RubyGems - contrast-agent - Versions diffs - 3.8.4 - Mend

contrast-agent 3.8.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (500) hide show

checksums.yaml +7 -0
data/.clang-format +5 -0
data/.dockerignore +10 -0
data/.gitignore +58 -0
data/.gitmodules +6 -0
data/.rspec +6 -0
data/.simplecov +4 -0
data/Gemfile +7 -0
data/LICENSE.txt +12 -0
data/Rakefile +15 -0
data/exe/contrast_service +29 -0
data/ext/build_funchook.rb +48 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.c +47 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.h +10 -0
data/ext/cs__assess_active_record_named/extconf.rb +2 -0
data/ext/cs__assess_array/cs__assess_array.c +38 -0
data/ext/cs__assess_array/cs__assess_array.h +9 -0
data/ext/cs__assess_array/extconf.rb +2 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +50 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.h +17 -0
data/ext/cs__assess_basic_object/extconf.rb +2 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +86 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +34 -0
data/ext/cs__assess_fiber_track/extconf.rb +2 -0
data/ext/cs__assess_hash/cs__assess_hash.c +64 -0
data/ext/cs__assess_hash/cs__assess_hash.h +24 -0
data/ext/cs__assess_hash/extconf.rb +2 -0
data/ext/cs__assess_kernel/cs__assess_kernel.c +36 -0
data/ext/cs__assess_kernel/cs__assess_kernel.h +10 -0
data/ext/cs__assess_kernel/extconf.rb +2 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +47 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +18 -0
data/ext/cs__assess_marshal_module/extconf.rb +2 -0
data/ext/cs__assess_module/cs__assess_module.c +78 -0
data/ext/cs__assess_module/cs__assess_module.h +25 -0
data/ext/cs__assess_module/extconf.rb +2 -0
data/ext/cs__assess_regexp/cs__assess_regexp.c +48 -0
data/ext/cs__assess_regexp/cs__assess_regexp.h +22 -0
data/ext/cs__assess_regexp/extconf.rb +2 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +63 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +29 -0
data/ext/cs__assess_regexp_track/extconf.rb +2 -0
data/ext/cs__assess_string/cs__assess_string.c +38 -0
data/ext/cs__assess_string/cs__assess_string.h +19 -0
data/ext/cs__assess_string/extconf.rb +2 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +31 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +13 -0
data/ext/cs__assess_string_interpolation26/extconf.rb +2 -0
data/ext/cs__common/cs__common.c +60 -0
data/ext/cs__common/cs__common.h +28 -0
data/ext/cs__common/extconf.rb +20 -0
data/ext/cs__contrast_patch/cs__contrast_patch.c +445 -0
data/ext/cs__contrast_patch/cs__contrast_patch.h +196 -0
data/ext/cs__contrast_patch/extconf.rb +2 -0
data/ext/cs__protect_kernel/cs__protect_kernel.c +37 -0
data/ext/cs__protect_kernel/cs__protect_kernel.h +11 -0
data/ext/cs__protect_kernel/extconf.rb +2 -0
data/ext/cs__scope/cs__scope.c +96 -0
data/ext/cs__scope/cs__scope.h +33 -0
data/ext/cs__scope/extconf.rb +2 -0
data/ext/extconf_common.rb +49 -0
data/funchook/LICENSE +360 -0
data/funchook/Makefile +29 -0
data/funchook/Makefile.in +29 -0
data/funchook/README.md +121 -0
data/funchook/appveyor.yml +42 -0
data/funchook/autogen.sh +3 -0
data/funchook/autom4te.cache/output.0 +4976 -0
data/funchook/autom4te.cache/requests +78 -0
data/funchook/autom4te.cache/traces.0 +364 -0
data/funchook/config.guess +1530 -0
data/funchook/config.log +490 -0
data/funchook/config.status +1016 -0
data/funchook/config.sub +1773 -0
data/funchook/configure +4976 -0
data/funchook/configure.ac +59 -0
data/funchook/distorm/COPYING +26 -0
data/funchook/distorm/MANIFEST +25 -0
data/funchook/distorm/MANIFEST.in +4 -0
data/funchook/distorm/README.md +12 -0
data/funchook/distorm/disOps/disOps.py +795 -0
data/funchook/distorm/disOps/x86db.py +404 -0
data/funchook/distorm/disOps/x86header.py +247 -0
data/funchook/distorm/disOps/x86sets.py +1664 -0
data/funchook/distorm/examples/cs/TestdiStorm/Program.cs +79 -0
data/funchook/distorm/examples/cs/TestdiStorm/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/TestdiStorm/TestdiStorm.csproj +69 -0
data/funchook/distorm/examples/cs/distorm-net.sln +26 -0
data/funchook/distorm/examples/cs/distorm-net/CodeInfo.cs +23 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedInst.cs +15 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedInst.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.cs +1268 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.tt +37 -0
data/funchook/distorm/examples/cs/distorm-net/Operand.cs +25 -0
data/funchook/distorm/examples/cs/distorm-net/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/diStorm3.cs +411 -0
data/funchook/distorm/examples/cs/distorm-net/distorm-net.csproj +80 -0
data/funchook/distorm/examples/cs/readme +3 -0
data/funchook/distorm/examples/ddk/README +48 -0
data/funchook/distorm/examples/ddk/distorm.ini +11 -0
data/funchook/distorm/examples/ddk/dummy.c +15 -0
data/funchook/distorm/examples/ddk/main.c +91 -0
data/funchook/distorm/examples/ddk/makefile +1 -0
data/funchook/distorm/examples/ddk/sources +10 -0
data/funchook/distorm/examples/java/Makefile +23 -0
data/funchook/distorm/examples/java/distorm/src/Main.java +43 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/CodeInfo.java +27 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedInst.java +32 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedInst.java +89 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/OpcodeEnum.java +131 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Opcodes.java +1123 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Operand.java +24 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/distorm3.java +41 -0
