RubyGems - contrast-agent - Versions diffs - 3.8.4 - Mend

contrast-agent 3.8.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (500) hide show

checksums.yaml +7 -0
data/.clang-format +5 -0
data/.dockerignore +10 -0
data/.gitignore +58 -0
data/.gitmodules +6 -0
data/.rspec +6 -0
data/.simplecov +4 -0
data/Gemfile +7 -0
data/LICENSE.txt +12 -0
data/Rakefile +15 -0
data/exe/contrast_service +29 -0
data/ext/build_funchook.rb +48 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.c +47 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.h +10 -0
data/ext/cs__assess_active_record_named/extconf.rb +2 -0
data/ext/cs__assess_array/cs__assess_array.c +38 -0
data/ext/cs__assess_array/cs__assess_array.h +9 -0
data/ext/cs__assess_array/extconf.rb +2 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +50 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.h +17 -0
data/ext/cs__assess_basic_object/extconf.rb +2 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +86 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +34 -0
data/ext/cs__assess_fiber_track/extconf.rb +2 -0
data/ext/cs__assess_hash/cs__assess_hash.c +64 -0
data/ext/cs__assess_hash/cs__assess_hash.h +24 -0
data/ext/cs__assess_hash/extconf.rb +2 -0
data/ext/cs__assess_kernel/cs__assess_kernel.c +36 -0
data/ext/cs__assess_kernel/cs__assess_kernel.h +10 -0
data/ext/cs__assess_kernel/extconf.rb +2 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +47 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +18 -0
data/ext/cs__assess_marshal_module/extconf.rb +2 -0
data/ext/cs__assess_module/cs__assess_module.c +78 -0
data/ext/cs__assess_module/cs__assess_module.h +25 -0
data/ext/cs__assess_module/extconf.rb +2 -0
data/ext/cs__assess_regexp/cs__assess_regexp.c +48 -0
data/ext/cs__assess_regexp/cs__assess_regexp.h +22 -0
data/ext/cs__assess_regexp/extconf.rb +2 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +63 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +29 -0
data/ext/cs__assess_regexp_track/extconf.rb +2 -0
data/ext/cs__assess_string/cs__assess_string.c +38 -0
data/ext/cs__assess_string/cs__assess_string.h +19 -0
data/ext/cs__assess_string/extconf.rb +2 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +31 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +13 -0
data/ext/cs__assess_string_interpolation26/extconf.rb +2 -0
data/ext/cs__common/cs__common.c +60 -0
data/ext/cs__common/cs__common.h +28 -0
data/ext/cs__common/extconf.rb +20 -0
data/ext/cs__contrast_patch/cs__contrast_patch.c +445 -0
data/ext/cs__contrast_patch/cs__contrast_patch.h +196 -0
data/ext/cs__contrast_patch/extconf.rb +2 -0
data/ext/cs__protect_kernel/cs__protect_kernel.c +37 -0
data/ext/cs__protect_kernel/cs__protect_kernel.h +11 -0
data/ext/cs__protect_kernel/extconf.rb +2 -0
data/ext/cs__scope/cs__scope.c +96 -0
data/ext/cs__scope/cs__scope.h +33 -0
data/ext/cs__scope/extconf.rb +2 -0
data/ext/extconf_common.rb +49 -0
data/funchook/LICENSE +360 -0
data/funchook/Makefile +29 -0
data/funchook/Makefile.in +29 -0
data/funchook/README.md +121 -0
data/funchook/appveyor.yml +42 -0
data/funchook/autogen.sh +3 -0
data/funchook/autom4te.cache/output.0 +4976 -0
data/funchook/autom4te.cache/requests +78 -0
data/funchook/autom4te.cache/traces.0 +364 -0
data/funchook/config.guess +1530 -0
data/funchook/config.log +490 -0
data/funchook/config.status +1016 -0
data/funchook/config.sub +1773 -0
data/funchook/configure +4976 -0
data/funchook/configure.ac +59 -0
data/funchook/distorm/COPYING +26 -0
data/funchook/distorm/MANIFEST +25 -0
data/funchook/distorm/MANIFEST.in +4 -0
data/funchook/distorm/README.md +12 -0
data/funchook/distorm/disOps/disOps.py +795 -0
data/funchook/distorm/disOps/x86db.py +404 -0
data/funchook/distorm/disOps/x86header.py +247 -0
data/funchook/distorm/disOps/x86sets.py +1664 -0
data/funchook/distorm/examples/cs/TestdiStorm/Program.cs +79 -0
data/funchook/distorm/examples/cs/TestdiStorm/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/TestdiStorm/TestdiStorm.csproj +69 -0
data/funchook/distorm/examples/cs/distorm-net.sln +26 -0
data/funchook/distorm/examples/cs/distorm-net/CodeInfo.cs +23 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedInst.cs +15 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedInst.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.cs +1268 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.tt +37 -0
data/funchook/distorm/examples/cs/distorm-net/Operand.cs +25 -0
data/funchook/distorm/examples/cs/distorm-net/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/diStorm3.cs +411 -0
data/funchook/distorm/examples/cs/distorm-net/distorm-net.csproj +80 -0
data/funchook/distorm/examples/cs/readme +3 -0
data/funchook/distorm/examples/ddk/README +48 -0
data/funchook/distorm/examples/ddk/distorm.ini +11 -0
data/funchook/distorm/examples/ddk/dummy.c +15 -0
data/funchook/distorm/examples/ddk/main.c +91 -0
data/funchook/distorm/examples/ddk/makefile +1 -0
data/funchook/distorm/examples/ddk/sources +10 -0
data/funchook/distorm/examples/java/Makefile +23 -0
data/funchook/distorm/examples/java/distorm/src/Main.java +43 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/CodeInfo.java +27 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedInst.java +32 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedInst.java +89 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/OpcodeEnum.java +131 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Opcodes.java +1123 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Operand.java +24 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/distorm3.java +41 -0
data/funchook/distorm/examples/java/jdistorm.c +405 -0
data/funchook/distorm/examples/java/jdistorm.h +40 -0
data/funchook/distorm/examples/java/jdistorm.sln +20 -0
data/funchook/distorm/examples/java/jdistorm.vcproj +208 -0
data/funchook/distorm/examples/linux/Makefile +15 -0
data/funchook/distorm/examples/linux/main.c +181 -0
data/funchook/distorm/examples/tests/Makefile +15 -0
data/funchook/distorm/examples/tests/main.cpp +42 -0
data/funchook/distorm/examples/tests/main.py +66 -0
data/funchook/distorm/examples/tests/test_distorm3.py +1672 -0
data/funchook/distorm/examples/tests/tests.sln +20 -0
