Class: Contrast::Agent::Protect::Rule::Xxe

Inherits:

Base

• Object
• Base
• Contrast::Agent::Protect::Rule::Xxe

Includes:

Components::Logger::InstanceMethods

Defined in:

lib/contrast/agent/protect/rule/xxe/xxe.rb,
lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb

Overview

Implementation of the XXE Protect Rule used to evaluate XML calls for exploit of unsafe external entity resolution.

Defined Under Namespace

Classes: EntityWrapper

Constant Summary

INPUT_NAME =

'XML Prolog'

NAME =

'xxe'

BLOCK_MESSAGE =

'XXE rule triggered. Response blocked.'

EXTERNAL_ENTITY_PATTERN =

/<!ENTITY\s+[a-zA-Z0-f]+\s+(?:SYSTEM|PUBLIC)\s+(.*?)>/.cs__freeze

Constants inherited from Base

Base::BLOCKING_MODES, Base::RULE_NAME, Base::STACK_COLLECTION_RESULTS, Base::SUSPICIOUS_REPORTING_RULES

Constants included from Filters

Filters::POSTFILTER_MODES

Instance Attribute Summary

Attributes inherited from Base

#mode

Instance Method Summary

• #block_message ⇒ String

  Return the specific blocking message for this rule.

• #infilter(context, framework, xml) ⇒ Object

  Given an xml, evaluate it for an XXE attack.

• #rule_name ⇒ Object

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Methods inherited from Base

#append_to_activity, #cef_logging, #classification, #classify, #enabled?, #excluded?, #initialize, #stream_safe?, #sub_rules, #update

Methods included from Filters

#infilter?, #postfilter, #postfilter?, #prefilter, #prefilter?

Methods included from Builders

#build_attack_result, #build_attack_with_match, #build_attack_without_match, #build_base_sample, #build_violation

Methods included from Components::Scope::InstanceMethods

#contrast_enter_method_scopes!, #contrast_exit_method_scopes!, #with_app_scope, #with_contrast_scope, #with_deserialization_scope, #with_split_scope

Constructor Details

This class inherits a constructor from Contrast::Agent::Protect::Rule::Base

Instance Method Details

#block_message ⇒ String

Return the specific blocking message for this rule.

Returns:

• (String) —

  the reason for the raised security exception.

# File 'lib/contrast/agent/protect/rule/xxe/xxe.rb', line 32

def block_message
  BLOCK_MESSAGE
end

#infilter(context, framework, xml) ⇒ Object

Given an xml, evaluate it for an XXE attack. There’s no return here as this method handles appending the evaluation to the request context, connecting it to the reporting mechanism at request end.

Parameters:

• context (Contrast::Agent::RequestContext) —

  the context of the request in which this input is evaluated.

• framework (Object) —

  the name of the Parser being used.

• xml (Object) —

  the container of the XML to be checked.

Raises:

• (Contrast::SecurityException) —

  Security exception if an XXE attack is found and the rule is in block mode.

# File 'lib/contrast/agent/protect/rule/xxe/xxe.rb', line 46

def infilter context, framework, xml
  return if protect_excluded_by_url?(rule_name)

  result = find_attacker(context, xml, framework: framework)
  return unless result

  append_to_activity(context, result)
  record_triggered(context)
  return unless blocked_violation?(result)

  raise(Contrast::SecurityException.new(self, BLOCK_MESSAGE))
end

#rule_name ⇒ Object

# File 'lib/contrast/agent/protect/rule/xxe/xxe.rb', line 25

def rule_name
  NAME
end