contrast-agent 3.10.0 → 3.12.1

data/service_executables/VERSION

@@ -1 +1 @@
-2.6.2
+2.9.2

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 3.10.0
+  version: 3.12.1
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -12,8 +12,22 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-04-27 00:00:00.000000000 Z
+date: 2020-07-01 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: amazing_print
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -42,6 +56,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: debride
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: execjs
   requirement: !ruby/object:Gem::Requirement
@@ -230,14 +258,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.80.0
+        version: 0.83.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.80.0
+        version: 0.83.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
@@ -258,14 +286,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.38.1
+        version: 1.39.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.38.1
+        version: 1.39.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -378,6 +406,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 3.9.0
+- !ruby/object:Gem::Dependency
+  name: ougai
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
 - !ruby/object:Gem::Dependency
   name: parser
   requirement: !ruby/object:Gem::Requirement
@@ -398,7 +440,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
     - - "<"
       - !ruby/object:Gem::Version
         version: '3.0'
@@ -408,7 +450,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
     - - "<"
       - !ruby/object:Gem::Version
         version: '3.0'
@@ -420,25 +462,25 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_regexp/extconf.rb
-- ext/cs__assess_regexp_track/extconf.rb
-- ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_string/extconf.rb
 - ext/cs__assess_active_record_named/extconf.rb
-- ext/cs__assess_fiber_track/extconf.rb
 - ext/cs__assess_basic_object/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
-- ext/cs__assess_array/extconf.rb
+- ext/cs__assess_string/extconf.rb
 - ext/cs__assess_string_interpolation26/extconf.rb
-- ext/cs__assess_module/extconf.rb
-- ext/cs__assess_hash/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
+- ext/cs__assess_array/extconf.rb
 - ext/cs__protect_kernel/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
+- ext/cs__assess_hash/extconf.rb
+- ext/cs__assess_module/extconf.rb
+- ext/cs__contrast_patch/extconf.rb
+- ext/cs__assess_regexp/extconf.rb
+- ext/cs__assess_fiber_track/extconf.rb
 - ext/cs__assess_marshal_module/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
 - ".dockerignore"
+- ".flayignore"
 - ".gitignore"
 - ".gitmodules"
 - ".rspec"
@@ -475,9 +517,6 @@ files:
 - ext/cs__assess_regexp/cs__assess_regexp.c
 - ext/cs__assess_regexp/cs__assess_regexp.h
 - ext/cs__assess_regexp/extconf.rb
-- ext/cs__assess_regexp_track/cs__assess_regexp_track.c
-- ext/cs__assess_regexp_track/cs__assess_regexp_track.h
-- ext/cs__assess_regexp_track/extconf.rb
 - ext/cs__assess_string/cs__assess_string.c
 - ext/cs__assess_string/cs__assess_string.h
 - ext/cs__assess_string/extconf.rb
@@ -667,7 +706,8 @@ files:
 - lib/contrast/agent/assess.rb
 - lib/contrast/agent/assess/adjusted_span.rb
 - lib/contrast/agent/assess/contrast_event.rb
-- lib/contrast/agent/assess/frozen_properties.rb
+- lib/contrast/agent/assess/events/event_factory.rb
+- lib/contrast/agent/assess/events/source_event.rb
 - lib/contrast/agent/assess/insulator.rb
 - lib/contrast/agent/assess/policy/dynamic_source_factory.rb
 - lib/contrast/agent/assess/policy/patcher.rb
@@ -685,6 +725,7 @@ files:
