Q
Detector Library
Ruby detectors (21/21)
SQL InjectionDivide by ZeroSensitive HTTP ActionInsufficient Protected CredentialsSensitive Information LeakUntrusted DeserializationLog InjectionXML External EntityPath InjectionHttp to File AccessCode InjectionOS Command InjectionResource leakCross Site Scripting (XSS)Untrusted OpenImproper Input ValidationStack Trace ExposureImproper Certificate Validationsend_file InjectionUnsafe File PermissionsTainted Format
Insufficient Protected Credentials High
The credentials being used do not have sufficient protection measures in place to prevent potential security breaches. Ensure that passwords and other sensitive information are stored in encrypted form.
Detector ID
ruby/insufficiently-protected-credentials@v1.0
Category
Common Weakness Enumeration (CWE) 
Tags
-
Noncompliant example
1require 'jwt'
2
3def insufficiently_protected_credentials_noncompliant(hmac_secret)
4 # Noncompliant: JWT password is hardcoded in payload.
5 payload = { data: 'data', password: 12345 }
6 token = JWT.encode payload, hmac_secret, 'HS256'
7 puts token
8endCompliant example
1def insufficiently_protected_credentials_compliant(hmac_secret)
2 # Compliant: JWT password is not hardcoded.
3 payload = { data: 'data', nbf: nbf }
4 token = JWT.encode payload, hmac_secret, 'HS256'
5 puts token
6end