contrast-agent 3.9.1 → 6.15.3

data/lib/contrast/agent/protect/rule/utils/filters.rb

@@ -0,0 +1,110 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Protect
+      module Rule
+        # Module to hold required generic filters (prefilter, infilter, postfilter)
+        module Filters
+          POSTFILTER_MODES = Set.new(%i[BLOCK MONITOR]).cs__freeze
+
+          # Actions required for the rules that have to happen before the
+          # application has completed its processing of the request.
+          #
+          # For most rules, these actions are performed within the analysis
+          # engine and communicated as an input analysis result. Those that
+          # require specific action need to provide that action.
+          #
+          # @param context [Contrast::Agent::RequestContext] the context for
+          #   the current request
+          def prefilter context
+            return unless prefilter?(context)
+
+            ia_results = gather_ia_results(context)
+
+            ia_results.each do |ia_result|
+              result = build_attack_result(context)
+              build_attack_without_match(context, ia_result, result)
+              append_to_activity(context, result)
+
+              cef_logging(result, :successful_attack)
+              raise(Contrast::SecurityException.new(self, block_message)) if blocked?
+            end
+          end
+
+          # Prefilter check always called before infilter to check if the rule is infilter
+          # capable, not disabled or in other way excluded by url or input exclusions.
+          #
+          # @param context [Contrast::Agent::RequestContext]
+          # @return [Boolean]
+          def prefilter? context
+            return false unless context
+            return false unless enabled?
+            return false unless (results = gather_ia_results(context)) && results.any?
+            return false if protect_excluded_by_url?(rule_name, context.request.path)
+            return false if protect_excluded_by_input?(results, context.request.path)
+
+            true
+          end
+
+          # This should only ever be called directly from patched code and will
+          # have a different implementation based on the rule. As such, there
+          # is not parent implementation.
+          #
+          # @param _context [Contrast::Agent::RequestContext] the context for
+          #   the current request
+          # @param _match_string [String] the input that violated the rule and
+          #   matched the attack detection logic
+          # @param _kwargs [Hash] key-value pairs used by the rule to build a
+          #   report.
+          def infilter _context, _match_string, **_kwargs; end
+
+          # Infilter check always called before infilter to check if the rule is infilter
+          # capable, not disabled or in other way excluded by url or input exclusions.
+          #
+          # @param context [Contrast::Agent::RequestContext]
+          # @return [Boolean]
+          def infilter? context
+            return false unless enabled?
+            return false unless (results = gather_ia_results(context)) && results.any?
+            return false if protect_excluded_by_url?(rule_name, context.request.path)
+            return false if protect_excluded_by_input?(results, context.request.path)
+
+            true
+          end
+
+          # Actions required for the rules that have to happen after the
+          # application has completed its processing of the request.
+          #
+          # Any implementation here needs to account for the fact that
+          # responses may be streaming and, as such, transformations of the
+          # response itself may not be permissible.
+          #
+          # Override for rules that need the response
+          # Currently postfilter can be applied to streamed responses, if any logic within postfilter changes to modify
+          # the response streamed responses will break
+          #
+          # @param context [Contrast::Agent::RequestContext]
+          # @raise [Contrast::SecurityException]
+          def postfilter context
+            return unless enabled? && POSTFILTER_MODES.include?(mode)
+            return false if protect_excluded_by_url?(rule_name, context.request.path)
+            return if protect_excluded_by_input?(gather_ia_results(context), context.request.path)
+
+            return if mode == :NO_ACTION || mode == :PERMIT
+
+            result = find_postfilter_attacker(context, nil)
+            return unless result&.samples&.any?
+
+            cef_logging(result)
+            append_to_activity(context, result)
+            return unless result.response == :BLOCKED
+
+            raise(Contrast::SecurityException.new(self, "#{ rule_name } triggered in postfilter. Response blocked."))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/protect/rule/xss/reflected_xss_input_classification.rb

