Python
JavaScript
Java
Go
C#
Ansible
AWS CloudFormation Linter
C & C++
Dart Analyze
Docker
Kotlin
KubeLinter
PHP
Ruby
Rust
Scala
Secrets
Shell
Slither
Solhint
SQL
Swift
Terraform
Test coverageUse of `eval` detectedRB-SC1001Use of `Kernel#open` detectedRB-SC1004`rails` version is susceptible to DOS attack via Mime type cachingRB-A1008`sprockets` gem version is susceptible to path traversal vulnerabilityRB-A1009`rails` version specified in Gemfile does not encode JSON keysRB-A1010Rails version with CSRF token forgery vulnerability detectedRB-A1001Rails version with XML DOS vulnerability detectedRB-A1002Rails version with file disclosure vulnerability detectedRB-A1003Rails version with ActiveRecord symbol DOS vulnerability detectedRB-A1004Rails version vulnerable to timing attack in basic auth detectedRB-A1006Project's `rails` & `i18n` gem versions are vulnerable to cross-site scripting (XSS)RB-A1007Project's `rails` version is vulnerable to DoS on using `render :text`RB-A1011Rails version with SafeBuffer manipulation bug detectedRB-A1005Hash contains duplicate keysRB-LI1012`each_with_object` is called with an immutable argumentRB-LI1014Ineffective access modifier detectedRB-LI1028Literal used in interpolationRB-LI1032`while`/`until` detected in `begin` blockRB-LI1033Multiple comparison detectedRB-LI1035Trailing comma in attribute declaration detectedRB-LI1099Function argument overwritten before useRB-LI1064Use of `has_and_belongs_to_many` detectedRB-RL1025Error class inheriting from `Exception`RB-LI1029Duplicate require/require_relative blocks were foundRB-LI1096`return` detected inside `ensure`RB-LI1021Override of built-in `ActiveRecord` method detectedRB-RL1003Use of `ActiveSupport` alias to core Ruby method detectedRB-RL1004Use of `assert !` detectedRB-RL1009Call to `exit` detected in appRB-RL1021Consider using `where.first` method instead of `find_by`RB-RL1023Replace `all.each` with `all.find_each`RB-RL1024Use of http methods without params detectedRB-RL1028Conditional statement contains an assignmentRB-LI1004Unnecessary use of disjunctive assignment in constructorRB-LI1010Duplicate conditions found in caseRB-LI1011Invalid construction of percent string literalRB-LI1044Unnecessary splat expressionRB-LI1050`with_object` is called, but its value is not usedRB-LI1053Regex literal used as conditionRB-LI1054Predicate method with arg called without parenthesesRB-LI1055`Exception` used in `rescue`RB-LI1056Chain with safe navigation operator may cause `NoMethodError`RB-LI1059Inconsistent use for safe navigation operator detectedRB-LI1060Safe navigation operator used with `empty?` in conditionalRB-LI1061Outer local variable is shadowedRB-LI1066Unreachable code detectedRB-LI1072Access modifiers should be declared as a groupRB-ST1001`IO.select` with single argument detectedRB-DS1003Bad binary expression operand orderRB-DS1005Potential SSL verification bypass detectedRB-DS1011Prefer using templates instead of rendering inline textRB-W1011Duplicate value detected in enum declarationsRB-RL1019Unexpected override of built-in `Struct` methodRB-W1007Exception class overwritten by its resultRB-E1001Bad ordering of magic commentsRB-LI1042Arguments to range literal are ambiguousRB-W1006Lambda without a literal block is deprecatedRB-W1004Avoid using `git` to declare files in gemspecRB-E1004Deprecated method used inside `refine` blockRB-W1005Duplicate magic comment foundRB-W1008Use `Rails.root.join` to join pathsRB-RL1022Use `squish` for raw SQL queryRB-E1003Incorrect Order of ActiveRecord CallbacksRB-LI1103Avoid use of `match` in Rails routes with single request typeRB-LI1104Rails migrations are not reversibleRB-LI1107Rails 5 models should subclass `ApplicationRecord`RB-RL1008`add_column` does not accept an `index` argumentRB-W1013`default` value provided to `attribute` without a blockRB-W1014Symbol with same name as the boolean values foundRB-LI1006Duplicate assignments for a constantRB-DS1002Flip-flop operator detectedRB-LI1023`else` used without `rescue`RB-LI1080Using insecure network protocol sourceRB-S1000Require Multi-Factor Authentication (MFA) in GemspecRB-S1001Division by zeroRB-E1009Found redundant self-assignment branchRB-C1014Useless occurrence of `rescue`RB-W1023`uniqueness: true` used on a field that is not an indexRB-W1022Usage of "*" on `Arel::Table` column referenceRB-W1018Method vulnerable to DoS attackRB-S1004Skipping CRRF or authentication checks by defaultRB-S1005Usage of `Time.zone=` methodRB-W1019Usage of weak hashing algorithmRB-S1002Plaintext password found in callbackRB-S1003Ignored column accessed from ActiveRecord modelRB-E1010Found pattern branch without a bodyRB-W1003`return` used in void contextRB-LI1058Top level return with argument detectedRB-LI1088Use of `and`/`or` detectedRB-ST1003`attr` usedRB-ST1006Explicitly make constant public or private using either `#public_constant` or `#private_constant`RB-ST1026Omit the parentheses in defs when the method doesn't accept any argumentsRB-ST1029Use `each_with_object` instead of `inject`/`reduce`RB-ST1036Avoid the use of `END` blocks. Use `Kernel#at_exit` insteadRB-ST1044Blocks should be used for interpolated strings passed to `Rails.logger.debug`RB-W1009Risk of race condition in non-atomic file operationRB-E1002Use of class/module name detected in definition of class/module methodsRB-ST1017Empty file detectedRB-LI1098Usage of SQL fragments in `where` query methodRB-C1016Usage of `inquiry` methodRB-C1017Found `then` keyword in multi-line pattern matching statementRB-C1015Unnecessary condition usedRB-ST1117Usage of `ENV[]` that fails silentlyRB-W1021Unused assignment detectedRB-LI1078Function with cyclomatic complexity higher than thresholdRB-R1001Insecure JSON method detectedRB-SC1002Use of insecure Marshal class method detectedRB-SC1003Audit: Calls to methods in `IO` class must be avoidedRB-A1012Use of insecure YAML method detectedRB-SC1005Use `lambda`/`proc` instead of a plain method callRB-RL1052Enum detected with array syntaxRB-RL1018Inconsistent usage of request attribute detectedRB-RL1047Use `start_with` in place of regexRB-PR1021Multiple methods with same name in the same scopeRB-LI1013Use `Array.new()` with a block instead of `.times`RB-PR1023Empty `ensure` block detectedRB-LI1016Empty expression detectedRB-LI1017`when` branch without a body detectedRB-LI1019`END` detected in a methodRB-LI1020Mismatch between specified and passed format paramsRB-LI1025Invalid order of method invocation in heredocRB-LI1026Interpolation in a single-quote stringRB-LI1030Empty interpolation detectedRB-LI1018`Rails.env` predicate does not existRB-RL1056Possible unintended string concatenationRB-LI1027Self assignment detectedRB-LI1092Detected `==` for comparison instead of recommended `equal?` methodRB-LI1100Invalid value provided for `Integer#times`RB-LI1101Constants defined within a blockRB-LI1102Binary operator with identical operands detectedRB-LI1093Use unary plus to get an unfrozen string literalRB-PR1024`gsub(/\Aprefix/, '')` can be replaced by `delete_prefix('prefix')`RB-PR1026`gsub(/suffix\z/, '')` can be replaced by `delete_suffix('suffix')`RB-PR1027Unnecessary require statementRB-LI1049Incorrect pluralization grammar detectedRB-RL1037No `enable` statement found after `disable`RB-LI1034Use of deprecated `*_filter` detectedRB-RL1001Literal is used as conditionRB-LI1031Unused method arguments detectedRB-LI1074Grouped parentheses found in function callsRB-LI1043Use `String#end_with?` instead of a regex match anchored to the end of the stringRB-PR1009Do not compute the size of statically sized objectsRB-PR1010Use `flat_map` to flatten mapsRB-PR1011Use `=~` in places where the `MatchData` returned by `#match` will not be usedRB-PR1016Use `size` instead of `count`RB-PR1020Use `tr`/`delete` instead of `gsub`RB-PR1022Safe navigation used with `blank?`RB-RL1050`index_with` can be used to create a hash from an enumerableRB-RL1059Use of `ActiveRecord` alias detectedRB-RL1002Use `Range#cover?` instead of `Range#include?`RB-PR1014Use `yield` instead of block callRB-PR1015Prefer `match?` over `match`RB-PR1018Use `reverse_each` instead of `reverse.each`RB-PR1019Use of debugger detectedRB-LI1008`case`..