contrast-agent 3.12.0 → 3.13.2

data/lib/contrast/utils/class_util.rb

@@ -56,7 +56,9 @@ module Contrast
         # @return [String] the human readable form of the String, as defined by
         #   https://bitbucket.org/contrastsecurity/assess-specifications/src/master/vulnerability/capture-snapshot.md
         def to_contrast_string object
-          if object.cs__is_a?(String)
+          # Only treat object like a string if it actually is a string
+          # some subclasses of String override string methods we depend on
+          if object.cs__class == String
             cached = to_cached_string(object)
             return cached if cached
 

data/lib/contrast/utils/hash_digest.rb

@@ -32,8 +32,8 @@ module Contrast
           request.parameters.each_key do |name|
             hash.update(name)
           end
-          cl = request.normalized_request_headers[CONTENT_LENGTH_HEADER]
-          hash.update(request.normalized_length_header(cl)) if cl
+          cl = request.headers[CONTENT_LENGTH_HEADER]
+          hash.update_on_content_length(cl) if cl
           hash.finish
         end
 
@@ -121,6 +121,15 @@ module Contrast
         end
       end
 
+      CHARS = %w[a b c d e f g].cs__freeze
+      # This method converts and integer value for length into a string value
+      # that we can hash on, based on the logarithmic value of the length, and
+      # updates the current hash with that value.
+      # @param chr [Numeric] the length to translate
+      def update_on_content_length chr
+        update(CHARS[Math.log10(chr.to_s.length).to_i] || CHARS[-1])
+      end
+
       def initialize
         @crc32 = 0
       end

data/lib/contrast/utils/invalid_configuration_util.rb

@@ -44,29 +44,13 @@ module Contrast
         activity = Contrast::Api::Dtm::Activity.new
         activity.findings << finding
 
-        # If assess is enabled, we can just send the activity
-        if APP_CONTEXT.ready?
-          build_tags(activity)
-          Contrast::Utils::ServiceSenderUtil.push_to_ready_queue activity
-        # Otherwise, if the Agent isn't ready, we have to queue the messages
-        # until we know the starting state.
-        else
-          Contrast::Utils::ServiceSenderUtil.add_to_assess_messages activity
-        end
+        Contrast::Agent.messaging_queue.send_event_eventually(activity)
       rescue StandardError => e
         logger.error('Unable to build a finding', e, rule: rule_id)
       end
 
       private
 
-      # This seems silly to pull out, but we can ONLY call this in the case
-      # where we have a configuration. Doing otherwise results in a bad error
-      # case where we try to do other things, like logging, which behave
-      # strangely without a config
-      def build_tags activity
-        activity.finding_tags = Contrast::Utils::StringUtils.force_utf8(ASSESS.tags)
-      end
-
       def file_snippet file_path, call_location
         idx = call_location&.lineno
         if file_path && idx && File.exist?(file_path)

data/lib/contrast/utils/inventory_util.rb

@@ -18,11 +18,10 @@ module Contrast
       AC_TYPE_DB = 'db'
       # TeamServer only accepts certain values for FlowMap Services.
       # DO NOT CHANGE THIS
-      DATABASE = 'Database'
       ADAPTER = 'adapter'
       HOST = 'host'
       PORT = 'port'
-      DATABASE_LOWER = 'database'
+      DATABASE = 'database'
       DEFAULT = 'default'
       LOCALHOST = 'localhost'
 
@@ -42,7 +41,6 @@ module Contrast
         arr = build_from_db_config(hash_or_str)
         return unless arr&.any?
 
-        activity_or_update.technologies[DATABASE] = true
         arr.each do |a|
           next unless a
 
