# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

module Contrast
  module Agent
    module Reporting
      # A holder for the valid tags that can be sent to TeamServer that we have to honor. Placed here so as not to
      # clutter other code.
      module FindingEventTaintRangeTags
        # EventTagTypeDTM
        # @return [Array<Symbol>]
        VALID_TAGS = %w[
          XML_ENCODED
          XML_DECODED
          HTML_ENCODED
          HTML_DECODED
          URL_ENCODED
          URL_DECODED
          CSS_ENCODED
          CSS_DECODED
          BASE64_ENCODED
          BASE64_DECODED
          JAVASCRIPT_ENCODED
          JAVASCRIPT_DECODED
          JAVA_ENCODED
          JAVA_DECODED
          CSV_ENCODED
          CSV_DECODED
          SQL_ENCODED
          SQL_DECODED
          LDAP_ENCODED
          LDAP_DECODED
          XPATH_ENCODED
          XPATH_DECODED
          OS_ENCODED
          OS_DECODED
          VBSCRIPT_ENCODED
          VBSCRIPT_DECODED
          POTENTIAL_SANITIZED
          POTENTIAL_VALIDATED
          NO_CONTROL_CHARS
          CUSTOM

          CUSTOM_ENCODED
          CUSTOM_ENCODED_CMD_INJECTION
          CUSTOM_ENCODED_EXPRESSION_LANGUAGE_INJECTION
          CUSTOM_ENCODED_HEADER_INJECTION
          CUSTOM_ENCODED_HQL_INJECTION
          CUSTOM_ENCODED_LDAP_INJECTION
          CUSTOM_ENCODED_LOG_INJECTION
          CUSTOM_ENCODED_NOSQL_INJECTION
          CUSTOM_ENCODED_PATH_TRAVERSAL
          CUSTOM_ENCODED_REDOS
          CUSTOM_ENCODED_REFLECTED_XSS
          CUSTOM_ENCODED_REFLECTION_INJECTION
          CUSTOM_ENCODED_SMTP_INJECTION
          CUSTOM_ENCODED_SQL_INJECTION
          CUSTOM_ENCODED_SSRF
          CUSTOM_ENCODED_STORED_XSS
          CUSTOM_ENCODED_TRUST_BOUNDARY_VIOLATION
          CUSTOM_ENCODED_UNSAFE_CODE_EXECUTION
          CUSTOM_ENCODED_UNSAFE_READLINE
          CUSTOM_ENCODED_UNSAFE_XML_DECODE
          CUSTOM_ENCODED_UNTRUSTED_DESERIALIZATION
          CUSTOM_ENCODED_UNVALIDATED_FORWARD
          CUSTOM_ENCODED_UNVALIDATED_REDIRECT
          CUSTOM_ENCODED_XPATH_INJECTION
          CUSTOM_ENCODED_XXE
          CUSTOM_SECURITY_CONTROL_APPLIED

          CUSTOM_VALIDATED
          CUSTOM_VALIDATED_CMD_INJECTION
          CUSTOM_VALIDATED_EXPRESSION_LANGUAGE_INJECTION
          CUSTOM_VALIDATED_HEADER_INJECTION
          CUSTOM_VALIDATED_HQL_INJECTION
          CUSTOM_VALIDATED_LDAP_INJECTION
          CUSTOM_VALIDATED_LOG_INJECTION
          CUSTOM_VALIDATED_NOSQL_INJECTION
          CUSTOM_VALIDATED_PATH_TRAVERSAL
          CUSTOM_VALIDATED_REDOS
          CUSTOM_VALIDATED_REFLECTED_XSS
          CUSTOM_VALIDATED_REFLECTION_INJECTION
          CUSTOM_VALIDATED_SMTP_INJECTION
          CUSTOM_VALIDATED_SQL_INJECTION
          CUSTOM_VALIDATED_SSRF
          CUSTOM_VALIDATED_STORED_XSS
          CUSTOM_VALIDATED_TRUST_BOUNDARY_VIOLATION
          CUSTOM_VALIDATED_UNSAFE_CODE_EXECUTION
          CUSTOM_VALIDATED_UNSAFE_READLINE
          CUSTOM_VALIDATED_UNSAFE_XML_DECODE
          CUSTOM_VALIDATED_UNTRUSTED_DESERIALIZATION
          CUSTOM_VALIDATED_UNVALIDATED_FORWARD
          CUSTOM_VALIDATED_UNVALIDATED_REDIRECT
          CUSTOM_VALIDATED_XPATH_INJECTION
          CUSTOM_VALIDATED_XXE

          DATABASE_WRITE
        ].cs__freeze

        # @return [Array<Symbol>]
        VALID_SOURCE_TAGS = %w[NO_NEWLINES UNTRUSTED CROSS_SITE LIMITED_CHARS].cs__freeze
      end
    end
  end
end