RubyGems - contrast-agent - Versions diffs - 3.8.4 - Mend

contrast-agent 3.8.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (500) hide show

checksums.yaml +7 -0
data/.clang-format +5 -0
data/.dockerignore +10 -0
data/.gitignore +58 -0
data/.gitmodules +6 -0
data/.rspec +6 -0
data/.simplecov +4 -0
data/Gemfile +7 -0
data/LICENSE.txt +12 -0
data/Rakefile +15 -0
data/exe/contrast_service +29 -0
data/ext/build_funchook.rb +48 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.c +47 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.h +10 -0
data/ext/cs__assess_active_record_named/extconf.rb +2 -0
data/ext/cs__assess_array/cs__assess_array.c +38 -0
data/ext/cs__assess_array/cs__assess_array.h +9 -0
data/ext/cs__assess_array/extconf.rb +2 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +50 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.h +17 -0
data/ext/cs__assess_basic_object/extconf.rb +2 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +86 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +34 -0
data/ext/cs__assess_fiber_track/extconf.rb +2 -0
data/ext/cs__assess_hash/cs__assess_hash.c +64 -0
data/ext/cs__assess_hash/cs__assess_hash.h +24 -0
data/ext/cs__assess_hash/extconf.rb +2 -0
data/ext/cs__assess_kernel/cs__assess_kernel.c +36 -0
data/ext/cs__assess_kernel/cs__assess_kernel.h +10 -0
data/ext/cs__assess_kernel/extconf.rb +2 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +47 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +18 -0
data/ext/cs__assess_marshal_module/extconf.rb +2 -0
data/ext/cs__assess_module/cs__assess_module.c +78 -0
data/ext/cs__assess_module/cs__assess_module.h +25 -0
data/ext/cs__assess_module/extconf.rb +2 -0
data/ext/cs__assess_regexp/cs__assess_regexp.c +48 -0
data/ext/cs__assess_regexp/cs__assess_regexp.h +22 -0
data/ext/cs__assess_regexp/extconf.rb +2 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +63 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +29 -0
data/ext/cs__assess_regexp_track/extconf.rb +2 -0
data/ext/cs__assess_string/cs__assess_string.c +38 -0
data/ext/cs__assess_string/cs__assess_string.h +19 -0
data/ext/cs__assess_string/extconf.rb +2 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +31 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +13 -0
data/ext/cs__assess_string_interpolation26/extconf.rb +2 -0
data/ext/cs__common/cs__common.c +60 -0
data/ext/cs__common/cs__common.h +28 -0
data/ext/cs__common/extconf.rb +20 -0
data/ext/cs__contrast_patch/cs__contrast_patch.c +445 -0
data/ext/cs__contrast_patch/cs__contrast_patch.h +196 -0
data/ext/cs__contrast_patch/extconf.rb +2 -0
data/ext/cs__protect_kernel/cs__protect_kernel.c +37 -0
data/ext/cs__protect_kernel/cs__protect_kernel.h +11 -0
data/ext/cs__protect_kernel/extconf.rb +2 -0
data/ext/cs__scope/cs__scope.c +96 -0
data/ext/cs__scope/cs__scope.h +33 -0
data/ext/cs__scope/extconf.rb +2 -0
data/ext/extconf_common.rb +49 -0
data/funchook/LICENSE +360 -0
data/funchook/Makefile +29 -0
data/funchook/Makefile.in +29 -0
data/funchook/README.md +121 -0
data/funchook/appveyor.yml +42 -0
data/funchook/autogen.sh +3 -0
data/funchook/autom4te.cache/output.0 +4976 -0
data/funchook/autom4te.cache/requests +78 -0
data/funchook/autom4te.cache/traces.0 +364 -0
data/funchook/config.guess +1530 -0
data/funchook/config.log +490 -0
data/funchook/config.status +1016 -0
data/funchook/config.sub +1773 -0
data/funchook/configure +4976 -0
data/funchook/configure.ac +59 -0
data/funchook/distorm/COPYING +26 -0
data/funchook/distorm/MANIFEST +25 -0
data/funchook/distorm/MANIFEST.in +4 -0
data/funchook/distorm/README.md +12 -0
data/funchook/distorm/disOps/disOps.py +795 -0
data/funchook/distorm/disOps/x86db.py +404 -0
data/funchook/distorm/disOps/x86header.py +247 -0
data/funchook/distorm/disOps/x86sets.py +1664 -0
data/funchook/distorm/examples/cs/TestdiStorm/Program.cs +79 -0
data/funchook/distorm/examples/cs/TestdiStorm/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/TestdiStorm/TestdiStorm.csproj +69 -0
data/funchook/distorm/examples/cs/distorm-net.sln +26 -0
data/funchook/distorm/examples/cs/distorm-net/CodeInfo.cs +23 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedInst.cs +15 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedInst.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.cs +1268 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.tt +37 -0
data/funchook/distorm/examples/cs/distorm-net/Operand.cs +25 -0
data/funchook/distorm/examples/cs/distorm-net/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/diStorm3.cs +411 -0
data/funchook/distorm/examples/cs/distorm-net/distorm-net.csproj +80 -0
data/funchook/distorm/examples/cs/readme +3 -0
data/funchook/distorm/examples/ddk/README +48 -0
data/funchook/distorm/examples/ddk/distorm.ini +11 -0
data/funchook/distorm/examples/ddk/dummy.c +15 -0
data/funchook/distorm/examples/ddk/main.c +91 -0
data/funchook/distorm/examples/ddk/makefile +1 -0
data/funchook/distorm/examples/ddk/sources +10 -0
data/funchook/distorm/examples/java/Makefile +23 -0
