contrast-agent 6.14.0 → 6.15.1

data/lib/contrast/agent/protect/rule/base.rb

@@ -6,6 +6,8 @@ require 'contrast/components/scope'
 require 'contrast/utils/object_share'
 require 'contrast/agent/reporting/attack_result/response_type'
 require 'contrast/agent/reporting/attack_result/attack_result'
+require 'contrast/agent/protect/rule/utils/builders'
+require 'contrast/agent/protect/rule/utils/filters'
 
 module Contrast
   module Agent
@@ -18,9 +20,11 @@ module Contrast
         class Base
           include Contrast::Components::Logger::InstanceMethods
           include Contrast::Components::Scope::InstanceMethods
+          include Contrast::Agent::Protect::Rule::Builders
+          include Contrast::Agent::Protect::Rule::Filters
 
+          RULE_NAME = 'base-rule'
           BLOCKING_MODES = Set.new(%i[BLOCK BLOCK_AT_PERIMETER]).cs__freeze
-          POSTFILTER_MODES = Set.new(%i[BLOCK MONITOR]).cs__freeze
           STACK_COLLECTION_RESULTS = Set.new([
                                                Contrast::Agent::Reporting::ResponseType::BLOCKED,
                                                Contrast::Agent::Reporting::ResponseType::MONITORED
@@ -34,30 +38,47 @@ module Contrast
             sql-injection-semantic-dangerous-functions
           ].cs__freeze
 
+          # @return [Symbol]
           attr_reader :mode
 
+          # Initializes new rule and sets it mode from settings
+          #
+          # @return mode [Symbol]
           def initialize
             ::Contrast::PROTECT.defend_rules[rule_name] = self
             @mode = mode_from_settings
           end
 
+          # Message to display when the rule is triggered.
+          #
+          # @return [String]
+          def block_message
+            "Contrast Security Protect #{ rule_name } Triggered. Response blocked."
+          end
+
           # Should return the name as it is known to Teamserver; defaults to class
+          #
+          # @return [String]
           def rule_name
-            cs__class.cs__name
+            RULE_NAME
           end
 
           # Should return list of all sub_rules.
           # Extend for each main rule any sub-rules.
+          #
+          # @return [Array]
           def sub_rules
             Contrast::Utils::ObjectShare::EMPTY_ARRAY
           end
 
           # The classification module used for each specific rule to
           # classify input data and score it. Extend for each rule.
+          #
+          # @return [Module]
           def classification; end
 
-          # Input Classification stage is done to determine if an user input is
-          # DEFINITEATTACK or to be ignored.
+          # Generic method forwarder, shorthand for classification:
+          # Input Classification stage is done to determine if an user input is DEFINITEATTACK or to be ignored.
           #
           # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
           # @param value [Hash<String>] the value of the input.
@@ -69,6 +90,9 @@ module Contrast
             classification.classify(rule_name, input_type, value, input_analysis)
           end
 
+          # Check if rule is enabled.
+          #
+          # @return [Boolean]
           def enabled?
             # 1. it is not enabled because protect is not enabled
             return false unless ::Contrast::AGENT.enabled?
@@ -81,111 +105,23 @@ module Contrast
             @mode != :NO_ACTION
           end
 
+          # Check if the rule is excluded by checking inside array of exclusions
+          #
+          # @param exclusions [Array<Contrast::Agent::Reporting::Settings::ExclusionBase>]
           def excluded? exclusions
             Array(exclusions).any? do |ex|
               ex.protection_rule?(rule_name)
             end
           end
 
-          def infilter? _context
-            false
-          end
-
-          # return false for rules that modify or inspect the response body
+          # Return false for rules that modify or inspect the response body
           # during postfilter
           #
-          # @return [Boolean] if the rule can safely be evaluated in streaming
-          #   requests
+          # @return [Boolean] if the rule can safely be evaluated in streaming requests
           def stream_safe?
             true
           end
 
