LeapFix

Home

🔒 Insecure Deserialization

Severity: High
Score: 7.5
Accurracy: Confirmed
Language: Ruby
CVSS v3.1: /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Potential insecure deserialization detected. Insecure deserialization vulnerabilities occur when data is deserialized from an untrusted source without proper validation, potentially allowing attackers to execute malicious code or manipulate application logic. In Ruby do not use YAML.load for data deserialization as it is not safe.

👾 Vulnerable Code

📋 Copy 
require 'yaml'

# Vulnerable function that deserializes YAML data without validation
# This function loads the YAML data, which can be unsafe if the data is untrusted.
def load_data(yaml_string)
  YAML.load(yaml_string) # Deserializes the YAML string into Ruby objects
end

# Malicious YAML data that can cause problems
# This YAML data contains a payload that could execute arbitrary code.
malicious_yaml = <<-YAML
---
!ruby/class:Object
  some_method: !!python/name:os.system
    - 'echo Hello World'
YAML

# Deserializing malicious data
# This will execute the `os.system` command, which is a security risk.
load_data(malicious_yaml)


This example "how to fix your code!"
Ensure that deserialization is performed securely and that input is validated before processing. Ensure that objects are properly validated before deserialization to prevent execution of malicious payloads. Make sure you are using YAML.safe_load for correct deserialization.
This is just example:

🛠️ How to fix

📋 Copy 
...

require 'yaml'

# Secure function that deserializes YAML data with validation
# This function uses safe_load to restrict the classes that can be deserialized,
# preventing the loading of unsafe or malicious objects.
def safe_load_data(yaml_string)
  # Allow only safe classes
  # The permitted_classes parameter restricts deserialization to specific classes,
  # which helps prevent the execution of arbitrary code or the creation of unsafe objects.
  YAML.safe_load(yaml_string, permitted_classes: [Hash, Array, String, Integer])
end

# Innocuous YAML data
# This YAML data is safe and does not contain any malicious payloads.
safe_yaml = <<-YAML
---
name: John Doe
age: 30
YAML

# Deserializing data securely
# The safe_load_data function will deserialize the YAML data,
# and since the YAML data is harmless and only contains allowed classes, 
# it will process it safely without executing any dangerous code.
safe_load_data(safe_yaml)

...