Communication with an insecure FTP server detected.
- Rule ID: ruby_lang_insecure_ftp
- Languages: ruby
- Source: insecure_ftp.yml
Description
Communication with FTP servers should be done securely over SFTP in applications that process sensitive data. This rule checks if all FTP connections are made using SFTP.
Remediations
✅ To ensure secure FTP connections are made, use the Net::SFTP library instead of Net::FTP:
require 'net/sftp'
Net::SFTP.start('host', 'username', password: ENV['password') do |sftp|
...
end
Resources
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=ruby_lang_insecure_ftp
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=ruby_lang_insecure_ftp
Ready to take the next step? Learn more about Bearer Cloud.