RubyGems - contrast-agent - Versions diffs - 3.8.4 - Mend

contrast-agent 3.8.4

Files changed (500) hide show

checksums.yaml +7 -0
data/.clang-format +5 -0
data/.dockerignore +10 -0
data/.gitignore +58 -0
data/.gitmodules +6 -0
data/.rspec +6 -0
data/.simplecov +4 -0
data/Gemfile +7 -0
data/LICENSE.txt +12 -0
data/Rakefile +15 -0
data/exe/contrast_service +29 -0
data/ext/build_funchook.rb +48 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.c +47 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.h +10 -0
data/ext/cs__assess_active_record_named/extconf.rb +2 -0
data/ext/cs__assess_array/cs__assess_array.c +38 -0
data/ext/cs__assess_array/cs__assess_array.h +9 -0
data/ext/cs__assess_array/extconf.rb +2 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +50 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.h +17 -0
data/ext/cs__assess_basic_object/extconf.rb +2 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +86 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +34 -0
data/ext/cs__assess_fiber_track/extconf.rb +2 -0
data/ext/cs__assess_hash/cs__assess_hash.c +64 -0
data/ext/cs__assess_hash/cs__assess_hash.h +24 -0
data/ext/cs__assess_hash/extconf.rb +2 -0
data/ext/cs__assess_kernel/cs__assess_kernel.c +36 -0
data/ext/cs__assess_kernel/cs__assess_kernel.h +10 -0
data/ext/cs__assess_kernel/extconf.rb +2 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +47 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +18 -0
data/ext/cs__assess_marshal_module/extconf.rb +2 -0
data/ext/cs__assess_module/cs__assess_module.c +78 -0
data/ext/cs__assess_module/cs__assess_module.h +25 -0
data/ext/cs__assess_module/extconf.rb +2 -0
data/ext/cs__assess_regexp/cs__assess_regexp.c +48 -0
data/ext/cs__assess_regexp/cs__assess_regexp.h +22 -0
data/ext/cs__assess_regexp/extconf.rb +2 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +63 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +29 -0
data/ext/cs__assess_regexp_track/extconf.rb +2 -0
data/ext/cs__assess_string/cs__assess_string.c +38 -0
data/ext/cs__assess_string/cs__assess_string.h +19 -0
data/ext/cs__assess_string/extconf.rb +2 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +31 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +13 -0
data/ext/cs__assess_string_interpolation26/extconf.rb +2 -0
data/ext/cs__common/cs__common.c +60 -0
data/ext/cs__common/cs__common.h +28 -0
data/ext/cs__common/extconf.rb +20 -0
data/ext/cs__contrast_patch/cs__contrast_patch.c +445 -0
data/ext/cs__contrast_patch/cs__contrast_patch.h +196 -0
data/ext/cs__contrast_patch/extconf.rb +2 -0
data/ext/cs__protect_kernel/cs__protect_kernel.c +37 -0
data/ext/cs__protect_kernel/cs__protect_kernel.h +11 -0
data/ext/cs__protect_kernel/extconf.rb +2 -0
data/ext/cs__scope/cs__scope.c +96 -0
data/ext/cs__scope/cs__scope.h +33 -0
data/ext/cs__scope/extconf.rb +2 -0
data/ext/extconf_common.rb +49 -0
data/funchook/LICENSE +360 -0
data/funchook/Makefile +29 -0
data/funchook/Makefile.in +29 -0
data/funchook/README.md +121 -0
data/funchook/appveyor.yml +42 -0
data/funchook/autogen.sh +3 -0
data/funchook/autom4te.cache/output.0 +4976 -0
data/funchook/autom4te.cache/requests +78 -0
data/funchook/autom4te.cache/traces.0 +364 -0
data/funchook/config.guess +1530 -0
data/funchook/config.log +490 -0
data/funchook/config.status +1016 -0
data/funchook/config.sub +1773 -0
data/funchook/configure +4976 -0
data/funchook/configure.ac +59 -0
data/funchook/distorm/COPYING +26 -0
data/funchook/distorm/MANIFEST +25 -0
data/funchook/distorm/MANIFEST.in +4 -0
data/funchook/distorm/README.md +12 -0
data/funchook/distorm/disOps/disOps.py +795 -0
data/funchook/distorm/disOps/x86db.py +404 -0
data/funchook/distorm/disOps/x86header.py +247 -0
data/funchook/distorm/disOps/x86sets.py +1664 -0
data/funchook/distorm/examples/cs/TestdiStorm/Program.cs +79 -0
data/funchook/distorm/examples/cs/TestdiStorm/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/TestdiStorm/TestdiStorm.csproj +69 -0
data/funchook/distorm/examples/cs/distorm-net.sln +26 -0
data/funchook/distorm/examples/cs/distorm-net/CodeInfo.cs +23 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedInst.cs +15 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedInst.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.cs +1268 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.tt +37 -0
data/funchook/distorm/examples/cs/distorm-net/Operand.cs +25 -0
data/funchook/distorm/examples/cs/distorm-net/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/diStorm3.cs +411 -0
data/funchook/distorm/examples/cs/distorm-net/distorm-net.csproj +80 -0
data/funchook/distorm/examples/cs/readme +3 -0
data/funchook/distorm/examples/ddk/README +48 -0
data/funchook/distorm/examples/ddk/distorm.ini +11 -0
data/funchook/distorm/examples/ddk/dummy.c +15 -0
data/funchook/distorm/examples/ddk/main.c +91 -0
data/funchook/distorm/examples/ddk/makefile +1 -0
data/funchook/distorm/examples/ddk/sources +10 -0
data/funchook/distorm/examples/java/Makefile +23 -0
data/funchook/distorm/examples/java/distorm/src/Main.java +43 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/CodeInfo.java +27 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedInst.java +32 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedInst.java +89 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/OpcodeEnum.java +131 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Opcodes.java +1123 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Operand.java +24 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/distorm3.java +41 -0
data/funchook/distorm/examples/java/jdistorm.c +405 -0
data/funchook/distorm/examples/java/jdistorm.h +40 -0
data/funchook/distorm/examples/java/jdistorm.sln +20 -0
data/funchook/distorm/examples/java/jdistorm.vcproj +208 -0
data/funchook/distorm/examples/linux/Makefile +15 -0
data/funchook/distorm/examples/linux/main.c +181 -0
data/funchook/distorm/examples/tests/Makefile +15 -0
data/funchook/distorm/examples/tests/main.cpp +42 -0
data/funchook/distorm/examples/tests/main.py +66 -0
data/funchook/distorm/examples/tests/test_distorm3.py +1672 -0
data/funchook/distorm/examples/tests/tests.sln +20 -0
data/funchook/distorm/examples/tests/tests.vcxproj +82 -0
data/funchook/distorm/examples/tests/tests.vcxproj.filters +22 -0
data/funchook/distorm/examples/win32/disasm.sln +25 -0
data/funchook/distorm/examples/win32/disasm.vcxproj +201 -0
data/funchook/distorm/examples/win32/disasm.vcxproj.filters +14 -0
data/funchook/distorm/examples/win32/main.cpp +163 -0
data/funchook/distorm/include/distorm.h +482 -0
data/funchook/distorm/include/mnemonics.h +301 -0
data/funchook/distorm/make/linux/Makefile +28 -0
data/funchook/distorm/make/mac/Makefile +24 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj +239 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj.filters +80 -0
data/funchook/distorm/make/win32/distorm.sln +25 -0
data/funchook/distorm/make/win32/resource.h +14 -0
data/funchook/distorm/make/win32/resource.rc +99 -0
data/funchook/distorm/python/distorm3/__init__.py +957 -0
data/funchook/distorm/python/distorm3/sample.py +51 -0
data/funchook/distorm/setup.cfg +10 -0
data/funchook/distorm/setup.py +266 -0
data/funchook/distorm/src/config.h +169 -0
data/funchook/distorm/src/decoder.c +641 -0
data/funchook/distorm/src/decoder.h +33 -0
data/funchook/distorm/src/distorm.c +413 -0
data/funchook/distorm/src/instructions.c +597 -0
data/funchook/distorm/src/instructions.h +463 -0
data/funchook/distorm/src/insts.c +7939 -0
data/funchook/distorm/src/insts.h +64 -0
data/funchook/distorm/src/mnemonics.c +284 -0
data/funchook/distorm/src/operands.c +1290 -0
data/funchook/distorm/src/operands.h +28 -0
data/funchook/distorm/src/prefix.c +368 -0
data/funchook/distorm/src/prefix.h +64 -0
data/funchook/distorm/src/textdefs.c +172 -0
data/funchook/distorm/src/textdefs.h +57 -0
data/funchook/distorm/src/wstring.c +47 -0
data/funchook/distorm/src/wstring.h +35 -0
data/funchook/distorm/src/x86defs.h +82 -0
data/funchook/include/funchook.h +123 -0
data/funchook/install-sh +527 -0
data/funchook/src/Makefile +70 -0
data/funchook/src/Makefile.in +70 -0
data/funchook/src/__strerror.h +109 -0
data/funchook/src/config.h +101 -0
data/funchook/src/config.h.in +100 -0
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.c +440 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_internal.h +155 -0
data/funchook/src/funchook_io.c +182 -0
data/funchook/src/funchook_io.h +64 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.S +134 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.c +480 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_windows.c +397 -0
data/funchook/src/funchook_x86.c +622 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.so +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.c +115 -0
data/funchook/src/os_func.h +75 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.c +94 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/os_func_windows.c +32 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.c +1688 -0
data/funchook/src/printf_base.h +46 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +43 -0
data/funchook/test/Makefile.in +43 -0
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.c +25 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/libfunchook_test2.c +18 -0
data/funchook/test/suffix.list +600 -0
data/funchook/test/test_main.c +430 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.S +10 -0
data/funchook/test/x86_64_test.o +0 -0
data/funchook/test/x86_test.S +339 -0
data/funchook/win32/config.h +1 -0
data/funchook/win32/funchook.sln +52 -0
data/funchook/win32/funchook.vcxproj +188 -0
data/funchook/win32/funchook.vcxproj.filters +84 -0
data/funchook/win32/funchook_test.vcxproj +170 -0
data/funchook/win32/funchook_test.vcxproj.filters +22 -0
data/funchook/win32/funchook_test_dll.vcxproj +184 -0
data/funchook/win32/funchook_test_dll.vcxproj.filters +30 -0
data/funchook/win32/funchook_test_exe.def +3 -0
data/lib/contrast-agent.rb +8 -0
data/lib/contrast.rb +57 -0
data/lib/contrast/agent.rb +80 -0
data/lib/contrast/agent/assess.rb +45 -0
data/lib/contrast/agent/assess/adjusted_span.rb +25 -0
data/lib/contrast/agent/assess/class_reverter.rb +82 -0
data/lib/contrast/agent/assess/contrast_event.rb +398 -0
data/lib/contrast/agent/assess/frozen_properties.rb +41 -0
data/lib/contrast/agent/assess/insulator.rb +53 -0
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +78 -0
data/lib/contrast/agent/assess/policy/patcher.rb +85 -0
data/lib/contrast/agent/assess/policy/policy.rb +116 -0
