Sha256: 5401b9f606c8c2f47399db10da016891b4bb1b93818cfc8282b2c7ec2f3a29a8

Contents?: true

Size: 1.98 KB

Versions: 5

Compression:

Stored size: 1.98 KB

Contents

# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/components/logger'

module Contrast
  module Agent
    # This class is responsible for holding our ruleset and performing filtering operations on all
    # rules when asked by the middleware.
    class RuleSet < Set
      include Contrast::Components::Logger::InstanceMethods

      # The filtering that needs to happen before the application gets access to the request object.
      # The main action here is snapshotting the request as provided to the application from the
      # user before any application code has acted upon it. Additionally, this is where Protect will
      # terminate requests on attack detection if set to block at perimeter
      def prefilter
        context = Contrast::Agent::REQUEST_TRACKER.current
        return unless context&.analyze_request?

        logger.trace_with_time('Running prefilter...') do
          map { |rule| rule.prefilter(context) }
        end
      rescue Contrast::SecurityException => e
        logger.warn('RASP threw security exception in prefilter', e)
        raise e
      rescue StandardError => e
        logger.error('Unexpected exception during prefilter', e)
      end

      # The filtering that needs occur after the application has acted on the request and the response
      # has been created. The main actions here are analyzing the response for unsafe state or actions.
      def postfilter
        context = Contrast::Agent::REQUEST_TRACKER.current
        return unless context&.analyze_response?

        logger.trace_with_time('Running postfilter...') do
          map { |rule| rule.postfilter(context) }
        end
      rescue Contrast::SecurityException => e
        logger.warn('RASP threw security exception in postfilter', e)
        raise e
      rescue StandardError => e
        logger.error('Unexpected exception during postfilter', e)
      end
    end
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version Path
contrast-agent-4.14.1 lib/contrast/agent/rule_set.rb
contrast-agent-4.14.0 lib/contrast/agent/rule_set.rb
contrast-agent-4.13.1 lib/contrast/agent/rule_set.rb
contrast-agent-4.13.0 lib/contrast/agent/rule_set.rb
contrast-agent-4.12.0 lib/contrast/agent/rule_set.rb