RubyGems - contrast-agent - Versions diffs - 3.10.2 → 3.11.0 - Mend

contrast-agent 3.10.2 → 3.11.0

Files changed (266) hide show

checksums.yaml +4 -4
data/.simplecov +5 -2
data/ext/build_funchook.rb +13 -17
data/ext/cs__assess_active_record_named/cs__active_record_named.c +5 -12
data/ext/cs__assess_active_record_named/extconf.rb +3 -0
data/ext/cs__assess_array/cs__assess_array.c +3 -5
data/ext/cs__assess_array/extconf.rb +3 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +10 -4
data/ext/cs__assess_basic_object/extconf.rb +3 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +4 -3
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +3 -3
data/ext/cs__assess_fiber_track/extconf.rb +3 -0
data/ext/cs__assess_hash/cs__assess_hash.c +40 -17
data/ext/cs__assess_hash/cs__assess_hash.h +4 -6
data/ext/cs__assess_hash/extconf.rb +3 -0
data/ext/cs__assess_kernel/cs__assess_kernel.c +10 -8
data/ext/cs__assess_kernel/cs__assess_kernel.h +1 -0
data/ext/cs__assess_kernel/extconf.rb +3 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +3 -6
data/ext/cs__assess_marshal_module/extconf.rb +3 -0
data/ext/cs__assess_module/cs__assess_module.c +13 -9
data/ext/cs__assess_module/extconf.rb +3 -0
data/ext/cs__assess_regexp/cs__assess_regexp.c +13 -9
data/ext/cs__assess_regexp/cs__assess_regexp.h +1 -0
data/ext/cs__assess_regexp/extconf.rb +3 -0
data/ext/cs__assess_string/cs__assess_string.c +5 -8
data/ext/cs__assess_string/cs__assess_string.h +2 -1
data/ext/cs__assess_string/extconf.rb +3 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +2 -2
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +3 -3
data/ext/cs__assess_string_interpolation26/extconf.rb +3 -0
data/ext/cs__assess_yield_track/cs__assess_yield_track.h +1 -1
data/ext/cs__assess_yield_track/extconf.rb +3 -0
data/ext/cs__common/cs__common.c +79 -0
data/ext/cs__common/cs__common.h +34 -0
data/ext/cs__common/extconf.rb +9 -8
data/ext/cs__contrast_patch/cs__contrast_patch.h +1 -6
data/ext/cs__contrast_patch/extconf.rb +3 -0
data/ext/cs__protect_kernel/cs__protect_kernel.c +20 -11
data/ext/cs__protect_kernel/extconf.rb +3 -0
data/ext/extconf_common.rb +10 -8
data/funchook/autom4te.cache/output.0 +1 -13
data/funchook/autom4te.cache/requests +44 -45
data/funchook/autom4te.cache/traces.0 +0 -3
data/funchook/config.log +378 -217
data/funchook/config.status +23 -24
data/funchook/configure +1 -13
data/funchook/src/Makefile +7 -7
data/funchook/src/config.h +2 -2
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.dylib +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +2 -2
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/libfunchook_test.so.dSYM/Contents/Info.plist +20 -0
data/funchook/test/libfunchook_test.so.dSYM/Contents/Resources/DWARF/libfunchook_test.so +0 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.o +0 -0
data/lib/contrast.rb +1 -0
data/lib/contrast/agent.rb +21 -15
data/lib/contrast/agent/assess.rb +1 -2
data/lib/contrast/agent/assess/adjusted_span.rb +3 -1
data/lib/contrast/agent/assess/contrast_event.rb +16 -62
data/lib/contrast/agent/assess/events/event_factory.rb +25 -0
data/lib/contrast/agent/assess/events/source_event.rb +83 -0
data/lib/contrast/agent/assess/insulator.rb +0 -4
data/lib/contrast/agent/assess/policy/patcher.rb +5 -2
data/lib/contrast/agent/assess/policy/policy_node.rb +0 -7
data/lib/contrast/agent/assess/policy/policy_scanner.rb +1 -1
data/lib/contrast/agent/assess/policy/preshift.rb +1 -1
data/lib/contrast/agent/assess/policy/propagation_method.rb +65 -33
data/lib/contrast/agent/assess/policy/propagation_node.rb +2 -1
data/lib/contrast/agent/assess/policy/propagator.rb +1 -0
data/lib/contrast/agent/assess/policy/propagator/match_data.rb +80 -0
data/lib/contrast/agent/assess/policy/propagator/select.rb +35 -22
data/lib/contrast/agent/assess/policy/propagator/split.rb +26 -6
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +2 -0
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +37 -26
data/lib/contrast/agent/assess/policy/source_method.rb +20 -20
data/lib/contrast/agent/assess/policy/source_node.rb +0 -15
data/lib/contrast/agent/assess/policy/trigger_method.rb +29 -40
data/lib/contrast/agent/assess/policy/trigger_node.rb +3 -6
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +2 -31
data/lib/contrast/agent/assess/properties.rb +5 -3
data/lib/contrast/agent/assess/rule/base.rb +1 -5
data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +2 -22
