Module: Contrast::Agent::Protect::Rule::SqlSampleBuilder::SqliSample

Included in:: Contrast::Agent::Protect::Rule::Sqli

Defined in:: lib/contrast/agent/protect/rule/sqli/sql_sample_builder.rb

Overview

Generate a sample for the SQL injection detection rule, allowing for reporting to and rendering by TeamServer

Returns:

(Contrast::Agent::Reporting::RaspRuleSample) —

the sample from this attack

Instance Method Summary collapse

#build_sample(context, input_analysis_result, candidate_string, **kwargs) ⇒ Object

Instance Method Details

#build_sample(context, input_analysis_result, candidate_string, **kwargs) ⇒ `Object`

# File 'lib/contrast/agent/protect/rule/sqli/sql_sample_builder.rb', line 24

def build_sample context, input_analysis_result, candidate_string, **kwargs
  sqli_sample = build_base_sample(context, input_analysis_result)
  sqli_sample.details = Contrast::Agent::Reporting::Details::SqliDetails.new
  sqli_sample.details.query = Contrast::Utils::StringUtils.protobuf_safe_string(candidate_string)
  sqli_sample.details.start_idx = kwargs[:start_idx]
  sqli_sample.details.end_idx = kwargs[:end_idx]
  sqli_sample.details.boundary_overrun_idx = kwargs[:boundary_overrun_idx].to_i
  sqli_sample.details.input_boundary_idx = kwargs[:input_boundary_idx].to_i
  sqli_sample
end

Module: Contrast::Agent::Protect::Rule::SqlSampleBuilder::SqliSample

Overview

Instance Method Summary collapse

Instance Method Details

#build_sample(context, input_analysis_result, candidate_string, **kwargs) ⇒ Object

#build_sample(context, input_analysis_result, candidate_string, **kwargs) ⇒ `Object`