contrast-agent 3.11.0 → 3.13.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.dockerignore +0 -1
- data/.flayignore +1 -0
- data/.gitignore +1 -1
- data/.simplecov +1 -1
- data/Rakefile +31 -0
- data/ext/build_funchook.rb +0 -2
- data/ext/cs__assess_active_record_named/cs__active_record_named.c +7 -2
- data/ext/cs__assess_active_record_named/cs__active_record_named.h +1 -0
- data/ext/cs__assess_array/cs__assess_array.c +2 -1
- data/ext/cs__assess_array/cs__assess_array.h +1 -0
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +3 -7
- data/ext/cs__assess_basic_object/cs__assess_basic_object.h +2 -1
- data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +2 -8
- data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +0 -1
- data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -1
- data/ext/cs__assess_module/cs__assess_module.c +5 -7
- data/ext/cs__assess_module/cs__assess_module.h +3 -0
- data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +1 -6
- data/ext/cs__assess_yield_track/cs__assess_yield_track.c +1 -5
- data/ext/cs__assess_yield_track/cs__assess_yield_track.h +0 -1
- data/ext/cs__common/cs__common.c +25 -1
- data/ext/cs__common/cs__common.h +3 -0
- data/ext/cs__common/extconf.rb +0 -14
- data/ext/cs__protect_kernel/cs__protect_kernel.c +4 -2
- data/ext/cs__protect_kernel/cs__protect_kernel.h +1 -0
- data/ext/extconf_common.rb +0 -28
- data/lib/contrast.rb +3 -2
- data/lib/contrast/agent.rb +33 -24
- data/lib/contrast/agent/assess.rb +0 -9
- data/lib/contrast/agent/assess/contrast_event.rb +28 -167
- data/lib/contrast/agent/assess/events/source_event.rb +3 -7
- data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +1 -1
- data/lib/contrast/agent/assess/policy/patcher.rb +1 -0
- data/lib/contrast/agent/assess/policy/policy_node.rb +5 -99
- data/lib/contrast/agent/assess/policy/policy_scanner.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagation_method.rb +4 -2
- data/lib/contrast/agent/assess/policy/propagation_node.rb +5 -1
- data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +1 -3
- data/lib/contrast/agent/assess/policy/propagator/insert.rb +1 -4
- data/lib/contrast/agent/assess/policy/propagator/match_data.rb +9 -1
- data/lib/contrast/agent/assess/policy/propagator/remove.rb +6 -11
- data/lib/contrast/agent/assess/policy/propagator/select.rb +4 -4
- data/lib/contrast/agent/assess/policy/propagator/split.rb +2 -2
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +4 -4
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +6 -10
- data/lib/contrast/agent/assess/policy/source_method.rb +1 -2
- data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +90 -0
- data/lib/contrast/agent/assess/policy/trigger/xpath.rb +57 -0
- data/lib/contrast/agent/assess/policy/trigger_method.rb +2 -14
- data/lib/contrast/agent/assess/policy/trigger_node.rb +20 -5
- data/lib/contrast/agent/assess/properties.rb +4 -382
- data/lib/contrast/agent/assess/property/evented.rb +78 -0
- data/lib/contrast/agent/assess/property/tagged.rb +339 -0
- data/lib/contrast/agent/assess/rule/base.rb +0 -15
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +5 -6
- data/lib/contrast/agent/assess/rule/redos.rb +0 -1
- data/lib/contrast/agent/assess/tag.rb +27 -12
- data/lib/contrast/agent/at_exit_hook.rb +4 -2
- data/lib/contrast/agent/class_reopener.rb +9 -4
- data/lib/contrast/agent/exclusion_matcher.rb +2 -3
- data/lib/contrast/agent/inventory/policy/datastores.rb +53 -0
- data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
- data/lib/contrast/agent/middleware.rb +36 -44
- data/lib/contrast/agent/patching/policy/after_load_patch.rb +11 -2
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +51 -56
- data/lib/contrast/agent/patching/policy/patch.rb +3 -2
- data/lib/contrast/agent/patching/policy/patcher.rb +10 -12
- data/lib/contrast/agent/patching/policy/policy.rb +3 -3
- data/lib/contrast/agent/patching/policy/policy_node.rb +3 -3
- data/lib/contrast/agent/patching/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +63 -0
- data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +52 -0
- data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +68 -0
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +117 -0
- data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +54 -0
- data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +129 -0
- data/lib/contrast/agent/protect/policy/policy.rb +6 -6
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +51 -0
