RubyGems - contrast-agent - Versions diffs - 3.8.4 - Mend

contrast-agent 3.8.4

Files changed (500) hide show

checksums.yaml +7 -0
data/.clang-format +5 -0
data/.dockerignore +10 -0
data/.gitignore +58 -0
data/.gitmodules +6 -0
data/.rspec +6 -0
data/.simplecov +4 -0
data/Gemfile +7 -0
data/LICENSE.txt +12 -0
data/Rakefile +15 -0
data/exe/contrast_service +29 -0
data/ext/build_funchook.rb +48 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.c +47 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.h +10 -0
data/ext/cs__assess_active_record_named/extconf.rb +2 -0
data/ext/cs__assess_array/cs__assess_array.c +38 -0
data/ext/cs__assess_array/cs__assess_array.h +9 -0
data/ext/cs__assess_array/extconf.rb +2 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +50 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.h +17 -0
data/ext/cs__assess_basic_object/extconf.rb +2 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +86 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +34 -0
data/ext/cs__assess_fiber_track/extconf.rb +2 -0
data/ext/cs__assess_hash/cs__assess_hash.c +64 -0
data/ext/cs__assess_hash/cs__assess_hash.h +24 -0
data/ext/cs__assess_hash/extconf.rb +2 -0
data/ext/cs__assess_kernel/cs__assess_kernel.c +36 -0
data/ext/cs__assess_kernel/cs__assess_kernel.h +10 -0
data/ext/cs__assess_kernel/extconf.rb +2 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +47 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +18 -0
data/ext/cs__assess_marshal_module/extconf.rb +2 -0
data/ext/cs__assess_module/cs__assess_module.c +78 -0
data/ext/cs__assess_module/cs__assess_module.h +25 -0
data/ext/cs__assess_module/extconf.rb +2 -0
data/ext/cs__assess_regexp/cs__assess_regexp.c +48 -0
data/ext/cs__assess_regexp/cs__assess_regexp.h +22 -0
data/ext/cs__assess_regexp/extconf.rb +2 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +63 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +29 -0
data/ext/cs__assess_regexp_track/extconf.rb +2 -0
data/ext/cs__assess_string/cs__assess_string.c +38 -0
data/ext/cs__assess_string/cs__assess_string.h +19 -0
data/ext/cs__assess_string/extconf.rb +2 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +31 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +13 -0
data/ext/cs__assess_string_interpolation26/extconf.rb +2 -0
data/ext/cs__common/cs__common.c +60 -0
data/ext/cs__common/cs__common.h +28 -0
data/ext/cs__common/extconf.rb +20 -0
data/ext/cs__contrast_patch/cs__contrast_patch.c +445 -0
data/ext/cs__contrast_patch/cs__contrast_patch.h +196 -0
data/ext/cs__contrast_patch/extconf.rb +2 -0
data/ext/cs__protect_kernel/cs__protect_kernel.c +37 -0
data/ext/cs__protect_kernel/cs__protect_kernel.h +11 -0
data/ext/cs__protect_kernel/extconf.rb +2 -0
data/ext/cs__scope/cs__scope.c +96 -0
data/ext/cs__scope/cs__scope.h +33 -0
data/ext/cs__scope/extconf.rb +2 -0
data/ext/extconf_common.rb +49 -0
data/funchook/LICENSE +360 -0
data/funchook/Makefile +29 -0
data/funchook/Makefile.in +29 -0
data/funchook/README.md +121 -0
data/funchook/appveyor.yml +42 -0
data/funchook/autogen.sh +3 -0
data/funchook/autom4te.cache/output.0 +4976 -0
data/funchook/autom4te.cache/requests +78 -0
data/funchook/autom4te.cache/traces.0 +364 -0
data/funchook/config.guess +1530 -0
data/funchook/config.log +490 -0
data/funchook/config.status +1016 -0
data/funchook/config.sub +1773 -0
data/funchook/configure +4976 -0
data/funchook/configure.ac +59 -0
data/funchook/distorm/COPYING +26 -0
data/funchook/distorm/MANIFEST +25 -0
data/funchook/distorm/MANIFEST.in +4 -0
data/funchook/distorm/README.md +12 -0
data/funchook/distorm/disOps/disOps.py +795 -0
data/funchook/distorm/disOps/x86db.py +404 -0
data/funchook/distorm/disOps/x86header.py +247 -0
data/funchook/distorm/disOps/x86sets.py +1664 -0
data/funchook/distorm/examples/cs/TestdiStorm/Program.cs +79 -0
data/funchook/distorm/examples/cs/TestdiStorm/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/TestdiStorm/TestdiStorm.csproj +69 -0
data/funchook/distorm/examples/cs/distorm-net.sln +26 -0
data/funchook/distorm/examples/cs/distorm-net/CodeInfo.cs +23 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedInst.cs +15 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedInst.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.cs +1268 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.tt +37 -0
data/funchook/distorm/examples/cs/distorm-net/Operand.cs +25 -0
data/funchook/distorm/examples/cs/distorm-net/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/diStorm3.cs +411 -0
data/funchook/distorm/examples/cs/distorm-net/distorm-net.csproj +80 -0
data/funchook/distorm/examples/cs/readme +3 -0
data/funchook/distorm/examples/ddk/README +48 -0
data/funchook/distorm/examples/ddk/distorm.ini +11 -0
data/funchook/distorm/examples/ddk/dummy.c +15 -0
data/funchook/distorm/examples/ddk/main.c +91 -0
data/funchook/distorm/examples/ddk/makefile +1 -0
data/funchook/distorm/examples/ddk/sources +10 -0
data/funchook/distorm/examples/java/Makefile +23 -0
data/funchook/distorm/examples/java/distorm/src/Main.java +43 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/CodeInfo.java +27 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedInst.java +32 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedInst.java +89 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/OpcodeEnum.java +131 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Opcodes.java +1123 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Operand.java +24 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/distorm3.java +41 -0
