/usr/lib/ruby/vendor_ruby/ is in ruby-rack-protection 1.5.2-1.
This file is owned by root:root, with mode 0o755.
..
/usr/lib/ruby/vendor_ruby/rack/
/usr/lib/ruby/vendor_ruby/rack/protection.rb
/usr/lib/ruby/vendor_ruby/rack/protection/
/usr/lib/ruby/vendor_ruby/rack/protection/ip_spoofing.rb
/usr/lib/ruby/vendor_ruby/rack/protection/form_token.rb
/usr/lib/ruby/vendor_ruby/rack/protection/version.rb
/usr/lib/ruby/vendor_ruby/rack/protection/base.rb
/usr/lib/ruby/vendor_ruby/rack/protection/session_hijacking.rb
/usr/lib/ruby/vendor_ruby/rack/protection/json_csrf.rb
/usr/lib/ruby/vendor_ruby/rack/protection/xss_header.rb
/usr/lib/ruby/vendor_ruby/rack/protection/authenticity_token.rb
/usr/lib/ruby/vendor_ruby/rack/protection/escaped_params.rb
/usr/lib/ruby/vendor_ruby/rack/protection/path_traversal.rb
/usr/lib/ruby/vendor_ruby/rack/protection/http_origin.rb
/usr/lib/ruby/vendor_ruby/rack/protection/remote_token.rb
/usr/lib/ruby/vendor_ruby/rack/protection/remote_referrer.rb
/usr/lib/ruby/vendor_ruby/rack/protection/frame_options.rb
/usr/lib/ruby/vendor_ruby/rack-protection.rb