Sha256: f0a855bddf5643433793461718f655a6d684ef0a2ab65f876f8d55abc2626ff9

Contents?: true

Size: 1.88 KB

Versions: 2

Compression:

Stored size: 1.88 KB

Contents

# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/agent/protect/rule/base_service'
require 'contrast/agent/reporting/input_analysis/input_type'
require 'contrast/agent/reporting/input_analysis/score_level'
require 'contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification'

module Contrast
  module Agent
    module Protect
      module Rule
        # The Ruby implementation of the Protect Unsafe File Upload rule.
        # The unsafe-file-upload rule can trigger the following results:
        # BLOCKED in Blocking mode and SUSPICIOUS in Monitor mode.
        class UnsafeFileUpload < Contrast::Agent::Protect::Rule::BaseService
          include Contrast::Agent::Reporting::InputType

          NAME = 'unsafe-file-upload'
          BLOCK_MESSAGE = 'Unsafe file upload rule triggered. Request blocked.'
          APPLICABLE_USER_INPUTS = [MULTIPART_NAME, MULTIPART_FIELD_NAME].cs__freeze

          def rule_name
            NAME
          end

          def applicable_user_inputs
            APPLICABLE_USER_INPUTS
          end

          def block_message
            BLOCK_MESSAGE
          end

          # Unsafe File Upload input classification
          #
          # @return [module<Contrast::Agent::Protect::Rule::UnsafeFileUploadInputClassification>]
          def classification
            @_classification ||= Contrast::Agent::Protect::Rule::UnsafeFileUploadInputClassification.cs__freeze
          end

          private

          # @param context [Contrast::Agent::RequestContext]
          # @return [Boolean]
          def prefilter? context
            return false unless context
            return false unless enabled?
            return false if protect_excluded_by_code?

            true
          end
        end
      end
    end
  end
end

Version data entries

2 entries across 2 versions & 1 rubygems

Version Path
contrast-agent-6.11.0 lib/contrast/agent/protect/rule/unsafe_file_upload.rb
contrast-agent-6.10.0 lib/contrast/agent/protect/rule/unsafe_file_upload.rb