Class: Contrast::Agent::Assess::Rule::Response::BaseRule

Inherits:

Object

Object
Contrast::Agent::Assess::Rule::Response::BaseRule

show all

Defined in:: lib/contrast/agent/assess/rule/response/base_rule.rb

Overview

These rules check the content of the HTTP Response to determine if something was set incorrectly or insecurely in it.

Direct Known Subclasses

AutoComplete, HeaderRule, ParametersPollution

Constant Summary collapse

DATA =

'data'.cs__freeze

Instance Method Summary collapse

#analyze(response) ⇒ Object

Analyze a given application response to determine if it violates the rule.

Instance Method Details

#analyze(response) ⇒ `Object`

Analyze a given application response to determine if it violates the rule

TODO: RUBY-999999 either extract the response’s body or memoize it to some degree so that it’s not

generated on every call of this method

Parameters:

response (Contrast::Agent::Response) —

the response of the application

# File 'lib/contrast/agent/assess/rule/response/base_rule.rb', line 24

def analyze response
  return unless analyze_response?(response)

  violation = violated?(response)
  return unless violation

  finding = build_finding(violation)
  return unless finding

  preflight = Contrast::Agent::Reporting::BuildPreflight.generate(finding)
  return unless preflight

  Contrast::Agent::Reporting::ReportingStorage[preflight.messages[0].data] = finding
  Contrast::Agent.reporter&.send_event(preflight)
end