data/funchook/distorm/examples/tests/tests.vcxproj +82 -0
data/funchook/distorm/examples/tests/tests.vcxproj.filters +22 -0
data/funchook/distorm/examples/win32/disasm.sln +25 -0
data/funchook/distorm/examples/win32/disasm.vcxproj +201 -0
data/funchook/distorm/examples/win32/disasm.vcxproj.filters +14 -0
data/funchook/distorm/examples/win32/main.cpp +163 -0
data/funchook/distorm/include/distorm.h +482 -0
data/funchook/distorm/include/mnemonics.h +301 -0
data/funchook/distorm/make/linux/Makefile +28 -0
data/funchook/distorm/make/mac/Makefile +24 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj +239 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj.filters +80 -0
data/funchook/distorm/make/win32/distorm.sln +25 -0
data/funchook/distorm/make/win32/resource.h +14 -0
data/funchook/distorm/make/win32/resource.rc +99 -0
data/funchook/distorm/python/distorm3/__init__.py +957 -0
data/funchook/distorm/python/distorm3/sample.py +51 -0
data/funchook/distorm/setup.cfg +10 -0
data/funchook/distorm/setup.py +266 -0
data/funchook/distorm/src/config.h +169 -0
data/funchook/distorm/src/decoder.c +641 -0
data/funchook/distorm/src/decoder.h +33 -0
data/funchook/distorm/src/distorm.c +413 -0
data/funchook/distorm/src/instructions.c +597 -0
data/funchook/distorm/src/instructions.h +463 -0
data/funchook/distorm/src/insts.c +7939 -0
data/funchook/distorm/src/insts.h +64 -0
data/funchook/distorm/src/mnemonics.c +284 -0
data/funchook/distorm/src/operands.c +1290 -0
data/funchook/distorm/src/operands.h +28 -0
data/funchook/distorm/src/prefix.c +368 -0
data/funchook/distorm/src/prefix.h +64 -0
data/funchook/distorm/src/textdefs.c +172 -0
data/funchook/distorm/src/textdefs.h +57 -0
data/funchook/distorm/src/wstring.c +47 -0
data/funchook/distorm/src/wstring.h +35 -0
data/funchook/distorm/src/x86defs.h +82 -0
data/funchook/include/funchook.h +123 -0
data/funchook/install-sh +527 -0
data/funchook/src/Makefile +70 -0
data/funchook/src/Makefile.in +70 -0
data/funchook/src/__strerror.h +109 -0
data/funchook/src/config.h +101 -0
data/funchook/src/config.h.in +100 -0
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.c +440 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_internal.h +155 -0
data/funchook/src/funchook_io.c +182 -0
data/funchook/src/funchook_io.h +64 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.S +134 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.c +480 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_windows.c +397 -0
data/funchook/src/funchook_x86.c +622 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.so +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.c +115 -0
data/funchook/src/os_func.h +75 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.c +94 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/os_func_windows.c +32 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.c +1688 -0
data/funchook/src/printf_base.h +46 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +43 -0
data/funchook/test/Makefile.in +43 -0
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.c +25 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/libfunchook_test2.c +18 -0
data/funchook/test/suffix.list +600 -0
data/funchook/test/test_main.c +430 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.S +10 -0
data/funchook/test/x86_64_test.o +0 -0
data/funchook/test/x86_test.S +339 -0
data/funchook/win32/config.h +1 -0
data/funchook/win32/funchook.sln +52 -0
data/funchook/win32/funchook.vcxproj +188 -0
data/funchook/win32/funchook.vcxproj.filters +84 -0
data/funchook/win32/funchook_test.vcxproj +170 -0
data/funchook/win32/funchook_test.vcxproj.filters +22 -0
data/funchook/win32/funchook_test_dll.vcxproj +184 -0
data/funchook/win32/funchook_test_dll.vcxproj.filters +30 -0
data/funchook/win32/funchook_test_exe.def +3 -0
data/lib/contrast-agent.rb +8 -0
data/lib/contrast.rb +57 -0
data/lib/contrast/agent.rb +80 -0
data/lib/contrast/agent/assess.rb +45 -0
data/lib/contrast/agent/assess/adjusted_span.rb +25 -0
data/lib/contrast/agent/assess/class_reverter.rb +82 -0
data/lib/contrast/agent/assess/contrast_event.rb +398 -0
data/lib/contrast/agent/assess/frozen_properties.rb +41 -0
data/lib/contrast/agent/assess/insulator.rb +53 -0
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +78 -0
data/lib/contrast/agent/assess/policy/patcher.rb +85 -0
data/lib/contrast/agent/assess/policy/policy.rb +116 -0
data/lib/contrast/agent/assess/policy/policy_node.rb +289 -0
data/lib/contrast/agent/assess/policy/policy_scanner.rb +44 -0
data/lib/contrast/agent/assess/policy/preshift.rb +94 -0
data/lib/contrast/agent/assess/policy/propagation_method.rb +260 -0
data/lib/contrast/agent/assess/policy/propagation_node.rb +127 -0
data/lib/contrast/agent/assess/policy/propagator.rb +35 -0
data/lib/contrast/agent/assess/policy/propagator/append.rb +54 -0
data/lib/contrast/agent/assess/policy/propagator/base.rb +37 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/custom.rb +36 -0
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +62 -0
data/lib/contrast/agent/assess/policy/propagator/insert.rb +55 -0
data/lib/contrast/agent/assess/policy/propagator/keep.rb +26 -0
data/lib/contrast/agent/assess/policy/propagator/next.rb +42 -0
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +50 -0
data/lib/contrast/agent/assess/policy/propagator/remove.rb +76 -0
data/lib/contrast/agent/assess/policy/propagator/replace.rb +27 -0
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +38 -0
data/lib/contrast/agent/assess/policy/propagator/select.rb +86 -0
data/lib/contrast/agent/assess/policy/propagator/splat.rb +60 -0
data/lib/contrast/agent/assess/policy/propagator/split.rb +49 -0
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +169 -0
data/lib/contrast/agent/assess/policy/propagator/trim.rb +81 -0
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +79 -0
data/lib/contrast/agent/assess/policy/source_method.rb +209 -0
data/lib/contrast/agent/assess/policy/source_node.rb +62 -0
data/lib/contrast/agent/assess/policy/trigger_method.rb +209 -0
data/lib/contrast/agent/assess/policy/trigger_node.rb +198 -0
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +77 -0
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +31 -0
