# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'set' module Contrast module Config # Common Configuration settings. Those in this section pertain to the rule mode of a single protect rule in the # Agent. class ProtectRuleConfiguration include Contrast::Config::BaseConfiguration # @return [Boolean, nil] attr_accessor :enable # @return [String, nil] attr_accessor :mode # @return [Boolean, nil] attr_accessor :disable_system_commands attr_writer :detect_custom_code_accessing_system_files def initialize hsh = {} return unless hsh @enable = hsh[:enable] @mode = hsh[:mode] @disable_system_commands = hsh[:disable_system_commands] @detect_custom_code_accessing_system_files = hsh[:detect_custom_code_accessing_system_files] end # @return [Boolean, true] def detect_custom_code_accessing_system_files @detect_custom_code_accessing_system_files.nil? ? true : @detect_custom_code_accessing_system_files end # To convert the user input mode from config to a standard format used by TS & SR, we need to convert the given # String to its Contrast::Api::Settings::ProtectionRule::Mode equivalent. If a nonsense value is provided, it'll # be treated the same as disabling the rule. # # @return [Contrast::Api::Settings::ProtectionRule::Mode, nil] def applicable_mode return unless mode case mode when 'permit' Contrast::Api::Settings::ProtectionRule::Mode::PERMIT when 'block_at_perimeter' Contrast::Api::Settings::ProtectionRule::Mode::BLOCK_AT_PERIMETER when 'block' Contrast::Api::Settings::ProtectionRule::Mode::BLOCK when 'monitor' Contrast::Api::Settings::ProtectionRule::Mode::MONITOR else Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION end end end end end