Title:Vulnerability Report for Ruby Gem codders-dataset-
From: ./codders-dataset-

Lines 18 and 24 expose the password to the process table, and are vulnerable to command injection if used in the context of a rails application. The #{@username} and #{@password} variables aren't properly sanitized before being passed to the command line.


16-      def capture(datasets)
17-        return if datasets.nil? || datasets.empty?
18:        `mysqldump -u {@username} --password={@password} --compact --extended-insert --no-create-db --add-drop-table --quick --quote-names #{@database} > #{storage_path(datasets)}`
19-      end
21-      def restore(datasets)
22-        store = storage_path(datasets)
23-        if File.file?(store)
24:          `mysql -u {@username} --password={@password} --database=#{@database} < #{store}`
25-          true
26-        end
27-      end