Class: Contrast::Agent::Protect::Rule::DefaultScanner Deprecated

Inherits:

Object

Object
Contrast::Agent::Protect::Rule::DefaultScanner

show all

Defined in:: lib/contrast/agent/protect/rule/default_scanner.rb

Overview

Deprecated.

RUBY-356: this class and those that extend it are being phased out in favor of the more performant code in the Agent Library.

The base class used to determine if a user input crosses a token boundary or state, indicating a successful attack using SQL or NoSQL Injection.

Direct Known Subclasses

NoSqli::MongoNoSqlScanner, Sqli::DefaultSqlScanner

Constant Summary collapse

OPERATOR_PATTERN = rubocop:disable Style/ClassAndModuleChildren

%r{[+=*^/%><!-]}.cs__freeze

Instance Method Summary collapse

#crosses_boundary(query, index, input) ⇒ Array<Integer>^?

The boundary overrun by the input or nil if no overrun.

Instance Method Details

#crosses_boundary(query, index, input) ⇒ `Array<Integer>`^?

Returns the boundary overrun by the input or nil if no overrun.

Parameters:

query (String) —

the query being executed
index (Integer) —

the index of the input in the query
input (String) —

the input value provided by the user

Returns:

(Array<Integer>, nil) —

the boundary overrun by the input or nil if no overrun

# File 'lib/contrast/agent/protect/rule/default_scanner.rb', line 27

def crosses_boundary query, index, input
  last_boundary = 0
  scan_token_boundaries(query).each do |boundary|
    if boundary > index
      # We should report the previous and overrun boundary if the input crosses one.
      return last_boundary, boundary if boundary < (index + input.length)

      break
    end
    last_boundary = boundary
  end
  nil
end