Class: Contrast::Agent::RuleSet

Inherits:

Set

Object
Set
Contrast::Agent::RuleSet

show all

Includes:: Components::Logger::InstanceMethods

Defined in:: lib/contrast/components/rule_set.rb

Overview

This class is responsible for holding our ruleset and performing filtering operations on all rules when asked by the middleware.

Instance Method Summary collapse

#postfilter ⇒ Object

The filtering that needs occur after the application has acted on the request and the response has been created.
#prefilter ⇒ Object

The filtering that needs to happen before the application gets access to the request object.

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Instance Method Details

#postfilter ⇒ `Object`

The filtering that needs occur after the application has acted on the request and the response has been created. The main actions here are analyzing the response for unsafe state or actions.

Raises:

(Contrast::SecurityException) —

raises error if security exception is thrown in postfilter

# File 'lib/contrast/components/rule_set.rb', line 37

def postfilter
  context = Contrast::Agent::REQUEST_TRACKER.current
  return unless context&.analyze_response?

  logger.trace_with_time('Running postfilter...') do
    map { |rule| rule.postfilter(context) }
  end
rescue Contrast::SecurityException => e
  logger.warn('RASP threw security exception in postfilter', e)
  raise(e)
rescue StandardError => e
  logger.error('Unexpected exception during postfilter', e)
end

#prefilter ⇒ `Object`

The filtering that needs to happen before the application gets access to the request object. The main action here is snapshotting the request as provided to the application from the user before any application code has acted upon it. Additionally, this is where Protect will terminate requests on attack detection if set to block at perimeter