Contents

# Copyright (c) 2015 Sqreen. All Rights Reserved.
# Please refer to our terms for more information: https://www.sqreen.io/terms.html

require 'sqreen/rule_callback'
require 'sqreen/detect'

module Sqreen
  module Rules
    # Look for Shell injections
    class ShellCB < RuleCB
      def pre(_inst, *args, &_block)
        Sqreen.log.debug { "<< #{@klass} #{@method} #{Thread.current}" }
        Sqreen.log.debug { args.inspect }

        cmd = args[0]
        params = framework.request_params
        return if params.nil? || params == {}
        Sqreen.log.debug { 'Searching injection in:' }
        Sqreen.log.debug { 'command: ' + cmd }
        Sqreen.log.debug { 'params: ' + params.inspect }

        # FIXME: Handle IFS coming from spawn/exec/system ENV argument
        inj = Sqreen::Detect::ShellInjection.new
        shi = inj.user_escape?(cmd, params)
        Sqreen.log.warn { "presence of a shell injection: #{shi}" }
        return unless shi
        infos = { :sh_cmd => cmd }
        record_event(infos)
        { :status => :raise }
      end
    end
  end
end

Version data entries

14 entries across 14 versions & 1 rubygems

Version	Path
sqreen-0.8.11465220943-java	lib/sqreen/rules_callbacks/shell.rb
sqreen-0.8.11465220943	lib/sqreen/rules_callbacks/shell.rb
sqreen-0.8.01464630418-java	lib/sqreen/rules_callbacks/shell.rb
sqreen-0.8.01464630418	lib/sqreen/rules_callbacks/shell.rb
sqreen-0.7.01464629603-java	lib/sqreen/rules_callbacks/shell.rb
sqreen-0.7.01464629603	lib/sqreen/rules_callbacks/shell.rb
sqreen-0.7.01462198090-java	lib/sqreen/rules_callbacks/shell.rb
sqreen-0.7.01462198090	lib/sqreen/rules_callbacks/shell.rb
sqreen-0.7.01461829538-java	lib/sqreen/rules_callbacks/shell.rb
sqreen-0.7.01461829538	lib/sqreen/rules_callbacks/shell.rb
sqreen-0.7.01461767359-java	lib/sqreen/rules_callbacks/shell.rb
sqreen-0.7.01461767359	lib/sqreen/rules_callbacks/shell.rb
sqreen-0.7.01461158029-java	lib/sqreen/rules_callbacks/shell.rb
sqreen-0.7.01461158029	lib/sqreen/rules_callbacks/shell.rb