Sha256: f5baad80106045b840c6a99957c17abd2cabfd377a4df1292ae33e781c9e4a3a

Contents?: true

Size: 1.21 KB

Versions: 12

Compression:

Stored size: 1.21 KB

Contents

# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

cs__scoped_require 'contrast/agent/assess/policy/source_method'

module Contrast
  module Agent
    module Assess
      module Policy
        module SourceValidation
          # Validator used to assert a CROSS_SITE tag is actually applicable to
          # the given method before applying the tag to its target
          module CrossSiteValidator
            # prevent the application of a tag if it is from a source known to
            # not apply a tag in a provided context.
            # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/rules/dataflow/reflected_xss.md
            def self.valid? tag, source_type, source_name
              return true unless tag == 'CROSS_SITE'
              return false if source_type == Contrast::Agent::Assess::Policy::SourceMethod::HEADER_KEY_TYPE
              return true unless source_type == Contrast::Agent::Assess::Policy::SourceMethod::HEADER_TYPE
              return false unless source_name

              source_name.casecmp?('referer')
            end
          end
        end
      end
    end
  end
end

Version data entries

12 entries across 12 versions & 1 rubygems

Version Path
contrast-agent-3.13.2 lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb
contrast-agent-3.13.1 lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb
contrast-agent-3.13.0 lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb
contrast-agent-3.12.2 lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb
contrast-agent-3.12.1 lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb
contrast-agent-3.12.0 lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb
contrast-agent-3.11.0 lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb
contrast-agent-3.10.2 lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb
contrast-agent-3.10.1 lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb
contrast-agent-3.10.0 lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb
contrast-agent-3.9.1 lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb
contrast-agent-3.9.0 lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb