This product is not supported for your selected Datadog site. ().
Metadata
ID:ruby-security/avoid-clear-sensitive-info
Language: Ruby
Severity: Notice
Category: Security
Description
This rule highlights the importance of avoiding the storage of sensitive information, such as passwords, directly within objects or attributes. Storing sensitive data insecurely can lead to accidental exposure, especially if the data is logged, serialized, or accessed without proper safeguards.
Sensitive information often requires special handling, including encryption, secure storage mechanisms, or avoiding retention altogether. By not storing sensitive data in plain attributes, you reduce the risk of leaks and improve the overall security posture of your application.
To comply with this rule, avoid defining attribute accessors for sensitive fields like passwords. Instead, consider using secure authentication libraries or mechanisms that handle sensitive data safely. For example, store only hashed versions of passwords or use dedicated services for authentication rather than raw password storage in objects.
classUserattr_accessor:namedefinitialize(name)self.name=name# using self to call the setter methodenddefupdate_name(new_name)self.name=new_name# also uses the setter methodendend
Seamless integrations. Try Datadog Code Security
Datadog Code Security
Try this rule and analyze your code with Datadog Code Security
How to use this rule
1
2
rulesets:- ruby-security # Rules to enforce Ruby security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Security scans to your CI pipelines