Sha256: 27c092cb6a961a6551bf7a51902b47832a67a3dcd142805d02e625624f891fb3
Contents?: true
Size: 945 Bytes
Versions: 80
Compression:
Stored size: 945 Bytes
Contents
# Copyright (c) 2015 Sqreen. All Rights Reserved.
# Please refer to our terms for more information: https://www.sqreen.io/terms.html
require 'sqreen/rules_callbacks/regexp_rule'
module Sqreen
module Rules
# Callback that detect nifty env in system calls
class ShellEnvCB < RegexpRuleCB
def pre(_inst, args, _budget = nil, &_block)
return if args.size == 0
env = args.first
return unless env.is_a?(Hash)
return if env.size == 0
found = nil
var, value = env.find do |_, val|
next unless val.is_a?(String)
found = match_regexp(val)
end
return unless var
infos = {
:variable_name => var,
:variable_value => value,
:found => found,
}
Sqreen.log.warn { "presence of a shell env tampering: #{infos.inspect}" }
record_event(infos)
advise_action(:raise)
end
end
end
end
Version data entries
80 entries across 80 versions & 2 rubygems