# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true module Contrast module Agent module Protect module Rule class NoSqli # The Mongo specific NoSQL scanner, used by the NoSQLI rule to # determine if a NoSQL attack was performed against a Mongo database. # # @deprecated RUBY-356 class MongoNoSqlScanner < Contrast::Agent::Protect::Rule::DefaultScanner # Is the current & next character '//' or are the current and # subsequent characters '<--' ? def start_line_comment? char, index, query if char == Contrast::Utils::ObjectShare::SLASH && query[index + 1] == Contrast::Utils::ObjectShare::SLASH return true end char == Contrast::Utils::ObjectShare::LEFT_ANGLE && query[index + 1] == Contrast::Utils::ObjectShare::DASH && query[index + 2] == Contrast::Utils::ObjectShare::DASH end def start_block_comment? _char, _index, _query false end # Indicates if '""' inside of double quotes is the equivalent of '\"' def double_quote_escape_in_double_quote? true end end end end end end end