RubygemsResearch

Sha256: 2d1d737c2bea1a2b024a08c46588076b94f741fc46c72e7a8d47eddba2cac13c

Contents?: true

Size: 1.9 KB

Versions: 15

Compression:

Stored size: 1.9 KB

# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/agent/protect/rule/sqli/sqli'
require 'contrast/agent/protect/policy/rule_applicator'

module Contrast
  module Agent
    module Protect
      module Policy
        # This Module is how we apply the SQL Injection rule. It is called from
        # our patches of the targeted methods in which the execution of String
        # based SQL queries occur. It is responsible for deciding if the infilter
        # methods of the rule should be invoked.
        class AppliesSqliRule
          extend Contrast::Agent::Protect::Policy::RuleApplicator

          DATABASE_MYSQL =    'MySQL'
          DATABASE_SQLITE =   'SQLite3'
          DATABASE_PG =       'PostgreSQL'

          class << self
            def invoke _method, _exception, properties, _object, args
              database = properties['database']
              return unless database

              index = properties[Contrast::Utils::ObjectShare::INDEX]
              return unless valid_input?(index, args)
              return if skip_analysis?

              sql = args[index]

              # Get the ia for current rule:
              apply_classification(rule_name, Contrast::Agent::REQUEST_TRACKER.current)
              rule.infilter(Contrast::Agent::REQUEST_TRACKER.current, database, sql)
              rule.sub_rules.each { |sub_rule| sub_rule.infilter(Contrast::Agent::REQUEST_TRACKER.current, sql) }
            end

            protected

            def rule_name
              Contrast::Agent::Protect::Rule::Sqli::NAME
            end

            private

            def valid_input? index, args
              return false unless args && args.length > index

              sql = args[index]
              sql && !sql.empty?
            end
          end
        end
      end
    end
  end
end

Version data entries

15 entries across 15 versions & 1 rubygems

Version	Path
contrast-agent-7.6.1	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-7.6.0	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-7.5.0	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-7.4.1	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-7.4.0	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-7.3.2	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-7.3.1	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-7.3.0	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-7.2.0	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-7.1.0	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-7.0.0	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-6.15.3	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-6.15.2	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-6.15.1	lib/contrast/agent/protect/policy/applies_sqli_rule.rb
contrast-agent-6.15.0	lib/contrast/agent/protect/policy/applies_sqli_rule.rb