-          # Actions required for the rules that have to happen before the
-          # application has completed its processing of the request.
-          #
-          # For most rules, these actions are performed within the analysis
-          # engine and communicated as an input analysis result. Those that
-          # require specific action need to provide that action.
-          #
-          # @param _context [Contrast::Agent::RequestContext] the context for
-          #   the current request
-          def prefilter _context; end
-
-          # This should only ever be called directly from patched code and will
-          # have a different implementation based on the rule. As such, there
-          # is not parent implementation.
-          #
-          # @param _context [Contrast::Agent::RequestContext] the context for
-          #   the current request
-          # @param _match_string [String] the input that violated the rule and
-          #   matched the attack detection logic
-          # @param _kwargs [Hash] key-value pairs used by the rule to build a
-          #   report.
-          def infilter _context, _match_string, **_kwargs; end
-
-          # Actions required for the rules that have to happen after the
-          # application has completed its processing of the request.
-          #
-          # Any implementation here needs to account for the fact that
-          # responses may be streaming and, as such, transformations of the
-          # response itself may not be permissible.
-          #
-          # @param _context [Contrast::Agent::RequestContext] the context for
-          #    the current request
-          def postfilter _context; end
-
-          # A given input, candidate_string, was determined to violate a
-          # protect rule and did exploit the application, or at least made it
-          # to exploitable code in the case where we blocked the attack. As
-          # such, we need to build a result to report this violation to
-          # TeamServer.
-          #
-          # @param context [Contrast::Agent::RequestContext] the context of the
-          #   request in which this input is evaluated.
-          # @param ia_result [Contrast::Agent::Reporting::InputAnalysis] the
-          #   analysis of the input that was determined to be an attack
-          # @param result [Contrast::Agent::Reporting::AttackResult, nil] previous
-          #   attack result for this rule, if one exists, in the case of
-          #   multiple inputs being found to violate the protection criteria
-          # @param candidate_string [String] the value of the input which may
-          #   be an attack
-          # @param kwargs [Hash] key - value pairs of context individual rules
-          #   need to build out details to send to the TeamServer to tell the
-          #   story of the attack
-          # @return [Contrast::Agent::Reporting::AttackResult] the attack result from
-          #   this input
-          def build_attack_with_match context, ia_result, result, candidate_string, **kwargs
-            result ||= build_attack_result(context)
-            update_successful_attack_response(context, ia_result, result, candidate_string)
-            append_sample(context, ia_result, result, candidate_string, **kwargs)
-
-            result
-          end
-
-          # A given input, candidate_string, was determined to violate a
-          # protect rule but did not exploit the application. As such, we need
-          # to build a result to report this violation to TeamServer.
-          #
-          # @param context [Contrast::Agent::RequestContext, nil] the context of the
-          #   request in which this input is evaluated.
-          # @param ia_result [Contrast::Agent::Reporting::InputAnalysis] the
-          #   analysis of the input that was determined to be an attack
-          # @param result [Contrast::Agent::Reporting::AttackResult, nil] previous
-          #   attack result for this rule, if one exists, in the case of
-          #   multiple inputs being found to violate the protection criteria
-          # @param kwargs [Hash, nil] key - value pairs of context individual rules
-          #   need to build out details to send to TeamServer to tell the
-          #   story of the attack
-          # @return [Contrast::Agent::Reporting::AttackResult] the attack result from
-          #   this input
-          def build_attack_without_match context, ia_result, result, **kwargs
-            result ||= build_attack_result(context)
-            update_perimeter_attack_response(context, ia_result, result)
-            append_sample(context, ia_result, result, nil, **kwargs)
-
-            result
-          end
-
           # Attach the given result to the current request's context to report
           # it to TeamServer
           #
@@ -211,44 +147,88 @@ module Contrast
 
           protected
 
+          # Assign the mode from active settings.
+          #
+          # @return mode [Symbol]
           def mode_from_settings
             ::Contrast::PROTECT.rule_mode(rule_name).tap do |mode|
               logger.trace('Retrieving rule mode', rule: rule_name, mode: mode)
             end
           end
 
+          # Rule blocked check
+          #
+          # @return [Boolean]
           def blocked?
             enabled? && BLOCKING_MODES.include?(mode)
           end
 
+          # Check if the protect rules is excluded by url from the exclusion rules for this application.
+          #
           # @param rule_id [String]
           # @param request_path [String] Current request path
           def protect_excluded_by_url? rule_id, request_path
             Contrast::SETTINGS.excluder.protect_excluded_by_url?(rule_id, request_path)
           end
 
+          # Check if the protect rules is excluded by input from the exclusion rules for this application.
+          #
           # @param results [Array<Contrast::Agent::Reporting::InputAnalysis>]
           # @param request_path [String] Current request path
           def protect_excluded_by_input? results, request_path
             Contrast::SETTINGS.excluder.protect_excluded_by_input?(results, request_path)
           end
 
+          # Allows for the InputAnalysis from Agent Library to be extracted early
+          #
+          # @param context [Contrast::Agent::RequestContext]
+          # @param potential_attack_string [String, nil]
+          # @param ia_results [Array<Contrast::Agent::Reporting::InputAnalysis>]
+          # @param **kwargs
+          # @return [Contrast::Agent::Reporting, nil]
+          def find_attacker_with_results context, potential_attack_string, ia_results, **kwargs
+            logger.trace('Checking vectors for attacks', rule: rule_name, input: potential_attack_string)
+
+            result = nil
+            ia_results.each do |ia_result|
+              if potential_attack_string
+                idx = potential_attack_string.index(ia_result.value)
+                next unless idx
+
+                result = build_attack_with_match(context, ia_result, result, potential_attack_string, **kwargs)
+              else
+                result = build_attack_without_match(context, ia_result, result, **kwargs)
+              end
+            end
+            result
+          end
+
           # By default, rules do not have to find attackers as they do not have
           # Input Analysis. Any attack for the standard rule will be evaluated
           # at execution time. As such, those rules are expected to implement
           # this custom behavior
           #
-          # @param _context [Contrast::Agent::RequestContext] the context for
+          # @param context [Contrast::Agent::RequestContext] the context for
           #   the current request
-          # @param _potential_attack_string [String] the input that may violate
+          # @param potential_attack_string [String] the input that may violate
           #   the rule and matched the attack detection logic
-          # @param _kwargs [Hash] key-value pairs used by the rule to build a
+          # @param **kwargs [Hash] key-value pairs used by the rule to build a
           #   report.
-          # @raise[NoMethodError] raises if subclass did not implement this method on extend
-          def find_attacker _context, _potential_attack_string, **_kwargs
-            raise(NoMethodError, "Rule #{ rule_name } did not implement find_attack")
+          def find_attacker context, potential_attack_string, **kwargs
+            ia_results = gather_ia_results(context)
+            find_attacker_with_results(context, potential_attack_string, ia_results, **kwargs)
           end
 
+          # Update the message's response type to be send to TS, depending on
+          # the attack results, and rule policy. The match with rules is also
+          # logged, and if an attack counter of the ia_result is increased.
+          #
+          # @param context [Contrast::Agent::RequestContext] the context for
+          #   the current request
+          # @param ia_result [Contrast::Agent::Reporting::InputAnalysis]
+          # @param result [Contrast::Agent::Reporting::AttackResult]
+          # @param attack_string [String] Potential attack vector
+          # @return [Contrast::Agent::Reporting::AttackResult]
           def update_successful_attack_response context, ia_result, result, attack_string = nil
             case mode
             when :MONITOR
@@ -268,6 +248,8 @@ module Contrast
             result
           end
 
+          # Update the response type for perimeter rules ( BAP ).
+          #
           # @param context [Contrast::Agent::RequestContext] the context of the
           #   request in which this input is evaluated.
           # @param ia_result [Contrast::Agent::Reporting::InputAnalysis] the
@@ -275,6 +257,7 @@ module Contrast
           # @param result [Contrast::Agent::Reporting::AttackResult] previous
           #   attack result for this rule, if one exists, in the case of
           #   multiple inputs being found to violate the protection criteria
+          # @return [Contrast::Agent::Reporting::AttackResult]
           def update_perimeter_attack_response context, ia_result, result
             if mode == :BLOCK_AT_PERIMETER
               result.response = if blocked_rule?(ia_result)
@@ -291,16 +274,12 @@ module Contrast
             result
           end
 
-          # Set up an attack result for the current rule
+          # Builds a caller's stack and appends it to a passed Rasp rule sample.
           #
-          # @param _context [Contrast::Agent::RequestContext] the context of
-          #   the current request
-          # @return [Contrast::Agent::Reporting::AttackResult]
-          def build_attack_result _context; end
-
           # @param sample [Contrast::Agent::Reporting::RaspRuleSample]
           # @param result [Contrast::Agent::Reporting::AttackResult, nil] previous attack result for this rule, if one
           #   exists, in the case of multiple inputs being found to violate the protection criteria
+          # @return [Contrast::Agent::Reporting::RaspRuleSample]
           def append_stack sample, result
             return unless sample
             return unless STACK_COLLECTION_RESULTS.include?(result&.response)
@@ -311,6 +290,8 @@ module Contrast
             sample.stack.concat(stack)
           end
 
