Sha256: ef8fd76bc49dc7e4d02571e1173f06651f64e62980463d223ac3648c9df69691

Contents?: true

Size: 1.18 KB

Versions: 11

Compression:

Stored size: 1.18 KB

Contents

# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

module Contrast
  module Agent
    module Protect
      module Rule
        # This is the Base Rule
        class SqliBaseRule < Contrast::Agent::Protect::Rule::Base
          include Contrast::Components::Logger::InstanceMethods
          include Contrast::Agent::Reporting::InputType

          BLOCK_MESSAGE = 'SQLi rule triggered. Response blocked.'

          APPLICABLE_USER_INPUTS = [
            BODY, COOKIE_NAME, COOKIE_VALUE, HEADER,
            PARAMETER_NAME, PARAMETER_VALUE, JSON_VALUE,
            MULTIPART_VALUE, MULTIPART_FIELD_NAME,
            XML_VALUE, DWR_VALUE
          ].cs__freeze

          def infilter context, database, query_string
            return unless infilter?(context)

            result = find_attacker(context, query_string, database: database)
            return unless result

            append_to_activity(context, result)

            cef_logging(result, :successful_attack)
            raise(Contrast::SecurityException.new(self, BLOCK_MESSAGE)) if blocked?
          end
        end
      end
    end
  end
end

Version data entries

11 entries across 11 versions & 1 rubygems

Version Path
contrast-agent-7.4.0 lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb
contrast-agent-7.3.2 lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb
contrast-agent-7.3.1 lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb
contrast-agent-7.3.0 lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb
contrast-agent-7.2.0 lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb
contrast-agent-7.1.0 lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb
contrast-agent-7.0.0 lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb
contrast-agent-6.15.3 lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb
contrast-agent-6.15.2 lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb
contrast-agent-6.15.1 lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb
contrast-agent-6.15.0 lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb