RubyGems - contrast-agent - Versions diffs - 6.6.3 → 6.7.0 - Mend

contrast-agent 6.6.3 → 6.7.0

Files changed (185) hide show

data/lib/contrast/agent/reporting/details/details.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/details/bot_blocker_details'
+require 'contrast/agent/reporting/details/cmd_injection_details'
+require 'contrast/agent/reporting/details/http_method_tempering_details'
+require 'contrast/agent/reporting/details/no_sqli_details'
+require 'contrast/agent/reporting/details/path_traversal_details'
+require 'contrast/agent/reporting/details/protect_rule_details'
+require 'contrast/agent/reporting/details/sqli_details'
+require 'contrast/agent/reporting/details/untrusted_deserialization_details'
+require 'contrast/agent/reporting/details/xss_match'
+require 'contrast/agent/reporting/details/xss_details'
+require 'contrast/agent/reporting/details/xxe_details'
+require 'contrast/agent/reporting/details/xxe_match'
+require 'contrast/agent/reporting/details/xxe_wrapper'
+require 'contrast/agent/reporting/details/virtual_patch_details'
+require 'contrast/agent/reporting/details/ip_denylist_details'

data/lib/contrast/agent/reporting/details/http_method_tempering_details.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/details/protect_rule_details'
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # HttpMethodTemperingDetails IA result details info.
+        class HttpMethodTemperingDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :method
+          # @return [Integer]
+          attr_accessor :response_code
+          def to_controlled_hash
+            {
+                method: method, # rubocop:disable Security/Object/Method
+                responseCode: response_code
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/ip_denylist_details.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/details/protect_rule_details'
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # Bot blocker IA result details info.
+        class IpDenylistDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :ip
+          # @return [String]
+          attr_accessor :uuid
+          def to_controlled_hash
+            {
+                ip: ip,
+                uuid: uuid
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/no_sqli_details.rb ADDED Viewed

@@ -0,0 +1,36 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/details/protect_rule_details'
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # NoSqliDetails IA result details info.
+        class NoSqliDetails < ProtectRuleDetails
+          # @return [Integer]
+          attr_accessor :start_idx
+          # @return [Integer]
+          attr_accessor :end_idx
+          # @return [Integer]
+          attr_accessor :boundary_overrun_idx
+          # @return [Integer]
+          attr_accessor :input_boundary_idx
+          # @return [String]
+          attr_accessor :query
+          def to_controlled_hash
+            {
+                start: start_idx,
+                end: end_idx,
+                boundaryOverrunIndex: boundary_overrun_idx,
+                inputBoundaryIndex: input_boundary_idx,
+                query: query
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/path_traversal_details.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/details/protect_rule_details'
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # PathTraversalDetails IA result details info.
+        class PathTraversalDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :path
+          def to_controlled_hash
+            {
+                path: path
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/path_traversal_semantic_analysis_details.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/details/protect_rule_details'
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # PathTraversalDetails IA result details info.
+        class PathTraversalSemanticAnalysisDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :path
+          # @return [Array<Symbol>]
+          attr_accessor :findings
+          def initialize
+            @findings = []
+            super
+          end
+          def to_controlled_hash
+            {
+                path: path,
+                findings: findings&.map(&:to_s)
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/protect_rule_details.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # This class is holding additional info which is rule specific and this is
+        # the base class for type check made easy.
+        class ProtectRuleDetails
+          # Extend per each rule.
+          def to_controlled_hash; end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/sqli_dangerous_functions.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/details/protect_rule_details'
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # SqliDangerousFunctions IA result details info.
+        class SqliDangerousFunctions < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :query
+          def to_controlled_hash
+            { query: query }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/sqli_details.rb ADDED Viewed

@@ -0,0 +1,36 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/details/protect_rule_details'
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # SqliDetails IA result details info.
+        class SqliDetails < ProtectRuleDetails
+          # @return [Integer]
+          attr_accessor :start_idx
+          # @return [Integer]
+          attr_accessor :end_idx
+          # @return [Integer]
+          attr_accessor :boundary_overrun_idx
+          # @return [Integer]
+          attr_accessor :input_boundary_idx
+          # @return [String]
+          attr_accessor :query
+          def to_controlled_hash
+            {
+                start: start_idx,
+                end: end_idx,
+                boundaryOverrunIndex: boundary_overrun_idx,
+                inputBoundaryIndex: input_boundary_idx,
+                query: query
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/untrusted_deserialization_details.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/details/protect_rule_details'
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # Untrusted Deserialization IA result details info.
+        class UntrustedDeserializationDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :cmd
+          # @return [String]
+          attr_accessor :deserializer
+          def to_controlled_hash
+            {
+                command: cmd,
+                deserializer: deserializer
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/virtual_patch_details.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/details/protect_rule_details'
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # Bot blocker IA result details info.
+        class VirtualPatchDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :uuid
+          def to_controlled_hash
+            {
+                uuid: uuid
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/xss_details.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/details/protect_rule_details'
+require 'contrast/agent/reporting/details/xss_match'
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # XssDetails IA result details info.
+        class XssDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :input
+          # @return [<Array<Contrast::Agent::Reporting::XssMatch>]
+          attr_accessor :matches
+          def initialize
+            @matches = []
+            super
+          end
+          def to_controlled_hash
+            {
+                input: input,
+                matches: matches&.map(&:to_controlled_hash)
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/xss_match.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/details/protect_rule_details'
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # Matcher data for XSS rule.
+        class XssMatch
+          # @return [Integer] in ms
+          attr_accessor :evidence_start
+          # @return [String]
+          attr_accessor :evidence
+          # @return [Integer]
+          attr_accessor :offset
+          def to_controlled_hash
+            {
+                evidenceStart: evidence_start,
+                evidence: evidence,
+                offset: offset
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/xxe_details.rb ADDED Viewed

@@ -0,0 +1,36 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/details/protect_rule_details'
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # XssDetails IA result details info.
+        class XxeDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :xml
+          # @return [<Array<Contrast::Agent::Reporting::Details::XxeMatch>]
+          attr_accessor :declared_entities
+          # @return [<Array<Contrast::Agent::Reporting::Details::XxeWrapper>]
+          attr_accessor :entities_resolved
+          def initialize
+            @declared_entities = []
+            @entities_resolved = []
+            super
+          end
+          def to_controlled_hash
+            {
+                xml: xml,
+                declaredEntities: declared_entities&.map(&:to_controlled_hash),
+                entitiesResolved: entities_resolved&.map(&:to_controlled_hash)
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/xxe_match.rb ADDED Viewed

@@ -0,0 +1,25 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # Matcher data for XXE rule.
+        class XxeMatch
+          # @return [Integer]
+          attr_accessor :start_idx
+          # @return [Integer]
+          attr_accessor :end_idx
+          def to_controlled_hash
+            {
+                start: start_idx,
+                end: end_idx
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/xxe_wrapper.rb ADDED Viewed

@@ -0,0 +1,25 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # Wrapper data for XXE rule.
+        class XxeWrapper
+          # @return [String]
+          attr_accessor :system_id
+          # @return [String]
+          attr_accessor :public_id
+          def to_controlled_hash
+            {
+                systemId: system_id,
+                publicId: public_id
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb CHANGED Viewed

@@ -28,7 +28,7 @@ module Contrast
         # @return @_input_type [
         # Symbol<Contrast::Agent::Reporting::Settings::InputAnalysis::InputAnalysisResult::InputType>]
         def input_type
-          @_input_type ||= INPUT_TYPE::UNDEFINED_TYPE
+          @_input_type ||= INPUT_TYPE::UNKNOWN
         end
         # @param input_type [