contrast-agent 6.6.4 → 6.6.5

data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb

@@ -4,48 +4,97 @@
 require 'contrast/utils/object_share'
 require 'contrast/utils/timer'
 require 'contrast/agent/reporting/attack_result/user_input'
+require 'contrast/agent/reporting/input_analysis/input_type'
+require 'contrast/agent/reporting/details/protect_rule_details'
 
 module Contrast
   module Agent
     module Reporting
       # This class will hold the new RaspRuleSample.
-      # protect rules.
-      class RaspRuleSample # rubocop:disable Lint/EmptyClass
-        # def timestamp
-        #   @_timestamp ||= 0
-        # end
+      # It is mainly used to build samples for each
+      # protect rule, and translate data from SP IA.
+      # It is not a reporting event.
+      class RaspRuleSample
+        # Any rules specific details
         #
-        # def timestamp= timestamp_ms
-        #   @_timestamp = timestamp_ms
-        # end
-        #
-        # def user_input
-        #   @_user_input ||= Contrast::Agent::Reporting::UserInput.new
-        # end
-        #
-        # def user_input= input
-        #   @_user_input = input if input.is_a?(Contrast::Agent::Reporting::UserInput)
-        # end
-        #
-        # def build context, ia_result
-        #   sample = self
-        #   sample.timestamp = context&.timer&.start_ms
-        #   sample.user_input = build_user_input_from_ia(ia_result)
-        #   sample.user_input.document_type = if context&.request
-        #                                       Contrast::Utils::StringUtils.force_utf8(context.request.document_type)
-        #                                     end
-        #   sample
-        # end
-        #
-        # def build_user_input_from_ia ia_result
-        #   user_input = Contrast::Agent::Reporting::UserInput.new
-        #   user_input.input_type = ia_result.input_type
-        #   user_input.matcher_ids = ia_result.ids
-        #   user_input.path = ia_result.path
-        #   user_input.key = ia_result.key if ia_result.key
-        #   user_input.value = ia_result.value if ia_result.value
-        #   user_input
-        # end
+        # @return [Contrast::Agent::Reporting::Details::ProtectRuleDetails, nil]
+        attr_accessor :details
+        # @return [Contrast::Agent::Reporting::Details::IpDenylistDetails, nil]
+        attr_accessor :ip_denylist
+        # @return [Contrast::Agent::Reporting::Details::VirtualPatchDetails, nil]
+        attr_accessor :virtual_patch
+
+        class << self
+          def build context, ia_result
+            sample = new
+            sample.time_stamp = context&.timer&.start_ms
+            sample.user_input = build_user_input_from_ia(ia_result)
+            sample.user_input.document_type = if context&.request
+                                                Contrast::Utils::StringUtils.force_utf8(context.request.document_type)
+                                              end
+            sample
+          end
+
+          def build_user_input_from_ia ia_result
+            # TODO: RUBY-99999 remove once only using Agent IA
+            result = if ia_result.cs__is_a?(Contrast::Api::Settings::InputAnalysisResult)
+                       transform_ia_result(ia_result)
+                     else
+                       # Use Agent ia_result
+                       ia_result
+                     end
+            user_input = Contrast::Agent::Reporting::UserInput.new
+            return user_input unless result
+
+            user_input.input_type = result.input_type
+            user_input.matcher_ids = result.ids
+            user_input.path = result.path
+            user_input.key = result.key if result.key
+            user_input.value = result.value if result.value
+            user_input
+          end
+
+          # @param [Contrast::Api::Settings::InputAnalysisResult]
+          # @return [Contrast::Agent::Reporting::InputAnalysisResult]
+          def transform_ia_result dtm_ia_result
+            ia_result = Contrast::Agent::Reporting::InputAnalysisResult.new
+            ia_result.input_type = Contrast::Agent::Reporting::InputType.to_a.find do |value|
+              value == dtm_ia_result.input_type.name # rubocop:disable Security/Module/Name
+            end
+            ia_result.score_level = dtm_ia_result.score_level.name # rubocop:disable Security/Module/Name
+            ia_result.value = dtm_ia_result.value
+            ia_result.key = dtm_ia_result.key
+            ia_result.path = dtm_ia_result.path
+            ia_result.rule_id = dtm_ia_result.rule_id
+            ia_result.attack_count = dtm_ia_result.attack_count
+            ia_result.ids = dtm_ia_result.ids
+            ia_result
+          end
+        end
+
+        def time_stamp
+          @_time_stamp ||= Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0
+        end
+
+        def time_stamp= timestamp_ms
+          @_time_stamp = timestamp_ms
+        end
+
+        def user_input
+          @_user_input ||= Contrast::Agent::Reporting::UserInput.new
+        end
+
+        def user_input= input
+          @_user_input = input if input.is_a?(Contrast::Agent::Reporting::UserInput)
+        end
+
+        def to_controlled_hash
+          {
+              timeStamp: Time.at(time_stamp).iso8601,
+              userInput: user_input.to_controlled_hash,
+              details: details&.to_controlled_hash
+          }
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/attack_result/user_input.rb

