Sha256: 0e29d1bdc7619fa9b62bcf5f9681eb505bbf3e349bc4d9d7c9b2d6d2a8edfb22

Contents?: true

Size: 1.65 KB

Versions: 11

Compression:

Stored size: 1.65 KB

Contents

# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/agent/protect/rule/sqli'
require 'contrast/agent/protect/policy/rule_applicator'

module Contrast
  module Agent
    module Protect
      module Policy
        # This Module is how we apply the SQL Injection rule. It is called from
        # our patches of the targeted methods in which the execution of String
        # based SQL queries occur. It is responsible for deciding if the infilter
        # methods of the rule should be invoked.
        class AppliesSqliRule
          extend Contrast::Agent::Protect::Policy::RuleApplicator

          DATABASE_MYSQL =    'MySQL'
          DATABASE_SQLITE =   'SQLite3'
          DATABASE_PG =       'PostgreSQL'

          class << self
            def invoke _method, _exception, properties, _object, args
              database = properties['database']
              return unless database

              index = properties[Contrast::Utils::ObjectShare::INDEX]
              return unless valid_input?(index, args)
              return if skip_analysis?

              sql = args[index]
              rule.infilter(Contrast::Agent::REQUEST_TRACKER.current, database, sql)
            end

            protected

            def name
              Contrast::Agent::Protect::Rule::Sqli::NAME
            end

            private

            def valid_input? index, args
              return false unless args && args.length > index

              sql = args[index]
              sql && !sql.empty?
            end
          end
        end
      end
    end
  end
end

Version data entries

11 entries across 11 versions & 1 rubygems

Version Path
contrast-agent-4.4.1 lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-4.4.0 lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-4.3.2 lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-4.3.1 lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-4.3.0 lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-4.2.0 lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-4.1.0 lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-4.0.0 lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-3.16.0 lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-3.15.0 lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-3.14.0 lib/contrast/agent/protect/policy/applies_sqli_rule.rb