RubygemsResearch

Sha256: 9a0898ed13cf623c4a991ef61c7d45be22766d2f299449267fa1ec37e9726ece

Contents?: true

Size: 946 Bytes

Versions: 3

Compression:

Stored size: 946 Bytes

# Copyright (c) 2015 Sqreen. All Rights Reserved.
# Please refer to our terms for more information: https://www.sqreen.com/terms.html

require 'sqreen/rules_callbacks/regexp_rule'

module Sqreen
  module Rules
    # Callback that detect nifty env in system calls
    class ShellEnvCB < RegexpRuleCB
      def pre(_inst, args, _budget = nil, &_block)
        return if args.size == 0
        env = args.first
        return unless env.is_a?(Hash)
        return if env.size == 0
        found = nil
        var, value = env.find do |_, val|
          next unless val.is_a?(String)
          found = match_regexp(val)
        end
        return unless var
        infos = {
          :variable_name => var,
          :variable_value => value,
          :found => found,
        }
        Sqreen.log.warn { "presence of a shell env tampering: #{infos.inspect}" }
        record_event(infos)
        advise_action(:raise)
      end
    end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version	Path
sqreen-1.18.3.beta1	lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.18.2-java	lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.18.2	lib/sqreen/rules_callbacks/shell_env.rb