data/funchook/distorm/examples/java/distorm/src/Main.java +43 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/CodeInfo.java +27 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedInst.java +32 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedInst.java +89 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/OpcodeEnum.java +131 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Opcodes.java +1123 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Operand.java +24 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/distorm3.java +41 -0
data/funchook/distorm/examples/java/jdistorm.c +405 -0
data/funchook/distorm/examples/java/jdistorm.h +40 -0
data/funchook/distorm/examples/java/jdistorm.sln +20 -0
data/funchook/distorm/examples/java/jdistorm.vcproj +208 -0
data/funchook/distorm/examples/linux/Makefile +15 -0
data/funchook/distorm/examples/linux/main.c +181 -0
data/funchook/distorm/examples/tests/Makefile +15 -0
data/funchook/distorm/examples/tests/main.cpp +42 -0
data/funchook/distorm/examples/tests/main.py +66 -0
data/funchook/distorm/examples/tests/test_distorm3.py +1672 -0
data/funchook/distorm/examples/tests/tests.sln +20 -0
data/funchook/distorm/examples/tests/tests.vcxproj +82 -0
data/funchook/distorm/examples/tests/tests.vcxproj.filters +22 -0
data/funchook/distorm/examples/win32/disasm.sln +25 -0
data/funchook/distorm/examples/win32/disasm.vcxproj +201 -0
data/funchook/distorm/examples/win32/disasm.vcxproj.filters +14 -0
data/funchook/distorm/examples/win32/main.cpp +163 -0
data/funchook/distorm/include/distorm.h +482 -0
data/funchook/distorm/include/mnemonics.h +301 -0
data/funchook/distorm/make/linux/Makefile +28 -0
data/funchook/distorm/make/mac/Makefile +24 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj +239 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj.filters +80 -0
data/funchook/distorm/make/win32/distorm.sln +25 -0
data/funchook/distorm/make/win32/resource.h +14 -0
data/funchook/distorm/make/win32/resource.rc +99 -0
data/funchook/distorm/python/distorm3/__init__.py +957 -0
data/funchook/distorm/python/distorm3/sample.py +51 -0
data/funchook/distorm/setup.cfg +10 -0
data/funchook/distorm/setup.py +266 -0
data/funchook/distorm/src/config.h +169 -0
data/funchook/distorm/src/decoder.c +641 -0
data/funchook/distorm/src/decoder.h +33 -0
data/funchook/distorm/src/distorm.c +413 -0
data/funchook/distorm/src/instructions.c +597 -0
data/funchook/distorm/src/instructions.h +463 -0
data/funchook/distorm/src/insts.c +7939 -0
data/funchook/distorm/src/insts.h +64 -0
data/funchook/distorm/src/mnemonics.c +284 -0
data/funchook/distorm/src/operands.c +1290 -0
data/funchook/distorm/src/operands.h +28 -0
data/funchook/distorm/src/prefix.c +368 -0
data/funchook/distorm/src/prefix.h +64 -0
data/funchook/distorm/src/textdefs.c +172 -0
data/funchook/distorm/src/textdefs.h +57 -0
data/funchook/distorm/src/wstring.c +47 -0
data/funchook/distorm/src/wstring.h +35 -0
data/funchook/distorm/src/x86defs.h +82 -0
data/funchook/include/funchook.h +123 -0
data/funchook/install-sh +527 -0
data/funchook/src/Makefile +70 -0
data/funchook/src/Makefile.in +70 -0
data/funchook/src/__strerror.h +109 -0
data/funchook/src/config.h +101 -0
data/funchook/src/config.h.in +100 -0
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.c +440 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_internal.h +155 -0
data/funchook/src/funchook_io.c +182 -0
data/funchook/src/funchook_io.h +64 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.S +134 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.c +480 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_windows.c +397 -0
data/funchook/src/funchook_x86.c +622 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.so +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.c +115 -0
data/funchook/src/os_func.h +75 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.c +94 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/os_func_windows.c +32 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.c +1688 -0
data/funchook/src/printf_base.h +46 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +43 -0
data/funchook/test/Makefile.in +43 -0
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.c +25 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/libfunchook_test2.c +18 -0
data/funchook/test/suffix.list +600 -0
data/funchook/test/test_main.c +430 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.S +10 -0
data/funchook/test/x86_64_test.o +0 -0
data/funchook/test/x86_test.S +339 -0
data/funchook/win32/config.h +1 -0
data/funchook/win32/funchook.sln +52 -0
data/funchook/win32/funchook.vcxproj +188 -0
data/funchook/win32/funchook.vcxproj.filters +84 -0
data/funchook/win32/funchook_test.vcxproj +170 -0
data/funchook/win32/funchook_test.vcxproj.filters +22 -0
data/funchook/win32/funchook_test_dll.vcxproj +184 -0
data/funchook/win32/funchook_test_dll.vcxproj.filters +30 -0
data/funchook/win32/funchook_test_exe.def +3 -0
data/lib/contrast-agent.rb +8 -0
data/lib/contrast.rb +57 -0
data/lib/contrast/agent.rb +80 -0
