contrast-agent 3.10.1 → 3.12.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.flayignore +1 -0
- data/.simplecov +5 -2
- data/ext/build_funchook.rb +13 -17
- data/ext/cs__assess_active_record_named/cs__active_record_named.c +12 -14
- data/ext/cs__assess_active_record_named/cs__active_record_named.h +1 -0
- data/ext/cs__assess_active_record_named/extconf.rb +3 -0
- data/ext/cs__assess_array/cs__assess_array.c +5 -6
- data/ext/cs__assess_array/cs__assess_array.h +1 -0
- data/ext/cs__assess_array/extconf.rb +3 -0
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +13 -11
- data/ext/cs__assess_basic_object/cs__assess_basic_object.h +2 -1
- data/ext/cs__assess_basic_object/extconf.rb +3 -0
- data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +4 -3
- data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +3 -3
- data/ext/cs__assess_fiber_track/extconf.rb +3 -0
- data/ext/cs__assess_hash/cs__assess_hash.c +40 -17
- data/ext/cs__assess_hash/cs__assess_hash.h +4 -6
- data/ext/cs__assess_hash/extconf.rb +3 -0
- data/ext/cs__assess_kernel/cs__assess_kernel.c +11 -9
- data/ext/cs__assess_kernel/cs__assess_kernel.h +1 -0
- data/ext/cs__assess_kernel/extconf.rb +3 -0
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +3 -6
- data/ext/cs__assess_marshal_module/extconf.rb +3 -0
- data/ext/cs__assess_module/cs__assess_module.c +16 -14
- data/ext/cs__assess_module/cs__assess_module.h +3 -0
- data/ext/cs__assess_module/extconf.rb +3 -0
- data/ext/cs__assess_regexp/cs__assess_regexp.c +13 -9
- data/ext/cs__assess_regexp/cs__assess_regexp.h +1 -0
- data/ext/cs__assess_regexp/extconf.rb +3 -0
- data/ext/cs__assess_string/cs__assess_string.c +5 -8
- data/ext/cs__assess_string/cs__assess_string.h +2 -1
- data/ext/cs__assess_string/extconf.rb +3 -0
- data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +2 -2
- data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +3 -3
- data/ext/cs__assess_string_interpolation26/extconf.rb +3 -0
- data/ext/cs__assess_yield_track/cs__assess_yield_track.h +1 -1
- data/ext/cs__assess_yield_track/extconf.rb +3 -0
- data/ext/cs__common/cs__common.c +80 -1
- data/ext/cs__common/cs__common.h +34 -0
- data/ext/cs__common/extconf.rb +9 -8
- data/ext/cs__contrast_patch/cs__contrast_patch.h +1 -6
- data/ext/cs__contrast_patch/extconf.rb +3 -0
- data/ext/cs__protect_kernel/cs__protect_kernel.c +23 -12
- data/ext/cs__protect_kernel/cs__protect_kernel.h +1 -0
- data/ext/cs__protect_kernel/extconf.rb +3 -0
- data/ext/extconf_common.rb +10 -8
- data/funchook/autom4te.cache/output.0 +1 -13
- data/funchook/autom4te.cache/requests +50 -51
- data/funchook/autom4te.cache/traces.0 +0 -3
- data/funchook/config.log +378 -217
- data/funchook/config.status +23 -24
- data/funchook/configure +1 -13
- data/funchook/src/Makefile +7 -7
- data/funchook/src/config.h +2 -2
- data/funchook/src/decoder.o +0 -0
- data/funchook/src/distorm.o +0 -0
- data/funchook/src/funchook.o +0 -0
- data/funchook/src/funchook_io.o +0 -0
- data/funchook/src/funchook_syscall.o +0 -0
- data/funchook/src/funchook_unix.o +0 -0
- data/funchook/src/funchook_x86.o +0 -0
- data/funchook/src/instructions.o +0 -0
- data/funchook/src/insts.o +0 -0
- data/funchook/src/libfunchook.dylib +0 -0
- data/funchook/src/mnemonics.o +0 -0
- data/funchook/src/operands.o +0 -0
- data/funchook/src/os_func.o +0 -0
- data/funchook/src/os_func_unix.o +0 -0
- data/funchook/src/prefix.o +0 -0
- data/funchook/src/printf_base.o +0 -0
- data/funchook/src/textdefs.o +0 -0
- data/funchook/src/wstring.o +0 -0
- data/funchook/test/Makefile +2 -2
- data/funchook/test/funchook_test +0 -0
- data/funchook/test/libfunchook_test.so +0 -0
- data/funchook/test/libfunchook_test.so.dSYM/Contents/Info.plist +20 -0
- data/funchook/test/libfunchook_test.so.dSYM/Contents/Resources/DWARF/libfunchook_test.so +0 -0
- data/funchook/test/test_main.o +0 -0
- data/funchook/test/x86_64_test.o +0 -0
- data/lib/contrast.rb +1 -1
- data/lib/contrast/agent.rb +32 -29
- data/lib/contrast/agent/assess.rb +1 -11
- data/lib/contrast/agent/assess/adjusted_span.rb +3 -1
- data/lib/contrast/agent/assess/contrast_event.rb +16 -62
- data/lib/contrast/agent/assess/events/event_factory.rb +25 -0
- data/lib/contrast/agent/assess/events/source_event.rb +83 -0
- data/lib/contrast/agent/assess/insulator.rb +0 -4
- data/lib/contrast/agent/assess/policy/patcher.rb +6 -2
- data/lib/contrast/agent/assess/policy/policy_node.rb +1 -8
- data/lib/contrast/agent/assess/policy/policy_scanner.rb +2 -2
- data/lib/contrast/agent/assess/policy/preshift.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagation_method.rb +68 -33
- data/lib/contrast/agent/assess/policy/propagation_node.rb +2 -1
- data/lib/contrast/agent/assess/policy/propagator.rb +1 -0
- data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +1 -3
- data/lib/contrast/agent/assess/policy/propagator/match_data.rb +80 -0