data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +5 -1
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +2 -2
data/lib/contrast/agent/assess/rule/redos.rb +4 -4
data/lib/contrast/agent/assess/tag.rb +24 -14
data/lib/contrast/agent/at_exit_hook.rb +16 -13
data/lib/contrast/agent/class_reopener.rb +14 -4
data/lib/contrast/agent/deadzone/policy/policy.rb +2 -2
data/lib/contrast/agent/disable_reaction.rb +3 -4
data/lib/contrast/agent/exclusion_matcher.rb +8 -48
data/lib/contrast/agent/feature_state.rb +45 -75
data/lib/contrast/agent/logger.rb +173 -0
data/lib/contrast/agent/middleware.rb +87 -250
data/lib/contrast/agent/module_data.rb +2 -1
data/lib/contrast/agent/patching/policy/after_load_patch.rb +2 -1
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +21 -4
data/lib/contrast/agent/patching/policy/method_policy.rb +3 -3
data/lib/contrast/agent/patching/policy/module_policy.rb +0 -25
data/lib/contrast/agent/patching/policy/patch.rb +96 -23
data/lib/contrast/agent/patching/policy/patcher.rb +19 -19
data/lib/contrast/agent/patching/policy/policy.rb +7 -7
data/lib/contrast/agent/patching/policy/policy_node.rb +2 -10
data/lib/contrast/agent/patching/policy/trigger_node.rb +1 -4
data/lib/contrast/agent/protect/rule/base.rb +14 -33
data/lib/contrast/agent/protect/rule/base_service.rb +3 -1
data/lib/contrast/agent/protect/rule/cmd_injection.rb +10 -13
data/lib/contrast/agent/protect/rule/csrf.rb +2 -1
data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +11 -14
data/lib/contrast/agent/protect/rule/default_scanner.rb +0 -13
data/lib/contrast/agent/protect/rule/deserialization.rb +2 -0
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +2 -2
data/lib/contrast/agent/protect/rule/no_sqli.rb +4 -4
data/lib/contrast/agent/protect/rule/path_traversal.rb +5 -4
data/lib/contrast/agent/protect/rule/sqli.rb +1 -0
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +2 -0
data/lib/contrast/agent/protect/rule/xss.rb +2 -0
data/lib/contrast/agent/protect/rule/xxe.rb +10 -4
data/lib/contrast/agent/railtie.rb +2 -8
data/lib/contrast/agent/reaction_processor.rb +5 -5
data/lib/contrast/agent/request.rb +9 -12
data/lib/contrast/agent/request_context.rb +12 -14
data/lib/contrast/agent/request_handler.rb +35 -0
data/lib/contrast/agent/response.rb +33 -30
data/lib/contrast/agent/rewriter.rb +22 -10
data/lib/contrast/agent/rule_set.rb +49 -0
data/lib/contrast/agent/scope.rb +0 -6
data/lib/contrast/agent/service_heartbeat.rb +1 -2
data/lib/contrast/agent/settings_state.rb +10 -74
data/lib/contrast/agent/socket_client.rb +17 -11
data/lib/contrast/agent/static_analysis.rb +42 -0
data/lib/contrast/agent/thread.rb +1 -1
data/lib/contrast/agent/tracepoint_hook.rb +1 -5
data/lib/contrast/agent/version.rb +1 -1
data/lib/contrast/api.rb +1 -1
data/lib/contrast/api/decorators.rb +14 -0
data/lib/contrast/api/decorators/application_settings.rb +37 -0
data/lib/contrast/api/decorators/application_update.rb +66 -0
data/lib/contrast/api/decorators/exclusion.rb +20 -0
data/lib/contrast/api/decorators/input_analysis.rb +17 -0
data/lib/contrast/api/decorators/server_features.rb +24 -0
data/lib/contrast/api/speedracer.rb +27 -23
data/lib/contrast/api/tcp_socket.rb +0 -2
data/lib/contrast/components/agent.rb +27 -22
data/lib/contrast/components/app_context.rb +18 -43
data/lib/contrast/components/config.rb +7 -5
data/lib/contrast/components/contrast_service.rb +0 -4
data/lib/contrast/components/heap_dump.rb +12 -8
data/lib/contrast/components/interface.rb +11 -10
data/lib/contrast/components/logger.rb +3 -68
data/lib/contrast/components/sampling.rb +22 -11
data/lib/contrast/components/settings.rb +18 -5
data/lib/contrast/config/base_configuration.rb +1 -0
data/lib/contrast/config/default_value.rb +1 -0
data/lib/contrast/config/protect_rule_configuration.rb +0 -14
data/lib/contrast/extensions/framework/rails/action_controller_inheritance.rb +39 -0
data/lib/contrast/extensions/framework/rails/active_record_named.rb +13 -8
data/lib/contrast/extensions/ruby_core/assess.rb +1 -2
data/lib/contrast/extensions/ruby_core/assess/assess_extension.rb +27 -22
data/lib/contrast/extensions/ruby_core/assess/erb.rb +0 -8
data/lib/contrast/extensions/ruby_core/assess/exec_trigger.rb +6 -8
data/lib/contrast/extensions/ruby_core/assess/fiber.rb +88 -100
data/lib/contrast/extensions/ruby_core/assess/hash.rb +32 -15
data/lib/contrast/extensions/ruby_core/assess/kernel.rb +28 -27
