Always sanitize input data before using it in sensitive operations to prevent injection vulnerabilities. This applies to shell commands, file operations, and URL handling.
Always sanitize input data before using it in sensitive operations to prevent injection vulnerabilities. This applies to shell commands, file operations, and URL handling.
For shell commands:
# VULNERABLE: Direct interpolation of variables into command
full_command = `#{HOMEBREW_BREW_FILE} #{brew_command} #{argument}`
# SECURE: Escape each argument properly
require 'shellwords'
full_command = [HOMEBREW_BREW_FILE, brew_command, argument].compact
.map { |arg| Shellwords.escape(arg) }
For file operations:
# VULNERABLE: Using IO.read/Kernel.open with non-constant values
content = IO.read(filepath)
# SECURE: Use File.read instead
content = File.read(filepath)
For URL operations:
# VULNERABLE: Using URI.open with non-constant values
response = URI.open(generated_url).read
# SECURE: Use URI().open instead
response = URI(generated_url).open.read
These patterns help prevent several classes of security vulnerabilities, including command injection, arbitrary file access, and server-side request forgery. Always assume input data could be malicious and handle it accordingly.
Enter the URL of a public GitHub repository