Communication with an unsecure FTP server detected.

• Rule ID: ruby_lang_insecure_ftp
• Languages: ruby
• Source: insecure_ftp.yml

Description

Communication with FTP servers should be done securely over SFTP in applications that process sensitive data. This rule checks if all FTP connections are made using SFTP.

Remediations

✅ To ensure secure FTP connections are made, use the Net::SFTP library instead of Net::FTP:

require 'net/sftp'
Net::SFTP.start('host', 'username', password: ENV['password') do |sftp|
	...
end

Resources

• net-sftp

Associated CWE

• CWE-319: Cleartext Transmission of Sensitive Information

OWASP Top 10

• A02:2021 - Cryptographic Failures