Module: Contrast::Agent::Protect::InputAnalyzer

Extended by:: Reporting::InputType, Reporting::ScoreLevel, Components::Logger::InstanceMethods, Utils::ObjectShare

Defined in:: lib/contrast/agent/protect/input_analyzer/input_analyzer.rb

Overview

InputAnalyzer will extract input form current request context and will analyze it. This will be used in for the SQLI and CMDI worth_watching_v2 implementations.

Constant Summary collapse

DISPOSITION_NAME =

'name'

DISPOSITION_FILENAME =

'filename'

PREFILTER_RULES =

%w[bot-blocker unsafe-file-upload reflected-xss].cs__freeze

INFILTER_RULES =

%w[
  sql-injection cmd-injection bot-blocker unsafe-file-upload path-traversal
  nosql-injection
].cs__freeze

POSTFILTER_RULES =

%w[sql-injection cmd-injection path-traversal nosql-injection].cs__freeze

AGENTLIB_TIMEOUT =

5.cs__freeze

TIMEOUT_ERROR_MESSAGE =

'[AgentLib] Timed out when processing InputAnalysisResult'

STANDARD_ERROR_MESSAGE =

'[InputAnalyzer] Exception raise while doing input analysis:'

Constants included from Utils::ObjectShare

Constants included from Reporting::ScoreLevel

Reporting::ScoreLevel::DEFINITEATTACK, Reporting::ScoreLevel::IGNORE, Reporting::ScoreLevel::WORTHWATCHING

Constants included from Reporting::InputType

Class Method Summary collapse

.analyse(request) ⇒ Object

This method with analyze the user input from the context of the current request and return new ia with extracted input types.
.base64_statistic ⇒ Object

Input decoding statistic.
.extract_inputs(request) ⇒ Object

Extract the inputs from the request context and label them with Protect input type tags.
.input_classification(input_analysis, prefilter: false, postfilter: false, interval: AGENTLIB_TIMEOUT) ⇒ Object

classify input by array of rules.
.input_classification_for(rule_id, input_analysis, interval: AGENTLIB_TIMEOUT) ⇒ Object

classify input by rule.
.lru_cache ⇒ Contrast::Agent::Protect::Rule::InputClassification::LRUCache

Cache for storing the input analysis result per rule.

Class Method Details

.analyse(request) ⇒ `Object`

This method with analyze the user input from the context of the current request and return new ia with extracted input types.

Parameters:

request (Contrast::Agent::Request) —

current request context.

# File 'lib/contrast/agent/protect/input_analyzer/input_analyzer.rb', line 68

def analyse request
  return unless Contrast::PROTECT.enabled?
  return if request.nil?

  inputs = extract_inputs(request)
  return unless inputs

  input_analysis = Contrast::Agent::Reporting::InputAnalysis.new
  input_analysis.request = request
  # Save those for trigger time
  input_analysis.inputs = inputs
  input_analysis
end

.base64_statistic ⇒ `Object`

Input decoding statistic.



59
60
61

# File 'lib/contrast/agent/protect/input_analyzer/input_analyzer.rb', line 59

def base64_statistic
  @_base64_statistic ||= Contrast::Agent::Protect::Rule::InputClassification::Base64Statistic.new
end

.extract_inputs(request) ⇒ `Object`

Extract the inputs from the request context and label them with Protect input type tags. Each tag will contain one or more user inputs.

This methods is to be expanded and modified as needed by other Protect rules and sub-rules for their requirements.

Parameters:

request (Contrast::Agent::Request) —

current request context.

# File 'lib/contrast/agent/protect/input_analyzer/input_analyzer.rb', line 90

def extract_inputs request
  inputs = {}
  extract_request_inputs(inputs, request)
  extract_multipart(inputs, request)
  inputs.compact!
  inputs
end

.input_classification(input_analysis, prefilter: false, postfilter: false, interval: AGENTLIB_TIMEOUT) ⇒ `Object`

classify input by array of rules. There is a timeout for the AgentLib analysis if not set it will use the default 5s.

