Module: Contrast::Agent::Reporting::FindingEventTaintRangeTags
- Defined in:
- lib/contrast/agent/reporting/reporting_events/finding_event_taint_range_tags.rb
Overview
A holder for the valid tags that can be sent to TeamServer that we have to honor. Placed here so as not to clutter other code.
Constant Summary collapse
- VALID_TAGS =
EventTagTypeDTM
%w[ XML_ENCODED XML_DECODED HTML_ENCODED HTML_DECODED URL_ENCODED URL_DECODED CSS_ENCODED CSS_DECODED BASE64_ENCODED BASE64_DECODED JAVASCRIPT_ENCODED JAVASCRIPT_DECODED JAVA_ENCODED JAVA_DECODED CSV_ENCODED CSV_DECODED SQL_ENCODED SQL_DECODED LDAP_ENCODED LDAP_DECODED XPATH_ENCODED XPATH_DECODED OS_ENCODED OS_DECODED VBSCRIPT_ENCODED VBSCRIPT_DECODED POTENTIAL_SANITIZED POTENTIAL_VALIDATED NO_CONTROL_CHARS CUSTOM CUSTOM_ENCODED CUSTOM_ENCODED_CMD_INJECTION CUSTOM_ENCODED_EXPRESSION_LANGUAGE_INJECTION CUSTOM_ENCODED_HEADER_INJECTION CUSTOM_ENCODED_HQL_INJECTION CUSTOM_ENCODED_LDAP_INJECTION CUSTOM_ENCODED_LOG_INJECTION CUSTOM_ENCODED_NOSQL_INJECTION CUSTOM_ENCODED_PATH_TRAVERSAL CUSTOM_ENCODED_REDOS CUSTOM_ENCODED_REFLECTED_XSS CUSTOM_ENCODED_REFLECTION_INJECTION CUSTOM_ENCODED_SMTP_INJECTION CUSTOM_ENCODED_SQL_INJECTION CUSTOM_ENCODED_SSRF CUSTOM_ENCODED_STORED_XSS CUSTOM_ENCODED_TRUST_BOUNDARY_VIOLATION CUSTOM_ENCODED_UNSAFE_CODE_EXECUTION CUSTOM_ENCODED_UNSAFE_READLINE CUSTOM_ENCODED_UNSAFE_XML_DECODE CUSTOM_ENCODED_UNTRUSTED_DESERIALIZATION CUSTOM_ENCODED_UNVALIDATED_FORWARD CUSTOM_ENCODED_UNVALIDATED_REDIRECT CUSTOM_ENCODED_XPATH_INJECTION CUSTOM_ENCODED_XXE CUSTOM_SECURITY_CONTROL_APPLIED CUSTOM_VALIDATED CUSTOM_VALIDATED_CMD_INJECTION CUSTOM_VALIDATED_EXPRESSION_LANGUAGE_INJECTION CUSTOM_VALIDATED_HEADER_INJECTION CUSTOM_VALIDATED_HQL_INJECTION CUSTOM_VALIDATED_LDAP_INJECTION CUSTOM_VALIDATED_LOG_INJECTION CUSTOM_VALIDATED_NOSQL_INJECTION CUSTOM_VALIDATED_PATH_TRAVERSAL CUSTOM_VALIDATED_REDOS CUSTOM_VALIDATED_REFLECTED_XSS CUSTOM_VALIDATED_REFLECTION_INJECTION CUSTOM_VALIDATED_SMTP_INJECTION CUSTOM_VALIDATED_SQL_INJECTION CUSTOM_VALIDATED_SSRF CUSTOM_VALIDATED_STORED_XSS CUSTOM_VALIDATED_TRUST_BOUNDARY_VIOLATION CUSTOM_VALIDATED_UNSAFE_CODE_EXECUTION CUSTOM_VALIDATED_UNSAFE_READLINE CUSTOM_VALIDATED_UNSAFE_XML_DECODE CUSTOM_VALIDATED_UNTRUSTED_DESERIALIZATION CUSTOM_VALIDATED_UNVALIDATED_FORWARD CUSTOM_VALIDATED_UNVALIDATED_REDIRECT CUSTOM_VALIDATED_XPATH_INJECTION CUSTOM_VALIDATED_XXE DATABASE_WRITE ].cs__freeze
- VALID_SOURCE_TAGS =
%w[NO_NEWLINES UNTRUSTED CROSS_SITE LIMITED_CHARS].cs__freeze