- data/lib/contrast/agent/protect/rule.rb +0 -5
- data/lib/contrast/agent/protect/rule/base.rb +25 -36
- data/lib/contrast/agent/protect/rule/base_service.rb +1 -1
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +3 -3
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +2 -7
- data/lib/contrast/agent/protect/rule/path_traversal.rb +2 -7
- data/lib/contrast/agent/protect/rule/sqli.rb +4 -4
- data/lib/contrast/agent/protect/rule/xxe.rb +1 -0
- data/lib/contrast/agent/railtie.rb +1 -0
- data/lib/contrast/agent/reaction_processor.rb +3 -3
- data/lib/contrast/agent/request.rb +91 -334
- data/lib/contrast/agent/request_context.rb +17 -18
- data/lib/contrast/agent/request_handler.rb +2 -2
- data/lib/contrast/agent/response.rb +2 -83
- data/lib/contrast/agent/scope.rb +1 -1
- data/lib/contrast/agent/service_heartbeat.rb +8 -10
- data/lib/contrast/agent/static_analysis.rb +2 -3
- data/lib/contrast/agent/thread_watcher.rb +49 -0
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent/worker_thread.rb +24 -0
- data/lib/contrast/api.rb +3 -5
- data/lib/contrast/api/communication.rb +20 -0
- data/lib/contrast/api/communication/connection_status.rb +41 -0
- data/lib/contrast/api/communication/messaging_queue.rb +79 -0
- data/lib/contrast/{utils/service_response_util.rb → api/communication/response_processor.rb} +15 -22
- data/lib/contrast/api/communication/service_lifecycle.rb +61 -0
- data/lib/contrast/api/communication/socket.rb +45 -0
- data/lib/contrast/api/communication/socket_client.rb +76 -0
- data/lib/contrast/api/communication/speedracer.rb +111 -0
- data/lib/contrast/api/communication/tcp_socket.rb +31 -0
- data/lib/contrast/api/communication/unix_socket.rb +27 -0
- data/lib/contrast/api/decorators.rb +10 -0
- data/lib/contrast/api/decorators/address.rb +60 -0
- data/lib/contrast/api/decorators/application_settings.rb +7 -3
- data/lib/contrast/api/decorators/application_update.rb +0 -9
- data/lib/contrast/api/decorators/http_request.rb +139 -0
- data/lib/contrast/api/decorators/message.rb +75 -0
- data/lib/contrast/api/decorators/rasp_rule_sample.rb +28 -0
- data/lib/contrast/api/decorators/route_coverage.rb +57 -0
- data/lib/contrast/api/decorators/trace_event.rb +99 -0
- data/lib/contrast/api/decorators/trace_event_object.rb +57 -0
- data/lib/contrast/api/decorators/trace_event_signature.rb +46 -0
- data/lib/contrast/api/decorators/trace_taint_range.rb +51 -0
- data/lib/contrast/api/decorators/trace_taint_range_tags.rb +109 -0
- data/lib/contrast/api/decorators/user_input.rb +40 -0
- data/lib/contrast/components/agent.rb +17 -12
- data/lib/contrast/components/app_context.rb +27 -2
- data/lib/contrast/components/assess.rb +25 -15
- data/lib/contrast/components/config.rb +4 -9
- data/lib/contrast/components/contrast_service.rb +23 -67
- data/lib/contrast/components/interface.rb +5 -13
- data/lib/contrast/components/inventory.rb +5 -1
- data/lib/contrast/components/logger.rb +2 -2
- data/lib/contrast/components/protect.rb +40 -4
- data/lib/contrast/components/scope.rb +2 -52
- data/lib/contrast/components/settings.rb +18 -18
- data/lib/contrast/config/protect_rules_configuration.rb +0 -1
- data/lib/contrast/configuration.rb +2 -2
- data/lib/contrast/{extensions/ruby_core → extension}/assess.rb +12 -15
- data/lib/contrast/extension/assess/array.rb +77 -0
- data/lib/contrast/{extensions/ruby_core → extension}/assess/assess_extension.rb +3 -4
- data/lib/contrast/{extensions/ruby_core → extension}/assess/erb.rb +0 -0
- data/lib/contrast/extension/assess/eval_trigger.rb +78 -0
- data/lib/contrast/{extensions/ruby_core → extension}/assess/exec_trigger.rb +1 -1
- data/lib/contrast/{extensions/ruby_core → extension}/assess/fiber.rb +7 -6
- data/lib/contrast/{extensions/ruby_core → extension}/assess/hash.rb +2 -2
- data/lib/contrast/extension/assess/kernel.rb +110 -0
- data/lib/contrast/{extensions/ruby_core → extension}/assess/regexp.rb +4 -4
- data/lib/contrast/{extensions/ruby_core → extension}/assess/string.rb +6 -6
- data/lib/contrast/{extensions/ruby_core → extension}/delegator.rb +0 -0
- data/lib/contrast/{extensions/ruby_core → extension}/inventory.rb +2 -3
- data/lib/contrast/extension/kernel.rb +54 -0
- data/lib/contrast/{extensions/ruby_core → extension}/module.rb +0 -0
- data/lib/contrast/{extensions/ruby_core → extension}/protect.rb +2 -2
- data/lib/contrast/extension/protect/kernel.rb +44 -0
