Sha256: c7716db54cca7658947db38311f31bd3d93bfecbbd67d0968720c5ff0ca8541d
Contents?: true
Size: 1.3 KB
Versions: 14
Compression:
Stored size: 1.3 KB
Contents
# Copyright (c) 2015 Sqreen. All Rights Reserved.
# Please refer to our terms for more information: https://www.sqreen.io/terms.html
require 'sqreen/rule_callback'
require 'sqreen/detect'
module Sqreen
module Rules
# Look for SQL injections
class SQLCB < RuleCB
def pre(inst, *args, &_block)
Sqreen.log.debug { "<< #{@klass} #{@method} #{Thread.current}" }
Sqreen.log.debug { args.inspect }
request = args[0]
params = framework.request_params
return if params.nil? || params == {}
Sqreen.log.debug { 'Searching injection in:' }
Sqreen.log.debug { 'request: ' + request }
Sqreen.log.debug { 'params: ' + params.inspect }
db_type, db_infos = framework.db_settings(:connection_adapter => inst)
if db_type.nil?
Sqreen.log.debug { "Database '#{db_infos[:name]}' not supported yet" }
return
end
inj = Sqreen::Detect::SQLInjection.new(db_type, db_infos)
sqli = inj.user_escape?(request, params)
Sqreen.log.info { "presence of an SQLi: #{sqli}" }
return unless sqli
infos = {
:db_request => request,
:db_type => db_type,
:db_infos => db_infos,
}
record_event(infos)
{ :status => :raise }
end
end
end
end
Version data entries
14 entries across 14 versions & 1 rubygems