contrast-agent 6.6.2 → 6.6.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (72) hide show
  1. checksums.yaml +4 -4
  2. data/lib/contrast/agent/assess/policy/trigger_method.rb +21 -6
  3. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +2 -0
  4. data/lib/contrast/agent/at_exit_hook.rb +1 -7
  5. data/lib/contrast/agent/inventory/database_config.rb +16 -12
  6. data/lib/contrast/agent/inventory/policy/datastores.rb +1 -2
  7. data/lib/contrast/agent/middleware.rb +0 -1
  8. data/lib/contrast/agent/protect/rule/base.rb +16 -20
  9. data/lib/contrast/agent/protect/rule/cmd_injection.rb +5 -4
  10. data/lib/contrast/agent/protect/rule/deserialization.rb +5 -4
  11. data/lib/contrast/agent/protect/rule/path_traversal.rb +9 -7
  12. data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +16 -14
  13. data/lib/contrast/agent/protect/rule/sqli.rb +1 -1
  14. data/lib/contrast/agent/protect/rule/xxe.rb +9 -6
  15. data/lib/contrast/agent/reporting/attack_result/attack_result.rb +8 -0
  16. data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +85 -36
  17. data/lib/contrast/agent/reporting/attack_result/user_input.rb +11 -0
  18. data/lib/contrast/agent/reporting/details/bot_blocker_details.rb +29 -0
  19. data/lib/contrast/agent/reporting/details/cmd_injection_details.rb +30 -0
  20. data/lib/contrast/agent/reporting/details/details.rb +18 -0
  21. data/lib/contrast/agent/reporting/details/http_method_tempering_details.rb +27 -0
  22. data/lib/contrast/agent/reporting/details/ip_denylist_details.rb +27 -0
  23. data/lib/contrast/agent/reporting/details/no_sqli_details.rb +36 -0
  24. data/lib/contrast/agent/reporting/details/path_traversal_details.rb +24 -0
  25. data/lib/contrast/agent/reporting/details/path_traversal_semantic_analysis_details.rb +32 -0
  26. data/lib/contrast/agent/reporting/details/protect_rule_details.rb +17 -0
  27. data/lib/contrast/agent/reporting/details/sqli_details.rb +36 -0
  28. data/lib/contrast/agent/reporting/details/untrusted_deserialization_details.rb +27 -0
  29. data/lib/contrast/agent/reporting/details/virtual_patch_details.rb +24 -0
  30. data/lib/contrast/agent/reporting/details/xss_details.rb +33 -0
  31. data/lib/contrast/agent/reporting/details/xss_match.rb +30 -0
  32. data/lib/contrast/agent/reporting/details/xxe_details.rb +36 -0
  33. data/lib/contrast/agent/reporting/details/xxe_match.rb +25 -0
  34. data/lib/contrast/agent/reporting/details/xxe_wrapper.rb +25 -0
  35. data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb +1 -1
  36. data/lib/contrast/agent/reporting/masker/masker.rb +78 -65
  37. data/lib/contrast/agent/reporting/masker/masker_utils.rb +1 -30
  38. data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +84 -15
  39. data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +13 -25
  40. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +17 -22
  41. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +46 -125
  42. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +5 -16
  43. data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +10 -18
  44. data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +6 -14
  45. data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +29 -20
  46. data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +45 -10
  47. data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +2 -2
  48. data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +0 -7
  49. data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +1 -1
  50. data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +2 -2
  51. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +2 -1
  52. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +1 -1
  53. data/lib/contrast/agent/request.rb +2 -0
  54. data/lib/contrast/agent/request_context.rb +13 -4
  55. data/lib/contrast/agent/request_context_extend.rb +59 -40
  56. data/lib/contrast/agent/request_handler.rb +7 -9
  57. data/lib/contrast/agent/service_heartbeat.rb +1 -1
  58. data/lib/contrast/agent/version.rb +1 -1
  59. data/lib/contrast/api/decorators/message.rb +1 -1
  60. data/lib/contrast/components/app_context.rb +62 -8
  61. data/lib/contrast/components/app_context_extend.rb +8 -8
  62. data/lib/contrast/config/assess_configuration.rb +1 -1
  63. data/lib/contrast/config/root_configuration.rb +6 -4
  64. data/lib/contrast/config.rb +0 -1
  65. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -6
  66. data/lib/contrast/utils/assess/event_limit_utils.rb +26 -7
  67. data/lib/contrast/utils/log_utils.rb +16 -10
  68. data/lib/contrast/utils/net_http_base.rb +5 -6
  69. data/lib/contrast/utils/string_utils.rb +2 -6
  70. data/lib/contrast.rb +1 -1
  71. metadata +30 -14
  72. data/lib/contrast/config/application_configuration.rb +0 -57
@@ -4,48 +4,97 @@
4
4
  require 'contrast/utils/object_share'
5
5
  require 'contrast/utils/timer'
6
6
  require 'contrast/agent/reporting/attack_result/user_input'
7
+ require 'contrast/agent/reporting/input_analysis/input_type'
8
+ require 'contrast/agent/reporting/details/protect_rule_details'
7
9
 
8
10
  module Contrast
9
11
  module Agent
10
12
  module Reporting
11
13
  # This class will hold the new RaspRuleSample.
12
- # protect rules.
13
- class RaspRuleSample # rubocop:disable Lint/EmptyClass
14
- # def timestamp
15
- # @_timestamp ||= 0
16
- # end
14
+ # It is mainly used to build samples for each
15
+ # protect rule, and translate data from SP IA.
16
+ # It is not a reporting event.
17
+ class RaspRuleSample
18
+ # Any rules specific details
17
19
  #
18
- # def timestamp= timestamp_ms
19
- # @_timestamp = timestamp_ms
20
- # end
21
- #
22
- # def user_input
23
- # @_user_input ||= Contrast::Agent::Reporting::UserInput.new
24
- # end
25
- #
26
- # def user_input= input
27
- # @_user_input = input if input.is_a?(Contrast::Agent::Reporting::UserInput)
28
- # end
29
- #
30
- # def build context, ia_result
31
- # sample = self
32
- # sample.timestamp = context&.timer&.start_ms
33
- # sample.user_input = build_user_input_from_ia(ia_result)
34
- # sample.user_input.document_type = if context&.request
35
- # Contrast::Utils::StringUtils.force_utf8(context.request.document_type)
36
- # end
37
- # sample
38
- # end
39
- #
40
- # def build_user_input_from_ia ia_result
41
- # user_input = Contrast::Agent::Reporting::UserInput.new
42
- # user_input.input_type = ia_result.input_type
43
- # user_input.matcher_ids = ia_result.ids
44
- # user_input.path = ia_result.path
45
- # user_input.key = ia_result.key if ia_result.key
46
- # user_input.value = ia_result.value if ia_result.value
47
- # user_input
48
- # end
20
+ # @return [Contrast::Agent::Reporting::Details::ProtectRuleDetails, nil]
21
+ attr_accessor :details
22
+ # @return [Contrast::Agent::Reporting::Details::IpDenylistDetails, nil]
23
+ attr_accessor :ip_denylist
24
+ # @return [Contrast::Agent::Reporting::Details::VirtualPatchDetails, nil]
25
+ attr_accessor :virtual_patch
26
+
27
+ class << self
28
+ def build context, ia_result
29
+ sample = new
30
+ sample.time_stamp = context&.timer&.start_ms
31
+ sample.user_input = build_user_input_from_ia(ia_result)
32
+ sample.user_input.document_type = if context&.request
33
+ Contrast::Utils::StringUtils.force_utf8(context.request.document_type)
34
+ end
35
+ sample
36
+ end
37
+
38
+ def build_user_input_from_ia ia_result
39
+ # TODO: RUBY-99999 remove once only using Agent IA
40
+ result = if ia_result.cs__is_a?(Contrast::Api::Settings::InputAnalysisResult)
41
+ transform_ia_result(ia_result)
42
+ else
43
+ # Use Agent ia_result
44
+ ia_result
45
+ end
46
+ user_input = Contrast::Agent::Reporting::UserInput.new
47
+ return user_input unless result
48
+
49
+ user_input.input_type = result.input_type
50
+ user_input.matcher_ids = result.ids
51
+ user_input.path = result.path
52
+ user_input.key = result.key if result.key
53
+ user_input.value = result.value if result.value
54
+ user_input
55
+ end
56
+
57
+ # @param [Contrast::Api::Settings::InputAnalysisResult]
58
+ # @return [Contrast::Agent::Reporting::InputAnalysisResult]
59
+ def transform_ia_result dtm_ia_result
60
+ ia_result = Contrast::Agent::Reporting::InputAnalysisResult.new
61
+ ia_result.input_type = Contrast::Agent::Reporting::InputType.to_a.find do |value|
62
+ value == dtm_ia_result.input_type.name # rubocop:disable Security/Module/Name
63
+ end
64
+ ia_result.score_level = dtm_ia_result.score_level.name # rubocop:disable Security/Module/Name
65
+ ia_result.value = dtm_ia_result.value
66
+ ia_result.key = dtm_ia_result.key
67
+ ia_result.path = dtm_ia_result.path
68
+ ia_result.rule_id = dtm_ia_result.rule_id
69
+ ia_result.attack_count = dtm_ia_result.attack_count
70
+ ia_result.ids = dtm_ia_result.ids
71
+ ia_result
72
+ end
73
+ end
74
+
75
+ def time_stamp
76
+ @_time_stamp ||= Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0
77
+ end
78
+
79
+ def time_stamp= timestamp_ms
80
+ @_time_stamp = timestamp_ms
81
+ end
82
+
83
+ def user_input
84
+ @_user_input ||= Contrast::Agent::Reporting::UserInput.new
85
+ end
86
+
87
+ def user_input= input
88
+ @_user_input = input if input.is_a?(Contrast::Agent::Reporting::UserInput)
89
+ end
90
+
91
+ def to_controlled_hash
92
+ {
93
+ timeStamp: Time.at(time_stamp).iso8601,
94
+ userInput: user_input.to_controlled_hash,
95
+ details: details&.to_controlled_hash
96
+ }
97
+ end
49
98
  end
50
99
  end
51
100
  end
@@ -81,6 +81,17 @@ module Contrast
81
81
  def matcher_ids= ids
82
82
  @_matcher_ids = ids if ids.is_a?(Array) && ids.any?(String)
83
83
  end
84
+
85
+ def to_controlled_hash
86
+ {
87
+ path: path,
88
+ key: key,
89
+ value: value,
90
+ inputType: input_type.to_s,
91
+ documentType: document_type.to_s,
92
+ matcherIds: matcher_ids&.map(&:to_s)
93
+ }
94
+ end
84
95
  end
85
96
  end
86
97
  end
@@ -0,0 +1,29 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/protect_rule_details'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Details
10
+ # Bot blocker IA result details info.
11
+ class BotBlockerDetails < ProtectRuleDetails
12
+ # @return [String]
13
+ attr_accessor :bot
14
+ # User agent header value
15
+ #
16
+ # @return [String]
17
+ attr_accessor :user_agent
18
+
19
+ def to_controlled_hash
20
+ {
21
+ bot: bot,
22
+ userAgent: user_agent
23
+ }
24
+ end
25
+ end
26
+ end
27
+ end
28
+ end
29
+ end
@@ -0,0 +1,30 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/protect_rule_details'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Details
10
+ # CMDI IA result details info.
11
+ class CmdInjectionDetails < ProtectRuleDetails
12
+ # @return [String]
13
+ attr_accessor :cmd
14
+ # @return [Integer]
15
+ attr_accessor :start_idx
16
+ # @return [Integer]
17
+ attr_accessor :end_idx
18
+
19
+ def to_controlled_hash
20
+ {
21
+ command: cmd,
22
+ startIndex: start_idx,
23
+ endIndex: end_idx
24
+ }
25
+ end
26
+ end
27
+ end
28
+ end
29
+ end
30
+ end
@@ -0,0 +1,18 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/bot_blocker_details'
5
+ require 'contrast/agent/reporting/details/cmd_injection_details'
6
+ require 'contrast/agent/reporting/details/http_method_tempering_details'
7
+ require 'contrast/agent/reporting/details/no_sqli_details'
8
+ require 'contrast/agent/reporting/details/path_traversal_details'
9
+ require 'contrast/agent/reporting/details/protect_rule_details'
10
+ require 'contrast/agent/reporting/details/sqli_details'
11
+ require 'contrast/agent/reporting/details/untrusted_deserialization_details'
12
+ require 'contrast/agent/reporting/details/xss_match'
13
+ require 'contrast/agent/reporting/details/xss_details'
14
+ require 'contrast/agent/reporting/details/xxe_details'
15
+ require 'contrast/agent/reporting/details/xxe_match'
16
+ require 'contrast/agent/reporting/details/xxe_wrapper'
17
+ require 'contrast/agent/reporting/details/virtual_patch_details'
18
+ require 'contrast/agent/reporting/details/ip_denylist_details'
@@ -0,0 +1,27 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/protect_rule_details'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Details
10
+ # HttpMethodTemperingDetails IA result details info.
