- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: ruby-security/rails-cookies-serializer
Language: Ruby
Severity: Warning
Category: Security
CWE: 94
This rule states that cookies in a Ruby on Rails application should be serialized using JSON. This is important because JSON is a safer method for serialization compared to others like :marshal
and :hybrid
. The :marshal
method is known to have potential security vulnerabilities, and the :hybrid
method, while safer than :marshal
, is still not as secure as JSON.
Cookies often contain sensitive data, and if they are not properly serialized, it could lead to security issues such as unauthorized access to user data. Therefore, it’s crucial to use a secure method for cookie serialization to protect your application and its users.
To adhere to this rule, always set your cookie serializer to :json
in your Rails application configuration. This can be done by adding the line Rails.application.config.action_dispatch.cookies_serializer = :json
to your configuration file. This ensures that all cookies are serialized safely using JSON, thus reducing the risk of potential security vulnerabilities.
Rails.application.config.action_dispatch.cookies_serializer = :hybrid
Rails.application.config.action_dispatch.cookies_serializer = :marshal
Rails.application.config.action_dispatch.cookies_serializer = :json
|
|
For more information, please read the Code Analysis documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products