# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/utils/object_share' module Contrast module Agent module Reporting module Settings # Controls for the syslogging feature in the agent class Syslog CONNECTION_TYPE = %w[UNENCRYPTED ENCRYPTED].cs__freeze # Used for: # severity_blocked, severity_blocked_perimeter, severity_exploited, severity_probed, # severity_probed_perimeter SEVERITIES = %w[ALERT CRITICAL ERROR WARNING NOTICE INFO DEBUG].cs__freeze # Order and elements matter, the same setter must be called against same response field. SYSLOG_METHODS_NG = %i[ enable= ip= port= facility= protocol= connection_type= severity_exploited= severity_blocked= severity_probed= severity_probed_suspicious= severity_blocked_perimeter= severity_probed_perimeter= ].cs__freeze SYSLOG_RESPONSE_KEYS_NG = %i[ syslogEnabled syslogIpAddress syslogPortNumber syslogFacilityCode syslogProtocol syslogConnectionType syslogSeverityExploited syslogSeverityBlocked syslogSeverityProbed syslogSeveritySuspicious syslogSeverityBlockedPerimeter syslogSeverityProbedPerimeter ].cs__freeze SYSLOG_METHODS = %i[ enable= ip= port= facility= connection_type= severity_blocked= severity_blocked_perimeter= severity_exploited= severity_probed= severity_probed_perimeter= ].cs__freeze SYSLOG_RESPONSE_KEYS = %i[ enable ip facility connection_type severity_blocked severity_blocked_perimeter severity_exploited severity_probed severity_probed_perimeter ].cs__freeze # @return enable [Boolean] attr_accessor :enable # @return ip [Integer] attr_accessor :ip # @return port [Integer] attr_accessor :port # @return facility [Integer] attr_accessor :facility # @return protocol [String] attr_accessor :protocol def initialize @enable = false @ip = Contrast::Utils::ObjectShare::EMPTY_STRING @port = 0 @facility = 0 @blank = true end # check to see if object is being used # # @return [Boolean] def settings_blank? @blank end # Set the state of settings # # @return [Boolean] def not_blank! @blank = false end # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def connection_type @_connection_type ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the connection type # # @param type [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def connection_type= type @_connection_type = type if valid_entry?(type, CONNECTION_TYPE) end # @return severity_blocked [String] def severity_blocked @_severity_blocked ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the severity type # # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def severity_blocked= severity @_severity_blocked = severity if valid_entry?(severity, SEVERITIES) end # @return severity_blocked [String] def severity_blocked_perimeter @_severity_blocked_perimeter ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the severity type # # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def severity_blocked_perimeter= severity @_severity_blocked_perimeter = severity if valid_entry?(severity, SEVERITIES) end # @return severity_blocked [String] def severity_exploited @_severity_exploited ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the severity type # # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def severity_exploited= severity @_severity_exploited = severity if valid_entry?(severity, SEVERITIES) end # @return severity_blocked [String] def severity_probed @_severity_probed ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the severity type # # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def severity_probed= severity @_severity_probed = severity if valid_entry?(severity, SEVERITIES) end # @return severity_blocked [String] def severity_probed_perimeter @_severity_probed_perimeter ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the severity type # # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def severity_probed_perimeter= severity @_severity_probed_perimeter = severity if valid_entry?(severity, SEVERITIES) end # @return severity_blocked [String] def severity_probed_suspicious @_severity_probed_suspicious ||= Contrast::Utils::ObjectShare::EMPTY_STRING end # Set the severity type # # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED def severity_probed_suspicious= severity @_severity_probed_suspicious = severity if valid_entry?(severity, SEVERITIES) end # @param settings_array [Array] Settings retrieved from response # @param ng_ [Boolean] def assign_array settings_array, ng_: true methods = ng_ ? SYSLOG_METHODS_NG : SYSLOG_METHODS response_keys = ng_ ? SYSLOG_RESPONSE_KEYS_NG : SYSLOG_RESPONSE_KEYS methods.each_with_index do |method, index| send(method, settings_array[response_keys[index]]) end not_blank! end def to_controlled_hash { syslogEnabled: enable, syslogIpAddress: ip, syslogPortNumber: port, syslogFacilityCode: facility, syslogConnectionType: connection_type, syslogProtocol: protocol, syslogSeverityExploited: severity_exploited, syslogSeverityBlocked: severity_blocked, syslogSeverityProbed: severity_probed, syslogSeveritySuspicious: severity_probed_suspicious, syslogSeverityBlockedPerimeter: severity_blocked_perimeter, syslogSeverityProbedPerimeter: severity_probed_perimeter } end private # Gets String or Symbol value and assigns it to iv after # validation with allowed types. # # @param value [String, Symbol] value to write # @param validation_hash [Hash] to validate against def valid_entry? value, validation_hash return false unless value && validation_hash validation_hash.include?(value) end end end end end end