Module: Contrast::Agent::Protect::Rule::InputClassification::Base

Extended by:

Reporting::InputType, Components::Logger::InstanceMethods

Includes:

Encoding, Extendable, Components::Logger::InstanceMethods

Included in:

BotBlockerInputClassification, CmdiInputClassification, NoSqliInputClassification, PathTraversalInputClassification, ReflectedXssInputClassification, SqliInputClassification, UnsafeFileUploadInputClassification, WorthWatchingInputAnalyzer

Defined in:

lib/contrast/agent/protect/rule/input_classification/base.rb

Overview

This module will include all the similar information for all input classifications between different rules

Constant Summary

UNKNOWN_KEY =

'unknown'

KEYS_NEEDED =

[
  COOKIE_VALUE, PARAMETER_VALUE, HEADER, JSON_VALUE, MULTIPART_VALUE, XML_VALUE, DWR_VALUE
].cs__freeze

BASE64_INPUT_TYPES =

[BODY, HEADER, COOKIE_VALUE, PARAMETER_VALUE, MULTIPART_VALUE, XML_VALUE].cs__freeze

Constants included from Reporting::InputType

Reporting::InputType::BODY, Reporting::InputType::COOKIE_NAME, Reporting::InputType::COOKIE_VALUE, Reporting::InputType::DWR_VALUE, Reporting::InputType::HEADER, Reporting::InputType::JSON_ARRAYED_VALUE, Reporting::InputType::JSON_VALUE, Reporting::InputType::METHOD, Reporting::InputType::MULTIPART_CONTENT_TYPE, Reporting::InputType::MULTIPART_FIELD_NAME, Reporting::InputType::MULTIPART_NAME, Reporting::InputType::MULTIPART_VALUE, Reporting::InputType::PARAMETER_NAME, Reporting::InputType::PARAMETER_VALUE, Reporting::InputType::QUERYSTRING, Reporting::InputType::REQUEST, Reporting::InputType::SOCKET, Reporting::InputType::UNDEFINED_TYPE, Reporting::InputType::UNKNOWN, Reporting::InputType::URI, Reporting::InputType::URL_PARAMETER, Reporting::InputType::XML_VALUE

Constants included from Encoding

Encoding::KNOWN_DECODING_EXCEPTIONS

Constants included from Extendable

Extendable::THRESHOLD, Extendable::WORTHWATCHING_THRESHOLD

Constants included from Reporting::ScoreLevel

Reporting::ScoreLevel::DEFINITEATTACK, Reporting::ScoreLevel::IGNORE, Reporting::ScoreLevel::WORTHWATCHING

Class Method Summary

• .convert_input_type(input_type) ⇒ Integer<Contrast::AgentLib::Interface::INPUT_SET>

  Some input types are not yet supported from the AgentLib.

• .find_key(request, input_type, value) ⇒ Array<(String, Contrast::Agent::Reporting::InputType)>

  Finds key value and type based on input type and value.

Instance Method Summary

• #add_needed_key(request, ia_result, input_type, value) ⇒ Object

  This methods checks if input is value that matches a key in the input.

• #classify(rule_id, input_type, value, input_analysis) ⇒ Object

  Input Classification stage is done to determine if an user input is DEFINITEATTACK or to be ignored.

Methods included from Reporting::InputType

to_a

Methods included from Components::Logger::InstanceMethods

cef_logger, logger

Methods included from Encoding

#cs__base64?, #cs__decode64

Methods included from Extendable

#build_ia_result, #build_input_eval, #new_ia_result

Methods included from Reporting::ScoreLevel

to_a

Class Method Details

.convert_input_type(input_type) ⇒ Integer<Contrast::AgentLib::Interface::INPUT_SET>

Some input types are not yet supported from the AgentLib. This will convert the type to the closet possible if viable, so that the input tracing could be done.

Parameters:

• input_type (Contrast::Agent::Reporting::InputType) —

  The type of the user input.

Returns:

• (Integer<Contrast::AgentLib::Interface::INPUT_SET>)

# File 'lib/contrast/agent/protect/rule/input_classification/base.rb', line 63

def convert_input_type input_type
  case input_type
  when URI, URL_PARAMETER
    Contrast::AGENT_LIB.input_set[:URI_PATH]
  when BODY, DWR_VALUE, SOCKET, UNDEFINED_TYPE, UNKNOWN, REQUEST, QUERYSTRING
    Contrast::AGENT_LIB.input_set[:PARAMETER_VALUE]
  when HEADER
    Contrast::AGENT_LIB.input_set[:HEADER_VALUE]
  when MULTIPART_VALUE, MULTIPART_FIELD_NAME
    Contrast::AGENT_LIB.input_set[:MULTIPART_NAME]
  when JSON_ARRAYED_VALUE
    Contrast::AGENT_LIB.input_set[:JSON_KEY]
  when PARAMETER_NAME
    Contrast::AGENT_LIB.input_set[:PARAMETER_KEY]
  else
    Contrast::AGENT_LIB.input_set[input_type]
  end
rescue StandardError => e
  logger.debug('[InputAnalyzer] Protect Input classification could not determine input type,
            falling back to default',
               error: e)
  Contrast::AGENT_LIB.input_set[:PARAMETER_VALUE]
end

.find_key(request, input_type, value) ⇒ Array<(String, Contrast::Agent::Reporting::InputType)>

Finds key value and type based on input type and value.

Parameters:

• request (Contrast::Agent::Request) —

  the current request context.

• input_type (Contrast::Agent::Reporting::InputType) —

  The type of the user input.

• value (String, Array<String>) —

  the value of the input.

Returns:

• (Array<(String, Contrast::Agent::Reporting::InputType)>) —

  key and key type.

# File 'lib/contrast/agent/protect/rule/input_classification/base.rb', line 38

def find_key request, input_type, value
  # TODO: RUBY-99999 Add handling for multipart, json and if any missing types.
  case input_type
  when COOKIE_VALUE
    [request.cookies.key(value), Contrast::Agent::Reporting::InputType::COOKIE_NAME]
  when PARAMETER_VALUE, URL_PARAMETER
    [request.parameters.key(value), Contrast::Agent::Reporting::InputType::PARAMETER_NAME]
  when HEADER
    [request.headers.key(value), Contrast::Agent::Reporting::InputType::HEADER]
  when UNKNOWN
    [UNKNOWN_KEY, Contrast::Agent::Reporting::InputType::UNKNOWN]
  else
    [nil, nil]
  end
rescue StandardError => e
  logger.warn('[InputAnalyzer] Could not find proper key for input traced value', message: e)
  [nil, nil]
end

Instance Method Details

#add_needed_key(request, ia_result, input_type, value) ⇒ Object

This methods checks if input is value that matches a key in the input.

Parameters:

• request (Contrast::Agent::Request) —

  the current request context.

• ia_result (Contrast::Agent::Reporting::InputAnalysisResult) —

  result to be updated.

• input_type (Contrast::Agent::Reporting::InputType) —

  The type of the user input.

• value (String, Array<String>) —

  the value of the input.

# File 'lib/contrast/agent/protect/rule/input_classification/base.rb', line 126

def add_needed_key request, ia_result, input_type, value
  ia_result.key, ia_result.key_type = Contrast::Agent::Protect::Rule::InputClassification::Base.
      find_key(request, input_type, value)
end

#classify(rule_id, input_type, value, input_analysis) ⇒ Object

Input Classification stage is done to determine if an user input is DEFINITEATTACK or to be ignored.

Parameters:

• rule_id (String) —

  Name of the protect rule.

• input_type (Symbol, Contrast::Agent::Reporting::InputType) —

  The type of the user input.

• value (String, Array<String>) —

  the value of the input.

• input_analysis (Contrast::Agent::Reporting::InputAnalysis) —

  Holds all the results from the agent analysis from the current Request.

# File 'lib/contrast/agent/protect/rule/input_classification/base.rb', line 98

def classify rule_id, input_type, value, input_analysis
  return unless (rule = Contrast::PROTECT.rule(rule_id))
  return unless rule.applicable_user_inputs.include?(input_type)
  return unless input_analysis.request

  Array(value).each do |val|
    Array(val).each do |v|
      next unless v

      result = create_new_input_result(input_analysis.request, rule.rule_name, input_type, v)
      append_result(input_analysis, result)
    end
  end

  input_analysis
rescue StandardError => e
  logger.debug("An Error was recorded in the input classification of the #{ rule_id }", error: e)
  nil
end