data/lib/contrast/agent/assess/policy/policy_node.rb +289 -0
data/lib/contrast/agent/assess/policy/policy_scanner.rb +44 -0
data/lib/contrast/agent/assess/policy/preshift.rb +94 -0
data/lib/contrast/agent/assess/policy/propagation_method.rb +260 -0
data/lib/contrast/agent/assess/policy/propagation_node.rb +127 -0
data/lib/contrast/agent/assess/policy/propagator.rb +35 -0
data/lib/contrast/agent/assess/policy/propagator/append.rb +54 -0
data/lib/contrast/agent/assess/policy/propagator/base.rb +37 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/custom.rb +36 -0
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +62 -0
data/lib/contrast/agent/assess/policy/propagator/insert.rb +55 -0
data/lib/contrast/agent/assess/policy/propagator/keep.rb +26 -0
data/lib/contrast/agent/assess/policy/propagator/next.rb +42 -0
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +50 -0
data/lib/contrast/agent/assess/policy/propagator/remove.rb +76 -0
data/lib/contrast/agent/assess/policy/propagator/replace.rb +27 -0
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +38 -0
data/lib/contrast/agent/assess/policy/propagator/select.rb +86 -0
data/lib/contrast/agent/assess/policy/propagator/splat.rb +60 -0
data/lib/contrast/agent/assess/policy/propagator/split.rb +49 -0
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +169 -0
data/lib/contrast/agent/assess/policy/propagator/trim.rb +81 -0
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +79 -0
data/lib/contrast/agent/assess/policy/source_method.rb +209 -0
data/lib/contrast/agent/assess/policy/source_node.rb +62 -0
data/lib/contrast/agent/assess/policy/trigger_method.rb +209 -0
data/lib/contrast/agent/assess/policy/trigger_node.rb +198 -0
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +77 -0
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +31 -0
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +40 -0
data/lib/contrast/agent/assess/properties.rb +392 -0
data/lib/contrast/agent/assess/rule.rb +18 -0
data/lib/contrast/agent/assess/rule/base.rb +72 -0
data/lib/contrast/agent/assess/rule/csrf.rb +66 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +28 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +69 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +132 -0
data/lib/contrast/agent/assess/rule/provider.rb +21 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +62 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +73 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +121 -0
data/lib/contrast/agent/assess/rule/redos.rb +68 -0
data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +47 -0
data/lib/contrast/agent/assess/rule/response_watcher.rb +36 -0
data/lib/contrast/agent/assess/rule/watcher.rb +36 -0
data/lib/contrast/agent/assess/tag.rb +151 -0
data/lib/contrast/agent/at_exit_hook.rb +33 -0
data/lib/contrast/agent/class_reopener.rb +195 -0
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +26 -0
data/lib/contrast/agent/deadzone/policy/policy.rb +57 -0
data/lib/contrast/agent/disable_reaction.rb +24 -0
data/lib/contrast/agent/exclusion_matcher.rb +190 -0
data/lib/contrast/agent/feature_state.rb +379 -0
data/lib/contrast/agent/inventory/policy/policy.rb +32 -0
data/lib/contrast/agent/inventory/policy/trigger_node.rb +22 -0
data/lib/contrast/agent/logger_manager.rb +116 -0
data/lib/contrast/agent/middleware.rb +352 -0
data/lib/contrast/agent/module_data.rb +16 -0
data/lib/contrast/agent/patching/policy/after_load_patch.rb +37 -0
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +58 -0
data/lib/contrast/agent/patching/policy/method_policy.rb +94 -0
data/lib/contrast/agent/patching/policy/module_policy.rb +116 -0
data/lib/contrast/agent/patching/policy/patch.rb +312 -0
data/lib/contrast/agent/patching/policy/patch_status.rb +192 -0
data/lib/contrast/agent/patching/policy/patcher.rb +310 -0
data/lib/contrast/agent/patching/policy/policy.rb +138 -0
data/lib/contrast/agent/patching/policy/policy_node.rb +80 -0
data/lib/contrast/agent/patching/policy/policy_unpatcher.rb +28 -0
data/lib/contrast/agent/patching/policy/trigger_node.rb +81 -0
data/lib/contrast/agent/protect/policy/policy.rb +37 -0
data/lib/contrast/agent/protect/policy/trigger_node.rb +23 -0
data/lib/contrast/agent/protect/rule.rb +58 -0
data/lib/contrast/agent/protect/rule/base.rb +300 -0
data/lib/contrast/agent/protect/rule/base_service.rb +88 -0
data/lib/contrast/agent/protect/rule/cmd_injection.rb +156 -0
data/lib/contrast/agent/protect/rule/csrf.rb +118 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +103 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +85 -0
data/lib/contrast/agent/protect/rule/default_scanner.rb +300 -0
data/lib/contrast/agent/protect/rule/deserialization.rb +193 -0
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +80 -0
data/lib/contrast/agent/protect/rule/no_sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +40 -0
data/lib/contrast/agent/protect/rule/path_traversal.rb +143 -0
data/lib/contrast/agent/protect/rule/sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +16 -0
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +38 -0
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +22 -0
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +19 -0
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +20 -0
