RubyGems - contrast-agent - Versions diffs - 3.8.4 - Mend

contrast-agent 3.8.4

Files changed (500) hide show

checksums.yaml +7 -0
data/.clang-format +5 -0
data/.dockerignore +10 -0
data/.gitignore +58 -0
data/.gitmodules +6 -0
data/.rspec +6 -0
data/.simplecov +4 -0
data/Gemfile +7 -0
data/LICENSE.txt +12 -0
data/Rakefile +15 -0
data/exe/contrast_service +29 -0
data/ext/build_funchook.rb +48 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.c +47 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.h +10 -0
data/ext/cs__assess_active_record_named/extconf.rb +2 -0
data/ext/cs__assess_array/cs__assess_array.c +38 -0
data/ext/cs__assess_array/cs__assess_array.h +9 -0
data/ext/cs__assess_array/extconf.rb +2 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +50 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.h +17 -0
data/ext/cs__assess_basic_object/extconf.rb +2 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +86 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +34 -0
data/ext/cs__assess_fiber_track/extconf.rb +2 -0
data/ext/cs__assess_hash/cs__assess_hash.c +64 -0
data/ext/cs__assess_hash/cs__assess_hash.h +24 -0
data/ext/cs__assess_hash/extconf.rb +2 -0
data/ext/cs__assess_kernel/cs__assess_kernel.c +36 -0
data/ext/cs__assess_kernel/cs__assess_kernel.h +10 -0
data/ext/cs__assess_kernel/extconf.rb +2 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +47 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +18 -0
data/ext/cs__assess_marshal_module/extconf.rb +2 -0
data/ext/cs__assess_module/cs__assess_module.c +78 -0
data/ext/cs__assess_module/cs__assess_module.h +25 -0
data/ext/cs__assess_module/extconf.rb +2 -0
data/ext/cs__assess_regexp/cs__assess_regexp.c +48 -0
data/ext/cs__assess_regexp/cs__assess_regexp.h +22 -0
data/ext/cs__assess_regexp/extconf.rb +2 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +63 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +29 -0
data/ext/cs__assess_regexp_track/extconf.rb +2 -0
data/ext/cs__assess_string/cs__assess_string.c +38 -0
data/ext/cs__assess_string/cs__assess_string.h +19 -0
data/ext/cs__assess_string/extconf.rb +2 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +31 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +13 -0
data/ext/cs__assess_string_interpolation26/extconf.rb +2 -0
data/ext/cs__common/cs__common.c +60 -0
data/ext/cs__common/cs__common.h +28 -0
data/ext/cs__common/extconf.rb +20 -0
data/ext/cs__contrast_patch/cs__contrast_patch.c +445 -0
data/ext/cs__contrast_patch/cs__contrast_patch.h +196 -0
data/ext/cs__contrast_patch/extconf.rb +2 -0
data/ext/cs__protect_kernel/cs__protect_kernel.c +37 -0
data/ext/cs__protect_kernel/cs__protect_kernel.h +11 -0
data/ext/cs__protect_kernel/extconf.rb +2 -0
data/ext/cs__scope/cs__scope.c +96 -0
data/ext/cs__scope/cs__scope.h +33 -0
data/ext/cs__scope/extconf.rb +2 -0
data/ext/extconf_common.rb +49 -0
data/funchook/LICENSE +360 -0
data/funchook/Makefile +29 -0
data/funchook/Makefile.in +29 -0
data/funchook/README.md +121 -0
data/funchook/appveyor.yml +42 -0
data/funchook/autogen.sh +3 -0
data/funchook/autom4te.cache/output.0 +4976 -0
data/funchook/autom4te.cache/requests +78 -0
data/funchook/autom4te.cache/traces.0 +364 -0
data/funchook/config.guess +1530 -0
data/funchook/config.log +490 -0
data/funchook/config.status +1016 -0
data/funchook/config.sub +1773 -0
data/funchook/configure +4976 -0
data/funchook/configure.ac +59 -0
data/funchook/distorm/COPYING +26 -0
data/funchook/distorm/MANIFEST +25 -0
data/funchook/distorm/MANIFEST.in +4 -0
data/funchook/distorm/README.md +12 -0
data/funchook/distorm/disOps/disOps.py +795 -0
data/funchook/distorm/disOps/x86db.py +404 -0
data/funchook/distorm/disOps/x86header.py +247 -0
data/funchook/distorm/disOps/x86sets.py +1664 -0
data/funchook/distorm/examples/cs/TestdiStorm/Program.cs +79 -0
data/funchook/distorm/examples/cs/TestdiStorm/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/TestdiStorm/TestdiStorm.csproj +69 -0
data/funchook/distorm/examples/cs/distorm-net.sln +26 -0
data/funchook/distorm/examples/cs/distorm-net/CodeInfo.cs +23 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedInst.cs +15 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedInst.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.cs +1268 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.tt +37 -0
data/funchook/distorm/examples/cs/distorm-net/Operand.cs +25 -0
data/funchook/distorm/examples/cs/distorm-net/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/diStorm3.cs +411 -0
data/funchook/distorm/examples/cs/distorm-net/distorm-net.csproj +80 -0
data/funchook/distorm/examples/cs/readme +3 -0
data/funchook/distorm/examples/ddk/README +48 -0
data/funchook/distorm/examples/ddk/distorm.ini +11 -0
data/funchook/distorm/examples/ddk/dummy.c +15 -0
data/funchook/distorm/examples/ddk/main.c +91 -0
data/funchook/distorm/examples/ddk/makefile +1 -0
data/funchook/distorm/examples/ddk/sources +10 -0
data/funchook/distorm/examples/java/Makefile +23 -0