11
+ class HttpMethodTemperingDetails < ProtectRuleDetails
12
+ # @return [String]
13
+ attr_accessor :method
14
+ # @return [Integer]
15
+ attr_accessor :response_code
16
+
17
+ def to_controlled_hash
18
+ {
19
+ method: method, # rubocop:disable Security/Object/Method
20
+ responseCode: response_code
21
+ }
22
+ end
23
+ end
24
+ end
25
+ end
26
+ end
27
+ end
@@ -0,0 +1,27 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/protect_rule_details'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Details
10
+ # Bot blocker IA result details info.
11
+ class IpDenylistDetails < ProtectRuleDetails
12
+ # @return [String]
13
+ attr_accessor :ip
14
+ # @return [String]
15
+ attr_accessor :uuid
16
+
17
+ def to_controlled_hash
18
+ {
19
+ ip: ip,
20
+ uuid: uuid
21
+ }
22
+ end
23
+ end
24
+ end
25
+ end
26
+ end
27
+ end
@@ -0,0 +1,36 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/protect_rule_details'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Details
10
+ # NoSqliDetails IA result details info.
11
+ class NoSqliDetails < ProtectRuleDetails
12
+ # @return [Integer]
13
+ attr_accessor :start_idx
14
+ # @return [Integer]
15
+ attr_accessor :end_idx
16
+ # @return [Integer]
17
+ attr_accessor :boundary_overrun_idx
18
+ # @return [Integer]
19
+ attr_accessor :input_boundary_idx
20
+ # @return [String]
21
+ attr_accessor :query
22
+
23
+ def to_controlled_hash
24
+ {
25
+ start: start_idx,
26
+ end: end_idx,
27
+ boundaryOverrunIndex: boundary_overrun_idx,
28
+ inputBoundaryIndex: input_boundary_idx,
29
+ query: query
30
+ }
31
+ end
32
+ end
33
+ end
34
+ end
35
+ end
36
+ end
@@ -0,0 +1,24 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/protect_rule_details'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Details
10
+ # PathTraversalDetails IA result details info.
11
+ class PathTraversalDetails < ProtectRuleDetails
12
+ # @return [String]
13
+ attr_accessor :path
14
+
15
+ def to_controlled_hash
16
+ {
17
+ path: path
18
+ }
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
@@ -0,0 +1,32 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/protect_rule_details'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Details
10
+ # PathTraversalDetails IA result details info.
11
+ class PathTraversalSemanticAnalysisDetails < ProtectRuleDetails
12
+ # @return [String]
13
+ attr_accessor :path
14
+ # @return [Array<Symbol>]
15
+ attr_accessor :findings
16
+
17
+ def initialize
18
+ @findings = []
19
+ super
20
+ end
21
+
22
+ def to_controlled_hash
23
+ {
24
+ path: path,
25
+ findings: findings&.map(&:to_s)
26
+ }
27
+ end
28
+ end
29
+ end
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,17 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ module Contrast
5
+ module Agent
6
+ module Reporting
7
+ module Details
8
+ # This class is holding additional info which is rule specific and this is
9
+ # the base class for type check made easy.
10
+ class ProtectRuleDetails
11
+ # Extend per each rule.
12
+ def to_controlled_hash; end
13
+ end
14
+ end
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,36 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/protect_rule_details'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Details
10
+ # SqliDetails IA result details info.
11
+ class SqliDetails < ProtectRuleDetails
12
+ # @return [Integer]
13
+ attr_accessor :start_idx
14
+ # @return [Integer]
15
+ attr_accessor :end_idx
16
+ # @return [Integer]
17
+ attr_accessor :boundary_overrun_idx
18
+ # @return [Integer]
19
+ attr_accessor :input_boundary_idx
20
+ # @return [String]
21
+ attr_accessor :query
22
+
23
+ def to_controlled_hash
24
+ {
25
+ start: start_idx,
26
+ end: end_idx,
27
+ boundaryOverrunIndex: boundary_overrun_idx,
28
+ inputBoundaryIndex: input_boundary_idx,
29
+ query: query
30
+ }
31
+ end
32
+ end
33
+ end
34
+ end
35
+ end
36
+ end
@@ -0,0 +1,27 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/protect_rule_details'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Details
10
+ # Untrusted Deserialization IA result details info.
