just rules adding
[code-scanner:ror-sec-scanner.git] / rules / 16_HTTP_redirect.rule
1 Desc: HTTP redirects emitted by the Application
2
3 # impact        CWE identifier          regex
4 medium          CWE-601,CWE-698,CWE-79  redirect_to\s+.*params\s*\[
5 medium          CWE-441                 save_file
6 medium          CWE-441                 open-uri
7 medium          CWE-441                 add_file_from_url
8 medium          CWE-441                 OpenStruct\.new