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +40 -0
data/lib/contrast/agent/assess/properties.rb +392 -0
data/lib/contrast/agent/assess/rule.rb +18 -0
data/lib/contrast/agent/assess/rule/base.rb +72 -0
data/lib/contrast/agent/assess/rule/csrf.rb +66 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +28 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +69 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +132 -0
data/lib/contrast/agent/assess/rule/provider.rb +21 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +62 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +73 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +121 -0
data/lib/contrast/agent/assess/rule/redos.rb +68 -0
data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +47 -0
data/lib/contrast/agent/assess/rule/response_watcher.rb +36 -0
data/lib/contrast/agent/assess/rule/watcher.rb +36 -0
data/lib/contrast/agent/assess/tag.rb +151 -0
data/lib/contrast/agent/at_exit_hook.rb +33 -0
data/lib/contrast/agent/class_reopener.rb +195 -0
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +26 -0
data/lib/contrast/agent/deadzone/policy/policy.rb +57 -0
data/lib/contrast/agent/disable_reaction.rb +24 -0
data/lib/contrast/agent/exclusion_matcher.rb +190 -0
data/lib/contrast/agent/feature_state.rb +379 -0
data/lib/contrast/agent/inventory/policy/policy.rb +32 -0
data/lib/contrast/agent/inventory/policy/trigger_node.rb +22 -0
data/lib/contrast/agent/logger_manager.rb +116 -0
data/lib/contrast/agent/middleware.rb +352 -0
data/lib/contrast/agent/module_data.rb +16 -0
data/lib/contrast/agent/patching/policy/after_load_patch.rb +37 -0
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +58 -0
data/lib/contrast/agent/patching/policy/method_policy.rb +94 -0
data/lib/contrast/agent/patching/policy/module_policy.rb +116 -0
data/lib/contrast/agent/patching/policy/patch.rb +312 -0
data/lib/contrast/agent/patching/policy/patch_status.rb +192 -0
data/lib/contrast/agent/patching/policy/patcher.rb +310 -0
data/lib/contrast/agent/patching/policy/policy.rb +138 -0
data/lib/contrast/agent/patching/policy/policy_node.rb +80 -0
data/lib/contrast/agent/patching/policy/policy_unpatcher.rb +28 -0
data/lib/contrast/agent/patching/policy/trigger_node.rb +81 -0
data/lib/contrast/agent/protect/policy/policy.rb +37 -0
data/lib/contrast/agent/protect/policy/trigger_node.rb +23 -0
data/lib/contrast/agent/protect/rule.rb +58 -0
data/lib/contrast/agent/protect/rule/base.rb +300 -0
data/lib/contrast/agent/protect/rule/base_service.rb +88 -0
data/lib/contrast/agent/protect/rule/cmd_injection.rb +156 -0
data/lib/contrast/agent/protect/rule/csrf.rb +118 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +103 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +85 -0
data/lib/contrast/agent/protect/rule/default_scanner.rb +300 -0
data/lib/contrast/agent/protect/rule/deserialization.rb +193 -0
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +80 -0
data/lib/contrast/agent/protect/rule/no_sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +40 -0
data/lib/contrast/agent/protect/rule/path_traversal.rb +143 -0
data/lib/contrast/agent/protect/rule/sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +16 -0
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +38 -0
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +22 -0
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +19 -0
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +20 -0
data/lib/contrast/agent/protect/rule/xss.rb +24 -0
data/lib/contrast/agent/protect/rule/xxe.rb +120 -0
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +82 -0
data/lib/contrast/agent/railtie.rb +30 -0
data/lib/contrast/agent/reaction_processor.rb +47 -0
data/lib/contrast/agent/request.rb +493 -0
data/lib/contrast/agent/request_context.rb +225 -0
data/lib/contrast/agent/require_state.rb +61 -0
data/lib/contrast/agent/response.rb +215 -0
data/lib/contrast/agent/rewriter.rb +244 -0
data/lib/contrast/agent/scope.rb +28 -0
data/lib/contrast/agent/service_heartbeat.rb +37 -0
data/lib/contrast/agent/settings_state.rb +148 -0
data/lib/contrast/agent/socket_client.rb +125 -0
data/lib/contrast/agent/thread.rb +26 -0
data/lib/contrast/agent/tracepoint_hook.rb +51 -0
data/lib/contrast/agent/version.rb +8 -0
data/lib/contrast/api.rb +17 -0
data/lib/contrast/api/.gitkeep +0 -0
data/lib/contrast/api/connection_status.rb +49 -0
data/lib/contrast/api/socket.rb +43 -0
data/lib/contrast/api/speedracer.rb +206 -0
data/lib/contrast/api/tcp_socket.rb +31 -0
data/lib/contrast/api/unix_socket.rb +25 -0
data/lib/contrast/common_agent_configuration.rb +86 -0
data/lib/contrast/components/agent.rb +85 -0
data/lib/contrast/components/app_context.rb +188 -0
data/lib/contrast/components/assess.rb +67 -0
data/lib/contrast/components/config.rb +135 -0
data/lib/contrast/components/contrast_service.rb +113 -0
data/lib/contrast/components/heap_dump.rb +34 -0
data/lib/contrast/components/interface.rb +178 -0
data/lib/contrast/components/inventory.rb +23 -0
data/lib/contrast/components/logger.rb +92 -0
data/lib/contrast/components/protect.rb +38 -0
data/lib/contrast/components/sampling.rb +41 -0
data/lib/contrast/components/scope.rb +106 -0
data/lib/contrast/components/settings.rb +140 -0
data/lib/contrast/config.rb +33 -0
data/lib/contrast/config/agent_configuration.rb +24 -0
data/lib/contrast/config/application_configuration.rb +27 -0
data/lib/contrast/config/assess_configuration.rb +22 -0
data/lib/contrast/config/assess_rules_configuration.rb +18 -0
data/lib/contrast/config/base_configuration.rb +105 -0
data/lib/contrast/config/default_value.rb +16 -0
data/lib/contrast/config/exception_configuration.rb +21 -0
data/lib/contrast/config/heap_dump_configuration.rb +23 -0
data/lib/contrast/config/inventory_configuration.rb +20 -0
data/lib/contrast/config/logger_configuration.rb +20 -0
data/lib/contrast/config/protect_configuration.rb +20 -0
data/lib/contrast/config/protect_rule_configuration.rb +37 -0
data/lib/contrast/config/protect_rules_configuration.rb +30 -0
data/lib/contrast/config/root_configuration.rb +26 -0
data/lib/contrast/config/ruby_configuration.rb +39 -0
data/lib/contrast/config/sampling_configuration.rb +22 -0
