rack-shield 1.2.4 → 1.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/rack/shield/version.rb +1 -1
- data/lib/rack/shield.rb +23 -4
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4e4a797d3977a33f0cce2ec275efbf4df1fb5193074a4977871fb599d5919573
|
|
4
|
+
data.tar.gz: 0b88fd9433535279167be816b5930266b7def34f6bb432db33b352854852d20b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e14b4b90c016ee90410fa877427aa38c6fd017909fb58bc225baa48bf51c9c10cd21fd565f4b3b4b15113d42d8e2c043f5382024894afa403424b924d782afe5
|
|
7
|
+
data.tar.gz: 98d8668fbb2d52e7f6d3c9cda989066670ae292f961c334dd7058cc2112cb8ffaf4d52c4ec0002aa8252babf46597f5e6ad8cf35a9b4dfdecbcd9088a25b36ed
|
data/lib/rack/shield/version.rb
CHANGED
data/lib/rack/shield.rb
CHANGED
|
@@ -19,6 +19,7 @@ module Rack
|
|
|
19
19
|
'/appsuite/signin',
|
|
20
20
|
'/aspera/faspex',
|
|
21
21
|
'/aspnet-ajax/',
|
|
22
|
+
'/.astro/',
|
|
22
23
|
'/axis2/axis2-admin',
|
|
23
24
|
'/bakula-web',
|
|
24
25
|
'/boaform/',
|
|
@@ -32,6 +33,7 @@ module Rack
|
|
|
32
33
|
'/(download)/',
|
|
33
34
|
'/downloadMainLog',
|
|
34
35
|
'/drupal.js',
|
|
36
|
+
'/env.d.ts',
|
|
35
37
|
'etc/passwd',
|
|
36
38
|
'/faspex/',
|
|
37
39
|
'ftpsync.settings',
|
|
@@ -74,6 +76,7 @@ module Rack
|
|
|
74
76
|
'/RELEASE_NOTES.txt',
|
|
75
77
|
'/remote/logincheck',
|
|
76
78
|
'/rest/applinks/',
|
|
79
|
+
'/runtime~main.js',
|
|
77
80
|
'/SaveUploadedHotspotLogoFile',
|
|
78
81
|
'/SDK/webLanguage',
|
|
79
82
|
'/seeyon/htmlofficeservlet',
|
|
@@ -82,10 +85,13 @@ module Rack
|
|
|
82
85
|
'/snort/',
|
|
83
86
|
'/solr/admin/',
|
|
84
87
|
'sqlbuddy',
|
|
88
|
+
'/.ssh/',
|
|
85
89
|
'/stalker_portal/',
|
|
86
90
|
'/telescope/requests',
|
|
91
|
+
'/teorema505',
|
|
87
92
|
'/tkset/',
|
|
88
93
|
'/UploadServlet',
|
|
94
|
+
'/@vite/',
|
|
89
95
|
'/varien/js.js',
|
|
90
96
|
'/VisionHubWebApi/',
|
|
91
97
|
'/WEB-INF/',
|
|
@@ -101,13 +107,14 @@ module Rack
|
|
|
101
107
|
/\A\/old-wp/,
|
|
102
108
|
/\A\/(wordpress|wp)(\/|\z)/,
|
|
103
109
|
/Open-Xchange/i]
|
|
104
|
-
|
|
110
|
+
|
|
105
111
|
DEFAULT_QUERIES = [
|
|
106
112
|
/SELECT.+FROM.+/i,
|
|
107
113
|
/SELECT.+COUNT/i,
|
|
108
114
|
/SELECT.+UNION/i,
|
|
109
115
|
/UNION.+SELECT/i,
|
|
110
116
|
/INFORMATION_SCHEMA/i,
|
|
117
|
+
/phpcredits/,
|
|
111
118
|
'--%20',
|
|
112
119
|
'-- ',
|
|
113
120
|
'%2Fscript%3E',
|
|
@@ -120,11 +127,16 @@ module Rack
|
|
|
120
127
|
'HelloThinkCMF',
|
|
121
128
|
'XDEBUG_SESSION_START'
|
|
122
129
|
]
|
|
123
|
-
|
|
130
|
+
|
|
124
131
|
DEFAULT_BODIES = [
|
|
125
132
|
'OKMLlKlV',
|
|
126
133
|
'DBMS_PIPE.RECEIVE_MESSAGE',
|
|
134
|
+
'encodeURIComponent(',
|
|
135
|
+
'.execSync(',
|
|
127
136
|
/eth_getWork/,
|
|
137
|
+
'mainModule.require',
|
|
138
|
+
'node:child_process',
|
|
139
|
+
'Object.assign(',
|
|
128
140
|
/SELECT.+FROM.+/i,
|
|
129
141
|
/SELECT.+COUNT/i,
|
|
130
142
|
/SELECT.+UNION/i,
|
|
@@ -132,10 +144,17 @@ module Rack
|
|
|
132
144
|
/INFORMATION_SCHEMA/i,
|
|
133
145
|
/WAITFOR DELAY/i,
|
|
134
146
|
/FROM PG_SLEEP/i,
|
|
147
|
+
'String.fromCharCode',
|
|
148
|
+
'/tmp/xd.sh',
|
|
149
|
+
'.toString()',
|
|
150
|
+
'/xmrig',
|
|
135
151
|
/CHR\(\d+\)/i,
|
|
136
152
|
/UNION.+SELECT/i
|
|
137
153
|
]
|
|
138
|
-
|
|
154
|
+
|
|
155
|
+
DEFAULT_CHECKS = [
|
|
156
|
+
]
|
|
157
|
+
|
|
139
158
|
class << self
|
|
140
159
|
|
|
141
160
|
attr_accessor :paths, :queries, :bodies, :checks, :responder
|
|
@@ -181,7 +200,7 @@ module Rack
|
|
|
181
200
|
self.paths = DEFAULT_PATHS.dup
|
|
182
201
|
self.queries = DEFAULT_QUERIES.dup
|
|
183
202
|
self.bodies = DEFAULT_BODIES.dup
|
|
184
|
-
self.checks =
|
|
203
|
+
self.checks = DEFAULT_CHECKS.dup
|
|
185
204
|
self.responder = Responder
|
|
186
205
|
|
|
187
206
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-shield
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matthias Grosser
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2026-01-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack-attack
|