@@ -0,0 +1,58 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/input_classification_base'
+
+module Contrast
+  module Agent
+    module Protect
+      module Rule
+        # The Ruby implementation of the Protect Reflected XSS rule
+        # Input classification
+        module ReflectedXssInputClassification
+          REFLECTED_XSS_MATCH = 'reflected-xss-input-tracing-v1'.cs__freeze
+          WORTHWATCHING_MATCH = 'xss-worth-watching-v2'.cs__freeze
+          class << self
+            include InputClassificationBase
+
+            private
+
+            # This methods checks if input is tagged WORTHWATCHING or IGNORE matches value with it's
+            # key if needed and Creates new isntance of InputAnalysisResult.
+            #
+            # @param request [Contrast::Agent::Request] the current request context.
+            # @param rule_id [String] The name of the Protect Rule.
+            # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
+            # @param value [String, Array<String>] the value of the input.
+            #
+            # @return res [Contrast::Agent::Reporting::InputAnalysisResult]
+            def create_new_input_result request, rule_id, input_type, value
+              return unless Contrast::AGENT_LIB
+
+              input_eval = Contrast::AGENT_LIB.eval_input(value,
+                                                          convert_input_type(input_type),
+                                                          Contrast::AGENT_LIB.rule_set[rule_id],
+                                                          Contrast::AGENT_LIB.
+                                                            eval_option[:PREFER_WORTH_WATCHING])
+
+              score = input_eval&.score || 0
+              ia_result = new_ia_result(rule_id, input_type, request.path, value)
+              if score >= THRESHOLD
+                ia_result.score_level = DEFINITEATTACK
+                ia_result.ids << REFLECTED_XSS_MATCH
+              elsif score >= WORTHWATCHING_THRESHOLD
+                ia_result.score_level = WORTHWATCHING
+                ia_result.ids << WORTHWATCHING_MATCH
+              else
+                ia_result.score_level = IGNORE
+              end
+
+              add_needed_key(request, ia_result, input_type, value)
+              ia_result
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/protect/rule/xss/xss.rb

@@ -0,0 +1,50 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/protect/rule/base'
+require 'contrast/agent/protect/rule/xss/reflected_xss_input_classification'
+require 'contrast/agent/reporting/input_analysis/input_type'
+
+module Contrast
+  module Agent
+    module Protect
+      module Rule
+        # The Ruby implementation of the Protect Cross-Site Scripting rule.
+        class Xss < Contrast::Agent::Protect::Rule::Base
+          include Contrast::Agent::Reporting::InputType
+          NAME = 'reflected-xss'
+          BLOCK_MESSAGE = 'XSS rule triggered. Response blocked.'
+
+          APPLICABLE_USER_INPUTS = [
+            BODY, PARAMETER_NAME, PARAMETER_VALUE, JSON_VALUE,
+            MULTIPART_VALUE, MULTIPART_FIELD_NAME, XML_VALUE,
+            DWR_VALUE, URI, QUERYSTRING
+          ].cs__freeze
+
+          def rule_name
+            NAME
+          end
+
+          def block_message
+            BLOCK_MESSAGE
+          end
+
+          # XSS Upload input classification
+          #
+          # @return [module<Contrast::Agent::Protect::Rule::ReflectedXssInputClassification>]
+          def classification
+            @_classification ||= Contrast::Agent::Protect::Rule::ReflectedXssInputClassification.cs__freeze
+          end
+
+          def stream_safe?
+            false
+          end
+
+          def applicable_user_inputs
+            APPLICABLE_USER_INPUTS
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 module Contrast
@@ -11,6 +11,20 @@ module Contrast
           class EntityWrapper
             attr_reader :system_id, :public_id
 
+            DTD_MARKER =   '.dtd'
+            FILE_START =   'file:'
+            FTP_START =    'ftp:'
+            GOPHER_START = 'gopher:'
+            JAR_START =    'jar:'
+            UP_DIR_LINUX = '../'
+            UP_DIR_WIN =   '..\\'
+            # <!ENTITY name SYSTEM "URI">
+            SYSTEM_ID_REGEXP = /<!ENTITY\s+(?<name>[a-zA-Z0-f]+)\s+SYSTEM\s+"(?<id>.*?)">/.cs__freeze
+            # <!ENTITY name PUBLIC "public_ID" "URI">
+            PUBLIC_ID_REGEXP = /<!ENTITY\s+(?<name>[a-zA-Z0-f]+)\s+PUBLIC\s+".*?"\s+"(?<id>.*?)">/.cs__freeze
+            # we only use this against lowercase strings, removed A-Z for speed
+            FILE_PATTERN_WINDOWS = /^\\*[a-z]{1,3}:.*/.cs__freeze
+
             def initialize entity
               @system_id = parse_system_id(entity)
               # an entity cannot be system and public
@@ -18,37 +32,28 @@ module Contrast
             end
 
             def external_entity?
-              @_external_entity ||= begin
-                return external_id?(@system_id) if @system_id
-                return external_id?(@public_id) if @public_id
-
-                false
+              if @_external_entity.nil?
+                @_external_entity ||= if @system_id
+                                        external_id?(@system_id)
+                                      elsif @public_id
+                                        external_id?(@public_id)
+                                      else
+                                        false
+                                      end
               end
+              @_external_entity
             end
 
-            # <!ENTITY name SYSTEM "URI">
-            SYSTEM_ID_REGEXP = /<!ENTITY\s+([a-zA-Z0-f]+)\s+SYSTEM\s+"(?<id>.*?)">/.cs__freeze
             def parse_system_id entity
               match = SYSTEM_ID_REGEXP.match(entity)
               match[:id] if match
             end
 
-            # <!ENTITY name PUBLIC "public_ID" "URI">
-            PUBLIC_ID_REGEXP = /<!ENTITY\s+([a-zA-Z0-f]+)\s+PUBLIC\s+".*?"\s+"(?<id>.*?)">/.cs__freeze
             def parse_public_id entity
               match = PUBLIC_ID_REGEXP.match(entity)
               match[:id] if match
             end
 
-            DTD_MARKER =   '.dtd'
-            FILE_START =   'file:'
-            FTP_START =    'ftp:'
-            GOPHER_START = 'gopher:'
-            JAR_START =    'jar:'
-            UP_DIR_LINUX = '../'
-            UP_DIR_WIN =   '..\\'
-            # we only use this against lowercase strings, removed A-Z for speed
-            FILE_PATTERN_WINDOWS = /^[\\\\]*[a-z]{1,3}:.*/.cs__freeze
             def external_id? entity_id
               return false unless entity_id
 
@@ -61,8 +66,7 @@ module Contrast
               return true if http && !tmp_id.end_with?(DTD_MARKER)
 
               # external if using external protocol
-              return true if tmp_id.start_with?(FTP_START, FILE_START,
-                                                JAR_START, GOPHER_START)
+              return true if tmp_id.start_with?(FTP_START, FILE_START, JAR_START, GOPHER_START)
 
               # external if start with path marker (/ or .)
               return true if tmp_id.start_with?(Contrast::Utils::ObjectShare::SLASH,