@@ -81,6 +81,17 @@ module Contrast
         def matcher_ids= ids
           @_matcher_ids = ids if ids.is_a?(Array) && ids.any?(String)
         end
+
+        def to_controlled_hash
+          {
+              path: path,
+              key: key,
+              value: value,
+              inputType: input_type.to_s,
+              documentType: document_type.to_s,
+              matcherIds: matcher_ids&.map(&:to_s)
+          }
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/details/bot_blocker_details.rb

@@ -0,0 +1,29 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # Bot blocker IA result details info.
+        class BotBlockerDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :bot
+          # User agent header value
+          #
+          # @return [String]
+          attr_accessor :user_agent
+
+          def to_controlled_hash
+            {
+                bot: bot,
+                userAgent: user_agent
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/cmd_injection_details.rb

@@ -0,0 +1,30 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # CMDI IA result details info.
+        class CmdInjectionDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :cmd
+          # @return [Integer]
+          attr_accessor :start_idx
+          # @return [Integer]
+          attr_accessor :end_idx
+
+          def to_controlled_hash
+            {
+                command: cmd,
+                startIndex: start_idx,
+                endIndex: end_idx
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/details.rb

@@ -0,0 +1,18 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/bot_blocker_details'
+require 'contrast/agent/reporting/details/cmd_injection_details'
+require 'contrast/agent/reporting/details/http_method_tempering_details'
+require 'contrast/agent/reporting/details/no_sqli_details'
+require 'contrast/agent/reporting/details/path_traversal_details'
+require 'contrast/agent/reporting/details/protect_rule_details'
+require 'contrast/agent/reporting/details/sqli_details'
+require 'contrast/agent/reporting/details/untrusted_deserialization_details'
+require 'contrast/agent/reporting/details/xss_match'
+require 'contrast/agent/reporting/details/xss_details'
+require 'contrast/agent/reporting/details/xxe_details'
+require 'contrast/agent/reporting/details/xxe_match'
+require 'contrast/agent/reporting/details/xxe_wrapper'
+require 'contrast/agent/reporting/details/virtual_patch_details'
+require 'contrast/agent/reporting/details/ip_denylist_details'

data/lib/contrast/agent/reporting/details/http_method_tempering_details.rb

@@ -0,0 +1,27 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # HttpMethodTemperingDetails IA result details info.
+        class HttpMethodTemperingDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :method
+          # @return [Integer]
+          attr_accessor :response_code
+
+          def to_controlled_hash
+            {
+                method: method, # rubocop:disable Security/Object/Method
+                responseCode: response_code
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/ip_denylist_details.rb

@@ -0,0 +1,27 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # Bot blocker IA result details info.
+        class IpDenylistDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :ip
+          # @return [String]
+          attr_accessor :uuid
+
+          def to_controlled_hash
+            {
+                ip: ip,
+                uuid: uuid
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/no_sqli_details.rb

@@ -0,0 +1,36 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # NoSqliDetails IA result details info.
+        class NoSqliDetails < ProtectRuleDetails
+          # @return [Integer]
+          attr_accessor :start_idx
+          # @return [Integer]
+          attr_accessor :end_idx
+          # @return [Integer]
+          attr_accessor :boundary_overrun_idx
+          # @return [Integer]
+          attr_accessor :input_boundary_idx
+          # @return [String]
+          attr_accessor :query
+
+          def to_controlled_hash
+            {
+                start: start_idx,
+                end: end_idx,
+                boundaryOverrunIndex: boundary_overrun_idx,
+                inputBoundaryIndex: input_boundary_idx,
+                query: query
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/path_traversal_details.rb

@@ -0,0 +1,24 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # PathTraversalDetails IA result details info.
+        class PathTraversalDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :path
+
+          def to_controlled_hash
+            {
+                path: path
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/path_traversal_semantic_analysis_details.rb

