# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/utils/object_share' module Contrast module Agent module Reporting module Settings # Controls for the syslogging feature in the agent class Syslog CONNECTION_TYPE = %w[UNENCRYPTED ENCRYPTED].cs__freeze # Used for: # severity_blocked, severity_blocked_perimeter, severity_exploited, severity_probed, # severity_probed_perimeter SEVERITIES = %w[ALERT CRITICAL ERROR WARNING NOTICE INFO DEBUG].cs__freeze SYSLOG_METHODS = %i[ enable= ip= port= facility= protocol= connection_type= severity_exploited= severity_blocked= severity_probed= severity_probed_suspicious= severity_blocked_perimeter= severity_probed_perimeter= ].cs__freeze SYSLOG_RESPONSE_KEYS = %i[ syslogEnabled syslogIpAddress syslogPortNumber syslogFacilityCode syslogProtocol syslogConnectionType syslogSeverityExploited syslogSeverityBlocked syslogSeverityProbed syslogSeveritySuspicious syslogSeverityBlockedPerimeter syslogSeverityProbedPerimeter ].cs__freeze # @return enable [Boolean] attr_accessor :enable # @return ip [Integer] attr_accessor :ip # @return port [Integer] attr_accessor :port # @return facility [Integer] attr_accessor :facility # @return protocol [String] attr_accessor :protocol def initialize @enable = false @ip = Contrast::Utils::ObjectShare::EMPTY_STRING @port = 0 @facility = 0 end # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def connection_type @_connection_type ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the connection type # # @param type [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def connection_type= type @_connection_type = type if valid_entry?(type, CONNECTION_TYPE) end # @return severity_blocked [String] def severity_blocked @_severity_blocked ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the severity type # # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def severity_blocked= severity @_severity_blocked = severity if valid_entry?(severity, SEVERITIES) end # @return severity_blocked [String] def severity_blocked_perimeter @_severity_blocked_perimeter ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the severity type # # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def severity_blocked_perimeter= severity @_severity_blocked_perimeter = severity if valid_entry?(severity, SEVERITIES) end # @return severity_blocked [String] def severity_exploited @_severity_exploited ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the severity type # # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def severity_exploited= severity @_severity_exploited = severity if valid_entry?(severity, SEVERITIES) end # @return severity_blocked [String] def severity_probed @_severity_probed ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the severity type # # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def severity_probed= severity @_severity_probed = severity if valid_entry?(severity, SEVERITIES) end # @return severity_blocked [String] def severity_probed_perimeter @_severity_probed_perimeter ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the severity type # # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def severity_probed_perimeter= severity @_severity_probed_perimeter = severity if valid_entry?(severity, SEVERITIES) end # @return severity_blocked [String] def severity_probed_suspicious @_severity_probed_suspicious ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the severity type # # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def severity_probed_suspicious= severity @_severity_probed_suspicious = severity if valid_entry?(severity, SEVERITIES) end # @param settings_array [Array] Settings retrieved from response def assign_array settings_array Contrast::Agent::Reporting::Settings::Syslog::SYSLOG_METHODS.each_with_index do |method, index| send(method, settings_array[SYSLOG_RESPONSE_KEYS[index]]) end end def to_controlled_hash { syslogEnabled: enable, syslogIpAddress: ip, syslogPortNumber: port, syslogFacilityCode: facility, syslogConnectionType: connection_type, syslogProtocol: protocol, syslogSeverityExploited: severity_exploited, syslogSeverityBlocked: severity_blocked, syslogSeverityProbed: severity_probed, syslogSeveritySuspicious: severity_probed_suspicious, syslogSeverityBlockedPerimeter: severity_blocked_perimeter, syslogSeverityProbedPerimeter: severity_probed_perimeter } end private # Gets String or Symbol value and assigns it to iv after # validation with allowed types. # # @param value [String, Symbol] value to write # @param validation_hash [Hash] to validate against def valid_entry? value, validation_hash return false unless value && validation_hash validation_hash.include?(value) end end end end end end