- data/lib/contrast/agent/assess/policy/propagator/select.rb +35 -22
- data/lib/contrast/agent/assess/policy/propagator/split.rb +26 -6
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +2 -0
- data/lib/contrast/agent/assess/policy/rewriter_patch.rb +37 -26
- data/lib/contrast/agent/assess/policy/source_method.rb +20 -20
- data/lib/contrast/agent/assess/policy/source_node.rb +0 -15
- data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +90 -0
- data/lib/contrast/agent/assess/policy/trigger/xpath.rb +57 -0
- data/lib/contrast/agent/assess/policy/trigger_method.rb +30 -45
- data/lib/contrast/agent/assess/policy/trigger_node.rb +7 -7
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +2 -31
- data/lib/contrast/agent/assess/properties.rb +5 -3
- data/lib/contrast/agent/assess/rule/base.rb +1 -20
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +23 -6
- data/lib/contrast/agent/assess/rule/redos.rb +4 -5
- data/lib/contrast/agent/assess/tag.rb +24 -14
- data/lib/contrast/agent/at_exit_hook.rb +16 -13
- data/lib/contrast/agent/class_reopener.rb +23 -8
- data/lib/contrast/agent/deadzone/policy/policy.rb +2 -2
- data/lib/contrast/agent/disable_reaction.rb +3 -4
- data/lib/contrast/agent/exclusion_matcher.rb +7 -48
- data/lib/contrast/agent/inventory/policy/datastores.rb +54 -0
- data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
- data/lib/contrast/agent/middleware.rb +101 -260
- data/lib/contrast/agent/module_data.rb +2 -1
- data/lib/contrast/agent/patching/policy/after_load_patch.rb +13 -3
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +59 -47
- data/lib/contrast/agent/patching/policy/method_policy.rb +3 -3
- data/lib/contrast/agent/patching/policy/module_policy.rb +0 -25
- data/lib/contrast/agent/patching/policy/patch.rb +97 -23
- data/lib/contrast/agent/patching/policy/patcher.rb +28 -30
- data/lib/contrast/agent/patching/policy/policy.rb +7 -7
- data/lib/contrast/agent/patching/policy/policy_node.rb +3 -11
- data/lib/contrast/agent/patching/policy/trigger_node.rb +2 -5
- data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +63 -0
- data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +52 -0
- data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +68 -0
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +117 -0
- data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +54 -0
- data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +129 -0
- data/lib/contrast/agent/protect/policy/policy.rb +6 -6
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +51 -0
- data/lib/contrast/agent/protect/rule.rb +0 -5
- data/lib/contrast/agent/protect/rule/base.rb +19 -37
- data/lib/contrast/agent/protect/rule/base_service.rb +3 -1
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +12 -15
- data/lib/contrast/agent/protect/rule/default_scanner.rb +0 -13
- data/lib/contrast/agent/protect/rule/deserialization.rb +2 -0
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +2 -2
- data/lib/contrast/agent/protect/rule/no_sqli.rb +4 -4
- data/lib/contrast/agent/protect/rule/path_traversal.rb +6 -10
- data/lib/contrast/agent/protect/rule/sqli.rb +5 -4
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +2 -0
- data/lib/contrast/agent/protect/rule/xss.rb +2 -0
- data/lib/contrast/agent/protect/rule/xxe.rb +10 -4
- data/lib/contrast/agent/railtie.rb +3 -8
- data/lib/contrast/agent/reaction_processor.rb +5 -5
- data/lib/contrast/agent/request.rb +11 -18
- data/lib/contrast/agent/request_context.rb +16 -19
- data/lib/contrast/agent/request_handler.rb +35 -0
- data/lib/contrast/agent/response.rb +39 -86
- data/lib/contrast/agent/rewriter.rb +22 -10
- data/lib/contrast/agent/rule_set.rb +49 -0
- data/lib/contrast/agent/scope.rb +0 -6
- data/lib/contrast/agent/service_heartbeat.rb +3 -4
- data/lib/contrast/agent/socket_client.rb +25 -19
- data/lib/contrast/agent/static_analysis.rb +41 -0
- data/lib/contrast/agent/thread.rb +1 -1
- data/lib/contrast/agent/tracepoint_hook.rb +1 -5
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/api.rb +1 -1
- data/lib/contrast/api/decorators.rb +14 -0
- data/lib/contrast/api/decorators/application_settings.rb +37 -0
- data/lib/contrast/api/decorators/application_update.rb +66 -0
- data/lib/contrast/api/decorators/input_analysis.rb +17 -0
- data/lib/contrast/api/decorators/server_features.rb +24 -0
- data/lib/contrast/api/speedracer.rb +28 -24
- data/lib/contrast/api/tcp_socket.rb +0 -2
- data/lib/contrast/components/agent.rb +34 -24
- data/lib/contrast/components/app_context.rb +45 -38
- data/lib/contrast/components/assess.rb +25 -15
- data/lib/contrast/components/config.rb +7 -5
- data/lib/contrast/components/contrast_service.rb +23 -71
- data/lib/contrast/components/heap_dump.rb +12 -8
- data/lib/contrast/components/interface.rb +15 -22
- data/lib/contrast/components/inventory.rb +5 -1
- data/lib/contrast/components/logger.rb +3 -68
