rack-shield 1.2.3 → 1.2.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/rack/shield/version.rb +1 -1
  3. data/lib/rack/shield.rb +126 -109
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4af714e5e9f99087a7d9376a6824428112009e44108e80b384394d46f5e1c4bb
4
- data.tar.gz: 11d2187927845f57118132650ee3b841932396a5d88db64eb3034a52a1b12f59
3
+ metadata.gz: 63cf387ebad4d086f6fc76ac196700458a5bc277ba0fbd73d21a86eeee752ae7
4
+ data.tar.gz: 5b2497b3e5cbb43ca7572e75ca9b60db17d7c3883771a47c1e55ccfa67d9192d
5
5
  SHA512:
6
- metadata.gz: 3f27f1100223082d87ecc61fe26d0e302bd86701e946834052e9c5d407b2aad8211dd27d8d0e625bc4d7f8aa489ff4e06a5dfa7c4ce3e7b472a8d4e1f2861a00
7
- data.tar.gz: e1fe4c1f9abe6488639616ab1c21408297dde642656973e2a45c7c585715857d5b081e5c558a71f7fddb578e58a4ed0a9d018fdb7a4dd2d2ff73d26b48dc29b9
6
+ metadata.gz: 3356793cb01d020fd54e33ef9be0b70483731e47dd28c37dcc8a82d3956317c4b857bc96c717ef6c35c64e9192add00eb9dca5e7632cf105d55a018e4d376ffc
7
+ data.tar.gz: a0761e34fd2f3a0ff002651b7add35a69f2b82a514f1e6125cfb32e670ea598a8e9aacd45b9a0a3ceeede0da75fd2043ce8582d89971d5d014aed15bc8341f95
data/lib/rack/shield/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module Shield
3
- VERSION = '1.2.3'
3
+ VERSION = '1.2.4'
4
4
  end
5
5
  end
data/lib/rack/shield.rb CHANGED
@@ -7,117 +7,134 @@ require_relative 'shield/request_ext'
7
7
 
8
8
  module Rack
9
9
  module Shield
10
- DEFAULT_PATHS = [/\/wp-(includes|content|admin|json|config)/,
11
- /\.(php\d?|cgi|asp|aspx|env|shtml|log|(my)?sql(\.tar)?(\.t?(gz|zip))?|cfm|cmd|py|lasso|e?rb|pl|jsp|do|action|sh|dll|lsp|ehp)\z/i,
12
- 'cgi-bin',
13
- 'phpmyadmin',
14
- '/pma/',
15
- '/boaform/',
16
- 'sqlbuddy',
17
- /(my)?sql-backup/,
18
- 'etc/passwd',
19
- '/php/',
20
- '.php/',
21
- '/browsedisk',
22
- '/mambo/',
23
- '/ipython/',
24
- '/jenkins/',
25
- '/joomla/',
26
- '/varien/js.js',
27
- '/drupal.js',
28
- 'RELEASE_NOTES.txt',
29
- '/phpunit/',
30
- '/magento/',
31
- '/mage/',
32
- '/magento_version',
33
- '/mifs/',
34
- '/js/varien/',
35
- '/includes/',
36
- '/HNAP1',
37
- '/stalker_portal/',
38
- '/nmaplowercheck',
39
- '/solr/admin/',
40
- '/axis2/axis2-admin',
41
- '/telescope/requests',
42
- '/RELEASE_NOTES.txt',
43
- 'deployment-config.json',
44
- 'ftpsync.settings',
45
- '/_profiler/latest',
46
- '/_ignition/',
47
- '/_wpeprivate/',
48
- '/Config/SaveUploadedHotspotLogoFile',
49
- 'ALFA_DATA',
50
- 'cgialfa',
51
- 'alfacgiapi',
52
- '/+CSCOT+/',
53
- '/api/v2/cmdb/system',
54
