dd-trace 2.3.1 → 2.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/ci/init.js +26 -2
- package/index.d.ts +51 -0
- package/package.json +2 -2
- package/packages/datadog-instrumentations/index.js +10 -0
- package/packages/datadog-instrumentations/src/amqp10.js +70 -0
- package/packages/datadog-instrumentations/src/amqplib.js +58 -0
- package/packages/datadog-instrumentations/src/cassandra-driver.js +191 -0
- package/packages/datadog-instrumentations/src/cucumber.js +27 -12
- package/packages/datadog-instrumentations/src/helpers/hook.js +44 -0
- package/packages/datadog-instrumentations/src/helpers/instrument.js +31 -58
- package/packages/datadog-instrumentations/src/http/client.js +170 -0
- package/packages/datadog-instrumentations/src/http/server.js +61 -0
- package/packages/datadog-instrumentations/src/http.js +4 -0
- package/packages/datadog-instrumentations/src/mocha.js +139 -0
- package/packages/datadog-instrumentations/src/mongodb-core.js +179 -0
- package/packages/datadog-instrumentations/src/net.js +117 -0
- package/packages/datadog-instrumentations/src/pg.js +75 -0
- package/packages/datadog-instrumentations/src/rhea.js +224 -0
- package/packages/datadog-instrumentations/src/tedious.js +66 -0
- package/packages/datadog-plugin-amqp10/src/index.js +79 -122
- package/packages/datadog-plugin-amqplib/src/index.js +77 -142
- package/packages/datadog-plugin-cassandra-driver/src/index.js +52 -224
- package/packages/datadog-plugin-cucumber/src/index.js +3 -1
- package/packages/datadog-plugin-elasticsearch/src/index.js +4 -2
- package/packages/datadog-plugin-http/src/client.js +112 -252
- package/packages/datadog-plugin-http/src/index.js +29 -3
- package/packages/datadog-plugin-http/src/server.js +54 -32
- package/packages/datadog-plugin-jest/src/jest-environment.js +3 -3
- package/packages/datadog-plugin-jest/src/jest-jasmine2.js +5 -3
- package/packages/datadog-plugin-mocha/src/index.js +96 -207
- package/packages/datadog-plugin-mongodb-core/src/index.js +119 -3
- package/packages/datadog-plugin-net/src/index.js +65 -121
- package/packages/datadog-plugin-next/src/index.js +10 -10
- package/packages/datadog-plugin-pg/src/index.js +32 -69
- package/packages/datadog-plugin-rhea/src/index.js +59 -225
- package/packages/datadog-plugin-tedious/src/index.js +38 -86
- package/packages/dd-trace/lib/version.js +1 -1
- package/packages/dd-trace/src/appsec/recommended.json +235 -315
- package/packages/dd-trace/src/config.js +6 -0
- package/packages/dd-trace/src/iitm.js +5 -1
- package/packages/dd-trace/src/loader.js +6 -4
- package/packages/dd-trace/src/noop/tracer.js +4 -0
- package/packages/dd-trace/src/opentracing/propagation/text_map.js +34 -1
- package/packages/dd-trace/src/opentracing/span.js +34 -0
- package/packages/dd-trace/src/plugin_manager.js +4 -0
- package/packages/dd-trace/src/plugins/plugin.js +3 -1
- package/packages/dd-trace/src/plugins/util/web.js +99 -93
- package/packages/dd-trace/src/proxy.js +4 -0
- package/packages/dd-trace/src/ritm.js +60 -25
- package/packages/dd-trace/src/tracer.js +16 -0
- package/packages/datadog-plugin-mongodb-core/src/legacy.js +0 -59
- package/packages/datadog-plugin-mongodb-core/src/unified.js +0 -138
- package/packages/datadog-plugin-mongodb-core/src/util.js +0 -143
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
{
|
|
2
|
-
"version": "2.
|
|
2
|
+
"version": "2.2",
|
|
3
|
+
"metadata": {
|
|
4
|
+
"rules_version": "1.3.0"
|
|
5
|
+
},
|
|
3
6
|
"rules": [
|
|
4
7
|
{
|
|
5
8
|
"id": "crs-913-110",
|
|
6
|
-
"name": "
|
|
9
|
+
"name": "Acunetix",
|
|
7
10
|
"tags": {
|
|
8
11
|
"type": "security_scanner",
|
|
9
12
|
"crs_id": "913110",
|
|
@@ -21,7 +24,8 @@
|
|
|
21
24
|
"acunetix-product",
|
|
22
25
|
"(acunetix web vulnerability scanner",
|
|
23
26
|
"acunetix-scanning-agreement",
|
|
24
|
-
"acunetix-user-agreement"
|
|
27
|
+
"acunetix-user-agreement",
|
|
28
|
+
"md5(acunetix_wvs_security_test)"
|
|
25
29
|
]
|
|
26
30
|
},
|
|
27
31
|
"operator": "phrase_match"
|
|
@@ -33,7 +37,7 @@
|
|
|
33
37
|
},
|
|
34
38
|
{
|
|
35
39
|
"id": "crs-913-120",
|
|
36
|
-
"name": "
|
|
40
|
+
"name": "Known security scanner filename/argument",
|
|
37
41
|
"tags": {
|
|
38
42
|
"type": "security_scanner",
|
|
39
43
|
"crs_id": "913120",
|
|
@@ -228,7 +232,9 @@
|
|
|
228
232
|
"operator": "match_regex"
|
|
229
233
|
}
|
|
230
234
|
],
|
|
231
|
-
"transformers": [
|
|
235
|
+
"transformers": [
|
|
236
|
+
"normalizePath"
|
|
237
|
+
]
|
|
232
238
|
},
|
|
233
239
|
{
|
|
234
240
|
"id": "crs-930-110",
|
|
@@ -274,9 +280,6 @@
|
|
|
274
280
|
{
|
|
275
281
|
"parameters": {
|
|
276
282
|
"inputs": [
|
|
277
|
-
{
|
|
278
|
-
"address": "server.request.cookies"
|
|
279
|
-
},
|
|
280
283
|
{
|
|
281
284
|
"address": "server.request.query"
|
|
282
285
|
},
|
|
@@ -291,53 +294,54 @@
|
|
|
291
294
|
}
|
|
292
295
|
],
|
|
293
296
|
"list": [
|
|
294
|
-
"
|
|
295
|
-
"
|
|
296
|
-
"
|
|
297
|
-
"
|
|
298
|
-
"
|
|
299
|
-
"
|
|
300
|
-
"
|
|
301
|
-
"
|
|
302
|
-
"
|
|
303
|
-
"
|
|
297
|
+
"/.htaccess",
|
|
298
|
+
"/.htdigest",
|
|
299
|
+
"/.htpasswd",
|
|
300
|
+
"/.addressbook",
|
|
301
|
+
"/.aptitude/config",
|
|
302
|
+
"/.bash_config",
|
|
303
|
+
"/.bash_history",
|
|
304
|
+
"/.bash_logout",
|
|
305
|
+
"/.bash_profile",
|
|
306
|
+
"/.bashrc",
|
|
304
307
|
".cache/notify-osd.log",
|
|
305
308
|
".config/odesk/odesk team.conf",
|
|
306
|
-
"
|
|
307
|
-
"
|
|
309
|
+
"/.cshrc",
|
|
310
|
+
"/.dockerignore",
|
|
308
311
|
".drush/",
|
|
309
|
-
"
|
|
310
|
-
"
|
|
311
|
-
"
|
|
312
|
-
"
|
|
313
|
-
".