- data/lib/contrast/{extensions/ruby_core → extension}/protect/psych.rb +1 -1
- data/lib/contrast/{extensions/ruby_core → extension}/thread.rb +0 -0
- data/lib/contrast/framework/base_support.rb +22 -23
- data/lib/contrast/framework/manager.rb +31 -15
- data/lib/contrast/framework/rack/patch/session_cookie.rb +126 -0
- data/lib/contrast/framework/rack/patch/support.rb +24 -0
- data/lib/contrast/framework/rack/support.rb +22 -0
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +41 -0
- data/lib/contrast/framework/rails/patch/assess_configuration.rb +102 -0
- data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +31 -0
- data/lib/contrast/framework/rails/patch/support.rb +67 -0
- data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +34 -0
- data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +39 -0
- data/lib/contrast/framework/rails/rewrite/active_record_named.rb +73 -0
- data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +33 -0
- data/lib/contrast/framework/rails/support.rb +86 -0
- data/lib/contrast/framework/sinatra/patch/base.rb +83 -0
- data/lib/contrast/framework/sinatra/patch/support.rb +27 -0
- data/lib/contrast/framework/sinatra/support.rb +98 -0
- data/lib/contrast/funchook/funchook.rb +45 -0
- data/lib/contrast/logger/application.rb +80 -0
- data/lib/contrast/logger/format.rb +51 -0
- data/lib/contrast/{agent/logger.rb → logger/log.rb} +39 -63
- data/lib/contrast/logger/time.rb +50 -0
- data/lib/contrast/tasks/config.rb +54 -0
- data/lib/contrast/tasks/service.rb +1 -5
- data/lib/contrast/utils/assess/tracking_util.rb +45 -20
- data/lib/contrast/utils/class_util.rb +4 -2
- data/lib/contrast/utils/gemfile_reader.rb +2 -2
- data/lib/contrast/utils/hash_digest.rb +13 -9
- data/lib/contrast/utils/invalid_configuration_util.rb +2 -18
- data/lib/contrast/utils/inventory_util.rb +2 -7
- data/lib/contrast/utils/job_servers_running.rb +4 -2
- data/lib/contrast/utils/object_share.rb +0 -2
- data/lib/contrast/utils/os.rb +16 -4
- data/lib/contrast/utils/stack_trace_utils.rb +0 -1
- data/lib/contrast/utils/tag_util.rb +1 -1
- data/lib/contrast/utils/thread_tracker.rb +1 -14
- data/lib/contrast/utils/timer.rb +1 -17
- data/resources/assess/policy.json +9 -50
- data/resources/inventory/policy.json +2 -2
- data/resources/protect/policy.json +6 -6
- data/ruby-agent.gemspec +9 -5
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +103 -139
- data/funchook/Makefile +0 -29
- data/funchook/autom4te.cache/output.0 +0 -4964
- data/funchook/autom4te.cache/requests +0 -77
- data/funchook/autom4te.cache/traces.0 +0 -361
- data/funchook/config.log +0 -651
- data/funchook/config.status +0 -1015
- data/funchook/configure +0 -4964
- data/funchook/src/Makefile +0 -70
- data/funchook/src/config.h +0 -101
- data/funchook/src/config.h.in +0 -100
- data/funchook/src/decoder.o +0 -0
- data/funchook/src/distorm.o +0 -0
- data/funchook/src/funchook.o +0 -0
- data/funchook/src/funchook_io.o +0 -0
- data/funchook/src/funchook_syscall.o +0 -0
- data/funchook/src/funchook_unix.o +0 -0
- data/funchook/src/funchook_x86.o +0 -0
- data/funchook/src/instructions.o +0 -0
- data/funchook/src/insts.o +0 -0
- data/funchook/src/libfunchook.dylib +0 -0
- data/funchook/src/mnemonics.o +0 -0
- data/funchook/src/operands.o +0 -0
- data/funchook/src/os_func.o +0 -0
- data/funchook/src/os_func_unix.o +0 -0
- data/funchook/src/prefix.o +0 -0
- data/funchook/src/printf_base.o +0 -0
- data/funchook/src/textdefs.o +0 -0
- data/funchook/src/wstring.o +0 -0
- data/funchook/test/Makefile +0 -43
- data/funchook/test/funchook_test +0 -0
- data/funchook/test/libfunchook_test.so +0 -0
- data/funchook/test/libfunchook_test.so.dSYM/Contents/Info.plist +0 -20
- data/funchook/test/libfunchook_test.so.dSYM/Contents/Resources/DWARF/libfunchook_test.so +0 -0
- data/funchook/test/test_main.o +0 -0
- data/funchook/test/x86_64_test.o +0 -0
- data/lib/contrast/agent/assess/adjusted_span.rb +0 -27
- data/lib/contrast/agent/assess/rule/csrf.rb +0 -66
- data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +0 -28
- data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +0 -53
- data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +0 -136
- data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +0 -47
- data/lib/contrast/agent/assess/rule/response_watcher.rb +0 -36
- data/lib/contrast/agent/assess/rule/watcher.rb +0 -36
- data/lib/contrast/agent/feature_state.rb +0 -346
- data/lib/contrast/agent/protect/rule/csrf.rb +0 -119
