Sha256: d14aa660e4e80ed24c8227a0f84c1668025e76d87ee89e9cfddc310196db9ddf
Contents?: true
Size: 1.3 KB
Versions: 2
Compression:
Stored size: 1.3 KB
Contents
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true
require 'contrast/agent/protect/rule/base_service'
module Contrast
module Agent
module Protect
module Rule
# The Ruby implementation of the Protect Cross-Site Scripting rule.
class Xss < Contrast::Agent::Protect::Rule::BaseService
NAME = 'reflected-xss'
BLOCK_MESSAGE = 'XSS rule triggered. Response blocked.'
class << self
# @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
# @return [Hash] the details for this specific rule
def extract_details attack_sample
{
input: attack_sample.xss.input,
matches: attack_sample.xss.matches.map do |match|
{
evidenceStart: match.evidence_start_ms,
evidence: match.evidence,
offset: match.offset
}
end
}
end
end
def rule_name
NAME
end
def stream_safe?
false
end
end
end
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| contrast-agent-6.1.2 | lib/contrast/agent/protect/rule/xss.rb |
| contrast-agent-6.1.1 | lib/contrast/agent/protect/rule/xss.rb |