contrast-agent 3.8.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.clang-format +5 -0
- data/.dockerignore +10 -0
- data/.gitignore +58 -0
- data/.gitmodules +6 -0
- data/.rspec +6 -0
- data/.simplecov +4 -0
- data/Gemfile +7 -0
- data/LICENSE.txt +12 -0
- data/Rakefile +15 -0
- data/exe/contrast_service +29 -0
- data/ext/build_funchook.rb +48 -0
- data/ext/cs__assess_active_record_named/cs__active_record_named.c +47 -0
- data/ext/cs__assess_active_record_named/cs__active_record_named.h +10 -0
- data/ext/cs__assess_active_record_named/extconf.rb +2 -0
- data/ext/cs__assess_array/cs__assess_array.c +38 -0
- data/ext/cs__assess_array/cs__assess_array.h +9 -0
- data/ext/cs__assess_array/extconf.rb +2 -0
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +50 -0
- data/ext/cs__assess_basic_object/cs__assess_basic_object.h +17 -0
- data/ext/cs__assess_basic_object/extconf.rb +2 -0
- data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +86 -0
- data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +34 -0
- data/ext/cs__assess_fiber_track/extconf.rb +2 -0
- data/ext/cs__assess_hash/cs__assess_hash.c +64 -0
- data/ext/cs__assess_hash/cs__assess_hash.h +24 -0
- data/ext/cs__assess_hash/extconf.rb +2 -0
- data/ext/cs__assess_kernel/cs__assess_kernel.c +36 -0
- data/ext/cs__assess_kernel/cs__assess_kernel.h +10 -0
- data/ext/cs__assess_kernel/extconf.rb +2 -0
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +47 -0
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +18 -0
- data/ext/cs__assess_marshal_module/extconf.rb +2 -0
- data/ext/cs__assess_module/cs__assess_module.c +78 -0
- data/ext/cs__assess_module/cs__assess_module.h +25 -0
- data/ext/cs__assess_module/extconf.rb +2 -0
- data/ext/cs__assess_regexp/cs__assess_regexp.c +48 -0
- data/ext/cs__assess_regexp/cs__assess_regexp.h +22 -0
- data/ext/cs__assess_regexp/extconf.rb +2 -0
- data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +63 -0
- data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +29 -0
- data/ext/cs__assess_regexp_track/extconf.rb +2 -0
- data/ext/cs__assess_string/cs__assess_string.c +38 -0
- data/ext/cs__assess_string/cs__assess_string.h +19 -0
- data/ext/cs__assess_string/extconf.rb +2 -0
- data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +31 -0
- data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +13 -0
- data/ext/cs__assess_string_interpolation26/extconf.rb +2 -0
- data/ext/cs__common/cs__common.c +60 -0
- data/ext/cs__common/cs__common.h +28 -0
- data/ext/cs__common/extconf.rb +20 -0
- data/ext/cs__contrast_patch/cs__contrast_patch.c +445 -0
- data/ext/cs__contrast_patch/cs__contrast_patch.h +196 -0
- data/ext/cs__contrast_patch/extconf.rb +2 -0
- data/ext/cs__protect_kernel/cs__protect_kernel.c +37 -0
- data/ext/cs__protect_kernel/cs__protect_kernel.h +11 -0
- data/ext/cs__protect_kernel/extconf.rb +2 -0
- data/ext/cs__scope/cs__scope.c +96 -0
- data/ext/cs__scope/cs__scope.h +33 -0
- data/ext/cs__scope/extconf.rb +2 -0
- data/ext/extconf_common.rb +49 -0
- data/funchook/LICENSE +360 -0
- data/funchook/Makefile +29 -0
- data/funchook/Makefile.in +29 -0
- data/funchook/README.md +121 -0
- data/funchook/appveyor.yml +42 -0
- data/funchook/autogen.sh +3 -0
- data/funchook/autom4te.cache/output.0 +4976 -0
- data/funchook/autom4te.cache/requests +78 -0
- data/funchook/autom4te.cache/traces.0 +364 -0
- data/funchook/config.guess +1530 -0
- data/funchook/config.log +490 -0
- data/funchook/config.status +1016 -0
- data/funchook/config.sub +1773 -0
- data/funchook/configure +4976 -0
- data/funchook/configure.ac +59 -0
- data/funchook/distorm/COPYING +26 -0
- data/funchook/distorm/MANIFEST +25 -0
- data/funchook/distorm/MANIFEST.in +4 -0
- data/funchook/distorm/README.md +12 -0
- data/funchook/distorm/disOps/disOps.py +795 -0
- data/funchook/distorm/disOps/x86db.py +404 -0
- data/funchook/distorm/disOps/x86header.py +247 -0
- data/funchook/distorm/disOps/x86sets.py +1664 -0
- data/funchook/distorm/examples/cs/TestdiStorm/Program.cs +79 -0
- data/funchook/distorm/examples/cs/TestdiStorm/Properties/AssemblyInfo.cs +36 -0
- data/funchook/distorm/examples/cs/TestdiStorm/TestdiStorm.csproj +69 -0
- data/funchook/distorm/examples/cs/distorm-net.sln +26 -0
- data/funchook/distorm/examples/cs/distorm-net/CodeInfo.cs +23 -0
- data/funchook/distorm/examples/cs/distorm-net/DecodedInst.cs +15 -0
- data/funchook/distorm/examples/cs/distorm-net/DecodedResult.cs +14 -0
- data/funchook/distorm/examples/cs/distorm-net/DecomposedInst.cs +36 -0
- data/funchook/distorm/examples/cs/distorm-net/DecomposedResult.cs +14 -0
- data/funchook/distorm/examples/cs/distorm-net/Opcodes.cs +1268 -0
- data/funchook/distorm/examples/cs/distorm-net/Opcodes.tt +37 -0
- data/funchook/distorm/examples/cs/distorm-net/Operand.cs +25 -0
- data/funchook/distorm/examples/cs/distorm-net/Properties/AssemblyInfo.cs +36 -0
- data/funchook/distorm/examples/cs/distorm-net/diStorm3.cs +411 -0
- data/funchook/distorm/examples/cs/distorm-net/distorm-net.csproj +80 -0
- data/funchook/distorm/examples/cs/readme +3 -0
- data/funchook/distorm/examples/ddk/README +48 -0
- data/funchook/distorm/examples/ddk/distorm.ini +11 -0
- data/funchook/distorm/examples/ddk/dummy.c +15 -0
- data/funchook/distorm/examples/ddk/main.c +91 -0
- data/funchook/distorm/examples/ddk/makefile +1 -0
- data/funchook/distorm/examples/ddk/sources +10 -0
- data/funchook/distorm/examples/java/Makefile +23 -0
- data/funchook/distorm/examples/java/distorm/src/Main.java +43 -0
- data/funchook/distorm/examples/java/distorm/src/diStorm3/CodeInfo.java +27 -0
- data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedInst.java +32 -0
- data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedResult.java +11 -0
- data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedInst.java +89 -0
- data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedResult.java +11 -0
- data/funchook/distorm/examples/java/distorm/src/diStorm3/OpcodeEnum.java +131 -0
- data/funchook/distorm/examples/java/distorm/src/diStorm3/Opcodes.java +1123 -0
- data/funchook/distorm/examples/java/distorm/src/diStorm3/Operand.java +24 -0
- data/funchook/distorm/examples/java/distorm/src/diStorm3/distorm3.java +41 -0
- data/funchook/distorm/examples/java/jdistorm.c +405 -0
- data/funchook/distorm/examples/java/jdistorm.h +40 -0
- data/funchook/distorm/examples/java/jdistorm.sln +20 -0
- data/funchook/distorm/examples/java/jdistorm.vcproj +208 -0
- data/funchook/distorm/examples/linux/Makefile +15 -0
- data/funchook/distorm/examples/linux/main.c +181 -0
- data/funchook/distorm/examples/tests/Makefile +15 -0
- data/funchook/distorm/examples/tests/main.cpp +42 -0
- data/funchook/distorm/examples/tests/main.py +66 -0
- data/funchook/distorm/examples/tests/test_distorm3.py +1672 -0
- data/funchook/distorm/examples/tests/tests.sln +20 -0
