ddtrace 0.54.2 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (1139) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +7 -16
  3. data/CHANGELOG.md +213 -1
  4. data/CONTRIBUTING.md +1 -1
  5. data/LICENSE-3rdparty.csv +3 -1
  6. data/README.md +10 -1
  7. data/bin/ddtracerb +5 -5
  8. data/ddtrace.gemspec +22 -7
  9. data/docs/0.x-trace.png +0 -0
  10. data/docs/1.0-trace.png +0 -0
  11. data/docs/AutoInstrumentation.md +36 -0
  12. data/docs/Deprecation.md +8 -0
  13. data/docs/DevelopmentGuide.md +1 -1
  14. data/docs/GettingStarted.md +596 -510
  15. data/docs/ProfilingDevelopment.md +36 -34
  16. data/docs/PublicApi.md +14 -0
  17. data/docs/UpgradeGuide.md +736 -0
  18. data/ext/ddtrace_profiling_loader/ddtrace_profiling_loader.c +118 -0
  19. data/ext/ddtrace_profiling_loader/extconf.rb +54 -0
  20. data/ext/ddtrace_profiling_native_extension/NativeExtensionDesign.md +36 -9
  21. data/ext/ddtrace_profiling_native_extension/clock_id.h +1 -1
  22. data/ext/ddtrace_profiling_native_extension/clock_id_from_pthread.c +1 -9
  23. data/ext/ddtrace_profiling_native_extension/clock_id_noop.c +1 -1
  24. data/ext/ddtrace_profiling_native_extension/collectors_cpu_and_wall_time.c +269 -0
  25. data/ext/ddtrace_profiling_native_extension/collectors_stack.c +278 -0
  26. data/ext/ddtrace_profiling_native_extension/collectors_stack.h +9 -0
  27. data/ext/ddtrace_profiling_native_extension/extconf.rb +123 -103
  28. data/ext/ddtrace_profiling_native_extension/http_transport.c +341 -0
  29. data/ext/ddtrace_profiling_native_extension/libddprof_helpers.h +13 -0
  30. data/ext/ddtrace_profiling_native_extension/native_extension_helpers.rb +274 -0
  31. data/ext/ddtrace_profiling_native_extension/private_vm_api_access.c +655 -8
  32. data/ext/ddtrace_profiling_native_extension/private_vm_api_access.h +33 -0
  33. data/ext/ddtrace_profiling_native_extension/profiling.c +14 -1
  34. data/ext/ddtrace_profiling_native_extension/ruby_helpers.h +33 -0
  35. data/ext/ddtrace_profiling_native_extension/stack_recorder.c +147 -0
  36. data/ext/ddtrace_profiling_native_extension/stack_recorder.h +37 -0
  37. data/lib/datadog/appsec/assets/blocked.html +4 -0
  38. data/lib/datadog/appsec/assets/waf_rules/README.md +7 -0
  39. data/lib/datadog/appsec/assets/waf_rules/recommended.json +5638 -0
  40. data/lib/datadog/appsec/assets/waf_rules/risky.json +1499 -0
  41. data/lib/datadog/appsec/assets/waf_rules/strict.json +1298 -0
  42. data/lib/datadog/appsec/assets.rb +38 -0
  43. data/lib/datadog/appsec/autoload.rb +16 -0
  44. data/lib/datadog/appsec/configuration/settings.rb +194 -0
  45. data/lib/datadog/appsec/configuration.rb +80 -0
  46. data/lib/datadog/appsec/contrib/auto_instrument.rb +29 -0
  47. data/lib/datadog/appsec/contrib/configuration/settings.rb +20 -0
  48. data/lib/datadog/appsec/contrib/integration.rb +37 -0
  49. data/lib/datadog/appsec/contrib/patcher.rb +12 -0
  50. data/lib/datadog/appsec/contrib/rack/configuration/settings.rb +22 -0
  51. data/lib/datadog/appsec/contrib/rack/ext.rb +15 -0
  52. data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +169 -0
  53. data/lib/datadog/appsec/contrib/rack/integration.rb +49 -0
  54. data/lib/datadog/appsec/contrib/rack/patcher.rb +32 -0
  55. data/lib/datadog/appsec/contrib/rack/reactive/request.rb +87 -0
  56. data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +64 -0
  57. data/lib/datadog/appsec/contrib/rack/reactive/response.rb +64 -0
  58. data/lib/datadog/appsec/contrib/rack/request.rb +58 -0
  59. data/lib/datadog/appsec/contrib/rack/request_body_middleware.rb +41 -0
  60. data/lib/datadog/appsec/contrib/rack/request_middleware.rb +112 -0
  61. data/lib/datadog/appsec/contrib/rack/response.rb +24 -0
  62. data/lib/datadog/appsec/contrib/rails/configuration/settings.rb +22 -0
  63. data/lib/datadog/appsec/contrib/rails/ext.rb +15 -0
  64. data/lib/datadog/appsec/contrib/rails/framework.rb +30 -0
  65. data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +81 -0
  66. data/lib/datadog/appsec/contrib/rails/integration.rb +48 -0
  67. data/lib/datadog/appsec/contrib/rails/patcher.rb +158 -0
  68. data/lib/datadog/appsec/contrib/rails/reactive/action.rb +68 -0
  69. data/lib/datadog/appsec/contrib/rails/request.rb +33 -0
  70. data/lib/datadog/appsec/contrib/rails/request_middleware.rb +20 -0
  71. data/lib/datadog/appsec/contrib/sinatra/configuration/settings.rb +22 -0
  72. data/lib/datadog/appsec/contrib/sinatra/ext.rb +15 -0
  73. data/lib/datadog/appsec/contrib/sinatra/framework.rb +34 -0
  74. data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +124 -0
  75. data/lib/datadog/appsec/contrib/sinatra/integration.rb +48 -0
  76. data/lib/datadog/appsec/contrib/sinatra/patcher.rb +144 -0
  77. data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +63 -0
  78. data/lib/datadog/appsec/contrib/sinatra/request_middleware.rb +20 -0
  79. data/lib/datadog/appsec/event.rb +121 -0
  80. data/lib/datadog/appsec/extensions.rb +118 -0
  81. data/lib/datadog/appsec/instrumentation/gateway.rb +44 -0
  82. data/lib/datadog/appsec/processor.rb +164 -0
  83. data/lib/datadog/appsec/rate_limiter.rb +60 -0
  84. data/lib/datadog/appsec/reactive/address_hash.rb +18 -0
  85. data/lib/datadog/appsec/reactive/engine.rb +44 -0
  86. data/lib/datadog/appsec/reactive/operation.rb +51 -0
  87. data/lib/datadog/appsec/reactive/subscriber.rb +18 -0
  88. data/lib/datadog/appsec.rb +23 -0
  89. data/lib/datadog/ci/configuration/components.rb +9 -8
  90. data/lib/datadog/ci/configuration/settings.rb +19 -3
  91. data/lib/datadog/ci/contrib/cucumber/configuration/settings.rb +4 -2
  92. data/lib/datadog/ci/contrib/cucumber/ext.rb +2 -0
  93. data/lib/datadog/ci/contrib/cucumber/formatter.rb +4 -9
  94. data/lib/datadog/ci/contrib/cucumber/instrumentation.rb +2 -1
  95. data/lib/datadog/ci/contrib/cucumber/integration.rb +3 -2
  96. data/lib/datadog/ci/contrib/cucumber/patcher.rb +3 -2
  97. data/lib/datadog/ci/contrib/rspec/configuration/settings.rb +4 -2
  98. data/lib/datadog/ci/contrib/rspec/example.rb +4 -9
  99. data/lib/datadog/ci/contrib/rspec/ext.rb +2 -0
  100. data/lib/datadog/ci/contrib/rspec/integration.rb +3 -2
  101. data/lib/datadog/ci/contrib/rspec/patcher.rb +3 -2
  102. data/lib/datadog/ci/ext/app_types.rb +2 -1
  103. data/lib/datadog/ci/ext/environment.rb +128 -110
  104. data/lib/datadog/ci/ext/settings.rb +2 -1
  105. data/lib/datadog/ci/ext/test.rb +1 -0
  106. data/lib/datadog/ci/extensions.rb +5 -4
  107. data/lib/datadog/ci/flush.rb +38 -0
  108. data/lib/datadog/ci/test.rb +15 -13
  109. data/lib/datadog/ci.rb +4 -1
  110. data/lib/datadog/core/buffer/cruby.rb +55 -0
  111. data/lib/datadog/core/buffer/random.rb +134 -0
  112. data/lib/datadog/core/buffer/thread_safe.rb +58 -0
  113. data/lib/datadog/core/chunker.rb +35 -0
  114. data/lib/datadog/core/configuration/agent_settings_resolver.rb +365 -0
  115. data/lib/datadog/core/configuration/base.rb +89 -0
  116. data/lib/datadog/core/configuration/components.rb +426 -0
  117. data/lib/datadog/core/configuration/dependency_resolver.rb +28 -0
  118. data/lib/datadog/core/configuration/option.rb +69 -0
  119. data/lib/datadog/core/configuration/option_definition.rb +126 -0
  120. data/lib/datadog/core/configuration/option_definition_set.rb +22 -0
  121. data/lib/datadog/core/configuration/option_set.rb +10 -0
  122. data/lib/datadog/core/configuration/options.rb +118 -0
  123. data/lib/datadog/core/configuration/settings.rb +625 -0
  124. data/lib/datadog/core/configuration.rb +286 -0
  125. data/lib/datadog/core/diagnostics/environment_logger.rb +283 -0
  126. data/lib/datadog/core/diagnostics/ext.rb +41 -0
  127. data/lib/datadog/core/diagnostics/health.rb +37 -0
  128. data/lib/datadog/core/encoding.rb +76 -0
  129. data/lib/datadog/core/environment/cgroup.rb +4 -1
  130. data/lib/datadog/core/environment/class_count.rb +1 -0
  131. data/lib/datadog/core/environment/container.rb +3 -1
  132. data/lib/datadog/core/environment/ext.rb +28 -9
  133. data/lib/datadog/core/environment/gc.rb +1 -0
  134. data/lib/datadog/core/environment/identity.rb +11 -4
  135. data/lib/datadog/core/environment/platform.rb +40 -0
  136. data/lib/datadog/core/environment/socket.rb +9 -2
  137. data/lib/datadog/core/environment/thread_count.rb +1 -0
  138. data/lib/datadog/core/environment/variable_helpers.rb +28 -2
  139. data/lib/datadog/core/environment/vm_cache.rb +1 -0
  140. data/lib/datadog/core/error.rb +101 -0
  141. data/lib/datadog/core/extensions.rb +16 -0
  142. data/lib/datadog/core/git/ext.rb +35 -0
  143. data/lib/datadog/core/logger.rb +46 -0
  144. data/lib/datadog/core/logging/ext.rb +11 -0
  145. data/lib/datadog/core/metrics/client.rb +198 -0
  146. data/lib/datadog/core/metrics/ext.rb +20 -0
  147. data/lib/datadog/core/metrics/helpers.rb +25 -0
  148. data/lib/datadog/core/metrics/logging.rb +44 -0
  149. data/lib/datadog/core/metrics/metric.rb +14 -0
  150. data/lib/datadog/core/metrics/options.rb +50 -0
  151. data/lib/datadog/core/pin.rb +75 -0
  152. data/lib/datadog/core/runtime/ext.rb +28 -0
  153. data/lib/datadog/core/runtime/metrics.rb +126 -0
  154. data/lib/datadog/core/utils/compression.rb +32 -0
  155. data/lib/datadog/core/utils/forking.rb +63 -0
  156. data/lib/datadog/core/utils/object_set.rb +43 -0
  157. data/lib/datadog/core/utils/only_once.rb +44 -0
  158. data/lib/datadog/core/utils/safe_dup.rb +27 -0
  159. data/lib/datadog/core/utils/sequence.rb +21 -0
  160. data/lib/datadog/core/utils/string_table.rb +49 -0
  161. data/lib/datadog/core/utils/time.rb +54 -0
  162. data/lib/datadog/core/utils.rb +115 -0
  163. data/lib/datadog/core/vendor/multipart-post/multipart/post/composite_read_io.rb +120 -0
  164. data/lib/datadog/core/vendor/multipart-post/multipart/post/multipartable.rb +61 -0
  165. data/lib/datadog/core/vendor/multipart-post/multipart/post/parts.rb +139 -0
  166. data/lib/datadog/core/vendor/multipart-post/multipart/post/version.rb +13 -0
  167. data/lib/datadog/core/vendor/multipart-post/multipart/post.rb +12 -0
  168. data/lib/datadog/core/vendor/multipart-post/multipart.rb +16 -0
  169. data/lib/datadog/core/vendor/multipart-post/net/http/post/multipart.rb +36 -0
  170. data/lib/datadog/core/worker.rb +24 -0
  171. data/lib/datadog/core/workers/async.rb +182 -0
  172. data/lib/datadog/core/workers/interval_loop.rb +119 -0
  173. data/lib/datadog/core/workers/polling.rb +59 -0
  174. data/lib/datadog/core/workers/queue.rb +44 -0
  175. data/lib/datadog/core/workers/runtime_metrics.rb +62 -0
  176. data/lib/datadog/core.rb +80 -0
  177. data/lib/datadog/kit/enable_core_dumps.rb +50 -0
  178. data/lib/datadog/kit/identity.rb +63 -0
  179. data/lib/datadog/kit.rb +11 -0
  180. data/lib/datadog/opentracer/binary_propagator.rb +26 -0
  181. data/lib/datadog/opentracer/carrier.rb +9 -0
  182. data/lib/datadog/opentracer/distributed_headers.rb +58 -0
  183. data/lib/datadog/opentracer/global_tracer.rb +17 -0
  184. data/lib/datadog/opentracer/propagator.rb +26 -0
  185. data/lib/datadog/opentracer/rack_propagator.rb +72 -0
  186. data/lib/datadog/opentracer/scope.rb +18 -0
  187. data/lib/datadog/opentracer/scope_manager.rb +9 -0
  188. data/lib/datadog/opentracer/span.rb +101 -0
  189. data/lib/datadog/opentracer/span_context.rb +19 -0
  190. data/lib/datadog/opentracer/span_context_factory.rb +27 -0
  191. data/lib/datadog/opentracer/text_map_propagator.rb +87 -0
  192. data/lib/datadog/opentracer/thread_local_scope.rb +34 -0
  193. data/lib/datadog/opentracer/thread_local_scope_manager.rb +66 -0
  194. data/lib/datadog/opentracer/tracer.rb +212 -0
  195. data/lib/datadog/opentracer.rb +24 -0
  196. data/lib/datadog/profiling/backtrace_location.rb +34 -0
  197. data/lib/datadog/profiling/buffer.rb +43 -0
  198. data/lib/datadog/profiling/collectors/code_provenance.rb +115 -0
  199. data/lib/datadog/profiling/collectors/cpu_and_wall_time.rb +42 -0
  200. data/lib/datadog/profiling/collectors/old_stack.rb +298 -0
  201. data/lib/datadog/profiling/collectors/stack.rb +18 -0
  202. data/lib/datadog/profiling/encoding/profile.rb +43 -0
  203. data/lib/datadog/profiling/event.rb +15 -0
  204. data/lib/datadog/profiling/events/stack.rb +82 -0
  205. data/lib/datadog/profiling/exporter.rb +74 -0
  206. data/lib/datadog/profiling/ext/forking.rb +99 -0
  207. data/lib/datadog/profiling/ext.rb +44 -0
  208. data/lib/datadog/profiling/flush.rb +41 -0
  209. data/lib/datadog/profiling/http_transport.rb +131 -0
  210. data/lib/datadog/profiling/load_native_extension.rb +22 -0
  211. data/lib/datadog/profiling/native_extension.rb +41 -0
  212. data/lib/datadog/profiling/old_ext.rb +42 -0
  213. data/lib/datadog/profiling/old_recorder.rb +106 -0
  214. data/lib/datadog/profiling/pprof/builder.rb +127 -0
  215. data/lib/datadog/profiling/pprof/converter.rb +104 -0
  216. data/lib/datadog/profiling/pprof/message_set.rb +16 -0
  217. data/lib/datadog/profiling/pprof/payload.rb +20 -0
  218. data/lib/datadog/profiling/pprof/pprof_pb.rb +83 -0
  219. data/lib/datadog/profiling/pprof/stack_sample.rb +141 -0
  220. data/lib/datadog/profiling/pprof/string_table.rb +12 -0
  221. data/lib/datadog/profiling/pprof/template.rb +120 -0
  222. data/lib/datadog/profiling/preload.rb +5 -0
  223. data/lib/datadog/profiling/profiler.rb +34 -0
  224. data/lib/datadog/profiling/scheduler.rb +132 -0
  225. data/lib/datadog/profiling/stack_recorder.rb +33 -0
  226. data/lib/datadog/profiling/tag_builder.rb +48 -0
  227. data/lib/datadog/profiling/tasks/exec.rb +50 -0
  228. data/lib/datadog/profiling/tasks/help.rb +18 -0
  229. data/lib/datadog/profiling/tasks/setup.rb +93 -0
  230. data/lib/datadog/profiling/trace_identifiers/ddtrace.rb +45 -0
  231. data/lib/datadog/profiling/trace_identifiers/helper.rb +47 -0
  232. data/lib/datadog/profiling/transport/http/api/endpoint.rb +85 -0
  233. data/lib/datadog/profiling/transport/http/api/instance.rb +38 -0
  234. data/lib/datadog/profiling/transport/http/api/spec.rb +42 -0
  235. data/lib/datadog/profiling/transport/http/api.rb +45 -0
  236. data/lib/datadog/profiling/transport/http/builder.rb +30 -0
  237. data/lib/datadog/profiling/transport/http/client.rb +37 -0
  238. data/lib/datadog/profiling/transport/http/response.rb +21 -0
  239. data/lib/datadog/profiling/transport/http.rb +112 -0
  240. data/lib/datadog/profiling.rb +170 -0
  241. data/lib/datadog/tracing/analytics.rb +25 -0
  242. data/lib/datadog/tracing/buffer.rb +132 -0
  243. data/lib/datadog/tracing/configuration/ext.rb +51 -0
  244. data/lib/datadog/tracing/context.rb +68 -0
  245. data/lib/datadog/tracing/context_provider.rb +82 -0
  246. data/lib/datadog/tracing/contrib/action_cable/configuration/settings.rb +35 -0
  247. data/lib/datadog/tracing/contrib/action_cable/event.rb +72 -0
  248. data/lib/datadog/tracing/contrib/action_cable/events/broadcast.rb +58 -0
  249. data/lib/datadog/tracing/contrib/action_cable/events/perform_action.rb +63 -0
  250. data/lib/datadog/tracing/contrib/action_cable/events/transmit.rb +59 -0
  251. data/lib/datadog/tracing/contrib/action_cable/events.rb +37 -0
  252. data/lib/datadog/tracing/contrib/action_cable/ext.rb +32 -0
  253. data/lib/datadog/tracing/contrib/action_cable/instrumentation.rb +91 -0
  254. data/lib/datadog/tracing/contrib/action_cable/integration.rb +50 -0
  255. data/lib/datadog/tracing/contrib/action_cable/patcher.rb +31 -0
  256. data/lib/datadog/tracing/contrib/action_mailer/configuration/settings.rb +36 -0
  257. data/lib/datadog/tracing/contrib/action_mailer/event.rb +52 -0
  258. data/lib/datadog/tracing/contrib/action_mailer/events/deliver.rb +60 -0
  259. data/lib/datadog/tracing/contrib/action_mailer/events/process.rb +47 -0
  260. data/lib/datadog/tracing/contrib/action_mailer/events.rb +34 -0
  261. data/lib/datadog/tracing/contrib/action_mailer/ext.rb +33 -0
  262. data/lib/datadog/tracing/contrib/action_mailer/integration.rb +50 -0
  263. data/lib/datadog/tracing/contrib/action_mailer/patcher.rb +29 -0
  264. data/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb +160 -0
  265. data/lib/datadog/tracing/contrib/action_pack/action_controller/patcher.rb +29 -0
  266. data/lib/datadog/tracing/contrib/action_pack/configuration/settings.rb +36 -0
  267. data/lib/datadog/tracing/contrib/action_pack/ext.rb +22 -0
