Class: Contrast::Agent::Reporting::ApplicationDefendAttackerActivity

Inherits:
ReportableHash show all
Defined in:
lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb

Overview

This is the new AttackerActivity class which will includes the attacker information discovered during this activity period.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from ReportableHash

#event_json, #valid?

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Constructor Details

#initialize(ia_request: nil) ⇒ ApplicationDefendAttackerActivity

saved request.

Parameters:



29
30
31
32
33
34
35
36
37
 
# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb', line 29

def initialize ia_request: nil
  @protection_rules = {}
  if (req = ia_request || Contrast::Agent::REQUEST_TRACKER.current&.request)
    @source_ip = req.ip || Contrast::Utils::ObjectShare::EMPTY_STRING
    @source_forwarded_for = req.headers['X-Forwarded-For']
  end
  @event_type = :application_defend_attacker_activity
  super()
end

Instance Attribute Details

#protection_rulesHash<String,Contrast::Agent::Reporting::ApplicationDefendAttackActivity>

Returns map of rule-id to violated samples for that rule.

Returns:



19
20
21
 
# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb', line 19

def protection_rules
  @protection_rules
end

#source_forwarded_forString? (readonly)

Returns the X-Forwarded-For Header of the request from which the attack originated; used to identify unique attackers.

Returns:

  • (String, nil)

    the X-Forwarded-For Header of the request from which the attack originated; used to identify unique attackers



25
26
27
 
# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb', line 25

def source_forwarded_for
  @source_forwarded_for
end

#source_ipString? (readonly)

Returns the IP address of the request from which the attack originated; used to identify unique attackers.

Returns:

  • (String, nil)

    the IP address of the request from which the attack originated; used to identify unique attackers



22
23
24
 
# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb', line 22

def source_ip
  @source_ip
end

Instance Method Details

#attach_data(attack_result) ⇒ Object

Parameters:



61
62
63
64
65
66
 
# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb', line 61

def attach_data attack_result
  @protection_rules[attack_result.rule_id] = Contrast::Agent::Reporting::ApplicationDefendAttackActivity.new.
      tap do |activity|
    activity.attach_data(attack_result)
  end
end

#process_protection_rulesObject 



68
69
70
71
72
73
74
 
# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb', line 68

def process_protection_rules
  hsh = {}
  @protection_rules.each_pair do |rule_id, attack_activity|
    hsh[rule_id] = attack_activity.to_controlled_hash
  end
  hsh
end

#to_controlled_hashObject 



39
40
41
42
43
44
45
46
47
48
 
# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb', line 39

def to_controlled_hash
  validate
  {
      protectionRules: process_protection_rules,
      source: {
          ip: source_ip,
          xForwardedFor: source_forwarded_for
      }
  }
end

#validateObject 



50
51
52
53
54
55
56
57
58
 
# File 'lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb', line 50

def validate
  if Contrast::Utils::DuckUtils.empty_duck?(protection_rules) # rubocop:disable Style/GuardClause
    raise(ArgumentError, 'Protection Rules are not presented')
  elsif Contrast::Utils::DuckUtils.empty_duck?(source_ip)
    raise(ArgumentError, 'Source  is not presented')
  end

  nil
end