ruby.lang.security.dangerous-open.dangerous-open
semgrep
Author
6,314
Download Count*
License
Detected non-static command inside 'open'. Audit the input to 'open'. If unverified user data can reach this call site, this is a code injection vulnerability. A malicious actor can inject a malicious script to execute arbitrary code.
Run Locally
Run in CI
Defintion
rules:
- id: dangerous-open
patterns:
- pattern: |
open($CMD,...)
- pattern-not: |
open("...",...)
- metavariable-regex:
metavariable: $CMD
regex: "|"
message: Detected non-static command inside 'open'. Audit the input to 'open'.
If unverified user data can reach this call site, this is a code injection
vulnerability. A malicious actor can inject a malicious script to execute
arbitrary code.
metadata:
cwe:
- "CWE-94: Improper Control of Generation of Code ('Code Injection')"
owasp:
- A03:2021 - Injection
category: security
technology:
- ruby
references:
- https://owasp.org/Top10/A03_2021-Injection
cwe2022-top25: true
subcategory:
- audit
likelihood: LOW
impact: HIGH
confidence: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Code Injection
severity: WARNING
languages:
- ruby
Examples
dangerous-open.rb
# ok:dangerous-open
cmd = open("|date")
print cmd.gets
cmd.close
filename = "testfile"
# ok:dangerous-open
open(filename) do |f|
print f.gets
end
# ruleid:dangerous-open
cmd = open("|%s" % user_input)
print cmd.gets
cmd.close
# ruleid:dangerous-open
cmd = open(Kernel::sprintf("|%s", user_input))
print cmd.gets
cmd.close
Short Link: https://sg.run/Al8Q