Avoid relaying request-controlled data through outbound Ruby HTTP clients | Critiq Docs

#Metadata

Rule ID: ruby.security.sensitive-data-egress
Severity: high
Confidence: 0.8
Languages: ruby
Presets: security, strict
Stability: experimental
Applies to: block
Tags: egress, privacy, ruby, rules-catalog, security

#Why it matters

User-controlled egress enables SSRF, data exfiltration, and token theft when combined with open HTTP clients.

#Remediation

Allowlist hosts, strip secrets from outbound payloads, and route external calls through audited integration points.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/ruby/ruby.security.sensitive-data-egress.rule.yaml.

Back to directory Open rule in repository