data/funchook/distorm/examples/java/jdistorm.c +405 -0
data/funchook/distorm/examples/java/jdistorm.h +40 -0
data/funchook/distorm/examples/java/jdistorm.sln +20 -0
data/funchook/distorm/examples/java/jdistorm.vcproj +208 -0
data/funchook/distorm/examples/linux/Makefile +15 -0
data/funchook/distorm/examples/linux/main.c +181 -0
data/funchook/distorm/examples/tests/Makefile +15 -0
data/funchook/distorm/examples/tests/main.cpp +42 -0
data/funchook/distorm/examples/tests/main.py +66 -0
data/funchook/distorm/examples/tests/test_distorm3.py +1672 -0
data/funchook/distorm/examples/tests/tests.sln +20 -0
data/funchook/distorm/examples/tests/tests.vcxproj +82 -0
data/funchook/distorm/examples/tests/tests.vcxproj.filters +22 -0
data/funchook/distorm/examples/win32/disasm.sln +25 -0
data/funchook/distorm/examples/win32/disasm.vcxproj +201 -0
data/funchook/distorm/examples/win32/disasm.vcxproj.filters +14 -0
data/funchook/distorm/examples/win32/main.cpp +163 -0
data/funchook/distorm/include/distorm.h +482 -0
data/funchook/distorm/include/mnemonics.h +301 -0
data/funchook/distorm/make/linux/Makefile +28 -0
data/funchook/distorm/make/mac/Makefile +24 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj +239 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj.filters +80 -0
data/funchook/distorm/make/win32/distorm.sln +25 -0
data/funchook/distorm/make/win32/resource.h +14 -0
data/funchook/distorm/make/win32/resource.rc +99 -0
data/funchook/distorm/python/distorm3/__init__.py +957 -0
data/funchook/distorm/python/distorm3/sample.py +51 -0
data/funchook/distorm/setup.cfg +10 -0
data/funchook/distorm/setup.py +266 -0
data/funchook/distorm/src/config.h +169 -0
data/funchook/distorm/src/decoder.c +641 -0
data/funchook/distorm/src/decoder.h +33 -0
data/funchook/distorm/src/distorm.c +413 -0
data/funchook/distorm/src/instructions.c +597 -0
data/funchook/distorm/src/instructions.h +463 -0
data/funchook/distorm/src/insts.c +7939 -0
data/funchook/distorm/src/insts.h +64 -0
data/funchook/distorm/src/mnemonics.c +284 -0
data/funchook/distorm/src/operands.c +1290 -0
data/funchook/distorm/src/operands.h +28 -0
data/funchook/distorm/src/prefix.c +368 -0
data/funchook/distorm/src/prefix.h +64 -0
data/funchook/distorm/src/textdefs.c +172 -0
data/funchook/distorm/src/textdefs.h +57 -0
data/funchook/distorm/src/wstring.c +47 -0
data/funchook/distorm/src/wstring.h +35 -0
data/funchook/distorm/src/x86defs.h +82 -0
data/funchook/include/funchook.h +123 -0
data/funchook/install-sh +527 -0
data/funchook/src/Makefile +70 -0
data/funchook/src/Makefile.in +70 -0
data/funchook/src/__strerror.h +109 -0
data/funchook/src/config.h +101 -0
data/funchook/src/config.h.in +100 -0
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.c +440 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_internal.h +155 -0
data/funchook/src/funchook_io.c +182 -0
data/funchook/src/funchook_io.h +64 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.S +134 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.c +480 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_windows.c +397 -0
data/funchook/src/funchook_x86.c +622 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.so +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.c +115 -0
data/funchook/src/os_func.h +75 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.c +94 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/os_func_windows.c +32 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.c +1688 -0
data/funchook/src/printf_base.h +46 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +43 -0
data/funchook/test/Makefile.in +43 -0
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.c +25 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/libfunchook_test2.c +18 -0
data/funchook/test/suffix.list +600 -0
data/funchook/test/test_main.c +430 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.S +10 -0
data/funchook/test/x86_64_test.o +0 -0
data/funchook/test/x86_test.S +339 -0
data/funchook/win32/config.h +1 -0
data/funchook/win32/funchook.sln +52 -0
data/funchook/win32/funchook.vcxproj +188 -0
data/funchook/win32/funchook.vcxproj.filters +84 -0
data/funchook/win32/funchook_test.vcxproj +170 -0
data/funchook/win32/funchook_test.vcxproj.filters +22 -0
data/funchook/win32/funchook_test_dll.vcxproj +184 -0
data/funchook/win32/funchook_test_dll.vcxproj.filters +30 -0
data/funchook/win32/funchook_test_exe.def +3 -0
data/lib/contrast-agent.rb +8 -0
data/lib/contrast.rb +57 -0
data/lib/contrast/agent.rb +80 -0
data/lib/contrast/agent/assess.rb +45 -0
data/lib/contrast/agent/assess/adjusted_span.rb +25 -0
data/lib/contrast/agent/assess/class_reverter.rb +82 -0
data/lib/contrast/agent/assess/contrast_event.rb +398 -0
data/lib/contrast/agent/assess/frozen_properties.rb +41 -0
data/lib/contrast/agent/assess/insulator.rb +53 -0
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +78 -0
data/lib/contrast/agent/assess/policy/patcher.rb +85 -0
data/lib/contrast/agent/assess/policy/policy.rb +116 -0
data/lib/contrast/agent/assess/policy/policy_node.rb +289 -0
data/lib/contrast/agent/assess/policy/policy_scanner.rb +44 -0
data/lib/contrast/agent/assess/policy/preshift.rb +94 -0
