RubyGems - contrast-agent - Versions diffs - 3.8.4 - Mend

contrast-agent 3.8.4

Files changed (500) hide show

checksums.yaml +7 -0
data/.clang-format +5 -0
data/.dockerignore +10 -0
data/.gitignore +58 -0
data/.gitmodules +6 -0
data/.rspec +6 -0
data/.simplecov +4 -0
data/Gemfile +7 -0
data/LICENSE.txt +12 -0
data/Rakefile +15 -0
data/exe/contrast_service +29 -0
data/ext/build_funchook.rb +48 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.c +47 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.h +10 -0
data/ext/cs__assess_active_record_named/extconf.rb +2 -0
data/ext/cs__assess_array/cs__assess_array.c +38 -0
data/ext/cs__assess_array/cs__assess_array.h +9 -0
data/ext/cs__assess_array/extconf.rb +2 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +50 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.h +17 -0
data/ext/cs__assess_basic_object/extconf.rb +2 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +86 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +34 -0
data/ext/cs__assess_fiber_track/extconf.rb +2 -0
data/ext/cs__assess_hash/cs__assess_hash.c +64 -0
data/ext/cs__assess_hash/cs__assess_hash.h +24 -0
data/ext/cs__assess_hash/extconf.rb +2 -0
data/ext/cs__assess_kernel/cs__assess_kernel.c +36 -0
data/ext/cs__assess_kernel/cs__assess_kernel.h +10 -0
data/ext/cs__assess_kernel/extconf.rb +2 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +47 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +18 -0
data/ext/cs__assess_marshal_module/extconf.rb +2 -0
data/ext/cs__assess_module/cs__assess_module.c +78 -0
data/ext/cs__assess_module/cs__assess_module.h +25 -0
data/ext/cs__assess_module/extconf.rb +2 -0
data/ext/cs__assess_regexp/cs__assess_regexp.c +48 -0
data/ext/cs__assess_regexp/cs__assess_regexp.h +22 -0
data/ext/cs__assess_regexp/extconf.rb +2 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +63 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +29 -0
data/ext/cs__assess_regexp_track/extconf.rb +2 -0
data/ext/cs__assess_string/cs__assess_string.c +38 -0
data/ext/cs__assess_string/cs__assess_string.h +19 -0
data/ext/cs__assess_string/extconf.rb +2 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +31 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +13 -0
data/ext/cs__assess_string_interpolation26/extconf.rb +2 -0
data/ext/cs__common/cs__common.c +60 -0
data/ext/cs__common/cs__common.h +28 -0
data/ext/cs__common/extconf.rb +20 -0
data/ext/cs__contrast_patch/cs__contrast_patch.c +445 -0
data/ext/cs__contrast_patch/cs__contrast_patch.h +196 -0
data/ext/cs__contrast_patch/extconf.rb +2 -0
data/ext/cs__protect_kernel/cs__protect_kernel.c +37 -0
data/ext/cs__protect_kernel/cs__protect_kernel.h +11 -0
data/ext/cs__protect_kernel/extconf.rb +2 -0
data/ext/cs__scope/cs__scope.c +96 -0
data/ext/cs__scope/cs__scope.h +33 -0
data/ext/cs__scope/extconf.rb +2 -0
data/ext/extconf_common.rb +49 -0
data/funchook/LICENSE +360 -0
data/funchook/Makefile +29 -0
data/funchook/Makefile.in +29 -0
data/funchook/README.md +121 -0
data/funchook/appveyor.yml +42 -0
data/funchook/autogen.sh +3 -0
data/funchook/autom4te.cache/output.0 +4976 -0
data/funchook/autom4te.cache/requests +78 -0
data/funchook/autom4te.cache/traces.0 +364 -0
data/funchook/config.guess +1530 -0
data/funchook/config.log +490 -0
data/funchook/config.status +1016 -0
data/funchook/config.sub +1773 -0
data/funchook/configure +4976 -0
data/funchook/configure.ac +59 -0
data/funchook/distorm/COPYING +26 -0
data/funchook/distorm/MANIFEST +25 -0
data/funchook/distorm/MANIFEST.in +4 -0
data/funchook/distorm/README.md +12 -0
data/funchook/distorm/disOps/disOps.py +795 -0
data/funchook/distorm/disOps/x86db.py +404 -0
data/funchook/distorm/disOps/x86header.py +247 -0
data/funchook/distorm/disOps/x86sets.py +1664 -0
data/funchook/distorm/examples/cs/TestdiStorm/Program.cs +79 -0
data/funchook/distorm/examples/cs/TestdiStorm/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/TestdiStorm/TestdiStorm.csproj +69 -0
data/funchook/distorm/examples/cs/distorm-net.sln +26 -0
data/funchook/distorm/examples/cs/distorm-net/CodeInfo.cs +23 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedInst.cs +15 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedInst.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.cs +1268 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.tt +37 -0
data/funchook/distorm/examples/cs/distorm-net/Operand.cs +25 -0
data/funchook/distorm/examples/cs/distorm-net/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/diStorm3.cs +411 -0
data/funchook/distorm/examples/cs/distorm-net/distorm-net.csproj +80 -0
data/funchook/distorm/examples/cs/readme +3 -0
data/funchook/distorm/examples/ddk/README +48 -0
data/funchook/distorm/examples/ddk/distorm.ini +11 -0
data/funchook/distorm/examples/ddk/dummy.c +15 -0
data/funchook/distorm/examples/ddk/main.c +91 -0
data/funchook/distorm/examples/ddk/makefile +1 -0
data/funchook/distorm/examples/ddk/sources +10 -0
data/funchook/distorm/examples/java/Makefile +23 -0
data/funchook/distorm/examples/java/distorm/src/Main.java +43 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/CodeInfo.java +27 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedInst.java +32 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedInst.java +89 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/OpcodeEnum.java +131 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Opcodes.java +1123 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Operand.java +24 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/distorm3.java +41 -0
data/funchook/distorm/examples/java/jdistorm.c +405 -0
data/funchook/distorm/examples/java/jdistorm.h +40 -0
data/funchook/distorm/examples/java/jdistorm.sln +20 -0
data/funchook/distorm/examples/java/jdistorm.vcproj +208 -0
data/funchook/distorm/examples/linux/Makefile +15 -0
data/funchook/distorm/examples/linux/main.c +181 -0
data/funchook/distorm/examples/tests/Makefile +15 -0
data/funchook/distorm/examples/tests/main.cpp +42 -0
data/funchook/distorm/examples/tests/main.py +66 -0
data/funchook/distorm/examples/tests/test_distorm3.py +1672 -0
data/funchook/distorm/examples/tests/tests.sln +20 -0
data/funchook/distorm/examples/tests/tests.vcxproj +82 -0
data/funchook/distorm/examples/tests/tests.vcxproj.filters +22 -0
data/funchook/distorm/examples/win32/disasm.sln +25 -0
data/funchook/distorm/examples/win32/disasm.vcxproj +201 -0
data/funchook/distorm/examples/win32/disasm.vcxproj.filters +14 -0
data/funchook/distorm/examples/win32/main.cpp +163 -0
data/funchook/distorm/include/distorm.h +482 -0
data/funchook/distorm/include/mnemonics.h +301 -0
data/funchook/distorm/make/linux/Makefile +28 -0
data/funchook/distorm/make/mac/Makefile +24 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj +239 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj.filters +80 -0
data/funchook/distorm/make/win32/distorm.sln +25 -0
data/funchook/distorm/make/win32/resource.h +14 -0
data/funchook/distorm/make/win32/resource.rc +99 -0
data/funchook/distorm/python/distorm3/__init__.py +957 -0
data/funchook/distorm/python/distorm3/sample.py +51 -0
data/funchook/distorm/setup.cfg +10 -0
data/funchook/distorm/setup.py +266 -0
data/funchook/distorm/src/config.h +169 -0
data/funchook/distorm/src/decoder.c +641 -0
data/funchook/distorm/src/decoder.h +33 -0
