app/models/ssh_execution.rb from intercity/intercity-next

app/models/ssh_execution.rb

Summary

Maintainability

0 mins

Test Coverage

Issues
Source
Stats

Possible command injection
Open

    system(cmd)

Found in app/models/ssh_execution.rb by brakeman

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Injection is #1 on the 2010 OWASP Top Ten web security risks. Command injection occurs when shell commands unsafely include user-manipulatable values.

There are many ways to run commands in Ruby:

`ls #{params[:file]}`

system("ls #{params[:dir]}")

exec("md5sum #{params[:input]}")

Brakeman will warn on any method like these that uses user input or unsafely interpolates variables.

See the Ruby Security Guide for details.

intercity/intercity-next

Summary

Maintainability

Test Coverage

Possible command injection
Open

There are no issues that match your filters.

Category

Status

intercity/intercity-next

Summary

Maintainability

Test Coverage

Possible command injection Open

There are no issues that match your filters.

Category

Status

Possible command injection
Open