path_traversal.rb in contrast-agent-3.11.0

- old
+ new

@@ -1,20 +1,21 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-cs__scoped_require 'contrast/utils/stack_trace_utils'
+cs__scoped_require 'contrast/agent/protect/rule/base_service'
 cs__scoped_require 'contrast/components/interface'
+cs__scoped_require 'contrast/utils/stack_trace_utils'
 
 module Contrast
   module Agent
     module Protect
       module Rule
         # This class handles our implementation of the Path Traversal
         # Protect rule.
         class PathTraversal < Contrast::Agent::Protect::Rule::BaseService
           include Contrast::Components::Interface
-          access_component :logging, :agent
+          access_component :agent
 
           NAME = 'path-traversal'
           SYSTEM_PATHS = %w[
             /proc/self
             etc/passwd
@@ -26,12 +27,10 @@
             /Windows/win.ini
             /windows/system32/
             /windows/repair/
           ].cs__freeze
 
-          KNOWN_SECURITY_BYPASS_MARKERS = ['::$DATA', '::$Index', '', '\x00'].cs__freeze
-
           def name
             NAME
           end
 
           def infilter context, method, path
@@ -119,9 +118,11 @@
 
           def common_file_exploits_enabled?
             false
           end
 
+          # TODO: RUBY-318
+          # KNOWN_SECURITY_BYPASS_MARKERS = ['::$DATA', '::$Index', '', '\x00'].cs__freeze
           def contains_known_attack_signatures? input
             utf8 = Contrast::Utils::StringUtils.force_utf8(input)
             _ = CGI.unescape(utf8)
             # TODO: RUBY-318 implement REP for known attack signatures
             #   try: