Class: Contrast::Agent::Assess::Policy::Trigger::Xpath

Inherits:

Object

• Object
• Contrast::Agent::Assess::Policy::Trigger::Xpath

Defined in:

lib/contrast/agent/assess/policy/trigger/xpath.rb

Overview

This acts a trigger to handle the special cases of the XPath library gem and the Oga gem. Untrusted data may come into the trigger methods from these classes as an array or hash, respectively. Since untrusted user input comes into these triggers as a splat argument or an options hash, we need to iterate through these objects to see if we were tracking on any of them and report a finding if so.

Class Method Summary

• .xpath_expression_trigger(trigger_node, _source, object, ret, *args) ⇒ Object
• .xpath_oga_trigger(trigger_node, _source, object, ret, *args) ⇒ Object

Class Method Details

.xpath_expression_trigger(trigger_node, _source, object, ret, *args) ⇒ Object

# File 'lib/contrast/agent/assess/policy/trigger/xpath.rb', line 18

def xpath_expression_trigger trigger_node, _source, object, ret, *args
  return ret unless args

  process(trigger_node, object, ret, *args)
end

.xpath_oga_trigger(trigger_node, _source, object, ret, *args) ⇒ Object

# File 'lib/contrast/agent/assess/policy/trigger/xpath.rb', line 24

def xpath_oga_trigger trigger_node, _source, object, ret, *args
  return ret unless args

  # convert the options arg in Oga::XML::CharacterNode#initialize into an
  # array of its values so we can check if any are unsafe
  args = args.first.values if args.first.cs__is_a?(Hash)
  process(trigger_node, object, ret, *args)
end