# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/agent/reporting/settings/input_exclusion' require 'contrast/agent/reporting/settings/url_exclusion' require 'contrast/agent/reporting/settings/helpers' module Contrast module Agent module Reporting # This module will hold all the settings from the TS responce module Settings # Application level settings for the Exclusions featureset # (ApplicationStartupSettingsExclusions) class Exclusions # Cases where rules should be excluded if violated from a given input. # # @return input_exclusions [Array] # Array of InputExclusions def input_exclusions @_input_exclusions ||= [] end # set the InputExclusions array. Pass boolean flag as end element of array for ng endpoint. # example: input_exclusions = [array, boolean] # # @param new_input_exclusions [Array] Array of InputExclusions: { # name [String] The name of the input. # modes [String] If this exclusion applies to assess or protect. [assess, defend] # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String] # protect_rules [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies. # urls [Array] Array of URLs to which the exclusions apply. URL [String] # match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY] # type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING] # } # @return input_exclusions [Array] # Array of InputExclusions def input_exclusions= new_input_exclusions # The ng_endpoint check is passed as boolean parameter in the setter method. We need to check and see # if it is set: @_input_exclusions = Contrast::Agent::Reporting::Settings::Helpers.array_to_iv( Contrast::Agent::Reporting::Settings::InputExclusion, input_exclusions, new_input_exclusions, ng_endpoint: new_input_exclusions[-1] == !!new_input_exclusions[-1]) end # A case where rules should be excluded if violated during a call to a given URL. # # @return url_exclusions [Array] Array of UrlExclusions def url_exclusions @_url_exclusions ||= [] end # set the url_exclusions array. Pass boolean flag as end element of array for ng endpoint. # example: url_exclusions = [array, boolean] # # @param new_url_exclusions [Array] Array of UrlExclusions: { # name [String] The name of the input. # modes [String] If this exclusion applies to assess or protect. [assess, defend] # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String] # protect_rules [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies. # urls [Array] Array of URLs to which the exclusions apply. URL [String] # match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY] # type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING] # } # @return url_exclusions [Array] Array of UrlExclusions def url_exclusions= new_url_exclusions @_url_exclusions = Contrast::Agent::Reporting::Settings::Helpers.array_to_iv( Contrast::Agent::Reporting::Settings::UrlExclusion, url_exclusions, new_url_exclusions, ng_endpoint: new_url_exclusions[-1] == !!new_url_exclusions[-1]) end def to_controlled_hash { inputExceptions: input_exclusions.map(&:to_controlled_hash), urlExceptions: url_exclusions.map(&:to_controlled_hash) } end end end end end end