data/funchook/distorm/examples/java/distorm/src/Main.java +43 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/CodeInfo.java +27 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedInst.java +32 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedInst.java +89 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/OpcodeEnum.java +131 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Opcodes.java +1123 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Operand.java +24 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/distorm3.java +41 -0
data/funchook/distorm/examples/java/jdistorm.c +405 -0
data/funchook/distorm/examples/java/jdistorm.h +40 -0
data/funchook/distorm/examples/java/jdistorm.sln +20 -0
data/funchook/distorm/examples/java/jdistorm.vcproj +208 -0
data/funchook/distorm/examples/linux/Makefile +15 -0
data/funchook/distorm/examples/linux/main.c +181 -0
data/funchook/distorm/examples/tests/Makefile +15 -0
data/funchook/distorm/examples/tests/main.cpp +42 -0
data/funchook/distorm/examples/tests/main.py +66 -0
data/funchook/distorm/examples/tests/test_distorm3.py +1672 -0
data/funchook/distorm/examples/tests/tests.sln +20 -0
data/funchook/distorm/examples/tests/tests.vcxproj +82 -0
data/funchook/distorm/examples/tests/tests.vcxproj.filters +22 -0
data/funchook/distorm/examples/win32/disasm.sln +25 -0
data/funchook/distorm/examples/win32/disasm.vcxproj +201 -0
data/funchook/distorm/examples/win32/disasm.vcxproj.filters +14 -0
data/funchook/distorm/examples/win32/main.cpp +163 -0
data/funchook/distorm/include/distorm.h +482 -0
data/funchook/distorm/include/mnemonics.h +301 -0
data/funchook/distorm/make/linux/Makefile +28 -0
data/funchook/distorm/make/mac/Makefile +24 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj +239 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj.filters +80 -0
data/funchook/distorm/make/win32/distorm.sln +25 -0
data/funchook/distorm/make/win32/resource.h +14 -0
data/funchook/distorm/make/win32/resource.rc +99 -0
data/funchook/distorm/python/distorm3/__init__.py +957 -0
data/funchook/distorm/python/distorm3/sample.py +51 -0
data/funchook/distorm/setup.cfg +10 -0
data/funchook/distorm/setup.py +266 -0
data/funchook/distorm/src/config.h +169 -0
data/funchook/distorm/src/decoder.c +641 -0
data/funchook/distorm/src/decoder.h +33 -0
data/funchook/distorm/src/distorm.c +413 -0
data/funchook/distorm/src/instructions.c +597 -0
data/funchook/distorm/src/instructions.h +463 -0
data/funchook/distorm/src/insts.c +7939 -0
data/funchook/distorm/src/insts.h +64 -0
data/funchook/distorm/src/mnemonics.c +284 -0
data/funchook/distorm/src/operands.c +1290 -0
data/funchook/distorm/src/operands.h +28 -0
data/funchook/distorm/src/prefix.c +368 -0
data/funchook/distorm/src/prefix.h +64 -0
data/funchook/distorm/src/textdefs.c +172 -0
data/funchook/distorm/src/textdefs.h +57 -0
data/funchook/distorm/src/wstring.c +47 -0
data/funchook/distorm/src/wstring.h +35 -0
data/funchook/distorm/src/x86defs.h +82 -0
data/funchook/include/funchook.h +123 -0
data/funchook/install-sh +527 -0
data/funchook/src/Makefile +70 -0
data/funchook/src/Makefile.in +70 -0
data/funchook/src/__strerror.h +109 -0
data/funchook/src/config.h +101 -0
data/funchook/src/config.h.in +100 -0
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.c +440 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_internal.h +155 -0
data/funchook/src/funchook_io.c +182 -0
data/funchook/src/funchook_io.h +64 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.S +134 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.c +480 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_windows.c +397 -0
data/funchook/src/funchook_x86.c +622 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.so +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.c +115 -0
data/funchook/src/os_func.h +75 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.c +94 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/os_func_windows.c +32 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.c +1688 -0
data/funchook/src/printf_base.h +46 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +43 -0
data/funchook/test/Makefile.in +43 -0
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.c +25 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/libfunchook_test2.c +18 -0
data/funchook/test/suffix.list +600 -0
data/funchook/test/test_main.c +430 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.S +10 -0
data/funchook/test/x86_64_test.o +0 -0
data/funchook/test/x86_test.S +339 -0
data/funchook/win32/config.h +1 -0
data/funchook/win32/funchook.sln +52 -0
data/funchook/win32/funchook.vcxproj +188 -0
data/funchook/win32/funchook.vcxproj.filters +84 -0
data/funchook/win32/funchook_test.vcxproj +170 -0
data/funchook/win32/funchook_test.vcxproj.filters +22 -0
data/funchook/win32/funchook_test_dll.vcxproj +184 -0
data/funchook/win32/funchook_test_dll.vcxproj.filters +30 -0
data/funchook/win32/funchook_test_exe.def +3 -0
data/lib/contrast-agent.rb +8 -0
data/lib/contrast.rb +57 -0
data/lib/contrast/agent.rb +80 -0
data/lib/contrast/agent/assess.rb +45 -0
