: |-
961
+ YAML object deserialization can invoke attacker-controlled classes.
962
+ fix_template: |-
963
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
964
+ pattern-either:
965
+ - pattern: |-
966
+ obj = YAML.load(params[:payload])
967
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-053\\b'
968
+ message: |-
969
+ RunSec Detection [RUBYX-053]: CWE-502
970
+ languages:
971
+ - ruby
972
+ severity: WARNING
973
+ - id: runsec.ruby-rails.rubyx-054
974
+ metadata:
975
+ runsec_version: v1.0
976
+ confidence: |-
977
+ 0.9
978
+ exploit_scenario: |-
979
+ Marshal payload can trigger gadget chain execution.
980
+ fix_template: |-
981
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
982
+ pattern-either:
983
+ - pattern: |-
984
+ obj = Marshal.load(Base64.decode64(params[:blob]))
985
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-054\\b'
986
+ message: |-
987
+ RunSec Detection [RUBYX-054]: CWE-502
988
+ languages:
989
+ - ruby
990
+ severity: WARNING
991
+ - id: runsec.ruby-rails.rubyx-055
992
+ metadata:
993
+ runsec_version: v1.0
994
+ confidence: |-
995
+ 0.9
996
+ exploit_scenario: |-
997
+ Direct object lookup by id allows cross-account data access.
998
+ fix_template: |-
999
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1000
+ pattern-either:
1001
+ - pattern: |-
1002
+ order = Order.find(params[:id])
1003
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-055\\b'
1004
+ message: |-
1005
+ RunSec Detection [RUBYX-055]: CWE-639
1006
+ languages:
1007
+ - ruby
1008
+ severity: WARNING
1009
+ - id: runsec.ruby-rails.rubyx-056
1010
+ metadata:
1011
+ runsec_version: v1.0
1012
+ confidence: |-
1013
+ 0.9
1014
+ exploit_scenario: |-
1015
+ Unfiltered params permit privilege field overwrite.
1016
+ fix_template: |-
1017
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1018
+ pattern-either:
1019
+ - pattern: |-
1020
+ user.update(params[:user])
1021
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-056\\b'
1022
+ message: |-
1023
+ RunSec Detection [RUBYX-056]: CWE-915
1024
+ languages:
1025
+ - ruby
1026
+ severity: WARNING
1027
+ - id: runsec.ruby-rails.rubyx-057
1028
+ metadata:
1029
+ runsec_version: v1.0
1030
+ confidence: |-
1031
+ 0.9
1032
+ exploit_scenario: |-
1033
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
1034
+ fix_template: |-
1035
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1036
+ pattern-either:
1037
+ - pattern: |-
1038
+ render file: params[:path]
1039
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-057\\b'
1040
+ message: |-
1041
+ RunSec Detection [RUBYX-057]: CWE-22
1042
+ languages:
1043
+ - ruby
1044
+ severity: WARNING
1045
+ - id: runsec.ruby-rails.rubyx-058
1046
+ metadata:
1047
+ runsec_version: v1.0
1048
+ confidence: |-
1049
+ 0.9
1050
+ exploit_scenario: |-
1051
+ YAML object deserialization can invoke attacker-controlled classes.
1052
+ fix_template: |-
1053
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1054
+ pattern-either:
1055
+ - pattern: |-
1056
+ obj = YAML.load(params[:payload])
1057
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-058\\b'
1058
+ message: |-
1059
+ RunSec Detection [RUBYX-058]: CWE-502
1060
+ languages:
1061
+ - ruby
1062
+ severity: WARNING
1063
+ - id: runsec.ruby-rails.rubyx-059
1064
+ metadata:
1065
+ runsec_version: v1.0
1066
+ confidence: |-
1067
+ 0.9
1068
+ exploit_scenario: |-
1069
+ Marshal payload can trigger gadget chain execution.
1070
+ fix_template: |-
1071
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1072
+ pattern-either:
1073
+ - pattern: |-
1074
+ obj = Marshal.load(Base64.decode64(params[:blob]))
1075
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-059\\b'
1076
+ message: |-
1077
+ RunSec Detection [RUBYX-059]: CWE-502
1078
+ languages:
1079
+ - ruby
1080
+ severity: WARNING
1081
+ - id: runsec.ruby-rails.rubyx-060
1082
+ metadata:
1083
+ runsec_version: v1.0
1084
+ confidence: |-
1085
+ 0.9
1086
+ exploit_scenario: |-
1087
+ Direct object lookup by id allows cross-account data access.
1088
+ fix_template: |-
1089
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1090
+ pattern-either:
1091
+ - pattern: |-
1092
+ order = Order.find(params[:id])
1093
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-060\\b'
1094
+ message: |-
1095
+ RunSec Detection [RUBYX-060]: CWE-639
1096
+ languages:
1097
+ - ruby
1098
+ severity: WARNING
1099
+ - id: runsec.ruby-rails.rubyx-061
1100
+ metadata:
1101
+ runsec_version: v1.0
1102
+ confidence: |-
1103
+ 0.9
1104
+ exploit_scenario: |-
1105
+ Unfiltered params permit privilege field overwrite.
1106
+ fix_template: |-
1107
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1108
+ pattern-either:
1109
+ - pattern: |-
1110
+ user.update(params[:user])
1111
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-061\\b'
1112
+ message: |-
1113
+ RunSec Detection [RUBYX-061]: CWE-915
1114
+ languages:
1115
+ - ruby
1116
+ severity: WARNING
1117
+ - id: runsec.ruby-rails.rubyx-062
1118
+ metadata:
1119
+ runsec_version: v1.0
1120
+ confidence: |-
1121
+ 0.9
1122
+ exploit_scenario: |-
1123
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
1124
+ fix_template: |-
1125
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1126
+ pattern-either:
1127
+ - pattern: |-
1128
+ render file: params[:path]
1129
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-062\\b'
1130
+ message: |-
1131
+ RunSec Detection [RUBYX-062]: CWE-22
1132
+ languages:
1133
+ - ruby
1134
+ severity: WARNING
1135
+ - id: runsec.ruby-rails.rubyx-063
1136
+ metadata:
1137
+ runsec_version: v1.0
1138
+ confidence: |-
1139
+ 0.9
1140
+ exploit_scenario: |-
1141
+ YAML object deserialization can invoke attacker-controlled classes.
1142
+ fix_template: |-
1143
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1144
+ pattern-either:
1145
+ - pattern: |-
1146
+ obj = YAML.load(params[:payload])
1147
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-063\\b'
1148
+ message: |-
1149
+ RunSec Detection [RUBYX-063]: CWE-502
1150
+ languages:
1151
+ - ruby
1152
+ severity: WARNING
1153
+ - id: runsec.ruby-rails.rubyx-064
1154
+ metadata:
1155
+ runsec_version: v1.0
1156
+ confidence: |-
1157
+ 0.9
1158
+ exploit_scenario: |-
1159
+ Marshal payload can trigger gadget chain execution.
1160
+ fix_template: |-
1161
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1162
+ pattern-either:
1163
+ - pattern: |-
1164
+ obj = Marshal.load(Base64.decode64(params[:blob]))
1165
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-064\\b'
1166
+ message: |-
1167
+ RunSec Detection [RUBYX-064]: CWE-502
1168
+ languages:
1169
+ - ruby
1170
+ severity: WARNING
1171
+ - id: runsec.ruby-rails.rubyx-065
1172
+ metadata:
1173
+ runsec_version: v1.0
1174
+ confidence: |-
1175
+ 0.9
1176
+ exploit_scenario: |-
1177
+ Direct object lookup by id allows cross-account data access.
1178
+ fix_template: |-
1179
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1180
+ pattern-either:
1181
+ - pattern: |-
1182
+ order = Order.find(params[:id])
1183
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-065\\b'
1184
+ message: |-
1185
+ RunSec Detection [RUBYX-065]: CWE-639
1186
+ languages:
1187
+ - ruby
1188
+ severity: WARNING
1189
+ - id: runsec.ruby-rails.rubyx-066
1190
+ metadata:
1191
+ runsec_version: v1.0
1192
+ confidence: |-
1193
+ 0.9
1194
+ exploit_scenario: |-
1195
+ Unfiltered params permit privilege field overwrite.
1196
+ fix_template: |-
1197
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1198
+ pattern-either:
1199
+ - pattern: |-
1200
+ user.update(params[:user])
1201
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-066\\b'
1202
+ message: |-
1203
+ RunSec Detection [RUBYX-066]: CWE-915
1204
+ languages:
1205
+ - ruby
1206
+ severity: WARNING
1207
+ - id: runsec.ruby-rails.rubyx-067
1208
+ metadata:
1209
+ runsec_version: v1.0
1210
+ confidence: |-
1211
+ 0.9
1212
+ exploit_scenario: |-
1213
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
1214
+ fix_template: |-
1215
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1216
+ pattern-either:
1217
+ - pattern: |-
1218
+ render file: params[:path]
1219
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-067\\b'
1220
+ message: |-
1221
+ RunSec Detection [RUBYX-067]: CWE-22
1222
+ languages:
1223
+ - ruby
1224
+ severity: WARNING
1225
+ - id: runsec.ruby-rails.rubyx-068
1226
+ metadata:
1227
+ runsec_version: v1.0
1228
+ confidence: |-
1229
+ 0.9
1230
+ exploit_scenario: |-
1231
+ YAML object deserialization can invoke attacker-controlled classes.
