Module: Contrast::Agent::Protect::Rule::BotBlockerInputClassification

Extended by:

InputClassification::Base

Defined in:

lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb

Overview

This module will do the Input Classification stage of CMD Injection rule as a result input would be marked as WORTHWATCHING or IGNORE, to be analyzed at the sink level.

Constant Summary

USER_AGENT =

'USER_AGENT'

AGENT_LIB_HEADER_NAME =

'user-agent'

BOT_BLOCKER_MATCH =

'bot-blocker-input-tracing-v1'

Constants included from InputClassification::Base

InputClassification::Base::BASE64_INPUT_TYPES, InputClassification::Base::KEYS_NEEDED, InputClassification::Base::UNKNOWN_KEY

Constants included from Reporting::InputType

Reporting::InputType::BODY, Reporting::InputType::COOKIE_NAME, Reporting::InputType::COOKIE_VALUE, Reporting::InputType::DWR_VALUE, Reporting::InputType::HEADER, Reporting::InputType::JSON_ARRAYED_VALUE, Reporting::InputType::JSON_VALUE, Reporting::InputType::METHOD, Reporting::InputType::MULTIPART_CONTENT_TYPE, Reporting::InputType::MULTIPART_FIELD_NAME, Reporting::InputType::MULTIPART_NAME, Reporting::InputType::MULTIPART_VALUE, Reporting::InputType::PARAMETER_NAME, Reporting::InputType::PARAMETER_VALUE, Reporting::InputType::QUERYSTRING, Reporting::InputType::REQUEST, Reporting::InputType::SOCKET, Reporting::InputType::UNDEFINED_TYPE, Reporting::InputType::UNKNOWN, Reporting::InputType::URI, Reporting::InputType::URL_PARAMETER, Reporting::InputType::XML_VALUE

Constants included from InputClassification::Encoding

InputClassification::Encoding::KNOWN_DECODING_EXCEPTIONS

Constants included from InputClassification::Extendable

InputClassification::Extendable::THRESHOLD, InputClassification::Extendable::WORTHWATCHING_THRESHOLD

Constants included from Reporting::ScoreLevel

Reporting::ScoreLevel::DEFINITEATTACK, Reporting::ScoreLevel::IGNORE, Reporting::ScoreLevel::WORTHWATCHING

Class Method Summary

• .classify(rule_id, input_type, value, input_analysis) ⇒ Object

  Input Classification stage is done to determine if an user input is DEFINITEATTACK or to be ignored.

Methods included from InputClassification::Base

add_needed_key, classify, convert_input_type, find_key

Methods included from Reporting::InputType

to_a, to_hash

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Methods included from InputClassification::Encoding

#cs__base64?, #cs__decode64

Methods included from InputClassification::Extendable

#build_ia_result, #build_input_eval, #new_ia_result

Methods included from Reporting::ScoreLevel

to_a

Class Method Details

.classify(rule_id, input_type, value, input_analysis) ⇒ Object

Input Classification stage is done to determine if an user input is DEFINITEATTACK or to be ignored.

Parameters:

• rule_id (String) —

  Name of the protect rule.

• input_type (Contrast::Agent::Reporting::InputType) —

  The type of the user input.

• value (Hash<String>) —

  the value of the input.

• input_analysis (Contrast::Agent::Reporting::InputAnalysis) —

  Holds all the results from the agent analysis from the current Request.

# File 'lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb', line 35

def classify rule_id, input_type, value, input_analysis
  return unless (rule = Contrast::PROTECT.rule(rule_id))
  return unless rule.applicable_user_inputs.include?(input_type)
  return unless input_analysis.request

  value.each_value do |val|
    result = create_new_input_result(input_analysis.request, rule.rule_name, input_type, val)
    append_result(input_analysis, result)
  end

  input_analysis
rescue StandardError => e
  logger.debug("An Error was recorded in the input classification of the #{ rule_id }", error: e)
  nil
end