Module: NewRelic::Security::Agent::Control::ReflectedXSS

Extended by:
ReflectedXSS
Included in:
ReflectedXSS
Defined in:
lib/newrelic_security/agent/control/reflected_xss.rb

Constant Summary collapse

LESS_THAN = 
'<'
GREATER_THAN = 
'>'
EQUAL = 
'='
HTML_COMMENT_START = 
'!--'
HTML_COMMENT_END = 
'-->'
FIVE_COLON = 
':::::'
SCRIPT = 
'script'
Content_Type = 
'Content-Type'
QUERY_STRING = 
'QUERY_STRING'
REQUEST_URI = 
'REQUEST_URI'
APPLICATION_JSON = 
'application/json'
APPLICATION_XML = 
'application/xml'
APPLICATION_X_WWW_FORM_URLENCODED = 
'application/x-www-form-urlencoded'
ON1 = 
'on'
ON2 = 
'ON'
ON3 = 
'On'
ON4 = 
'oN'
SRC = 
'src'
HREF = 
'href'
ACTION = 
'action'
FORMACTION = 
'formaction'
SRCDOC = 
'srcdoc'
DATA = 
'data'
TAG_NAME_REGEX = 
::Regexp.new("<([a-zA-Z_\\-]+[0-9]*|!--)", ::Regexp::MULTILINE | ::Regexp::IGNORECASE )
ATTRIBUTE_REGEX = 
::Regexp.new("([^(\\/\\s<'\">)]+?)(?:\\s*)=\\s*(('|\")([\\s\\S]*?)(?:(?=(\\\\?))\\5.)*?\\3|.+?(?=\\/>|>|\\?>|\\s|<\\/|$))", Regexp::MULTILINE | Regexp::IGNORECASE)
UNSUPPORTED_MEDIA_TYPES = 
%w[video/ image/ font/ audio/].freeze
UNSUPPORTED_CONTENT_TYPES = 
%w[application/zip application/epub+zip application/gzip application/java-archive application/msword application/octet-stream application/ogg application/pdf application/rtf application/vnd.amazon.ebook application/vnd.apple.installer+xml application/vnd.ms-excel application/vnd.ms-fontobject 
application/vnd.ms-powerpoint application/vnd.oasis.opendocument.presentation application/vnd.oasis.opendocument.spreadsheet application/vnd.oasis.opendocument.text application/vnd.openxmlformats-officedocument.presentationml.presentation 
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.wordprocessingml.document application/vnd.rar application/vnd.visio application/x-7z-compressed application/x-abiword application/x-bzip application/x-bzip2 application/x-cdf 
application/x-freearc application/x-tar application/zip text/calendar ].freeze

Instance Method Summary collapse

Instance Method Details

#check_xss(http_req, retval) ⇒ Object 



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/newrelic_security/agent/control/reflected_xss.rb', line 46

def check_xss(http_req, retval)
  # TODO: Check if enableHTTPRequestPrinting is required.
  return if http_req.nil? || retval.empty?
  if retval[1].key?(Content_Type) && (retval[1][Content_Type].start_with?(*UNSUPPORTED_MEDIA_TYPES) || retval[1][Content_Type].start_with?(*UNSUPPORTED_CONTENT_TYPES))
    return
  end
  response_body = ::String.new
  retval[2].each { |string| response_body << string }
  construct = check_for_reflected_xss(http_req, retval[1], response_body)
  NewRelic::Security::Agent.logger.debug "RXSS Attack DATA: #{construct}"
  if !construct.empty? || NewRelic::Security::Agent::Utils.is_IAST?
    parameters = Array.new
    parameters << construct
    parameters << response_body.force_encoding(ISO_8859_1).encode(UTF_8)
    NewRelic::Security::Agent::Control::Collector.collect(REFLECTED_XSS, parameters, nil, :response_header => retval[1][Content_Type])
  end
rescue Exception => exception
  NewRelic::Security::Agent.logger.error "Exception in Reflected XSS detection : #{exception.inspect} #{exception.backtrace}"
end