Communication with an unsecure FTP server detected.
- Rule ID: ruby_lang_insecure_ftp
- Languages: ruby
- Source: insecure_ftp.yml
Description
Communication with FTP servers should be done securely over SFTP in applications that process sensitive data. This rule checks if all FTP connections are made using SFTP.
Remediations
✅ To ensure secure FTP connections are made, use the Net::SFTP
library instead of Net::FTP
:
require 'net/sftp'
Net::SFTP.start('host', 'username', password: ENV['password') do |sftp|
...
end