Sha256: d564ca6a5dced380c2680a089430004cca3481f38cfe1c8792d6ae46a50d3946

Contents?: true

Size: 927 Bytes

Versions: 36

Compression:

Stored size: 927 Bytes

Contents

# Copyright (c) 2015 Sqreen. All Rights Reserved.
# Please refer to our terms for more information: https://www.sqreen.io/terms.html

require 'sqreen/rules_callbacks/regexp_rule'

module Sqreen
  module Rules
    # Callback that detect nifty env in system calls
    class ShellEnvCB < RegexpRuleCB
      def pre(_inst, *args, &_block)
        return if args.size == 0
        env = args.first
        return unless env.is_a?(Hash)
        return if env.size == 0
        found = nil
        var, value = env.find do |_, val|
          next unless val.is_a?(String)
          found = match_regexp(val)
        end
        return unless var
        infos = {
          :variable_name => var,
          :variable_value => value,
          :found => found,
        }
        Sqreen.log.warn "presence of a shell env tampering: #{infos.inspect}"
        record_event(infos)
        { :status => :raise }
      end
    end
  end
end

Version data entries

36 entries across 36 versions & 1 rubygems

Version Path
sqreen-1.3.21489051313-java lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.3.21489051313 lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.3.11488790967-java lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.3.11488790967 lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.3.01487852305-java lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.3.01487852305 lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.2.01484936161-java lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.2.01484936161 lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.1.51482852304-java lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.1.51482852304 lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.1.41481804991-java lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.1.41481804991 lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.1.31481742180-java lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.1.31481742180 lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.1.21481714484-java lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.1.21481714484 lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.1.11481117869-java lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.1.11481117869 lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.1.01481108064-java lib/sqreen/rules_callbacks/shell_env.rb
sqreen-1.1.01481108064 lib/sqreen/rules_callbacks/shell_env.rb