contrast-agent 6.11.0 → 6.12.0

data/lib/contrast/agent/protect/exploitable_collection.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/components/logger'

data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/reporting/input_analysis/input_type'
@@ -96,10 +96,12 @@ module Contrast
             input_analysis.inputs.each do |input_type, value|
               next if value.nil? || value.empty?
 
-              # append to results.
               protect_rule.classification.classify(rule_id, input_type, value, input_analysis)
             end
+
             input_analysis
+          rescue StandardError => e
+            logger.error('[INPUT_ANALYZER] Error', error: e)
           end
 
           # classify input by array of rules. There is a timeout for the AgentLib analysis if not set it

data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/worker_thread'
@@ -36,17 +36,19 @@ module Contrast
 
               report = false
               # build attack_results for all infilter active protect rules.
-              results = build_results(queue.pop)
-              activity = Contrast::Agent::Reporting::ApplicationActivity.new
+              stored_ia = queue.pop
+              results = build_results(stored_ia)
+              activity = Contrast::Agent::Reporting::ApplicationActivity.new(ia_request: stored_ia.request)
               results.each do |result|
                 next unless (attack_result = eval_input(result))
 
                 activity.attach_defend(attack_result)
                 report = true
               end
-              Contrast::Agent.reporter.send_event_immediately(activity) if report
+              Contrast::Agent::Reporting::Masker.mask(activity)
+              Contrast::Agent.reporter.send_event(activity) if report
             rescue StandardError => e
-              logger.debug('[WorthWatchingAnalyzer] thread could not process result because of:', e)
+              logger.error('[WorthWatchingAnalyzer] thread could not process result because of:', e)
             end
           end
         end
@@ -63,7 +65,7 @@ module Contrast
           # we need to save the ia which contains the request and saved extracted user inputs to
           # be evaluated on the thread rather than building results here. This way we allow the
           # request to continue and will build the attack results later.
-          queue << input_analysis
+          queue << input_analysis.dup
         end
 
         private
@@ -79,13 +81,12 @@ module Contrast
           # sure that if a rule is already triggered during the infilter phase it will not be analyzed
           # now, making sure we don't report same rule twice.
           Contrast::Agent::Protect::InputAnalyzer.input_classification(input_analysis, infilter: true)
-          results = []
-          input_analysis.results.reject { |val| val.score_level == SCORE_LEVEL::IGNORE }.
-              each do |ia_result|
-            results << ia_result
+          results = input_analysis.results.reject do |val|
+            val.score_level == Contrast::Agent::Reporting::InputAnalysisResult::SCORE_LEVEL::IGNORE
           end
+          return results if results
 
-          results
+          []
         end
 
         # @param ia_result Contrast::Agent::Reporting::InputAnalysisResult the WorthWatching InputAnalysisResult

data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/cmd_injection'

data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/deserialization'

data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/no_sqli'

data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/path_traversal'

data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/sqli'

data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/xxe'

data/lib/contrast/agent/protect/policy/policy.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/patching/policy/policy'

data/lib/contrast/agent/protect/policy/rule_applicator.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/components/logger'
@@ -49,11 +49,16 @@ module Contrast
           #
           # @param rule_id [String] name of the rule
           # @param context [Contrast::Agent::RequestContext] current request contest
+          # @return [Contrast::Agent::Reporting::InputAnalysis, nil]
           def apply_classification rule_id, context
             return unless context
             return unless (ia = context.agent_input_analysis)
 
             Contrast::Agent::Protect::InputAnalyzer.input_classification_for(rule_id, ia)
+            # We add the triggered rule to the list. After request analysis will skip this rule
+            # as already it's input applicable types has been analysed.
+            ia.triggered_rules << rule_name
+            ia
           end
 
           protected

data/lib/contrast/agent/protect/policy/trigger_node.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/patching/policy/trigger_node'

data/lib/contrast/agent/protect/rule/base.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/components/logger'
@@ -221,26 +221,16 @@ module Contrast
             enabled? && BLOCKING_MODES.include?(mode)
           end
 