data/lib/contrast/agent/assess.rb +45 -0
data/lib/contrast/agent/assess/adjusted_span.rb +25 -0
data/lib/contrast/agent/assess/class_reverter.rb +82 -0
data/lib/contrast/agent/assess/contrast_event.rb +398 -0
data/lib/contrast/agent/assess/frozen_properties.rb +41 -0
data/lib/contrast/agent/assess/insulator.rb +53 -0
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +78 -0
data/lib/contrast/agent/assess/policy/patcher.rb +85 -0
data/lib/contrast/agent/assess/policy/policy.rb +116 -0
data/lib/contrast/agent/assess/policy/policy_node.rb +289 -0
data/lib/contrast/agent/assess/policy/policy_scanner.rb +44 -0
data/lib/contrast/agent/assess/policy/preshift.rb +94 -0
data/lib/contrast/agent/assess/policy/propagation_method.rb +260 -0
data/lib/contrast/agent/assess/policy/propagation_node.rb +127 -0
data/lib/contrast/agent/assess/policy/propagator.rb +35 -0
data/lib/contrast/agent/assess/policy/propagator/append.rb +54 -0
data/lib/contrast/agent/assess/policy/propagator/base.rb +37 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/custom.rb +36 -0
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +62 -0
data/lib/contrast/agent/assess/policy/propagator/insert.rb +55 -0
data/lib/contrast/agent/assess/policy/propagator/keep.rb +26 -0
data/lib/contrast/agent/assess/policy/propagator/next.rb +42 -0
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +50 -0
data/lib/contrast/agent/assess/policy/propagator/remove.rb +76 -0
data/lib/contrast/agent/assess/policy/propagator/replace.rb +27 -0
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +38 -0
data/lib/contrast/agent/assess/policy/propagator/select.rb +86 -0
data/lib/contrast/agent/assess/policy/propagator/splat.rb +60 -0
data/lib/contrast/agent/assess/policy/propagator/split.rb +49 -0
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +169 -0
data/lib/contrast/agent/assess/policy/propagator/trim.rb +81 -0
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +79 -0
data/lib/contrast/agent/assess/policy/source_method.rb +209 -0
data/lib/contrast/agent/assess/policy/source_node.rb +62 -0
data/lib/contrast/agent/assess/policy/trigger_method.rb +209 -0
data/lib/contrast/agent/assess/policy/trigger_node.rb +198 -0
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +77 -0
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +31 -0
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +40 -0
data/lib/contrast/agent/assess/properties.rb +392 -0
data/lib/contrast/agent/assess/rule.rb +18 -0
data/lib/contrast/agent/assess/rule/base.rb +72 -0
data/lib/contrast/agent/assess/rule/csrf.rb +66 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +28 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +69 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +132 -0
data/lib/contrast/agent/assess/rule/provider.rb +21 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +62 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +73 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +121 -0
data/lib/contrast/agent/assess/rule/redos.rb +68 -0
data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +47 -0
data/lib/contrast/agent/assess/rule/response_watcher.rb +36 -0
data/lib/contrast/agent/assess/rule/watcher.rb +36 -0
data/lib/contrast/agent/assess/tag.rb +151 -0
data/lib/contrast/agent/at_exit_hook.rb +33 -0
data/lib/contrast/agent/class_reopener.rb +195 -0
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +26 -0
data/lib/contrast/agent/deadzone/policy/policy.rb +57 -0
data/lib/contrast/agent/disable_reaction.rb +24 -0
data/lib/contrast/agent/exclusion_matcher.rb +190 -0
data/lib/contrast/agent/feature_state.rb +379 -0
data/lib/contrast/agent/inventory/policy/policy.rb +32 -0
data/lib/contrast/agent/inventory/policy/trigger_node.rb +22 -0
data/lib/contrast/agent/logger_manager.rb +116 -0
data/lib/contrast/agent/middleware.rb +352 -0
data/lib/contrast/agent/module_data.rb +16 -0
data/lib/contrast/agent/patching/policy/after_load_patch.rb +37 -0
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +58 -0
data/lib/contrast/agent/patching/policy/method_policy.rb +94 -0
data/lib/contrast/agent/patching/policy/module_policy.rb +116 -0
data/lib/contrast/agent/patching/policy/patch.rb +312 -0
data/lib/contrast/agent/patching/policy/patch_status.rb +192 -0
data/lib/contrast/agent/patching/policy/patcher.rb +310 -0
data/lib/contrast/agent/patching/policy/policy.rb +138 -0
data/lib/contrast/agent/patching/policy/policy_node.rb +80 -0
data/lib/contrast/agent/patching/policy/policy_unpatcher.rb +28 -0
data/lib/contrast/agent/patching/policy/trigger_node.rb +81 -0
data/lib/contrast/agent/protect/policy/policy.rb +37 -0
data/lib/contrast/agent/protect/policy/trigger_node.rb +23 -0
data/lib/contrast/agent/protect/rule.rb +58 -0
data/lib/contrast/agent/protect/rule/base.rb +300 -0
data/lib/contrast/agent/protect/rule/base_service.rb +88 -0
data/lib/contrast/agent/protect/rule/cmd_injection.rb +156 -0
data/lib/contrast/agent/protect/rule/csrf.rb +118 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +103 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +85 -0