|
|
314
|
-
"
|
|
312
|
+
"/.eslintignore",
|
|
313
|
+
"/.fbcindex",
|
|
314
|
+
"/.forward",
|
|
315
|
+
"/.git",
|
|
316
|
+
".git/",
|
|
317
|
+
"/.gitattributes",
|
|
318
|
+
"/.gitconfig",
|
|
315
319
|
".gnupg/",
|
|
316
320
|
".hplip/hplip.conf",
|
|
317
|
-
"
|
|
318
|
-
"
|
|
321
|
+
"/.ksh_history",
|
|
322
|
+
"/.lesshst",
|
|
319
323
|
".lftp/",
|
|
320
|
-
"
|
|
321
|
-
"
|
|
324
|
+
"/.lhistory",
|
|
325
|
+
"/.lldb-history",
|
|
322
326
|
".local/share/mc/",
|
|
323
|
-
"
|
|
324
|
-
"
|
|
325
|
-
"
|
|
326
|
-
"
|
|
327
|
-
"
|
|
328
|
-
"
|
|
329
|
-
"
|
|
330
|
-
"
|
|
327
|
+
"/.lynx_cookies",
|
|
328
|
+
"/.my.cnf",
|
|
329
|
+
"/.mysql_history",
|
|
330
|
+
"/.nano_history",
|
|
331
|
+
"/.node_repl_history",
|
|
332
|
+
"/.pearrc",
|
|
333
|
+
"/.php_history",
|
|
334
|
+
"/.pinerc",
|
|
331
335
|
".pki/",
|
|
332
|
-
"
|
|
333
|
-
"
|
|
334
|
-
"
|
|
335
|
-
"
|
|
336
|
-
"
|
|
337
|
-
"
|
|
338
|
-
"
|
|
339
|
-
"
|
|
340
|
-
"
|
|
336
|
+
"/.proclog",
|
|
337
|
+
"/.procmailrc",
|
|
338
|
+
"/.psql_history",
|
|
339
|
+
"/.python_history",
|
|
340
|
+
"/.rediscli_history",
|
|
341
|
+
"/.rhistory",
|
|
342
|
+
"/.rhosts",
|
|
343
|
+
"/.sh_history",
|
|
344
|
+
"/.sqlite_history",
|
|
341
345
|
".ssh/authorized_keys",
|
|
342
346
|
".ssh/config",
|
|
343
347
|
".ssh/id_dsa",
|
|
@@ -351,17 +355,17 @@
|
|
|
351
355
|
".subversion/config",
|
|
352
356
|
".subversion/servers",
|
|
353
357
|
".tconn/tconn.conf",
|
|
354
|
-
"
|
|
358
|
+
"/.tcshrc",
|
|
355
359
|
".vidalia/vidalia.conf",
|
|
356
|
-
"
|
|
357
|
-
"
|
|
358
|
-
"
|
|
359
|
-
"
|
|
360
|
-
"
|
|
361
|
-
"
|
|
362
|
-
"
|
|
363
|
-
"
|
|
364
|
-
"
|
|
360
|
+
"/.viminfo",
|
|
361
|
+
"/.vimrc",
|
|
362
|
+
"/.www_acl",
|
|
363
|
+
"/.wwwacl",
|
|
364
|
+
"/.xauthority",
|
|
365
|
+
"/.zhistory",
|
|
366
|
+
"/.zshrc",
|
|
367
|
+
"/.zsh_history",
|
|
368
|
+
"/.nsconfig",
|
|
365
369
|
"etc/redis.conf",
|
|
366
370
|
"etc/redis-sentinel.conf",
|
|
367
371
|
"etc/php.ini",
|
|
@@ -1343,26 +1347,26 @@
|
|
|
1343
1347
|
"etc/vmware-tools/vmware-tools-libraries.conf",
|
|
1344
1348
|
"var/log/vmware/hostd.log",
|
|
1345
1349
|
"var/log/vmware/hostd-1.log",
|
|
1346
|
-
"wp-config.php",
|
|
1347
|
-
"wp-config.bak",
|
|
1348
|
-
"wp-config.old",
|
|
1349
|
-
"wp-config.temp",
|
|
1350
|
-
"wp-config.tmp",
|
|
1351
|
-
"wp-config.txt",
|
|
1352
|
-
"config.yml",
|
|
1353
|
-
"config_dev.yml",
|
|
1354
|
-
"config_prod.yml",
|
|
1355
|
-
"config_test.yml",
|
|
1356
|
-
"parameters.yml",
|
|
1357
|
-
"routing.yml",
|
|
1358
|
-
"security.yml",
|
|
1359
|
-
"services.yml",
|
|
1350
|
+
"/wp-config.php",
|
|
1351
|
+
"/wp-config.bak",
|
|
1352
|
+
"/wp-config.old",
|
|
1353
|
+
"/wp-config.temp",
|
|
1354
|
+
"/wp-config.tmp",
|
|
1355
|
+
"/wp-config.txt",
|
|
1356
|
+
"/config.yml",
|
|
1357
|
+
"/config_dev.yml",
|
|
1358
|
+
"/config_prod.yml",
|
|
1359
|
+
"/config_test.yml",
|
|
1360
|
+
"/parameters.yml",
|
|
1361
|
+
"/routing.yml",
|
|
1362
|
+
"/security.yml",
|
|
1363
|
+
"/services.yml",
|
|
1360
1364
|
"sites/default/default.settings.php",
|
|
1361
1365
|
"sites/default/settings.php",
|
|
1362
1366
|
"sites/default/settings.local.php",
|
|
1363
1367
|
"app/etc/local.xml",
|
|
1364
|
-
"sftp-config.json",
|
|
1365
|
-
"web.config",
|
|
1368
|
+
"/sftp-config.json",
|
|
1369
|
+
"/web.config",
|
|
1366
1370
|
"includes/config.php",
|
|
1367
1371
|
"includes/configure.php",
|
|
1368
1372
|
"config.inc.php",
|
|
@@ -1386,26 +1390,27 @@
|
|
|
1386
1390
|
"system32/config/system",
|
|
1387
1391
|
"system32/config/software",
|
|
1388
1392
|
"winnt/repair/sam._",
|
|
1389
|
-
"package.json",
|
|
1390
|
-
"package-lock.json",
|
|
1391
|
-
"gruntfile.js",
|
|
1392
|
-
"npm-debug.log",
|
|
1393
|
-
"ormconfig.json",
|
|
1394
|
-
"tsconfig.json",
|
|
1395
|
-
"webpack.config.js",
|
|
1396
|
-
"yarn.lock"
|
|
1393
|
+
"/package.json",
|
|
1394
|
+
"/package-lock.json",
|
|
1395
|
+
"/gruntfile.js",
|
|
1396
|
+
"/npm-debug.log",
|
|
1397
|
+
"/ormconfig.json",
|
|
1398
|
+
"/tsconfig.json",
|
|
1399
|
+
"/webpack.config.js",
|
|
1400
|
+
"/yarn.lock"
|
|
1397
1401
|
]
|
|
1398
1402
|
},
|
|
1399
1403
|
"operator": "phrase_match"
|
|
1400
1404
|
}
|
|
1401
1405
|
],
|
|
1402
1406
|
"transformers": [
|
|
1403
|
-
"lowercase"
|
|
1407
|
+
"lowercase",
|
|
1408
|
+
"normalizePath"
|
|
1404
1409
|
]
|
|
1405
1410
|
},
|
|
1406
1411
|
{
|
|
1407
1412
|
"id": "crs-931-110",
|
|
1408
|
-
"name": "
|
|
1413
|
+
"name": "RFI: Common RFI Vulnerable Parameter Name used w/ URL Payload",
|
|
1409
1414
|
"tags": {
|
|
1410
1415
|
"type": "rfi",
|
|
1411
1416
|
"crs_id": "931110",
|
|
@@ -1431,7 +1436,7 @@
|
|
|
1431
1436
|
},
|
|
1432
1437
|
{
|
|
1433
1438
|
"id": "crs-931-120",
|
|
1434
|
-
"name": "
|
|
1439
|
+
"name": "RFI: URL Payload Used w/Trailing Question Mark Character (?)",
|
|
1435
1440
|
"tags": {
|
|
1436
1441
|
"type": "rfi",
|
|
1437
1442
|
"crs_id": "931120",
|
|
@@ -1474,9 +1479,6 @@
|
|
|
1474
1479
|
{
|
|
1475
1480
|
"parameters": {
|
|
1476
1481
|
"inputs": [
|
|
1477
|
-
{
|
|
1478
|
-
"address": "server.request.cookies"
|
|
1479
|
-
},
|
|
1480
1482
|
{
|
|
1481
1483
|
"address": "server.request.query"
|
|
1482
1484
|
},
|
|
@@ -1774,9 +1776,6 @@
|
|
|
1774
1776
|
{
|
|
1775
1777
|
"parameters": {
|
|
1776
1778
|
"inputs": [
|
|
1777
|
-
{
|
|
1778
|
-
"address": "server.request.cookies"
|
|
1779
|
-
},
|
|
1780
1779
|
{
|
|
1781
1780
|
"address": "server.request.query"
|
|
1782
1781
|
},
|
|
@@ -1831,9 +1830,6 @@
|
|
|
1831
1830
|
{
|
|
1832
1831
|
"parameters": {
|
|
1833
1832
|
"inputs": [
|
|
1834
|
-
{
|
|
1835
|
-
"address": "server.request.cookies"
|
|
1836
|
-
},
|
|
1837
1833
|
{
|
|
1838
1834
|
"address": "server.request.query"
|
|
1839
1835
|
},
|
|
@@ -1870,9 +1866,6 @@
|
|
|
1870
1866
|
{
|
|
1871
1867
|
"parameters": {
|
|
1872
1868
|
"inputs": [
|
|
1873
|
-
{
|
|
1874
|
-
"address": "server.request.cookies"
|
|
1875
|
-
},
|
|
1876
1869
|
{
|
|
1877
1870
|
"address": "server.request.query"
|
|
1878
1871
|
},
|
|
@@ -1908,9 +1901,6 @@
|
|
|
1908
1901
|
{
|
|
1909
1902
|
"parameters": {
|
|
1910
1903
|
"inputs": [
|
|
1911
|
-
{
|
|
1912
|
-
"address": "server.request.cookies"
|
|
1913
|
-
},
|
|
1914
1904
|
{
|
|
1915
1905
|
"address": "server.request.query"
|
|
1916
1906
|
},
|
|
@@ -1990,9 +1980,6 @@
|
|
|
1990
1980
|
{
|
|
1991
1981
|
"parameters": {
|
|
1992
1982
|
"inputs": [
|
|
1993
|
-
{
|
|
1994
|
-
"address": "server.request.cookies"
|
|
1995
|
-
},
|
|
1996
1983
|
{
|
|
1997
1984
|
"address": "server.request.query"
|
|
1998
1985
|
},
|
|
@@ -2028,9 +2015,6 @@
|
|
|
2028
2015
|
{
|
|
2029
2016
|
"parameters": {
|
|
2030
2017
|
"inputs": [
|
|
2031
|
-
{
|
|
2032
|
-
"address": "server.request.cookies"
|
|
2033
|
-
},
|
|
2034
2018
|
{
|
|
2035
2019
|
"address": "server.request.headers.no_cookies"
|
|
2036
2020
|
},
|
|
@@ -2070,9 +2054,6 @@
|
|
|
2070
2054
|
{
|
|
2071
2055
|
"parameters": {
|
|
2072
2056
|
"inputs": [
|
|
2073
|
-
{
|
|
2074
|
-
"address": "server.request.cookies"
|
|
2075
|
-
},
|
|
2076
2057
|
{
|
|
2077
2058
|
"address": "server.request.query"
|
|
2078
2059
|
},
|
|
@@ -2111,9 +2092,6 @@
|
|
|
2111
2092
|
{
|
|
2112
2093
|
"parameters": {
|
|
2113
2094
|
"inputs": [
|
|
2114
|
-
{
|
|
2115
|
-
"address": "server.request.cookies"
|
|
2116
|
-
},
|
|
2117
2095
|
{
|
|
2118
2096
|
"address": "server.request.query"
|
|
2119
2097
|
},
|
|
@@ -2150,9 +2128,6 @@
|
|
|
2150
2128
|
{
|
|
2151
2129
|
"parameters": {
|
|
2152
2130
|
"inputs": [
|
|
2153
|
-
{
|
|
2154
|
-
