Sha256: 83fc930bc6eaf68195e0d43181cd3282728b7f9ecf2df066c01fde74e2831606
Contents?: true
Size: 1.21 KB
Versions: 1
Compression:
Stored size: 1.21 KB
Contents
unless Rails.env.test? || File.basename($0) == 'rake' || defined?(Rails::Generators)
module Marshal
class << self
alias_method :original_load, :load
def load(source, proc = nil)
exg = Paraxial.configuration&.exploit_guard || nil
if [:monitor, :block].include?(exg)
if source.is_a?(String) && source.match?(/ActionView|Net::BufferedIO|ERB|ActiveSupport/)
puts "[Paraxial] Exploit Guard triggered, malicious input to Marshal.load"
puts source
m = {
"api_key" => Paraxial::Helpers.get_api_key,
"mode" => exg,
"message" => "Marshal.load exploit behavior detected: #{Base64.encode64(source)}"
}
headers = { 'Content-Type': 'application/json' }
uri = URI.parse(Paraxial::Helpers.get_exploit_url)
Thread.new do
Net::HTTP.post(uri, m.to_json, headers)
end
if exg == :monitor
original_load(source, proc)
else
:block
end
else
original_load(source, proc)
end
else
original_load(source, proc)
end
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| paraxial-0.8.0 | lib/paraxial/initializers/marshal_patch.rb |