data/lib/contrast/extensions/ruby_core/assess/regexp.rb +74 -196
data/lib/contrast/extensions/ruby_core/assess/string.rb +15 -7
data/lib/contrast/extensions/ruby_core/assess/tilt_template_trigger.rb +29 -24
data/lib/contrast/extensions/ruby_core/assess/xpath_library_trigger.rb +2 -2
data/lib/contrast/extensions/ruby_core/eval_trigger.rb +0 -1
data/lib/contrast/extensions/ruby_core/inventory/datastores.rb +2 -2
data/lib/contrast/extensions/ruby_core/protect/applies_command_injection_rule.rb +9 -20
data/lib/contrast/extensions/ruby_core/protect/applies_deserialization_rule.rb +9 -19
data/lib/contrast/extensions/ruby_core/protect/applies_no_sqli_rule.rb +10 -27
data/lib/contrast/extensions/ruby_core/protect/applies_path_traversal_rule.rb +13 -21
data/lib/contrast/extensions/ruby_core/protect/applies_sqli_rule.rb +11 -23
data/lib/contrast/extensions/ruby_core/protect/applies_xxe_rule.rb +62 -78
data/lib/contrast/extensions/ruby_core/protect/rule_applicator.rb +50 -0
data/lib/contrast/framework/base_support.rb +10 -0
data/lib/contrast/framework/manager.rb +28 -2
data/lib/contrast/framework/platform_version.rb +1 -0
data/lib/contrast/framework/rails_support.rb +16 -0
data/lib/contrast/framework/sinatra_support.rb +12 -2
data/lib/contrast/framework/view_technologies_descriptor.rb +1 -0
data/lib/contrast/tasks/service.rb +2 -8
data/lib/contrast/utils/assess/sampling_util.rb +4 -9
data/lib/contrast/utils/assess/tracking_util.rb +7 -1
data/lib/contrast/utils/boolean_util.rb +2 -2
data/lib/contrast/utils/cache.rb +0 -11
data/lib/contrast/utils/class_util.rb +20 -1
data/lib/contrast/utils/gemfile_reader.rb +5 -3
data/lib/contrast/utils/hash_digest.rb +0 -4
data/lib/contrast/utils/heap_dump_util.rb +12 -11
data/lib/contrast/utils/invalid_configuration_util.rb +1 -1
data/lib/contrast/utils/inventory_util.rb +2 -2
data/lib/contrast/utils/io_util.rb +1 -11
data/lib/contrast/utils/job_servers_running.rb +2 -2
data/lib/contrast/utils/object_share.rb +1 -27
data/lib/contrast/utils/os.rb +1 -25
data/lib/contrast/utils/rack_assess_session_cookie.rb +3 -3
data/lib/contrast/utils/rails_assess_configuration.rb +3 -3
data/lib/contrast/utils/service_response_util.rb +27 -53
data/lib/contrast/utils/service_sender_util.rb +9 -5
data/lib/contrast/utils/sinatra_helper.rb +0 -6
data/lib/contrast/utils/stack_trace_utils.rb +86 -182
data/lib/contrast/utils/string_utils.rb +18 -2
data/lib/contrast/utils/tag_util.rb +11 -1
data/lib/contrast/utils/thread_tracker.rb +2 -2
data/lib/contrast/utils/timer.rb +0 -40
data/resources/assess/policy.json +33 -21
data/resources/protect/policy.json +9 -9
data/ruby-agent.gemspec +6 -3
metadata +76 -51
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +0 -63
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +0 -29
data/ext/cs__assess_regexp_track/extconf.rb +0 -2
data/funchook/src/libfunchook.so +0 -0
data/lib/contrast/agent/assess/frozen_properties.rb +0 -41
data/lib/contrast/agent/logger_manager.rb +0 -116
data/lib/contrast/delegators.rb +0 -9
data/lib/contrast/delegators/application_update.rb +0 -32
data/lib/contrast/utils/comment_range.rb +0 -19
data/lib/contrast/utils/environment_util.rb +0 -81
data/lib/contrast/utils/performs_logging.rb +0 -152
data/resources/factory-bot-spec/spec_helper.rb +0 -30
data/resources/rubocops/kernel/catch_cop.rb +0 -37
data/resources/rubocops/kernel/require_cop.rb +0 -37
data/resources/rubocops/kernel/require_relative_cop.rb +0 -33
data/resources/rubocops/module/autoload_cop.rb +0 -37
data/resources/rubocops/module/const_defined_cop.rb +0 -37
data/resources/rubocops/module/const_get_cop.rb +0 -37
data/resources/rubocops/module/const_set_cop.rb +0 -37
data/resources/rubocops/module/constants_cop.rb +0 -37
data/resources/rubocops/module/name_cop.rb +0 -37
data/resources/rubocops/object/class_cop.rb +0 -37
data/resources/rubocops/object/freeze_cop.rb +0 -37
data/resources/rubocops/object/frozen_cop.rb +0 -37
data/resources/rubocops/object/is_a_cop.rb +0 -37
data/resources/rubocops/object/method_cop.rb +0 -37
data/resources/rubocops/object/respond_to_cop.rb +0 -37
data/resources/rubocops/object/singleton_class_cop.rb +0 -37
data/resources/rubocops/regexp/spelling_cop.rb +0 -44
data/resources/rubocops/thread/new_cop.rb +0 -39
data/resources/ruby-spec/ancestors_spec.rb +0 -70
data/resources/ruby-spec/modulo_spec.rb +0 -831
data/resources/ruby-spec/parameters_spec.rb +0 -261
data/resources/ruby-spec/ruby_spec_spec_helper.rb +0 -35