data/funchook/distorm/examples/java/jdistorm.c +405 -0
data/funchook/distorm/examples/java/jdistorm.h +40 -0
data/funchook/distorm/examples/java/jdistorm.sln +20 -0
data/funchook/distorm/examples/java/jdistorm.vcproj +208 -0
data/funchook/distorm/examples/linux/Makefile +15 -0
data/funchook/distorm/examples/linux/main.c +181 -0
data/funchook/distorm/examples/tests/Makefile +15 -0
data/funchook/distorm/examples/tests/main.cpp +42 -0
data/funchook/distorm/examples/tests/main.py +66 -0
data/funchook/distorm/examples/tests/test_distorm3.py +1672 -0
data/funchook/distorm/examples/tests/tests.sln +20 -0
data/funchook/distorm/examples/tests/tests.vcxproj +82 -0
data/funchook/distorm/examples/tests/tests.vcxproj.filters +22 -0
data/funchook/distorm/examples/win32/disasm.sln +25 -0
data/funchook/distorm/examples/win32/disasm.vcxproj +201 -0
data/funchook/distorm/examples/win32/disasm.vcxproj.filters +14 -0
data/funchook/distorm/examples/win32/main.cpp +163 -0
data/funchook/distorm/include/distorm.h +482 -0
data/funchook/distorm/include/mnemonics.h +301 -0
data/funchook/distorm/make/linux/Makefile +28 -0
data/funchook/distorm/make/mac/Makefile +24 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj +239 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj.filters +80 -0
data/funchook/distorm/make/win32/distorm.sln +25 -0
data/funchook/distorm/make/win32/resource.h +14 -0
data/funchook/distorm/make/win32/resource.rc +99 -0
data/funchook/distorm/python/distorm3/__init__.py +957 -0
data/funchook/distorm/python/distorm3/sample.py +51 -0
data/funchook/distorm/setup.cfg +10 -0
data/funchook/distorm/setup.py +266 -0
data/funchook/distorm/src/config.h +169 -0
data/funchook/distorm/src/decoder.c +641 -0
data/funchook/distorm/src/decoder.h +33 -0
data/funchook/distorm/src/distorm.c +413 -0
data/funchook/distorm/src/instructions.c +597 -0
data/funchook/distorm/src/instructions.h +463 -0
data/funchook/distorm/src/insts.c +7939 -0
data/funchook/distorm/src/insts.h +64 -0
data/funchook/distorm/src/mnemonics.c +284 -0
data/funchook/distorm/src/operands.c +1290 -0
data/funchook/distorm/src/operands.h +28 -0
data/funchook/distorm/src/prefix.c +368 -0
data/funchook/distorm/src/prefix.h +64 -0
data/funchook/distorm/src/textdefs.c +172 -0
data/funchook/distorm/src/textdefs.h +57 -0
data/funchook/distorm/src/wstring.c +47 -0
data/funchook/distorm/src/wstring.h +35 -0
data/funchook/distorm/src/x86defs.h +82 -0
data/funchook/include/funchook.h +123 -0
data/funchook/install-sh +527 -0
data/funchook/src/Makefile +70 -0
data/funchook/src/Makefile.in +70 -0
data/funchook/src/__strerror.h +109 -0
data/funchook/src/config.h +101 -0
data/funchook/src/config.h.in +100 -0
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.c +440 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_internal.h +155 -0
data/funchook/src/funchook_io.c +182 -0
data/funchook/src/funchook_io.h +64 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.S +134 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.c +480 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_windows.c +397 -0
data/funchook/src/funchook_x86.c +622 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.so +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.c +115 -0
data/funchook/src/os_func.h +75 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.c +94 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/os_func_windows.c +32 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.c +1688 -0
data/funchook/src/printf_base.h +46 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +43 -0
data/funchook/test/Makefile.in +43 -0
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.c +25 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/libfunchook_test2.c +18 -0
data/funchook/test/suffix.list +600 -0
data/funchook/test/test_main.c +430 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.S +10 -0
data/funchook/test/x86_64_test.o +0 -0
data/funchook/test/x86_test.S +339 -0
data/funchook/win32/config.h +1 -0
data/funchook/win32/funchook.sln +52 -0
data/funchook/win32/funchook.vcxproj +188 -0
data/funchook/win32/funchook.vcxproj.filters +84 -0
data/funchook/win32/funchook_test.vcxproj +170 -0
data/funchook/win32/funchook_test.vcxproj.filters +22 -0
data/funchook/win32/funchook_test_dll.vcxproj +184 -0
data/funchook/win32/funchook_test_dll.vcxproj.filters +30 -0
data/funchook/win32/funchook_test_exe.def +3 -0
data/lib/contrast-agent.rb +8 -0
data/lib/contrast.rb +57 -0
data/lib/contrast/agent.rb +80 -0
data/lib/contrast/agent/assess.rb +45 -0
data/lib/contrast/agent/assess/adjusted_span.rb +25 -0
data/lib/contrast/agent/assess/class_reverter.rb +82 -0
data/lib/contrast/agent/assess/contrast_event.rb +398 -0
data/lib/contrast/agent/assess/frozen_properties.rb +41 -0
data/lib/contrast/agent/assess/insulator.rb +53 -0
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +78 -0
data/lib/contrast/agent/assess/policy/patcher.rb +85 -0
data/lib/contrast/agent/assess/policy/policy.rb +116 -0
data/lib/contrast/agent/assess/policy/policy_node.rb +289 -0
data/lib/contrast/agent/assess/policy/policy_scanner.rb +44 -0
data/lib/contrast/agent/assess/policy/preshift.rb +94 -0
