id: ruby-on-rails-framework-exceptions info: name: Ruby on Rails Framework Exceptions description: Detects suspicious Ruby on Rails exceptions that could indicate exploitation attempts author: geeknik reference: - http://edgeguides.rubyonrails.org/security.html - http://guides.rubyonrails.org/action_controller_overview.html - https://stackoverflow.com/questions/25892194/does-rails-come-with-a-not-authorized-exception - https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb severity: medium tags: file,logs,ruby,rails file: - extensions: - all extractors: - type: regex name: exception part: body regex: - 'ActionController\:\:InvalidAuthenticityToken' - 'ActionController::InvalidCrossOriginRequest' - 'ActionController::MethodNotAllowed' - 'ActionController::BadRequest' - 'ActionController::ParameterMissing'