Sha256: 4847094067d2c4f2aef8a59222fda6c4b377c7359fb90840c7c7da18d9d46a54
Contents?: true
Size: 1.53 KB
Versions: 12
Compression:
Stored size: 1.53 KB
Contents
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true
require 'contrast/agent/protect/rule/base_service'
module Contrast
module Agent
module Protect
module Rule
# The Ruby implementation of the Protect Cross-Site Scripting rule.
class Xss < Contrast::Agent::Protect::Rule::BaseService
NAME = 'reflected-xss'
BLOCK_MESSAGE = 'XSS rule triggered. Response blocked.'
class << self
# @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
# @return [Hash] the details for this specific rule
def extract_details attack_sample
# TODO: RUBY-1702 - figure out why xss isn't populated when reported; probably something to do w/
# suspicious
return Contrast::Utils::ObjectShare::EMPTY_HASH unless attack_sample&.xss
{
input: attack_sample.xss.input,
matches: attack_sample.xss.matches.map do |match|
{
evidenceStart: match.evidence_start_ms,
evidence: match.evidence,
offset: match.offset
}
end
}
end
end
def rule_name
NAME
end
def stream_safe?
false
end
end
end
end
end
end
Version data entries
12 entries across 12 versions & 1 rubygems