@@ -1,4 +1,4 @@
-#! /bin/bash
+#! /bin/sh
 # Generated by configure.
 # Run this file to recreate the current configuration.
 # Compiler output produced by configure, useful for debugging
@@ -8,7 +8,7 @@ debug=false
 ac_cs_recheck=false
 ac_cs_silent=false
-SHELL=${CONFIG_SHELL-/bin/bash}
+SHELL=${CONFIG_SHELL-/bin/sh}
 export SHELL
 ## -------------------- ##
 ## M4sh Initialization. ##
@@ -433,7 +433,7 @@ Copyright (C) 2012 Free Software Foundation, Inc.
 This config.status script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it."
-ac_pwd='/opt/atlassian/pipelines/agent/build/funchook'
+ac_pwd='/Users/donaldpropst/Projects/ruby-agent/funchook'
 srcdir='.'
 test -n "$AWK" || AWK=awk
 # The default lists apply if the user does not specify any file.
@@ -512,10 +512,10 @@ if $ac_cs_silent; then
 fi
 if $ac_cs_recheck; then
-  set X /bin/bash './configure'  $ac_configure_extra_args --no-create --no-recursion
+  set X /bin/sh './configure'  $ac_configure_extra_args --no-create --no-recursion
   shift
-  $as_echo "running CONFIG_SHELL=/bin/bash $*" >&6
-  CONFIG_SHELL='/bin/bash'
+  $as_echo "running CONFIG_SHELL=/bin/sh $*" >&6
+  CONFIG_SHELL='/bin/sh'
   export CONFIG_SHELL
   exec "$@"
 fi
@@ -604,24 +604,24 @@ echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
 cat >>"$ac_tmp/subs1.awk" <<\_ACAWK &&
 S["LTLIBOBJS"]=""
 S["LIBOBJS"]=""
-S["IF_OSX"]="#"
-S["IF_LINUX"]=""
+S["IF_OSX"]=""
+S["IF_LINUX"]="#"
 S["IF_WIN32"]="#"
 S["PIC_CFLAGS"]="-fPIC"
 S["LINK_SHARED"]="$(CC) -shared"
-S["LIBFUNCHOOK_SO"]="libfunchook.so"
+S["LIBFUNCHOOK_SO"]="libfunchook.dylib"
 S["FUNCHOOK_OS"]="unix"
 S["FUNCHOOK_CPU"]="x86_64"
-S["host_os"]="linux-gnu"
-S["host_vendor"]="unknown"
+S["host_os"]="darwin18.6.0"
+S["host_vendor"]="apple"
 S["host_cpu"]="x86_64"
-S["host"]="x86_64-unknown-linux-gnu"
-S["build_os"]="linux-gnu"
-S["build_vendor"]="unknown"
+S["host"]="x86_64-apple-darwin18.6.0"
+S["build_os"]="darwin18.6.0"
+S["build_vendor"]="apple"
 S["build_cpu"]="x86_64"
-S["build"]="x86_64-unknown-linux-gnu"
-S["EGREP"]="/bin/grep -E"
-S["GREP"]="/bin/grep"
+S["build"]="x86_64-apple-darwin18.6.0"
+S["EGREP"]="/usr/bin/grep -E"
+S["GREP"]="/usr/bin/grep"
 S["CPP"]="gcc -E"
 S["OBJEXT"]="o"
 S["EXEEXT"]=""
@@ -633,10 +633,10 @@ S["CC"]="gcc"
 S["target_alias"]=""
 S["host_alias"]=""
 S["build_alias"]=""
-S["LIBS"]="-ldl"
+S["LIBS"]=""
 S["ECHO_T"]=""
-S["ECHO_N"]="-n"
-S["ECHO_C"]=""
+S["ECHO_N"]=""
+S["ECHO_C"]="\\c"
 S["DEFS"]="-DHAVE_CONFIG_H"
 S["mandir"]="${datarootdir}/man"
 S["localedir"]="${datarootdir}/locale"
@@ -649,7 +649,6 @@ S["infodir"]="${datarootdir}/info"
 S["docdir"]="${datarootdir}/doc/${PACKAGE_TARNAME}"
 S["oldincludedir"]="/usr/include"
 S["includedir"]="${prefix}/include"
-S["runstatedir"]="${localstatedir}/run"
 S["localstatedir"]="${prefix}/var"
 S["sharedstatedir"]="${prefix}/com"
 S["sysconfdir"]="${prefix}/etc"
@@ -668,7 +667,7 @@ S["PACKAGE_VERSION"]="0.1"
 S["PACKAGE_TARNAME"]="funchook"
 S["PACKAGE_NAME"]="funchook"
 S["PATH_SEPARATOR"]=":"
-S["SHELL"]="/bin/bash"
+S["SHELL"]="/bin/sh"
 _ACAWK
 cat >>"$ac_tmp/subs1.awk" <<_ACAWK &&
   for (key in S) S_is_set[key] = 1
@@ -732,8 +731,8 @@ D["_GNU_SOURCE"]=" 1"
 D["_POSIX_PTHREAD_SEMANTICS"]=" 1"
 D["_TANDEM_SOURCE"]=" 1"
 D["SIZEOF_VOIDP"]=" 8"
-D["HAVE_DECL__SYS_NERR"]=" 1"
-D["HAVE_DECL__SYS_ERRLIST"]=" 1"
+D["HAVE_DECL__SYS_NERR"]=" 0"
+D["HAVE_DECL__SYS_ERRLIST"]=" 0"
 D["HAVE_DECL_SYS_NERR"]=" 1"
 D["HAVE_DECL_SYS_ERRLIST"]=" 1"
   for (key in D) D_is_set[key] = 1