data/lib/contrast/agent/assess/adjusted_span.rb +25 -0
data/lib/contrast/agent/assess/class_reverter.rb +82 -0
data/lib/contrast/agent/assess/contrast_event.rb +398 -0
data/lib/contrast/agent/assess/frozen_properties.rb +41 -0
data/lib/contrast/agent/assess/insulator.rb +53 -0
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +78 -0
data/lib/contrast/agent/assess/policy/patcher.rb +85 -0
data/lib/contrast/agent/assess/policy/policy.rb +116 -0
data/lib/contrast/agent/assess/policy/policy_node.rb +289 -0
data/lib/contrast/agent/assess/policy/policy_scanner.rb +44 -0
data/lib/contrast/agent/assess/policy/preshift.rb +94 -0
data/lib/contrast/agent/assess/policy/propagation_method.rb +260 -0
data/lib/contrast/agent/assess/policy/propagation_node.rb +127 -0
data/lib/contrast/agent/assess/policy/propagator.rb +35 -0
data/lib/contrast/agent/assess/policy/propagator/append.rb +54 -0
data/lib/contrast/agent/assess/policy/propagator/base.rb +37 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/custom.rb +36 -0
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +62 -0
data/lib/contrast/agent/assess/policy/propagator/insert.rb +55 -0
data/lib/contrast/agent/assess/policy/propagator/keep.rb +26 -0
data/lib/contrast/agent/assess/policy/propagator/next.rb +42 -0
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +50 -0
data/lib/contrast/agent/assess/policy/propagator/remove.rb +76 -0
data/lib/contrast/agent/assess/policy/propagator/replace.rb +27 -0
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +38 -0
data/lib/contrast/agent/assess/policy/propagator/select.rb +86 -0
data/lib/contrast/agent/assess/policy/propagator/splat.rb +60 -0
data/lib/contrast/agent/assess/policy/propagator/split.rb +49 -0
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +169 -0
data/lib/contrast/agent/assess/policy/propagator/trim.rb +81 -0
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +79 -0
data/lib/contrast/agent/assess/policy/source_method.rb +209 -0
data/lib/contrast/agent/assess/policy/source_node.rb +62 -0
data/lib/contrast/agent/assess/policy/trigger_method.rb +209 -0
data/lib/contrast/agent/assess/policy/trigger_node.rb +198 -0
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +77 -0
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +31 -0
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +40 -0
data/lib/contrast/agent/assess/properties.rb +392 -0
data/lib/contrast/agent/assess/rule.rb +18 -0
data/lib/contrast/agent/assess/rule/base.rb +72 -0
data/lib/contrast/agent/assess/rule/csrf.rb +66 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +28 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +69 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +132 -0
data/lib/contrast/agent/assess/rule/provider.rb +21 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +62 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +73 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +121 -0
data/lib/contrast/agent/assess/rule/redos.rb +68 -0
data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +47 -0
data/lib/contrast/agent/assess/rule/response_watcher.rb +36 -0
data/lib/contrast/agent/assess/rule/watcher.rb +36 -0
data/lib/contrast/agent/assess/tag.rb +151 -0
data/lib/contrast/agent/at_exit_hook.rb +33 -0
data/lib/contrast/agent/class_reopener.rb +195 -0
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +26 -0
data/lib/contrast/agent/deadzone/policy/policy.rb +57 -0
data/lib/contrast/agent/disable_reaction.rb +24 -0
data/lib/contrast/agent/exclusion_matcher.rb +190 -0
data/lib/contrast/agent/feature_state.rb +379 -0
data/lib/contrast/agent/inventory/policy/policy.rb +32 -0
data/lib/contrast/agent/inventory/policy/trigger_node.rb +22 -0
data/lib/contrast/agent/logger_manager.rb +116 -0
data/lib/contrast/agent/middleware.rb +352 -0
data/lib/contrast/agent/module_data.rb +16 -0
data/lib/contrast/agent/patching/policy/after_load_patch.rb +37 -0
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +58 -0
data/lib/contrast/agent/patching/policy/method_policy.rb +94 -0
data/lib/contrast/agent/patching/policy/module_policy.rb +116 -0
data/lib/contrast/agent/patching/policy/patch.rb +312 -0
data/lib/contrast/agent/patching/policy/patch_status.rb +192 -0
data/lib/contrast/agent/patching/policy/patcher.rb +310 -0
data/lib/contrast/agent/patching/policy/policy.rb +138 -0
data/lib/contrast/agent/patching/policy/policy_node.rb +80 -0
data/lib/contrast/agent/patching/policy/policy_unpatcher.rb +28 -0
data/lib/contrast/agent/patching/policy/trigger_node.rb +81 -0
data/lib/contrast/agent/protect/policy/policy.rb +37 -0
data/lib/contrast/agent/protect/policy/trigger_node.rb +23 -0
data/lib/contrast/agent/protect/rule.rb +58 -0
data/lib/contrast/agent/protect/rule/base.rb +300 -0
data/lib/contrast/agent/protect/rule/base_service.rb +88 -0
data/lib/contrast/agent/protect/rule/cmd_injection.rb +156 -0
data/lib/contrast/agent/protect/rule/csrf.rb +118 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +103 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +85 -0
data/lib/contrast/agent/protect/rule/default_scanner.rb +300 -0
data/lib/contrast/agent/protect/rule/deserialization.rb +193 -0
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +80 -0
data/lib/contrast/agent/protect/rule/no_sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +40 -0
data/lib/contrast/agent/protect/rule/path_traversal.rb +143 -0
data/lib/contrast/agent/protect/rule/sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +16 -0
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +38 -0
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +22 -0
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +19 -0
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +20 -0
data/lib/contrast/agent/protect/rule/xss.rb +24 -0
data/lib/contrast/agent/protect/rule/xxe.rb +120 -0
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +82 -0
data/lib/contrast/agent/railtie.rb +30 -0
data/lib/contrast/agent/reaction_processor.rb +47 -0
data/lib/contrast/agent/request.rb +493 -0
data/lib/contrast/agent/request_context.rb +225 -0
data/lib/contrast/agent/require_state.rb +61 -0
data/lib/contrast/agent/response.rb +215 -0
data/lib/contrast/agent/rewriter.rb +244 -0
data/lib/contrast/agent/scope.rb +28 -0
data/lib/contrast/agent/service_heartbeat.rb +37 -0
data/lib/contrast/agent/settings_state.rb +148 -0
data/lib/contrast/agent/socket_client.rb +125 -0
data/lib/contrast/agent/thread.rb +26 -0
data/lib/contrast/agent/tracepoint_hook.rb +51 -0
data/lib/contrast/agent/version.rb +8 -0
data/lib/contrast/api.rb +17 -0
data/lib/contrast/api/.gitkeep +0 -0
data/lib/contrast/api/connection_status.rb +49 -0
data/lib/contrast/api/socket.rb +43 -0
data/lib/contrast/api/speedracer.rb +206 -0
data/lib/contrast/api/tcp_socket.rb +31 -0
data/lib/contrast/api/unix_socket.rb +25 -0
data/lib/contrast/common_agent_configuration.rb +86 -0
data/lib/contrast/components/agent.rb +85 -0
data/lib/contrast/components/app_context.rb +188 -0
data/lib/contrast/components/assess.rb +67 -0
data/lib/contrast/components/config.rb +135 -0
data/lib/contrast/components/contrast_service.rb +113 -0
data/lib/contrast/components/heap_dump.rb +34 -0
data/lib/contrast/components/interface.rb +178 -0
data/lib/contrast/components/inventory.rb +23 -0
data/lib/contrast/components/logger.rb +92 -0
data/lib/contrast/components/protect.rb +38 -0
data/lib/contrast/components/sampling.rb +41 -0
data/lib/contrast/components/scope.rb +106 -0
data/lib/contrast/components/settings.rb +140 -0
data/lib/contrast/config.rb +33 -0
data/lib/contrast/config/agent_configuration.rb +24 -0
data/lib/contrast/config/application_configuration.rb +27 -0
data/lib/contrast/config/assess_configuration.rb +22 -0
data/lib/contrast/config/assess_rules_configuration.rb +18 -0
data/lib/contrast/config/base_configuration.rb +105 -0
data/lib/contrast/config/default_value.rb +16 -0
data/lib/contrast/config/exception_configuration.rb +21 -0
data/lib/contrast/config/heap_dump_configuration.rb +23 -0
data/lib/contrast/config/inventory_configuration.rb +20 -0
data/lib/contrast/config/logger_configuration.rb +20 -0
data/lib/contrast/config/protect_configuration.rb +20 -0
data/lib/contrast/config/protect_rule_configuration.rb +37 -0
data/lib/contrast/config/protect_rules_configuration.rb +30 -0
data/lib/contrast/config/root_configuration.rb +26 -0
data/lib/contrast/config/ruby_configuration.rb +39 -0
data/lib/contrast/config/sampling_configuration.rb +22 -0
data/lib/contrast/config/server_configuration.rb +23 -0
data/lib/contrast/config/service_configuration.rb +22 -0
data/lib/contrast/configuration.rb +214 -0
data/lib/contrast/core_extensions/assess.rb +51 -0
data/lib/contrast/core_extensions/assess/array.rb +58 -0
data/lib/contrast/core_extensions/assess/assess_extension.rb +145 -0
data/lib/contrast/core_extensions/assess/basic_object.rb +15 -0
data/lib/contrast/core_extensions/assess/erb.rb +42 -0
data/lib/contrast/core_extensions/assess/exec_trigger.rb +48 -0
data/lib/contrast/core_extensions/assess/fiber.rb +125 -0
data/lib/contrast/core_extensions/assess/hash.rb +22 -0
data/lib/contrast/core_extensions/assess/kernel.rb +95 -0
data/lib/contrast/core_extensions/assess/module.rb +14 -0
data/lib/contrast/core_extensions/assess/regexp.rb +206 -0
data/lib/contrast/core_extensions/assess/string.rb +75 -0
data/lib/contrast/core_extensions/assess/tilt_template_trigger.rb +73 -0
data/lib/contrast/core_extensions/delegator.rb +14 -0
data/lib/contrast/core_extensions/eval_trigger.rb +52 -0
data/lib/contrast/core_extensions/inventory.rb +22 -0
data/lib/contrast/core_extensions/inventory/datastores.rb +37 -0
data/lib/contrast/core_extensions/module.rb +42 -0
data/lib/contrast/core_extensions/object.rb +27 -0
data/lib/contrast/core_extensions/protect.rb +20 -0
data/lib/contrast/core_extensions/protect/applies_command_injection_rule.rb +70 -0
data/lib/contrast/core_extensions/protect/applies_deserialization_rule.rb +58 -0
data/lib/contrast/core_extensions/protect/applies_no_sqli_rule.rb +81 -0
data/lib/contrast/core_extensions/protect/applies_path_traversal_rule.rb +119 -0
