Module: Rack::Shield

Defined in:

lib/rack/shield.rb,
lib/rack/shield/version.rb,
lib/rack/shield/responder.rb,
lib/rack/shield/request_ext.rb

Defined Under Namespace

Modules: RequestExt Classes: Responder

Constant Summary

DEFAULT_PATHS =

[/\/wp-(includes|content|admin|json|config)/,
 /\.(php|cgi|asp|aspx|shtml|log|(my)?sql(\.tar)?(\.t?(gz|zip))?|cfm|py|lasso|e?rb|pl|jsp|do|action|sh|dll)\z/i,
'cgi-bin',
'phpmyadmin',
'/pma/',
'/boaform/',
'sqlbuddy',
/(my)?sql-backup/,
'etc/passwd',
'/php/',
'.php/',
'/browsedisk',
'/mambo/',
'/jenkins/',
'/joomla/',
'/varien/js.js',
'/drupal.js',
'RELEASE_NOTES.txt',
'/phpunit/',
'/magento/',
'/mage/',
'/magento_version',
'/mifs/',
'/js/varien/',
'/includes/',
'/HNAP1',
'/stalker_portal/',
'/nmaplowercheck',
'/solr/admin/',
'/axis2/axis2-admin',
'/telescope/requests',
'/RELEASE_NOTES.txt',
'deployment-config.json',
'ftpsync.settings',
'/_profiler/latest',
'/_ignition/',
'/_wpeprivate/',
'/Config/SaveUploadedHotspotLogoFile',
'ALFA_DATA',
'cgialfa',
'alfacgiapi',
'/+CSCOT+/',
'/api/v2/cmdb/system',
'com.vmware.vsan.client.services',
'/aspnet-ajax/',
'/Portal.mwsl',
'/adminer',
/\A\/"/,
/\/\.(hg|git|svn|bzr|htaccess|ftpconfig|vscode|remote-sync|aws|env|DS_Store)/,
/\/old\/?\z/,
/\/\.env\z/,
/\A\/old-wp/,
/\A\/(wordpress|wp)(\/|\z)/]

DEFAULT_QUERIES =

[/SELECT.+FROM.+/i,
/SELECT.+COUNT/i,
/SELECT.+UNION/i,
/UNION.+SELECT/i,
/INFORMATION_SCHEMA/i,
'--%20',
'-- ',
'%2Fscript%3E',
'<script>', '</script>',
'<php>', '</php>',
'XDEBUG_SESSION_START',
'phpstorm',
'<php>',
'onload=confirm',
'HelloThinkCMF',
'XDEBUG_SESSION_START']

DEFAULT_BODIES =

[]

VERSION =

'1.2.0'

Class Attribute Summary

• .bodies ⇒ Object

  Returns the value of attribute bodies.

• .checks ⇒ Object

  Returns the value of attribute checks.

• .paths ⇒ Object

  Returns the value of attribute paths.

• .queries ⇒ Object

  Returns the value of attribute queries.

• .responder ⇒ Object

  Returns the value of attribute responder.

Class Method Summary

• .evil?(req) ⇒ Boolean
• .template ⇒ Object

Class Attribute Details

.bodies ⇒ Object

Returns the value of attribute bodies.

# File 'lib/rack/shield.rb', line 85

def bodies
  @bodies
end

.checks ⇒ Object

Returns the value of attribute checks.

# File 'lib/rack/shield.rb', line 85

def checks
  @checks
end

.paths ⇒ Object

Returns the value of attribute paths.

# File 'lib/rack/shield.rb', line 85

def paths
  @paths
end

.queries ⇒ Object

Returns the value of attribute queries.

# File 'lib/rack/shield.rb', line 85

def queries
  @queries
end

.responder ⇒ Object

Returns the value of attribute responder.

# File 'lib/rack/shield.rb', line 85

def responder
  @responder
end

Class Method Details

.evil?(req) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rack/shield.rb', line 87

def evil?(req)
  evil_paths?(req) || evil_queries?(req) || evil_checks?(req) || evil_bodies?(req)
end

.template ⇒ Object

# File 'lib/rack/shield.rb', line 91

def template
  Pathname.new(__FILE__).dirname.join('..', '..', '..', 'templates', 'shield.html')
end