Ruby on Rails Static Analysis Security Tool

Denial of Service

Denial of Service (DoS) is any attack which causes a service to become unavailable for legitimate clients.

Denial of Service can be caused by consuming large amounts of network, memory, or CPU resources.

Regex DoS

If an attacker can control the content of a regular expression, they may be able to construct a regular expression that requires exponential time to run.

Brakeman will warn about dynamic regular expressions that inject user-supplied values.

For example:

some.values.any? { |v| v.match /#{params[:query]}/ }

More information:

Symbol DoS

Prior to Ruby 2.2, Symbols were not garbage collected. Creation of large numbers of Symbols could lead to a server running out of memory.

If the application appears to be using an older version of Ruby, Brakeman checks for code where user input which is converted to a Symbol. When this is not restricted, an attacker could create an unlimited number of Symbols.

Note: This is an optional check which can be enabled with --enable SymbolDoS or --run-all-checks.

More Information

Back to Warning Types