RubyGems - contrast-agent - Versions diffs - 3.12.0 → 3.13.2 - Mend

contrast-agent 3.12.0 → 3.13.2

Files changed (171) hide show

checksums.yaml +4 -4
data/.dockerignore +0 -1
data/.gitignore +1 -1
data/.simplecov +1 -1
data/Rakefile +31 -0
data/ext/build_funchook.rb +0 -2
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +2 -8
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +0 -1
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +1 -6
data/ext/cs__assess_yield_track/cs__assess_yield_track.c +1 -5
data/ext/cs__assess_yield_track/cs__assess_yield_track.h +0 -1
data/ext/cs__common/cs__common.c +24 -0
data/ext/cs__common/cs__common.h +3 -0
data/ext/cs__common/extconf.rb +0 -14
data/ext/extconf_common.rb +0 -28
data/lib/contrast.rb +3 -1
data/lib/contrast/agent.rb +14 -2
data/lib/contrast/agent/assess/contrast_event.rb +28 -167
data/lib/contrast/agent/assess/events/source_event.rb +3 -7
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +1 -1
data/lib/contrast/agent/assess/policy/policy_node.rb +4 -98
data/lib/contrast/agent/assess/policy/propagation_method.rb +1 -2
data/lib/contrast/agent/assess/policy/propagation_node.rb +5 -1
data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/insert.rb +1 -4
data/lib/contrast/agent/assess/policy/propagator/match_data.rb +9 -1
data/lib/contrast/agent/assess/policy/propagator/remove.rb +6 -11
data/lib/contrast/agent/assess/policy/propagator/select.rb +4 -4
data/lib/contrast/agent/assess/policy/propagator/split.rb +2 -2
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +4 -4
data/lib/contrast/agent/assess/policy/propagator/trim.rb +6 -10
data/lib/contrast/agent/assess/policy/source_method.rb +1 -2
data/lib/contrast/agent/assess/policy/trigger_method.rb +2 -10
data/lib/contrast/agent/assess/policy/trigger_node.rb +16 -4
data/lib/contrast/agent/assess/properties.rb +4 -382
data/lib/contrast/agent/assess/property/evented.rb +78 -0
data/lib/contrast/agent/assess/property/tagged.rb +339 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +2 -20
data/lib/contrast/agent/assess/tag.rb +27 -12
data/lib/contrast/agent/at_exit_hook.rb +3 -1
data/lib/contrast/agent/exclusion_matcher.rb +2 -2
data/lib/contrast/agent/inventory/policy/datastores.rb +0 -1
data/lib/contrast/agent/middleware.rb +2 -14
data/lib/contrast/agent/patching/policy/patch.rb +1 -1
data/lib/contrast/agent/patching/policy/policy.rb +3 -3
data/lib/contrast/agent/patching/policy/policy_node.rb +2 -2
data/lib/contrast/agent/protect/policy/rule_applicator.rb +2 -2
data/lib/contrast/agent/protect/rule/base.rb +19 -31
data/lib/contrast/agent/protect/rule/base_service.rb +1 -1
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +2 -7
data/lib/contrast/agent/protect/rule/xxe.rb +1 -0
data/lib/contrast/agent/reaction_processor.rb +3 -3
data/lib/contrast/agent/request.rb +92 -331
data/lib/contrast/agent/request_context.rb +15 -15
data/lib/contrast/agent/request_handler.rb +1 -1
data/lib/contrast/agent/response.rb +2 -14
data/lib/contrast/agent/scope.rb +1 -1
data/lib/contrast/agent/service_heartbeat.rb +7 -9
data/lib/contrast/agent/static_analysis.rb +1 -1
data/lib/contrast/agent/thread_watcher.rb +49 -0
data/lib/contrast/agent/version.rb +1 -1
data/lib/contrast/agent/worker_thread.rb +24 -0
data/lib/contrast/api.rb +3 -5
data/lib/contrast/api/communication.rb +20 -0
data/lib/contrast/api/communication/connection_status.rb +41 -0
data/lib/contrast/api/communication/messaging_queue.rb +79 -0
data/lib/contrast/{utils/service_response_util.rb → api/communication/response_processor.rb} +9 -18
data/lib/contrast/api/communication/service_lifecycle.rb +61 -0
data/lib/contrast/api/communication/socket.rb +45 -0
data/lib/contrast/api/communication/socket_client.rb +76 -0
data/lib/contrast/api/communication/speedracer.rb +111 -0
data/lib/contrast/api/communication/tcp_socket.rb +31 -0
data/lib/contrast/api/communication/unix_socket.rb +27 -0
data/lib/contrast/api/decorators.rb +10 -0
data/lib/contrast/api/decorators/address.rb +60 -0
data/lib/contrast/api/decorators/application_settings.rb +7 -3
data/lib/contrast/api/decorators/application_update.rb +0 -9
data/lib/contrast/api/decorators/http_request.rb +139 -0
data/lib/contrast/api/decorators/message.rb +75 -0
data/lib/contrast/api/decorators/rasp_rule_sample.rb +28 -0
data/lib/contrast/api/decorators/route_coverage.rb +57 -0
data/lib/contrast/api/decorators/trace_event.rb +99 -0