- data/funchook/distorm/examples/tests/tests.vcxproj +82 -0
- data/funchook/distorm/examples/tests/tests.vcxproj.filters +22 -0
- data/funchook/distorm/examples/win32/disasm.sln +25 -0
- data/funchook/distorm/examples/win32/disasm.vcxproj +201 -0
- data/funchook/distorm/examples/win32/disasm.vcxproj.filters +14 -0
- data/funchook/distorm/examples/win32/main.cpp +163 -0
- data/funchook/distorm/include/distorm.h +482 -0
- data/funchook/distorm/include/mnemonics.h +301 -0
- data/funchook/distorm/make/linux/Makefile +28 -0
- data/funchook/distorm/make/mac/Makefile +24 -0
- data/funchook/distorm/make/win32/cdistorm.vcxproj +239 -0
- data/funchook/distorm/make/win32/cdistorm.vcxproj.filters +80 -0
- data/funchook/distorm/make/win32/distorm.sln +25 -0
- data/funchook/distorm/make/win32/resource.h +14 -0
- data/funchook/distorm/make/win32/resource.rc +99 -0
- data/funchook/distorm/python/distorm3/__init__.py +957 -0
- data/funchook/distorm/python/distorm3/sample.py +51 -0
- data/funchook/distorm/setup.cfg +10 -0
- data/funchook/distorm/setup.py +266 -0
- data/funchook/distorm/src/config.h +169 -0
- data/funchook/distorm/src/decoder.c +641 -0
- data/funchook/distorm/src/decoder.h +33 -0
- data/funchook/distorm/src/distorm.c +413 -0
- data/funchook/distorm/src/instructions.c +597 -0
- data/funchook/distorm/src/instructions.h +463 -0
- data/funchook/distorm/src/insts.c +7939 -0
- data/funchook/distorm/src/insts.h +64 -0
- data/funchook/distorm/src/mnemonics.c +284 -0
- data/funchook/distorm/src/operands.c +1290 -0
- data/funchook/distorm/src/operands.h +28 -0
- data/funchook/distorm/src/prefix.c +368 -0
- data/funchook/distorm/src/prefix.h +64 -0
- data/funchook/distorm/src/textdefs.c +172 -0
- data/funchook/distorm/src/textdefs.h +57 -0
- data/funchook/distorm/src/wstring.c +47 -0
- data/funchook/distorm/src/wstring.h +35 -0
- data/funchook/distorm/src/x86defs.h +82 -0
- data/funchook/include/funchook.h +123 -0
- data/funchook/install-sh +527 -0
- data/funchook/src/Makefile +70 -0
- data/funchook/src/Makefile.in +70 -0
- data/funchook/src/__strerror.h +109 -0
- data/funchook/src/config.h +101 -0
- data/funchook/src/config.h.in +100 -0
- data/funchook/src/decoder.o +0 -0
- data/funchook/src/distorm.o +0 -0
- data/funchook/src/funchook.c +440 -0
- data/funchook/src/funchook.o +0 -0
- data/funchook/src/funchook_internal.h +155 -0
- data/funchook/src/funchook_io.c +182 -0
- data/funchook/src/funchook_io.h +64 -0
- data/funchook/src/funchook_io.o +0 -0
- data/funchook/src/funchook_syscall.S +134 -0
- data/funchook/src/funchook_syscall.o +0 -0
- data/funchook/src/funchook_unix.c +480 -0
- data/funchook/src/funchook_unix.o +0 -0
- data/funchook/src/funchook_windows.c +397 -0
- data/funchook/src/funchook_x86.c +622 -0
- data/funchook/src/funchook_x86.o +0 -0
- data/funchook/src/instructions.o +0 -0
- data/funchook/src/insts.o +0 -0
- data/funchook/src/libfunchook.so +0 -0
- data/funchook/src/mnemonics.o +0 -0
- data/funchook/src/operands.o +0 -0
- data/funchook/src/os_func.c +115 -0
- data/funchook/src/os_func.h +75 -0
- data/funchook/src/os_func.o +0 -0
- data/funchook/src/os_func_unix.c +94 -0
- data/funchook/src/os_func_unix.o +0 -0
- data/funchook/src/os_func_windows.c +32 -0
- data/funchook/src/prefix.o +0 -0
- data/funchook/src/printf_base.c +1688 -0
- data/funchook/src/printf_base.h +46 -0
- data/funchook/src/printf_base.o +0 -0
- data/funchook/src/textdefs.o +0 -0
- data/funchook/src/wstring.o +0 -0
- data/funchook/test/Makefile +43 -0
- data/funchook/test/Makefile.in +43 -0
- data/funchook/test/funchook_test +0 -0
- data/funchook/test/libfunchook_test.c +25 -0
- data/funchook/test/libfunchook_test.so +0 -0
- data/funchook/test/libfunchook_test2.c +18 -0
- data/funchook/test/suffix.list +600 -0
- data/funchook/test/test_main.c +430 -0
- data/funchook/test/test_main.o +0 -0
- data/funchook/test/x86_64_test.S +10 -0
- data/funchook/test/x86_64_test.o +0 -0
- data/funchook/test/x86_test.S +339 -0
- data/funchook/win32/config.h +1 -0
- data/funchook/win32/funchook.sln +52 -0
- data/funchook/win32/funchook.vcxproj +188 -0
- data/funchook/win32/funchook.vcxproj.filters +84 -0
- data/funchook/win32/funchook_test.vcxproj +170 -0
- data/funchook/win32/funchook_test.vcxproj.filters +22 -0
- data/funchook/win32/funchook_test_dll.vcxproj +184 -0
- data/funchook/win32/funchook_test_dll.vcxproj.filters +30 -0
- data/funchook/win32/funchook_test_exe.def +3 -0
- data/lib/contrast-agent.rb +8 -0
- data/lib/contrast.rb +57 -0
- data/lib/contrast/agent.rb +80 -0
- data/lib/contrast/agent/assess.rb +45 -0
- data/lib/contrast/agent/assess/adjusted_span.rb +25 -0
- data/lib/contrast/agent/assess/class_reverter.rb +82 -0
- data/lib/contrast/agent/assess/contrast_event.rb +398 -0
- data/lib/contrast/agent/assess/frozen_properties.rb +41 -0
- data/lib/contrast/agent/assess/insulator.rb +53 -0
- data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +78 -0
- data/lib/contrast/agent/assess/policy/patcher.rb +85 -0
- data/lib/contrast/agent/assess/policy/policy.rb +116 -0
- data/lib/contrast/agent/assess/policy/policy_node.rb +289 -0
- data/lib/contrast/agent/assess/policy/policy_scanner.rb +44 -0
- data/lib/contrast/agent/assess/policy/preshift.rb +94 -0
- data/lib/contrast/agent/assess/policy/propagation_method.rb +260 -0
- data/lib/contrast/agent/assess/policy/propagation_node.rb +127 -0
- data/lib/contrast/agent/assess/policy/propagator.rb +35 -0
- data/lib/contrast/agent/assess/policy/propagator/append.rb +54 -0
- data/lib/contrast/agent/assess/policy/propagator/base.rb +37 -0
- data/lib/contrast/agent/assess/policy/propagator/center.rb +73 -0
- data/lib/contrast/agent/assess/policy/propagator/custom.rb +36 -0
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +62 -0
- data/lib/contrast/agent/assess/policy/propagator/insert.rb +55 -0
- data/lib/contrast/agent/assess/policy/propagator/keep.rb +26 -0
- data/lib/contrast/agent/assess/policy/propagator/next.rb +42 -0
- data/lib/contrast/agent/assess/policy/propagator/prepend.rb +50 -0
- data/lib/contrast/agent/assess/policy/propagator/remove.rb +76 -0
- data/lib/contrast/agent/assess/policy/propagator/replace.rb +27 -0
- data/lib/contrast/agent/assess/policy/propagator/reverse.rb +38 -0
- data/lib/contrast/agent/assess/policy/propagator/select.rb +86 -0
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +60 -0
- data/lib/contrast/agent/assess/policy/propagator/split.rb +49 -0
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +169 -0
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +81 -0
- data/lib/contrast/agent/assess/policy/rewriter_patch.rb +79 -0
- data/lib/contrast/agent/assess/policy/source_method.rb +209 -0
- data/lib/contrast/agent/assess/policy/source_node.rb +62 -0
- data/lib/contrast/agent/assess/policy/trigger_method.rb +209 -0
- data/lib/contrast/agent/assess/policy/trigger_node.rb +198 -0
