Sha256: 19075a6d6c7ec6d8661a3f3ba6f6c103bbc9610025d95495ca200e4442411753

Contents?: true

Size: 1.14 KB

Versions: 8

Compression:

Stored size: 1.14 KB

Contents

# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

module Contrast
  module Agent
    module Assess
      module Rule
        # A watcher focused on the Response body, parsing out vulnerabilities
        # therein.
        #
        # Note: Most have been moved to the Service, as they typically watch
        #   the Request or Response bodies, parsing out vulnerabilities
        #   therein. CSRF is an exception to this as the rule requires a change
        #   to the Response body to function.
        class ResponseWatcher < Contrast::Agent::Assess::Rule::Watcher
          def postfilter context
            return unless supports?(context)
            return unless vulnerable?(context)

            build_finding(context)
          end

          def vulnerable? _context
            raise(
                NotImplementedError,
                'A child rule should have overridden the vulnerable? method')
          end

          def build_finding _context
            Contrast::Api::Dtm::Finding.new
          end
        end
      end
    end
  end
end

Version data entries

8 entries across 8 versions & 1 rubygems

Version Path
contrast-agent-3.11.0 lib/contrast/agent/assess/rule/response_watcher.rb
contrast-agent-3.10.2 lib/contrast/agent/assess/rule/response_watcher.rb
contrast-agent-3.10.1 lib/contrast/agent/assess/rule/response_watcher.rb
contrast-agent-3.10.0 lib/contrast/agent/assess/rule/response_watcher.rb
contrast-agent-3.9.1 lib/contrast/agent/assess/rule/response_watcher.rb
contrast-agent-3.9.0 lib/contrast/agent/assess/rule/response_watcher.rb
contrast-agent-3.8.5 lib/contrast/agent/assess/rule/response_watcher.rb
contrast-agent-3.8.4 lib/contrast/agent/assess/rule/response_watcher.rb