class Sqreen::Rules::XSSCB

XSSCB abstract common behaviour of tpls

Public Class Methods

new(*args) click to toggle source
Calls superclass method Sqreen::Rules::RegexpRuleCB::new
# File lib/sqreen/rules/xss_cb.rb, line 17
def initialize(*args)
  super(*args)
  @union_pattern = Regexp.union(*@patterns)
end

Public Instance Methods

report_dangerous_xss?(value) click to toggle source

The remaining code is only to find out if user entry was an attack, and record it. Since we don't rely on it to respond to user, it would be better to do it in background.

# File lib/sqreen/rules/xss_cb.rb, line 30
def report_dangerous_xss?(value)
  found = match_regexp(value)

  return false unless found
  infos = {
    :found => found,
    :payload => value,
  }
  record_event(infos)
  true
end
xss_params() click to toggle source
# File lib/sqreen/rules/xss_cb.rb, line 22
def xss_params
  return nil unless framework
  framework.xss_params(@union_pattern)
end