Class: Contrast::Agent::Protect::Rule::CmdInjection

Inherits:

CmdiBaseRule

• Object
• Base
• CmdiBaseRule
• Contrast::Agent::Protect::Rule::CmdInjection

Includes:

Reporting::InputType, Components::Logger::InstanceMethods

Defined in:

lib/contrast/agent/protect/rule/cmdi/cmd_injection.rb

Overview

The Ruby implementation of the Protect Command Injection rule.

Constant Summary

NAME =

'cmd-injection'

APPLICABLE_USER_INPUTS =

[
  BODY, COOKIE_VALUE, HEADER, PARAMETER_NAME,
  PARAMETER_VALUE, JSON_VALUE, MULTIPART_VALUE,
  MULTIPART_FIELD_NAME, XML_VALUE, DWR_VALUE
].cs__freeze

Constants included from Reporting::InputType

Reporting::InputType::BODY, Reporting::InputType::COOKIE_NAME, Reporting::InputType::COOKIE_VALUE, Reporting::InputType::DWR_VALUE, Reporting::InputType::HEADER, Reporting::InputType::JSON_ARRAYED_VALUE, Reporting::InputType::JSON_VALUE, Reporting::InputType::METHOD, Reporting::InputType::MULTIPART_CONTENT_TYPE, Reporting::InputType::MULTIPART_FIELD_NAME, Reporting::InputType::MULTIPART_NAME, Reporting::InputType::MULTIPART_VALUE, Reporting::InputType::PARAMETER_NAME, Reporting::InputType::PARAMETER_VALUE, Reporting::InputType::QUERYSTRING, Reporting::InputType::REQUEST, Reporting::InputType::SOCKET, Reporting::InputType::UNDEFINED_TYPE, Reporting::InputType::UNKNOWN, Reporting::InputType::URI, Reporting::InputType::URL_PARAMETER, Reporting::InputType::XML_VALUE

Constants inherited from CmdiBaseRule

Contrast::Agent::Protect::Rule::CmdiBaseRule::CHAINED_COMMAND_CHARS

Constants inherited from Base

Base::BLOCKING_MODES, Base::RULE_NAME, Base::STACK_COLLECTION_RESULTS, Base::SUSPICIOUS_REPORTING_RULES

Constants included from Filters

Filters::POSTFILTER_MODES

Instance Attribute Summary

Attributes inherited from Base

#mode

Instance Method Summary

• #applicable_user_inputs ⇒ Object
• #command_backdoors ⇒ Contrast::Agent::Protect::Rule::CmdiBackdoors
• #infilter(context, classname, method, command) ⇒ Object

  CMDI infilter:.

• #rule_name ⇒ Object
• #semantic_chained_commands ⇒ Contrast::Agent::Protect::Rule::CmdiChainedCommand
• #semantic_dangerous_paths ⇒ Object
• #sub_rules ⇒ Array

  Array of sub_rules:.

Methods included from Reporting::InputType

to_a

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Methods inherited from CmdiBaseRule

#build_attack_with_match, #classification

Methods inherited from Base

#append_to_activity, #block_message, #cef_logging, #classification, #classify, #enabled?, #excluded?, #initialize, #stream_safe?, #update

Methods included from Filters

#infilter?, #postfilter, #postfilter?, #prefilter, #prefilter?

Methods included from Builders

#build_attack_result, #build_attack_with_match, #build_attack_without_match, #build_base_sample, #build_sample, #build_violation

Methods included from Components::Scope::InstanceMethods

#contrast_enter_method_scopes!, #contrast_exit_method_scopes!, #with_app_scope, #with_contrast_scope, #with_deserialization_scope, #with_split_scope

Constructor Details

This class inherits a constructor from Contrast::Agent::Protect::Rule::Base

Instance Method Details

#applicable_user_inputs ⇒ Object

# File 'lib/contrast/agent/protect/rule/cmdi/cmd_injection.rb', line 57

def applicable_user_inputs
  APPLICABLE_USER_INPUTS
end

#command_backdoors ⇒ Contrast::Agent::Protect::Rule::CmdiBackdoors

Returns:

• (Contrast::Agent::Protect::Rule::CmdiBackdoors)

# File 'lib/contrast/agent/protect/rule/cmdi/cmd_injection.rb', line 37

def command_backdoors
  @_command_backdoors ||= Contrast::Agent::Protect::Rule::CmdiBackdoors.new
end

#infilter(context, classname, method, command) ⇒ Object

CMDI infilter:

to BLOCK and valid cdmi is detected.

Parameters:

• context (Contrast::Agent::RequestContext) —

  current request context

• classname (String) —

  Name of the class

• method (String) —

  name of the method triggering the rule

• command (String) —

  potential dangerous command executed.

Raises:

• (Contrast::SecurityException) —

  if the rule mode is set

# File 'lib/contrast/agent/protect/rule/cmdi/cmd_injection.rb', line 69

def infilter context, classname, method, command
  return unless infilter?(context)

  ia_results = gather_ia_results(context)
  return if ia_results.empty?

  if ::Contrast::APP_CONTEXT.in_new_process?
    logger.trace('Running cmd-injection infilter within new process - creating new context')
    context = Contrast::Agent::RequestContext.new(context.request.rack_request)
    Contrast::Agent::REQUEST_TRACKER.update_current_context(context)
  end

  result = find_attacker_with_results(context, command, ia_results,
                                      **{ classname: classname, method: method })
  result ||= report_command_execution(context, command, **{ classname: classname, method: method })
  return unless result

  append_to_activity(context, result)
  record_triggered(context)
  # Raise cmdi error
  raise_error(classname, method) if blocked_violation?(result)
end

#rule_name ⇒ Object

# File 'lib/contrast/agent/protect/rule/cmdi/cmd_injection.rb', line 30

def rule_name
  NAME
end

#semantic_chained_commands ⇒ Contrast::Agent::Protect::Rule::CmdiChainedCommand

Returns:

• (Contrast::Agent::Protect::Rule::CmdiChainedCommand)

# File 'lib/contrast/agent/protect/rule/cmdi/cmd_injection.rb', line 42

def semantic_chained_commands
  @_semantic_chained_commands ||= Contrast::Agent::Protect::Rule::CmdiChainedCommand.new
end

#semantic_dangerous_paths ⇒ Object

# File 'lib/contrast/agent/protect/rule/cmdi/cmd_injection.rb', line 46

def semantic_dangerous_paths
  @_semantic_dangerous_paths ||= Contrast::Agent::Protect::Rule::CmdiDangerousPath.new
end

#sub_rules ⇒ Array

Array of sub_rules:

Returns:

• (Array)

# File 'lib/contrast/agent/protect/rule/cmdi/cmd_injection.rb', line 53

def sub_rules
  @_sub_rules ||= [command_backdoors, semantic_chained_commands, semantic_dangerous_paths].cs__freeze
end