ruby3.2-activesupport/7.2.1 package update #26943
Conversation
![octo-sts[bot]](https://avatars.githubusercontent.com/in/801323?s=60&v=4){kind=small}
octo-sts
bot
commented
Aug 22, 2024
octo-sts
bot
commented
Signed-off-by: wolfi-bot <[email protected]>
octo-sts
bot
added
request-version-update
Package ruby3.2-activesupport: Click to expand/collapsePackage ruby3.2-activesupport:
(
"""
# Generated by melange
pkgname = ruby3.2-activesupport
- pkgver = 7.2.0-r0
+ pkgver = 7.2.1-r0
arch = x86_64
- size = 1229692
+ size = 1229775
origin = ruby3.2-activesupport
pkgdesc = A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.
url =
- commit = fc4a4e705c891c4139bf2280ce9027778db67f24
- builddate = 1723252191
+ commit = 139dea2db6c0d71e9f352b4ff7cd3ba53ea4011c
license = MIT
depend = ruby-3.2
depend = ruby3.2-concurrent-ruby
depend = ruby3.2-i18n
depend = ruby3.2-tzinfo
- datahash = 3b4fe71b5a0230518cdf10f8b60f8efe6b4e68cc415c63a625a8ab7ba7f5b0ad
+ datahash = d951b1d776e04c7f945f65faa41972ea21b2e5286d8e15b6a438b621028569a9
"""
)
Added: /usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/CHANGELOG.md bincapz found differences: Click to expand/collapseDeleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/testing/stream.rb [
|
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(" |
| -LOW | fs/file/delete | deletes files | unlink |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/xml_mini.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | encoding/base64 | Supports base64 encoded strings | base64 |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/code_generator.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(" |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/secure_compare_rotator.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | ref/words/password | references a 'password' | new_password old_password |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/time_with_zone.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | net/socket/send | send a message to a socket | _send |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/gzip.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | compression/gzip | works with gzip files | gzip |
| -LOW | fd/write | writes to a file handle | gz.write(source) |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/delegation.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(method |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/key_generator.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | evasion/bitwise_math | uses bitwise math | id << 1 |
| -LOW | ref/words/password | references a 'password' | uses this for password storage |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/cache/strategy/local_cache.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | ref/words/exclamation | gets very excited | !! |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/current_attributes.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | ref/words/agent | references an 'agent' | user_agent |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/core_ext/string/output_safety.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval("proc |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/test_case.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | exec/shell_command | execute a shell command | system |
| -LOW | process/create | create child process | fork |
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://docs.seattlerb.org/minitest/Minitest/Assertions.html |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/logger.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | ref/path/var/log | path reference within /var/log | /var/log/rails.log |
| -LOW | fs/symlink/resolve | resolves symbolic links | realpath |
| -LOW | ref/path/var | path reference within /var | /var/log/rails.log |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/railtie.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | time/tzinfo | Uses timezone information | tzinfo |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/parameter_filter.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | ref/words/password | references a 'password' | password |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/testing/strict_warnings.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | ref/site/url | contains embedded HTTPS URLs | mikel/mail#1557 |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/core_ext/erb/util.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | encoding/json/decode | Decodes JSON messages | JSON.parse |
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://www.w3.org/TR/REC-xml/ |
| -LOW | ref/words/plugin | references a 'plugin' | plugins |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/deprecation/proxy_wrappers.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | net/socket/send | send a message to a socket | _send |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/tagged_logging.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://bugs.ruby-lang.org/issues/20250 |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/message_encryptor.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | encoding/base64 | Supports base64 encoded strings | base64 |
| -LOW | evasion/bitwise_math | uses bitwise math | id << 1 |
| -LOW | ref/site/url | contains embedded HTTPS URLs | ruby/openssl#63 https://www.limited-entropy.com/padding-oracle-attacks/. |
| -LOW | ref/words/password | references a 'password' | password |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/cache/redis_cache_store.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | net/socket/connect | initiate a connection on a socket | connect |
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://redis.io/commands/KEYS https://redis.io/topics/lru-cache |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/concurrency/share_lock.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://en.wikipedia.org/wiki/Readers |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/encrypted_configuration.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | evasion/bitwise_math | uses bitwise math | id << 1 |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/cache/file_store.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | fd/write | writes to a file handle | f.write(payload) |
| -LOW | fs/lock/update | apply or remove an advisory lock on a file | flock |