data/funchook/configure CHANGED

@@ -665,7 +665,6 @@ infodir
 docdir
 oldincludedir
 includedir
-runstatedir
 localstatedir
 sharedstatedir
 sysconfdir
@@ -736,7 +735,6 @@ datadir='${datarootdir}'
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -989,15 +987,6 @@ do
   | -silent | --silent | --silen | --sile | --sil)
     silent=yes ;;
-  -runstatedir | --runstatedir | --runstatedi | --runstated \
-  | --runstate | --runstat | --runsta | --runst | --runs \
-  | --run | --ru | --r)
-    ac_prev=runstatedir ;;
-  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
-  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
-  | --run=* | --ru=* | --r=*)
-    runstatedir=$ac_optarg ;;
   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
     ac_prev=sbindir ;;
   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1135,7 +1124,7 @@ fi
 for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
 		datadir sysconfdir sharedstatedir localstatedir includedir \
 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-		libdir localedir mandir runstatedir
+		libdir localedir mandir
 do
   eval ac_val=\$$ac_var
   # Remove trailing slashes.
@@ -1288,7 +1277,6 @@ Fine tuning of the installation directories:
   --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
-  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
   --libdir=DIR            object code libraries [EPREFIX/lib]
   --includedir=DIR        C header files [PREFIX/include]
   --oldincludedir=DIR     C header files for non-gcc [/usr/include]

data/funchook/src/Makefile CHANGED

@@ -7,11 +7,11 @@ VPATH = $(DISTORM3_DIR)/src:$(top_srcdir)/include
 CC = gcc
 CFLAGS = -g -O2 -Wall -fvisibility=hidden -fPIC -g -I. -I$(top_srcdir)/include -I$(DISTORM3_DIR)/include
-LIBS = -ldl
+LIBS =
 LINK_SHARED = $(CC) -shared
 #LIBS += -lpsapi
-#LDFLAGS += -install_name @rpath/libfunchook.dylib
+LDFLAGS += -install_name @rpath/libfunchook.dylib
 FUNCHOOK_OBJS = \
 	os_func.o \
@@ -22,8 +22,8 @@ FUNCHOOK_OBJS = \
 	funchook_x86.o \
 	funchook_unix.o
-FUNCHOOK_OBJS += funchook_syscall.o
 #FUNCHOOK_OBJS += funchook_syscall.o
+FUNCHOOK_OBJS += funchook_syscall.o
 DISTORM3_OBJS = \
 	mnemonics.o \
@@ -43,13 +43,13 @@ HEADERS = \
 OBJS = $(FUNCHOOK_OBJS) $(DISTORM3_OBJS)
-all: libfunchook.so
+all: libfunchook.dylib
 check:
 	cd ../test && $(MAKE) check
-libfunchook.so: $(OBJS)
-	$(LINK_SHARED) $(LDFLAGS) -o libfunchook.so $(OBJS) $(LIBS)
+libfunchook.dylib: $(OBJS)
+	$(LINK_SHARED) $(LDFLAGS) -o libfunchook.dylib $(OBJS) $(LIBS)
 funchook.o: funchook.c $(HEADERS)
 funchook_linux.o: funchook_linux.c $(HEADERS)
@@ -64,7 +64,7 @@ insts.o: insts.c
 	$(CC) $(CFLAGS) -c -o $@ $< -Wno-missing-braces
 clean:
-	$(RM) libfunchook.so $(OBJS)
+	$(RM) libfunchook.dylib $(OBJS)
 Makefile config.h: $(srcdir)/Makefile.in $(srcdir)/config.h.in $(top_builddir)/config.status
 	cd $(top_builddir) && ./config.status

data/funchook/src/config.h CHANGED

@@ -11,11 +11,11 @@
 /* Define to 1 if you have the declaration of `_sys_errlist', and to 0 if you
    don't. */
-#define HAVE_DECL__SYS_ERRLIST 1
+#define HAVE_DECL__SYS_ERRLIST 0
 /* Define to 1 if you have the declaration of `_sys_nerr', and to 0 if you
    don't. */
-#define HAVE_DECL__SYS_NERR 1
+#define HAVE_DECL__SYS_NERR 0
 /* Define to 1 if you have the <inttypes.h> header file. */
 #define HAVE_INTTYPES_H 1

data/funchook/src/decoder.o CHANGED

Binary file

data/funchook/src/distorm.o CHANGED

Binary file

data/funchook/src/funchook.o CHANGED

Binary file

data/funchook/src/funchook_io.o CHANGED

Binary file

data/funchook/src/funchook_syscall.o CHANGED

Binary file

data/funchook/src/funchook_unix.o CHANGED

Binary file

data/funchook/src/funchook_x86.o CHANGED

Binary file

data/funchook/src/instructions.o CHANGED

Binary file

data/funchook/src/insts.o CHANGED

Binary file

data/funchook/src/libfunchook.dylib ADDED

Binary file

data/funchook/src/mnemonics.o CHANGED

Binary file

data/funchook/src/operands.o CHANGED

Binary file

data/funchook/src/os_func.o CHANGED

Binary file

data/funchook/src/os_func_unix.o CHANGED

Binary file

data/funchook/src/prefix.o CHANGED

Binary file

data/funchook/src/printf_base.o CHANGED

Binary file

data/funchook/src/textdefs.o CHANGED

Binary file

data/funchook/src/wstring.o CHANGED

Binary file

data/funchook/test/Makefile CHANGED

@@ -14,7 +14,7 @@ DLLTOOL = $(firstword $(CC:gcc=dlltool))
 SO_OBJS = $(srcdir)/libfunchook_test.c $(srcdir)/libfunchook_test2.c
 #LDFLAGS += -Wl,--out-implib,funchook_test.lib
 #FUNCHOOK_TEST_LIB = funchook_test_exe.lib
-#LDFLAGS += -Wl,-undefined,dynamic_lookup
+LDFLAGS += -Wl,-undefined,dynamic_lookup
 VPATH = ../src
@@ -24,7 +24,7 @@ test: funchook_test$(EXEEXT)
 	# cmp -s $(top_builddir)/src/funchook.dll funchook.dll || cp $(top_builddir)/src/funchook.dll funchook.dll
 	./funchook_test$(EXEEXT)
-funchook_test$(EXEEXT): $(OBJS) libfunchook.so libfunchook_test.so
+funchook_test$(EXEEXT): $(OBJS) libfunchook.dylib libfunchook_test.so
 	$(CC) -o funchook_test$(EXEEXT) $(OBJS) $(LIBS)
 libfunchook_test.so: $(SO_OBJS) $(FUNCHOOK_TEST_LIB)

data/funchook/test/funchook_test CHANGED

Binary file

data/funchook/test/libfunchook_test.so CHANGED

Binary file

data/funchook/test/libfunchook_test.so.dSYM/Contents/Info.plist ADDED

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+	<dict>
+		<key>CFBundleDevelopmentRegion</key>
+		<string>English</string>
+		<key>CFBundleIdentifier</key>
+		<string>com.apple.xcode.dsym.libfunchook_test.so</string>
+		<key>CFBundleInfoDictionaryVersion</key>
+		<string>6.0</string>
+		<key>CFBundlePackageType</key>
+		<string>dSYM</string>
+		<key>CFBundleSignature</key>
+		<string>????</string>
+		<key>CFBundleShortVersionString</key>
+		<string>1.0</string>
+		<key>CFBundleVersion</key>
+		<string>1</string>
+	</dict>
+</plist>

data/funchook/test/libfunchook_test.so.dSYM/Contents/Resources/DWARF/libfunchook_test.so ADDED

