rack-shield 1.1.2 → 1.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +4 -2
  3. data/lib/rack/shield/version.rb +1 -1
  4. data/lib/rack/shield.rb +38 -9
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c750d4385a2c39170a389f8b5a2aca1e4b967abb97cbdcd2fb142fd470d8df8c
4
- data.tar.gz: ea2b3f0519e5e38f742e1aa093366451082852ae6b57e29209d5c327c1298a84
3
+ metadata.gz: a08b10397030d6fb099720d6d2012adee70498c920e3cd058390dfab5ddfa4b0
4
+ data.tar.gz: 3270af671fe6fc922884ac0b54fe13432e25db90d1dfee511b48add36cef4e5e
5
5
  SHA512:
6
- metadata.gz: 28d31dba76eda79a987bc8139ce7f1fa22cc0347ea5bd2dda52e79064e040bd0569e14c7c642d37421e25dd390410198ddb51ca2ce26d54e3e0842c828c9f2cb
7
- data.tar.gz: 7b1d80c74cbbe6d07e2127f967fc7373dccc7f1258b9c4050311442b378ba9a47aedc7fafdf0342554c3d72d1353fd381d20277b93d17d99e640fc70d9d63daa
6
+ metadata.gz: bf63b373e4028d497234fd10a78b57084225ac43893794a92ee9e7f81e0ae224afda214ec39b13ac723c9cad82bd092ba8081430c070d6eef6565e552d70309f
7
+ data.tar.gz: 35593332faa7b985a5f227d014ae280344041eb0d69f783ce4e4ca7b855da6888dc464031bd2ae8f796e203e0d8546ddbdb5f8ac04e95176fab59f0ba992d7ec
data/README.md CHANGED
@@ -1,3 +1,5 @@
1
+ [![Gem Version](https://badge.fury.io/rb/rack-shield.svg)](http://badge.fury.io/rb/rack-shield) [![build](https://github.com/mtgrosser/rack-shield/actions/workflows/build.yml/badge.svg)](https://github.com/mtgrosser/rack-shield/actions/workflows/build.yml)
2
+
1
3
  ![Shield](https://raw.githubusercontent.com/mtgrosser/rack-shield/master/doc/shield.svg)
2
4
 
3
5
  # Rack::Shield
@@ -37,10 +39,10 @@ Adding to path matchers:
37
39
 
38
40
  ```ruby
39
41
  # Regexp will be matched
40
- Rack::Shield.evil_paths << /\.sql\z/
42
+ Rack::Shield.paths << /\.sql\z/
41
43
 
42
44
  # String will be checked for inclusion
43
- Rack::Shield.evil_paths << '/wp-admin'
45
+ Rack::Shield.paths << '/wp-admin'
44
46
  ```
45
47
  Defaults are defined in `Rack::Shield::DEFAULT_EVIL_PATHS`.
46
48
 
data/lib/rack/shield/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module Shield
3
- VERSION = '1.1.2'
3
+ VERSION = '1.2.1'
4
4
  end
5
5
  end
data/lib/rack/shield.rb CHANGED
@@ -8,7 +8,7 @@ require_relative 'shield/request_ext'
8
8
  module Rack
9
9
  module Shield
10
10
  DEFAULT_PATHS = [/\/wp-(includes|content|admin|json|config)/,
11
- /\.(php|cgi|asp|aspx|shtml|log|(my)?sql(\.tar)?(\.t?(gz|zip))?|cfm|py|lasso|e?rb|pl|jsp|do|action|sh|dll)\z/i,
11
+ /\.(php\d?|cgi|asp|aspx|shtml|log|(my)?sql(\.tar)?(\.t?(gz|zip))?|cfm|cmd|py|lasso|e?rb|pl|jsp|do|action|sh|dll|lsp)\z/i,
12
12
  'cgi-bin',
13
13
  'phpmyadmin',
14
14
  '/pma/',
@@ -54,12 +54,22 @@ module Rack
54
54
  '/aspnet-ajax/',
55
55
  '/Portal.mwsl',
56
56
  '/adminer',
57
+ '/appsuite/signin',
58
+ '/io.ox/',
59
+ '/tkset/',
60
+ '/bakula-web',
61
+ '/snort/',
62
+ '/officescan/',
63
+ '/servlet/',
64
+ '/ox6/',
65
+ '/ws_utc/',
57
66
  /\A\/"/,
58
67
  /\/\.(hg|git|svn|bzr|htaccess|ftpconfig|vscode|remote-sync|aws|env|DS_Store)/,
59
68
  /\/old\/?\z/,
60
69
  /\/\.env\z/,
61
70
  /\A\/old-wp/,
62
- /\A\/(wordpress|wp)(\/|\z)/]
71
+ /\A\/(wordpress|wp)(\/|\z)/,
72
+ /Open-Xchange/i]
63
73
 
64
74
  DEFAULT_QUERIES = [/SELECT.+FROM.+/i,
65
75
  /SELECT.+COUNT/i,
@@ -76,17 +86,16 @@ module Rack
76
86
  '<php>',
77
87
  'onload=confirm',
78
88
  'HelloThinkCMF',
79
- 'XDEBUG_SESSION_START',
80
- ]
81
-
89
+ 'XDEBUG_SESSION_START']
90
+
91
+ DEFAULT_BODIES = []
92
+
82
93
  class << self
83
94
 
84
- attr_accessor :paths, :queries, :checks, :responder
95
+ attr_accessor :paths, :queries, :bodies, :checks, :responder
85
96
 
86
97
  def evil?(req)
87
- (req.path && paths.any? { |matcher| match?(req.path, matcher) }) ||
88
- (req.query_string && queries.any? { |matcher| match?(req.query_string, matcher) }) ||
89
- (checks.any? { |matcher| match?(req, matcher) })
98
+ evil_paths?(req) || evil_queries?(req) || evil_checks?(req) || evil_bodies?(req)
90
99
  end
91
100
 
92
101
  def template
@@ -102,10 +111,30 @@ module Rack
102
111
  when Proc then matcher.call(obj)
103
112
  end
104
113
  end
114
+
115
+ def evil_paths?(req)
116
+ req.path && paths.any? { |matcher| match?(req.path, matcher) }
117
+ end
118
+
119
+ def evil_queries?(req)
120
+ req.query_string && queries.any? { |matcher| match?(req.query_string, matcher) }
121
+ end
122
+
123
+ def evil_checks?(req)
124
+ checks.any? { |matcher| match?(req, matcher) }
125
+ end
126
+
127
+ def evil_bodies?(req)
128
+ return false unless req.post? || req.put? || req.patch?
129
+ return false unless body = req.raw_post_data
130
+ return false if body.empty?
131
+ bodies.any? { |matcher| match?(body, matcher) }
132
+ end
105
133
  end
106
134
 
107
135
  self.paths = DEFAULT_PATHS.dup
108
136
  self.queries = DEFAULT_QUERIES.dup
137
+ self.bodies = DEFAULT_BODIES.dup
109
138
  self.checks = []
110
139
  self.responder = Responder
111
140
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-shield
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.2
4
+ version: 1.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matthias Grosser
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-01-05 00:00:00.000000000 Z
11
+ date: 2023-05-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack-attack
@@ -44,7 +44,7 @@ homepage: https://github.com/mtgrosser/rack-shield
44
44
  licenses:
45
45
  - MIT
46
46
  metadata: {}
47
- post_install_message:
47
+ post_install_message:
48
48
  rdoc_options: []
49
49
  require_paths:
50
50
  - lib
@@ -60,7 +60,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
60
60
  version: '0'
61
61
  requirements: []
62
62
  rubygems_version: 3.1.4
63
- signing_key:
63
+ signing_key:
64
64
  specification_version: 4
65
65
  summary: Block and unblock evil requests
66
66
  test_files: []