| -LOW | fs/symlink/resolve | resolves symbolic links | realpath |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/messages/codec.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | evasion/base64/decode | decode base64 strings | urlsafe_decode64 |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/json/encoding.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | ref/site/url | contains embedded HTTP URLs | http://www.json.org |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/ordered_options.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | ref/words/exclamation | gets very excited | !! |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/core_ext/object/json.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | combo/recon/system_network | invasive recon val | ipaddr |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/rescuable.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | techniques/code_eval | evaluate code dynamically using exec() | exec(e, |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/cache/mem_cache_store.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://memcached.org |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/cache.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | ref/path/tmp | path reference within /tmp | /tmp/cache |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/evented_file_update_checker.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | ref/path/tmp | references an unusual path within /tmp | /tmp/foo |
| -LOW | fs/symlink/resolve | resolves symbolic links | realpath |
| -LOW | fs/watch | monitors filesystem events | inotify |
| -LOW | process/create | create child process | fork |
Deleted: ruby3.2-activesupport/var/lib/db/sbom/ruby3.2-activesupport-7.2.0-r0.spdx.json [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | net/download | download files | downloadLocation |
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/32b3a1acaed4c7c4de9cd578454d |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/core_ext/module/concerning.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | net/socket/send | send a message to a socket | _send |
| -LOW | ref/words/obfuscate | Mentions the word obfuscate | obfuscate |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/callbacks.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | techniques/code_eval | evaluate code dynamically using exec() | exec(target, |
| -LOW | ref/site/url | contains embedded HTTPS URLs | rails/rails#18011 |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/core_ext/module/attribute_accessors.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(definition |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/message_verifier.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | ref/words/exclamation | gets very excited | !! |
| -LOW | encoding/base64 | Supports base64 encoded strings | base64 |
| -LOW | evasion/bitwise_math | uses bitwise math | id << 1 |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/encrypted_file.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | fs/symlink/resolve | resolves symbolic links | realpath |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/xml_mini/jdom.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://archive.is/9xcQQ |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/multibyte/chars.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | net/socket/send | send a message to a socket | _send |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/backtrace_cleaner.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | ref/path/root | path reference within /root | /root/app/models/person.rb |
| -LOW | ref/path/hidden | possible hidden file path | /puma/.match |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/core_ext/hash/conversions.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | net/upload | uploads files | uploaded |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/duration/iso8601_parser.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://en.wikipedia.org/wiki/ISO_8601 |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/option_merger.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | net/socket/send | send a message to a socket | _send |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/ordered_hash.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://yaml.org/type/omap.html |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/duration.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://docs.ruby-lang.org/en/master/Date.html https://docs.ruby-lang.org/en/master/Time.html https://en.wikipedia.org/wiki/ISO_8601 |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/core_ext/digest/uuid.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | evasion/bitwise_math | uses bitwise math | version << 12 |
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://www.ietf.org/rfc/rfc4122.txt |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/testing/parallelization/worker.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | process/create | create child process | fork |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/testing/parallelization.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | exec/program/background | wait for process to exit | waitpid |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/message_pack/extensions.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | combo/recon/system_network | invasive recon val | ipaddr |
| -LOW | fd/write | writes to a file handle | packer.write(LOAD_WITH_JSON_CREATE) packer.write(LOAD_WITH_MSGPACK_EXT) |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/cache/memory_store.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | ref/words/exclamation | gets very excited | !! |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/core_ext/file/atomic.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | fs/permission/modify | modifies file permissions | chmod |
| -LOW | fs/tempfile/create | Uses mktemp to create temporary files | temp file |
| -LOW | random/insecure | generate random numbers insecurely | rand |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/fork_tracker.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | process/create | create child process | _fork |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/values/time_zone.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | ref/site/url | contains embedded HTTPS URLs | ruby/date#39 |
| -LOW | time/tzinfo | Uses timezone information | tzinfo |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/json/decoding.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | encoding/json/decode | Decodes JSON messages | JSON.parse |