data/lib/contrast/config/server_configuration.rb +23 -0
data/lib/contrast/config/service_configuration.rb +22 -0
data/lib/contrast/configuration.rb +214 -0
data/lib/contrast/core_extensions/assess.rb +51 -0
data/lib/contrast/core_extensions/assess/array.rb +58 -0
data/lib/contrast/core_extensions/assess/assess_extension.rb +145 -0
data/lib/contrast/core_extensions/assess/basic_object.rb +15 -0
data/lib/contrast/core_extensions/assess/erb.rb +42 -0
data/lib/contrast/core_extensions/assess/exec_trigger.rb +48 -0
data/lib/contrast/core_extensions/assess/fiber.rb +125 -0
data/lib/contrast/core_extensions/assess/hash.rb +22 -0
data/lib/contrast/core_extensions/assess/kernel.rb +95 -0
data/lib/contrast/core_extensions/assess/module.rb +14 -0
data/lib/contrast/core_extensions/assess/regexp.rb +206 -0
data/lib/contrast/core_extensions/assess/string.rb +75 -0
data/lib/contrast/core_extensions/assess/tilt_template_trigger.rb +73 -0
data/lib/contrast/core_extensions/delegator.rb +14 -0
data/lib/contrast/core_extensions/eval_trigger.rb +52 -0
data/lib/contrast/core_extensions/inventory.rb +22 -0
data/lib/contrast/core_extensions/inventory/datastores.rb +37 -0
data/lib/contrast/core_extensions/module.rb +42 -0
data/lib/contrast/core_extensions/object.rb +27 -0
data/lib/contrast/core_extensions/protect.rb +20 -0
data/lib/contrast/core_extensions/protect/applies_command_injection_rule.rb +70 -0
data/lib/contrast/core_extensions/protect/applies_deserialization_rule.rb +58 -0
data/lib/contrast/core_extensions/protect/applies_no_sqli_rule.rb +81 -0
data/lib/contrast/core_extensions/protect/applies_path_traversal_rule.rb +119 -0
data/lib/contrast/core_extensions/protect/applies_sqli_rule.rb +63 -0
data/lib/contrast/core_extensions/protect/applies_xxe_rule.rb +141 -0
data/lib/contrast/core_extensions/protect/kernel.rb +30 -0
data/lib/contrast/core_extensions/protect/psych.rb +7 -0
data/lib/contrast/core_extensions/thread.rb +31 -0
data/lib/contrast/internal_exception.rb +8 -0
data/lib/contrast/rails_extensions/assess/action_controller_inheritance.rb +48 -0
data/lib/contrast/rails_extensions/assess/active_record.rb +32 -0
data/lib/contrast/rails_extensions/assess/active_record_named.rb +61 -0
data/lib/contrast/rails_extensions/assess/configuration.rb +26 -0
data/lib/contrast/rails_extensions/buffer.rb +30 -0
data/lib/contrast/rails_extensions/rack.rb +45 -0
data/lib/contrast/security_exception.rb +14 -0
data/lib/contrast/sinatra_extensions/assess/cookie.rb +26 -0
data/lib/contrast/sinatra_extensions/inventory/sinatra_base.rb +59 -0
data/lib/contrast/tasks/service.rb +95 -0
data/lib/contrast/utils/assess/sampling_util.rb +96 -0
data/lib/contrast/utils/assess/tracking_util.rb +39 -0
data/lib/contrast/utils/boolean_util.rb +33 -0
data/lib/contrast/utils/cache.rb +69 -0
data/lib/contrast/utils/class_util.rb +58 -0
data/lib/contrast/utils/comment_range.rb +19 -0
data/lib/contrast/utils/data_store_util.rb +23 -0
data/lib/contrast/utils/duck_utils.rb +58 -0
data/lib/contrast/utils/env_configuration_item.rb +52 -0
data/lib/contrast/utils/environment_util.rb +152 -0
data/lib/contrast/utils/freeze_util.rb +36 -0
data/lib/contrast/utils/gemfile_reader.rb +191 -0
data/lib/contrast/utils/hash_digest.rb +148 -0
data/lib/contrast/utils/heap_dump_util.rb +113 -0
data/lib/contrast/utils/invalid_configuration_util.rb +88 -0
data/lib/contrast/utils/inventory_util.rb +126 -0
data/lib/contrast/utils/io_util.rb +61 -0
data/lib/contrast/utils/object_share.rb +117 -0
data/lib/contrast/utils/operating_environment.rb +38 -0
data/lib/contrast/utils/os.rb +49 -0
data/lib/contrast/utils/path_util.rb +151 -0
data/lib/contrast/utils/performs_logging.rb +152 -0
data/lib/contrast/utils/preflight_util.rb +13 -0
data/lib/contrast/utils/prevent_serialization.rb +52 -0
data/lib/contrast/utils/rack_assess_session_cookie.rb +104 -0
data/lib/contrast/utils/rails_assess_configuration.rb +95 -0
data/lib/contrast/utils/random_util.rb +22 -0
data/lib/contrast/utils/resource_loader.rb +23 -0
data/lib/contrast/utils/ruby_ast_rewriter.rb +74 -0
data/lib/contrast/utils/scope_util.rb +99 -0
data/lib/contrast/utils/service_response_util.rb +116 -0
data/lib/contrast/utils/service_sender_util.rb +98 -0
data/lib/contrast/utils/sha256_builder.rb +69 -0
data/lib/contrast/utils/sinatra_helper.rb +49 -0
data/lib/contrast/utils/stack_trace_utils.rb +209 -0
data/lib/contrast/utils/string_utils.rb +72 -0
data/lib/contrast/utils/tag_util.rb +139 -0
data/lib/contrast/utils/thread_tracker.rb +54 -0
data/lib/contrast/utils/timer.rb +78 -0
data/resources/assess/policy.json +1673 -0
data/resources/csrf/inject.js +44 -0
data/resources/deadzone/policy.json +55 -0
data/resources/factory-bot-spec/spec_helper.rb +30 -0
data/resources/inventory/policy.json +110 -0
data/resources/protect/policy.json +417 -0
data/resources/rubocops/kernel/catch_cop.rb +37 -0
data/resources/rubocops/kernel/require_cop.rb +37 -0
data/resources/rubocops/kernel/require_relative_cop.rb +33 -0
data/resources/rubocops/module/autoload_cop.rb +37 -0
data/resources/rubocops/module/const_defined_cop.rb +37 -0
data/resources/rubocops/module/const_get_cop.rb +37 -0
data/resources/rubocops/module/const_set_cop.rb +37 -0
data/resources/rubocops/module/constants_cop.rb +37 -0
data/resources/rubocops/module/name_cop.rb +37 -0
data/resources/rubocops/object/class_cop.rb +37 -0
data/resources/rubocops/object/freeze_cop.rb +37 -0
data/resources/rubocops/object/frozen_cop.rb +37 -0
data/resources/rubocops/object/is_a_cop.rb +37 -0
data/resources/rubocops/object/method_cop.rb +37 -0
data/resources/rubocops/object/respond_to_cop.rb +37 -0
data/resources/rubocops/object/singleton_class_cop.rb +37 -0
data/resources/rubocops/regexp/spelling_cop.rb +44 -0
data/resources/rubocops/thread/new_cop.rb +39 -0
data/resources/ruby-spec/ancestors_spec.rb +70 -0
data/resources/ruby-spec/modulo_spec.rb +831 -0
data/resources/ruby-spec/parameters_spec.rb +261 -0
data/resources/ruby-spec/ruby_spec_spec_helper.rb +35 -0
data/resources/test_marker.txt +1 -0
data/ruby-agent.gemspec +129 -0
data/service_executables/.gitkeep +0 -0
data/service_executables/VERSION +1 -0
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +945 -0

