path_traversal.rb in contrast-agent-6.6.5

- old
+ new

@@ -1,10 +1,12 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base_service'
 require 'contrast/utils/stack_trace_utils'
+require 'contrast/agent/reporting/details/path_traversal_details'
+require 'contrast/agent/reporting/details/path_traversal_semantic_analysis_details'
 
 module Contrast
   module Agent
     module Protect
       module Rule
@@ -46,11 +48,11 @@
             return unless result
 
             append_to_activity(context, result)
             return unless blocked?
 
-            cef_logging(result, :successful_attack, path)
+            cef_logging(result, :successful_attack)
             raise(Contrast::SecurityException.new(self,
                                                   "Path Traversal rule triggered. Call to File.#{ method } blocked."))
           end
 
           protected
@@ -63,31 +65,31 @@
 
           # Build a subclass of the RaspRuleSample using the query string and the
           # evaluation
           def build_sample context, input_analysis_result, path, **_kwargs
             sample = build_base_sample(context, input_analysis_result)
-            sample.path_traversal = Contrast::Api::Dtm::PathTraversalDetails.new
+            sample.details = Contrast::Agent::Reporting::Details::PathTraversalDetails.new
             path ||= input_analysis_result.value
-            sample.path_traversal.path = Contrast::Utils::StringUtils.protobuf_safe_string(path)
+            sample.details.path = Contrast::Utils::StringUtils.protobuf_safe_string(path)
             sample
           end
 
           private
 
           # Build a subclass of the RaspRuleSample if the sample matches
           def build_rep_sample context, path
             sample = build_base_sample(context, nil)
-            sample.path_traversal_semantic = Contrast::Api::Dtm::PathTraversalSemanticAnalysisDetails.new
+            sample.details = Contrast::Agent::Reporting::Details::PathTraversalSemanticAnalysisDetails.new
             path = Contrast::Utils::StringUtils.protobuf_safe_string(path)
-            sample.path_traversal_semantic.path = path
+            sample.details.path = path
 
             if custom_code_access_sysfile_enabled? && custom_code_accessing_system_file?(path)
-              sample.path_traversal_semantic.findings << :CUSTOM_CODE_ACCESSING_SYSTEM_FILES
+              sample.details.findings << :CUSTOM_CODE_ACCESSING_SYSTEM_FILES
               return sample
             end
 
             if common_file_exploits_enabled? && contains_known_attack_signatures?(path)
-              sample.path_traversal_semantic.findings << :COMMON_FILE_EXPLOITS
+              sample.details.findings << :COMMON_FILE_EXPLOITS
               return sample
             end
 
             nil
           end