@@ -51,9 +49,6 @@ module Contrast
           else
             activity_or_update.components << a
           end
-          next if a.vendor.empty?
-
-          activity_or_update.technologies[a.vendor] = true
         end
       rescue StandardError => e
         logger.error('Unable to append db config', e)
@@ -76,7 +71,7 @@ module Contrast
         ac.remote_host = host_from_hash(hash)
         ac.remote_port = port_from_hash(hash)
         ac.type = AC_TYPE_DB
-        ac.url = hash[:database] || hash[DATABASE_LOWER] || DEFAULT
+        ac.url = hash[:database] || hash[DATABASE] || DEFAULT
         [ac]
       end
 

data/lib/contrast/utils/object_share.rb

@@ -30,7 +30,6 @@ module Contrast
       SEMICOLON =     ';'
       SINGLE_QUOTE =  '\''
       SLASH =         '/'
-      SPACE =         ' '
       UNDERSCORE =    '_'
       DOUBLE_UNDERSCORE = '__'
       AT =            '@'

data/lib/contrast/utils/os.rb

@@ -1,23 +1,35 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+cs__scoped_require 'contrast/components/interface'
+
 module Contrast
   module Utils
     # Simple utility used to make OS calls and determine state. For that state
     # which will not change at runtime, such as the operating system, the
     # Utility memozies to avoid multiple lookups.
     module OS
+      include Contrast::Components::Interface
+      access_component :scope
+
       class << self
         def running?
-          process = `ps aux | grep contrast-servic[e]`
-          process != ''
+          result = false
+          with_contrast_scope do
+            process = `ps aux | grep contrast-servic[e]`
+            processes = process.split("\n")
+            result = !processes.empty? && processes.any? { |process_descriptor| !process_descriptor.include?('grep') }
+          end
+          result
         end
 
         # check if service was killed and is a zombie process
         # returns an array of zombie process PIDs as strings; empty array if there are none
         def zombie_pids
-          zombie_pid_list = `ps aux | grep contrast-servic[e] | grep Z | awk '{print $2}'` # retrieve pid of service processes
-          zombie_pid_list.split("\n")
+          with_contrast_scope do
+            zombie_pid_list = `ps aux | grep contrast-servic[e] | grep Z | awk '{print $2}'` # retrieve pid of service processes
+            zombie_pid_list.split("\n")
+          end
         end
       end
     end

data/lib/contrast/utils/stack_trace_utils.rb

@@ -3,7 +3,6 @@
 
 cs__scoped_require 'contrast/utils/object_share'
 cs__scoped_require 'contrast/api'
-cs__scoped_require 'contrast/utils/cache'
 
 module Contrast
   module Utils

data/lib/contrast/utils/tag_util.rb

@@ -114,7 +114,7 @@ module Contrast
           arr.each do |existing|
             break unless existing.start_idx < new_element.start_idx
 
-            if existing.overlaps?(new_element)
+            if existing.overlaps?(new_element.start_idx, new_element.end_idx)
               existing.merge(new_element)
               return # rubocop:disable Lint/NonLocalExitFromIterator
             end

data/lib/contrast/utils/thread_tracker.rb

@@ -5,15 +5,12 @@ module Contrast
   module Utils
     # ThreadTracker allows tracking of singleton objects across threads
     class ThreadTracker
-      def initialize logger = nil
-        @logger = logger
-      end
+      def initialize; end
 
       # Note about Ruby -- thread#[] is fiber-local,
       # #thread_variables is not.
 
       def get key, default = nil
-        log(key)
         Thread.current[key] || default
       end
 
@@ -39,16 +36,6 @@ module Contrast
       def update_current_context context
         set(:current_context, context)
       end
-
-      # logger may be nil so use this utility method instead
-      def log key
-        return unless @logger
-        return unless @logger.debug?
-
-        @logger.debug('Accessing object in Thread Tracker', name: key, p_id: Process.pid, thread_id: Thread.current.object_id)
-      rescue StandardError
-        false # NOOP
-      end
     end
   end
 end

data/lib/contrast/utils/timer.rb

@@ -6,7 +6,7 @@ module Contrast
     # Timer is class that can track state about when an event starts and how long it takes
     # Also containes utility methods to get time values in milliseconds
     class Timer
-      attr_reader :start_at, :start_ms, :events
+      attr_reader :start_ms, :events
 
       def initialize time = Time.now
         @start_at = time
@@ -14,22 +14,6 @@ module Contrast
         @events = {}
       end
 