data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h ADDED

@@ -0,0 +1,34 @@
+#include <funchook.h>
+#include <ruby.h>
+static VALUE rb_sym_next;
+static VALUE fiber_class;
+static VALUE track_rb_fiber_new;
+static VALUE track_rb_fiber_yield;
+VALUE rb_fiber_new(VALUE (*func)(ANYARGS), VALUE obj);
+VALUE *(*rb_fiber_new_original)(VALUE (*func)(ANYARGS), VALUE obj);
+VALUE rb_fiber_yield(int argc, const VALUE *argv);
+VALUE *(*rb_fiber_yield_original)(int argc, const VALUE *argv);
+/* If you call `#next` on an enumerator object, that enumerator object
+ * instantiates a fiber and runs its given proc inside of that fiber.
+ * This minor design consideration presents a few significant edge-cases to us.
+ * - match data from regex is bound to execution context, and it's an open
+ *   question (but looking grim) as to whether we can propagate at that event.
+ *   Ruby doesn't expose much around ECs, so both finding an event to hook
+ *   and having a native way to access the EC data are onerous.
+ * - fiber_yield is implemented with jmps in YARV, so our primary paradigm
+ *   of operating on intercepted return values is off the table.
+ *   (And heaven help you if you execute `#next` within an rb_protect call.)
+ *   Luckily, we can read the fiber's return value before it executes a jump,
+ *   so we have a point at which we can reliably propagate.
+ */
+VALUE rb_fiber_new_hook(VALUE (*func)(ANYARGS), VALUE obj);
+VALUE rb_fiber_yield_hook(int argc, const VALUE *argv);
+static int install_fiber_hooks();
+void Init_cs__assess_fiber_track(void);

data/ext/cs__assess_fiber_track/extconf.rb ADDED

	@@ -0,0 +1,2 @@
1	+ $TO_MAKE = File.basename(__dir__)
2	+ require_relative '../extconf_common'

