lib/contrast/agent/protect/rule/http_method_tampering.rb in contrast-agent-6.1.0 vs lib/contrast/agent/protect/rule/http_method_tampering.rb in contrast-agent-6.1.1
- old
+ new
@@ -8,68 +8,86 @@
module Protect
module Rule
# The Ruby implementation of the Protect HTTP Method Tampering rule.
class HttpMethodTampering < Contrast::Agent::Protect::Rule::BaseService
NAME = 'method-tampering'
- STANDARD_METHODS = %w[GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH].cs__freeze
+ # STANDARD_METHODS = %w[GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH].cs__freeze
+ #
+ # APPLICABLE_METHODS_INPUTS = %w[
+ # ACL BASELINE-CONTROL CHECKIN CHECKOUT CONNECT COPY
+ # DELETE GET HEAD LABEL LOCK MERGE MKACTIVITY MKCALENDAR
+ # MKCOL MKWORKSPACE MOVE OPTIONS ORDERPATCH PATCH POST
+ # PROPFIND PROPPATCH PUT REPORT SEARCH TRACE UNCHECKOUT
+ # UNLOCK UPDATE VERSION-CONTROL
+ # ].cs__freeze
- APPLICABLE_METHODS_INPUTS = %w[
- ACL BASELINE-CONTROL CHECKIN CHECKOUT CONNECT COPY
- DELETE GET HEAD LABEL LOCK MERGE MKACTIVITY MKCALENDAR
- MKCOL MKWORKSPACE MOVE OPTIONS ORDERPATCH PATCH POST
- PROPFIND PROPPATCH PUT REPORT SEARCH TRACE UNCHECKOUT
- UNLOCK UPDATE VERSION-CONTROL
- ].cs__freeze
+ class << self
+ # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
+ # @return [Hash] the details for this specific rule
+ def extract_details attack_sample
+ {
+ method: attack_sample.method_tampering.method, # rubocop:disable Security/Object/Method
+ responseCode: attack_sample.method_tampering.response_code
+ }
+ end
+ end
def rule_name
NAME
end
- def postfilter context
- return unless enabled? && POSTFILTER_MODES.include?(mode)
- return if normal_request?(context)
-
- # The only way to be here in postfilter with a result is if the rule mode was MONITOR
- ia_results = gather_ia_results(context)
- return if ia_results.empty?
-
- # does the status code start with 4 or 5? Rails responds with 404 (but java is checking 501)
- response_code = context&.response&.response_code
- return unless response_code
-
- method = ia_results.first.value
- result = if response_code.to_s.start_with?('4', '5')
- build_attack_without_match(context, nil, nil, method: method, response_code: response_code)
- else
- build_attack_with_match(context, nil, nil, nil, method: method, response_code: response_code)
- end
-
- return unless result
-
- append_to_activity(context, result)
- cef_logging result, :ineffective_attack
- end
-
- protected
-
- def build_sample context, evaluation, _candidate_string, **kwargs
- sample = build_base_sample(context, evaluation)
- sample.user_input.value = kwargs[:method]
- sample.user_input.input_type = :METHOD
-
- sample.method_tampering = Contrast::Api::Dtm::HttpMethodTamperingDetails.new
- sample.method_tampering.method = Contrast::Utils::StringUtils.protobuf_safe_string(kwargs[:method])
- code = kwargs[:response_code] || -1
- sample.method_tampering.response_code = code.to_i
- sample
- end
-
- private
-
- def normal_request? context
- method = context.request.request_method
- context.request.static? || method.nil? || STANDARD_METHODS.include?(method.upcase)
- end
+ # This rule is solely based on input analysis, which the Service handles. When we move from the Service to the
+ # agent with protect library, we should re-enable these tests and that rule.
+ # TODO: RUBY-1574
+ # def enabled?
+ # super && false
+ # end
+ #
+ # def postfilter context
+ # return unless enabled? && POSTFILTER_MODES.include?(mode)
+ # return if normal_request?(context)
+ #
+ # # The only way to be here in postfilter with a result is if the rule mode was MONITOR
+ # ia_results = gather_ia_results(context)
+ # return if ia_results.empty?
+ #
+ # # does the status code start with 4 or 5? Rails responds with 404 (but java is checking 501)
+ # response_code = context&.response&.response_code
+ # return unless response_code
+ #
+ # method = ia_results.first.value
+ # result = if response_code.to_s.start_with?('4', '5')
+ # build_attack_without_match(context, nil, nil, method: method, response_code: response_code)
+ # else
+ # build_attack_with_match(context, nil, nil, nil, method: method, response_code: response_code)
+ # end
+ #
+ # return unless result
+ #
+ # append_to_activity(context, result)
+ # cef_logging result, :ineffective_attack
+ # end
+ #
+ # protected
+ #
+ # def build_sample context, evaluation, _candidate_string, **kwargs
+ # sample = build_base_sample(context, evaluation)
+ # sample.user_input.value = kwargs[:method]
+ # sample.user_input.input_type = :METHOD
+ #
+ # sample.method_tampering = Contrast::Api::Dtm::HttpMethodTamperingDetails.new
+ # sample.method_tampering.method = Contrast::Utils::StringUtils.protobuf_safe_string(kwargs[:method])
+ # code = kwargs[:response_code] || -1
+ # sample.method_tampering.response_code = code.to_i
+ # sample
+ # end
+ #
+ # private
+ #
+ # def normal_request? context
+ # method = context.request.request_method
+ # context.request.static? || method.nil? || STANDARD_METHODS.include?(method.upcase)
+ # end
end
end
end
end
end