RubygemsResearch

Sha256: e01dbaceb715b6a2dd05912071c79ac4c1cfc6b537e84971815fec9c7716836b

Contents?: true

Size: 1.14 KB

Versions: 1

Compression:

Stored size: 1.14 KB

# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/agent/protect/rule/base_service'
require 'contrast/agent/reporting/input_analysis/input_type'

module Contrast
  module Agent
    module Protect
      module Rule
        # The Ruby implementation of the Protect Cross-Site Scripting rule.
        class Xss < Contrast::Agent::Protect::Rule::BaseService
          include Contrast::Agent::Reporting::InputType
          NAME = 'reflected-xss'
          BLOCK_MESSAGE = 'XSS rule triggered. Response blocked.'

          APPLICABLE_USER_INPUTS = [
            BODY, PARAMETER_NAME, PARAMETER_VALUE, JSON_VALUE,
            MULTIPART_VALUE, MULTIPART_FIELD_NAME, XML_VALUE,
            DWR_VALUE, URI, QUERYSTRING
          ].cs__freeze

          def rule_name
            NAME
          end

          def block_message
            BLOCK_MESSAGE
          end

          def stream_safe?
            false
          end

          def applicable_user_inputs
            APPLICABLE_USER_INPUTS
          end
        end
      end
    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
contrast-agent-6.9.0	lib/contrast/agent/protect/rule/xss.rb