Module: Rack::Shield

Defined in:

lib/rack/shield.rb,
lib/rack/shield/version.rb,
lib/rack/shield/responder.rb,
lib/rack/shield/request_ext.rb

Defined Under Namespace

Modules: RequestExt Classes: Responder

Constant Summary

DEFAULT_PATHS =

[/\/wp-(includes|content|admin|json|config)/,
 /\.(php|cgi|asp|aspx|shtml|log|(my)?sql(\.tar)?(\.t?(gz|zip))?|cfm|py|lasso|e?rb|pl|jsp|do|action|sh|dll)\z/i,
'cgi-bin',
'phpmyadmin',
'/pma/',
'/boaform/',
'sqlbuddy',
/(my)?sql-backup/,
'etc/passwd',
'/php/',
'.php/',
'/browsedisk',
'/mambo/',
'/jenkins/',
'/joomla/',
'/varien/js.js',
'/drupal.js',
'RELEASE_NOTES.txt',
'/phpunit/',
'/magento/',
'/mage/',
'/magento_version',
'/mifs/',
'/js/varien/',
'/includes/',
'/HNAP1',
'/stalker_portal/',
'/nmaplowercheck',
'/solr/admin/',
'/axis2/axis2-admin',
'/telescope/requests',
'/RELEASE_NOTES.txt',
'deployment-config.json',
'ftpsync.settings',
'/_profiler/latest',
'/_ignition/',
'/_wpeprivate/',
'/Config/SaveUploadedHotspotLogoFile',
'ALFA_DATA',
'cgialfa',
'alfacgiapi',
'/+CSCOT+/',
'/api/v2/cmdb/system',
'com.vmware.vsan.client.services',
'/aspnet-ajax/',
'/Portal.mwsl',
'/adminer',
/\A\/"/,
/\/\.(hg|git|svn|bzr|htaccess|ftpconfig|vscode|remote-sync|aws|env|DS_Store)/,
/\/old\/?\z/,
/\/\.env\z/,
/\A\/old-wp/,
/\A\/(wordpress|wp)(\/|\z)/]

DEFAULT_QUERIES =

[/SELECT.+FROM.+/i,
  /SELECT.+COUNT/i,
  /SELECT.+UNION/i,
  /UNION.+SELECT/i,
  /INFORMATION_SCHEMA/i,
  '--%20',
  '-- ',
  '%2Fscript%3E',
  '<script>', '</script>',
  '<php>', '</php>',
  'XDEBUG_SESSION_START',
  'phpstorm',
  '<php>',
  'onload=confirm',
  'HelloThinkCMF',
  'XDEBUG_SESSION_START',
]

VERSION =

'1.1.2'

Class Attribute Summary

• .checks ⇒ Object

  Returns the value of attribute checks.

• .paths ⇒ Object

  Returns the value of attribute paths.

• .queries ⇒ Object

  Returns the value of attribute queries.

• .responder ⇒ Object

  Returns the value of attribute responder.

Class Method Summary

• .evil?(req) ⇒ Boolean
• .template ⇒ Object

Class Attribute Details

.checks ⇒ Object

Returns the value of attribute checks.

# File 'lib/rack/shield.rb', line 84

def checks
  @checks
end

.paths ⇒ Object

Returns the value of attribute paths.

# File 'lib/rack/shield.rb', line 84

def paths
  @paths
end

.queries ⇒ Object

Returns the value of attribute queries.

# File 'lib/rack/shield.rb', line 84

def queries
  @queries
end

.responder ⇒ Object

Returns the value of attribute responder.

# File 'lib/rack/shield.rb', line 84

def responder
  @responder
end

Class Method Details

.evil?(req) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rack/shield.rb', line 86

def evil?(req)
  (req.path && paths.any? { |matcher| match?(req.path, matcher) }) ||
  (req.query_string && queries.any? { |matcher| match?(req.query_string, matcher) }) ||
  (checks.any? { |matcher| match?(req, matcher) })
end

.template ⇒ Object

# File 'lib/rack/shield.rb', line 92

def template
  Pathname.new(__FILE__).dirname.join('..', '..', '..', 'templates', 'shield.html')
end