sqreen 0.8.11465220943 → 1.0.0.pre1480953244

Sign up to get free protection for your applications and to get access to all the features.
Files changed (34) hide show
  1. checksums.yaml +4 -4
  2. data/lib/sqreen.rb +0 -1
  3. data/lib/sqreen/binding_accessor.rb +61 -49
  4. data/lib/sqreen/condition_evaluator.rb +17 -12
  5. data/lib/sqreen/conditionable.rb +2 -1
  6. data/lib/sqreen/configuration.rb +2 -0
  7. data/lib/sqreen/deliveries/batch.rb +2 -2
  8. data/lib/sqreen/events/attack.rb +1 -1
  9. data/lib/sqreen/frameworks/generic.rb +54 -15
  10. data/lib/sqreen/frameworks/rails.rb +1 -21
  11. data/lib/sqreen/frameworks/sinatra.rb +5 -0
  12. data/lib/sqreen/instrumentation.rb +7 -10
  13. data/lib/sqreen/log.rb +1 -0
  14. data/lib/sqreen/metrics/base.rb +4 -0
  15. data/lib/sqreen/metrics_store.rb +4 -4
  16. data/lib/sqreen/remote_command.rb +5 -4
  17. data/lib/sqreen/rules_callbacks.rb +0 -4
  18. data/lib/sqreen/rules_callbacks/matcher_rule.rb +8 -6
  19. data/lib/sqreen/rules_callbacks/reflected_xss.rb +55 -11
  20. data/lib/sqreen/runner.rb +76 -73
  21. data/lib/sqreen/runtime_infos.rb +3 -2
  22. data/lib/sqreen/serializer.rb +46 -0
  23. data/lib/sqreen/session.rb +22 -12
  24. data/lib/sqreen/version.rb +1 -1
  25. metadata +6 -14
  26. data/lib/sqreen/detect.rb +0 -14
  27. data/lib/sqreen/detect/shell_injection.rb +0 -61
  28. data/lib/sqreen/detect/sql_injection.rb +0 -115
  29. data/lib/sqreen/parsers/sql.rb +0 -98
  30. data/lib/sqreen/parsers/sql_tokenizer.rb +0 -266
  31. data/lib/sqreen/parsers/unix.rb +0 -110
  32. data/lib/sqreen/rules_callbacks/shell.rb +0 -33
  33. data/lib/sqreen/rules_callbacks/sql.rb +0 -41
  34. data/lib/sqreen/rules_callbacks/system_shell.rb +0 -25
data/lib/sqreen/rules_callbacks/system_shell.rb DELETED
@@ -1,25 +0,0 @@
1
- # Copyright (c) 2015 Sqreen. All Rights Reserved.
2
- # Please refer to our terms for more information: https://www.sqreen.io/terms.html
3
-
4
- require 'sqreen/rules_callbacks/shell'
5
-
6
- module Sqreen
7
- module Rules
8
- # Look for Shell injections in system like calls
9
- class SystemShellCB < ShellCB
10
- alias initial_pre pre
11
- def pre(inst, *args, &block)
12
- return if args.size == 0
13
- cmd = args[0]
14
- if cmd.is_a?(Hash)
15
- # skip optional env arguments
16
- return unless args.size > 1
17
- cmd = args[1]
18
- end
19
- # skip [cmd, argv0] arguments
20
- return if cmd.is_a?(Array)
21
- initial_pre(inst, cmd, &block)
22
- end
23
- end
24
- end
25
- end