- data/lib/contrast/components/protect.rb +40 -4
- data/lib/contrast/components/sampling.rb +22 -11
- data/lib/contrast/components/scope.rb +2 -52
- data/lib/contrast/components/settings.rb +42 -23
- data/lib/contrast/config/base_configuration.rb +1 -0
- data/lib/contrast/config/default_value.rb +1 -0
- data/lib/contrast/config/protect_rule_configuration.rb +0 -14
- data/lib/contrast/config/protect_rules_configuration.rb +0 -1
- data/lib/contrast/configuration.rb +2 -2
- data/lib/contrast/{extensions/ruby_core → extension}/assess.rb +12 -15
- data/lib/contrast/extension/assess/array.rb +77 -0
- data/lib/contrast/{extensions/ruby_core → extension}/assess/assess_extension.rb +29 -24
- data/lib/contrast/{extensions/ruby_core → extension}/assess/erb.rb +0 -8
- data/lib/contrast/extension/assess/eval_trigger.rb +78 -0
- data/lib/contrast/{extensions/ruby_core → extension}/assess/exec_trigger.rb +7 -9
- data/lib/contrast/extension/assess/fiber.rb +113 -0
- data/lib/contrast/extension/assess/hash.rb +39 -0
- data/lib/contrast/extension/assess/kernel.rb +110 -0
- data/lib/contrast/extension/assess/regexp.rb +84 -0
- data/lib/contrast/{extensions/ruby_core → extension}/assess/string.rb +18 -10
- data/lib/contrast/{extensions/ruby_core → extension}/delegator.rb +0 -0
- data/lib/contrast/{extensions/ruby_core → extension}/inventory.rb +2 -2
- data/lib/contrast/extension/kernel.rb +54 -0
- data/lib/contrast/{extensions/ruby_core → extension}/module.rb +0 -0
- data/lib/contrast/{extensions/ruby_core → extension}/protect.rb +2 -2
- data/lib/contrast/extension/protect/kernel.rb +44 -0
- data/lib/contrast/{extensions/ruby_core → extension}/protect/psych.rb +1 -1
- data/lib/contrast/{extensions/ruby_core → extension}/thread.rb +0 -0
- data/lib/contrast/framework/base_support.rb +32 -0
- data/lib/contrast/framework/manager.rb +59 -8
- data/lib/contrast/framework/platform_version.rb +1 -0
- data/lib/contrast/framework/rack/patch/session_cookie.rb +126 -0
- data/lib/contrast/framework/rack/patch/support.rb +24 -0
- data/lib/contrast/framework/rack/support.rb +22 -0
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +43 -0
- data/lib/contrast/framework/rails/patch/assess_configuration.rb +103 -0
- data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +31 -0
- data/lib/contrast/framework/rails/patch/support.rb +67 -0
- data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +34 -0
- data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +39 -0
- data/lib/contrast/framework/rails/rewrite/active_record_named.rb +73 -0
- data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +33 -0
- data/lib/contrast/framework/rails/support.rb +115 -0
- data/lib/contrast/framework/sinatra/application_helper.rb +51 -0
- data/lib/contrast/framework/sinatra/patch/base.rb +83 -0
- data/lib/contrast/framework/sinatra/patch/support.rb +27 -0
- data/lib/contrast/framework/sinatra/support.rb +109 -0
- data/lib/contrast/framework/view_technologies_descriptor.rb +1 -0
- data/lib/contrast/logger/application.rb +80 -0
- data/lib/contrast/logger/log.rb +143 -0
- data/lib/contrast/logger/time.rb +50 -0
- data/lib/contrast/tasks/config.rb +54 -0
- data/lib/contrast/tasks/service.rb +3 -13
- data/lib/contrast/utils/assess/sampling_util.rb +4 -9
- data/lib/contrast/utils/assess/tracking_util.rb +7 -1
- data/lib/contrast/utils/boolean_util.rb +2 -2
- data/lib/contrast/utils/cache.rb +0 -11
- data/lib/contrast/utils/class_util.rb +24 -3
- data/lib/contrast/utils/gemfile_reader.rb +7 -5
- data/lib/contrast/utils/hash_digest.rb +2 -11
- data/lib/contrast/utils/heap_dump_util.rb +12 -11
- data/lib/contrast/utils/invalid_configuration_util.rb +4 -4
- data/lib/contrast/utils/inventory_util.rb +2 -2
- data/lib/contrast/utils/io_util.rb +1 -11
- data/lib/contrast/utils/job_servers_running.rb +6 -4
- data/lib/contrast/utils/object_share.rb +1 -28
- data/lib/contrast/utils/os.rb +1 -25
- data/lib/contrast/utils/service_response_util.rb +36 -60
- data/lib/contrast/utils/service_sender_util.rb +84 -23
- data/lib/contrast/utils/sinatra_helper.rb +0 -6
- data/lib/contrast/utils/stack_trace_utils.rb +86 -182
- data/lib/contrast/utils/string_utils.rb +18 -2
- data/lib/contrast/utils/tag_util.rb +11 -1
- data/lib/contrast/utils/thread_tracker.rb +2 -2
- data/lib/contrast/utils/timer.rb +0 -40
- data/resources/assess/policy.json +42 -71
- data/resources/inventory/policy.json +2 -2
- data/resources/protect/policy.json +15 -15
- data/ruby-agent.gemspec +11 -4
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +126 -113
- data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +0 -63
- data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +0 -29
- data/ext/cs__assess_regexp_track/extconf.rb +0 -2
- data/funchook/src/libfunchook.so +0 -0
- data/lib/contrast/agent/assess/frozen_properties.rb +0 -41
- data/lib/contrast/agent/assess/rule/csrf.rb +0 -66