data/ext/cs__assess_hash/cs__assess_hash.c ADDED

@@ -0,0 +1,64 @@
+/* Copyright (c) 2020 Contrast Security, Inc.  See
+ * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
+#include "cs__assess_hash.h"
+#include "../cs__common/cs__common.h"
+#include <ruby.h>
+static VALUE contrast_assess_hash_bracket_get(const int argc, VALUE *argv,
+                                              const VALUE hash) {
+    VALUE result;
+    /* Array of Arrays: Hash[ [ [key, value], ... ] ]   -> new_hash */
+    if (RB_TYPE_P(argv[0], T_ARRAY)) {
+        int i;
+        for (i = 0; i < argc; i++) {
+            argv[i] =
+                rb_funcall(hash, rb_sym_assess_hash_dup_and_freeze, 1, argv[i]);
+        }
+        /* Hash[ key, value, ... ]         -> new_hash */
+    } else if (argc > 1) {
+        int i;
+        for (i = 0; i < argc; i += 2) {
+            argv[i] =
+                rb_funcall(hash, rb_sym_assess_hash_dup_and_freeze, 1, argv[i]);
+        }
+    }
+    /* unhandled case - shouldn't need it since issue is only unfrozen
+     * String keys
+     * # Hash[ object ]                  -> new_hash
+     */
+    result = rb_funcall2(hash, rb_sym_assess_hash_brackets, argc, argv);
+    return result;
+}
+static VALUE contrast_assess_hash_bracket_set(const int argc, VALUE *argv,
+                                              const VALUE hash) {
+    VALUE result;
+    VALUE key;
+    key = rb_funcall2(hash, rb_sym_assess_hash_bracket_set, argc, argv);
+    argv[0] = key;
+    result = rb_funcall2(hash, rb_sym_assess_hash_bracket_equals, argc, argv);
+    return result;
+}
+void Init_cs__assess_hash(void) {
+    rb_sym_assess_hash_dup_and_freeze = rb_intern("cs__duplicate_and_freeze");
+    rb_sym_assess_hash_brackets = rb_intern("cs__patched_[]");
+    rb_sym_assess_hash_bracket_set = rb_intern("cs__bracket_set");
+    rb_sym_assess_hash_bracket_equals = rb_intern("cs__patched_[]=");
+    VALUE hash_class = rb_define_class("Hash", rb_cObject);
+    array_class = rb_define_class("Array", rb_cObject);
+    VALUE singleton = rb_singleton_class(hash_class);
+    contrast_alias_method(singleton, "cs__patched_[]", "[]");
+    rb_define_method(singleton, "[]", contrast_assess_hash_bracket_get, -1);
+    contrast_alias_method(hash_class, "cs__patched_[]=", "[]=");
+    rb_define_method(hash_class, "[]=", contrast_assess_hash_bracket_set, -1);
+}

data/ext/cs__assess_hash/cs__assess_hash.h ADDED

@@ -0,0 +1,24 @@
+#include <ruby.h>
+static VALUE array_class;
+static VALUE rb_sym_assess_hash_dup_and_freeze;
+static VALUE rb_sym_assess_hash_brackets;
+static VALUE rb_sym_assess_hash_bracket_set;
+static VALUE rb_sym_assess_hash_bracket_equals;
+/*
+ * Monkeypatch Ruby Hash with Contrast Security Hash in order ot avoid losing
+ * tracking across Strings. Hashes, when given unfrozen Strings as keys,
+ * replace these Strings with a frozen copy in the hash. This copy is done is C
+ * and does not take into account the tag properties we've provided. Freezing
+ * ahead of time should avoid this, similar to the behavior of the -@ Strings
+ * -HM
+ */
+static VALUE contrast_assess_hash_bracket_get(const int argc, VALUE *argv,
+                                              const VALUE hash);
+static VALUE contrast_assess_hash_bracket_set(const int argc, VALUE *argv,
+                                              const VALUE hash);
+void Init_cs__assess_hash(void);

data/ext/cs__assess_hash/extconf.rb ADDED

	@@ -0,0 +1,2 @@
1	+ $TO_MAKE = File.basename(__dir__)
2	+ require_relative '../extconf_common'

data/ext/cs__assess_kernel/cs__assess_kernel.c ADDED

@@ -0,0 +1,36 @@
+/* Copyright (c) 2020 Contrast Security, Inc.  See
+ * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
+#include "cs__assess_kernel.h"
+#include "../cs__common/cs__common.h"
+#include <ruby.h>
+VALUE
+contrast_patched_kernel_exec(const int argc, const VALUE *argv,
+                             const VALUE self) {
+    int nested_scope =
+        RTEST(rb_funcall(contrast_patcher(), rb_sym_in_scope, 0));
+    if (!nested_scope && argc > 0) {
+        rb_funcall(contrast_patcher(), rb_sym_enter_scope, 0);
+        VALUE data = argv[0];
+        rb_funcall(kernel_propagator, exec_apply_trigger, 1, data);
+        rb_funcall(contrast_patcher(), rb_sym_exit_scope, 0);
+    }
+    return rb_funcall(self, rb_intern("cs__assess_kernel_exec"), argc, *argv);
+}
+void Init_cs__assess_kernel(void) {
+    kernel_propagator = rb_define_module("KernelPropagator");
+    exec_apply_trigger = rb_intern("apply_trigger");
+    VALUE singleton = rb_singleton_class(rb_mKernel);
+    contrast_alias_method(rb_mKernel, "cs__assess_kernel_exec", "exec");
+    rb_define_private_method(rb_mKernel, "exec", contrast_patched_kernel_exec,
+                             -1);
+    contrast_alias_method(singleton, "cs__assess_kernel_exec", "exec");
+    rb_define_method(singleton, "exec", contrast_patched_kernel_exec, -1);
+}

data/ext/cs__assess_kernel/cs__assess_kernel.h ADDED

@@ -0,0 +1,10 @@
+#include <ruby.h>
+static VALUE exec_apply_trigger;
+static VALUE kernel_propagator;
+VALUE
+contrast_patched_kernel_exec(const int argc, const VALUE *argv,
+                             const VALUE self);
+void Init_cs__assess_kernel(void);

data/ext/cs__assess_kernel/extconf.rb ADDED

	@@ -0,0 +1,2 @@
1	+ $TO_MAKE = File.basename(__dir__)
2	+ require_relative '../extconf_common'

