Module: Contrast::Agent::Protect::Rule::SqlSampleBuilder::NoSqliSample

Included in:: NoSqli

Defined in:: lib/contrast/agent/protect/rule/sqli/sql_sample_builder.rb

Overview

Generate a sample for the No-SQL injection detection rule, allowing for reporting to and rendering by TeamServer

Returns:

(Contrast::Agent::Reporting::RaspRuleSample) —

the sample from this attack

Instance Method Summary collapse

#build_sample(context, input_analysis_result, candidate_string, **kwargs) ⇒ Object

Instance Method Details

#build_sample(context, input_analysis_result, candidate_string, **kwargs) ⇒ `Object`

# File 'lib/contrast/agent/protect/rule/sqli/sql_sample_builder.rb', line 47

def build_sample context, input_analysis_result, candidate_string, **kwargs
  no_sqli_sample = build_base_sample(context, input_analysis_result)
  no_sqli_sample.details = Contrast::Agent::Reporting::Details::NoSqliDetails.new
  no_sqli_sample.details.query = Contrast::Utils::StringUtils.protobuf_safe_string(candidate_string)
  no_sqli_sample.details.start_idx = kwargs[:start_idx].to_i
  no_sqli_sample.details.end_idx = kwargs[:end_idx].to_i
  no_sqli_sample.details.boundary_overrun_idx = kwargs[:boundary_overrun_idx].to_i
  no_sqli_sample.details.input_boundary_idx = kwargs[:input_boundary_idx].to_i
  no_sqli_sample
end

Module: Contrast::Agent::Protect::Rule::SqlSampleBuilder::NoSqliSample

Overview

Instance Method Summary collapse

Instance Method Details

#build_sample(context, input_analysis_result, candidate_string, **kwargs) ⇒ Object

#build_sample(context, input_analysis_result, candidate_string, **kwargs) ⇒ `Object`