contrast-agent 4.14.1 → 5.0.0

data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb

@@ -0,0 +1,57 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/api/communication/response_processor'
+require 'contrast/api/decorators/application_settings'
+require 'contrast/agent/reporting/reporting_utilities/response'
+require 'contrast/agent/reporting/reporting_utilities/response_handler_utils'
+require 'contrast/api/decorators/server_features'
+require 'contrast/components/logger'
+require 'json'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This class will facilitate the Response capture and analysis functionality.
+      class ResponseHandler < Contrast::Api::Communication::ResponseProcessor
+        include Contrast::Components::Logger::InstanceMethods
+        include Contrast::Agent::Reporting::ResponseHandlerUtils
+        # Process the response from TS
+        #
+        # @param response [Net::HTTP::Response, nil]
+        # @return response [Net::HTTP::Response, nil]
+        def process response
+          logger.debug('Reporter Received a response')
+          return unless analyze_response_code? response&.code
+
+          # handle the response body and obtain server_features or app_settings
+          report_response = convert_response response
+
+          return unless report_response
+
+          update_agent_settings report_response
+          update_reaction report_response
+          # this one is called from super needs to be placed here after protobuf
+          update_features report_response.server_features, report_response.application_settings
+          logger.trace('Agent settings updated in response to Service', protect_on: ::Contrast::PROTECT.enabled?,
+                                                                        assess_on: ::Contrast::ASSESS.enabled?)
+          response
+        rescue StandardError => e
+          logger.error(e.message)
+          nil
+        end
+
+        # if sleep is true puts reporting service to sleep
+        def sleep?
+          @_sleep = wake_up if @_sleep.nil?
+          @_sleep
+        end
+
+        # wakes the reporting service
+        def wake_up
+          @_sleep = false
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb

@@ -0,0 +1,196 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      # This module holds utilities required by the reporting service response handler
+      module ResponseHandlerUtils
+        ANALYZE_WHEN = '200'
+        SLEEP_WHEN = %w[401 408 500].cs__freeze
+
+        private
+
+        # check if response code is valid before analyze it
+        #
+        # @param response_code [Integer]
+        # @return [Boolean]
+        def analyze_response_code? response_code
+          # 200 Successful recording of the server record on the database. FeatureSet successfully returned
+          # 401:
+          # If any authentication errors occur. Agents should enter a suspended mode
+          # (no reporting) and attempt to reconnect in 15 minutes.
+          # 408:
+          # If the FeatureSet from TeamServer cannot be constructed in time.
+          # Agents should enter a suspended mode (no reporting) and attempt to reconnect in 15 minutes.
+          # 500:
+          # If any server error occurs. Agents should enter a suspended mode
+          # (no reporting) and attempt to reconnect in 15 minutes.
+          # 204, 304
+          # Successful update of the server record on the database.
+          # No FeatureSet update since the last time an activity was sent.
+          @_sleep = true if SLEEP_WHEN.include? response_code
+          return true if ANALYZE_WHEN.include? response_code
+
+          false
+        end
+
+        # Applies the settings from the TS response
+        #
+        # @param response [Contrast::Agent::Reporting::Response]
+        def update_agent_settings response
+          if response.server_features
+            log_file = response.server_features.log_file
+            log_level = response.server_features.log_level
+            Contrast::Logger::Log.instance.update(log_file, log_level) if log_file && log_level
+            Contrast::SETTINGS.update_from_server_features(response)
+          end
+          Contrast::SETTINGS.update_from_application_settings(response) if response.application_settings
+        end
+
+        # Process the given Reactions from the application settings based on what
+        # TeamServer has indicated. Each Reaction will result in a log message
+        # and, optionally, an action.
+        #
+        # @param response [Contrast::Agent::Reporting::Response]
+        def update_reaction response
+          return unless response.application_settings.reactions.any?
+
+          response.application_settings.reactions.each do |reaction|
+            # The enums are all uppercase, we need to downcase them before attempting to log.
