Module: Contrast::Agent::RequestContextExtend

Includes:

Components::Logger::InstanceMethods, Utils::CEFLogUtils

Included in:

RequestContext

Defined in:

lib/contrast/agent/request/request_context_extend.rb

Overview

This class extends RequestContexts: this class acts to encapsulate information about the currently executed request, making it available to the Agent for the duration of the request in a standardized and normalized format which the Agent understands.

Constant Summary

Constants included from Utils::CEFLogUtils

Utils::CEFLogUtils::AGENT_VERSION, Utils::CEFLogUtils::DATE_TIME_FORMAT, Utils::CEFLogUtils::DEFAULT_CEF_NAME, Utils::CEFLogUtils::DEFAULT_LEVEL, Utils::CEFLogUtils::DEFAULT_METADATA, Utils::CEFLogUtils::EVENT_TYPE, Utils::CEFLogUtils::PROGNAME, Utils::CEFLogUtils::VALID_LEVELS

Constants included from Utils::LogUtils

Utils::LogUtils::DATE_TIME_FORMAT, Utils::LogUtils::DEFAULT_LEVEL, Utils::LogUtils::DEFAULT_NAME, Utils::LogUtils::PROGNAME, Utils::LogUtils::STDERR_STR, Utils::LogUtils::STDOUT_STR, Utils::LogUtils::VALID_LEVELS

Instance Method Summary

• #append_to_observed_route(route) ⇒ Object

  Convert the discovered route for this request to appropriate forms and disseminate it to those locations where it is necessary for our route coverage and finding vulnerability discovery features to function.

• #extract_after(rack_response) ⇒ Object

  append anything we’ve learned to the request seen message this is the sum-total of all inventory information that has been accumulated since the last request.

• #protect_input_analysis ⇒ Object

  If protect is enabled for this request, examine said request for any possible attack input.

• #protect_postfilter_ia ⇒ Object

  Builds IA only for postfilter rules.

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Methods included from Utils::LogUtils

#write_permission?

Instance Method Details

#append_to_observed_route(route) ⇒ Object

Convert the discovered route for this request to appropriate forms and disseminate it to those locations where it is necessary for our route coverage and finding vulnerability discovery features to function.

Parameters:

• route (Contrast::Agent::Reporting::RouteCoverage)

# File 'lib/contrast/agent/request/request_context_extend.rb', line 30

def append_to_observed_route route
  return unless route

  @observed_route.signature  = route.route
  @observed_route.verb       = route.verb
  @observed_route.url        = route.url if route.url
  @request.observed_route    = @observed_route

  observation = Contrast::Agent::Reporting::RouteDiscoveryObservation.new(route.url, route.verb)
  @discovered_route = Contrast::Agent::Reporting::RouteDiscovery.new(route.route, observation)
  @request.discovered_route = @discovered_route
end

#extract_after(rack_response) ⇒ Object

append anything we’ve learned to the request seen message this is the sum-total of all inventory information that has been accumulated since the last request

# File 'lib/contrast/agent/request/request_context_extend.rb', line 83

def extract_after rack_response
  # We must ALWAYS save the response, even if we don't need it here for response sampling. It is used for other
  # vulnerability detection, most notably XSS, and not capturing it may suppress valid findings.
  @response = Contrast::Agent::Response.new(rack_response)
  return unless @sample_res

  Contrast::Agent::Assess::Rule::Response::AutoComplete.new.analyze(@response)
  Contrast::Agent::Assess::Rule::Response::CacheControl.new.analyze(@response)
  Contrast::Agent::Assess::Rule::Response::ClickJacking.new.analyze(@response)
  Contrast::Agent::Assess::Rule::Response::CspHeaderMissing.new.analyze(@response)
  Contrast::Agent::Assess::Rule::Response::CspHeaderInsecure.new.analyze(@response)
  Contrast::Agent::Assess::Rule::Response::HSTSHeader.new.analyze(@response)
  Contrast::Agent::Assess::Rule::Response::ParametersPollution.new.analyze(@response)
  Contrast::Agent::Assess::Rule::Response::XContentType.new.analyze(@response)
  Contrast::Agent::Assess::Rule::Response::XXssProtection.new.analyze(@response)
rescue StandardError => e
  logger.error('Unable to extract information after request', e)
end

#protect_input_analysis ⇒ Object

If protect is enabled for this request, examine said request for any possible attack input. If those inputs provided match a rule which should block at the perimeter, that will be raised here.

Raises:

• (Contrast::SecurityException)

# File 'lib/contrast/agent/request/request_context_extend.rb', line 47

def protect_input_analysis
  return false unless ::Contrast::AGENT.enabled?
  return false unless ::Contrast::PROTECT.enabled?
  return false if @do_not_track

  if (ia = Contrast::Agent::Protect::InputAnalyzer.analyse(request))
    # Handle prefilter
    Contrast::Agent::Protect::InputAnalyzer.input_classification(ia, prefilter: true)
    @agent_input_analysis = ia
  else
    logger.trace('Analysis from Agent was empty.')
  end
rescue Contrast::SecurityException => e
  raise(e)
rescue StandardError => e
  logger.warn('Unable to extract protect information from request', e)
end

#protect_postfilter_ia ⇒ Object

Builds IA only for postfilter rules. If rules during infilter were not triggered there will be no IA for them later to use it in postfilter.

Raises:

• (Contrast::SecurityException)

# File 'lib/contrast/agent/request/request_context_extend.rb', line 69

def protect_postfilter_ia
  return false unless ::Contrast::AGENT.enabled?
  return false unless ::Contrast::PROTECT.enabled?

  # Handle postfilter
  Contrast::Agent::Protect::InputAnalyzer.input_classification(@agent_input_analysis, postfilter: true)
rescue Contrast::SecurityException => e
  raise(e)
rescue StandardError => e
  logger.warn('Unable to extract protect information from request - postfilter', e)
end