- data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +0 -100
- data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +0 -85
- data/lib/contrast/agent/settings_state.rb +0 -88
- data/lib/contrast/agent/socket_client.rb +0 -134
- data/lib/contrast/api/connection_status.rb +0 -49
- data/lib/contrast/api/decorators/exclusion.rb +0 -20
- data/lib/contrast/api/socket.rb +0 -43
- data/lib/contrast/api/speedracer.rb +0 -188
- data/lib/contrast/api/tcp_socket.rb +0 -29
- data/lib/contrast/api/unix_socket.rb +0 -25
- data/lib/contrast/extensions/framework/rack/cookie.rb +0 -24
- data/lib/contrast/extensions/framework/rack/request.rb +0 -24
- data/lib/contrast/extensions/framework/rack/response.rb +0 -23
- data/lib/contrast/extensions/framework/rails/action_controller_inheritance.rb +0 -39
- data/lib/contrast/extensions/framework/rails/action_controller_railties_helper_inherited.rb +0 -20
- data/lib/contrast/extensions/framework/rails/active_record.rb +0 -26
- data/lib/contrast/extensions/framework/rails/active_record_named.rb +0 -58
- data/lib/contrast/extensions/framework/rails/active_record_time_zone_inherited.rb +0 -21
- data/lib/contrast/extensions/framework/rails/buffer.rb +0 -28
- data/lib/contrast/extensions/framework/rails/configuration.rb +0 -27
- data/lib/contrast/extensions/framework/sinatra/base.rb +0 -59
- data/lib/contrast/extensions/ruby_core/assess/array.rb +0 -59
- data/lib/contrast/extensions/ruby_core/assess/basic_object.rb +0 -15
- data/lib/contrast/extensions/ruby_core/assess/kernel.rb +0 -96
- data/lib/contrast/extensions/ruby_core/assess/module.rb +0 -14
- data/lib/contrast/extensions/ruby_core/assess/tilt_template_trigger.rb +0 -78
- data/lib/contrast/extensions/ruby_core/assess/xpath_library_trigger.rb +0 -40
- data/lib/contrast/extensions/ruby_core/eval_trigger.rb +0 -51
- data/lib/contrast/extensions/ruby_core/inventory/datastores.rb +0 -37
- data/lib/contrast/extensions/ruby_core/protect/applies_command_injection_rule.rb +0 -61
- data/lib/contrast/extensions/ruby_core/protect/applies_deserialization_rule.rb +0 -50
- data/lib/contrast/extensions/ruby_core/protect/applies_no_sqli_rule.rb +0 -66
- data/lib/contrast/extensions/ruby_core/protect/applies_path_traversal_rule.rb +0 -115
- data/lib/contrast/extensions/ruby_core/protect/applies_sqli_rule.rb +0 -53
- data/lib/contrast/extensions/ruby_core/protect/applies_xxe_rule.rb +0 -127
- data/lib/contrast/extensions/ruby_core/protect/kernel.rb +0 -30
- data/lib/contrast/extensions/ruby_core/protect/rule_applicator.rb +0 -50
- data/lib/contrast/framework/rails_support.rb +0 -104
- data/lib/contrast/framework/sinatra_application_helper.rb +0 -49
- data/lib/contrast/framework/sinatra_support.rb +0 -104
- data/lib/contrast/framework/view_technologies_descriptor.rb +0 -21
- data/lib/contrast/internal_exception.rb +0 -8
- data/lib/contrast/utils/cache.rb +0 -58
- data/lib/contrast/utils/data_store_util.rb +0 -23
- data/lib/contrast/utils/rack_assess_session_cookie.rb +0 -104
- data/lib/contrast/utils/rails_assess_configuration.rb +0 -95
- data/lib/contrast/utils/random_util.rb +0 -22
- data/lib/contrast/utils/service_sender_util.rb +0 -110
- data/lib/contrast/utils/sinatra_helper.rb +0 -49
- data/resources/csrf/inject.js +0 -44
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 243b30b36043569647a00b004f6e1b2055f488b63cfd8a3f023a106f101cf889
|
|
4
|
+
data.tar.gz: 3bee1adbd1399cda966e480e982c15ac4cf29151148a0f3583707f976bd65704
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 25b33e16000c0ff543bce8d3b01185cc161e88c9d2d14f14210966f7789962f06fadad30c2343cb8a8b00c22e754dbd2f7335a177d2c42be1251c74debb26ca4
|
|
7
|
+
data.tar.gz: 186908641b731c23c873ee5a4821d74e2c112e61e33c1206769837774196055431de419e8e826f3324f85812ab324e9c2c6c15d02ca6b5d1001bd6a9fb2f2277
|
data/.dockerignore
CHANGED
data/.flayignore
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
./lib/contrast/api/*_pb.rb
|
data/.gitignore
CHANGED
data/.simplecov
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
-
SimpleCov.minimum_coverage line:
|
|
4
|
+
SimpleCov.minimum_coverage line: 94.75
|
|
5
5
|
SimpleCov.start do
|
|
6
6
|
add_filter '/spec/'
|
|
7
7
|
end
|
data/Rakefile
CHANGED
|
@@ -1,9 +1,13 @@
|
|
|
1
1
|
# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
$stdout.sync = true
|
|
5
|
+
|
|
4
6
|
require 'bundler/gem_tasks'
|
|
5
7
|
require 'rspec/core/rake_task'
|
|
6
8
|