-      def elapsed label
-        before = Time.now
-        result = yield if block_given?
-        events[label.to_s] = ((Time.now - before) * 1000).to_i
-        result
-      end
-
-      def to_s
-        pairs = events.to_a.map { |pair| "#{ pair[0] }=#{ pair[1] }ms" }
-        start_at.strftime('%Y-%m-%d %H:%M:%S.%L') + pairs.join(Contrast::Utils::ObjectShare::SPACE)
-      end
-
-      def now_ms
-        (Time.now.to_f * 1000).to_i
-      end
-
       def self.now_ms
         (Time.now.to_f * 1000).to_i
       end

data/resources/deadzone/policy.json

@@ -50,6 +50,11 @@
       "instance_method":true,
       "method_visibility": "public",
       "method_name":"server_name"
+    }, {
+      "class_name":"Rack::Session::Cookie",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"commit_session"
     }
   ]
 }

data/ruby-agent.gemspec

@@ -68,9 +68,9 @@ end
 # dependencies.csv in this directory to indicate that and create a
 # corresponding update to the fake gem server data in TeamServer.
 def self.add_dependencies spec
-  spec.add_dependency 'google-protobuf', '~> 3.9.0'
   spec.add_dependency 'ougai', '~> 1.8'
   spec.add_dependency 'parser', '~> 2.6'
+  spec.add_dependency 'protobuf', '~> 3.10'
   spec.add_dependency 'rack', '>= 2.0', '< 3.0'
 end
 
@@ -80,7 +80,7 @@ def self.add_files spec
     # Directories used for testing:
     f.match(%r{^(spec|test)/}) ||
         # Directories used in pipelines
-        f.match(%r{^(bin|bitbucket_scripts|internal_resources|vendor)/}) ||
+        f.match(%r{^(\.github|bin|internal_resources|vendor)/}) ||
         # Configuration and other files that don't belong to one directory
         f.match(/(Dockerfile)/)  ||
         f.match(/(.*\.csv)/)     ||
@@ -90,8 +90,8 @@ def self.add_files spec
         f.match(/(.*\.ya?ml)/)
   end
 
-  spec.files << 'lib/contrast/api/dtm_pb.rb'
-  spec.files << 'lib/contrast/api/settings_pb.rb'
+  spec.files << 'lib/contrast/api/dtm.pb.rb'
+  spec.files << 'lib/contrast/api/settings.pb.rb'
   spec.files += Dir['service_executables/**/*']
   spec.files += Dir['funchook/**/*']
   spec.files += Dir['shared_libraries/**/*']