data/funchook/distorm/src/distorm.c +413 -0
data/funchook/distorm/src/instructions.c +597 -0
data/funchook/distorm/src/instructions.h +463 -0
data/funchook/distorm/src/insts.c +7939 -0
data/funchook/distorm/src/insts.h +64 -0
data/funchook/distorm/src/mnemonics.c +284 -0
data/funchook/distorm/src/operands.c +1290 -0
data/funchook/distorm/src/operands.h +28 -0
data/funchook/distorm/src/prefix.c +368 -0
data/funchook/distorm/src/prefix.h +64 -0
data/funchook/distorm/src/textdefs.c +172 -0
data/funchook/distorm/src/textdefs.h +57 -0
data/funchook/distorm/src/wstring.c +47 -0
data/funchook/distorm/src/wstring.h +35 -0
data/funchook/distorm/src/x86defs.h +82 -0
data/funchook/include/funchook.h +123 -0
data/funchook/install-sh +527 -0
data/funchook/src/Makefile +70 -0
data/funchook/src/Makefile.in +70 -0
data/funchook/src/__strerror.h +109 -0
data/funchook/src/config.h +101 -0
data/funchook/src/config.h.in +100 -0
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.c +440 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_internal.h +155 -0
data/funchook/src/funchook_io.c +182 -0
data/funchook/src/funchook_io.h +64 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.S +134 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.c +480 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_windows.c +397 -0
data/funchook/src/funchook_x86.c +622 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.so +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.c +115 -0
data/funchook/src/os_func.h +75 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.c +94 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/os_func_windows.c +32 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.c +1688 -0
data/funchook/src/printf_base.h +46 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +43 -0
data/funchook/test/Makefile.in +43 -0
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.c +25 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/libfunchook_test2.c +18 -0
data/funchook/test/suffix.list +600 -0
data/funchook/test/test_main.c +430 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.S +10 -0
data/funchook/test/x86_64_test.o +0 -0
data/funchook/test/x86_test.S +339 -0
data/funchook/win32/config.h +1 -0
data/funchook/win32/funchook.sln +52 -0
data/funchook/win32/funchook.vcxproj +188 -0
data/funchook/win32/funchook.vcxproj.filters +84 -0
data/funchook/win32/funchook_test.vcxproj +170 -0
data/funchook/win32/funchook_test.vcxproj.filters +22 -0
data/funchook/win32/funchook_test_dll.vcxproj +184 -0
data/funchook/win32/funchook_test_dll.vcxproj.filters +30 -0
data/funchook/win32/funchook_test_exe.def +3 -0
data/lib/contrast-agent.rb +8 -0
data/lib/contrast.rb +57 -0
data/lib/contrast/agent.rb +80 -0
data/lib/contrast/agent/assess.rb +45 -0
data/lib/contrast/agent/assess/adjusted_span.rb +25 -0
data/lib/contrast/agent/assess/class_reverter.rb +82 -0
data/lib/contrast/agent/assess/contrast_event.rb +398 -0
data/lib/contrast/agent/assess/frozen_properties.rb +41 -0
data/lib/contrast/agent/assess/insulator.rb +53 -0
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +78 -0
data/lib/contrast/agent/assess/policy/patcher.rb +85 -0
data/lib/contrast/agent/assess/policy/policy.rb +116 -0
data/lib/contrast/agent/assess/policy/policy_node.rb +289 -0
data/lib/contrast/agent/assess/policy/policy_scanner.rb +44 -0
data/lib/contrast/agent/assess/policy/preshift.rb +94 -0
data/lib/contrast/agent/assess/policy/propagation_method.rb +260 -0
data/lib/contrast/agent/assess/policy/propagation_node.rb +127 -0
data/lib/contrast/agent/assess/policy/propagator.rb +35 -0
data/lib/contrast/agent/assess/policy/propagator/append.rb +54 -0
data/lib/contrast/agent/assess/policy/propagator/base.rb +37 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/custom.rb +36 -0
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +62 -0
data/lib/contrast/agent/assess/policy/propagator/insert.rb +55 -0
data/lib/contrast/agent/assess/policy/propagator/keep.rb +26 -0
data/lib/contrast/agent/assess/policy/propagator/next.rb +42 -0
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +50 -0
data/lib/contrast/agent/assess/policy/propagator/remove.rb +76 -0
data/lib/contrast/agent/assess/policy/propagator/replace.rb +27 -0
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +38 -0
data/lib/contrast/agent/assess/policy/propagator/select.rb +86 -0
data/lib/contrast/agent/assess/policy/propagator/splat.rb +60 -0
data/lib/contrast/agent/assess/policy/propagator/split.rb +49 -0
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +169 -0
data/lib/contrast/agent/assess/policy/propagator/trim.rb +81 -0
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +79 -0
data/lib/contrast/agent/assess/policy/source_method.rb +209 -0
data/lib/contrast/agent/assess/policy/source_node.rb +62 -0
data/lib/contrast/agent/assess/policy/trigger_method.rb +209 -0
data/lib/contrast/agent/assess/policy/trigger_node.rb +198 -0
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +77 -0
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +31 -0
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +40 -0
data/lib/contrast/agent/assess/properties.rb +392 -0
data/lib/contrast/agent/assess/rule.rb +18 -0
data/lib/contrast/agent/assess/rule/base.rb +72 -0
data/lib/contrast/agent/assess/rule/csrf.rb +66 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +28 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +69 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +132 -0
data/lib/contrast/agent/assess/rule/provider.rb +21 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +62 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +73 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +121 -0
data/lib/contrast/agent/assess/rule/redos.rb +68 -0
data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +47 -0
data/lib/contrast/agent/assess/rule/response_watcher.rb +36 -0
data/lib/contrast/agent/assess/rule/watcher.rb +36 -0
data/lib/contrast/agent/assess/tag.rb +151 -0
data/lib/contrast/agent/at_exit_hook.rb +33 -0
data/lib/contrast/agent/class_reopener.rb +195 -0
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +26 -0
data/lib/contrast/agent/deadzone/policy/policy.rb +57 -0
data/lib/contrast/agent/disable_reaction.rb +24 -0
data/lib/contrast/agent/exclusion_matcher.rb +190 -0
data/lib/contrast/agent/feature_state.rb +379 -0
data/lib/contrast/agent/inventory/policy/policy.rb +32 -0
data/lib/contrast/agent/inventory/policy/trigger_node.rb +22 -0
data/lib/contrast/agent/logger_manager.rb +116 -0
data/lib/contrast/agent/middleware.rb +352 -0
data/lib/contrast/agent/module_data.rb +16 -0
data/lib/contrast/agent/patching/policy/after_load_patch.rb +37 -0
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +58 -0
data/lib/contrast/agent/patching/policy/method_policy.rb +94 -0
data/lib/contrast/agent/patching/policy/module_policy.rb +116 -0
data/lib/contrast/agent/patching/policy/patch.rb +312 -0
data/lib/contrast/agent/patching/policy/patch_status.rb +192 -0
data/lib/contrast/agent/patching/policy/patcher.rb +310 -0
data/lib/contrast/agent/patching/policy/policy.rb +138 -0
data/lib/contrast/agent/patching/policy/policy_node.rb +80 -0
data/lib/contrast/agent/patching/policy/policy_unpatcher.rb +28 -0
data/lib/contrast/agent/patching/policy/trigger_node.rb +81 -0
data/lib/contrast/agent/protect/policy/policy.rb +37 -0
