class Sqreen::Rules::ShellEnvCB
Callback that detect nifty env in system calls
Public Instance Methods
pre(_inst, args, _budget = nil, &_block)
click to toggle source
# File lib/sqreen/rules/shell_env_cb.rb, line 12 def pre(_inst, args, _budget = nil, &_block) return if args.size == 0 env = args.first return unless env.is_a?(Hash) return if env.size == 0 found = nil var, value = env.find do |_, val| next unless val.is_a?(String) found = match_regexp(val) end return unless var infos = { :variable_name => var, :variable_value => value, :found => found, } Sqreen.log.warn { "presence of a shell env tampering: #{infos.inspect}" } record_event(infos) advise_action(:raise) end