| -LOW | ref/site/url | contains embedded HTTP URLs | http://www.json.org |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/message_pack/serializer.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -LOW | fd/write | writes to a file handle | packer.write(SIGNATURE_INT) packer.write(object) |
Deleted: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.0/lib/active_support/testing/assertions.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(e, eval(expression |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/duration.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://docs.ruby-lang.org/en/master/Date.html https://docs.ruby-lang.org/en/master/Time.html https://en.wikipedia.org/wiki/ISO_8601 |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/callbacks.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | techniques/code_eval | evaluate code dynamically using exec() | exec(target, |
| +LOW | ref/site/url | contains embedded HTTPS URLs | rails/rails#18011 |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/deprecation/proxy_wrappers.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | net/socket/send | send a message to a socket | _send |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/encrypted_configuration.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | evasion/bitwise_math | uses bitwise math | id << 1 |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/cache.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | ref/path/tmp | path reference within /tmp | /tmp/cache |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/cache/strategy/local_cache.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | ref/words/exclamation | gets very excited | !! |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/gzip.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | compression/gzip | works with gzip files | gzip |
| +LOW | fd/write | writes to a file handle | gz.write(source) |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/testing/parallelization.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | exec/program/background | wait for process to exit | waitpid |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/core_ext/hash/conversions.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | net/upload | uploads files | uploaded |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/messages/codec.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | evasion/base64/decode | decode base64 strings | urlsafe_decode64 |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/json/encoding.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTP URLs | http://www.json.org |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/rescuable.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | techniques/code_eval | evaluate code dynamically using exec() | exec(e, |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/cache/mem_cache_store.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://memcached.org |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/cache/redis_cache_store.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | net/socket/connect | initiate a connection on a socket | connect |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://redis.io/commands/KEYS https://redis.io/topics/lru-cache |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/core_ext/digest/uuid.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | evasion/bitwise_math | uses bitwise math | version << 12 |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://www.ietf.org/rfc/rfc4122.txt |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/railtie.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | time/tzinfo | Uses timezone information | tzinfo |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/testing/stream.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(" |
| +LOW | fs/file/delete | deletes files | unlink |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/xml_mini/jdom.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://archive.is/9xcQQ |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/parameter_filter.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/words/password | references a 'password' | password |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/concurrency/share_lock.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://en.wikipedia.org/wiki/Readers |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/logger.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | ref/path/var/log | path reference within /var/log | /var/log/rails.log |
| +LOW | fs/symlink/resolve | resolves symbolic links | realpath |
| +LOW | ref/path/var | path reference within /var | /var/log/rails.log |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/json/decoding.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | encoding/json/decode | Decodes JSON messages | JSON.parse |
| +LOW | ref/site/url | contains embedded HTTP URLs | http://www.json.org |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/message_verifier.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | ref/words/exclamation | gets very excited | !! |
| +LOW | encoding/base64 | Supports base64 encoded strings | base64 |
| +LOW | evasion/bitwise_math | uses bitwise math | id << 1 |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/multibyte/chars.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | net/socket/send | send a message to a socket | _send |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/testing/assertions.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(e, eval(expression |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/secure_compare_rotator.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/words/password | references a 'password' | new_password old_password |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/ordered_options.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | ref/words/exclamation | gets very excited | !! |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/backtrace_cleaner.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | ref/path/root | path reference within /root | /root/app/models/person.rb |
| +LOW | ref/path/hidden | possible hidden file path | /puma/.match |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/core_ext/file/atomic.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | fs/permission/modify | modifies file permissions | chmod |
