Class: Aikido::Zen::Scanners::ShellInjectionScanner
- Inherits:
-
Object
- Object
- Aikido::Zen::Scanners::ShellInjectionScanner
- Defined in:
- lib/aikido/zen/scanners/shell_injection_scanner.rb
Class Method Summary collapse
Instance Method Summary collapse
- #attack? ⇒ Boolean
-
#initialize(command, input) ⇒ ShellInjectionScanner
constructor
A new instance of ShellInjectionScanner.
Constructor Details
#initialize(command, input) ⇒ ShellInjectionScanner
Returns a new instance of ShellInjectionScanner.
33 34 35 36 |
# File 'lib/aikido/zen/scanners/shell_injection_scanner.rb', line 33 def initialize(command, input) @command = command @input = input end |
Class Method Details
.call(command:, sink:, context:, operation:) ⇒ Object
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/aikido/zen/scanners/shell_injection_scanner.rb', line 13 def self.call(command:, sink:, context:, operation:) return unless context context.payloads.each do |payload| next unless new(command, payload.value).attack? return Attacks::ShellInjectionAttack.new( sink: sink, input: payload, command: command, context: context, operation: "#{sink.operation}.#{operation}" ) end nil end |
Instance Method Details
#attack? ⇒ Boolean
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/aikido/zen/scanners/shell_injection_scanner.rb', line 38 def attack? # Block single ~ character. For example `echo ~` if @input == "~" if @command.size > 1 && @command.include?("~") return true end end # we ignore single character since they don't pose a big threat. # They are only able to crash the shell, not execute arbitraty commands. return false if @input.size <= 1 # We ignore cases where the user input is longer than the command because # the user input can't be part of the command return false if @input.size > @command.size return false unless @command.include?(@input) return false if ShellInjection::Helpers.is_safely_encapsulated @command, @input ShellInjection::Helpers.contains_shell_syntax @command, @input end |