  268. data/lib/datadog/tracing/contrib/action_pack/integration.rb +50 -0
  269. data/lib/datadog/tracing/contrib/action_pack/patcher.rb +27 -0
  270. data/lib/datadog/tracing/contrib/action_pack/utils.rb +40 -0
  271. data/lib/datadog/tracing/contrib/action_view/configuration/settings.rb +36 -0
  272. data/lib/datadog/tracing/contrib/action_view/event.rb +35 -0
  273. data/lib/datadog/tracing/contrib/action_view/events/render_partial.rb +54 -0
  274. data/lib/datadog/tracing/contrib/action_view/events/render_template.rb +57 -0
  275. data/lib/datadog/tracing/contrib/action_view/events.rb +34 -0
  276. data/lib/datadog/tracing/contrib/action_view/ext.rb +24 -0
  277. data/lib/datadog/tracing/contrib/action_view/instrumentation/partial_renderer.rb +78 -0
  278. data/lib/datadog/tracing/contrib/action_view/instrumentation/template_renderer.rb +91 -0
  279. data/lib/datadog/tracing/contrib/action_view/integration.rb +57 -0
  280. data/lib/datadog/tracing/contrib/action_view/patcher.rb +47 -0
  281. data/lib/datadog/tracing/contrib/action_view/utils.rb +36 -0
  282. data/lib/datadog/tracing/contrib/active_job/configuration/settings.rb +37 -0
  283. data/lib/datadog/tracing/contrib/active_job/event.rb +58 -0
  284. data/lib/datadog/tracing/contrib/active_job/events/discard.rb +50 -0
  285. data/lib/datadog/tracing/contrib/active_job/events/enqueue.rb +49 -0
  286. data/lib/datadog/tracing/contrib/active_job/events/enqueue_at.rb +49 -0
  287. data/lib/datadog/tracing/contrib/active_job/events/enqueue_retry.rb +51 -0
  288. data/lib/datadog/tracing/contrib/active_job/events/perform.rb +49 -0
  289. data/lib/datadog/tracing/contrib/active_job/events/retry_stopped.rb +50 -0
  290. data/lib/datadog/tracing/contrib/active_job/events.rb +42 -0
  291. data/lib/datadog/tracing/contrib/active_job/ext.rb +39 -0
  292. data/lib/datadog/tracing/contrib/active_job/integration.rb +50 -0
  293. data/lib/datadog/tracing/contrib/active_job/log_injection.rb +26 -0
  294. data/lib/datadog/tracing/contrib/active_job/patcher.rb +36 -0
  295. data/lib/datadog/tracing/contrib/active_model_serializers/configuration/settings.rb +33 -0
  296. data/lib/datadog/tracing/contrib/active_model_serializers/event.rb +69 -0
  297. data/lib/datadog/tracing/contrib/active_model_serializers/events/render.rb +45 -0
  298. data/lib/datadog/tracing/contrib/active_model_serializers/events/serialize.rb +47 -0
  299. data/lib/datadog/tracing/contrib/active_model_serializers/events.rb +34 -0
  300. data/lib/datadog/tracing/contrib/active_model_serializers/ext.rb +24 -0
  301. data/lib/datadog/tracing/contrib/active_model_serializers/integration.rb +45 -0
  302. data/lib/datadog/tracing/contrib/active_model_serializers/patcher.rb +33 -0
  303. data/lib/datadog/tracing/contrib/active_record/configuration/makara_resolver.rb +36 -0
  304. data/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb +138 -0
  305. data/lib/datadog/tracing/contrib/active_record/configuration/settings.rb +39 -0
  306. data/lib/datadog/tracing/contrib/active_record/event.rb +30 -0
  307. data/lib/datadog/tracing/contrib/active_record/events/instantiation.rb +58 -0
  308. data/lib/datadog/tracing/contrib/active_record/events/sql.rb +78 -0
  309. data/lib/datadog/tracing/contrib/active_record/events.rb +34 -0
  310. data/lib/datadog/tracing/contrib/active_record/ext.rb +29 -0
  311. data/lib/datadog/tracing/contrib/active_record/integration.rb +56 -0
  312. data/lib/datadog/tracing/contrib/active_record/patcher.rb +27 -0
  313. data/lib/datadog/tracing/contrib/active_record/utils.rb +128 -0
  314. data/lib/datadog/tracing/contrib/active_record/vendor/connection_specification.rb +307 -0
  315. data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +270 -0
  316. data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +73 -0
  317. data/lib/datadog/tracing/contrib/active_support/cache/redis.rb +47 -0
  318. data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +35 -0
  319. data/lib/datadog/tracing/contrib/active_support/ext.rb +31 -0
  320. data/lib/datadog/tracing/contrib/active_support/integration.rb +51 -0
  321. data/lib/datadog/tracing/contrib/active_support/notifications/event.rb +71 -0
  322. data/lib/datadog/tracing/contrib/active_support/notifications/subscriber.rb +71 -0
  323. data/lib/datadog/tracing/contrib/active_support/notifications/subscription.rb +164 -0
  324. data/lib/datadog/tracing/contrib/active_support/patcher.rb +27 -0
  325. data/lib/datadog/tracing/contrib/analytics.rb +29 -0
  326. data/lib/datadog/tracing/contrib/auto_instrument.rb +53 -0
  327. data/lib/datadog/tracing/contrib/aws/configuration/settings.rb +35 -0
  328. data/lib/datadog/tracing/contrib/aws/ext.rb +27 -0
  329. data/lib/datadog/tracing/contrib/aws/instrumentation.rb +95 -0
  330. data/lib/datadog/tracing/contrib/aws/integration.rb +47 -0
  331. data/lib/datadog/tracing/contrib/aws/parsed_context.rb +60 -0
  332. data/lib/datadog/tracing/contrib/aws/patcher.rb +57 -0
  333. data/lib/datadog/tracing/contrib/aws/services.rb +123 -0
  334. data/lib/datadog/tracing/contrib/concurrent_ruby/configuration/settings.rb +23 -0
  335. data/lib/datadog/tracing/contrib/concurrent_ruby/context_composite_executor_service.rb +53 -0
  336. data/lib/datadog/tracing/contrib/concurrent_ruby/ext.rb +16 -0
  337. data/lib/datadog/tracing/contrib/concurrent_ruby/future_patch.rb +27 -0
  338. data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +43 -0
  339. data/lib/datadog/tracing/contrib/concurrent_ruby/patcher.rb +33 -0
  340. data/lib/datadog/tracing/contrib/configurable.rb +102 -0
  341. data/lib/datadog/tracing/contrib/configuration/resolver.rb +85 -0
  342. data/lib/datadog/tracing/contrib/configuration/resolvers/pattern_resolver.rb +43 -0
  343. data/lib/datadog/tracing/contrib/configuration/settings.rb +43 -0
  344. data/lib/datadog/tracing/contrib/dalli/configuration/settings.rb +35 -0
  345. data/lib/datadog/tracing/contrib/dalli/ext.rb +24 -0
  346. data/lib/datadog/tracing/contrib/dalli/instrumentation.rb +58 -0
  347. data/lib/datadog/tracing/contrib/dalli/integration.rb +52 -0
  348. data/lib/datadog/tracing/contrib/dalli/patcher.rb +28 -0
  349. data/lib/datadog/tracing/contrib/dalli/quantize.rb +26 -0
  350. data/lib/datadog/tracing/contrib/delayed_job/configuration/settings.rb +38 -0
  351. data/lib/datadog/tracing/contrib/delayed_job/ext.rb +26 -0
  352. data/lib/datadog/tracing/contrib/delayed_job/integration.rb +43 -0
  353. data/lib/datadog/tracing/contrib/delayed_job/patcher.rb +31 -0
  354. data/lib/datadog/tracing/contrib/delayed_job/plugin.rb +101 -0
  355. data/lib/datadog/tracing/contrib/elasticsearch/configuration/settings.rb +36 -0
  356. data/lib/datadog/tracing/contrib/elasticsearch/ext.rb +26 -0
  357. data/lib/datadog/tracing/contrib/elasticsearch/integration.rb +50 -0
  358. data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +151 -0
  359. data/lib/datadog/tracing/contrib/elasticsearch/quantize.rb +89 -0
  360. data/lib/datadog/tracing/contrib/ethon/configuration/settings.rb +37 -0
  361. data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +177 -0
  362. data/lib/datadog/tracing/contrib/ethon/ext.rb +24 -0
  363. data/lib/datadog/tracing/contrib/ethon/integration.rb +48 -0
  364. data/lib/datadog/tracing/contrib/ethon/multi_patch.rb +96 -0
  365. data/lib/datadog/tracing/contrib/ethon/patcher.rb +31 -0
  366. data/lib/datadog/tracing/contrib/excon/configuration/settings.rb +38 -0
  367. data/lib/datadog/tracing/contrib/excon/ext.rb +21 -0
  368. data/lib/datadog/tracing/contrib/excon/integration.rb +48 -0
  369. data/lib/datadog/tracing/contrib/excon/middleware.rb +170 -0
  370. data/lib/datadog/tracing/contrib/excon/patcher.rb +31 -0
  371. data/lib/datadog/tracing/contrib/extensions.rb +197 -0
  372. data/lib/datadog/tracing/contrib/faraday/configuration/settings.rb +42 -0
  373. data/lib/datadog/tracing/contrib/faraday/connection.rb +22 -0
  374. data/lib/datadog/tracing/contrib/faraday/ext.rb +21 -0
  375. data/lib/datadog/tracing/contrib/faraday/integration.rb +48 -0
  376. data/lib/datadog/tracing/contrib/faraday/middleware.rb +93 -0
  377. data/lib/datadog/tracing/contrib/faraday/patcher.rb +56 -0
  378. data/lib/datadog/tracing/contrib/faraday/rack_builder.rb +22 -0
  379. data/lib/datadog/tracing/contrib/grape/configuration/settings.rb +42 -0
  380. data/lib/datadog/tracing/contrib/grape/endpoint.rb +253 -0
  381. data/lib/datadog/tracing/contrib/grape/ext.rb +28 -0
  382. data/lib/datadog/tracing/contrib/grape/instrumentation.rb +37 -0
  383. data/lib/datadog/tracing/contrib/grape/integration.rb +44 -0
  384. data/lib/datadog/tracing/contrib/grape/patcher.rb +33 -0
  385. data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +36 -0
  386. data/lib/datadog/tracing/contrib/graphql/ext.rb +19 -0
  387. data/lib/datadog/tracing/contrib/graphql/integration.rb +44 -0
  388. data/lib/datadog/tracing/contrib/graphql/patcher.rb +91 -0
  389. data/lib/datadog/tracing/contrib/grpc/configuration/settings.rb +38 -0
  390. data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +84 -0
  391. data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/server.rb +90 -0
  392. data/lib/datadog/tracing/contrib/grpc/datadog_interceptor.rb +108 -0
  393. data/lib/datadog/tracing/contrib/grpc/ext.rb +23 -0
  394. data/lib/datadog/tracing/contrib/grpc/integration.rb +43 -0
  395. data/lib/datadog/tracing/contrib/grpc/intercept_with_datadog.rb +53 -0
  396. data/lib/datadog/tracing/contrib/grpc/patcher.rb +37 -0
  397. data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +44 -0
  398. data/lib/datadog/tracing/contrib/http/configuration/settings.rb +37 -0
  399. data/lib/datadog/tracing/contrib/http/ext.rb +21 -0
  400. data/lib/datadog/tracing/contrib/http/instrumentation.rb +139 -0
  401. data/lib/datadog/tracing/contrib/http/integration.rb +49 -0
  402. data/lib/datadog/tracing/contrib/http/patcher.rb +30 -0
  403. data/lib/datadog/tracing/contrib/http_annotation_helper.rb +17 -0
  404. data/lib/datadog/tracing/contrib/httpclient/configuration/settings.rb +37 -0
  405. data/lib/datadog/tracing/contrib/httpclient/ext.rb +21 -0
  406. data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +117 -0
  407. data/lib/datadog/tracing/contrib/httpclient/integration.rb +48 -0
  408. data/lib/datadog/tracing/contrib/httpclient/patcher.rb +42 -0
  409. data/lib/datadog/tracing/contrib/httprb/configuration/settings.rb +37 -0
  410. data/lib/datadog/tracing/contrib/httprb/ext.rb +21 -0
  411. data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +128 -0
  412. data/lib/datadog/tracing/contrib/httprb/integration.rb +48 -0
  413. data/lib/datadog/tracing/contrib/httprb/patcher.rb +42 -0
  414. data/lib/datadog/tracing/contrib/integration.rb +78 -0
  415. data/lib/datadog/tracing/contrib/kafka/configuration/settings.rb +35 -0
  416. data/lib/datadog/tracing/contrib/kafka/consumer_event.rb +18 -0
  417. data/lib/datadog/tracing/contrib/kafka/consumer_group_event.rb +18 -0
  418. data/lib/datadog/tracing/contrib/kafka/event.rb +52 -0
  419. data/lib/datadog/tracing/contrib/kafka/events/connection/request.rb +42 -0
  420. data/lib/datadog/tracing/contrib/kafka/events/consumer/process_batch.rb +49 -0
  421. data/lib/datadog/tracing/contrib/kafka/events/consumer/process_message.rb +47 -0
  422. data/lib/datadog/tracing/contrib/kafka/events/consumer_group/heartbeat.rb +47 -0
  423. data/lib/datadog/tracing/contrib/kafka/events/consumer_group/join_group.rb +37 -0
  424. data/lib/datadog/tracing/contrib/kafka/events/consumer_group/leave_group.rb +37 -0
  425. data/lib/datadog/tracing/contrib/kafka/events/consumer_group/sync_group.rb +37 -0
  426. data/lib/datadog/tracing/contrib/kafka/events/produce_operation/send_messages.rb +40 -0
  427. data/lib/datadog/tracing/contrib/kafka/events/producer/deliver_messages.rb +43 -0
  428. data/lib/datadog/tracing/contrib/kafka/events.rb +48 -0
  429. data/lib/datadog/tracing/contrib/kafka/ext.rb +52 -0
  430. data/lib/datadog/tracing/contrib/kafka/integration.rb +44 -0
  431. data/lib/datadog/tracing/contrib/kafka/patcher.rb +29 -0
  432. data/lib/datadog/tracing/contrib/lograge/configuration/settings.rb +23 -0
  433. data/lib/datadog/tracing/contrib/lograge/ext.rb +15 -0
  434. data/lib/datadog/tracing/contrib/lograge/instrumentation.rb +47 -0
  435. data/lib/datadog/tracing/contrib/lograge/integration.rb +50 -0
  436. data/lib/datadog/tracing/contrib/lograge/patcher.rb +29 -0
  437. data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +38 -0
  438. data/lib/datadog/tracing/contrib/mongodb/ext.rb +27 -0
  439. data/lib/datadog/tracing/contrib/mongodb/instrumentation.rb +47 -0
  440. data/lib/datadog/tracing/contrib/mongodb/integration.rb +48 -0
  441. data/lib/datadog/tracing/contrib/mongodb/parsers.rb +49 -0
  442. data/lib/datadog/tracing/contrib/mongodb/patcher.rb +34 -0
  443. data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +121 -0
  444. data/lib/datadog/tracing/contrib/mysql2/configuration/settings.rb +35 -0
  445. data/lib/datadog/tracing/contrib/mysql2/ext.rb +22 -0
  446. data/lib/datadog/tracing/contrib/mysql2/instrumentation.rb +62 -0
  447. data/lib/datadog/tracing/contrib/mysql2/integration.rb +43 -0
  448. data/lib/datadog/tracing/contrib/mysql2/patcher.rb +31 -0
  449. data/lib/datadog/tracing/contrib/patchable.rb +109 -0
  450. data/lib/datadog/tracing/contrib/patcher.rb +74 -0
  451. data/lib/datadog/tracing/contrib/pg/configuration/settings.rb +35 -0
  452. data/lib/datadog/tracing/contrib/pg/ext.rb +31 -0
  453. data/lib/datadog/tracing/contrib/pg/instrumentation.rb +129 -0
  454. data/lib/datadog/tracing/contrib/pg/integration.rb +43 -0
  455. data/lib/datadog/tracing/contrib/pg/patcher.rb +31 -0
  456. data/lib/datadog/tracing/contrib/presto/configuration/settings.rb +35 -0
  457. data/lib/datadog/tracing/contrib/presto/ext.rb +32 -0
  458. data/lib/datadog/tracing/contrib/presto/instrumentation.rb +125 -0
  459. data/lib/datadog/tracing/contrib/presto/integration.rb +43 -0
  460. data/lib/datadog/tracing/contrib/presto/patcher.rb +37 -0
  461. data/lib/datadog/tracing/contrib/qless/configuration/settings.rb +40 -0
  462. data/lib/datadog/tracing/contrib/qless/ext.rb +26 -0
  463. data/lib/datadog/tracing/contrib/qless/integration.rb +43 -0
  464. data/lib/datadog/tracing/contrib/qless/patcher.rb +38 -0
  465. data/lib/datadog/tracing/contrib/qless/qless_job.rb +75 -0
  466. data/lib/datadog/tracing/contrib/qless/tracer_cleaner.rb +32 -0
  467. data/lib/datadog/tracing/contrib/que/configuration/settings.rb +49 -0
  468. data/lib/datadog/tracing/contrib/que/ext.rb +34 -0
  469. data/lib/datadog/tracing/contrib/que/integration.rb +46 -0
  470. data/lib/datadog/tracing/contrib/que/patcher.rb +28 -0
  471. data/lib/datadog/tracing/contrib/que/tracer.rb +61 -0
  472. data/lib/datadog/tracing/contrib/racecar/configuration/settings.rb +35 -0
  473. data/lib/datadog/tracing/contrib/racecar/event.rb +79 -0
  474. data/lib/datadog/tracing/contrib/racecar/events/batch.rb +35 -0
  475. data/lib/datadog/tracing/contrib/racecar/events/consume.rb +35 -0
  476. data/lib/datadog/tracing/contrib/racecar/events/message.rb +35 -0
  477. data/lib/datadog/tracing/contrib/racecar/events.rb +36 -0
  478. data/lib/datadog/tracing/contrib/racecar/ext.rb +31 -0
  479. data/lib/datadog/tracing/contrib/racecar/integration.rb +44 -0
  480. data/lib/datadog/tracing/contrib/racecar/patcher.rb +29 -0
  481. data/lib/datadog/tracing/contrib/rack/configuration/settings.rb +51 -0
  482. data/lib/datadog/tracing/contrib/rack/ext.rb +25 -0
  483. data/lib/datadog/tracing/contrib/rack/integration.rb +50 -0
  484. data/lib/datadog/tracing/contrib/rack/middlewares.rb +255 -0
  485. data/lib/datadog/tracing/contrib/rack/patcher.rb +109 -0
  486. data/lib/datadog/tracing/contrib/rack/request_queue.rb +48 -0
  487. data/lib/datadog/tracing/contrib/rails/auto_instrument_railtie.rb +12 -0
  488. data/lib/datadog/tracing/contrib/rails/configuration/settings.rb +74 -0
  489. data/lib/datadog/tracing/contrib/rails/ext.rb +19 -0
  490. data/lib/datadog/tracing/contrib/rails/framework.rb +153 -0
  491. data/lib/datadog/tracing/contrib/rails/integration.rb +49 -0
  492. data/lib/datadog/tracing/contrib/rails/log_injection.rb +34 -0
  493. data/lib/datadog/tracing/contrib/rails/middlewares.rb +47 -0
  494. data/lib/datadog/tracing/contrib/rails/patcher.rb +121 -0
  495. data/lib/datadog/tracing/contrib/rails/railtie.rb +19 -0
  496. data/lib/datadog/tracing/contrib/rails/utils.rb +28 -0
  497. data/lib/datadog/tracing/contrib/rake/configuration/settings.rb +36 -0
  498. data/lib/datadog/tracing/contrib/rake/ext.rb +26 -0
  499. data/lib/datadog/tracing/contrib/rake/instrumentation.rb +98 -0
  500. data/lib/datadog/tracing/contrib/rake/integration.rb +43 -0
  501. data/lib/datadog/tracing/contrib/rake/patcher.rb +34 -0
  502. data/lib/datadog/tracing/contrib/redis/configuration/resolver.rb +49 -0
  503. data/lib/datadog/tracing/contrib/redis/configuration/settings.rb +40 -0
  504. data/lib/datadog/tracing/contrib/redis/ext.rb +26 -0
  505. data/lib/datadog/tracing/contrib/redis/instrumentation.rb +78 -0
  506. data/lib/datadog/tracing/contrib/redis/integration.rb +47 -0
  507. data/lib/datadog/tracing/contrib/redis/patcher.rb +35 -0
  508. data/lib/datadog/tracing/contrib/redis/quantize.rb +79 -0
  509. data/lib/datadog/tracing/contrib/redis/tags.rb +54 -0
  510. data/lib/datadog/tracing/contrib/redis/vendor/resolver.rb +162 -0
  511. data/lib/datadog/tracing/contrib/registerable.rb +50 -0
  512. data/lib/datadog/tracing/contrib/registry.rb +52 -0
  513. data/lib/datadog/tracing/contrib/resque/configuration/settings.rb +37 -0
  514. data/lib/datadog/tracing/contrib/resque/ext.rb +21 -0
  515. data/lib/datadog/tracing/contrib/resque/integration.rb +48 -0
  516. data/lib/datadog/tracing/contrib/resque/patcher.rb +29 -0
  517. data/lib/datadog/tracing/contrib/resque/resque_job.rb +103 -0
  518. data/lib/datadog/tracing/contrib/rest_client/configuration/settings.rb +37 -0
  519. data/lib/datadog/tracing/contrib/rest_client/ext.rb +21 -0
  520. data/lib/datadog/tracing/contrib/rest_client/integration.rb +43 -0
  521. data/lib/datadog/tracing/contrib/rest_client/patcher.rb +29 -0
  522. data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +105 -0
  523. data/lib/datadog/tracing/contrib/semantic_logger/configuration/settings.rb +23 -0
  524. data/lib/datadog/tracing/contrib/semantic_logger/ext.rb +15 -0
  525. data/lib/datadog/tracing/contrib/semantic_logger/instrumentation.rb +51 -0
  526. data/lib/datadog/tracing/contrib/semantic_logger/integration.rb +52 -0
  527. data/lib/datadog/tracing/contrib/semantic_logger/patcher.rb +29 -0
  528. data/lib/datadog/tracing/contrib/sequel/configuration/settings.rb +33 -0
  529. data/lib/datadog/tracing/contrib/sequel/database.rb +60 -0
  530. data/lib/datadog/tracing/contrib/sequel/dataset.rb +65 -0
  531. data/lib/datadog/tracing/contrib/sequel/ext.rb +22 -0
  532. data/lib/datadog/tracing/contrib/sequel/integration.rb +43 -0
  533. data/lib/datadog/tracing/contrib/sequel/patcher.rb +37 -0
  534. data/lib/datadog/tracing/contrib/sequel/utils.rb +87 -0
  535. data/lib/datadog/tracing/contrib/shoryuken/configuration/settings.rb +38 -0
  536. data/lib/datadog/tracing/contrib/shoryuken/ext.rb +25 -0
  537. data/lib/datadog/tracing/contrib/shoryuken/integration.rb +44 -0
  538. data/lib/datadog/tracing/contrib/shoryuken/patcher.rb +28 -0
  539. data/lib/datadog/tracing/contrib/shoryuken/tracer.rb +61 -0
  540. data/lib/datadog/tracing/contrib/sidekiq/client_tracer.rb +53 -0
  541. data/lib/datadog/tracing/contrib/sidekiq/configuration/settings.rb +44 -0
  542. data/lib/datadog/tracing/contrib/sidekiq/ext.rb +38 -0
  543. data/lib/datadog/tracing/contrib/sidekiq/integration.rb +53 -0
  544. data/lib/datadog/tracing/contrib/sidekiq/patcher.rb +71 -0
  545. data/lib/datadog/tracing/contrib/sidekiq/server_internal_tracer/heartbeat.rb +34 -0
  546. data/lib/datadog/tracing/contrib/sidekiq/server_internal_tracer/job_fetch.rb +34 -0
  547. data/lib/datadog/tracing/contrib/sidekiq/server_internal_tracer/scheduled_push.rb +33 -0
  548. data/lib/datadog/tracing/contrib/sidekiq/server_tracer.rb +98 -0
  549. data/lib/datadog/tracing/contrib/sidekiq/tracing.rb +44 -0
  550. data/lib/datadog/tracing/contrib/sinatra/configuration/settings.rb +43 -0
  551. data/lib/datadog/tracing/contrib/sinatra/env.rb +66 -0
  552. data/lib/datadog/tracing/contrib/sinatra/ext.rb +32 -0
  553. data/lib/datadog/tracing/contrib/sinatra/framework.rb +118 -0
  554. data/lib/datadog/tracing/contrib/sinatra/headers.rb +35 -0
  555. data/lib/datadog/tracing/contrib/sinatra/integration.rb +43 -0
  556. data/lib/datadog/tracing/contrib/sinatra/patcher.rb +76 -0
  557. data/lib/datadog/tracing/contrib/sinatra/tracer.rb +159 -0
  558. data/lib/datadog/tracing/contrib/sinatra/tracer_middleware.rb +123 -0
  559. data/lib/datadog/tracing/contrib/sneakers/configuration/settings.rb +38 -0
  560. data/lib/datadog/tracing/contrib/sneakers/ext.rb +26 -0
  561. data/lib/datadog/tracing/contrib/sneakers/integration.rb +46 -0
  562. data/lib/datadog/tracing/contrib/sneakers/patcher.rb +29 -0
  563. data/lib/datadog/tracing/contrib/sneakers/tracer.rb +58 -0
  564. data/lib/datadog/tracing/contrib/status_code_matcher.rb +75 -0
  565. data/lib/datadog/tracing/contrib/sucker_punch/configuration/settings.rb +35 -0
  566. data/lib/datadog/tracing/contrib/sucker_punch/exception_handler.rb +28 -0
  567. data/lib/datadog/tracing/contrib/sucker_punch/ext.rb +27 -0
  568. data/lib/datadog/tracing/contrib/sucker_punch/instrumentation.rb +105 -0
  569. data/lib/datadog/tracing/contrib/sucker_punch/integration.rb +43 -0
  570. data/lib/datadog/tracing/contrib/sucker_punch/patcher.rb +37 -0
  571. data/lib/datadog/tracing/contrib/utils/database.rb +31 -0
  572. data/lib/datadog/tracing/contrib/utils/quantization/hash.rb +111 -0
  573. data/lib/datadog/tracing/contrib/utils/quantization/http.rb +99 -0
  574. data/lib/datadog/tracing/contrib.rb +77 -0
  575. data/lib/datadog/tracing/correlation.rb +100 -0
  576. data/lib/datadog/tracing/distributed/headers/b3.rb +55 -0
  577. data/lib/datadog/tracing/distributed/headers/b3_single.rb +67 -0
  578. data/lib/datadog/tracing/distributed/headers/datadog.rb +52 -0
  579. data/lib/datadog/tracing/distributed/headers/ext.rb +31 -0
  580. data/lib/datadog/tracing/distributed/headers/parser.rb +37 -0
  581. data/lib/datadog/tracing/distributed/helpers.rb +78 -0
  582. data/lib/datadog/tracing/distributed/metadata/b3.rb +55 -0
  583. data/lib/datadog/tracing/distributed/metadata/b3_single.rb +66 -0
  584. data/lib/datadog/tracing/distributed/metadata/datadog.rb +73 -0
  585. data/lib/datadog/tracing/distributed/metadata/parser.rb +34 -0
  586. data/lib/datadog/tracing/event.rb +78 -0
  587. data/lib/datadog/tracing/flush.rb +74 -0
  588. data/lib/datadog/tracing/metadata/analytics.rb +26 -0
  589. data/lib/datadog/tracing/metadata/errors.rb +24 -0
  590. data/lib/datadog/tracing/metadata/ext.rb +176 -0
  591. data/lib/datadog/tracing/metadata/tagging.rb +116 -0
  592. data/lib/datadog/tracing/metadata.rb +20 -0
  593. data/lib/datadog/tracing/pipeline/span_filter.rb +42 -0
  594. data/lib/datadog/tracing/pipeline/span_processor.rb +39 -0
  595. data/lib/datadog/tracing/pipeline.rb +65 -0
  596. data/lib/datadog/tracing/propagation/grpc.rb +98 -0
  597. data/lib/datadog/tracing/propagation/http.rb +109 -0
  598. data/lib/datadog/tracing/runtime/metrics.rb +19 -0
  599. data/lib/datadog/tracing/sampling/all_sampler.rb +25 -0
  600. data/lib/datadog/tracing/sampling/ext.rb +27 -0
  601. data/lib/datadog/tracing/sampling/matcher.rb +68 -0
  602. data/lib/datadog/tracing/sampling/priority_sampler.rb +112 -0
  603. data/lib/datadog/tracing/sampling/rate_by_key_sampler.rb +97 -0
  604. data/lib/datadog/tracing/sampling/rate_by_service_sampler.rb +41 -0
  605. data/lib/datadog/tracing/sampling/rate_limiter.rb +185 -0
  606. data/lib/datadog/tracing/sampling/rate_sampler.rb +55 -0
  607. data/lib/datadog/tracing/sampling/rule.rb +76 -0
  608. data/lib/datadog/tracing/sampling/rule_sampler.rb +131 -0
  609. data/lib/datadog/tracing/sampling/sampler.rb +44 -0
  610. data/lib/datadog/tracing/sampling/span/matcher.rb +80 -0
  611. data/lib/datadog/tracing/span.rb +232 -0
  612. data/lib/datadog/tracing/span_operation.rb +521 -0
  613. data/lib/datadog/tracing/sync_writer.rb +69 -0
  614. data/lib/datadog/tracing/trace_digest.rb +60 -0
  615. data/lib/datadog/tracing/trace_operation.rb +431 -0
  616. data/lib/datadog/tracing/trace_segment.rb +207 -0
  617. data/lib/datadog/tracing/tracer.rb +505 -0
  618. data/lib/datadog/tracing/workers/trace_writer.rb +195 -0
  619. data/lib/datadog/tracing/workers.rb +125 -0
  620. data/lib/datadog/tracing/writer.rb +180 -0
  621. data/lib/datadog/tracing.rb +142 -0
  622. data/lib/ddtrace/auto_instrument.rb +6 -2
  623. data/lib/ddtrace/auto_instrument_base.rb +1 -0
  624. data/lib/ddtrace/profiling/preload.rb +2 -2
  625. data/lib/ddtrace/transport/ext.rb +35 -0
  626. data/lib/ddtrace/transport/http/adapters/net.rb +3 -2
  627. data/lib/ddtrace/transport/http/adapters/registry.rb +1 -0
  628. data/lib/ddtrace/transport/http/adapters/test.rb +1 -0
  629. data/lib/ddtrace/transport/http/adapters/unix_socket.rb +3 -2
  630. data/lib/ddtrace/transport/http/api/endpoint.rb +1 -0
  631. data/lib/ddtrace/transport/http/api/fallbacks.rb +1 -0
  632. data/lib/ddtrace/transport/http/api/instance.rb +1 -0
  633. data/lib/ddtrace/transport/http/api/map.rb +1 -0
  634. data/lib/ddtrace/transport/http/api/spec.rb +1 -0
  635. data/lib/ddtrace/transport/http/api.rb +5 -11
  636. data/lib/ddtrace/transport/http/builder.rb +3 -2
  637. data/lib/ddtrace/transport/http/client.rb +3 -1
  638. data/lib/ddtrace/transport/http/env.rb +1 -0
  639. data/lib/ddtrace/transport/http/response.rb +35 -4
  640. data/lib/ddtrace/transport/http/statistics.rb +1 -0
  641. data/lib/ddtrace/transport/http/traces.rb +3 -0
  642. data/lib/ddtrace/transport/http.rb +33 -28
  643. data/lib/ddtrace/transport/io/client.rb +4 -1
  644. data/lib/ddtrace/transport/io/response.rb +1 -0
  645. data/lib/ddtrace/transport/io/traces.rb +2 -1
  646. data/lib/ddtrace/transport/io.rb +3 -2
  647. data/lib/ddtrace/transport/parcel.rb +2 -0
  648. data/lib/ddtrace/transport/request.rb +1 -0
  649. data/lib/ddtrace/transport/response.rb +1 -0
  650. data/lib/ddtrace/transport/serializable_trace.rb +118 -0
  651. data/lib/ddtrace/transport/statistics.rb +6 -4
  652. data/lib/ddtrace/transport/trace_formatter.rb +187 -0
  653. data/lib/ddtrace/transport/traces.rb +15 -5
  654. data/lib/ddtrace/version.rb +15 -13
  655. data/lib/ddtrace.rb +9 -48
  656. metadata +615 -490
  657. data/.yardopts +0 -5
  658. data/lib/datadog/ci/context_flush.rb +0 -29
  659. data/lib/datadog/contrib.rb +0 -71
  660. data/lib/ddtrace/analytics.rb +0 -39
  661. data/lib/ddtrace/buffer.rb +0 -340
  662. data/lib/ddtrace/chunker.rb +0 -35
  663. data/lib/ddtrace/configuration/agent_settings_resolver.rb +0 -309
  664. data/lib/ddtrace/configuration/base.rb +0 -82
  665. data/lib/ddtrace/configuration/components.rb +0 -292
  666. data/lib/ddtrace/configuration/dependency_resolver.rb +0 -25
  667. data/lib/ddtrace/configuration/option.rb +0 -65
  668. data/lib/ddtrace/configuration/option_definition.rb +0 -122
  669. data/lib/ddtrace/configuration/option_definition_set.rb +0 -19
  670. data/lib/ddtrace/configuration/option_set.rb +0 -7
  671. data/lib/ddtrace/configuration/options.rb +0 -112
  672. data/lib/ddtrace/configuration/pin_setup.rb +0 -32
  673. data/lib/ddtrace/configuration/settings.rb +0 -413
  674. data/lib/ddtrace/configuration.rb +0 -195
  675. data/lib/ddtrace/context.rb +0 -334
  676. data/lib/ddtrace/context_flush.rb +0 -82
  677. data/lib/ddtrace/context_provider.rb +0 -62
  678. data/lib/ddtrace/contrib/action_cable/configuration/settings.rb +0 -31
  679. data/lib/ddtrace/contrib/action_cable/event.rb +0 -67
  680. data/lib/ddtrace/contrib/action_cable/events/broadcast.rb +0 -50
  681. data/lib/ddtrace/contrib/action_cable/events/perform_action.rb +0 -56
  682. data/lib/ddtrace/contrib/action_cable/events/transmit.rb +0 -51
  683. data/lib/ddtrace/contrib/action_cable/events.rb +0 -34
  684. data/lib/ddtrace/contrib/action_cable/ext.rb +0 -27
  685. data/lib/ddtrace/contrib/action_cable/instrumentation.rb +0 -78
  686. data/lib/ddtrace/contrib/action_cable/integration.rb +0 -46
  687. data/lib/ddtrace/contrib/action_cable/patcher.rb +0 -29
  688. data/lib/ddtrace/contrib/action_mailer/configuration/settings.rb +0 -32
  689. data/lib/ddtrace/contrib/action_mailer/event.rb +0 -50
  690. data/lib/ddtrace/contrib/action_mailer/events/deliver.rb +0 -54
  691. data/lib/ddtrace/contrib/action_mailer/events/process.rb +0 -41
  692. data/lib/ddtrace/contrib/action_mailer/events.rb +0 -31
  693. data/lib/ddtrace/contrib/action_mailer/ext.rb +0 -32
  694. data/lib/ddtrace/contrib/action_mailer/integration.rb +0 -45
  695. data/lib/ddtrace/contrib/action_mailer/patcher.rb +0 -27
  696. data/lib/ddtrace/contrib/action_pack/action_controller/instrumentation.rb +0 -157
  697. data/lib/ddtrace/contrib/action_pack/action_controller/patcher.rb +0 -26
  698. data/lib/ddtrace/contrib/action_pack/configuration/settings.rb +0 -33
  699. data/lib/ddtrace/contrib/action_pack/ext.rb +0 -20
  700. data/lib/ddtrace/contrib/action_pack/integration.rb +0 -46
  701. data/lib/ddtrace/contrib/action_pack/patcher.rb +0 -24
  702. data/lib/ddtrace/contrib/action_pack/utils.rb +0 -37
  703. data/lib/ddtrace/contrib/action_view/configuration/settings.rb +0 -32
  704. data/lib/ddtrace/contrib/action_view/event.rb +0 -36
  705. data/lib/ddtrace/contrib/action_view/events/render_partial.rb +0 -47
  706. data/lib/ddtrace/contrib/action_view/events/render_template.rb +0 -50
  707. data/lib/ddtrace/contrib/action_view/events.rb +0 -31
  708. data/lib/ddtrace/contrib/action_view/ext.rb +0 -21
  709. data/lib/ddtrace/contrib/action_view/instrumentation/partial_renderer.rb +0 -75
  710. data/lib/ddtrace/contrib/action_view/instrumentation/template_renderer.rb +0 -168
  711. data/lib/ddtrace/contrib/action_view/integration.rb +0 -53
  712. data/lib/ddtrace/contrib/action_view/patcher.rb +0 -48
  713. data/lib/ddtrace/contrib/action_view/utils.rb +0 -33
  714. data/lib/ddtrace/contrib/active_job/configuration/settings.rb +0 -33
  715. data/lib/ddtrace/contrib/active_job/event.rb +0 -54
  716. data/lib/ddtrace/contrib/active_job/events/discard.rb +0 -46
  717. data/lib/ddtrace/contrib/active_job/events/enqueue.rb +0 -45
  718. data/lib/ddtrace/contrib/active_job/events/enqueue_at.rb +0 -45
  719. data/lib/ddtrace/contrib/active_job/events/enqueue_retry.rb +0 -47
  720. data/lib/ddtrace/contrib/active_job/events/perform.rb +0 -45
  721. data/lib/ddtrace/contrib/active_job/events/retry_stopped.rb +0 -46
  722. data/lib/ddtrace/contrib/active_job/events.rb +0 -39
  723. data/lib/ddtrace/contrib/active_job/ext.rb +0 -32
  724. data/lib/ddtrace/contrib/active_job/integration.rb +0 -46
  725. data/lib/ddtrace/contrib/active_job/log_injection.rb +0 -21
  726. data/lib/ddtrace/contrib/active_job/patcher.rb +0 -33
  727. data/lib/ddtrace/contrib/active_model_serializers/configuration/settings.rb +0 -31
  728. data/lib/ddtrace/contrib/active_model_serializers/event.rb +0 -69
  729. data/lib/ddtrace/contrib/active_model_serializers/events/render.rb +0 -33
  730. data/lib/ddtrace/contrib/active_model_serializers/events/serialize.rb +0 -36
  731. data/lib/ddtrace/contrib/active_model_serializers/events.rb +0 -31
  732. data/lib/ddtrace/contrib/active_model_serializers/ext.rb +0 -21
  733. data/lib/ddtrace/contrib/active_model_serializers/integration.rb +0 -41
  734. data/lib/ddtrace/contrib/active_model_serializers/patcher.rb +0 -30
  735. data/lib/ddtrace/contrib/active_record/configuration/makara_resolver.rb +0 -31
  736. data/lib/ddtrace/contrib/active_record/configuration/resolver.rb +0 -135
  737. data/lib/ddtrace/contrib/active_record/configuration/settings.rb +0 -36
  738. data/lib/ddtrace/contrib/active_record/event.rb +0 -31
  739. data/lib/ddtrace/contrib/active_record/events/instantiation.rb +0 -61
  740. data/lib/ddtrace/contrib/active_record/events/sql.rb +0 -69
  741. data/lib/ddtrace/contrib/active_record/events.rb +0 -31
  742. data/lib/ddtrace/contrib/active_record/ext.rb +0 -25
  743. data/lib/ddtrace/contrib/active_record/integration.rb +0 -54
  744. data/lib/ddtrace/contrib/active_record/patcher.rb +0 -24
  745. data/lib/ddtrace/contrib/active_record/utils.rb +0 -124
