Possible HTTP verb confusion
- Rule ID: ruby_rails_http_verb_confusion
- Languages: ruby
- Source: http_verb_confusion.yml
Rails uses the same actions for both GET and HEAD requests. When creating
actions that handle both GET and state altering verbs (eg. POST), the use
request.get? can lead to unexpected state changes.
✅ Use separate action logic for GET and POST
✅ Check for state altering verbs rather than GET:
OWASP Top 10
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=ruby_rails_http_verb_confusion
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=ruby_rails_http_verb_confusion
Ready to take the next step? Learn more about Bearer Cloud.