data/lib/contrast/agent/protect/policy/trigger_node.rb +23 -0
data/lib/contrast/agent/protect/rule.rb +58 -0
data/lib/contrast/agent/protect/rule/base.rb +300 -0
data/lib/contrast/agent/protect/rule/base_service.rb +88 -0
data/lib/contrast/agent/protect/rule/cmd_injection.rb +156 -0
data/lib/contrast/agent/protect/rule/csrf.rb +118 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +103 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +85 -0
data/lib/contrast/agent/protect/rule/default_scanner.rb +300 -0
data/lib/contrast/agent/protect/rule/deserialization.rb +193 -0
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +80 -0
data/lib/contrast/agent/protect/rule/no_sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +40 -0
data/lib/contrast/agent/protect/rule/path_traversal.rb +143 -0
data/lib/contrast/agent/protect/rule/sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +16 -0
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +38 -0
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +22 -0
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +19 -0
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +20 -0
data/lib/contrast/agent/protect/rule/xss.rb +24 -0
data/lib/contrast/agent/protect/rule/xxe.rb +120 -0
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +82 -0
data/lib/contrast/agent/railtie.rb +30 -0
data/lib/contrast/agent/reaction_processor.rb +47 -0
data/lib/contrast/agent/request.rb +493 -0
data/lib/contrast/agent/request_context.rb +225 -0
data/lib/contrast/agent/require_state.rb +61 -0
data/lib/contrast/agent/response.rb +215 -0
data/lib/contrast/agent/rewriter.rb +244 -0
data/lib/contrast/agent/scope.rb +28 -0
data/lib/contrast/agent/service_heartbeat.rb +37 -0
data/lib/contrast/agent/settings_state.rb +148 -0
data/lib/contrast/agent/socket_client.rb +125 -0
data/lib/contrast/agent/thread.rb +26 -0
data/lib/contrast/agent/tracepoint_hook.rb +51 -0
data/lib/contrast/agent/version.rb +8 -0
data/lib/contrast/api.rb +17 -0
data/lib/contrast/api/.gitkeep +0 -0
data/lib/contrast/api/connection_status.rb +49 -0
data/lib/contrast/api/socket.rb +43 -0
data/lib/contrast/api/speedracer.rb +206 -0
data/lib/contrast/api/tcp_socket.rb +31 -0
data/lib/contrast/api/unix_socket.rb +25 -0
data/lib/contrast/common_agent_configuration.rb +86 -0
data/lib/contrast/components/agent.rb +85 -0
data/lib/contrast/components/app_context.rb +188 -0
data/lib/contrast/components/assess.rb +67 -0
data/lib/contrast/components/config.rb +135 -0
data/lib/contrast/components/contrast_service.rb +113 -0
data/lib/contrast/components/heap_dump.rb +34 -0
data/lib/contrast/components/interface.rb +178 -0
data/lib/contrast/components/inventory.rb +23 -0
data/lib/contrast/components/logger.rb +92 -0
data/lib/contrast/components/protect.rb +38 -0
data/lib/contrast/components/sampling.rb +41 -0
data/lib/contrast/components/scope.rb +106 -0
data/lib/contrast/components/settings.rb +140 -0
data/lib/contrast/config.rb +33 -0
data/lib/contrast/config/agent_configuration.rb +24 -0
data/lib/contrast/config/application_configuration.rb +27 -0
data/lib/contrast/config/assess_configuration.rb +22 -0
data/lib/contrast/config/assess_rules_configuration.rb +18 -0
data/lib/contrast/config/base_configuration.rb +105 -0
data/lib/contrast/config/default_value.rb +16 -0
data/lib/contrast/config/exception_configuration.rb +21 -0
data/lib/contrast/config/heap_dump_configuration.rb +23 -0
data/lib/contrast/config/inventory_configuration.rb +20 -0
data/lib/contrast/config/logger_configuration.rb +20 -0
data/lib/contrast/config/protect_configuration.rb +20 -0
data/lib/contrast/config/protect_rule_configuration.rb +37 -0
data/lib/contrast/config/protect_rules_configuration.rb +30 -0
data/lib/contrast/config/root_configuration.rb +26 -0
data/lib/contrast/config/ruby_configuration.rb +39 -0
data/lib/contrast/config/sampling_configuration.rb +22 -0
data/lib/contrast/config/server_configuration.rb +23 -0
data/lib/contrast/config/service_configuration.rb +22 -0
data/lib/contrast/configuration.rb +214 -0
data/lib/contrast/core_extensions/assess.rb +51 -0
data/lib/contrast/core_extensions/assess/array.rb +58 -0
data/lib/contrast/core_extensions/assess/assess_extension.rb +145 -0
data/lib/contrast/core_extensions/assess/basic_object.rb +15 -0
data/lib/contrast/core_extensions/assess/erb.rb +42 -0
data/lib/contrast/core_extensions/assess/exec_trigger.rb +48 -0
data/lib/contrast/core_extensions/assess/fiber.rb +125 -0
data/lib/contrast/core_extensions/assess/hash.rb +22 -0
data/lib/contrast/core_extensions/assess/kernel.rb +95 -0
data/lib/contrast/core_extensions/assess/module.rb +14 -0
data/lib/contrast/core_extensions/assess/regexp.rb +206 -0
data/lib/contrast/core_extensions/assess/string.rb +75 -0
data/lib/contrast/core_extensions/assess/tilt_template_trigger.rb +73 -0
data/lib/contrast/core_extensions/delegator.rb +14 -0
data/lib/contrast/core_extensions/eval_trigger.rb +52 -0
data/lib/contrast/core_extensions/inventory.rb +22 -0
data/lib/contrast/core_extensions/inventory/datastores.rb +37 -0
data/lib/contrast/core_extensions/module.rb +42 -0
data/lib/contrast/core_extensions/object.rb +27 -0
data/lib/contrast/core_extensions/protect.rb +20 -0
data/lib/contrast/core_extensions/protect/applies_command_injection_rule.rb +70 -0
data/lib/contrast/core_extensions/protect/applies_deserialization_rule.rb +58 -0
data/lib/contrast/core_extensions/protect/applies_no_sqli_rule.rb +81 -0
data/lib/contrast/core_extensions/protect/applies_path_traversal_rule.rb +119 -0
data/lib/contrast/core_extensions/protect/applies_sqli_rule.rb +63 -0
data/lib/contrast/core_extensions/protect/applies_xxe_rule.rb +141 -0
data/lib/contrast/core_extensions/protect/kernel.rb +30 -0
data/lib/contrast/core_extensions/protect/psych.rb +7 -0
data/lib/contrast/core_extensions/thread.rb +31 -0
data/lib/contrast/internal_exception.rb +8 -0
data/lib/contrast/rails_extensions/assess/action_controller_inheritance.rb +48 -0
data/lib/contrast/rails_extensions/assess/active_record.rb +32 -0
data/lib/contrast/rails_extensions/assess/active_record_named.rb +61 -0
data/lib/contrast/rails_extensions/assess/configuration.rb +26 -0
data/lib/contrast/rails_extensions/buffer.rb +30 -0
data/lib/contrast/rails_extensions/rack.rb +45 -0
data/lib/contrast/security_exception.rb +14 -0
data/lib/contrast/sinatra_extensions/assess/cookie.rb +26 -0
data/lib/contrast/sinatra_extensions/inventory/sinatra_base.rb +59 -0
data/lib/contrast/tasks/service.rb +95 -0
data/lib/contrast/utils/assess/sampling_util.rb +96 -0
data/lib/contrast/utils/assess/tracking_util.rb +39 -0
data/lib/contrast/utils/boolean_util.rb +33 -0
data/lib/contrast/utils/cache.rb +69 -0
data/lib/contrast/utils/class_util.rb +58 -0
data/lib/contrast/utils/comment_range.rb +19 -0
data/lib/contrast/utils/data_store_util.rb +23 -0
data/lib/contrast/utils/duck_utils.rb +58 -0
data/lib/contrast/utils/env_configuration_item.rb +52 -0
data/lib/contrast/utils/environment_util.rb +152 -0
data/lib/contrast/utils/freeze_util.rb +36 -0
data/lib/contrast/utils/gemfile_reader.rb +191 -0
data/lib/contrast/utils/hash_digest.rb +148 -0
data/lib/contrast/utils/heap_dump_util.rb +113 -0
data/lib/contrast/utils/invalid_configuration_util.rb +88 -0
data/lib/contrast/utils/inventory_util.rb +126 -0
data/lib/contrast/utils/io_util.rb +61 -0
