RubyGems - contrast-agent - Versions diffs - 3.8.4 - Mend

contrast-agent 3.8.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (500) hide show

checksums.yaml +7 -0
data/.clang-format +5 -0
data/.dockerignore +10 -0
data/.gitignore +58 -0
data/.gitmodules +6 -0
data/.rspec +6 -0
data/.simplecov +4 -0
data/Gemfile +7 -0
data/LICENSE.txt +12 -0
data/Rakefile +15 -0
data/exe/contrast_service +29 -0
data/ext/build_funchook.rb +48 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.c +47 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.h +10 -0
data/ext/cs__assess_active_record_named/extconf.rb +2 -0
data/ext/cs__assess_array/cs__assess_array.c +38 -0
data/ext/cs__assess_array/cs__assess_array.h +9 -0
data/ext/cs__assess_array/extconf.rb +2 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +50 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.h +17 -0
data/ext/cs__assess_basic_object/extconf.rb +2 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +86 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +34 -0
data/ext/cs__assess_fiber_track/extconf.rb +2 -0
data/ext/cs__assess_hash/cs__assess_hash.c +64 -0
data/ext/cs__assess_hash/cs__assess_hash.h +24 -0
data/ext/cs__assess_hash/extconf.rb +2 -0
data/ext/cs__assess_kernel/cs__assess_kernel.c +36 -0
data/ext/cs__assess_kernel/cs__assess_kernel.h +10 -0
data/ext/cs__assess_kernel/extconf.rb +2 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +47 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +18 -0
data/ext/cs__assess_marshal_module/extconf.rb +2 -0
data/ext/cs__assess_module/cs__assess_module.c +78 -0
data/ext/cs__assess_module/cs__assess_module.h +25 -0
data/ext/cs__assess_module/extconf.rb +2 -0
data/ext/cs__assess_regexp/cs__assess_regexp.c +48 -0
data/ext/cs__assess_regexp/cs__assess_regexp.h +22 -0
data/ext/cs__assess_regexp/extconf.rb +2 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +63 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +29 -0
data/ext/cs__assess_regexp_track/extconf.rb +2 -0
data/ext/cs__assess_string/cs__assess_string.c +38 -0
data/ext/cs__assess_string/cs__assess_string.h +19 -0
data/ext/cs__assess_string/extconf.rb +2 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +31 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +13 -0
data/ext/cs__assess_string_interpolation26/extconf.rb +2 -0
data/ext/cs__common/cs__common.c +60 -0
data/ext/cs__common/cs__common.h +28 -0
data/ext/cs__common/extconf.rb +20 -0
data/ext/cs__contrast_patch/cs__contrast_patch.c +445 -0
data/ext/cs__contrast_patch/cs__contrast_patch.h +196 -0
data/ext/cs__contrast_patch/extconf.rb +2 -0
data/ext/cs__protect_kernel/cs__protect_kernel.c +37 -0
data/ext/cs__protect_kernel/cs__protect_kernel.h +11 -0
data/ext/cs__protect_kernel/extconf.rb +2 -0
data/ext/cs__scope/cs__scope.c +96 -0
data/ext/cs__scope/cs__scope.h +33 -0
data/ext/cs__scope/extconf.rb +2 -0
data/ext/extconf_common.rb +49 -0
data/funchook/LICENSE +360 -0
data/funchook/Makefile +29 -0
data/funchook/Makefile.in +29 -0
data/funchook/README.md +121 -0
data/funchook/appveyor.yml +42 -0
data/funchook/autogen.sh +3 -0
data/funchook/autom4te.cache/output.0 +4976 -0
data/funchook/autom4te.cache/requests +78 -0
data/funchook/autom4te.cache/traces.0 +364 -0
data/funchook/config.guess +1530 -0
data/funchook/config.log +490 -0
data/funchook/config.status +1016 -0
data/funchook/config.sub +1773 -0
data/funchook/configure +4976 -0
data/funchook/configure.ac +59 -0
data/funchook/distorm/COPYING +26 -0
data/funchook/distorm/MANIFEST +25 -0
data/funchook/distorm/MANIFEST.in +4 -0
data/funchook/distorm/README.md +12 -0
data/funchook/distorm/disOps/disOps.py +795 -0
data/funchook/distorm/disOps/x86db.py +404 -0
data/funchook/distorm/disOps/x86header.py +247 -0
data/funchook/distorm/disOps/x86sets.py +1664 -0
data/funchook/distorm/examples/cs/TestdiStorm/Program.cs +79 -0
data/funchook/distorm/examples/cs/TestdiStorm/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/TestdiStorm/TestdiStorm.csproj +69 -0
data/funchook/distorm/examples/cs/distorm-net.sln +26 -0
data/funchook/distorm/examples/cs/distorm-net/CodeInfo.cs +23 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedInst.cs +15 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedInst.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.cs +1268 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.tt +37 -0
data/funchook/distorm/examples/cs/distorm-net/Operand.cs +25 -0
data/funchook/distorm/examples/cs/distorm-net/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/diStorm3.cs +411 -0
data/funchook/distorm/examples/cs/distorm-net/distorm-net.csproj +80 -0
data/funchook/distorm/examples/cs/readme +3 -0
data/funchook/distorm/examples/ddk/README +48 -0
data/funchook/distorm/examples/ddk/distorm.ini +11 -0
data/funchook/distorm/examples/ddk/dummy.c +15 -0
data/funchook/distorm/examples/ddk/main.c +91 -0
data/funchook/distorm/examples/ddk/makefile +1 -0
data/funchook/distorm/examples/ddk/sources +10 -0
