rspec/rules/S6173/description.adoc

User-provided data, such as URL parameters, should always be considered untrusted and tainted. Constructing class or method names directly from tainted data enables attackers to inject specially crafted values that could result in unexpected behavior, e.g. crash of the application.


Typically, the solution is to validate every parameter used to create the name. This can be achieved by validating them against a list of authorized values.
	`User-provided data, such as URL parameters, should always be considered untrusted and tainted. Constructing class or method names directly from tainted data enables attackers to inject specially crafted values that could result in unexpected behavior, e.g. crash of the application.`


	`Typically, the solution is to validate every parameter used to create the name. This can be achieved by validating them against a list of authorized values.`