Ruby Kernel Command Injection
Description
Detects command injection vulnerabilities in Ruby code where user-controlled data reaches dangerous command execution functions from Ruby's Kernel module. This could allow attackers to execute arbitrary system commands through manipulated input.
Detection Strategy
• Check for calls to dangerous Ruby command execution methods like Kernel.open
• Verify if the method arguments contain or are derived from user input
• Examine data flow to ensure user-controlled values can reach the dangerous method call
• Flag as vulnerable if user input flows into command execution method arguments without proper sanitization
Vulnerable code example
require 'sinatra'
get '/ping' do
host = params[:host]
# VULNERABLE: Direct command injection via string interpolation in backticks
result = `ping -c 1 #{host}`
result
end✅ Secure code example
require 'sinatra'
require 'shellwords'
require 'resolv'
get '/ping' do
host = params[:host].to_s
# SECURE: Validate input is a valid hostname/IP before executing...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.