data/lib/contrast/core_extensions/protect/applies_sqli_rule.rb +63 -0
data/lib/contrast/core_extensions/protect/applies_xxe_rule.rb +141 -0
data/lib/contrast/core_extensions/protect/kernel.rb +30 -0
data/lib/contrast/core_extensions/protect/psych.rb +7 -0
data/lib/contrast/core_extensions/thread.rb +31 -0
data/lib/contrast/internal_exception.rb +8 -0
data/lib/contrast/rails_extensions/assess/action_controller_inheritance.rb +48 -0
data/lib/contrast/rails_extensions/assess/active_record.rb +32 -0
data/lib/contrast/rails_extensions/assess/active_record_named.rb +61 -0
data/lib/contrast/rails_extensions/assess/configuration.rb +26 -0
data/lib/contrast/rails_extensions/buffer.rb +30 -0
data/lib/contrast/rails_extensions/rack.rb +45 -0
data/lib/contrast/security_exception.rb +14 -0
data/lib/contrast/sinatra_extensions/assess/cookie.rb +26 -0
data/lib/contrast/sinatra_extensions/inventory/sinatra_base.rb +59 -0
data/lib/contrast/tasks/service.rb +95 -0
data/lib/contrast/utils/assess/sampling_util.rb +96 -0
data/lib/contrast/utils/assess/tracking_util.rb +39 -0
data/lib/contrast/utils/boolean_util.rb +33 -0
data/lib/contrast/utils/cache.rb +69 -0
data/lib/contrast/utils/class_util.rb +58 -0
data/lib/contrast/utils/comment_range.rb +19 -0
data/lib/contrast/utils/data_store_util.rb +23 -0
data/lib/contrast/utils/duck_utils.rb +58 -0
data/lib/contrast/utils/env_configuration_item.rb +52 -0
data/lib/contrast/utils/environment_util.rb +152 -0
data/lib/contrast/utils/freeze_util.rb +36 -0
data/lib/contrast/utils/gemfile_reader.rb +191 -0
data/lib/contrast/utils/hash_digest.rb +148 -0
data/lib/contrast/utils/heap_dump_util.rb +113 -0
data/lib/contrast/utils/invalid_configuration_util.rb +88 -0
data/lib/contrast/utils/inventory_util.rb +126 -0
data/lib/contrast/utils/io_util.rb +61 -0
data/lib/contrast/utils/object_share.rb +117 -0
data/lib/contrast/utils/operating_environment.rb +38 -0
data/lib/contrast/utils/os.rb +49 -0
data/lib/contrast/utils/path_util.rb +151 -0
data/lib/contrast/utils/performs_logging.rb +152 -0
data/lib/contrast/utils/preflight_util.rb +13 -0
data/lib/contrast/utils/prevent_serialization.rb +52 -0
data/lib/contrast/utils/rack_assess_session_cookie.rb +104 -0
data/lib/contrast/utils/rails_assess_configuration.rb +95 -0
data/lib/contrast/utils/random_util.rb +22 -0
data/lib/contrast/utils/resource_loader.rb +23 -0
data/lib/contrast/utils/ruby_ast_rewriter.rb +74 -0
data/lib/contrast/utils/scope_util.rb +99 -0
data/lib/contrast/utils/service_response_util.rb +116 -0
data/lib/contrast/utils/service_sender_util.rb +98 -0
data/lib/contrast/utils/sha256_builder.rb +69 -0
data/lib/contrast/utils/sinatra_helper.rb +49 -0
data/lib/contrast/utils/stack_trace_utils.rb +209 -0
data/lib/contrast/utils/string_utils.rb +72 -0
data/lib/contrast/utils/tag_util.rb +139 -0
data/lib/contrast/utils/thread_tracker.rb +54 -0
data/lib/contrast/utils/timer.rb +78 -0
data/resources/assess/policy.json +1673 -0
data/resources/csrf/inject.js +44 -0
data/resources/deadzone/policy.json +55 -0
data/resources/factory-bot-spec/spec_helper.rb +30 -0
data/resources/inventory/policy.json +110 -0
data/resources/protect/policy.json +417 -0
data/resources/rubocops/kernel/catch_cop.rb +37 -0
data/resources/rubocops/kernel/require_cop.rb +37 -0
data/resources/rubocops/kernel/require_relative_cop.rb +33 -0
data/resources/rubocops/module/autoload_cop.rb +37 -0
data/resources/rubocops/module/const_defined_cop.rb +37 -0
data/resources/rubocops/module/const_get_cop.rb +37 -0
data/resources/rubocops/module/const_set_cop.rb +37 -0
data/resources/rubocops/module/constants_cop.rb +37 -0
data/resources/rubocops/module/name_cop.rb +37 -0
data/resources/rubocops/object/class_cop.rb +37 -0
data/resources/rubocops/object/freeze_cop.rb +37 -0
data/resources/rubocops/object/frozen_cop.rb +37 -0
data/resources/rubocops/object/is_a_cop.rb +37 -0
data/resources/rubocops/object/method_cop.rb +37 -0
data/resources/rubocops/object/respond_to_cop.rb +37 -0
data/resources/rubocops/object/singleton_class_cop.rb +37 -0
data/resources/rubocops/regexp/spelling_cop.rb +44 -0
data/resources/rubocops/thread/new_cop.rb +39 -0
data/resources/ruby-spec/ancestors_spec.rb +70 -0
data/resources/ruby-spec/modulo_spec.rb +831 -0
data/resources/ruby-spec/parameters_spec.rb +261 -0
data/resources/ruby-spec/ruby_spec_spec_helper.rb +35 -0
data/resources/test_marker.txt +1 -0
data/ruby-agent.gemspec +129 -0
data/service_executables/.gitkeep +0 -0
data/service_executables/VERSION +1 -0
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +945 -0

data/lib/contrast/utils/environment_util.rb ADDED

@@ -0,0 +1,152 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'socket'
+cs__scoped_require 'contrast/core_extensions/module'
+cs__scoped_require 'contrast/components/interface'
+cs__scoped_require 'contrast/utils/object_share'
+cs__scoped_require 'contrast/utils/string_utils'
+module Contrast
+  module Utils
+    # Gather information about the application and server environment
+    # that the agent is running in.
