Module: Contrast::Agent::Reporting::FindingEventTaintRangeTags

Defined in:

lib/contrast/agent/reporting/reporting_events/finding_event_taint_range_tags.rb

Overview

A holder for the valid tags that can be sent to TeamServer that we have to honor. Placed here so as not to clutter other code.

Constant Summary

VALID_TAGS =

EventTagTypeDTM

Returns:

• (Array<Symbol>)

%w[
  XML_ENCODED
  XML_DECODED
  HTML_ENCODED
  HTML_DECODED
  URL_ENCODED
  URL_DECODED
  CSS_ENCODED
  CSS_DECODED
  BASE64_ENCODED
  BASE64_DECODED
  JAVASCRIPT_ENCODED
  JAVASCRIPT_DECODED
  JAVA_ENCODED
  JAVA_DECODED
  CSV_ENCODED
  CSV_DECODED
  SQL_ENCODED
  SQL_DECODED
  LDAP_ENCODED
  LDAP_DECODED
  XPATH_ENCODED
  XPATH_DECODED
  OS_ENCODED
  OS_DECODED
  VBSCRIPT_ENCODED
  VBSCRIPT_DECODED
  POTENTIAL_SANITIZED
  POTENTIAL_VALIDATED
  NO_CONTROL_CHARS
  CUSTOM

  CUSTOM_ENCODED
  CUSTOM_ENCODED_CMD_INJECTION
  CUSTOM_ENCODED_EXPRESSION_LANGUAGE_INJECTION
  CUSTOM_ENCODED_HEADER_INJECTION
  CUSTOM_ENCODED_HQL_INJECTION
  CUSTOM_ENCODED_LDAP_INJECTION
  CUSTOM_ENCODED_LOG_INJECTION
  CUSTOM_ENCODED_NOSQL_INJECTION
  CUSTOM_ENCODED_PATH_TRAVERSAL
  CUSTOM_ENCODED_REDOS
  CUSTOM_ENCODED_REFLECTED_XSS
  CUSTOM_ENCODED_REFLECTION_INJECTION
  CUSTOM_ENCODED_SMTP_INJECTION
  CUSTOM_ENCODED_SQL_INJECTION
  CUSTOM_ENCODED_SSRF
  CUSTOM_ENCODED_STORED_XSS
  CUSTOM_ENCODED_TRUST_BOUNDARY_VIOLATION
  CUSTOM_ENCODED_UNSAFE_CODE_EXECUTION
  CUSTOM_ENCODED_UNSAFE_READLINE
  CUSTOM_ENCODED_UNSAFE_XML_DECODE
  CUSTOM_ENCODED_UNTRUSTED_DESERIALIZATION
  CUSTOM_ENCODED_UNVALIDATED_FORWARD
  CUSTOM_ENCODED_UNVALIDATED_REDIRECT
  CUSTOM_ENCODED_XPATH_INJECTION
  CUSTOM_ENCODED_XXE
  CUSTOM_SECURITY_CONTROL_APPLIED

  CUSTOM_VALIDATED
  CUSTOM_VALIDATED_CMD_INJECTION
  CUSTOM_VALIDATED_EXPRESSION_LANGUAGE_INJECTION
  CUSTOM_VALIDATED_HEADER_INJECTION
  CUSTOM_VALIDATED_HQL_INJECTION
  CUSTOM_VALIDATED_LDAP_INJECTION
  CUSTOM_VALIDATED_LOG_INJECTION
  CUSTOM_VALIDATED_NOSQL_INJECTION
  CUSTOM_VALIDATED_PATH_TRAVERSAL
  CUSTOM_VALIDATED_REDOS
  CUSTOM_VALIDATED_REFLECTED_XSS
  CUSTOM_VALIDATED_REFLECTION_INJECTION
  CUSTOM_VALIDATED_SMTP_INJECTION
  CUSTOM_VALIDATED_SQL_INJECTION
  CUSTOM_VALIDATED_SSRF
  CUSTOM_VALIDATED_STORED_XSS
  CUSTOM_VALIDATED_TRUST_BOUNDARY_VIOLATION
  CUSTOM_VALIDATED_UNSAFE_CODE_EXECUTION
  CUSTOM_VALIDATED_UNSAFE_READLINE
  CUSTOM_VALIDATED_UNSAFE_XML_DECODE
  CUSTOM_VALIDATED_UNTRUSTED_DESERIALIZATION
  CUSTOM_VALIDATED_UNVALIDATED_FORWARD
  CUSTOM_VALIDATED_UNVALIDATED_REDIRECT
  CUSTOM_VALIDATED_XPATH_INJECTION
  CUSTOM_VALIDATED_XXE

  DATABASE_WRITE
].cs__freeze

VALID_SOURCE_TAGS =

Returns:

• (Array<Symbol>)

%w[NO_NEWLINES UNTRUSTED CROSS_SITE LIMITED_CHARS].cs__freeze