data/lib/contrast/agent/protect/rule/default_scanner.rb +300 -0
data/lib/contrast/agent/protect/rule/deserialization.rb +193 -0
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +80 -0
data/lib/contrast/agent/protect/rule/no_sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +40 -0
data/lib/contrast/agent/protect/rule/path_traversal.rb +143 -0
data/lib/contrast/agent/protect/rule/sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +16 -0
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +38 -0
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +22 -0
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +19 -0
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +20 -0
data/lib/contrast/agent/protect/rule/xss.rb +24 -0
data/lib/contrast/agent/protect/rule/xxe.rb +120 -0
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +82 -0
data/lib/contrast/agent/railtie.rb +30 -0
data/lib/contrast/agent/reaction_processor.rb +47 -0
data/lib/contrast/agent/request.rb +493 -0
data/lib/contrast/agent/request_context.rb +225 -0
data/lib/contrast/agent/require_state.rb +61 -0
data/lib/contrast/agent/response.rb +215 -0
data/lib/contrast/agent/rewriter.rb +244 -0
data/lib/contrast/agent/scope.rb +28 -0
data/lib/contrast/agent/service_heartbeat.rb +37 -0
data/lib/contrast/agent/settings_state.rb +148 -0
data/lib/contrast/agent/socket_client.rb +125 -0
data/lib/contrast/agent/thread.rb +26 -0
data/lib/contrast/agent/tracepoint_hook.rb +51 -0
data/lib/contrast/agent/version.rb +8 -0
data/lib/contrast/api.rb +17 -0
data/lib/contrast/api/.gitkeep +0 -0
data/lib/contrast/api/connection_status.rb +49 -0
data/lib/contrast/api/socket.rb +43 -0
data/lib/contrast/api/speedracer.rb +206 -0
data/lib/contrast/api/tcp_socket.rb +31 -0
data/lib/contrast/api/unix_socket.rb +25 -0
data/lib/contrast/common_agent_configuration.rb +86 -0
data/lib/contrast/components/agent.rb +85 -0
data/lib/contrast/components/app_context.rb +188 -0
data/lib/contrast/components/assess.rb +67 -0
data/lib/contrast/components/config.rb +135 -0
data/lib/contrast/components/contrast_service.rb +113 -0
data/lib/contrast/components/heap_dump.rb +34 -0
data/lib/contrast/components/interface.rb +178 -0
data/lib/contrast/components/inventory.rb +23 -0
data/lib/contrast/components/logger.rb +92 -0
data/lib/contrast/components/protect.rb +38 -0
data/lib/contrast/components/sampling.rb +41 -0
data/lib/contrast/components/scope.rb +106 -0
data/lib/contrast/components/settings.rb +140 -0
data/lib/contrast/config.rb +33 -0
data/lib/contrast/config/agent_configuration.rb +24 -0
data/lib/contrast/config/application_configuration.rb +27 -0
data/lib/contrast/config/assess_configuration.rb +22 -0
data/lib/contrast/config/assess_rules_configuration.rb +18 -0
data/lib/contrast/config/base_configuration.rb +105 -0
data/lib/contrast/config/default_value.rb +16 -0
data/lib/contrast/config/exception_configuration.rb +21 -0
data/lib/contrast/config/heap_dump_configuration.rb +23 -0
data/lib/contrast/config/inventory_configuration.rb +20 -0
data/lib/contrast/config/logger_configuration.rb +20 -0
data/lib/contrast/config/protect_configuration.rb +20 -0
data/lib/contrast/config/protect_rule_configuration.rb +37 -0
data/lib/contrast/config/protect_rules_configuration.rb +30 -0
data/lib/contrast/config/root_configuration.rb +26 -0
data/lib/contrast/config/ruby_configuration.rb +39 -0
data/lib/contrast/config/sampling_configuration.rb +22 -0
data/lib/contrast/config/server_configuration.rb +23 -0
data/lib/contrast/config/service_configuration.rb +22 -0
data/lib/contrast/configuration.rb +214 -0
data/lib/contrast/core_extensions/assess.rb +51 -0
data/lib/contrast/core_extensions/assess/array.rb +58 -0
data/lib/contrast/core_extensions/assess/assess_extension.rb +145 -0
data/lib/contrast/core_extensions/assess/basic_object.rb +15 -0
data/lib/contrast/core_extensions/assess/erb.rb +42 -0
data/lib/contrast/core_extensions/assess/exec_trigger.rb +48 -0
data/lib/contrast/core_extensions/assess/fiber.rb +125 -0
data/lib/contrast/core_extensions/assess/hash.rb +22 -0
data/lib/contrast/core_extensions/assess/kernel.rb +95 -0
data/lib/contrast/core_extensions/assess/module.rb +14 -0
data/lib/contrast/core_extensions/assess/regexp.rb +206 -0
data/lib/contrast/core_extensions/assess/string.rb +75 -0
data/lib/contrast/core_extensions/assess/tilt_template_trigger.rb +73 -0
data/lib/contrast/core_extensions/delegator.rb +14 -0
data/lib/contrast/core_extensions/eval_trigger.rb +52 -0
data/lib/contrast/core_extensions/inventory.rb +22 -0
data/lib/contrast/core_extensions/inventory/datastores.rb +37 -0
data/lib/contrast/core_extensions/module.rb +42 -0
data/lib/contrast/core_extensions/object.rb +27 -0
data/lib/contrast/core_extensions/protect.rb +20 -0
data/lib/contrast/core_extensions/protect/applies_command_injection_rule.rb +70 -0
data/lib/contrast/core_extensions/protect/applies_deserialization_rule.rb +58 -0
data/lib/contrast/core_extensions/protect/applies_no_sqli_rule.rb +81 -0
data/lib/contrast/core_extensions/protect/applies_path_traversal_rule.rb +119 -0
