Class: Contrast::Agent::Protect::Rule::PathTraversalSemanticBypass

Inherits:

Base

• Object
• Base
• Contrast::Agent::Protect::Rule::PathTraversalSemanticBypass

Defined in:

lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb

Overview

The Ruby implementation of the Protect Path Traversal Semantic Bypass sub-rule. This rule should report the attack result

Constant Summary

NAME =

'path-traversal-semantic-file-security-bypass'

SYSTEM_PATHS =

%w[
  /proc/self
  etc/passwd
  etc/shadow
  etc/hosts
  etc/groups
  etc/gshadow
  ntuser.dat
  /Windows/win.ini
  /windows/system32/
  /windows/repair/
].cs__freeze

Constants inherited from Base

Base::BLOCKING_MODES, Base::RULE_NAME, Base::STACK_COLLECTION_RESULTS, Base::SUSPICIOUS_REPORTING_RULES

Constants included from Filters

Filters::POSTFILTER_MODES

Instance Attribute Summary

Attributes inherited from Base

#mode

Instance Method Summary

• #infilter(context, method, path) ⇒ Object

  Path traversal Semantic infilter: This rule does not have input classification.

• #rule_name ⇒ Object
• #sub_rules ⇒ Object

Methods inherited from Base

#append_to_activity, #block_message, #cef_logging, #classification, #classify, #enabled?, #excluded?, #initialize, #stream_safe?, #update

Methods included from Filters

#infilter?, #postfilter, #postfilter?, #prefilter, #prefilter?

Methods included from Builders

#build_attack_result, #build_attack_with_match, #build_attack_without_match, #build_base_sample, #build_violation

Methods included from Components::Scope::InstanceMethods

#contrast_enter_method_scopes!, #contrast_exit_method_scopes!, #with_app_scope, #with_contrast_scope, #with_deserialization_scope, #with_split_scope

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Constructor Details

This class inherits a constructor from Contrast::Agent::Protect::Rule::Base

Instance Method Details

#infilter(context, method, path) ⇒ Object

Path traversal Semantic infilter: This rule does not have input classification.

to BLOCK and valid cdmi is detected.

Parameters:

• context (Contrast::Agent::RequestContext) —

  current request contest

• method (String) —

  name of the method triggering the rule

• path (String) —

  potential dangerous path

Raises:

• (Contrast::SecurityException) —

  if the rule mode ise set

# File 'lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb', line 48

def infilter context, method, path
  return if protect_excluded_by_url?(rule_name)
  return unless rule_violated?(path)

  result = build_violation(context, path)
  return unless result

  append_to_activity(context, result)
  record_triggered(context)
  return unless blocked_violation?(result)

  result_rule_name = Contrast::Utils::StringUtils.transform_string(result.rule_id)
  exception_messasge = "#{ result_rule_name } rule triggered. Call to File.#{ method } blocked."
  raise(Contrast::SecurityException.new(self, exception_messasge))
end

#rule_name ⇒ Object

# File 'lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb', line 32

def rule_name
  NAME
end

#sub_rules ⇒ Object

# File 'lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb', line 36

def sub_rules
  Contrast::Utils::ObjectShare::EMPTY_ARRAY
end