Sha256: 1ac4ae996d796c5020fdc1cc42fa722cc0aab631d80cca1937f543dd7e8687e5
Contents?: true
Size: 1.85 KB
Versions: 5
Compression:
Stored size: 1.85 KB
Contents
# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true
module Contrast
module CoreExtensions
module Assess
# This Module allows us to track calls to the BasicObject#eval method,
# which violates the design of most methods we track in that we have to
# apply the trigger in a custom patch over one of the generic triggers in
# TriggerMethod.
module EvalTrigger
def instance_eval_trigger_check source, ret
apply_trigger(source, ret, 'BasicObject', :instance_eval)
end
def eval_trigger_check source, ret, method
apply_trigger(source, ret, 'Module', method)
end
def apply_trigger source, ret, clazz, method
current_context = Contrast::Agent::REQUEST_TRACKER.current
return unless current_context
# Since we know this is the source of the trigger, we can do some
# optimization here and return when it is not tracked
return unless Contrast::Utils::Assess::TrackingUtil.tracked?(source)
# source might not be all the args passed in, but it is the one we care
# about. we could pass in all the args in the last param here if it
# becomes an issue in rendering on TS
Contrast::Agent::Assess::Policy::TriggerMethod.apply_eval_trigger(
current_context,
trigger_node(clazz, method),
source,
self,
ret,
1,
source)
end
private
def trigger_node clazz, method
triggers = Contrast::Agent::Assess::Policy::Policy.instance.triggers
return unless triggers
triggers.find { |node| node.class_name == clazz && node.method_name == method }
end
end
end
end
end
Version data entries
5 entries across 5 versions & 1 rubygems