Class: Contrast::Agent::Protect::Rule::CmdInjection

Inherits:

BaseService

• Object
• Base
• BaseService
• Contrast::Agent::Protect::Rule::CmdInjection

Includes:

Components::Interface

Defined in:

lib/contrast/agent/protect/rule/cmd_injection.rb

Overview

The Ruby implementation of the Protect Command Injection rule.

Constant Summary

NAME =

'cmd-injection'

CHAINED_COMMAND_CHARS =

/[;&|<>]/.cs__freeze

Constants inherited from Base

Base::BLOCKING_MODES, Base::OFF, Base::POSTFILTER_MODES, Base::STACK_COLLECTION_RESULTS, Base::UNKNOWN_USER_INPUT

Instance Attribute Summary

Attributes inherited from Base

#mode

Instance Method Summary

• #build_attack_with_match(context, input_analysis_result, result, candidate_string, **kwargs) ⇒ Object
• #infilter(context, classname, method, command) ⇒ Object
• #name ⇒ Object

Methods included from Components::Interface

included

Methods inherited from BaseService

#block_message, #infilter?, #postfilter

Methods inherited from Base

#append_to_activity, #build_attack_without_match, #enabled?, #excluded?, #infilter?, #initialize, #postfilter, #prefilter, #stream_safe?

Constructor Details

This class inherits a constructor from Contrast::Agent::Protect::Rule::Base

Instance Method Details

#build_attack_with_match(context, input_analysis_result, result, candidate_string, **kwargs) ⇒ Object

# File 'lib/contrast/agent/protect/rule/cmd_injection.rb', line 49

def build_attack_with_match context, input_analysis_result, result, candidate_string, **kwargs
  return result if mode == :NO_ACTION || mode == :PERMIT

  result ||= build_attack_result(context)
  update_successful_attack_response(context, input_analysis_result, result, candidate_string)
  append_sample(context, input_analysis_result, result, candidate_string, **kwargs)
  result
end

#infilter(context, classname, method, command) ⇒ Object

Raises:

• (Contrast::SecurityException)

# File 'lib/contrast/agent/protect/rule/cmd_injection.rb', line 25

def infilter context, classname, method, command
  return nil unless infilter?(context)

  ia_results = gather_ia_results(context)
  return nil if ia_results.empty?

  if APP_CONTEXT.in_new_process?
    logger.trace('Running cmd-injection infilter within new process - creating new context')
    context = Contrast::Agent::RequestContext.new(context.request.rack_request)
    Contrast::Agent::REQUEST_TRACKER.update_current_context(context)
  end

  result = find_attacker_with_results(context, command, ia_results, **{ classname: classname, method: method })
  result ||= report_command_execution(context, command, **{ classname: classname, method: method })
  return nil unless result

  append_to_activity(context, result)
  return unless blocked?

  raise Contrast::SecurityException.new(
      self,
      "Command Injection rule triggered. Call to #{ classname }.#{ method } blocked.")
end

#name ⇒ Object

# File 'lib/contrast/agent/protect/rule/cmd_injection.rb', line 21

def name
  NAME
end