 - lib/contrast/agent/assess/policy/propagator/database_write.rb
 - lib/contrast/agent/assess/policy/propagator/insert.rb
 - lib/contrast/agent/assess/policy/propagator/keep.rb
+- lib/contrast/agent/assess/policy/propagator/match_data.rb
 - lib/contrast/agent/assess/policy/propagator/next.rb
 - lib/contrast/agent/assess/policy/propagator/prepend.rb
 - lib/contrast/agent/assess/policy/propagator/remove.rb
@@ -700,6 +741,8 @@ files:
 - lib/contrast/agent/assess/policy/source_node.rb
 - lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb
 - lib/contrast/agent/assess/policy/source_validation/source_validation.rb
+- lib/contrast/agent/assess/policy/trigger/reflected_xss.rb
+- lib/contrast/agent/assess/policy/trigger/xpath.rb
 - lib/contrast/agent/assess/policy/trigger_method.rb
 - lib/contrast/agent/assess/policy/trigger_node.rb
 - lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb
@@ -708,18 +751,11 @@ files:
 - lib/contrast/agent/assess/properties.rb
 - lib/contrast/agent/assess/rule.rb
 - lib/contrast/agent/assess/rule/base.rb
-- lib/contrast/agent/assess/rule/csrf.rb
-- lib/contrast/agent/assess/rule/csrf/csrf_action.rb
-- lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb
-- lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb
 - lib/contrast/agent/assess/rule/provider.rb
 - lib/contrast/agent/assess/rule/provider/hardcoded_key.rb
 - lib/contrast/agent/assess/rule/provider/hardcoded_password.rb
 - lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb
 - lib/contrast/agent/assess/rule/redos.rb
-- lib/contrast/agent/assess/rule/response_scanning_rule.rb
-- lib/contrast/agent/assess/rule/response_watcher.rb
-- lib/contrast/agent/assess/rule/watcher.rb
 - lib/contrast/agent/assess/tag.rb
 - lib/contrast/agent/at_exit_hook.rb
 - lib/contrast/agent/class_reopener.rb
@@ -727,10 +763,9 @@ files:
 - lib/contrast/agent/deadzone/policy/policy.rb
 - lib/contrast/agent/disable_reaction.rb
 - lib/contrast/agent/exclusion_matcher.rb
-- lib/contrast/agent/feature_state.rb
+- lib/contrast/agent/inventory/policy/datastores.rb
 - lib/contrast/agent/inventory/policy/policy.rb
 - lib/contrast/agent/inventory/policy/trigger_node.rb
-- lib/contrast/agent/logger_manager.rb
 - lib/contrast/agent/middleware.rb
 - lib/contrast/agent/module_data.rb
 - lib/contrast/agent/patching/policy/after_load_patch.rb
@@ -743,15 +778,19 @@ files:
 - lib/contrast/agent/patching/policy/policy.rb
 - lib/contrast/agent/patching/policy/policy_node.rb
 - lib/contrast/agent/patching/policy/trigger_node.rb
+- lib/contrast/agent/protect/policy/applies_command_injection_rule.rb
+- lib/contrast/agent/protect/policy/applies_deserialization_rule.rb
+- lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb
+- lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb
+- lib/contrast/agent/protect/policy/applies_sqli_rule.rb
+- lib/contrast/agent/protect/policy/applies_xxe_rule.rb
 - lib/contrast/agent/protect/policy/policy.rb
+- lib/contrast/agent/protect/policy/rule_applicator.rb
 - lib/contrast/agent/protect/policy/trigger_node.rb
 - lib/contrast/agent/protect/rule.rb
 - lib/contrast/agent/protect/rule/base.rb
 - lib/contrast/agent/protect/rule/base_service.rb
 - lib/contrast/agent/protect/rule/cmd_injection.rb
-- lib/contrast/agent/protect/rule/csrf.rb
-- lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb
-- lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb
 - lib/contrast/agent/protect/rule/default_scanner.rb
 - lib/contrast/agent/protect/rule/deserialization.rb
 - lib/contrast/agent/protect/rule/http_method_tampering.rb
@@ -771,19 +810,26 @@ files:
 - lib/contrast/agent/reaction_processor.rb
