Class: Contrast::Agent::Reporting::ApplicationDefendActivity

Inherits:

ReportingEvent

• Object
• ReportableHash
• ReportingEvent
• Contrast::Agent::Reporting::ApplicationDefendActivity

Includes:

Components::Logger::InstanceMethods

Defined in:

lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb

Overview

This is the new ApplicationDefendActivity class which includes information about the defense of the application which was discovered during exercise of the application during this activity period.

Instance Attribute Summary

• #attackers ⇒ Array<Contrast::Agent::Reporting::ApplicationDefendAttackerActivity> readonly

Attributes inherited from ReportingEvent

#event_endpoint, #event_method

Instance Method Summary

• #attach_data(attack_result) ⇒ Object
• #attach_existing(existing_attacker_activity, attacker_activity, rule) ⇒ Object
• #find_existing_attacker_activity(new_attacker_activity) ⇒ Contrast::Agent::Reporting::ApplicationDefendAttackerActivity^?

  Find an existing attacker if it matches on source details.

• #initialize(ia_request: nil) ⇒ ApplicationDefendActivity constructor

  A new instance of ApplicationDefendActivity.

• #to_controlled_hash ⇒ Object
• #validate ⇒ Object

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Methods inherited from ReportingEvent

#attach_headers

Methods inherited from ReportableHash

#event_json, #valid?

Constructor Details

#initialize(ia_request: nil) ⇒ ApplicationDefendActivity

Returns a new instance of ApplicationDefendActivity.

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb', line 20

def initialize ia_request: nil
  @attackers = []
  @event_type = :application_defend_activity
  @request = ia_request
  super()
end

Instance Attribute Details

#attackers ⇒ Array<Contrast::Agent::Reporting::ApplicationDefendAttackerActivity> (readonly)

Returns:

• (Array<Contrast::Agent::Reporting::ApplicationDefendAttackerActivity>)

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb', line 18

def attackers
  @attackers
end

Instance Method Details

#attach_data(attack_result) ⇒ Object

Parameters:

• attack_result (Contrast::Agent::Reporting::AttackResult)

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb', line 41

def attach_data attack_result
  return unless attack_result&.cs__is_a?(Contrast::Agent::Reporting::AttackResult)
  return if attack_result&.empty?

  attacker_activity = Contrast::Agent::Reporting::ApplicationDefendAttackerActivity.new(ia_request: @request)
  attacker_activity.attach_data(attack_result)

  @existing_attacker_activity = true
  if (existing_attacker_activity = find_existing_attacker_activity(attacker_activity))
    attach_existing(existing_attacker_activity, attacker_activity, attack_result.rule_id)
  else
    attackers << attacker_activity
  end
end

#attach_existing(existing_attacker_activity, attacker_activity, rule) ⇒ Object

Parameters:

• existing_attacker_activity (Contrast::Agent::Reporting::ApplicationDefendAttackerActivity)
• attacker_activity (Contrast::Agent::Reporting::ApplicationDefendAttackerActivity)
• rule (String)

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb', line 69

def attach_existing existing_attacker_activity, attacker_activity, rule
  new_violation = attacker_activity.protection_rules[rule]
  return unless new_violation

  sample_activity = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity
  if (previously_violated = existing_attacker_activity.protection_rules[rule])
    if (new_blocked_samples = new_violation.blocked&.samples)&.any?
      previously_violated.blocked ||= sample_activity.new
      previously_violated.blocked.samples.concat(new_blocked_samples)
    end

    if (new_exploited_samples = new_violation.exploited&.samples)&.any?
      previously_violated.exploited ||= sample_activity.new
      previously_violated.exploited.samples.concat(new_exploited_samples)
    end

    if (new_ineffective_samples = new_violation.ineffective&.samples)&.any?
      previously_violated.ineffective ||= sample_activity.new
      previously_violated.ineffective.samples.concat(new_ineffective_samples)
    end

    if (new_suspicious_samples = new_violation.suspicious&.samples)&.any?
      previously_violated.suspicious ||= sample_activity.new
      previously_violated.suspicious.samples.concat(new_suspicious_samples)
    end
  else
    existing_attacker_activity.protection_rules[rule] = new_violation
  end
end

#find_existing_attacker_activity(new_attacker_activity) ⇒ Contrast::Agent::Reporting::ApplicationDefendAttackerActivity^?

Find an existing attacker if it matches on source details

Parameters:

• new_attacker_activity (Contrast::Agent::Reporting::ApplicationDefendAttackerActivity)

Returns:

• (Contrast::Agent::Reporting::ApplicationDefendAttackerActivity, nil)

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb', line 59

def find_existing_attacker_activity new_attacker_activity
  attackers.find do |existing|
    existing.source_forwarded_for == new_attacker_activity.source_forwarded_for &&
        existing.source_ip == new_attacker_activity.source_ip
  end
end

#to_controlled_hash ⇒ Object

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb', line 27

def to_controlled_hash
  validate
  {
      attackers: attackers.map(&:to_controlled_hash)
  }
end

#validate ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb', line 34

def validate
  return unless Contrast::Utils::DuckUtils.empty_duck?(attackers)

  raise(ArgumentError, 'Attackers data must be populated')
end