Module: Contrast::Agent::Protect::Policy::RuleApplicator

Includes:

Components::Logger::InstanceMethods

Included in:

AppliesCommandInjectionRule, AppliesDeserializationRule, AppliesNoSqliRule, AppliesPathTraversalRule, AppliesSqliRule, AppliesXxeRule

Defined in:

lib/contrast/agent/protect/policy/rule_applicator.rb

Overview

This Module is the base of our Protect Applicators. It lays out the form of the Applicator, which will override specific implementations in order to properly invoke its Rule.

Instance Method Summary

• #apply_classification(rule_id, context) ⇒ Contrast::Agent::Reporting::InputAnalysis^?

  applies input_analysis for the invoked rule.

• #apply_rule(method, exception, properties, object, args) ⇒ Object

  Calls the actual invocation for this applicator, if required.

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Instance Method Details

#apply_classification(rule_id, context) ⇒ Contrast::Agent::Reporting::InputAnalysis^?

applies input_analysis for the invoked rule

Parameters:

• rule_id (String) —

  name of the rule

• context (Contrast::Agent::RequestContext) —

  current request contest

Returns:

• (Contrast::Agent::Reporting::InputAnalysis, nil)

# File 'lib/contrast/agent/protect/policy/rule_applicator.rb', line 53

def apply_classification rule_id, context
  return unless context
  return unless (ia = context.agent_input_analysis)

  Contrast::Agent::Protect::InputAnalyzer.input_classification_for(rule_id, ia)
  context.agent_input_analysis.record_analysed_rule(rule_id)
end

#apply_rule(method, exception, properties, object, args) ⇒ Object

Calls the actual invocation for this applicator, if required. Will attempt to transform the data as required prior to invocation and provides a common interface for those rules that have the same implementation regardless of the method patched.

For those methods with different transformations depending on the method instrumented, variations of this method, including an indication of for which instrumented method they apply, will exist.

Parameters:

• method (Symbol) —

  the name of the method for which this rule is invoked

• exception (Exception) —

  any exception raised; used for rules like Padding Oracle Attack (now defunct), which determine if the number and type of exceptions are an attack

• properties (Hash) —

  set of extra information provided by the applicator in an attempt to build a better story for the user

• object (Object) —

  the thing on which the triggering method was invoked

• args (Array<Object>) —

  the arguments passed to the triggering method at invocation

Raises:

• (Contrast::SecurityException) —

  on block, will pass the exception from the rule

# File 'lib/contrast/agent/protect/policy/rule_applicator.rb', line 39

def apply_rule method, exception, properties, object, args
  invoke(method, exception, properties, object, args)
rescue Contrast::SecurityException => e
  raise(e)
rescue StandardError => e
  logger.error('Error applying protect rule', e, module: object.cs__class.cs__name, method: method,
                                                 rule: rule_name)
end