data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c ADDED

@@ -0,0 +1,47 @@
+/* Copyright (c) 2020 Contrast Security, Inc.  See
+ * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
+#include "cs__assess_marshal_module.h"
+#include "../cs__common/cs__common.h"
+#include <ruby.h>
+static VALUE contrast_assess_marshal_module_load(const int argc,
+                                                 const VALUE *argv) {
+    VALUE result;
+    VALUE source_string;
+    result = rb_call_super(argc, argv);
+    if (argc >= 1) {
+        source_string = argv[0];
+        if (rb_respond_to(source_string, rb_sym_cs_tracked)) {
+            VALUE tracked = rb_funcall(source_string, rb_sym_cs_tracked, 0);
+            if (tracked == Qtrue) {
+                VALUE skip = rb_funcall(contrast_patcher(),
+                                        rb_sym_skip_assess_analysis, 0);
+                if (skip == Qfalse) {
+                    VALUE scope =
+                        rb_funcall(contrast_patcher(), rb_sym_enter_scope, 0);
+                    rb_funcall(marshal_module, rb_sym_assess_load_trigger_check,
+                               2, source_string, result);
+                    rb_funcall(contrast_patcher(), rb_sym_exit_scope, 1, scope);
+                }
+            }
+        }
+    }
+    return result;
+}
+void Init_cs__assess_marshal_module(void) {
+    rb_sym_assess_load_trigger_check = rb_intern("cs__load_trigger_check");
+    marshal_module = rb_define_module("Marshal");
+    VALUE contrast_marshal = rb_define_module("MarshalWithContrastAssess");
+    rb_define_method(contrast_marshal, "load",
+                     contrast_assess_marshal_module_load, -1);
+    rb_prepend_module(rb_singleton_class(marshal_module), contrast_marshal);
+}

data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h ADDED

@@ -0,0 +1,18 @@
+#include <ruby.h>
+static VALUE marshal_module;
+static VALUE rb_sym_assess_load_trigger_check;
+/*
+ * Rails is a jerk. In Rails 5, they decided to do away with the alias chaining
+ * approach in favor of the prepend approach. While we'll need to add long term
+ * support for prepend, so far, the only method that we've found that is used
+ * regularly by Rails / that is constantly prepended is Marshal.load. We'll
+ * special case this for now.
+ * -HM (shamelessly commenting on DP's work)
+ */
+static VALUE contrast_assess_marshal_module_load(const int argc,
+                                                 const VALUE *argv);
+void Init_cs__assess_marshal_module(void);

data/ext/cs__assess_marshal_module/extconf.rb ADDED

	@@ -0,0 +1,2 @@
1	+ $TO_MAKE = File.basename(__dir__)
2	+ require_relative '../extconf_common'

data/ext/cs__assess_module/cs__assess_module.c ADDED

@@ -0,0 +1,78 @@
+/* Copyright (c) 2020 Contrast Security, Inc.  See
+ * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
+#include "cs__assess_module.h"
+#include "../cs__common/cs__common.h"
+#include <ruby.h>
+void contrast_assess_eval_trigger_check(VALUE module, VALUE source, VALUE ret) {
+    VALUE has_trigger_check = rb_respond_to(module, trigger_check_method);
+    if (RTEST(
+            rb_funcall(contrast_patcher(), rb_sym_skip_contrast_analysis, 0))) {
+        return;
+    }
+    int nested_scope =
+        RTEST(rb_funcall(contrast_patcher(), rb_sym_in_scope, 0));
+    rb_funcall(contrast_patcher(), rb_sym_enter_scope, 0);
+    if (!nested_scope && has_trigger_check) {
+        VALUE method = rb_funcall(rb_mKernel, rb_sym_method, 0);
+        /* If this method ever throws an exception, the scope-leave
+         * needs to be moved within a rescue call.
+         */
+        rb_funcall(module, trigger_check_method, 3, source, ret, method);
+    }
+    rb_funcall(contrast_patcher(), rb_sym_exit_scope, 0);
+}
+VALUE
+contrast_assess_module_class_eval(const int argc, const VALUE *argv,
+                                  const VALUE mod) {
+    VALUE ret = rb_mod_module_eval(argc, argv, mod);
+    if (argc > 0) {
+        VALUE data = argv[0];
+        contrast_assess_eval_trigger_check(mod, data, ret);
+    }
+    rb_funcall(assess_patcher, rb_sym_assess_patch_eval, 1, mod);
+    return ret;
+}
+VALUE
+contrast_assess_module_module_eval(const int argc, const VALUE *argv,
+                                   const VALUE mod) {
+    VALUE ret = rb_mod_module_eval(argc, argv, mod);
+    if (argc > 0) {
+        VALUE data = argv[0];
+        contrast_assess_eval_trigger_check(mod, data, ret);
+    }
+    rb_funcall(assess_patcher, rb_sym_assess_patch_eval, 1, mod);
+    return ret;
+}
+void Init_cs__assess_module(void) {
+    rb_sym_assess_patch_eval = rb_intern("patch_assess_on_eval");
+    VALUE assess_policy = rb_define_module_under(assess, "Policy");
+    assess_patcher = rb_define_module_under(assess_policy, "Patcher");
+    trigger_check_method = rb_intern("eval_trigger_check");
+    contrast_alias_method(rb_cModule, "cs__patched_class_eval", "class_eval");
+    rb_define_method(rb_cModule, "class_eval",
+                     contrast_assess_module_class_eval, -1);
+    contrast_alias_method(rb_cModule, "cs__patched_module_eval", "module_eval");
+    rb_define_method(rb_cModule, "module_eval",
+                     contrast_assess_module_module_eval, -1);
+}

data/ext/cs__assess_module/cs__assess_module.h ADDED

@@ -0,0 +1,25 @@
+#include <ruby.h>
+/* Contrast::Agent::Assess::Policy::Patcher */
+static VALUE assess_patcher;
+static VALUE rb_sym_assess_patch_eval;
+static VALUE trigger_check_method;
+/* c.f. cs__assess_basic_object.c for more context on how eval is patched. */
+void contrast_assess_eval_trigger_check(VALUE module, VALUE source, VALUE ret);
+/*
+ * rb_mod_module_eval is the C method equivalent of Module.class_eval and
+ * Module.module_eval. Calling it like this maintains the Ruby method scope
+ * that rb_mod_module_eval expects.
+ */
+VALUE
+contrast_assess_module_class_eval(const int argc, const VALUE *argv,
+                                  const VALUE mod);
+VALUE
+contrast_assess_module_module_eval(const int argc, const VALUE *argv,
+                                   const VALUE mod);
+void Init_cs__assess_module(void);

