{
"rules":[
{
"name": "cmd-injection",
"applicator": "Contrast::Agent::Protect::Policy::AppliesCommandInjectionRule",
"applicator_method": "apply_rule",
"required_properties": [],
"optional_properties": [],
"triggers": [
{
"class_name":"IO",
"method_name":"popen",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name":"Open3",
"method_name":"pipeline",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name":"Open3",
"method_name":"pipeline_r",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name":"Open3",
"method_name":"pipeline_rw",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name":"Open3",
"method_name":"pipeline_start",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name":"Open3",
"method_name":"pipeline_w",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name":"Open3",
"method_name":"popen2",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name":"Open3",
"method_name":"popen2e",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name":"Open3",
"method_name":"popen3",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name":"Kernel",
"method_name":"`",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name":"Kernel",
"method_name":"`",
"instance_method": true,
"method_visibility": "private",
"properties": {}
}, {
"class_name":"Kernel",
"method_name":"system",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name":"Kernel",
"method_name":"system",
"instance_method": true,
"method_visibility": "private",
"properties": {}
}, {
"class_name":"Kernel",
"method_name":"exec",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name":"Kernel",
"method_name":"exec",
"instance_method": true,
"method_visibility": "private",
"properties": {}
}, {
"class_name":"Kernel",
"method_name":"spawn",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name":"Kernel",
"method_name":"spawn",
"instance_method": true,
"method_visibility": "private",
"properties": {}
}
]
},
{
"name": "nosql-injection",
"applicator": "Contrast::Agent::Protect::Policy::AppliesNoSqliRule",
"applicator_method": "apply_rule",
"required_properties": ["database"],
"optional_properties": [],
"triggers": [
{
"class_name": "Mongo::Server::Connection",
"method_name": "dispatch",
"instance_method": true,
"method_visibility": "public",
"properties": {
"database": "MongoDB"
}
},{
"class_name": "Moped::Node",
"method_name": "read",
"instance_method": true,
"method_visibility": "private",
"properties": {
"database": "MongoDB"
}
},{
"class_name": "Moped::Node",
"method_name": "write",
"instance_method": true,
"method_visibility": "private",
"properties": {
"database": "MongoDB"
}
},{
"class_name": "Moped::Node",
"method_name": "process",
"instance_method": true,
"method_visibility": "private",
"properties": {
"database": "MongoDB"
}
}
]
},
{
"name":"path-traversal",
"applicator": "Contrast::Agent::Protect::Policy::AppliesPathTraversalRule",
"applicator_method": "apply_rule",
"required_properties": ["action"],
"optional_properties": [],
"triggers":[
{
"class_name":"File",
"method_name":"initialize",
"instance_method": true,
"method_visibility": "private",
"properties": {
"action": "dynamic"
}
}, {
"class_name":"IO",
"method_name":"open",
"instance_method": false,
"method_visibility": "public",
"properties": {
"action": "dynamic"
}
}, {
"class_name":"IO",
"method_name":"initialize",
"instance_method": true,
"method_visibility": "private",
"properties": {
"action": "dynamic"
}
}, {
"class_name":"IO",
"method_name":"binread",
"instance_method": false,
"method_visibility": "public",
"properties": {
"action": "read"
}
}, {
"class_name":"IO",
"method_name":"binwrite",
"instance_method": false,
"method_visibility": "public",
"properties": {
"action": "write"
}
}, {
"class_name":"IO",
"method_name":"read",
"instance_method": false,
"method_visibility": "public",
"properties": {
"action": "read"
}
}, {
"class_name":"IO",
"method_name":"readlines",
"instance_method": false,
"method_visibility": "public",
"properties": {
"action": "read"
}
}, {
"class_name":"IO",
"method_name":"copy_stream",
"instance_method": false,
"method_visibility": "public",