Binary file

data/funchook/test/test_main.o CHANGED

Binary file

data/funchook/test/x86_64_test.o CHANGED

Binary file

data/lib/contrast.rb CHANGED

@@ -54,4 +54,5 @@ cs__scoped_require 'contrast/utils/timer'
 cs__scoped_require 'contrast/utils/random_util'
 cs__scoped_require 'contrast/utils/preflight_util'
+cs__scoped_require 'contrast/utils/assess/sampling_util'
 cs__scoped_require 'contrast/agent'

data/lib/contrast/agent.rb CHANGED

@@ -3,11 +3,25 @@
 cs__scoped_require 'English'
+# Config interface, also cruft around logger interfaces etc.
+# this comes early bc legacy.
+cs__scoped_require 'contrast/agent/feature_state'
 # This must precede other Contrast C extensions
 cs__scoped_require 'cs__common/cs__common'
+# defining instrumentation, this must precede core extensions
+# because they need to register their patches
+cs__scoped_require 'contrast/agent/patching/policy/patcher'
+cs__scoped_require 'contrast/agent/patching/policy/patch'
+# core extensions
+cs__scoped_require 'contrast/extensions/ruby_core/assess'
 cs__scoped_require 'contrast/extensions/ruby_core/delegator'
+cs__scoped_require 'contrast/extensions/ruby_core/inventory'
 cs__scoped_require 'contrast/extensions/ruby_core/module'
+cs__scoped_require 'contrast/extensions/ruby_core/protect'
+cs__scoped_require 'contrast/extensions/ruby_core/protect/kernel'
 cs__scoped_require 'contrast/utils/object_share'
 cs__scoped_require 'contrast/utils/boolean_util'
@@ -20,20 +34,11 @@ cs__scoped_require 'contrast/common_agent_configuration'
 cs__scoped_require 'contrast/utils/hash_digest'
 cs__scoped_require 'contrast/utils/invalid_configuration_util'
-cs__scoped_require 'contrast/utils/cache'
 # scoping
 cs__scoped_require 'contrast/agent/scope'
 cs__scoped_require 'contrast/utils/thread_tracker'
-cs__scoped_require 'contrast/api'
-cs__scoped_require 'contrast/utils/resource_loader'
-cs__scoped_require 'contrast/utils/duck_utils'
-cs__scoped_require 'contrast/agent/tracepoint_hook'
-cs__scoped_require 'contrast/agent/at_exit_hook'
 # Framework support
 cs__scoped_require 'contrast/framework/manager'
@@ -50,16 +55,17 @@ module Contrast
   end
 end
-# keep tracker of logger updates
-cs__scoped_require 'contrast/agent/logger_manager'
+cs__scoped_require 'contrast/api'
+cs__scoped_require 'contrast/utils/resource_loader'
+cs__scoped_require 'contrast/utils/duck_utils'
+cs__scoped_require 'contrast/agent/tracepoint_hook'
+cs__scoped_require 'contrast/agent/at_exit_hook'
 # communication with contrast service
 cs__scoped_require 'contrast/agent/exclusion_matcher'
 cs__scoped_require 'contrast/agent/socket_client'
-# config interface
-cs__scoped_require 'contrast/agent/feature_state'
 # threads that handle contrast scope
 cs__scoped_require 'contrast/agent/thread'
@@ -72,7 +78,7 @@ cs__scoped_require 'contrast/agent/assess'
 # These happen regardless of analysis mode, & should be lightweight.
 cs__scoped_require 'contrast/utils/rack_assess_session_cookie'
 cs__scoped_require 'contrast/utils/rails_assess_configuration'
-# Also: should document the necessity of patching this ASAP.
 # In Rails, session configuration occurs extremely early & only once.
 # If we defer our patching of the rails session configuration too long
 # (i.e., where we normally patch) we will miss the configuration

data/lib/contrast/agent/assess.rb CHANGED

@@ -36,9 +36,8 @@ module Contrast
       # reporting / tracking
       cs__scoped_require 'contrast/agent/assess/insulator'
       cs__scoped_require 'contrast/agent/assess/properties'
-      cs__scoped_require 'contrast/agent/assess/frozen_properties'
       cs__scoped_require 'contrast/agent/assess/tag'
-      cs__scoped_require 'contrast/agent/assess/contrast_event'
+      cs__scoped_require 'contrast/agent/assess/events/event_factory'
     end
   end
 end

data/lib/contrast/agent/assess/adjusted_span.rb CHANGED

@@ -14,7 +14,9 @@ module Contrast
       # Note: Unlike ranges, it is assumed that the stop
       # value is exclusive, not inclusive. [start, end)
       class AdjustedSpan
-        attr_accessor :start, :stop
+        attr_accessor :stop
+        attr_reader :start
         def initialize start = nil, stop = nil
           @start = start if start
           @stop = stop if stop