+            level = if reaction.level.nil?
+                      :error
+                    else
+                      reaction.level.downcase
+                    end
+
+            logger.with_level(level, reaction.message) if reaction.message
+
+            case reaction.operation
+            when Contrast::Agent::Reporting::Settings::Reaction::OPERATIONS.second
+              # DISABLED
+              Contrast::Agent::DisableReaction.run reaction, level
+            when Contrast::Agent::Reporting::Settings::Reaction::OPERATIONS.first
+              # NOOP
+            else
+              logger.warn('ReactionProcessor received a reaction with an unknown operation',
+                          operation: reaction.operation)
+            end
+          end
+        end
+
+        # Converts response from Net to Reporting Response object
+        #
+        # @param response [Net::HTTP::Response, nil]
+        # @return response [Contrast::Agent::Reporting::Response]
+        def convert_response response
+          response_body = response&.body
+          return unless response_body
+
+          response_data = JSON.parse(response_body)
+          return unless response_data.cs__is_a?(Hash)
+
+          response_data = response_data.deep_symbolize_keys
+          # check if response contains application settings or Feature settings
+          if response_data[:settings]
+            # the response contains ApplicationSettings
+            logger.trace('Agent: Received updated application settings')
+            build_application_settings response_data
+          else
+            # the response contains FeatureSettings
+            logger.trace('Agent: Received updated server features')
+            build_feature_settings response_data
+          end
+        rescue StandardError => e
+          logger.error('Unable to convert response', e)
+          nil
+        end
+
+        # @param response_data [Hash]
+        # @return res [Contrast::Agent::Reporting::Response]
+        def build_application_settings response_data
+          res = Contrast::Agent::Reporting::Response.new
+          extract_assess response_data, res
+          extract_protect response_data, res
+          extract_exclusions response_data, res
+          extract_reactions response_data, res
+          res
+        end
+
+        # @param response_data [Hash]
+        # @return res [Contrast::Agent::Reporting::Response]
+        def build_feature_settings response_data
+          res = Contrast::Agent::Reporting::Response.new
+          extract_assess_server_features response_data, res
+          extract_protect_server_features response_data, res
+          extract_protect_lists response_data, res
+          res.server_features.log_level = response_data[:logLevel]
+          res.server_features.log_file = response_data[:logFile]
+          res.server_features.telemetry = response_data[:telemetry]
+          res
+        end
+
+        # @param response_data [Hash]
+        # @return res [Contrast::Agent::Reporting::Response]
+        def extract_assess response_data, res
+          assessments = response_data[:settings][:assessment]
+          res.application_settings.assess.disabled_rules = assessments[:disabledRules]
+          res.application_settings.assess.session_id = assessments[:session_id]
+        end
+
+        # @param response_data [Hash]
+        # @return res [Contrast::Agent::Reporting::Response]
+        def extract_protect response_data, res
+          protect = response_data[:settings][:defend]
+          res.application_settings.protect.protection_rules = protect[:protectionRules]
+          res.application_settings.protect.virtual_patches = protect[:virtualPatches]
+        end
+
+        # @param response_data [Hash]
+        # @return res [Contrast::Agent::Reporting::Response]
+        def extract_exclusions response_data, res
+          exclusions = response_data[:settings][:exceptions]
+          res.application_settings.exclusions.code_exclusions = exclusions[:codeExceptions]
+          res.application_settings.exclusions.input_exclusions = exclusions[:inputExceptions]
+          res.application_settings.exclusions.url_exclusions = exclusions[:urlExceptions]
+        end
+
+        # @param response_data [Hash]
+        # @return res [Contrast::Agent::Reporting::Response]
+        def extract_reactions response_data, res
+          res.application_settings.reactions = response_data[:settings][:reactions]
+        end
+
+        # @param response_data [Hash]