-          # Determine if there's an exclusion that matches an item in the call
-          # stack
-          #
-          # @return [Boolean] if an exclusion was applicable to this request
-          #   for this rule
-          def protect_excluded_by_code?
-            exclusions = ::Contrast::SETTINGS.code_exclusions
-            return false unless exclusions
-
-            for_rule = exclusions.select { |ex| ex.protection_rule?(rule_name) }
-            return false if for_rule.empty?
-
-            stack = caller_locations
-            for_rule.any? { |ex| ex.match_code?(stack) }
+          # @param rule_id [String]
+          # @param request_path [String] Current request path
+          def protect_excluded_by_url? rule_id, request_path
+            Contrast::SETTINGS.excluder.protect_excluded_by_url?(rule_id, request_path)
           end
 
-          # @param context [Contrast::Agent::RequestContext] the context of the
-          #   request in which this input is evaluated.
-          def protect_excluded_by_url? context
-            Contrast::SETTINGS.excluder.protect_excluded_by_url?(context.request)
+          # @param results [Array<Contrast::Agent::Reporting::InputAnalysis>]
+          # @param request_path [String] Current request path
+          def protect_excluded_by_input? results, request_path
+            Contrast::SETTINGS.excluder.protect_excluded_by_input?(results, request_path)
           end
 
           # By default, rules do not have to find attackers as they do not have

data/lib/contrast/agent/protect/rule/base_service.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base'
@@ -39,9 +39,9 @@ module Contrast
           # @return [Boolean]
           def infilter? context
             return false unless enabled?
-            return false unless gather_ia_results(context).any?
-            return false if protect_excluded_by_code?
-            return false if protect_excluded_by_url?(context)
+            return false unless (results = gather_ia_results(context)) && results.any?
+            return false if protect_excluded_by_url?(rule_name, context.request.path)
+            return false if protect_excluded_by_input?(results, context.request.path)
 
             true
           end
@@ -54,12 +54,9 @@ module Contrast
           def prefilter? context
             return false unless context
             return false unless enabled?
-            return false unless context.agent_input_analysis&.results&.any? do |result|
-              result.rule_id == rule_name && result.score_level != Contrast::Agent::Reporting::ScoreLevel::IGNORE
-            end
-
-            return false if protect_excluded_by_code?
-            return false if protect_excluded_by_url?(context)
+            return false unless (results = gather_ia_results(context)) && results.any?
+            return false if protect_excluded_by_url?(rule_name, context.request.path)
+            return false if protect_excluded_by_input?(results, context.request.path)
 
             true
           end
@@ -71,6 +68,9 @@ module Contrast
           # @raise [Contrast::SecurityException]
           def postfilter context
             return unless enabled? && POSTFILTER_MODES.include?(mode)
+            return false if protect_excluded_by_url?(rule_name, context.request.path)
+            return if protect_excluded_by_input?(gather_ia_results(context), context.request.path)
+
             return if mode == :NO_ACTION || mode == :PERMIT
 
             result = find_postfilter_attacker(context, nil)
@@ -85,6 +85,29 @@ module Contrast
 
           protected
 
+          # Used to build and report semantic rules.
+          #
+          # @param context [Contrast::Agent::RequestContext] current request contest
+          # @param potential_attack_string [String]
+          def build_violation context, potential_attack_string
+            result = build_attack_result(context)
+            update_successful_attack_response(context, nil, result, potential_attack_string)
+            return unless result
+
+            append_sample(context, nil, result, potential_attack_string)
+            cef_logging(result, :successful_attack)
+            result
+          end
+
+          # Check to if result is blocked. Used for raise check.
+          #
+          # @param result [Contrast::Agent::Reporting::AttackResult]
+          def blocked_violation? result
+            return false unless result
+
+            result.response == Contrast::Agent::Reporting::ResponseType::BLOCKED
+          end
+
           # @param context [Contrast::Agent::RequestContext]
           # @return [Array<Contrast::Agent::Reporting::InputAnalysis>]
           def gather_ia_results context

data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/reporting/input_analysis/input_type'

data/lib/contrast/agent/protect/rule/bot_blocker.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base_service'

data/lib/contrast/agent/protect/rule/cmd_injection.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base_service'

data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base_service'
@@ -21,6 +21,10 @@ module Contrast
             NAME
           end
 
