lib/contrast/agent/protect/rule/cmd_injection.rb in contrast-agent-6.1.0 vs lib/contrast/agent/protect/rule/cmd_injection.rb in contrast-agent-6.1.1

@@ -22,10 +22,22 @@
             BODY, COOKIE_VALUE, HEADER, PARAMETER_NAME,
             PARAMETER_VALUE, JSON_VALUE, MULTIPART_VALUE,
             MULTIPART_FIELD_NAME, XML_VALUE, DWR_VALUE
           ].cs__freeze
 
+          class << self
+            # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
+            # @return [Hash] the details for this specific rule
+            def extract_details attack_sample
+              {
+                  command: attack_sample.cmdi.command,
+                  startIndex: attack_sample.cmdi.start_idx,
+                  endIndex: attack_sample.cmdi.end_idx
+              }
+            end
+          end
+
           def rule_name
             NAME
           end
 
           def infilter context, classname, method, command
@@ -44,17 +56,17 @@
                                                 **{ classname: classname, method: method })
             result ||= report_command_execution(context, command, **{ classname: classname, method: method })
             return unless result
 
             append_to_activity(context, result)
-            cef_logging result, :successful_attack
+            cef_logging(result, :successful_attack)
 
             return unless blocked?
 
-            raise Contrast::SecurityException.new(self,
+            raise(Contrast::SecurityException.new(self,
                                                   'Command Injection rule triggered. '\
-                                                  "Call to #{ classname }.#{ method } blocked.")
+                                                  "Call to #{ classname }.#{ method } blocked."))
           end
 
           def build_attack_with_match context, input_analysis_result, result, candidate_string, **kwargs
             if mode == Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION ||
                   mode == Contrast::Api::Settings::ProtectionRule::Mode::PERMIT
@@ -88,10 +100,11 @@
             sample.cmdi = Contrast::Api::Dtm::CmdInjectionDetails.new
 
             command = candidate_string || input_analysis_result.value
             command = Contrast::Utils::StringUtils.protobuf_safe_string(command)
             sample.cmdi.command = command
+            sample.cmdi.end_idx = command.length
 
             # This is a special case where the user input is UNKNOWN_USER_INPUT but
             # we want to send the attack value
             if input_analysis_result.nil?
               ui = Contrast::Api::Dtm::UserInput.new
@@ -131,15 +144,9 @@
           # enabled.
           # @return [Boolean] if the agent should report all command
           #   executions.
           def report_any_command_execution?
             ::Contrast::PROTECT.report_any_command_execution?
-          end
-
-          def gather_ia_results context
-            context.agent_input_analysis.results.select do |ia_result|
-              ia_result.rule_id == rule_name
-            end
           end
         end
       end
     end
   end