Sha256: 251168eb1444ef87400eae337ee521bac9d97585e31080a3206d531f039d2e75

Contents?: true

Size: 1.8 KB

Versions: 9

Compression:

Stored size: 1.8 KB

Contents

# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/agent/assess/policy/trigger_validation/ssrf_validator'
require 'contrast/agent/assess/policy/trigger_validation/xss_validator'

module Contrast
  module Agent
    module Assess
      module Policy
        # Some of our triggers require transformation or validation prior to
        # reporting in order to account for false positives or other aberrant
        # conditions. This provides a single place from which those validations
        # can be called.
        module TriggerValidation
          VALIDATORS = [
            Contrast::Agent::Assess::Policy::TriggerValidation::SSRFValidator,
            Contrast::Agent::Assess::Policy::TriggerValidation::XSSValidator
          ].cs__freeze

          # Determines if the conditions in which this trigger was called are
          # valid and should result in the generation of a
          # Contrast::Api::Dtm::Finding.
          #
          # @param patcher [Contrast::Agent::Assess::Policy::TriggerNode] the
          #   Node which applies to the Trigger Method
          # @param object [Object] the Object on which the Trigger Method was
          #   invoked
          # @param ret [Object] the return of the Trigger Method
          # @param args [Array<Object>] the Arguments with which the Trigger
          #   Method was invoked
          # @return [Boolean] if the conditions are valid for the generation of
          #   a Contrast::Api::Dtm::Finding
          def self.valid? patcher, object, ret, args
            VALIDATORS.each do |validator|
              return false unless validator.valid?(patcher, object, ret, args)
            end
            true
          end
        end
      end
    end
  end
end

Version data entries

9 entries across 9 versions & 1 rubygems

Version Path
contrast-agent-4.3.2 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-4.3.1 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-4.3.0 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-4.2.0 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-4.1.0 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-4.0.0 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.16.0 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.15.0 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
contrast-agent-3.14.0 lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb