# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/agent/protect/rule/base_service' require 'contrast/agent/reporting/input_analysis/input_type' require 'contrast/agent/reporting/input_analysis/score_level' module Contrast module Agent module Protect module Rule # The Ruby implementation of the Protect Unsafe File Upload rule. # The unsafe-file-upload rule can trigger the following results: # BLOCKED in Blocking mode na SUSPICIOUS in Monitor mode. class UnsafeFileUpload < Contrast::Agent::Protect::Rule::BaseService include Contrast::Agent::Reporting::InputType NAME = 'unsafe-file-upload' BLOCK_MESSAGE = 'Unsafe file upload rule triggered. Request blocked.' APPLICABLE_USER_INPUTS = [MULTIPART_NAME, MULTIPART_FIELD_NAME].cs__freeze def rule_name NAME end # This rule is solely based on input analysis, which the Service handles. When we move from the Service to the # agent with protect library, we should re-enable these tests and that rule. # TODO: RUBY-1574 def enabled? super && false end # def block_message # BLOCK_MESSAGE # end # # def prefilter context # return unless prefilter?(context) # # ia_results = gather_ia_results context # # ia_results.each do |ia_result| # result = build_attack_result(context) # build_attack_without_match context, ia_result, result # append_to_activity context, result # # cef_logging result, :successful_attack # raise Contrast::SecurityException.new(self, BLOCK_MESSAGE) if blocked? # end # end # # private # # def prefilter? _context # return false unless enabled? # return false if protect_excluded_by_code? # # true # end end end end end end