Injection is #1 on the 2010 OWASP Top Ten web security risks. Command injection occurs when shell commands unsafely include user-manipulatable values.
There are many ways to run commands in Ruby:
Railroader will warn on any method like these that uses user input or unsafely interpolates variables.
See the Ruby Security Guide for details.
Back to Warning Types