Class: Contrast::Agent::Reporting::ApplicationDefendAttackActivity

Inherits:

ReportableHash

• Object
• ReportableHash
• Contrast::Agent::Reporting::ApplicationDefendAttackActivity

Defined in:

lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb

Overview

This is the new ApplicationDefendAttackActivity class which will include the attacks sent by the source.

Instance Attribute Summary

• #blocked ⇒ Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity
• #exploited ⇒ Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity
• #ineffective ⇒ Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity
• #response_type ⇒ Contrast::Agent::Reporting::ResponseType readonly

  Helper method to determine before hand the response type and iv needed for access.

• #suspicious ⇒ Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity

Instance Method Summary

• #attach_data(attack_result) ⇒ Contrast::Agent::Reporting::Defend::AttackSampleActivity
• #initialize ⇒ ApplicationDefendAttackActivity constructor

  A new instance of ApplicationDefendAttackActivity.

• #start_time ⇒ Object
• #to_controlled_hash ⇒ Object
• #validate(blocked_hash, exploited_hash, ineffective_hash, suspicious_hash) ⇒ Object

Methods inherited from ReportableHash

#event_json, #valid?

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Constructor Details

#initialize ⇒ ApplicationDefendAttackActivity

Returns a new instance of ApplicationDefendAttackActivity.

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb', line 26

def initialize
  @start_time = start_time
  super()
end

Instance Attribute Details

#blocked ⇒ Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity

Returns:

• (Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity)

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb', line 14

def blocked
  @blocked
end

#exploited ⇒ Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity

Returns:

• (Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity)

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb', line 16

def exploited
  @exploited
end

#ineffective ⇒ Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity

Returns:

• (Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity)

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb', line 18

def ineffective
  @ineffective
end

#response_type ⇒ Contrast::Agent::Reporting::ResponseType (readonly)

Helper method to determine before hand the response type and iv needed for access

Returns:

• (Contrast::Agent::Reporting::ResponseType)

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb', line 24

def response_type
  @response_type
end

#suspicious ⇒ Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity

Returns:

• (Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity)

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb', line 20

def suspicious
  @suspicious
end

Instance Method Details

#attach_data(attack_result) ⇒ Contrast::Agent::Reporting::Defend::AttackSampleActivity

Parameters:

• attack_result (Contrast::Agent::Reporting::AttackResult)

Returns:

• (Contrast::Agent::Reporting::Defend::AttackSampleActivity)

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb', line 55

def attach_data attack_result
  attack_sample_activity = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
  attack_sample_activity.attach_data(attack_result)
  @response_type = attack_result.response
  case response_type
  when ::Contrast::Agent::Reporting::ResponseType::BLOCKED,
      ::Contrast::Agent::Reporting::ResponseType::BLOCKED_AT_PERIMETER

    @blocked = attack_sample_activity
  when ::Contrast::Agent::Reporting::ResponseType::MONITORED
    @exploited = attack_sample_activity
  when ::Contrast::Agent::Reporting::ResponseType::PROBED
    @ineffective = attack_sample_activity
  when ::Contrast::Agent::Reporting::ResponseType::SUSPICIOUS
    @suspicious = attack_sample_activity
  end
end

#start_time ⇒ Object

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb', line 73

def start_time
  Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0
end

#to_controlled_hash ⇒ Object

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb', line 31

def to_controlled_hash
  blocked_hash = blocked&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH
  exploited_hash = exploited&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH
  ineffective_hash = ineffective&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH
  suspicious_hash = suspicious&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH
  validate(blocked_hash, exploited_hash, ineffective_hash, suspicious_hash)
  {
      startTime: @start_time,
      blocked: blocked_hash,
      exploited: exploited_hash,
      ineffective: ineffective_hash,
      suspicious: suspicious_hash
  }
end

#validate(blocked_hash, exploited_hash, ineffective_hash, suspicious_hash) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb', line 46

def validate blocked_hash, exploited_hash, ineffective_hash, suspicious_hash
  raise(ArgumentError, 'Start Time for is not presented') unless @start_time
  return unless [blocked_hash, exploited_hash, ineffective_hash, suspicious_hash].all?(&:empty?)

  raise(ArgumentError, 'At least one of the samples must be populated')
end