Server-side code injection (Ruby)
Description
The target application was found vulnerable to code injection. A malicious actor could inject arbitrary Ruby code to be executed on the server. This could lead to a full system compromise by accessing stored secrets, injecting code to take over accounts, or executing OS commands.
Remediation
Never pass user input directly into functions which evaluate string data as code, such as eval
,
send
, public_send
, instance_eval
or class_eval
. There is almost no benefit of passing string
values to these methods, as such the best recommendation is to replace the current logic with more safe
implementations of dynamically evaluating logic with user input. If using send
or public_send
ensure
the first argument is to a known, hardcoded method/symbol and does not come from user input.
For eval
, instance_eval
and class_eval
, user input should never be sent directly to these methods.
One alternative is to store functions or methods in a Hash that can be looked up using a key. If the key
exists, the function can be executed.
def func_to_run
puts 'hello world'
end
input = 'fn'
function_map = { fn: method(:func_to_run) }
if function_map.key?(input.to_sym)
function_map[input.to_sym].call
else
puts 'invalid input'
end
Details
ID | Aggregated | CWE | Type | Risk |
---|---|---|---|---|
94.2 | false | 94 | Active | high |
Links
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support