@@ -0,0 +1,32 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # PathTraversalDetails IA result details info.
+        class PathTraversalSemanticAnalysisDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :path
+          # @return [Array<Symbol>]
+          attr_accessor :findings
+
+          def initialize
+            @findings = []
+            super
+          end
+
+          def to_controlled_hash
+            {
+                path: path,
+                findings: findings&.map(&:to_s)
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/protect_rule_details.rb

@@ -0,0 +1,17 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # This class is holding additional info which is rule specific and this is
+        # the base class for type check made easy.
+        class ProtectRuleDetails
+          # Extend per each rule.
+          def to_controlled_hash; end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/sqli_details.rb

@@ -0,0 +1,36 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # SqliDetails IA result details info.
+        class SqliDetails < ProtectRuleDetails
+          # @return [Integer]
+          attr_accessor :start_idx
+          # @return [Integer]
+          attr_accessor :end_idx
+          # @return [Integer]
+          attr_accessor :boundary_overrun_idx
+          # @return [Integer]
+          attr_accessor :input_boundary_idx
+          # @return [String]
+          attr_accessor :query
+
+          def to_controlled_hash
+            {
+                start: start_idx,
+                end: end_idx,
+                boundaryOverrunIndex: boundary_overrun_idx,
+                inputBoundaryIndex: input_boundary_idx,
+                query: query
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/untrusted_deserialization_details.rb

@@ -0,0 +1,27 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # Untrusted Deserialization IA result details info.
+        class UntrustedDeserializationDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :cmd
+          # @return [String]
+          attr_accessor :deserializer
+
+          def to_controlled_hash
+            {
+                command: cmd,
+                deserializer: deserializer
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/virtual_patch_details.rb

@@ -0,0 +1,24 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # Bot blocker IA result details info.
+        class VirtualPatchDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :uuid
+
+          def to_controlled_hash
+            {
+                uuid: uuid
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/xss_details.rb

@@ -0,0 +1,33 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/protect_rule_details'
+require 'contrast/agent/reporting/details/xss_match'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # XssDetails IA result details info.
+        class XssDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :input
+          # @return [<Array<Contrast::Agent::Reporting::XssMatch>]
+          attr_accessor :matches
+
+          def initialize
+            @matches = []
+            super
+          end
+
+          def to_controlled_hash
+            {
+                input: input,
+                matches: matches&.map(&:to_controlled_hash)
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/xss_match.rb

@@ -0,0 +1,30 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # Matcher data for XSS rule.
+        class XssMatch
+          # @return [Integer] in ms
+          attr_accessor :evidence_start
+          # @return [String]
+          attr_accessor :evidence
+          # @return [Integer]
+          attr_accessor :offset
+
+          def to_controlled_hash
+            {
+                evidenceStart: evidence_start,
+                evidence: evidence,
+                offset: offset
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/xxe_details.rb

@@ -0,0 +1,36 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # XssDetails IA result details info.
+        class XxeDetails < ProtectRuleDetails
+          # @return [String]
+          attr_accessor :xml
+          # @return [<Array<Contrast::Agent::Reporting::Details::XxeMatch>]
+          attr_accessor :declared_entities
+          # @return [<Array<Contrast::Agent::Reporting::Details::XxeWrapper>]
+          attr_accessor :entities_resolved
+
+          def initialize
+            @declared_entities = []
+            @entities_resolved = []
+            super
+          end
+
+          def to_controlled_hash
+            {
+                xml: xml,
+                declaredEntities: declared_entities&.map(&:to_controlled_hash),
+                entitiesResolved: entities_resolved&.map(&:to_controlled_hash)
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/xxe_match.rb

@@ -0,0 +1,25 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # Matcher data for XXE rule.
+        class XxeMatch
+          # @return [Integer]
+          attr_accessor :start_idx
+          # @return [Integer]
+          attr_accessor :end_idx
+
+          def to_controlled_hash
+            {
+                start: start_idx,
+                end: end_idx
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/details/xxe_wrapper.rb

@@ -0,0 +1,25 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      module Details
+        # Wrapper data for XXE rule.
+        class XxeWrapper
+          # @return [String]
+          attr_accessor :system_id
+          # @return [String]
+          attr_accessor :public_id
+
+          def to_controlled_hash
+            {
+                systemId: system_id,
+                publicId: public_id
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb

@@ -28,7 +28,7 @@ module Contrast
         # @return @_input_type [
         # Symbol<Contrast::Agent::Reporting::Settings::InputAnalysis::InputAnalysisResult::InputType>]
         def input_type
-          @_input_type ||= INPUT_TYPE::UNDEFINED_TYPE
+          @_input_type ||= INPUT_TYPE::UNKNOWN
         end
 
         # @param input_type [