data/lib/contrast/agent/protect/rule/xss.rb +24 -0
data/lib/contrast/agent/protect/rule/xxe.rb +120 -0
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +82 -0
data/lib/contrast/agent/railtie.rb +30 -0
data/lib/contrast/agent/reaction_processor.rb +47 -0
data/lib/contrast/agent/request.rb +493 -0
data/lib/contrast/agent/request_context.rb +225 -0
data/lib/contrast/agent/require_state.rb +61 -0
data/lib/contrast/agent/response.rb +215 -0
data/lib/contrast/agent/rewriter.rb +244 -0
data/lib/contrast/agent/scope.rb +28 -0
data/lib/contrast/agent/service_heartbeat.rb +37 -0
data/lib/contrast/agent/settings_state.rb +148 -0
data/lib/contrast/agent/socket_client.rb +125 -0
data/lib/contrast/agent/thread.rb +26 -0
data/lib/contrast/agent/tracepoint_hook.rb +51 -0
data/lib/contrast/agent/version.rb +8 -0
data/lib/contrast/api.rb +17 -0
data/lib/contrast/api/.gitkeep +0 -0
data/lib/contrast/api/connection_status.rb +49 -0
data/lib/contrast/api/socket.rb +43 -0
data/lib/contrast/api/speedracer.rb +206 -0
data/lib/contrast/api/tcp_socket.rb +31 -0
data/lib/contrast/api/unix_socket.rb +25 -0
data/lib/contrast/common_agent_configuration.rb +86 -0
data/lib/contrast/components/agent.rb +85 -0
data/lib/contrast/components/app_context.rb +188 -0
data/lib/contrast/components/assess.rb +67 -0
data/lib/contrast/components/config.rb +135 -0
data/lib/contrast/components/contrast_service.rb +113 -0
data/lib/contrast/components/heap_dump.rb +34 -0
data/lib/contrast/components/interface.rb +178 -0
data/lib/contrast/components/inventory.rb +23 -0
data/lib/contrast/components/logger.rb +92 -0
data/lib/contrast/components/protect.rb +38 -0
data/lib/contrast/components/sampling.rb +41 -0
data/lib/contrast/components/scope.rb +106 -0
data/lib/contrast/components/settings.rb +140 -0
data/lib/contrast/config.rb +33 -0
data/lib/contrast/config/agent_configuration.rb +24 -0
data/lib/contrast/config/application_configuration.rb +27 -0
data/lib/contrast/config/assess_configuration.rb +22 -0
data/lib/contrast/config/assess_rules_configuration.rb +18 -0
data/lib/contrast/config/base_configuration.rb +105 -0
data/lib/contrast/config/default_value.rb +16 -0
data/lib/contrast/config/exception_configuration.rb +21 -0
data/lib/contrast/config/heap_dump_configuration.rb +23 -0
data/lib/contrast/config/inventory_configuration.rb +20 -0
data/lib/contrast/config/logger_configuration.rb +20 -0
data/lib/contrast/config/protect_configuration.rb +20 -0
data/lib/contrast/config/protect_rule_configuration.rb +37 -0
data/lib/contrast/config/protect_rules_configuration.rb +30 -0
data/lib/contrast/config/root_configuration.rb +26 -0
data/lib/contrast/config/ruby_configuration.rb +39 -0
data/lib/contrast/config/sampling_configuration.rb +22 -0
data/lib/contrast/config/server_configuration.rb +23 -0
data/lib/contrast/config/service_configuration.rb +22 -0
data/lib/contrast/configuration.rb +214 -0
data/lib/contrast/core_extensions/assess.rb +51 -0
data/lib/contrast/core_extensions/assess/array.rb +58 -0
data/lib/contrast/core_extensions/assess/assess_extension.rb +145 -0
data/lib/contrast/core_extensions/assess/basic_object.rb +15 -0
data/lib/contrast/core_extensions/assess/erb.rb +42 -0
data/lib/contrast/core_extensions/assess/exec_trigger.rb +48 -0
data/lib/contrast/core_extensions/assess/fiber.rb +125 -0
data/lib/contrast/core_extensions/assess/hash.rb +22 -0
data/lib/contrast/core_extensions/assess/kernel.rb +95 -0
data/lib/contrast/core_extensions/assess/module.rb +14 -0
data/lib/contrast/core_extensions/assess/regexp.rb +206 -0
data/lib/contrast/core_extensions/assess/string.rb +75 -0
data/lib/contrast/core_extensions/assess/tilt_template_trigger.rb +73 -0
data/lib/contrast/core_extensions/delegator.rb +14 -0
data/lib/contrast/core_extensions/eval_trigger.rb +52 -0
data/lib/contrast/core_extensions/inventory.rb +22 -0
data/lib/contrast/core_extensions/inventory/datastores.rb +37 -0
data/lib/contrast/core_extensions/module.rb +42 -0
data/lib/contrast/core_extensions/object.rb +27 -0
data/lib/contrast/core_extensions/protect.rb +20 -0
data/lib/contrast/core_extensions/protect/applies_command_injection_rule.rb +70 -0
data/lib/contrast/core_extensions/protect/applies_deserialization_rule.rb +58 -0
data/lib/contrast/core_extensions/protect/applies_no_sqli_rule.rb +81 -0
data/lib/contrast/core_extensions/protect/applies_path_traversal_rule.rb +119 -0
data/lib/contrast/core_extensions/protect/applies_sqli_rule.rb +63 -0
data/lib/contrast/core_extensions/protect/applies_xxe_rule.rb +141 -0
data/lib/contrast/core_extensions/protect/kernel.rb +30 -0
data/lib/contrast/core_extensions/protect/psych.rb +7 -0
data/lib/contrast/core_extensions/thread.rb +31 -0
data/lib/contrast/internal_exception.rb +8 -0
data/lib/contrast/rails_extensions/assess/action_controller_inheritance.rb +48 -0
data/lib/contrast/rails_extensions/assess/active_record.rb +32 -0
data/lib/contrast/rails_extensions/assess/active_record_named.rb +61 -0
data/lib/contrast/rails_extensions/assess/configuration.rb +26 -0
data/lib/contrast/rails_extensions/buffer.rb +30 -0
data/lib/contrast/rails_extensions/rack.rb +45 -0
data/lib/contrast/security_exception.rb +14 -0
data/lib/contrast/sinatra_extensions/assess/cookie.rb +26 -0