+          def sub_rules
+            Contrast::Utils::ObjectShare::EMPTY_ARRAY
+          end
+
           # CMDI Backdoors infilter:
           # This rule does not have input classification.
           # If a value matches the CMDI applicable input types and it's length is > 2
@@ -33,11 +37,9 @@ module Contrast
           # @raise [Contrast::SecurityException] if the rule mode ise set
           # to BLOCK and valid cdmi is detected.
           def infilter context, classname, method, command
-            return unless (ia_results = gather_ia_results(context))
+            return if protect_excluded_by_url?(rule_name, context.request.path)
             return unless backdoors_match?(command)
-            return unless (likely_attacker = match_applicable_input_type(ia_results, command))
-            return if protect_excluded_by_code?
-            return unless (result = build_attack_with_match(context, likely_attacker, nil, command,
+            return unless (result = build_attack_with_match(context, nil, nil, command,
                                                             **{ classname: classname, method: method }))
 
             append_to_activity(context, result)
@@ -47,21 +49,7 @@ module Contrast
             raise_error(classname, method)
           end
 
-          # @param context [Contrast::Agent::RequestContext]
-          def infilter? context
-            return false unless enabled?
-            # This rule does not have input tracing stage so we need to check the results of
-            # the main rule instead.
-            return false unless context&.agent_input_analysis&.results&.any? do |result|
-              result.rule_id == Contrast::Agent::Protect::Rule::CmdInjection::NAME
-            end
-
-            return false if protect_excluded_by_code?
-
-            true
-          end
-
-          protected
+          private
 
           # Used to customize the raised error message.
           #
@@ -74,8 +62,6 @@ module Contrast
                                                   "Call to #{ classname }.#{ method } blocked."))
           end
 
-          private
-
           # Check to see if value is backdoor match
           #
           # @param potential_attack_string [String]
@@ -97,34 +83,6 @@ module Contrast
             end
             false
           end
-
-          # Check to see if the user input is one of the applicable types.
-          # With Agent_ia if we are here and CMDI is being analyzed then
-          # the applicable input type is already checked before input
-          # classification. Only thing left is the match check.
-          #
-          # @param ia_results [Contrast::Agent::Reporting::Settings::InputAnalysisResult] gathered results
-          # @param cmd [String] potential attack vector
-          # @return [Contrast::Agent::Reporting::Settings::InputAnalysisResult, nil] matched input_type
-          def match_applicable_input_type ia_results, cmd
-            ia_results.each do |ia_result|
-              return ia_result if ia_result.value == cmd
-            end
-            nil
-          end
-
-          # Backdoors does not have input classification so we check for match within the
-          # result for the main rule - CMDI.
-          #
-          # @param context [Contrast::Agent::RequestContext]
-          def gather_ia_results context
-            return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless context&.agent_input_analysis&.results
-
-            context.agent_input_analysis.results.select do |ia_result|
-              ia_result.rule_id == Contrast::Agent::Protect::Rule::CmdInjection::NAME &&
-                  ia_result.score_level != Contrast::Agent::Reporting::ScoreLevel::IGNORE
-            end
-          end
         end
       end
     end

data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb

@@ -1,9 +1,10 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/reporting/details/cmd_injection_details'
 require 'contrast/agent/reporting/attack_result/user_input'
 require 'contrast/agent/protect/rule/cmdi/cmdi_input_classification'
+require 'contrast/agent/reporting/attack_result/response_type'
 
 module Contrast
   module Agent
@@ -29,7 +30,10 @@ module Contrast
             @_classification ||= Contrast::Agent::Protect::Rule::CmdiInputClassification.cs__freeze
           end
 
-          # CMDI infilter:
+          # CMDI Semantic infilter:
+          # This rule does not have input classification.
+          # If a value matches the CMDI applicable input types and it's length is > 2
+          # we can check if it's used as command backdoors.
           #
           # @param context [Contrast::Agent::RequestContext] current request contest
           # @param classname [String] Name of the class
@@ -38,22 +42,12 @@ module Contrast
           # @raise [Contrast::SecurityException] if the rule mode ise set
           # to BLOCK and valid cdmi is detected.
           def infilter context, classname, method, command
-            if ::Contrast::APP_CONTEXT.in_new_process?
-              logger.trace('Running cmd-injection infilter within new process - creating new context')
-              context = Contrast::Agent::RequestContext.new(context.request.rack_request)
-              Contrast::Agent::REQUEST_TRACKER.update_current_context(context)
-            end
-            return unless infilter?(context)
-
-            result = find_attacker_with_results(context, command, nil, **{ classname: classname, method: method })
-            result ||= report_command_execution(context, command, **{ classname: classname, method: method })
-            return unless result
+            return unless infilter?(command)
+            return if protect_excluded_by_url?(rule_name, context.request.path)
+            return unless (result = build_violation(context, command))
 
             append_to_activity(context, result)
-            cef_logging(result, :successful_attack)
-            return unless blocked?
-
-            raise_error(classname, method)
+            raise_error(classname, method) if blocked_violation?(result)
           end
 
           def build_attack_with_match(context,
@@ -113,7 +107,7 @@ module Contrast
             handle_with_agent_lib(sample, agent_lib_result_struct, command)
 