data/funchook/distorm/examples/java/Makefile +23 -0
data/funchook/distorm/examples/java/distorm/src/Main.java +43 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/CodeInfo.java +27 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedInst.java +32 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedInst.java +89 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/OpcodeEnum.java +131 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Opcodes.java +1123 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Operand.java +24 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/distorm3.java +41 -0
data/funchook/distorm/examples/java/jdistorm.c +405 -0
data/funchook/distorm/examples/java/jdistorm.h +40 -0
data/funchook/distorm/examples/java/jdistorm.sln +20 -0
data/funchook/distorm/examples/java/jdistorm.vcproj +208 -0
data/funchook/distorm/examples/linux/Makefile +15 -0
data/funchook/distorm/examples/linux/main.c +181 -0
data/funchook/distorm/examples/tests/Makefile +15 -0
data/funchook/distorm/examples/tests/main.cpp +42 -0
data/funchook/distorm/examples/tests/main.py +66 -0
data/funchook/distorm/examples/tests/test_distorm3.py +1672 -0
data/funchook/distorm/examples/tests/tests.sln +20 -0
data/funchook/distorm/examples/tests/tests.vcxproj +82 -0
data/funchook/distorm/examples/tests/tests.vcxproj.filters +22 -0
data/funchook/distorm/examples/win32/disasm.sln +25 -0
data/funchook/distorm/examples/win32/disasm.vcxproj +201 -0
data/funchook/distorm/examples/win32/disasm.vcxproj.filters +14 -0
data/funchook/distorm/examples/win32/main.cpp +163 -0
data/funchook/distorm/include/distorm.h +482 -0
data/funchook/distorm/include/mnemonics.h +301 -0
data/funchook/distorm/make/linux/Makefile +28 -0
data/funchook/distorm/make/mac/Makefile +24 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj +239 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj.filters +80 -0
data/funchook/distorm/make/win32/distorm.sln +25 -0
data/funchook/distorm/make/win32/resource.h +14 -0
data/funchook/distorm/make/win32/resource.rc +99 -0
data/funchook/distorm/python/distorm3/__init__.py +957 -0
data/funchook/distorm/python/distorm3/sample.py +51 -0
data/funchook/distorm/setup.cfg +10 -0
data/funchook/distorm/setup.py +266 -0
data/funchook/distorm/src/config.h +169 -0
data/funchook/distorm/src/decoder.c +641 -0
data/funchook/distorm/src/decoder.h +33 -0
data/funchook/distorm/src/distorm.c +413 -0
data/funchook/distorm/src/instructions.c +597 -0
data/funchook/distorm/src/instructions.h +463 -0
data/funchook/distorm/src/insts.c +7939 -0
data/funchook/distorm/src/insts.h +64 -0
data/funchook/distorm/src/mnemonics.c +284 -0
data/funchook/distorm/src/operands.c +1290 -0
data/funchook/distorm/src/operands.h +28 -0
data/funchook/distorm/src/prefix.c +368 -0
data/funchook/distorm/src/prefix.h +64 -0
data/funchook/distorm/src/textdefs.c +172 -0
data/funchook/distorm/src/textdefs.h +57 -0
data/funchook/distorm/src/wstring.c +47 -0
data/funchook/distorm/src/wstring.h +35 -0
data/funchook/distorm/src/x86defs.h +82 -0
data/funchook/include/funchook.h +123 -0
data/funchook/install-sh +527 -0
data/funchook/src/Makefile +70 -0
data/funchook/src/Makefile.in +70 -0
data/funchook/src/__strerror.h +109 -0
data/funchook/src/config.h +101 -0
data/funchook/src/config.h.in +100 -0
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.c +440 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_internal.h +155 -0
data/funchook/src/funchook_io.c +182 -0
data/funchook/src/funchook_io.h +64 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.S +134 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.c +480 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_windows.c +397 -0
data/funchook/src/funchook_x86.c +622 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.so +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.c +115 -0
data/funchook/src/os_func.h +75 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.c +94 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/os_func_windows.c +32 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.c +1688 -0
data/funchook/src/printf_base.h +46 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +43 -0
data/funchook/test/Makefile.in +43 -0
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.c +25 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/libfunchook_test2.c +18 -0
data/funchook/test/suffix.list +600 -0
data/funchook/test/test_main.c +430 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.S +10 -0
data/funchook/test/x86_64_test.o +0 -0
data/funchook/test/x86_test.S +339 -0
data/funchook/win32/config.h +1 -0
data/funchook/win32/funchook.sln +52 -0
data/funchook/win32/funchook.vcxproj +188 -0
data/funchook/win32/funchook.vcxproj.filters +84 -0
data/funchook/win32/funchook_test.vcxproj +170 -0
data/funchook/win32/funchook_test.vcxproj.filters +22 -0
data/funchook/win32/funchook_test_dll.vcxproj +184 -0
data/funchook/win32/funchook_test_dll.vcxproj.filters +30 -0
data/funchook/win32/funchook_test_exe.def +3 -0
data/lib/contrast-agent.rb +8 -0
data/lib/contrast.rb +57 -0
data/lib/contrast/agent.rb +80 -0
data/lib/contrast/agent/assess.rb +45 -0
data/lib/contrast/agent/assess/adjusted_span.rb +25 -0
data/lib/contrast/agent/assess/class_reverter.rb +82 -0
data/lib/contrast/agent/assess/contrast_event.rb +398 -0
data/lib/contrast/agent/assess/frozen_properties.rb +41 -0
data/lib/contrast/agent/assess/insulator.rb +53 -0
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +78 -0
data/lib/contrast/agent/assess/policy/patcher.rb +85 -0
data/lib/contrast/agent/assess/policy/policy.rb +116 -0
data/lib/contrast/agent/assess/policy/policy_node.rb +289 -0
data/lib/contrast/agent/assess/policy/policy_scanner.rb +44 -0
data/lib/contrast/agent/assess/policy/preshift.rb +94 -0
data/lib/contrast/agent/assess/policy/propagation_method.rb +260 -0
data/lib/contrast/agent/assess/policy/propagation_node.rb +127 -0
data/lib/contrast/agent/assess/policy/propagator.rb +35 -0
data/lib/contrast/agent/assess/policy/propagator/append.rb +54 -0
data/lib/contrast/agent/assess/policy/propagator/base.rb +37 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/custom.rb +36 -0
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +62 -0
data/lib/contrast/agent/assess/policy/propagator/insert.rb +55 -0
data/lib/contrast/agent/assess/policy/propagator/keep.rb +26 -0
data/lib/contrast/agent/assess/policy/propagator/next.rb +42 -0
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +50 -0
data/lib/contrast/agent/assess/policy/propagator/remove.rb +76 -0
data/lib/contrast/agent/assess/policy/propagator/replace.rb +27 -0
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +38 -0
data/lib/contrast/agent/assess/policy/propagator/select.rb +86 -0
data/lib/contrast/agent/assess/policy/propagator/splat.rb +60 -0
data/lib/contrast/agent/assess/policy/propagator/split.rb +49 -0
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +169 -0
data/lib/contrast/agent/assess/policy/propagator/trim.rb +81 -0
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +79 -0
data/lib/contrast/agent/assess/policy/source_method.rb +209 -0
data/lib/contrast/agent/assess/policy/source_node.rb +62 -0
data/lib/contrast/agent/assess/policy/trigger_method.rb +209 -0
data/lib/contrast/agent/assess/policy/trigger_node.rb +198 -0
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +77 -0
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +31 -0
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +40 -0
data/lib/contrast/agent/assess/properties.rb +392 -0
data/lib/contrast/agent/assess/rule.rb +18 -0
data/lib/contrast/agent/assess/rule/base.rb +72 -0
data/lib/contrast/agent/assess/rule/csrf.rb +66 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +28 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +69 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +132 -0
data/lib/contrast/agent/assess/rule/provider.rb +21 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +62 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +73 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +121 -0
data/lib/contrast/agent/assess/rule/redos.rb +68 -0
data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +47 -0
data/lib/contrast/agent/assess/rule/response_watcher.rb +36 -0
data/lib/contrast/agent/assess/rule/watcher.rb +36 -0
data/lib/contrast/agent/assess/tag.rb +151 -0
data/lib/contrast/agent/at_exit_hook.rb +33 -0
data/lib/contrast/agent/class_reopener.rb +195 -0
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +26 -0
data/lib/contrast/agent/deadzone/policy/policy.rb +57 -0
data/lib/contrast/agent/disable_reaction.rb +24 -0
data/lib/contrast/agent/exclusion_matcher.rb +190 -0
data/lib/contrast/agent/feature_state.rb +379 -0
data/lib/contrast/agent/inventory/policy/policy.rb +32 -0
data/lib/contrast/agent/inventory/policy/trigger_node.rb +22 -0
data/lib/contrast/agent/logger_manager.rb +116 -0
data/lib/contrast/agent/middleware.rb +352 -0
data/lib/contrast/agent/module_data.rb +16 -0
data/lib/contrast/agent/patching/policy/after_load_patch.rb +37 -0
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +58 -0
data/lib/contrast/agent/patching/policy/method_policy.rb +94 -0
data/lib/contrast/agent/patching/policy/module_policy.rb +116 -0
data/lib/contrast/agent/patching/policy/patch.rb +312 -0
data/lib/contrast/agent/patching/policy/patch_status.rb +192 -0
data/lib/contrast/agent/patching/policy/patcher.rb +310 -0
data/lib/contrast/agent/patching/policy/policy.rb +138 -0
data/lib/contrast/agent/patching/policy/policy_node.rb +80 -0
data/lib/contrast/agent/patching/policy/policy_unpatcher.rb +28 -0
data/lib/contrast/agent/patching/policy/trigger_node.rb +81 -0
data/lib/contrast/agent/protect/policy/policy.rb +37 -0
data/lib/contrast/agent/protect/policy/trigger_node.rb +23 -0
data/lib/contrast/agent/protect/rule.rb +58 -0
data/lib/contrast/agent/protect/rule/base.rb +300 -0
