Sha256: 367c05e15f70217869855569c3ecf57caf243de69aeffae8912cae48be5abe5d

Contents?: true

Size: 1.6 KB

Versions: 18

Compression:

Stored size: 1.6 KB

Contents

# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

module Contrast
  module Agent
    module Assess
      module Policy
        # This class functions to translate our policy.json into an actionable
        # Ruby object, allowing for dynamic patching over hardcoded patching,
        # specifically for those methods which result in the source of
        # untrusted data (indicate points in the application where user
        # controlled input is accessed).
        class SourceNode < PolicyNode
          attr_accessor :type

          JSON_TYPE = 'type'
          SOURCE_TAG = 'UNTRUSTED'
          def initialize source_hash = {}
            super(source_hash)
            @type = source_hash[JSON_TYPE]
            @tags << SOURCE_TAG
          end

          SOURCE = 'Source'
          def node_class
            SOURCE
          end

          # This is confusing. Sources are Creation action but
          # Propagation type. Oh and also Type refers to input type,
          # like parameter, so we have to call this node_type. :-/
          def node_type
            :TYPE_PROPAGATION
          end

          # Standard validation + TS trace version two rules:
          # Must have source and type
          def validate
            super
            raise(ArgumentError, "Source #{ id } did not have a proper target. Unable to create.") unless targets&.any?
            raise(ArgumentError, "Source #{ id } did not have a proper type. Unable to create.") unless type
          end
        end
      end
    end
  end
end

Version data entries

18 entries across 18 versions & 1 rubygems

Version Path
contrast-agent-4.4.1 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.4.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.3.2 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.3.1 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.3.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.2.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.1.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.0.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-3.16.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-3.15.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-3.14.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-3.13.2 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-3.13.1 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-3.13.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-3.12.2 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-3.12.1 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-3.12.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-3.11.0 lib/contrast/agent/assess/policy/source_node.rb