data/lib/contrast/utils/object_share.rb +117 -0
data/lib/contrast/utils/operating_environment.rb +38 -0
data/lib/contrast/utils/os.rb +49 -0
data/lib/contrast/utils/path_util.rb +151 -0
data/lib/contrast/utils/performs_logging.rb +152 -0
data/lib/contrast/utils/preflight_util.rb +13 -0
data/lib/contrast/utils/prevent_serialization.rb +52 -0
data/lib/contrast/utils/rack_assess_session_cookie.rb +104 -0
data/lib/contrast/utils/rails_assess_configuration.rb +95 -0
data/lib/contrast/utils/random_util.rb +22 -0
data/lib/contrast/utils/resource_loader.rb +23 -0
data/lib/contrast/utils/ruby_ast_rewriter.rb +74 -0
data/lib/contrast/utils/scope_util.rb +99 -0
data/lib/contrast/utils/service_response_util.rb +116 -0
data/lib/contrast/utils/service_sender_util.rb +98 -0
data/lib/contrast/utils/sha256_builder.rb +69 -0
data/lib/contrast/utils/sinatra_helper.rb +49 -0
data/lib/contrast/utils/stack_trace_utils.rb +209 -0
data/lib/contrast/utils/string_utils.rb +72 -0
data/lib/contrast/utils/tag_util.rb +139 -0
data/lib/contrast/utils/thread_tracker.rb +54 -0
data/lib/contrast/utils/timer.rb +78 -0
data/resources/assess/policy.json +1673 -0
data/resources/csrf/inject.js +44 -0
data/resources/deadzone/policy.json +55 -0
data/resources/factory-bot-spec/spec_helper.rb +30 -0
data/resources/inventory/policy.json +110 -0
data/resources/protect/policy.json +417 -0
data/resources/rubocops/kernel/catch_cop.rb +37 -0
data/resources/rubocops/kernel/require_cop.rb +37 -0
data/resources/rubocops/kernel/require_relative_cop.rb +33 -0
data/resources/rubocops/module/autoload_cop.rb +37 -0
data/resources/rubocops/module/const_defined_cop.rb +37 -0
data/resources/rubocops/module/const_get_cop.rb +37 -0
data/resources/rubocops/module/const_set_cop.rb +37 -0
data/resources/rubocops/module/constants_cop.rb +37 -0
data/resources/rubocops/module/name_cop.rb +37 -0
data/resources/rubocops/object/class_cop.rb +37 -0
data/resources/rubocops/object/freeze_cop.rb +37 -0
data/resources/rubocops/object/frozen_cop.rb +37 -0
data/resources/rubocops/object/is_a_cop.rb +37 -0
data/resources/rubocops/object/method_cop.rb +37 -0
data/resources/rubocops/object/respond_to_cop.rb +37 -0
data/resources/rubocops/object/singleton_class_cop.rb +37 -0
data/resources/rubocops/regexp/spelling_cop.rb +44 -0
data/resources/rubocops/thread/new_cop.rb +39 -0
data/resources/ruby-spec/ancestors_spec.rb +70 -0
data/resources/ruby-spec/modulo_spec.rb +831 -0
data/resources/ruby-spec/parameters_spec.rb +261 -0
data/resources/ruby-spec/ruby_spec_spec_helper.rb +35 -0
data/resources/test_marker.txt +1 -0
data/ruby-agent.gemspec +129 -0
data/service_executables/.gitkeep +0 -0
data/service_executables/VERSION +1 -0
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +945 -0

data/lib/contrast/utils/tag_util.rb ADDED

@@ -0,0 +1,139 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+module Contrast
+  module Utils
+    # Utility methods for working with tag ranges
+    class TagUtil
+      class << self
+        # Determine if the given array of tags is covered by the other
+        # remaining_ranges: the tags left that haven't been covered by those given
+        # ranges: the tags that are covering the first
+        def covered? remaining_ranges, ranges
+          return true unless remaining_ranges&.any?
+          tag = remaining_ranges[0]
+          ranges.each do |range|
+            # If we covered the tag before using all the ranges, break
+            break if tag.length <= 0
+            relationship = tag.compare_range(range.start_idx, range.end_idx)
+            case relationship
+            when Contrast::Agent::Assess::Tag::BELOW
+              # since the tags are ordered, if we're below, nope out
+              return false
+            when Contrast::Agent::Assess::Tag::LOW_SPAN
+              # if we ever get a low span, that means a low part
+              # won't be covered. there's no need to continue
+              return false
+            when Contrast::Agent::Assess::Tag::WITHOUT
+              # if we ever get a without, that means a low part won't
+              # be covered. there's no need to continue
+              return false
+            when Contrast::Agent::Assess::Tag::WITHIN
+              # if we're within, then 0 out this tag since it is
+              # completely covered
+              tag.update_start(0)
+              tag.update_end(0)
+            when Contrast::Agent::Assess::Tag::HIGH_SPAN
+              tag.update_start(range.end_idx)
+            when Contrast::Agent::Assess::Tag::ABOVE # rubocop:disable Lint/EmptyWhen
+            end
+          end
+          return false unless tag.length <= 0
+          remaining_ranges.shift
+          covered?(remaining_ranges, ranges)
+        end
+        # Given an array of tags, add all new tags to that array
+        #
+        # The addition is done such that the new entry(ies)
+        # are inserted so that the range they cover is in order
+        # Any overlapping ranges are merged before returning
+        #
+        # arr: the array of tags to which we are adding
+        # new_arr: misnomer. either an array of or a single Tag to be added
+        def ordered_merge arr, new_arr
+          # [Contrast::Agent::Assess::Tag, ...]
+          if new_arr.is_a?(Array)
+            return arr unless new_arr.any?
+            return new_arr unless arr&.any?
+            new_arr.each { |new_element| single_ordered_merge(arr, new_element) }
+          # Contrast::Agent::Assess::Tag
+          else
+            return arr unless new_arr
+            return [new_arr] unless arr
+            single_ordered_merge(arr, new_arr)
+          end
+          smallerize(arr)
+        end
+        # Given a collection of tags, merge any tags that are continuous
+        #
+        # If tags is a hash, it should be in the format label => [tags]
+        # The array of tags will each be merged
+        #
+        # If tags is an array in the format [tags], the array will be
+        # merged
+        #
+        # The original object is returned, although setters should not be
+        # necessary since tags is a collection in either case
+        def merge_tags tags
+          if tags.is_a?(Hash)
+            tags.each_value { |value| smallerize(value) }
+          else
+            smallerize(tags)
+          end
+        end
+        private
+        # Add one new element to the given array
+        #
+        # The addition is done such that the new entry(ies)
+        # are inserted so that the range they cover is in order
+        # Any overlapping ranges are merged before returning
+        #
+        # arr: the array to which the element is added
+        # new_element: the element to be added to the array
+        def single_ordered_merge arr, new_element
+          idx = 0
+          arr.each do |existing|
+            break unless existing.start_idx < new_element.start_idx
+            if existing.overlaps?(new_element)
+              existing.merge(new_element)
+              return # rubocop:disable Lint/NonLocalExitFromIterator
+            end
+            idx += 1
+          end
+          arr.insert(idx, new_element)
+        end
+        # Given an arry of tags, merge any that overlap
+        # The tag that was higher up is removed from the
+        # list of tags.
