Download of sensitive file through insecure connection¶
ID: rb/insecure-download Kind: path-problem Severity: error Precision: high Tags: - security - external/cwe/cwe-829 Query suites: - ruby-code-scanning.qls - ruby-security-extended.qls - ruby-security-and-quality.qls
Downloading executables or other sensitive files over an unencrypted connection can leave a server open to man-in-the-middle attacks (MITM). Such an attack can allow an attacker to insert arbitrary content into the downloaded file, and in the worst case, allow the attacker to execute arbitrary code on the vulnerable system.
Use a secure transfer protocol when downloading executables or other sensitive files.
In this example, a server downloads a shell script from a remote URL and then executes the script.
require "net/http" script = Net::HTTP.new("http://mydownload.example.org").get("/myscript.sh").body system(script)
The HTTP protocol is vulnerable to MITM, and thus an attacker could potentially replace the downloaded shell script with arbitrary code, which gives the attacker complete control over the system.
The issue has been fixed in the example below by replacing the HTTP protocol with the HTTPS protocol.
require "net/http" script = Net::HTTP.new("https://mydownload.example.org").get("/myscript.sh").body system(script)