Module: Marshal

Defined in:
lib/paraxial/initializers/marshal_patch.rb

Class Method Summary collapse

Class Method Details

.load(source, proc = nil) ⇒ Object 



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/paraxial/initializers/marshal_patch.rb', line 6

def load(source, proc = nil)
  exg = Paraxial.configuration&.exploit_guard || nil
  if [:monitor, :block].include?(exg)
    if source.is_a?(String) && source.match?(/ActionView|Net::BufferedIO|ERB/)
      puts "[Paraxial] Exploit Guard triggered, malicious input to Marshal.load"
      puts source

      m = {
        "api_key" => Paraxial::Helpers.get_api_key,
        "mode" => exg,
        "message" =>  "Marshal.load exploit behavior detected: #{Base64.encode64(source)}"
      }
      headers = { 'Content-Type': 'application/json' }
      uri = URI.parse(Paraxial::Helpers.get_exploit_url)
      Thread.new do
        Net::HTTP.post(uri, m.to_json, headers)
      end
      if exg == :monitor
        original_load(source, proc)
      else
        :block
      end
    else
      original_load(source, proc)
    end
  else
    original_load(source, proc)
  end
end

.original_loadObject 



4
 
# File 'lib/paraxial/initializers/marshal_patch.rb', line 4

alias_method :original_load, :load