1232
+ fix_template: |-
1233
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1234
+ pattern-either:
1235
+ - pattern: |-
1236
+ obj = YAML.load(params[:payload])
1237
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-068\\b'
1238
+ message: |-
1239
+ RunSec Detection [RUBYX-068]: CWE-502
1240
+ languages:
1241
+ - ruby
1242
+ severity: WARNING
1243
+ - id: runsec.ruby-rails.rubyx-069
1244
+ metadata:
1245
+ runsec_version: v1.0
1246
+ confidence: |-
1247
+ 0.9
1248
+ exploit_scenario: |-
1249
+ Marshal payload can trigger gadget chain execution.
1250
+ fix_template: |-
1251
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1252
+ pattern-either:
1253
+ - pattern: |-
1254
+ obj = Marshal.load(Base64.decode64(params[:blob]))
1255
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-069\\b'
1256
+ message: |-
1257
+ RunSec Detection [RUBYX-069]: CWE-502
1258
+ languages:
1259
+ - ruby
1260
+ severity: WARNING
1261
+ - id: runsec.ruby-rails.rubyx-070
1262
+ metadata:
1263
+ runsec_version: v1.0
1264
+ confidence: |-
1265
+ 0.9
1266
+ exploit_scenario: |-
1267
+ Direct object lookup by id allows cross-account data access.
1268
+ fix_template: |-
1269
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1270
+ pattern-either:
1271
+ - pattern: |-
1272
+ order = Order.find(params[:id])
1273
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-070\\b'
1274
+ message: |-
1275
+ RunSec Detection [RUBYX-070]: CWE-639
1276
+ languages:
1277
+ - ruby
1278
+ severity: WARNING
1279
+ - id: runsec.ruby-rails.rubyx-071
1280
+ metadata:
1281
+ runsec_version: v1.0
1282
+ confidence: |-
1283
+ 0.9
1284
+ exploit_scenario: |-
1285
+ Unfiltered params permit privilege field overwrite.
1286
+ fix_template: |-
1287
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1288
+ pattern-either:
1289
+ - pattern: |-
1290
+ user.update(params[:user])
1291
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-071\\b'
1292
+ message: |-
1293
+ RunSec Detection [RUBYX-071]: CWE-915
1294
+ languages:
1295
+ - ruby
1296
+ severity: WARNING
1297
+ - id: runsec.ruby-rails.rubyx-072
1298
+ metadata:
1299
+ runsec_version: v1.0
1300
+ confidence: |-
1301
+ 0.9
1302
+ exploit_scenario: |-
1303
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
1304
+ fix_template: |-
1305
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1306
+ pattern-either:
1307
+ - pattern: |-
1308
+ render file: params[:path]
1309
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-072\\b'
1310
+ message: |-
1311
+ RunSec Detection [RUBYX-072]: CWE-22
1312
+ languages:
1313
+ - ruby
1314
+ severity: WARNING
1315
+ - id: runsec.ruby-rails.rubyx-073
1316
+ metadata:
1317
+ runsec_version: v1.0
1318
+ confidence: |-
1319
+ 0.9
1320
+ exploit_scenario: |-
1321
+ YAML object deserialization can invoke attacker-controlled classes.
1322
+ fix_template: |-
1323
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1324
+ pattern-either:
1325
+ - pattern: |-
1326
+ obj = YAML.load(params[:payload])
1327
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-073\\b'
1328
+ message: |-
1329
+ RunSec Detection [RUBYX-073]: CWE-502
1330
+ languages:
1331
+ - ruby
1332
+ severity: WARNING
1333
+ - id: runsec.ruby-rails.rubyx-074
1334
+ metadata:
1335
+ runsec_version: v1.0
1336
+ confidence: |-
1337
+ 0.9
1338
+ exploit_scenario: |-
1339
+ Marshal payload can trigger gadget chain execution.
1340
+ fix_template: |-
1341
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1342
+ pattern-either:
1343
+ - pattern: |-
1344
+ obj = Marshal.load(Base64.decode64(params[:blob]))
1345
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-074\\b'
1346
+ message: |-
1347
+ RunSec Detection [RUBYX-074]: CWE-502
1348
+ languages:
1349
+ - ruby
1350
+ severity: WARNING
1351
+ - id: runsec.ruby-rails.rubyx-075
1352
+ metadata:
1353
+ runsec_version: v1.0
1354
+ confidence: |-
1355
+ 0.9
1356
+ exploit_scenario: |-
1357
+ Direct object lookup by id allows cross-account data access.
1358
+ fix_template: |-
1359
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1360
+ pattern-either:
1361
+ - pattern: |-
1362
+ order = Order.find(params[:id])
1363
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-075\\b'
1364
+ message: |-
1365
+ RunSec Detection [RUBYX-075]: CWE-639
1366
+ languages:
1367
+ - ruby
1368
+ severity: WARNING
1369
+ - id: runsec.ruby-rails.rubyx-076
1370
+ metadata:
1371
+ runsec_version: v1.0
1372
+ confidence: |-
1373
+ 0.9
1374
+ exploit_scenario: |-
1375
+ Unfiltered params permit privilege field overwrite.
1376
+ fix_template: |-
1377
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1378
+ pattern-either:
1379
+ - pattern: |-
1380
+ user.update(params[:user])
1381
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-076\\b'
1382
+ message: |-
1383
+ RunSec Detection [RUBYX-076]: CWE-915
1384
+ languages:
1385
+ - ruby
1386
+ severity: WARNING
1387
+ - id: runsec.ruby-rails.rubyx-077
1388
+ metadata:
1389
+ runsec_version: v1.0
1390
+ confidence: |-
1391
+ 0.9
1392
+ exploit_scenario: |-
1393
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
1394
+ fix_template: |-
1395
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1396
+ pattern-either:
1397
+ - pattern: |-
1398
+ render file: params[:path]
1399
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-077\\b'
1400
+ message: |-
1401
+ RunSec Detection [RUBYX-077]: CWE-22
1402
+ languages:
1403
+ - ruby
1404
+ severity: WARNING
1405
+ - id: runsec.ruby-rails.rubyx-078
1406
+ metadata:
1407
+ runsec_version: v1.0
1408
+ confidence: |-
1409
+ 0.9
1410
+ exploit_scenario: |-
1411
+ YAML object deserialization can invoke attacker-controlled classes.
1412
+ fix_template: |-
1413
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1414
+ pattern-either:
1415
+ - pattern: |-
1416
+ obj = YAML.load(params[:payload])
1417
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-078\\b'
1418
+ message: |-
1419
+ RunSec Detection [RUBYX-078]: CWE-502
1420
+ languages:
1421
+ - ruby
1422
+ severity: WARNING
1423
+ - id: runsec.ruby-rails.rubyx-079
1424
+ metadata:
1425
+ runsec_version: v1.0
1426
+ confidence: |-
1427
+ 0.9
1428
+ exploit_scenario: |-
1429
+ Marshal payload can trigger gadget chain execution.
1430
+ fix_template: |-
1431
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1432
+ pattern-either:
1433
+ - pattern: |-
1434
+ obj = Marshal.load(Base64.decode64(params[:blob]))
1435
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-079\\b'
1436
+ message: |-
1437
+ RunSec Detection [RUBYX-079]: CWE-502
1438
+ languages:
1439
+ - ruby
1440
+ severity: WARNING
1441
+ - id: runsec.ruby-rails.rubyx-080
1442
+ metadata:
1443
+ runsec_version: v1.0
1444
+ confidence: |-
1445
+ 0.9
1446
+ exploit_scenario: |-
1447
+ Direct object lookup by id allows cross-account data access.
1448
+ fix_template: |-
1449
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1450
+ pattern-either:
1451
+ - pattern: |-
1452
+ order = Order.find(params[:id])
1453
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-080\\b'
1454
+ message: |-
1455
+ RunSec Detection [RUBYX-080]: CWE-639
1456
+ languages:
1457
+ - ruby
1458
+ severity: WARNING
1459
+ - id: runsec.ruby-rails.rubyx-081
1460
+ metadata:
1461
+ runsec_version: v1.0
1462
+ confidence: |-
1463
+ 0.9
1464
+ exploit_scenario: |-
1465
+ Unfiltered params permit privilege field overwrite.
1466
+ fix_template: |-
1467
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1468
+ pattern-either:
1469
+ - pattern: |-
1470
+ user.update(params[:user])
1471
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-081\\b'
1472
+ message: |-
1473
+ RunSec Detection [RUBYX-081]: CWE-915
1474
+ languages:
1475
+ - ruby
1476
+ severity: WARNING
1477
+ - id: runsec.ruby-rails.rubyx-082
1478
+ metadata:
1479
+ runsec_version: v1.0
1480
+ confidence: |-
1481
+ 0.9
1482
+ exploit_scenario: |-
1483
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
1484
+ fix_template: |-
1485
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1486
+ pattern-either:
1487
+ - pattern: |-
1488
+ render file: params[:path]
1489
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-082\\b'
1490
+ message: |-
1491
+ RunSec Detection [RUBYX-082]: CWE-22
1492
+ languages:
1493
+ - ruby
1494
+ severity: WARNING
1495
+ - id: runsec.ruby-rails.rubyx-083
1496
+ metadata:
1497
+ runsec_version: v1.0
1498
+ confidence: |-
1499
+ 0.9
1500
+ exploit_scenario: |-
1501
+ YAML object deserialization can invoke attacker-controlled classes.