"address": "server.request.cookies"
|
|
2155
|
-
},
|
|
2156
2131
|
{
|
|
2157
2132
|
"address": "server.request.headers.no_cookies",
|
|
2158
2133
|
"key_path": [
|
|
@@ -2198,9 +2173,6 @@
|
|
|
2198
2173
|
{
|
|
2199
2174
|
"parameters": {
|
|
2200
2175
|
"inputs": [
|
|
2201
|
-
{
|
|
2202
|
-
"address": "server.request.cookies"
|
|
2203
|
-
},
|
|
2204
2176
|
{
|
|
2205
2177
|
"address": "server.request.headers.no_cookies",
|
|
2206
2178
|
"key_path": [
|
|
@@ -2250,9 +2222,6 @@
|
|
|
2250
2222
|
{
|
|
2251
2223
|
"parameters": {
|
|
2252
2224
|
"inputs": [
|
|
2253
|
-
{
|
|
2254
|
-
"address": "server.request.cookies"
|
|
2255
|
-
},
|
|
2256
2225
|
{
|
|
2257
2226
|
"address": "server.request.headers.no_cookies",
|
|
2258
2227
|
"key_path": [
|
|
@@ -2302,9 +2271,6 @@
|
|
|
2302
2271
|
{
|
|
2303
2272
|
"parameters": {
|
|
2304
2273
|
"inputs": [
|
|
2305
|
-
{
|
|
2306
|
-
"address": "server.request.cookies"
|
|
2307
|
-
},
|
|
2308
2274
|
{
|
|
2309
2275
|
"address": "server.request.headers.no_cookies",
|
|
2310
2276
|
"key_path": [
|
|
@@ -2354,9 +2320,6 @@
|
|
|
2354
2320
|
{
|
|
2355
2321
|
"parameters": {
|
|
2356
2322
|
"inputs": [
|
|
2357
|
-
{
|
|
2358
|
-
"address": "server.request.cookies"
|
|
2359
|
-
},
|
|
2360
2323
|
{
|
|
2361
2324
|
"address": "server.request.query"
|
|
2362
2325
|
},
|
|
@@ -2400,9 +2363,6 @@
|
|
|
2400
2363
|
{
|
|
2401
2364
|
"parameters": {
|
|
2402
2365
|
"inputs": [
|
|
2403
|
-
{
|
|
2404
|
-
"address": "server.request.cookies"
|
|
2405
|
-
},
|
|
2406
2366
|
{
|
|
2407
2367
|
"address": "server.request.query"
|
|
2408
2368
|
},
|
|
@@ -2441,9 +2401,6 @@
|
|
|
2441
2401
|
{
|
|
2442
2402
|
"parameters": {
|
|
2443
2403
|
"inputs": [
|
|
2444
|
-
{
|
|
2445
|
-
"address": "server.request.cookies"
|
|
2446
|
-
},
|
|
2447
2404
|
{
|
|
2448
2405
|
"address": "server.request.query"
|
|
2449
2406
|
},
|
|
@@ -2482,9 +2439,6 @@
|
|
|
2482
2439
|
{
|
|
2483
2440
|
"parameters": {
|
|
2484
2441
|
"inputs": [
|
|
2485
|
-
{
|
|
2486
|
-
"address": "server.request.cookies"
|
|
2487
|
-
},
|
|
2488
2442
|
{
|
|
2489
2443
|
"address": "server.request.query"
|
|
2490
2444
|
},
|
|
@@ -2523,9 +2477,6 @@
|
|
|
2523
2477
|
{
|
|
2524
2478
|
"parameters": {
|
|
2525
2479
|
"inputs": [
|
|
2526
|
-
{
|
|
2527
|
-
"address": "server.request.cookies"
|
|
2528
|
-
},
|
|
2529
2480
|
{
|
|
2530
2481
|
"address": "server.request.query"
|
|
2531
2482
|
},
|
|
@@ -2563,9 +2514,6 @@
|
|
|
2563
2514
|
{
|
|
2564
2515
|
"parameters": {
|
|
2565
2516
|
"inputs": [
|
|
2566
|
-
{
|
|
2567
|
-
"address": "server.request.cookies"
|
|
2568
|
-
},
|
|
2569
2517
|
{
|
|
2570
2518
|
"address": "server.request.query"
|
|
2571
2519
|
},
|
|
@@ -2605,9 +2553,6 @@
|
|
|
2605
2553
|
{
|
|
2606
2554
|
"parameters": {
|
|
2607
2555
|
"inputs": [
|
|
2608
|
-
{
|
|
2609
|
-
"address": "server.request.cookies"
|
|
2610
|
-
},
|
|
2611
2556
|
{
|
|
2612
2557
|
"address": "server.request.query"
|
|
2613
2558
|
},
|
|
@@ -2645,9 +2590,6 @@
|
|
|
2645
2590
|
{
|
|
2646
2591
|
"parameters": {
|
|
2647
2592
|
"inputs": [
|
|
2648
|
-
{
|
|
2649
|
-
"address": "server.request.cookies"
|
|
2650
|
-
},
|
|
2651
2593
|
{
|
|
2652
2594
|
"address": "server.request.query"
|
|
2653
2595
|
},
|
|
@@ -2685,9 +2627,6 @@
|
|
|
2685
2627
|
{
|
|
2686
2628
|
"parameters": {
|
|
2687
2629
|
"inputs": [
|
|
2688
|
-
{
|
|
2689
|
-
"address": "server.request.cookies"
|
|
2690
|
-
},
|
|
2691
2630
|
{
|
|
2692
2631
|
"address": "server.request.query"
|
|
2693
2632
|
},
|
|
@@ -2725,9 +2664,6 @@
|
|
|
2725
2664
|
{
|
|
2726
2665
|
"parameters": {
|
|
2727
2666
|
"inputs": [
|
|
2728
|
-
{
|
|
2729
|
-
"address": "server.request.cookies"
|
|
2730
|
-
},
|
|
2731
2667
|
{
|
|
2732
2668
|
"address": "server.request.query"
