Class: Contrast::Components::Protect::Interface

Inherits:
Object
  • Object
show all
Includes:
ComponentBase, Contrast::Config::BaseConfiguration
Defined in:
lib/contrast/components/protect.rb

Overview

A wrapper build around the Common Agent Configuration project to allow for access of the values contained in its parent_configuration_spec.yaml. Specifically, this allows for querying the state of the Protect product.

Constant Summary collapse

CANON_NAME = 
'protect'
CONFIG_VALUES = 
%w[enabled? normalize_base64?].cs__freeze
RULES = 
'rules'
MODE = 
'mode'

Constants included from Contrast::Config::BaseConfiguration

Contrast::Config::BaseConfiguration::AT_UNDERSCORE

Constants included from ComponentBase

ComponentBase::ENABLE

Constants included from Contrast::Config::Diagnostics::Tools

Contrast::Config::Diagnostics::Tools::CHECK

Constants included from Contrast::Config::Diagnostics::SingletonTools

Contrast::Config::Diagnostics::SingletonTools::API_CREDENTIALS, Contrast::Config::Diagnostics::SingletonTools::CONTRAST_MARK

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Contrast::Config::BaseConfiguration

#to_contrast_hash

Methods included from ComponentBase

#false?, #file_exists?, #stringify_array, #true?, #valid_cert?

Methods included from Contrast::Config::Diagnostics::Tools

#add_effective_config_values, #add_single_effective_value

Methods included from Contrast::Config::Diagnostics::SingletonTools

#flatten_settings, #to_config_values, #update_config, #value_to_s

Constructor Details

#initialize(hsh = {}) ⇒ Interface

Returns a new instance of Interface.



35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/contrast/components/protect.rb', line 35

def initialize hsh = {}
  @config_values = CONFIG_VALUES
  @canon_name = CANON_NAME
  return unless hsh

  @_exceptions = Contrast::Config::ExceptionConfiguration.new(hsh[:exceptions])
  @_rules = Contrast::Config::ProtectRulesConfiguration.new(hsh[:rules])
  @enable = hsh[:enable]
  @normalize_base64 = hsh[:normalize_base64]
  @agent_lib = hsh[:agent_lib]
end

Instance Attribute Details

#agent_libBoolean?

Returns:

  • (Boolean, nil) 


33
34
35
 
# File 'lib/contrast/components/protect.rb', line 33

def agent_lib
  @agent_lib
end

#canon_nameString (readonly)

Returns:



29
30
31
 
# File 'lib/contrast/components/protect.rb', line 29

def canon_name
  @canon_name
end

#config_valuesArray (readonly)

Returns:

  • (Array) 


31
32
33
 
# File 'lib/contrast/components/protect.rb', line 31

def config_values
  @config_values
end

#enableBoolean?

Returns:

  • (Boolean, nil) 


25
26
27
 
# File 'lib/contrast/components/protect.rb', line 25

def enable
  @enable
end

#normalize_base64Boolean?

Returns:

  • (Boolean, nil) 


27
28
29
 
# File 'lib/contrast/components/protect.rb', line 27

def normalize_base64
  @normalize_base64
end

Instance Method Details

#defend_rulesObject

Returns Protect array of all initialized protect rules.



101
102
103
 
# File 'lib/contrast/components/protect.rb', line 101

def defend_rules
  state.rules
end

#enabled?Boolean

Returns:

  • (Boolean) 


68
69
70
71
72
73
74
 
# File 'lib/contrast/components/protect.rb', line 68

def enabled?
  # config overrides if forcibly set
  return false if forcibly_disabled?
  return true  if forcibly_enabled?

  state.enabled?
end

#exceptionsContrast::Config::ExceptionConfiguration

Returns:



48
49
50
 
# File 'lib/contrast/components/protect.rb', line 48

def exceptions
  @_exceptions ||= Contrast::Config::ExceptionConfiguration.new
end

#exceptions=(new_exceptions) ⇒ Object 



64
65
66
 
# File 'lib/contrast/components/protect.rb', line 64

def exceptions= new_exceptions
  @_exceptions = new_exceptions
end

#forcibly_disabled?Boolean

Returns:

  • (Boolean) 


155
156
157
158
159
 
# File 'lib/contrast/components/protect.rb', line 155

def forcibly_disabled?
  return @_forcibly_disabled unless @_forcibly_disabled.nil?

