ssrf_validator.rb in contrast-agent-7.6.0

- old
+ new

@@ -19,9 +19,15 @@
 
             # A finding is valid for SSRF if the source of the trigger event is
             # a valid URL in which the User controls a section prior to the
             # querystring
             # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/rules/dataflow/server_side_request_forgery.md
+            #
+            # @param patcher [Contrast::Agent::Patcher] the patcher instance
+            # @param _object [Object] the object that was called
+            # @param _ret [Object] the return value of the method
+            # @param args [Array<Object>] the arguments passed to the method
+            # @return [Boolean] true if the finding is valid, false otherwise
             def self.valid? patcher, _object, _ret, args
               return true if patcher.id.to_s.start_with?(PATH_ONLY_PATCH_MARKER)
 
               url = args[0].to_s
               match = url.match(URL_PATTERN)