Sha256: 55ca6b9d1fd2ebbecbb14cd298c98ec50ab98a64e9028e17d6a1e17168640126

Contents?: true

Size: 1.81 KB

Versions: 11

Compression:

Stored size: 1.81 KB

Contents

# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/agent/protect/rule/base'
require 'contrast/agent/reporting/input_analysis/input_type'
require 'contrast/agent/reporting/input_analysis/score_level'
require 'contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification'

module Contrast
  module Agent
    module Protect
      module Rule
        # The Ruby implementation of the Protect Unsafe File Upload rule.
        # The unsafe-file-upload rule can trigger the following results:
        # BLOCKED in Blocking mode and SUSPICIOUS in Monitor mode.
        class UnsafeFileUpload < Contrast::Agent::Protect::Rule::Base
          include Contrast::Agent::Reporting::InputType

          NAME = 'unsafe-file-upload'
          BLOCK_MESSAGE = 'Unsafe file upload rule triggered. Request blocked.'
          APPLICABLE_USER_INPUTS = [MULTIPART_NAME, MULTIPART_FIELD_NAME].cs__freeze

          def rule_name
            NAME
          end

          def applicable_user_inputs
            APPLICABLE_USER_INPUTS
          end

          def block_message
            BLOCK_MESSAGE
          end

          # Unsafe File Upload input classification
          #
          # @return [module<Contrast::Agent::Protect::Rule::UnsafeFileUploadInputClassification>]
          def classification
            @_classification ||= Contrast::Agent::Protect::Rule::UnsafeFileUploadInputClassification.cs__freeze
          end

          private

          # @param context [Contrast::Agent::RequestContext]
          # @return [Boolean]
          def prefilter? context
            return false unless context
            return false unless enabled?

            true
          end
        end
      end
    end
  end
end

Version data entries

11 entries across 11 versions & 1 rubygems

Version Path
contrast-agent-7.4.0 lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload.rb
contrast-agent-7.3.2 lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload.rb
contrast-agent-7.3.1 lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload.rb
contrast-agent-7.3.0 lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload.rb
contrast-agent-7.2.0 lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload.rb
contrast-agent-7.1.0 lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload.rb
contrast-agent-7.0.0 lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload.rb
contrast-agent-6.15.3 lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload.rb
contrast-agent-6.15.2 lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload.rb
contrast-agent-6.15.1 lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload.rb
contrast-agent-6.15.0 lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload.rb