Ruby on Rails Static Analysis Security Tool

File Access

Using user input when accessing files (local or remote) will raise a warning in Brakeman.

For example"/tmp/#{cookie[:file]}")

will raise an error like

Cookie value used in file name near line 4:"/tmp/#{cookie[:file]}")

This type of vulnerability can be used to access arbitrary files on a server (including /etc/passwd.

Back to Warning Types