Sha256: 03248badfa47b0004bbfd82391b42c5e2e4183d3c7c2b77a3ae3f6510ec77637
Contents?: true
Size: 1.4 KB
Versions: 7
Compression:
Stored size: 1.4 KB
Contents
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true
require 'contrast/agent/protect/rule/base_service'
require 'contrast/agent/protect/policy/applies_sqli_rule'
require 'contrast/agent/protect/rule/sql_sample_builder'
module Contrast
module Agent
module Protect
module Rule
# The Ruby implementation of the Protect SQL Injection rule.
class Sqli < Contrast::Agent::Protect::Rule::BaseService
# Generate a sample for the SQLI injection detection rule, allowing for reporting to and rendering
# by TeamServer
include SqlSampleBuilder::SqliSample
# Defining build_attack_with_match method
include SqlSampleBuilder::AttackBuilder
NAME = 'sql-injection'
BLOCK_MESSAGE = 'SQLi rule triggered. Response blocked.'
def rule_name
NAME
end
def block_message
BLOCK_MESSAGE
end
def infilter context, database, query_string
return unless infilter?(context)
result = find_attacker(context, query_string, database: database)
return unless result
append_to_activity(context, result)
raise Contrast::SecurityException.new(self, BLOCK_MESSAGE) if blocked?
end
end
end
end
end
end
Version data entries
7 entries across 7 versions & 1 rubygems