+        # ranges like [0-3][3-6]-6-9] that should become [0-9]
+        def smallerize tags
+          smallered = []
+          curr = nil
+          tags.each do |tag|
+            if curr.nil?
+              curr = tag
+              smallered << curr
+            elsif tag.start_idx <= curr.end_idx
+              curr.update_end(tag.end_idx) if tag.end_idx > curr.end_idx
+            else
+              curr = tag
+              smallered << curr
+            end
+          end
+          tags.delete_if { |tag| !smallered.include?(tag) }
+        end
+      end
+    end
+  end
+end

data/lib/contrast/utils/thread_tracker.rb ADDED

@@ -0,0 +1,54 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+module Contrast
+  module Utils
+    # ThreadTracker allows tracking of singleton objects across threads
+    class ThreadTracker
+      def initialize logger = nil
+        @logger = logger
+      end
+      # Note about Ruby -- thread#[] is fiber-local,
+      # #thread_variables is not.
+      def get key, default = nil
+        log(key)
+        Thread.current[key] || default
+      end
+      def set key, value
+        Thread.current[key] = value
+      end
+      def delete key
+        Thread.current[key] = nil
+      end
+      def lifespan obj
+        set(:current_context, obj)
+        response = yield(obj)
+        delete(:current_context)
+        response
+      end
+      def current
+        get(:current_context)
+      end
+      def update_current_context context
+        set(:current_context, context)
+      end
+      # logger may be nil so use this utility method instead
+      def log key, msg = nil
+        return unless @logger
+        return unless @logger.debug?
+        @logger.debug("Thread Tracker[#{ key }] :: #{ Process.pid }.#{ Thread.current.object_id } => #{ msg }")
+      rescue StandardError
+        false # NOOP
+      end
+    end
+  end
+end

data/lib/contrast/utils/timer.rb ADDED

@@ -0,0 +1,78 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+module Contrast
+  module Utils
+    # Timer is class that can track state about when an event starts and how long it takes
+    # Also containes utility methods to get time values in milliseconds
+    class Timer
+      attr_reader :start_at, :start_ms, :events
+      def initialize time = Time.now
+        @start_at = time
+        @start_ms = (@start_at.to_f * 1000).to_i
+        @events = {}
+      end
+      def elapsed label
+        before = Time.now
+        result = yield if block_given?
+        events[label.to_s] = ((Time.now - before) * 1000).to_i
+        result
+      end
+      def ms key
+        events[key.to_s] || 0
+      end
+      def abs key
+        start_ms + (events[key.to_s] || 0)
+      end
+      def to_s
+        pairs = events.to_a.map { |pair| "#{ pair[0] }=#{ pair[1] }ms" }
+        start_at.strftime('%Y-%m-%d %H:%M:%S.%L') + pairs.join(Contrast::Utils::ObjectShare::SPACE)
+      end
+      def diff_s start_ms
+        (now_ms - start_ms) / 1000
+      end
+      def now_ms
+        (Time.now.to_f * 1000).to_i
+      end
+      def self.now_ms
+        (Time.now.to_f * 1000).to_i
+      end
+      def self.earliest lhs, rhs
+        if lhs && rhs
+          [lhs, rhs].min
+        elsif lhs
+          lhs
+        else
+          rhs
+        end
+      end
+      def self.latest lhs, rhs
+        if lhs && rhs
+          [lhs, rhs].max
+        elsif lhs
+          lhs
+        else
+          rhs
+        end
+      end
+      def now_sec
+        now_ms / 1000
+      end
+      def elapsed_ms
+        now_ms - start_ms
+      end
+    end
+  end
+end

data/resources/assess/policy.json ADDED

@@ -0,0 +1,1673 @@
+{
+  "tracked_classes": [
+    "ActionDispatch::Http::UploadedFile",
+    "Symbol",
+    "Pathname",
+    "File",
+    "MatchData",
+    "URI::Generic",
+    "Rack::File::Iterator"
+  ],
+  "sources":[
+    {
+      "class_name":"Rack::Request",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"params",
+      "target":"R",
+      "type":"PARAMETER",
+      "tags":["CROSS_SITE"]
+    }, {
+      "class_name":"Rack::Request::Helpers",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"body",
+      "target":"R",
+      "type":"BODY"
+    }, {
+      "class_name":"Rack::Request::Env",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"get_header",
+      "target":"R",
+      "type":"HEADER",
+      "tags":["NO_NEWLINES"]
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "raw_post",
+      "target": "R",
+      "type": "BODY",
+      "tags":["NO_NEWLINES"]
+    }, {
+      "class_name":"Rack::Request::Helpers",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"POST",
+      "target":"R",
+      "type":"PARAMETER"
+    }, {
+      "class_name":"Rack::Request::Helpers",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"GET",
+      "target":"R",
+      "type":"PARAMETER"
+    }, {
+      "class_name":"Rack::Request::Helpers",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"cookies",
+      "target":"R",
+      "type":"PARAMETER",
+      "tags":["NO_NEWLINES"]
+    }, {
+      "class_name":"Rack::Request::Helpers",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"url",
+      "target":"R",
+      "type":"PARAMETER"
+    }, {
+      "class_name":"Rack::Request::Helpers",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"query_string",
+      "target":"R",
+      "type":"PARAMETER"
+    }, {
+      "class_name":"Rack::Request",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"body",
+      "target":"R",
+      "type":"BODY"
+    }, {
+      "class_name":"Rack::Request",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"query_string",
+      "target":"R",
+      "type":"BODY"
+    }, {
+      "class_name":"Rack::Request",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"GET",
+      "target":"R",
+      "type":"PARAMETER"
+    }, {
+      "class_name":"Rack::Request",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"POST",
+      "target":"R",
+      "type":"PARAMETER"
+    }, {
+      "class_name":"Rack::Request",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"cookies",
+      "target":"R",
+      "type":"PARAMETER",
+      "tags":["NO_NEWLINES"]
+    }, {
+      "class_name":"Rack::Request",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"url",
+      "target":"R",
+      "type":"BODY"
+    }, {
+      "class_name":"ActionController::Metal",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"params",
+      "target":"R",
+      "type":"PARAMETER"
+    }, {
+      "class_name":"ActionController::StrongParameters",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"params",
+      "target":"R",
+      "type":"PARAMETER"
+    }
+  ],
+  "propagators":[
+    {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"dup",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "split",
+      "source": "O,P0",
+      "target": "R",
+      "action": "SPLIT"
+    },{
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "grapheme_clusters",
+      "source": "O",
+      "target": "R",
+      "action": "SPLIT"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"clone",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "private",
+      "method_name":"initialize",
+      "source":"P0",
+      "target":"O",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": false,
+      "method_visibility": "public",
+      "method_name":"try_convert",
+      "source":"P0",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"+@",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"capitalize",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"capitalize!",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"downcase",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"downcase!",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"swapcase",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"swapcase!",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"to_s",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"to_str",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"upcase",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"upcase!",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"insert",
+      "source":"P1",
+      "target":"O",
+      "action":"INSERT"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"prepend",
+      "source":"O,P0",
+      "target":"O",
+      "action":"PREPEND"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"rjust",
+      "source":"O,P1",
+      "target":"R",
+      "action":"PREPEND"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"+",
+      "source":"O,P0",
+      "target":"R",
+      "action":"APPEND"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"concat",
+      "source":"O,P0",
+      "target":"O",
+      "action":"APPEND"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"<<",
+      "source":"O,P0",
+      "target":"O",
+      "action":"APPEND"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"ljust",
+      "source":"O,P1",
+      "target":"R",
+      "action":"APPEND"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"*",
+      "source":"O",
+      "target":"R",
+      "action":"APPEND"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"center",
+      "source":"O,P1",
+      "target":"R",
+      "action":"CENTER"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"inspect",
+      "source":"O",
+      "target":"R",
