Contents

# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/components/logger'

module Contrast
  module Extension
    module Assess
      # This Module allows us to track calls to the BasicObject#eval method,
      # which violates the design of most methods we track in that we have to
      # apply the trigger in a custom patch over one of the generic triggers in
      # TriggerMethod.
      class EvalTrigger
        include Contrast::Components::Logger::InstanceMethods

        class << self
          def instance_eval_trigger_check obj, source, ret
            apply_trigger(obj, source, ret, 'BasicObject', :instance_eval)
          end

          def eval_trigger_check obj, source, ret, method
            apply_trigger(obj, source, ret, 'Module', method)
          end

          def apply_trigger obj, source, ret, clazz, method
            return unless ::Contrast::ASSESS.non_request_tracking? || Contrast::Agent::REQUEST_TRACKER.current

            # source might not be all the args passed in, but it is the one we care
            # about. we could pass in all the args in the last param here if it
            # becomes an issue in rendering on TS
            Contrast::Agent::Assess::Policy::TriggerMethod.apply_eval_trigger(trigger_node(clazz, method), source, obj,
                                                                              ret, source)
          end

          private

          def trigger_node clazz, method
            triggers = Contrast::Agent::Assess::Policy::Policy.instance.triggers
            return unless triggers

            triggers.find { |node| node.class_name == clazz && node.method_name == method }
          end
        end
      end
    end
  end
end

Version data entries

18 entries across 18 versions & 1 rubygems

Version	Path
contrast-agent-7.6.1	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-7.6.0	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-7.5.0	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-7.4.1	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-7.4.0	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-7.3.2	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-7.3.1	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-7.3.0	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-7.2.0	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-7.1.0	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-7.0.0	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-6.15.3	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-6.15.2	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-6.15.1	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-6.15.0	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-6.14.0	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-6.13.0	lib/contrast/extension/assess/eval_trigger.rb
contrast-agent-6.12.0	lib/contrast/extension/assess/eval_trigger.rb