Class: Contrast::Utils::Findings

Inherits:

Object

• Object
• Contrast::Utils::Findings

Includes:

Components::Logger::InstanceMethods

Defined in:

lib/contrast/utils/findings.rb

Overview

Utility for saving raw findings for later

Instance Method Summary

• #collect_finding(trigger_node, source, object, ret, *args) ⇒ Object

  Some rules requires response to be available before validating them correctly, so we check if trigger_node.rule_id is collectable and then save them for later report, when we have the response.

• #collection ⇒ Object
• #initialize ⇒ Findings constructor

  A new instance of Findings.

• #push(trigger_node, source, object, ret, *args) ⇒ Object
• #report_collected_findings ⇒ true^?

  Build and report all collected findings for the collectable rules.

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Constructor Details

#initialize ⇒ Findings

Returns a new instance of Findings.

# File 'lib/contrast/utils/findings.rb', line 12

def initialize
  @_collection = []
end

Instance Method Details

#collect_finding(trigger_node, source, object, ret, *args) ⇒ Object

Some rules requires response to be available before validating them correctly, so we check if trigger_node.rule_id is collectable and then save them for later report, when we have the response.

trigger event

Parameters:

• trigger_node (Contrast::Agent::Assess::Policy::TriggerNode) —

  the node to direct applying this

• source (Object) —

  the source of the Trigger Event

• object (Object) —

  the Object on which the method was invoked

• ret (Object) —

  the Return of the invoked method

• args (Array<Object>) —

  the Arguments with which the method was invoked

# File 'lib/contrast/utils/findings.rb', line 36

def collect_finding trigger_node, source, object, ret, *args
  push(trigger_node, source, object, ret, args)
  logger.trace('Finding collected', node_id: trigger_node.id,
                                    source_id: source.__id__,
                                    rule: trigger_node.rule_id)
end

#collection ⇒ Object

# File 'lib/contrast/utils/findings.rb', line 16

def collection
  @_collection ||= []
end

#push(trigger_node, source, object, ret, *args) ⇒ Object

# File 'lib/contrast/utils/findings.rb', line 20

def push trigger_node, source, object, ret, *args
  return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless trigger_node.collectable?

  @_collection << { trigger_node: trigger_node, source: source, object: object, ret: ret, args: args }
end

#report_collected_findings ⇒ true^?

Build and report all collected findings for the collectable rules.

We make sure the content-type is present before reporting, because some findings do require it for validation.

Returns:

• (true, nil)

# File 'lib/contrast/utils/findings.rb', line 49

def report_collected_findings
  return if @_collection.empty?
  return if Contrast::Agent::REQUEST_TRACKER.current&.response&.content_type.nil?

  while @_collection.any?
    finding = @_collection.pop
    collected = Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(finding[:trigger_node],
                                                                             finding[:source],
                                                                             finding[:object],
                                                                             finding[:ret],
                                                                             finding[:args])
    Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(collected) if collected
  end
  true
end