 - lib/contrast/agent/request.rb
 - lib/contrast/agent/request_context.rb
+- lib/contrast/agent/request_handler.rb
 - lib/contrast/agent/require_state.rb
 - lib/contrast/agent/response.rb
 - lib/contrast/agent/rewriter.rb
+- lib/contrast/agent/rule_set.rb
 - lib/contrast/agent/scope.rb
 - lib/contrast/agent/service_heartbeat.rb
-- lib/contrast/agent/settings_state.rb
 - lib/contrast/agent/socket_client.rb
+- lib/contrast/agent/static_analysis.rb
 - lib/contrast/agent/thread.rb
 - lib/contrast/agent/tracepoint_hook.rb
 - lib/contrast/agent/version.rb
 - lib/contrast/api.rb
 - lib/contrast/api/.gitkeep
 - lib/contrast/api/connection_status.rb
+- lib/contrast/api/decorators.rb
+- lib/contrast/api/decorators/application_settings.rb
+- lib/contrast/api/decorators/application_update.rb
+- lib/contrast/api/decorators/input_analysis.rb
+- lib/contrast/api/decorators/server_features.rb
 - lib/contrast/api/dtm_pb.rb
 - lib/contrast/api/settings_pb.rb
 - lib/contrast/api/socket.rb
@@ -824,67 +870,59 @@ files:
 - lib/contrast/config/server_configuration.rb
 - lib/contrast/config/service_configuration.rb
 - lib/contrast/configuration.rb
-- lib/contrast/delegators.rb
-- lib/contrast/delegators/application_update.rb
-- lib/contrast/extensions/framework/rack/cookie.rb
-- lib/contrast/extensions/framework/rack/request.rb
-- lib/contrast/extensions/framework/rack/response.rb
-- lib/contrast/extensions/framework/rails/action_controller_railties_helper_inherited.rb
-- lib/contrast/extensions/framework/rails/active_record.rb
-- lib/contrast/extensions/framework/rails/active_record_named.rb
-- lib/contrast/extensions/framework/rails/active_record_time_zone_inherited.rb
-- lib/contrast/extensions/framework/rails/buffer.rb
-- lib/contrast/extensions/framework/rails/configuration.rb
-- lib/contrast/extensions/framework/sinatra/base.rb
-- lib/contrast/extensions/ruby_core/assess.rb
-- lib/contrast/extensions/ruby_core/assess/array.rb
-- lib/contrast/extensions/ruby_core/assess/assess_extension.rb
-- lib/contrast/extensions/ruby_core/assess/basic_object.rb
-- lib/contrast/extensions/ruby_core/assess/erb.rb
-- lib/contrast/extensions/ruby_core/assess/exec_trigger.rb
-- lib/contrast/extensions/ruby_core/assess/fiber.rb
-- lib/contrast/extensions/ruby_core/assess/hash.rb
-- lib/contrast/extensions/ruby_core/assess/kernel.rb
-- lib/contrast/extensions/ruby_core/assess/module.rb
-- lib/contrast/extensions/ruby_core/assess/regexp.rb
-- lib/contrast/extensions/ruby_core/assess/string.rb
-- lib/contrast/extensions/ruby_core/assess/tilt_template_trigger.rb
-- lib/contrast/extensions/ruby_core/assess/xpath_library_trigger.rb
-- lib/contrast/extensions/ruby_core/delegator.rb
-- lib/contrast/extensions/ruby_core/eval_trigger.rb
-- lib/contrast/extensions/ruby_core/inventory.rb
-- lib/contrast/extensions/ruby_core/inventory/datastores.rb
-- lib/contrast/extensions/ruby_core/module.rb
-- lib/contrast/extensions/ruby_core/protect.rb
-- lib/contrast/extensions/ruby_core/protect/applies_command_injection_rule.rb
-- lib/contrast/extensions/ruby_core/protect/applies_deserialization_rule.rb
-- lib/contrast/extensions/ruby_core/protect/applies_no_sqli_rule.rb
-- lib/contrast/extensions/ruby_core/protect/applies_path_traversal_rule.rb
-- lib/contrast/extensions/ruby_core/protect/applies_sqli_rule.rb
-- lib/contrast/extensions/ruby_core/protect/applies_xxe_rule.rb
-- lib/contrast/extensions/ruby_core/protect/kernel.rb
-- lib/contrast/extensions/ruby_core/protect/psych.rb
-- lib/contrast/extensions/ruby_core/thread.rb
+- lib/contrast/extension/assess.rb
+- lib/contrast/extension/assess/array.rb
+- lib/contrast/extension/assess/assess_extension.rb
+- lib/contrast/extension/assess/erb.rb
+- lib/contrast/extension/assess/eval_trigger.rb
+- lib/contrast/extension/assess/exec_trigger.rb
+- lib/contrast/extension/assess/fiber.rb
+- lib/contrast/extension/assess/hash.rb
+- lib/contrast/extension/assess/kernel.rb
+- lib/contrast/extension/assess/regexp.rb
+- lib/contrast/extension/assess/string.rb
+- lib/contrast/extension/delegator.rb
+- lib/contrast/extension/inventory.rb
+- lib/contrast/extension/kernel.rb
+- lib/contrast/extension/module.rb
+- lib/contrast/extension/protect.rb
+- lib/contrast/extension/protect/kernel.rb
+- lib/contrast/extension/protect/psych.rb
+- lib/contrast/extension/thread.rb
 - lib/contrast/framework/base_support.rb
 - lib/contrast/framework/manager.rb
 - lib/contrast/framework/platform_version.rb
-- lib/contrast/framework/rails_support.rb
-- lib/contrast/framework/sinatra_application_helper.rb
-- lib/contrast/framework/sinatra_support.rb
+- lib/contrast/framework/rack/patch/session_cookie.rb
+- lib/contrast/framework/rack/patch/support.rb
+- lib/contrast/framework/rack/support.rb
+- lib/contrast/framework/rails/patch/action_controller_live_buffer.rb
+- lib/contrast/framework/rails/patch/assess_configuration.rb
+- lib/contrast/framework/rails/patch/rails_application_configuration.rb
+- lib/contrast/framework/rails/patch/support.rb
+- lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb
+- lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb
+- lib/contrast/framework/rails/rewrite/active_record_named.rb
+- lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb
+- lib/contrast/framework/rails/support.rb
+- lib/contrast/framework/sinatra/application_helper.rb
+- lib/contrast/framework/sinatra/patch/base.rb
+- lib/contrast/framework/sinatra/patch/support.rb
+- lib/contrast/framework/sinatra/support.rb
 - lib/contrast/framework/view_technologies_descriptor.rb
 - lib/contrast/internal_exception.rb
+- lib/contrast/logger/application.rb
+- lib/contrast/logger/log.rb
+- lib/contrast/logger/time.rb
 - lib/contrast/security_exception.rb
+- lib/contrast/tasks/config.rb
 - lib/contrast/tasks/service.rb
 - lib/contrast/utils/assess/sampling_util.rb
 - lib/contrast/utils/assess/tracking_util.rb
 - lib/contrast/utils/boolean_util.rb
 - lib/contrast/utils/cache.rb
 - lib/contrast/utils/class_util.rb
-- lib/contrast/utils/comment_range.rb
-- lib/contrast/utils/data_store_util.rb
 - lib/contrast/utils/duck_utils.rb
 - lib/contrast/utils/env_configuration_item.rb
-- lib/contrast/utils/environment_util.rb
 - lib/contrast/utils/freeze_util.rb
 - lib/contrast/utils/gemfile_reader.rb
 - lib/contrast/utils/hash_digest.rb
@@ -895,12 +933,8 @@ files:
 - lib/contrast/utils/job_servers_running.rb
 - lib/contrast/utils/object_share.rb
 - lib/contrast/utils/os.rb
-- lib/contrast/utils/performs_logging.rb
 - lib/contrast/utils/preflight_util.rb
 - lib/contrast/utils/prevent_serialization.rb
-- lib/contrast/utils/rack_assess_session_cookie.rb
-- lib/contrast/utils/rails_assess_configuration.rb
-- lib/contrast/utils/random_util.rb
 - lib/contrast/utils/resource_loader.rb
 - lib/contrast/utils/ruby_ast_rewriter.rb
 - lib/contrast/utils/service_response_util.rb
@@ -913,33 +947,9 @@ files:
 - lib/contrast/utils/thread_tracker.rb
 - lib/contrast/utils/timer.rb
 - resources/assess/policy.json
-- resources/csrf/inject.js
 - resources/deadzone/policy.json
-- resources/factory-bot-spec/spec_helper.rb
 - resources/inventory/policy.json
 - resources/protect/policy.json
-- resources/rubocops/kernel/catch_cop.rb
-- resources/rubocops/kernel/require_cop.rb
-- resources/rubocops/kernel/require_relative_cop.rb
-- resources/rubocops/module/autoload_cop.rb
