| Rules | Description | Example | KPI | |
|---|---|---|---|---|
| Default Routes | Route to that controller containing :action. | Security | low | |
| Format Validation | Calls to validates_format_of ..., :with => // which do not use \A and \z as anchors will cause this warning | Security | low | |
| Mail Link | Vulnerable to a cross-site scripting vulnerability mail_to. | Security | low | |
| Unscoped Find | Models which belong to another model should typically be accessed via a scoped query. | Security | low |