- data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +0 -28
- data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +0 -73
- data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +0 -132
- data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +0 -47
- data/lib/contrast/agent/assess/rule/response_watcher.rb +0 -36
- data/lib/contrast/agent/assess/rule/watcher.rb +0 -36
- data/lib/contrast/agent/feature_state.rb +0 -376
- data/lib/contrast/agent/logger_manager.rb +0 -116
- data/lib/contrast/agent/protect/rule/csrf.rb +0 -118
- data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +0 -103
- data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +0 -85
- data/lib/contrast/agent/settings_state.rb +0 -152
- data/lib/contrast/delegators.rb +0 -9
- data/lib/contrast/delegators/application_update.rb +0 -32
- data/lib/contrast/extensions/framework/rack/cookie.rb +0 -24
- data/lib/contrast/extensions/framework/rack/request.rb +0 -24
- data/lib/contrast/extensions/framework/rack/response.rb +0 -23
- data/lib/contrast/extensions/framework/rails/action_controller_railties_helper_inherited.rb +0 -20
- data/lib/contrast/extensions/framework/rails/active_record.rb +0 -26
- data/lib/contrast/extensions/framework/rails/active_record_named.rb +0 -53
- data/lib/contrast/extensions/framework/rails/active_record_time_zone_inherited.rb +0 -21
- data/lib/contrast/extensions/framework/rails/buffer.rb +0 -28
- data/lib/contrast/extensions/framework/rails/configuration.rb +0 -27
- data/lib/contrast/extensions/framework/sinatra/base.rb +0 -59
- data/lib/contrast/extensions/ruby_core/assess/array.rb +0 -59
- data/lib/contrast/extensions/ruby_core/assess/basic_object.rb +0 -15
- data/lib/contrast/extensions/ruby_core/assess/fiber.rb +0 -124
- data/lib/contrast/extensions/ruby_core/assess/hash.rb +0 -22
- data/lib/contrast/extensions/ruby_core/assess/kernel.rb +0 -95
- data/lib/contrast/extensions/ruby_core/assess/module.rb +0 -14
- data/lib/contrast/extensions/ruby_core/assess/regexp.rb +0 -206
- data/lib/contrast/extensions/ruby_core/assess/tilt_template_trigger.rb +0 -73
- data/lib/contrast/extensions/ruby_core/assess/xpath_library_trigger.rb +0 -40
- data/lib/contrast/extensions/ruby_core/eval_trigger.rb +0 -52
- data/lib/contrast/extensions/ruby_core/inventory/datastores.rb +0 -37
- data/lib/contrast/extensions/ruby_core/protect/applies_command_injection_rule.rb +0 -72
- data/lib/contrast/extensions/ruby_core/protect/applies_deserialization_rule.rb +0 -60
- data/lib/contrast/extensions/ruby_core/protect/applies_no_sqli_rule.rb +0 -83
- data/lib/contrast/extensions/ruby_core/protect/applies_path_traversal_rule.rb +0 -123
- data/lib/contrast/extensions/ruby_core/protect/applies_sqli_rule.rb +0 -65
- data/lib/contrast/extensions/ruby_core/protect/applies_xxe_rule.rb +0 -143
- data/lib/contrast/extensions/ruby_core/protect/kernel.rb +0 -30
- data/lib/contrast/framework/rails_support.rb +0 -88
- data/lib/contrast/framework/sinatra_application_helper.rb +0 -49
- data/lib/contrast/framework/sinatra_support.rb +0 -94
- data/lib/contrast/utils/comment_range.rb +0 -19
- data/lib/contrast/utils/data_store_util.rb +0 -23
- data/lib/contrast/utils/environment_util.rb +0 -81
- data/lib/contrast/utils/performs_logging.rb +0 -152
- data/lib/contrast/utils/rack_assess_session_cookie.rb +0 -104
- data/lib/contrast/utils/rails_assess_configuration.rb +0 -95
- data/lib/contrast/utils/random_util.rb +0 -22
- data/resources/csrf/inject.js +0 -44
- data/resources/factory-bot-spec/spec_helper.rb +0 -30
- data/resources/rubocops/kernel/catch_cop.rb +0 -37
- data/resources/rubocops/kernel/require_cop.rb +0 -37
- data/resources/rubocops/kernel/require_relative_cop.rb +0 -33
- data/resources/rubocops/module/autoload_cop.rb +0 -37
- data/resources/rubocops/module/const_defined_cop.rb +0 -37
- data/resources/rubocops/module/const_get_cop.rb +0 -37
- data/resources/rubocops/module/const_set_cop.rb +0 -37
- data/resources/rubocops/module/constants_cop.rb +0 -37
- data/resources/rubocops/module/name_cop.rb +0 -37
- data/resources/rubocops/object/class_cop.rb +0 -37
- data/resources/rubocops/object/freeze_cop.rb +0 -37
- data/resources/rubocops/object/frozen_cop.rb +0 -37
- data/resources/rubocops/object/is_a_cop.rb +0 -37
- data/resources/rubocops/object/method_cop.rb +0 -37
- data/resources/rubocops/object/respond_to_cop.rb +0 -37
- data/resources/rubocops/object/singleton_class_cop.rb +0 -37
- data/resources/rubocops/regexp/spelling_cop.rb +0 -44
- data/resources/rubocops/thread/new_cop.rb +0 -39
- data/resources/ruby-spec/ancestors_spec.rb +0 -70
- data/resources/ruby-spec/modulo_spec.rb +0 -831
- data/resources/ruby-spec/parameters_spec.rb +0 -261
- data/resources/ruby-spec/ruby_spec_spec_helper.rb +0 -35
|
@@ -1,63 +0,0 @@
|
|
|
1
|
-
/* Copyright (c) 2020 Contrast Security, Inc. See
|
|
2
|
-
* https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