Parameters:

input_analysis (Contrast::Agent::Reporting::InputAnalysis) —

Here we will keep all the results for each protect rule.
prefilter (Boolean) (defaults to: false) —

flag to set input analysis for prefilter rules only
postfilter (Boolean) (defaults to: false) —

flag to set input analysis for postfilter rules.
interval (Integer) (defaults to: AGENTLIB_TIMEOUT) —

The timeout determined for the AgentLib analysis to be performed

Raises:

(Timeout::Error) —

If timeout is met.

# File 'lib/contrast/agent/protect/input_analyzer/input_analyzer.rb', line 138

def input_classification(input_analysis,
                         prefilter: false,
                         postfilter: false,
                         interval: AGENTLIB_TIMEOUT)
  return unless input_analysis

  rules = if prefilter
            PREFILTER_RULES
          elsif postfilter
            POSTFILTER_RULES
          else
            INFILTER_RULES
          end

  rules.each { |rule_id| input_classification_for(rule_id, input_analysis, interval: interval) }
  input_analysis
end

.input_classification_for(rule_id, input_analysis, interval: AGENTLIB_TIMEOUT) ⇒ `Object`

classify input by rule

Parameters:

rule_id (String) —

name of the rule.
input_analysis (Contrast::Agent::Reporting::InputAnalysis) —

from analyze method.
interval (Integer) (defaults to: AGENTLIB_TIMEOUT) —

The timeout determined for the AgentLib analysis to be performed.

# File 'lib/contrast/agent/protect/input_analyzer/input_analyzer.rb', line 103

def input_classification_for rule_id, input_analysis, interval: AGENTLIB_TIMEOUT
  return if input_analysis.analysed_rules.include?(rule_id)
  return if input_analysis.no_inputs?
  return unless (protect_rule = Contrast::PROTECT.rule(rule_id)) && protect_rule.enabled?

  input_analysis.inputs.each do |input_type, value|
    value = handle_header(input_type, value)
    next if Contrast::Utils::DuckUtils.empty_duck?(value)

    # Traverse only the Header values:
    Timeout.timeout(interval) do
      protect_rule.classification.classify(rule_id, input_type, value, input_analysis)
    end
  end

  input_analysis
rescue StandardError => e
  if e.cs__class == Timeout::Error
    log_error(rule_id, TIMEOUT_ERROR_MESSAGE, e)
  else
    log_error(rule_id, STANDARD_ERROR_MESSAGE, e, level: :error)
  end
  nil
end

.lru_cache ⇒ `Contrast::Agent::Protect::Rule::InputClassification::LRUCache`

Cache for storing the input analysis result per rule

Returns:

(Contrast::Agent::Protect::Rule::InputClassification::LRUCache)



54
55
56

# File 'lib/contrast/agent/protect/input_analyzer/input_analyzer.rb', line 54

def lru_cache
  @_lru_cache ||= Contrast::Agent::Protect::Rule::InputClassification::LRUCache.new
end

Module: Contrast::Agent::Protect::InputAnalyzer

Overview

Constant Summary collapse

Constants included from Utils::ObjectShare

Constants included from Reporting::ScoreLevel

Constants included from Reporting::InputType

Class Method Summary collapse

Methods included from Components::Logger::InstanceMethods

Methods included from Reporting::ScoreLevel

Methods included from Reporting::InputType

Class Method Details

.analyse(request) ⇒ Object

.base64_statistic ⇒ Object

.extract_inputs(request) ⇒ Object

.input_classification(input_analysis, prefilter: false, postfilter: false, interval: AGENTLIB_TIMEOUT) ⇒ Object

.input_classification_for(rule_id, input_analysis, interval: AGENTLIB_TIMEOUT) ⇒ Object

.lru_cache ⇒ Contrast::Agent::Protect::Rule::InputClassification::LRUCache

.analyse(request) ⇒ `Object`

.base64_statistic ⇒ `Object`

.extract_inputs(request) ⇒ `Object`

.input_classification(input_analysis, prefilter: false, postfilter: false, interval: AGENTLIB_TIMEOUT) ⇒ `Object`

.input_classification_for(rule_id, input_analysis, interval: AGENTLIB_TIMEOUT) ⇒ `Object`

.lru_cache ⇒ `Contrast::Agent::Protect::Rule::InputClassification::LRUCache`