data/lib/contrast/agent/assess/policy/propagation_method.rb +260 -0
data/lib/contrast/agent/assess/policy/propagation_node.rb +127 -0
data/lib/contrast/agent/assess/policy/propagator.rb +35 -0
data/lib/contrast/agent/assess/policy/propagator/append.rb +54 -0
data/lib/contrast/agent/assess/policy/propagator/base.rb +37 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/custom.rb +36 -0
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +62 -0
data/lib/contrast/agent/assess/policy/propagator/insert.rb +55 -0
data/lib/contrast/agent/assess/policy/propagator/keep.rb +26 -0
data/lib/contrast/agent/assess/policy/propagator/next.rb +42 -0
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +50 -0
data/lib/contrast/agent/assess/policy/propagator/remove.rb +76 -0
data/lib/contrast/agent/assess/policy/propagator/replace.rb +27 -0
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +38 -0
data/lib/contrast/agent/assess/policy/propagator/select.rb +86 -0
data/lib/contrast/agent/assess/policy/propagator/splat.rb +60 -0
data/lib/contrast/agent/assess/policy/propagator/split.rb +49 -0
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +169 -0
data/lib/contrast/agent/assess/policy/propagator/trim.rb +81 -0
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +79 -0
data/lib/contrast/agent/assess/policy/source_method.rb +209 -0
data/lib/contrast/agent/assess/policy/source_node.rb +62 -0
data/lib/contrast/agent/assess/policy/trigger_method.rb +209 -0
data/lib/contrast/agent/assess/policy/trigger_node.rb +198 -0
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +77 -0
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +31 -0
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +40 -0
data/lib/contrast/agent/assess/properties.rb +392 -0
data/lib/contrast/agent/assess/rule.rb +18 -0
data/lib/contrast/agent/assess/rule/base.rb +72 -0
data/lib/contrast/agent/assess/rule/csrf.rb +66 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +28 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +69 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +132 -0
data/lib/contrast/agent/assess/rule/provider.rb +21 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +62 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +73 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +121 -0
data/lib/contrast/agent/assess/rule/redos.rb +68 -0
data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +47 -0
data/lib/contrast/agent/assess/rule/response_watcher.rb +36 -0
data/lib/contrast/agent/assess/rule/watcher.rb +36 -0
data/lib/contrast/agent/assess/tag.rb +151 -0
data/lib/contrast/agent/at_exit_hook.rb +33 -0
data/lib/contrast/agent/class_reopener.rb +195 -0
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +26 -0
data/lib/contrast/agent/deadzone/policy/policy.rb +57 -0
data/lib/contrast/agent/disable_reaction.rb +24 -0
data/lib/contrast/agent/exclusion_matcher.rb +190 -0
data/lib/contrast/agent/feature_state.rb +379 -0
data/lib/contrast/agent/inventory/policy/policy.rb +32 -0
data/lib/contrast/agent/inventory/policy/trigger_node.rb +22 -0
data/lib/contrast/agent/logger_manager.rb +116 -0
data/lib/contrast/agent/middleware.rb +352 -0
data/lib/contrast/agent/module_data.rb +16 -0
data/lib/contrast/agent/patching/policy/after_load_patch.rb +37 -0
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +58 -0
data/lib/contrast/agent/patching/policy/method_policy.rb +94 -0
data/lib/contrast/agent/patching/policy/module_policy.rb +116 -0
data/lib/contrast/agent/patching/policy/patch.rb +312 -0
data/lib/contrast/agent/patching/policy/patch_status.rb +192 -0
data/lib/contrast/agent/patching/policy/patcher.rb +310 -0
data/lib/contrast/agent/patching/policy/policy.rb +138 -0
data/lib/contrast/agent/patching/policy/policy_node.rb +80 -0
data/lib/contrast/agent/patching/policy/policy_unpatcher.rb +28 -0
data/lib/contrast/agent/patching/policy/trigger_node.rb +81 -0
data/lib/contrast/agent/protect/policy/policy.rb +37 -0
data/lib/contrast/agent/protect/policy/trigger_node.rb +23 -0
data/lib/contrast/agent/protect/rule.rb +58 -0
data/lib/contrast/agent/protect/rule/base.rb +300 -0
data/lib/contrast/agent/protect/rule/base_service.rb +88 -0
data/lib/contrast/agent/protect/rule/cmd_injection.rb +156 -0
data/lib/contrast/agent/protect/rule/csrf.rb +118 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +103 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +85 -0
data/lib/contrast/agent/protect/rule/default_scanner.rb +300 -0
data/lib/contrast/agent/protect/rule/deserialization.rb +193 -0
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +80 -0
data/lib/contrast/agent/protect/rule/no_sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +40 -0
data/lib/contrast/agent/protect/rule/path_traversal.rb +143 -0
data/lib/contrast/agent/protect/rule/sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +16 -0
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +38 -0
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +22 -0
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +19 -0
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +20 -0
data/lib/contrast/agent/protect/rule/xss.rb +24 -0
data/lib/contrast/agent/protect/rule/xxe.rb +120 -0
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +82 -0
data/lib/contrast/agent/railtie.rb +30 -0
data/lib/contrast/agent/reaction_processor.rb +47 -0
data/lib/contrast/agent/request.rb +493 -0
data/lib/contrast/agent/request_context.rb +225 -0
data/lib/contrast/agent/require_state.rb +61 -0
data/lib/contrast/agent/response.rb +215 -0
data/lib/contrast/agent/rewriter.rb +244 -0
data/lib/contrast/agent/scope.rb +28 -0
data/lib/contrast/agent/service_heartbeat.rb +37 -0
data/lib/contrast/agent/settings_state.rb +148 -0
data/lib/contrast/agent/socket_client.rb +125 -0
data/lib/contrast/agent/thread.rb +26 -0
data/lib/contrast/agent/tracepoint_hook.rb +51 -0
data/lib/contrast/agent/version.rb +8 -0
data/lib/contrast/api.rb +17 -0
data/lib/contrast/api/.gitkeep +0 -0
data/lib/contrast/api/connection_status.rb +49 -0
data/lib/contrast/api/socket.rb +43 -0
data/lib/contrast/api/speedracer.rb +206 -0
data/lib/contrast/api/tcp_socket.rb +31 -0
data/lib/contrast/api/unix_socket.rb +25 -0
data/lib/contrast/common_agent_configuration.rb +86 -0
data/lib/contrast/components/agent.rb +85 -0
data/lib/contrast/components/app_context.rb +188 -0
data/lib/contrast/components/assess.rb +67 -0
data/lib/contrast/components/config.rb +135 -0
data/lib/contrast/components/contrast_service.rb +113 -0
data/lib/contrast/components/heap_dump.rb +34 -0
data/lib/contrast/components/interface.rb +178 -0
data/lib/contrast/components/inventory.rb +23 -0
data/lib/contrast/components/logger.rb +92 -0
data/lib/contrast/components/protect.rb +38 -0
data/lib/contrast/components/sampling.rb +41 -0
data/lib/contrast/components/scope.rb +106 -0
data/lib/contrast/components/settings.rb +140 -0
data/lib/contrast/config.rb +33 -0
data/lib/contrast/config/agent_configuration.rb +24 -0
data/lib/contrast/config/application_configuration.rb +27 -0
data/lib/contrast/config/assess_configuration.rb +22 -0
data/lib/contrast/config/assess_rules_configuration.rb +18 -0
data/lib/contrast/config/base_configuration.rb +105 -0
data/lib/contrast/config/default_value.rb +16 -0
data/lib/contrast/config/exception_configuration.rb +21 -0
data/lib/contrast/config/heap_dump_configuration.rb +23 -0
data/lib/contrast/config/inventory_configuration.rb +20 -0
data/lib/contrast/config/logger_configuration.rb +20 -0
data/lib/contrast/config/protect_configuration.rb +20 -0
data/lib/contrast/config/protect_rule_configuration.rb +37 -0
data/lib/contrast/config/protect_rules_configuration.rb +30 -0
data/lib/contrast/config/root_configuration.rb +26 -0
data/lib/contrast/config/ruby_configuration.rb +39 -0
data/lib/contrast/config/sampling_configuration.rb +22 -0
data/lib/contrast/config/server_configuration.rb +23 -0
data/lib/contrast/config/service_configuration.rb +22 -0
data/lib/contrast/configuration.rb +214 -0
data/lib/contrast/core_extensions/assess.rb +51 -0
data/lib/contrast/core_extensions/assess/array.rb +58 -0
data/lib/contrast/core_extensions/assess/assess_extension.rb +145 -0
data/lib/contrast/core_extensions/assess/basic_object.rb +15 -0
data/lib/contrast/core_extensions/assess/erb.rb +42 -0
data/lib/contrast/core_extensions/assess/exec_trigger.rb +48 -0
data/lib/contrast/core_extensions/assess/fiber.rb +125 -0
data/lib/contrast/core_extensions/assess/hash.rb +22 -0
data/lib/contrast/core_extensions/assess/kernel.rb +95 -0
data/lib/contrast/core_extensions/assess/module.rb +14 -0
data/lib/contrast/core_extensions/assess/regexp.rb +206 -0
data/lib/contrast/core_extensions/assess/string.rb +75 -0
data/lib/contrast/core_extensions/assess/tilt_template_trigger.rb +73 -0
data/lib/contrast/core_extensions/delegator.rb +14 -0
data/lib/contrast/core_extensions/eval_trigger.rb +52 -0
data/lib/contrast/core_extensions/inventory.rb +22 -0
data/lib/contrast/core_extensions/inventory/datastores.rb +37 -0
data/lib/contrast/core_extensions/module.rb +42 -0
data/lib/contrast/core_extensions/object.rb +27 -0
data/lib/contrast/core_extensions/protect.rb +20 -0
data/lib/contrast/core_extensions/protect/applies_command_injection_rule.rb +70 -0
data/lib/contrast/core_extensions/protect/applies_deserialization_rule.rb +58 -0
data/lib/contrast/core_extensions/protect/applies_no_sqli_rule.rb +81 -0
data/lib/contrast/core_extensions/protect/applies_path_traversal_rule.rb +119 -0
data/lib/contrast/core_extensions/protect/applies_sqli_rule.rb +63 -0
data/lib/contrast/core_extensions/protect/applies_xxe_rule.rb +141 -0
data/lib/contrast/core_extensions/protect/kernel.rb +30 -0
data/lib/contrast/core_extensions/protect/psych.rb +7 -0
data/lib/contrast/core_extensions/thread.rb +31 -0
data/lib/contrast/internal_exception.rb +8 -0
data/lib/contrast/rails_extensions/assess/action_controller_inheritance.rb +48 -0
data/lib/contrast/rails_extensions/assess/active_record.rb +32 -0
data/lib/contrast/rails_extensions/assess/active_record_named.rb +61 -0
data/lib/contrast/rails_extensions/assess/configuration.rb +26 -0
data/lib/contrast/rails_extensions/buffer.rb +30 -0
data/lib/contrast/rails_extensions/rack.rb +45 -0
data/lib/contrast/security_exception.rb +14 -0
data/lib/contrast/sinatra_extensions/assess/cookie.rb +26 -0
data/lib/contrast/sinatra_extensions/inventory/sinatra_base.rb +59 -0
data/lib/contrast/tasks/service.rb +95 -0
data/lib/contrast/utils/assess/sampling_util.rb +96 -0
data/lib/contrast/utils/assess/tracking_util.rb +39 -0
data/lib/contrast/utils/boolean_util.rb +33 -0
data/lib/contrast/utils/cache.rb +69 -0
data/lib/contrast/utils/class_util.rb +58 -0
data/lib/contrast/utils/comment_range.rb +19 -0
data/lib/contrast/utils/data_store_util.rb +23 -0
data/lib/contrast/utils/duck_utils.rb +58 -0
