OpenRASP v0.30 has been released, OpenRASP is a free, open source adaptive security product launched by Baidu Security. This update is as follows:
major changes
Java version
Debug switch configuration option, changed from debug_level to debug.level
new features
Added support for PHP 5.X
Linux 5.3 ~ 5.6
Windows 5.6 (thread safe version only)
Mac homebrew PHP 5.6
PHP Security Baseline Check
INI Configuration Audit
Database connection account audit
Features supported by other PHP versions
SQL slow query auditing
Test case enhancements
Add easy navigation page
Unified increase of clickable links to reduce dependence on the command line
Added PHP version performance test report
API changes
directory hook point, add stack parameter
ssrf hook point, add ip parameter
Algorithm Improvement
SQLi detection algorithm enhancements
Added detection for UNION NULL statement
Statement specification checking algorithm, intercept common blind injection functions, eg ord, chr
Add control switch separately for database manager detection algorithm
Java - Deserialization Detection
Block attack code that executes commands via ysoserial
PHP - Added detection for Chinese kitchen knives
Identify exceptions based on the stack, intercept file managers, command execution operations
Based on user input recognition, some samples can be directly intercepted, eg <?php eval($_POST[0]); ?>
PHP - Intercept exception callback operations, eg array_map("system", $whatever)
For details on which callbacks to intercept, please refer to the default configuration of openrasp.callable_blacklists
BUG fix
SQLi Algorithm #1 - When the user input is a pure number and appears multiple times in the SQL statement, a false positive will be generated, which has been resolved