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +77 -0
- data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +31 -0
- data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +40 -0
- data/lib/contrast/agent/assess/properties.rb +392 -0
- data/lib/contrast/agent/assess/rule.rb +18 -0
- data/lib/contrast/agent/assess/rule/base.rb +72 -0
- data/lib/contrast/agent/assess/rule/csrf.rb +66 -0
- data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +28 -0
- data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +69 -0
- data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +132 -0
- data/lib/contrast/agent/assess/rule/provider.rb +21 -0
- data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +62 -0
- data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +73 -0
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +121 -0
- data/lib/contrast/agent/assess/rule/redos.rb +68 -0
- data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +47 -0
- data/lib/contrast/agent/assess/rule/response_watcher.rb +36 -0
- data/lib/contrast/agent/assess/rule/watcher.rb +36 -0
- data/lib/contrast/agent/assess/tag.rb +151 -0
- data/lib/contrast/agent/at_exit_hook.rb +33 -0
- data/lib/contrast/agent/class_reopener.rb +195 -0
- data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +26 -0
- data/lib/contrast/agent/deadzone/policy/policy.rb +57 -0
- data/lib/contrast/agent/disable_reaction.rb +24 -0
- data/lib/contrast/agent/exclusion_matcher.rb +190 -0
- data/lib/contrast/agent/feature_state.rb +379 -0
- data/lib/contrast/agent/inventory/policy/policy.rb +32 -0
- data/lib/contrast/agent/inventory/policy/trigger_node.rb +22 -0
- data/lib/contrast/agent/logger_manager.rb +116 -0
- data/lib/contrast/agent/middleware.rb +352 -0
- data/lib/contrast/agent/module_data.rb +16 -0
- data/lib/contrast/agent/patching/policy/after_load_patch.rb +37 -0
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +58 -0
- data/lib/contrast/agent/patching/policy/method_policy.rb +94 -0
- data/lib/contrast/agent/patching/policy/module_policy.rb +116 -0
- data/lib/contrast/agent/patching/policy/patch.rb +312 -0
- data/lib/contrast/agent/patching/policy/patch_status.rb +192 -0
- data/lib/contrast/agent/patching/policy/patcher.rb +310 -0
- data/lib/contrast/agent/patching/policy/policy.rb +138 -0
- data/lib/contrast/agent/patching/policy/policy_node.rb +80 -0
- data/lib/contrast/agent/patching/policy/policy_unpatcher.rb +28 -0
- data/lib/contrast/agent/patching/policy/trigger_node.rb +81 -0
- data/lib/contrast/agent/protect/policy/policy.rb +37 -0
- data/lib/contrast/agent/protect/policy/trigger_node.rb +23 -0
- data/lib/contrast/agent/protect/rule.rb +58 -0
- data/lib/contrast/agent/protect/rule/base.rb +300 -0
- data/lib/contrast/agent/protect/rule/base_service.rb +88 -0
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +156 -0
- data/lib/contrast/agent/protect/rule/csrf.rb +118 -0
- data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +103 -0
- data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +85 -0
- data/lib/contrast/agent/protect/rule/default_scanner.rb +300 -0
- data/lib/contrast/agent/protect/rule/deserialization.rb +193 -0
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +80 -0
- data/lib/contrast/agent/protect/rule/no_sqli.rb +101 -0
- data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +40 -0
- data/lib/contrast/agent/protect/rule/path_traversal.rb +143 -0
- data/lib/contrast/agent/protect/rule/sqli.rb +101 -0
- data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +16 -0
- data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +38 -0
- data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +22 -0
- data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +19 -0
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +20 -0
- data/lib/contrast/agent/protect/rule/xss.rb +24 -0
- data/lib/contrast/agent/protect/rule/xxe.rb +120 -0
- data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +82 -0
- data/lib/contrast/agent/railtie.rb +30 -0
- data/lib/contrast/agent/reaction_processor.rb +47 -0
- data/lib/contrast/agent/request.rb +493 -0
- data/lib/contrast/agent/request_context.rb +225 -0
- data/lib/contrast/agent/require_state.rb +61 -0
- data/lib/contrast/agent/response.rb +215 -0
- data/lib/contrast/agent/rewriter.rb +244 -0
- data/lib/contrast/agent/scope.rb +28 -0
- data/lib/contrast/agent/service_heartbeat.rb +37 -0
- data/lib/contrast/agent/settings_state.rb +148 -0
- data/lib/contrast/agent/socket_client.rb +125 -0
- data/lib/contrast/agent/thread.rb +26 -0
- data/lib/contrast/agent/tracepoint_hook.rb +51 -0
- data/lib/contrast/agent/version.rb +8 -0
- data/lib/contrast/api.rb +17 -0
- data/lib/contrast/api/.gitkeep +0 -0
- data/lib/contrast/api/connection_status.rb +49 -0
- data/lib/contrast/api/socket.rb +43 -0
- data/lib/contrast/api/speedracer.rb +206 -0
- data/lib/contrast/api/tcp_socket.rb +31 -0
- data/lib/contrast/api/unix_socket.rb +25 -0
- data/lib/contrast/common_agent_configuration.rb +86 -0
- data/lib/contrast/components/agent.rb +85 -0
- data/lib/contrast/components/app_context.rb +188 -0
- data/lib/contrast/components/assess.rb +67 -0
- data/lib/contrast/components/config.rb +135 -0
- data/lib/contrast/components/contrast_service.rb +113 -0
- data/lib/contrast/components/heap_dump.rb +34 -0
- data/lib/contrast/components/interface.rb +178 -0
- data/lib/contrast/components/inventory.rb +23 -0
- data/lib/contrast/components/logger.rb +92 -0
- data/lib/contrast/components/protect.rb +38 -0
- data/lib/contrast/components/sampling.rb +41 -0
- data/lib/contrast/components/scope.rb +106 -0
- data/lib/contrast/components/settings.rb +140 -0
- data/lib/contrast/config.rb +33 -0
- data/lib/contrast/config/agent_configuration.rb +24 -0
- data/lib/contrast/config/application_configuration.rb +27 -0
- data/lib/contrast/config/assess_configuration.rb +22 -0
- data/lib/contrast/config/assess_rules_configuration.rb +18 -0
- data/lib/contrast/config/base_configuration.rb +105 -0
- data/lib/contrast/config/default_value.rb +16 -0
- data/lib/contrast/config/exception_configuration.rb +21 -0
- data/lib/contrast/config/heap_dump_configuration.rb +23 -0
- data/lib/contrast/config/inventory_configuration.rb +20 -0
- data/lib/contrast/config/logger_configuration.rb +20 -0
- data/lib/contrast/config/protect_configuration.rb +20 -0
- data/lib/contrast/config/protect_rule_configuration.rb +37 -0
- data/lib/contrast/config/protect_rules_configuration.rb +30 -0
- data/lib/contrast/config/root_configuration.rb +26 -0
- data/lib/contrast/config/ruby_configuration.rb +39 -0
- data/lib/contrast/config/sampling_configuration.rb +22 -0
- data/lib/contrast/config/server_configuration.rb +23 -0
- data/lib/contrast/config/service_configuration.rb +22 -0
- data/lib/contrast/configuration.rb +214 -0
- data/lib/contrast/core_extensions/assess.rb +51 -0