`when` can be modified for performanceRB-PR1002Case-insensitive comparison of strings can use `casecmp`RB-PR1003Replace methods on array with mutationsRB-PR1004Replace `sort`, `max` and `min` with respective `_by` methodsRB-PR1005Use `count` instead of `select`/`reject`RB-PR1006Use the more efficient `detect` methodRB-PR1007Double `start_with?`/`end_with?` can be combinedRB-PR1008Use efficient method for searching hashesRB-PR1012Consider using `Struct` over `OpenStruct` to optimize the performanceRB-PR1013Rails 5 jobs should subclass `ApplicationJob`RB-RL1006Rails 5 mailers should subclass `ApplicationMailer`RB-RL1007Use of deprecated `required` detected in `belongs_to`RB-RL1010Conditional can be simplified using `Object#blank?`RB-RL1011Alter queries can be combinedRB-RL1012Tables should be created with timestampsRB-RL1013`delegate` could be used for delegationRB-RL1015Use of `find_by_*` detectedRB-RL1017Method skips model validationRB-RL1053Use of `dependent` option detectedRB-RL1026Use of helper instance variables detectedRB-RL1027Use symbolic value of HTTP status codesRB-RL1029`if` used with `only` or `except` in `skip_*` filterRB-RL1030Inverse relation cannot be determined automaticallyRB-RL1031Action filter is not defined in the scope it is used inRB-RL1032`link_to` has `_blank`, but no `rel: 'noopener'`RB-RL1033Replace output statements with loggerRB-RL1035Time should be used with zoneRB-RL1054Use of output-unsafe functions detectedRB-RL1036Use of `present` or `blank` can be replaced with `presence`RB-RL1038`present?` can be used to simplify conditionalsRB-RL1039Rake task found without `:environment` task dependencyRB-RL1040Square brackets are preferred for accessing/writing attributesRB-RL1041Redundant `allow_nil` detectedRB-RL1042Redundant receiver in `with_options` detectedRB-RL1043Non-preferred way of asserting falseness detectedRB-RL1045Relative date used as constantRB-RL1046Irreversible migration detectedRB-RL1048Methods with `!` should be usedRB-RL1051Method should be used before `pluck`RB-RL1055Old-style attribute validation macro detectedRB-RL1057`index_by` can be used to create a hash from an enumerableRB-RL1058Ambiguous association of block with methodRB-LI1001Ambiguous operators in first arg of method invocationRB-LI1002Ambiguous regular expression literal in method invocationRB-LI1003Use of deprecated `BigDecimal.new`RB-LI1005Circular argument referenceRB-LI1007Use of deprecated class methodsRB-LI1009Nested methods detectedRB-LI1036`next` is used without accumulatorRB-LI1038Require order is undeterministicRB-LI1039Non-local exit from iterator without return valueRB-LI1040Unsafe number conversionRB-LI1041Invalid construction of percent symbol arrayRB-LI1045Iterable is called with `with_index`, but its value is never usedRB-LI1052Invalid `rescue` type detectedRB-LI1057Bad ordering of exception rescue detectedRB-LI1065Suppressed exceptions detectedRB-LI1067`#to_json` requires an optional argumentRB-LI1069Deprecated URI escape/unescape usedRB-LI1075Use of deprected `URI.regexp` detectedRB-LI1076Useless access modifier detectedRB-LI1077Deprecated way of initializing OpenSSL::Cipher and OpenSSL::DigestRB-LI1083Do not mix named captures and numbered captures in a Regexp literalRB-LI1084Certain constants are not fully qualifiedRB-LI1085Duplicate elsif block detectedRB-LI1086Unreachable loop detectedRB-LI1090Multiple rescues for the same exception detectedRB-LI1091A block can be used that cleans up resources automatically on closingRB-ST1007Use `__dir__` to get an absolute path to the current file's directoryRB-ST1030Inconsistent use of safe navigation detectedRB-RL1049Bad usage of `Date` methods detectedRB-RL1014`:allow_blank` detected with delegationRB-RL1016Hash merging can be replaced by hash key assignmentRB-PR1017Bad comparison of `Rails.env` valueRB-RL1020Non-null column should specify a defaultRB-RL1034Redundant `ActiveRecord` foreign KeyRB-LI1105ActiveRecord callback being overriddenRB-LI1106Use `URI::DEFAULT_PARSER` instead of `URI::Parser.new`RB-PR1025Controllers should subclass `ApplicationController`RB-RL1005`class_name` should