Ruby JSON Entity Escape Vulnerability

require 'json' require 'sinatra' require 'cgi' def validate_string_input(input, max_length = 100) return '' if input.nil? # Basic validation clean_input = input.to_s.strip # Length check raise ArgumentError, 'Input too long' if clean_input.length > max_length # Check for suspicious characters if clean_input.match?(/[<>"'&]/) raise ArgumentError, 'Invalid characters in input' end clean_input end def safe_json_response(data) # Secure: Use JSON.generate for proper escaping content_type :json JSON.generate(data) end get '/user_profile' do begin username = validate_string_input(params[:username], 50) bio = validate_string_input(params[:bio], 500) # Secure: Proper JSON generation with escaping response_data = { username: username, bio: bio, timestamp: Time.now.iso8601 } safe_json_response(response_data) rescue ArgumentError => e status 400 safe_json_response({ error: 'Invalid input', details: e.message }) rescue => e status 500 safe_json_response({ error: 'Server error' }) end end post '/update_profile' do begin # Validate content type halt 400, safe_json_response({ error: 'Content-Type must be application/json' }) unless request.content_type == 'application/json' # Parse JSON safely user_data = JSON.parse(request.body.read) # Validate required fields halt 400, safe_json_response({ error: 'Name is required' }) unless user_data['name'] # Validate and sanitize input safe_name = validate_string_input(user_data['name'], 100) safe_email = validate_string_input(user_data['email'], 200) if user_data['email'] # Secure response construction response_data = { status: 'success', message: "Profile updated for user", user_id: safe_name, timestamp: Time.now.iso8601 } safe_json_response(response_data) rescue JSON::ParserError status 400 safe_json_response({ error: 'Invalid JSON format' }) rescue ArgumentError => e status 400 safe_json_response({ error: 'Validation failed', details: e.message }) rescue => e status 500 safe_json_response({ error: 'Server error' }) end end