Class: Contrast::Agent::Assess::Policy::Trigger::Xpath

Inherits:

Object
Contrast::Agent::Assess::Policy::Trigger::Xpath

Defined in:: lib/contrast/agent/assess/policy/trigger/xpath.rb

Overview

This acts a trigger to handle the special cases of the XPath library gem and the Oga gem. Untrusted data may come into the trigger methods from these classes as an array or hash, respectively. Since untrusted user input comes into these triggers as a splat argument or an options hash, we need to iterate through these objects to see if we were tracking on any of them and report a finding if so.

Class Method Summary collapse

.xpath_expression_trigger(trigger_node, _source, object, ret, *args) ⇒ Object

propagation event.
.xpath_oga_trigger(trigger_node, _source, object, ret, *args) ⇒ Object

propagation event.

Class Method Details

.xpath_expression_trigger(trigger_node, _source, object, ret, *args) ⇒ `Object`

propagation event.

Parameters:

trigger_node (Contrast::Agent::Assess::Policy::MethodPolicy) —

the node that governs this
_source (Object) —

the source of the propagation
object (Object) —

the object to which the source is being appended
args (Array<Object>) —

the arguments to the method
ret (Object) —

the return value of the method

Returns:

(Object) —

the return value of the method

# File 'lib/contrast/agent/assess/policy/trigger/xpath.rb', line 25

def xpath_expression_trigger trigger_node, _source, object, ret, *args
  return ret unless args

  process(trigger_node, object, ret, *args)
end

.xpath_oga_trigger(trigger_node, _source, object, ret, *args) ⇒ `Object`