2017-08-11 22:43:10 +00:00
|
|
|
title: Ruby on Rails framework exceptions
|
2017-08-06 20:57:52 +00:00
|
|
|
description: Detects suspicious Ruby on Rails exceptions that could indicate exploitation attempts
|
|
|
|
|
author: Thomas Patzke
|
2018-01-27 23:12:19 +00:00
|
|
|
references:
|
2017-08-06 20:57:52 +00:00
|
|
|
- http://edgeguides.rubyonrails.org/security.html
|
|
|
|
|
- http://guides.rubyonrails.org/action_controller_overview.html
|
|
|
|
|
- https://stackoverflow.com/questions/25892194/does-rails-come-with-a-not-authorized-exception
|
|
|
|
|
- https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb
|
|
|
|
|
logsource:
|
2017-08-11 22:43:10 +00:00
|
|
|
category: application
|
2017-08-06 20:57:52 +00:00
|
|
|
product: ruby_on_rails
|
|
|
|
|
detection:
|
|
|
|
|
keywords:
|
|
|
|
|
- ActionController::InvalidAuthenticityToken
|
|
|
|
|
- ActionController::InvalidCrossOriginRequest
|
|
|
|
|
- ActionController::MethodNotAllowed
|
|
|
|
|
- ActionController::BadRequest
|
|
|
|
|
- ActionController::ParameterMissing
|
|
|
|
|
condition: keywords
|
|
|
|
|
falsepositives:
|
|
|
|
|
- Application bugs
|
|
|
|
|
- Penetration testing
|
|
|
|
|
level: medium
|
|
|
|
|
|
