# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/agent/protect/rule/base_service'
require 'contrast/agent/protect/policy/applies_sqli_rule'
require 'contrast/agent/protect/rule/sql_sample_builder'
require 'contrast/agent/reporting/input_analysis/input_type'
require 'contrast/agent/protect/rule/sqli/sqli_base_rule'
require 'contrast/agent/protect/rule/sqli/sqli_semantic/sqli_dangerous_functions'

module Contrast
  module Agent
    module Protect
      module Rule
        # The Ruby implementation of the Protect SQL Injection rule.
        class Sqli < Contrast::Agent::Protect::Rule::SqliBaseRule
          # Generate a sample for the SQLI injection detection rule, allowing for reporting to and rendering
          # by TeamServer
          include SqlSampleBuilder::SqliSample
          # Defining build_attack_with_match method
          include SqlSampleBuilder::AttackBuilder
          include Contrast::Agent::Reporting::InputType
          class << self
            include Contrast::Agent::Reporting::InputType
          end

          NAME = 'sql-injection'

          SUB_RULES = [Contrast::Agent::Protect::Rule::SqliDangerousFunctions.new].cs__freeze

          def rule_name
            NAME
          end

          def block_message
            BLOCK_MESSAGE
          end

          def sub_rules
            SUB_RULES
          end
        end
      end
    end
  end
end