Usage of insecure FTP connection

• Rule ID: ruby_lang_insecure_ftp
• Languages: ruby
• Source: insecure_ftp.yml

Description

Using an insecure FTP connection can expose sensitive data to interception and unauthorized access. This vulnerability occurs when applications that handle sensitive information communicate with FTP servers without secure protocols like SFTP.

Remediations

• Do use the Net::SFTP library for secure FTP connections. This ensures that data transmitted between your application and the FTP server is encrypted and protected from potential eavesdropping.

  require 'net/sftp'
  Net::SFTP.start('host', 'username', password: ENV['password']) do |sftp|
    ...
  end

References

• net-sftp

Associated CWE

• CWE-319: Cleartext Transmission of Sensitive Information

OWASP Top 10

• A02:2021 - Cryptographic Failures

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=ruby_lang_insecure_ftp

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=ruby_lang_insecure_ftp