data/lib/contrast/agent/assess/policy/propagation_method.rb +260 -0
data/lib/contrast/agent/assess/policy/propagation_node.rb +127 -0
data/lib/contrast/agent/assess/policy/propagator.rb +35 -0
data/lib/contrast/agent/assess/policy/propagator/append.rb +54 -0
data/lib/contrast/agent/assess/policy/propagator/base.rb +37 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/custom.rb +36 -0
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +62 -0
data/lib/contrast/agent/assess/policy/propagator/insert.rb +55 -0
data/lib/contrast/agent/assess/policy/propagator/keep.rb +26 -0
data/lib/contrast/agent/assess/policy/propagator/next.rb +42 -0
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +50 -0
data/lib/contrast/agent/assess/policy/propagator/remove.rb +76 -0
data/lib/contrast/agent/assess/policy/propagator/replace.rb +27 -0
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +38 -0
data/lib/contrast/agent/assess/policy/propagator/select.rb +86 -0
data/lib/contrast/agent/assess/policy/propagator/splat.rb +60 -0
data/lib/contrast/agent/assess/policy/propagator/split.rb +49 -0
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +169 -0
data/lib/contrast/agent/assess/policy/propagator/trim.rb +81 -0
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +79 -0
data/lib/contrast/agent/assess/policy/source_method.rb +209 -0
data/lib/contrast/agent/assess/policy/source_node.rb +62 -0
data/lib/contrast/agent/assess/policy/trigger_method.rb +209 -0
data/lib/contrast/agent/assess/policy/trigger_node.rb +198 -0
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +77 -0
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +31 -0
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +40 -0
data/lib/contrast/agent/assess/properties.rb +392 -0
data/lib/contrast/agent/assess/rule.rb +18 -0
data/lib/contrast/agent/assess/rule/base.rb +72 -0
data/lib/contrast/agent/assess/rule/csrf.rb +66 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +28 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +69 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +132 -0
data/lib/contrast/agent/assess/rule/provider.rb +21 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +62 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +73 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +121 -0
data/lib/contrast/agent/assess/rule/redos.rb +68 -0
data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +47 -0
data/lib/contrast/agent/assess/rule/response_watcher.rb +36 -0
data/lib/contrast/agent/assess/rule/watcher.rb +36 -0
data/lib/contrast/agent/assess/tag.rb +151 -0
data/lib/contrast/agent/at_exit_hook.rb +33 -0
data/lib/contrast/agent/class_reopener.rb +195 -0
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +26 -0
data/lib/contrast/agent/deadzone/policy/policy.rb +57 -0
data/lib/contrast/agent/disable_reaction.rb +24 -0
data/lib/contrast/agent/exclusion_matcher.rb +190 -0
data/lib/contrast/agent/feature_state.rb +379 -0
data/lib/contrast/agent/inventory/policy/policy.rb +32 -0
data/lib/contrast/agent/inventory/policy/trigger_node.rb +22 -0
data/lib/contrast/agent/logger_manager.rb +116 -0
data/lib/contrast/agent/middleware.rb +352 -0
data/lib/contrast/agent/module_data.rb +16 -0
data/lib/contrast/agent/patching/policy/after_load_patch.rb +37 -0
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +58 -0
data/lib/contrast/agent/patching/policy/method_policy.rb +94 -0
data/lib/contrast/agent/patching/policy/module_policy.rb +116 -0
data/lib/contrast/agent/patching/policy/patch.rb +312 -0
data/lib/contrast/agent/patching/policy/patch_status.rb +192 -0
data/lib/contrast/agent/patching/policy/patcher.rb +310 -0
data/lib/contrast/agent/patching/policy/policy.rb +138 -0
data/lib/contrast/agent/patching/policy/policy_node.rb +80 -0
data/lib/contrast/agent/patching/policy/policy_unpatcher.rb +28 -0
data/lib/contrast/agent/patching/policy/trigger_node.rb +81 -0
data/lib/contrast/agent/protect/policy/policy.rb +37 -0
data/lib/contrast/agent/protect/policy/trigger_node.rb +23 -0
data/lib/contrast/agent/protect/rule.rb +58 -0
data/lib/contrast/agent/protect/rule/base.rb +300 -0
data/lib/contrast/agent/protect/rule/base_service.rb +88 -0
data/lib/contrast/agent/protect/rule/cmd_injection.rb +156 -0
data/lib/contrast/agent/protect/rule/csrf.rb +118 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +103 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +85 -0
data/lib/contrast/agent/protect/rule/default_scanner.rb +300 -0
data/lib/contrast/agent/protect/rule/deserialization.rb +193 -0
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +80 -0
data/lib/contrast/agent/protect/rule/no_sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +40 -0
data/lib/contrast/agent/protect/rule/path_traversal.rb +143 -0
data/lib/contrast/agent/protect/rule/sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +16 -0
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +38 -0
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +22 -0
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +19 -0
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +20 -0
data/lib/contrast/agent/protect/rule/xss.rb +24 -0
data/lib/contrast/agent/protect/rule/xxe.rb +120 -0
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +82 -0
data/lib/contrast/agent/railtie.rb +30 -0
data/lib/contrast/agent/reaction_processor.rb +47 -0