- 'com.vmware.vsan.client.services',
55
- '/aspnet-ajax/',
56
- '/Portal.mwsl',
57
- '/adminer',
58
- '/appsuite/signin',
59
- '/io.ox/',
60
- '/tkset/',
61
- '/bakula-web',
62
- '/snort/',
63
- '/officescan/',
64
- '/servlet/',
65
- '/ox6/',
66
- '/ws_utc/',
67
- '/OASREST/',
68
- '/WEB-INF/',
69
- '/faspex/',
70
- '/(download)/',
71
- '/nacos/',
72
- '/UploadServlet',
73
- '/meta-data/identity-credentials/',
74
- '/SDK/webLanguage',
75
- '/seeyon/htmlofficeservlet',
76
- '/jmx-console',
77
- '/nginx.conf',
78
- '/WEB-INF/',
79
- '/VisionHubWebApi/',
80
- '/groovyconsole',
81
- '/SaveUploadedHotspotLogoFile',
82
- '/downloadMainLog',
83
- '/aspera/faspex',
84
- '/actuator/health',
85
- '/SiteLoader',
86
- '/mPlayer',
87
- '/Portal0000.htm',
88
- '/rest/applinks/',
89
- '/nice%20ports',
90
- '/remote/logincheck',
91
- /\A\/"/,
92
- /\/\.(hg|git|svn|bzr|htaccess|ftpconfig|vscode|remote-sync|aws|env|DS_Store)/,
93
- /\/old\/?\z/,
94
- /\A\/old-wp/,
95
- /\A\/(wordpress|wp)(\/|\z)/,
96
- /Open-Xchange/i]
10
+ DEFAULT_PATHS = [
11
+ '/actuator/gateway/routes',
12
+ '/actuator/health',
13
+ '/admin/uploadify/',
14
+ '/adminer',
15
+ 'alfacgiapi',
16
+ 'ALFA_DATA',
17
+ '/api/v2/cmdb/system',
18
+ '/api/v2/static/not.found',
19
+ '/appsuite/signin',
20
+ '/aspera/faspex',
21
+ '/aspnet-ajax/',
22
+ '/axis2/axis2-admin',
23
+ '/bakula-web',
24
+ '/boaform/',
25
+ '/browsedisk',
26
+ 'cgialfa',
27
+ 'cgi-bin',
28
+ 'com.vmware.vsan.client.services',
29
+ '/Config/SaveUploadedHotspotLogoFile',
30
+ '/+CSCOT+/',
31
+ 'deployment-config.json',
32
+ '/(download)/',
33
+ '/downloadMainLog',
34
+ '/drupal.js',
35
+ 'etc/passwd',
36
+ '/faspex/',
37
+ 'ftpsync.settings',
38
+ '/groovyconsole',
39
+ '/HNAP1',
40
+ '/geoserver/web',
41
+ '/_ignition/',
42
+ '/includes/',
43
+ '/io.ox/',
44
+ '/ipython/',
45
+ '/jenkins/',
46
+ '/jmx-console',
47
+ '/joomla/',
48
+ '/js/varien/',
49
+ '/mage/',
50
+ '/magento/',
51
+ '/magento_version',
52
+ '/mambo/',
53
+ '/meta-data/identity-credentials/',
54
+ '/mifs/',
55
+ '/mPlayer',
56
+ '/nacos/',
57
+ '/nginx.conf',
58
+ '/nice%20ports',
59
+ '/nmaplowercheck',
60
+ '/OASREST/',
61
+ '/officescan/',
62
+ '/owa/auth/',
63
+ '/ox6/',
64
+ '/php/',
65
+ '.php/',
66
+ '/phpinfo',
67
+ 'phpmyadmin',
68
+ '/phpunit/',
69
+ '/pma/',
70
+ '/Portal0000.htm',
71
+ '/Portal.mwsl',
72
+ '/_profiler/latest',
73
+ 'RELEASE_NOTES.txt',
74
+ '/RELEASE_NOTES.txt',
75
+ '/remote/logincheck',
76
+ '/rest/applinks/',
77
+ '/SaveUploadedHotspotLogoFile',
