Ruby Snippet #05
Bookmarked!This challenge covers the review of a snippet of code written in Ruby
The Code Review Snippet challenges present a small snippet of Ruby-on-Rails code designed to test your ability to identify security issues. Initially, you are encouraged to examine the code on your own. If you struggle to find the vulnerability or want to understand it better, a detailed video is available to guide you through the process.
In this specific challenge, the code introduces a route parameter motd
which is used to open and read a file. The video explains that this implementation has security issues, such as lack of input filtering and the use of open
, which is an alias to kernel.open
that could allow command execution. The correct approach involves using file.open
and implementing filtering mechanisms to prevent directory traversal and arbitrary file access.