Sha256: e47f14c3815487241017207dc9ff87cf66bf209f0300528d080e0cc1b15c3883

Contents?: true

Size: 1.69 KB

Versions: 16

Compression:

Stored size: 1.69 KB

Contents

# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

module Contrast
  module Agent
    module Assess
      module Policy
        # This class functions to translate our policy.json into an actionable
        # Ruby object, allowing for dynamic patching over hardcoded patching,
        # specifically for those methods which result in the source of
        # untrusted data (indicate points in the application where user
        # controlled input is accessed).
        class SourceNode < PolicyNode
          attr_accessor :type

          JSON_TYPE = 'type'
          SOURCE_TAG = 'UNTRUSTED'
          SOURCE = 'Source'
          def initialize source_hash = {}
            super(source_hash)
            @type = source_hash[JSON_TYPE]
            @tags << SOURCE_TAG
          end

          def node_class
            SOURCE
          end

          # This is confusing. Sources are Creation action but
          # Propagation type. Oh and also Type refers to input type,
          # like parameter, so we have to call this node_type. :-/
          def node_type
            :TYPE_PROPAGATION
          end

          # Standard validation + TS trace version two rules:
          # Must have source and type
          # @raise[ArgumentError] raises if any of the required fields is missing or invalid
          def validate
            super
            raise(ArgumentError, "Source #{ id } did not have a proper target. Unable to create.") unless targets&.any?
            raise(ArgumentError, "Source #{ id } did not have a proper type. Unable to create.") unless type
          end
        end
      end
    end
  end
end

Version data entries

16 entries across 16 versions & 1 rubygems

Version Path
contrast-agent-7.5.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-7.4.1 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-7.4.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-7.3.2 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-7.3.1 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-7.3.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-7.2.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-7.1.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-7.0.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-6.15.3 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-6.15.2 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-6.15.1 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-6.15.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-6.14.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-6.13.0 lib/contrast/agent/assess/policy/source_node.rb
contrast-agent-6.12.0 lib/contrast/agent/assess/policy/source_node.rb