11
+ class UntrustedDeserializationDetails < ProtectRuleDetails
12
+ # @return [String]
13
+ attr_accessor :cmd
14
+ # @return [String]
15
+ attr_accessor :deserializer
16
+
17
+ def to_controlled_hash
18
+ {
19
+ command: cmd,
20
+ deserializer: deserializer
21
+ }
22
+ end
23
+ end
24
+ end
25
+ end
26
+ end
27
+ end
@@ -0,0 +1,24 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/protect_rule_details'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Details
10
+ # Bot blocker IA result details info.
11
+ class VirtualPatchDetails < ProtectRuleDetails
12
+ # @return [String]
13
+ attr_accessor :uuid
14
+
15
+ def to_controlled_hash
16
+ {
17
+ uuid: uuid
18
+ }
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
@@ -0,0 +1,33 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/protect_rule_details'
5
+ require 'contrast/agent/reporting/details/xss_match'
6
+
7
+ module Contrast
8
+ module Agent
9
+ module Reporting
10
+ module Details
11
+ # XssDetails IA result details info.
12
+ class XssDetails < ProtectRuleDetails
13
+ # @return [String]
14
+ attr_accessor :input
15
+ # @return [<Array<Contrast::Agent::Reporting::XssMatch>]
16
+ attr_accessor :matches
17
+
18
+ def initialize
19
+ @matches = []
20
+ super
21
+ end
22
+
23
+ def to_controlled_hash
24
+ {
25
+ input: input,
26
+ matches: matches&.map(&:to_controlled_hash)
27
+ }
28
+ end
29
+ end
30
+ end
31
+ end
32
+ end
33
+ end
@@ -0,0 +1,30 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/protect_rule_details'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Details
10
+ # Matcher data for XSS rule.
11
+ class XssMatch
12
+ # @return [Integer] in ms
13
+ attr_accessor :evidence_start
14
+ # @return [String]
15
+ attr_accessor :evidence
16
+ # @return [Integer]
17
+ attr_accessor :offset
18
+
19
+ def to_controlled_hash
20
+ {
21
+ evidenceStart: evidence_start,
22
+ evidence: evidence,
23
+ offset: offset
24
+ }
25
+ end
26
+ end
27
+ end
28
+ end
29
+ end
30
+ end
@@ -0,0 +1,36 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/details/protect_rule_details'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Details
10
+ # XssDetails IA result details info.
11
+ class XxeDetails < ProtectRuleDetails
12
+ # @return [String]
13
+ attr_accessor :xml
14
+ # @return [<Array<Contrast::Agent::Reporting::Details::XxeMatch>]
15
+ attr_accessor :declared_entities
16
+ # @return [<Array<Contrast::Agent::Reporting::Details::XxeWrapper>]
17
+ attr_accessor :entities_resolved
18
+
19
+ def initialize
20
+ @declared_entities = []
21
+ @entities_resolved = []
22
+ super
23
+ end
24
+
25
+ def to_controlled_hash
26
+ {
27
+ xml: xml,
28
+ declaredEntities: declared_entities&.map(&:to_controlled_hash),
29
+ entitiesResolved: entities_resolved&.map(&:to_controlled_hash)
30
+ }
31
+ end
32
+ end
33
+ end
34
+ end
35
+ end
36
+ end
@@ -0,0 +1,25 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ module Contrast
5
+ module Agent
6
+ module Reporting
7
+ module Details
8
+ # Matcher data for XXE rule.
9
+ class XxeMatch
10
+ # @return [Integer]
11
+ attr_accessor :start_idx
12
+ # @return [Integer]
13
+ attr_accessor :end_idx
14
+
15
+ def to_controlled_hash
16
+ {
17
+ start: start_idx,
18
+ end: end_idx
19
+ }
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
25
+ end
@@ -0,0 +1,25 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ module Contrast
5
+ module Agent
6
+ module Reporting
7
+ module Details
8
+ # Wrapper data for XXE rule.
9
+ class XxeWrapper
10
+ # @return [String]
11
+ attr_accessor :system_id
12
+ # @return [String]
13
+ attr_accessor :public_id
14
+
15
+ def to_controlled_hash
16
+ {
17
+ systemId: system_id,
18
+ publicId: public_id
19
+ }
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
25
+ end
@@ -28,7 +28,7 @@ module Contrast
28
28
  # @return @_input_type [
29
29
  # Symbol<Contrast::Agent::Reporting::Settings::InputAnalysis::InputAnalysisResult::InputType>]
30
30
  def input_type
31
- @_input_type ||= INPUT_TYPE::UNDEFINED_TYPE
31
+ @_input_type ||= INPUT_TYPE::UNKNOWN
32
32
  end
33
33
 
34
34
  # @param input_type [