data/service_executables/VERSION

@@ -1 +1 @@
-2.8.1
+2.9.5

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 3.12.0
+  version: 3.13.2
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-06-22 00:00:00.000000000 Z
+date: 2020-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: amazing_print
@@ -393,47 +393,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: google-protobuf
+  name: ougai
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.9.0
+        version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.9.0
+        version: '1.8'
 - !ruby/object:Gem::Dependency
-  name: ougai
+  name: parser
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '2.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '2.6'
 - !ruby/object:Gem::Dependency
-  name: parser
+  name: protobuf
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.6'
+        version: '3.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.6'
+        version: '3.10'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -463,19 +463,19 @@ executables:
 extensions:
 - ext/cs__common/extconf.rb
 - ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__assess_basic_object/extconf.rb
-- ext/cs__assess_fiber_track/extconf.rb
+- ext/cs__assess_active_record_named/extconf.rb
 - ext/cs__assess_string_interpolation26/extconf.rb
-- ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_array/extconf.rb
+- ext/cs__assess_module/extconf.rb
+- ext/cs__protect_kernel/extconf.rb
+- ext/cs__assess_hash/extconf.rb
+- ext/cs__assess_fiber_track/extconf.rb
 - ext/cs__assess_kernel/extconf.rb
 - ext/cs__assess_string/extconf.rb
-- ext/cs__assess_hash/extconf.rb
-- ext/cs__assess_module/extconf.rb
-- ext/cs__assess_regexp/extconf.rb
+- ext/cs__assess_basic_object/extconf.rb
+- ext/cs__assess_array/extconf.rb
+- ext/cs__contrast_patch/extconf.rb
 - ext/cs__assess_yield_track/extconf.rb
-- ext/cs__assess_active_record_named/extconf.rb
-- ext/cs__protect_kernel/extconf.rb
+- ext/cs__assess_regexp/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -537,19 +537,12 @@ files:
 - ext/cs__protect_kernel/extconf.rb
 - ext/extconf_common.rb
 - funchook/LICENSE
-- funchook/Makefile
 - funchook/Makefile.in
 - funchook/README.md
 - funchook/appveyor.yml
 - funchook/autogen.sh
-- funchook/autom4te.cache/output.0
-- funchook/autom4te.cache/requests
-- funchook/autom4te.cache/traces.0
 - funchook/config.guess
-- funchook/config.log
-- funchook/config.status
 - funchook/config.sub
-- funchook/configure
 - funchook/configure.ac
 - funchook/distorm/COPYING
 - funchook/distorm/MANIFEST
@@ -642,54 +635,28 @@ files:
 - funchook/distorm/src/x86defs.h
 - funchook/include/funchook.h
 - funchook/install-sh
-- funchook/src/Makefile
 - funchook/src/Makefile.in
 - funchook/src/__strerror.h
-- funchook/src/config.h
-- funchook/src/config.h.in
-- funchook/src/decoder.o
-- funchook/src/distorm.o
 - funchook/src/funchook.c
-- funchook/src/funchook.o
 - funchook/src/funchook_internal.h
 - funchook/src/funchook_io.c
 - funchook/src/funchook_io.h
-- funchook/src/funchook_io.o
 - funchook/src/funchook_syscall.S
-- funchook/src/funchook_syscall.o
 - funchook/src/funchook_unix.c
-- funchook/src/funchook_unix.o
 - funchook/src/funchook_windows.c
 - funchook/src/funchook_x86.c
-- funchook/src/funchook_x86.o
-- funchook/src/instructions.o
-- funchook/src/insts.o
-- funchook/src/libfunchook.so
-- funchook/src/mnemonics.o
-- funchook/src/operands.o
 - funchook/src/os_func.c
 - funchook/src/os_func.h
-- funchook/src/os_func.o
 - funchook/src/os_func_unix.c
-- funchook/src/os_func_unix.o
 - funchook/src/os_func_windows.c
-- funchook/src/prefix.o
 - funchook/src/printf_base.c
 - funchook/src/printf_base.h
-- funchook/src/printf_base.o
-- funchook/src/textdefs.o
-- funchook/src/wstring.o
-- funchook/test/Makefile
 - funchook/test/Makefile.in
-- funchook/test/funchook_test
 - funchook/test/libfunchook_test.c
-- funchook/test/libfunchook_test.so
 - funchook/test/libfunchook_test2.c
 - funchook/test/suffix.list
 - funchook/test/test_main.c
-- funchook/test/test_main.o
 - funchook/test/x86_64_test.S
-- funchook/test/x86_64_test.o
 - funchook/test/x86_test.S
 - funchook/win32/config.h
 - funchook/win32/funchook.sln
@@ -704,7 +671,6 @@ files:
 - lib/contrast.rb
 - lib/contrast/agent.rb
 - lib/contrast/agent/assess.rb
-- lib/contrast/agent/assess/adjusted_span.rb
 - lib/contrast/agent/assess/contrast_event.rb