-- resources/rubocops/module/const_defined_cop.rb
-- resources/rubocops/module/const_get_cop.rb
-- resources/rubocops/module/const_set_cop.rb
-- resources/rubocops/module/constants_cop.rb
-- resources/rubocops/module/name_cop.rb
-- resources/rubocops/object/class_cop.rb
-- resources/rubocops/object/freeze_cop.rb
-- resources/rubocops/object/frozen_cop.rb
-- resources/rubocops/object/is_a_cop.rb
-- resources/rubocops/object/method_cop.rb
-- resources/rubocops/object/respond_to_cop.rb
-- resources/rubocops/object/singleton_class_cop.rb
-- resources/rubocops/regexp/spelling_cop.rb
-- resources/rubocops/thread/new_cop.rb
-- resources/ruby-spec/ancestors_spec.rb
-- resources/ruby-spec/modulo_spec.rb
-- resources/ruby-spec/parameters_spec.rb
-- resources/ruby-spec/ruby_spec_spec_helper.rb
 - resources/test_marker.txt
 - ruby-agent.gemspec
 - service_executables/.gitkeep
@@ -957,7 +967,8 @@ metadata:
   support_uri: https://support.contrastsecurity.com
   trouble_shooting_uri: https://support.contrastsecurity.com/hc/en-us/search?utf8=%E2%9C%93&query=Ruby
   wiki_uri: https://docs.contrastsecurity.com/
-post_install_message: 
+post_install_message: 'To generate the required contrast_security.yaml file you can
+  run: bundle exec rake contrast:config:create'
 rdoc_options: []
 require_paths:
 - lib

data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c

@@ -1,63 +0,0 @@
-/* Copyright (c) 2020 Contrast Security, Inc.  See
- * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
-
-#include "cs__assess_regexp_track.h"
-#include <funchook.h>
-#include <ruby.h>
-
-static VALUE rb_reg_match_pre_hook(VALUE match) {
-    VALUE result = rb_reg_match_pre_original(match);
-    result = rb_funcall(regexp_class, track_rb_pre_match, 2, match, result);
-    return result;
-}
-
-static VALUE rb_reg_match_post_hook(VALUE match) {
-    VALUE result = rb_reg_match_post_original(match);
-    result = rb_funcall(regexp_class, track_rb_post_match, 2, match, result);
-    return result;
-}
-
-static VALUE rb_reg_match_last_hook(VALUE match) {
-    VALUE result = rb_reg_match_last_original(match);
-    result =
-        rb_funcall(regexp_class, track_rb_reg_match_last, 2, match, result);
-    return result;
-}
-
-static VALUE rb_reg_nth_match_hook(int nth, VALUE match) {
-    VALUE result = rb_reg_nth_match_original(nth, match);
-    result = rb_funcall(regexp_class, track_rb_n_match, 2, match, result);
-    return result;
-}
-
-static int install_regexp_hooks() {
-    funchook_t *funchook = funchook_create();
-
-    rb_reg_match_pre_original = rb_reg_match_pre;
-    funchook_prepare(funchook, (void **)&rb_reg_match_pre_original,
-                     rb_reg_match_pre_hook);
-
-    rb_reg_match_post_original = rb_reg_match_post;
-    funchook_prepare(funchook, (void **)&rb_reg_match_post_original,
-                     rb_reg_match_post_hook);
-
-    rb_reg_match_last_original = rb_reg_match_last;
-    funchook_prepare(funchook, (void **)&rb_reg_match_last_original,
-                     rb_reg_match_last_hook);
-
-    rb_reg_nth_match_original = rb_reg_nth_match;
-    funchook_prepare(funchook, (void **)&rb_reg_nth_match_original,
-                     rb_reg_nth_match_hook);
-
-    funchook_install(funchook, 0);
-    return 0;
-}
-
-void Init_cs__assess_regexp_track(void) {
-    regexp_class = rb_define_class("Regexp", rb_cObject);
-    track_rb_n_match = rb_intern("track_rb_n_match");
-    track_rb_pre_match = rb_intern("track_rb_pre_match");
-    track_rb_post_match = rb_intern("track_rb_post_match");
-    track_rb_reg_match_last = rb_intern("track_rb_reg_match_last");
-    install_regexp_hooks();
-}