  746. data/lib/ddtrace/contrib/active_support/cache/instrumentation.rb +0 -259
  747. data/lib/ddtrace/contrib/active_support/cache/patcher.rb +0 -70
  748. data/lib/ddtrace/contrib/active_support/cache/redis.rb +0 -44
  749. data/lib/ddtrace/contrib/active_support/configuration/settings.rb +0 -31
  750. data/lib/ddtrace/contrib/active_support/ext.rb +0 -28
  751. data/lib/ddtrace/contrib/active_support/integration.rb +0 -47
  752. data/lib/ddtrace/contrib/active_support/notifications/event.rb +0 -76
  753. data/lib/ddtrace/contrib/active_support/notifications/subscriber.rb +0 -68
  754. data/lib/ddtrace/contrib/active_support/notifications/subscription.rb +0 -164
  755. data/lib/ddtrace/contrib/active_support/patcher.rb +0 -24
  756. data/lib/ddtrace/contrib/analytics.rb +0 -25
  757. data/lib/ddtrace/contrib/auto_instrument.rb +0 -48
  758. data/lib/ddtrace/contrib/aws/configuration/settings.rb +0 -31
  759. data/lib/ddtrace/contrib/aws/ext.rb +0 -24
  760. data/lib/ddtrace/contrib/aws/instrumentation.rb +0 -91
  761. data/lib/ddtrace/contrib/aws/integration.rb +0 -43
  762. data/lib/ddtrace/contrib/aws/parsed_context.rb +0 -57
  763. data/lib/ddtrace/contrib/aws/patcher.rb +0 -54
  764. data/lib/ddtrace/contrib/aws/services.rb +0 -119
  765. data/lib/ddtrace/contrib/concurrent_ruby/configuration/settings.rb +0 -21
  766. data/lib/ddtrace/contrib/concurrent_ruby/context_composite_executor_service.rb +0 -42
  767. data/lib/ddtrace/contrib/concurrent_ruby/ext.rb +0 -13
  768. data/lib/ddtrace/contrib/concurrent_ruby/future_patch.rb +0 -24
  769. data/lib/ddtrace/contrib/concurrent_ruby/integration.rb +0 -39
  770. data/lib/ddtrace/contrib/concurrent_ruby/patcher.rb +0 -30
  771. data/lib/ddtrace/contrib/configurable.rb +0 -103
  772. data/lib/ddtrace/contrib/configuration/resolver.rb +0 -82
  773. data/lib/ddtrace/contrib/configuration/resolvers/pattern_resolver.rb +0 -40
  774. data/lib/ddtrace/contrib/configuration/settings.rb +0 -56
  775. data/lib/ddtrace/contrib/dalli/configuration/settings.rb +0 -31
  776. data/lib/ddtrace/contrib/dalli/ext.rb +0 -21
  777. data/lib/ddtrace/contrib/dalli/instrumentation.rb +0 -55
  778. data/lib/ddtrace/contrib/dalli/integration.rb +0 -39
  779. data/lib/ddtrace/contrib/dalli/patcher.rb +0 -26
  780. data/lib/ddtrace/contrib/dalli/quantize.rb +0 -23
  781. data/lib/ddtrace/contrib/delayed_job/configuration/settings.rb +0 -33
  782. data/lib/ddtrace/contrib/delayed_job/ext.rb +0 -24
  783. data/lib/ddtrace/contrib/delayed_job/integration.rb +0 -39
  784. data/lib/ddtrace/contrib/delayed_job/patcher.rb +0 -29
  785. data/lib/ddtrace/contrib/delayed_job/plugin.rb +0 -85
  786. data/lib/ddtrace/contrib/elasticsearch/configuration/settings.rb +0 -32
  787. data/lib/ddtrace/contrib/elasticsearch/ext.rb +0 -23
  788. data/lib/ddtrace/contrib/elasticsearch/integration.rb +0 -40
  789. data/lib/ddtrace/contrib/elasticsearch/patcher.rb +0 -123
  790. data/lib/ddtrace/contrib/elasticsearch/quantize.rb +0 -84
  791. data/lib/ddtrace/contrib/ethon/configuration/settings.rb +0 -33
  792. data/lib/ddtrace/contrib/ethon/easy_patch.rb +0 -152
  793. data/lib/ddtrace/contrib/ethon/ext.rb +0 -20
  794. data/lib/ddtrace/contrib/ethon/integration.rb +0 -44
  795. data/lib/ddtrace/contrib/ethon/multi_patch.rb +0 -85
  796. data/lib/ddtrace/contrib/ethon/patcher.rb +0 -27
  797. data/lib/ddtrace/contrib/excon/configuration/settings.rb +0 -34
  798. data/lib/ddtrace/contrib/excon/ext.rb +0 -18
  799. data/lib/ddtrace/contrib/excon/integration.rb +0 -44
  800. data/lib/ddtrace/contrib/excon/middleware.rb +0 -164
  801. data/lib/ddtrace/contrib/excon/patcher.rb +0 -28
  802. data/lib/ddtrace/contrib/extensions.rb +0 -169
  803. data/lib/ddtrace/contrib/faraday/configuration/settings.rb +0 -39
  804. data/lib/ddtrace/contrib/faraday/connection.rb +0 -19
  805. data/lib/ddtrace/contrib/faraday/ext.rb +0 -18
  806. data/lib/ddtrace/contrib/faraday/integration.rb +0 -44
  807. data/lib/ddtrace/contrib/faraday/middleware.rb +0 -86
  808. data/lib/ddtrace/contrib/faraday/patcher.rb +0 -54
  809. data/lib/ddtrace/contrib/faraday/rack_builder.rb +0 -19
  810. data/lib/ddtrace/contrib/grape/configuration/settings.rb +0 -39
  811. data/lib/ddtrace/contrib/grape/endpoint.rb +0 -246
  812. data/lib/ddtrace/contrib/grape/ext.rb +0 -24
  813. data/lib/ddtrace/contrib/grape/instrumentation.rb +0 -34
  814. data/lib/ddtrace/contrib/grape/integration.rb +0 -40
  815. data/lib/ddtrace/contrib/grape/patcher.rb +0 -32
  816. data/lib/ddtrace/contrib/graphql/configuration/settings.rb +0 -33
  817. data/lib/ddtrace/contrib/graphql/ext.rb +0 -17
  818. data/lib/ddtrace/contrib/graphql/integration.rb +0 -40
  819. data/lib/ddtrace/contrib/graphql/patcher.rb +0 -61
  820. data/lib/ddtrace/contrib/grpc/configuration/settings.rb +0 -32
  821. data/lib/ddtrace/contrib/grpc/datadog_interceptor/client.rb +0 -59
  822. data/lib/ddtrace/contrib/grpc/datadog_interceptor/server.rb +0 -80
  823. data/lib/ddtrace/contrib/grpc/datadog_interceptor.rb +0 -79
  824. data/lib/ddtrace/contrib/grpc/ext.rb +0 -19
  825. data/lib/ddtrace/contrib/grpc/integration.rb +0 -39
  826. data/lib/ddtrace/contrib/grpc/intercept_with_datadog.rb +0 -50
  827. data/lib/ddtrace/contrib/grpc/patcher.rb +0 -34
  828. data/lib/ddtrace/contrib/http/circuit_breaker.rb +0 -38
  829. data/lib/ddtrace/contrib/http/configuration/settings.rb +0 -33
  830. data/lib/ddtrace/contrib/http/ext.rb +0 -18
  831. data/lib/ddtrace/contrib/http/instrumentation.rb +0 -180
  832. data/lib/ddtrace/contrib/http/integration.rb +0 -46
  833. data/lib/ddtrace/contrib/http/patcher.rb +0 -27
  834. data/lib/ddtrace/contrib/http_annotation_helper.rb +0 -11
  835. data/lib/ddtrace/contrib/httpclient/configuration/settings.rb +0 -33
  836. data/lib/ddtrace/contrib/httpclient/ext.rb +0 -18
  837. data/lib/ddtrace/contrib/httpclient/instrumentation.rb +0 -148
  838. data/lib/ddtrace/contrib/httpclient/integration.rb +0 -44
  839. data/lib/ddtrace/contrib/httpclient/patcher.rb +0 -39
  840. data/lib/ddtrace/contrib/httprb/configuration/settings.rb +0 -33
  841. data/lib/ddtrace/contrib/httprb/ext.rb +0 -18
  842. data/lib/ddtrace/contrib/httprb/instrumentation.rb +0 -158
  843. data/lib/ddtrace/contrib/httprb/integration.rb +0 -44
  844. data/lib/ddtrace/contrib/httprb/patcher.rb +0 -39
  845. data/lib/ddtrace/contrib/integration.rb +0 -17
  846. data/lib/ddtrace/contrib/kafka/configuration/settings.rb +0 -31
  847. data/lib/ddtrace/contrib/kafka/consumer_event.rb +0 -15
  848. data/lib/ddtrace/contrib/kafka/consumer_group_event.rb +0 -15
  849. data/lib/ddtrace/contrib/kafka/event.rb +0 -52
  850. data/lib/ddtrace/contrib/kafka/events/connection/request.rb +0 -35
  851. data/lib/ddtrace/contrib/kafka/events/consumer/process_batch.rb +0 -42
  852. data/lib/ddtrace/contrib/kafka/events/consumer/process_message.rb +0 -40
  853. data/lib/ddtrace/contrib/kafka/events/consumer_group/heartbeat.rb +0 -40
  854. data/lib/ddtrace/contrib/kafka/events/consumer_group/join_group.rb +0 -30
  855. data/lib/ddtrace/contrib/kafka/events/consumer_group/leave_group.rb +0 -30
  856. data/lib/ddtrace/contrib/kafka/events/consumer_group/sync_group.rb +0 -30
  857. data/lib/ddtrace/contrib/kafka/events/produce_operation/send_messages.rb +0 -33
  858. data/lib/ddtrace/contrib/kafka/events/producer/deliver_messages.rb +0 -36
  859. data/lib/ddtrace/contrib/kafka/events.rb +0 -45
  860. data/lib/ddtrace/contrib/kafka/ext.rb +0 -42
  861. data/lib/ddtrace/contrib/kafka/integration.rb +0 -40
  862. data/lib/ddtrace/contrib/kafka/patcher.rb +0 -27
  863. data/lib/ddtrace/contrib/lograge/configuration/settings.rb +0 -19
  864. data/lib/ddtrace/contrib/lograge/ext.rb +0 -11
  865. data/lib/ddtrace/contrib/lograge/instrumentation.rb +0 -39
  866. data/lib/ddtrace/contrib/lograge/integration.rb +0 -46
  867. data/lib/ddtrace/contrib/lograge/patcher.rb +0 -26
  868. data/lib/ddtrace/contrib/mongodb/configuration/settings.rb +0 -34
  869. data/lib/ddtrace/contrib/mongodb/ext.rb +0 -24
  870. data/lib/ddtrace/contrib/mongodb/instrumentation.rb +0 -70
  871. data/lib/ddtrace/contrib/mongodb/integration.rb +0 -44
  872. data/lib/ddtrace/contrib/mongodb/parsers.rb +0 -69
  873. data/lib/ddtrace/contrib/mongodb/patcher.rb +0 -32
  874. data/lib/ddtrace/contrib/mongodb/subscribers.rb +0 -112
  875. data/lib/ddtrace/contrib/mysql2/configuration/settings.rb +0 -31
  876. data/lib/ddtrace/contrib/mysql2/ext.rb +0 -19
  877. data/lib/ddtrace/contrib/mysql2/instrumentation.rb +0 -65
  878. data/lib/ddtrace/contrib/mysql2/integration.rb +0 -39
  879. data/lib/ddtrace/contrib/mysql2/patcher.rb +0 -28
  880. data/lib/ddtrace/contrib/patchable.rb +0 -71
  881. data/lib/ddtrace/contrib/patcher.rb +0 -66
  882. data/lib/ddtrace/contrib/presto/configuration/settings.rb +0 -31
  883. data/lib/ddtrace/contrib/presto/ext.rb +0 -29
  884. data/lib/ddtrace/contrib/presto/instrumentation.rb +0 -111
  885. data/lib/ddtrace/contrib/presto/integration.rb +0 -39
  886. data/lib/ddtrace/contrib/presto/patcher.rb +0 -34
  887. data/lib/ddtrace/contrib/qless/configuration/settings.rb +0 -36
  888. data/lib/ddtrace/contrib/qless/ext.rb +0 -21
  889. data/lib/ddtrace/contrib/qless/integration.rb +0 -39
  890. data/lib/ddtrace/contrib/qless/patcher.rb +0 -35
  891. data/lib/ddtrace/contrib/qless/qless_job.rb +0 -74
  892. data/lib/ddtrace/contrib/qless/tracer_cleaner.rb +0 -34
  893. data/lib/ddtrace/contrib/que/configuration/settings.rb +0 -44
  894. data/lib/ddtrace/contrib/que/ext.rb +0 -31
  895. data/lib/ddtrace/contrib/que/integration.rb +0 -43
  896. data/lib/ddtrace/contrib/que/patcher.rb +0 -25
  897. data/lib/ddtrace/contrib/que/tracer.rb +0 -58
  898. data/lib/ddtrace/contrib/racecar/configuration/settings.rb +0 -31
  899. data/lib/ddtrace/contrib/racecar/event.rb +0 -77
  900. data/lib/ddtrace/contrib/racecar/events/batch.rb +0 -28
  901. data/lib/ddtrace/contrib/racecar/events/consume.rb +0 -28
  902. data/lib/ddtrace/contrib/racecar/events/message.rb +0 -28
  903. data/lib/ddtrace/contrib/racecar/events.rb +0 -33
  904. data/lib/ddtrace/contrib/racecar/ext.rb +0 -26
  905. data/lib/ddtrace/contrib/racecar/integration.rb +0 -40
  906. data/lib/ddtrace/contrib/racecar/patcher.rb +0 -27
  907. data/lib/ddtrace/contrib/rack/configuration/settings.rb +0 -47
  908. data/lib/ddtrace/contrib/rack/ext.rb +0 -22
  909. data/lib/ddtrace/contrib/rack/integration.rb +0 -46
  910. data/lib/ddtrace/contrib/rack/middlewares.rb +0 -288
  911. data/lib/ddtrace/contrib/rack/patcher.rb +0 -106
  912. data/lib/ddtrace/contrib/rack/request_queue.rb +0 -45
  913. data/lib/ddtrace/contrib/rails/auto_instrument_railtie.rb +0 -10
  914. data/lib/ddtrace/contrib/rails/configuration/settings.rb +0 -101
  915. data/lib/ddtrace/contrib/rails/ext.rb +0 -18
  916. data/lib/ddtrace/contrib/rails/framework.rb +0 -172
  917. data/lib/ddtrace/contrib/rails/integration.rb +0 -45
  918. data/lib/ddtrace/contrib/rails/log_injection.rb +0 -42
  919. data/lib/ddtrace/contrib/rails/middlewares.rb +0 -44
  920. data/lib/ddtrace/contrib/rails/patcher.rb +0 -119
  921. data/lib/ddtrace/contrib/rails/railtie.rb +0 -18
  922. data/lib/ddtrace/contrib/rails/utils.rb +0 -25
  923. data/lib/ddtrace/contrib/rake/configuration/settings.rb +0 -32
  924. data/lib/ddtrace/contrib/rake/ext.rb +0 -22
  925. data/lib/ddtrace/contrib/rake/instrumentation.rb +0 -91
  926. data/lib/ddtrace/contrib/rake/integration.rb +0 -39
  927. data/lib/ddtrace/contrib/rake/patcher.rb +0 -31
  928. data/lib/ddtrace/contrib/redis/configuration/resolver.rb +0 -46
  929. data/lib/ddtrace/contrib/redis/configuration/settings.rb +0 -36
  930. data/lib/ddtrace/contrib/redis/ext.rb +0 -23
  931. data/lib/ddtrace/contrib/redis/instrumentation.rb +0 -90
  932. data/lib/ddtrace/contrib/redis/integration.rb +0 -43
  933. data/lib/ddtrace/contrib/redis/patcher.rb +0 -33
  934. data/lib/ddtrace/contrib/redis/quantize.rb +0 -76
  935. data/lib/ddtrace/contrib/redis/tags.rb +0 -47
  936. data/lib/ddtrace/contrib/redis/vendor/resolver.rb +0 -159
  937. data/lib/ddtrace/contrib/registerable.rb +0 -33
  938. data/lib/ddtrace/contrib/registry.rb +0 -43
  939. data/lib/ddtrace/contrib/resque/configuration/settings.rb +0 -49
  940. data/lib/ddtrace/contrib/resque/ext.rb +0 -18
  941. data/lib/ddtrace/contrib/resque/integration.rb +0 -44
  942. data/lib/ddtrace/contrib/resque/patcher.rb +0 -30
  943. data/lib/ddtrace/contrib/resque/resque_job.rb +0 -104
  944. data/lib/ddtrace/contrib/rest_client/configuration/settings.rb +0 -32
  945. data/lib/ddtrace/contrib/rest_client/ext.rb +0 -18
  946. data/lib/ddtrace/contrib/rest_client/integration.rb +0 -39
  947. data/lib/ddtrace/contrib/rest_client/patcher.rb +0 -25
  948. data/lib/ddtrace/contrib/rest_client/request_patch.rb +0 -92
  949. data/lib/ddtrace/contrib/semantic_logger/configuration/settings.rb +0 -19
  950. data/lib/ddtrace/contrib/semantic_logger/ext.rb +0 -11
  951. data/lib/ddtrace/contrib/semantic_logger/instrumentation.rb +0 -43
  952. data/lib/ddtrace/contrib/semantic_logger/integration.rb +0 -48
  953. data/lib/ddtrace/contrib/semantic_logger/patcher.rb +0 -26
  954. data/lib/ddtrace/contrib/sequel/configuration/settings.rb +0 -29
  955. data/lib/ddtrace/contrib/sequel/database.rb +0 -64
  956. data/lib/ddtrace/contrib/sequel/dataset.rb +0 -64
  957. data/lib/ddtrace/contrib/sequel/ext.rb +0 -20
  958. data/lib/ddtrace/contrib/sequel/integration.rb +0 -39
  959. data/lib/ddtrace/contrib/sequel/patcher.rb +0 -34
  960. data/lib/ddtrace/contrib/sequel/utils.rb +0 -75
  961. data/lib/ddtrace/contrib/shoryuken/configuration/settings.rb +0 -32
  962. data/lib/ddtrace/contrib/shoryuken/ext.rb +0 -22
  963. data/lib/ddtrace/contrib/shoryuken/integration.rb +0 -40
  964. data/lib/ddtrace/contrib/shoryuken/patcher.rb +0 -25
  965. data/lib/ddtrace/contrib/shoryuken/tracer.rb +0 -56
  966. data/lib/ddtrace/contrib/sidekiq/client_tracer.rb +0 -44
  967. data/lib/ddtrace/contrib/sidekiq/configuration/settings.rb +0 -38
  968. data/lib/ddtrace/contrib/sidekiq/ext.rb +0 -31
  969. data/lib/ddtrace/contrib/sidekiq/integration.rb +0 -49
  970. data/lib/ddtrace/contrib/sidekiq/patcher.rb +0 -68
  971. data/lib/ddtrace/contrib/sidekiq/server_internal_tracer/heartbeat.rb +0 -30
  972. data/lib/ddtrace/contrib/sidekiq/server_internal_tracer/job_fetch.rb +0 -30
  973. data/lib/ddtrace/contrib/sidekiq/server_internal_tracer/scheduled_push.rb +0 -29
  974. data/lib/ddtrace/contrib/sidekiq/server_tracer.rb +0 -66
  975. data/lib/ddtrace/contrib/sidekiq/tracing.rb +0 -45
  976. data/lib/ddtrace/contrib/sinatra/configuration/settings.rb +0 -40
  977. data/lib/ddtrace/contrib/sinatra/env.rb +0 -59
  978. data/lib/ddtrace/contrib/sinatra/ext.rb +0 -28
  979. data/lib/ddtrace/contrib/sinatra/headers.rb +0 -30
  980. data/lib/ddtrace/contrib/sinatra/integration.rb +0 -39
  981. data/lib/ddtrace/contrib/sinatra/patcher.rb +0 -30
  982. data/lib/ddtrace/contrib/sinatra/tracer.rb +0 -150
  983. data/lib/ddtrace/contrib/sinatra/tracer_middleware.rb +0 -112
  984. data/lib/ddtrace/contrib/sneakers/configuration/settings.rb +0 -34
  985. data/lib/ddtrace/contrib/sneakers/ext.rb +0 -23
  986. data/lib/ddtrace/contrib/sneakers/integration.rb +0 -42
  987. data/lib/ddtrace/contrib/sneakers/patcher.rb +0 -25
  988. data/lib/ddtrace/contrib/sneakers/tracer.rb +0 -54
  989. data/lib/ddtrace/contrib/status_code_matcher.rb +0 -70
  990. data/lib/ddtrace/contrib/sucker_punch/configuration/settings.rb +0 -31
  991. data/lib/ddtrace/contrib/sucker_punch/exception_handler.rb +0 -25
  992. data/lib/ddtrace/contrib/sucker_punch/ext.rb +0 -22
  993. data/lib/ddtrace/contrib/sucker_punch/instrumentation.rb +0 -89
  994. data/lib/ddtrace/contrib/sucker_punch/integration.rb +0 -39
  995. data/lib/ddtrace/contrib/sucker_punch/patcher.rb +0 -44
  996. data/lib/ddtrace/correlation.rb +0 -40
  997. data/lib/ddtrace/diagnostics/environment_logger.rb +0 -280
  998. data/lib/ddtrace/diagnostics/health.rb +0 -34
  999. data/lib/ddtrace/distributed_tracing/headers/b3.rb +0 -45
  1000. data/lib/ddtrace/distributed_tracing/headers/b3_single.rb +0 -57
  1001. data/lib/ddtrace/distributed_tracing/headers/datadog.rb +0 -43
  1002. data/lib/ddtrace/distributed_tracing/headers/headers.rb +0 -72
  1003. data/lib/ddtrace/distributed_tracing/headers/helpers.rb +0 -44
  1004. data/lib/ddtrace/encoding.rb +0 -72
