ruby.rails.security.audit.rails-check-page-caching-gem.rails-check-page-caching-gem

profile photo of semgrepsemgrep
Author
unknown
Download Count*

This rule is deprecated.

Run Locally

Run in CI

Defintion

rules:
  - id: rails-check-page-caching-gem
    patterns:
      - pattern: a()
      - pattern: b()
    message: This rule is deprecated.
    languages:
      - generic
    severity: WARNING
    metadata:
      cwe:
        - "CWE-22: Improper Limitation of a Pathname to a Restricted Directory
          ('Path Traversal')"
      owasp:
        - A05:2017 - Broken Access Control
        - A01:2021 - Broken Access Control
      technology:
        - rails
      category: security
      source-rule-url: https://github.com/presidentbeef/brakeman/blob/main/lib/brakeman/checks/check_page_caching_cve.rb
      references:
        - https://nvd.nist.gov/vuln/detail/CVE-2020-8159
        - https://groups.google.com/g/rubyonrails-security/c/CFRVkEytdP8
      cwe2022-top25: true
      cwe2021-top25: true
      subcategory:
        - audit
      likelihood: LOW
      impact: LOW
      confidence: LOW
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Path Traversal

Examples

rails-check-page-caching-gem.Gemfile

source 'https://rubygems.org'

gem 'actionpack_page-caching', '1.2.1'

gem 'actionpack_page-caching', '2.0.0'

gem 'actionpack_page-caching', '~> 1.2'

gem 'actionpack_page-caching', '1.2.0'

gem 'actionpack_page-caching', '1.0.99'

gem 'actionpack_page-caching', '~> 0.99'

gem 'actionpack_page-caching', '~> 1.1'

gem 'actionpack_page-caching', '~> 1.1.2'