+    class EnvironmentUtil
+      include Contrast::Components::Interface
+      access_component :analysis
+      DEFAULT_APP_NAME = 'rack'
+      DEFAULT_SERVER_NAME = 'localhost'
+      CS_VERSION = 'VERSION'
+      # Possible names of constants that would hold version info
+      VERSION_CONSTANT_CANDIDATES = %w[
+        VERSION
+        ::VERSION
+        Version::VERSION
+        ::Version::VERSION
+        ::Application::VERSION
+      ].cs__freeze
+      # Common places where view-layer files can be found in a Rails application
+      RAILS_VIEWS = [
+        ['app/assets', '*.coffee', %w[CoffeeScript]],
+        ['app/assets', '*.scss', %w[SASS]],
+        ['app/views', '*.html', %w[HTML5]],
+        ['app/views', '*.html.erb', %w[HTML5 ERB]],
+        ['app/views', '*.html.haml', %w[HTML5 HAML]],
+        ['public', '*.html', %w[HTML5]]
+      ].cs__freeze
+      class << self
+        ######### These are helpers ####################
+        def present? str
+          !str.nil? && !str.to_s.empty?
+        end
+        ######### Actually env/framework dependent ####################
+        # See CONTRAST-16380 for more details
+        def determine_application_version
+          @_determine_application_version ||= begin
+            candidates = VERSION_CONSTANT_CANDIDATES.map do |name|
+              # If there's a constant named 'name' (VERSION, etc.), get its value.
+              begin
+                name.split('::').inject(Object) do |mod, class_name|
+                  mod.cs__const_get(class_name)
+                end
+              rescue LoadError, StandardError
+                nil
+              end
+            end
+            candidates.compact!
+            candidate = candidates.first || ENV[CS_VERSION]
+            case candidate
+            when Hash
+              candidate.values.join(Contrast::Utils::ObjectShare::PERIOD)
+            when Array
+              candidate.join(Contrast::Utils::ObjectShare::PERIOD)
+            when String
+              candidate
+            when NilClass
+              return nil
+            else
+              candidate.inspect
+            end
+          end
+        end
+        def platform
+          version = Rails.version rescue Sinatra::VERSION rescue Rack.version rescue '' # rubocop:disable Style/RescueModifier
+          major, minor, patch = *version.split(Contrast::Utils::ObjectShare::PERIOD)
+          major ||= ''
+          minor ||= ''
+          patch ||= ''
+          [major, minor, patch]
+        rescue StandardError
+          Contrast::Utils::ObjectShare::EMPTY_TRIPLE
+        end
+        # Read libraries from the gemfile and append to the given ApplicationUpdate message
+        # or other class that has a libraries map association
+        def add_library_to_app_update app_update_pb, library_tags = ''
+          libraries = Contrast::Utils::GemfileReader.instance.library_pb_list
+          libraries.each do |n|
+            n.tags = library_tags
+            app_update_pb.libraries[n.hash_code] = n
+          end
+        end
+        # Iterate through known locations, looking for files
+        # that represent view or template files. If found, for each file in the directory
+        # append the technology and the view object to the application update instance
+        def scan_views app_update_msg
+          return unless INVENTORY.enabled?
+          scan_rails_views(app_update_msg)
+          scan_sinatra_views(app_update_msg)
+        end
+        # Find all the predefined routes for this application and append them to the
+        # provided inventory message
+        # msg should be a Contrast::Api::Dtm::ApplicationUpdate or some other msg
+        # that has a routes array consisting of Contrast::Api::Dtm::RouteCoverage
+        def scan_routes msg
+          return unless INVENTORY.enabled?
+          Contrast::Utils::PathUtil.find_routes.each do |route|
+            msg.routes << route
+          end
+        end
+        private
+        def scan_view_directories app_update_msg, view_location_data
+          view_location_data.each do |path, extension, tech_names|
+            next if Dir["#{ path }/**/*#{ extension }"].empty?
+            tech_names.each do |tech|
+              app_update_msg.technologies[tech] = true
+            end
+          end
+        end
+        def scan_rails_views app_update_msg
+          scan_view_directories(app_update_msg, RAILS_VIEWS)
+        end
+        def scan_sinatra_views app_update_msg
+          sinatra_app = Contrast::Utils::SinatraHelper.app_class
+          return unless sinatra_app
+          scan_view_directories(app_update_msg, Contrast::Utils::SinatraHelper.scannable_view_dirs)
+        end
+      end
+    end
+  end
+end

data/lib/contrast/utils/freeze_util.rb ADDED

@@ -0,0 +1,36 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/core_extensions/object'
+cs__scoped_require 'contrast/utils/duck_utils'
+module Contrast
+  module Utils
+    # This utility allows us to act on frozen objects, creating an unfrozen
+    # duplicate in those cases where that is possible.
+    class FreezeUtil
+      class << self
+        # Make every attempt to duplicate the frozen object so that it can
+        # be tracked. Some things, like Nil, True, and False, respond to dup
+        # but throw a TypeError. This catches that case and returns the
+        # original. We luck out as these three cases do not get propagated to
+        #
+        # @param original [Object] something frozen, usually a String
+        # @return [Object] the original or an unfrozen copy
+        def unfreeze_dup original
+          return original unless original.cs__frozen?