  @_forcibly_disabled = false?(::Contrast::CONFIG.protect.enable)
end

#normalize_base64?Boolean

Check to determine if the base64 decoding is required for user inputs.

Returns:

  • (Boolean) 


77
78
79
80
81
 
# File 'lib/contrast/components/protect.rb', line 77

def normalize_base64?
  @normalize_base64 = Contrast::CONFIG.protect.normalize_base64 if @normalize_base64.nil?

  true?(@normalize_base64)
end

#report_any_command_execution?Boolean

Returns:

  • (Boolean) 


137
138
139
140
141
142
143
 
# File 'lib/contrast/components/protect.rb', line 137

def report_any_command_execution?
  if @_report_any_command_execution.nil?
    ctrl = rule_config[Contrast::Agent::Protect::Rule::CmdInjection::NAME]
    @_report_any_command_execution = ctrl && true?(ctrl.disable_system_commands)
  end
  @_report_any_command_execution
end

#report_custom_code_sysfile_access?Boolean

Returns:

  • (Boolean) 


145
146
147
148
149
150
151
152
153
 
# File 'lib/contrast/components/protect.rb', line 145

def report_custom_code_sysfile_access?
  if @_report_custom_code_sysfile_access.nil?
    name_changed = Contrast::Agent::Protect::Rule::PathTraversal::NAME.
        tr(Contrast::Utils::ObjectShare::DASH, Contrast::Utils::ObjectShare::UNDERSCORE)
    ctrl = rule_config[name_changed]
    @_report_custom_code_sysfile_access = ctrl && true?(ctrl.detect_custom_code_accessing_system_files)
  end
  @_report_custom_code_sysfile_access
end

#rule(name) ⇒ Contrast::Agent::Protect::Rule::Base

Name of the protect rule

Parameters:

Returns:



133
134
135
 
# File 'lib/contrast/components/protect.rb', line 133

def rule name
  state.rules[name]
end

#rule_configContrast::Config::ProtectRulesConfiguration

Current Configuration for the protect rules

Returns:



86
87
88
 
# File 'lib/contrast/components/protect.rb', line 86

def rule_config
  ::Contrast::CONFIG.protect.rules
end

#rule_mode(rule_id) ⇒ Object

The Contrast::CONFIG.protect.rules is object so we need to check it’s corresponding method call for each rule of interest. If there is no status available we search for any Settings available received form TS response.

Parameters:



112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
 
# File 'lib/contrast/components/protect.rb', line 112

def rule_mode rule_id
  str = rule_id.tr('-', '_')
  config_mode = Contrast::CONFIG.protect.rules[str]&.applicable_mode
  settings_mode = ::Contrast::SETTINGS.application_state.modes_by_id[rule_id]

  if config_mode
    update_config_for_rule(rule_id, config_mode)
    return config_mode
  end

  if settings_mode
    update_config_for_rule(rule_id, settings_mode, ui_source: true)
    return settings_mode
  end
  :NO_ACTION
end

#rulesContrast::Config::ProtectRulesConfiguration

Name is kept the same - rules to correspond to config, mapping. - protect.rules

Returns:



56
57
58
 
# File 'lib/contrast/components/protect.rb', line 56

def rules
  @_rules ||= Contrast::Config::ProtectRulesConfiguration.new
end

#rules=(new_rules) ⇒ Object 



60
61
62
 
# File 'lib/contrast/components/protect.rb', line 60

def rules= new_rules
  @_rules = new_rules
end

#stateContrast::Agent::Protect::State

Current Active Protect rules and the state/mode they are in.

Returns:



93
94
95
 
# File 'lib/contrast/components/protect.rb', line 93

def state
  @_state ||= Contrast::Agent::Protect::State.new
end

#to_effective_config(effective_config) ⇒ Object

Converts current configuration to effective config values class and appends them to EffectiveConfig class.

Parameters:



165
166
167
168
 
# File 'lib/contrast/components/protect.rb', line 165

def to_effective_config effective_config
  super
  protect_rules_to_effective_config(effective_config)
end