+      "action":"CENTER"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"chomp",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"chomp!",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"chop",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"chop!",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"rstrip",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"rstrip!",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"lstrip",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"lstrip!",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"strip",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"strip!",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"delete",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"delete!",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    },{
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"delete_prefix",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    },{
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"delete_suffix",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"delete_prefix!",
+      "source":"O",
+      "target":"O",
+      "action":"REMOVE"
+    },{
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"delete_suffix!",
+      "source":"O",
+      "target":"O",
+      "action":"REMOVE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"dump",
+      "source":"O",
+      "target":"R",
+      "action":"SPLAT"
+    },
+    {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"undump",
+      "source":"O",
+      "target":"R",
+      "action":"SPLAT"
+    },
+    {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"replace",
+      "source":"P0",
+      "target":"R",
+      "action":"REPLACE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"next",
+      "source":"O",
+      "target":"R",
+      "action":"NEXT"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"next!",
+      "source":"O",
+      "target":"O",
+      "action":"NEXT"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"succ",
+      "source":"O",
+      "target":"R",
+      "action":"NEXT"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"succ!",
+      "source":"O",
+      "target":"O",
+      "action":"NEXT"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"reverse",
+      "source":"O",
+      "target":"R",
+      "action":"REVERSE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"reverse!",
+      "source":"O",
+      "target":"O",
+      "action":"REVERSE"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"%",
+      "source":"O,P0",
+      "target":"R",
+      "action":"SPLAT"
+    }, {
+      "class_name":"Regexp",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"match",
+      "source":"P0",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"MatchData",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"post_match",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"MatchData",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"pre_match",
+      "source":"O",
+      "target":"R",
+      "action":"REMOVE"
+    }, {
+      "class_name":"MatchData",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"to_a",
+      "source":"O",
+      "target":"R",
+      "action":"SPLAT"
+    }, {
+      "class_name":"MatchData",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"[]",
+      "source":"O",
+      "target":"R",
+      "action":"SPLAT"
+    }, {
+      "class_name":"MatchData",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"captures",
+      "source":"O",
+      "target":"R",
+      "action":"SPLAT"
+    }, {
+      "class_name":"MatchData",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"values_at",
+      "source":"O",
+      "target":"R",
+      "action":"SPLAT"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"to_sym",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "gsub",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
+      "patch_method": "gsub_tagger"
+    }, {
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "gsub!",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
+      "patch_method": "gsub_tagger"
+    }, {
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "sub",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
+      "patch_method": "sub_tagger"
+    }, {
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "sub!",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
+      "patch_method": "sub_tagger"
+    }, {
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "tr",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
+      "patch_method": "tr_tagger"
+    }, {
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "tr!",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
+      "patch_method": "tr_tagger"
+    }, {
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "tr_s",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
+      "patch_method": "tr_s_tagger"
+    }, {
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "tr_s!",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
+      "patch_method": "tr_s_tagger"
+    }, {
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "[]",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Select",
+      "patch_method": "select_tagger"
+    }, {
+      "class_name":"CGI::Util",
+      "method_name":"escapeHTML",
+      "instance_method": true,
+      "method_visibility": "public",
+      "source":"P0",
+      "target":"R",
+      "action":"SPLAT",
+      "tags":["HTML_ENCODED"],
+      "untags":["HTML_DECODED"]
+    }, {
+      "class_name":"CGI::Util",
+      "method_name":"escape_html",
+      "instance_method": true,
+      "method_visibility": "public",
+      "source":"P0",
+      "target":"R",
+      "action":"SPLAT",
+      "tags":["HTML_ENCODED"],
+      "untags":["HTML_DECODED"]
+    }, {
+      "class_name":"CGI::Util",
+      "method_name":"h",
+      "instance_method": true,
+      "method_visibility": "public",
+      "source":"P0",
+      "target":"R",
+      "action":"SPLAT",
+      "tags":["HTML_ENCODED"],
+      "untags":["HTML_DECODED"]
+    }, {
+      "class_name":"CGI::Util",
+      "method_name":"unescapeHTML",
+      "instance_method": true,
+      "method_visibility": "public",
+      "source":"P0",
+      "target":"R",
+      "action":"SPLAT",
+      "tags":["HTML_DECODED"],
+      "untags":["HTML_ENCODED"]
+    }, {
+      "class_name":"CGI::Util",
+      "method_name":"unescape_html",
+      "instance_method": true,
+      "method_visibility": "public",
+      "source":"P0",
+      "target":"R",
+      "action":"SPLAT",
+      "tags":["HTML_DECODED"],
+      "untags":["HTML_ENCODED"]
+    }, {
+      "class_name":"ERB::Util",
+      "method_name":"html_escape",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source":"P0",
+      "target":"R",
+      "action":"SPLAT",
+      "tags":["HTML_ENCODED"],
+      "untags":["HTML_DECODED"]
+    }, {
+      "class_name":"ERB::Util",
+      "method_name":"h",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source":"P0",
+      "target":"R",
+      "action":"SPLAT",
+      "tags":["HTML_ENCODED"],
+      "untags":["HTML_DECODED"]
+    }, {
+      "class_name":"ERB::Util",
+      "method_name":"html_escape_once",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source":"P0",
+      "target":"R",
+      "action":"SPLAT",
+      "tags":["HTML_ENCODED"],
+      "untags":["HTML_DECODED"]
+    }, {
+      "class_name":"Pathname",
+      "method_name":"initialize",
+      "instance_method": true,
+      "method_visibility": "private",
+      "source":"P0",
+      "target":"O",
+      "action":"SPLAT"
+    }, {
+      "class_name":"File",
+      "method_name":"initialize",
+      "instance_method": true,
+      "method_visibility": "private",
+      "source":"P0",
+      "target":"O",
+      "action":"SPLAT"
+    }, {
+      "class_name":"File",
+      "method_name":"path",
+      "instance_method": true,
+      "method_visibility": "public",
+      "source":"O",
+      "target":"R",
+      "action":"SPLAT"
+    }, {
+      "class_name":"File",
+      "method_name":"to_path",
+      "instance_method": true,
+      "method_visibility": "public",
+      "source":"O",
+      "target":"R",
+      "action":"SPLAT"
+    }, {
+      "class_name": "ActiveModel::AttributeAssignment",
+      "method_name": "assign_attributes",
+      "instance_method": true,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "O",
+      "action": "DB_WRITE",
+      "tags": ["DATABASE_WRITE"]
+    }, {
+      "class_name": "ActiveModel::AttributeAssignment",
+      "method_name": "attributes=",
+      "instance_method": true,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "O",
+      "action": "DB_WRITE",
+      "tags": ["DATABASE_WRITE"]
+    }, {
+      "class_name": "JSON",
+      "method_name": "parse",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT"
+    }, {
+      "class_name": "JSON",
+      "method_name": "[]",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "O",
+      "target": "R",
+      "action": "SPLAT"
+    }, {
+      "class_name": "JSON",
+      "method_name": "dump",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT"
+    }, {
+      "class_name": "Zlib::Deflate",
+      "method_name": "deflate",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT"
+    }, {
+      "class_name": "Zlib::Inflate",
+      "method_name": "inflate",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT"
+    }, {
+      "class_name": "Base64",
+      "method_name": "decode64",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT",
+      "tags":["BASE64_DECODED"],
+      "untags":["BASE64_ENCODED"]
+    }, {
+      "class_name": "Base64",
+      "method_name": "encode64",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT",
+      "tags":["BASE64_ENCODED"],
+      "untags":["BASE64_DECODED"]
+    }, {
+      "class_name": "Base64",
