RASP compatibility matrix¶ Sqreen’s Runtime Application Self-Protection (RASP) inside the Sqreen Microagent protects your application from real-time attacks from within the app’s own runtime environment. To do this, RASP uses specific libraries to guard your app from each threat or vulnerability. Listed below are the threats and vulnerabilities RASP guards against and the libraries upon which it depends. Node.js microagent¶ Threat or vulnerability Supported libraries Remote Code Execution (RCE) - Local File Inclusion (LFI) language built-ins NoSQL Injection mongodb-core, mongodb Reflected Cross-site Scripting (XSS) jade Shellshock language built-ins Shell Injection language built-ins SQL Injection mysql2, mysql, pg, sqlite3 Server-side Request Forgery (SSRF) language built-ins XML External Entity (XXE) - Ruby microagent¶ Threat or vulnerability Supported libraries Remote Code Execution (RCE) language built-ins Local File Inclusion (LFI) - NoSQL Injection Mongo, Mongoid Reflected Cross-site Scripting (XSS) ActionView, Haml, Slim, Temple Shellshock language built-ins Shell Injection language built-ins SQL Injection ActiveRecord Server-side Request Forgery (SSRF) - XML External Entity (XXE) - PHP microagent¶ Threat or vulnerability Supported libraries Remote Code Execution (RCE) language built-ins Local File Inclusion (LFI) language built-ins NoSQL Injection MongoDB Reflected Cross-site Scripting (XSS) language built-ins Shellshock - Shell Injection language built-ins SQL Injection language built-ins Server-side Request Forgery (SSRF) - XML External Entity (XXE) language built-ins Doctrine Query Language (DQL) Injection Doctrine\ORM Java microagent¶ Threat or vulnerability Supported libraries Remote Code Execution (RCE) javax.script.Compilable, javax.script.ScriptEngine Local File Inclusion (LFI) language built-ins, sun.nio.ch NoSQL Injection com.mongodb Reflected Cross-site Scripting (XSS) freemarker, javax.servlet.jsp, org.apache.velocity, org.codehaus.groovy, org.grails, org.thymeleaf Shellshock language built-ins Shell Injection language built-ins SQL Injection java.sql, javax.persistence, org.hibernate Server-side Request Forgery (SSRF) - XML External Entity (XXE) com.ctc.wstx, Xerces, com.sun.xml Hibernate Query Language (HQL) injection javax.persistence.EntityManager, org.hibernate Go microagent¶ Threat or vulnerability Supported libraries Remote Code Execution (RCE) - Local File Inclusion (LFI) - NoSQL Injection - Reflected Cross-site Scripting (XSS) - Shellshock - Shell Injection - SQL Injection language built-in: database/sql Server-side Request Forgery (SSRF) - XML External Entity (XXE) - Python microagent¶ Threat or vulnerability Supported libraries Remote Code Execution (RCE) language built-ins Local File Inclusion (LFI) language built-ins NoSQL Injection pymongo Reflected Cross-site Scripting (XSS) Django, Jinja2 Shellshock asyncio, gevent, language built-ins Shell Injection asyncio, gevent, language built-ins SQL Injection MySQLdb, psycopg2, pymysql, sqlite3 Server-side Request Forgery (SSRF) requests, urllib, urllib2, urllib3 XML External Entity (XXE) lxml, xml