Sha256: 155820758ac0152bc9bda889e1f8664770da625cb03cf06020904af99e5cbb3b
Contents?: true
Size: 1.49 KB
Versions: 11
Compression:
Stored size: 1.49 KB
Contents
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true
require 'contrast/agent/protect/rule/base'
require 'contrast/agent/protect/rule/xss/reflected_xss_input_classification'
require 'contrast/agent/reporting/input_analysis/input_type'
module Contrast
module Agent
module Protect
module Rule
# The Ruby implementation of the Protect Cross-Site Scripting rule.
class Xss < Contrast::Agent::Protect::Rule::Base
include Contrast::Agent::Reporting::InputType
NAME = 'reflected-xss'
BLOCK_MESSAGE = 'XSS rule triggered. Response blocked.'
APPLICABLE_USER_INPUTS = [
BODY, PARAMETER_NAME, PARAMETER_VALUE, JSON_VALUE,
MULTIPART_VALUE, MULTIPART_FIELD_NAME, XML_VALUE,
DWR_VALUE, URI, QUERYSTRING
].cs__freeze
def rule_name
NAME
end
def block_message
BLOCK_MESSAGE
end
# XSS Upload input classification
#
# @return [module<Contrast::Agent::Protect::Rule::ReflectedXssInputClassification>]
def classification
@_classification ||= Contrast::Agent::Protect::Rule::ReflectedXssInputClassification.cs__freeze
end
def stream_safe?
false
end
def applicable_user_inputs
APPLICABLE_USER_INPUTS
end
end
end
end
end
end
Version data entries
11 entries across 11 versions & 1 rubygems