Password length (< 8) requirement is too short.
- Rule ID: ruby_rails_password_length
- Languages: ruby
- Source: password_length.yml
Description
Minimum password length should be enforced any time password creation occurs. This rule checks if configurations and validations made for passwords include a minimum length of 8.
Remediations
✅ OWASP recommends a password length of at least 8 characters, which is easy to enforce at the model level in Rails using validation constraint:
validates :password, presence: true, length: { minimum: 8, maximum: 255 }
Resources
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=ruby_rails_password_length
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=ruby_rails_password_length
Ready to take the next step? Learn more about Bearer Cloud.