data/lib/contrast/agent/protect/rule/xxe/xxe.rb

@@ -0,0 +1,149 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/protect/rule/base'
+require 'contrast/agent/reporting/details/xxe_details'
+require 'contrast/agent/reporting/details/xxe_match'
+require 'contrast/agent/reporting/details/xxe_wrapper'
+require 'contrast/utils/timer'
+require 'contrast/components/logger'
+
+module Contrast
+  module Agent
+    module Protect
+      module Rule
+        # Implementation of the XXE Protect Rule used to evaluate XML calls for exploit
+        # of unsafe external entity resolution.
+        class Xxe < Contrast::Agent::Protect::Rule::Base
+          include Contrast::Components::Logger::InstanceMethods
+          INPUT_NAME = 'XML Prolog'
+
+          NAME = 'xxe'
+          BLOCK_MESSAGE = 'XXE rule triggered. Response blocked.'
+          EXTERNAL_ENTITY_PATTERN = /<!ENTITY\s+[a-zA-Z0-f]+\s+(?:SYSTEM|PUBLIC)\s+(.*?)>/.cs__freeze
+
+          def rule_name
+            NAME
+          end
+
+          # Given an xml, evaluate it for an XXE attack. There's no return here
+          # as this method handles appending the evaluation to the request
+          # context, connecting it to the reporting mechanism at request end.
+          #
+          # @param context [Contrast::Agent::RequestContext] the context of the
+          #   request in which this input is evaluated.
+          # @param framework [Object] the name of the Parser being used.
+          # @param xml [Object] the container of the XML to be checked.
+          # @raise [Contrast::SecurityException] Security exception if an XXE
+          #   attack is found and the rule is in block mode.
+          def infilter context, framework, xml
+            return if protect_excluded_by_url?(rule_name, context.request.path)
+
+            result = find_attacker(context, xml, framework: framework)
+            return unless result
+
+            append_to_activity(context, result)
+            return unless blocked?
+
+            cef_logging(result, :successful_attack, value: xml)
+            raise(Contrast::SecurityException.new(self, BLOCK_MESSAGE))
+          end
+
+          protected
+
+          # Given an XML, find any externally resolved entities and create an
+          # Attack Result for them
+          #
+          # @param context [Contrast::Agent::RequestContext] the context of the
+          #   request in which this input is evaluated.
+          # @param xml [String] the literal value of the XML being checked for
+          #   external entity resolution
+          # @param _kwargs [Hash]
+          # @return [Contrast::Agent::Reporting, nil] the determination
+          #   as to whether or not this XML has an XXE attack in it.
+          def find_attacker context, xml, **_kwargs
+            return unless xml
+
+            xxe_details = build_details(xml)
+            return unless xxe_details
+
+            ia_result = build_evaluation(xxe_details.xml)
+            build_attack_with_match(context, ia_result, nil, nil, details: xxe_details)
+          end
+
+          # Given an XML determined to be unsafe, build out the details of the
+          # attack. The details will include a substring of the given XML up to
+          # the end of the prolog, where the external entities are declared.
+          #
+          # @param xml [String] the literal value of the XML being checked for
+          #   external entity resolution
+          # @return [Contrast::Api::Dtm::XxeDetails] The details of
+          #   the XXE attack and the index of the last entity discovered
+          def build_details xml
+            last_idx = 0
+            ss = StringScanner.new(xml)
+            while ss.scan_until(EXTERNAL_ENTITY_PATTERN)
+              last_idx = ss.pos
+              entity_wrapper = Contrast::Agent::Protect::Rule::Xxe::EntityWrapper.new(ss.matched)
+              next unless entity_wrapper.external_entity?
+
+              xxe_details ||= Contrast::Agent::Reporting::Details::XxeDetails.new
+              xxe_details.declared_entities << build_match(ss)
+              xxe_details.entities_resolved << build_wrapper(entity_wrapper)
+            end
+            # For our definition, the prolog goes from the start of the XML
+            # string to the end of the last entity declaration.
+            xxe_details.xml = Contrast::Utils::StringUtils.protobuf_safe_string(xml[0, last_idx]) if xxe_details
+
+            xxe_details
+          end
+
+          def build_sample context, ia_result, _url, **kwargs
+            sample = build_base_sample(context, ia_result)
+            sample.user_input = build_user_input(ia_result)
+            sample.details = kwargs[:details]
+            sample
+          end
+
+          def build_user_input ia_result
+            input = Contrast::Agent::Reporting::UserInput.new
+            input.key = INPUT_NAME
+            input.input_type = :UNKNOWN
+            input.document_type = :XML
+            input.value = ia_result.value
+            input
+          end
+
+          private
+
+          # We know that this attack happened, so the result is always matched
+          # and the level is always critical. Only variable is the XML value
+          # supplied by the attacker.
+          #
+          # @return [Contrast::Agent::Reporting::InputAnalysisResult]
+          def build_evaluation xml
+            ia_result = Contrast::Agent::Reporting::InputAnalysisResult.new
+            ia_result.rule_id = rule_name
+            ia_result.input_type = :UNKNOWN
+            ia_result.value = Contrast::Utils::StringUtils.protobuf_safe_string(xml)
+            ia_result
+          end
+
+          def build_match string_scanner
+            match = Contrast::Agent::Reporting::Details::XxeMatch.new
+            match.end_idx = string_scanner.pos.to_i
+            match.start_idx = match.end_idx - string_scanner.matched_size
+            match
+          end
+
+          def build_wrapper entity_wrapper
+            wrapper = Contrast::Agent::Reporting::Details::XxeWrapper.new
+            wrapper.system_id = Contrast::Utils::StringUtils.protobuf_safe_string(entity_wrapper.system_id)
+            wrapper.public_id = Contrast::Utils::StringUtils.protobuf_safe_string(entity_wrapper.public_id)
+            wrapper
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/protect/rule.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 module Contrast
@@ -15,44 +15,37 @@ module Contrast
 end
 
 # The classes required for All Rasp Rules
-cs__scoped_require 'contrast/agent/protect/rule/base'
-cs__scoped_require 'contrast/agent/protect/rule/base_service'
+require 'contrast/agent/protect/rule/base'
 
 # The classes required for the XSS Rasp Rule
-cs__scoped_require 'contrast/agent/protect/rule/xss'
+require 'contrast/agent/protect/rule/xss/xss'
 
 # The classes required for the SQLI
-cs__scoped_require 'contrast/agent/protect/rule/default_scanner'
-cs__scoped_require 'contrast/agent/protect/rule/sqli'
-cs__scoped_require 'contrast/agent/protect/rule/sqli/default_sql_scanner'
-cs__scoped_require 'contrast/agent/protect/rule/sqli/mysql_sql_scanner'
-cs__scoped_require 'contrast/agent/protect/rule/sqli/postgres_sql_scanner'
-cs__scoped_require 'contrast/agent/protect/rule/sqli/sqlite_sql_scanner'
+require 'contrast/agent/protect/rule/default_scanner'
+require 'contrast/agent/protect/rule/sqli/sqli'
+require 'contrast/agent/protect/rule/sqli/default_sql_scanner'
+require 'contrast/agent/protect/rule/sqli/mysql_sql_scanner'
+require 'contrast/agent/protect/rule/sqli/postgres_sql_scanner'
+require 'contrast/agent/protect/rule/sqli/sqlite_sql_scanner'
+require 'contrast/agent/protect/rule/sqli/sqli_semantic/sqli_dangerous_functions'
 
