Sha256: afa1c453f8fee75f7b04625f043b70cb717fc815c424a25c015306f416cbab96

Contents?: true

Size: 1.65 KB

Versions: 18

Compression:

Stored size: 1.65 KB

Contents

# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: false

require 'ffi'
# require the gem
require 'contrast-agent-lib'

module Contrast
  module AgentLib
    # This module is defined in Rust as external, we used it here.
    # Initializes the AgentLib. Here will be all methods from
    # the C bindings  contrast_c::cmdi_semantic_chained_command module.
    module CommandInjection
      extend FFI::Library
      ffi_lib ContrastAgentLib::CONTRAST_C

      attach_function :get_index_of_chained_command, [:string], :long_long
      attach_function :does_command_contain_dangerous_path, [:string], :int

      private

      # Checks that a given shell command contained a chained command.
      # This is used for the cmd-injection-semantic-chained-commands rule.
      #
      # @param cmd [String] command to check.
      # @return index[Integer] Returns the index of the command chaining if found.
      # If the chaining index is >= 0, an injection is detected. Returns -1 when
      # no command chaining is found.
      def dl__index_of_chained_command cmd
        get_index_of_chained_command(cmd)
      end

      # Checks if a given shell command is trying to access a dangerous path.
      # This is used for the cmd-injection-semantic-dangerous-paths rule.
      #
      # @param path [String] path to check.
      # @return index[Boolean] Returns 1 if a dangerous path is found.
      # Returns 0 if no dangerous paths are found.
      def dl__dangerous_path? path
        return false if does_command_contain_dangerous_path(path).zero?

        true
      end
    end
  end
end

Version data entries

18 entries across 18 versions & 1 rubygems

Version Path
contrast-agent-7.6.1 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-7.6.0 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-7.5.0 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-7.4.1 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-7.4.0 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-7.3.2 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-7.3.1 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-7.3.0 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-7.2.0 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-7.1.0 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-7.0.0 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-6.15.3 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-6.15.2 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-6.15.1 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-6.15.0 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-6.14.0 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-6.13.0 lib/contrast/agent_lib/api/command_injection.rb
contrast-agent-6.12.0 lib/contrast/agent_lib/api/command_injection.rb