AWS logo
Amazon QDetector LibrarySign in to Amazon Q
AWSbreadcrumb dividerDocumentationbreadcrumb dividerAmazon Qbreadcrumb dividerDetector Librarybreadcrumb dividerRubybreadcrumb dividersend_file InjectionFeedbackFeedback icon

Q

Detector Library

Ruby detectors (21/21)

SQL InjectionDivide by ZeroSensitive HTTP ActionInsufficient Protected CredentialsSensitive Information LeakUntrusted DeserializationLog InjectionXML External EntityPath InjectionHttp to File AccessCode InjectionOS Command InjectionResource leakCross Site Scripting (XSS)Untrusted OpenImproper Input ValidationStack Trace ExposureImproper Certificate Validationsend_file InjectionUnsafe File PermissionsTainted Format

send_file Injection High

Never allow user input in send_file to prevent security risks. Allowing this input could let a malicious user access any file on the server.

Detector ID
ruby/sendfile-injection@v1.0
Category
Security
Common Weakness Enumeration (CWE) external icon
CWE-73
Tags
# injection