data/lib/contrast/agent/protect/rule/base_service.rb +88 -0
data/lib/contrast/agent/protect/rule/cmd_injection.rb +156 -0
data/lib/contrast/agent/protect/rule/csrf.rb +118 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +103 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +85 -0
data/lib/contrast/agent/protect/rule/default_scanner.rb +300 -0
data/lib/contrast/agent/protect/rule/deserialization.rb +193 -0
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +80 -0
data/lib/contrast/agent/protect/rule/no_sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +40 -0
data/lib/contrast/agent/protect/rule/path_traversal.rb +143 -0
data/lib/contrast/agent/protect/rule/sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +16 -0
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +38 -0
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +22 -0
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +19 -0
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +20 -0
data/lib/contrast/agent/protect/rule/xss.rb +24 -0
data/lib/contrast/agent/protect/rule/xxe.rb +120 -0
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +82 -0
data/lib/contrast/agent/railtie.rb +30 -0
data/lib/contrast/agent/reaction_processor.rb +47 -0
data/lib/contrast/agent/request.rb +493 -0
data/lib/contrast/agent/request_context.rb +225 -0
data/lib/contrast/agent/require_state.rb +61 -0
data/lib/contrast/agent/response.rb +215 -0
data/lib/contrast/agent/rewriter.rb +244 -0
data/lib/contrast/agent/scope.rb +28 -0
data/lib/contrast/agent/service_heartbeat.rb +37 -0
data/lib/contrast/agent/settings_state.rb +148 -0
data/lib/contrast/agent/socket_client.rb +125 -0
data/lib/contrast/agent/thread.rb +26 -0
data/lib/contrast/agent/tracepoint_hook.rb +51 -0
data/lib/contrast/agent/version.rb +8 -0
data/lib/contrast/api.rb +17 -0
data/lib/contrast/api/.gitkeep +0 -0
data/lib/contrast/api/connection_status.rb +49 -0
data/lib/contrast/api/socket.rb +43 -0
data/lib/contrast/api/speedracer.rb +206 -0
data/lib/contrast/api/tcp_socket.rb +31 -0
data/lib/contrast/api/unix_socket.rb +25 -0
data/lib/contrast/common_agent_configuration.rb +86 -0
data/lib/contrast/components/agent.rb +85 -0
data/lib/contrast/components/app_context.rb +188 -0
data/lib/contrast/components/assess.rb +67 -0
data/lib/contrast/components/config.rb +135 -0
data/lib/contrast/components/contrast_service.rb +113 -0
data/lib/contrast/components/heap_dump.rb +34 -0
data/lib/contrast/components/interface.rb +178 -0
data/lib/contrast/components/inventory.rb +23 -0
data/lib/contrast/components/logger.rb +92 -0
data/lib/contrast/components/protect.rb +38 -0
data/lib/contrast/components/sampling.rb +41 -0
data/lib/contrast/components/scope.rb +106 -0
data/lib/contrast/components/settings.rb +140 -0
data/lib/contrast/config.rb +33 -0
data/lib/contrast/config/agent_configuration.rb +24 -0
data/lib/contrast/config/application_configuration.rb +27 -0
data/lib/contrast/config/assess_configuration.rb +22 -0
data/lib/contrast/config/assess_rules_configuration.rb +18 -0
data/lib/contrast/config/base_configuration.rb +105 -0
data/lib/contrast/config/default_value.rb +16 -0
data/lib/contrast/config/exception_configuration.rb +21 -0
data/lib/contrast/config/heap_dump_configuration.rb +23 -0
data/lib/contrast/config/inventory_configuration.rb +20 -0
data/lib/contrast/config/logger_configuration.rb +20 -0
data/lib/contrast/config/protect_configuration.rb +20 -0
data/lib/contrast/config/protect_rule_configuration.rb +37 -0
data/lib/contrast/config/protect_rules_configuration.rb +30 -0
data/lib/contrast/config/root_configuration.rb +26 -0
data/lib/contrast/config/ruby_configuration.rb +39 -0
data/lib/contrast/config/sampling_configuration.rb +22 -0
data/lib/contrast/config/server_configuration.rb +23 -0
data/lib/contrast/config/service_configuration.rb +22 -0
data/lib/contrast/configuration.rb +214 -0
data/lib/contrast/core_extensions/assess.rb +51 -0
data/lib/contrast/core_extensions/assess/array.rb +58 -0
data/lib/contrast/core_extensions/assess/assess_extension.rb +145 -0
data/lib/contrast/core_extensions/assess/basic_object.rb +15 -0
data/lib/contrast/core_extensions/assess/erb.rb +42 -0
data/lib/contrast/core_extensions/assess/exec_trigger.rb +48 -0
data/lib/contrast/core_extensions/assess/fiber.rb +125 -0
data/lib/contrast/core_extensions/assess/hash.rb +22 -0
data/lib/contrast/core_extensions/assess/kernel.rb +95 -0
data/lib/contrast/core_extensions/assess/module.rb +14 -0
data/lib/contrast/core_extensions/assess/regexp.rb +206 -0
data/lib/contrast/core_extensions/assess/string.rb +75 -0
data/lib/contrast/core_extensions/assess/tilt_template_trigger.rb +73 -0
data/lib/contrast/core_extensions/delegator.rb +14 -0
data/lib/contrast/core_extensions/eval_trigger.rb +52 -0
data/lib/contrast/core_extensions/inventory.rb +22 -0
data/lib/contrast/core_extensions/inventory/datastores.rb +37 -0
data/lib/contrast/core_extensions/module.rb +42 -0
data/lib/contrast/core_extensions/object.rb +27 -0
data/lib/contrast/core_extensions/protect.rb +20 -0
data/lib/contrast/core_extensions/protect/applies_command_injection_rule.rb +70 -0
data/lib/contrast/core_extensions/protect/applies_deserialization_rule.rb +58 -0
data/lib/contrast/core_extensions/protect/applies_no_sqli_rule.rb +81 -0
data/lib/contrast/core_extensions/protect/applies_path_traversal_rule.rb +119 -0
data/lib/contrast/core_extensions/protect/applies_sqli_rule.rb +63 -0
data/lib/contrast/core_extensions/protect/applies_xxe_rule.rb +141 -0
data/lib/contrast/core_extensions/protect/kernel.rb +30 -0
data/lib/contrast/core_extensions/protect/psych.rb +7 -0
data/lib/contrast/core_extensions/thread.rb +31 -0
data/lib/contrast/internal_exception.rb +8 -0
data/lib/contrast/rails_extensions/assess/action_controller_inheritance.rb +48 -0
data/lib/contrast/rails_extensions/assess/active_record.rb +32 -0
data/lib/contrast/rails_extensions/assess/active_record_named.rb +61 -0
data/lib/contrast/rails_extensions/assess/configuration.rb +26 -0
data/lib/contrast/rails_extensions/buffer.rb +30 -0
data/lib/contrast/rails_extensions/rack.rb +45 -0
data/lib/contrast/security_exception.rb +14 -0
data/lib/contrast/sinatra_extensions/assess/cookie.rb +26 -0
data/lib/contrast/sinatra_extensions/inventory/sinatra_base.rb +59 -0
data/lib/contrast/tasks/service.rb +95 -0
data/lib/contrast/utils/assess/sampling_util.rb +96 -0
data/lib/contrast/utils/assess/tracking_util.rb +39 -0
data/lib/contrast/utils/boolean_util.rb +33 -0
data/lib/contrast/utils/cache.rb +69 -0
data/lib/contrast/utils/class_util.rb +58 -0
data/lib/contrast/utils/comment_range.rb +19 -0
data/lib/contrast/utils/data_store_util.rb +23 -0
data/lib/contrast/utils/duck_utils.rb +58 -0
data/lib/contrast/utils/env_configuration_item.rb +52 -0
data/lib/contrast/utils/environment_util.rb +152 -0
data/lib/contrast/utils/freeze_util.rb +36 -0
data/lib/contrast/utils/gemfile_reader.rb +191 -0
data/lib/contrast/utils/hash_digest.rb +148 -0
data/lib/contrast/utils/heap_dump_util.rb +113 -0
data/lib/contrast/utils/invalid_configuration_util.rb +88 -0
data/lib/contrast/utils/inventory_util.rb +126 -0
data/lib/contrast/utils/io_util.rb +61 -0
data/lib/contrast/utils/object_share.rb +117 -0
data/lib/contrast/utils/operating_environment.rb +38 -0
data/lib/contrast/utils/os.rb +49 -0
data/lib/contrast/utils/path_util.rb +151 -0
data/lib/contrast/utils/performs_logging.rb +152 -0
data/lib/contrast/utils/preflight_util.rb +13 -0
data/lib/contrast/utils/prevent_serialization.rb +52 -0
data/lib/contrast/utils/rack_assess_session_cookie.rb +104 -0
data/lib/contrast/utils/rails_assess_configuration.rb +95 -0
data/lib/contrast/utils/random_util.rb +22 -0
data/lib/contrast/utils/resource_loader.rb +23 -0
data/lib/contrast/utils/ruby_ast_rewriter.rb +74 -0
data/lib/contrast/utils/scope_util.rb +99 -0
data/lib/contrast/utils/service_response_util.rb +116 -0
data/lib/contrast/utils/service_sender_util.rb +98 -0
data/lib/contrast/utils/sha256_builder.rb +69 -0
data/lib/contrast/utils/sinatra_helper.rb +49 -0
data/lib/contrast/utils/stack_trace_utils.rb +209 -0
data/lib/contrast/utils/string_utils.rb +72 -0
data/lib/contrast/utils/tag_util.rb +139 -0
data/lib/contrast/utils/thread_tracker.rb +54 -0
data/lib/contrast/utils/timer.rb +78 -0
data/resources/assess/policy.json +1673 -0
data/resources/csrf/inject.js +44 -0
data/resources/deadzone/policy.json +55 -0
data/resources/factory-bot-spec/spec_helper.rb +30 -0
data/resources/inventory/policy.json +110 -0
data/resources/protect/policy.json +417 -0
data/resources/rubocops/kernel/catch_cop.rb +37 -0
data/resources/rubocops/kernel/require_cop.rb +37 -0
data/resources/rubocops/kernel/require_relative_cop.rb +33 -0
data/resources/rubocops/module/autoload_cop.rb +37 -0
data/resources/rubocops/module/const_defined_cop.rb +37 -0
data/resources/rubocops/module/const_get_cop.rb +37 -0
data/resources/rubocops/module/const_set_cop.rb +37 -0
data/resources/rubocops/module/constants_cop.rb +37 -0
data/resources/rubocops/module/name_cop.rb +37 -0
data/resources/rubocops/object/class_cop.rb +37 -0
data/resources/rubocops/object/freeze_cop.rb +37 -0
data/resources/rubocops/object/frozen_cop.rb +37 -0
data/resources/rubocops/object/is_a_cop.rb +37 -0
data/resources/rubocops/object/method_cop.rb +37 -0
data/resources/rubocops/object/respond_to_cop.rb +37 -0
data/resources/rubocops/object/singleton_class_cop.rb +37 -0
data/resources/rubocops/regexp/spelling_cop.rb +44 -0
data/resources/rubocops/thread/new_cop.rb +39 -0
data/resources/ruby-spec/ancestors_spec.rb +70 -0
data/resources/ruby-spec/modulo_spec.rb +831 -0
data/resources/ruby-spec/parameters_spec.rb +261 -0
data/resources/ruby-spec/ruby_spec_spec_helper.rb +35 -0
data/resources/test_marker.txt +1 -0
data/ruby-agent.gemspec +129 -0
data/service_executables/.gitkeep +0 -0
data/service_executables/VERSION +1 -0
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +945 -0

