Sha256: 0ecd411dbe66d3c38e7fa83f73dcde3218bc2cc1c634a896ab7f9dd2cf80621b
Contents?: true
Size: 1.51 KB
Versions: 6
Compression:
Stored size: 1.51 KB
Contents
# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true
require 'contrast/agent/protect/rule/deserialization'
require 'contrast/agent/protect/policy/rule_applicator'
module Contrast
module Agent
module Protect
module Policy
# This Module is how we apply the Deserialization rule. It is called from
# our patches of the targeted methods in which deserialization occurs.
# It is responsible for deciding if the infilter methods of the rule
# should be invoked.
module AppliesDeserializationRule
extend Contrast::Agent::Protect::Policy::RuleApplicator
class << self
def invoke _method, _exception, _properties, _object, args
return unless valid_input?(args)
return if skip_analysis?
rule.infilter(Contrast::Agent::REQUEST_TRACKER.current, args[0])
end
def apply_deserialization_command_check command
return unless command
return if skip_analysis?
rule.check_command_scope(command)
end
protected
def name
Contrast::Agent::Protect::Rule::Deserialization::NAME
end
private
def valid_input? args
return false unless args&.any?
input = args[0]
input.is_a?(String)
end
end
end
end
end
end
end
Version data entries
6 entries across 6 versions & 1 rubygems