  1005. data/lib/ddtrace/error.rb +0 -97
  1006. data/lib/ddtrace/event.rb +0 -53
  1007. data/lib/ddtrace/ext/analytics.rb +0 -13
  1008. data/lib/ddtrace/ext/app_types.rb +0 -12
  1009. data/lib/ddtrace/ext/correlation.rb +0 -12
  1010. data/lib/ddtrace/ext/diagnostics.rb +0 -37
  1011. data/lib/ddtrace/ext/distributed.rb +0 -40
  1012. data/lib/ddtrace/ext/environment.rb +0 -24
  1013. data/lib/ddtrace/ext/errors.rb +0 -11
  1014. data/lib/ddtrace/ext/forced_tracing.rb +0 -26
  1015. data/lib/ddtrace/ext/git.rb +0 -32
  1016. data/lib/ddtrace/ext/http.rb +0 -47
  1017. data/lib/ddtrace/ext/integration.rb +0 -9
  1018. data/lib/ddtrace/ext/manual_tracing.rb +0 -10
  1019. data/lib/ddtrace/ext/metrics.rb +0 -16
  1020. data/lib/ddtrace/ext/net.rb +0 -11
  1021. data/lib/ddtrace/ext/priority.rb +0 -19
  1022. data/lib/ddtrace/ext/profiling.rb +0 -53
  1023. data/lib/ddtrace/ext/runtime.rb +0 -25
  1024. data/lib/ddtrace/ext/sampling.rb +0 -17
  1025. data/lib/ddtrace/ext/sql.rb +0 -9
  1026. data/lib/ddtrace/ext/test.rb +0 -9
  1027. data/lib/ddtrace/ext/transport.rb +0 -32
  1028. data/lib/ddtrace/forced_tracing.rb +0 -39
  1029. data/lib/ddtrace/logger.rb +0 -41
  1030. data/lib/ddtrace/metrics.rb +0 -282
  1031. data/lib/ddtrace/opentelemetry/extensions.rb +0 -14
  1032. data/lib/ddtrace/opentelemetry/span.rb +0 -34
  1033. data/lib/ddtrace/opentracer/binary_propagator.rb +0 -25
  1034. data/lib/ddtrace/opentracer/carrier.rb +0 -7
  1035. data/lib/ddtrace/opentracer/distributed_headers.rb +0 -56
  1036. data/lib/ddtrace/opentracer/global_tracer.rb +0 -16
  1037. data/lib/ddtrace/opentracer/propagator.rb +0 -23
  1038. data/lib/ddtrace/opentracer/rack_propagator.rb +0 -61
  1039. data/lib/ddtrace/opentracer/scope.rb +0 -16
  1040. data/lib/ddtrace/opentracer/scope_manager.rb +0 -7
  1041. data/lib/ddtrace/opentracer/span.rb +0 -95
  1042. data/lib/ddtrace/opentracer/span_context.rb +0 -15
  1043. data/lib/ddtrace/opentracer/span_context_factory.rb +0 -24
  1044. data/lib/ddtrace/opentracer/text_map_propagator.rb +0 -76
  1045. data/lib/ddtrace/opentracer/thread_local_scope.rb +0 -32
  1046. data/lib/ddtrace/opentracer/thread_local_scope_manager.rb +0 -41
  1047. data/lib/ddtrace/opentracer/tracer.rb +0 -209
  1048. data/lib/ddtrace/opentracer.rb +0 -22
  1049. data/lib/ddtrace/patcher.rb +0 -69
  1050. data/lib/ddtrace/pin.rb +0 -86
  1051. data/lib/ddtrace/pipeline/span_filter.rb +0 -39
  1052. data/lib/ddtrace/pipeline/span_processor.rb +0 -21
  1053. data/lib/ddtrace/pipeline.rb +0 -47
  1054. data/lib/ddtrace/profiling/backtrace_location.rb +0 -33
  1055. data/lib/ddtrace/profiling/buffer.rb +0 -42
  1056. data/lib/ddtrace/profiling/collectors/stack.rb +0 -297
  1057. data/lib/ddtrace/profiling/encoding/profile.rb +0 -46
  1058. data/lib/ddtrace/profiling/event.rb +0 -14
  1059. data/lib/ddtrace/profiling/events/stack.rb +0 -81
  1060. data/lib/ddtrace/profiling/exporter.rb +0 -24
  1061. data/lib/ddtrace/profiling/ext/forking.rb +0 -98
  1062. data/lib/ddtrace/profiling/flush.rb +0 -44
  1063. data/lib/ddtrace/profiling/native_extension.rb +0 -40
  1064. data/lib/ddtrace/profiling/pprof/builder.rb +0 -126
  1065. data/lib/ddtrace/profiling/pprof/converter.rb +0 -103
  1066. data/lib/ddtrace/profiling/pprof/message_set.rb +0 -15
  1067. data/lib/ddtrace/profiling/pprof/payload.rb +0 -19
  1068. data/lib/ddtrace/profiling/pprof/pprof_pb.rb +0 -82
  1069. data/lib/ddtrace/profiling/pprof/stack_sample.rb +0 -140
  1070. data/lib/ddtrace/profiling/pprof/string_table.rb +0 -11
  1071. data/lib/ddtrace/profiling/pprof/template.rb +0 -119
  1072. data/lib/ddtrace/profiling/profiler.rb +0 -31
  1073. data/lib/ddtrace/profiling/recorder.rb +0 -96
  1074. data/lib/ddtrace/profiling/scheduler.rb +0 -150
  1075. data/lib/ddtrace/profiling/tasks/setup.rb +0 -90
  1076. data/lib/ddtrace/profiling/trace_identifiers/ddtrace.rb +0 -42
  1077. data/lib/ddtrace/profiling/trace_identifiers/helper.rb +0 -46
  1078. data/lib/ddtrace/profiling/transport/client.rb +0 -15
  1079. data/lib/ddtrace/profiling/transport/http/api/endpoint.rb +0 -94
  1080. data/lib/ddtrace/profiling/transport/http/api/instance.rb +0 -37
  1081. data/lib/ddtrace/profiling/transport/http/api/spec.rb +0 -41
  1082. data/lib/ddtrace/profiling/transport/http/api.rb +0 -44
  1083. data/lib/ddtrace/profiling/transport/http/builder.rb +0 -29
  1084. data/lib/ddtrace/profiling/transport/http/client.rb +0 -34
  1085. data/lib/ddtrace/profiling/transport/http/response.rb +0 -22
  1086. data/lib/ddtrace/profiling/transport/http.rb +0 -111
  1087. data/lib/ddtrace/profiling/transport/io/client.rb +0 -28
  1088. data/lib/ddtrace/profiling/transport/io/response.rb +0 -17
  1089. data/lib/ddtrace/profiling/transport/io.rb +0 -31
  1090. data/lib/ddtrace/profiling/transport/parcel.rb +0 -18
  1091. data/lib/ddtrace/profiling/transport/request.rb +0 -16
  1092. data/lib/ddtrace/profiling/transport/response.rb +0 -9
  1093. data/lib/ddtrace/profiling.rb +0 -149
  1094. data/lib/ddtrace/propagation/grpc_propagator.rb +0 -75
  1095. data/lib/ddtrace/propagation/http_propagator.rb +0 -91
  1096. data/lib/ddtrace/quantization/hash.rb +0 -104
  1097. data/lib/ddtrace/quantization/http.rb +0 -90
  1098. data/lib/ddtrace/runtime/metrics.rb +0 -135
  1099. data/lib/ddtrace/sampler.rb +0 -303
  1100. data/lib/ddtrace/sampling/matcher.rb +0 -58
  1101. data/lib/ddtrace/sampling/rate_limiter.rb +0 -177
  1102. data/lib/ddtrace/sampling/rule.rb +0 -62
  1103. data/lib/ddtrace/sampling/rule_sampler.rb +0 -133
  1104. data/lib/ddtrace/sampling.rb +0 -3
  1105. data/lib/ddtrace/span.rb +0 -445
  1106. data/lib/ddtrace/sync_writer.rb +0 -69
  1107. data/lib/ddtrace/tasks/exec.rb +0 -47
  1108. data/lib/ddtrace/tasks/help.rb +0 -15
  1109. data/lib/ddtrace/tracer.rb +0 -449
  1110. data/lib/ddtrace/utils/compression.rb +0 -28
  1111. data/lib/ddtrace/utils/database.rb +0 -26
  1112. data/lib/ddtrace/utils/forking.rb +0 -53
  1113. data/lib/ddtrace/utils/object_set.rb +0 -40
  1114. data/lib/ddtrace/utils/only_once.rb +0 -41
  1115. data/lib/ddtrace/utils/sequence.rb +0 -18
  1116. data/lib/ddtrace/utils/string_table.rb +0 -46
  1117. data/lib/ddtrace/utils/time.rb +0 -51
  1118. data/lib/ddtrace/utils.rb +0 -80
  1119. data/lib/ddtrace/vendor/active_record/connection_specification.rb +0 -302
  1120. data/lib/ddtrace/vendor/multipart-post/multipart/post/composite_read_io.rb +0 -117
  1121. data/lib/ddtrace/vendor/multipart-post/multipart/post/multipartable.rb +0 -58
  1122. data/lib/ddtrace/vendor/multipart-post/multipart/post/parts.rb +0 -136
  1123. data/lib/ddtrace/vendor/multipart-post/multipart/post/version.rb +0 -10
  1124. data/lib/ddtrace/vendor/multipart-post/multipart/post.rb +0 -9
  1125. data/lib/ddtrace/vendor/multipart-post/multipart.rb +0 -13
  1126. data/lib/ddtrace/vendor/multipart-post/net/http/post/multipart.rb +0 -33
  1127. data/lib/ddtrace/worker.rb +0 -21
  1128. data/lib/ddtrace/workers/async.rb +0 -175
  1129. data/lib/ddtrace/workers/interval_loop.rb +0 -116
  1130. data/lib/ddtrace/workers/polling.rb +0 -56
  1131. data/lib/ddtrace/workers/queue.rb +0 -41
  1132. data/lib/ddtrace/workers/runtime_metrics.rb +0 -65
  1133. data/lib/ddtrace/workers/trace_writer.rb +0 -200
  1134. data/lib/ddtrace/workers.rb +0 -123
  1135. data/lib/ddtrace/writer.rb +0 -200
  1136. /data/lib/{ddtrace → datadog/core}/vendor/multipart-post/LICENSE +0 -0
  1137. /data/lib/{ddtrace → datadog}/profiling/pprof/pprof.proto +0 -0
  1138. /data/lib/{ddtrace/vendor/active_record → datadog/tracing/contrib/active_record/vendor}/MIT-LICENSE +0 -0
  1139. /data/lib/{ddtrace → datadog/tracing}/contrib/redis/vendor/LICENSE +0 -0
@@ -0,0 +1,1298 @@
1
+ {
2
+ "version": "2.2",
3
+ "metadata": {
4
+ "rules_version": "1.3.1"
5
+ },
6
+ "rules": [
7
+ {
8
+ "id": "crs-913-100",
9
+ "name": "Found User-Agent associated with security scanner",
10
+ "tags": {
11
+ "type": "security_scanner",
12
+ "crs_id": "913100",
13
+ "category": "attack_attempt"
14
+ },
15
+ "conditions": [
16
+ {
17
+ "parameters": {
18
+ "inputs": [
19
+ {
20
+ "address": "server.request.headers.no_cookies",
21
+ "key_path": [
22
+ "user-agent"
23
+ ]
24
+ }
25
+ ],
26
+ "list": [
27
+ "",
28
+ "(hydra)",
29
+ ".nasl",
30
+ "absinthe",
31
+ "advanced email extractor",
32
+ "arachni/",
33
+ "autogetcontent",
34
+ "bilbo",
35
+ "bfac",
36
+ "brutus",
37
+ "brutus/aet",
38
+ "bsqlbf",
39
+ "cgichk",
40
+ "cisco-torch",
41
+ "commix",
42
+ "core-project/1.0",
43
+ "crimscanner/",
44
+ "datacha0s",
45
+ "detectify",
46
+ "dirbuster",
47
+ "domino hunter",
48
+ "dotdotpwn",
49
+ "email extractor",
50
+ "fhscan core 1.",
51
+ "floodgate",
52
+ "fuzz faster u fool",
53
+ "f-secure radar",
54
+ "get-minimal",
55
+ "gobuster",
56
+ "gootkit auto-rooter scanner",
57
+ "grabber",
58
+ "grendel-scan",
59
+ "havij",
60
+ "inspath",
61
+ "internet ninja",
62
+ "jaascois",
63
+ "jorgee",
64
+ "masscan",
65
+ "metis",
66
+ "morfeus fucking scanner",
67
+ "mysqloit",
68
+ "n-stealth",
69
+ "nessus",
70
+ "netsparker",
71
+ "nikto",
72
+ "nmap nse",
73
+ "nmap scripting engine",
74
+ "nmap-nse",
75
+ "nsauditor",
76
+ "nuclei",
77
+ "openvas",
78
+ "pangolin",
79
+ "paros",
80
+ "pmafind",
81
+ "prog.customcrawler",
82
+ "qqgamehall",
83
+ "qualys was",
84
+ "s.t.a.l.k.e.r.",
85
+ "security scan",
86
+ "springenwerk",
87
+ "sql power injector",
88
+ "sqlmap",
89
+ "sqlninja",
90
+ "struts-pwn",
91
+ "sysscan",
92
+ "tbi-webscanner",
93
+ "teh forest lobster",
94
+ "this is an exploit",
95
+ "toata dragostea",
96
+ "toata dragostea mea pentru diavola",
97
+ "uil2pn",
98
+ "user-agent:",
99
+ "vega/",
100
+ "voideye",
101
+ "w3af.sf.net",
102
+ "w3af.sourceforge.net",
103
+ "w3af.org",
104
+ "webbandit",
105
+ "webinspect",
106
+ "webshag",
107
+ "webtrends security analyzer",
108
+ "webvulnscan",
109
+ "wfuzz",
110
+ "whatweb",
111
+ "whcc/",
112
+ "wordpress hash grabber",
113
+ "wpscan",
114
+ "xmlrpc exploit",
115
+ "zgrab",
116
+ "zmeu"
117
+ ]
118
+ },
119
+ "operator": "phrase_match"
120
+ }
121
+ ],
122
+ "transformers": [
123
+ "lowercase"
124
+ ]
125
+ },
126
+ {
127
+ "id": "crs-921-120",
128
+ "name": "HTTP Response Splitting Attack",
129
+ "tags": {
130
+ "type": "http_protocol_violation",
131
+ "crs_id": "921120",
132
+ "category": "attack_attempt"
133
+ },
134
+ "conditions": [
135
+ {
136
+ "parameters": {
137
+ "inputs": [
138
+ {
139
+ "address": "server.request.query"
140
+ },
141
+ {
142
+ "address": "server.request.body"
143
+ },
144
+ {
145
+ "address": "server.request.path_params"
146
+ }
147
+ ],
148
+ "regex": "[\\r\\n]\\W*?(?:content-(?:type|length)|set-cookie|location):\\s*\\w",
149
+ "options": {
150
+ "case_sensitive": true,
151
+ "min_length": 11
152
+ }
153
+ },
154
+ "operator": "match_regex"
155
+ }
156
+ ],
157
+ "transformers": [
158
+ "lowercase"
159
+ ]
160
+ },
161
+ {
162
+ "id": "crs-932-100",
163
+ "name": "Remote Command Execution: Unix Command Injection",
164
+ "tags": {
165
+ "type": "command_injection",
166
+ "crs_id": "932100",
167
+ "category": "attack_attempt"
168
+ },
169
+ "conditions": [
170
+ {
171
+ "parameters": {
172
+ "inputs": [
173
+ {
174
+ "address": "server.request.query"
175
+ },
176
+ {
177
+ "address": "server.request.body"
178
+ },
179
+ {
180
+ "address": "server.request.path_params"
181
+ }
182
+ ],
183
+ "regex": "(?:;|\\{|\\||\\|\\||&|&&|\\n|\\r|\\$\\(|\\$\\(\\(|`|\\${|<\\(|>\\(|\\(\\s*\\))\\s*(?:{|\\s*\\(\\s*|\\w+=(?:[^\\s]*|\\$.*|\\$.*|<.*|>.*|\\'.*\\'|\\\".*\\\")\\s+|!\\s*|\\$)*\\s*(?:'|\\\")*(?:[\\?\\*\\[\\]\\(\\)\\-\\|+\\w'\\\"\\./\\\\\\\\]+/)?[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]*(?:w[\\\\\\\\'\\\"]*p[\\\\\\\\'\\\"]*-[\\\\\\\\'\\\"]*(?:d[\\\\\\\\'\\\"]*(?:o[\\\\\\\\'\\\"]*w[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*d|u[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*p)|r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*q[\\\\\\\\'\\\"]*u[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*t|m[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*r)|s(?:[\\\\\\\\'\\\"]*(?:b[\\\\\\\\'\\\"]*_[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*e|c[\\\\\\\\'\\\"]*p[\\\\\\\\'\\\"]*u|m[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*d|p[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*i|u[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*b|-[\\\\\\\\'\\\"]*F|h[\\\\\\\\'\\\"]*w|o[\\\\\\\\'\\\"]*f))?|z[\\\\\\\\'\\\"]*(?:(?:[ef][\\\\\\\\'\\\"]*)?g[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*p|c[\\\\\\\\'\\\"]*(?:a[\\\\\\\\'\\\"]*t|m[\\\\\\\\'\\\"]*p)|m[\\\\\\\\'\\\"]*(?:o[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e|a)|d[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*f|l[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*s)|e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*(?:(?:f[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*l|p[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*p)[\\\\\\\\'\\\"]*e|e[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*h[\\\\\\\\'\\\"]*o|(?:\\s|<|>).*)|a[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*g(?:[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*n)?|c[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*m|(?:\\s|<|>).*)|o[\\\\\\\\'\\\"]*(?:c[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*(?:t[\\\\\\\\'\\\"]*e|l)[\\\\\\\\'\\\"]*(?:\\s|<|>).*|g[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*e)|d[\\\\\\\\'\\\"]*(?:c[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*g|d[\\\\\\\\'\\\"]*(?:\\s|<|>).*)|(?:[np]|i[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*k[\\\\\\\\'\\\"]*s|y[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*x)[\\\\\\\\'\\\"]*(?:\\s|<|>).*|u[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*(?:5[\\\\\\\\'\\\"]*\\.[\\\\\\\\'\\\"]*[1234]|(?:\\s|<|>).*)|f[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*p(?:[\\\\\\\\'\\\"]*g[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*t)?)|b[\\\\\\\\'\\\"]*(?:z[\\\\\\\\'\\\"]*(?:(?:[ef][\\\\\\\\'\\\"]*)?g[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*p|d[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*f|l[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*s|m[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e|c[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t|i[\\\\\\\\'\\\"]*p[\\\\\\\\'\\\"]*2)|s[\\\\\\\\'\\\"]*d[\\\\\\\\'\\\"]*(?:c[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t|i[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*f|t[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*r)|a[\\\\\\\\'\\\"]*(?:t[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*h[\\\\\\\\'\\\"]*(?:\\s|<|>).*|s[\\\\\\\\'\\\"]*h)|r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*k[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*w|u[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*n)|f[\\\\\\\\'\\\"]*(?:i(?:[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*(?:t[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*t|(?:\\s|<|>).*)|n[\\\\\\\\'\\\"]*d[\\\\\\\\'\\\"]*(?:\\s|<|>).*|s[\\\\\\\\'\\\"]*h))?|t[\\\\\\\\'\\\"]*p[\\\\\\\\'\\\"]*(?:s[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*s|w[\\\\\\\\'\\\"]*h[\\\\\\\\'\\\"]*o|(?:\\s|<|>).*)|u[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*n|(?:e[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*h|c)[\\\\\\\\'\\\"]*(?:\\s|<|>).*|o[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*h|g[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*p)|c[\\\\\\\\'\\\"]*(?:o[\\\\\\\\'\\\"]*(?:m[\\\\\\\\'\\\"]*(?:p[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*s|m[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*d)[\\\\\\\\'\\\"]*(?:\\s|<|>).*|p[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*c)|h[\\\\\\\\'\\\"]*(?:d[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*(?:\\s|<|>).*|f[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*g[\\\\\\\\'\\\"]*s|a[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*r|m[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*d)|r[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*b|(?:[cp]|a[\\\\\\\\'\\\"]*t)[\\\\\\\\'\\\"]*(?:\\s|<|>).*|u[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*l|s[\\\\\\\\'\\\"]*h)|e[\\\\\\\\'\\\"]*(?:n[\\\\\\\\'\\\"]*(?:v(?:[\\\\\\\\'\\\"]*-[\\\\\\\\'\\\"]*u[\\\\\\\\'\\\"]*p[\\\\\\\\'\\\"]*d[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*e)?