ruby.lang.security.divide-by-zero.divide-by-zero
Verifed by r2c
Community Favorite
semgrep
Author
97,918
Download Count*
License
Detected a possible ZeroDivisionError.
Run Locally
Run in CI
Defintion
rules:
- id: divide-by-zero
message: Detected a possible ZeroDivisionError.
metadata:
cwe:
- "CWE-369: Divide By Zero"
references:
- https://github.com/presidentbeef/brakeman/blob/main/lib/brakeman/checks/check_divide_by_zero.rb
category: security
technology:
- ruby
confidence: MEDIUM
subcategory:
- vuln
likelihood: MEDIUM
impact: MEDIUM
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Other
languages:
- ruby
severity: WARNING
mode: taint
pattern-sources:
- patterns:
- pattern: $VAR
- metavariable-regex:
metavariable: $VAR
regex: ^\d*(?!\.)$
pattern-sinks:
- patterns:
- pattern-inside: $NUMER / 0
- pattern: $NUMER
Examples
divide-by-zero.rb
def divide_by_zero
# ruleid: divide-by-zero
3/0
# ruleid: divide-by-zero
oops = 4/0
variable = 3
# ruleid: divide-by-zero
oops = variable / 0
zero = 0
# ruleid: divide-by-zero
bad = variable/zero
# ok: divide-by-zero
ok = 1.0 / 0
# ok: divide-by-zero
ok2 = 2.0 / zero
end
Short Link: https://sg.run/KWpP