-
Notifications
You must be signed in to change notification settings - Fork 52
Expand file tree
/
Copy pathrails-params-json.yaml
More file actions
31 lines (31 loc) · 1.29 KB
/
rails-params-json.yaml
File metadata and controls
31 lines (31 loc) · 1.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
rules:
- id: rails-params-json
message: |
Found Rails parameters (`params`) using the `_json` parameter. This
parameter is subject to parser juggling. This may allow an attacker to
exploit differences in parameter processing at different points in the
request processing lifecycle. For example, object ID processing during
the authentication/authorization phase and action execution phase.
languages: [ruby]
severity: WARNING
metadata:
category: security
cwe: "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"
subcategory: [audit]
confidence: LOW
likelihood: MEDIUM
impact: HIGH
technology: [rails]
references:
- https://nastystereo.com/security/rails-_json-juggling-attack.html
- https://api.rubyonrails.org/v5.1.7/classes/ActionDispatch/Http/Parameters.html
- https://api.rubyonrails.org/classes/ActionController/Parameters.html
pattern-either:
- pattern: "params[:_json]"
- pattern: "params['_json']"
- pattern: "params.require(:_json)"
- pattern: "params.require('_json')"
- pattern: "params.fetch(:_json, ...)"
- pattern: "params.fetch('_json', ...)"
- pattern: "params.dig(:_json, ...)"
- pattern: "params.dig('_json', ...)"