|
|
3
|
-
|
|
4
|
-
#include "cs__assess_regexp_track.h"
|
|
5
|
-
#include <funchook.h>
|
|
6
|
-
#include <ruby.h>
|
|
7
|
-
|
|
8
|
-
static VALUE rb_reg_match_pre_hook(VALUE match) {
|
|
9
|
-
VALUE result = rb_reg_match_pre_original(match);
|
|
10
|
-
result = rb_funcall(regexp_class, track_rb_pre_match, 2, match, result);
|
|
11
|
-
return result;
|
|
12
|
-
}
|
|
13
|
-
|
|
14
|
-
static VALUE rb_reg_match_post_hook(VALUE match) {
|
|
15
|
-
VALUE result = rb_reg_match_post_original(match);
|
|
16
|
-
result = rb_funcall(regexp_class, track_rb_post_match, 2, match, result);
|
|
17
|
-
return result;
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
static VALUE rb_reg_match_last_hook(VALUE match) {
|
|
21
|
-
VALUE result = rb_reg_match_last_original(match);
|
|
22
|
-
result =
|
|
23
|
-
rb_funcall(regexp_class, track_rb_reg_match_last, 2, match, result);
|
|
24
|
-
return result;
|
|
25
|
-
}
|
|
26
|
-
|
|
27
|
-
static VALUE rb_reg_nth_match_hook(int nth, VALUE match) {
|
|
28
|
-
VALUE result = rb_reg_nth_match_original(nth, match);
|
|
29
|
-
result = rb_funcall(regexp_class, track_rb_n_match, 2, match, result);
|
|
30
|
-
return result;
|
|
31
|
-
}
|
|
32
|
-
|
|
33
|
-
static int install_regexp_hooks() {
|
|
34
|
-
funchook_t *funchook = funchook_create();
|
|
35
|
-
|
|
36
|
-
rb_reg_match_pre_original = rb_reg_match_pre;
|
|
37
|
-
funchook_prepare(funchook, (void **)&rb_reg_match_pre_original,
|
|
38
|
-
rb_reg_match_pre_hook);
|
|
39
|
-
|
|
40
|
-
rb_reg_match_post_original = rb_reg_match_post;
|
|
41
|
-
funchook_prepare(funchook, (void **)&rb_reg_match_post_original,
|
|
42
|
-
rb_reg_match_post_hook);
|
|
43
|
-
|
|
44
|
-
rb_reg_match_last_original = rb_reg_match_last;
|
|
45
|
-
funchook_prepare(funchook, (void **)&rb_reg_match_last_original,
|
|
46
|
-
rb_reg_match_last_hook);
|
|
47
|
-
|
|
48
|
-
rb_reg_nth_match_original = rb_reg_nth_match;
|
|
49
|
-
funchook_prepare(funchook, (void **)&rb_reg_nth_match_original,
|
|
50
|
-
rb_reg_nth_match_hook);
|
|
51
|
-
|
|
52
|
-
funchook_install(funchook, 0);
|
|
53
|
-
return 0;
|
|
54
|
-
}
|
|
55
|
-
|
|
56
|
-
void Init_cs__assess_regexp_track(void) {
|
|
57
|
-
regexp_class = rb_define_class("Regexp", rb_cObject);
|
|
58
|
-
track_rb_n_match = rb_intern("track_rb_n_match");
|
|
59
|
-
track_rb_pre_match = rb_intern("track_rb_pre_match");
|
|
60
|
-
track_rb_post_match = rb_intern("track_rb_post_match");
|
|
61
|
-
track_rb_reg_match_last = rb_intern("track_rb_reg_match_last");
|
|
62
|
-
install_regexp_hooks();
|
|
63
|
-
}
|
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
#include <funchook.h>
|
|
2
|
-
#include <ruby.h>
|
|
3
|
-
|
|
4
|
-
static VALUE regexp_class;
|
|
5
|
-
static VALUE track_rb_n_match;
|
|
6
|
-
static VALUE track_rb_pre_match;
|
|
7
|
-
static VALUE track_rb_post_match;
|
|
8
|
-
static VALUE track_rb_reg_match_last;
|
|
9
|
-
|
|
10
|
-
VALUE rb_reg_match_pre(VALUE match);
|
|
11
|
-
static VALUE *(*rb_reg_match_pre_original)(VALUE match);
|
|
12
|
-
|
|
13
|
-
VALUE rb_reg_match_post(VALUE match);
|
|
14
|
-
static VALUE *(*rb_reg_match_post_original)(VALUE match);
|
|
15
|
-
|
|
16
|
-
VALUE rb_reg_match_last(VALUE match);
|
|
17
|
-
static VALUE *(*rb_reg_match_last_original)(VALUE match);
|
|
18
|
-
|
|
19
|
-
VALUE rb_reg_nth_match(int nth, VALUE match);
|
|
20
|
-
static VALUE *(*rb_reg_nth_match_original)(int nth, VALUE match);
|
|
21
|
-
|
|
22
|
-
static VALUE rb_reg_match_pre_hook(VALUE match);
|
|
23
|
-
static VALUE rb_reg_match_post_hook(VALUE match);
|
|
24
|
-
static VALUE rb_reg_match_last_hook(VALUE match);
|
|
25
|
-
static VALUE rb_reg_nth_match_hook(int nth, VALUE match);
|
|
26
|
-
|
|
27
|
-
static int install_regexp_hooks();
|
|
28
|
-
|
|
29
|
-
void Init_cs__assess_regexp_track(void);
|
data/funchook/src/libfunchook.so
DELETED
|
Binary file
|
|
@@ -1,41 +0,0 @@
|
|
|
1
|
-
# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
cs__scoped_require 'set'
|
|
5
|
-
cs__scoped_require 'base64'
|
|
6
|
-
cs__scoped_require 'contrast/utils/tag_util'
|
|
7
|
-
cs__scoped_require 'contrast/utils/prevent_serialization'
|
|
8
|
-
|
|
9
|
-
module Contrast
|
|
10
|
-
module Agent
|
|
11
|
-
module Assess
|
|
12
|
-
# This class is used as an NoOP version of Properties. We'll pass this to
|
|
13
|
-
# any attempt to access Properties on a frozen object including
|
|
14
|
-
# AssessExtension iff that object did not have Properties before it was
|
|
15
|
-
# placed in a frozen state.
|
|
16
|
-
class FrozenProperties
|
|
17
|
-
include Contrast::Utils::PreventSerialization
|
|
18
|
-
|
|
19
|
-
def events
|
|
20
|
-
Contrast::Utils::ObjectShare::EMPTY_ARRAY
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
def properties
|
|
24
|
-
Contrast::Utils::ObjectShare::EMPTY_HASH
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
def tracked?
