Class: Contrast::Agent::Protect::Rule::BotBlocker

Inherits:
Base
  • Object
show all
Includes:
Reporting::InputType, Components::Logger::InstanceMethods
Defined in:
lib/contrast/agent/protect/rule/bot_blocker/bot_blocker.rb

Overview

The Ruby implementation of the Protect BotBlocker rule.

Constant Summary collapse

NAME = 
'bot-blocker'
APPLICABLE_USER_INPUTS = 
[HEADER].cs__freeze
BLOCK_MESSAGE = 
'Bot Blocker rule triggered. Unsafe Bot blocked.'

Constants included from Reporting::InputType

Reporting::InputType::BODY, Reporting::InputType::COOKIE_NAME, Reporting::InputType::COOKIE_VALUE, Reporting::InputType::DWR_VALUE, Reporting::InputType::HEADER, Reporting::InputType::JSON_ARRAYED_VALUE, Reporting::InputType::JSON_VALUE, Reporting::InputType::METHOD, Reporting::InputType::MULTIPART_CONTENT_TYPE, Reporting::InputType::MULTIPART_FIELD_NAME, Reporting::InputType::MULTIPART_NAME, Reporting::InputType::MULTIPART_VALUE, Reporting::InputType::PARAMETER_NAME, Reporting::InputType::PARAMETER_VALUE, Reporting::InputType::QUERYSTRING, Reporting::InputType::REQUEST, Reporting::InputType::SOCKET, Reporting::InputType::UNDEFINED_TYPE, Reporting::InputType::UNKNOWN, Reporting::InputType::URI, Reporting::InputType::URL_PARAMETER, Reporting::InputType::XML_VALUE

Constants inherited from Base

Contrast::Agent::Protect::Rule::Base::BLOCKING_MODES, Contrast::Agent::Protect::Rule::Base::RULE_NAME, Contrast::Agent::Protect::Rule::Base::STACK_COLLECTION_RESULTS, Contrast::Agent::Protect::Rule::Base::SUSPICIOUS_REPORTING_RULES

Constants included from Filters

Filters::POSTFILTER_MODES

Instance Attribute Summary

Attributes inherited from Base

#mode

Instance Method Summary collapse

Methods included from Reporting::InputType

to_a

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Methods inherited from Base

#append_to_activity, #cef_logging, #classify, #enabled?, #excluded?, #initialize, #stream_safe?, #sub_rules, #update

Methods included from Filters

#infilter, #infilter?, #postfilter, #postfilter?, #prefilter?

Methods included from Builders

#build_attack_result, #build_attack_with_match, #build_attack_without_match, #build_base_sample, #build_violation

Methods included from Components::Scope::InstanceMethods

#contrast_enter_method_scopes!, #contrast_exit_method_scopes!, #with_app_scope, #with_contrast_scope, #with_deserialization_scope, #with_split_scope

Constructor Details

This class inherits a constructor from Contrast::Agent::Protect::Rule::Base

Instance Method Details

#applicable_user_inputsObject 



28
29
30
 
# File 'lib/contrast/agent/protect/rule/bot_blocker/bot_blocker.rb', line 28

def applicable_user_inputs
  APPLICABLE_USER_INPUTS
end

#block_messageString

Return the specific blocking message for this rule.

Returns:

  • (String)

    the reason for the raised security exception.



35
36
37
 
# File 'lib/contrast/agent/protect/rule/bot_blocker/bot_blocker.rb', line 35

def block_message
  BLOCK_MESSAGE
end

#build_sample(context, ia_result, _candidate_string, **_kwargs) ⇒ Contrast::Agent::Reporting::RaspRuleSample

Adding bot blocker details

Parameters:

Returns:



86
87
88
89
90
91
92
 
# File 'lib/contrast/agent/protect/rule/bot_blocker/bot_blocker.rb', line 86

def build_sample context, ia_result, _candidate_string, **_kwargs
  sample = build_base_sample(context, ia_result)
  sample.details = Contrast::Agent::Reporting::Details::BotBlockerDetails.new
  sample.details.bot = ia_result.value
  sample.details.user_agent = context&.request&.user_agent
  sample
end

#classificationmodule<Contrast::Agent::Protect::Rule::BotBlockerInputClassification>

Bot blocker input classification

Returns:



42
43
44
 
# File 'lib/contrast/agent/protect/rule/bot_blocker/bot_blocker.rb', line 42

def classification
  @_classification ||= Contrast::Agent::Protect::Rule::BotBlockerInputClassification.cs__freeze
end

#gather_ia_results(context) ⇒ Array<Contrast::Agent::Reporting::InputAnalysis>

Parameters:

Returns:



71
72
73
74
75
76
77
 
# File 'lib/contrast/agent/protect/rule/bot_blocker/bot_blocker.rb', line 71

def gather_ia_results context
  return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless context&.agent_input_analysis&.results

  context.agent_input_analysis.results.select do |ia_result|
    ia_result.rule_id == rule_name
  end
end

#prefilter(context) ⇒ Object

BotBlocker prefilter:

to BLOCK and valid bot is detected.

Parameters:

Raises:



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/contrast/agent/protect/rule/bot_blocker/bot_blocker.rb', line 51

def prefilter context
  return unless prefilter?(context)
  # We expect only one result per request since the user-agent Header is one.
  # And the IA analysis explicitly searches for the key match before starting
  # the analysis.
  return unless (ia_result = gather_ia_results(context)[0]) &&
      ia_result.score_level == Contrast::Agent::Reporting::ScoreLevel::DEFINITEATTACK

  result = build_attack_without_match(context, ia_result, nil)
  return unless result

  append_to_activity(context, result)
  record_triggered(context)
  # Raise BotBlocker error
  exception_message = "#{ rule_name } rule triggered. Unsafe Bot blocked."
  raise(Contrast::SecurityException.new(self, exception_message)) if blocked_violation?(result)
end

#rule_nameObject 



24
25
26
 
# File 'lib/contrast/agent/protect/rule/bot_blocker/bot_blocker.rb', line 24

def rule_name
  NAME
end