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: da212693eda842e7117b2c758361ea67915854a4888b3ea0315c51f33951fea3
+  data.tar.gz: d43b26947e6eb4219f97bf90542a3948077578617f925fa90a94d4151674e88e
+SHA512:
+  metadata.gz: 017607d5a9cc4be26f5b970ae072851fb50a3487c9da3d625ed72d346bbbff29daec0dfd5cf2a9b5dcb1445512d9d951a77360980c9ec9f2c37f9759ff706598
+  data.tar.gz: 2a17b8dd9099c3558c5d8d1a2ba085eaec28149ef0def59d04e129e0cd2f863e2e2a6e27ae9defa873163df7b539d6600a620d7674553a71a3899e3e1d426b60

data/.clang-format ADDED

@@ -0,0 +1,5 @@
+BasedOnStyle: LLVM
+IndentWidth: 4
+AllowShortFunctionsOnASingleLine: None
+NamespaceIndentation: All
+IncludeBlocks: Preserve

data/.dockerignore ADDED

@@ -0,0 +1,10 @@
+dist/
+tmp/
+docker/
+code-deploy/
+Jenkinsfile
+bitbucket-pipelines.yml
+docker-compose.yml
+.rubocop.yml
+.travis.yml

data/.gitignore ADDED

@@ -0,0 +1,58 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/Gemfile.lock
+/coverage/
+/data/*
+/doc/
+/log/
+/pkg/
+/spec/reports/
+/tmp/
+/shared_libraries/*
+/vendor/
+# Built files
+/lib/**/*.so
+/lib/**/*.bundle
+/ext/**/*.so
+/ext/**/*.bundle
+# Funchook artifacts
+/ext/**/funchook.h
+/ext/**/libfunchook.dylib
+/ext/*/funchook.h
+/ext/*/libfunchook.dylib
+# logs
+security.log
+contrast*.log
+contrast*.yaml
+# rspec failure tracking
+.rspec_status
+results.xml
+# Mac
+.DS_Store
+/test-output/
+/.factorypath
+/target/
+# Intellij
+.idea/
+*.iml
+*.iws
+*.ipr
+contrast-agent-*.gem
+.ruby-version
+.ruby-gemset
+service_executables/*-*
+# Generated Protobuf files
+/lib/contrast/api/*_pb.rb
+# IDE stuff
+tags

data/.gitmodules ADDED

@@ -0,0 +1,6 @@
+[submodule "agent-service-api"]
+	path = agent-service-api
+	url = git@bitbucket.org:contrastsecurity/agent-service-api
+[submodule "funchook"]
+	path = funchook
+	url = https://github.com/kubo/funchook.git

data/.rspec ADDED

@@ -0,0 +1,6 @@
+--require spec_helper
+--order rand
+--format documentation
+--format RspecJunitFormatter
+--out ./test-results/results.xml
+--color

data/.simplecov ADDED

@@ -0,0 +1,4 @@
+SimpleCov.minimum_coverage 92.30
+SimpleCov.start do
+  add_filter '/spec/'
+end

data/Gemfile ADDED

@@ -0,0 +1,7 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+source 'https://rubygems.org'
+# Specify your gem's dependencies in ruby-agent.gemspec
+gemspec

data/LICENSE.txt ADDED

@@ -0,0 +1,12 @@
+Copyright: 2020 Contrast Security, Inc
+Contact: support@contrastsecurity.com
+License: Commercial
+NOTICE: This Software and the patented inventions embodied within may only be
+used as part of Contrast Security’s commercial offerings. Even though it is
+made available through public repositories, use of this Software is subject to
+the applicable End User Licensing Agreement found at
+https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+between Contrast Security and the End User. The Software may not be reverse
+engineered, modified, repackaged, sold, redistributed or otherwise used in a
+way not consistent with the End User License Agreement.

data/Rakefile ADDED

@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rake/extensiontask'
+CLOBBER << 'shared_libraries/*'
+Dir['ext/cs__*'].each do |extension|
+  name = extension.split('/')[1]
+  Rake::ExtensionTask.new name do |ext|
+    ext.lib_dir = "lib/#{ name }"
+  end
+end

data/exe/contrast_service ADDED

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+def mac?
+  RUBY_PLATFORM.match?(/darwin/)
+end
+def windows?
+  RUBY_PLATFORM.match?(/cygwin|mswin|mingw|bccwin|wince|emx/)
+end
+def path
+  base_path = "#{ File.dirname(__FILE__) }/.."
+  if mac?
+    "#{ base_path }/service_executables/mac/contrast-service"
+  elsif windows?
+    "#{ base_path }/service_executables/windows/contrast-service.exe"
+  else
+    "#{ base_path }/service_executables/linux/contrast-service"
+  end
+end
+executable_path = path
+if File.exist?(executable_path)
+  Kernel.exec(executable_path)
+else
+  puts "Service executable not found at: #{ executable_path }"
+end

data/ext/build_funchook.rb ADDED

@@ -0,0 +1,48 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'fileutils'
+unless find_header('funchook.h', ext_path)
+  FUNCHOOK_DIR_NAME = 'funchook'
+  FUNCHOOK_DIR = File.expand_path(File.join(File.dirname(File.expand_path(__FILE__)), '..', FUNCHOOK_DIR_NAME))
+  COMMANDS = ['./autogen.sh', './configure', 'make clean', 'make'].freeze
+  puts 'Building funchook'
+  COMMANDS.each do |command|
+    puts "executing: #{ command } in #{ FUNCHOOK_DIR }"
+    Dir.chdir(FUNCHOOK_DIR) do
+      `#{ command }`
+    end
+  end
+  SOURCE_PATHS = [
+    File.join('include', 'funchook.h'),
+    File.join('src',     'libfunchook.dylib'),
+    File.join('src',     'libfunchook.so')
+  ].freeze
+  TARGET_PATHS = [
+    File.expand_path(File.join(File.expand_path(__dir__), '..', 'shared_libraries')),
+    File.expand_path(__dir__) # should be ext/
+  ].freeze
+  puts 'Copying required files'
+  SOURCE_PATHS.each do |source_file|
+    source_file_path = File.join(FUNCHOOK_DIR, source_file)
+    unless File.exist?(source_file_path)
+      puts "Skipping #{ source_file_path }, file doesn't exist"
+      next
+    end
+    TARGET_PATHS.each do |target_path|
+      puts "Copying #{ source_file_path } into #{ target_path }"
+      FileUtils.cp(source_file_path, target_path)
+    end
+  end
+end
+have_header('funchook.h', ext_path)