data/lib/contrast/agent/assess/contrast_event.rb CHANGED

@@ -1,8 +1,14 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+cs__scoped_require 'contrast/utils/assess/tracking_util'
 cs__scoped_require 'contrast/utils/class_util'
+cs__scoped_require 'contrast/utils/duck_utils'
+cs__scoped_require 'contrast/utils/object_share'
 cs__scoped_require 'contrast/utils/prevent_serialization'
+cs__scoped_require 'contrast/utils/stack_trace_utils'
+cs__scoped_require 'contrast/utils/string_utils'
+cs__scoped_require 'contrast/utils/timer'
 module Contrast
   module Agent
@@ -53,8 +59,7 @@ module Contrast
           end
         end
-        attr_accessor :source_name
-        attr_reader :event_id, :source_type, :parent_ids
+        attr_reader :event_id, :parent_ids
         # We need this to track the parent id's of events to build up a flow
         # chart of the finding
@@ -69,13 +74,13 @@ module Contrast
           end
         end
-        def initialize policy_node, tagged, object, ret, args, invoked = 0, source_type = nil, source_name = nil
-          @caller = caller_locations(get_call_start(policy_node, invoked), 10)
+        def initialize policy_node, tagged, object, ret, args
           @policy_node = policy_node
+          # so long as this event is built in a factory, we know Contrast Code
+          # will be the first three events
+          @caller = caller(3, 20)
           @time = Contrast::Utils::Timer.now_ms
           @thread = Thread.current.object_id
-          @source_type = source_type
-          @source_name = source_name
           # These methods rely on the above being set. Don't move them!
           @event_id = Contrast::Agent::Assess::ContrastEvent.next_atomic_id
@@ -86,8 +91,6 @@ module Contrast
         # Parent IDs are the event ids of all the sources of this event which
         # were tracked prior to this event occurring
         def find_parent_ids policy_node, object, ret, args
-          return if policy_node.is_a?(Contrast::Agent::Assess::Policy::SourceNode)
           mapped = policy_node.sources.map do |source|
             value_of_source(source, object, ret, args)
           end
@@ -137,6 +140,8 @@ module Contrast
         # one w/ a dup, but good enough for now. Trying not to make this too
         # complicated. - HM 8/8/19
         def save_target_arg target, tagged
+          return if @args.cs__frozen?
           if target.is_a?(Integer)
             @args[target] = cs__class.safe_dup(tagged)
             return
@@ -172,27 +177,6 @@ module Contrast
           end
         end
-        # each policy_node has a certain number of levels down it calls
-        # before getting here. since we know them, we can skip
-        # right to the part of the stack we care about.
-        #
-        # Note: if our callstack changes, this number has to change
-        def get_call_start policy_node, invoked
-          # TODO: RUBY-440 audit these numbers to get stacktraces to render
-          #   properly
-          base = case policy_node
-                 when Contrast::Agent::Assess::Policy::SourceNode
-                   6
-                 when Contrast::Agent::Assess::Policy::PropagationNode
-                   7
-                 when Contrast::Agent::Assess::Policy::TriggerNode
-                   7
-                 else
-                   2
-                 end
-          base + invoked
-        end
         # Convert this event into a DTM that TeamServer can consume
         def to_dtm_event
           event = Contrast::Api::Dtm::TraceEvent.new
@@ -220,20 +204,11 @@ module Contrast
           end
           # We delayed doing this as long as possible b/c it's expensive
-          stack = Contrast::Utils::StackTraceUtils.to_dtm_stack(
-              stack_locations: @caller,
-              rasp_element: false)
-          stack.each do |frame|
-            event.stack << frame
-          end
-          event.field_name = Contrast::Utils::StringUtils.force_utf8(source_name)
-          event_source_dtm = build_event_source_dtm
-          event.event_sources << event_source_dtm if event_source_dtm
+          stack = Contrast::Utils::StackTraceUtils.build_assess_stack_array(@caller)
+          event.stack += stack
           event.object_id = event_id.to_i
-          @parent_ids&.each do |id|
+          parent_ids&.each do |id|
             parent = Contrast::Api::Dtm::ParentObjectId.new
             parent.id = id.to_i
             event.parent_object_ids << parent
@@ -245,27 +220,6 @@ module Contrast
           event
         end
-        def forced_source_type
-          @_forced_source_type ||= Contrast::Utils::StringUtils.force_utf8(source_type)
-        end
-        def forced_source_name
-          @_forced_source_name ||= Contrast::Utils::StringUtils.force_utf8(source_name)
-        end
-        # Probably only for source events, but we'll go
-        # with source_type instead. java & .net support source_type
-        # in propagation events, so we'll future proof this
-        def build_event_source_dtm
-          # You can have a source w/o a name, but not w/o a type
-          return unless source_type
-          dtm = Contrast::Api::Dtm::TraceEventSource.new
-          dtm.type = forced_source_type
-          dtm.name = forced_source_name
-          dtm
-        end
         # We're not going to build the signature string here, b/c we have all
         # the composite pieces of it. Instead, we're going to let TeamServer
         # render this for us.