rails-security-patterns-v1Certifiedv1.0.0

Ruby on Rails security patterns

Always-on secure coding patterns for Ruby on Rails (safe; no dependency edits).

Protects against

Rule body

# Ruby on Rails security patterns

Safe, always-on code patterns that reduce security risk without changing your dependency graph.

These rules use ONLY pattern-level verbs (ALWAYS/NEVER). They MUST NOT prescribe dependency upgrades.

### CVE-2024-26143 — safe patterns

- NEVER trust user-supplied Accept headers without sanitization before regex processing.
- ALWAYS use strict, non-backtracking parsers for HTTP media type negotiation.
- NEVER allow unbounded or deeply nested alternations in header validation patterns.

### CVE-2024-26142 — safe patterns

- NEVER parse untrusted HTTP authentication headers with complex regex patterns without catastrophic backtracking protections.
- ALWAYS validate authentication token format before applying regex matching to prevent ReDoS attacks.
- NEVER allow unbounded or repetitive patterns in token authentication parsing logic.