29 lines
990 B
YAML
29 lines
990 B
YAML
|
id: ruby-on-rails-framework-exceptions
|
||
|
|
|
||
|
|
info:
|
||
|
|
name: Ruby on Rails Framework Exceptions
|
||
|
|
description: Detects suspicious Ruby on Rails exceptions that could indicate exploitation attempts
|
||
|
|
author: geeknik
|
||
|
|
reference:
|
||
|
|
- http://edgeguides.rubyonrails.org/security.html
|
||
|
|
- http://guides.rubyonrails.org/action_controller_overview.html
|
||
|
|
- https://stackoverflow.com/questions/25892194/does-rails-come-with-a-not-authorized-exception
|
||
|
|
- https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb
|
||
|
|
severity: medium
|
||
|
|
tags: file,logs,ruby,rails
|
||
|
|
|
||
|
|
file:
|
||
|
|
- extensions:
|
||
|
|
- all
|
||
|
|
|
||
|
|
extractors:
|
||
|
|
- type: regex
|
||
|
|
name: exception
|
||
|
|
part: body
|
||
|
|
regex:
|
||
|
|
- 'ActionController\:\:InvalidAuthenticityToken'
|
||
|
|
- 'ActionController::InvalidCrossOriginRequest'
|
||
|
|
- 'ActionController::MethodNotAllowed'
|
||
|
|
- 'ActionController::BadRequest'
|
||
|
|
- 'ActionController::ParameterMissing'
|