|
|
2733
2669
|
},
|
|
@@ -2765,9 +2701,6 @@
|
|
|
2765
2701
|
{
|
|
2766
2702
|
"parameters": {
|
|
2767
2703
|
"inputs": [
|
|
2768
|
-
{
|
|
2769
|
-
"address": "server.request.cookies"
|
|
2770
|
-
},
|
|
2771
2704
|
{
|
|
2772
2705
|
"address": "server.request.query"
|
|
2773
2706
|
},
|
|
@@ -2804,9 +2737,6 @@
|
|
|
2804
2737
|
{
|
|
2805
2738
|
"parameters": {
|
|
2806
2739
|
"inputs": [
|
|
2807
|
-
{
|
|
2808
|
-
"address": "server.request.cookies"
|
|
2809
|
-
},
|
|
2810
2740
|
{
|
|
2811
2741
|
"address": "server.request.query"
|
|
2812
2742
|
},
|
|
@@ -2843,9 +2773,6 @@
|
|
|
2843
2773
|
{
|
|
2844
2774
|
"parameters": {
|
|
2845
2775
|
"inputs": [
|
|
2846
|
-
{
|
|
2847
|
-
"address": "server.request.cookies"
|
|
2848
|
-
},
|
|
2849
2776
|
{
|
|
2850
2777
|
"address": "server.request.query"
|
|
2851
2778
|
},
|
|
@@ -2867,44 +2794,6 @@
|
|
|
2867
2794
|
"removeNulls"
|
|
2868
2795
|
]
|
|
2869
2796
|
},
|
|
2870
|
-
{
|
|
2871
|
-
"id": "crs-942-140",
|
|
2872
|
-
"name": "SQL Injection Attack: Common DB Names Detected",
|
|
2873
|
-
"tags": {
|
|
2874
|
-
"type": "sql_injection",
|
|
2875
|
-
"crs_id": "942140",
|
|
2876
|
-
"category": "attack_attempt"
|
|
2877
|
-
},
|
|
2878
|
-
"conditions": [
|
|
2879
|
-
{
|
|
2880
|
-
"parameters": {
|
|
2881
|
-
"inputs": [
|
|
2882
|
-
{
|
|
2883
|
-
"address": "server.request.cookies"
|
|
2884
|
-
},
|
|
2885
|
-
{
|
|
2886
|
-
"address": "server.request.query"
|
|
2887
|
-
},
|
|
2888
|
-
{
|
|
2889
|
-
"address": "server.request.body"
|
|
2890
|
-
},
|
|
2891
|
-
{
|
|
2892
|
-
"address": "server.request.path_params"
|
|
2893
|
-
},
|
|
2894
|
-
{
|
|
2895
|
-
"address": "grpc.server.request.message"
|
|
2896
|
-
}
|
|
2897
|
-
],
|
|
2898
|
-
"regex": "\\b(?:(?:m(?:s(?:ys(?:ac(?:cess(?:objects|storage|xml)|es)|(?:relationship|object|querie)s|modules2?)|db)|aster\\.\\.sysdatabases|ysql\\.db)|pg_(?:catalog|toast)|information_schema|northwind|tempdb)\\b|s(?:(?:ys(?:\\.database_name|aux)|qlite(?:_temp)?_master)\\b|chema(?:_name\\b|\\W*\\())|d(?:atabas|b_nam)e\\W*\\()",
|
|
2899
|
-
"options": {
|
|
2900
|
-
"min_length": 4
|
|
2901
|
-
}
|
|
2902
|
-
},
|
|
2903
|
-
"operator": "match_regex"
|
|
2904
|
-
}
|
|
2905
|
-
],
|
|
2906
|
-
"transformers": []
|
|
2907
|
-
},
|
|
2908
2797
|
{
|
|
2909
2798
|
"id": "crs-942-160",
|
|
2910
2799
|
"name": "Detects blind sqli tests using sleep() or benchmark()",
|
|
@@ -2917,9 +2806,6 @@
|
|
|
2917
2806
|
{
|
|
2918
2807
|
"parameters": {
|
|
2919
2808
|
"inputs": [
|
|
2920
|
-
{
|
|
2921
|
-
"address": "server.request.cookies"
|
|
2922
|
-
},
|
|
2923
2809
|
{
|
|
2924
2810
|
"address": "server.request.query"
|
|
2925
2811
|
},
|
|
@@ -2956,9 +2842,6 @@
|
|
|
2956
2842
|
{
|
|
2957
2843
|
"parameters": {
|
|
2958
2844
|
"inputs": [
|
|
2959
|
-
{
|
|
2960
|
-
"address": "server.request.cookies"
|
|
2961
|
-
},
|
|
2962
2845
|
{
|
|
2963
2846
|
"address": "server.request.query"
|
|
2964
2847
|
},
|
|
@@ -2982,45 +2865,6 @@
|
|
|
2982
2865
|
],
|
|
2983
2866
|
"transformers": []
|
|
2984
2867
|
},
|
|
2985
|
-
{
|
|
2986
|
-
"id": "crs-942-220",
|
|
2987
|
-
"name": "Looking for integer overflow attacks, these are taken from skipfish, except 2.2.2250738585072011e-308 is the \\\"magic number\\\" crash",
|
|
2988
|
-
"tags": {
|
|
2989
|
-
"type": "sql_injection",
|
|
2990
|
-
"crs_id": "942220",
|
|
2991
|
-
"category": "attack_attempt"
|
|
2992
|
-
},
|
|
2993
|
-
"conditions": [
|
|
2994
|
-
{
|
|
2995
|
-
"parameters": {
|
|
2996
|
-
"inputs": [
|
|
2997
|
-
{
|
|
2998
|
-
"address": "server.request.cookies"
|
|
2999
|
-
},
|
|
3000
|
-
{
|
|
3001
|
-
"address": "server.request.query"
|
|
3002
|
-
},
|
|
3003
|
-
{
|
|
3004
|
-
"address": "server.request.body"
|
|
3005
|
-
},
|
|
3006
|
-
{
|
|
3007
|
-
"address": "server.request.path_params"
|
|
3008
|
-
},
|
|
3009
|
-
{
|
|
3010
|
-
"address": "grpc.server.request.message"
|
|
3011
|
-
}
|
|
3012
|
-
],
|
|
3013
|
-
"regex": "^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|2.2250738585072011e-308|1e309)$",
|
|
3014
|
-
"options": {
|
|
3015
|
-
"case_sensitive": true,
|
|
3016
|
-
"min_length": 5
|
|
3017
|
-
}
|
|
3018
|
-
},
|
|
3019
|
-
"operator": "match_regex"
|
|
3020
|
-
}
|
|
3021
|
-
],
|
|
3022
|
-
"transformers": []
|
|
3023
|
-
},
|
|
3024
2868
|
{
|
|
3025
2869
|
"id": "crs-942-240",
|
|
3026
2870
|
"name": "Detects MySQL charset switch and MSSQL DoS attempts",
|
|
@@ -3033,9 +2877,6 @@
|
|
|
3033
2877
|
{
|
|
3034
2878
|
"parameters": {
|
|
3035
2879
|
"inputs": [
|
|
3036
|
-
{
|
|
3037
|
-
"address": "server.request.cookies"
|
|
3038
|
-
},
|
|
3039
2880
|
{
|
|
3040
2881
|
"address": "server.request.query"
|
|
3041
2882
|
},
|
|
@@ -3071,9 +2912,6 @@
|
|
|
3071
2912
|
{
|
|
3072
2913
|
"parameters": {
|
|
3073
2914
|
"inputs": [
|
|
3074
|
-
{
|
|
3075
|
-
"address": "server.request.cookies"
|
|
3076
|
-
},
|
|
3077
2915
|
{
|
|
3078
2916
|
"address": "server.request.query"
|
|
3079
2917
|
},
|
|
@@ -3100,7 +2938,7 @@
|
|
|
3100
2938
|
},
|
|
3101
2939
|
{
|
|
3102
2940
|
"id": "crs-942-270",
|
|
3103
|
-
"name": "
|
|
2941
|
+
"name": "Basic SQL injection",
|
|
3104
2942
|
"tags": {
|
|
3105
2943
|
"type": "sql_injection",
|
|
3106
2944
|
"crs_id": "942270",
|
|
@@ -3110,9 +2948,6 @@
|
|
|
3110
2948
|
{
|
|
3111
2949
|
"parameters": {
|
|
3112
2950
|
"inputs": [
|
|
3113
|
-
{
|
|
3114
|
-
"address": "server.request.cookies"
|
|
3115
|
-
},
|
|
3116
2951
|
{
|
|
3117
2952
|
"address": "server.request.query"
|
|
3118
2953
|
},
|
|
@@ -3138,7 +2973,7 @@
|
|
|
3138
2973
|
},
|
|
3139
2974
|
{
|
|
3140
2975
|
"id": "crs-942-280",
|
|
3141
|
-
"name": "
|
|
2976
|
+
"name": "SQL Injection with delay functions",
|
|
3142
2977
|
"tags": {
|
|
3143
2978
|
"type": "sql_injection",
|
|
3144
2979
|
"crs_id": "942280",
|
|
@@ -3148,9 +2983,6 @@
|
|
|
3148
2983
|
{
|
|
3149
2984
|
"parameters": {
|
|
3150
2985
|
"inputs": [
|
|
3151
|
-
{
|
|
3152
|
-
"address": "server.request.cookies"
|
|
3153
|
-
},
|
|
3154
2986
|
{
|
|
3155
2987
|
"address": "server.request.query"
|
|
3156
2988
|
},
|
|
@@ -3186,9 +3018,6 @@
|
|
|
3186
3018
|
{
|
|
3187
3019
|
"parameters": {
|
|
3188
3020
|
"inputs": [
|
|
3189
|
-
{
|
|
3190
|
-
"address": "server.request.cookies"
|
|
3191
|
-
},
|
|
3192
3021
|
{
|
|
3193
3022
|
"address": "server.request.query"
|
|
3194
3023
|
},
|
|
@@ -3225,9 +3054,6 @@
|
|
|
3225
3054
|
{
|
|
3226
3055
|
"parameters": {
|
|
3227
3056
|
"inputs": [
|
|
3228
|
-
{
|
|
3229
|
-
"address": "server.request.cookies"
|
|
3230
|
-
},
|
|
3231
3057
|
{
|
|
3232
3058
|
"address": "server.request.query"
|
|
3233
3059
|
},
|
|
@@ -3263,9 +3089,6 @@
|
|
|
3263
3089
|
{
|
|
3264
3090
|
"parameters": {
|
|
3265
3091
|
"inputs": [
|
|
3266
|
-
{
|
|
3267
|
-
"address": "server.request.cookies"
|
|
3268
|
-
},
|
|
3269
3092
|
{
|
|
3270
3093
|
"address": "server.request.query"
|
|
3271
3094
|
},
|
|
@@ -3302,9 +3125,6 @@
|
|
|
3302
3125
|
{
|
|
3303
3126
|
"parameters": {
|
|
3304
3127
|
"inputs": [
|
|
3305
|
-
{
|
|
3306
|
-
"address": "server.request.cookies"
|
|
3307
|
-
},
|
|
3308
3128
|
{
|
|
3309
3129
|
"address": "server.request.query"
|
|
3310
3130
|
},
|
|
@@ -3347,9 +3167,6 @@
|
|
|
3347
3167
|
{
|
|
3348
3168
|
"address": "server.request.path_params"
|
|
3349
3169
|
},
|
|
3350
|
-
{
|
|
3351
|
-
"address": "server.request.cookies"
|
|
3352
|
-
},
|
|
3353
3170
|
{
|
|
3354
3171
|
"address": "server.request.headers.no_cookies"
|
|
3355
3172
|
},
|
|
@@ -3391,9 +3208,6 @@
|
|
|
3391
3208
|
{
|
|
3392
3209
|