data/lib/contrast/agent/request.rb +493 -0
data/lib/contrast/agent/request_context.rb +225 -0
data/lib/contrast/agent/require_state.rb +61 -0
data/lib/contrast/agent/response.rb +215 -0
data/lib/contrast/agent/rewriter.rb +244 -0
data/lib/contrast/agent/scope.rb +28 -0
data/lib/contrast/agent/service_heartbeat.rb +37 -0
data/lib/contrast/agent/settings_state.rb +148 -0
data/lib/contrast/agent/socket_client.rb +125 -0
data/lib/contrast/agent/thread.rb +26 -0
data/lib/contrast/agent/tracepoint_hook.rb +51 -0
data/lib/contrast/agent/version.rb +8 -0
data/lib/contrast/api.rb +17 -0
data/lib/contrast/api/.gitkeep +0 -0
data/lib/contrast/api/connection_status.rb +49 -0
data/lib/contrast/api/socket.rb +43 -0
data/lib/contrast/api/speedracer.rb +206 -0
data/lib/contrast/api/tcp_socket.rb +31 -0
data/lib/contrast/api/unix_socket.rb +25 -0
data/lib/contrast/common_agent_configuration.rb +86 -0
data/lib/contrast/components/agent.rb +85 -0
data/lib/contrast/components/app_context.rb +188 -0
data/lib/contrast/components/assess.rb +67 -0
data/lib/contrast/components/config.rb +135 -0
data/lib/contrast/components/contrast_service.rb +113 -0
data/lib/contrast/components/heap_dump.rb +34 -0
data/lib/contrast/components/interface.rb +178 -0
data/lib/contrast/components/inventory.rb +23 -0
data/lib/contrast/components/logger.rb +92 -0
data/lib/contrast/components/protect.rb +38 -0
data/lib/contrast/components/sampling.rb +41 -0
data/lib/contrast/components/scope.rb +106 -0
data/lib/contrast/components/settings.rb +140 -0
data/lib/contrast/config.rb +33 -0
data/lib/contrast/config/agent_configuration.rb +24 -0
data/lib/contrast/config/application_configuration.rb +27 -0
data/lib/contrast/config/assess_configuration.rb +22 -0
data/lib/contrast/config/assess_rules_configuration.rb +18 -0
data/lib/contrast/config/base_configuration.rb +105 -0
data/lib/contrast/config/default_value.rb +16 -0
data/lib/contrast/config/exception_configuration.rb +21 -0
data/lib/contrast/config/heap_dump_configuration.rb +23 -0
data/lib/contrast/config/inventory_configuration.rb +20 -0
data/lib/contrast/config/logger_configuration.rb +20 -0
data/lib/contrast/config/protect_configuration.rb +20 -0
data/lib/contrast/config/protect_rule_configuration.rb +37 -0
data/lib/contrast/config/protect_rules_configuration.rb +30 -0
data/lib/contrast/config/root_configuration.rb +26 -0
data/lib/contrast/config/ruby_configuration.rb +39 -0
data/lib/contrast/config/sampling_configuration.rb +22 -0
data/lib/contrast/config/server_configuration.rb +23 -0
data/lib/contrast/config/service_configuration.rb +22 -0
data/lib/contrast/configuration.rb +214 -0
data/lib/contrast/core_extensions/assess.rb +51 -0
data/lib/contrast/core_extensions/assess/array.rb +58 -0
data/lib/contrast/core_extensions/assess/assess_extension.rb +145 -0
data/lib/contrast/core_extensions/assess/basic_object.rb +15 -0
data/lib/contrast/core_extensions/assess/erb.rb +42 -0
data/lib/contrast/core_extensions/assess/exec_trigger.rb +48 -0
data/lib/contrast/core_extensions/assess/fiber.rb +125 -0
data/lib/contrast/core_extensions/assess/hash.rb +22 -0
data/lib/contrast/core_extensions/assess/kernel.rb +95 -0
data/lib/contrast/core_extensions/assess/module.rb +14 -0
data/lib/contrast/core_extensions/assess/regexp.rb +206 -0
data/lib/contrast/core_extensions/assess/string.rb +75 -0
data/lib/contrast/core_extensions/assess/tilt_template_trigger.rb +73 -0
data/lib/contrast/core_extensions/delegator.rb +14 -0
data/lib/contrast/core_extensions/eval_trigger.rb +52 -0
data/lib/contrast/core_extensions/inventory.rb +22 -0
data/lib/contrast/core_extensions/inventory/datastores.rb +37 -0
data/lib/contrast/core_extensions/module.rb +42 -0
data/lib/contrast/core_extensions/object.rb +27 -0
data/lib/contrast/core_extensions/protect.rb +20 -0
data/lib/contrast/core_extensions/protect/applies_command_injection_rule.rb +70 -0
data/lib/contrast/core_extensions/protect/applies_deserialization_rule.rb +58 -0
data/lib/contrast/core_extensions/protect/applies_no_sqli_rule.rb +81 -0
data/lib/contrast/core_extensions/protect/applies_path_traversal_rule.rb +119 -0
data/lib/contrast/core_extensions/protect/applies_sqli_rule.rb +63 -0
data/lib/contrast/core_extensions/protect/applies_xxe_rule.rb +141 -0
data/lib/contrast/core_extensions/protect/kernel.rb +30 -0
data/lib/contrast/core_extensions/protect/psych.rb +7 -0
data/lib/contrast/core_extensions/thread.rb +31 -0
data/lib/contrast/internal_exception.rb +8 -0
data/lib/contrast/rails_extensions/assess/action_controller_inheritance.rb +48 -0
data/lib/contrast/rails_extensions/assess/active_record.rb +32 -0
data/lib/contrast/rails_extensions/assess/active_record_named.rb +61 -0
data/lib/contrast/rails_extensions/assess/configuration.rb +26 -0
data/lib/contrast/rails_extensions/buffer.rb +30 -0
data/lib/contrast/rails_extensions/rack.rb +45 -0
data/lib/contrast/security_exception.rb +14 -0
data/lib/contrast/sinatra_extensions/assess/cookie.rb +26 -0
data/lib/contrast/sinatra_extensions/inventory/sinatra_base.rb +59 -0
data/lib/contrast/tasks/service.rb +95 -0
data/lib/contrast/utils/assess/sampling_util.rb +96 -0
data/lib/contrast/utils/assess/tracking_util.rb +39 -0
data/lib/contrast/utils/boolean_util.rb +33 -0
data/lib/contrast/utils/cache.rb +69 -0
data/lib/contrast/utils/class_util.rb +58 -0
data/lib/contrast/utils/comment_range.rb +19 -0
