class Sqreen::Rules::ShellEnvCB

Callback that detect nifty env in system calls

Public Instance Methods

pre(_inst, args, _budget = nil, &_block) click to toggle source
# File lib/sqreen/rules/shell_env_cb.rb, line 12
def pre(_inst, args, _budget = nil, &_block)
  return if args.size == 0
  env = args.first
  return unless env.is_a?(Hash)
  return if env.size == 0
  found = nil
  var, value = env.find do |_, val|
    next unless val.is_a?(String)
    found = match_regexp(val)
  end
  return unless var
  infos = {
    :variable_name => var,
    :variable_value => value,
    :found => found,
  }
  Sqreen.log.warn { "presence of a shell env tampering: #{infos.inspect}" }
  record_event(infos)
  advise_action(:raise)
end