 - lib/contrast/agent/assess/events/event_factory.rb
 - lib/contrast/agent/assess/events/source_event.rb
@@ -749,6 +715,8 @@ files:
 - lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
 - lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb
 - lib/contrast/agent/assess/properties.rb
+- lib/contrast/agent/assess/property/evented.rb
+- lib/contrast/agent/assess/property/tagged.rb
 - lib/contrast/agent/assess/rule.rb
 - lib/contrast/agent/assess/rule/base.rb
 - lib/contrast/agent/assess/rule/provider.rb
@@ -817,25 +785,42 @@ files:
 - lib/contrast/agent/rule_set.rb
 - lib/contrast/agent/scope.rb
 - lib/contrast/agent/service_heartbeat.rb
-- lib/contrast/agent/socket_client.rb
 - lib/contrast/agent/static_analysis.rb
 - lib/contrast/agent/thread.rb
+- lib/contrast/agent/thread_watcher.rb
 - lib/contrast/agent/tracepoint_hook.rb
 - lib/contrast/agent/version.rb
+- lib/contrast/agent/worker_thread.rb
 - lib/contrast/api.rb
 - lib/contrast/api/.gitkeep
-- lib/contrast/api/connection_status.rb
+- lib/contrast/api/communication.rb
+- lib/contrast/api/communication/connection_status.rb
+- lib/contrast/api/communication/messaging_queue.rb
+- lib/contrast/api/communication/response_processor.rb
+- lib/contrast/api/communication/service_lifecycle.rb
+- lib/contrast/api/communication/socket.rb
+- lib/contrast/api/communication/socket_client.rb
+- lib/contrast/api/communication/speedracer.rb
+- lib/contrast/api/communication/tcp_socket.rb
+- lib/contrast/api/communication/unix_socket.rb
 - lib/contrast/api/decorators.rb
+- lib/contrast/api/decorators/address.rb
 - lib/contrast/api/decorators/application_settings.rb
 - lib/contrast/api/decorators/application_update.rb
+- lib/contrast/api/decorators/http_request.rb
 - lib/contrast/api/decorators/input_analysis.rb
+- lib/contrast/api/decorators/message.rb
+- lib/contrast/api/decorators/rasp_rule_sample.rb
+- lib/contrast/api/decorators/route_coverage.rb
 - lib/contrast/api/decorators/server_features.rb
-- lib/contrast/api/dtm_pb.rb
-- lib/contrast/api/settings_pb.rb
-- lib/contrast/api/socket.rb
-- lib/contrast/api/speedracer.rb
-- lib/contrast/api/tcp_socket.rb
-- lib/contrast/api/unix_socket.rb
+- lib/contrast/api/decorators/trace_event.rb
+- lib/contrast/api/decorators/trace_event_object.rb
+- lib/contrast/api/decorators/trace_event_signature.rb
+- lib/contrast/api/decorators/trace_taint_range.rb
+- lib/contrast/api/decorators/trace_taint_range_tags.rb
+- lib/contrast/api/decorators/user_input.rb
+- lib/contrast/api/dtm.pb.rb
+- lib/contrast/api/settings.pb.rb
 - lib/contrast/common_agent_configuration.rb
 - lib/contrast/components/agent.rb
 - lib/contrast/components/app_context.rb
@@ -904,13 +889,12 @@ files:
 - lib/contrast/framework/rails/rewrite/active_record_named.rb
 - lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb
 - lib/contrast/framework/rails/support.rb
-- lib/contrast/framework/sinatra/application_helper.rb
 - lib/contrast/framework/sinatra/patch/base.rb
 - lib/contrast/framework/sinatra/patch/support.rb
 - lib/contrast/framework/sinatra/support.rb
-- lib/contrast/framework/view_technologies_descriptor.rb
-- lib/contrast/internal_exception.rb
+- lib/contrast/funchook/funchook.rb
 - lib/contrast/logger/application.rb
+- lib/contrast/logger/format.rb
 - lib/contrast/logger/log.rb
 - lib/contrast/logger/time.rb
 - lib/contrast/security_exception.rb
@@ -919,7 +903,6 @@ files:
 - lib/contrast/utils/assess/sampling_util.rb
 - lib/contrast/utils/assess/tracking_util.rb
 - lib/contrast/utils/boolean_util.rb
-- lib/contrast/utils/cache.rb
 - lib/contrast/utils/class_util.rb
 - lib/contrast/utils/duck_utils.rb
 - lib/contrast/utils/env_configuration_item.rb
@@ -937,10 +920,7 @@ files:
 - lib/contrast/utils/prevent_serialization.rb
 - lib/contrast/utils/resource_loader.rb
 - lib/contrast/utils/ruby_ast_rewriter.rb
-- lib/contrast/utils/service_response_util.rb
-- lib/contrast/utils/service_sender_util.rb
 - lib/contrast/utils/sha256_builder.rb
-- lib/contrast/utils/sinatra_helper.rb
 - lib/contrast/utils/stack_trace_utils.rb
 - lib/contrast/utils/string_utils.rb
 - lib/contrast/utils/tag_util.rb
@@ -957,8 +937,6 @@ files:
 - service_executables/linux/contrast-service
 - service_executables/mac/contrast-service
 - shared_libraries/.gitkeep
-- shared_libraries/funchook.h
-- shared_libraries/libfunchook.so
 homepage: https://www.contrastsecurity.com
 licenses:
 - CONTRAST SECURITY (see license file)