Sha256: a8d72323cbd0c1d191585359a272c28206a8739c1a0964001daae1903f752263

Contents?: true

Size: 1.22 KB

Versions: 8

Compression:

Stored size: 1.22 KB

Contents

# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

module Contrast
  module Agent
    module Assess
      module Rule
        # Watchers are how those Rules which do not act on dataflow function.
        #
        # Note: Most have been moved to the Service, as they typically watch
        #   the Request or Response bodies, parsing out vulnerabilities
        #   therein. CSRF is an exception to this as the rule requires a change
        #   to the Response body to function.
        class Watcher
          def supports? context
            return false if context.request.static_request?
            return false unless context.response
            return false if undesired_response_code? context.response.response_code
            return false if undesired_response_type? context.response.content_type

            true
          end

          UNDESIRED_RESPONSE_CODES = [301, 302, 307, 404, 410, 500].cs__freeze
          def undesired_response_code? code
            UNDESIRED_RESPONSE_CODES.include?(code)
          end

          def undesired_response_type? _type
            false
          end
        end
      end
    end
  end
end

Version data entries

8 entries across 8 versions & 1 rubygems

Version Path
contrast-agent-3.11.0 lib/contrast/agent/assess/rule/watcher.rb
contrast-agent-3.10.2 lib/contrast/agent/assess/rule/watcher.rb
contrast-agent-3.10.1 lib/contrast/agent/assess/rule/watcher.rb
contrast-agent-3.10.0 lib/contrast/agent/assess/rule/watcher.rb
contrast-agent-3.9.1 lib/contrast/agent/assess/rule/watcher.rb
contrast-agent-3.9.0 lib/contrast/agent/assess/rule/watcher.rb
contrast-agent-3.8.5 lib/contrast/agent/assess/rule/watcher.rb
contrast-agent-3.8.4 lib/contrast/agent/assess/rule/watcher.rb