lang:

Ruby

regex:

__send__\s?\(?|send\s?\(|public_send\s?\(

description:

Invoke methods dynamically. Ensure no user controlled data is passed to this function. See https://code.google.com/p/ruby-security/wiki/Guide
tags:
dynamic method invoke inject
results