Sha256: 9b1a5894e9fd0e8e6caa06526e9bfd31fc58a97937dc485c2c58a42aa5d2db37
Contents?: true
Size: 1.65 KB
Versions: 4
Compression:
Stored size: 1.65 KB
Contents
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: false
require 'ffi'
# require the gem
require 'contrast-agent-lib'
module Contrast
module AgentLib
# This module is defined in Rust as external, we used it here.
# Initializes the AgentLib. Here will be all methods from
# the C bindings contrast_c::cmdi_semantic_chained_command module.
module CommandInjection
extend FFI::Library
ffi_lib ContrastAgentLib::CONTRAST_C
attach_function :get_index_of_chained_command, [:string], :long_long
attach_function :does_command_contain_dangerous_path, [:string], :int
private
# Checks that a given shell command contained a chained command.
# This is used for the cmd-injection-semantic-chained-commands rule.
#
# @param cmd [String] command to check.
# @return index[Integer] Returns the index of the command chaining if found.
# If the chaining index is >= 0, an injection is detected. Returns -1 when
# no command chaining is found.
def dl__index_of_chained_command cmd
get_index_of_chained_command(cmd)
end
# Checks if a given shell command is trying to access a dangerous path.
# This is used for the cmd-injection-semantic-dangerous-paths rule.
#
# @param path [String] path to check.
# @return index[Boolean] Returns 1 if a dangerous path is found.
# Returns 0 if no dangerous paths are found.
def dl__dangerous_path? path
return false if does_command_contain_dangerous_path(path).zero?
true
end
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems