Sha256: 3377f4822e2d3242b68d81e2fb52b23696e9ad84b80f656b07d8f0d87aed15aa
Contents?: true
Size: 1.19 KB
Versions: 15
Compression:
Stored size: 1.19 KB
Contents
unless Rails.env.test? || File.basename($0) == 'rake' || defined?(Rails::Generators)
module Marshal
class << self
alias_method :original_load, :load
def load(source, proc = nil)
exg = Paraxial.configuration&.exploit_guard || nil
if [:monitor, :block].include?(exg)
if source.is_a?(String) && source.match?(/ActionView|Net::BufferedIO|ERB/)
puts "[Paraxial] Exploit Guard triggered, malicious input to Marshal.load"
puts source
m = {
"api_key" => Paraxial::Helpers.get_api_key,
"mode" => exg,
"message" => "Marshal.load exploit behavior detected: #{Base64.encode64(source)}"
}
headers = { 'Content-Type': 'application/json' }
uri = URI.parse(Paraxial::Helpers.get_exploit_url)
Thread.new do
Net::HTTP.post(uri, m.to_json, headers)
end
if exg == :monitor
original_load(source, proc)
else
:block
end
else
original_load(source, proc)
end
else
original_load(source, proc)
end
end
end
end
end
Version data entries
15 entries across 15 versions & 1 rubygems