+          # Appends an attack sample to existing attack results.
+          #
           # @param context [Contrast::Agent::RequestContext] the context of the request in which this input is
           #   evaluated.
           # @param ia_result [Contrast::Agent::Reporting::Settings::InputAnalysisResult] the analysis of the input that
@@ -332,27 +313,8 @@ module Contrast
             result.samples << sample
           end
 
-          # Override if rule can make use of the candidate string or kwargs to
-          # build rasp rule sample.
+          # Logs if a rule have matched an attack vector and it's being triggered.
           #
-          # @param context [Contrast::Agent::RequestContext]
-          # @param ia_result [Contrast::Agent::Reporting::Settings::InputAnalysisResult] the analysis of the input that
-          #   was determined to be an attack
-          # @param _candidate_string [String] potential attack value/ input containing attack value
-          # @param _kwargs [Hash]
-          # @return [Contrast::Agent::Reporting::RaspRuleSample]
-          def build_sample context, ia_result, _candidate_string, **_kwargs
-            build_base_sample(context, ia_result)
-          end
-
-          # @param context [Contrast::Agent::RequestContext]
-          # @param ia_result [Contrast::Agent::Reporting::Settings::InputAnalysisResult] the analysis of the input that
-          #   was determined to be an attack
-          # @return [Contrast::Agent::Reporting::RaspRuleSample]
-          def build_base_sample context, ia_result
-            Contrast::Agent::Reporting::RaspRuleSample.build(context, ia_result)
-          end
-
           def log_rule_matched _context, ia_result, response, _matched_string = nil
             logger.debug('A successful attack was detected',
                          rule: rule_name,
@@ -362,12 +324,26 @@ module Contrast
                          result: response)
           end
 
-          # This method returns the symbol for the enum
+          # This method will check against the current context IA and find any results that match
+          # the rule id.
           #
-          # @param enum [Enumerable]
-          # @return [Symbol]
-          def extract_input_type enum
-            Contrast::Api::Dtm::UserInput::InputType.get_name_by_tag(enum)
+          # @param context [Contrast::Agent::RequestContext]
+          # @return [Array<Contrast::Agent::Reporting::InputAnalysis>]
+          def gather_ia_results context
+            return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless context&.agent_input_analysis&.results
+
+            context.agent_input_analysis.results.select do |ia_result|
+              ia_result.rule_id == rule_name && ia_result.score_level != Contrast::Agent::Reporting::ScoreLevel::IGNORE
+            end
+          end
+
+          # Check to if result is blocked. Used for raise check.
+          #
+          # @param result [Contrast::Agent::Reporting::AttackResult]
+          def blocked_violation? result
+            return false unless result
+
+            result.response == Contrast::Agent::Reporting::ResponseType::BLOCKED
           end
 
           private
@@ -407,6 +383,17 @@ module Contrast
               Contrast::Agent::Reporting::ResponseType::PROBED
             end
           end
+
+          # @param context [Contrast::Agent::RequestContext]
+          # @param potential_attack_string [String, nil]
+          # @return [Contrast::Agent::Reporting, nil]
+          def find_postfilter_attacker context, potential_attack_string, **kwargs
+            ia_results = gather_ia_results(context)
+            ia_results.select! do |ia_result|
+              ia_result.score_level == Contrast::Agent::Reporting::ScoreLevel::DEFINITEATTACK
+            end
+            find_attacker_with_results(context, potential_attack_string, ia_results, **kwargs)
+          end
         end
       end
     end

data/lib/contrast/agent/protect/rule/{bot_blocker.rb → bot_blocker/bot_blocker.rb}

@@ -1,7 +1,7 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/protect/rule/base_service'
+require 'contrast/agent/protect/rule/base'
 require 'contrast/components/logger'
 require 'contrast/agent/reporting/input_analysis/input_type'
 require 'contrast/agent/reporting/input_analysis/score_level'
@@ -13,7 +13,7 @@ module Contrast
     module Protect
       module Rule
         # The Ruby implementation of the Protect BotBlocker rule.
-        class BotBlocker < Contrast::Agent::Protect::Rule::BaseService
+        class BotBlocker < Contrast::Agent::Protect::Rule::Base
           include Contrast::Components::Logger::InstanceMethods
           include Contrast::Agent::Reporting::InputType
 