"properties": {
"action": "copy"
}
}, {
"class_name":"IO",
"method_name":"foreach",
"instance_method": false,
"method_visibility": "public",
"properties": {
"action": "read"
}
}, {
"class_name":"IO",
"method_name":"sysopen",
"instance_method": false,
"method_visibility": "public",
"properties": {
"action": "dynamic"
}
}, {
"class_name":"IO",
"method_name":"write",
"instance_method": false,
"method_visibility": "public",
"properties": {
"action": "write"
}
}
]
},
{
"name": "sql-injection",
"applicator": "Contrast::Agent::Protect::Policy::AppliesSqliRule",
"applicator_method": "apply_rule",
"required_properties": ["index", "database"],
"optional_properties": [],
"triggers": [
{
"class_name": "Mysql2::Client",
"method_name": "query",
"instance_method": true,
"method_visibility": "public",
"properties": {
"index": 0,
"database": "MySQL"
}
},{
"class_name": "Mysql2::Statement",
"method_name": "execute",
"instance_method": true,
"method_visibility": "public",
"properties": {
"index": 0,
"database": "MySQL"
}
}, {
"class_name": "PG::Connection",
"method_name": "sync_exec",
"instance_method": true,
"method_visibility": "public",
"properties": {
"index": 0,
"database": "PostgreSQL"
}
}, {
"class_name": "PG::Connection",
"method_name": "sync_exec_params",
"instance_method": true,
"method_visibility": "public",
"properties": {
"index": 0,
"database": "PostgreSQL"
}
}, {
"class_name": "PG::Connection",
"method_name": "async_exec",
"instance_method": true,
"method_visibility": "public",
"properties": {
"index": 0,
"database": "PostgreSQL"
}
}, {
"class_name": "PG::Connection",
"method_name": "async_exec_params",
"instance_method": true,
"method_visibility": "public",
"properties": {
"index": 0,
"database": "PostgreSQL"
}
}, {
"class_name": "SQLite3::Statement",
"method_name": "initialize",
"instance_method": true,
"method_visibility": "private",
"properties": {
"index": 1,
"database": "SQLite3"
}
}, {
"class_name":"SQLite3::Database",
"method_name":"execute",
"instance_method":true,
"method_visibility": "public",
"properties": {
"index": 0,
"database": "SQLite3"
}
}
]
},
{
"name": "untrusted-deserialization",
"applicator": "Contrast::Agent::Protect::Policy::AppliesDeserializationRule",
"applicator_method": "apply_rule",
"required_properties": [],
"optional_properties": [],
"triggers": [
{
"class_name": "Marshal",
"method_name": "load",
"instance_method": false,
"method_visibility": "public",
"scope": "deserialization",
"properties": {}
},
{
"class_name": "Psych",
"method_name": "load",
"instance_method": false,
"method_visibility": "public",
"scope": "deserialization",
"properties": {}
}
]
},
{
"name": "xxe",
"applicator": "Contrast::Agent::Protect::Policy::AppliesXxeRule",
"applicator_method": "apply_rule",
"required_properties": [],
"optional_properties": [],
"triggers": [
{
"class_name": "Nokogiri::XML::Document",
"method_name": "read_memory",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name": "Nokogiri::XML::Document",
"method_name": "read_io",
"instance_method": false,
"method_visibility": "public",
"applicator_method": "apply_rule__io",
"properties": {}
},{
"class_name": "Nokogiri::XML::Document",
"method_name": "parse",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name": "Nokogiri::XML::SAX::Parser",
"method_name": "parse",
"instance_method": true,
"method_visibility": "public",
"properties": {}
},{
"class_name": "Nokogiri::XML::SAX::Parser",
"method_name": "parse_memory",
"instance_method": true,
"method_visibility": "public",
"properties": {}
}, {
"class_name": "Nokogiri::XML::SAX::Parser",
"method_name": "parse_io",
"instance_method": true,
"method_visibility": "public",
"applicator_method": "apply_rule__io",
"properties": {}
},{
"class_name": "Ox",
"method_name": "parse",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name": "Ox",
"method_name": "load",
"instance_method": false,
"method_visibility": "public",
"properties": {}
}, {
"class_name": "Oga::XML::Lexer",
"method_name": "read_data",
"instance_method": true,
"method_visibility": "public",
"applicator_method": "apply_rule__lexer",
"properties": {}
}
]
}
]
}