Module: Contrast::Agent::Protect::Policy::AppliesCommandInjectionRule

Extended by:

RuleApplicator

Defined in:

lib/contrast/agent/protect/policy/applies_command_injection_rule.rb

Overview

This Module is how we apply the Command Injection rule. It is called from our patches of the targeted methods in which command execution occurs. It is responsible for deciding if the infilter methods of the rule should be invoked. In addition, b/c of the nature of Deserialization’s sand boxing function, this Module’s apply methods call through to the #apply_deserialization_command_check method of the Deserialization applicator.

Constant Summary

CS__SEMICOLON =

'; '

Class Method Summary

• .invoke(method, _exception, _properties, object, args) ⇒ Object

Methods included from RuleApplicator

apply_classification, apply_rule

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Class Method Details

.invoke(method, _exception, _properties, object, args) ⇒ Object

# File 'lib/contrast/agent/protect/policy/applies_command_injection_rule.rb', line 26

def invoke method, _exception, _properties, object, args
  return unless valid_command?(args)

  command = build_command(args)
  Contrast::Agent::Protect::Policy::AppliesDeserializationRule.apply_deserialization_command_check(command)
  return if skip_analysis?

  clazz = object.is_a?(Module) ? object : object.cs__class
  class_name = clazz.cs__name
  # Get the ia for current rule:
  apply_classification(rule_name, Contrast::Agent::REQUEST_TRACKER.current)
  rule.infilter(Contrast::Agent::REQUEST_TRACKER.current, class_name, method, command)
  # invoke cmdi sub-rules.
  rule.sub_rules.each do |sub_rule|
    sub_rule.infilter(Contrast::Agent::REQUEST_TRACKER.current, class_name, method, command)
  end
end