Communication with an insecure FTP server detected.

Rule ID: ruby_lang_insecure_ftp
Languages: ruby
Source: insecure_ftp.yml

Description

Communication with FTP servers should be done securely over SFTP in applications that process sensitive data. This rule checks if all FTP connections are made using SFTP.

Remediations

✅ To ensure secure FTP connections are made, use the Net::SFTP library instead of Net::FTP:

require 'net/sftp'
Net::SFTP.start('host', 'username', password: ENV['password') do |sftp|
	...
end

Resources

net-sftp

Associated CWE

CWE-319: Cleartext Transmission of Sensitive Information

OWASP Top 10

A02:2021 - Cryptographic Failures

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=ruby_lang_insecure_ftp

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=ruby_lang_insecure_ftp

Ready to take the next step? Learn more about Bearer Cloud.