Security Hub

Bring your software development workflows to security

icon-shelli

Command injection

Signals & Triggers

On command execution
If user inputs are matched in the command

Actions

  • Block the HTTP request Block the HTTP request
  • Log request stack trace Log request stack trace
  • Log the malicious request Log the malicious request
  • Report an incident Report an incident

Notifications

  • Send an email to all team members Send an email to all team members
  • Send a Slack notification. Send a Slack notification.
  • POST to your Webhook. POST to your Webhook.
  • Send to New Relic Insights. Send to New Relic Insights.
  • Create an incident on PagerDuty (coming soon) Create an incident on PagerDuty (coming soon)

Details

When an application relies on shell commands to perform transactions, it can lead to critical vulnerabilities, giving an attacker a way to access the underlying OS.

Let’s take a simple example: ls -l $directory_name. Assuming directory_name comes from the user input. Sending .; cat /etc/passwd will result in: ls .; cat /etc/passwd. The attacker just managed to extract highly sensitive server data through a simple injection.

Sqreen can detect and block HTTP requests vulnerable to command injections, without false positive by acting in-app.

Advanced details

On every command execution triggered by an HTTP request, Sqreen parses locally the shellcode about to be executed. It will look for non-sanitized commands - ls, touch, cat, rm, … - coming from user inputs that inject executable commands. They would allow attackers to perform arbitrary operations on the server.

No traffic redirection is performed. The analysis of the script happens inside the application thanks to Sqreen’s dynamic instrumentation of the system libraries.

By being in-app and running just before the Shell script is sent to the OS - the very last step in your app - we can guarantee zero false positives in the detection and protection of command injections.

Language support

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen

Signals

No data collected


On attack
  • Request payload
  • Attacker IP
  • Attacker account (Sqreen SDK)
  • Stack trace

Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Node.js
  • Ruby
  • PHP
  • Python
  • Java
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json

 

// This should be the first line of your app

require('sqreen');

$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" >> config/sqreen.yml

$ curl -s https://download.sqreen.io/php/install.sh > sqreen-install.sh && bash sqreen-install.sh your token

$ pip install sqreen

$ echo -e '[sqreen]\ntoken: your token' >> sqreen.ini

 

# Insert at the top of your app file (typically wsgi.py or app.py)

import sqreen

sqreen.start()

$ curl https://download.sqreen.io/java/sqreen-latest-all.jar -o sqreen-latest-all.jar

 

// Next, edit the JVM startup file:

-javaagent:/path/to/sqreen-agent.jar -Dsqreen.token={{your token}}

Build amazing products. Keep them safe.

3 min installation · Try all features for 7 days · No credit card required Get started Request demo