data/ext/cs__assess_active_record_named/cs__active_record_named.c ADDED

@@ -0,0 +1,47 @@
+/* Copyright (c) 2020 Contrast Security, Inc.  See
+ * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
+#include "cs__active_record_named.h"
+#include <ruby.h>
+VALUE contrast_assess_active_record_scope(const int argc, const VALUE *argv,
+                                          const VALUE self) {
+    /*
+     * The ActiveRecord::Scoping::Named::ClassMethods#scope method allows for
+     * the creation of methods at runtime. In order to trigger on interpolation
+     * within that new method, we must rewrite the method body BEFORE it can be
+     * used in the original #scope method, replacing interpolations with our
+     * String append logic. As this deviates from standard Assess behavior
+     * (changes the application behavior and acts on an input BEFORE it can be
+     * passed to the original method), I think it deserves to be in a custom
+     * call. -HM
+     */
+    VALUE new_body, ret;
+    VALUE new_args[3];
+    new_body = rb_funcall(self, rb_sym_assess_rewrite, 2, argv[0], argv[1]);
+    new_args[0] = argv[0];
+    if (NIL_P(new_body)) {
+        new_args[1] = argv[1];
+    } else {
+        new_args[1] = new_body;
+    }
+    new_args[2] = argv[2];
+    ret = rb_funcall2(self, rb_sym_assess_scope, argc, new_args);
+    return ret;
+}
+void Init_cs__assess_active_record_named(void) {
+    rb_sym_assess_rewrite = rb_intern("_cs__rewrite");
+    rb_sym_assess_scope = rb_intern("cs__patched_scope");
+    VALUE active_record_module = rb_define_module("ActiveRecord");
+    VALUE scoping_module =
+        rb_define_module_under(active_record_module, "Scoping");
+    VALUE named_module = rb_define_module_under(scoping_module, "Named");
+    VALUE class_methods_module =
+        rb_define_module_under(named_module, "ClassMethods");
+    contrast_alias_method(class_methods_module, "cs__patched_scope", "scope");
+    rb_define_method(class_methods_module, "scope",
+                     contrast_assess_active_record_scope, -1);
+}

data/ext/cs__assess_active_record_named/cs__active_record_named.h ADDED

@@ -0,0 +1,10 @@
+#include <ruby.h>
+static VALUE rb_sym_assess_rewrite;
+static VALUE rb_sym_assess_scope;
+void contrast_alias_method(const VALUE target, const char *to,
+                           const char *from);
+VALUE contrast_assess_active_record_scope(const int argc, const VALUE *argv,
+                                          const VALUE self);

data/ext/cs__assess_active_record_named/extconf.rb ADDED

	@@ -0,0 +1,2 @@
1	+ $TO_MAKE = File.basename(__dir__)
2	+ require_relative '../extconf_common'

data/ext/cs__assess_array/cs__assess_array.c ADDED

@@ -0,0 +1,38 @@
+/* Copyright (c) 2020 Contrast Security, Inc.  See
+ * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
+#include "cs__assess_array.h"
+#include "../cs__common/cs__common.h"
+#include <ruby.h>
+/*
+ * If String#split is called without an argument, it defaults to use `$;`.
+ * We have to make this patch in C so as not to change that value.
+ * -HM
+ */
+static VALUE contrast_assess_array_join(const int argc, const VALUE *argv,
+                                        const VALUE ary) {
+    VALUE sep, result;
+    /* We need to figure out the separator the join method actually used. */
+    /* First, check if one was provided. */
+    rb_scan_args(argc, argv, "01", &sep);
+    /* Second, check to see if `$;` is set*/
+    if (NIL_P(sep)) {
+        sep = rb_output_fs;
+    }
+    /* Finally, default to empty String. Implicit since nil.to_s is ''*/
+    result = rb_funcall2(ary, rb_sym_assess_array_join, argc, argv);
+    result = rb_funcall(ary, rb_sym_assess_track_array_join, 2, sep, result);
+    return result;
+}
+void Init_cs__assess_array(void) {
+    rb_sym_assess_array_join = rb_intern("cs__patched_join");
+    rb_sym_assess_track_array_join = rb_intern("__cs_track_join");
+    VALUE array_class = rb_define_class("Array", rb_cObject);
+    contrast_alias_method(array_class, "cs__patched_join", "join");
+    rb_define_method(array_class, "join", contrast_assess_array_join, -1);
+}

data/ext/cs__assess_array/cs__assess_array.h ADDED

@@ -0,0 +1,9 @@
+#include <ruby.h>
+static VALUE rb_sym_assess_array_join;
+static VALUE rb_sym_assess_track_array_join;
+static VALUE contrast_assess_array_join(const int argc, const VALUE *argv,
+                                        const VALUE ary);
+void Init_cs__assess_array(void);

data/ext/cs__assess_array/extconf.rb ADDED

	@@ -0,0 +1,2 @@
1	+ $TO_MAKE = File.basename(__dir__)
2	+ require_relative '../extconf_common'

