ruby.lang.security.divide-by-zero.divide-by-zero

Verifed by r2c
Community Favorite
profile photo of returntocorpreturntocorp
Author
97,918
Download Count*

Detected a possible ZeroDivisionError.

Run Locally

Run in CI

Defintion

rules:
  - id: divide-by-zero
    message: Detected a possible ZeroDivisionError.
    metadata:
      cwe:
        - "CWE-369: Divide By Zero"
      references:
        - https://github.com/presidentbeef/brakeman/blob/main/lib/brakeman/checks/check_divide_by_zero.rb
      category: security
      technology:
        - ruby
      confidence: MEDIUM
      subcategory:
        - vuln
      likelihood: MEDIUM
      impact: MEDIUM
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    languages:
      - ruby
    severity: WARNING
    mode: taint
    pattern-sources:
      - patterns:
          - pattern: $VAR
          - metavariable-regex:
              metavariable: $VAR
              regex: ^\d*(?!\.)$
    pattern-sinks:
      - patterns:
          - pattern-inside: $NUMER / 0
          - pattern: $NUMER

Examples

divide-by-zero.rb

 def divide_by_zero
   # ruleid: divide-by-zero
   3/0
   # ruleid: divide-by-zero
   oops = 4/0
   variable = 3
   # ruleid: divide-by-zero
   oops = variable / 0

   zero = 0
   # ruleid: divide-by-zero
   bad = variable/zero

   # ok: divide-by-zero
   ok = 1.0 / 0
   # ok: divide-by-zero
   ok2 = 2.0 / zero
   
 end