data/lib/contrast/core_extensions/protect/applies_sqli_rule.rb +63 -0
data/lib/contrast/core_extensions/protect/applies_xxe_rule.rb +141 -0
data/lib/contrast/core_extensions/protect/kernel.rb +30 -0
data/lib/contrast/core_extensions/protect/psych.rb +7 -0
data/lib/contrast/core_extensions/thread.rb +31 -0
data/lib/contrast/internal_exception.rb +8 -0
data/lib/contrast/rails_extensions/assess/action_controller_inheritance.rb +48 -0
data/lib/contrast/rails_extensions/assess/active_record.rb +32 -0
data/lib/contrast/rails_extensions/assess/active_record_named.rb +61 -0
data/lib/contrast/rails_extensions/assess/configuration.rb +26 -0
data/lib/contrast/rails_extensions/buffer.rb +30 -0
data/lib/contrast/rails_extensions/rack.rb +45 -0
data/lib/contrast/security_exception.rb +14 -0
data/lib/contrast/sinatra_extensions/assess/cookie.rb +26 -0
data/lib/contrast/sinatra_extensions/inventory/sinatra_base.rb +59 -0
data/lib/contrast/tasks/service.rb +95 -0
data/lib/contrast/utils/assess/sampling_util.rb +96 -0
data/lib/contrast/utils/assess/tracking_util.rb +39 -0
data/lib/contrast/utils/boolean_util.rb +33 -0
data/lib/contrast/utils/cache.rb +69 -0
data/lib/contrast/utils/class_util.rb +58 -0
data/lib/contrast/utils/comment_range.rb +19 -0
data/lib/contrast/utils/data_store_util.rb +23 -0
data/lib/contrast/utils/duck_utils.rb +58 -0
data/lib/contrast/utils/env_configuration_item.rb +52 -0
data/lib/contrast/utils/environment_util.rb +152 -0
data/lib/contrast/utils/freeze_util.rb +36 -0
data/lib/contrast/utils/gemfile_reader.rb +191 -0
data/lib/contrast/utils/hash_digest.rb +148 -0
data/lib/contrast/utils/heap_dump_util.rb +113 -0
data/lib/contrast/utils/invalid_configuration_util.rb +88 -0
data/lib/contrast/utils/inventory_util.rb +126 -0
data/lib/contrast/utils/io_util.rb +61 -0
data/lib/contrast/utils/object_share.rb +117 -0
data/lib/contrast/utils/operating_environment.rb +38 -0
data/lib/contrast/utils/os.rb +49 -0
data/lib/contrast/utils/path_util.rb +151 -0
data/lib/contrast/utils/performs_logging.rb +152 -0
data/lib/contrast/utils/preflight_util.rb +13 -0
data/lib/contrast/utils/prevent_serialization.rb +52 -0
data/lib/contrast/utils/rack_assess_session_cookie.rb +104 -0
data/lib/contrast/utils/rails_assess_configuration.rb +95 -0
data/lib/contrast/utils/random_util.rb +22 -0
data/lib/contrast/utils/resource_loader.rb +23 -0
data/lib/contrast/utils/ruby_ast_rewriter.rb +74 -0
data/lib/contrast/utils/scope_util.rb +99 -0
data/lib/contrast/utils/service_response_util.rb +116 -0
data/lib/contrast/utils/service_sender_util.rb +98 -0
data/lib/contrast/utils/sha256_builder.rb +69 -0
data/lib/contrast/utils/sinatra_helper.rb +49 -0
data/lib/contrast/utils/stack_trace_utils.rb +209 -0
data/lib/contrast/utils/string_utils.rb +72 -0
data/lib/contrast/utils/tag_util.rb +139 -0
data/lib/contrast/utils/thread_tracker.rb +54 -0
data/lib/contrast/utils/timer.rb +78 -0
data/resources/assess/policy.json +1673 -0
data/resources/csrf/inject.js +44 -0
data/resources/deadzone/policy.json +55 -0
data/resources/factory-bot-spec/spec_helper.rb +30 -0
data/resources/inventory/policy.json +110 -0
data/resources/protect/policy.json +417 -0
data/resources/rubocops/kernel/catch_cop.rb +37 -0
data/resources/rubocops/kernel/require_cop.rb +37 -0
data/resources/rubocops/kernel/require_relative_cop.rb +33 -0
data/resources/rubocops/module/autoload_cop.rb +37 -0
data/resources/rubocops/module/const_defined_cop.rb +37 -0
data/resources/rubocops/module/const_get_cop.rb +37 -0
data/resources/rubocops/module/const_set_cop.rb +37 -0
data/resources/rubocops/module/constants_cop.rb +37 -0
data/resources/rubocops/module/name_cop.rb +37 -0
data/resources/rubocops/object/class_cop.rb +37 -0
data/resources/rubocops/object/freeze_cop.rb +37 -0
data/resources/rubocops/object/frozen_cop.rb +37 -0
data/resources/rubocops/object/is_a_cop.rb +37 -0
data/resources/rubocops/object/method_cop.rb +37 -0
data/resources/rubocops/object/respond_to_cop.rb +37 -0
data/resources/rubocops/object/singleton_class_cop.rb +37 -0
data/resources/rubocops/regexp/spelling_cop.rb +44 -0
data/resources/rubocops/thread/new_cop.rb +39 -0
data/resources/ruby-spec/ancestors_spec.rb +70 -0
data/resources/ruby-spec/modulo_spec.rb +831 -0
data/resources/ruby-spec/parameters_spec.rb +261 -0
data/resources/ruby-spec/ruby_spec_spec_helper.rb +35 -0
data/resources/test_marker.txt +1 -0
data/ruby-agent.gemspec +129 -0
data/service_executables/.gitkeep +0 -0
data/service_executables/VERSION +1 -0
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +945 -0

data/lib/contrast/utils/environment_util.rb ADDED

@@ -0,0 +1,152 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'socket'
+cs__scoped_require 'contrast/core_extensions/module'
+cs__scoped_require 'contrast/components/interface'
+cs__scoped_require 'contrast/utils/object_share'
+cs__scoped_require 'contrast/utils/string_utils'
+module Contrast
+  module Utils
+    # Gather information about the application and server environment
+    # that the agent is running in.
