Sha256: a8bce5206895112d153d0638f21f6133dba605ede7329592e4de3d8cfc60f856
Contents?: true
Size: 1.4 KB
Versions: 2
Compression:
Stored size: 1.4 KB
Contents
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true
require 'contrast/agent/protect/rule/base_service'
require 'contrast/agent/protect/policy/applies_sqli_rule'
require 'contrast/agent/protect/rule/sql_sample_builder'
module Contrast
module Agent
module Protect
module Rule
# The Ruby implementation of the Protect SQL Injection rule.
class Sqli < Contrast::Agent::Protect::Rule::BaseService
# Generate a sample for the SQLI injection detection rule, allowing for reporting to and rendering
# by TeamServer
include SqlSampleBuilder::SqliSample
# Defining build_attack_with_match method
include SqlSampleBuilder::AttackBuilder
NAME = 'sql-injection'
BLOCK_MESSAGE = 'SQLi rule triggered. Response blocked.'
def rule_name
NAME
end
def block_message
BLOCK_MESSAGE
end
def infilter context, database, query_string
return unless infilter?(context)
result = find_attacker(context, query_string, database: database)
return unless result
append_to_activity(context, result)
raise Contrast::SecurityException.new(self, BLOCK_MESSAGE) if blocked?
end
end
end
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| contrast-agent-5.1.0 | lib/contrast/agent/protect/rule/sqli.rb |
| contrast-agent-5.0.0 | lib/contrast/agent/protect/rule/sqli.rb |