Module: Contrast::Agent::Protect::Rule::NoSqliInputClassification

Extended by:

InputClassification::Base

Defined in:

lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb

Overview

This module will do the Input Classification stage of NoSQLI rule as a result input would be marked as WORTHWATCHING or IGNORE, to be analyzed at the sink level.

Constant Summary

NOSQL_COMMENT_REGEXP =

%r{"\s*(?:<--|//)}.cs__freeze

NOSQL_OR_REGEXP =

/(?=(\s+\|\|\s+))/.cs__freeze

NOSQL_COMMENTS_AFTER_REGEXP =

%r{(?:<--|//)}.cs__freeze

ZERO_OR_MORE_SPACES_REGEXP =

/\s*/.cs__freeze

QUOTE_REGEXP =

/['"’‘]/.cs__freeze

NUMBERS_AND_LETTERS_REGEXP =

/[[:alnum:]]+/.cs__freeze

COMPARISON_REGEXP =

/(?:==|>=|<=|>|<|)/.cs__freeze

NOSQL_QUOTED_REGEXP =

/
  #{ ZERO_OR_MORE_SPACES_REGEXP }
  #{ QUOTE_REGEXP }
  #{ NUMBERS_AND_LETTERS_REGEXP }
  #{ QUOTE_REGEXP }
  #{ ZERO_OR_MORE_SPACES_REGEXP }
  #{ COMPARISON_REGEXP }
  #{ ZERO_OR_MORE_SPACES_REGEXP }
  #{ QUOTE_REGEXP }
  #{ NUMBERS_AND_LETTERS_REGEXP }
  #{ QUOTE_REGEXP }
/x.cs__freeze

NOSQL_NUMERIC_REGEXP =

/
  #{ ZERO_OR_MORE_SPACES_REGEXP }
  #{ NUMBERS_AND_LETTERS_REGEXP }
  #{ ZERO_OR_MORE_SPACES_REGEXP }
  #{ COMPARISON_REGEXP }
  #{ ZERO_OR_MORE_SPACES_REGEXP }
  #{ NUMBERS_AND_LETTERS_REGEXP }
/x.cs__freeze

NOSQL_DEFINITE_THRESHOLD =

3

NOSQL_WORTH_WATCHING_THRESHOLD =

1

NOSQL_CONFIDENCE_THRESHOLD =

3

MAX_DISTANCE =

10

DEFAULT_RULE_DEFINITIONS =

[
  {
      keywords: [],
      name: 'nosql-injection',
      patterns: [
        {
            caseSensitive: false,
            id: 'NO-SQLI-1',
            score: 1,
            value: '(?:\\{\\s*\".*\"\\s*:.*\\})'
        },
        {
            id: 'NO-SQLI-2',
            caseSensitive: true,
            score: 3,
            value: "(?:\"|')?\\$(?:gte|gt|lt|lte|eq|ne|in|nin|where|mod|all|size|exists|type|slice|or)(?:\"|')?\\s*:.*" # rubocop:disable Layout/LineLength
        }
      ]
  }
].cs__freeze

Constants included from InputClassification::Base

InputClassification::Base::BASE64_INPUT_TYPES, InputClassification::Base::KEYS_NEEDED, InputClassification::Base::UNKNOWN_KEY

Constants included from Reporting::InputType

Reporting::InputType::BODY, Reporting::InputType::COOKIE_NAME, Reporting::InputType::COOKIE_VALUE, Reporting::InputType::DWR_VALUE, Reporting::InputType::HEADER, Reporting::InputType::JSON_ARRAYED_VALUE, Reporting::InputType::JSON_VALUE, Reporting::InputType::METHOD, Reporting::InputType::MULTIPART_CONTENT_TYPE, Reporting::InputType::MULTIPART_FIELD_NAME, Reporting::InputType::MULTIPART_NAME, Reporting::InputType::MULTIPART_VALUE, Reporting::InputType::PARAMETER_NAME, Reporting::InputType::PARAMETER_VALUE, Reporting::InputType::QUERYSTRING, Reporting::InputType::REQUEST, Reporting::InputType::SOCKET, Reporting::InputType::UNDEFINED_TYPE, Reporting::InputType::UNKNOWN, Reporting::InputType::URI, Reporting::InputType::URL_PARAMETER, Reporting::InputType::XML_VALUE

Constants included from InputClassification::Encoding

InputClassification::Encoding::KNOWN_DECODING_EXCEPTIONS

Constants included from InputClassification::Extendable

InputClassification::Extendable::THRESHOLD, InputClassification::Extendable::WORTHWATCHING_THRESHOLD

Constants included from Reporting::ScoreLevel

Reporting::ScoreLevel::DEFINITEATTACK, Reporting::ScoreLevel::IGNORE, Reporting::ScoreLevel::WORTHWATCHING

Method Summary

Methods included from InputClassification::Base

add_needed_key, classify, convert_input_type, find_key

Methods included from Reporting::InputType

to_a

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Methods included from InputClassification::Encoding

#cs__base64?, #cs__decode64

Methods included from InputClassification::Extendable

#build_ia_result, #build_input_eval, #new_ia_result

Methods included from Reporting::ScoreLevel

to_a