+        # @return res [Contrast::Agent::Reporting::Response]
+        def extract_assess_server_features response_data, res
+          assess = response_data[:assessment]
+          res.server_features.assess.enabled = assess[:enabled]
+          res.server_features.assess.disabled_rules = assess[:disabledRules]
+          res.server_features.assess.sampling = assess[:sampling]
+          res.server_features.assess.sanitizers = assess[:sanitizers]
+          res.server_features.assess.validators = assess[:validators]
+        end
+
+        # @param response_data [Hash]
+        # @return res [Contrast::Agent::Reporting::Response]
+        def extract_protect_server_features response_data, res
+          protect = response_data[:defend]
+          res.server_features.protect.enabled = protect[:enabled]
+          res.server_features.protect.bot_blocker = protect[:bot_blocker]
+          res.server_features.protect.syslog = protect[:syslog]
+        end
+
+        # @param response_data [Hash]
+        # @return res [Contrast::Agent::Reporting::Response]
+        def extract_protect_lists response_data, res
+          protect = response_data[:defend]
+          res.server_features.protect.ip_allowlist = protect[:ipAllowlist]
+          res.server_features.protect.ip_denylist = protect[:ipDenyList]
+          res.server_features.protect.log_enchancers = protect[:logEnhancers]
+          res.server_features.protect.rule_definition_list = protect[:ruleDefinitionList]
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/application_settings.rb

@@ -0,0 +1,67 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/settings/assess'
+require 'contrast/agent/reporting/settings/protect'
+require 'contrast/agent/reporting/settings/exclusions'
+require 'contrast/agent/reporting/settings/reaction'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This module will hold all the settings from the TS responce
+      module Settings
+        # All of the settings from TeamServer that apply at the application level.
+        # At least one, but not necessarily all, setting will differ from the agent's current set.
+        # Agents are able to replace all application settings with those in this message.
+        class ApplicationSettings
+          # Application level settings for the Assess featureset
+          #
+          # @return assess [Contrast::Agent::Reporting::Settings::Assess]
+          def assess
+            @_assess ||= Contrast::Agent::Reporting::Settings::Assess.new
+          end
+
+          # Application level settings for the Protect featureset
+          #
+          # @return protect [Contrast::Agent::Reporting::Settings::Protect]
+          def protect
+            @_protect ||= Contrast::Agent::Reporting::Settings::Protect.new
+          end
+
+          # Array of all the exclusions
+          #
+          # @return exclusions [Contrast::Agent::Reporting::Settings::Exclusions]
+          def exclusions
+            @_exclusions ||= Contrast::Agent::Reporting::Settings::Exclusions.new
+          end
+
+          # Reaction the agent should take based on a state in TS.
+          #
+          # @return [Array<Contrast::Agent::Reporting::Settings::Reaction>, nil]
+          def reactions
+            @_reactions
+          end
+
+          # Set the reaction
+          #
+          # @param reactions [Array<Reaction>] {
+          #   level     [String] The level at which the agent should log this reaction.
+          #                      [ERROR, WARN, INFO, DEBUG, TRACE]
+          #   message   [String] A message to log when receiving this reaction.
+          #   operation [String] What to do in response to this reaction.[NOOP, DISABLE] }
+          # @return [Array<Contrast::Agent::Reporting::Settings::Reaction>]
+          def reactions= reactions
+            return unless reactions.is_a? Array
+
+            @_reactions = []
+            reactions.each do |r|
+              reaction = Contrast::Agent::Reporting::Settings::Reaction.new(r[:level], r[:operation], r[:message])
+              @_reactions << reaction
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/assess.rb

@@ -0,0 +1,45 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/object_share'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This module will hold all the settings from the TS responce
+      module Settings
+        # Application level settings for the Assess featureset.
+        class Assess
+          # Assess rules to disable for this application.
