Sha256: 2c08efed10b33b608b052d05b60c5c912986a75749ee85901136edfd0a9edc61
Contents?: true
Size: 1.82 KB
Versions: 7
Compression:
Stored size: 1.82 KB
Contents
# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true
cs__scoped_require 'contrast/components/interface'
module Contrast
module CoreExtensions
module Assess
# This Module allows us to track calls to the Kernel#exec method, which
# violates the design of most methods we track in that we have to apply
# the trigger at the start in order to account for the process hand off.
module ExecTrigger
include Contrast::Components::Interface
access_component :contrast_service
def apply_trigger source
current_context = Contrast::Agent::REQUEST_TRACKER.current
return unless current_context
# Since we know this is the source of the trigger, we can do some
# optimization here and return when it is not tracked
return unless Contrast::Utils::Assess::TrackingUtil.tracked?(source)
# source might not be all the args passed in, but it is the one we care
# about. we could pass in all the args in the last param here if it
# becomes an issue in rendering on TS
Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(
current_context,
trigger_node,
source,
self,
'',
1,
source)
# Exec replaces the current process, if we occur in a forked process our appendage of this finding will not make it to TS
CONTRAST_SERVICE.send_message(current_context.activity)
end
private
def trigger_node
@_trigger_node ||= begin
Contrast::Agent::Assess::Policy::Policy.instance.find_node('cmd-injection', 'Kernel', :exec, false)
end
end
end
end
end
end
Version data entries
7 entries across 7 versions & 1 rubygems