Sha256: a5580a9adb9b55e33753c2498d4a671dcb4b9a3f65055199fc97a9f952dc66ae

Contents?: true

Size: 1.6 KB

Versions: 13

Compression:

Stored size: 1.6 KB

Contents

# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

module Contrast
  module Agent
    module Assess
      module Policy
        # This class functions to translate our policy.json into an actionable
        # Ruby object, allowing for dynamic patching over hardcoded patching,
        # specifically for those methods which result in the source of
        # untrusted data (indicate points in the application where user
        # controlled input is accessed).
        class SourceNode < PolicyNode
          attr_accessor :type

          JSON_TYPE = 'type'
          SOURCE_TAG = 'UNTRUSTED'
          def initialize source_hash = {}
            super(source_hash)
            @type = source_hash[JSON_TYPE]
            @tags << SOURCE_TAG
          end

          SOURCE = 'Source'
          def node_class
            SOURCE
          end

          # This is confusing. Sources are Creation action but
          # Propagation type. Oh and also Type refers to input type,
          # like parameter, so we have to call this node_type. :-/
          def node_type
            :TYPE_PROPAGATION
          end

          # Standard validation + TS trace version two rules:
          # Must have source and type
          def validate
            super
            raise(ArgumentError, "Source #{ id } did not have a proper target. Unable to create.") unless targets&.any?
            raise(ArgumentError, "Source #{ id } did not have a proper type. Unable to create.") unless type
          end
        end
      end
    end
  end
end

Version data entries

13 entries across 13 versions & 1 rubygems

Version Path
contrast-agent-4.14.1 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.14.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.13.1 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.13.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.12.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.11.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.10.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.9.1 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.9.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.8.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.7.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.6.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-4.5.0 lib/contrast/agent/assess/policy/source_node.rb