 # The classes required for Path Traversal
-cs__scoped_require 'contrast/agent/protect/rule/path_traversal'
+require 'contrast/agent/protect/rule/path_traversal/path_traversal'
 
-# The classes required for Command Injection
-cs__scoped_require 'contrast/agent/protect/rule/cmd_injection'
-
-# The classes required for CSRF
-cs__scoped_require 'contrast/agent/protect/rule/csrf'
-cs__scoped_require 'contrast/agent/protect/rule/csrf/csrf_evaluator'
-cs__scoped_require 'contrast/agent/protect/rule/csrf/csrf_token_injector'
+# The classes required for Command Injection and sub-rules
+require 'contrast/agent/protect/rule/cmdi/cmd_injection'
+require 'contrast/agent/protect/rule/cmdi/cmdi_backdoors'
 
 # The classes required for XXE
-cs__scoped_require 'contrast/agent/protect/rule/xxe'
-cs__scoped_require 'contrast/agent/protect/rule/xxe/entity_wrapper'
+require 'contrast/agent/protect/rule/xxe/xxe'
+require 'contrast/agent/protect/rule/xxe/entity_wrapper'
 
 # The classes required for Untrusted Deserialization
-cs__scoped_require 'contrast/agent/protect/rule/deserialization'
+require 'contrast/agent/protect/rule/deserialization/deserialization'
 
 # The classes required for the NoSQLi
-cs__scoped_require 'contrast/agent/protect/rule/no_sqli'
-cs__scoped_require 'contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner'
-
-# The classes required for Http Method Tampering
-cs__scoped_require 'contrast/agent/protect/rule/http_method_tampering'
+require 'contrast/agent/protect/rule/no_sqli/no_sqli'
+require 'contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner'
 
 # The classes required for Unsafe File Upload
-cs__scoped_require 'contrast/agent/protect/rule/unsafe_file_upload'
+require 'contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload'

data/lib/contrast/agent/reactions/disable_reaction.rb

@@ -0,0 +1,20 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+
+module Contrast
+  module Agent
+    # A Reaction from TeamServer which indicates the Agent should be disabled,
+    # typically because some configuration setting did not satisfy requirements
+    # set by the Organization's Administrator
+    module DisableReaction
+      extend Contrast::Components::Logger::InstanceMethods
+
+      def self.run _reaction, level
+        logger.with_level(level, 'Contrast received instructions to disable itself - Disabling now')
+        ::Contrast::AGENT.disable!
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/attack_result/attack_result.rb

@@ -0,0 +1,71 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/object_share'
+require 'contrast/utils/timer'
+require 'contrast/agent/reporting/attack_result/response_type'
+require 'contrast/agent/reporting/attack_result/rasp_rule_sample'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This class will hold the new Attacks results generated by our
+      # protect rules.
+      class AttackResult
+        RESPONSE_TYPE = Contrast::Agent::Reporting::ResponseType
+        # Generated the attack result
+        #
+        # @return @_response_type [Contrast::Agent::Reporting::ResponseType]
+        def response
+          @_response ||= RESPONSE_TYPE::NO_ACTION
+        end
+
+        # sets the response_type
+        #
+        # @param response_type [Contrast::Agent::Reporting::Settings::InputAnalysisResult]
+        # @return @_response_type []
+        def response= response_type
+          @_response = response_type if RESPONSE_TYPE.to_a.include?(response_type)
+        end
+
+        # @return @_rule_id [String]
+        def rule_id
+          @_rule_id ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+        end
+
+        # @param rule_id [String]
+        # @return @_rule_id [String]
+        def rule_id= rule_id
+          @_rule_id = rule_id if rule_id.is_a?(String)
+        end
+
+        # @return @_samples [Array<Contrast::Agent::Reporting::RaspRuleSample>]
+        def samples
+          @_samples ||= []
+        end
+
+        # @param samples [Array<Contrast::Agent::Reporting::RaspRuleSample>]
+        # @return @_samples [Array<Contrast::Agent::Reporting::RaspRuleSample>]
+        def samples= samples
+          @_samples = samples if samples.is_a?(Array)
+        end
+
+        def tags
+          @_tags ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+        end
+
+        def tags= tags
+          @_tags = tags if tags.is_a?(String)
+        end
+
+        def details
+          @_details ||= {}
+        end
+
+        def details= protect_details
+          @_details = protect_details if protect_details.is_a?(Contrast::Agent::Reporting::Details::ProtectRuleDetails)
+        end
+      end
+    end
+  end
+end