- data/lib/contrast/core_extensions/assess/array.rb +58 -0
- data/lib/contrast/core_extensions/assess/assess_extension.rb +145 -0
- data/lib/contrast/core_extensions/assess/basic_object.rb +15 -0
- data/lib/contrast/core_extensions/assess/erb.rb +42 -0
- data/lib/contrast/core_extensions/assess/exec_trigger.rb +48 -0
- data/lib/contrast/core_extensions/assess/fiber.rb +125 -0
- data/lib/contrast/core_extensions/assess/hash.rb +22 -0
- data/lib/contrast/core_extensions/assess/kernel.rb +95 -0
- data/lib/contrast/core_extensions/assess/module.rb +14 -0
- data/lib/contrast/core_extensions/assess/regexp.rb +206 -0
- data/lib/contrast/core_extensions/assess/string.rb +75 -0
- data/lib/contrast/core_extensions/assess/tilt_template_trigger.rb +73 -0
- data/lib/contrast/core_extensions/delegator.rb +14 -0
- data/lib/contrast/core_extensions/eval_trigger.rb +52 -0
- data/lib/contrast/core_extensions/inventory.rb +22 -0
- data/lib/contrast/core_extensions/inventory/datastores.rb +37 -0
- data/lib/contrast/core_extensions/module.rb +42 -0
- data/lib/contrast/core_extensions/object.rb +27 -0
- data/lib/contrast/core_extensions/protect.rb +20 -0
- data/lib/contrast/core_extensions/protect/applies_command_injection_rule.rb +70 -0
- data/lib/contrast/core_extensions/protect/applies_deserialization_rule.rb +58 -0
- data/lib/contrast/core_extensions/protect/applies_no_sqli_rule.rb +81 -0
- data/lib/contrast/core_extensions/protect/applies_path_traversal_rule.rb +119 -0
- data/lib/contrast/core_extensions/protect/applies_sqli_rule.rb +63 -0
- data/lib/contrast/core_extensions/protect/applies_xxe_rule.rb +141 -0
- data/lib/contrast/core_extensions/protect/kernel.rb +30 -0
- data/lib/contrast/core_extensions/protect/psych.rb +7 -0
- data/lib/contrast/core_extensions/thread.rb +31 -0
- data/lib/contrast/internal_exception.rb +8 -0
- data/lib/contrast/rails_extensions/assess/action_controller_inheritance.rb +48 -0
- data/lib/contrast/rails_extensions/assess/active_record.rb +32 -0
- data/lib/contrast/rails_extensions/assess/active_record_named.rb +61 -0
- data/lib/contrast/rails_extensions/assess/configuration.rb +26 -0
- data/lib/contrast/rails_extensions/buffer.rb +30 -0
- data/lib/contrast/rails_extensions/rack.rb +45 -0
- data/lib/contrast/security_exception.rb +14 -0
- data/lib/contrast/sinatra_extensions/assess/cookie.rb +26 -0
- data/lib/contrast/sinatra_extensions/inventory/sinatra_base.rb +59 -0
- data/lib/contrast/tasks/service.rb +95 -0
- data/lib/contrast/utils/assess/sampling_util.rb +96 -0
- data/lib/contrast/utils/assess/tracking_util.rb +39 -0
- data/lib/contrast/utils/boolean_util.rb +33 -0
- data/lib/contrast/utils/cache.rb +69 -0
- data/lib/contrast/utils/class_util.rb +58 -0
- data/lib/contrast/utils/comment_range.rb +19 -0
- data/lib/contrast/utils/data_store_util.rb +23 -0
- data/lib/contrast/utils/duck_utils.rb +58 -0
- data/lib/contrast/utils/env_configuration_item.rb +52 -0
- data/lib/contrast/utils/environment_util.rb +152 -0
- data/lib/contrast/utils/freeze_util.rb +36 -0
- data/lib/contrast/utils/gemfile_reader.rb +191 -0
- data/lib/contrast/utils/hash_digest.rb +148 -0
- data/lib/contrast/utils/heap_dump_util.rb +113 -0
- data/lib/contrast/utils/invalid_configuration_util.rb +88 -0
- data/lib/contrast/utils/inventory_util.rb +126 -0
- data/lib/contrast/utils/io_util.rb +61 -0
- data/lib/contrast/utils/object_share.rb +117 -0
- data/lib/contrast/utils/operating_environment.rb +38 -0
- data/lib/contrast/utils/os.rb +49 -0
- data/lib/contrast/utils/path_util.rb +151 -0
- data/lib/contrast/utils/performs_logging.rb +152 -0
- data/lib/contrast/utils/preflight_util.rb +13 -0
- data/lib/contrast/utils/prevent_serialization.rb +52 -0
- data/lib/contrast/utils/rack_assess_session_cookie.rb +104 -0
- data/lib/contrast/utils/rails_assess_configuration.rb +95 -0
- data/lib/contrast/utils/random_util.rb +22 -0
- data/lib/contrast/utils/resource_loader.rb +23 -0
- data/lib/contrast/utils/ruby_ast_rewriter.rb +74 -0
- data/lib/contrast/utils/scope_util.rb +99 -0
- data/lib/contrast/utils/service_response_util.rb +116 -0
- data/lib/contrast/utils/service_sender_util.rb +98 -0
- data/lib/contrast/utils/sha256_builder.rb +69 -0
- data/lib/contrast/utils/sinatra_helper.rb +49 -0
- data/lib/contrast/utils/stack_trace_utils.rb +209 -0
- data/lib/contrast/utils/string_utils.rb +72 -0
- data/lib/contrast/utils/tag_util.rb +139 -0
- data/lib/contrast/utils/thread_tracker.rb +54 -0
- data/lib/contrast/utils/timer.rb +78 -0
- data/resources/assess/policy.json +1673 -0
- data/resources/csrf/inject.js +44 -0
- data/resources/deadzone/policy.json +55 -0
- data/resources/factory-bot-spec/spec_helper.rb +30 -0
- data/resources/inventory/policy.json +110 -0
- data/resources/protect/policy.json +417 -0
- data/resources/rubocops/kernel/catch_cop.rb +37 -0
- data/resources/rubocops/kernel/require_cop.rb +37 -0
- data/resources/rubocops/kernel/require_relative_cop.rb +33 -0
- data/resources/rubocops/module/autoload_cop.rb +37 -0
- data/resources/rubocops/module/const_defined_cop.rb +37 -0
- data/resources/rubocops/module/const_get_cop.rb +37 -0
- data/resources/rubocops/module/const_set_cop.rb +37 -0
- data/resources/rubocops/module/constants_cop.rb +37 -0
- data/resources/rubocops/module/name_cop.rb +37 -0
- data/resources/rubocops/object/class_cop.rb +37 -0
- data/resources/rubocops/object/freeze_cop.rb +37 -0
- data/resources/rubocops/object/frozen_cop.rb +37 -0
- data/resources/rubocops/object/is_a_cop.rb +37 -0
- data/resources/rubocops/object/method_cop.rb +37 -0
- data/resources/rubocops/object/respond_to_cop.rb +37 -0
- data/resources/rubocops/object/singleton_class_cop.rb +37 -0
- data/resources/rubocops/regexp/spelling_cop.rb +44 -0
- data/resources/rubocops/thread/new_cop.rb +39 -0
- data/resources/ruby-spec/ancestors_spec.rb +70 -0
- data/resources/ruby-spec/modulo_spec.rb +831 -0
- data/resources/ruby-spec/parameters_spec.rb +261 -0
- data/resources/ruby-spec/ruby_spec_spec_helper.rb +35 -0
- data/resources/test_marker.txt +1 -0
- data/ruby-agent.gemspec +129 -0
- data/service_executables/.gitkeep +0 -0
- data/service_executables/VERSION +1 -0
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +945 -0
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
/* -*- indent-tabs-mode: nil -*-
|
|
2
|
+
*
|
|
3
|
+
* printf_base - base function to make printf-like functions
|
|
4
|
+
* https://github.com/kubo/printf_base
|
|
5
|
+
*
|
|
6
|
+
* Copyright (C) 2016 Kubo Takehiro <kubo@jiubao.org>
|
|
7
|
+
*
|
|
8
|
+
* Redistribution and use in source and binary forms, with or without
|
|
9
|
+
* modification, are permitted provided that the following conditions are met:
|
|
10
|
+
*
|
|
11
|
+
* 1. Redistributions of source code must retain the above copyright
|
|
12
|
+
* notice, this list of conditions and the following disclaimer.