data/lib/contrast/utils/env_configuration_item.rb +52 -0
data/lib/contrast/utils/environment_util.rb +152 -0
data/lib/contrast/utils/freeze_util.rb +36 -0
data/lib/contrast/utils/gemfile_reader.rb +191 -0
data/lib/contrast/utils/hash_digest.rb +148 -0
data/lib/contrast/utils/heap_dump_util.rb +113 -0
data/lib/contrast/utils/invalid_configuration_util.rb +88 -0
data/lib/contrast/utils/inventory_util.rb +126 -0
data/lib/contrast/utils/io_util.rb +61 -0
data/lib/contrast/utils/object_share.rb +117 -0
data/lib/contrast/utils/operating_environment.rb +38 -0
data/lib/contrast/utils/os.rb +49 -0
data/lib/contrast/utils/path_util.rb +151 -0
data/lib/contrast/utils/performs_logging.rb +152 -0
data/lib/contrast/utils/preflight_util.rb +13 -0
data/lib/contrast/utils/prevent_serialization.rb +52 -0
data/lib/contrast/utils/rack_assess_session_cookie.rb +104 -0
data/lib/contrast/utils/rails_assess_configuration.rb +95 -0
data/lib/contrast/utils/random_util.rb +22 -0
data/lib/contrast/utils/resource_loader.rb +23 -0
data/lib/contrast/utils/ruby_ast_rewriter.rb +74 -0
data/lib/contrast/utils/scope_util.rb +99 -0
data/lib/contrast/utils/service_response_util.rb +116 -0
data/lib/contrast/utils/service_sender_util.rb +98 -0
data/lib/contrast/utils/sha256_builder.rb +69 -0
data/lib/contrast/utils/sinatra_helper.rb +49 -0
data/lib/contrast/utils/stack_trace_utils.rb +209 -0
data/lib/contrast/utils/string_utils.rb +72 -0
data/lib/contrast/utils/tag_util.rb +139 -0
data/lib/contrast/utils/thread_tracker.rb +54 -0
data/lib/contrast/utils/timer.rb +78 -0
data/resources/assess/policy.json +1673 -0
data/resources/csrf/inject.js +44 -0
data/resources/deadzone/policy.json +55 -0
data/resources/factory-bot-spec/spec_helper.rb +30 -0
data/resources/inventory/policy.json +110 -0
data/resources/protect/policy.json +417 -0
data/resources/rubocops/kernel/catch_cop.rb +37 -0
data/resources/rubocops/kernel/require_cop.rb +37 -0
data/resources/rubocops/kernel/require_relative_cop.rb +33 -0
data/resources/rubocops/module/autoload_cop.rb +37 -0
data/resources/rubocops/module/const_defined_cop.rb +37 -0
data/resources/rubocops/module/const_get_cop.rb +37 -0
data/resources/rubocops/module/const_set_cop.rb +37 -0
data/resources/rubocops/module/constants_cop.rb +37 -0
data/resources/rubocops/module/name_cop.rb +37 -0
data/resources/rubocops/object/class_cop.rb +37 -0
data/resources/rubocops/object/freeze_cop.rb +37 -0
data/resources/rubocops/object/frozen_cop.rb +37 -0
data/resources/rubocops/object/is_a_cop.rb +37 -0
data/resources/rubocops/object/method_cop.rb +37 -0
data/resources/rubocops/object/respond_to_cop.rb +37 -0
data/resources/rubocops/object/singleton_class_cop.rb +37 -0
data/resources/rubocops/regexp/spelling_cop.rb +44 -0
data/resources/rubocops/thread/new_cop.rb +39 -0
data/resources/ruby-spec/ancestors_spec.rb +70 -0
data/resources/ruby-spec/modulo_spec.rb +831 -0
data/resources/ruby-spec/parameters_spec.rb +261 -0
data/resources/ruby-spec/ruby_spec_spec_helper.rb +35 -0
data/resources/test_marker.txt +1 -0
data/ruby-agent.gemspec +129 -0
data/service_executables/.gitkeep +0 -0
data/service_executables/VERSION +1 -0
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +945 -0

data/lib/contrast/agent/protect/rule/csrf.rb ADDED

@@ -0,0 +1,118 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'rack'
+cs__scoped_require 'contrast/utils/object_share'
+cs__scoped_require 'contrast/agent/request'
+cs__scoped_require 'contrast/agent/response'
+cs__scoped_require 'contrast/utils/stack_trace_utils'
+cs__scoped_require 'contrast/utils/timer'
+module Contrast
+  module Agent
+    module Protect
+      module Rule
+        # The Ruby implementation of the Protect Cross-Site Request Forgery
+        # rule.
+        class Csrf < Contrast::Agent::Protect::Rule::Base
+          NAME = 'csrf'
+          def name
+            NAME
+          end
+          def stream_safe?
+            false
+          end
+          def request_evaluator
+            @_request_evaluator ||= Contrast::Agent::Protect::Rule::Csrf::CsrfEvaluator.new
+          end
+          def token_injector
+            @_token_injector ||= Contrast::Agent::Protect::Rule::Csrf::CsrfTokenInjector.new
+          end
+          BLOCK_MESSAGE = 'CSRF rule triggered. Request blocked.'
+          def prefilter context
+            return unless enabled? && mode != :NO_ACTION
+            request = context.request
+            return if request_evaluator.can_ignore_check?(request)
+            parameters = request.parameters
+            return unless parameters&.any?
+            tokens = parameters[token_injector.token_name]
+            expected_token = token_injector.get_expected_token(context)
+            return if valid_token?(expected_token, tokens)
+            # unexpected token is interpreted as an attack with a match
+            ia_result = Contrast::Api::Settings::InputAnalysisResult.new
+            ia_result.input_type = :BODY
+            ia_result.value = build_attack_string(context.request)
+            result = build_attack_with_match(
+                context,
+                ia_result,
+                nil,
+                expected_token,
+                details: build_details(expected_token, tokens))
+            append_to_activity(context, result)
+            raise Contrast::SecurityException.new(self, BLOCK_MESSAGE) if blocked?
