Open redirect detected
- Rule ID: ruby_rails_open_redirect
- Languages: ruby
- Source: open_redirect.yml
A redirect using unsanitized user input is bad practice and puts your application at greater risk of phishing attacks.
❌ Do not use unsanitized user input when constructing redirect URLs
✅ Instead, ensure the input is validated by using a safe list or a mapping
transport_path = case params[:transport_type]
OWASP Top 10
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=ruby_rails_open_redirect
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=ruby_rails_open_redirect
Ready to take the next step? Learn more about Bearer Cloud.