Module: Contrast::Agent::Assess::Policy::SourceValidation::CrossSiteValidator

Defined in:: lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb

Overview

Validator used to assert a CROSS_SITE tag is actually applicable to the given method before applying the tag to its target

Class Method Summary collapse

.valid?(tag, source_type, source_name) ⇒ Boolean

prevent the application of a tag if it is from a source known to not apply a tag in a provided context.

Class Method Details

.valid?(tag, source_type, source_name) ⇒ `Boolean`

prevent the application of a tag if it is from a source known to not apply a tag in a provided context. bitbucket.org/contrastsecurity/assess-specifications/src/master/rules/dataflow/reflected_xss.md

Returns:

(Boolean)

# File 'lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb', line 17

def self.valid? tag, source_type, source_name
  return true unless tag == 'CROSS_SITE'
  return false if source_type == Contrast::Agent::Assess::Policy::SourceMethod::HEADER_KEY_TYPE
  return true unless source_type == Contrast::Agent::Assess::Policy::SourceMethod::HEADER_TYPE
  return false unless source_name

  source_name.casecmp?('referer')
end

Module: Contrast::Agent::Assess::Policy::SourceValidation::CrossSiteValidator

Overview

Class Method Summary collapse

Class Method Details

.valid?(tag, source_type, source_name) ⇒ Boolean

.valid?(tag, source_type, source_name) ⇒ `Boolean`