+          #
+          # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
+          def disabled_rules
+            @_disabled_rules ||= []
+          end
+
+          # @param disabled_rules [Array] with AssessRuleID strings
+          # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
+          def disabled_rules= disabled_rules
+            @_disabled_rules = disabled_rules if disabled_rules.is_a? Array
+          end
+
+          # The id of a session on TeamServer under which this session of this application should report
+          # Overrides that set by application.session_id (should match if provided).
+          #
+          # @return session_id [String]
+          def session_id
+            @_session_id ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the session_id
+          #
+          # @param session_id [String]
+          # @return session_id [String]
+          def session_id= session_id
+            @_session_id = session_id if session_id.is_a? String
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/assess_server_feature.rb

@@ -0,0 +1,136 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/object_share'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This module will hold all the settings from the TS responce
+      module Settings
+        # Application level settings for the Assess featureset.
+        # Used for the FeatureSet TS response
+        class AssessServerFeature
+          # Assess rules to disable for this application.
+          #
+          # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
+          def disabled_rules
+            @_disabled_rules ||= []
+          end
+
+          # @param disabled_rules [Array<AssessRuleID>] with AssessRuleID strings
+          # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
+          def disabled_rules= disabled_rules
+            @_disabled_rules = disabled_rules if disabled_rules.is_a? Array
+          end
+
+          # Indicate if the assess feature set is enabled for this server or not.
+          #
+          # @return enabled [Boolean]
+          def enabled?
+            @_enabled
+          end
+
+          # Set the enabled
+          #
+          # @param enabled [Boolean]
+          # @return enabled [Boolean]
+          def enabled= enabled
+            @_enabled = enabled if !!enabled == enabled
+          end
+
+          # Used to control the sampling feature in the agent.
+          #
+          # @return sampling [Hash<AssessSampling>] Hash of AssessSampling: {
+          #  baseline          [Integer] The number of baseline requests to take before switching to sampling
+          #                               for the window.
+          #  enabled           [Boolean] If the sampling feature should be used or not.
+          #  frequency         [Integer] The number of requests to skip before observing during the sampling
+          #                               window after the baseline.
+          #  responseFrequency [Integer]
+          #  window            [Integer]
+          # }
+          def sampling
+            @_sampling ||= {}
+          end
+
+          # set sampling
+          #
+          # @param sampling [Hash<AssessSampling>] Hash of AssessSampling: {
+          #  baseline          [Integer] The number of baseline requests to take before switching to sampling
+          #                               for the window.
+          #  enabled           [Boolean] If the sampling feature should be used or not.
+          #  frequency         [Integer] The number of requests to skip before observing during the sampling
+          #                               window after the baseline.
+          #  responseFrequency [Integer]
+          #  window            [Integer]
+          # }
+          # @return sampling [Hash<AssessSampling>] Hash of AssessSampling: {
+          #  baseline          [Integer] The number of baseline requests to take before switching to sampling
+          #                               for the window.
+          #  enabled           [Boolean] If the sampling feature should be used or not.
+          #  frequency         [Integer] The number of requests to skip before observing during the sampling
+          #                               window after the baseline.
+          #  responseFrequency [Integer]
+          #  window            [Integer]
+          # }
+          def sampling= sampling
+            @_sampling = sampling if sampling.is_a? Hash
+          end
+
+          # The sanitizers defined by the user for use by the agent on this server for this organization.
+          #
+          # @return sanitizers [Array<AssessCustomRules>] AssessCustomRules
+          #   Api   [String], Rules [Array[RulesID]]
+          #   tags  [Array[String]]
+          #   uuid  [String]
+          def sanitizers
+            @_sanitizers ||= []
+          end
+
+          # set sanitizer
+          #
+          # @param sanitizers [Array<AssessCustomRules>] of AssessCustomRule: {
+          #   Api   [String], Rules [Array[RulesID]]
+          #   tags  [Array[String]]
+          #   uuid  [String]
+          # }
+          # @return sanitizers [Array<AssessCustomRules>] AssessCustomRules
+          #   Api   [String], Rules [Array[RulesID]]
+          #   tags  [Array[String]]
+          #   uuid  [String]
+          def sanitizers= sanitizers
+            @_sanitizers = sanitizers if sanitizers.is_a? Array
+          end
+
+          # The validators defined by the user for use by the agent on this server for this organization.
