# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/components/logger' module Contrast module Agent module Reporting # This is the new ApplicationDefendAttackSample class which includes a samples of an attack for the given rule of # the given result observed in the activity period. class ApplicationDefendAttackSample include Contrast::Agent::Reporting::InputType class << self def convert attack_result activity = new activity.attach_data attack_result activity end end def initialize @blocked = false @event_type = :application_defend_attack_sample end def to_controlled_hash { blocked: @blocked, input: @input, request: @request.to_controlled_hash, stack: @stack, timeStamp: @time_stamp } end # @param attack_result [Contrast::Api::Dtm::AttackResult] def attach_data attack_result rasp_rule = attack_result.samples[0] @blocked = attack_result.response == Contrast::Agent::Reporting::ResponseType::BLOCKED @input = build_input(rasp_rule) @time_stamp = build_time_stamp(rasp_rule.timestamp_ms) @request = FindingRequest.convert(Contrast::Agent::REQUEST_TRACKER.current&.request) @stack = Contrast::Utils::StackTraceUtils.build_protect_stack_array end def build_time_stamp start { start: start, elapsed: Contrast::Utils::Timer.now_ms - start } end def build_input rasp_rule user_input = rasp_rule.user_input { details: Contrast::Api::Dtm::RaspRuleSample.to_controlled_hash(rasp_rule), documentPath: user_input.path, documentType: user_input.document_type, filters: user_input.matcher_ids, name: user_input.key, time: rasp_rule.timestamp_ms, type: user_input.input_type, value: user_input.value } end end end end end