|d[\\\\\\\\'\\\"]*(?:i[\\\\\\\\'\\\"]*f|s[\\\\\\\\'\\\"]*w))|x[\\\\\\\\'\\\"]*(?:p[\\\\\\\\'\\\"]*(?:a[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*d|o[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*t|r)|e[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*(?:\\s|<|>).*)|c[\\\\\\\\'\\\"]*h[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*(?:\\s|<|>).*|g[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*p|s[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*c|v[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*l)|h[\\\\\\\\'\\\"]*(?:t[\\\\\\\\'\\\"]*(?:d[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*g[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*t|p[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*w[\\\\\\\\'\\\"]*d)|o[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*(?:n[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*e|i[\\\\\\\\'\\\"]*d)|(?:e[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*d|u[\\\\\\\\'\\\"]*p)[\\\\\\\\'\\\"]*(?:\\s|<|>).*|i[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*y)|i[\\\\\\\\'\\\"]*(?:p[\\\\\\\\'\\\"]*(?:(?:6[\\\\\\\\'\\\"]*)?t[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*b[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s|c[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*g)|r[\\\\\\\\'\\\"]*b(?:[\\\\\\\\'\\\"]*(?:2[\\\\\\\\'\\\"]*[01234567]|1(?:[\\\\\\\\'\\\"]*[89])?|3[\\\\\\\\'\\\"]*0))?|f[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*g|d[\\\\\\\\'\\\"]*(?:\\s|<|>).*)|a[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]*(?:i[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*(?:\\s|<|>).*|p[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*e)|d[\\\\\\\\'\\\"]*d[\\\\\\\\'\\\"]*u[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*r|p[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*-[\\\\\\\\'\\\"]*g[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*t|r[\\\\\\\\'\\\"]*(?:c[\\\\\\\\'\\\"]*h[\\\\\\\\'\\\"]*(?:\\s|<|>).*|p)|w[\\\\\\\\'\\\"]*[ks][\\\\\\\\'\\\"]*(?:\\s|<|>).*)|g[\\\\\\\\'\\\"]*(?:(?:e[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*l|r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*p|c[\\\\\\\\'\\\"]*c|i[\\\\\\\\'\\\"]*t|o)[\\\\\\\\'\\\"]*(?:\\s|<|>).*|z[\\\\\\\\'\\\"]*(?:c[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t|i[\\\\\\\\'\\\"]*p)|u[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*z[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*p|d[\\\\\\\\'\\\"]*b)|d[\\\\\\\\'\\\"]*(?:h[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*t|(?:i[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*f|u)[\\\\\\\\'\\\"]*(?:\\s|<|>).*|(?:m[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s|p[\\\\\\\\'\\\"]*k)[\\\\\\\\'\\\"]*g|o[\\\\\\\\'\\\"]*(?:a[\\\\\\\\'\\\"]*s|n[\\\\\\\\'\\\"]*e)|a[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*h)|m[\\\\\\\\'\\\"]*(?:(?:k[\\\\\\\\'\\\"]*d[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*r|o[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e)[\\\\\\\\'\\\"]*(?:\\s|<|>).*|a[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*(?:x[\\\\\\\\'\\\"]*(?:\\s|<|>).*|q)|l[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*e)|j[\\\\\\\\'\\\"]*(?:(?:a[\\\\\\\\'\\\"]*v[\\\\\\\\'\\\"]*a|o[\\\\\\\\'\\\"]*b[\\\\\\\\'\\\"]*s)[\\\\\\\\'\\\"]*(?:\\s|<|>).*|e[\\\\\\\\'\\\"]*x[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*c)|k[\\\\\\\\'\\\"]*(?:i[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*(?:a[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*l|(?:\\s|<|>).*)|s[\\\\\\\\'\\\"]*h)|G[\\\\\\\\'\\\"]*E[\\\\\\\\'\\\"]*T[\\\\\\\\'\\\"]*(?:\\s|<|>).*|7[\\\\\\\\'\\\"]*z(?:[\\\\\\\\'\\\"]*[ar])?)\\b",
184
+ "options": {
185
+ "case_sensitive": true,
186
+ "min_length": 3
187
+ }
188
+ },
189
+ "operator": "match_regex"
190
+ }
191
+ ],
192
+ "transformers": []
193
+ },
194
+ {
195
+ "id": "crs-932-115",
196
+ "name": "Remote Command Execution: Windows Command Injection",
197
+ "tags": {
198
+ "type": "command_injection",
199
+ "crs_id": "932115",
200
+ "category": "attack_attempt"
201
+ },
202
+ "conditions": [
203
+ {
204
+ "parameters": {
205
+ "inputs": [
206
+ {
207
+ "address": "server.request.query"
208
+ },
209
+ {
210
+ "address": "server.request.body"
211
+ },
212
+ {
213
+ "address": "server.request.path_params"
214
+ }
215
+ ],
216
+ "regex": "(?:;|\\{|\\||\\|\\||&|&&|\\n|\\r|`)\\s*[\\(,@\\'\\\"\\s]*(?:[\\w'\\\"\\./]+/|[\\\\\\\\'\\\"\\^]*\\w[\\\\\\\\'\\\"\\^]*:.*\\\\\\\\|[\\^\\.\\w '\\\"/\\\\\\\\]*\\\\\\\\)?[\\\"\\^]*(?:s[\\\"\\^]*(?:y[\\\"\\^]*s[\\\"\\^]*(?:t[\\\"\\^]*e[\\\"\\^]*m[\\\"\\^]*(?:p[\\\"\\^]*r[\\\"\\^]*o[\\\"\\^]*p[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*e[\\\"\\^]*s[\\\"\\^]*(?:d[\\\"\\^]*a[\\\"\\^]*t[\\\"\\^]*a[\\\"\\^]*e[\\\"\\^]*x[\\\"\\^]*e[\\\"\\^]*c[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*p[\\\"\\^]*r[\\\"\\^]*e[\\\"\\^]*v[\\\"\\^]*e[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*o[\\\"\\^]*n|(?:p[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*f[\\\"\\^]*o[\\\"\\^]*r[\\\"\\^]*m[\\\"\\^]*a[\\\"\\^]*n[\\\"\\^]*c|h[\\\"\\^]*a[\\\"\\^]*r[\\\"\\^]*d[\\\"\\^]*w[\\\"\\^]*a[\\\"\\^]*r)[\\\"\\^]*e|a[\\\"\\^]*d[\\\"\\^]*v[\\\"\\^]*a[\\\"\\^]*n[\\\"\\^]*c[\\\"\\^]*e[\\\"\\^]*d)|i[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*o)|k[\\\"\\^]*e[\\\"\\^]*y|d[\\\"\\^]*m)|h[\\\"\\^]*(?:o[\\\"\\^]*(?:w[\\\"\\^]*(?:g[\\\"\\^]*r[\\\"\\^]*p|m[\\\"\\^]*b[\\\"\\^]*r)[\\\"\\^]*s|r[\\\"\\^]*t[\\\"\\^]*c[\\\"\\^]*u[\\\"\\^]*t)|e[\\\"\\^]*l[\\\"\\^]*l[\\\"\\^]*r[\\\"\\^]*u[\\\"\\^]*n[\\\"\\^]*a[\\\"\\^]*s|u[\\\"\\^]*t[\\\"\\^]*d[\\\"\\^]*o[\\\"\\^]*w[\\\"\\^]*n|r[\\\"\\^]*p[\\\"\\^]*u[\\\"\\^]*b[\\\"\\^]*w|a[\\\"\\^]*r[\\\"\\^]*e|i[\\\"\\^]*f[\\\"\\^]*t)|e[\\\"\\^]*(?:t[\\\"\\^]*(?:(?:x[\\\"\\^]*)?(?:[\\s,;]|\\.|/|<|>).*|l[\\\"\\^]*o[\\\"\\^]*c[\\\"\\^]*a[\\\"\\^]*l)|c[\\\"\\^]*p[\\\"\\^]*o[\\\"\\^]*l|l[\\\"\\^]*e[\\\"\\^]*c[\\\"\\^]*t)|c[\\\"\\^]*(?:h[\\\"\\^]*t[\\\"\\^]*a[\\\"\\^]*s[\\\"\\^]*k[\\\"\\^]*s|l[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*t)|o[\\\"\\^]*r[\\\"\\^]*t[\\\"\\^]*(?:(?:[\\s,;]|\\.|/|<|>).*|\\.[\\\"\\^]*\\*[\\\"\\^]*<|\\/)|u[\\\"\\^]*b[\\\"\\^]*(?:i[\\\"\\^]*n[\\\"\\^]*a[\\\"\\^]*c[\\\"\\^]*l|s[\\\"\\^]*t)|t[\\\"\\^]*a[\\\"\\^]*r[\\\"\\^]*t[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|i[\\\"\\^]*g[\\\"\\^]*v[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*i[\\\"\\^]*f|l[\\\"\\^]*(?:e[\\\"\\^]*e[\\\"\\^]*p|m[\\\"\\^]*g[\\\"\\^]*r)|f[\\\"\\^]*c|v[\\\"\\^]*n)|p[\\\"\\^]*(?:s[\\\"\\^]*(?:s[\\\"\\^]*(?:h[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*d[\\\"\\^]*o[\\\"\\^]*w[\\\"\\^]*n|e[\\\"\\^]*r[\\\"\\^]*v[\\\"\\^]*i[\\\"\\^]*c[\\\"\\^]*e|u[\\\"\\^]*s[\\\"\\^]*p[\\\"\\^]*e[\\\"\\^]*n[\\\"\\^]*d)|l[\\\"\\^]*(?:o[\\\"\\^]*g[\\\"\\^]*(?:g[\\\"\\^]*e[\\\"\\^]*d[\\\"\\^]*o[\\\"\\^]*n|l[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*t)|i[\\\"\\^]*s[\\\"\\^]*t)|p[\\\"\\^]*(?:a[\\\"\\^]*s[\\\"\\^]*s[\\\"\\^]*w[\\\"\\^]*d|i[\\\"\\^]*n[\\\"\\^]*g)|g[\\\"\\^]*e[\\\"\\^]*t[\\\"\\^]*s[\\\"\\^]*i[\\\"\\^]*d|e[\\\"\\^]*x[\\\"\\^]*e[\\\"\\^]*c|f[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*e|i[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*o|k[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*l)|o[\\\"\\^]*(?:w[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*(?:s[\\\"\\^]*h[\\\"\\^]*e[\\\"\\^]*l[\\\"\\^]*l(?:[\\\"\\^]*_[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*e)?|c[\\\"\\^]*f[\\\"\\^]*g)|r[\\\"\\^]*t[\\\"\\^]*q[\\\"\\^]*r[\\\"\\^]*y|p[\\\"\\^]*d)|r[\\\"\\^]*(?:i[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*(?:(?:[\\s,;]|\\.|/|<|>).*|b[\\\"\\^]*r[\\\"\\^]*m)|n[\\\"\\^]*(?:c[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*g|m[\\\"\\^]*n[\\\"\\^]*g[\\\"\\^]*r)|o[\\\"\\^]*m[\\\"\\^]*p[\\\"\\^]*t)|a[\\\"\\^]*t[\\\"\\^]*h[\\\"\\^]*(?:p[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*g|(?:[\\s,;]|\\.|/|<|>).*)|e[\\\"\\^]*r[\\\"\\^]*(?:l(?:[\\\"\\^]*(?:s[\\\"\\^]*h|5))?|f[\\\"\\^]*m[\\\"\\^]*o[\\\"\\^]*n)|y[\\\"\\^]*t[\\\"\\^]*h[\\\"\\^]*o[\\\"\\^]*n(?:[\\\"\\^]*(?:3(?:[\\\"\\^]*m)?|2))?|k[\\\"\\^]*g[\\\"\\^]*m[\\\"\\^]*g[\\\"\\^]*r|h[\\\"\\^]*p(?:[\\\"\\^]*[57])?|u[\\\"\\^]*s[\\\"\\^]*h[\\\"\\^]*d|i[\\\"\\^]*n[\\\"\\^]*g)|r[\\\"\\^]*(?:e[\\\"\\^]*(?:(?:p[\\\"\\^]*l[\\\"\\^]*a[\\\"\\^]*c[\\\"\\^]*e|n(?:[\\\"\\^]*a[\\\"\\^]*m[\\\"\\^]*e)?|s[\\\"\\^]*e[\\\"\\^]*t)[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|g[\\\"\\^]*(?:s[\\\"\\^]*v[\\\"\\^]*r[\\\"\\^]*3[\\\"\\^]*2|e[\\\"\\^]*d[\\\"\\^]*i[\\\"\\^]*t|(?:[\\s,;]|\\.|/|<|>).*|i[\\\"\\^]*n[\\\"\\^]*i)|c[\\\"\\^]*(?:d[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*c|o[\\\"\\^]*v[\\\"\\^]*e[\\\"\\^]*r)|k[\\\"\\^]*e[\\\"\\^]*y[\\\"\\^]*w[\\\"\\^]*i[\\\"\\^]*z)|u[\\\"\\^]*(?:n[\\\"\\^]*(?:d[\\\"\\^]*l[\\\"\\^]*l[\\\"\\^]*3[\\\"\\^]*2|a[\\\"\\^]*s)|b[\\\"\\^]*y[\\\"\\^]*(?:1(?:[\\\"\\^]*[89])?|2[\\\"\\^]*[012]))|a[\\\"\\^]*(?:s[\\\"\\^]*(?:p[\\\"\\^]*h[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*e|d[\\\"\\^]*i[\\\"\\^]*a[\\\"\\^]*l)|r[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*)|m[\\\"\\^]*(?:(?:d[\\\"\\^]*i[\\\"\\^]*r[\\\"\\^]*)?(?:[\\s,;]|\\.|/|<|>).*|t[\\\"\\^]*s[\\\"\\^]*h[\\\"\\^]*a[\\\"\\^]*r[\\\"\\^]*e)|o[\\\"\\^]*(?:u[\\\"\\^]*t[\\\"\\^]*e[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|b[\\\"\\^]*o[\\\"\\^]*c[\\\"\\^]*o[\\\"\\^]*p[\\\"\\^]*y)|s[\\\"\\^]*(?:t[\\\"\\^]*r[\\\"\\^]*u[\\\"\\^]*i|y[\\\"\\^]*n[\\\"\\^]*c)|d[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*)|t[\\\"\\^]*(?:a[\\\"\\^]*(?:s[\\\"\\^]*k[\\\"\\^]*(?:k[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*l|l[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*t|s[\\\"\\^]*c[\\\"\\^]*h[\\\"\\^]*d|m[\\\"\\^]*g[\\\"\\^]*r)|k[\\\"\\^]*e[\\\"\\^]*o[\\\"\\^]*w[\\\"\\^]*n)|(?:i[\\\"\\^]*m[\\\"\\^]*e[\\\"\\^]*o[\\\"\\^]*u|p[\\\"\\^]*m[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*i|e[\\\"\\^]*l[\\\"\\^]*n[\\\"\\^]*e|l[\\\"\\^]*i[\\\"\\^]*s)[\\\"\\^]*t|s[\\\"\\^]*(?:d[\\\"\\^]*i[\\\"\\^]*s[\\\"\\^]*c[\\\"\\^]*o|s[\\\"\\^]*h[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*d)[\\\"\\^]*n|y[\\\"\\^]*p[\\\"\\^]*e[\\\"\\^]*(?:p[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*f|(?:[\\s,;]|\\.|/|<|>).*)|r[\\\"\\^]*(?:a[\\\"\\^]*c[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*t|e[\\\"\\^]*e))|w[\\\"\\^]*(?:i[\\\"\\^]*n[\\\"\\^]*(?:d[\\\"\\^]*i[\\\"\\^]*f[\\\"\\^]*f|m[\\\"\\^]*s[\\\"\\^]*d[\\\"\\^]*p|v[\\\"\\^]*a[\\\"\\^]*r|r[\\\"\\^]*[ms])|u[\\\"\\^]*(?:a[\\\"\\^]*(?:u[\\\"\\^]*c[\\\"\\^]*l[\\\"\\^]*t|p[\\\"\\^]*p)|s[\\\"\\^]*a)|s[\\\"\\^]*c[\\\"\\^]*(?:r[\\\"\\^]*i[\\\"\\^]*p[\\\"\\^]*t|u[\\\"\\^]*i)|e[\\\"\\^]*v[\\\"\\^]*t[\\\"\\^]*u[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*l|m[\\\"\\^]*i[\\\"\\^]*(?:m[\\\"\\^]*g[\\\"\\^]*m[\\\"\\^]*t|c)|a[\\\"\\^]*i[\\\"\\^]*t[\\\"\\^]*f[\\\"\\^]*o[\\\"\\^]*r|h[\\\"\\^]*o[\\\"\\^]*a[\\\"\\^]*m[\\\"\\^]*i|g[\\\"\\^]*e[\\\"\\^]*t)|u[\\\"\\^]*(?:s[\\\"\\^]*(?:e[\\\"\\^]*r[\\\"\\^]*a[\\\"\\^]*c[\\\"\\^]*c[\\\"\\^]*o[\\\"\\^]*u[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*c[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*t[\\\"\\^]*r[\\\"\\^]*o[\\\"\\^]*l[\\\"\\^]*s[\\\"\\^]*e[\\\"\\^]*t[\\\"\\^]*t[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*g[\\\"\\^]*s|r[\\\"\\^]*s[\\\"\\^]*t[\\\"\\^]*a[\\\"\\^]*t)|n[\\\"\\^]*(?:r[\\\"\\^]*a[\\\"\\^]*r|z[\\\"\\^]*i[\\\"\\^]*p))|q[\\\"\\^]*(?:u[\\\"\\^]*e[\\\"\\^]*r[\\\"\\^]*y[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|p[\\\"\\^]*r[\\\"\\^]*o[\\\"\\^]*c[\\\"\\^]*e[\\\"\\^]*s[\\\"\\^]*s|w[\\\"\\^]*i[\\\"\\^]*n[\\\"\\^]*s[\\\"\\^]*t[\\\"\\^]*a|g[\\\"\\^]*r[\\\"\\^]*e[\\\"\\^]*p)|o[\\\"\\^]*(?:d[\\\"\\^]*b[\\\"\\^]*c[\\\"\\^]*(?:a[\\\"\\^]*d[\\\"\\^]*3[\\\"\\^]*2|c[\\\"\\^]*o[\\\"\\^]*n[\\\"\\^]*f)|p[\\\"\\^]*e[\\\"\\^]*n[\\\"\\^]*f[\\\"\\^]*i[\\\"\\^]*l[\\\"\\^]*e[\\\"\\^]*s)|v[\\\"\\^]*(?:o[\\\"\\^]*l[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*|e[\\\"\\^]*r[\\\"\\^]*i[\\\"\\^]*f[\\\"\\^]*y)|x[\\\"\\^]*c[\\\"\\^]*(?:a[\\\"\\^]*c[\\\"\\^]*l[\\\"\\^]*s|o[\\\"\\^]*p[\\\"\\^]*y)|z[\\\"\\^]*i[\\\"\\^]*p[\\\"\\^]*(?:[\\s,;]|\\.|/|<|>).*)(?:\\.[\\\"\\^]*\\w+)?\\b",
217
+ "options": {
218
+ "min_length": 4
219
+ }
220
+ },
221
+ "operator": "match_regex"
222
+ }
223
+ ],
224
+ "transformers": []
225
+ },
226
+ {
227
+ "id": "crs-932-120",
228
+ "name": "Remote Command Execution: Windows PowerShell Command Found",
229
+ "tags": {
230
+ "type": "command_injection",
231
+ "crs_id": "932120",
232
+ "category": "attack_attempt"
233
+ },
234
+ "conditions": [
235
+ {
236
+ "parameters": {
237
+ "inputs": [
238
+ {
239
+ "address": "server.request.query"
240
+ },
241
+ {
242
+ "address": "server.request.body"
243
+ },
244
+ {
245
+ "address": "server.request.path_params"
246
+ }
247
+ ],
248
+ "list": [
249
+ "powershell.exe",
250
+ "add-bitsfile",
251
+ "add-computer",
252
+ "add-content",
253
+ "add-history",
254
+ "add-member",
255
+ "add-pssnapin",
256
+ "add-type",
257
+ "checkpoint-computer",
258
+ "clear-content",
259
+ "clear-eventlog",
260
+ "clear-history",
261
+ "clear-item",
262
+ "clear-itemproperty",
263
+ "clear-variable",
264
+ "compare-object",
265
+ "complete-bitstransfer",
266
+ "complete-transaction",
267
+ "connect-wsman",
268
+ "convertfrom-csv",
269
+ "convertfrom-securestring",
270
+ "convertfrom-stringdata",
271
+ "convert-path",
272
+ "convertto-csv",
273
+ "convertto-html",
274
+ "convertto-securestring",
275
+ "convertto-xml",
276
+ "copy-item",
277
+ "copy-itemproperty",
278
+ "debug-process",
279
+ "disable-computerrestore",
280
+ "disable-psbreakpoint",
281
+ "disable-pssessionconfiguration",
282
+ "disable-wsmancredssp",
283
+ "disconnect-wsman",
284
+ "enable-computerrestore",
285
+ "enable-psbreakpoint",
286
+ "enable-psremoting",
287
+ "enable-pssessionconfiguration",
288
+ "enable-wsmancredssp",
289
+ "enter-pssession",
290
+ "exit-pssession",
291
+ "export-alias",
292
+ "export-clixml",
293
+ "export-console",
294
+ "export-counter",
295
+ "export-csv",
296
+ "export-formatdata",
297
+ "export-modulemember",
298
+ "export-pssession",
299
+ "foreach-object",
300
+ "format-custom",
301
+ "format-list",
302
+ "format-table",
303
+ "format-wide",
304
+ "get-acl",
305
+ "get-alias",
306
+ "get-applockerfileinformation",
307
+ "get-applockerpolicy",
308
+ "get-authenticodesignature",
309
+ "get-bitstransfer",
310
+ "get-childitem",
311
+ "get-command",
312
+ "get-computerrestorepoint",
313
+ "get-content",
314
+ "get-counter",
315
+ "get-credential",
316
+ "get-event",
317
+ "get-eventlog",
318
+ "get-eventsubscriber",
319
+ "get-executionpolicy",
320
+ "get-formatdata",
321
+ "get-history",
322
+ "get-host",
323
+ "get-hotfix",
324
+ "get-item",
325
+ "get-itemproperty",
326
+ "get-job",
327
+ "get-location",
328
+ "get-module",
329
+ "get-pfxcertificate",
330
+ "get-process",
331
+ "get-psbreakpoint",
332
+ "get-pscallstack",
333
+ "get-psdrive",
334
+ "get-psprovider",
335
+ "get-pssession",
336
+ "get-pssessionconfiguration",
337
+ "get-pssnapin",
338
+ "get-random",
339
+ "get-service",
340
+ "get-tracesource",
341
+ "get-transaction",
342
+ "get-troubleshootingpack",
343
+ "get-uiculture",
344
+ "get-unique",
345
+ "get-variable",
346
+ "get-winevent",
347
+ "get-wmiobject",
348
+ "get-wsmancredssp",
349
+ "get-wsmaninstance",
350
+ "group-object",
351
+ "import-alias",
352
+ "import-clixml",
353
+ "import-counter",
354
+ "import-csv",
355
+ "import-localizeddata",
356
+ "import-module",
357
+ "import-pssession",
358
+ "invoke-command",
359
+ "invoke-expression",
360
+ "invoke-history",
361
+ "invoke-item",
362
+ "invoke-troubleshootingpack",
363
+ "invoke-wmimethod",
364
+ "invoke-wsmanaction",
365
+ "join-path",
366
+ "limit-eventlog",
367
+ "measure-command",
368
+ "measure-object",
369
+ "move-item",
370
+ "move-itemproperty",
371
+ "new-alias",
372
+ "new-applockerpolicy",
373
+ "new-event",
374
+ "new-eventlog",
375
+ "new-item",
376
+ "new-itemproperty",
377
+ "new-module",
378
+ "new-modulemanifest",
379
+ "new-object",
380
+ "new-psdrive",
381
+ "new-pssession",
382
+ "new-pssessionoption",
383
+ "new-service",
384
+ "new-timespan",
385
+ "new-variable",
386
+ "new-webserviceproxy",
387
+ "new-wsmaninstance",