+          return original unless Contrast::Utils::DuckUtils.quacks_like_duplicable?(original)
+          copy = original.dup
+          if Contrast::Utils::DuckUtils.quacks_like_tracked_hash?(copy)
+            copy.each_key do |key|
+              value = original[key]
+              copy[key] = Contrast::Utils::DuckUtils.quacks_like_duplicable?(original) ? value.dup : value
+            end
+          end
+          copy
+        end
+      end
+    end
+  end
+end

data/lib/contrast/utils/gemfile_reader.rb ADDED

@@ -0,0 +1,191 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'set'
+cs__scoped_require 'contrast/utils/sha256_builder'
+cs__scoped_require 'contrast/utils/string_utils'
+cs__scoped_require 'contrast/components/interface'
+cs__scoped_require 'contrast/api'
+module Contrast
+  module Utils
+    # GemfileReader has methods for extracting information from gem specs
+    # it also has a cache of library file digests to the lines of code found.
+    class GemfileReader
+      include Singleton
+      include Contrast::Components::Interface
+      access_component :logging
+      CONTRAST_AGENT = 'contrast-agent'
+      def initialize
+        # Map of a Gem's Spec Digest to all loaded files from that Gem
+        @spec_to_files = {}
+      end
+      # the #clone is necessary here, as a require in another thread could
+      # potentially result in adding a key to the loaded_specs hash during
+      # iteration.  (as in RUBY-330)
+      def loaded_specs
+        Gem.loaded_specs.clone
+      end
+      # indicates if there's been an update to library information, allowing us
+      # to only serialize this information on change.
+      def updated?
+        @updated
+      end
+      def updated!
+        @updated = true
+      end
+      # Once we're Contrasted, we intercept require calls to do inventory.
+      # In order to catch up, we do a one-time manual catchup, & inventory
+      # all the already-loaded gems.
+      def map_loaded_classes
+        loaded_specs.each do |name, spec|
+          # Don't count Contrast gems
+          next if contrast_gems.include? name
+          # Get a digest of the Gem file itself
+          next unless (digest = Contrast::Utils::Sha256Builder.build_from_spec(spec))
+          paths = get_by_digest(digest)
+          path = spec.full_gem_path
+          $LOADED_FEATURES.each do |line|
+            next unless line.to_s.start_with?(path)
+            # logger.debug("Recording loaded gem at '#{ line }' for inventory analysis") if logger.trace? # TODO: RUBY-547
+            updated!
+            paths << adjust_lib(line)
+          end
+        end
+      end
+      def map_class path
+        path = adjust_lib(path)
+        return unless (spec   = Gem::Specification.find_by_path(path))
+        return unless (digest = Contrast::Utils::Sha256Builder.build_from_spec(spec))
+        updated!
+        get_by_digest(digest) << path
+      end
+      def library_pb_list
+        loaded_specs.each_with_object([]) do |(name, spec), arr|
+          next if contrast_gems.include? name
+          next unless spec
+          next unless (digest = Contrast::Utils::Sha256Builder.build_from_spec(spec))
+          arr << build_library_pb(digest, spec)
+        end
+      end
+      def generate_library_usage activity = nil
+        return unless updated?
+        @spec_to_files.each_pair do |digest, files|
+          usage = Contrast::Api::Dtm::LibraryUsageUpdate.new
+          usage.hash_code = Contrast::Utils::StringUtils.force_utf8(digest)
+          activity.library_usages[usage.hash_code] = usage if activity
+          # TODO: PROD-35 once TS switches to take filenames, remove the count setter and
+          #   send the class names in usage.class_names
+          usage.count = files.size
+        end
+        # TODO: PROD-35 once TS switches to take filenames, clear this and remove the
+        #   @updated variable
+        # @spec_to_files.clear
+        @updated = false
+      end
+      private
+      # marker for the lib dir in an absolute file path. purposefully includes
+      # the trailing '/'
+      LIB = '/lib/'
+      # Kernel#load uses the absolute path, but Gems / Specs use the path after
+      # `/lib`. This method accounts for that and trims out the `/lib/` section
+      # and starts with the first `/` after and the trailing file extension, if
+      # present.
+      #
+      # @param path [String] the path to parse
+      # @return [String] the relative path of the file, after the lib directory
+      def adjust_lib path
+        idx = path.index(LIB)
+        path = path[(idx + 4)..-1] if idx
+        idx = path.rindex(Contrast::Utils::ObjectShare::PERIOD)
+        path = path[0..idx] if idx
+        path
+      end
+      def get_by_digest digest
+        @spec_to_files[digest] = Set.new unless @spec_to_files.key?(digest)
+        @spec_to_files[digest]
+      end
+      def build_library_pb digest, spec
+        lib             = Contrast::Api::Dtm::Library.new
+        lib.file_path   = Contrast::Utils::StringUtils.force_utf8(spec.name)
+        lib.hash_code   = Contrast::Utils::StringUtils.force_utf8(digest)
+        lib.version     = Contrast::Utils::StringUtils.force_utf8(spec.version)
+        lib.manifest    = Contrast::Utils::StringUtils.force_utf8(build_manifest(spec))
+        lib.external_ms = date_to_ms(spec.date)
+        lib.internal_ms = lib.external_ms
+        lib.url         = Contrast::Utils::StringUtils.force_utf8(spec.homepage)
+        update_class_counts(lib, digest, spec)
+        lib
+      end
+      def date_to_ms date
+        (date.to_f * 1000.0).to_i
+      end
+      def update_class_counts lib, digest, spec
+        # Updating the class counts
+        path = spec.full_gem_path.to_s
+        lib.class_count = all_files(path).length
+        lib.used_class_count = @spec_to_files.key?(digest) ? get_by_digest(digest).size : 0
+        lib
+      end
+      def build_manifest spec
+        Contrast::Utils::StringUtils.force_utf8(spec.to_yaml.to_s) if defined?(YAML)
+      rescue StandardError
+        nil
+      end
+      # These are all the code files that are located in the Gem directory loaded
+      # by the current environment; this includes more than Ruby files
+      def all_files path
+        Contrast::Utils::Sha256Builder.instance.files(path)
+      end
+      # Go through all dependents, given as a pair from the DependencyList: `dependency`
+      # is the dependency itself, filled with all its specs. `dependents` is the array of reverse
+      # dependencies for the aforementioned dependency. If the dependency is also in contrast_dep_set,
+      # then contrast depends on it. If its array of dependents is 1, then contrast is the
+      # only dependency in that list. Since only contrast depends on it, we should ignore it.
