ActiveRecord Encryption Misorder
Description
The declaration of the serialized attribute should go before the encryption declaration in ActiveRecord to ensure proper encryption of sensitive data.
Examples
Insecure Code
ruby
class User < ApplicationRecord
encrypts :name
serialize :name
endSecure Code
ruby
class User < ApplicationRecord
serialize :name
encrypts :name
endRemediation
Reorder the declarations to put the serialized attribute before the encryption declaration.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0241 |
| Category | Crypto |
| Severity | HIGH |
| CWE | CWE-311 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | HIGH |
| Exploitability | MODERATE |
| Tags | encryption, serialization |
| OWASP | N/A |