data/ext/cs__assess_module/extconf.rb ADDED

	@@ -0,0 +1,2 @@
1	+ $TO_MAKE = File.basename(__dir__)
2	+ require_relative '../extconf_common'

data/ext/cs__assess_regexp/cs__assess_regexp.c ADDED

@@ -0,0 +1,48 @@
+/* Copyright (c) 2020 Contrast Security, Inc.  See
+ * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
+#include "cs__assess_regexp.h"
+#include <ruby.h>
+void contrast_alias_method(const VALUE target, const char *to,
+                           const char *from);
+static VALUE contrast_assess_regexp_equal_squiggle(const int argc,
+                                                   const VALUE *argv,
+                                                   const VALUE regexp) {
+    VALUE result, infohash;
+    result =
+        rb_funcall2(regexp, rb_sym_assess_regexp_equal_squiggle, argc, argv);
+    if (RTEST(result)) {
+        infohash = rb_hash_new();
+        rb_hash_aset(infohash, rb_sym_regexp, regexp);
+        rb_hash_aset(infohash, rb_sym_result, result);
+        rb_hash_aset(infohash, rb_sym_string, argv[0]);
+        rb_hash_aset(infohash, rb_sym_back_ref, rb_backref_get());
+        rb_funcall(regexp, rb_sym_assess_track_regexp, 1, infohash);
+    }
+    return result;
+}
+void Init_cs__assess_regexp(void) {
+    rb_sym_assess_regexp_equal_squiggle =
+        rb_intern("cs__patched_equal_squiggle");
+    rb_sym_assess_track_regexp = rb_intern("cs__regexp_tagger");
+    rb_sym_result = ID2SYM(rb_intern("result"));
+    rb_global_variable(&rb_sym_result);
+    rb_sym_regexp = ID2SYM(rb_intern("regexp"));
+    rb_global_variable(&rb_sym_regexp);
+    rb_sym_string = ID2SYM(rb_intern("string"));
+    rb_global_variable(&rb_sym_string);
+    rb_sym_back_ref = ID2SYM(rb_intern("back_ref"));
+    rb_global_variable(&rb_sym_back_ref);
+    VALUE regexp_class = rb_define_class("Regexp", rb_cObject);
+    contrast_alias_method(regexp_class, "cs__patched_equal_squiggle", "=~");
+    rb_define_method(regexp_class, "=~", contrast_assess_regexp_equal_squiggle,
+                     -1);
+}

data/ext/cs__assess_regexp/cs__assess_regexp.h ADDED

@@ -0,0 +1,22 @@
+#include <ruby.h>
+static VALUE rb_sym_result;
+static VALUE rb_sym_regexp;
+static VALUE rb_sym_string;
+static VALUE rb_sym_back_ref;
+static VALUE rb_sym_assess_regexp_equal_squiggle;
+static VALUE rb_sym_assess_track_regexp;
+/*
+ * argc - number of arguments
+ * argv - array of arguments, can be:
+ * [nil]
+ * [Symbol]
+ * [String]
+ * regex - reference to self object
+ */
+static VALUE contrast_assess_regexp_equal_squiggle(const int argc,
+                                                   const VALUE *argv,
+                                                   const VALUE regexp);
+void Init_cs__assess_regexp(void);

data/ext/cs__assess_regexp/extconf.rb ADDED

	@@ -0,0 +1,2 @@
1	+ $TO_MAKE = File.basename(__dir__)
2	+ require_relative '../extconf_common'

data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c ADDED

@@ -0,0 +1,63 @@
+/* Copyright (c) 2020 Contrast Security, Inc.  See
+ * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
+#include "cs__assess_regexp_track.h"
+#include <funchook.h>
+#include <ruby.h>
+static VALUE rb_reg_match_pre_hook(VALUE match) {
+    VALUE result = rb_reg_match_pre_original(match);
+    result = rb_funcall(regexp_class, track_rb_pre_match, 2, match, result);
+    return result;
+}
+static VALUE rb_reg_match_post_hook(VALUE match) {
+    VALUE result = rb_reg_match_post_original(match);
+    result = rb_funcall(regexp_class, track_rb_post_match, 2, match, result);
+    return result;
+}
+static VALUE rb_reg_match_last_hook(VALUE match) {
+    VALUE result = rb_reg_match_last_original(match);
+    result =
+        rb_funcall(regexp_class, track_rb_reg_match_last, 2, match, result);
+    return result;
+}
+static VALUE rb_reg_nth_match_hook(int nth, VALUE match) {
+    VALUE result = rb_reg_nth_match_original(nth, match);
+    result = rb_funcall(regexp_class, track_rb_n_match, 2, match, result);
+    return result;
+}
+static int install_regexp_hooks() {
+    funchook_t *funchook = funchook_create();
+    rb_reg_match_pre_original = rb_reg_match_pre;
+    funchook_prepare(funchook, (void **)&rb_reg_match_pre_original,
+                     rb_reg_match_pre_hook);
+    rb_reg_match_post_original = rb_reg_match_post;
+    funchook_prepare(funchook, (void **)&rb_reg_match_post_original,
+                     rb_reg_match_post_hook);
+    rb_reg_match_last_original = rb_reg_match_last;
+    funchook_prepare(funchook, (void **)&rb_reg_match_last_original,
+                     rb_reg_match_last_hook);
+    rb_reg_nth_match_original = rb_reg_nth_match;
+    funchook_prepare(funchook, (void **)&rb_reg_nth_match_original,
+                     rb_reg_nth_match_hook);
+    funchook_install(funchook, 0);
+    return 0;
+}
+void Init_cs__assess_regexp_track(void) {
+    regexp_class = rb_define_class("Regexp", rb_cObject);
+    track_rb_n_match = rb_intern("track_rb_n_match");
+    track_rb_pre_match = rb_intern("track_rb_pre_match");
+    track_rb_post_match = rb_intern("track_rb_post_match");
+    track_rb_reg_match_last = rb_intern("track_rb_reg_match_last");
+    install_regexp_hooks();
+}