1502
+ fix_template: |-
1503
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1504
+ pattern-either:
1505
+ - pattern: |-
1506
+ obj = YAML.load(params[:payload])
1507
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-083\\b'
1508
+ message: |-
1509
+ RunSec Detection [RUBYX-083]: CWE-502
1510
+ languages:
1511
+ - ruby
1512
+ severity: WARNING
1513
+ - id: runsec.ruby-rails.rubyx-084
1514
+ metadata:
1515
+ runsec_version: v1.0
1516
+ confidence: |-
1517
+ 0.9
1518
+ exploit_scenario: |-
1519
+ Marshal payload can trigger gadget chain execution.
1520
+ fix_template: |-
1521
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1522
+ pattern-either:
1523
+ - pattern: |-
1524
+ obj = Marshal.load(Base64.decode64(params[:blob]))
1525
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-084\\b'
1526
+ message: |-
1527
+ RunSec Detection [RUBYX-084]: CWE-502
1528
+ languages:
1529
+ - ruby
1530
+ severity: WARNING
1531
+ - id: runsec.ruby-rails.rubyx-085
1532
+ metadata:
1533
+ runsec_version: v1.0
1534
+ confidence: |-
1535
+ 0.9
1536
+ exploit_scenario: |-
1537
+ Direct object lookup by id allows cross-account data access.
1538
+ fix_template: |-
1539
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1540
+ pattern-either:
1541
+ - pattern: |-
1542
+ order = Order.find(params[:id])
1543
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-085\\b'
1544
+ message: |-
1545
+ RunSec Detection [RUBYX-085]: CWE-639
1546
+ languages:
1547
+ - ruby
1548
+ severity: WARNING
1549
+ - id: runsec.ruby-rails.rubyx-086
1550
+ metadata:
1551
+ runsec_version: v1.0
1552
+ confidence: |-
1553
+ 0.9
1554
+ exploit_scenario: |-
1555
+ Unfiltered params permit privilege field overwrite.
1556
+ fix_template: |-
1557
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1558
+ pattern-either:
1559
+ - pattern: |-
1560
+ user.update(params[:user])
1561
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-086\\b'
1562
+ message: |-
1563
+ RunSec Detection [RUBYX-086]: CWE-915
1564
+ languages:
1565
+ - ruby
1566
+ severity: WARNING
1567
+ - id: runsec.ruby-rails.rubyx-087
1568
+ metadata:
1569
+ runsec_version: v1.0
1570
+ confidence: |-
1571
+ 0.9
1572
+ exploit_scenario: |-
1573
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
1574
+ fix_template: |-
1575
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1576
+ pattern-either:
1577
+ - pattern: |-
1578
+ render file: params[:path]
1579
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-087\\b'
1580
+ message: |-
1581
+ RunSec Detection [RUBYX-087]: CWE-22
1582
+ languages:
1583
+ - ruby
1584
+ severity: WARNING
1585
+ - id: runsec.ruby-rails.rubyx-088
1586
+ metadata:
1587
+ runsec_version: v1.0
1588
+ confidence: |-
1589
+ 0.9
1590
+ exploit_scenario: |-
1591
+ YAML object deserialization can invoke attacker-controlled classes.
1592
+ fix_template: |-
1593
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1594
+ pattern-either:
1595
+ - pattern: |-
1596
+ obj = YAML.load(params[:payload])
1597
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-088\\b'
1598
+ message: |-
1599
+ RunSec Detection [RUBYX-088]: CWE-502
1600
+ languages:
1601
+ - ruby
1602
+ severity: WARNING
1603
+ - id: runsec.ruby-rails.rubyx-089
1604
+ metadata:
1605
+ runsec_version: v1.0
1606
+ confidence: |-
1607
+ 0.9
1608
+ exploit_scenario: |-
1609
+ Marshal payload can trigger gadget chain execution.
1610
+ fix_template: |-
1611
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1612
+ pattern-either:
1613
+ - pattern: |-
1614
+ obj = Marshal.load(Base64.decode64(params[:blob]))
1615
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-089\\b'
1616
+ message: |-
1617
+ RunSec Detection [RUBYX-089]: CWE-502
1618
+ languages:
1619
+ - ruby
1620
+ severity: WARNING
1621
+ - id: runsec.ruby-rails.rubyx-090
1622
+ metadata:
1623
+ runsec_version: v1.0
1624
+ confidence: |-
1625
+ 0.9
1626
+ exploit_scenario: |-
1627
+ Direct object lookup by id allows cross-account data access.
1628
+ fix_template: |-
1629
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1630
+ pattern-either:
1631
+ - pattern: |-
1632
+ order = Order.find(params[:id])
1633
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-090\\b'
1634
+ message: |-
1635
+ RunSec Detection [RUBYX-090]: CWE-639
1636
+ languages:
1637
+ - ruby
1638
+ severity: WARNING
1639
+ - id: runsec.ruby-rails.rubyx-091
1640
+ metadata:
1641
+ runsec_version: v1.0
1642
+ confidence: |-
1643
+ 0.9
1644
+ exploit_scenario: |-
1645
+ Unfiltered params permit privilege field overwrite.
1646
+ fix_template: |-
1647
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1648
+ pattern-either:
1649
+ - pattern: |-
1650
+ user.update(params[:user])
1651
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-091\\b'
1652
+ message: |-
1653
+ RunSec Detection [RUBYX-091]: CWE-915
1654
+ languages:
1655
+ - ruby
1656
+ severity: WARNING
1657
+ - id: runsec.ruby-rails.rubyx-092
1658
+ metadata:
1659
+ runsec_version: v1.0
1660
+ confidence: |-
1661
+ 0.9
1662
+ exploit_scenario: |-
1663
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
1664
+ fix_template: |-
1665
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1666
+ pattern-either:
1667
+ - pattern: |-
1668
+ render file: params[:path]
1669
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-092\\b'
1670
+ message: |-
1671
+ RunSec Detection [RUBYX-092]: CWE-22
1672
+ languages:
1673
+ - ruby
1674
+ severity: WARNING
1675
+ - id: runsec.ruby-rails.rubyx-093
1676
+ metadata:
1677
+ runsec_version: v1.0
1678
+ confidence: |-
1679
+ 0.9
1680
+ exploit_scenario: |-
1681
+ YAML object deserialization can invoke attacker-controlled classes.
1682
+ fix_template: |-
1683
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1684
+ pattern-either:
1685
+ - pattern: |-
1686
+ obj = YAML.load(params[:payload])
1687
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-093\\b'
1688
+ message: |-
1689
+ RunSec Detection [RUBYX-093]: CWE-502
1690
+ languages:
1691
+ - ruby
1692
+ severity: WARNING
1693
+ - id: runsec.ruby-rails.rubyx-094
1694
+ metadata:
1695
+ runsec_version: v1.0
1696
+ confidence: |-
1697
+ 0.9
1698
+ exploit_scenario: |-
1699
+ Marshal payload can trigger gadget chain execution.
1700
+ fix_template: |-
1701
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1702
+ pattern-either:
1703
+ - pattern: |-
1704
+ obj = Marshal.load(Base64.decode64(params[:blob]))
1705
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-094\\b'
1706
+ message: |-
1707
+ RunSec Detection [RUBYX-094]: CWE-502
1708
+ languages:
1709
+ - ruby
1710
+ severity: WARNING
1711
+ - id: runsec.ruby-rails.rubyx-095
1712
+ metadata:
1713
+ runsec_version: v1.0
1714
+ confidence: |-
1715
+ 0.9
1716
+ exploit_scenario: |-
1717
+ Direct object lookup by id allows cross-account data access.
1718
+ fix_template: |-
1719
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1720
+ pattern-either:
1721
+ - pattern: |-
1722
+ order = Order.find(params[:id])
1723
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-095\\b'
1724
+ message: |-
1725
+ RunSec Detection [RUBYX-095]: CWE-639
1726
+ languages:
1727
+ - ruby
1728
+ severity: WARNING
1729
+ - id: runsec.ruby-rails.rubyx-096
1730
+ metadata:
1731
+ runsec_version: v1.0
1732
+ confidence: |-
1733
+ 0.9
1734
+ exploit_scenario: |-
1735
+ Unfiltered params permit privilege field overwrite.
1736
+ fix_template: |-
1737
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1738
+ pattern-either:
1739
+ - pattern: |-
1740
+ user.update(params[:user])
1741
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-096\\b'
1742
+ message: |-
1743
+ RunSec Detection [RUBYX-096]: CWE-915
1744
+ languages:
1745
+ - ruby
1746
+ severity: WARNING
1747
+ - id: runsec.ruby-rails.rubyx-097
1748
+ metadata:
1749
+ runsec_version: v1.0
1750
+ confidence: |-
1751
+ 0.9
1752
+ exploit_scenario: |-
1753
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
1754
+ fix_template: |-
1755
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1756
+ pattern-either:
1757
+ - pattern: |-
1758
+ render file: params[:path]
1759
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-097\\b'
1760
+ message: |-
1761
+ RunSec Detection [RUBYX-097]: CWE-22
1762
+ languages:
1763
+ - ruby
1764
+ severity: WARNING
1765
+ - id: runsec.ruby-rails.rubyx-098
1766
+ metadata:
1767
+ runsec_version: v1.0
1768
+ confidence: |-
1769
+ 0.9
1770
+ exploit_scenario: |-
1771
+ YAML object deserialization can invoke attacker-controlled classes.
