Ruby Path Traversal Unsanitized Input
Description
Detects potential path traversal vulnerabilities in Ruby applications where file operations use unsanitized user input. This can allow attackers to access files outside the intended directory by manipulating file paths with "../" sequences, potentially exposing sensitive files on the system.
Detection Strategy
• Identifies file operation methods in Ruby code (like File.join, File.read, etc.)
• Checks if any parameters to these file operations contain user-controlled input or template variables
• Reports a vulnerability if user input flows into file operations without proper path sanitization
• Specifically examines string concatenation and path joining operations involving file system access
Vulnerable code example
require 'sinatra'
# Simple file download endpoint
get '/download/:filename' do
# VULNERABLE: Direct use of user input in file path allows path traversal
filepath = File.join('/tmp/uploads', params[:filename])
send_file(filepath)
end✅ Secure code example
require 'sinatra'
# Define secure base directory for file operations
UPLOADS_DIR = '/tmp/uploads'
get '/download/:filename' do
# SECURE: Sanitize filename and resolve full path to prevent traversal
clean_filename = File.basename(params[:filename])...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.