             # This is a special case where the user input is UNKNOWN_USER_INPUT but
-            # we want to send the attack value
+            # we want to send the attack value. Usually we do this for semantic rules.
             if input_analysis_result.nil?
               ui = Contrast::Agent::Reporting::UserInput.new
               ui.input_type = :UNKNOWN
@@ -128,7 +122,6 @@ module Contrast
 
           def report_command_execution context, command, **kwargs
             return unless report_any_command_execution?
-            return if protect_excluded_by_code?
 
             build_attack_with_match(context, nil, nil, command, **kwargs)
           end

data/lib/contrast/agent/protect/rule/cmdi/cmdi_chained_command.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base_service'
@@ -23,7 +23,15 @@ module Contrast
             Contrast::Utils::ObjectShare::EMPTY_ARRAY
           end
 
-          protected
+          # @param command [String] potential dangerous command executed.
+          def infilter? command
+            return unless enabled?
+            return unless chained_command?(command)
+
+            true
+          end
+
+          private
 
           # Used to customize the raised error message.
           #
@@ -36,15 +44,6 @@ module Contrast
                                                   "Call to #{ classname }.#{ method } blocked."))
           end
 
-          private
-
-          def find_probable_attacker context, potential_attack_string, _ia_results, **kwargs
-            chained = chained_command?(potential_attack_string)
-            return unless chained
-
-            build_attack_with_match(context, nil, nil, potential_attack_string, **kwargs)
-          end
-
           # Check if potential chained attack is detected in user input.
           #
           # @param command [String] command to check.

data/lib/contrast/agent/protect/rule/cmdi/cmdi_dangerous_path.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base_service'
@@ -23,7 +23,15 @@ module Contrast
             Contrast::Utils::ObjectShare::EMPTY_ARRAY
           end
 
-          protected
+          # @param path [String] potential dangerous path executed.
+          def infilter? path
+            return unless enabled?
+            return unless dangerous_path?(path)
+
+            true
+          end
+
+          private
 
           # Used to customize the raised error message.
           #
@@ -36,15 +44,6 @@ module Contrast
                                                   "Call to #{ classname }.#{ method } blocked."))
           end
 
-          private
-
-          def find_probable_attacker context, potential_attack_string, _ia_results, **kwargs
-            dangerous_path = dangerous_path?(potential_attack_string)
-            return unless dangerous_path
-
-            build_attack_with_match(context, nil, nil, potential_attack_string, **kwargs)
-          end
-
           # Checks if a given shell command is trying to access a dangerous path.
           # This is used for the cmd-injection-semantic-dangerous-paths rule.
           #

data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/cmd_injection'

data/lib/contrast/agent/protect/rule/default_scanner.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 # The base class used to determine if a user input crosses a token boundary or

data/lib/contrast/agent/protect/rule/deserialization.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base_service'
@@ -60,8 +60,7 @@ module Contrast
           # @return [Boolean] should the rule apply to this call.
           def infilter? context
             return false unless enabled?
-            return false if protect_excluded_by_code?
-            return false if protect_excluded_by_url?(context)
+            return false if protect_excluded_by_url?(rule_name, context.request.path)
 
             true
           end

data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 module Contrast

data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/utils/object_share'

data/lib/contrast/agent/protect/rule/no_sqli.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base_service'
@@ -70,18 +70,6 @@ module Contrast
             result
           end
 
-          # @param context [Contrast::Agent::RequestContext]
-          def infilter? context
-            return false unless enabled?
-            return false unless context&.agent_input_analysis&.results&.any? do |result|
-              result.rule_id == rule_name
-            end
-
-            return false if protect_excluded_by_code?
-
-            true
-          end
-
           protected
 
           def find_attacker context, potential_attack_string, **kwargs

data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_input_classification.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/utils/input_classification_base'