388
+ "new-wsmansessionoption",
389
+ "out-default",
390
+ "out-file",
391
+ "out-gridview",
392
+ "out-host",
393
+ "out-null",
394
+ "out-printer",
395
+ "out-string",
396
+ "pop-location",
397
+ "push-location",
398
+ "read-host",
399
+ "receive-job",
400
+ "register-engineevent",
401
+ "register-objectevent",
402
+ "register-pssessionconfiguration",
403
+ "register-wmievent",
404
+ "remove-bitstransfer",
405
+ "remove-computer",
406
+ "remove-event",
407
+ "remove-eventlog",
408
+ "remove-item",
409
+ "remove-itemproperty",
410
+ "remove-job",
411
+ "remove-module",
412
+ "remove-psbreakpoint",
413
+ "remove-psdrive",
414
+ "remove-pssession",
415
+ "remove-pssnapin",
416
+ "remove-variable",
417
+ "remove-wmiobject",
418
+ "remove-wsmaninstance",
419
+ "rename-item",
420
+ "rename-itemproperty",
421
+ "reset-computermachinepassword",
422
+ "resolve-path",
423
+ "restart-computer",
424
+ "restart-service",
425
+ "restore-computer",
426
+ "resume-bitstransfer",
427
+ "resume-service",
428
+ "select-object",
429
+ "select-string",
430
+ "select-xml",
431
+ "send-mailmessage",
432
+ "set-acl",
433
+ "set-alias",
434
+ "set-applockerpolicy",
435
+ "set-authenticodesignature",
436
+ "set-bitstransfer",
437
+ "set-content",
438
+ "set-date",
439
+ "set-executionpolicy",
440
+ "set-item",
441
+ "set-itemproperty",
442
+ "set-location",
443
+ "set-psbreakpoint",
444
+ "set-psdebug",
445
+ "set-pssessionconfiguration",
446
+ "set-service",
447
+ "set-strictmode",
448
+ "set-tracesource",
449
+ "set-variable",
450
+ "set-wmiinstance",
451
+ "set-wsmaninstance",
452
+ "set-wsmanquickconfig",
453
+ "show-eventlog",
454
+ "sort-object",
455
+ "split-path",
456
+ "start-bitstransfer",
457
+ "start-job",
458
+ "start-process",
459
+ "start-service",
460
+ "start-sleep",
461
+ "start-transaction",
462
+ "stop-computer",
463
+ "stop-job",
464
+ "stop-process",
465
+ "stop-service",
466
+ "stop-transcript",
467
+ "suspend-bitstransfer",
468
+ "suspend-service",
469
+ "tee-object",
470
+ "test-applockerpolicy",
471
+ "test-computersecurechannel",
472
+ "test-connection",
473
+ "test-modulemanifest",
474
+ "test-path",
475
+ "test-wsman",
476
+ "trace-command",
477
+ "undo-transaction",
478
+ "unregister-event",
479
+ "unregister-pssessionconfiguration",
480
+ "update-formatdata",
481
+ "update-list",
482
+ "update-typedata",
483
+ "use-transaction",
484
+ "wait-event",
485
+ "wait-job",
486
+ "wait-process",
487
+ "where-object",
488
+ "write-debug",
489
+ "write-error",
490
+ "write-eventlog",
491
+ "write-host",
492
+ "write-output",
493
+ "write-progress",
494
+ "write-verbose",
495
+ "write-warning",
496
+ "-encodedcommand",
497
+ "-executionpolicy",
498
+ "-psconsolefile"
499
+ ]
500
+ },
501
+ "operator": "phrase_match"
502
+ }
503
+ ],
504
+ "transformers": [
505
+ "lowercase"
506
+ ]
507
+ },
508
+ {
509
+ "id": "crs-932-130",
510
+ "name": "Remote Command Execution: Unix Shell Expression Found",
511
+ "tags": {
512
+ "type": "command_injection",
513
+ "crs_id": "932130",
514
+ "category": "attack_attempt"
515
+ },
516
+ "conditions": [
517
+ {
518
+ "parameters": {
519
+ "inputs": [
520
+ {
521
+ "address": "server.request.query"
522
+ },
523
+ {
524
+ "address": "server.request.body"
525
+ },
526
+ {
527
+ "address": "server.request.path_params"
528
+ }
529
+ ],
530
+ "regex": "(?:\\$(?:\\((?:\\(.*\\)|.*)\\)|\\{.*})|[<>]\\(.*\\))",
531
+ "options": {
532
+ "case_sensitive": true,
533
+ "min_length": 3
534
+ }
535
+ },
536
+ "operator": "match_regex"
537
+ }
538
+ ],
539
+ "transformers": []
540
+ },
541
+ {
542
+ "id": "crs-932-150",
543
+ "name": "Remote Command Execution: Direct Unix Command Execution",
544
+ "tags": {
545
+ "type": "command_injection",
546
+ "crs_id": "932150",
547
+ "category": "attack_attempt"
548
+ },
549
+ "conditions": [
550
+ {
551
+ "parameters": {
552
+ "inputs": [
553
+ {
554
+ "address": "server.request.query"
555
+ },
556
+ {
557
+ "address": "server.request.body"
558
+ },
559
+ {
560
+ "address": "server.request.path_params"
561
+ }
562
+ ],
563
+ "regex": "(?:^|=)\\s*(?:{|\\s*\\(\\s*|\\w+=(?:[^\\s]*|\\$.*|\\$.*|<.*|>.*|\\'.*\\'|\\\".*\\\")\\s+|!\\s*|\\$)*\\s*(?:'|\\\")*(?:[\\?\\*\\[\\]\\(\\)\\-\\|+\\w'\\\"\\./\\\\\\\\]+/)?[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]*(?:s(?:[\\\\\\\\'\\\"]*(?:b[\\\\\\\\'\\\"]*_[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*e|c[\\\\\\\\'\\\"]*p[\\\\\\\\'\\\"]*u|m[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*d|p[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*i|u[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*b|-[\\\\\\\\'\\\"]*F|o[\\\\\\\\'\\\"]*f))?|z[\\\\\\\\'\\\"]*(?:(?:[ef][\\\\\\\\'\\\"]*)?g[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*p|c[\\\\\\\\'\\\"]*(?:a[\\\\\\\\'\\\"]*t|m[\\\\\\\\'\\\"]*p)|m[\\\\\\\\'\\\"]*(?:o[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e|a)|d[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*f|l[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*s)|e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*(?:(?:f[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*l|p[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*p)[\\\\\\\\'\\\"]*e|e[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*h[\\\\\\\\'\\\"]*o)|a[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*g(?:[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*n)?|c[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*m)|w[\\\\\\\\'\\\"]*p(?:[\\\\\\\\'\\\"]*-[\\\\\\\\'\\\"]*d[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*w[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*d)?|f[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*p(?:[\\\\\\\\'\\\"]*g[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*t)?|y[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*x)|s[\\\\\\\\'\\\"]*(?:e[\\\\\\\\'\\\"]*(?:t[\\\\\\\\'\\\"]*(?:e[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*v|s[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*d)|n[\\\\\\\\'\\\"]*d[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*l|d)|h(?:[\\\\\\\\'\\\"]*\\.[\\\\\\\\'\\\"]*d[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*b)?|o[\\\\\\\\'\\\"]*(?:u[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*e|c[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t)|t[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*g[\\\\\\\\'\\\"]*s|y[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*l|c[\\\\\\\\'\\\"]*(?:h[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*d|p)|d[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*f|f[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*p|u[\\\\\\\\'\\\"]*d[\\\\\\\\'\\\"]*o|s[\\\\\\\\'\\\"]*h|v[\\\\\\\\'\\\"]*n)|p[\\\\\\\\'\\\"]*(?:t[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*r(?:[\\\\\\\\'\\\"]*(?:d[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*f|g[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*p))?|y[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*h[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*n(?:[\\\\\\\\'\\\"]*(?:3(?:[\\\\\\\\'\\\"]*m)?|2))?|k[\\\\\\\\'\\\"]*(?:e[\\\\\\\\'\\\"]*x[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*c|i[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*l)|r[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*v|(?:g[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e|f[\\\\\\\\'\\\"]*t)[\\\\\\\\'\\\"]*p|e[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*l(?:[\\\\\\\\'\\\"]*5)?|h[\\\\\\\\'\\\"]*p(?:[\\\\\\\\'\\\"]*[57])?|i[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*g|o[\\\\\\\\'\\\"]*p[\\\\\\\\'\\\"]*d)|n[\\\\\\\\'\\\"]*(?:c(?:[\\\\\\\\'\\\"]*(?:\\.[\\\\\\\\'\\\"]*(?:t[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*d[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*l|o[\\\\\\\\'\\\"]*p[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*b[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*d)|a[\\\\\\\\'\\\"]*t))?|e[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*(?:k[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*-[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*p|(?:s[\\\\\\\\'\\\"]*t|c)[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t)|o[\\\\\\\\'\\\"]*h[\\\\\\\\'\\\"]*u[\\\\\\\\'\\\"]*p|p[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*g|s[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t)|t[\\\\\\\\'\\\"]*(?:c[\\\\\\\\'\\\"]*(?:p[\\\\\\\\'\\\"]*(?:t[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*u[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*e|i[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*g)|s[\\\\\\\\'\\\"]*h)|r[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*u[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*e(?:[\\\\\\\\'\\\"]*6)?|i[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*e(?:[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*u[\\\\\\\\'\\\"]*t)?|a[\\\\\\\\'\\\"]*(?:i[\\\\\\\\'\\\"]*l(?:[\\\\\\\\'\\\"]*f)?|r)|e[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*t)|r[\\\\\\\\'\\\"]*(?:e[\\\\\\\\'\\\"]*(?:p[\\\\\\\\'\\\"]*(?:l[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*e|e[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t)|a[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*p[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*h|n[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*e)|u[\\\\\\\\'\\\"]*b[\\\\\\\\'\\\"]*y(?:[\\\\\\\\'\\\"]*(?:1(?:[\\\\\\\\'\\\"]*[89])?|2[\\\\\\\\'\\\"]*[012]))?|m[\\\\\\\\'\\\"]*(?:u[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*e|d[\\\\\\\\'\\\"]*i)[\\\\\\\\'\\\"]*r|n[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*o|s[\\\\\\\\'\\\"]*y[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*c|c[\\\\\\\\'\\\"]*p)|b[\\\\\\\\'\\\"]*(?:z[\\\\\\\\'\\\"]*(?:(?:[ef][\\\\\\\\'\\\"]*)?g[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*p|d[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*f|l[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*s|m[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e|c[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t)|s[\\\\\\\\'\\\"]*d[\\\\\\\\'\\\"]*(?:c[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t|i[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*f|t[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*r)|u[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*n|a[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*h)|m[\\\\\\\\'\\\"]*(?:y[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*q[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*(?:d[\\\\\\\\'\\\"]*u[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*p(?:[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*w)?|h[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*p[\\\\\\\\'\\\"]*y|a[\\\\\\\\'\\\"]*d[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*n|s[\\\\\\\\'\\\"]*h[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*w)|l[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*e|a[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*q)|u[\\\\\\\\'\\\"]*(?:n[\\\\\\\\'\\\"]*(?:c[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*p[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*s|l[\\\\\\\\'\\\"]*z[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*a|a[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*e|r[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*r|s[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*t|z[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*p|x[\\\\\\\\'\\\"]*z)|s[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*(?:(?:a[\\\\\\\\'\\\"]*d|m[\\\\\\\\'\\\"]*o)[\\\\\\\\'\\\"]*d|d[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*l))|x[\\\\\\\\'\\\"]*(?:z(?:[\\\\\\\\'\\\"]*(?:(?:[ef][\\\\\\\\'\\\"]*)?g[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*p|d[\\\\\\\\'\\\"]*(?:i[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*f|e[\\\\\\\\'\\\"]*c)|c[\\\\\\\\'\\\"]*(?:a[\\\\\\\\'\\\"]*t|m[\\\\\\\\'\\\"]*p)|l[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*s|m[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e))?|a[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*g[\\\\\\\\'\\\"]*s)|z[\\\\\\\\'\\\"]*(?:(?:(?:[ef][\\\\\\\\'\\\"]*)?g[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e|i)[\\\\\\\\'\\\"]*p|c[\\\\\\\\'\\\"]*(?:a[\\\\\\\\'\\\"]*t|m[\\\\\\\\'\\\"]*p)|d[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*f|l[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*s|m[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e|r[\\\\\\\\'\\\"]*u[\\\\\\\\'\\\"]*n|s[\\\\\\\\'\\\"]*h)|f[\\\\\\\\'\\\"]*(?:t[\\\\\\\\'\\\"]*p[\\\\\\\\'\\\"]*(?:s[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*s|w[\\\\\\\\'\\\"]*h[\\\\\\\\'\\\"]*o)|i[\\\\\\\\'\\\"]*l[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*t|e[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*c[\\\\\\\\'\\\"]*h|g[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*p)|c[\\\\\\\\'\\\"]*(?:o[\\\\\\\\'\\\"]*(?:m[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*d|p[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*c)|u[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*l|s[\\\\\\\\'\\\"]*h|c)|e[\\\\\\\\'\\\"]*(?:g[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*p|c[\\\\\\\\'\\\"]*h[\\\\\\\\'\\\"]*o|v[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*l|x[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*c|n[\\\\\\\\'\\\"]*v)|d[\\\\\\\\'\\\"]*(?:m[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*g|a[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*h|i[\\\\\\\\'\\\"]*f[\\\\\\\\'\\\"]*f|o[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*s)|g[\\\\\\\\'\\\"]*(?:z[\\\\\\\\'\\\"]*(?:c[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*t|i[\\\\\\\\'\\\"]*p)|r[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*p|c[\\\\\\\\'\\\"]*c)|j[\\\\\\\\'\\\"]*(?:o[\\\\\\\\'\\\"]*b[\\\\\\\\'\\\"]*s[\\\\\\\\'\\\"]*\\s+[\\\\\\\\'\\\"]*-[\\\\\\\\'\\\"]*x|a[\\\\\\\\'\\\"]*v[\\\\\\\\'\\\"]*a)|w[\\\\\\\\'\\\"]*(?:h[\\\\\\\\'\\\"]*o[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*m[\\\\\\\\'\\\"]*i|g[\\\\\\\\'\\\"]*e[\\\\\\\\'\\\"]*t|3[\\\\\\\\'\\\"]*m)|i[\\\\\\\\'\\\"]*r[\\\\\\\\'\\\"]*b(?:[\\\\\\\\'\\\"]*(?:1(?:[\\\\\\\\'\\\"]*[89])?|2[\\\\\\\\'\\\"]*[012]))?|o[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*n[\\\\\\\\'\\\"]*t[\\\\\\\\'\\\"]*r|h[\\\\\\\\'\\\"]*(?:e[\\\\\\\\'\\\"]*a[\\\\\\\\'\\\"]*d|u[\\\\\\\\'\\\"]*p)|v[\\\\\\\\'\\\"]*i[\\\\\\\\'\\\"]*(?:g[\\\\\\\\'\\\"]*r|p[\\\\\\\\'\\\"]*w)|G[\\\\\\\\'\\\"]*E[\\\\\\\\'\\\"]*T)[\\\\\\\\'\\\"]*(?:\\s|;|\\||&|<|>)",
564
+ "options": {
565
+ "case_sensitive": true,
566
+ "min_length": 3
567
+ }
568
+ },
569
+ "operator": "match_regex"
570
+ }
571
+ ],
572
+ "transformers": []
573
+ },
574
+ {
575
+ "id": "crs-933-110",
576
+ "name": "PHP Injection Attack: PHP Script File Upload Found",
577
+ "tags": {
578
+ "type": "php_code_injection",
579
+ "crs_id": "933110",
580
+ "category": "attack_attempt"
581
+ },
582
+ "conditions": [
583
+ {
584
+ "parameters": {
585
+ "inputs": [
586
+ {
587
+ "address": "server.request.headers.no_cookies",
588
+ "key_path": [
589
+ "x-filename"
590
+ ]
591
+ },
592
+ {
593
+ "address": "server.request.headers.no_cookies",
594
+ "key_path": [
595
+ "x_filename"
596
+ ]
597
+ },
598
+ {
599
+ "address": "server.request.headers.no_cookies",
600
+ "key_path": [
601
+ "x.filename"
602
+ ]
603
+ },
604
+ {
605
+ "address": "server.request.headers.no_cookies",
606
+ "key_path": [
607
+ "x-file-name"
608
+ ]
609
+ }
610
+ ],
611
+ "regex": ".*\\.(?:php\\d*|phtml)\\.*$",
612
+ "options": {
613
+ "case_sensitive": true,
614
+ "min_length": 4
615
+ }
616
+ },
617
+ "operator": "match_regex"
618
+ }
619
+ ],
620
+ "transformers": [
621
+ "lowercase"
622
+ ]
623
+ },
624
+ {
625
+ "id": "crs-933-180",
626
+ "name": "PHP Injection Attack: Variable Function Call Found",
627
+ "tags": {
628
+ "type": "php_code_injection",
629
+ "crs_id": "933180",
630
+ "category": "attack_attempt"
631
+ },
632
+ "conditions": [
633
+ {
634
+ "parameters": {
635
+ "inputs": [
636
+ {
637
+ "address": "server.request.query"
638
+ },
639
+ {
640
+ "address": "server.request.body"
641
+ },
642
+ {
643
+ "address": "server.request.path_params"
644
+ }
645
+ ],
646
+ "regex": "\\$+(?:[a-zA-Z_\\x7f-\\xff][a-zA-Z0-9_\\x7f-\\xff]*|\\s*{.+})(?:\\s|\\[.+\\]|{.+}|/\\*.*\\*/|//.*|#.*)*\\(.*\\)",
647
+ "options": {
648
+ "case_sensitive": true,
649
+ "min_length": 4
650
+ }
651
+ },
652
+ "operator": "match_regex"
653
+ }
654
+ ],
655
+ "transformers": []
656
+ },
657
+ {
658
+ "id": "crs-933-210",
659
+ "name": "PHP Injection Attack: Variable Function Call Found",
660
+ "tags": {
661
+ "type": "php_code_injection",
662
+ "crs_id": "933210",
663
+ "category": "attack_attempt"
664
+ },
665
+ "conditions": [
666
+ {
667
+ "parameters": {
668
+ "inputs": [
669
+ {
670
+ "address": "server.request.query"
671
+ },
672
+ {
673
+ "address": "server.request.body"
674
+ },
675
+ {
676
+ "address": "server.request.path_params"
677
+ }
678
+ ],
679
+ "regex": "(?:(?:\\(|\\[|\\\")[a-zA-Z0-9_.$\\\"'\\[\\](?:){}*\\s\\\\]+(?:\\)|\\]|\\\")[0-9_.$\\\"'\\[\\](?:){}*\\s]*\\([a-zA-Z0-9_.$\\\"'\\[\\](?:){}*\\s].*\\)|\\([\\s]*string[\\s]*\\)[\\s]*(?:\\\"|'))[;]",
680
+ "options": {
681
+ "case_sensitive": true,
682
+ "min_length": 7
683
+ }
684
+ },
685
+ "operator": "match_regex"
686
+ }
687
+ ],
688
+ "transformers": []
689
+ },
690
+ {
691
+ "id": "crs-941-130",
692
+ "name": "XSS Filter - Category 3: Attribute Vector",
693
+ "tags": {
694
+ "type": "xss",
695
+ "crs_id": "941130",
696
+ "category": "attack_attempt"
697
+ },
698
+ "conditions": [
699
+ {
700
+ "parameters": {
701
+ "inputs": [
702
+ {
703
+ "address": "server.request.headers.no_cookies",
704
+ "key_path": [
705
+ "user-agent"
706
+ ]
707
+ },
708
+ {
709
+ "address": "server.request.query"
710
+ },
711
+ {
712
+ "address": "server.request.body"
713
+ },
714
+ {
715
+ "address": "server.request.path_params"
716
+ }
717
+ ],
718
+ "regex": "[\\s\\S](?:\\b(?:x(?:link:href|html|mlns)|data:text\\/html|pattern\\b.*?=|formaction)|!ENTITY\\s+(?:\\S+|%\\s+\\S+)\\s+(?:PUBLIC|SYSTEM)|;base64|@import)\\b",
719
+ "options": {
720
+ "min_length": 6
721
+ }
722
+ },
723
+ "operator": "match_regex"
724
+ }
725
+ ],
726
+ "transformers": [
727
+ "removeNulls"
728
+ ]
729
+ },
730
+ {
731
+ "id": "crs-941-150",
732
+ "name": "XSS Filter - Category 5: Disallowed HTML Attributes",
733
+ "tags": {
734
+ "type": "xss",
735
+ "crs_id": "941150",
736
+ "category": "attack_attempt"
737
+ },
738
+ "conditions": [
739
+ {
740
+ "parameters": {
741
+ "inputs": [
742
+ {
743
+ "address": "server.request.headers.no_cookies",
744
+ "key_path": [
745
+ "user-agent"
746
+ ]
747
+ },
748
+ {
749
+ "address": "server.request.query"
750
+ },
751
+ {
752
+ "address": "server.request.body"
753
+ },
754
+ {
755
+ "address": "server.request.path_params"
756
+ }
757
+ ],
758
+ "regex": "\\b(?:s(?:tyle|rc)|href)\\b\\s*?=",
759
+ "options": {
760
+ "case_sensitive": true,
761
+ "min_length": 4
762
+ }
763
+ },
764
+ "operator": "match_regex"
765
+ }
766
+ ],
767
+ "transformers": [
768
+ "removeNulls"
769
+ ]
770
+ },
771
+ {
772
+ "id": "crs-941-160",
773
+ "name": "NoScript XSS InjectionChecker: HTML Injection",
774
+ "tags": {
775
+ "type": "xss",
776
+ "crs_id": "941160",
777
+ "category": "attack_attempt"
778
+ },
779
+ "conditions": [
780
+ {
781
+ "parameters": {
782
+ "inputs": [
783
+ {
784
+ "address": "server.request.headers.no_cookies",
785
+ "key_path": [
786
+ "user-agent"
787
+ ]
788
+ },
789
+ {
790
+ "address": "server.request.headers.no_cookies",
791
+ "key_path": [
792
+ "referer"
793
+ ]
794
+ },
795
+ {
796
+ "address": "server.request.query"
797
+ },
798
+ {
799
+ "address": "server.request.body"
800
+ },
801
+ {
802
+ "address": "server.request.path_params"
803
+ }
804
+ ],
805
+ "regex": "(?:(?:<\\w[\\s\\S]*[\\s/]|['\\\"](?:[\\s\\S]*[\\s/])?)(?:on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|(?:peech|ound)(?:start|end)|u(?:ccess|spend|bmit)|croll|how)|m(?:o(?:z(?:(?:pointerlock|fullscreen)(?:change|error)|(?:orientation|time)change|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|b(?:e(?:fore(?:(?:(?:de)?activa|scriptexecu)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ransition(?:cancel|end|run)|ime(?:update|out)|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom)|s(?:tyle|rc)|background|formaction|lowsrc|ping)[\\s\\x08]*?=|<[^\\w<>]*(?:[^<>\\\"'\\s]*:)?[^\\w<>]*\\W*?(?:(?:a\\W*?(?:n\\W*?i\\W*?m\\W*?a\\W*?t\\W*?e|p\\W*?p\\W*?l\\W*?e\\W*?t|u\\W*?d\\W*?i\\W*?o)|b\\W*?(?:i\\W*?n\\W*?d\\W*?i\\W*?n\\W*?g\\W*?s|a\\W*?s\\W*?e|o\\W*?d\\W*?y)|i?\\W*?f\\W*?r\\W*?a\\W*?m\\W*?e|o\\W*?b\\W*?j\\W*?e\\W*?c\\W*?t|i\\W*?m\\W*?a?\\W*?g\\W*?e?|e\\W*?m\\W*?b\\W*?e\\W*?d|p\\W*?a\\W*?r\\W*?a\\W*?m|v\\W*?i\\W*?d\\W*?e\\W*?o|l\\W*?i\\W*?n\\W*?k)[^>\\w]|s\\W*?(?:c\\W*?r\\W*?i\\W*?p\\W*?t|t\\W*?y\\W*?l\\W*?e|e\\W*?t[^>\\w]|v\\W*?g)|m\\W*?(?:a\\W*?r\\W*?q\\W*?u\\W*?e\\W*?e|e\\W*?t\\W*?a[^>\\w])|f\\W*?o\\W*?r\\W*?m))",
806
+ "options": {
807
+ "min_length": 4
808
+ }
809
+ },
810
+ "operator": "match_regex"
811
+ }
812
+ ],
813
+ "transformers": [
814
+ "removeNulls"
815
+ ]
816
+ },
817
+ {
818
+ "id": "crs-941-170",
819
+ "name": "NoScript XSS InjectionChecker: Attribute Injection",
820
+ "tags": {
821
+ "type": "xss",
822
+ "crs_id": "941170",
823
+ "category": "attack_attempt"
824
+ },
825
+ "conditions": [
826
+ {
827
+ "parameters": {
828
+ "inputs": [
829
+ {
830
+ "address": "server.request.headers.no_cookies",
831
+ "key_path": [
832
+ "user-agent"
833
+ ]
834
+ },
835
+ {
836
+ "address": "server.request.headers.no_cookies",
837
+ "key_path": [
838
+ "referer"
839
+ ]
840
+ },
841
+ {
842
+ "address": "server.request.query"
843
+ },
844
+ {
845
+ "address": "server.request.body"
846
+ },
847
+ {
848
+ "address": "server.request.path_params"
849
+ }
850
+ ],
851
+ "regex": "(?:\\W|^)(?:javascript:(?:[\\s\\S]+[=\\\\\\(\\[\\.<]|[\\s\\S]*?(?:\\bname\\b|\\\\[ux]\\d))|data:(?:(?:[a-z]\\w+/\\w[\\w+-]+\\w)?[;,]|[\\s\\S]*?;[\\s\\S]*?\\b(?:base64|charset=)|[\\s\\S]*?,[\\s\\S]*?<[\\s\\S]*?\\w[\\s\\S]*?>))|@\\W*?i\\W*?m\\W*?p\\W*?o\\W*?r\\W*?t\\W*?(?:/\\*[\\s\\S]*?)?(?:[\\\"']|\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\()|\\W*?-\\W*?m\\W*?o\\W*?z\\W*?-\\W*?b\\W*?i\\W*?n\\W*?d\\W*?i\\W*?n\\W*?g[\\s\\S]*?:[\\s\\S]*?\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\(",
852
+ "options": {
853
+ "min_length": 6
854
+ }
855
+ },
856
+ "operator": "match_regex"
857
+ }
858
+ ],
859
+ "transformers": [
860
+ "removeNulls"
861
+ ]
862
+ },
863
+ {
864
+ "id": "crs-941-190",
865
+ "name": "IE XSS Filters - Attack Detected",
866
+ "tags": {
867
+ "type": "xss",
868
+ "crs_id": "941190",
869
+ "category": "attack_attempt"
870
+ },
871
+ "conditions": [
872
+ {
873
+ "parameters": {
874
+ "inputs": [
875
+ {
876
+ "address": "server.request.query"
877
+ },
878
+ {
879
+ "address": "server.request.body"
880
+ },
881
+ {
882
+ "address": "server.request.path_params"
883
+ }
884
+ ],
885
+ "regex": "(?i:<style.*?>.*?(?:@[i\\\\\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(?:\\\\\\\\]|&#x?0*(?:40|28|92|5C);?)))",
886
+ "options": {
887
+ "case_sensitive": true,
888
+ "min_length": 9
889
+ }
890
+ },
891
+ "operator": "match_regex"
892
+ }
893
+ ],
894
+ "transformers": [
895
+ "removeNulls"
896
+ ]
897
+ },
898
+ {
899
+ "id": "crs-941-250",
900
+ "name": "IE XSS Filters - Attack Detected",
901
+ "tags": {
902
+ "type": "xss",
903
+ "crs_id": "941250",
904
+ "category": "attack_attempt"
905
+ },
906
+ "conditions": [
907
+ {
908
+ "parameters": {
909
+ "inputs": [
910
+ {
911
+ "address": "server.request.query"
912
+ },
913
+ {
914
+ "address": "server.request.body"
915
+ },
916
+ {
917
+ "address": "server.request.path_params"
918
+ }
919
+ ],
920
+ "regex": "(?i:<META[\\s/+].*?http-equiv[\\s/+]*=[\\s/+]*[\\\"'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))",
921
+ "options": {
922
+ "case_sensitive": true,
923
+ "min_length": 18
924
+ }
925
+ },
926
+ "operator": "match_regex"
927
+ }
928
+ ],
929
+ "transformers": [
930
+ "removeNulls"
931
+ ]
932
+ },
933
+ {
934
+ "id": "crs-941-260",
935
+ "name": "IE XSS Filters - Attack Detected",
936
+ "tags": {
937
+ "type": "xss",
938
+ "crs_id": "941260",
939
+ "category": "attack_attempt"
940
+ },
941
+ "conditions": [
942
+ {
943
+ "parameters": {
944
+ "inputs": [
945
+ {
946
+ "address": "server.request.query"
947
+ },
948
+ {
949
+ "address": "server.request.body"
950
+ },
951
+ {
952
+ "address": "server.request.path_params"
953
+ }
954
+ ],
955
+ "regex": "(?i:<META[\\s/+].*?charset[\\s/+]*=)",
956
+ "options": {
957
+ "case_sensitive": true,
958
+ "min_length": 14
959
+ }
960
+ },
961
+ "operator": "match_regex"
962
+ }
963
+ ],
964
+ "transformers": [
965
+ "removeNulls"
966
+ ]
967
+ },
968
+ {
969
+ "id": "crs-941-370",
970
+ "name": "JavaScript global variable found",
971
+ "tags": {
972
+ "type": "xss",
973
+ "crs_id": "941370",
974
+ "category": "attack_attempt"
975
+ },
976
+ "conditions": [
977
+ {
978
+ "parameters": {
979
+ "inputs": [
980
+ {
981
+ "address": "server.request.query"
982
+ },
983
+ {
984
+ "address": "server.request.body"
985
+ },
986
+ {
987
+ "address": "server.request.path_params"
988
+ }
989
+ ],
990
+ "regex": "(?:self|document|this|top|window)\\s*(?:/\\*|[\\[)]).+?(?:\\]|\\*/)",
991
+ "options": {
992
+ "case_sensitive": true,
993
+ "min_length": 6
994
+ }
995
+ },
996
+ "operator": "match_regex"
997
+ }
998
+ ],
999
+ "transformers": []
1000
+ },
1001
+ {
1002
+ "id": "crs-941-380",
1003
+ "name": "AngularJS client side template injection detected",
1004
+ "tags": {
1005
+ "type": "js_code_injection",
1006
+ "crs_id": "941380",
1007
+ "category": "attack_attempt"
1008
+ },
1009
+ "conditions": [
1010
+ {
1011
+ "parameters": {
1012
+ "inputs": [
1013
+ {
1014
+ "address": "server.request.query"
1015
+ },
1016
+ {
1017
+ "address": "server.request.body"
1018
+ },
1019
+ {
1020
+ "address": "server.request.path_params"
1021
+ }
1022
+ ],
1023
+ "regex": "^{{[\\w\\s\\.]*[^\\w\\.\\s}][^}]*}}$",
1024
+ "options": {
1025
+ "case_sensitive": true,
1026
+ "min_length": 5
1027
+ }
1028
+ },
1029
+ "operator": "match_regex"
1030
+ }
1031
+ ],
1032
+ "transformers": []
1033
+ },
1034
+ {
1035
+ "id": "crs-942-170",
1036
+ "name": "Detects SQL benchmark and sleep injection attempts including conditional queries",
1037
+ "tags": {
1038
+ "type": "sql_injection",
1039
+ "crs_id": "942170",
1040
+ "category": "attack_attempt"
1041
+ },
1042
+ "conditions": [
1043
+ {
1044
+ "parameters": {
1045
+ "inputs": [
1046
+ {
1047
+ "address": "server.request.query"
1048
+ },
1049
+ {
1050
+ "address": "server.request.body"
1051
+ },
1052
+ {
1053
+ "address": "server.request.path_params"
1054
+ }
1055
+ ],
1056
+ "regex": "(?:select|;)\\s+(?:benchmark|sleep|if)\\s*?\\(\\s*?\\(?\\s*?\\w+",
1057
+ "options": {
1058
+ "min_length": 6
1059
+ }
1060
+ },
1061
+ "operator": "match_regex"
1062
+ }
1063
+ ],
1064
+ "transformers": []
1065
+ },
1066
+ {
1067
+ "id": "crs-942-230",
1068
+ "name": "Detects conditional SQL injection attempts",
1069
+ "tags": {
1070
+ "type": "sql_injection",
1071
+ "crs_id": "942230",
1072
+ "category": "attack_attempt"
1073
+ },
1074
+ "conditions": [
1075
+ {
1076
+ "parameters": {
1077
+ "inputs": [
1078
+ {
1079
+ "address": "server.request.query"
1080
+ },
1081
+ {
1082
+ "address": "server.request.body"
1083
+ },
1084
+ {
1085
+ "address": "server.request.path_params"
1086
+ }
1087
+ ],
1088
+ "regex": "(?i:[\\s(?:)]case\\s+when.*?then|\\)\\s*?like\\s*?\\(|select.*?having\\s*?[^\\s]+\\s*?[^\\w\\s]|if\\s?\\([\\d\\w]\\s*?[=<>~])",
1089
+ "options": {
1090
+ "case_sensitive": true,
1091
+ "min_length": 5
1092
+ }
1093
+ },
1094
+ "operator": "match_regex"
1095
+ }
1096
+ ],
1097
+ "transformers": []
1098
+ },
1099
+ {
1100
+ "id": "crs-942-320",
1101
+ "name": "Detects MySQL and PostgreSQL stored procedure/function injections",
1102
+ "tags": {
1103
+ "type": "sql_injection",
1104
+ "crs_id": "942320",
1105
+ "category": "attack_attempt"
1106
+ },
1107
+ "conditions": [
1108
+ {
1109
+ "parameters": {
1110
+ "inputs": [
1111
+ {
1112
+ "address": "server.request.query"
1113
+ },
1114
+ {
1115
+ "address": "server.request.body"
1116
+ },
1117
+ {
1118
+ "address": "server.request.path_params"
1119
+ }
1120
+ ],
1121
+ "regex": "(?:create\\s+(?:procedure|function)\\s*?\\w+\\s*?\\(\\s*?\\)\\s*?-|;\\s*?(?:declare|open)\\s+[\\w-]+|procedure\\s+analyse\\s*?\\(|declare[^\\w]+[@#]\\s*?\\w+|exec\\s*?\\(\\s*?@)",
1122
+ "options": {
1123
+ "min_length": 6
1124
+ }
1125
+ },
1126
+ "operator": "match_regex"
1127
+ }
1128
+ ],
1129
+ "transformers": []
1130
+ },
1131
+ {
1132
+ "id": "crs-942-350",
1133
+ "name": "Detects MySQL UDF injection and other data/structure manipulation attempts",
1134
+ "tags": {
1135
+ "type": "sql_injection",
1136
+ "crs_id": "942350",
1137
+ "category": "attack_attempt"
1138
+ },
1139
+ "conditions": [
1140
+ {
1141
+ "parameters": {
1142
+ "inputs": [
1143
+ {
1144
+ "address": "server.request.query"
1145
+ },
1146
+ {
1147
+ "address": "server.request.body"
1148
+ },
1149
+ {
1150
+ "address": "server.request.path_params"
1151
+ }
1152
+ ],
1153
+ "regex": "(?:;\\s*?(?:(?:(?:trunc|cre|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|alter|load)\\b\\s*?[\\[(?:]?\\w{2,}|create\\s+function\\s+.+\\s+returns)",
1154
+ "options": {
1155
+ "min_length": 7
1156
+ }
1157
+ },
1158
+ "operator": "match_regex"
1159
+ }
1160
+ ],
1161
+ "transformers": []
1162
+ },
1163
+ {
1164
+ "id": "crs-944-240",
1165
+ "name": "Remote Command Execution: Java serialization (CVE-2015-4852)",
1166
+ "tags": {
1167
+ "type": "java_code_injection",
1168
+ "crs_id": "944240",
1169
+ "category": "attack_attempt"
1170
+ },
1171
+ "conditions": [
1172
+ {
1173
+ "parameters": {
1174
+ "inputs": [
1175
+ {
1176
+ "address": "server.request.query"
1177
+ },
1178
+ {
1179
+ "address": "server.request.body"
1180
+ },
1181
+ {
1182
+ "address": "server.request.path_params"
1183
+ },
1184
+ {
1185
+ "address": "server.request.headers.no_cookies"
1186
+ }
1187
+ ],
1188
+ "regex": "(?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)",
1189
+ "options": {
1190
+ "case_sensitive": true,
1191
+ "min_length": 10
1192
+ }
1193
+ },
1194
+ "operator": "match_regex"
1195
+ }
1196
+ ],
1197
+ "transformers": [
1198
+ "lowercase"
1199
+ ]
1200
+ },
1201
+ {
1202
+ "id": "sqr-000-003",
1203
+ "name": "Obfuscated Path Traversal Attack (/../) on any parameter",
1204
+ "tags": {
1205
+ "type": "lfi",
1206
+ "category": "attack_attempt"
1207
+ },
1208
+ "conditions": [
1209
+ {
1210
+ "parameters": {
1211
+ "inputs": [
1212
+ {
1213
+ "address": "server.request.query"
1214
+ },
1215
+ {
1216
+ "address": "server.request.body"
1217
+ },
1218
+ {
1219
+ "address": "server.request.path_params"
1220
+ }
1221
+ ],
1222
+ "regex": "(?:\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\\.))|\\.(?:%0[01]|\\?)?|\\?\\.?|0x2e){2}(?:\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|/))",
1223
+ "options": {
1224
+ "min_length": 4
1225
+ }
1226
+ },
1227
+ "operator": "match_regex"
1228
+ }
1229
+ ],
1230
+ "transformers": []
1231
+ },
1232
+ {
1233
+ "id": "sqr-000-004",
1234
+ "name": "Obfuscated Path Traversal Attack (/../) on any parameter",
1235
+ "tags": {
1236
+ "type": "lfi",
1237
+ "category": "attack_attempt"
1238
+ },
1239
+ "conditions": [
1240
+ {
1241
+ "parameters": {
1242
+ "inputs": [
1243
+ {
1244
+ "address": "server.request.query"
1245
+ },
1246
+ {
1247
+ "address": "server.request.body"
1248
+ },
1249
+ {
1250
+ "address": "server.request.path_params"
1251
+ }
1252
+ ],
1253
+ "regex": "(?:(?:^|[\\\\\\\\/])\\.\\.[\\\\\\\\/]|[\\\\\\\\/]\\.\\.(?:[\\\\\\\\/]|$))",
1254
+ "options": {
1255
+ "case_sensitive": true,
1256
+ "min_length": 3
1257
+ }
1258
+ },
1259
+ "operator": "match_regex"
1260
+ }
1261
+ ],
1262
+ "transformers": [
1263
+ "removeNulls"
1264
+ ]
1265
+ },
1266
+ {
1267
+ "id": "sqr-000-011",
1268
+ "name": "Node.js: Prototype pollution",
1269
+ "tags": {
1270
+ "type": "js_code_injection",
1271
+ "category": "attack_attempt"
1272
+ },
1273
+ "conditions": [
1274
+ {
1275
+ "parameters": {
1276
+ "inputs": [
1277
+ {
1278
+ "address": "server.request.query"
1279
+ },
1280
+ {
1281
+ "address": "server.request.body"
1282
+ },
1283
+ {
1284
+ "address": "server.request.path_params"
1285
+ },
1286
+ {
1287
+ "address": "server.request.headers.no_cookies"
1288
+ }
1289
+ ],
1290
+ "regex": "__proto__[\\.\\[]"
1291
+ },
1292
+ "operator": "match_regex"
1293
+ }
1294
+ ],
1295
+ "transformers": []
1296
+ }
1297
+ ]
1298
+ }