diff --git a/ruby/src/detectors/sendfile-injection/sendfile-injection.rb b/ruby/src/detectors/sendfile-injection/sendfile-injection.rb
new file mode 100644
index 0000000..3d69a2f
--- /dev/null
+++ b/ruby/src/detectors/sendfile-injection/sendfile-injection.rb
@@ -0,0 +1,32 @@
+=begin
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: Apache-2.0
+=end
+
+# {fact rule=sendfile-injection@v1.0 defects=1}
+def send_file_injection_noncompliant
+    begin
+      path = "/opt/wwwdata/assets/" + params[:asset_name].to_s
+      # Noncompliant: 'path' is unsanitized.
+      send_file path, disposition: "attachment"
+    rescue
+      redirect_to "/home"
+    end
+ end
+ # {/fact}
+ 
+ # {fact rule=sendfile-injection@v1.0 defects=0}
+ def send_file_injection_compliant
+    begin
+      path = File.expand_path("/opt/wwwdata/assets/" + params[:asset_name].to_s)
+      if path.start_with?("/opt/wwwdata/assets/")
+        # Compliant: 'path' is sanitized before passing in send_file.
+        send_file path, disposition: "attachment"
+      else
+         head 403
+      end
+    rescue
+      redirect_to "/home"
+    end
+ end
+ # {/fact}
\ No newline at end of file