data/ext/cs__assess_basic_object/cs__assess_basic_object.c ADDED

@@ -0,0 +1,50 @@
+/* Copyright (c) 2020 Contrast Security, Inc.  See
+ * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
+#include "cs__assess_basic_object.h"
+#include "../cs__common/cs__common.h"
+#include <ruby.h>
+void contrast_assess_instance_eval_trigger_check(VALUE module, VALUE source,
+                                                 VALUE ret) {
+    VALUE has_trigger_check =
+        rb_respond_to(rb_cBasicObject, instance_trigger_check_method);
+    if (has_trigger_check) {
+        rb_funcall(rb_cBasicObject, instance_trigger_check_method, 2, source,
+                   ret);
+    }
+}
+VALUE
+contrast_assess_basic_object_instance_eval(const int argc, const VALUE *argv,
+                                           const VALUE self) {
+    if (RTEST(rb_funcall(contrast_patcher(), rb_sym_skip_assess_analysis, 0))) {
+        return rb_obj_instance_eval(argc, argv, self);
+    }
+    int nested_scope =
+        RTEST(rb_funcall(contrast_patcher(), rb_sym_in_scope, 0));
+    rb_funcall(contrast_patcher(), rb_sym_enter_scope, 0);
+    VALUE ret = rb_obj_instance_eval(argc, argv, self);
+    if (!nested_scope && argc > 0) {
+        VALUE data = argv[0];
+        contrast_assess_instance_eval_trigger_check(self, data, ret);
+    }
+    rb_funcall(contrast_patcher(), rb_sym_exit_scope, 0);
+    return ret;
+}
+void Init_cs__assess_basic_object(void) {
+    instance_trigger_check_method = rb_intern("instance_eval_trigger_check");
+    contrast_alias_method(rb_cBasicObject, "cs__patched_instance_eval",
+                          "instance_eval");
+    rb_define_method(rb_cBasicObject, "instance_eval",
+                     contrast_assess_basic_object_instance_eval, -1);
+}

data/ext/cs__assess_basic_object/cs__assess_basic_object.h ADDED

@@ -0,0 +1,17 @@
+#include <ruby.h>
+/* Contrast::Agent::Patching::Policy::Patcher */
+static VALUE instance_trigger_check_method;
+void contrast_alias_method(const VALUE target, const char *to,
+                           const char *from);
+/* c.f. cs__assess_module.c for more context on how eval is patched. */
+void contrast_assess_instance_eval_trigger_check(VALUE module, VALUE source,
+                                                 VALUE ret);
+VALUE
+contrast_assess_basic_object_instance_eval(const int argc, const VALUE *argv,
+                                           const VALUE self);
+void Init_cs__assess_basic_object(void);

data/ext/cs__assess_basic_object/extconf.rb ADDED

	@@ -0,0 +1,2 @@
1	+ $TO_MAKE = File.basename(__dir__)
2	+ require_relative '../extconf_common'

data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c ADDED

@@ -0,0 +1,86 @@
+/* Copyright (c) 2020 Contrast Security, Inc.  See
+ * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
+#include "cs__assess_fiber_track.h"
+#include <funchook.h>
+#include <ruby.h>
+VALUE rb_fiber_new_hook(VALUE (*func)(ANYARGS), VALUE obj) {
+    /* This is a truncated copy of the enumerator struct definition
+     * from ruby's enumerator.c.
+     * The values should generally align, though there is a nonzero chance
+     * that the compiler will optimize struct padding in such a way that
+     * we're not reading what we think we're reading, and likely segfault.
+     * TODO to be rigorous about compiler flags, but it's not an urgent matter
+     * as most compiler defaults should serve us OK.
+     */
+    VALUE fiber = rb_fiber_new_original(func, obj);
+    /* This is the most proximate Ruby method that's asking for this fiber.
+     * In our case, we're looking for #next.
+     * Other invocations are not particularly interesting to us.
+     */
+    VALUE calling_method = rb_funcall(rb_cObject, rb_intern("__method__"), 0);
+    if (RTEST(rb_obj_is_kind_of(obj, rb_cEnumerator)) &&
+        SYM2ID(calling_method) == rb_sym_next) {
+        struct enumerator {
+            VALUE obj;
+            ID meth;
+        };
+        /* underlying object is first entry in Enumerator struct def.
+         *  that's all statically defined w/in enumerator.c, so we can't
+         *  reference the data types and be safe about it.  (yippee.)
+         *  we cut out the TypedData_Get_Struct middleman & just go for it.
+         */
+        struct enumerator *enum_ptr = ((struct enumerator *)DATA_PTR(obj));
+        /* This is the object the enumerator is operating upon. */
+        VALUE underlying = enum_ptr->obj;
+        /* This is the method the enumerator uses to operate upon that object.
+         */
+        VALUE enumerator_method = ID2SYM(enum_ptr->meth);
+        /* e.g.: 1..100, #each_value.  Should reflect #inspect on the enum. */
+        rb_funcall(fiber_class, track_rb_fiber_new, 5, fiber, obj,
+                   enumerator_method, underlying, calling_method);
+    }
+    return fiber;
+}
+VALUE rb_fiber_yield_hook(int argc, const VALUE *argv) {
+    VALUE calling_method = rb_funcall(rb_cObject, rb_intern("__method__"), 0);
+    VALUE yielding_fiber = rb_fiber_current();
+    /* propagate from yielding_fiber -> result */
+    rb_funcall(fiber_class, track_rb_fiber_yield, 3, yielding_fiber,
+               calling_method, *argv);
+    return rb_fiber_yield_original(argc, argv);
+}
+int install_fiber_hooks() {
+    funchook_t *funchook = funchook_create();
+    rb_fiber_new_original = rb_fiber_new;
+    funchook_prepare(funchook, (void **)&rb_fiber_new_original,
+                     rb_fiber_new_hook);
+    rb_fiber_yield_original = rb_fiber_yield;
+    funchook_prepare(funchook, (void **)&rb_fiber_yield_original,
+                     rb_fiber_yield_hook);
+    funchook_install(funchook, 0);
+    return 0;
+}
+void Init_cs__assess_fiber_track(void) {
+    fiber_class = rb_define_class("Fiber", rb_cObject);
+    track_rb_fiber_new = rb_intern("track_rb_fiber_new");
+    track_rb_fiber_yield = rb_intern("track_rb_fiber_yield");
+    rb_sym_next = rb_intern("next");
+    install_fiber_hooks();
+}