Contents

# typed: ignore

# Copyright (c) 2015 Sqreen. All Rights Reserved.
# Please refer to our terms for more information: https://www.sqreen.com/terms.html

require 'sqreen/rules/regexp_rule_cb'

module Sqreen
  module Rules
    # FIXME: Tune this as Rack capable callback?
    # If:
    #  - we have a 404
    #  - the path is a typical bot scanning request
    # Then we deny the ressource and record the attack.
    class URLMatchesCB < RegexpRuleCB
      def post(rv, _inst, args, _budget = nil, &_block)
        return unless rv.is_a?(Array) && rv.size > 0 && rv[0] == 404
        env = args[0]
        path = env['SCRIPT_NAME'].to_s + env['PATH_INFO'].to_s
        found = match_regexp(path)
        infos = { :path => path, :found => found }
        record_event(infos) if found
        advise_action(nil)
      end
    end
  end
end

Version data entries

39 entries across 39 versions & 1 rubygems

Version	Path
sqreen-1.25.1	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.25.0	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.24.3	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.24.2	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.24.1	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.24.0	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.23.2	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.23.1	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.23.0	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.22.1	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.22.0-java	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.22.0	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.21.1-java	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.21.1	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.21.0-java	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.21.0	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.20.4-java	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.20.4	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.21.0.beta3-java	lib/sqreen/rules/url_matches_cb.rb
sqreen-1.21.0.beta3	lib/sqreen/rules/url_matches_cb.rb