require 'rake/extensiontask'
|
|
9
|
+
load 'protobuf/tasks/compile.rake'
|
|
10
|
+
require 'fileutils'
|
|
7
11
|
|
|
8
12
|
CLOBBER << 'shared_libraries/*'
|
|
9
13
|
|
|
@@ -13,3 +17,30 @@ Dir['ext/cs__*'].each do |extension|
|
|
|
13
17
|
ext.lib_dir = "lib/#{ name }"
|
|
14
18
|
end
|
|
15
19
|
end
|
|
20
|
+
|
|
21
|
+
task :contrast_pb_compile do
|
|
22
|
+
# do some stuff before compile
|
|
23
|
+
|
|
24
|
+
# Invoke the protobuf compile task with your sensible defaults
|
|
25
|
+
::Rake::Task['protobuf:compile'].invoke('lib',
|
|
26
|
+
'./agent-service-api/protobuf ./agent-service-api/protobuf/dtm.proto',
|
|
27
|
+
'lib/contrast/api',
|
|
28
|
+
nil)
|
|
29
|
+
|
|
30
|
+
::Rake::Task['protobuf:compile'].reenable
|
|
31
|
+
|
|
32
|
+
::Rake::Task['protobuf:compile'].invoke('lib',
|
|
33
|
+
'./agent-service-api/protobuf ./agent-service-api/protobuf/settings.proto',
|
|
34
|
+
'lib/contrast/api',
|
|
35
|
+
nil)
|
|
36
|
+
|
|
37
|
+
['dtm.pb.rb', 'settings.pb.rb'].each do |target_file|
|
|
38
|
+
target_path = File.absolute_path(File.join(__dir__, "./lib/contrast/api/#{ target_file }"))
|
|
39
|
+
unless File.exist?(target_path)
|
|
40
|
+
puts "File not found #{ target_path }"
|
|
41
|
+
exit 1
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
puts 'Protobuf copied successfully'
|
|
46
|
+
end
|
data/ext/build_funchook.rb
CHANGED
|
@@ -19,7 +19,7 @@ VALUE contrast_assess_active_record_scope(const int argc, const VALUE *argv,
|
|
|
19
19
|
*/
|
|
20
20
|
VALUE new_body, ret;
|
|
21
21
|
VALUE new_args[3];
|
|
22
|
-
new_body = rb_funcall(
|
|
22
|
+
new_body = rb_funcall(active_record_named, rb_sym_assess_rewrite, 3, self, argv[0], argv[1]);
|
|
23
23
|
new_args[0] = argv[0];
|
|
24
24
|
if (NIL_P(new_body)) {
|
|
25
25
|
new_args[1] = argv[1];
|
|
@@ -32,7 +32,12 @@ VALUE contrast_assess_active_record_scope(const int argc, const VALUE *argv,
|
|
|
32
32
|
}
|
|
33
33
|
|
|
34
34
|
void Init_cs__assess_active_record_named(void) {
|
|
35
|
-
|
|
35
|
+
VALUE framework, rails, rewrite;
|
|
36
|
+
framework = rb_define_module_under(contrast, "Framework");
|
|
37
|
+
rails = rb_define_module_under(framework, "Rails");
|
|
38
|
+
rewrite = rb_define_module_under(rails, "Rewrite");
|
|
39
|
+
active_record_named = rb_define_class_under(rewrite, "ActiveRecordNamed", rb_cObject);
|
|
40
|
+
rb_sym_assess_rewrite = rb_intern("rewrite");
|
|
36
41
|
rb_sym_assess_scope = contrast_register_patch("ActiveRecord::Scoping::Named::ClassMethods",
|
|
37
42
|
"scope",
|
|
38
43
|
contrast_assess_active_record_scope);
|
|
@@ -23,12 +23,13 @@ static VALUE contrast_assess_array_join(const int argc, const VALUE *argv,
|
|
|
23
23
|
/* Finally, default to empty String. Implicit since nil.to_s is ''*/
|
|
24
24
|
|
|
25
25
|
result = rb_funcall2(ary, rb_sym_assess_array_join, argc, argv);
|
|
26
|
-
result = rb_funcall(
|
|
26
|
+
result = rb_funcall(array_propagator, rb_sym_assess_track_array_join, 3, ary, sep, result);
|
|
27
27
|
|
|
28
28
|
return result;
|
|
29
29
|
}
|
|
30
30
|
|
|
31
31
|
void Init_cs__assess_array(void) {
|
|
32
|
+
array_propagator = rb_define_class_under(core_assess, "ArrayPropagator", rb_cObject);
|
|
32
33
|
rb_sym_assess_track_array_join = rb_intern("cs__track_join");
|
|
33
34
|
rb_sym_assess_array_join = contrast_register_patch("Array",
|
|
34
35
|
"join",
|
|
@@ -5,14 +5,9 @@
|
|
|
5
5
|
#include "../cs__common/cs__common.h"
|
|
6
6
|
#include <ruby.h>
|
|
7
7
|
|
|
8
|
-
void contrast_assess_instance_eval_trigger_check(VALUE
|
|
8
|
+
void contrast_assess_instance_eval_trigger_check(VALUE self, VALUE source,
|
|
9
9
|
VALUE ret) {
|
|
10
|
-
|
|
11
|
-
rb_respond_to(rb_cBasicObject, instance_trigger_check_method);
|
|
12
|
-
if (has_trigger_check) {
|
|
13
|
-
rb_funcall(rb_cBasicObject, instance_trigger_check_method, 2, source,
|
|
14
|
-
ret);
|
|
15
|
-
}
|
|
10
|
+
rb_funcall(basic_eval_trigger, instance_trigger_check_method, 3, self, source, ret);
|
|
16
11
|
}
|
|
17
12
|
|
|
18
13
|
VALUE
|
|
@@ -41,6 +36,7 @@ contrast_assess_basic_object_instance_eval(const int argc, const VALUE *argv,
|
|
|
41
36
|
}
|
|
42
37
|
|
|
43
38
|
void Init_cs__assess_basic_object(void) {
|
|
39
|
+
basic_eval_trigger = rb_define_class_under(core_assess, "EvalTrigger", rb_cObject);
|
|
44
40
|
instance_trigger_check_method = rb_intern("instance_eval_trigger_check");
|
|
45
41
|
|
|
46
42
|
/* We don't keep a reference to the underlying method.
