Security Risks On Rails: Misconfiguration and Unsafe Integrations

1. railsgoat

   1 2 879 0.0 HTML

   A vulnerable version of Rails that follows the OWASP Top 10

   

   As with the other articles, RailsGoat will be used to explore some aspects of these threats in practice. If you're new here, please refer to the previous two articles to get the app set up and get acquainted with what we’ve explored so far. Let's jump right in!

2. CodeRabbit

   coderabbit.ai featured

   CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

   

3. protected_attributes

   2 1 229 0.0 Ruby

   Protect attributes from mass-assignment in ActiveRecord models.

   

   If you’re migrating from Rails 3 to a newer version and still don’t want to deal with that specific part, Rails still allows the use of the protected_attributes gem for a smoother upgrade path, but be mindful that this is just until version 5. From there on, no more support will be provided.

4. Ruby on Rails

   3 532 56,458 10.0 Ruby

   Ruby on Rails

   

   This allows Rails to escape any HTML content in JSON responses, which is great. Make sure to always double-check whether the value is set to true since there’s some controversy about the default value, depending on the version of Rails.

5. Reek

   4 6 4,060 7.3 Ruby

   Code smell detector for Ruby

   

   Other useful gems you may take a look at are dawnscanner, reek, and hakiri_toolbelt.

6. bundler-audit

   5 5 2,695 5.7 Ruby

   Patch-level verification for Bundler

   

   Let’s take the super famous gem bundler-audit, for instance. It works closely with bundler to provide patch-level verification for your project gems, such as vulnerability checks, insecure gem sources, etc.

7. Brakeman

   6 19 7,070 8.5 Ruby

   A static analysis security vulnerability scanner for Ruby on Rails applications

   

   Another great lib for this is Brakeman, which can be installed in a very similar process and gives you even more detailed reports:

8. dawnscanner

   7 2 738 4.6 Ruby

   Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

   

   Other useful gems you may take a look at are dawnscanner, reek, and hakiri_toolbelt.

9. Nutrient

   www.nutrient.io featured

   Nutrient – The #1 PDF SDK Library, trusted by 10K+ developers. Other PDF SDKs promise a lot - then break. Laggy scrolling, poor mobile UX, tons of bugs, and lack of support cost you endless frustrations. Nutrient’s SDK handles billion-page workloads - so you don’t have to debug PDFs. Used by ~1 billion end users in more than 150 different countries.

   

10. Hakiri

    8 2 274 0.0 Ruby

    Secure Ruby apps with Hakiri

    

    Other useful gems you may take a look at are dawnscanner, reek, and hakiri_toolbelt.

Suggest a related project