data/lib/contrast/agent/protect/rule/{cmd_injection.rb → cmdi/cmd_injection.rb}

@@ -1,7 +1,7 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/protect/rule/base_service'
+require 'contrast/agent/protect/rule/base'
 require 'contrast/utils/stack_trace_utils'
 require 'contrast/utils/object_share'
 require 'contrast/components/logger'

data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb

@@ -1,11 +1,11 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/protect/rule/base_service'
-require 'contrast/agent/request_context'
+require 'contrast/agent/protect/rule/base'
+require 'contrast/agent/request/request_context'
 require 'contrast/utils/object_share'
 require 'contrast/agent/protect/rule/cmdi/cmdi_base_rule'
-require 'contrast/agent/protect/rule/cmd_injection'
+require 'contrast/agent/protect/rule/cmdi/cmd_injection'
 
 module Contrast
   module Agent

data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb

@@ -12,7 +12,7 @@ module Contrast
       module Rule
         # The Ruby implementation of the Protect Command Injection Semantic
         # Dangerous Path sub-rule. This rule should report
-        class CmdiBaseRule < Contrast::Agent::Protect::Rule::BaseService
+        class CmdiBaseRule < Contrast::Agent::Protect::Rule::Base
           include Contrast::Components::Logger::InstanceMethods
           include Contrast::Agent::Reporting::InputType
 

data/lib/contrast/agent/protect/rule/cmdi/cmdi_chained_command.rb

@@ -1,8 +1,8 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/protect/rule/base_service'
-require 'contrast/agent/request_context'
+require 'contrast/agent/protect/rule/base'
+require 'contrast/agent/request/request_context'
 require 'contrast/utils/object_share'
 require 'contrast/agent/protect/rule/cmdi/cmdi_base_rule'
 

data/lib/contrast/agent/protect/rule/cmdi/cmdi_dangerous_path.rb

@@ -1,8 +1,8 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/protect/rule/base_service'
-require 'contrast/agent/request_context'
+require 'contrast/agent/protect/rule/base'
+require 'contrast/agent/request/request_context'
 require 'contrast/utils/object_share'
 require 'contrast/agent/protect/rule/cmdi/cmdi_base_rule'
 

data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb

@@ -1,7 +1,7 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/protect/rule/cmd_injection'
+require 'contrast/agent/protect/rule/cmdi/cmd_injection'
 require 'contrast/agent/reporting/input_analysis/score_level'
 require 'contrast/agent/protect/input_analyzer/input_analyzer'
 require 'contrast/utils/input_classification_base'

data/lib/contrast/agent/protect/rule/{deserialization.rb → deserialization/deserialization.rb}

@@ -1,7 +1,7 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/protect/rule/base_service'
+require 'contrast/agent/protect/rule/base'
 require 'contrast/agent/reporting/details/untrusted_deserialization_details'
 require 'contrast/components/logger'
 
@@ -11,7 +11,7 @@ module Contrast
       module Rule
         # This class handles our implementation of the Untrusted
         # Deserialization Protect rule.
-        class Deserialization < Contrast::Agent::Protect::Rule::BaseService
+        class Deserialization < Contrast::Agent::Protect::Rule::Base
           # The TeamServer recognized name of this rule
           include Contrast::Components::Logger::InstanceMethods
           # Used to name this input since input analysis isn't done for this

data/lib/contrast/agent/protect/rule/{no_sqli.rb → no_sqli/no_sqli.rb}

@@ -1,8 +1,8 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/protect/rule/base_service'
-require 'contrast/agent/protect/rule/sql_sample_builder'
+require 'contrast/agent/protect/rule/base'
+require 'contrast/agent/protect/rule/sqli/sql_sample_builder'
 require 'contrast/agent/reporting/input_analysis/input_type'
 require 'contrast/agent/protect/rule/no_sqli/no_sqli_input_classification'
 
@@ -11,7 +11,7 @@ module Contrast
     module Protect
       module Rule
         # The Ruby implementation of the Protect NoSQL Injection rule.
-        class NoSqli < Contrast::Agent::Protect::Rule::BaseService
+        class NoSqli < Contrast::Agent::Protect::Rule::Base
           # Generate a sample for the No-SQL injection detection rule, allowing for reporting to and rendering
           # by TeamServer
           include SqlSampleBuilder::NoSqliSample

data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/utils/object_share'
-require 'contrast/agent/protect/rule/no_sqli'
+require 'contrast/agent/protect/rule/no_sqli/no_sqli'
 require 'contrast/agent/protect/input_analyzer/input_analyzer'
 require 'contrast/utils/input_classification_base'
 

data/lib/contrast/agent/protect/rule/{path_traversal.rb → path_traversal/path_traversal.rb}