be a stringRB-RL1044Detected use of discouraged ways to define class methodsRB-ST1194`else` statement followed by expression on same lineRB-LI1015Useless comparison detectedRB-LI1079Useless call to setter detectedRB-LI1081If/Elsif/Unless branches without a body detectedRB-LI1094Command literal without backtick detectedRB-ST1022Use of implicit block detectedRB-ST1186Manually combining hashes is error proneRB-W1000Deprecated attribute assignment in Gemspec fileRB-W1001Renamed column accessed from ActiveRecord modelRB-E1012Use of `BEGIN` block detectedRB-ST1009Purposeless method definition detectedRB-LI1097Unused block argument detectedRB-LI1073Replace with `Integer#odd?`/`Integer#even?`RB-ST1046Use of `is_a` is preferredRB-ST1016Use of class variables detectedRB-ST1018Use `Integer#times` for a simple loop which iterates a fixed number of timesRB-ST1035Inconsistent class/module namespace nestingRB-ST1015Redundant coercion of stringRB-LI1051Out of range references of Regexp captures detectedRB-LI1095`*send*` methods used for mixinRB-LI1063Variable prefixed with underscore is being usedRB-LI1070Check for `Bignum` or `Fixnum` detectedRB-LI1071Missing super callRB-LI1087Floating point comparisons detectedRB-LI1089Bad use of `alias` detectedRB-ST1002`*` used as a substitute for `join`RB-ST1004Improper use of `%q()` or `%()`RB-ST1008Use of block comments detectedRB-ST1010Improper use of block delimiter detectedRB-ST1011Braces not found around hash in method callRB-ST1012Use of case equality operator detectedRB-ST1013Use of inconsistent method from `Enumerable` module detectedRB-ST1019Improper use of `::` detectedRB-ST1020Use of `::` in defining class methods detectedRB-ST1021Invalid annotation keyword format detectedRB-ST1023Improper position of commentsRB-ST1024Use the return of the conditional for variable assignment and comparisonRB-ST1025Prefer Time over DateTimeRB-ST1028Missing top-level documentation commentRB-ST1031Documentation missing for public methodRB-ST1032Avoid the use of double negation (`!!`)RB-ST1034Omit pipes for the empty block parametersRB-ST1037Do not use empty `case` condition, instead use an `if` expressionRB-ST1038Omit parentheses for the empty lambda parametersRB-ST1040Literal should be used instead of a method that results in literalRB-ST1041Put empty method definitions on a single lineRB-ST1042Pass `__FILE__` and `__LINE__` to `eval` method, as they are used by backtracesRB-ST1045Improper parameters to `expand_path`RB-ST1047Redundant self assignment was detectedRB-ST1190Incorrect order of keyword parameters detectedRB-ST1192Combinable loop statements detectedRB-ST1193Space found between receiver name and opening bracketsRB-C1013Pass conditions to `where` as a HashRB-W1012`require_relative` called with current file pathRB-W1002Consider writing method chains on separate linesRB-W1010Empty object shoud be asserted with `assert_empty`RB-W1016`require` call found for `lib` folderRB-W1015PascalCase not used in class or module nameRB-C1012Use of character literal detectedRB-ST1014Redundant `else`-clause detectedRB-ST1039Sole nested conditionals detectedRB-ST1191Use `<=` for checking inheritance instead of `ancestors.include?`RB-P1003Redundant usage of `%q`RB-ST1123Mailer class name without `Mailer` suffixRB-C1018Use `Comparable#clamp` to limit value to a rangeRB-C1019Unnecessary nested calls to `File.dirname`RB-W1017Column in `ignored_columns` does not existRB-W1020`rescue MethodError` can be replaced with `respond_to?`RB-P1001Use `while true` instead of `loop`RB-P1002
Rails version with XML DOS vulnerability detectedRB-A1002
Critical
Security cwe-611, a4, sans-top-25, owasp-top-10, 2017, a9
Selected versions of Rails 2, 3 & 4 are vulnerable to denial of service attacks via XML. Upgrading to newer versions of Rails can help fix this issue.
XML documents with large document depth can cause applications to raise a SystemStackError and potentially cause a denial of service attack.
This only impacts applications using REXML or JDOM as their XML processor. Other XML processors that Rails supports are not impacted.