File Coverage

lib/ThreatDetector/Handlers/DirectoryTraversal.pm

Criterion	Covered	Total	%
statement	21	21	100.0
branch	1	2	50.0
condition			n/a
subroutine	7	7	100.0
pod	0	2	0.0
total	29	32	90.6

line	stmt	bran	sub	pod	time	code
1						package ThreatDetector::Handlers::DirectoryTraversal;
2
3	3		3		83980	use strict;
	3				5
	3				121
4	3		3		17	use warnings;
	3				5
	3				305
5	3		3		20	use Exporter 'import';
	3				7
	3				155
6	3		3		681	use JSON;
	3				17039
	3				19
7	3		3		471	use Time::HiRes qw(gettimeofday);
	3				6
	3				21
8
9						our $VERBOSE = 0;
10						our @EXPORT_OK = qw(handle_directory_traversal get_directory_traversal_events);
11						our @DIRECTORY_TRAVERSAL_EVENTS;
12						our $VERSION = '0.04';
13
14						sub handle_directory_traversal {
15	1		1	0	157976	my ($entry) = @_;
16	1				11	my ($sec, $micro) = gettimeofday();
17
18						my $alert = {
19						timestamp => "$sec.$micro",
20						type => 'directory_traversal',
21						ip => $entry->{ip},
22						method => $entry->{method},
23						uri => $entry->{uri},
24						status => $entry->{status},
25						user_agent => $entry->{user_agent},
26	1				17	};
27	1				4	push @DIRECTORY_TRAVERSAL_EVENTS, $alert;
28	1	50			6	print encode_json($alert) . "\n" if $VERBOSE;
29						}
30
31						sub get_directory_traversal_events {
32	1		1	0	9	return @DIRECTORY_TRAVERSAL_EVENTS;
33						}
34
35						1;
36
37
38						=head1 NAME
39
40						ThreatDetector::Handlers::DirectoryTraversal - Handler for directory traversal attempts
41
42						=head1 SYNOPSIS
43
44						use ThreatDetector::Handlers::DirectoryTraversal qw(handle_directory_traversal);
45
46						handle_directory_traversal($entry);
47
48						=head1 DESCRIPTION
49
50						Prints a JSON alert for requests containing suspected directory traversal patterns such as `../`, URL-encoded traversal attempts, or sensitive path access. These attacks aim to access unauthorized files outside the web root.
51
52						=head1 AUTHOR
53
54						Jason Hall
55
56						=cut