Supported Ruby Cleansing Functions

Veracode Packaging Requirements

Function Flaw Class
base64.!class.encode64 CWE-80, 93, 113, and 117
base64.!class.strict_encode64 CWE-80, 93, 113, and 117
base64.!class.urlsafe_encode64 CWE-80, 93, 113, and 117
CGI.!class.escape CWE-80, 93, 113, and 117
CGI.!class.escapeHTML CWE-80
CGI.!class.escape_html CWE-80
digest.class.!class.base64digest CWE-80, 93, 113, and 117
ERB.Util.!class.h CWE-80, 93, 113, and 117
ERB.Util.!class.html_escape CWE-80, 93, 113, and 117
ERB.Util.!class.u CWE-80, 93, 113, and 117
ERB.Util.!class.url_encode CWE-80, 93, 113, and 117
RSS.Converter.h CWE-80, 93, 113, and 117
RSS.Converter.html_escape CWE-80, 93, 113, and 117
RSS.Element.h CWE-80, 93, 113, and 117
RSS.Element.html_escape CWE-80, 93, 113, and 117
shellwords.!class.escape CWE-80, 93, 113, and 117
shellwords.!class.shellescape CWE-80, 93, 113, and 117
string.shellescape() CWE-80, 93, 113, and 117
URI.!class.encode_www_form CWE-80, 93, 113, and 117
URI.!class.encode_www_form_component CWE-80, 93, 113, and 117
URI.Parser.escape CWE-80, 93, 113, and 117
WEBrick.HTMLUtils.escape CWE-80, 93, 113, and 117
WEBrick.HTTPUtils.!class.escape_form CWE-80, 93, 113, and 117
WEBrick.HTTPUtils.!class.escape_path CWE-80, 93, 113, and 117
XMLRPC.Base64.!class.encode CWE-80, 93, 113, and 117
XMLRPC.Base64.encode CWE-80, 93, 113, and 117