|
|
13
|
+
*
|
|
14
|
+
* 2. Redistributions in binary form must reproduce the above
|
|
15
|
+
* copyright notice, this list of conditions and the following
|
|
16
|
+
* disclaimer in the documentation and/or other materials provided
|
|
17
|
+
* with the distribution.
|
|
18
|
+
*
|
|
19
|
+
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS OR
|
|
20
|
+
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
21
|
+
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
22
|
+
* DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> OR CONTRIBUTORS BE
|
|
23
|
+
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
24
|
+
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
25
|
+
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
|
26
|
+
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
27
|
+
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
28
|
+
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
|
29
|
+
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
30
|
+
*
|
|
31
|
+
* The views and conclusions contained in the software and documentation
|
|
32
|
+
* are those of the authors and should not be interpreted as representing
|
|
33
|
+
* official policies, either expressed or implied, of the authors.
|
|
34
|
+
*/
|
|
35
|
+
#ifndef PRINTF_BASE_H
|
|
36
|
+
#define PRINTF_BASE_H
|
|
37
|
+
#include <stdarg.h>
|
|
38
|
+
|
|
39
|
+
typedef int (*pfb_putc_t)(char c, void *handle);
|
|
40
|
+
typedef int (*pfb_write_t)(void *handle, const void *buf, size_t count);
|
|
41
|
+
|
|
42
|
+
int printf_base(pfb_putc_t func, void *handle, const char *format, va_list ap);
|
|
43
|
+
|
|
44
|
+
int printf_base_with_buffering(pfb_write_t func, void *handle, const char *format, va_list ap);
|
|
45
|
+
|
|
46
|
+
#endif
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
srcdir = .
|
|
2
|
+
top_srcdir = ..
|
|
3
|
+
top_builddir = ..
|
|
4
|
+
|
|
5
|
+
CC = gcc
|
|
6
|
+
AS = gcc -c
|
|
7
|
+
OBJS = test_main.o x86_64_test.o
|
|
8
|
+
CFLAGS += -O2 -g -I$(srcdir)/../include
|
|
9
|
+
PIC_CFLAGS = -fPIC
|
|
10
|
+
LIBS = -L$(top_builddir)/src -lfunchook -Wl,-rpath,$(top_builddir)/src -L. -lfunchook_test -Wl,-rpath,.
|
|
11
|
+
LINK_SHARED = $(CC) -shared
|
|
12
|
+
EXEEXT =
|
|
13
|
+
DLLTOOL = $(firstword $(CC:gcc=dlltool))
|
|
14
|
+
SO_OBJS = $(srcdir)/libfunchook_test.c $(srcdir)/libfunchook_test2.c
|
|
15
|
+
#LDFLAGS += -Wl,--out-implib,funchook_test.lib
|
|
16
|
+
#FUNCHOOK_TEST_LIB = funchook_test_exe.lib
|
|
17
|
+
#LDFLAGS += -Wl,-undefined,dynamic_lookup
|
|
18
|
+
|
|
19
|
+
VPATH = ../src
|
|
20
|
+
|
|
21
|
+
all: funchook_test$(EXEEXT)
|
|
22
|
+
|
|
23
|
+
test: funchook_test$(EXEEXT)
|
|
24
|
+
# cmp -s $(top_builddir)/src/funchook.dll funchook.dll || cp $(top_builddir)/src/funchook.dll funchook.dll
|
|
25
|
+
./funchook_test$(EXEEXT)
|
|
26
|
+
|
|
27
|
+
funchook_test$(EXEEXT): $(OBJS) libfunchook.so libfunchook_test.so
|
|
28
|
+
$(CC) -o funchook_test$(EXEEXT) $(OBJS) $(LIBS)
|
|
29
|
+
|
|
30
|
+
libfunchook_test.so: $(SO_OBJS) $(FUNCHOOK_TEST_LIB)
|
|
31
|
+
$(LINK_SHARED) $(LDFLAGS) $(PIC_CFLAGS) $(CFLAGS) -o libfunchook_test.so $(SO_OBJS) $(FUNCHOOK_TEST_LIB)
|
|
32
|
+
|
|
33
|
+
clean:
|
|
34
|
+
$(RM) $(TESTEXE) *.o libfunchook_test.so
|
|
35
|
+
|
|
36
|
+
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
|
|
37
|
+
cd $(top_builddir) && ./config.status
|
|
38
|
+
|
|
39
|
+
funchook_test_exe.lib:
|
|
40
|
+
echo "LIBRARY funchook_test.exe" > funchook_test_exe.def
|
|
41
|
+
echo "EXPORTS" >> funchook_test_exe.def
|
|
42
|
+
echo "get_val_in_exe" >> funchook_test_exe.def
|
|
43
|
+
$(DLLTOOL) -d funchook_test_exe.def -l funchook_test_exe.lib
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
srcdir = @srcdir@
|
|
2
|
+
top_srcdir = @top_srcdir@
|
|
3
|
+
top_builddir = @top_builddir@
|
|
4
|
+
|
|
5
|
+
CC = @CC@
|
|
6
|
+
AS = @CC@ -c
|
|
7
|
+
OBJS = test_main.o @FUNCHOOK_CPU@_test.o
|
|
8
|
+
CFLAGS += -O2 -g -I$(srcdir)/../include
|
|
9
|
+
PIC_CFLAGS = @PIC_CFLAGS@
|
|
10
|
+
LIBS = -L$(top_builddir)/src -lfunchook -Wl,-rpath,$(top_builddir)/src -L. -lfunchook_test -Wl,-rpath,.
|
|
11
|
+
LINK_SHARED = @LINK_SHARED@
|
|
12
|
+
EXEEXT = @EXEEXT@
|
|
13
|
+
DLLTOOL = $(firstword $(CC:gcc=dlltool))
|
|
14
|
+
SO_OBJS = $(srcdir)/libfunchook_test.c $(srcdir)/libfunchook_test2.c
|
|
15
|
+
@IF_WIN32@LDFLAGS += -Wl,--out-implib,funchook_test.lib
|
|
16
|
+
@IF_WIN32@FUNCHOOK_TEST_LIB = funchook_test_exe.lib
|
|
17
|
+
@IF_OSX@LDFLAGS += -Wl,-undefined,dynamic_lookup
|
|
18
|
+
|
|
19
|
+
VPATH = $(srcdir):../src
|
|
20
|
+
|
|
21
|
+
all: funchook_test$(EXEEXT)
|
|
22
|
+
|
|
23
|
+
test: funchook_test$(EXEEXT)
|
|
24
|
+
@IF_WIN32@ cmp -s $(top_builddir)/src/funchook.dll funchook.dll || cp $(top_builddir)/src/funchook.dll funchook.dll
|
|
25
|
+
./funchook_test$(EXEEXT)
|
|
26
|
+
|
|
27
|
+
funchook_test$(EXEEXT): $(OBJS) @LIBFUNCHOOK_SO@ libfunchook_test.so
|
|
28
|
+
$(CC) -o funchook_test$(EXEEXT) $(OBJS) $(LIBS)
|
|
29
|
+
|
|
30
|
+
libfunchook_test.so: $(SO_OBJS) $(FUNCHOOK_TEST_LIB)
|
|
31
|
+
$(LINK_SHARED) $(LDFLAGS) $(PIC_CFLAGS) $(CFLAGS) -o libfunchook_test.so $(SO_OBJS) $(FUNCHOOK_TEST_LIB)
|
|
32
|
+
|
|
33
|
+
clean:
|
|
34
|
+
$(RM) $(TESTEXE) *.o libfunchook_test.so
|
|
35
|
+
|
|
36
|
+
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
|
|
37
|
+
cd $(top_builddir) && ./config.status
|
|
38
|
+
|
|
39
|
+
funchook_test_exe.lib:
|
|
40
|
+
echo "LIBRARY funchook_test.exe" > funchook_test_exe.def
|
|
41
|
+
echo "EXPORTS" >> funchook_test_exe.def
|
|
42
|
+
echo "get_val_in_exe" >> funchook_test_exe.def
|
|
43
|
+
$(DLLTOOL) -d funchook_test_exe.def -l funchook_test_exe.lib
|
|
Binary file
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
#ifdef WIN32
|
|
2
|
+
#define DLLEXPORT __declspec(dllexport)
|
|
3
|
+
#else
|
|
4
|
+
#define DLLEXPORT
|
|
5
|
+
#endif
|
|
6
|
+
|
|
7
|
+
#if defined(WIN32) || defined(__APPLE__)
|
|
8
|
+
static int int_val;
|
|
9
|
+
|
|
10
|
+
DLLEXPORT void set_int_val(int val)
|
|
11
|
+
{
|
|
12
|
+
int_val = val;
|
|
13
|
+
}
|
|
14
|
+
#else
|
|
15
|
+
extern int int_val;
|
|
16
|
+
#endif
|
|
17
|
+
|
|
18
|
+
DLLEXPORT int get_val_in_dll()
|
|
19
|
+
{
|
|
20
|
+
return int_val;
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
#define S(suffix) DLLEXPORT int dllfunc_##suffix(int a, int b) { return a * b + suffix; }
|
|
24
|
+
#include "suffix.list"
|
|
25
|
+
#undef S
|
|
Binary file
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
#ifdef WIN32
|
|
2
|
+
#define DLLEXPORT __declspec(dllexport)
|
|
3
|
+
#else
|
|
4
|
+
#define DLLEXPORT
|
|
5
|
+
#endif
|
|
6
|
+
|
|
7
|
+
extern int get_val_in_exe(void);
|
|
8
|
+
extern int get_val_in_dll(void);
|
|
9
|
+
|
|
10
|
+
DLLEXPORT int get_val_in_exe_from_dll()
|
|
11
|
+
{
|
|
12
|
+
return get_val_in_exe();
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
DLLEXPORT int get_val_in_dll_from_dll()
|
|
16
|
+
{
|
|
17
|
+
return get_val_in_dll();
|
|
18
|
+
}
|
|
@@ -0,0 +1,600 @@
|
|
|
1
|
+
S(1)
|
|
2
|
+
S(2)
|
|
3
|
+
S(3)
|
|
4
|
+
S(4)
|
|
5
|
+
S(5)
|
|
6
|
+
S(6)
|
|
7
|
+
S(7)
|
|
8
|
+
S(8)
|
|
9
|
+
S(9)
|
|
10
|
+
S(10)
|
|
11
|
+
S(11)
|
|
12
|
+
S(12)
|
|
13
|
+
S(13)
|
|
14
|
+
S(14)
|
|
15
|
+
S(15)
|
|
16
|
+
S(16)
|
|
17
|
+
S(17)
|
|
18
|
+
S(18)
|
|
19
|
+
S(19)
|
|
20
|
+
S(20)
|
|
21
|
+
S(21)
|
|
22
|
+
S(22)
|
|
23
|
+
S(23)
|
|
24
|
+
S(24)
|
|
25
|
+
S(25)
|
|
26
|
+
S(26)
|
|
27
|
+
S(27)
|
|
28
|
+
S(28)
|
|
29
|
+
S(29)
|
|
30
|
+
S(30)
|
|
31
|
+
S(31)
|
|
32
|
+
S(32)
|
|
33
|
+
S(33)
|
|
34
|
+
S(34)
|
|
35
|
+
S(35)
|
|
36
|
+
S(36)
|
|
37
|
+
S(37)
|
|
38
|
+
S(38)
|
|
39
|
+
S(39)
|
|
40
|
+
S(40)
|
|
41
|
+
S(41)
|
|
42
|
+
S(42)
|
|
43
|
+
S(43)
|
|
44
|
+
S(44)
|
|
45
|
+
S(45)
|
|
46
|
+
S(46)
|
|
47
|
+
S(47)
|
|
48
|
+
S(48)
|
|
49
|
+
S(49)
|
|
50
|
+
S(50)
|
|
51
|
+
S(51)
|
|
52
|
+
S(52)
|
|
53
|
+
S(53)
|
|
54
|
+
S(54)
|
|
55
|
+
S(55)
|
|
56
|
+
S(56)
|
|
57
|
+
S(57)
|
|
58
|
+
S(58)
|
|
59
|
+
S(59)
|
|
60
|
+
S(60)
|
|
61
|
+
S(61)
|
|
62
|
+
S(62)
|
|
63
|
+
S(63)
|
|
64
|
+
S(64)
|
|
65
|
+
S(65)
|
|
66
|
+
S(66)
|
|
67
|
+
S(67)
|
|
68
|
+
S(68)
|
|
69
|
+
S(69)
|
|
70
|
+
S(70)
|
|
71
|
+
S(71)
|
|
72
|
+
S(72)
|
|
73
|
+
S(73)
|
|
74
|
+
S(74)
|
|
75
|
+
S(75)
|
|
76
|
+
S(76)
|
|
77
|
+
S(77)
|
|
78
|
+
S(78)
|
|
79
|
+
S(79)
|
|
80
|
+
S(80)
|
|
81
|
+
S(81)
|
|
82
|
+
S(82)
|
|
83
|
+
S(83)
|
|
84
|
+
S(84)
|
|
85
|
+
S(85)
|
|
86
|
+
S(86)
|
|
87
|
+
S(87)
|
|
88
|
+
S(88)
|
|
89
|
+
S(89)
|
|
90
|
+
S(90)
|
|
91
|
+
S(91)
|
|
92
|
+
S(92)
|
|
93
|
+
S(93)
|
|
94
|
+
S(94)
|
|
95
|
+
S(95)
|
|
96
|
+
S(96)
|
|
97
|
+
S(97)
|
|
98
|
+
S(98)
|
|
99
|
+
S(99)
|
|
100
|
+
S(100)
|
|
101
|
+
S(101)
|
|
102
|
+
S(102)
|
|
103
|
+
S(103)
|
|
104
|
+
S(104)
|
|
105
|
+
S(105)
|
|
106
|
+
S(106)
|
|
107
|
+
S(107)
|
|
108
|
+
S(108)
|
|
109
|
+
S(109)
|
|
110
|
+
S(110)
|
|
111
|
+
S(111)
|
|
112
|
+
S(112)
|
|
113
|
+
S(113)
|
|
114
|
+
S(114)
|
|
115
|
+
S(115)
|
|
116
|
+
S(116)
|
|
117
|
+
S(117)
|
|
118
|
+
S(118)
|
|
119
|
+
S(119)
|
|
120
|
+
S(120)
|
|
121
|
+
S(121)
|
|
122
|
+
S(122)
|
|
123
|
+
S(123)
|
|
124
|
+
S(124)
|
|
125
|
+
S(125)
|
|
126
|
+
S(126)
|
|
127
|
+
S(127)
|
|
128
|
+
S(128)
|
|
129
|
+
S(129)
|
|
130
|
+
S(130)
|
|
131
|
+
S(131)
|
|
132
|
+
S(132)
|
|
133
|
+
S(133)
|
|
134
|
+
S(134)
|
|
135
|
+
S(135)
|
|
136
|
+
S(136)
|
|
137
|
+
S(137)
|
|
138
|
+
S(138)
|
|
139
|
+
S(139)
|
|
140
|
+
S(140)
|
|
141
|
+
S(141)
|
|
142
|
+
S(142)
|
|
143
|
+
S(143)
|
|
144
|
+
S(144)
|
|
145
|
+
S(145)
|
|
146
|
+
S(146)
|
|
147
|
+
S(147)
|
|
148
|
+
S(148)
|
|
149
|
+
S(149)
|
|
150
|
+
S(150)
|
|
151
|
+
S(151)
|
|
152
|
+
S(152)
|
|
153
|
+
S(153)
|
|
154
|
+
S(154)
|
|
155
|
+
S(155)
|
|
156
|
+
S(156)
|
|
157
|
+
S(157)
|
|
158
|
+
S(158)
|
|
159
|
+
S(159)
|
|
160
|
+
S(160)
|
|
161
|
+
S(161)
|
|
162
|
+
S(162)
|
|
163
|
+
S(163)
|
|
164
|
+
S(164)
|
|
165
|
+
S(165)
|
|
166
|
+
S(166)
|
|
167
|
+
S(167)
|
|
168
|
+
S(168)
|
|
169
|
+
S(169)
|
|
170
|
+
S(170)
|
|
171
|
+
S(171)
|
|
172
|
+
S(172)
|
|
173
|
+
S(173)
|
|
174
|
+
S(174)
|
|
175
|
+
S(175)
|
|
176
|
+
S(176)
|
|
177
|
+
S(177)
|
|
178
|
+
S(178)
|
|
179
|
+
S(179)
|
|
180
|
+
S(180)
|
|
181
|
+
S(181)
|
|
182
|
+
S(182)
|
|
183
|
+
S(183)
|
|
184
|
+
S(184)
|
|
185
|
+
S(185)
|
|
186
|
+
S(186)
|
|
187
|
+
S(187)
|
|
188
|
+
S(188)
|
|
189
|
+
S(189)
|
|
190
|
+
S(190)
|
|
191
|
+
S(191)
|
|
192
|
+
S(192)
|
|
193
|
+
S(193)
|
|
194
|
+
S(194)
|
|
195
|
+
S(195)
|
|
196
|
+
S(196)
|
|
197
|
+
S(197)
|
|
198
|
+
S(198)
|
|
199
|
+
S(199)
|
|
200
|
+
S(200)
|
|
201
|
+
S(201)
|
|
202
|
+
S(202)
|
|
203
|
+
S(203)
|
|
204
|
+
S(204)
|
|
205
|
+
S(205)
|
|
206
|
+
S(206)
|
|
207
|
+
S(207)
|
|
208
|
+
S(208)
|
|
209
|
+
S(209)
|
|
210
|
+
S(210)
|
|
211
|
+
S(211)
|
|
212
|
+
S(212)
|
|
213
|
+
S(213)
|
|
214
|
+
S(214)
|
|
215
|
+
S(215)
|
|
216
|
+
S(216)
|
|
217
|
+
S(217)
|
|
218
|
+
S(218)
|
|
219
|
+
S(219)
|
|
220
|
+
S(220)
|
|
221
|
+
S(221)
|
|
222
|
+
S(222)
|
|
223
|
+
S(223)
|
|
224
|
+
S(224)
|
|
225
|
+
S(225)
|
|
226
|
+
S(226)
|
|
227
|
+
S(227)
|
|
228
|
+
S(228)
|
|
229
|
+
S(229)
|
|
230
|
+
S(230)
|
|
231
|
+
S(231)
|
|
232
|
+
S(232)
|
|
233
|
+
S(233)
|
|
234
|
+
S(234)
|
|
235
|
+
S(235)
|
|
236
|
+
S(236)
|
|
237
|
+
S(237)
|
|
238
|
+
S(238)
|
|
239
|
+
S(239)
|
|
240
|
+
S(240)
|
|
241
|
+
S(241)
|
|
242
|
+
S(242)
|
|
243
|
+
S(243)
|
|
244
|
+
S(244)
|
|
245
|
+
S(245)
|
|
246
|
+
S(246)
|
|
247
|
+
S(247)
|
|
248
|
+
S(248)
|
|
249
|
+
S(249)
|
|
250
|
+
S(250)
|
|
251
|
+
S(251)
|
|
252
|
+
S(252)
|
|
253
|
+
S(253)
|
|
254
|
+
S(254)
|
|
255
|
+
S(255)
|
|
256
|
+
S(256)
|
|
257
|
+
S(257)
|
|
258
|
+
S(258)
|
|
259
|
+
S(259)
|
|
260
|
+
S(260)
|
|
261
|
+
S(261)
|
|
262
|
+
S(262)
|
|
263
|
+
S(263)
|
|
264
|
+
S(264)
|
|
265
|
+
S(265)
|
|
266
|
+
S(266)
|
|
267
|
+
S(267)
|
|
268
|
+
S(268)
|
|
269
|
+
S(269)
|
|
270
|
+
S(270)
|
|
271
|
+
S(271)
|
|
272
|
+
S(272)
|
|
273
|
+
S(273)
|
|
274
|
+
S(274)
|
|
275
|
+
S(275)
|
|
276
|
+
S(276)
|
|
277
|
+
S(277)
|
|
278
|
+
S(278)
|
|
279
|
+
S(279)
|
|
280
|
+
S(280)
|
|
281
|
+
S(281)
|
|
282
|
+
S(282)
|
|
283
|
+
S(283)
|
|
284
|
+
S(284)
|
|
285
|
+
S(285)
|
|
286
|
+
S(286)
|
|
287
|
+
S(287)
|
|
288
|
+
S(288)
|
|
289
|
+
S(289)
|
|
290
|
+
S(290)
|
|
291
|
+
S(291)
|
|
292
|
+
S(292)
|
|
293
|
+
S(293)
|
|
294
|
+
S(294)
|
|
295
|
+
S(295)
|
|
296
|
+
S(296)
|
|
297
|
+
S(297)
|
|
298
|
+
S(298)
|
|
299
|
+
S(299)
|
|
300
|
+
S(300)
|
|
301
|
+
S(301)
|
|
302
|
+
S(302)
|
|
303
|
+
S(303)
|
|
304
|
+
S(304)
|
|
305
|
+
S(305)
|
|
306
|
+
S(306)
|
|
307
|
+
S(307)
|
|
308
|
+
S(308)
|
|
309
|
+
S(309)
|
|
310
|
+
S(310)
|
|
311
|
+
S(311)
|
|
312
|
+
S(312)
|
|
313
|
+
S(313)
|
|
314
|
+
S(314)
|
|
315
|
+
S(315)
|
|
316
|
+
S(316)
|
|
317
|
+
S(317)
|
|
318
|
+
S(318)
|
|
319
|
+
S(319)
|
|
320
|
+
S(320)
|
|
321
|
+
S(321)
|
|
322
|
+
S(322)
|
|
323
|
+
S(323)
|
|
324
|
+
S(324)
|
|
325
|
+
S(325)
|
|
326
|
+
S(326)
|
|
327
|
+
S(327)
|
|
328
|
+
S(328)
|
|
329
|
+
S(329)
|
|
330
|
+
S(330)
|
|
331
|
+
S(331)
|
|
332
|
+
S(332)
|
|
333
|
+
S(333)
|
|
334
|
+
S(334)
|
|
335
|
+
S(335)
|
|
336
|
+
S(336)
|
|
337
|
+
S(337)
|
|
338
|
+
S(338)
|
|
339
|
+
S(339)
|
|
340
|
+
S(340)
|
|
341
|
+
S(341)
|
|
342
|
+
S(342)
|
|
343
|
+
S(343)
|
|
344
|
+
S(344)
|
|
345
|
+
S(345)
|
|
346
|
+
S(346)
|
|
347
|
+
S(347)
|
|
348
|
+
S(348)
|
|
349
|
+
S(349)
|
|
350
|
+
S(350)
|
|
351
|
+
S(351)
|
|
352
|
+
S(352)
|
|
353
|
+
S(353)
|
|
354
|
+
S(354)
|
|
355
|
+
S(355)
|
|
356
|
+
S(356)
|
|
357
|
+
S(357)
|
|
358
|
+
S(358)
|
|
359
|
+
S(359)
|
|
360
|
+
S(360)
|
|
361
|
+
S(361)