"address": "server.request.path_params"
|
|
3393
3210
|
},
|
|
3394
|
-
{
|
|
3395
|
-
"address": "server.request.cookies"
|
|
3396
|
-
},
|
|
3397
3211
|
{
|
|
3398
3212
|
"address": "server.request.headers.no_cookies"
|
|
3399
3213
|
},
|
|
@@ -3421,9 +3235,6 @@
|
|
|
3421
3235
|
{
|
|
3422
3236
|
"address": "server.request.path_params"
|
|
3423
3237
|
},
|
|
3424
|
-
{
|
|
3425
|
-
"address": "server.request.cookies"
|
|
3426
|
-
},
|
|
3427
3238
|
{
|
|
3428
3239
|
"address": "server.request.headers.no_cookies"
|
|
3429
3240
|
},
|
|
@@ -3465,9 +3276,6 @@
|
|
|
3465
3276
|
{
|
|
3466
3277
|
"address": "server.request.path_params"
|
|
3467
3278
|
},
|
|
3468
|
-
{
|
|
3469
|
-
"address": "server.request.cookies"
|
|
3470
|
-
},
|
|
3471
3279
|
{
|
|
3472
3280
|
"address": "server.request.headers.no_cookies"
|
|
3473
3281
|
},
|
|
@@ -3528,6 +3336,137 @@
|
|
|
3528
3336
|
"lowercase"
|
|
3529
3337
|
]
|
|
3530
3338
|
},
|
|
3339
|
+
{
|
|
3340
|
+
"id": "dog-000-001",
|
|
3341
|
+
"name": "Look for Cassandra injections",
|
|
3342
|
+
"tags": {
|
|
3343
|
+
"type": "nosql_injection",
|
|
3344
|
+
"category": "attack_attempt"
|
|
3345
|
+
},
|
|
3346
|
+
"conditions": [
|
|
3347
|
+
{
|
|
3348
|
+
"parameters": {
|
|
3349
|
+
"inputs": [
|
|
3350
|
+
{
|
|
3351
|
+
"address": "server.request.query"
|
|
3352
|
+
},
|
|
3353
|
+
{
|
|
3354
|
+
"address": "server.request.body"
|
|
3355
|
+
},
|
|
3356
|
+
{
|
|
3357
|
+
"address": "server.request.path_params"
|
|
3358
|
+
},
|
|
3359
|
+
{
|
|
3360
|
+
"address": "server.request.headers.no_cookies"
|
|
3361
|
+
}
|
|
3362
|
+
],
|
|
3363
|
+
"regex": "\\ballow\\s+filtering\\b"
|
|
3364
|
+
},
|
|
3365
|
+
"operator": "match_regex"
|
|
3366
|
+
}
|
|
3367
|
+
],
|
|
3368
|
+
"transformers": [
|
|
3369
|
+
"removeComments"
|
|
3370
|
+
]
|
|
3371
|
+
},
|
|
3372
|
+
{
|
|
3373
|
+
"id": "dog-000-002",
|
|
3374
|
+
"name": "OGNL - Look for formatting injection patterns",
|
|
3375
|
+
"tags": {
|
|
3376
|
+
"type": "java_code_injection",
|
|
3377
|
+
"category": "attack_attempt"
|
|
3378
|
+
},
|
|
3379
|
+
"conditions": [
|
|
3380
|
+
{
|
|
3381
|
+
"operator": "match_regex",
|
|
3382
|
+
"parameters": {
|
|
3383
|
+
"inputs": [
|
|
3384
|
+
{
|
|
3385
|
+
"address": "server.request.query"
|
|
3386
|
+
},
|
|
3387
|
+
{
|
|
3388
|
+
"address": "server.request.body"
|
|
3389
|
+
},
|
|
3390
|
+
{
|
|
3391
|
+
"address": "server.request.path_params"
|
|
3392
|
+
},
|
|
3393
|
+
{
|
|
3394
|
+
"address": "grpc.server.request.message"
|
|
3395
|
+
}
|
|
3396
|
+
],
|
|
3397
|
+
"regex": "[#%$]{[^}]+[^\\w\\s][^}]+}",
|
|
3398
|
+
"options": {
|
|
3399
|
+
"case_sensitive": true
|
|
3400
|
+
}
|
|
3401
|
+
}
|
|
3402
|
+
}
|
|
3403
|
+
],
|
|
3404
|
+
"transformers": []
|
|
3405
|
+
},
|
|
3406
|
+
{
|
|
3407
|
+
"id": "dog-000-003",
|
|
3408
|
+
"name": "OGNL - Detect OGNL exploitation primitives",
|
|
3409
|
+
"tags": {
|
|
3410
|
+
"type": "java_code_injection",
|
|
3411
|
+
"category": "attack_attempt"
|
|
3412
|
+
},
|
|
3413
|
+
"conditions": [
|
|
3414
|
+
{
|
|
3415
|
+
"operator": "match_regex",
|
|
3416
|
+
"parameters": {
|
|
3417
|
+
"inputs": [
|
|
3418
|
+
{
|
|
3419
|
+
"address": "server.request.query"
|
|
3420
|
+
},
|
|
3421
|
+
{
|
|
3422
|
+
"address": "server.request.body"
|
|
3423
|
+
},
|
|
3424
|
+
{
|
|
3425
|
+
"address": "server.request.path_params"
|
|
3426
|
+
},
|
|
3427
|
+
{
|
|
3428
|
+
"address": "server.request.headers.no_cookies"
|
|
3429
|
+
},
|
|
3430
|
+
{
|
|
3431
|
+
"address": "grpc.server.request.message"
|
|
3432
|
+
}
|
|
3433
|
+
],
|
|
3434
|
+
"regex": "[@#]ognl",
|
|
3435
|
+
"options": {
|
|
3436
|
+
"case_sensitive": true
|
|
3437
|
+
}
|
|
3438
|
+
}
|
|
3439
|
+
}
|
|
3440
|
+
],
|
|
3441
|
+
"transformers": []
|
|