+    class EnvironmentUtil
+      include Contrast::Components::Interface
+      access_component :analysis
+      DEFAULT_APP_NAME = 'rack'
+      DEFAULT_SERVER_NAME = 'localhost'
+      CS_VERSION = 'VERSION'
+      # Possible names of constants that would hold version info
+      VERSION_CONSTANT_CANDIDATES = %w[
+        VERSION
+        ::VERSION
+        Version::VERSION
+        ::Version::VERSION
+        ::Application::VERSION
+      ].cs__freeze
+      # Common places where view-layer files can be found in a Rails application
+      RAILS_VIEWS = [
+        ['app/assets', '*.coffee', %w[CoffeeScript]],
+        ['app/assets', '*.scss', %w[SASS]],
+        ['app/views', '*.html', %w[HTML5]],
+        ['app/views', '*.html.erb', %w[HTML5 ERB]],
+        ['app/views', '*.html.haml', %w[HTML5 HAML]],
+        ['public', '*.html', %w[HTML5]]
+      ].cs__freeze
+      class << self
+        ######### These are helpers ####################
+        def present? str
+          !str.nil? && !str.to_s.empty?
+        end
+        ######### Actually env/framework dependent ####################
+        # See CONTRAST-16380 for more details
+        def determine_application_version
+          @_determine_application_version ||= begin
+            candidates = VERSION_CONSTANT_CANDIDATES.map do |name|
+              # If there's a constant named 'name' (VERSION, etc.), get its value.
+              begin
+                name.split('::').inject(Object) do |mod, class_name|
+                  mod.cs__const_get(class_name)
+                end
+              rescue LoadError, StandardError
+                nil
+              end
+            end
+            candidates.compact!
+            candidate = candidates.first || ENV[CS_VERSION]
+            case candidate
+            when Hash
+              candidate.values.join(Contrast::Utils::ObjectShare::PERIOD)
+            when Array
+              candidate.join(Contrast::Utils::ObjectShare::PERIOD)
+            when String
+              candidate
+            when NilClass
+              return nil
+            else
+              candidate.inspect
+            end
+          end
+        end
+        def platform
+          version = Rails.version rescue Sinatra::VERSION rescue Rack.version rescue '' # rubocop:disable Style/RescueModifier
+          major, minor, patch = *version.split(Contrast::Utils::ObjectShare::PERIOD)
+          major ||= ''
+          minor ||= ''
+          patch ||= ''
+          [major, minor, patch]
+        rescue StandardError
+          Contrast::Utils::ObjectShare::EMPTY_TRIPLE
+        end
+        # Read libraries from the gemfile and append to the given ApplicationUpdate message
+        # or other class that has a libraries map association
+        def add_library_to_app_update app_update_pb, library_tags = ''
+          libraries = Contrast::Utils::GemfileReader.instance.library_pb_list
+          libraries.each do |n|
+            n.tags = library_tags
+            app_update_pb.libraries[n.hash_code] = n
+          end
+        end
+        # Iterate through known locations, looking for files
+        # that represent view or template files. If found, for each file in the directory
+        # append the technology and the view object to the application update instance
+        def scan_views app_update_msg
+          return unless INVENTORY.enabled?
+          scan_rails_views(app_update_msg)
+          scan_sinatra_views(app_update_msg)
+        end
+        # Find all the predefined routes for this application and append them to the
+        # provided inventory message
+        # msg should be a Contrast::Api::Dtm::ApplicationUpdate or some other msg
+        # that has a routes array consisting of Contrast::Api::Dtm::RouteCoverage
+        def scan_routes msg
+          return unless INVENTORY.enabled?
+          Contrast::Utils::PathUtil.find_routes.each do |route|
+            msg.routes << route
+          end
+        end
+        private
+        def scan_view_directories app_update_msg, view_location_data
+          view_location_data.each do |path, extension, tech_names|
+            next if Dir["#{ path }/**/*#{ extension }"].empty?
+            tech_names.each do |tech|
+              app_update_msg.technologies[tech] = true
+            end
+          end
+        end
+        def scan_rails_views app_update_msg
+          scan_view_directories(app_update_msg, RAILS_VIEWS)
+        end
+        def scan_sinatra_views app_update_msg
+          sinatra_app = Contrast::Utils::SinatraHelper.app_class
+          return unless sinatra_app
+          scan_view_directories(app_update_msg, Contrast::Utils::SinatraHelper.scannable_view_dirs)
+        end
+      end
+    end
+  end
+end

data/lib/contrast/utils/freeze_util.rb ADDED

@@ -0,0 +1,36 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/core_extensions/object'
+cs__scoped_require 'contrast/utils/duck_utils'
+module Contrast
+  module Utils
+    # This utility allows us to act on frozen objects, creating an unfrozen
+    # duplicate in those cases where that is possible.
+    class FreezeUtil
+      class << self
+        # Make every attempt to duplicate the frozen object so that it can
+        # be tracked. Some things, like Nil, True, and False, respond to dup
+        # but throw a TypeError. This catches that case and returns the
+        # original. We luck out as these three cases do not get propagated to
+        #
+        # @param original [Object] something frozen, usually a String
+        # @return [Object] the original or an unfrozen copy
+        def unfreeze_dup original
+          return original unless original.cs__frozen?