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
#include <ruby.h>
|
|
2
2
|
|
|
3
|
-
/* Contrast::
|
|
3
|
+
/* Contrast::Extension::Assess::EvalTrigger */
|
|
4
|
+
static VALUE basic_eval_trigger;
|
|
4
5
|
static VALUE instance_trigger_check_method;
|
|
5
6
|
|
|
6
7
|
void contrast_alias_method(const VALUE target, const char *to,
|
|
@@ -3,7 +3,6 @@
|
|
|
3
3
|
|
|
4
4
|
#include "cs__assess_fiber_track.h"
|
|
5
5
|
#include "../cs__common/cs__common.h"
|
|
6
|
-
#include <funchook.h>
|
|
7
6
|
#include <ruby.h>
|
|
8
7
|
|
|
9
8
|
VALUE rb_fiber_new_hook(VALUE (*func)(ANYARGS), VALUE obj) {
|
|
@@ -64,17 +63,12 @@ VALUE rb_fiber_yield_hook(int argc, const VALUE *argv) {
|
|
|
64
63
|
}
|
|
65
64
|
|
|
66
65
|
int install_fiber_hooks() {
|
|
67
|
-
funchook_t *funchook = funchook_create();
|
|
68
|
-
|
|
69
66
|
rb_fiber_new_original = rb_fiber_new;
|
|
70
|
-
|
|
71
|
-
rb_fiber_new_hook);
|
|
67
|
+
patch_via_funchook(&rb_fiber_new_original, &rb_fiber_new_hook);
|
|
72
68
|
|
|
73
69
|
rb_fiber_yield_original = rb_fiber_yield;
|
|
74
|
-
|
|
75
|
-
rb_fiber_yield_hook);
|
|
70
|
+
patch_via_funchook(&rb_fiber_yield_original, &rb_fiber_yield_hook);
|
|
76
71
|
|
|
77
|
-
funchook_install(funchook, 0);
|
|
78
72
|
return 0;
|
|
79
73
|
}
|
|
80
74
|
|
|
@@ -24,7 +24,7 @@ contrast_patched_kernel_exec(const int argc, const VALUE *argv,
|
|
|
24
24
|
}
|
|
25
25
|
|
|
26
26
|
void Init_cs__assess_kernel(void) {
|
|
27
|
-
kernel_propagator =
|
|
27
|
+
kernel_propagator = rb_define_module_under(core_assess, "KernelPropagator");
|
|
28
28
|
exec_apply_trigger = rb_intern("apply_trigger");
|
|
29
29
|
|
|
30
30
|
rb_sym_assess_kernel_exec = contrast_register_patch("Kernel",
|
|
@@ -6,8 +6,6 @@
|
|
|
6
6
|
#include <ruby.h>
|
|
7
7
|
|
|
8
8
|
void contrast_assess_eval_trigger_check(VALUE module, VALUE source, VALUE ret) {
|
|
9
|
-
VALUE has_trigger_check = rb_respond_to(module, trigger_check_method);
|
|
10
|
-
|
|
11
9
|
if (RTEST(
|
|
12
10
|
rb_funcall(contrast_patcher(), rb_sym_skip_contrast_analysis, 0))) {
|
|
13
11
|
return;
|
|
@@ -18,12 +16,12 @@ void contrast_assess_eval_trigger_check(VALUE module, VALUE source, VALUE ret) {
|
|
|
18
16
|
|
|
19
17
|
rb_funcall(contrast_patcher(), rb_sym_enter_scope, 0);
|
|
20
18
|
|
|
21
|
-
if (!nested_scope
|
|
19
|
+
if (!nested_scope) {
|
|
22
20
|
VALUE method = rb_funcall(rb_mKernel, rb_sym_method, 0);
|
|
23
21
|
/* If this method ever throws an exception, the scope-leave
|
|
24
22
|
* needs to be moved within a rescue call.
|
|
25
23
|
*/
|
|
26
|
-
rb_funcall(
|
|
24
|
+
rb_funcall(module_eval_trigger, trigger_check_method, 4, module, source, ret, method);
|
|
27
25
|
}
|
|
28
26
|
|
|
29
27
|
rb_funcall(contrast_patcher(), rb_sym_exit_scope, 0);
|
|
@@ -59,12 +57,12 @@ contrast_assess_module_module_eval(const int argc, const VALUE *argv,
|
|
|
59
57
|
}
|
|
60
58
|
|
|
61
59
|
void Init_cs__assess_module(void) {
|
|
62
|
-
|
|
60
|
+
module_eval_trigger = rb_define_class_under(core_assess, "EvalTrigger", rb_cObject);
|
|
61
|
+
trigger_check_method = rb_intern("eval_trigger_check");
|
|
63
62
|
|
|
63
|
+
rb_sym_assess_patch_eval = rb_intern("patch_assess_on_eval");
|
|
64
64
|
assess_patcher = rb_define_module_under(assess_policy, "Patcher");
|
|
65
65
|
|
|
66
|
-
trigger_check_method = rb_intern("eval_trigger_check");
|
|
67
|
-
|
|
68
66
|
/* Returns of these 2 patches are discarded.
