# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/components/logger' require 'contrast/agent/reporting/reporting_events/application_defend_attack_activity' module Contrast module Agent module Reporting # This is the new AttackerActivity class which will includes the attacker information discovered during this # activity period. class ApplicationDefendAttackerActivity # @return [Hash] map of rule-id to violated # samples for that rule attr_reader :protection_rules # @return [String, nil] the IP address of the request from which the attack originated; used to identify unique # attackers attr_reader :source_ip # @return [String, nil] the X-Forwarded-For Header of the request from which the attack originated; used to # identify unique attackers attr_reader :source_forwarded_for class << self # @param attack_result_dtm [Contrast::Api::Dtm::AttackResult] # @return [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity] def convert attack_result_dtm activity = new activity.attach_data(attack_result_dtm) activity end end def initialize @protection_rules = {} req = Contrast::Agent::REQUEST_TRACKER.current.activity.http_request if req @source_ip = req.sender.ip @source_forwarded_for = req.request_headers['X-Forwarded-For'] end @event_type = :application_defend_attacker_activity super end def to_controlled_hash { protectionRules: process_protection_rules, source: { ip: source_ip, xForwardedFor: source_forwarded_for } } end # @param attack_result [Contrast::Api::Dtm::AttackResult] def attach_data attack_result @protection_rules[attack_result.rule_id] = Contrast::Agent::Reporting::ApplicationDefendAttackActivity.convert(attack_result) end def process_protection_rules hsh = {} @protection_rules.each_pair do |rule_id, attack_activity| hsh[rule_id] = attack_activity.to_controlled_hash end hsh end end end end end