+      def contrast_gems
+        @_contrast_gems ||= find_contrast_gems
+      end
+      def find_contrast_gems
+        ignore = Set.new([CONTRAST_AGENT])
+        contrast_specs = Gem::DependencyList.from_specs.specs.find do |dependency|
+          dependency.name == CONTRAST_AGENT
+        end
+        contrast_dep_set = contrast_specs.dependencies.map(&:name).to_set
+        Gem::DependencyList.from_specs.spec_predecessors.each_pair do |dependency, dependents|
+          ignore.add(dependency.name) if contrast_dep_set.include?(dependency.name) && dependents.length == 1
+        end
+        ignore
+      end
+    end
+  end
+end

data/lib/contrast/utils/hash_digest.rb ADDED

@@ -0,0 +1,148 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'digest'
+module Contrast
+  module Utils
+    # We use this class to provide hashes for our Request and Finding objects
+    # based upon our definitions of uniqueness.
+    # While the uniqueness of the request object is something internal to the
+    # Ruby agent, the uniqueness of the Finding hash is defined by a
+    # specification shared across all agent teams. The spec can be found here:
+    # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/vulnerability/preflight.md
+    class HashDigest < Digest::Class
+      include Digest::Instance
+      CONTENT_LENGTH_HEADER = 'Content-Length'
+      CRYPTO_RULES = %w[
+        crypto-bad-ciphers
+        crypto-bad-mac
+      ].cs__freeze
+      CONFIG_PATH_KEY = 'path'
+      CONFIG_SESSION_ID_KEY = 'sessionId'
+      CLASS_SOURCE_KEY = 'source'
+      CLASS_CONSTANT_NAME_KEY = 'name'
+      CLASS_LINE_NO_KEY = 'lineNo'
+      class << self
+        def generate_request_hash request
+          hash = new
+          hash.update(request.request_method)
+          hash.update(request.normalized_uri)
+          request.parameters.each_key do |name|
+            hash.update(name)
+          end
+          cl = request.normalized_request_headers[CONTENT_LENGTH_HEADER]
+          hash.update(request.normalized_length_header(cl)) if cl
+          hash.finish
+        end
+        def generate_event_hash finding, source
+          return generate_dataflow_hash(finding) if finding.events.length.to_i > 1
+          id = finding.rule_id
+          return generate_crypto_hash(finding, source) if CRYPTO_RULES.include?(id)
+          generate_trigger_hash(finding)
+        end
+        def generate_config_hash finding
+          hash = new
+          hash.update(finding.rule_id)
+          path = finding.properties[CONFIG_PATH_KEY]
+          hash.update(path)
+          method = finding.properties[CONFIG_SESSION_ID_KEY]
+          hash.update(method)
+          hash.finish
+        end
+        def generate_class_scanning_hash finding
+          hash = new
+          hash.update(finding.rule_id)
+          module_name = finding.properties[CLASS_SOURCE_KEY]
+          hash.update(module_name)
+          # We're not currently collecting this. 30/7/19 HM
+          line_no = finding.properties[CLASS_LINE_NO_KEY]
+          hash.update(line_no)
+          field = finding.properties[CLASS_CONSTANT_NAME_KEY]
+          hash.update(field)
+          hash.finish
+        end
+        def generate_crypto_hash finding, algorithm
+          hash = new
+          hash.update(finding.rule_id)
+          hash.update(algorithm)
+          hash.update_on_request
+          hash.finish
+        end
+        def generate_dataflow_hash finding
+          hash = new
+          hash.update(finding.rule_id)
+          hash.update_on_sources(finding.events)
+          hash.update_on_request
+          hash.finish
+        end
+        def generate_response_hash finding
+          hash = new
+          hash.update(finding.rule_id)
+          hash.update_on_request
+          hash.finish
+        end
+        def generate_trigger_hash finding
+          hash = new
+          hash.update(finding.rule_id)
+          hash.update_on_request
+          hash.finish
+        end
+      end
+      def update_on_request
+        context = Contrast::Agent::REQUEST_TRACKER.current
+        return unless context
+        route = context.route
+        request = context.request
+        if route
+          update(route.route)
+          update(route.verb)
+        elsif request
+          update(request.normalized_uri)
+          update(request.request_method)
+        end
+      end
+      def update_on_sources events
+        return unless events&.any?
+        events.each do |event|
+          event.event_sources.each do |source|
+            update(source.type)
+            update(source.name)
+          end
+        end
+      end
+      def initialize
+        @crc32 = 0
+      end
+      def update str
+        return unless str
+        @crc32 = Zlib.crc32(str, @crc32)
+      end
+      def reset
+        @crc32 = 0
+      end
+      def finish
+        @crc32.to_s
+      end
+    end
+  end
+end