Improper Control of Generation of Code (‘Code Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
Using the ‘syscall’ method in Ruby is unsafe because it allows direct system call execution, which can lead to serious security risks and is not portable across platforms. Safer alternatives like the Fiddle library should be used instead.
Impact#
If exploited, attackers could execute arbitrary system commands, potentially gaining unauthorized access, running malicious code, or compromising the entire server. This can lead to data breaches, service disruption, or full control over the affected application.