+          #
+          # @return validators [Array<AssessCustomRules>] of AssessCustomRule: {
+          #   Api   [String], Rules [Array[RulesID]]
+          #   tags  [Array[String]]
+          #   uuid  [String]
+          # }
+          def validators
+            @_validators ||= []
+          end
+
+          # The validators defined by the user for use by the agent on this server for this organization.
+          #
+          # @param validators [Array<AssessCustomRules>] of AssessCustomRule: {
+          #   Api   [String], Rules [Array[RulesID]]
+          #   tags  [Array[String]]
+          #   uuid  [String]
+          # }
+          # @return validators [Array<AssessCustomRules>] of AssessCustomRule: {
+          #   Api   [String], Rules [Array[RulesID]]
+          #   tags  [Array[String]]
+          #   uuid  [String]
+          # }
+          def validators= validators
+            @_validators = validators if validators.is_a? Array
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/exclusions.rb

@@ -0,0 +1,123 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      # This module will hold all the settings from the TS responce
+      module Settings
+        # Application level settings for the Exclusions featureset
+        # (ApplicationStartupSettingsExclusions)
+        class Exclusions
+          # Cases where rules should be excluded if violated in a method call
+          #
+          # @return code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
+          #   name         [String] The name of the exclusion as defined by the user in TS.
+          #   modes        [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   denylist     [String] The call, if in the stack, should result in the agent not taking action.
+          # }
+          def code_exclusions
+            @_code_exclusions ||= []
+          end
+
+          # set the CodeExclusions array
+          #
+          # @param code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
+          #   name         [String] The name of the exclusion as defined by the user in TS.
+          #   modes        [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   denylist     [String] The call, if in the stack, should result in the agent not taking action.
+          # }
+          # @return code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
+          #   name         [String] The name of the exclusion as defined by the user in TS.
+          #   modes        [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   denylist     [String] The call, if in the stack, should result in the agent not taking action.
+          # }
+          def code_exclusions= code_exclusions
+            @_code_exclusions = code_exclusions if code_exclusions.is_a? Array
+          end
+
+          # Cases where rules should be excluded if violated from a given input.
+          #
+          # @return input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
+          #   name           [String] The name of the input.
+          #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+          #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+          #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+          #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+          # }
+          def input_exclusions
+            @_input_exclusions ||= []
+          end
+
+          # set the InputExclusions array
+          #
+          # @param input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
+          #   name           [String] The name of the input.
+          #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+          #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+          #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+          #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+          # }
+          # @return input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
+          #   name           [String] The name of the input.
+          #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+          #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+          #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+          #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+          # }
+          def input_exclusions= input_exclusions
+            @_input_exclusions = input_exclusions if input_exclusions.is_a? Array
+          end
+
+          # A case where rules should be excluded if violated during a call to a given URL.
+          #
+          # @return url_exclusions [Array<UrlExclusions>] Array of UrlExclusions: {
+          #   name           [String] The name of the input.
+          #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+          #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+          #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+          #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+          # }
+          def url_exclusions
+            @_url_exclusions ||= []
+          end
+
+          # set the UrlExclusions array
+          #
+          # @param url_exclusions [Array] Array of UrlExclusions: {
+          #   name           [String] The name of the input.
+          #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+          #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+          #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+          #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+          # }
+          # @return url_exclusions [Array<UrlExclusions>] Array of UrlExclusions: {
+          #   name           [String] The name of the input.
+          #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+          #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+          #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+          #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+          # }
+          def url_exclusions= url_exclusions
+            @_url_exclusions = url_exclusions if url_exclusions.is_a? Array
+          end
+        end
+      end
+    end
+  end
+end