Class: Contrast::Agent::Reporting::Settings::ProtectServerFeature

Inherits:

Object

• Object
• Contrast::Agent::Reporting::Settings::ProtectServerFeature

Defined in:

lib/contrast/agent/reporting/settings/protect_server_feature.rb

Overview

Application level settings for the Protect featureset. Used for the FeatureSet TS response

Constant Summary

PROTECT_RULES_KEYS =

%i[
  cmd_injection method_tampering nosql_injection path_traversal redos reflected_xss sql_injection
  ssrf unsafe_file_upload untrusted_deserialization xxe
].cs__freeze

Instance Method Summary

• #bot_blocker ⇒ Object

  Indicate if the bot protection feature set is enabled for this server or not.

• #enabled=(enabled) ⇒ Object

  Set the enabled.

• #enabled? ⇒ Boolean

  Indicate if the protect feature set is enabled for this server or not.

• #ip_allowlist ⇒ Object

  The IP addresses for which to disable protection.

• #ip_allowlist=(allowlist) ⇒ Object

  set ip_allowlist.

• #ip_denylist ⇒ Object

  The IP addresses for which to disable protection.

• #ip_denylist=(denylist) ⇒ Object

  set ip_denylist.

• #log_enhancers ⇒ Object

  All of the apis to add new logging calls to the application at runtime.

• #log_enhancers=(log_enhancers_array) ⇒ Object

  All of the apis to add new logging calls to the application at runtime.

• #ng_rule_definition_list(list) ⇒ Object

  The keywords and patterns required for the input analysis of each rule with that capability.

• #observability ⇒ Object

  When false, the agent should not track observations.

• #observability=(enable) ⇒ Object
• #rule_definition_list ⇒ Object

  The keywords and patterns required for the input analysis of each rule with that capability.

• #rules_to_definition_list(rules) ⇒ Object

  Transforms ServerSettings hash rules to definition_list.

• #syslog ⇒ Object

  Controls for the syslogging feature in the agent.

• #to_controlled_hash ⇒ Object

  The protect response should be structured like this: protect{ enable, observability, rules, log_enhancers } instead we receive all the data under the protect: the rules array is merged under protect and the ruleDefinition list is separate: “defend” : { “botBlockers” : [], “enabled” : true, “logEnhancers” : [], “ipDenylist” : [], “ipAllowlist” : [], “syslog” : {}, “ruleDefinitionList” : […], “bot-blocker” : false },.

Instance Method Details

#bot_blocker ⇒ Object

Indicate if the bot protection feature set is enabled for this server or not.

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 57

def bot_blocker
  @_bot_blocker ||= Contrast::Agent::Reporting::Settings::BotBlocker.new
end

#enabled=(enabled) ⇒ Object

Set the enabled

Parameters:

• enabled (Boolean)

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 35

def enabled= enabled
  @_enabled = enabled
end

#enabled? ⇒ Boolean

Indicate if the protect feature set is enabled for this server or not.

Returns:

• (Boolean)

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 27

def enabled?
  @_enabled
end

#ip_allowlist ⇒ Object

The IP addresses for which to disable protection.

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 68

def ip_allowlist
  @_ip_allowlist ||= []
end

#ip_allowlist=(allowlist) ⇒ Object

set ip_allowlist

}

Parameters:

• allowlist (array<IpFilter>) —

  of IpFilter: { expires [Integer] The time after which the filter is no longer valid. ip [String] The IP or range of IPs to which this message pertains. name [String] The user defined name of the filter. uuid [String] The identifier of the filter as defined by TeamServer.

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 81

def ip_allowlist= allowlist
  Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(Contrast::Agent::Reporting::Settings::IpFilter,
                                                            ip_allowlist,
                                                            allowlist)
end

#ip_denylist ⇒ Object

The IP addresses for which to disable protection.

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 94

def ip_denylist
  @_ip_denylist ||= []
end

#ip_denylist=(denylist) ⇒ Object

set ip_denylist

}

Parameters:

• denylist (array) —

  of IpFilter: { expires [Integer] The time after which the filter is no longer valid. ip [String] The IP or range of IPs to which this message pertains. name [String] The user defined name of the filter. uuid [String] The identifier of the filter as defined by TeamServer.

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 107

def ip_denylist= denylist
  Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(Contrast::Agent::Reporting::Settings::IpFilter,
                                                            ip_denylist,
                                                            denylist)
end

#log_enhancers ⇒ Object

All of the apis to add new logging calls to the application at runtime.

