Module: Contrast::Agent::Protect::Rule::InputClassification::Base

Extended by:
Reporting::InputType, Components::Logger::InstanceMethods
Includes:
Encoding, Extendable, Components::Logger::InstanceMethods
Included in:
BotBlockerInputClassification, CmdiInputClassification, NoSqliInputClassification, PathTraversalInputClassification, ReflectedXssInputClassification, SqliInputClassification, UnsafeFileUploadInputClassification, WorthWatchingInputAnalyzer
Defined in:
lib/contrast/agent/protect/rule/input_classification/base.rb

Overview

This module will include all the similar information for all input classifications between different rules

Constant Summary collapse

UNKNOWN_KEY = 
'unknown'
KEYS_NEEDED = 
[
  COOKIE_VALUE, PARAMETER_VALUE, HEADER, JSON_VALUE, MULTIPART_VALUE, XML_VALUE, DWR_VALUE
].cs__freeze
BASE64_INPUT_TYPES = 
[BODY, COOKIE_VALUE, PARAMETER_VALUE, MULTIPART_VALUE, XML_VALUE].cs__freeze

Constants included from Reporting::InputType

Reporting::InputType::BODY, Reporting::InputType::COOKIE_NAME, Reporting::InputType::COOKIE_VALUE, Reporting::InputType::DWR_VALUE, Reporting::InputType::HEADER, Reporting::InputType::JSON_ARRAYED_VALUE, Reporting::InputType::JSON_VALUE, Reporting::InputType::METHOD, Reporting::InputType::MULTIPART_CONTENT_TYPE, Reporting::InputType::MULTIPART_FIELD_NAME, Reporting::InputType::MULTIPART_NAME, Reporting::InputType::MULTIPART_VALUE, Reporting::InputType::PARAMETER_NAME, Reporting::InputType::PARAMETER_VALUE, Reporting::InputType::QUERYSTRING, Reporting::InputType::REQUEST, Reporting::InputType::SOCKET, Reporting::InputType::UNDEFINED_TYPE, Reporting::InputType::UNKNOWN, Reporting::InputType::URI, Reporting::InputType::URL_PARAMETER, Reporting::InputType::XML_VALUE

Constants included from Encoding

Encoding::KNOWN_DECODING_EXCEPTIONS

Constants included from Extendable

Extendable::THRESHOLD, Extendable::WORTHWATCHING_THRESHOLD

Constants included from Reporting::ScoreLevel

Reporting::ScoreLevel::DEFINITEATTACK, Reporting::ScoreLevel::IGNORE, Reporting::ScoreLevel::WORTHWATCHING

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Reporting::InputType

to_a, to_hash

Methods included from Components::Logger::InstanceMethods

cef_logger, logger

Methods included from Encoding

#cs__base64?, #cs__decode64

Methods included from Extendable

#build_ia_result, #build_input_eval, #new_ia_result

Methods included from Reporting::ScoreLevel

to_a

Class Method Details

.convert_input_type(input_type) ⇒ Integer<Contrast::AgentLib::Interface::INPUT_SET>

Some input types are not yet supported from the AgentLib. This will convert the type to the closet possible if viable, so that the input tracing could be done.



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# File 'lib/contrast/agent/protect/rule/input_classification/base.rb', line 63

def convert_input_type input_type
  case input_type
  when URI, URL_PARAMETER
    Contrast::AGENT_LIB.input_set[:URI_PATH]
  when BODY, DWR_VALUE, SOCKET, UNDEFINED_TYPE, UNKNOWN, REQUEST, QUERYSTRING
    Contrast::AGENT_LIB.input_set[:PARAMETER_VALUE]
  when HEADER
    Contrast::AGENT_LIB.input_set[:HEADER_VALUE]
  when MULTIPART_VALUE, MULTIPART_FIELD_NAME
    Contrast::AGENT_LIB.input_set[:MULTIPART_NAME]
  when JSON_ARRAYED_VALUE
    Contrast::AGENT_LIB.input_set[:JSON_KEY]
  when PARAMETER_NAME
    Contrast::AGENT_LIB.input_set[:PARAMETER_KEY]
  else
    Contrast::AGENT_LIB.input_set[input_type]
  end
rescue StandardError => e
  logger.debug('[InputAnalyzer] Protect Input classification could not determine input type,
            falling back to default',
               error: e)
  Contrast::AGENT_LIB.input_set[:PARAMETER_VALUE]
end

.find_key(request, input_type, value) ⇒ Array<(String, Contrast::Agent::Reporting::InputType)>

Finds key value and type based on input type and value.



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/contrast/agent/protect/rule/input_classification/base.rb', line 38

def find_key request, input_type, value
  # TODO: RUBY-99999 Add handling for multipart, json and if any missing types.
  case input_type
  when COOKIE_VALUE
    [request.cookies.key(value), Contrast::Agent::Reporting::InputType::COOKIE_NAME]
  when PARAMETER_VALUE, URL_PARAMETER
    [request.parameters.key(value), Contrast::Agent::Reporting::InputType::PARAMETER_NAME]
  when HEADER
    [request.headers.key(value), Contrast::Agent::Reporting::InputType::HEADER]
  when UNKNOWN
    [UNKNOWN_KEY, Contrast::Agent::Reporting::InputType::UNKNOWN]
  else
    [nil, nil]
  end
rescue StandardError => e
  logger.warn('[InputAnalyzer] Could not find proper key for input traced value', message: e)
  [nil, nil]
end

Instance Method Details

#add_needed_key(request, ia_result, input_type, value) ⇒ Object

This methods checks if input is value that matches a key in the input.



126
127
128
129
 
# File 'lib/contrast/agent/protect/rule/input_classification/base.rb', line 126

def add_needed_key request, ia_result, input_type, value
  ia_result.key, ia_result.key_type = Contrast::Agent::Protect::Rule::InputClassification::Base.
      find_key(request, input_type, value)
end

#classify(rule_id, input_type, value, input_analysis) ⇒ Object

Input Classification stage is done to determine if an user input is DEFINITEATTACK or to be ignored.



98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
# File 'lib/contrast/agent/protect/rule/input_classification/base.rb', line 98

def classify rule_id, input_type, value, input_analysis
  return unless (rule = Contrast::PROTECT.rule(rule_id))
  return unless rule.applicable_user_inputs.include?(input_type)
  return unless input_analysis.request

  Array(value).each do |val|
    Array(val).each do |v|
      next unless v

      result = create_new_input_result(input_analysis.request, rule.rule_name, input_type, v)
      append_result(input_analysis, result)
    end
  end

  input_analysis
rescue StandardError => e
  logger.debug("An Error was recorded in the input classification of the #{ rule_id }", error: e)
  nil
end