1772
+ fix_template: |-
1773
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1774
+ pattern-either:
1775
+ - pattern: |-
1776
+ obj = YAML.load(params[:payload])
1777
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-098\\b'
1778
+ message: |-
1779
+ RunSec Detection [RUBYX-098]: CWE-502
1780
+ languages:
1781
+ - ruby
1782
+ severity: WARNING
1783
+ - id: runsec.ruby-rails.rubyx-099
1784
+ metadata:
1785
+ runsec_version: v1.0
1786
+ confidence: |-
1787
+ 0.9
1788
+ exploit_scenario: |-
1789
+ Marshal payload can trigger gadget chain execution.
1790
+ fix_template: |-
1791
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1792
+ pattern-either:
1793
+ - pattern: |-
1794
+ obj = Marshal.load(Base64.decode64(params[:blob]))
1795
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-099\\b'
1796
+ message: |-
1797
+ RunSec Detection [RUBYX-099]: CWE-502
1798
+ languages:
1799
+ - ruby
1800
+ severity: WARNING
1801
+ - id: runsec.ruby-rails.rubyx-100
1802
+ metadata:
1803
+ runsec_version: v1.0
1804
+ confidence: |-
1805
+ 0.9
1806
+ exploit_scenario: |-
1807
+ Direct object lookup by id allows cross-account data access.
1808
+ fix_template: |-
1809
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1810
+ pattern-either:
1811
+ - pattern: |-
1812
+ order = Order.find(params[:id])
1813
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-100\\b'
1814
+ message: |-
1815
+ RunSec Detection [RUBYX-100]: CWE-639
1816
+ languages:
1817
+ - ruby
1818
+ severity: WARNING
1819
+ - id: runsec.ruby-rails.rubyx-101
1820
+ metadata:
1821
+ runsec_version: v1.0
1822
+ confidence: |-
1823
+ 0.9
1824
+ exploit_scenario: |-
1825
+ Unfiltered params permit privilege field overwrite.
1826
+ fix_template: |-
1827
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1828
+ pattern-either:
1829
+ - pattern: |-
1830
+ user.update(params[:user])
1831
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-101\\b'
1832
+ message: |-
1833
+ RunSec Detection [RUBYX-101]: CWE-915
1834
+ languages:
1835
+ - ruby
1836
+ severity: WARNING
1837
+ - id: runsec.ruby-rails.rubyx-102
1838
+ metadata:
1839
+ runsec_version: v1.0
1840
+ confidence: |-
1841
+ 0.9
1842
+ exploit_scenario: |-
1843
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
1844
+ fix_template: |-
1845
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1846
+ pattern-either:
1847
+ - pattern: |-
1848
+ render file: params[:path]
1849
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-102\\b'
1850
+ message: |-
1851
+ RunSec Detection [RUBYX-102]: CWE-22
1852
+ languages:
1853
+ - ruby
1854
+ severity: WARNING
1855
+ - id: runsec.ruby-rails.rubyx-103
1856
+ metadata:
1857
+ runsec_version: v1.0
1858
+ confidence: |-
1859
+ 0.9
1860
+ exploit_scenario: |-
1861
+ YAML object deserialization can invoke attacker-controlled classes.
1862
+ fix_template: |-
1863
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1864
+ pattern-either:
1865
+ - pattern: |-
1866
+ obj = YAML.load(params[:payload])
1867
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-103\\b'
1868
+ message: |-
1869
+ RunSec Detection [RUBYX-103]: CWE-502
1870
+ languages:
1871
+ - ruby
1872
+ severity: WARNING
1873
+ - id: runsec.ruby-rails.rubyx-104
1874
+ metadata:
1875
+ runsec_version: v1.0
1876
+ confidence: |-
1877
+ 0.9
1878
+ exploit_scenario: |-
1879
+ Marshal payload can trigger gadget chain execution.
1880
+ fix_template: |-
1881
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1882
+ pattern-either:
1883
+ - pattern: |-
1884
+ obj = Marshal.load(Base64.decode64(params[:blob]))
1885
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-104\\b'
1886
+ message: |-
1887
+ RunSec Detection [RUBYX-104]: CWE-502
1888
+ languages:
1889
+ - ruby
1890
+ severity: WARNING
1891
+ - id: runsec.ruby-rails.rubyx-105
1892
+ metadata:
1893
+ runsec_version: v1.0
1894
+ confidence: |-
1895
+ 0.9
1896
+ exploit_scenario: |-
1897
+ Direct object lookup by id allows cross-account data access.
1898
+ fix_template: |-
1899
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1900
+ pattern-either:
1901
+ - pattern: |-
1902
+ order = Order.find(params[:id])
1903
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-105\\b'
1904
+ message: |-
1905
+ RunSec Detection [RUBYX-105]: CWE-639
1906
+ languages:
1907
+ - ruby
1908
+ severity: WARNING
1909
+ - id: runsec.ruby-rails.rubyx-106
1910
+ metadata:
1911
+ runsec_version: v1.0
1912
+ confidence: |-
1913
+ 0.9
1914
+ exploit_scenario: |-
1915
+ Unfiltered params permit privilege field overwrite.
1916
+ fix_template: |-
1917
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1918
+ pattern-either:
1919
+ - pattern: |-
1920
+ user.update(params[:user])
1921
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-106\\b'
1922
+ message: |-
1923
+ RunSec Detection [RUBYX-106]: CWE-915
1924
+ languages:
1925
+ - ruby
1926
+ severity: WARNING
1927
+ - id: runsec.ruby-rails.rubyx-107
1928
+ metadata:
1929
+ runsec_version: v1.0
1930
+ confidence: |-
1931
+ 0.9
1932
+ exploit_scenario: |-
1933
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
1934
+ fix_template: |-
1935
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1936
+ pattern-either:
1937
+ - pattern: |-
1938
+ render file: params[:path]
1939
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-107\\b'
1940
+ message: |-
1941
+ RunSec Detection [RUBYX-107]: CWE-22
1942
+ languages:
1943
+ - ruby
1944
+ severity: WARNING
1945
+ - id: runsec.ruby-rails.rubyx-108
1946
+ metadata:
1947
+ runsec_version: v1.0
1948
+ confidence: |-
1949
+ 0.9
1950
+ exploit_scenario: |-
1951
+ YAML object deserialization can invoke attacker-controlled classes.
1952
+ fix_template: |-
1953
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1954
+ pattern-either:
1955
+ - pattern: |-
1956
+ obj = YAML.load(params[:payload])
1957
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-108\\b'
1958
+ message: |-
1959
+ RunSec Detection [RUBYX-108]: CWE-502
1960
+ languages:
1961
+ - ruby
1962
+ severity: WARNING
1963
+ - id: runsec.ruby-rails.rubyx-109
1964
+ metadata:
1965
+ runsec_version: v1.0
1966
+ confidence: |-
1967
+ 0.9
1968
+ exploit_scenario: |-
1969
+ Marshal payload can trigger gadget chain execution.
1970
+ fix_template: |-
1971
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1972
+ pattern-either:
1973
+ - pattern: |-
1974
+ obj = Marshal.load(Base64.decode64(params[:blob]))
1975
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-109\\b'
1976
+ message: |-
1977
+ RunSec Detection [RUBYX-109]: CWE-502
1978
+ languages:
1979
+ - ruby
1980
+ severity: WARNING
1981
+ - id: runsec.ruby-rails.rubyx-110
1982
+ metadata:
1983
+ runsec_version: v1.0
1984
+ confidence: |-
1985
+ 0.9
1986
+ exploit_scenario: |-
1987
+ Direct object lookup by id allows cross-account data access.
1988
+ fix_template: |-
1989
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
1990
+ pattern-either:
1991
+ - pattern: |-
1992
+ order = Order.find(params[:id])
1993
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-110\\b'
1994
+ message: |-
1995
+ RunSec Detection [RUBYX-110]: CWE-639
1996
+ languages:
1997
+ - ruby
1998
+ severity: WARNING
1999
+ - id: runsec.ruby-rails.rubyx-111
2000
+ metadata:
2001
+ runsec_version: v1.0
2002
+ confidence: |-
2003
+ 0.9
2004
+ exploit_scenario: |-
2005
+ Unfiltered params permit privilege field overwrite.