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 116

def log_enhancers
  @_log_enhancers ||= []
end

#log_enhancers=(log_enhancers_array) ⇒ Object

All of the apis to add new logging calls to the application at runtime.

}

Parameters:

• log_enhancers_array (Array<LogEnhancers>) —

  of LogEnhancers: { api [String] The method signature to instrument, as understood by the agent. format [String] The format of the message to log. id [Integer] The identifier of the enhancer as defined by TeamServer. level [String] The level at which to log this message. Trace as 0 and Error as 4.

  [ TRACE, DEBUG, INFO, WARN, ERROR ]
  

  name [String] The user defined name of the enhancer. type [String] The type of log message to generate. Audit as 0, Security as 2.

  [ AUDIT, ERROR, SECURITY ]
  

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 133

def log_enhancers= log_enhancers_array
  Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(Contrast::Agent::Reporting::Settings::LogEnhancer,
                                                            log_enhancers,
                                                            log_enhancers_array)
end

#ng_rule_definition_list(list) ⇒ Object

The keywords and patterns required for the input analysis of each rule with that capability.

}

Parameters:

• list (Array<RuleDefinition>) —

  Array of RuleDefinition: { keywords [Array] The words to search for in input that indicate an attack.{

  caseSensitive [Boolean]
  id            [String]
  score         [Integer] The impact of matching this entry; higher meaning more
                          likely to be an attack
  value         [String] }
  

  name [String] AssessRuleID patterns [Array] A word or pattern whose presence in an input represents an attack {

   caseSensitive [Boolean]
   id            [String]
  score          [Integer] The impact of matching this entry; higher meaning more
                          likely to be an attack
  value          [String] }
  

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 164

def ng_rule_definition_list list
  Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(
      Contrast::Agent::Reporting::Settings::RuleDefinition,
      rule_definition_list,
      list)
end

#observability ⇒ Object

When false, the agent should not track observations. when true, the agent should track observed usage of protect URLs

{ enable: true }

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 44

def observability
  @_observability
end

#observability=(enable) ⇒ Object

Parameters:

• enable (Boolean)

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 50

def observability= enable
  @_observability = enable
end

#rule_definition_list ⇒ Object

The keywords and patterns required for the input analysis of each rule with that capability.

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 142

def rule_definition_list
  @_rule_definition_list ||= []
end

#rules_to_definition_list(rules) ⇒ Object

Transforms ServerSettings hash rules to definition_list

Parameters:

• rules (Hash)

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 174

def rules_to_definition_list rules
  return unless rules&.cs__is_a?(Hash)

  definition_list = []
  rules.slice(*PROTECT_RULES_KEYS).each_pair do |key, rule|
    new_entry = Contrast::Agent::Reporting::Settings::RuleDefinition.new
    new_entry.name = Contrast::Agent::Reporting::Settings::Helpers.to_rule_id(key)
    new_entry.patterns = rule[:patterns]
    new_entry.keywords = rule[:keywords]
    definition_list << new_entry
  end
  @_rule_definition_list = definition_list
end

#syslog ⇒ Object

Controls for the syslogging feature in the agent.

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 191

def syslog
  @_syslog ||= Contrast::Agent::Reporting::Settings::Syslog.new
end

#to_controlled_hash ⇒ Object

The protect response should be structured like this: protect{ enable, observability, rules, log_enhancers } instead we receive all the data under the protect: the rules array is merged under protect and the ruleDefinition list is separate: “defend” :

  "botBlockers" : [],
  "enabled" : true,
  "logEnhancers" : [],
  "ipDenylist" : [],
  "ipAllowlist" : [],
  "syslog" : {,
  "ruleDefinitionList" : [...],
  "bot-blocker" : false
},

# File 'lib/contrast/agent/reporting/settings/protect_server_feature.rb', line 210

def to_controlled_hash
  {
      botBlockers: bot_blocker.bots.map(&:to_controlled_hash),
      enabled: enabled?,
      observability: observability, # used with ServerSettings only
      logEnhancers: log_enhancers.map(&:to_controlled_hash),
      ipDenylist: ip_denylist.map(&:to_controlled_hash),
      ipAllowlist: ip_allowlist.map(&:to_controlled_hash),
      syslog: syslog.settings_blank? ? nil : syslog.to_controlled_hash, # used with ServerSettings only
      ruleDefinitionList: rule_definition_list.map(&:to_controlled_hash),
      'bot-blocker': bot_blocker.to_controlled_hash
  }.compact
end