Ruby Snippet #08
Bookmarked!This challenge covers the review of a snippet of code written in Ruby
The Code Review Snippet challenges aim to enhance your ability to identify vulnerabilities in small pieces of code. In the provided Ruby on Rails example, the login method contains several issues, such as an improperly escaped regular expression and inadequate validation logic for user roles. The video walkthrough elaborates on these vulnerabilities, including the risks of ignoring case sensitivity in regular expressions, which could allow an attacker to bypass security checks. Additionally, it highlights the inherent risks of determining user roles based on email domains, advocating for more secure methods.
Through this exercise, you will learn to recognize common coding pitfalls and understand the importance of properly escaping characters in regular expressions. The video emphasizes that user role validation should not rely on mutable fields like email addresses, as this can introduce significant security risks. Instead, the role assignment should be based on more secure and immutable criteria.