Class: Contrast::Agent::Protect::State

Inherits:
Object
  • Object
show all
Includes:
Components::Logger::InstanceMethods
Defined in:
lib/contrast/agent/protect/state.rb

Overview

Master class for each protect rule. This class will hold all the rules references. Any access to the rules should be done through this class. and new rules should be added here. Each main rule should require and include and initialize it’s sub-rules.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Constructor Details

#initializeState

Initialize all the protect rules. This should be the one place to access each live rule reference.



49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/contrast/agent/protect/state.rb', line 49

def initialize
  @bot_blocker = Contrast::Agent::Protect::Rule::BotBlocker.new
  @cmd_injection = Contrast::Agent::Protect::Rule::CmdInjection.new
  @cmd_injection_command_backdoors = @cmd_injection.command_backdoors
  @cmd_injection_semantic_chained_commands = @cmd_injection.semantic_chained_commands
  @cmd_injection_semantic_dangerous_paths = @cmd_injection.semantic_dangerous_paths
  @untrusted_deserialization = Contrast::Agent::Protect::Rule::Deserialization.new
  @nosql_injection = Contrast::Agent::Protect::Rule::NoSqli.new
  @path_traversal = Contrast::Agent::Protect::Rule::PathTraversal.new
  @path_traversal_semantic_file_security_bypass = @path_traversal.semantic_file_security_bypass
  @sql_injection = Contrast::Agent::Protect::Rule::Sqli.new
  @sql_injection_semantic_dangerous_functions = @sql_injection.semantic_dangerous_functions
  @unsafe_file_upload = Contrast::Agent::Protect::Rule::UnsafeFileUpload.new
  @reflected_xss = Contrast::Agent::Protect::Rule::Xss.new
  @xxe = Contrast::Agent::Protect::Rule::Xxe.new
end

Instance Attribute Details

#bot_blockerContrast::Agent::Protect::Rule::BotBlocker (readonly)

Returns the bot blocker rule.

Returns:



19
20
21
 
# File 'lib/contrast/agent/protect/state.rb', line 19

def bot_blocker
  @bot_blocker
end

#cmd_injectionContrast::Agent::Protect::Rule::CmdInjection (readonly)

Returns the command injection rule.

Returns:



21
22
23
 
# File 'lib/contrast/agent/protect/state.rb', line 21

def cmd_injection
  @cmd_injection
end

#cmd_injection_command_backdoorsContrast::Agent::Protect::Rule::CmdiBackdoors (readonly)

Returns:



23
24
25
 
# File 'lib/contrast/agent/protect/state.rb', line 23

def cmd_injection_command_backdoors
  @cmd_injection_command_backdoors
end

#cmd_injection_semantic_chained_commandsContrast::Agent::Protect::Rule::CmdiChainedCommand (readonly)

Returns:



25
26
27
 
# File 'lib/contrast/agent/protect/state.rb', line 25

def cmd_injection_semantic_chained_commands
  @cmd_injection_semantic_chained_commands
end

#cmd_injection_semantic_dangerous_pathsContrast::Agent::Protect::Rule::CmdiDangerousPath (readonly)

Returns:



27
28
29
 
# File 'lib/contrast/agent/protect/state.rb', line 27

def cmd_injection_semantic_dangerous_paths
  @cmd_injection_semantic_dangerous_paths
end

#enabledboolean

Returns State dictated by local or server settings.

Returns:

  • (boolean)

    State dictated by local or server settings



17
18
19
 
# File 'lib/contrast/agent/protect/state.rb', line 17

def enabled
  @enabled
end

#nosql_injectionContrast::Agent::Protect::Rule::NoSqli (readonly)

Returns:



31
32
33
 
# File 'lib/contrast/agent/protect/state.rb', line 31

def nosql_injection
  @nosql_injection
end

#path_traversalContrast::Agent::Protect::Rule::PathTraversal (readonly)

Returns:



33
34
35
 
# File 'lib/contrast/agent/protect/state.rb', line 33

def path_traversal
  @path_traversal
end

#path_traversal_semantic_file_security_bypassContrast::Agent::Protect::Rule::PathTraversalSemanticBypass (readonly)

Returns:



35
36
37
 
# File 'lib/contrast/agent/protect/state.rb', line 35

def path_traversal_semantic_file_security_bypass
  @path_traversal_semantic_file_security_bypass
end

#reflected_xssContrast::Agent::Protect::Rule::Xss (readonly)

Returns the reflected xss rule.