|
|
28
|
-
false
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def tagged? _label
|
|
32
|
-
false
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
def any_tags_between? _start, _finish
|
|
36
|
-
false
|
|
37
|
-
end
|
|
38
|
-
end
|
|
39
|
-
end
|
|
40
|
-
end
|
|
41
|
-
end
|
|
@@ -1,66 +0,0 @@
|
|
|
1
|
-
# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
module Contrast
|
|
5
|
-
module Agent
|
|
6
|
-
module Assess
|
|
7
|
-
module Rule
|
|
8
|
-
# The Ruby implementation of the CSRF Assess Rule.
|
|
9
|
-
class Csrf < Contrast::Agent::Assess::Rule::ResponseScanningRule
|
|
10
|
-
NAME = 'csrf'
|
|
11
|
-
def name
|
|
12
|
-
NAME
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
DB_STATE_CHANGE = 'db'
|
|
16
|
-
ACTION_LIMIT = 3
|
|
17
|
-
QUERY_SIZE_LIMIT = 50
|
|
18
|
-
STATE_CHANGING_ACTIONS_KEY = 'csrf.statechange.actions'
|
|
19
|
-
def record_db_state_change context, query
|
|
20
|
-
return unless context
|
|
21
|
-
|
|
22
|
-
changes = context.get_property(STATE_CHANGING_ACTIONS_KEY)
|
|
23
|
-
changes ||= []
|
|
24
|
-
return unless changes.length < ACTION_LIMIT
|
|
25
|
-
|
|
26
|
-
return unless state_change?(query)
|
|
27
|
-
|
|
28
|
-
action = Contrast::Agent::Assess::Rule::Csrf::CsrfAction.new
|
|
29
|
-
action.type = DB_STATE_CHANGE
|
|
30
|
-
action.evidence = query[0..QUERY_SIZE_LIMIT]
|
|
31
|
-
|
|
32
|
-
changes << action
|
|
33
|
-
|
|
34
|
-
context.add_property(STATE_CHANGING_ACTIONS_KEY, changes)
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
STATE_CHANGE_QUERY_ACTIONS = %w[
|
|
38
|
-
insert
|
|
39
|
-
update
|
|
40
|
-
delete
|
|
41
|
-
drop
|
|
42
|
-
create
|
|
43
|
-
alter
|
|
44
|
-
upsert
|
|
45
|
-
].cs__freeze
|
|
46
|
-
# Returns true if the given query starts with any
|
|
47
|
-
# of the STATE_CHANGE_QUERY_ACTIONS listed above
|
|
48
|
-
def state_change? query
|
|
49
|
-
return false unless query.is_a?(String) && !query.empty?
|
|
50
|
-
|
|
51
|
-
query.downcase.start_with?(*STATE_CHANGE_QUERY_ACTIONS)
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
# some watchers keep state and need to be reset in each request.
|
|
55
|
-
# this one is not one of those.
|
|
56
|
-
def watcher
|
|
57
|
-
@_watcher ||= Contrast::Agent::Assess::Rule::Csrf::Watcher.new
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
# Indicates if this request has been checked for a CSRF token
|
|
61
|
-
CHECKED = 'csrf.token.checked'
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
end
|
|
65
|
-
end
|
|
66
|
-
end
|
|
@@ -1,28 +0,0 @@
|
|
|
1
|
-
# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
module Contrast
|
|
5
|
-
module Agent
|
|
6
|
-
module Assess
|
|
7
|
-
module Rule
|
|
8
|
-
class Csrf
|
|
9
|
-
# CSRF is only reported on those Requests which also result in a
|
|
10
|
-
# state changing action (database call). This class servers as a
|
|
11
|
-
# record of that action.
|
|
12
|
-
class CsrfAction
|
|
13
|
-
attr_accessor :type, :evidence
|
|
14
|
-
|
|
15
|
-
TYPE = 'type'
|
|
16
|
-
EVIDENCE = 'evidence'
|
|
17
|
-
def to_h
|
|
18
|
-
{
|
|
19
|
-
TYPE => type,
|
|
20
|
-
EVIDENCE => evidence
|
|
21
|
-
}
|
|
22
|
-
end
|
|
23
|
-
end
|
|
24
|
-
end
|
|
25
|
-
end
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
end
|
|
@@ -1,73 +0,0 @@
|
|
|
1
|
-
# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
cs__scoped_require 'contrast/utils/object_share'
|
|
5
|
-
cs__scoped_require 'contrast/components/interface'
|
|
6
|
-
|
|
7
|
-
module Contrast
|
|
8
|
-
module Agent
|
|
9
|
-
module Assess
|
|
10
|
-
module Rule
|
|
11
|
-
class Csrf
|
|
12
|
-
# This class is called by our patches to determine if a CSRF
|
|
13
|
-
# vulnerability exists within an application. It is used through a
|
|
14
|
-
# CUSTOM propagation in order to capture that a Database call was
|
|
15
|
-
# made in response to a request that did not have the Contrast CSRF
|
|
16
|
-
# token.
|
|
17
|
-
class CsrfApplicator
|
|
18
|
-
include Contrast::Components::Interface
|
|
19
|
-
access_component :logging, :analysis, :scope
|
|
20
|
-
|
|
21
|
-
CS__CSRF_LOG_MSG = 'applying CSRF assess rule'
|
|
22
|
-
|
|
23
|
-
class << self
|
|
24
|
-
def csrf_tagger patcher, preshift, _ret, _block
|
|
25
|
-
return unless rule&.enabled?
