lib/contrast/agent/protect/rule/unsafe_file_upload.rb in contrast-agent-5.3.0 vs lib/contrast/agent/protect/rule/unsafe_file_upload.rb in contrast-agent-6.0.0
- old
+ new
@@ -1,20 +1,62 @@
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true
require 'contrast/agent/protect/rule/base_service'
+require 'contrast/agent/reporting/input_analysis/input_type'
+require 'contrast/agent/reporting/input_analysis/score_level'
module Contrast
module Agent
module Protect
module Rule
# The Ruby implementation of the Protect Unsafe File Upload rule.
+ # The unsafe-file-upload rule can trigger the following results:
+ # BLOCKED in Blocking mode na SUSPICIOUS in Monitor mode.
class UnsafeFileUpload < Contrast::Agent::Protect::Rule::BaseService
+ include Contrast::Agent::Reporting::InputType
+
NAME = 'unsafe-file-upload'
BLOCK_MESSAGE = 'Unsafe file upload rule triggered. Request blocked.'
+ APPLICABLE_USER_INPUTS = [MULTIPART_NAME, MULTIPART_FIELD_NAME].cs__freeze
def rule_name
NAME
+ end
+
+ def block_message
+ BLOCK_MESSAGE
+ end
+
+ def prefilter context
+ return unless prefilter?(context)
+
+ ia_results = gather_ia_results context
+
+ ia_results.each do |ia_result|
+ result = build_attack_result(context)
+ build_attack_without_match context, ia_result, result
+ append_to_activity context, result
+
+ cef_logging result, :successful_attack
+ raise Contrast::SecurityException.new(self, BLOCK_MESSAGE) if blocked?
+ end
+ end
+
+ private
+
+ def prefilter? context
+ return false unless context&.agent_input_analysis&.results
+ return false unless enabled?
+ return false if protect_excluded_by_code?
+
+ true
+ end
+
+ def gather_ia_results context
+ context.agent_input_analysis.results.select do |ia_result|
+ ia_result.rule_id == rule_name
+ end
end
end
end
end
end