Class: Contrast::Agent::Protect::Rule::Xxe

Inherits:
Base show all
Defined in:
lib/contrast/agent/protect/rule/xxe.rb,
lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb

Overview

Implementation of the XXE Protect Rule used to evaluate XML calls for exploit of unsafe external entity resolution.

Defined Under Namespace

Classes: EntityWrapper

Constant Summary collapse

NAME = 
'xxe'
BLOCK_MESSAGE = 
'XXE rule triggered. Response blocked.'
EXTERNAL_ENTITY_PATTERN = 
/<!ENTITY\s+[a-zA-Z0-f]+\s+(?:SYSTEM|PUBLIC)\s+(.*?)>/.cs__freeze

Constants inherited from Base

Base::BLOCKING_MODES, Base::OFF, Base::POSTFILTER_MODES, Base::STACK_COLLECTION_RESULTS, Base::UNKNOWN_USER_INPUT

Instance Attribute Summary

Attributes inherited from Base

#mode

Instance Method Summary collapse

Methods inherited from Base

#append_to_activity, #build_attack_with_match, #build_attack_without_match, #enabled?, #excluded?, #infilter?, #initialize, #postfilter, #prefilter, #stream_safe?

Methods included from Components::Interface

included

Constructor Details

This class inherits a constructor from Contrast::Agent::Protect::Rule::Base

Instance Method Details

#infilter(context, framework, xml) ⇒ Object

Given an xml, evaluate it for an XXE attack.

Parameters:

  • context (Contrast::Agent::RequestContext)

    the context of the request in which this input is evaluated.

  • framework (Object)

    the name of the Parser being used.

  • xml (Object)

    the container of the XML to be checked.

Raises:



30
31
32
33
34
35
36
37
38
 
# File 'lib/contrast/agent/protect/rule/xxe.rb', line 30

def infilter context, framework, xml
  result = find_attacker(context, xml, framework: framework)
  return nil unless result

  append_to_activity(context, result)
  return unless blocked?

  raise Contrast::SecurityException.new(self, BLOCK_MESSAGE)
end

#nameObject 



18
19
20
 
# File 'lib/contrast/agent/protect/rule/xxe.rb', line 18

def name
  NAME
end