JavaScript plugin system
Most of our detection algorithm are implemented in JavaScript plugin system, and it runs seamlessly on all supported platforms. A plugin method is called when a specific checkpoint is triggered in the agent, e.g SQL query, Directory discovery, File read/write/remove,/include File Upload, WebDAV, Load XML, OGNL execution, Command execution, Deserialization, HTTP Request.
A plugin should be placed in the following directory:
Java / Scala / Kotlin / Clojure / JS / TS agents: <app_home>/rasp/plugins
PHP / .NET / Python agents: <rasp_rootdir>/rasp/plugins
Since directory monitoring in Java agent, we will load/unload the plugin immediately when you add/remove a plugin. Also, only files with .js
extension is accepted.
A minimized plugin looks like the following:
const plugin_version = '2018-1000-1000'
const plugin_name = 'test-plugin'
'use strict'
var plugin = new RASP(plugin_name)
const clean = {
action: 'ignore',
message: 'Looks fine to me',
confidence: 0
}
plugin.register('sql', function (params, context) {
plugin.log('SQL query: ' + params.query)
return clean
})
plugin.log('plugin-demo: plugin loaded')
In the example above,
We've register a callback with
plugin.register
. The agent will pass in two parameters:params
: checkpoint parameters, complete SQL query, filename to read, ...context
: current HTTP request parameters, headers, url, ...
We logged the SQL query to
rasp/logs/plugin.log
We didn't block the request in the callback. Supported actions are:
block
: block and redirect the requestlog
: log the request and let it goignore
: ignore the request and don't log it
Available checkpoints and parameters
SQL query
type = sql
params = {
"server": "mysql / oracle / pgsql / mssql / sqlite",
"query": "select * from users",
}
Reading directory contents
type = directory
params = {
"path": "/home/servers/tomcat/webapps/mywar/../../../../../../../../../etc/",
"realpath": "/etc/",
"stack": [
"java.lang.ProcessBuilder.start",
"sun.reflect.NativeMethodAccessorImpl.invoke0",
"sun.reflect.NativeMethodAccessorImpl.invoke",
"sun.reflect.DelegatingMethodAccessorImpl.invoke",
...
]
}
Reading files
Writing files
Including files
WebDAV requests (Java only)
File uploading
Renaming files
Command execution
Loading XML entities
OGNL execution
Deserialization
HTTP request
COPYRIGHT (C) 2014-2022 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.
COPYRIGHT (C) 2015-2024 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.