2006
+ fix_template: |-
2007
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2008
+ pattern-either:
2009
+ - pattern: |-
2010
+ user.update(params[:user])
2011
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-111\\b'
2012
+ message: |-
2013
+ RunSec Detection [RUBYX-111]: CWE-915
2014
+ languages:
2015
+ - ruby
2016
+ severity: WARNING
2017
+ - id: runsec.ruby-rails.rubyx-112
2018
+ metadata:
2019
+ runsec_version: v1.0
2020
+ confidence: |-
2021
+ 0.9
2022
+ exploit_scenario: |-
2023
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
2024
+ fix_template: |-
2025
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2026
+ pattern-either:
2027
+ - pattern: |-
2028
+ render file: params[:path]
2029
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-112\\b'
2030
+ message: |-
2031
+ RunSec Detection [RUBYX-112]: CWE-22
2032
+ languages:
2033
+ - ruby
2034
+ severity: WARNING
2035
+ - id: runsec.ruby-rails.rubyx-113
2036
+ metadata:
2037
+ runsec_version: v1.0
2038
+ confidence: |-
2039
+ 0.9
2040
+ exploit_scenario: |-
2041
+ YAML object deserialization can invoke attacker-controlled classes.
2042
+ fix_template: |-
2043
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2044
+ pattern-either:
2045
+ - pattern: |-
2046
+ obj = YAML.load(params[:payload])
2047
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-113\\b'
2048
+ message: |-
2049
+ RunSec Detection [RUBYX-113]: CWE-502
2050
+ languages:
2051
+ - ruby
2052
+ severity: WARNING
2053
+ - id: runsec.ruby-rails.rubyx-114
2054
+ metadata:
2055
+ runsec_version: v1.0
2056
+ confidence: |-
2057
+ 0.9
2058
+ exploit_scenario: |-
2059
+ Marshal payload can trigger gadget chain execution.
2060
+ fix_template: |-
2061
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2062
+ pattern-either:
2063
+ - pattern: |-
2064
+ obj = Marshal.load(Base64.decode64(params[:blob]))
2065
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-114\\b'
2066
+ message: |-
2067
+ RunSec Detection [RUBYX-114]: CWE-502
2068
+ languages:
2069
+ - ruby
2070
+ severity: WARNING
2071
+ - id: runsec.ruby-rails.rubyx-115
2072
+ metadata:
2073
+ runsec_version: v1.0
2074
+ confidence: |-
2075
+ 0.9
2076
+ exploit_scenario: |-
2077
+ Direct object lookup by id allows cross-account data access.
2078
+ fix_template: |-
2079
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2080
+ pattern-either:
2081
+ - pattern: |-
2082
+ order = Order.find(params[:id])
2083
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-115\\b'
2084
+ message: |-
2085
+ RunSec Detection [RUBYX-115]: CWE-639
2086
+ languages:
2087
+ - ruby
2088
+ severity: WARNING
2089
+ - id: runsec.ruby-rails.rubyx-116
2090
+ metadata:
2091
+ runsec_version: v1.0
2092
+ confidence: |-
2093
+ 0.9
2094
+ exploit_scenario: |-
2095
+ Unfiltered params permit privilege field overwrite.
2096
+ fix_template: |-
2097
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2098
+ pattern-either:
2099
+ - pattern: |-
2100
+ user.update(params[:user])
2101
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-116\\b'
2102
+ message: |-
2103
+ RunSec Detection [RUBYX-116]: CWE-915
2104
+ languages:
2105
+ - ruby
2106
+ severity: WARNING
2107
+ - id: runsec.ruby-rails.rubyx-117
2108
+ metadata:
2109
+ runsec_version: v1.0
2110
+ confidence: |-
2111
+ 0.9
2112
+ exploit_scenario: |-
2113
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
2114
+ fix_template: |-
2115
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2116
+ pattern-either:
2117
+ - pattern: |-
2118
+ render file: params[:path]
2119
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-117\\b'
2120
+ message: |-
2121
+ RunSec Detection [RUBYX-117]: CWE-22
2122
+ languages:
2123
+ - ruby
2124
+ severity: WARNING
2125
+ - id: runsec.ruby-rails.rubyx-118
2126
+ metadata:
2127
+ runsec_version: v1.0
2128
+ confidence: |-
2129
+ 0.9
2130
+ exploit_scenario: |-
2131
+ YAML object deserialization can invoke attacker-controlled classes.
2132
+ fix_template: |-
2133
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2134
+ pattern-either:
2135
+ - pattern: |-
2136
+ obj = YAML.load(params[:payload])
2137
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-118\\b'
2138
+ message: |-
2139
+ RunSec Detection [RUBYX-118]: CWE-502
2140
+ languages:
2141
+ - ruby
2142
+ severity: WARNING
2143
+ - id: runsec.ruby-rails.rubyx-119
2144
+ metadata:
2145
+ runsec_version: v1.0
2146
+ confidence: |-
2147
+ 0.9
2148
+ exploit_scenario: |-
2149
+ Marshal payload can trigger gadget chain execution.
2150
+ fix_template: |-
2151
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2152
+ pattern-either:
2153
+ - pattern: |-
2154
+ obj = Marshal.load(Base64.decode64(params[:blob]))
2155
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-119\\b'
2156
+ message: |-
2157
+ RunSec Detection [RUBYX-119]: CWE-502
2158
+ languages:
2159
+ - ruby
2160
+ severity: WARNING
2161
+ - id: runsec.ruby-rails.rubyx-120
2162
+ metadata:
2163
+ runsec_version: v1.0
2164
+ confidence: |-
2165
+ 0.9
2166
+ exploit_scenario: |-
2167
+ Direct object lookup by id allows cross-account data access.
2168
+ fix_template: |-
2169
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2170
+ pattern-either:
2171
+ - pattern: |-
2172
+ order = Order.find(params[:id])
2173
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-120\\b'
2174
+ message: |-
2175
+ RunSec Detection [RUBYX-120]: CWE-639
2176
+ languages:
2177
+ - ruby
2178
+ severity: WARNING
2179
+ - id: runsec.ruby-rails.rubyx-121
2180
+ metadata:
2181
+ runsec_version: v1.0
2182
+ confidence: |-
2183
+ 0.9
2184
+ exploit_scenario: |-
2185
+ Unfiltered params permit privilege field overwrite.
2186
+ fix_template: |-
2187
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2188
+ pattern-either:
2189
+ - pattern: |-
2190
+ user.update(params[:user])
2191
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-121\\b'
2192
+ message: |-
2193
+ RunSec Detection [RUBYX-121]: CWE-915
2194
+ languages:
2195
+ - ruby
2196
+ severity: WARNING
2197
+ - id: runsec.ruby-rails.rubyx-122
2198
+ metadata:
2199
+ runsec_version: v1.0
2200
+ confidence: |-
2201
+ 0.9
2202
+ exploit_scenario: |-
2203
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
2204
+ fix_template: |-
2205
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2206
+ pattern-either:
2207
+ - pattern: |-
2208
+ render file: params[:path]
2209
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-122\\b'
2210
+ message: |-
2211
+ RunSec Detection [RUBYX-122]: CWE-22
2212
+ languages:
2213
+ - ruby
2214
+ severity: WARNING
2215
+ - id: runsec.ruby-rails.rubyx-123
2216
+ metadata:
2217
+ runsec_version: v1.0
2218
+ confidence: |-
2219
+ 0.9
2220
+ exploit_scenario: |-
2221
+ YAML object deserialization can invoke attacker-controlled classes.
2222
+ fix_template: |-
2223
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2224
+ pattern-either:
2225
+ - pattern: |-
2226
+ obj = YAML.load(params[:payload])
2227
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-123\\b'
2228
+ message: |-
2229
+ RunSec Detection [RUBYX-123]: CWE-502
2230
+ languages:
2231
+ - ruby
2232
+ severity: WARNING
2233
+ - id: runsec.ruby-rails.rubyx-124
2234
+ metadata:
2235
+ runsec_version: v1.0
2236
+ confidence: |-
2237
+ 0.9
2238
+ exploit_scenario: |-
2239
+ Marshal payload can trigger gadget chain execution.
2240
+ fix_template: |-
2241
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2242
+ pattern-either:
2243
+ - pattern: |-
2244
+ obj = Marshal.load(Base64.decode64(params[:blob]))
2245
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-124\\b'
2246
+ message: |-
2247
+ RunSec Detection [RUBYX-124]: CWE-502
2248
+ languages:
2249
+ - ruby
2250
+ severity: WARNING
2251
+ - id: runsec.ruby-rails.rubyx-125
2252
+ metadata:
2253
+ runsec_version: v1.0
2254
+ confidence: |-
2255
+ 0.9
2256
+ exploit_scenario: |-
2257
+ Direct object lookup by id allows cross-account data access.
2258
+ fix_template: |-
2259
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2260
+ pattern-either:
2261
+ - pattern: |-
2262
+ order = Order.find(params[:id])
2263
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-125\\b'
2264
+ message: |-
2265
+ RunSec Detection [RUBYX-125]: CWE-639
2266
+ languages:
2267
+ - ruby
2268
+ severity: WARNING
2269
+ - id: runsec.ruby-rails.rubyx-126
2270
+ metadata:
2271
+ runsec_version: v1.0
2272
+ confidence: |-
2273
+ 0.9
2274
+ exploit_scenario: |-
2275
+ Unfiltered params permit privilege field overwrite.
