# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/agent/reporting/settings/sensitive_data_masking_rule' module Contrast module Agent module Reporting # This module will hold all the settings from the TS responce module Settings # Protect level settings for the sensitive_data_masking_policy. # Configuration of the masking parameters will be delivered dynamically from TeamServer # during an ApplicationSettings response from requests to TS endpoints that return that # structure. # https://contrast.atlassian.net/wiki/spaces/~699189087/pages/807960614/Sensitive+Data+Masking+Design class SensitiveDataMasking # Policy flag to enable the use of masking on request body # Here is set to defaults to true. # # @return true | false def mask_http_body? @_mask_http_body end # Set the flag for request body masking # # @param bool [Boolean] # @return true | false def mask_http_body= bool @_mask_http_body = bool.nil? ? true : !!bool end # Policy flag to enable the use of masking on attack vector. # Here is set to defaults to false. # # @return true | false def mask_attack_vector? @_mask_attack_vector end # Set the flag for using masking on attack vector # # @param bool [Boolean] # @return true | false def mask_attack_vector= bool @_mask_attack_vector = !!bool end # Rules to follow when using the masking # # @return rules [Array, []] def rules @_rules ||= Contrast::Agent::Reporting::Settings::RulesArray.new end # Assign rules array # # @param rules [Array] # @return rules [Array, []] def rules= rules @_rules = rules if rules_array? rules end # Build rules from hash # # @param settings_rules [Hash] Response settings under Settings/sensitive_data_masking_policy/rules # @return rules [Array, nil def build_rules_form_settings settings_rules return unless settings_rules || settings_rules.empty? settings_rules.each do |rule| instance = Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule.new instance.rule_id = rule[:id] instance.keywords = rule[:keywords] rules << instance end rules end private # Determine if parameter is array of Rules. # # @param array [Array] Array of keywords. # @return true | false def rules_array? array return false unless array.is_a?(Array) array.all?(Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule) end end # Simple validation class for Rules Array. class RulesArray < Array # Do not push anything except Rules instances. # :<< method is called on object directly so this # will make sure the data pushed is as expected. # # @param item [Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule] # @return itself [Array] def << item return itself unless item.instance_of? Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule super end end end end end end