RASP compatibility matrix

Sqreen’s Runtime Application Self-Protection (RASP) inside the Sqreen Microagent protects your application from real-time attacks from within the app’s own runtime environment. To do this, RASP uses specific libraries to guard your app from each threat or vulnerability.

Listed below are the threats and vulnerabilities RASP guards against and the libraries upon which it depends.

Node.js microagent

Threat or vulnerability Supported libraries
Remote Code Execution (RCE) -
Local File Inclusion (LFI) language built-ins
NoSQL Injection mongodb-core, mongodb
Reflected Cross-site Scripting (XSS) jade
Shellshock language built-ins
Shell Injection language built-ins
SQL Injection mysql2, mysql, pg, sqlite3
Server-side Request Forgery (SSRF) language built-ins
XML External Entity (XXE) -

Ruby microagent

Threat or vulnerability Supported libraries
Remote Code Execution (RCE) language built-ins
Local File Inclusion (LFI) -
NoSQL Injection Mongo, Mongoid
Reflected Cross-site Scripting (XSS) ActionView, Haml, Slim, Temple
Shellshock language built-ins
Shell Injection language built-ins
SQL Injection ActiveRecord
Server-side Request Forgery (SSRF) -
XML External Entity (XXE) -

PHP microagent

Threat or vulnerability Supported libraries
Remote Code Execution (RCE) language built-ins
Local File Inclusion (LFI) language built-ins
NoSQL Injection MongoDB
Reflected Cross-site Scripting (XSS) language built-ins
Shellshock -
Shell Injection language built-ins
SQL Injection language built-ins
Server-side Request Forgery (SSRF) -
XML External Entity (XXE) language built-ins
Doctrine Query Language (DQL) Injection Doctrine\ORM

Java microagent

Threat or vulnerability Supported libraries
Remote Code Execution (RCE) javax.script.Compilable, javax.script.ScriptEngine
Local File Inclusion (LFI) language built-ins, sun.nio.ch
NoSQL Injection com.mongodb
Reflected Cross-site Scripting (XSS) freemarker, javax.servlet.jsp, org.apache.velocity, org.codehaus.groovy, org.grails, org.thymeleaf
Shellshock language built-ins
Shell Injection language built-ins
SQL Injection java.sql, javax.persistence, org.hibernate
Server-side Request Forgery (SSRF) Apache, Apache Fluent, java.net, HTTPUnit
XML External Entity (XXE) com.ctc.wstx, Xerces, com.sun.xml
Hibernate Query Language (HQL) injection javax.persistence.EntityManager, org.hibernate

Go microagent

Threat or vulnerability Supported libraries
Remote Code Execution (RCE) -
Local File Inclusion (LFI) os
NoSQL Injection -
Reflected Cross-site Scripting (XSS) -
Shellshock -
Shell Injection os
SQL Injection database/sql
Server-Side Request Forgery (SSRF) net/http
XML External Entity (XXE) -

Python microagent

Threat or vulnerability Supported libraries
Remote Code Execution (RCE) language built-ins
Local File Inclusion (LFI) language built-ins
NoSQL Injection pymongo
Reflected Cross-site Scripting (XSS) Django, Jinja2
Shellshock asyncio, gevent, language built-ins
Shell Injection asyncio, gevent, language built-ins
SQL Injection MySQLdb, psycopg2, pymysql, sqlite3
Server-side Request Forgery (SSRF) requests, urllib, urllib2, urllib3
XML External Entity (XXE) lxml, xml