78
+ '/SDK/webLanguage',
79
+ '/seeyon/htmlofficeservlet',
80
+ '/servlet/',
81
+ '/SiteLoader',
82
+ '/snort/',
83
+ '/solr/admin/',
84
+ 'sqlbuddy',
85
+ '/stalker_portal/',
86
+ '/telescope/requests',
87
+ '/tkset/',
88
+ '/UploadServlet',
89
+ '/varien/js.js',
90
+ '/VisionHubWebApi/',
91
+ '/WEB-INF/',
92
+ '/WEB-INF/',
93
+ '/_wpeprivate/',
94
+ '/ws_utc/',
95
+ /\/wp-(includes|content|admin|json|config)/,
96
+ /\.(php\d?|cgi|asp|aspx|env|shtml|log|(my)?sql(\.tar)?(\.t?(gz|zip))?|cfm|cmd|py|lasso|e?rb|pl|jsp|do|action|sh|dll|lsp|ehp)\z/i,
97
+ /\A\/"/,
98
+ /\/\.(hg|git|svn|bzr|htaccess|ftpconfig|vscode|remote-sync|aws|env|DS_Store)/,
99
+ /(my)?sql-backup/,
100
+ /\/old\/?\z/,
101
+ /\A\/old-wp/,
102
+ /\A\/(wordpress|wp)(\/|\z)/,
103
+ /Open-Xchange/i]
97
104
 
98
- DEFAULT_QUERIES = [/SELECT.+FROM.+/i,
99
- /SELECT.+COUNT/i,
100
- /SELECT.+UNION/i,
101
- /UNION.+SELECT/i,
102
- /INFORMATION_SCHEMA/i,
103
- '--%20',
104
- '-- ',
105
- '%2Fscript%3E',
106
- '<script>', '</script>',
107
- '<php>', '</php>',
108
- 'XDEBUG_SESSION_START',
109
- 'phpstorm',
110
- '<php>',
111
- 'onload=confirm',
112
- 'HelloThinkCMF',
113
- 'XDEBUG_SESSION_START']
105
+ DEFAULT_QUERIES = [
106
+ /SELECT.+FROM.+/i,
107
+ /SELECT.+COUNT/i,
108
+ /SELECT.+UNION/i,
109
+ /UNION.+SELECT/i,
110
+ /INFORMATION_SCHEMA/i,
111
+ '--%20',
112
+ '-- ',
113
+ '%2Fscript%3E',
114
+ '<script>', '</script>',
115
+ '<php>', '</php>',
116
+ 'XDEBUG_SESSION_START',
117
+ 'phpstorm',
118
+ '<php>',
119
+ 'onload=confirm',
120
+ 'HelloThinkCMF',
121
+ 'XDEBUG_SESSION_START'
122
+ ]
114
123
 
115
- DEFAULT_BODIES = ['OKMLlKlV',
116
- 'DBMS_PIPE.RECEIVE_MESSAGE',
117
- /WAITFOR DELAY/i,
118
- /FROM PG_SLEEP/i,
119
- /CHR\(\d+\)/i,
120
- /UNION.+SELECT/i]
124
+ DEFAULT_BODIES = [
125
+ 'OKMLlKlV',
126
+ 'DBMS_PIPE.RECEIVE_MESSAGE',
127
+ /eth_getWork/,
128
+ /SELECT.+FROM.+/i,
129
+ /SELECT.+COUNT/i,
130
+ /SELECT.+UNION/i,
131
+ /UNION.+SELECT/i,
132
+ /INFORMATION_SCHEMA/i,
133
+ /WAITFOR DELAY/i,
134
+ /FROM PG_SLEEP/i,
135
+ /CHR\(\d+\)/i,
136
+ /UNION.+SELECT/i
137
+ ]
121
138
 
122
139
  class << self
123
140
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-shield
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.3
4
+ version: 1.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matthias Grosser
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-18 00:00:00.000000000 Z
11
+ date: 2024-08-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack-attack