Sha256: 186daeaab8271c706913f1a0db32535a8aea14465356ac371915cd8559849773

Contents?: true

Size: 1.83 KB

Versions: 12

Compression:

Stored size: 1.83 KB

Contents

# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

cs__scoped_require 'contrast/agent/assess/policy/trigger_validation/ssrf_validator'
cs__scoped_require 'contrast/agent/assess/policy/trigger_validation/xss_validator'

module Contrast
  module Agent
    module Assess
      module Policy
        # Some of our triggers require transformation or validation prior to
        # reporting in order to account for false positives or other aberrant
        # conditions. This provides a single place from which those validations
        # can be called.
        module TriggerValidation
          VALIDATORS = [
            Contrast::Agent::Assess::Policy::TriggerValidation::SSRFValidator,
            Contrast::Agent::Assess::Policy::TriggerValidation::XSSValidator
          ].cs__freeze

          # Determines if the conditions in which this trigger was called are
          # valid and should result in the generation of a
          # Contrast::Api::Dtm::Finding.
          #
          # @param patcher [Contrast::Agent::Assess::Policy::TriggerNode] the
          #   Node which applies to the Trigger Method
          # @param object [Object] the Object on which the Trigger Method was
          #   invoked
          # @param ret [Object] the return of the Trigger Method
          # @param args [Array<Object>] the Arguments with which the Trigger
          #   Method was invoked
          # @return [Boolean] if the conditions are valid for the generation of
          #   a Contrast::Api::Dtm::Finding
          def self.valid? patcher, object, ret, args
            VALIDATORS.each do |validator|
              return false unless validator.valid?(patcher, object, ret, args)
            end
            true
          end
        end
      end
    end
  end
end

Version data entries

12 entries across 12 versions & 1 rubygems

Version Path
contrast-agent-3.13.2 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.13.1 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.13.0 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.12.2 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.12.1 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.12.0 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.11.0 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.10.2 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.10.1 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.10.0 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.9.1 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.9.0 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb