- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: ruby-security/rails-csrf
Language: Ruby
Severity: Warning
Category: Security
CWE: 352
The rule “Ensure forgery protection is enabled” is a crucial security practice in Ruby development, specifically when designing Rails applications. Cross-Site Request Forgery (CSRF) is a type of attack that tricks the victim into submitting a malicious request. It uses the identity and privileges of the victim to perform an undesired function on their behalf.
To mitigate this type of attack, it is essential to enable forgery protection in your application. In Rails, this is done by adding the protect_from_forgery
method in your ApplicationController
. This method generates a unique token for every session, and Rails automatically includes this token in all forms and Ajax requests generated by the framework.
If the protect_from_forgery
method is not present in your ApplicationController
, your application is vulnerable to CSRF attacks. Always ensure that this method is included and properly configured to prevent such security risks.
class VulnerableController < ActionController::Base
def index
end
end
class ApplicationController < ActionController::Base
protect_from_forgery :with => :exception
def index
end
end
class ApplicationController < ActionController::Base
protect_from_forgery
def index
end
end
|
|
For more information, please read the Code Security documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products