Module: Contrast::Agent::Protect::Policy::AppliesNoSqliRule

Extended by:
RuleApplicator
Defined in:
lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb

Overview

This Module is how we apply the NoSQL Injection rule. It is called from our patches of the targeted methods in which the execution of String based NoSQL queries occur. It is responsible for deciding if the infilter methods of the rule should be invoked.

Constant Summary collapse

DATABASE_NOSQL = 
'MongoDB'

Class Method Summary collapse

Methods included from RuleApplicator

apply_classification, apply_rule

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Class Method Details

.invoke(method, _exception, properties, _object, args) ⇒ Object 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb', line 19

def invoke method, _exception, properties, _object, args
  return unless valid_input?(args)
  return if skip_analysis?

  # Get the ia for current rule:
  apply_classification(rule_name, Contrast::Agent::REQUEST_TRACKER.current)
  database = properties['database']
  operations = args[0]
  context = Contrast::Agent::REQUEST_TRACKER.current
  if operations.is_a?(Array)
    operations.each do |m|
      handle_operation(context, database, method, m)
    end
  else
    handle_operation(context, database, method, operations)
  end
end