xss_validator.rb in contrast-agent-4.4.0

- old
+ new

@@ -8,11 +8,11 @@
         module TriggerValidation
           # Validator used to assert a Reflected XSS finding is actually
           # vulnerable before serializing that finding as a DTM to report to
           # the service.
           module XSSValidator
-            XSS_RULE = 'reflected-xss'
+            RULE_NAME = 'reflected-xss'
             SAFE_CONTENT_TYPES = %w[
               /csv
               /javascript
               /json
               /pdf
@@ -21,12 +21,10 @@
             ].cs__freeze
 
             # A finding is valid for XSS if the response type is not one of
             # those assumed to be safe
             # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/rules/dataflow/reflected_xss.md
-            def self.valid? patcher, _object, _ret, _args
-              return true unless XSS_RULE == patcher&.rule_id
-
+            def self.valid? _patcher, _object, _ret, _args
               content_type = Contrast::Agent::REQUEST_TRACKER.current&.response&.content_type
               return true unless content_type
 
               content_type = content_type.downcase
               SAFE_CONTENT_TYPES.none? { |safe_type| content_type.index(safe_type) }