2276
+ fix_template: |-
2277
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2278
+ pattern-either:
2279
+ - pattern: |-
2280
+ user.update(params[:user])
2281
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-126\\b'
2282
+ message: |-
2283
+ RunSec Detection [RUBYX-126]: CWE-915
2284
+ languages:
2285
+ - ruby
2286
+ severity: WARNING
2287
+ - id: runsec.ruby-rails.rubyx-127
2288
+ metadata:
2289
+ runsec_version: v1.0
2290
+ confidence: |-
2291
+ 0.9
2292
+ exploit_scenario: |-
2293
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
2294
+ fix_template: |-
2295
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2296
+ pattern-either:
2297
+ - pattern: |-
2298
+ render file: params[:path]
2299
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-127\\b'
2300
+ message: |-
2301
+ RunSec Detection [RUBYX-127]: CWE-22
2302
+ languages:
2303
+ - ruby
2304
+ severity: WARNING
2305
+ - id: runsec.ruby-rails.rubyx-128
2306
+ metadata:
2307
+ runsec_version: v1.0
2308
+ confidence: |-
2309
+ 0.9
2310
+ exploit_scenario: |-
2311
+ YAML object deserialization can invoke attacker-controlled classes.
2312
+ fix_template: |-
2313
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2314
+ pattern-either:
2315
+ - pattern: |-
2316
+ obj = YAML.load(params[:payload])
2317
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-128\\b'
2318
+ message: |-
2319
+ RunSec Detection [RUBYX-128]: CWE-502
2320
+ languages:
2321
+ - ruby
2322
+ severity: WARNING
2323
+ - id: runsec.ruby-rails.rubyx-129
2324
+ metadata:
2325
+ runsec_version: v1.0
2326
+ confidence: |-
2327
+ 0.9
2328
+ exploit_scenario: |-
2329
+ Marshal payload can trigger gadget chain execution.
2330
+ fix_template: |-
2331
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2332
+ pattern-either:
2333
+ - pattern: |-
2334
+ obj = Marshal.load(Base64.decode64(params[:blob]))
2335
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-129\\b'
2336
+ message: |-
2337
+ RunSec Detection [RUBYX-129]: CWE-502
2338
+ languages:
2339
+ - ruby
2340
+ severity: WARNING
2341
+ - id: runsec.ruby-rails.rubyx-130
2342
+ metadata:
2343
+ runsec_version: v1.0
2344
+ confidence: |-
2345
+ 0.9
2346
+ exploit_scenario: |-
2347
+ Direct object lookup by id allows cross-account data access.
2348
+ fix_template: |-
2349
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2350
+ pattern-either:
2351
+ - pattern: |-
2352
+ order = Order.find(params[:id])
2353
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-130\\b'
2354
+ message: |-
2355
+ RunSec Detection [RUBYX-130]: CWE-639
2356
+ languages:
2357
+ - ruby
2358
+ severity: WARNING
2359
+ - id: runsec.ruby-rails.rubyx-131
2360
+ metadata:
2361
+ runsec_version: v1.0
2362
+ confidence: |-
2363
+ 0.9
2364
+ exploit_scenario: |-
2365
+ Unfiltered params permit privilege field overwrite.
2366
+ fix_template: |-
2367
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2368
+ pattern-either:
2369
+ - pattern: |-
2370
+ user.update(params[:user])
2371
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-131\\b'
2372
+ message: |-
2373
+ RunSec Detection [RUBYX-131]: CWE-915
2374
+ languages:
2375
+ - ruby
2376
+ severity: WARNING
2377
+ - id: runsec.ruby-rails.rubyx-132
2378
+ metadata:
2379
+ runsec_version: v1.0
2380
+ confidence: |-
2381
+ 0.9
2382
+ exploit_scenario: |-
2383
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
2384
+ fix_template: |-
2385
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2386
+ pattern-either:
2387
+ - pattern: |-
2388
+ render file: params[:path]
2389
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-132\\b'
2390
+ message: |-
2391
+ RunSec Detection [RUBYX-132]: CWE-22
2392
+ languages:
2393
+ - ruby
2394
+ severity: WARNING
2395
+ - id: runsec.ruby-rails.rubyx-133
2396
+ metadata:
2397
+ runsec_version: v1.0
2398
+ confidence: |-
2399
+ 0.9
2400
+ exploit_scenario: |-
2401
+ YAML object deserialization can invoke attacker-controlled classes.
2402
+ fix_template: |-
2403
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2404
+ pattern-either:
2405
+ - pattern: |-
2406
+ obj = YAML.load(params[:payload])
2407
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-133\\b'
2408
+ message: |-
2409
+ RunSec Detection [RUBYX-133]: CWE-502
2410
+ languages:
2411
+ - ruby
2412
+ severity: WARNING
2413
+ - id: runsec.ruby-rails.rubyx-134
2414
+ metadata:
2415
+ runsec_version: v1.0
2416
+ confidence: |-
2417
+ 0.9
2418
+ exploit_scenario: |-
2419
+ Marshal payload can trigger gadget chain execution.
2420
+ fix_template: |-
2421
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2422
+ pattern-either:
2423
+ - pattern: |-
2424
+ obj = Marshal.load(Base64.decode64(params[:blob]))
2425
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-134\\b'
2426
+ message: |-
2427
+ RunSec Detection [RUBYX-134]: CWE-502
2428
+ languages:
2429
+ - ruby
2430
+ severity: WARNING
2431
+ - id: runsec.ruby-rails.rubyx-135
2432
+ metadata:
2433
+ runsec_version: v1.0
2434
+ confidence: |-
2435
+ 0.9
2436
+ exploit_scenario: |-
2437
+ Direct object lookup by id allows cross-account data access.
2438
+ fix_template: |-
2439
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2440
+ pattern-either:
2441
+ - pattern: |-
2442
+ order = Order.find(params[:id])
2443
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-135\\b'
2444
+ message: |-
2445
+ RunSec Detection [RUBYX-135]: CWE-639
2446
+ languages:
2447
+ - ruby
2448
+ severity: WARNING
2449
+ - id: runsec.ruby-rails.rubyx-136
2450
+ metadata:
2451
+ runsec_version: v1.0
2452
+ confidence: |-
2453
+ 0.9
2454
+ exploit_scenario: |-
2455
+ Unfiltered params permit privilege field overwrite.
2456
+ fix_template: |-
2457
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2458
+ pattern-either:
2459
+ - pattern: |-
2460
+ user.update(params[:user])
2461
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-136\\b'
2462
+ message: |-
2463
+ RunSec Detection [RUBYX-136]: CWE-915
2464
+ languages:
2465
+ - ruby
2466
+ severity: WARNING
2467
+ - id: runsec.ruby-rails.rubyx-137
2468
+ metadata:
2469
+ runsec_version: v1.0
2470
+ confidence: |-
2471
+ 0.9
2472
+ exploit_scenario: |-
2473
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
2474
+ fix_template: |-
2475
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2476
+ pattern-either:
2477
+ - pattern: |-
2478
+ render file: params[:path]
2479
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-137\\b'
2480
+ message: |-
2481
+ RunSec Detection [RUBYX-137]: CWE-22
2482
+ languages:
2483
+ - ruby
2484
+ severity: WARNING
2485
+ - id: runsec.ruby-rails.rubyx-138
2486
+ metadata:
2487
+ runsec_version: v1.0
2488
+ confidence: |-
2489
+ 0.9
2490
+ exploit_scenario: |-
2491
+ YAML object deserialization can invoke attacker-controlled classes.
2492
+ fix_template: |-
2493
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2494
+ pattern-either:
2495
+ - pattern: |-
2496
+ obj = YAML.load(params[:payload])
2497
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-138\\b'
2498
+ message: |-
2499
+ RunSec Detection [RUBYX-138]: CWE-502
2500
+ languages:
2501
+ - ruby
2502
+ severity: WARNING
2503
+ - id: runsec.ruby-rails.rubyx-139
2504
+ metadata:
2505
+ runsec_version: v1.0
2506
+ confidence: |-
2507
+ 0.9
2508
+ exploit_scenario: |-
2509
+ Marshal payload can trigger gadget chain execution.
2510
+ fix_template: |-
2511
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2512
+ pattern-either:
2513
+ - pattern: |-
2514
+ obj = Marshal.load(Base64.decode64(params[:blob]))
2515
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-139\\b'
2516
+ message: |-
2517
+ RunSec Detection [RUBYX-139]: CWE-502
2518
+ languages:
2519
+ - ruby
2520
+ severity: WARNING
2521
+ - id: runsec.ruby-rails.rubyx-140
2522
+ metadata:
2523
+ runsec_version: v1.0
2524
+ confidence: |-
2525
+ 0.9
2526
+ exploit_scenario: |-
2527
+ Direct object lookup by id allows cross-account data access.
2528
+ fix_template: |-
2529
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2530
+ pattern-either:
2531
+ - pattern: |-
2532
+ order = Order.find(params[:id])
2533
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-140\\b'
2534
+ message: |-
2535
+ RunSec Detection [RUBYX-140]: CWE-639
2536
+ languages:
2537
+ - ruby
2538
+ severity: WARNING
2539
+ - id: runsec.ruby-rails.rubyx-141
2540
+ metadata:
2541
+ runsec_version: v1.0
2542
+ confidence: |-
2543
+ 0.9
2544
+ exploit_scenario: |-
2545
+ Unfiltered params permit privilege field overwrite.
2546
+ fix_template: |-
2547
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2548
+ pattern-either:
2549
+ - pattern: |-
2550
+ user.update(params[:user])
2551
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-141\\b'
2552
+ message: |-
2553
+ RunSec Detection [RUBYX-141]: CWE-915
2554
+ languages:
2555
+ - ruby
2556
+ severity: WARNING
2557
+ - id: runsec.ruby-rails.rubyx-142
2558
+ metadata:
2559
+ runsec_version: v1.0
2560
+ confidence: |-
2561
+ 0.9
2562
+ exploit_scenario: |-
2563
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
2564
+ fix_template: |-
2565
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2566
+ pattern-either:
2567
+ - pattern: |-
2568
+ render file: params[:path]
2569
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-142\\b'
2570
+ message: |-
2571
+ RunSec Detection [RUBYX-142]: CWE-22
2572
+ languages:
2573
+ - ruby
2574
+ severity: WARNING
2575
+ - id: runsec.ruby-rails.rubyx-143
2576
+ metadata:
2577
+ runsec_version: v1.0
2578
+ confidence: |-
2579
+ 0.9
2580
+ exploit_scenario: |-
2581
+ YAML object deserialization can invoke attacker-controlled classes.
2582
+ fix_template: |-
2583
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2584
+ pattern-either:
2585
+ - pattern: |-
2586
+ obj = YAML.load(params[:payload])
2587
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-143\\b'
2588
+ message: |-
2589
+ RunSec Detection [RUBYX-143]: CWE-502
2590
+ languages:
2591
+ - ruby
2592
+ severity: WARNING
2593
+ - id: runsec.ruby-rails.rubyx-144
2594
+ metadata:
2595
+ runsec_version: v1.0
2596
+ confidence: |-
2597
+ 0.9
2598
+ exploit_scenario: |-
2599
+ Marshal payload can trigger gadget chain execution.
2600
+ fix_template: |-
2601
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2602
+ pattern-either:
2603
+ - pattern: |-
2604
+ obj = Marshal.load(Base64.decode64(params[:blob]))
2605
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-144\\b'
2606
+ message: |-
2607
+ RunSec Detection [RUBYX-144]: CWE-502
2608
+ languages:
2609
+ - ruby
2610
+ severity: WARNING
2611
+ - id: runsec.ruby-rails.rubyx-145
2612
+ metadata:
2613
+ runsec_version: v1.0
2614
+ confidence: |-
2615
+ 0.9
2616
+ exploit_scenario: |-
2617
+ Direct object lookup by id allows cross-account data access.
2618
+ fix_template: |-
2619
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2620
+ pattern-either:
2621
+ - pattern: |-
2622
+ order = Order.find(params[:id])
2623
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-145\\b'
2624
+ message: |-
2625
+ RunSec Detection [RUBYX-145]: CWE-639
2626
+ languages:
2627
+ - ruby
2628
+ severity: WARNING
2629
+ - id: runsec.ruby-rails.rubyx-146
2630
+ metadata:
2631
+ runsec_version: v1.0
2632
+ confidence: |-
2633
+ 0.9
2634
+ exploit_scenario: |-
2635
+ Unfiltered params permit privilege field overwrite.
2636
+ fix_template: |-
2637
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2638
+ pattern-either:
2639
+ - pattern: |-
2640
+ user.update(params[:user])
2641
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-146\\b'
2642
+ message: |-
2643
+ RunSec Detection [RUBYX-146]: CWE-915
2644
+ languages:
2645
+ - ruby
2646
+ severity: WARNING
2647
+ - id: runsec.ruby-rails.rubyx-147
2648
+ metadata:
2649
+ runsec_version: v1.0
2650
+ confidence: |-
2651
+ 0.9
2652
+ exploit_scenario: |-
2653
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
2654
+ fix_template: |-
2655
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2656
+ pattern-either:
2657
+ - pattern: |-
2658
+ render file: params[:path]
2659
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-147\\b'
2660
+ message: |-
2661
+ RunSec Detection [RUBYX-147]: CWE-22
2662
+ languages:
2663
+ - ruby
2664
+ severity: WARNING
2665
+ - id: runsec.ruby-rails.rubyx-148
2666
+ metadata:
2667
+ runsec_version: v1.0
2668
+ confidence: |-
2669
+ 0.9
2670
+ exploit_scenario: |-
2671
+ YAML object deserialization can invoke attacker-controlled classes.
2672
+ fix_template: |-
2673
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2674
+ pattern-either:
2675
+ - pattern: |-
2676
+ obj = YAML.load(params[:payload])
2677
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-148\\b'
2678
+ message: |-
2679
+ RunSec Detection [RUBYX-148]: CWE-502
2680
+ languages:
2681
+ - ruby
2682
+ severity: WARNING
2683
+ - id: runsec.ruby-rails.rubyx-149
2684
+ metadata:
2685
+ runsec_version: v1.0
2686
+ confidence: |-
2687
+ 0.9
2688
+ exploit_scenario: |-
2689
+ Marshal payload can trigger gadget chain execution.
2690
+ fix_template: |-
2691
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2692
+ pattern-either:
2693
+ - pattern: |-
2694
+ obj = Marshal.load(Base64.decode64(params[:blob]))
2695
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-149\\b'
2696
+ message: |-
2697
+ RunSec Detection [RUBYX-149]: CWE-502
2698
+ languages:
2699
+ - ruby
2700
+ severity: WARNING
2701
+ - id: runsec.ruby-rails.rubyx-150
2702
+ metadata:
2703
+ runsec_version: v1.0
2704
+ confidence: |-
2705
+ 0.9
2706
+ exploit_scenario: |-
2707
+ Direct object lookup by id allows cross-account data access.
2708
+ fix_template: |-
2709
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2710
+ pattern-either:
2711
+ - pattern: |-
2712
+ order = Order.find(params[:id])
2713
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-150\\b'
2714
+ message: |-
2715
+ RunSec Detection [RUBYX-150]: CWE-639
2716
+ languages:
2717
+ - ruby
2718
+ severity: WARNING
2719
+ - id: runsec.ruby-rails.rubyx-151
2720
+ metadata:
2721
+ runsec_version: v1.0
2722
+ confidence: |-
2723
+ 0.9
2724
+ exploit_scenario: |-
2725
+ Unfiltered params permit privilege field overwrite.
2726
+ fix_template: |-
2727
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2728
+ pattern-either:
2729
+ - pattern: |-
2730
+ user.update(params[:user])
2731
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-151\\b'
2732
+ message: |-
2733
+ RunSec Detection [RUBYX-151]: CWE-915
2734
+ languages:
2735
+ - ruby
2736
+ severity: WARNING
2737
+ - id: runsec.ruby-rails.rubyx-152
2738
+ metadata:
2739
+ runsec_version: v1.0
2740
+ confidence: |-
2741
+ 0.9
2742
+ exploit_scenario: |-
2743
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
2744
+ fix_template: |-
2745
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2746
+ pattern-either:
2747
+ - pattern: |-
2748
+ render file: params[:path]
2749
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-152\\b'
2750
+ message: |-
2751
+ RunSec Detection [RUBYX-152]: CWE-22
2752
+ languages:
2753
+ - ruby
2754
+ severity: WARNING
2755
+ - id: runsec.ruby-rails.rubyx-153
2756
+ metadata:
2757
+ runsec_version: v1.0
2758
+ confidence: |-
2759
+ 0.9
2760
+ exploit_scenario: |-
2761
+ YAML object deserialization can invoke attacker-controlled classes.
2762
+ fix_template: |-
2763
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2764
+ pattern-either:
2765
+ - pattern: |-
2766
+ obj = YAML.load(params[:payload])
2767
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-153\\b'
2768
+ message: |-
2769
+ RunSec Detection [RUBYX-153]: CWE-502
2770
+ languages:
2771
+ - ruby
2772
+ severity: WARNING
2773
+ - id: runsec.ruby-rails.rubyx-154
2774
+ metadata:
2775
+ runsec_version: v1.0
2776
+ confidence: |-
2777
+ 0.9
2778
+ exploit_scenario: |-
2779
+ Marshal payload can trigger gadget chain execution.
2780
+ fix_template: |-
2781
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2782
+ pattern-either:
2783
+ - pattern: |-
2784
+ obj = Marshal.load(Base64.decode64(params[:blob]))
2785
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-154\\b'
2786
+ message: |-
2787
+ RunSec Detection [RUBYX-154]: CWE-502
2788
+ languages:
2789
+ - ruby
2790
+ severity: WARNING
2791
+ - id: runsec.ruby-rails.rubyx-155
2792
+ metadata:
2793
+ runsec_version: v1.0
2794
+ confidence: |-
2795
+ 0.9
2796
+ exploit_scenario: |-
2797
+ Direct object lookup by id allows cross-account data access.
2798
+ fix_template: |-
2799
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2800
+ pattern-either:
2801
+ - pattern: |-
2802
+ order = Order.find(params[:id])
2803
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-155\\b'
2804
+ message: |-
2805
+ RunSec Detection [RUBYX-155]: CWE-639
2806
+ languages:
2807
+ - ruby
2808
+ severity: WARNING
2809
+ - id: runsec.ruby-rails.rubyx-156
2810
+ metadata:
2811
+ runsec_version: v1.0
2812
+ confidence: |-
2813
+ 0.9
2814
+ exploit_scenario: |-
2815
+ Unfiltered params permit privilege field overwrite.
2816
+ fix_template: |-
2817
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2818
+ pattern-either:
2819
+ - pattern: |-
2820
+ user.update(params[:user])
2821
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-156\\b'
2822
+ message: |-
2823
+ RunSec Detection [RUBYX-156]: CWE-915
2824
+ languages:
2825
+ - ruby
2826
+ severity: WARNING
2827
+ - id: runsec.ruby-rails.rubyx-157
2828
+ metadata:
2829
+ runsec_version: v1.0
2830
+ confidence: |-
2831
+ 0.9
2832
+ exploit_scenario: |-
2833
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
2834
+ fix_template: |-
2835
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2836
+ pattern-either:
2837
+ - pattern: |-
2838
+ render file: params[:path]
2839
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-157\\b'
2840
+ message: |-
2841
+ RunSec Detection [RUBYX-157]: CWE-22
2842
+ languages:
2843
+ - ruby
2844
+ severity: WARNING
2845
+ - id: runsec.ruby-rails.rubyx-158
2846
+ metadata:
2847
+ runsec_version: v1.0
2848
+ confidence: |-
2849
+ 0.9
2850
+ exploit_scenario: |-
2851
+ YAML object deserialization can invoke attacker-controlled classes.
2852
+ fix_template: |-
2853
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2854
+ pattern-either:
2855
+ - pattern: |-
2856
+ obj = YAML.load(params[:payload])
2857
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-158\\b'
2858
+ message: |-
2859
+ RunSec Detection [RUBYX-158]: CWE-502
2860
+ languages:
2861
+ - ruby
2862
+ severity: WARNING
2863
+ - id: runsec.ruby-rails.rubyx-159
2864
+ metadata:
2865
+ runsec_version: v1.0
2866
+ confidence: |-
2867
+ 0.9
2868
+ exploit_scenario: |-
2869
+ Marshal payload can trigger gadget chain execution.
2870
+ fix_template: |-
2871
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2872
+ pattern-either:
2873
+ - pattern: |-
2874
+ obj = Marshal.load(Base64.decode64(params[:blob]))
2875
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-159\\b'
2876
+ message: |-
2877
+ RunSec Detection [RUBYX-159]: CWE-502
2878
+ languages:
2879
+ - ruby
2880
+ severity: WARNING
2881
+ - id: runsec.ruby-rails.rubyx-160
2882
+ metadata:
2883
+ runsec_version: v1.0
2884
+ confidence: |-
2885
+ 0.9
2886
+ exploit_scenario: |-
2887
+ Direct object lookup by id allows cross-account data access.
2888
+ fix_template: |-
2889
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2890
+ pattern-either:
2891
+ - pattern: |-
2892
+ order = Order.find(params[:id])
2893
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-160\\b'
2894
+ message: |-
2895
+ RunSec Detection [RUBYX-160]: CWE-639
2896
+ languages:
2897
+ - ruby
2898
+ severity: WARNING
2899
+ - id: runsec.ruby-rails.rubyx-161
2900
+ metadata:
2901
+ runsec_version: v1.0
2902
+ confidence: |-
2903
+ 0.9
2904
+ exploit_scenario: |-
2905
+ Unfiltered params permit privilege field overwrite.
2906
+ fix_template: |-
2907
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2908
+ pattern-either:
2909
+ - pattern: |-
2910
+ user.update(params[:user])
2911
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-161\\b'
2912
+ message: |-
2913
+ RunSec Detection [RUBYX-161]: CWE-915
2914
+ languages:
2915
+ - ruby
2916
+ severity: WARNING
2917
+ - id: runsec.ruby-rails.rubyx-162
2918
+ metadata:
2919
+ runsec_version: v1.0
2920
+ confidence: |-
2921
+ 0.9
2922
+ exploit_scenario: |-
2923
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
2924
+ fix_template: |-
2925
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2926
+ pattern-either:
2927
+ - pattern: |-
2928
+ render file: params[:path]
2929
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-162\\b'
2930
+ message: |-
2931
+ RunSec Detection [RUBYX-162]: CWE-22
2932
+ languages:
2933
+ - ruby
2934
+ severity: WARNING
2935
+ - id: runsec.ruby-rails.rubyx-163
2936
+ metadata:
2937
+ runsec_version: v1.0
2938
+ confidence: |-
2939
+ 0.9
2940
+ exploit_scenario: |-
2941
+ YAML object deserialization can invoke attacker-controlled classes.
2942
+ fix_template: |-
2943
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2944
+ pattern-either:
2945
+ - pattern: |-
2946
+ obj = YAML.load(params[:payload])
2947
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-163\\b'
2948
+ message: |-
2949
+ RunSec Detection [RUBYX-163]: CWE-502
2950
+ languages:
2951
+ - ruby
2952
+ severity: WARNING
2953
+ - id: runsec.ruby-rails.rubyx-164
2954
+ metadata:
2955
+ runsec_version: v1.0
2956
+ confidence: |-
2957
+ 0.9
2958
+ exploit_scenario: |-
2959
+ Marshal payload can trigger gadget chain execution.
2960
+ fix_template: |-
2961
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2962
+ pattern-either:
2963
+ - pattern: |-
2964
+ obj = Marshal.load(Base64.decode64(params[:blob]))
2965
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-164\\b'
2966
+ message: |-
2967
+ RunSec Detection [RUBYX-164]: CWE-502
2968
+ languages:
2969
+ - ruby
2970
+ severity: WARNING
2971
+ - id: runsec.ruby-rails.rubyx-165
2972
+ metadata:
2973
+ runsec_version: v1.0
2974
+ confidence: |-
2975
+ 0.9
2976
+ exploit_scenario: |-
2977
+ Direct object lookup by id allows cross-account data access.
2978
+ fix_template: |-
2979
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2980
+ pattern-either:
2981
+ - pattern: |-
2982
+ order = Order.find(params[:id])
2983
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-165\\b'
2984
+ message: |-
2985
+ RunSec Detection [RUBYX-165]: CWE-639
2986
+ languages:
2987
+ - ruby
2988
+ severity: WARNING
2989
+ - id: runsec.ruby-rails.rubyx-166
2990
+ metadata:
2991
+ runsec_version: v1.0
2992
+ confidence: |-
2993
+ 0.9
2994
+ exploit_scenario: |-
2995
+ Unfiltered params permit privilege field overwrite.
2996
+ fix_template: |-
2997
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
2998
+ pattern-either:
2999
+ - pattern: |-
3000
+ user.update(params[:user])
3001
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-166\\b'
3002
+ message: |-
3003
+ RunSec Detection [RUBYX-166]: CWE-915
3004
+ languages:
3005
+ - ruby
3006
+ severity: WARNING
3007
+ - id: runsec.ruby-rails.rubyx-167
3008
+ metadata:
3009
+ runsec_version: v1.0
3010
+ confidence: |-
3011
+ 0.9
3012
+ exploit_scenario: |-
3013
+ Dynamic path rendering can lead to file traversal and sensitive template disclosure.
3014
+ fix_template: |-
3015
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
3016
+ pattern-either:
3017
+ - pattern: |-
3018
+ render file: params[:path]
3019
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-167\\b'
3020
+ message: |-
3021
+ RunSec Detection [RUBYX-167]: CWE-22
3022
+ languages:
3023
+ - ruby
3024
+ severity: WARNING
3025
+ - id: runsec.ruby-rails.rubyx-168
3026
+ metadata:
3027
+ runsec_version: v1.0
3028
+ confidence: |-
3029
+ 0.9
3030
+ exploit_scenario: |-
3031
+ YAML object deserialization can invoke attacker-controlled classes.
3032
+ fix_template: |-
3033
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
3034
+ pattern-either:
3035
+ - pattern: |-
3036
+ obj = YAML.load(params[:payload])
3037
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-168\\b'
3038
+ message: |-
3039
+ RunSec Detection [RUBYX-168]: CWE-502
3040
+ languages:
3041
+ - ruby
3042
+ severity: WARNING
3043
+ - id: runsec.ruby-rails.rubyx-169
3044
+ metadata:
3045
+ runsec_version: v1.0
3046
+ confidence: |-
3047
+ 0.9
3048
+ exploit_scenario: |-
3049
+ Marshal payload can trigger gadget chain execution.
3050
+ fix_template: |-
3051
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
3052
+ pattern-either:
3053
+ - pattern: |-
3054
+ obj = Marshal.load(Base64.decode64(params[:blob]))
3055
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-169\\b'
3056
+ message: |-
3057
+ RunSec Detection [RUBYX-169]: CWE-502
3058
+ languages:
3059
+ - ruby
3060
+ severity: WARNING
3061
+ - id: runsec.ruby-rails.rubyx-170
3062
+ metadata:
3063
+ runsec_version: v1.0
3064
+ confidence: |-
3065
+ 0.9
3066
+ exploit_scenario: |-
3067
+ Direct object lookup by id allows cross-account data access.
3068
+ fix_template: |-
3069
+ Autofix: enforce strong params, ownership scoping, and safe deserialization APIs.
3070
+ pattern-either:
3071
+ - pattern: |-
3072
+ order = Order.find(params[:id])
3073
+ - pattern-regex: 'Vulnerable:\\s*RUBYX\\-170\\b'
3074
+ message: |-
3075
+ RunSec Detection [RUBYX-170]: CWE-639
3076
+ languages:
3077
+ - ruby
3078
+ severity: WARNING