+      "method_name": "strict_decode64",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT",
+      "tags":["BASE64_DECODED"],
+      "untags":["BASE64_ENCODED"]
+    }, {
+      "class_name": "Base64",
+      "method_name": "strict_encode64",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT",
+      "tags":["BASE64_ENCODED"],
+      "untags":["BASE64_DECODED"]
+    }, {
+      "class_name": "Base64",
+      "method_name": "urlsafe_decode64",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT",
+      "tags":["BASE64_DECODED"],
+      "untags":["BASE64_ENCODED"]
+    }, {
+      "class_name": "Base64",
+      "method_name": "urlsafe_encode64",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT",
+      "tags":["BASE64_ENCODED"],
+      "untags":["BASE64_DECODED"]
+    }, {
+      "class_name": "Marshal",
+      "method_name": "dump",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT"
+    },  {
+      "class_name": "Marshal",
+      "method_name": "load",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT"
+    }, {
+      "class_name": "URI::Generic",
+      "method_name": "initialize",
+      "instance_method": true,
+      "method_visibility": "private",
+      "source": "P0",
+      "target": "O",
+      "action": "SPLAT"
+    }, {
+      "class_name": "Kernel",
+      "instance_method": true,
+      "method_visibility": "private",
+      "method_name": "sprintf",
+      "action": "CUSTOM",
+      "patch_class": "KernelPropagator",
+      "patch_method": "sprintf_tagger"
+    }, {
+      "class_name":"SQLite3::Statement",
+      "instance_method": true,
+      "method_visibility": "private",
+      "method_name":"initialize",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Rule::Csrf::CsrfApplicator",
+      "patch_method": "csrf_tagger",
+      "source": "P1"
+    }, {
+      "class_name":"PG::Connection",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"sync_exec",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Rule::Csrf::CsrfApplicator",
+      "patch_method": "csrf_tagger"
+    }, {
+      "class_name":"PG::Connection",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"sync_exec_params",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Rule::Csrf::CsrfApplicator",
+      "patch_method": "csrf_tagger"
+    }, {
+      "class_name":"PG::Connection",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"async_exec",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Rule::Csrf::CsrfApplicator",
+      "patch_method": "csrf_tagger"
+    }, {
+      "class_name":"PG::Connection",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"async_exec_params",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Rule::Csrf::CsrfApplicator",
+      "patch_method": "csrf_tagger"
+    }, {
+      "class_name":"ActiveRecord::ConnectionAdapters::Quoting",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"quote",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT",
+      "tags":["SQL_ENCODED"],
+      "untags":["SQL_DECODED"]
+    }, {
+      "class_name":"ActiveRecord::ConnectionAdapters::Quoting",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"quote_string",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT",
+      "tags":["SQL_ENCODED"],
+      "untags":["SQL_DECODED"]
+    },
+    {
+      "class_name":"IO",
+      "method_name":"initialize",
+      "instance_method": true,
+      "method_visibility": "private",
+      "source":"P0",
+      "target":"O",
+      "action":"SPLAT"
+    },
+    {
+       "class_name": "ERB",
+       "method_name": "result",
+       "method_visibility": "public",
+       "instance_method": true,
+       "source": "P0",
+       "target": "O",
+       "action": "CUSTOM",
+       "patch_class": "ERBPropagator",
+       "patch_method": "result_tagger"
+    }
+  ],
+  "rules":[
+    {
+      "name":"cmd-injection",
+      "disallowed_tags":["BASE64_ENCODED", "CSS_ENCODED", "CSV_ENCODED", "HTML_ENCODED", "JAVASCRIPT_ENCODED", "JAVA_ENCODED", "LDAP_ENCODED", "OS_ENCODED", "SQL_ENCODED", "URL_ENCODED", "VBSCRIPT_ENCODED", "XML_ENCODED", "XPATH_ENCODED"],
+      "triggers":[
+        {
+          "class_name":"IO",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name":"popen",
+          "source":"P0"
+        }, {
+          "class_name":"Kernel",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name":"`",
+          "source":"P0"
+        }, {
+          "class_name":"Kernel",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name":"exec",
+          "source":"P0",
+          "custom_patch": true
+        }, {
+          "class_name":"Kernel",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name":"exec",
+          "source":"P0",
+          "custom_patch": true
+        }, {
+          "class_name":"Kernel",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name":"spawn",
+          "source":"P0"
+        }, {
+          "class_name":"Kernel",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name":"system",
+          "source":"P0"
+        },
+        {
+          "class_name":"Kernel",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name":"`",
+          "source":"P0"
+        }, {
+          "class_name":"Kernel",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name":"spawn",
+          "source":"P0"
+        },
+        {
+          "class_name":"Kernel",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name":"system",
+          "source":"P0"
+        }
+      ]
+    },{
+      "name":"path-traversal",
+      "disallowed_tags":["BASE64_ENCODED", "CSS_ENCODED", "CSV_ENCODED", "HTML_ENCODED", "JAVASCRIPT_ENCODED", "JAVA_ENCODED", "LDAP_ENCODED", "OS_ENCODED", "SQL_ENCODED", "URL_ENCODED", "VBSCRIPT_ENCODED", "XML_ENCODED", "XPATH_ENCODED", "NO_CONTROL_CHARS"],
+      "triggers":[
+        {
+          "class_name":"IO",
+          "method_name":"open",
+          "instance_method": false,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"IO",
+          "method_name":"initialize",
+          "instance_method": true,
+          "method_visibility": "private",
+          "source":"P0"
+        }, {
+          "class_name":"IO",
+          "method_name":"binread",
+          "instance_method": false,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"IO",
+          "method_name":"binwrite",
+          "instance_method": false,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"IO",
+          "method_name":"read",
+          "instance_method": false,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"IO",
+          "method_name":"readlines",
+          "instance_method": false,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"IO",
+          "method_name":"copy_stream",
+          "instance_method": false,
+          "method_visibility": "public",
+          "source":"P0,P1"
+        }, {
+          "class_name":"IO",
+          "method_name":"foreach",
+          "instance_method": false,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"IO",
+          "method_name":"sysopen",
+          "instance_method": false,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"IO",
+          "method_name":"write",
+          "instance_method": false,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"File",
+          "method_name":"initialize",
+          "instance_method": true,
+          "method_visibility": "private",
+          "source":"P0"
+        }
+      ]
+    }, {
+      "name": "redos",
+      "triggers": [
+        {
+          "class_name":"Regexp",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"match",
+          "source":"P0",
+          "trigger_class": "Contrast::Agent::Assess::Rule::Redos",
+          "trigger_method": "regexp_complexity_check"
+        }, {
+          "class_name":"String",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"=~",
+          "source":"O",
+          "trigger_class": "Contrast::Agent::Assess::Rule::Redos",
+          "trigger_method": "regexp_complexity_check"
+        }, {
+          "class_name":"Regexp",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"=~",
+          "source":"P0",
+          "trigger_class": "Contrast::Agent::Assess::Rule::Redos",
+          "trigger_method": "regexp_complexity_check"
+        }
+      ]
+    }, {
+      "name":"reflected-xss",
+      "disallowed_tags":["BASE64_ENCODED", "CSS_ENCODED", "CSV_ENCODED", "HTML_ENCODED", "JAVASCRIPT_ENCODED", "JAVA_ENCODED", "LDAP_ENCODED", "OS_ENCODED", "SQL_ENCODED", "URL_ENCODED", "VBSCRIPT_ENCODED", "XML_ENCODED", "XPATH_ENCODED"],
+      "triggers":[
+        {
+          "class_name": "Tilt::Template",
+          "method_name": "evaluate",
+          "instance_method": true,
+          "method_visibility": "public",
+          "source":"O",
+          "trigger_class": "TiltTemplateTrigger",
+          "trigger_method": "render_trigger_check"
+        },
+        {
+          "class_name":"String",
+          "method_name":"html_safe",
+          "instance_method": true,
+          "method_visibility": "public",
+          "source":"O"
+        }, {
+          "class_name":"ActionView::Helpers::OutputSafetyHelper",
+          "method_name":"raw",
+          "instance_method": true,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"ActionView::Helpers::RawOutputHelper",
+          "method_name":"raw",
+          "instance_method": true,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"ActionDispatch::Response",
+          "method_name":"body=",
+          "instance_method": true,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"ActionDispatch::Response::Buffer",
+          "method_name":"write",
+          "instance_method": true,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"Sinatra::Helpers",