|
|
26
|
-
|
|
27
|
-
idx = patcher.sources[0].to_i
|
|
28
|
-
args = preshift.args
|
|
29
|
-
return unless args&.length.to_i > idx
|
|
30
|
-
|
|
31
|
-
sql = args[idx]
|
|
32
|
-
return unless sql
|
|
33
|
-
|
|
34
|
-
with_contrast_scope do
|
|
35
|
-
logger.debug(nil, CS__CSRF_LOG_MSG)
|
|
36
|
-
rule.record_db_state_change(
|
|
37
|
-
Contrast::Agent::REQUEST_TRACKER.current,
|
|
38
|
-
sql)
|
|
39
|
-
end
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
def apply_csrf_rule sql
|
|
43
|
-
context = Contrast::Agent::REQUEST_TRACKER.current
|
|
44
|
-
|
|
45
|
-
return unless context&.app_loaded?
|
|
46
|
-
return unless ASSESS.enabled?
|
|
47
|
-
return unless sql
|
|
48
|
-
|
|
49
|
-
rule = Contrast::Agent::FeatureState.instance.assess_rule(
|
|
50
|
-
Contrast::Agent::Assess::Rule::Csrf::NAME)
|
|
51
|
-
return unless rule&.enabled?
|
|
52
|
-
|
|
53
|
-
with_contrast_scope do
|
|
54
|
-
logger.debug(CS__CSRF_LOG_MSG)
|
|
55
|
-
rule.record_db_state_change(context, sql)
|
|
56
|
-
end
|
|
57
|
-
rescue StandardError => e
|
|
58
|
-
logger.warn(e, 'Error running CSRF assess rule')
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
private
|
|
62
|
-
|
|
63
|
-
def rule
|
|
64
|
-
@_rule ||= Contrast::Agent::FeatureState.instance.assess_rule(
|
|
65
|
-
Contrast::Agent::Assess::Rule::Csrf::NAME)
|
|
66
|
-
end
|
|
67
|
-
end
|
|
68
|
-
end
|
|
69
|
-
end
|
|
70
|
-
end
|
|
71
|
-
end
|
|
72
|
-
end
|
|
73
|
-
end
|
|
@@ -1,132 +0,0 @@
|
|
|
1
|
-
# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
cs__scoped_require 'contrast/agent/assess/rule/response_watcher'
|
|
5
|
-
|
|
6
|
-
module Contrast
|
|
7
|
-
module Agent
|
|
8
|
-
module Assess
|
|
9
|
-
module Rule
|
|
10
|
-
class Csrf
|
|
11
|
-
# Watchers are how those Rules which do not act on dataflow function.
|
|
12
|
-
# This one is used by the CSRF rule to determine if a request was
|
|
13
|
-
# made in a way that is susceptible to a CSRF attack.
|
|
14
|
-
class Watcher < Contrast::Agent::Assess::Rule::ResponseWatcher
|
|
15
|
-
def supports? context
|
|
16
|
-
return false unless super(context)
|
|
17
|
-
return false unless user_agent?(context)
|
|
18
|
-
return false unless form_content_type?(context)
|
|
19
|
-
return false unless form_method?(context)
|
|
20
|
-
return false if empty_get?(context)
|
|
21
|
-
|
|
22
|
-
true
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
X_REQUESTED_WITH = 'X-REQUESTED-WITH'
|
|
26
|
-
# ignore this request if X-Requested-With is set
|
|
27
|
-
def x_requested_with? context
|
|
28
|
-
!context.request.normalized_request_headers[X_REQUESTED_WITH].nil?
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
USER_AGENT = 'USER-AGENT'
|
|
32
|
-
# ignore this request if User-Agent is NOT set
|
|
33
|
-
# since that indicates this isn't a browser interaction
|
|
34
|
-
def user_agent? context
|
|
35
|
-
!context.request.normalized_request_headers[USER_AGENT].nil?
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
CONTENT_TYPE = 'CONTENT-TYPE'
|
|
39
|
-
FORM_TYPES = %w[
|
|
40
|
-
text/plain
|
|
41
|
-
multipart/form-data
|
|
42
|
-
application/x-www-form-urlencoded
|
|
43
|
-
].cs__freeze
|
|
44
|
-
# ignore this request if the Content-Type is NOT set
|
|
45
|
-
# to a form content type
|
|
46
|
-
def form_content_type? context
|
|
47
|
-
type = context.request.content_type
|
|
48
|
-
# We need to account for the charset being part of the header. It doesn't
|
|
49
|
-
# affect how we determine CSRF-ability or not
|
|
50
|
-
type = type.split(Contrast::Utils::ObjectShare::SEMICOLON)[0] if type
|
|
51
|
-
FORM_TYPES.include?(type)
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
FORM_METHODS = %w[GET POST].cs__freeze
|
|
55
|
-
# ignore this request if the request method
|
|
56
|
-
# is not one that can be set with forms
|
|
57
|
-
def form_method? context
|
|
58
|
-
FORM_METHODS.include?(context.request.request_method)
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
GET = 'GET'
|
|
62
|
-
# ignore this request if the method is get
|
|
63
|
-
# and the query string is empty
|
|
64
|
-
def empty_get? context
|
|
65
|
-
request = context.request
|
|
66
|
-
request.request_method ==
|
|
67
|
-
GET &&
|
|
68
|
-
(request.query_string.nil? || request.query_string.empty?)
