Class: Contrast::Agent::Protect::Rule::CmdiBackdoors

Inherits:
CmdiBaseRule show all
Defined in:
lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb

Overview

The Ruby implementation of the Protect Command Injection Command Backdoors sub-rule.

Constant Summary collapse

NAME = 
'cmd-injection-command-backdoors'
MATCHES = 
%w[/bin/bash-c /bin/sh-c sh-c bash-c].cs__freeze

Constants inherited from CmdiBaseRule

Contrast::Agent::Protect::Rule::CmdiBaseRule::APPLICABLE_USER_INPUTS, Contrast::Agent::Protect::Rule::CmdiBaseRule::CHAINED_COMMAND_CHARS

Constants included from Reporting::InputType

Reporting::InputType::BODY, Reporting::InputType::COOKIE_NAME, Reporting::InputType::COOKIE_VALUE, Reporting::InputType::DWR_VALUE, Reporting::InputType::HEADER, Reporting::InputType::JSON_ARRAYED_VALUE, Reporting::InputType::JSON_VALUE, Reporting::InputType::METHOD, Reporting::InputType::MULTIPART_CONTENT_TYPE, Reporting::InputType::MULTIPART_FIELD_NAME, Reporting::InputType::MULTIPART_NAME, Reporting::InputType::MULTIPART_VALUE, Reporting::InputType::PARAMETER_NAME, Reporting::InputType::PARAMETER_VALUE, Reporting::InputType::QUERYSTRING, Reporting::InputType::REQUEST, Reporting::InputType::SOCKET, Reporting::InputType::UNDEFINED_TYPE, Reporting::InputType::UNKNOWN, Reporting::InputType::URI, Reporting::InputType::URL_PARAMETER, Reporting::InputType::XML_VALUE

Constants inherited from Base

Base::BLOCKING_MODES, Base::RULE_NAME, Base::STACK_COLLECTION_RESULTS, Base::SUSPICIOUS_REPORTING_RULES

Constants included from Filters

Filters::POSTFILTER_MODES

Instance Attribute Summary

Attributes inherited from Base

#mode

Instance Method Summary collapse

Methods inherited from CmdiBaseRule

#build_attack_with_match, #classification

Methods included from Reporting::InputType

to_a

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Methods inherited from Base

#append_to_activity, #block_message, #cef_logging, #classification, #classify, #enabled?, #excluded?, #initialize, #stream_safe?, #update

Methods included from Filters

#infilter?, #postfilter, #postfilter?, #prefilter, #prefilter?

Methods included from Builders

#build_attack_result, #build_attack_with_match, #build_attack_without_match, #build_base_sample, #build_sample, #build_violation

Methods included from Components::Scope::InstanceMethods

#contrast_enter_method_scopes!, #contrast_exit_method_scopes!, #with_app_scope, #with_contrast_scope, #with_deserialization_scope, #with_split_scope

Constructor Details

This class inherits a constructor from Contrast::Agent::Protect::Rule::Base

Instance Method Details

#infilter(context, classname, method, command) ⇒ Object

CMDI Backdoors infilter: This rule does not have input classification. If a value matches the CMDI applicable input types and it’s length is > 2 we can check if it’s used as command backdoors.

to BLOCK and valid cdmi is detected.

Parameters:

Raises:



39
40
41
42
43
44
45
46
47
48
 
# File 'lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb', line 39

def infilter context, classname, method, command
  return if protect_excluded_by_url?(rule_name)
  return unless backdoors_match?(command)
  return unless (result = build_attack_with_match(context, nil, nil, command,
                                                  **{ classname: classname, method: method }))

  append_to_activity(context, result)
  record_triggered(context)
  raise_error(classname, method) if blocked_violation?(result)
end

#rule_nameObject 



20
21
22
 
# File 'lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb', line 20

def rule_name
  NAME
end

#sub_rulesObject 



24
25
26
 
# File 'lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb', line 24

def sub_rules
  Contrast::Utils::ObjectShare::EMPTY_ARRAY
end