Sha256: 549d2151bdf8e6e2affe20569b5dec5ea3ef9c3b7156e01c7e75be9e07cf9e9a

Contents?: true

Size: 1.46 KB

Versions: 19

Compression:

Stored size: 1.46 KB

Contents

# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/agent/at_exit_hook'

module Contrast
  module Extension
    module Assess
      # This Module allows us to track calls to the Kernel#exec method, which
      # violates the design of most methods we track in that we have to apply
      # the trigger at the start in order to account for the process hand off.
      module ExecTrigger
        def apply_trigger source
          return unless ::Contrast::ASSESS.non_request_tracking? || Contrast::Agent::REQUEST_TRACKER.current
          # Since we know this is the source of the trigger, we can do some
          # optimization here and return when it is not tracked
          return unless Contrast::Utils::Assess::TrackingUtil.tracked?(source)

          # source might not be all the args passed in, but it is the one we care
          # about. we could pass in all the args in the last param here if it
          # becomes an issue in rendering on TS
          Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(trigger_node, source, Kernel, nil, source)
        end

        private

        def trigger_node
          @_trigger_node ||= Contrast::Agent::Assess::Policy::Policy.instance.find_node('cmd-injection', 'Kernel',
                                                                                        :exec, false)
        end
      end
    end
  end
end

Version data entries

19 entries across 19 versions & 1 rubygems

Version Path
contrast-agent-6.6.5 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.6.4 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.6.3 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.6.2 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.6.1 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.6.0 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.5.1 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.5.0 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.4.0 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.3.0 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.2.0 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.1.2 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.1.1 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.1.0 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-6.0.0 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-5.3.0 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-5.2.0 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-5.1.0 lib/contrast/extension/assess/exec_trigger.rb
contrast-agent-5.0.0 lib/contrast/extension/assess/exec_trigger.rb