baidu/openrasp v0.21

Version 0.21

on GitHub

中文说明

• v0.21 发版纪要
• OpenRASP v0.21 发布 | 拖库检测与数据安全
  

Breaking Changes

• Separation of security baseline vialotion logs
  • Make it easier to manage different types of alarm logs
  • User must manually remove rasp/conf/rasp-log4j.xml prior to agent upgrade

New Features

• Detect LFI/SSRF exploit via jstl-import method
• Add support of DB2 database server
  • Only tested on version 9.7 and 10.5
• Security baseline feature enhancements
  • Audit database accounts, e.g connect to MySQL with root user
• Add slow query detection, e.g read 500+ rows with SELECT statement
• Support TCP syslog transmission

Algorithm improvemnts

• Release SQLi detection algorithm No.2 (configurable)
  • Detect stacked queries, e.g SELECT 123; SELECT 456;
  • Detect hex string representations, e.g load_file(0x41424344)
  • Detect OS version number, e.g /*!12345
  • Detect numeric constant comparsion, e.g SELECT 1 FROM dual WHERE 8778 <> 8778
  • Detect usage of blacklisted functions, e.g load_file, pg_sleep, ...