|
|
69
67
|
* We're calling the underlying via direct C, instead of
|
|
70
68
|
* whatever method was there before.
|
|
@@ -4,6 +4,9 @@
|
|
|
4
4
|
static VALUE assess_patcher;
|
|
5
5
|
|
|
6
6
|
static VALUE rb_sym_assess_patch_eval;
|
|
7
|
+
|
|
8
|
+
/* Contrast::Extension::Assess::EvalTrigger */
|
|
9
|
+
static VALUE module_eval_trigger;
|
|
7
10
|
static VALUE trigger_check_method;
|
|
8
11
|
|
|
9
12
|
/* c.f. cs__assess_basic_object.c for more context on how eval is patched. */
|
|
@@ -3,7 +3,6 @@
|
|
|
3
3
|
|
|
4
4
|
#include "cs__assess_string_interpolation26.h"
|
|
5
5
|
#include "../cs__common/cs__common.h"
|
|
6
|
-
#include <funchook.h>
|
|
7
6
|
#include <ruby.h>
|
|
8
7
|
|
|
9
8
|
static VALUE rb_str_concat_literals_hook(size_t num, VALUE *strary) {
|
|
@@ -14,13 +13,9 @@ static VALUE rb_str_concat_literals_hook(size_t num, VALUE *strary) {
|
|
|
14
13
|
}
|
|
15
14
|
|
|
16
15
|
static int install_hooks() {
|
|
17
|
-
funchook_t *funchook = funchook_create();
|
|
18
|
-
|
|
19
16
|
rb_str_concat_literals_original = rb_str_concat_literals;
|
|
20
|
-
|
|
21
|
-
rb_str_concat_literals_hook);
|
|
17
|
+
patch_via_funchook(&rb_str_concat_literals_original, &rb_str_concat_literals_hook);
|
|
22
18
|
|
|
23
|
-
funchook_install(funchook, 0);
|
|
24
19
|
return 0;
|
|
25
20
|
}
|
|
26
21
|
|
|
@@ -3,7 +3,6 @@
|
|
|
3
3
|
|
|
4
4
|
#include "cs__assess_yield_track.h"
|
|
5
5
|
#include "../cs__common/cs__common.h"
|
|
6
|
-
#include <funchook.h>
|
|
7
6
|
#include <ruby.h>
|
|
8
7
|
|
|
9
8
|
static VALUE rb_yield_hook(VALUE val, const VALUE self) {
|
|
@@ -17,11 +16,8 @@ static VALUE rb_yield_hook(VALUE val, const VALUE self) {
|
|
|
17
16
|
}
|
|
18
17
|
|
|
19
18
|
static int install_yield_hooks() {
|
|
20
|
-
funchook_t *funchook = funchook_create();
|
|
21
19
|
rb_yield_original = rb_yield;
|
|
22
|
-
|
|
23
|
-
rb_yield_hook);
|
|
24
|
-
funchook_install(funchook, 0);
|
|
20
|
+
patch_via_funchook(&rb_yield_original, &rb_yield_hook);
|
|
25
21
|
return 0;
|
|
26
22
|
}
|
|
27
23
|
|
data/ext/cs__common/cs__common.c
CHANGED
|
@@ -3,12 +3,14 @@
|
|
|
3
3
|
|
|
4
4
|
#include "cs__common.h"
|
|
5
5
|
#include <ruby.h>
|
|
6
|
+
#include <dlfcn.h>
|
|
6
7
|
|
|
7
8
|
/* Globals */
|
|
8
9
|
/* These are defined w/ `extern` in the header */
|
|
9
10
|
VALUE contrast, agent, patching, policy, assess;
|
|
10
11
|
VALUE core_extensions, core_assess;
|
|
11
12
|
VALUE assess_policy, assess_propagator;
|
|
13
|
+
VALUE funchook_path;
|
|
12
14
|
|
|
13
15
|
VALUE rb_sym_enter_scope;
|
|
14
16
|
VALUE rb_sym_exit_scope;
|
|
@@ -19,6 +21,28 @@ VALUE rb_sym_method;
|
|
|
19
21
|
VALUE rb_sym_cs_tracked;
|
|
20
22
|
/* end globals */
|
|
21
23
|
|
|
24
|
+
void patch_via_funchook(void *original_function, void *hook_function) {
|
|
25
|
+
VALUE funchook_module_wrapper = rb_define_module("Funchook");
|
|
26
|
+
funchook_path = rb_iv_get(funchook_module_wrapper, "@path");
|
|
27
|
+
|
|
28
|
+
void *funchook_lib_handle;
|
|
29
|
+
void *funchook_reference, *(*funchook_create)(void);
|
|
30
|
+
int prepareResult, (*funchook_prepare)(void*, void**, void*);
|
|
31
|
+
int installResult, (*funchook_install)(void*, int);
|
|
32
|
+
|
|
33
|
+
funchook_lib_handle = dlopen(StringValueCStr(funchook_path), RTLD_NOW | RTLD_GLOBAL);
|
|
34
|
+
|
|
35
|
+
/* Load the funchook methods we need */
|
|
36
|
+
funchook_create = (void* (*)(void))dlsym(funchook_lib_handle, "funchook_create");
|
|
37
|
+
funchook_prepare = (int (*)(void*, void**, void*))dlsym(funchook_lib_handle, "funchook_prepare");