Returns:



43
44
45
 
# File 'lib/contrast/agent/protect/state.rb', line 43

def reflected_xss
  @reflected_xss
end

#sql_injectionContrast::Agent::Protect::Rule::Sqli (readonly)

Returns:



37
38
39
 
# File 'lib/contrast/agent/protect/state.rb', line 37

def sql_injection
  @sql_injection
end

#sql_injection_semantic_dangerous_functionsContrast::Agent::Protect::Rule::SqliDangerousFunctions (readonly)

Returns:



39
40
41
 
# File 'lib/contrast/agent/protect/state.rb', line 39

def sql_injection_semantic_dangerous_functions
  @sql_injection_semantic_dangerous_functions
end

#unsafe_file_uploadContrast::Agent::Protect::Rule::UnsafeFileUpload (readonly)

Returns the unsafe file upload rule.

Returns:



41
42
43
 
# File 'lib/contrast/agent/protect/state.rb', line 41

def unsafe_file_upload
  @unsafe_file_upload
end

#untrusted_deserializationContrast::Agent::Protect::Rule::Deserialization (readonly)

Returns:



29
30
31
 
# File 'lib/contrast/agent/protect/state.rb', line 29

def untrusted_deserialization
  @untrusted_deserialization
end

#xxeContrast::Agent::Protect::Rule::Xxe (readonly)

Returns the xxe rule.

Returns:



45
46
47
 
# File 'lib/contrast/agent/protect/state.rb', line 45

def xxe
  @xxe
end

Instance Method Details

#[](rule_id) ⇒ Contrast::Agent::Protect::Rule::Base

Parameters:

Returns:



104
105
106
 
# File 'lib/contrast/agent/protect/state.rb', line 104

def [] rule_id
  rules[rule_id]
end

#enabled?Boolean

Check the local configurations first then the server settings.

Returns:

  • (Boolean) 


98
99
100
 
# File 'lib/contrast/agent/protect/state.rb', line 98

def enabled?
  Contrast::PROTECT.enable || Contrast::SETTINGS.protect_state.enabled
end

#rulesHash<String, Contrast::Agent::Protect::Rule::Base>

Return the Rules in Hash form {rule_id => rule_class }. This is used to traverse for each rule and update it’s settings. Also is the way a rule is retrieved given the ID is known.

Returns:



71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/contrast/agent/protect/state.rb', line 71

def rules
  @_rules ||= {
      @bot_blocker.rule_name => @bot_blocker,
      @cmd_injection.rule_name => @cmd_injection,
      @cmd_injection_command_backdoors.rule_name => @cmd_injection_command_backdoors,
      @cmd_injection_semantic_chained_commands.rule_name => @cmd_injection_semantic_chained_commands,
      @cmd_injection_semantic_dangerous_paths.rule_name => @cmd_injection_semantic_dangerous_paths,
      @untrusted_deserialization.rule_name => @untrusted_deserialization,
      @nosql_injection.rule_name => @nosql_injection,
      @path_traversal.rule_name => @path_traversal,
      @path_traversal_semantic_file_security_bypass.rule_name => @path_traversal_semantic_file_security_bypass,
      @sql_injection.rule_name => @sql_injection,
      @sql_injection_semantic_dangerous_functions.rule_name => @sql_injection_semantic_dangerous_functions,
      @unsafe_file_upload.rule_name => @unsafe_file_upload,
      @reflected_xss.rule_name => @reflected_xss,
      @xxe.rule_name => @xxe
  }
end

#updateObject

Update all settings from configuration.



91
92
93
94
95
 
# File 'lib/contrast/agent/protect/state.rb', line 91

def update
  rules.values.each(&:update)
  logger.info('Current rule settings:')
  rules.each { |k, v| logger.info('Protect Rule mode set', rule: k, mode: v.mode) }
end