data/lib/contrast/sinatra_extensions/inventory/sinatra_base.rb +59 -0
data/lib/contrast/tasks/service.rb +95 -0
data/lib/contrast/utils/assess/sampling_util.rb +96 -0
data/lib/contrast/utils/assess/tracking_util.rb +39 -0
data/lib/contrast/utils/boolean_util.rb +33 -0
data/lib/contrast/utils/cache.rb +69 -0
data/lib/contrast/utils/class_util.rb +58 -0
data/lib/contrast/utils/comment_range.rb +19 -0
data/lib/contrast/utils/data_store_util.rb +23 -0
data/lib/contrast/utils/duck_utils.rb +58 -0
data/lib/contrast/utils/env_configuration_item.rb +52 -0
data/lib/contrast/utils/environment_util.rb +152 -0
data/lib/contrast/utils/freeze_util.rb +36 -0
data/lib/contrast/utils/gemfile_reader.rb +191 -0
data/lib/contrast/utils/hash_digest.rb +148 -0
data/lib/contrast/utils/heap_dump_util.rb +113 -0
data/lib/contrast/utils/invalid_configuration_util.rb +88 -0
data/lib/contrast/utils/inventory_util.rb +126 -0
data/lib/contrast/utils/io_util.rb +61 -0
data/lib/contrast/utils/object_share.rb +117 -0
data/lib/contrast/utils/operating_environment.rb +38 -0
data/lib/contrast/utils/os.rb +49 -0
data/lib/contrast/utils/path_util.rb +151 -0
data/lib/contrast/utils/performs_logging.rb +152 -0
data/lib/contrast/utils/preflight_util.rb +13 -0
data/lib/contrast/utils/prevent_serialization.rb +52 -0
data/lib/contrast/utils/rack_assess_session_cookie.rb +104 -0
data/lib/contrast/utils/rails_assess_configuration.rb +95 -0
data/lib/contrast/utils/random_util.rb +22 -0
data/lib/contrast/utils/resource_loader.rb +23 -0
data/lib/contrast/utils/ruby_ast_rewriter.rb +74 -0
data/lib/contrast/utils/scope_util.rb +99 -0
data/lib/contrast/utils/service_response_util.rb +116 -0
data/lib/contrast/utils/service_sender_util.rb +98 -0
data/lib/contrast/utils/sha256_builder.rb +69 -0
data/lib/contrast/utils/sinatra_helper.rb +49 -0
data/lib/contrast/utils/stack_trace_utils.rb +209 -0
data/lib/contrast/utils/string_utils.rb +72 -0
data/lib/contrast/utils/tag_util.rb +139 -0
data/lib/contrast/utils/thread_tracker.rb +54 -0
data/lib/contrast/utils/timer.rb +78 -0
data/resources/assess/policy.json +1673 -0
data/resources/csrf/inject.js +44 -0
data/resources/deadzone/policy.json +55 -0
data/resources/factory-bot-spec/spec_helper.rb +30 -0
data/resources/inventory/policy.json +110 -0
data/resources/protect/policy.json +417 -0
data/resources/rubocops/kernel/catch_cop.rb +37 -0
data/resources/rubocops/kernel/require_cop.rb +37 -0
data/resources/rubocops/kernel/require_relative_cop.rb +33 -0
data/resources/rubocops/module/autoload_cop.rb +37 -0
data/resources/rubocops/module/const_defined_cop.rb +37 -0
data/resources/rubocops/module/const_get_cop.rb +37 -0
data/resources/rubocops/module/const_set_cop.rb +37 -0
data/resources/rubocops/module/constants_cop.rb +37 -0
data/resources/rubocops/module/name_cop.rb +37 -0
data/resources/rubocops/object/class_cop.rb +37 -0
data/resources/rubocops/object/freeze_cop.rb +37 -0
data/resources/rubocops/object/frozen_cop.rb +37 -0
data/resources/rubocops/object/is_a_cop.rb +37 -0
data/resources/rubocops/object/method_cop.rb +37 -0
data/resources/rubocops/object/respond_to_cop.rb +37 -0
data/resources/rubocops/object/singleton_class_cop.rb +37 -0
data/resources/rubocops/regexp/spelling_cop.rb +44 -0
data/resources/rubocops/thread/new_cop.rb +39 -0
data/resources/ruby-spec/ancestors_spec.rb +70 -0
data/resources/ruby-spec/modulo_spec.rb +831 -0
data/resources/ruby-spec/parameters_spec.rb +261 -0
data/resources/ruby-spec/ruby_spec_spec_helper.rb +35 -0
data/resources/test_marker.txt +1 -0
data/ruby-agent.gemspec +129 -0
data/service_executables/.gitkeep +0 -0
data/service_executables/VERSION +1 -0
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +945 -0

data/lib/contrast/agent/feature_state.rb ADDED

@@ -0,0 +1,379 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/agent/settings_state'
+cs__scoped_require 'contrast/core_extensions/module'
+cs__scoped_require 'contrast/utils/boolean_util'
+module Contrast
+  module Agent
+    # This class functions as a way to query the Agent for its current feature
+    # set without having to expose other sections of code to the decision tree
+    # needed to make that determination.
+    class FeatureState < SettingsState
+      include Singleton
+      # FeatureState methods are grouped in modules,
+      # and these modules are organized roughly in ascending order
+      # according to their complexity - where more complex
+      # methods call simpler ones.
+      module ConfigWrappers
+        # Wrapper to provide convenience for boolean values, allowing for the
+        # handling of nil defaults that behave like true and other strange
+        # cases.
+        module Booleans
+          include Contrast::Components::Interface
+          access_component :config
+          # Ruby 2.4 does not nicely compare to nil, so we have to include
+          # these wrapper methods. RUBY-179 has the task to update this on
+          # EOL of 2.4 support
+          def false? config
+            Contrast::Utils::BooleanUtil.false?(config)
+          end
+          def true? config
+            Contrast::Utils::BooleanUtil.true?(config)
+          end
+          def inventory_enabled?
+            !false?(CONFIG.root.inventory.enable)
+          end
+          def protect_forcibly_enabled?
+            true?(CONFIG.root.protect.enable)
+          end
+          def protect_forcibly_disabled?
+            false?(CONFIG.root.protect.enable)
+          end
+          def assess_forcibly_enabled?
+            true?(CONFIG.root.assess.enable)
+          end
+          def assess_forcibly_disabled?
+            false?(CONFIG.root.assess.enable)
+          end
+          def assess_track_frozen_sources?
+            !false?(CONFIG.root.agent.ruby.track_frozen_sources)
+          end
+          def scan_response?
+            true?(CONFIG.root.assess.enable_scan_response)
+          end
+          def omit_body?
+            true?(CONFIG.root.agent.omit_body)
+          end
+          def require_scanning_enabled?
+            !false?(CONFIG.root.agent.ruby.require_scan)
+          end
+          def heap_dump_enabled?
+            true?(CONFIG.root.agent.heap_dump.enable)
+          end
+          def service_forcibly_disabled?
+            false?(CONFIG.root.agent.start_bundled_service)
+          end
+          def report_any_command_execution?
+            ctrl = protect_rule_config[Contrast::Agent::Protect::Rule::CmdInjection::NAME]
+            true?(ctrl.disable_system_commands)
+          end
+          def report_custom_code_sysfile_access?
+            ctrl = protect_rule_config[Contrast::Agent::Protect::Rule::PathTraversal::NAME]
+            true?(ctrl.detect_custom_code_accessing_system_files)
+          end
+          # Determines if the Process we're currently in matches that of the
+          # Process in which the FeatureState instance was created.
+          # If it doesn't, that indicates the running context is in a new
+          # Process.
+          # @return [Boolean] if we're in the original Process in which the
+          #   FeaturesState instance was initialized.
+          def in_new_process?
+            current_pid = Process.pid
+            original_pid = pid
+            current_pid != original_pid
+          end
+        end
+        # Wrapper for configurations regarding assess & protect rules
+        module Parameters
+          include Contrast::Components::Interface
+          access_component :settings, :config
+          def protect_rule_config
+            CONFIG.root.protect.rules || []
+          end
+          def assess_rule_disabled? name
+            assess_disabled_rules.include? name
+          end
+          def protect_rule_enabled? rule_id
+            protect_rule_mode(rule_id).to_sym != :NO_ACTION
+          end
+          def assess_tags
+            CONFIG.root.assess&.tags
+          end
+          def assess_disabled_rules
+            CONFIG.root.assess&.rules&.disabled_rules || SETTINGS.disabled_assess_rules || []
+          end
+          def current_session_id
+            Contrast::Utils::StringUtils.force_utf8(SETTINGS.session_id)
+          end
+          def disabled_agent_rake_tasks
+            CONFIG.root.agent.ruby.disabled_agent_rake_tasks
+          end
+          def exclusions
+            SETTINGS.exclusion_matchers
+          end
+          def url_exclusions
+            exclusions.select(&:url?)
+          end
+          def input_exclusions
+            exclusions.select(&:input?)
+          end
+          def code_exclusions
+            exclusions.select(&:code?)
+          end
+        end
+      end
+      # Wrapper for the Assess & Protect states
+      module SettingWrappers
+        include Contrast::Components::Interface
+        access_component :settings, :config
+        def protect_setting_enabled?
+          SETTINGS.protect_state[:enabled]
+        end
+        def assess_setting_enabled?
+          SETTINGS.assess_state[:enabled]
+        end
+      end
+      # whether it's connected to the Contrast Service,
+      # whether config succeeded,
+      # whether writable paths are actually writeable, etc.
+      module AgentState
+        # Indicates the status of the Agent - initialized & ready - as well as
+        # the mode(s) in which it is functioning
+        module Operation
+          include Contrast::Components::Interface
+          access_component :agent
+          # Return true if the agent is ready to protect the application
+          def agent_ready?
+            AGENT.enabled? && connection_established? && update_received?
+          end
+          def protect_enabled?
+            return false unless AGENT.enabled?
+            # config overrides if forcibly set
+            return false if protect_forcibly_disabled?
+            return true  if protect_forcibly_enabled?
+            !!protect_setting_enabled?
+          end
+          def assess_enabled?
+            return false unless AGENT.enabled?
+            # config overrides if forcibly set
+            return false if assess_forcibly_disabled?
+            return true  if assess_forcibly_enabled?
+            !!assess_setting_enabled?
+          end
+        end
+        # Wrapper for the state of our Service settings and a way to access the
+        # Contrast::Agent::SocketClient responsible for interactions between
+        # the Agent & Service.
+        module Service
+          include Contrast::Components::Interface
+          access_component :agent
+          def service_enabled?
+            AGENT.enabled? && !service_forcibly_disabled?
+          end
+          def client
+            @_client ||= Contrast::Agent::SocketClient.new
+          end
+          # Return true if the agent has connected with the service
+          def connection_established?
+            client.connection_established?
+          end
+          # Return true if the agent has processed a response from the service
+          def update_received?
+            !@last_update.nil?
+          end
+        end
+      end
+      # 'Controls' synthesize all of the above into parameter sets.
+      # These can have more complex logic.