|
|
38
|
+
funchook_install = (int (*)(void*, int))dlsym(funchook_lib_handle, "funchook_install");
|
|
39
|
+
|
|
40
|
+
funchook_reference = (void*)(*funchook_create)();
|
|
41
|
+
|
|
42
|
+
prepareResult = (*funchook_prepare)(funchook_reference, (void**)original_function, hook_function);
|
|
43
|
+
installResult = (*funchook_install)(funchook_reference, 0);
|
|
44
|
+
}
|
|
45
|
+
|
|
22
46
|
void contrast_alias_method(const VALUE target, const char *to,
|
|
23
47
|
const char *from) {
|
|
24
48
|
rb_funcall(target, cs__send_method, 3, cs__alias_method_sym,
|
|
@@ -134,6 +158,6 @@ void Init_cs__common(void) {
|
|
|
134
158
|
assess_policy = rb_define_module_under(assess, "Policy");
|
|
135
159
|
assess_propagator = rb_define_module_under(assess_policy, "Propagator");
|
|
136
160
|
|
|
137
|
-
core_extensions = rb_define_module_under(contrast, "
|
|
161
|
+
core_extensions = rb_define_module_under(contrast, "Extension");
|
|
138
162
|
core_assess = rb_define_module_under(core_extensions, "Assess");
|
|
139
163
|
}
|
data/ext/cs__common/cs__common.h
CHANGED
|
@@ -16,6 +16,7 @@ static VALUE cs__alias_method_sym;
|
|
|
16
16
|
extern VALUE contrast, agent, patching, policy, assess;
|
|
17
17
|
extern VALUE core_extensions, core_assess;
|
|
18
18
|
extern VALUE assess_policy, assess_propagator;
|
|
19
|
+
extern VALUE funchook_path;
|
|
19
20
|
|
|
20
21
|
extern VALUE rb_sym_enter_scope;
|
|
21
22
|
extern VALUE rb_sym_exit_scope;
|
|
@@ -32,6 +33,8 @@ static VALUE rb_sym_alias_instance;
|
|
|
32
33
|
static VALUE rb_sym_alias_singleton;
|
|
33
34
|
static VALUE rb_sym_prepend;
|
|
34
35
|
|
|
36
|
+
void patch_via_funchook(void *original_function, void *hook_function);
|
|
37
|
+
|
|
35
38
|
void contrast_alias_method(const VALUE target, const char *to,
|
|
36
39
|
const char *from);
|
|
37
40
|
|
data/ext/cs__common/extconf.rb
CHANGED
|
@@ -4,18 +4,4 @@
|
|
|
4
4
|
require 'mkmf'
|
|
5
5
|
require_relative '../../lib/contrast/agent/version'
|
|
6
6
|
|
|
7
|
-
installed_path = __dir__
|
|
8
|
-
|
|
9
|
-
origin = if !(/darwin/ =~ RUBY_PLATFORM).nil?
|
|
10
|
-
'@loader_path'
|
|
11
|
-
else
|
|
12
|
-
'\$${ORIGIN}'
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
options = " -Wl,-rpath,#{ origin }/../../shared_libraries"
|
|
16
|
-
|
|
17
|
-
$LDFLAGS << options if try_link('int main() {return 0;}', options)
|
|
18
|
-
|
|
19
|
-
$LIBPATH << installed_path
|
|
20
|
-
|
|
21
7
|
create_makefile 'cs__common/cs__common'
|
|
@@ -20,7 +20,7 @@ static VALUE contrast_protect_fork(const int argc, const VALUE *argv,
|
|
|
20
20
|
*/
|
|
21
21
|
VALUE wrapper;
|
|
22
22
|
wrapper =
|
|
23
|
-
rb_funcall_with_block(
|
|
23
|
+
rb_funcall_with_block(kernel_protect, rb_sym_protect_kernel_wrapper, 0,
|
|
24
24
|
NULL, rb_block_proc());
|
|
25
25
|
rb_funcall(rb_mKernel, rb_intern("public"), 1, ID2SYM(rb_sym_protect_kernel_fork));
|
|
26
26
|
ret = rb_funcall_with_block(self, rb_sym_protect_kernel_fork, argc,
|
|
@@ -33,7 +33,9 @@ static VALUE contrast_protect_fork(const int argc, const VALUE *argv,
|
|
|
33
33
|
}
|
|
34
34
|
|
|
35
35
|
void Init_cs__protect_kernel(void) {
|
|
36
|
-
|
|
36
|
+
VALUE core_protect = rb_define_module_under(core_extensions, "Protect");
|
|
37
|
+
kernel_protect = rb_define_module_under(core_protect, "Kernel");
|
|
38
|
+
rb_sym_protect_kernel_wrapper = rb_intern("build_wrapper");
|
|
37
39
|
|
|
38
40
|
rb_sym_protect_kernel_fork = contrast_register_patch("Kernel",
|
|
39
41
|
"fork",
|