data/lib/contrast/utils/data_store_util.rb +23 -0
data/lib/contrast/utils/duck_utils.rb +58 -0
data/lib/contrast/utils/env_configuration_item.rb +52 -0
data/lib/contrast/utils/environment_util.rb +152 -0
data/lib/contrast/utils/freeze_util.rb +36 -0
data/lib/contrast/utils/gemfile_reader.rb +191 -0
data/lib/contrast/utils/hash_digest.rb +148 -0
data/lib/contrast/utils/heap_dump_util.rb +113 -0
data/lib/contrast/utils/invalid_configuration_util.rb +88 -0
data/lib/contrast/utils/inventory_util.rb +126 -0
data/lib/contrast/utils/io_util.rb +61 -0
data/lib/contrast/utils/object_share.rb +117 -0
data/lib/contrast/utils/operating_environment.rb +38 -0
data/lib/contrast/utils/os.rb +49 -0
data/lib/contrast/utils/path_util.rb +151 -0
data/lib/contrast/utils/performs_logging.rb +152 -0
data/lib/contrast/utils/preflight_util.rb +13 -0
data/lib/contrast/utils/prevent_serialization.rb +52 -0
data/lib/contrast/utils/rack_assess_session_cookie.rb +104 -0
data/lib/contrast/utils/rails_assess_configuration.rb +95 -0
data/lib/contrast/utils/random_util.rb +22 -0
data/lib/contrast/utils/resource_loader.rb +23 -0
data/lib/contrast/utils/ruby_ast_rewriter.rb +74 -0
data/lib/contrast/utils/scope_util.rb +99 -0
data/lib/contrast/utils/service_response_util.rb +116 -0
data/lib/contrast/utils/service_sender_util.rb +98 -0
data/lib/contrast/utils/sha256_builder.rb +69 -0
data/lib/contrast/utils/sinatra_helper.rb +49 -0
data/lib/contrast/utils/stack_trace_utils.rb +209 -0
data/lib/contrast/utils/string_utils.rb +72 -0
data/lib/contrast/utils/tag_util.rb +139 -0
data/lib/contrast/utils/thread_tracker.rb +54 -0
data/lib/contrast/utils/timer.rb +78 -0
data/resources/assess/policy.json +1673 -0
data/resources/csrf/inject.js +44 -0
data/resources/deadzone/policy.json +55 -0
data/resources/factory-bot-spec/spec_helper.rb +30 -0
data/resources/inventory/policy.json +110 -0
data/resources/protect/policy.json +417 -0
data/resources/rubocops/kernel/catch_cop.rb +37 -0
data/resources/rubocops/kernel/require_cop.rb +37 -0
data/resources/rubocops/kernel/require_relative_cop.rb +33 -0
data/resources/rubocops/module/autoload_cop.rb +37 -0
data/resources/rubocops/module/const_defined_cop.rb +37 -0
data/resources/rubocops/module/const_get_cop.rb +37 -0
data/resources/rubocops/module/const_set_cop.rb +37 -0
data/resources/rubocops/module/constants_cop.rb +37 -0
data/resources/rubocops/module/name_cop.rb +37 -0
data/resources/rubocops/object/class_cop.rb +37 -0
data/resources/rubocops/object/freeze_cop.rb +37 -0
data/resources/rubocops/object/frozen_cop.rb +37 -0
data/resources/rubocops/object/is_a_cop.rb +37 -0
data/resources/rubocops/object/method_cop.rb +37 -0
data/resources/rubocops/object/respond_to_cop.rb +37 -0
data/resources/rubocops/object/singleton_class_cop.rb +37 -0
data/resources/rubocops/regexp/spelling_cop.rb +44 -0
data/resources/rubocops/thread/new_cop.rb +39 -0
data/resources/ruby-spec/ancestors_spec.rb +70 -0
data/resources/ruby-spec/modulo_spec.rb +831 -0
data/resources/ruby-spec/parameters_spec.rb +261 -0
data/resources/ruby-spec/ruby_spec_spec_helper.rb +35 -0
data/resources/test_marker.txt +1 -0
data/ruby-agent.gemspec +129 -0
data/service_executables/.gitkeep +0 -0
data/service_executables/VERSION +1 -0
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +945 -0

data/lib/contrast/agent/railtie.rb ADDED

@@ -0,0 +1,30 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/utils/operating_environment'
+module Contrast
+  module Agent
+    # A Railtie to allow for the automatic hooking of the Agent into a Rails
+    # application.
+    class Railtie < Rails::Railtie
+      initializer 'Contrast Ruby Agent Initializer' do |app|
+        if defined?(Rails) && defined?(Rails.logger)
+          Rails.logger.debug('In railtie ::')
+          Rails.logger.debug(app.middleware.inspect)
+        end
+        if Contrast::Utils::OperatingEnvironment.unsupported?
+          Rails.logger.debug('Detected a non-webserver context, skipping Contrast middleware insertion.')
+        else
+          # Keep our middleware at the outermost layer of the onion
+          app.middleware.insert_before 0, Contrast::Agent::Middleware
+        end
+      end
+      rake_tasks do
+        load 'contrast/tasks/service.rb'
+      end
+    end
+  end
+end

data/lib/contrast/agent/reaction_processor.rb ADDED

@@ -0,0 +1,47 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/agent/disable_reaction'
+cs__scoped_require 'contrast/components/interface'
+module Contrast
+  module Agent
+    # Because communication between the Agent/Service and TeamServer can only
+    # be initiated by outbound connections from the Agent/Service, we must
+    # provide a mechanism for the TeamServer to direct the Agent to take a
+    # specific action. This action is referred to as a Reaction. This class is
+    # how we handle those Reaction messages.
+    class ReactionProcessor
+      include Contrast::Components::Interface
+      access_component :logging
+      # Process the given Reactions from the application settings based on what
+      # TeamServer has indicated. Each Reaction will result in a log message
+      # and, optionally, an action.
+      #
+      # @param application_settings [Contrast::Api::Settings::ApplicationSettings]
+      #   those settings which the Service has relayed from TeamServer.
+      def self.process application_settings
+        return nil unless application_settings&.reactions&.any?
+        application_settings.reactions.each do |reaction|
+          logger.debug(nil, "Received the following reaction: #{ reaction.operation }")
+          # the enums are all uppercase, we need to downcase them before attempting to log
+          level = reaction.log_level.nil? ? :error : reaction.log_level.downcase
+          logger.with_level(nil, reaction.message, level) if reaction.message
+          case reaction.operation
+          when :DISABLE
+            Contrast::Agent::DisableReaction.run reaction, level
+          when :NOOP # rubocop:disable Lint/EmptyWhen
+            # NOOP
+          else
+            logger.warn(nil, "ReactionProcessor received a reaction with an unknown operation: #{ reaction.operation }")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/request.rb ADDED

@@ -0,0 +1,493 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'resolv'
+cs__scoped_require 'timeout'
+cs__scoped_require 'contrast/utils/object_share'
+cs__scoped_require 'contrast/utils/string_utils'
+cs__scoped_require 'contrast/utils/comment_range'
+cs__scoped_require 'contrast/utils/hash_digest'
+cs__scoped_require 'contrast/components/interface'
+module Contrast
+  module Agent
+    # This class is the Contrast representation of the Rack::Request object. It
+    # provides access to the original Rack::Request object as well as extracts
+    # data in a format that the Agent expects, caching those transformations in
+    # order to avoid repeatedly creating Strings & thrashing GC.
+    class Request
+      include Contrast::Components::Interface
+      access_component :logging, :scope
+      extend Forwardable
+      INNER_REST_TOKEN = %r{/[\d]+/}.cs__freeze
+      LAST_REST_TOKEN = %r{/[\d]+$}.cs__freeze
+      INNER_NUMBER_MARKER = '/{n}/'
+      LAST_NUMBER_MARKER = '/{n}'
+      OMITTED_BODY = '{{body-omitted-by-contrast}}'
+      attr_reader :rack_request
+      def_delegators :@rack_request,
+                     :env,
+                     :query_string,
+                     :user_agent,
+                     :path,
+                     :base_url
+      # receiver is memoized because it is the address/host/port of the server, once we
+      # resolve this for the first time, it shouldn't change
+      def self.receiver
+        @_receiver ||= build_receiver
+      end
+      def initialize rack_request
+        @rack_request = rack_request
+      end
+      ACCEPT = 'ACCEPT'
+      def accept_headers
+        accepts = Array(normalized_request_headers[ACCEPT])
+        accepts.any? ? accepts : nil
+      end
+      STATIC_SUFFIXES = /\.(?:js|css|jpeg|jpg|gif|png|ico|woff|svg|pdf|eot|ttf|jar)$/i.cs__freeze
+      WILDCARD = '*/*'
+      # Utility method for checking if a request is for a static resource.
+      # @return [Boolean] true, if the request is for a well-known static
+      #  type, like the following, and false otherwise: .js, .css, .jpg,
+      # .gif, .png, .ico
+      def static_request?
+        return true if trimmed_uri&.match?(STATIC_SUFFIXES)
+        accepts = accept_headers
+        if accepts
+          return false if accepts[0].to_s.start_with?(WILDCARD)
+          return true if media_content_type?(accepts[0])
+        end
+        false
+      end
+      MEDIA_TYPE_MARKERS = %w[image/ text/css text/javascript].cs__freeze
+      def media_content_type? str
+        str = str.to_s
+        str.start_with?(*MEDIA_TYPE_MARKERS)
+      end
+      def trimmed_uri
+        @_trimmed_uri ||= begin
+          raise ArgumentError, 'url was nil when attempting to trim' unless uri
+          trimmed = uri.split(Contrast::Utils::ObjectShare::SEMICOLON).first # remove ;jsessionid
+          trimmed.split(Contrast::Utils::ObjectShare::QUESTION_MARK).first # remove ?query_string=
+        end
+      end
+      # Returns a normalized form of the URI. In "normal" URIs
+      # this will return an unchanged String, but in REST-y
+      # URIs this will normalize the digit path tokens, e.g.:
+      #
+      # /accounts/5/view
+      # ...becomes:
+      # /accounts/{n}/view
+      #
+      # Should also handle the ;jsessionid.
+      def normalized_uri
+        @_normalized_uri ||= begin
+          uri = trimmed_uri
+          uri = uri.gsub(INNER_REST_TOKEN, INNER_NUMBER_MARKER) # replace interior tokens
+          uri.gsub(LAST_REST_TOKEN, LAST_NUMBER_MARKER) # replace last token
+        end
+      end
+      UNKNOWN_REQUEST_METHOD = 'UNKNOWN'
+      def request_method
+        rack_request.get_header(Rack::REQUEST_METHOD)
+      rescue StandardError => e
+        logger.warn("Unable to extract request method: #{ e }")
+        UNKNOWN_REQUEST_METHOD
+      end
+      def document_type_from_header
+        case content_type
+        when /xml/i
+          :XML
+        when /json/i
+          :JSON
+        when /html/i
+          :NORMAL
+        end
+      end
+      def document_type
+        @_document_type ||= begin
+          type = document_type_from_header
+          if type
+            type
+          elsif request_body_str.start_with?('<?xml')
+            :XML
+          elsif request_body_str.match?(/\s*[{\[]/)
+            :JSON
+          else
+            :NORMAL
+          end
+        end
+      end
+      def request_headers
+        @_request_headers ||= begin
+          with_contrast_scope do
+            headers = header_pairs(env).each_with_object({}) do |pair, h|
+              h[pair[0]] = pair[1]
+            end
+            headers
+          end
+        end
+      end
+      # Header keys upcased and any underscores replaced with dashes
+      def normalized_request_headers
+        @_normalized_request_headers ||= begin
+          hash = {}
+          request_headers.each_pair do |header_name, header_value|
+            hash[Contrast::Utils::StringUtils.normalized_key(header_name)] = header_value
+          end
+          hash
+        end
+      end
+      def header_value key
+        normalized_request_headers[Contrast::Utils::StringUtils.normalized_key(key)]
+      end
+      # Return a flattened hash of params with realized paths for keys, in
+      # addition to a separate, valueless, entry for each nest key.
+      # See RUBY-621 for more details.
+      # { key : { nested_key : ['x','y','z' ] } }
+      # becomes
+      # {
+      #   key[nested_key][0] : 'x'
+      #   key[nested_key][1] : 'y'
+      #   key[nested_key][2] : 'z'
+      #   key :                ''
+      #   nested_key :         ''
+      # }
+      def normalize_params val, prefix: nil
+        # In non-recursive invocations, val should always be a Hash
+        # (rather than breaking this out into two methods)
+        case val
+        when Tempfile
+          { prefix => Contrast::Utils::StringUtils.force_utf8(val.path) }
+        when Hash
+          res = val.each_with_object({}) do |(k, v), hash|
+            k = Contrast::Utils::StringUtils.force_utf8(k)
+            nested_prefix = prefix.nil? ? k : "#{ prefix }[#{ k }]"
+            hash[k] = Contrast::Utils::ObjectShare::EMPTY_STRING
+            hash.merge! normalize_params(v, prefix: nested_prefix)
+          end
+          res[prefix] = Contrast::Utils::ObjectShare::EMPTY_STRING if prefix
+          res
+        when Enumerable
+          res = val.each_with_index.each_with_object({}) do |(v, i), hash|
+            hash.merge! normalize_params(v, prefix: "#{ prefix }[#{ i }]")
+          end
+          res[prefix] = Contrast::Utils::ObjectShare::EMPTY_STRING if prefix
+          res
+        else
+          { prefix => Contrast::Utils::StringUtils.force_utf8(val) }
+        end
+      end
+      def request_body
+        # Memoize a flag indicating whether we've tried to read the body or not
+        # (can't use body because it might be nil)
+        @_request_body_read ||= begin
+          body = @rack_request.body
+          if defined?(Rack::Multipart)
+            if defined?(Rack::Multipart::UploadedFile) && body.is_a?(Rack::Multipart::UploadedFile)
+              logger.debug("not parsing uploaded file body :: #{ body.original_filename }::#{ body.content_type }")
+              @_request_body = nil
+            else
+              logger.debug("parsing body from request :: #{ body.cs__class.cs__name }")
+              @_request_body = Contrast::Utils::StringUtils.force_utf8(read_body(body), logger)
+            end
+          else
+            logger.debug('Rack before 1.3.x does not support Rack::Multipart')
+            @_request_body = Contrast::Utils::StringUtils.force_utf8(read_body(body), logger)
+          end
+          true
+        end
+        # Return memoized body (which might be nil)
+        @_request_body
+      end
+      def request_body_str
+        request_body.to_s || Contrast::Utils::ObjectShare::EMPTY_STRING
+      end
+      # This will become to_protobuf
+      # Expectation is that all data from a previous phase will be populated
+      # before the subsequent one begins
+      def dtm
+        @_dtm ||= begin
+          with_contrast_scope do
+            http_request = Contrast::Api::Dtm::HttpRequest.new
+            http_request.uuid = Contrast::Utils::StringUtils.force_utf8(__id__)
+            http_request.timestamp_ms = Contrast::Utils::Timer.now_ms.to_i
+            append_receiver(http_request)
+            append_connection(http_request)
+            append_params(http_request)
+            append_headers(http_request)
+            append_body(http_request)
+            http_request
+          end
+        end
+      end
+      def append_receiver http_request
+        r = cs__class.receiver
+        r.port = port.to_i if port
+        http_request.receiver = r unless r.nil?
+      end
+      def append_connection http_request
+        http_request.sender = Contrast::Api::Dtm::Address.new
+        http_request.sender.ip = Contrast::Utils::StringUtils.force_utf8(ip)
+        http_request.protocol = Contrast::Utils::StringUtils.force_utf8(scheme)
+        http_request.version = '1.1' # currently not in rack request; hard-coding
+        http_request.method = Contrast::Utils::StringUtils.force_utf8(request_method)
+        http_request.raw = Contrast::Utils::StringUtils.force_utf8(@rack_request.path_info)
+        http_request.parsed_connection = true
+        http_request.uri = Contrast::Utils::StringUtils.force_utf8(path)
+        http_request.normalized_uri = Contrast::Utils::StringUtils.force_utf8(normalized_uri)
+        http_context = if http_request.uri == Contrast::Utils::ObjectShare::SLASH
+                         Contrast::Utils::ObjectShare::SLASH
+                       else
+                         http_request.uri.split(Contrast::Utils::ObjectShare::SLASH).first
+                       end
+        http_request.context = Contrast::Utils::StringUtils.force_utf8(http_context)
+        http_request.path = Contrast::Utils::StringUtils.force_utf8(http_request.uri)
+        http_request.query_string = Contrast::Utils::StringUtils.force_utf8(query_string)
+      end
+      def append_params http_request
+        parameters.each do |k, v|
+          next unless k && v
+          next if v.is_a?(Hash)
+          key = Contrast::Utils::StringUtils.force_utf8(k)
+          val = Contrast::Utils::StringUtils.force_utf8(v)
+          params = http_request.normalized_request_params
+          params[key] = Contrast::Api::Dtm::Pair.new unless params[key].is_a?(Contrast::Api::Dtm::Pair)
+          params[key].key = key
+          params[key].values << val
+        end
+      end
+      def append_headers http_request
+        request_headers.each do |k, v|
+          next unless k && v
+          next if v.is_a?(Hash)
+          key = Contrast::Utils::StringUtils.force_utf8(k)
+          val = Contrast::Utils::StringUtils.force_utf8(v)
+          http_request.request_headers[key] = val
+        end
+        http_request.parsed_request_headers = true
+        normalized_request_headers.each do |k, v|
+          next unless k && v
+          next if v.is_a?(Hash)
+          key = Contrast::Utils::StringUtils.force_utf8(k)
+          val = Contrast::Utils::StringUtils.force_utf8(v)
+          http_request.normalized_request_headers[key] ||= Contrast::Api::Dtm::Pair.new
+          http_request.normalized_request_headers[key].key = key
+          http_request.normalized_request_headers[key].values << val
+        end
+        request_cookies.each do |k, v|
+          next unless k && v
+          next if v.is_a?(Hash)
+          key = Contrast::Utils::StringUtils.force_utf8(k)
+          val = Contrast::Utils::StringUtils.force_utf8(v)
+          http_request.normalized_cookies[key] ||= Contrast::Api::Dtm::Pair.new
+          http_request.normalized_cookies[key].key = key
+          http_request.normalized_cookies[key].values << val
+        end
+      end
+      def append_body http_request
+        http_request.document_type = Contrast::Utils::StringUtils.force_utf8(document_type)
+        http_request.request_body = if omit_body?
