Class: Contrast::Agent::Assess::Policy::Policy
- Inherits:
-
Patching::Policy::Policy
- Object
- Patching::Policy::Policy
- Contrast::Agent::Assess::Policy::Policy
- Defined in:
- lib/contrast/agent/assess/policy/policy.rb
Overview
This is just a holder for our policy. Takes the policy JSON and converts it into hashes that we can access nicely
Constant Summary collapse
- PROVIDER_CLASSES =
[ Contrast::Agent::Assess::Rule::Provider::HardcodedKey, Contrast::Agent::Assess::Rule::Provider::HardcodedPassword ].cs__freeze
Constants inherited from Patching::Policy::Policy
Patching::Policy::Policy::PROPAGATION_KEY, Patching::Policy::Policy::RULES_KEY, Patching::Policy::Policy::SOURCES_KEY, Patching::Policy::Policy::TRIGGERS_KEY
Instance Attribute Summary
Attributes inherited from Patching::Policy::Policy
#propagators, #providers, #sources, #triggers
Class Method Summary collapse
-
.policy_folder ⇒ Object
Indicates the folder in ‘resources` where this policy lives.
Instance Method Summary collapse
-
#disabled_globally? ⇒ Boolean
Indicates is this feature has been disabled by the configuration, read at startup, and therefore can never be enabled.
-
#from_hash_string(string) ⇒ Object
Our policy for dataflow rules is a ‘dope ass’ JSON file.
-
#initialize ⇒ Policy
constructor
A new instance of Policy.
-
#load_providers ⇒ Object
Providers is a term that we’re taking from Java until we come up with a name that we (I) don’t hate.
- #node_type ⇒ Object
Methods inherited from Patching::Policy::Policy
#add_node, #find_node, #find_propagator_node, #find_source_node, #find_triggers_by_rule, #module_names, policy_json
Methods included from Components::Logger::InstanceMethods
Constructor Details
#initialize ⇒ Policy
Returns a new instance of Policy.
30 31 32 33 |
# File 'lib/contrast/agent/assess/policy/policy.rb', line 30 def initialize super load_providers end |
Class Method Details
.policy_folder ⇒ Object
Indicates the folder in ‘resources` where this policy lives.
26 27 28 |
# File 'lib/contrast/agent/assess/policy/policy.rb', line 26 def self.policy_folder 'assess' end |
Instance Method Details
#disabled_globally? ⇒ Boolean
Indicates is this feature has been disabled by the configuration, read at startup, and therefore can never be enabled.
37 38 39 |
# File 'lib/contrast/agent/assess/policy/policy.rb', line 37 def disabled_globally? ::Contrast::ASSESS.forcibly_disabled? end |
#from_hash_string(string) ⇒ Object
Our policy for dataflow rules is a ‘dope ass’ JSON file. Rather than hard code in a bunch of things to monkey patch, we let the JSON file define the conditions in which sources, propagators, and triggers are applied. This let’s us be flexible and extensible
-
when we want to do lvl 2 rules, we could have the customers unzip
our gem, insert things into the json, zip, and go *
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
# File 'lib/contrast/agent/assess/policy/policy.rb', line 52 def from_hash_string string # The default behavior of the agent is to load the policy on startup, # as at this point we do not know in which mode we'll be run. # # If the configuration file explicitly disables a feature, we know # that we will not ever be able to enable it, so in that case, we # can skip policy loading. return if disabled_globally? policy_data = Contrast::Utils::Json.parse(string) policy_data[SOURCES_KEY].each do |source_hash| source = Contrast::Agent::Assess::Policy::SourceNode.new(source_hash) add_node(source, :source) end policy_data[PROPAGATION_KEY].each do |propagator_hash| prop = Contrast::Agent::Assess::Policy::PropagationNode.new(propagator_hash) add_node(prop, :propagator) end policy_data[RULES_KEY].each do |rule_hash| rule_hash[TRIGGERS_KEY].each do |trigger_hash| trigger_node = node_type.new(trigger_hash, rule_hash) add_node(trigger_node) end end end |
#load_providers ⇒ Object
Providers is a term that we’re taking from Java until we come up with a name that we (I) don’t hate. Basically, these are more static like rules. They don’t do dataflow or response scanning. Instead, they watch for things to be loaded (configs, classes, whateves) and determine if these loaded things are unsafe.
** if we want, we could add this as a section to the aforementioned ‘dope ass’ JSON
89 90 91 92 93 94 |
# File 'lib/contrast/agent/assess/policy/policy.rb', line 89 def load_providers PROVIDER_CLASSES.each do |clazz| instance = clazz.new providers[instance.rule_id] = instance end end |