+      module Controls
+        include Contrast::Components::Interface
+        access_component :config
+        def heap_dump_control
+          {
+              path: File.absolute_path(CONFIG.root.agent.heap_dump.path),
+              count: CONFIG.root.agent.heap_dump.count.to_i,
+              window: CONFIG.root.agent.heap_dump.window_ms.to_f / 1000,
+              delay: CONFIG.root.agent.heap_dump.delay_ms.to_f / 1000,
+              clean: true?(CONFIG.root.agent.heap_dump.clean)
+          }
+        end
+        DEFAULT_SAMPLING_ENABLED            = false
+        DEFAULT_SAMPLING_BASELINE           = 5
+        DEFAULT_SAMPLING_REQUEST_FREQUENCY  = 5
+        DEFAULT_SAMPLING_RESPONSE_FREQUENCY = 25
+        DEFAULT_SAMPLING_WINDOW_MS          = 180_000 # 3 minutes, arbitrary value from Java agent
+        def sampling_control settings = @sampling_features
+          cas = CONFIG.root.assess&.sampling
+          {
+              enabled: [cas&.enable, settings&.enabled, DEFAULT_SAMPLING_ENABLED] .reject(&:nil?).first,
+              baseline: [cas&.baseline, settings&.baseline, DEFAULT_SAMPLING_BASELINE] .map(&:to_i).find(&:positive?),
+              request_frequency: [cas&.request_frequency, settings&.request_frequency, DEFAULT_SAMPLING_REQUEST_FREQUENCY] .map(&:to_i).find(&:positive?),
+              response_frequency: [cas&.response_frequency, settings&.response_frequency, DEFAULT_SAMPLING_RESPONSE_FREQUENCY].map(&:to_i).find(&:positive?),
+              window: [cas&.window_ms, settings&.window_ms, DEFAULT_SAMPLING_WINDOW_MS] .map(&:to_i).find(&:positive?)
+          }
+        end
+        DEFAULT_LOG_FILENAME = 'contrast_service.log'
+        def service_control
+          {
+              host: CONFIG.root.agent.service.host || Contrast::Configuration::DEFAULT_HOST,
+              port: CONFIG.root.agent.service.port || Contrast::Configuration::DEFAULT_PORT,
+              socket_path: CONFIG.root.agent.service.socket,
+              logger_path: CONFIG.root.agent.service.logger.path || DEFAULT_LOG_FILENAME
+          }
+        end
+        def exception_control
+          {
+              enable: true?(CONFIG.root.agent.ruby.exceptions.capture),
+              status: CONFIG.root.agent.ruby.exceptions.override_status || 403,
+              message: CONFIG.root.agent.ruby.exceptions.override_message || Contrast::Utils::ObjectShare::OVERRIDE_MESSAGE
+          }
+        end
+      end
+      # Wrapper for the state of our diagnostics settings
+      module Diagnostic
+        include Contrast::Components::Interface
+        access_component :config
+        def uninstrument_namespaces
+          tmp = CONFIG.root.agent.ruby.uninstrument_namespace.map(&:to_sym)
+          tmp.select! { |sym| Object.cs__const_defined?(sym) }
+          tmp.map!    { |sym| Object.cs__const_get(sym) }
+          tmp
+        end
+      end
+      # Wrapper for the state of our logging settings and holder for utility
+      # methods for logging state.
+      module Logging
+        include Contrast::Components::Interface
+        access_component :config
+        FALLBACK = STDOUT
+        LOG_INFO_RULE_SETTINGS = 'Current rule settings:'
+        # Utility method to log the current mode of all the rules
+        def log_rule_modes
+          return unless logger&.info?
+          logger.info(LOG_INFO_RULE_SETTINGS)
+          PROTECT.rules.each { |k, v| logger.info(".. protect:\t#{ k } (#{ v.mode })") }
+          ASSESS.rules.each  { |k, v| logger.info(".. assess: \t#{ k } (#{ v.enabled? })") }
+        end
+        ENV_KEYS = %w[HOME PWD RACK_ENV RAILS_ENV RUBY_VERSION GEM_HOME GEM_PATH].cs__freeze
+        # Utility method to log some current ruby and rails information from environment
+        def log_environment
+          return unless logger.info?
+          logger.info "AGENT_VERSION=#{ Contrast::Agent::VERSION }"
+          ENV.each do |env_key, env_value|
+            env_key = env_key.to_s
+            next unless ENV_KEYS.include?(env_key) ||
+                (env_key.start_with?(Contrast::Components::Config::CONTRAST_ENV_MARKER) &&
+                    !env_key.start_with?(Contrast::Components::Config::CONTRAST_ENV_MARKER + 'API'))
+            logger.info "#{ env_key }=#{ env_value }"
+          end
+          logger.info "PARENT_PROCESS_ID=#{ Process.ppid }"
+          logger.info "PROCESS_ID=#{ Process.pid }"
+        end
+        def log_configuration
+          return unless logger.info?
+          loggable = CONFIG.raw.send(:load_config)
+          loggable.delete('api')
+          logger.info "LOCAL CONFIGURATION: #{ JSON.pretty_generate(loggable) }"
+        end
+        FRAMEWORKS = %w[rails sinatra grape].cs__freeze
+        WEB_SERVERS = %w[agoo falcon hoof iodine mongrel mongrel2 passenger puma rack skinny thin trinidad unicorn webrick yarn].cs__freeze
+        LIBRARIES = %w[excon json mongo moped mysql nokogiri oga ox pg psych sqlite3 typhoeus yaml].cs__freeze
+        def log_specific_libraries
+          FRAMEWORKS.each(&cs__method(:log_gem_data))
+          WEB_SERVERS.each(&cs__method(:log_gem_data))
+          LIBRARIES.each(&cs__method(:log_gem_data))
+        end
+        def log_all_libraries
+          return unless logger.debug?
+          Gem.loaded_specs.each_pair do |_name, gem_spec|
+            logger.debug { "GEM LOADED: #{ gem_spec.name }=#{ gem_spec.version }" }
+          end
+        end
+        def log_gem_data gem_name
+          gem_spec = Gem.loaded_specs[gem_name]
+          return unless gem_spec
+          logger.info { "GEM LOADED: #{ gem_spec.name }=#{ gem_spec.version }" }
+        end
+      end
+      # Methods that query the config.
+      include ConfigWrappers::Booleans    # These check boolean config options.
+      include ConfigWrappers::Parameters  # These check against the config and return parameters.
