Sha256: f7dcacfc19d95f858f1a6b1177248e9a2e9d12508cc582dd25b9b7dca264a6d1

Contents?: true

Size: 1.39 KB

Versions: 4

Compression:

Stored size: 1.39 KB

Contents

# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/agent/reporting/details/protect_rule_details'

module Contrast
  module Agent
    module Reporting
      module Details
        # Matcher data for XSS rule.
        class XssMatch
          EVIDENCE_START = /<script.*?>/i.cs__freeze
          EVIDENCE_END = %r{</script.*?>}i.cs__freeze

          # @return [Integer] in ms
          attr_accessor :evidence_start
          # @return [String]
          attr_accessor :evidence
          # @return [Integer]
          attr_accessor :offset

          # @param xss_string [String] to check for matches.
          def initialize xss_string = ''
            return if xss_string.empty?

            @evidence_start = xss_string.index(EVIDENCE_START)
            @offset = (xss_string[0...@evidence_start] || '').length
            @evidence = xss_string[@evidence_start...xss_string.index(EVIDENCE_END)].gsub(EVIDENCE_START, '').
                gsub(EVIDENCE_END, '')
          end

          def to_controlled_hash
            {
                evidenceStart: evidence_start,
                evidence: evidence,
                offset: offset
            }
          end

          def empty?
            evidence_start.nil? || evidence.nil? || offset.nil?
          end
        end
      end
    end
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
contrast-agent-7.6.1 lib/contrast/agent/reporting/details/xss_match.rb
contrast-agent-7.6.0 lib/contrast/agent/reporting/details/xss_match.rb
contrast-agent-7.5.0 lib/contrast/agent/reporting/details/xss_match.rb
contrast-agent-7.4.1 lib/contrast/agent/reporting/details/xss_match.rb