+                                      OMITTED_BODY
+                                    else
+                                      Contrast::Utils::StringUtils.force_utf8(request_body)
+                                    end
+        return if file_names.empty?
+        file_names.each do |name, filename|
+          pair = Contrast::Api::Dtm::SimplePair.new
+          pair.key = Contrast::Utils::StringUtils.force_utf8(name)
+          pair.value = Contrast::Utils::StringUtils.force_utf8(filename)
+          http_request.multipart_headers << pair
+        end
+      end
+      def omit_body?
+        return true if Contrast::Agent::FeatureState.instance.omit_body?
+        return false if document_type == :XML
+        return false if document_type == :JSON
+        content_type&.include?('multipart/form-data')
+      end
+      def self.build_receiver
+        address = Contrast::Api::Dtm::Address.new
+        address.host = 'localhost'
+        address.ip = '127.0.0.1'
+        begin
+          Timeout.timeout(1) do
+            address.host = Contrast::Utils::StringUtils.force_utf8(Socket.gethostname)
+            address.ip = Contrast::Utils::StringUtils.force_utf8(Resolv.getaddress(address.host))
+          end
+        rescue Timeout::Error
+          logger.warn(nil, "Timeout resolving host or ip in #{ address }")
+        rescue StandardError => e
+          logger.warn(e, "Error resolving address for #{ address }")
+        end
+        address
+      end
+      # Memoized Rack Request Values
+      def ip
+        @_ip ||= @rack_request.ip
+      end
+      def scheme
+        @_scheme ||= @rack_request.scheme
+      end
+      def port
+        @_port ||= @rack_request.port
+      end
+      def uri
+        @_uri ||= @rack_request.path
+      end
+      def url
+        @_url ||= @rack_request.url
+      end
+      def content_type
+        @_content_type ||= @rack_request.content_type
+      end
+      def path
+        @_path ||= @rack_request.path
+      end
+      def request_cookies
+        @_request_cookies ||= @rack_request.cookies
+      end
+      def parameters
+        @_parameters ||= with_contrast_scope { normalize_params(@rack_request.params) }
+      end
+      def base_url
+        @_base_url ||= @rack_request.base_url
+      end
+      # End of Rack Request memoized values
+      def file_names
+        @_file_names ||= begin
+                           names = {}
+                           parsed_data = Rack::Multipart.parse_multipart(@rack_request.env)
+                           traverse_parsed_multipart(parsed_data, names)
+                         rescue StandardError => _e
+                           logger.warn('Unable to parse multipart request!')
+                           {}
+                         end
+      end
+      def hash_id
+        @_hash_id ||= Contrast::Utils::HashDigest.generate_request_hash(self)
+      end
+      # we just need to map length to a repeatable value
+      # unlike Java, we hash with strings, so we'll use single character
+      # strings for our purposes.
+      CHARS = %w[a b c d e f g].cs__freeze
+      def normalized_length_header chr
+        chr = chr.to_s
+        tmp = CHARS[Math.log10(chr.length).to_i] if chr
+        tmp ||= CHARS[6]
+        tmp
+      end
+      private
+      HTTP_PREFIX = /^[Hh][Tt][Tt][Pp][_-]/i.cs__freeze
+      def header_pairs env
+        selected = env.select do |k, _v|
+          k.to_s.start_with?(Contrast::Utils::ObjectShare::HTTP_SCORE)
+        end
+        selected.map do |k, v|
+          name = k.to_s.sub(HTTP_PREFIX, Contrast::Utils::ObjectShare::EMPTY_STRING)
+          [name, v]
+        end
+      end
+      def read_body body
+        return body if body.is_a?(String)
+        begin
+          can_rewind = Contrast::Utils::DuckUtils.quacks_to?(body, :rewind)
+          # if we are after a middleware that failed to rewind
+          body.rewind if can_rewind
+          body.read
+        rescue StandardError => e
+          logger.error("Error in attempt to read body :: #{ e.message }")
+          logger.debug(e.backtrace.join(Contrast::Utils::ObjectShare::NEW_LINE))
+          body.to_s
+        ensure
+          # be a good citizen and rewind
+          body.rewind if can_rewind
+        end
+      end
+      def traverse_parsed_multipart multipart_data, current_names
+        return current_names unless multipart_data
+        multipart_data.each_value do |data_value|
+          next unless data_value.is_a?(Hash)
+          tempfile = data_value[:tempfile]
+          if tempfile.nil?
+            traverse_parsed_multipart(data_value, current_names)
+          else
+            name = data_value[:name].to_s
+            file_name = data_value[:filename].to_s
+            current_names[name] = file_name
+          end
+        end
+        current_names
+      end
+    end
+  end
+end