+          end
+          def valid_token? expected, actual_tokens
+            actual_tokens&.include?(expected)
+          end
+          def postfilter context
+            return unless enabled? && POSTFILTER_MODES.include?(mode)
+            token_injector.do_injection(context)
+          end
+          def build_sample context, evaluation, _url, **kwargs
+            sample = build_base_sample(context, evaluation)
+            sample.csrf = kwargs[:details]
+            sample
+          end
+          # Build a subclass of the RaspRuleSample using the query string and the
+          # evaluation
+          def build_details expected, actual_tokens
+            details = Contrast::Api::Dtm::CsrfDetails.new
+            details.name = Contrast::Utils::StringUtils.protobuf_safe_string(token_injector.token_name)
+            details.expected = Contrast::Utils::StringUtils.protobuf_safe_string(expected)
+            presented = build_presented_token(actual_tokens)
+            details.presented = Contrast::Utils::StringUtils.protobuf_safe_string(presented)
+            details
+          end
+          def build_presented_token actual_tokens
+            return Contrast::Utils::ObjectShare::EMPTY_STRING unless actual_tokens&.any?
+            actual_tokens.first
+          end
+          # Convert the request parameters into an attack string
+          def build_attack_string request
+            arr = []
+            request.dtm.normalized_request_params.each_with_index do |(name, value), index|
+              arr << Contrast::Utils::ObjectShare::AND unless index.zero?
+              arr += [name.to_s, Contrast::Utils::ObjectShare::EQUALS, value.values.to_s]
+            end
+            if arr.empty?
+              request.query_string
+            else
+              arr.join
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb ADDED

@@ -0,0 +1,103 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/utils/object_share'
+cs__scoped_require 'contrast/components/interface'
+cs__scoped_require 'uri'
+# This class is used by the CSRF rule to determine if the given Request is
+# susceptible to CSRF / if the rule applies to it.
+class Contrast::Agent::Protect::Rule::Csrf::CsrfEvaluator # rubocop:disable Style/ClassAndModuleChildren
+  include Contrast::Components::Interface
+  access_component :logging
+  def can_ignore_check? request
+    if !form_submittable_method?(request)
+      logger.debug("Ignoring method #{ request.request_method } for URI #{ request.uri }")
+      true
+    elsif ajax_request?(request)
+      logger.debug("Ignoring Ajax request for URI #{ request.uri }")
+      true
+    elsif empty_post?(request)
+      logger.debug("Ignoring empty POST request for URI #{ request.uri }")
+      true
+    elsif !form_content_type?(request)
+      logger.debug("Ignoring POST request with Content-Type #{ request.content_type } for URI #{ request.uri }")
+      true
+    elsif request.static_request?
+      logger.debug("Ignoring static request for URI #{ request.uri }")
+      true
+    elsif origin_is_referer?(request)
+      logger.debug("Ignoring equivalent origin-referer for URI #{ request.uri }")
+      true
+    elsif login_page?(request)
+      logger.debug("Ignoring possible login page for URI #{ request.uri }")
+      true
+    else
+      false
+    end
+  rescue StandardError => e
+    logger.warn(e, 'Unable to determine if CSRF can be ignored')
+  end
+  POST_METHOD = 'POST'
+  def form_submittable_method? request
+    POST_METHOD == request.request_method
+  end
+  REQUESTED_WITH = 'X-REQUESTED-WITH'
+  def ajax_request? request
+    requested_with = request.header_value(REQUESTED_WITH)
+    !requested_with.nil? && !requested_with.empty?
+  end
+  USER_AGENT = 'USER-AGENT'
+  def empty_user_agent? request
+    agent = request.header_value(USER_AGENT)
+    agent.nil? || agent.empty?
+  end
+  def empty_post? request
+    request.request_body_str.empty? && (request.query_string.nil? || request.query_string.empty?)
+  end
+  FORM_CONTENT_TYPES = %w[text/plain multipart/form-data application/x-www-form-urlencoded].cs__freeze
+  def form_content_type? request
+    content_type = request.content_type
+    return true if content_type.nil? || content_type.empty?
+    content_type.start_with?(*FORM_CONTENT_TYPES)
+  end
+  ORIGIN = 'ORIGIN'
+  REFERER = 'REFERER'
+  def origin_is_referer? request
+    origin = request.header_value(ORIGIN)
+    referer = request.header_value(REFERER)
+    return false unless origin && referer
+    return false if origin.empty? || referer.empty?
+    origin = trim_origin(origin)
+    referer = URI(referer).host
+    origin == referer
+  end
+  HTTP = 'http://'
+  HTTPS = 'https://'
+  def trim_origin origin_header
+    origin_header = if origin_header.to_s.start_with?(HTTP, HTTPS)
+                      URI(origin_header).host
+                    else
+                      idx = origin_header.index(Contrast::Utils::ObjectShare::COLON)
+                      idx.nil? ? origin_header : origin_header[0, idx]
+                    end
+    origin_header
+  end
+  LOGIN_MARKERS = %w[login auth j_security verify validate sessions].cs__freeze
+  def login_page? request
+    url = request.url.downcase
+    LOGIN_MARKERS.any? { |marker| url.index(marker) }
+  end
+end

data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb ADDED

@@ -0,0 +1,85 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/utils/object_share'
+cs__scoped_require 'contrast/utils/random_util'
+# This class is used by the CSRF rule to inject the Contrast CSRF token into
+# the Response's body, allowing for the detection of CSRF attacks.
+class Contrast::Agent::Protect::Rule::Csrf::CsrfTokenInjector # rubocop:disable Style/ClassAndModuleChildren
+  TKN_NAME = 'cs_csrf_tkn'
+  def token_name
+    TKN_NAME
+  end
+  SESSION_TOKEN_PREFIX = '__CONTRAST__'
+  def token_key
+    @_token_key ||= SESSION_TOKEN_PREFIX + token_name
+  end
+  def javascript
+    @_javascript ||= build_javascript
+  end
+  SCRIPT_LOC = File.join('csrf', 'inject.js').cs__freeze
+  NAME_MARKER = '!TOKEN_NAME!'
+  VALUE_MARKER = '!TOKEN_VALUE!'
+  def build_javascript
+    script = Contrast::Utils::ResourceLoader.load(SCRIPT_LOC)
+    script&.sub!(NAME_MARKER, TKN_NAME)
+    script
+  end
+  CSRF_TOKEN_LENGTH = 8
+  def get_expected_token context
+    cookies = context.request.request_cookies
+    token = cookies[token_key]
+    return token if token
+    return unless context.response
+    build_token(context)
+  end
+  def build_token context
+    token = Contrast::Utils::RandomUtil.secure_random_string(CSRF_TOKEN_LENGTH)
+    context&.response&.set_header(token_key, token)
+    token
+  end
+  CONTENT_TYPE = 'CONTENT-TYPE'
+  def wedge_token? response
+    return true unless response
+    content_type = response.header(CONTENT_TYPE)
+    return true unless content_type
+    content_type = content_type.to_s
+    !content_type.start_with?(*DATA_CONTENT_TYPES)
+  end
+  END_BODY_TAG = %r{</body>}i.cs__freeze
+  def do_injection context
+    return unless wedge_token?(context&.response)
+    body_string = context&.response&.body
+    return unless body_string
+    index = body_string.index(END_BODY_TAG)
+    return unless index
+    injection = get_expected_token(context)
+    return unless injection
+    injection = javascript.sub(VALUE_MARKER, injection)
+    body_string.insert(index, injection)
+    context&.response&.update_body(body_string)
+  end
+  DATA_CONTENT_TYPES = [
+    'image/', 'audio/', 'video/',
+    'application/json', 'application/xml',
+    'application/octet', 'application/force',
+    'text/json', 'text/xml'
+  ].cs__freeze
+end

data/lib/contrast/agent/protect/rule/default_scanner.rb ADDED

@@ -0,0 +1,300 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+# The base class used to determine if a user input crosses a token boundary or
+# state, indicating a successful attack using SQL or NoSQL Injection.
+#
+# @deprecated RUBY-356: this class and those that extend it are being phased out
+#   in favor of the more performant code in the Service.
+class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/ClassAndModuleChildren
+  # Potential states
+  # :STATE_INSIDE_TOKEN
+  # :STATE_INSIDE_NUMBER
+  # :STATE_EXPECTING_TOKEN
+  # :STATE_INSIDE_DOUBLEQUOTE
+  # :STATE_INSIDE_SINGLEQUOTE
+  # :STATE_INSIDE_STRING_ESCAPE_BLOCK
+  # :STATE_INSIDE_LINE_COMMENT  # inside a comment that will continue to the end of the line
+  # :STATE_INSIDE_BLOCK_COMMENT # inside a commend that will end with a closing tag
+  # :STATE_SKIP_NEXT_CHARACTER
+  def crosses_boundary query, index, input
+    last_boundary = 0
+    token_boundaries(query).each do |boundary|
+      if boundary > index
+        return last_boundary, boundary if boundary < index + input.length
+        break
+      end
+      last_boundary = boundary
+    end
+    nil
+  end
+  def token_boundaries query
+    @_token_boundaries ||= scan_token_boundaries(query)
+  end
+  CANARY = "select * from tbl where bar='bar';#' and pwd='sec3r3t'; # CANARY"
+  def scan_token_boundaries query
+    boundaries = []
+    return boundaries unless query && !query.empty?
+    state = :STATE_EXPECTING_TOKEN
+    index = 0
+    while index < query.length
+      char = query[index]
+      previous_state = state
+      state = process_state(boundaries, state, char, index, query)
+      case state
+      when :STATE_SKIP_NEXT_CHARACTER
+        index += 1
+        state = previous_state
+      when :STATE_INSIDE_STRING_ESCAPE_BLOCK
+        index = find_escape_sequence_boundary(query, index + 1)
+        state = previous_state
+      when :STATE_INSIDE_BLOCK_COMMENT
+        index = find_block_comment_boundary(query, index + 2)
+        index += 1
+        state = previous_state
+        boundaries << index
+      when :STATE_INSIDE_LINE_COMMENT
+        index = find_new_line_boundary(query, index + 1)
+        state = previous_state
+        boundaries << index
+      end
+      index += 1
+    end
+    boundaries
+  end
+  def process_state boundaries, current_state, char, index, query
+    case current_state
+    when :STATE_EXPECTING_TOKEN
+      process_expecting_token(boundaries, char, index, query)
+    when :STATE_INSIDE_NUMBER
+      process_number(boundaries, char, index, query)
+    when :STATE_INSIDE_TOKEN
+      process_inside_token(boundaries, char, index, query)
+    when :STATE_INSIDE_DOUBLEQUOTE
+      process_double_quote(boundaries, char, index, query)
+    when :STATE_INSIDE_SINGLEQUOTE
+      process_single_quote(boundaries, char, index, query)
+    end
+  end
+  def process_expecting_token boundaries, char, index, query
+    if char == Contrast::Utils::ObjectShare::SINGLE_QUOTE
+      boundaries << index
+      :STATE_INSIDE_SINGLEQUOTE
+    elsif char == Contrast::Utils::ObjectShare::DOUBLE_QUOTE
+      boundaries << index
+      :STATE_INSIDE_DOUBLEQUOTE
+    elsif char.match?(Contrast::Utils::ObjectShare::DIGIT_REGEXP)
+      boundaries << index
+      :STATE_INSIDE_NUMBER
+    elsif start_line_comment?(char, index, query)
+      boundaries << index
+      :STATE_INSIDE_LINE_COMMENT
+    elsif start_block_comment?(char, index, query)
+      boundaries << index
+      :STATE_INSIDE_BLOCK_COMMENT
+    elsif char.match?(Contrast::Utils::ObjectShare::NOT_WHITE_SPACE_REGEXP)
+      boundaries << index
+      :STATE_INSIDE_TOKEN
+    else
+      :STATE_EXPECTING_TOKEN
+    end
+  end
+  def process_inside_token boundaries, char, index, query
+    if char == Contrast::Utils::ObjectShare::SINGLE_QUOTE
+      boundaries << index
+      :STATE_INSIDE_SINGLEQUOTE
+    elsif char == Contrast::Utils::ObjectShare::DOUBLE_QUOTE
+      boundaries << index
+      :STATE_INSIDE_DOUBLEQUOTE
+    elsif start_line_comment?(char, index, query)
+      boundaries << index
+      :STATE_INSIDE_LINE_COMMENT
+    elsif start_block_comment?(char, index, query)
+      boundaries << index
+      :STATE_INSIDE_BLOCK_COMMENT
+    elsif operator?(char)
+      boundaries << index
+      :STATE_EXPECTING_TOKEN
+    elsif char.match?(Contrast::Utils::ObjectShare::WHITE_SPACE_REGEXP)
+      boundaries << index
+      :STATE_EXPECTING_TOKEN
+    else
+      :STATE_INSIDE_TOKEN
+    end
+  end
+  def process_number boundaries, char, index, _query
+    if char.match?(Contrast::Utils::ObjectShare::DIGIT_REGEXP) || char == Contrast::Utils::ObjectShare::PERIOD
+      :STATE_INSIDE_NUMBER
+    else
+      boundaries << index
+      :STATE_EXPECTING_TOKEN
+    end
+  end
+  def process_double_quote boundaries, char, index, query
+    if escape_char?(char)
+      :STATE_SKIP_NEXT_CHARACTER
+    elsif escape_sequence_start?(char)
+      :STATE_INSIDE_STRING_ESCAPE_BLOCK
+    elsif char == Contrast::Utils::ObjectShare::DOUBLE_QUOTE
+      if double_quote_escape_in_double_quote? && double_quote?(query, index + 1)
+        :STATE_SKIP_NEXT_CHARACTER
+      else
+        boundaries << index
+        :STATE_EXPECTING_TOKEN
+      end
+    else
+      :STATE_INSIDE_DOUBLEQUOTE
+    end
+  end
+  def process_single_quote boundaries, char, index, query
+    if escape_char?(char)
+      :STATE_SKIP_NEXT_CHARACTER
+    elsif escape_sequence_start?(char)
+      :STATE_INSIDE_STRING_ESCAPE_BLOCK
+    elsif char == Contrast::Utils::ObjectShare::SINGLE_QUOTE
+      if singe_quote_escape_in_singe_quote? && single_quote?(query, index + 1)
+        :STATE_SKIP_NEXT_CHARACTER
+      else
+        boundaries << index
+        :STATE_EXPECTING_TOKEN
+      end
+    else
+      :STATE_INSIDE_SINGLEQUOTE
+    end
+  end
+  def double_quote? query, index
+    return false unless index >= 0 && index < query.length
+    query[index] == Contrast::Utils::ObjectShare::DOUBLE_QUOTE
+  end
+  def single_quote? query, index
+    return false unless index >= 0 && index < query.length
+    query[index] == Contrast::Utils::ObjectShare::SINGLE_QUOTE
+  end
+  def find_escape_sequence_boundary query, index
+    idx = index
+    while idx < query.length
+      char = query[idx]
+      break if escape_sequence_end?(char)
+      idx += 1
+    end
+    idx
+  end
+  def find_block_comment_boundary query, index
+    idx = index
+    while idx < query.length
+      char = query[idx]
+      break if end_block_comment?(char, idx, query)
+      idx += 1
+    end
+    idx
+  end
+  def find_new_line_boundary query, index
+    idx = index
+    while idx < query.length
+      char = query[idx]
+      break if char == Contrast::Utils::ObjectShare::NEW_LINE
+      break if char == Contrast::Utils::ObjectShare::RETURN
+      idx += 1
+    end
+    idx
+  end
+  OPERATOR_PATTERN = %r{[+=*^/%><!-]}.cs__freeze
+  def operator? char
+    char.match?(OPERATOR_PATTERN)
+  end
+  # @note: Any class extending this module should override these methods as needed
+  # Are the current and subsequent characters both '-' ?
+  def start_line_comment? char, index, query
+    return false unless char == Contrast::Utils::ObjectShare::DASH
+    return false unless (query.length - 2) >= index
+    query[index + 1] == Contrast::Utils::ObjectShare::DASH
+  end
+  # Is the current character / sequence of characters the start of a block comment
+  # We assume '/*' starts the comment by default
+  def start_block_comment? char, index, query
+    return false unless char == Contrast::Utils::ObjectShare::SLASH
+    return false unless (query.length - 2) >= index
+    query[index + 1] == Contrast::Utils::ObjectShare::ASTERISK
+  end
+  # Is the current character / sequence of characters the end of a block comment
+  # We assume '*/' ends the comment by default
+  def end_block_comment? char, index, query
+    return false unless char == Contrast::Utils::ObjectShare::ASTERISK
+    return false unless (query.length - 2) >= index
+    query[index + 1] == Contrast::Utils::ObjectShare::SLASH
+  end
+  # Indicates if '""' inside of double quotes is the equivalent of '\"'
+  # We assume no by default
+  def double_quote_escape_in_double_quote?
+    false
+  end
+  # Indicates if "''" inside of single quotes is the equivalent of "\'"
+  # We assume yes by default
+  def singe_quote_escape_in_singe_quote?
+    true
+  end
+  # Does this language let the user redefine the escape character
+  # We assume no by default
+  def redefines_escape_char?
+    false
+  end
+  # Is the character provided an escape character?
+  # By default, we'll assume
+  def escape_char? char
+    char == Contrast::Utils::ObjectShare::BACK_SLASH
+  end
+  # Does this language support string escape sequences?
+  # We assume no by default
+  def support_string_escape_sequence?
+    false
+  end
+  # Is this the start of a string escape sequence?
+  # Since escape sequences aren't supported, the answer is always false
+  def escape_sequence_start? _char
+    false
+  end
+  # Is this the end of a string escape sequence?
+  # Since escape sequences aren't supported, the answer is always false
+  def escape_sequence_end? _char
+    false
+  end
+end