Sha256: 88da86f8a41f46e02473c749e32f6414a46b768fe11fe876c2c43ed45cc4d817
Contents?: true
Size: 1.43 KB
Versions: 2
Compression:
Stored size: 1.43 KB
Contents
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true
# This module is used to track propagation through ERB template rendering
module ERBPropagator
class << self
def result_tagger patcher, preshift, ret, _block
return unless preshift.args.length >= 1
return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
used_binding = preshift.args[0]
binding_variable_set = used_binding.local_variables
erb_pre_result = preshift.object.src
parent_events = []
binding_variable_set.each do |bound_var_symbol|
bound_variable_value = used_binding.local_variable_get(bound_var_symbol)
next unless Contrast::Agent::Assess::Tracker.tracked?(bound_variable_value)
next unless erb_pre_result.include?(bound_var_symbol.to_s)
start_index = ret.index(bound_variable_value)
next if start_index.nil?
properties.copy_from(bound_variable_value, ret, start_index)
parent_event = Contrast::Agent::Assess::Tracker.properties(bound_variable_value)&.event
parent_events << parent_event if parent_event
end
properties.build_event(
patcher,
ret,
preshift.object,
ret,
preshift.args,
1)
properties.event.instance_variable_set(:@_parent_events, parent_events)
ret
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| contrast-agent-4.6.0 | lib/contrast/extension/assess/erb.rb |
| contrast-agent-4.5.0 | lib/contrast/extension/assess/erb.rb |