Sha256: 8280ce54dfec3401e7a797a0da0b59ae59716aca4ddcd6c52930b2e147bc6a56

Contents?: true

Size: 1.39 KB

Versions: 4

Compression:

Stored size: 1.39 KB

Contents

# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

cs__scoped_require 'contrast/components/interface'

module Contrast
  module Utils
    module Assess
      # TrackingUtil has methods for determining if a object is being tracked
      class TrackingUtil
        include Contrast::Components::Interface

        access_component :logging

        def self.tracked? obj
          return false if obj.nil?

          if Contrast::Utils::DuckUtils.iterable_hash?(obj)
            obj.each_pair do |k, v|
              return true if tracked?(k)
              return true if tracked?(v)
            end
            false
          elsif Contrast::Utils::DuckUtils.iterable_enumerable?(obj)
            obj.any? do |ele|
              tracked?(ele) unless obj == ele
            end
          elsif Contrast::Utils::DuckUtils.quacks_to?(obj, :cs__tracked?)
            obj.cs__tracked?
          else
            false
          end
        rescue StandardError => e
          # This is used to ask if a ton of objects are tracked. They may not
          # all be iterable. Bad things could happen in some cases, like when
          # checking a closed statement for SQL injection trigger events
          logger.warn('Failed to determine tracking', e, module: obj.cs__class)
          false
        end
      end
    end
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
contrast-agent-3.12.2 lib/contrast/utils/assess/tracking_util.rb
contrast-agent-3.12.1 lib/contrast/utils/assess/tracking_util.rb
contrast-agent-3.12.0 lib/contrast/utils/assess/tracking_util.rb
contrast-agent-3.11.0 lib/contrast/utils/assess/tracking_util.rb