Class: Contrast::Agent::Assess::Policy::DynamicSourceFactory
- Extended by:
- Components::Logger::InstanceMethods
- Defined in:
- lib/contrast/agent/assess/policy/dynamic_source_factory.rb
Overview
This class is used to create dynamic source nodes & source nodes from a db model that receives untrusted data
Constant Summary collapse
- DB_SOURCE_TYPE =
'TAINTED_DATABASE'- WRITE_QUERY_TIME =
'writeDateTimeUtc'- WRITE_QUERY_URL =
'writeRequestUrl'- READ_TABLE =
'readTable'- READ_COLUMN =
'readColumn'
Class Method Summary collapse
-
.create_sources(klass, tainted_columns) ⇒ Object
Given a Class representing a table in a Database and a map of methods representing columns, generate sources for each method such that calls to that method will result in a Source Event.
Methods included from Components::Logger::InstanceMethods
Class Method Details
.create_sources(klass, tainted_columns) ⇒ Object
Given a Class representing a table in a Database and a map of methods representing columns, generate sources for each method such that calls to that method will result in a Source Event.
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/contrast/agent/assess/policy/dynamic_source_factory.rb', line 29 def create_sources klass, tainted_columns return unless Contrast::ASSESS.require_dynamic_sources? class_name = klass.cs__name instance_methods = klass.instance_methods instance_methods.concat(klass.private_instance_methods) current_context = Contrast::Agent::REQUEST_TRACKER.current current_request = current_context&.request tainted_columns.each_pair do |field, properties| next unless properties method_name = field.to_sym # Move on if we already know about this Dynamic Source next if Contrast::Agent::Assess::Policy::Policy.instance.find_source_node(class_name, method_name, true) dynamic_source_node = create_source_node(class_name, method_name, Set.new(properties.tag_keys), current_request) Contrast::Agent::Assess::Policy::Policy.instance.add_node(dynamic_source_node, :dynamic_source) method_policy = build_source_policy(method_name, dynamic_source_node) Contrast::Agent::Patching::Policy::Patcher.patch_method(klass, instance_methods, method_policy) end end |