RASP compatibility matrix

Sqreen’s Runtime Application Self-Protection (RASP) inside the Sqreen Microagent protects your application from real-time attacks from within the app’s own runtime environment. To do this, RASP uses specific libraries to guard your app from each threat or vulnerability.

Listed below are the threats and vulnerabilities RASP guards against and the libraries upon which it depends.

Node.js microagent

Threat or vulnerability	Supported libraries
Remote Code Execution (RCE)	-
Local File Inclusion (LFI)	language built-ins
NoSQL Injection	mongodb-core, mongodb
Reflected Cross-site Scripting (XSS)	jade
Shellshock	language built-ins
Shell Injection	language built-ins
SQL Injection	mysql2, mysql, pg, sqlite3
Server-side Request Forgery (SSRF)	language built-ins
XML External Entity (XXE)	-

Ruby microagent

Threat or vulnerability	Supported libraries
Remote Code Execution (RCE)	language built-ins
Local File Inclusion (LFI)	-
NoSQL Injection	Mongo, Mongoid
Reflected Cross-site Scripting (XSS)	ActionView, Haml, Slim, Temple
Shellshock	language built-ins
Shell Injection	language built-ins
SQL Injection	ActiveRecord
Server-side Request Forgery (SSRF)	-
XML External Entity (XXE)	-

PHP microagent

Threat or vulnerability	Supported libraries
Remote Code Execution (RCE)	language built-ins
Local File Inclusion (LFI)	language built-ins
NoSQL Injection	MongoDB
Reflected Cross-site Scripting (XSS)	language built-ins
Shellshock	-
Shell Injection	language built-ins
SQL Injection	language built-ins
Server-side Request Forgery (SSRF)	-
XML External Entity (XXE)	language built-ins
Doctrine Query Language (DQL) Injection	Doctrine\ORM

Java microagent

Threat or vulnerability	Supported libraries
Remote Code Execution (RCE)	javax.script.Compilable, javax.script.ScriptEngine
Local File Inclusion (LFI)	language built-ins, sun.nio.ch
NoSQL Injection	com.mongodb
Reflected Cross-site Scripting (XSS)	freemarker, javax.servlet.jsp, org.apache.velocity, org.codehaus.groovy, org.grails, org.thymeleaf
Shellshock	language built-ins
Shell Injection	language built-ins
SQL Injection	java.sql, javax.persistence, org.hibernate
Server-side Request Forgery (SSRF)	Apache, Apache Fluent, java.net, HTTPUnit
XML External Entity (XXE)	com.ctc.wstx, Xerces, com.sun.xml
Hibernate Query Language (HQL) injection	javax.persistence.EntityManager, org.hibernate

Go microagent

Threat or vulnerability	Supported libraries
Remote Code Execution (RCE)	-
Local File Inclusion (LFI)	os
NoSQL Injection	-
Reflected Cross-site Scripting (XSS)	-
Shellshock	-
Shell Injection	os
SQL Injection	database/sql
Server-Side Request Forgery (SSRF)	net/http
XML External Entity (XXE)	-

Python microagent

Threat or vulnerability	Supported libraries
Remote Code Execution (RCE)	language built-ins
Local File Inclusion (LFI)	language built-ins
NoSQL Injection	pymongo
Reflected Cross-site Scripting (XSS)	Django, Jinja2
Shellshock	asyncio, gevent, language built-ins
Shell Injection	asyncio, gevent, language built-ins
SQL Injection	MySQLdb, psycopg2, pymysql, sqlite3
Server-side Request Forgery (SSRF)	requests, urllib, urllib2, urllib3
XML External Entity (XXE)	lxml, xml