Sha256: 04f719a02670de15abdf86421461e78a3706126681f67fd10001ebe10ab28806

Contents?: true

Size: 1.91 KB

Versions: 14

Compression:

Stored size: 1.91 KB

Contents

# Copyright (c) 2015 Sqreen. All Rights Reserved.
# Please refer to our terms for more information: https://www.sqreen.io/terms.html

require 'sqreen/parsers/unix'

module Sqreen
  module Detect
    # Detector class for shell injections
    # Find instance of user parameters injections into executable commands
    # It work by:
    #  1 - Highlighting the cmd for executable sections
    #  2 - Highlighting the cmd for traces of user parameters
    #  3 - Comparing if there is any intersection
    class ShellInjection
      def initialize
        @parser = Sqreen::Parsers::Unix.new
      end

      # Is there a user injection in cmd
      # @param cmd [String] command to analyze
      # @param params [Hash] Hash of user parameters
      def user_escape?(cmd, params)
        Sqreen.log.info format('escape? %s', [cmd, params].inspect)

        # We found the user query inside the cmd. A risk exists.
        @parser.parse(cmd)
        execs = @parser.atoms.select(&:executable?)

        each_param_scalar(params) do |v|
          next unless v
          value = v.to_s
          next unless value.size > 0
          offset = 0
          loop do
            match_start = cmd.index(value, offset)
            break if match_start.nil?
            match_end = match_start + value.size
            offset = match_end
            covered = execs.any? do |exec|
              match_end >= exec.start && match_start < exec.end
            end
            next unless covered
            Sqreen.log.info format('injection for parameter %s', value.inspect)
            return true
          end
        end
        false
      end

      # FIXME: deduplicate code
      def each_param_scalar(params, &block)
        case params
        when Hash  then params.each { |_k, v| each_param_scalar(v, &block) }
        when Array then params.each { |v| each_param_scalar(v, &block) }
        else
          yield params
        end
      end
    end
  end
end

Version data entries

14 entries across 14 versions & 1 rubygems

Version Path
sqreen-0.8.11465220943-java lib/sqreen/detect/shell_injection.rb
sqreen-0.8.11465220943 lib/sqreen/detect/shell_injection.rb
sqreen-0.8.01464630418-java lib/sqreen/detect/shell_injection.rb
sqreen-0.8.01464630418 lib/sqreen/detect/shell_injection.rb
sqreen-0.7.01464629603-java lib/sqreen/detect/shell_injection.rb
sqreen-0.7.01464629603 lib/sqreen/detect/shell_injection.rb
sqreen-0.7.01462198090-java lib/sqreen/detect/shell_injection.rb
sqreen-0.7.01462198090 lib/sqreen/detect/shell_injection.rb
sqreen-0.7.01461829538-java lib/sqreen/detect/shell_injection.rb
sqreen-0.7.01461829538 lib/sqreen/detect/shell_injection.rb
sqreen-0.7.01461767359-java lib/sqreen/detect/shell_injection.rb
sqreen-0.7.01461767359 lib/sqreen/detect/shell_injection.rb
sqreen-0.7.01461158029-java lib/sqreen/detect/shell_injection.rb
sqreen-0.7.01461158029 lib/sqreen/detect/shell_injection.rb