+      include SettingWrappers             # Methods that query settings from TeamServer.
+      include AgentState::Operation       # Enable/disable the agent, ask if the agent can run.
+      include AgentState::Service         # Agent's client that talks to the service.
+      include Controls                    # Syntheses of the above.
+      include Diagnostic                  # Misc.
+      include Logging                     # Logging.
+    end
+  end
+end

data/lib/contrast/agent/inventory/policy/policy.rb ADDED

@@ -0,0 +1,32 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/agent/inventory/policy/trigger_node'
+cs__scoped_require 'contrast/agent/patching/policy/policy'
+# classes required by patches in the policy
+cs__scoped_require 'contrast/core_extensions/inventory/datastores'
+module Contrast
+  module Agent
+    module Inventory
+      module Policy
+        # This is just a holder for our policy. Takes the policy JSON and
+        # converts it into hashes that we can access nicely
+        class Policy < Contrast::Agent::Patching::Policy::Policy
+          def self.policy_folder
+            'inventory'
+          end
+          def disabled_globally?
+            !INVENTORY.enabled?
+          end
+          def node_type
+            Contrast::Agent::Inventory::Policy::TriggerNode
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/inventory/policy/trigger_node.rb ADDED

@@ -0,0 +1,22 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/agent/patching/policy/trigger_node'
+module Contrast
+  module Agent
+    module Inventory
+      module Policy
+        # This class functions to translate our policy.json into an actionable
+        # Ruby object, allowing for dynamic patching over hardcoded patching,
+        # specifically for those methods which result in the trigger of an
+        # event interesting to the design of the application.
+        class TriggerNode < Contrast::Agent::Patching::Policy::TriggerNode
+          def feature
+            'Inventory'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/logger_manager.rb ADDED

@@ -0,0 +1,116 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'logger'
+cs__scoped_require 'contrast/core_extensions/module'
+cs__scoped_require 'contrast/components/interface'
+module Contrast
+  module Agent
+    # This class functions to serve as a wrapper around our logging, as we need
+    # to be able to dynamically update level based on updates to TeamServer.
+    class LoggerManager
+      include Contrast::Components::Interface
+      access_component :app_context, :logging, :config
+      DEFAULT_NAME     = 'contrast.log'
+      DEFAULT_LEVEL    = ::Logger::INFO
+      VALID_LEVELS     = %w[INFO WARN DEBUG FATAL UNKNOWN ERROR].cs__freeze
+      STDOUT_STR       = 'STDOUT'
+      STDERR_STR       = 'STDERR'
+      attr_reader :current,
+                  :previous_path,
+                  :previous_level
+      def initialize
+        update
+      rescue StandardError => e
+        Contrast::Agent::FeatureState::Logging::FALLBACK.puts 'Unable to initialize regular logger in LoggerManager.'
+        Contrast::Agent::FeatureState::Logging::FALLBACK.puts e.backtrace.join(Contrast::Utils::ObjectShare::NEW_LINE)
+      end
+      def update log_file = nil, log_level = nil
+        config = CONFIG.root.agent.logger
+        config_path  = config.path&.length.to_i.positive? ? config.path : nil
+        config_level = config.level&.length&.positive? ? config.level : nil
+        # config > settings > default
+        path        = valid_path(config_path   || log_file)
+        level_const = valid_level(config_level || log_level)
+        # don't needlessly recreate logger
+        return if @current && (path == previous_path) && (level_const == previous_level)
+        @previous_path  = path
+        @previous_level = level_const
+        @current = build(path: path, level_const: level_const)
+        @current.debug { 'Initialized new contrast agent logger' }
+        self
+      rescue StandardError => e
+        Contrast::Agent::FeatureState::Logging::FALLBACK.puts 'Unable to process update to LoggerManager.'
+        Contrast::Agent::FeatureState::Logging::FALLBACK.puts e.backtrace.join(Contrast::Utils::ObjectShare::NEW_LINE)
+      end
+      private
+      def default_progname
+        "Contrast #{ APP_CONTEXT.name }"
+      end
+      def build path: STDOUT_STR, progname: default_progname, level_const: DEFAULT_LEVEL
+        current = case path
+                  when STDOUT_STR, STDERR_STR
+                    ::Logger.new(Object.cs__const_get(path))
+                  else
+                    ::Logger.new(path)
+                  end
+        current.progname = progname
+        current.level = level_const
+        current.formatter = proc do |severity_f, datetime_f, progname_f, msg_f|
+          "#{ datetime_f.strftime('%Y-%m-%d %H:%M:%S,%L') } [#{ progname_f }] #{ severity_f } - #{ msg_f }\n"
+        end
+        current
+      end
+      def valid_path path
+        path = path.nil? ? Contrast::Utils::ObjectShare::EMPTY_STRING : path
+        return path if path == STDOUT_STR
+        return path if path == STDERR_STR
+        path = DEFAULT_NAME if path.empty?
+        if Contrast::Utils::IOUtil.write_permission?(path)
+          path
+        else
+          if File.directory?(path)
+            Contrast::Agent::FeatureState::Logging::FALLBACK.puts "Unable to create log in directory: #{ path }. \n Writing to standard out instead"
+          else
+            Contrast::Agent::FeatureState::Logging::FALLBACK.puts "Unable to write to log file: #{ path } \n Writing to standard out instead"
+          end
+          STDOUT_STR
+        end
+      end
+      def valid_level level
+        level = level.nil? ? DEFAULT_LEVEL : level
+        level = 'DEBUG' if level == 'TRACE'
+        if VALID_LEVELS.include?(level)
+          Object.cs__const_get("::Logger::#{ level }")
+        else
+          DEFAULT_LEVEL
+        end
+      rescue StandardError
+        DEFAULT_LEVEL
+      end
+    end
+  end
+end