+          return original unless Contrast::Utils::DuckUtils.quacks_like_duplicable?(original)
+          copy = original.dup
+          if Contrast::Utils::DuckUtils.quacks_like_tracked_hash?(copy)
+            copy.each_key do |key|
+              value = original[key]
+              copy[key] = Contrast::Utils::DuckUtils.quacks_like_duplicable?(original) ? value.dup : value
+            end
+          end
+          copy
+        end
+      end
+    end
+  end
+end

data/lib/contrast/utils/gemfile_reader.rb ADDED

@@ -0,0 +1,191 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'set'
+cs__scoped_require 'contrast/utils/sha256_builder'
+cs__scoped_require 'contrast/utils/string_utils'
+cs__scoped_require 'contrast/components/interface'
+cs__scoped_require 'contrast/api'
+module Contrast
+  module Utils
+    # GemfileReader has methods for extracting information from gem specs
+    # it also has a cache of library file digests to the lines of code found.
+    class GemfileReader
+      include Singleton
+      include Contrast::Components::Interface
+      access_component :logging
+      CONTRAST_AGENT = 'contrast-agent'
+      def initialize
+        # Map of a Gem's Spec Digest to all loaded files from that Gem
+        @spec_to_files = {}
+      end
+      # the #clone is necessary here, as a require in another thread could
+      # potentially result in adding a key to the loaded_specs hash during
+      # iteration.  (as in RUBY-330)
+      def loaded_specs
+        Gem.loaded_specs.clone
+      end
+      # indicates if there's been an update to library information, allowing us
+      # to only serialize this information on change.
+      def updated?
+        @updated
+      end
+      def updated!
+        @updated = true
+      end
+      # Once we're Contrasted, we intercept require calls to do inventory.
+      # In order to catch up, we do a one-time manual catchup, & inventory
+      # all the already-loaded gems.
+      def map_loaded_classes
+        loaded_specs.each do |name, spec|
+          # Don't count Contrast gems
+          next if contrast_gems.include? name
+          # Get a digest of the Gem file itself
+          next unless (digest = Contrast::Utils::Sha256Builder.build_from_spec(spec))
+          paths = get_by_digest(digest)
+          path = spec.full_gem_path
+          $LOADED_FEATURES.each do |line|
+            next unless line.to_s.start_with?(path)
+            # logger.debug("Recording loaded gem at '#{ line }' for inventory analysis") if logger.trace? # TODO: RUBY-547
+            updated!
+            paths << adjust_lib(line)
+          end
+        end
+      end
+      def map_class path
+        path = adjust_lib(path)
+        return unless (spec   = Gem::Specification.find_by_path(path))
+        return unless (digest = Contrast::Utils::Sha256Builder.build_from_spec(spec))
+        updated!
+        get_by_digest(digest) << path
+      end
+      def library_pb_list
+        loaded_specs.each_with_object([]) do |(name, spec), arr|
+          next if contrast_gems.include? name
+          next unless spec
+          next unless (digest = Contrast::Utils::Sha256Builder.build_from_spec(spec))
+          arr << build_library_pb(digest, spec)
+        end
+      end
+      def generate_library_usage activity = nil
+        return unless updated?
+        @spec_to_files.each_pair do |digest, files|
+          usage = Contrast::Api::Dtm::LibraryUsageUpdate.new
+          usage.hash_code = Contrast::Utils::StringUtils.force_utf8(digest)
+          activity.library_usages[usage.hash_code] = usage if activity
+          # TODO: PROD-35 once TS switches to take filenames, remove the count setter and
+          #   send the class names in usage.class_names
+          usage.count = files.size
+        end
+        # TODO: PROD-35 once TS switches to take filenames, clear this and remove the
+        #   @updated variable
+        # @spec_to_files.clear
+        @updated = false
+      end
+      private
+      # marker for the lib dir in an absolute file path. purposefully includes
+      # the trailing '/'
+      LIB = '/lib/'
+      # Kernel#load uses the absolute path, but Gems / Specs use the path after
+      # `/lib`. This method accounts for that and trims out the `/lib/` section
+      # and starts with the first `/` after and the trailing file extension, if
+      # present.
+      #
+      # @param path [String] the path to parse
+      # @return [String] the relative path of the file, after the lib directory
+      def adjust_lib path
+        idx = path.index(LIB)
+        path = path[(idx + 4)..-1] if idx
+        idx = path.rindex(Contrast::Utils::ObjectShare::PERIOD)
+        path = path[0..idx] if idx
+        path
+      end
+      def get_by_digest digest
+        @spec_to_files[digest] = Set.new unless @spec_to_files.key?(digest)
+        @spec_to_files[digest]
+      end
+      def build_library_pb digest, spec
+        lib             = Contrast::Api::Dtm::Library.new
+        lib.file_path   = Contrast::Utils::StringUtils.force_utf8(spec.name)
+        lib.hash_code   = Contrast::Utils::StringUtils.force_utf8(digest)
+        lib.version     = Contrast::Utils::StringUtils.force_utf8(spec.version)
+        lib.manifest    = Contrast::Utils::StringUtils.force_utf8(build_manifest(spec))
+        lib.external_ms = date_to_ms(spec.date)
+        lib.internal_ms = lib.external_ms
+        lib.url         = Contrast::Utils::StringUtils.force_utf8(spec.homepage)
+        update_class_counts(lib, digest, spec)
+        lib
+      end
+      def date_to_ms date
+        (date.to_f * 1000.0).to_i
+      end
+      def update_class_counts lib, digest, spec
+        # Updating the class counts
+        path = spec.full_gem_path.to_s
+        lib.class_count = all_files(path).length
+        lib.used_class_count = @spec_to_files.key?(digest) ? get_by_digest(digest).size : 0
+        lib
+      end
+      def build_manifest spec
+        Contrast::Utils::StringUtils.force_utf8(spec.to_yaml.to_s) if defined?(YAML)
+      rescue StandardError
+        nil
+      end
+      # These are all the code files that are located in the Gem directory loaded
+      # by the current environment; this includes more than Ruby files
+      def all_files path
+        Contrast::Utils::Sha256Builder.instance.files(path)
+      end
+      # Go through all dependents, given as a pair from the DependencyList: `dependency`
+      # is the dependency itself, filled with all its specs. `dependents` is the array of reverse
+      # dependencies for the aforementioned dependency. If the dependency is also in contrast_dep_set,
+      # then contrast depends on it. If its array of dependents is 1, then contrast is the
+      # only dependency in that list. Since only contrast depends on it, we should ignore it.
