1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
http_basic_authenticate_with.*assword.*['"]
(Marshal|[Yy][Aa][Mm][Ll])\.load[[:space:]]*\(
(class|module|instance)_eval([[:space:]]+.*|[[:space:]]*\()
eval([[:space:]]*\(|[[:space:]]+[^\(])
spawn([[:space:]]*\(|[[:space:]]+[^\(])
system([[:space:]]*\(|[[:space:]]+").*\#\{[^\}]+\}
system[[:space:]]*\(
exec[[:space:]]*\(
\.open[[:space:]]*\(
\.(public_)?send[[:space:]]*\(
`.*#\{[^`]+`
File\.(read|new|open|delete)[[:space:]]*\([^\)]+\)
send_file([[:space:]]*\(|[[:space:]]+[^\(])
(Pathname.*|File)\.join[[:space:]]*\(.*[Pp][Aa][Rr][Aa][Mm]
^[[:space:]]*`[^`]*#\{[^\}]+\}.*`
(exec|system)[[:space:]]*\([[:space:]]*['"][^'"]*#\{[^\}]+[^\)]*\)
[=\(][[:space:]]*`[^`]*#\{[^\}]+.*\}
content_tag[[:space:]]+.*["'][^"']*#\{[^\}]+\}
render[[:space:]]+:?(text|plain):?.*#\{[Pp][Aa][Rr][Aa][Mm][^\}]*\}
File\.(read|new|open|delete|write)[[:space:]]*\("[^"]*\#\{[^\}]+[^\)]*\)
['"(: ][Ss][Ee][Ll][Ee][Cc][Tt][[:space:]]+.*#\{[^\}]+
(WHERE|where)[[:space:]]+.*=[[:space:]]*['"]*#\{[^\}]+
[\'\" ]+AND[[:space:]]+.*=.*\+[[:space:]]*#\{[^\}]+
(LIKE|like)[[:space:]]+[^\}\);]*#\{[^\}]+
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\+[[:space:]]*#\{[^\}]+
['" ](LIMIT|limit)[[:space:]]+.*#\{[^\}]+
File\.(read|new|open|delete)[[:space:]]*\(.*\#\{[^\}]+\}
\.find[[:space:]]*\([[:space:]]*[Pp][Aa][Rr][Aa][Mm]
consider_all_requests_local[[:space:]]*=[[:space:]]*[Tt][Rr][Uu][Ee]
[Jj][Ww][Tt]\.decode[[:space:]]+.*,[[:space:]]*false[[:space:]]*,[[:space:]]*\{
[Jj][Ww][Tt]\.encode[[:space:]]+.*,[[:space:]]*nil[[:space:]]*,[[:space:]]*["']none["']
\.new[[:space:]]*\([[:space:]]*[Pp][Aa][Rr][Aa][Mm]
# Ruby - Execution
_send_[[:space:]]*\(
__send__[[:space:]]*\(
system[[:space:]]*\(
open[[:space:]]*\(
send[[:space:]]*\(
public_send[[:space:]]*\(
eval[[:space:]]*\(
exec[[:space:]]*\(
syscall[[:space:]]*\(
# Ruby - File operations
File\.new[[:space:]]*\(
fork[[:space:]]*\(
write[[:space:]]*\(
execve[[:space:]]*\(
# Ruby - Unsafe Reflection
params\[:[a-zA-Z0-9_]+\]\.constantize
new[[:space:]]*\(params\[:[a-zA-Z0-9_]+\]
redirect_to[[:space:]]+(url_from[[:space:]]*\()?[Pp][Aa][Rr][Aa][Mm][a-z]*\[[^]]+\]
map.connect[[:space:]]+['"]:controller/:action/:id['"]
match[[:space:]]+['"]:controller\(/:action\(/:id\(.:format\)\)\)['"]
\.((destroy|delete|update|find)_(all|by)(_name|_sql)?|(re)?where|having|not)[[:space:]]*\([[:space:]]*["'].*\#\{
\.(from|group)[[:space:]]*\([^:\)]+:
\.(calculate|average|count|maximum|minimum|sum|join|lock|(re)?select)[[:space:]]*\(.*\[:
\.exists\?.*:
\.find_(or_(create|initialize)_)?by!?.*:
Arel\.sql\(.*["'].*#\{
conditions[[:space:]]*[:=>]+[[:space:]]*.*\#\{[^\}]+\}
\.where[[:space:]]*\([[:space:]]*['"].*['"][[:space:]]*\+
\.verify_mode[[:space:]]*=.*VERIFY_NONE
I18n.t[[:space:]]*\(['"][^'"]+['"][[:space:]]*,[[:space:]]*query:[[:space:]]*@.*
render[[:space:]]+:?(text|plain):?.*#\{[^\}]+\}
render[[:space:]]+[^:]+:.*\#\{[^\}]+
render.*params?\[
<%=[[:space:]]*[Pp][Aa][Rr][Aa][Mm]
<%=[[:space:]]*[Cc][Oo][Oo][Kk][Ii][Ee]
<%=[[:space:]]*@[A-Za-z0-9]+
escape_html_entities_in_json[[:space:]]*=[[:space:]]*[Ff][Aa][Ll][Ss][Ee]
|