|
|
362
|
+
S(362)
|
|
363
|
+
S(363)
|
|
364
|
+
S(364)
|
|
365
|
+
S(365)
|
|
366
|
+
S(366)
|
|
367
|
+
S(367)
|
|
368
|
+
S(368)
|
|
369
|
+
S(369)
|
|
370
|
+
S(370)
|
|
371
|
+
S(371)
|
|
372
|
+
S(372)
|
|
373
|
+
S(373)
|
|
374
|
+
S(374)
|
|
375
|
+
S(375)
|
|
376
|
+
S(376)
|
|
377
|
+
S(377)
|
|
378
|
+
S(378)
|
|
379
|
+
S(379)
|
|
380
|
+
S(380)
|
|
381
|
+
S(381)
|
|
382
|
+
S(382)
|
|
383
|
+
S(383)
|
|
384
|
+
S(384)
|
|
385
|
+
S(385)
|
|
386
|
+
S(386)
|
|
387
|
+
S(387)
|
|
388
|
+
S(388)
|
|
389
|
+
S(389)
|
|
390
|
+
S(390)
|
|
391
|
+
S(391)
|
|
392
|
+
S(392)
|
|
393
|
+
S(393)
|
|
394
|
+
S(394)
|
|
395
|
+
S(395)
|
|
396
|
+
S(396)
|
|
397
|
+
S(397)
|
|
398
|
+
S(398)
|
|
399
|
+
S(399)
|
|
400
|
+
S(400)
|
|
401
|
+
S(401)
|
|
402
|
+
S(402)
|
|
403
|
+
S(403)
|
|
404
|
+
S(404)
|
|
405
|
+
S(405)
|
|
406
|
+
S(406)
|
|
407
|
+
S(407)
|
|
408
|
+
S(408)
|
|
409
|
+
S(409)
|
|
410
|
+
S(410)
|
|
411
|
+
S(411)
|
|
412
|
+
S(412)
|
|
413
|
+
S(413)
|
|
414
|
+
S(414)
|
|
415
|
+
S(415)
|
|
416
|
+
S(416)
|
|
417
|
+
S(417)
|
|
418
|
+
S(418)
|
|
419
|
+
S(419)
|
|
420
|
+
S(420)
|
|
421
|
+
S(421)
|
|
422
|
+
S(422)
|
|
423
|
+
S(423)
|
|
424
|
+
S(424)
|
|
425
|
+
S(425)
|
|
426
|
+
S(426)
|
|
427
|
+
S(427)
|
|
428
|
+
S(428)
|
|
429
|
+
S(429)
|
|
430
|
+
S(430)
|
|
431
|
+
S(431)
|
|
432
|
+
S(432)
|
|
433
|
+
S(433)
|
|
434
|
+
S(434)
|
|
435
|
+
S(435)
|
|
436
|
+
S(436)
|
|
437
|
+
S(437)
|
|
438
|
+
S(438)
|
|
439
|
+
S(439)
|
|
440
|
+
S(440)
|
|
441
|
+
S(441)
|
|
442
|
+
S(442)
|
|
443
|
+
S(443)
|
|
444
|
+
S(444)
|
|
445
|
+
S(445)
|
|
446
|
+
S(446)
|
|
447
|
+
S(447)
|
|
448
|
+
S(448)
|
|
449
|
+
S(449)
|
|
450
|
+
S(450)
|
|
451
|
+
S(451)
|
|
452
|
+
S(452)
|
|
453
|
+
S(453)
|
|
454
|
+
S(454)
|
|
455
|
+
S(455)
|
|
456
|
+
S(456)
|
|
457
|
+
S(457)
|
|
458
|
+
S(458)
|
|
459
|
+
S(459)
|
|
460
|
+
S(460)
|
|
461
|
+
S(461)
|
|
462
|
+
S(462)
|
|
463
|
+
S(463)
|
|
464
|
+
S(464)
|
|
465
|
+
S(465)
|
|
466
|
+
S(466)
|
|
467
|
+
S(467)
|
|
468
|
+
S(468)
|
|
469
|
+
S(469)
|
|
470
|
+
S(470)
|
|
471
|
+
S(471)
|
|
472
|
+
S(472)
|
|
473
|
+
S(473)
|
|
474
|
+
S(474)
|
|
475
|
+
S(475)
|
|
476
|
+
S(476)
|
|
477
|
+
S(477)
|
|
478
|
+
S(478)
|
|
479
|
+
S(479)
|
|
480
|
+
S(480)
|
|
481
|
+
S(481)
|
|
482
|
+
S(482)
|
|
483
|
+
S(483)
|
|
484
|
+
S(484)
|
|
485
|
+
S(485)
|
|
486
|
+
S(486)
|
|
487
|
+
S(487)
|
|
488
|
+
S(488)
|
|
489
|
+
S(489)
|
|
490
|
+
S(490)
|
|
491
|
+
S(491)
|
|
492
|
+
S(492)
|
|
493
|
+
S(493)
|
|
494
|
+
S(494)
|
|
495
|
+
S(495)
|
|
496
|
+
S(496)
|
|
497
|
+
S(497)
|
|
498
|
+
S(498)
|
|
499
|
+
S(499)
|
|
500
|
+
S(500)
|
|
501
|
+
S(501)
|
|
502
|
+
S(502)
|
|
503
|
+
S(503)
|
|
504
|
+
S(504)
|
|
505
|
+
S(505)
|
|
506
|
+
S(506)
|
|
507
|
+
S(507)
|
|
508
|
+
S(508)
|
|
509
|
+
S(509)
|
|
510
|
+
S(510)
|
|
511
|
+
S(511)
|
|
512
|
+
S(512)
|
|
513
|
+
S(513)
|
|
514
|
+
S(514)
|
|
515
|
+
S(515)
|
|
516
|
+
S(516)
|
|
517
|
+
S(517)
|
|
518
|
+
S(518)
|
|
519
|
+
S(519)
|
|
520
|
+
S(520)
|
|
521
|
+
S(521)
|
|
522
|
+
S(522)
|
|
523
|
+
S(523)
|
|
524
|
+
S(524)
|
|
525
|
+
S(525)
|
|
526
|
+
S(526)
|
|
527
|
+
S(527)
|
|
528
|
+
S(528)
|
|
529
|
+
S(529)
|
|
530
|
+
S(530)
|
|
531
|
+
S(531)
|
|
532
|
+
S(532)
|
|
533
|
+
S(533)
|
|
534
|
+
S(534)
|
|
535
|
+
S(535)
|
|
536
|
+
S(536)
|
|
537
|
+
S(537)
|
|
538
|
+
S(538)
|
|
539
|
+
S(539)
|
|
540
|
+
S(540)
|
|
541
|
+
S(541)
|
|
542
|
+
S(542)
|
|
543
|
+
S(543)
|
|
544
|
+
S(544)
|
|
545
|
+
S(545)
|
|
546
|
+
S(546)
|
|
547
|
+
S(547)
|
|
548
|
+
S(548)
|
|
549
|
+
S(549)
|
|
550
|
+
S(550)
|
|
551
|
+
S(551)
|
|
552
|
+
S(552)
|
|
553
|
+
S(553)
|
|
554
|
+
S(554)
|
|
555
|
+
S(555)
|
|
556
|
+
S(556)
|
|
557
|
+
S(557)
|
|
558
|
+
S(558)
|
|
559
|
+
S(559)
|
|
560
|
+
S(560)
|
|
561
|
+
S(561)
|
|
562
|
+
S(562)
|
|
563
|
+
S(563)
|
|
564
|
+
S(564)
|
|
565
|
+
S(565)
|
|
566
|
+
S(566)
|
|
567
|
+
S(567)
|
|
568
|
+
S(568)
|
|
569
|
+
S(569)
|
|
570
|
+
S(570)
|
|
571
|
+
S(571)
|
|
572
|
+
S(572)
|
|
573
|
+
S(573)
|
|
574
|
+
S(574)
|
|
575
|
+
S(575)
|
|
576
|
+
S(576)
|
|
577
|
+
S(577)
|
|
578
|
+
S(578)
|
|
579
|
+
S(579)
|
|
580
|
+
S(580)
|
|
581
|
+
S(581)
|
|
582
|
+
S(582)
|
|
583
|
+
S(583)
|
|
584
|
+
S(584)
|
|
585
|
+
S(585)
|
|
586
|
+
S(586)
|
|
587
|
+
S(587)
|
|
588
|
+
S(588)
|
|
589
|
+
S(589)
|
|
590
|
+
S(590)
|
|
591
|
+
S(591)
|
|
592
|
+
S(592)
|
|
593
|
+
S(593)
|
|
594
|
+
S(594)
|
|
595
|
+
S(595)
|
|
596
|
+
S(596)
|
|
597
|
+
S(597)
|
|
598
|
+
S(598)
|
|
599
|
+
S(599)
|
|
600
|
+
S(600)
|