File Coverage

lib/ThreatDetector/Handlers/XSS.pm

Criterion	Covered	Total	%
statement	21	21	100.0
branch	1	2	50.0
condition	2	2	100.0
subroutine	7	7	100.0
pod	0	2	0.0
total	31	34	91.1

line	stmt	bran	cond	sub	pod	time	code
1							package ThreatDetector::Handlers::XSS;
2
3	3			3		79984	use strict;
	3					6
	3					110
4	3			3		22	use warnings;
	3					7
	3					157
5	3			3		13	use Exporter 'import';
	3					7
	3					108
6	3			3		524	use JSON;
	3					15053
	3					18
7	3			3		2640	use Time::HiRes qw(gettimeofday);
	3					8
	3					22
8
9							our $VERBOSE = 0;
10							our @EXPORT_OK = qw(handle_xss get_xss_events);
11							our @XSS_EVENTS;
12							our $VERSION = '0.04';
13
14							sub handle_xss {
15	3			3	0	140065	my ($entry) = @_;
16	3					10	my ($sec, $micro) = gettimeofday();
17
18							my $alert = {
19							timestamp => "$sec.$micro",
20							type => 'xss_attempt',
21							ip => $entry->{ip},
22							method => $entry->{method},
23							uri => $entry->{uri},
24							status => $entry->{status},
25							user_agent => $entry->{user_agent},
26	3		100			32	referer => $entry->{referer} \|\| '',
27							};
28
29	3					5	push @XSS_EVENTS, $alert;
30	3	50				13	print encode_json($alert) . "\n" if $VERBOSE;
31							}
32
33							sub get_xss_events {
34	2			2	0	9	return @XSS_EVENTS;
35							}
36
37							1;
38
39							=head1 NAME
40
41							ThreatDetector::Handlers::XSS - Handler for cross-site scripting (XSS) attempts
42
43							=head1 SYNOPSIS
44
45							use ThreatDetector::Handlers::XSS qw(handle_xss);
46
47							handle_xss($entry);
48
49							=head1 DESCRIPTION
50
51							Emits a JSON alert when a log entry indicates a potential cross-site scripting (XSS) attack based on common payload patterns such as `