| +LOW | fs/tempfile/create | Uses mktemp to create temporary files | temp file |
| +LOW | random/insecure | generate random numbers insecurely | rand |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/option_merger.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | net/socket/send | send a message to a socket | _send |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/core_ext/string/output_safety.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval("proc |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/xml_mini.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | encoding/base64 | Supports base64 encoded strings | base64 |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/core_ext/module/concerning.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | net/socket/send | send a message to a socket | _send |
| +LOW | ref/words/obfuscate | Mentions the word obfuscate | obfuscate |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/code_generator.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(" |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/ordered_hash.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://yaml.org/type/omap.html |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/core_ext/erb/util.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | encoding/json/decode | Decodes JSON messages | JSON.parse |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://www.w3.org/TR/REC-xml/ |
| +LOW | ref/words/plugin | references a 'plugin' | plugins |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/current_attributes.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | ref/words/agent | references an 'agent' | user_agent |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/duration/iso8601_parser.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://en.wikipedia.org/wiki/ISO_8601 |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/values/time_zone.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTPS URLs | ruby/date#39 |
| +LOW | time/tzinfo | Uses timezone information | tzinfo |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/delegation.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(method |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/evented_file_update_checker.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | ref/path/tmp | references an unusual path within /tmp | /tmp/foo |
| +LOW | fs/symlink/resolve | resolves symbolic links | realpath |
| +LOW | fs/watch | monitors filesystem events | inotify |
| +LOW | process/create | create child process | fork |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/encrypted_file.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | fs/symlink/resolve | resolves symbolic links | realpath |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/fork_tracker.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | process/create | create child process | _fork |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/cache/file_store.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | fd/write | writes to a file handle | f.write(payload) |
| +LOW | fs/lock/update | apply or remove an advisory lock on a file | flock |
| +LOW | fs/symlink/resolve | resolves symbolic links | realpath |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/key_generator.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | evasion/bitwise_math | uses bitwise math | id << 1 |
| +LOW | ref/words/password | references a 'password' | uses this for password storage |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/tagged_logging.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://bugs.ruby-lang.org/issues/20250 |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/message_pack/serializer.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | fd/write | writes to a file handle | packer.write(SIGNATURE_INT) packer.write(object) |
Added: ruby3.2-activesupport/var/lib/db/sbom/ruby3.2-activesupport-7.2.1-r0.spdx.json [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | net/download | download files | downloadLocation |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://spdx.org/spdxdocs/chainguard/melange/8309fc12489100f9bc756735a06a |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/core_ext/module/attribute_accessors.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(definition |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/message_encryptor.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | encoding/base64 | Supports base64 encoded strings | base64 |
| +LOW | evasion/bitwise_math | uses bitwise math | id << 1 |
| +LOW | ref/site/url | contains embedded HTTPS URLs | ruby/openssl#63 https://www.limited-entropy.com/padding-oracle-attacks/. |
| +LOW | ref/words/password | references a 'password' | password |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/cache/memory_store.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | ref/words/exclamation | gets very excited | !! |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/core_ext/object/json.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | combo/recon/system_network | invasive recon val | ipaddr |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/message_pack/extensions.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | combo/recon/system_network | invasive recon val | ipaddr |
| +LOW | fd/write | writes to a file handle | packer.write(LOAD_WITH_JSON_CREATE) packer.write(LOAD_WITH_MSGPACK_EXT) |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/test_case.rb [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | exec/shell_command | execute a shell command | system |
| +LOW | process/create | create child process | fork |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://docs.seattlerb.org/minitest/Minitest/Assertions.html |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/testing/parallelization/worker.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | process/create | create child process | fork |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/testing/strict_warnings.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/site/url | contains embedded HTTPS URLs | mikel/mail#1557 |
Added: ruby3.2-activesupport/usr/lib/ruby/gems/3.2.0/gems/activesupport-7.2.1/lib/active_support/time_with_zone.rb [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | net/socket/send | send a message to a socket | _send |
|
Open AI suggestions to solve the build error: |