@@ -1,7 +1,7 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/protect/rule/base_service'
+require 'contrast/agent/protect/rule/base'
 require 'contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass'
 require 'contrast/agent/reporting/input_analysis/input_type'
 require 'contrast/agent/reporting/input_analysis/score_level'
@@ -17,7 +17,7 @@ module Contrast
       module Rule
         # This class handles our implementation of the Path Traversal
         # Protect rule.
-        class PathTraversal < Contrast::Agent::Protect::Rule::BaseService
+        class PathTraversal < Contrast::Agent::Protect::Rule::Base
           include Contrast::Agent::Reporting::InputType
 
           NAME = 'path-traversal'

data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb

@@ -1,9 +1,9 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/protect/rule/base_service'
+require 'contrast/agent/protect/rule/base'
 require 'contrast/agent/reporting/details/path_traversal_semantic_analysis_details'
-require 'contrast/agent/request_context'
+require 'contrast/agent/request/request_context'
 require 'contrast/utils/string_utils'
 require 'contrast/agent_lib/api/path_semantic_file_security_bypass'
 require 'contrast/agent_lib/interface'
@@ -14,7 +14,7 @@ module Contrast
       module Rule
         # The Ruby implementation of the Protect Path Traversal Semantic
         # Bypass sub-rule. This rule should report the attack result
-        class PathTraversalSemanticBypass < Contrast::Agent::Protect::Rule::BaseService
+        class PathTraversalSemanticBypass < Contrast::Agent::Protect::Rule::Base
           NAME = 'path-traversal-semantic-file-security-bypass'
           SYSTEM_PATHS = %w[
             /proc/self

data/lib/contrast/agent/protect/rule/{sql_sample_builder.rb → sqli/sql_sample_builder.rb}

@@ -2,7 +2,6 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base'
-require 'contrast/agent/protect/rule/base_service'
 require 'contrast/agent/reporting/details/sqli_details'
 require 'contrast/agent/reporting/details/no_sqli_details'
 

data/lib/contrast/agent/protect/rule/{sqli.rb → sqli/sqli.rb}

@@ -1,9 +1,9 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/protect/rule/base_service'
+require 'contrast/agent/protect/rule/base'
 require 'contrast/agent/protect/policy/applies_sqli_rule'
-require 'contrast/agent/protect/rule/sql_sample_builder'
+require 'contrast/agent/protect/rule/sqli/sql_sample_builder'
 require 'contrast/agent/reporting/input_analysis/input_type'
 require 'contrast/agent/protect/rule/sqli/sqli_base_rule'
 require 'contrast/agent/protect/rule/sqli/sqli_semantic/sqli_dangerous_functions'

data/lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb

@@ -6,7 +6,7 @@ module Contrast
     module Protect
       module Rule
         # This is the Base Rule
-        class SqliBaseRule < Contrast::Agent::Protect::Rule::BaseService
+        class SqliBaseRule < Contrast::Agent::Protect::Rule::Base
           include Contrast::Components::Logger::InstanceMethods
           include Contrast::Agent::Reporting::InputType
 

data/lib/contrast/agent/protect/rule/{unsafe_file_upload.rb → unsafe_file_upload/unsafe_file_upload.rb}

@@ -1,7 +1,7 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/protect/rule/base_service'
+require 'contrast/agent/protect/rule/base'
 require 'contrast/agent/reporting/input_analysis/input_type'
 require 'contrast/agent/reporting/input_analysis/score_level'
 require 'contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification'
@@ -13,7 +13,7 @@ module Contrast
         # The Ruby implementation of the Protect Unsafe File Upload rule.
         # The unsafe-file-upload rule can trigger the following results:
         # BLOCKED in Blocking mode and SUSPICIOUS in Monitor mode.
-        class UnsafeFileUpload < Contrast::Agent::Protect::Rule::BaseService
+        class UnsafeFileUpload < Contrast::Agent::Protect::Rule::Base
           include Contrast::Agent::Reporting::InputType
 
           NAME = 'unsafe-file-upload'

data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/utils/object_share'
-require 'contrast/agent/protect/rule/unsafe_file_upload'
+require 'contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload'
 require 'contrast/agent/protect/input_analyzer/input_analyzer'
 require 'contrast/utils/input_classification_base'