class Sqreen::Rules::XSSCB
XSSCB
abstract common behaviour of tpls
Public Class Methods
new(*args)
click to toggle source
Calls superclass method
Sqreen::Rules::RegexpRuleCB::new
# File lib/sqreen/rules/xss_cb.rb, line 17 def initialize(*args) super(*args) @union_pattern = Regexp.union(*@patterns) end
Public Instance Methods
report_dangerous_xss?(value)
click to toggle source
The remaining code is only to find out if user entry was an attack, and record it. Since we don't rely on it to respond to user, it would be better to do it in background.
# File lib/sqreen/rules/xss_cb.rb, line 30 def report_dangerous_xss?(value) found = match_regexp(value) return false unless found infos = { :found => found, :payload => value, } record_event(infos) true end
xss_params()
click to toggle source
# File lib/sqreen/rules/xss_cb.rb, line 22 def xss_params return nil unless framework framework.xss_params(@union_pattern) end