+          "method_name":"body",
+          "instance_method": true,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"Sinatra::Response",
+          "method_name":"body=",
+          "instance_method": true,
+          "method_visibility": "public",
+          "source":"P0"
+        }
+      ]
+    }, {
+      "name":"sql-injection",
+      "disallowed_tags":["SQL_ENCODED"],
+      "triggers":[
+        {
+          "class_name":"SQLite3::Database",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"execute",
+          "source":"P0"
+        }, {
+          "class_name":"SQLite3::Statement",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name":"initialize",
+          "source":"P1"
+        }, {
+          "class_name":"Mysql2::Client",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"query",
+          "source":"P0"
+        }, {
+          "class_name":"Mysql2::Statement",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"execute",
+          "source":"P0"
+        }, {
+          "class_name":"PG::Connection",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"exec",
+          "source":"P0"
+        }, {
+          "class_name":"PG::Connection",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"exec_params",
+          "source":"P0"
+        }, {
+          "class_name":"PG::Connection",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"async_exec",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::Querying",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name":"select",
+          "source":"P0"
+        }
+      ]
+    }, {
+      "name": "reflection-injection",
+      "triggers": [
+        {
+          "class_name":"String",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"constantize",
+          "source":"O"
+        },{
+          "class_name":"String",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"safe_constantize",
+          "source":"O"
+        }, {
+          "class_name":"Module",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name":"const_get",
+          "source":"P0"
+        },
+        {
+          "class_name":"Module",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"const_get",
+          "source":"P0"
+        }
+      ]
+    },{
+      "name":"unsafe-code-execution",
+      "triggers":[
+        {
+          "class_name":"Kernel",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name":"eval",
+          "source":"P0"
+        },{
+          "class_name": "Kernel",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name": "eval",
+          "source": "P0"
+        }, {
+          "class_name": "ActiveSupport::Tryable",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"try",
+          "source":"P0"
+        }, {
+          "class_name": "ActiveSupport::Tryable",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"try!",
+          "source":"P0"
+        }, {
+          "class_name": "BasicObject",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name":"instance_eval",
+          "source":"P0",
+          "custom_patch": true
+        }, {
+          "class_name": "Module",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"class_eval",
+          "source":"P0",
+          "custom_patch": true
+        }, {
+          "class_name": "Module",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"module_eval",
+          "source":"P0",
+          "custom_patch": true
+        },{
+          "class_name": "Object",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "try",
+          "source": "P0"
+        }, {
+          "class_name": "Object",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "try!",
+          "source": "P0"
+        }
+      ]
+    }, {
+      "name":"crypto-weak-randomness",
+      "dataflow": false,
+      "triggers":[
+        {
+          "class_name":"Kernel",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name":"rand"
+        }, {
+          "class_name":"Kernel",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name":"srand"
+        }, {
+          "class_name":"Random",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name":"rand"
+        }, {
+          "class_name":"Random",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name":"srand"
+        }, {
+          "class_name":"Random",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"rand"
+        }
+      ]
+    }, {
+      "name":"crypto-bad-mac",
+      "dataflow": false,
+      "triggers":[
+        {
+          "class_name":"OpenSSL::Digest",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name":"initialize",
+          "source":"P0",
+          "good_value":"^(?:MDC2|RIPEMD160|SHA224|SHA256|SHA384|SHA512)"
+        }, {
+          "class_name":"Digest::MD5",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"initialize"
+        },{
+          "class_name":"Digest::SHA1",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"initialize"
+        }
+      ]
+    }, {
+      "name":"crypto-bad-ciphers",
+      "dataflow": false,
+      "triggers":[
+        {
+          "class_name":"OpenSSL::Cipher",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name":"initialize",
+          "source":"P0",
+          "good_value":"^(?:AES|CAMELLIA|CAST|DES-EDE|DES-EDE3|DES3|DESX|SEED).*"
+        }
+      ]
+    },
+    {
+      "name": "ssrf",
+      "triggers": [
+        {
+          "class_name": "Net::HTTP",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name": "initialize",
+          "source": "P0"
+        },{
+          "class_name": "Net::HTTP",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "get",
+          "source": "P0"
+        },{
+          "class_name": "Net::HTTP",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "post",
+          "source": "P0"
+        },{
+          "class_name": "Net::HTTP",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "head",
+          "source": "P0"
+        },{
+          "class_name": "Net::HTTP",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "put",
+          "source": "P0"
+        },{
+          "class_name": "Net::HTTP",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "patch",
+          "source": "P0"
+        },{
+          "class_name": "Net::HTTP",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "delete",
+          "source": "P0"
+        },{
+          "class_name": "Excon",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name": "initialize",
+          "source": "P0"
+        },
+        {
+          "class_name": "Typhoeus::Request",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name": "initialize",
+          "source": "P0"
+        }
+      ]
+    },
+    {
+      "name": "nosql-injection",
+      "disallowed_tags":["JAVASCRIPT_ENCODED"],
+      "triggers": [
+        {
+          "class_name": "Mongo::Protocol::Query",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name": "initialize",
+          "source": "P2"
+        },
+        {
+          "class_name": "Mongo::Operation::Specifiable",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name": "initialize",
+          "source": "P0"
+        }
+      ]
+    },
+    {
+      "name": "xxe",
+      "dataflow": "true",
+      "triggers": [
+        {
+          "class_name": "Ox",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name": "parse",
+          "source": "P0"
+        },
+        {
+          "class_name": "Ox",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name": "load",
+          "source": "P0"
+        },
+        {
+          "class_name": "Oga::XML::Parser",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name": "initialize",
+          "source": "P0"
+        },
+        {
+          "class_name": "Oga::XML::SaxParser",
+          "instance_method": true,
+          "method_visibility": "private",
+          "method_name": "initialize",
+          "source": "P1"
+        }, {
+          "class_name": "Nokogiri::XML::Document",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name": "parse",
+          "source": "P0"
+        }, {
+          "class_name": "Nokogiri::XML::SAX::Parser",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "parse",
+          "source": "P0"
+        }
+      ]
+    }, {
+      "name": "trust-boundary-violation",
+      "triggers": [
+        {
+          "class_name": "ActionDispatch::Request::Session",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "[]=",
+          "source": "P0,P1"
+        },{
+          "class_name": "Rack::Session::Cookie::Identity",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "encode",
+          "source": "P0"
+        },{
+          "class_name": "Rack::Session::Cookie::Base64",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "encode",
+          "source": "P0"
+        }
+      ]
+    }, {
+      "name": "unvalidated-redirect",
+      "disallowed_tags":["URL_ENCODED"],
+      "triggers": [
+        {
+          "class_name": "Sinatra::Helpers",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "redirect",
+          "source": "P0"
+        },
+        {
+          "class_name": "ActionController::Redirecting",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "redirect_to",
+          "source": "P0"
+        }
+      ]
+    }, {
+      "name": "untrusted-deserialization",
+      "triggers": [
+        {
+          "class_name": "Marshal",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name": "load",
+          "source": "P0"
+        },
+        {
+          "class_name": "Psych",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name": "load",
+          "source": "P0"
+        }
+      ]
+    }
+  ]
+}