+      def contrast_gems
+        @_contrast_gems ||= find_contrast_gems
+      end
+      def find_contrast_gems
+        ignore = Set.new([CONTRAST_AGENT])
+        contrast_specs = Gem::DependencyList.from_specs.specs.find do |dependency|
+          dependency.name == CONTRAST_AGENT
+        end
+        contrast_dep_set = contrast_specs.dependencies.map(&:name).to_set
+        Gem::DependencyList.from_specs.spec_predecessors.each_pair do |dependency, dependents|
+          ignore.add(dependency.name) if contrast_dep_set.include?(dependency.name) && dependents.length == 1
+        end
+        ignore
+      end
+    end
+  end
+end

data/lib/contrast/utils/hash_digest.rb ADDED

@@ -0,0 +1,148 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'digest'
+module Contrast
+  module Utils
+    # We use this class to provide hashes for our Request and Finding objects
+    # based upon our definitions of uniqueness.
+    # While the uniqueness of the request object is something internal to the
+    # Ruby agent, the uniqueness of the Finding hash is defined by a
+    # specification shared across all agent teams. The spec can be found here:
+    # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/vulnerability/preflight.md
+    class HashDigest < Digest::Class
+      include Digest::Instance
+      CONTENT_LENGTH_HEADER = 'Content-Length'
+      CRYPTO_RULES = %w[
+        crypto-bad-ciphers
+        crypto-bad-mac
+      ].cs__freeze
+      CONFIG_PATH_KEY = 'path'
+      CONFIG_SESSION_ID_KEY = 'sessionId'
+      CLASS_SOURCE_KEY = 'source'
+      CLASS_CONSTANT_NAME_KEY = 'name'
+      CLASS_LINE_NO_KEY = 'lineNo'
+      class << self
+        def generate_request_hash request
+          hash = new
+          hash.update(request.request_method)
+          hash.update(request.normalized_uri)
+          request.parameters.each_key do |name|
+            hash.update(name)
+          end
+          cl = request.normalized_request_headers[CONTENT_LENGTH_HEADER]
+          hash.update(request.normalized_length_header(cl)) if cl
+          hash.finish
+        end
+        def generate_event_hash finding, source
+          return generate_dataflow_hash(finding) if finding.events.length.to_i > 1
+          id = finding.rule_id
+          return generate_crypto_hash(finding, source) if CRYPTO_RULES.include?(id)
+          generate_trigger_hash(finding)
+        end
+        def generate_config_hash finding
+          hash = new
+          hash.update(finding.rule_id)
+          path = finding.properties[CONFIG_PATH_KEY]
+          hash.update(path)
+          method = finding.properties[CONFIG_SESSION_ID_KEY]
+          hash.update(method)
+          hash.finish
+        end
+        def generate_class_scanning_hash finding
+          hash = new
+          hash.update(finding.rule_id)
+          module_name = finding.properties[CLASS_SOURCE_KEY]
+          hash.update(module_name)
+          # We're not currently collecting this. 30/7/19 HM
+          line_no = finding.properties[CLASS_LINE_NO_KEY]
+          hash.update(line_no)
+          field = finding.properties[CLASS_CONSTANT_NAME_KEY]
+          hash.update(field)
+          hash.finish
+        end
+        def generate_crypto_hash finding, algorithm
+          hash = new
+          hash.update(finding.rule_id)
+          hash.update(algorithm)
+          hash.update_on_request
+          hash.finish
+        end
+        def generate_dataflow_hash finding
+          hash = new
+          hash.update(finding.rule_id)
+          hash.update_on_sources(finding.events)
+          hash.update_on_request
+          hash.finish
+        end
+        def generate_response_hash finding
+          hash = new
+          hash.update(finding.rule_id)
+          hash.update_on_request
+          hash.finish
+        end
+        def generate_trigger_hash finding
+          hash = new
+          hash.update(finding.rule_id)
+          hash.update_on_request
+          hash.finish
+        end
+      end
+      def update_on_request
+        context = Contrast::Agent::REQUEST_TRACKER.current
+        return unless context
+        route = context.route
+        request = context.request
+        if route
+          update(route.route)
+          update(route.verb)
+        elsif request
+          update(request.normalized_uri)
+          update(request.request_method)
+        end
+      end
+      def update_on_sources events
+        return unless events&.any?
+        events.each do |event|
+          event.event_sources.each do |source|
+            update(source.type)
+            update(source.name)
+          end
+        end
+      end
+      def initialize
+        @crc32 = 0
+      end
+      def update str
+        return unless str
+        @crc32 = Zlib.crc32(str, @crc32)
+      end
+      def reset
+        @crc32 = 0
+      end
+      def finish
+        @crc32.to_s
+      end
+    end
+  end
+end