Skip to main content

Fix example vulnerable method for Ruby

These example steps provide a fix for a Reflected Cross-site Scripting (XSS) through Unvalidated Input in Error Messages vulnerable method in rack-ssl, which is included in the example-ruby repository.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.

  2. Select Agent-Based Scan.

  3. Select your workspace.

  4. Select Projects.

  5. Select the srcclr/example-ruby project.

  6. Select Reflected Cross-site Scripting (XSS) through Unvalidated Input in Error Messages in the Vulnerabilities table.

    The Vulnerable Methods section shows that the redirect_to_https method is the vulnerable part of the library.

  7. To address the identified vulnerable method, do one of these tasks:

    • Change your code to perform in the same manner without relying on this particular method.
    • Follow the provided instructions to update the library to a safe version.

  8. Validate the fix.

Last updated on