3442
|
+
},
|
|
3443
|
+
{
|
|
3444
|
+
"id": "dog-000-004",
|
|
3445
|
+
"name": "Spring4Shell - Attempts to exploit the Spring4shell vulnerability",
|
|
3446
|
+
"tags": {
|
|
3447
|
+
"type": "exploit_detection",
|
|
3448
|
+
"category": "attack_attempt"
|
|
3449
|
+
},
|
|
3450
|
+
"conditions": [
|
|
3451
|
+
{
|
|
3452
|
+
"operator": "match_regex",
|
|
3453
|
+
"parameters": {
|
|
3454
|
+
"inputs": [
|
|
3455
|
+
{
|
|
3456
|
+
"address": "server.request.body"
|
|
3457
|
+
}
|
|
3458
|
+
],
|
|
3459
|
+
"regex": "^class\\.module\\.classLoader\\.",
|
|
3460
|
+
"options": {
|
|
3461
|
+
"case_sensitive": false
|
|
3462
|
+
}
|
|
3463
|
+
}
|
|
3464
|
+
}
|
|
3465
|
+
],
|
|
3466
|
+
"transformers": [
|
|
3467
|
+
"keys_only"
|
|
3468
|
+
]
|
|
3469
|
+
},
|
|
3531
3470
|
{
|
|
3532
3471
|
"id": "nfd-000-001",
|
|
3533
3472
|
"name": "Detect common directory discovery scans",
|
|
@@ -4444,9 +4383,9 @@
|
|
|
4444
4383
|
},
|
|
4445
4384
|
{
|
|
4446
4385
|
"id": "sqr-000-017",
|
|
4447
|
-
"name": "
|
|
4386
|
+
"name": "Log4shell: Attempt to exploit log4j CVE-2021-44228",
|
|
4448
4387
|
"tags": {
|
|
4449
|
-
"type": "
|
|
4388
|
+
"type": "exploit_detection",
|
|
4450
4389
|
"category": "attack_attempt"
|
|
4451
4390
|
},
|
|
4452
4391
|
"conditions": [
|
|
@@ -5229,31 +5168,6 @@
|
|
|
5229
5168
|
],
|
|
5230
5169
|
"transformers": []
|
|
5231
5170
|
},
|
|
5232
|
-
{
|
|
5233
|
-
"id": "ua0-600-41x",
|
|
5234
|
-
"name": "Acunetix",
|
|
5235
|
-
"tags": {
|
|
5236
|
-
"type": "security_scanner",
|
|
5237
|
-
"category": "attack_attempt"
|
|
5238
|
-
},
|
|
5239
|
-
"conditions": [
|
|
5240
|
-
{
|
|
5241
|
-
"parameters": {
|
|
5242
|
-
"inputs": [
|
|
5243
|
-
{
|
|
5244
|
-
"address": "server.request.headers.no_cookies",
|
|
5245
|
-
"key_path": [
|
|
5246
|
-
"user-agent"
|
|
5247
|
-
]
|
|
5248
|
-
}
|
|
5249
|
-
],
|
|
5250
|
-
"regex": "md5\\(acunetix_wvs_security_test\\)"
|
|
5251
|
-
},
|
|
5252
|
-
"operator": "match_regex"
|
|
5253
|
-
}
|
|
5254
|
-
],
|
|
5255
|
-
"transformers": []
|
|
5256
|
-
},
|
|
5257
5171
|
{
|
|
5258
5172
|
"id": "ua0-600-42x",
|
|
5259
5173
|
"name": "OpenVAS",
|
|
@@ -5506,7 +5420,7 @@
|
|
|
5506
5420
|
},
|
|
5507
5421
|
{
|
|
5508
5422
|
"id": "ua0-600-52x",
|
|
5509
|
-
"name": "Nuclei
|
|
5423
|
+
"name": "Nuclei",
|
|
5510
5424
|
"tags": {
|
|
5511
5425
|
"type": "security_scanner",
|
|
5512
5426
|
"category": "attack_attempt"
|
|
@@ -5531,7 +5445,7 @@
|
|
|
5531
5445
|
},
|
|
5532
5446
|
{
|
|
5533
5447
|
"id": "ua0-600-53x",
|
|
5534
|
-
"name": "Tsunami
|
|
5448
|
+
"name": "Tsunami",
|
|
5535
5449
|
"tags": {
|
|
5536
5450
|
"type": "security_scanner",
|
|
5537
5451
|
"category": "attack_attempt"
|
|
@@ -5556,7 +5470,7 @@
|
|
|
5556
5470
|
},
|
|
5557
5471
|
{
|
|
5558
5472
|
"id": "ua0-600-54x",
|
|
5559
|
-
"name": "Nimbostratus
|
|
5473
|
+
"name": "Nimbostratus",
|
|
5560
5474
|
"tags": {
|
|
5561
5475
|
"type": "security_scanner",
|
|
5562
5476
|
"category": "attack_attempt"
|
|
@@ -5595,6 +5509,12 @@
|
|
|
5595
5509
|
"key_path": [
|
|
5596
5510
|
"user-agent"
|
|
5597
5511
|
]
|
|
5512
|
+
},
|
|
5513
|
+
{
|
|
5514
|
+
"address": "grpc.server.request.metadata",
|
|
5515
|
+
"key_path": [
|
|
5516
|
+
"dd-canary"
|
|
5517
|
+
]
|
|
5598
5518
|
}
|
|
5599
5519
|
],
|
|
5600
5520
|
"regex": "^dd-test-scanner-log$"
|
|
@@ -5606,7 +5526,7 @@
|
|
|
5606
5526
|
},
|
|
5607
5527
|
{
|
|
5608
5528
|
"id": "ua0-600-5xx",
|
|
5609
|
-
"name": "Blind
|
|
5529
|
+
"name": "Blind SQL Injection Brute Forcer",
|
|
5610
5530
|
"tags": {
|
|
5611
5531
|
"type": "security_scanner",
|
|
5612
5532
|
"category": "attack_attempt"
|
|
@@ -5705,4 +5625,4 @@
|
|
|
5705
5625
|
"transformers": []
|
|
5706
5626
|
}
|
|
5707
5627
|
]
|
|
5708
|
-
}
|
|
5628
|
+
}
|