|
|
69
|
-
end
|
|
70
|
-
|
|
71
|
-
# If a parameter contains 'csrf' or 'token', we consider
|
|
72
|
-
# it to be a guard against CSRF and therefore determine
|
|
73
|
-
# that this request is not vulnerable.
|
|
74
|
-
CSRF_PATTERN = /csrf/i.cs__freeze
|
|
75
|
-
TOKEN_PATTERN = /token/i.cs__freeze
|
|
76
|
-
def vulnerable? context
|
|
77
|
-
# having the property 'csrf.token.checked' indicates
|
|
78
|
-
# that a CSRF check was preformed at some point during
|
|
79
|
-
# this request, so we consider it to not be vulnerable
|
|
80
|
-
return false if context.get_property(CHECKED)
|
|
81
|
-
|
|
82
|
-
params = context.request.parameters
|
|
83
|
-
params.each_key do |key|
|
|
84
|
-
return false if key.match?(CSRF_PATTERN)
|
|
85
|
-
return false if key.match?(TOKEN_PATTERN) && looks_like_token?(params[key])
|
|
86
|
-
end
|
|
87
|
-
# having no actions means there's no vulnerability
|
|
88
|
-
return false unless context.get_property(STATE_CHANGING_ACTIONS_KEY)&.any?
|
|
89
|
-
|
|
90
|
-
true
|
|
91
|
-
end
|
|
92
|
-
|
|
93
|
-
MINIMUM_CSRF_TOKEN_SIZE = 8
|
|
94
|
-
MAXIMUM_CSRF_TOKEN_SIZE = 24
|
|
95
|
-
TOKEN_REGEXP = /^[A-Za-z0-9]*$/.cs__freeze
|
|
96
|
-
def looks_like_token? value
|
|
97
|
-
return false unless value
|
|
98
|
-
|
|
99
|
-
values = [value]
|
|
100
|
-
values.each do |parameter|
|
|
101
|
-
next unless parameter
|
|
102
|
-
|
|
103
|
-
length = parameter.length
|
|
104
|
-
next if length < MINIMUM_CSRF_TOKEN_SIZE
|
|
105
|
-
next if length > MAXIMUM_CSRF_TOKEN_SIZE
|
|
106
|
-
return true if parameter.match?(TOKEN_REGEXP)
|
|
107
|
-
end
|
|
108
|
-
false
|
|
109
|
-
end
|
|
110
|
-
|
|
111
|
-
DATA_KEY = 'actions'
|
|
112
|
-
def build_finding context
|
|
113
|
-
actions = context.get_property(STATE_CHANGING_ACTIONS_KEY)
|
|
114
|
-
return if actions.nil? || actions.empty?
|
|
115
|
-
|
|
116
|
-
string = actions.map(&:to_h).to_json
|
|
117
|
-
finding = Contrast::Api::Dtm::Finding.new
|
|
118
|
-
finding.rule_id = Contrast::Agent::Assess::Rule::Csrf::NAME
|
|
119
|
-
finding.session_id = Contrast::Agent::FeatureState.instance.current_session_id
|
|
120
|
-
hash_code = Contrast::Utils::HashDigest.generate_response_hash(finding)
|
|
121
|
-
finding.hash_code = Contrast::Utils::StringUtils.force_utf8(hash_code)
|
|
122
|
-
finding.properties[DATA_KEY] = Contrast::Utils::StringUtils.force_utf8(string)
|
|
123
|
-
finding
|
|
124
|
-
rescue StandardError => e
|
|
125
|
-
logger.error(e, 'Unable to build a finding for CSRF')
|
|
126
|
-
end
|
|
127
|
-
end
|
|
128
|
-
end
|
|
129
|
-
end
|
|
130
|
-
end
|
|
131
|
-
end
|
|
132
|
-
end
|
|
@@ -1,47 +0,0 @@
|
|
|
1
|
-
# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
module Contrast
|
|
5
|
-
module Agent
|
|
6
|
-
module Assess
|
|
7
|
-
module Rule
|
|
8
|
-
# Those rules which function by scanning the Response body in order to
|
|
9
|
-
# detect vulnerabilities. These rules should each have their own
|
|
10
|
-
# Contrast::Agent::Assess::RuleResponseWatcher.
|
|
11
|
-
#
|
|
12
|
-
# Note: Most have been moved to the Service, as they typically watch
|
|
13
|
-
# the Request or Response bodies, parsing out vulnerabilities
|
|
14
|
-
# therein. CSRF is an exception to this as the rule requires a change
|
|
15
|
-
# to the Response body to function.
|
|
16
|
-
class ResponseScanningRule < Contrast::Agent::Assess::Rule::Base
|
|
17
|
-
def watcher
|
|
18
|
-
# raise(
|
|
19
|
-
# NotImplementedError,
|
|
20
|
-
# 'A child rule should have overridden the watcher method')
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
def stream_safe?
|
|
24
|
-
false
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
def generate_hash finding
|
|
28
|
-
Contrast::Utils::HashDigest.generate_response_hash(finding)
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def postfilter context
|
|
32
|
-
findings = watcher.postfilter(context) if watcher && context
|
|
33
|
-
return unless findings
|
|
34
|
-
|
|
35
|
-
if findings.is_a?(Array)
|
|
36
|
-
findings.each do |finding|
|
|
37
|
-
send_report(finding) if finding
|
|
38
|
-
end
|
|
39
|
-
else
|
|
40
|
-
send_report(findings)
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
|
-
end
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
|
-
end
|