data/lib/contrast/api/decorators/trace_event_object.rb +57 -0
data/lib/contrast/api/decorators/trace_event_signature.rb +46 -0
data/lib/contrast/api/decorators/trace_taint_range.rb +51 -0
data/lib/contrast/api/decorators/trace_taint_range_tags.rb +109 -0
data/lib/contrast/api/decorators/user_input.rb +40 -0
data/lib/contrast/components/app_context.rb +0 -7
data/lib/contrast/components/config.rb +4 -9
data/lib/contrast/components/interface.rb +1 -1
data/lib/contrast/components/settings.rb +0 -6
data/lib/contrast/configuration.rb +2 -2
data/lib/contrast/extension/assess.rb +0 -1
data/lib/contrast/extension/assess/assess_extension.rb +1 -2
data/lib/contrast/extension/assess/fiber.rb +1 -1
data/lib/contrast/extension/assess/string.rb +1 -1
data/lib/contrast/extension/inventory.rb +0 -1
data/lib/contrast/framework/base_support.rb +0 -23
data/lib/contrast/framework/manager.rb +0 -9
data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -3
data/lib/contrast/framework/rails/patch/assess_configuration.rb +3 -4
data/lib/contrast/framework/rails/support.rb +3 -32
data/lib/contrast/framework/sinatra/patch/base.rb +1 -1
data/lib/contrast/framework/sinatra/support.rb +11 -22
data/lib/contrast/funchook/funchook.rb +45 -0
data/lib/contrast/logger/application.rb +1 -1
data/lib/contrast/logger/format.rb +51 -0
data/lib/contrast/logger/log.rb +16 -9
data/lib/contrast/utils/assess/tracking_util.rb +45 -20
data/lib/contrast/utils/class_util.rb +3 -1
data/lib/contrast/utils/hash_digest.rb +11 -2
data/lib/contrast/utils/invalid_configuration_util.rb +1 -17
data/lib/contrast/utils/inventory_util.rb +2 -7
data/lib/contrast/utils/object_share.rb +0 -1
data/lib/contrast/utils/os.rb +16 -4
data/lib/contrast/utils/stack_trace_utils.rb +0 -1
data/lib/contrast/utils/tag_util.rb +1 -1
data/lib/contrast/utils/thread_tracker.rb +1 -14
data/lib/contrast/utils/timer.rb +1 -17
data/resources/deadzone/policy.json +5 -0
data/ruby-agent.gemspec +4 -4
data/service_executables/VERSION +1 -1
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +49 -71
data/funchook/Makefile +0 -29
data/funchook/autom4te.cache/output.0 +0 -4976
data/funchook/autom4te.cache/requests +0 -78
data/funchook/autom4te.cache/traces.0 +0 -364
data/funchook/config.log +0 -490
data/funchook/config.status +0 -1016
data/funchook/configure +0 -4976
data/funchook/src/Makefile +0 -70
data/funchook/src/config.h +0 -101
data/funchook/src/config.h.in +0 -100
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.so +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +0 -43
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.o +0 -0
data/lib/contrast/agent/assess/adjusted_span.rb +0 -27
data/lib/contrast/agent/socket_client.rb +0 -134
data/lib/contrast/api/connection_status.rb +0 -49
data/lib/contrast/api/socket.rb +0 -43
data/lib/contrast/api/speedracer.rb +0 -188
data/lib/contrast/api/tcp_socket.rb +0 -29
data/lib/contrast/api/unix_socket.rb +0 -25
data/lib/contrast/framework/sinatra/application_helper.rb +0 -51
data/lib/contrast/framework/view_technologies_descriptor.rb +0 -21
data/lib/contrast/internal_exception.rb +0 -8
data/lib/contrast/utils/cache.rb +0 -58
data/lib/contrast/utils/service_sender_util.rb +0 -167
data/lib/contrast/utils/sinatra_helper.rb +0 -49

data/lib/contrast/api/decorators/trace_event_signature.rb ADDED

@@ -0,0 +1,46 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/utils/string_utils'
+cs__scoped_require 'contrast/utils/assess/tracking_util'
+cs__scoped_require 'base64'
+module Contrast
+  module Api
+    module Decorators
+      # Used to decorate the TraceEventSignature protobuf model
+      module TraceEventSignature
+        def self.included klass
+          klass.extend(ClassMethods)
+        end
+        # Class methods for TraceEventSignature
+        module ClassMethods
+          def build ret_obj, policy_node, args
+            signature = new
+            return_type = ret_obj ? ret_obj.cs__class.name : Contrast::Utils::ObjectShare::NIL_STRING
+            signature.return_type = Contrast::Utils::StringUtils.force_utf8(return_type)
+            signature.class_name = Contrast::Utils::StringUtils.force_utf8(policy_node.class_name)
+            signature.method_name = Contrast::Utils::StringUtils.force_utf8(policy_node.method_name)
+            if args
+              args&.each do |arg|
+                arg_type = arg ? arg.cs__class.name : Contrast::Utils::ObjectShare::NIL_STRING
+                signature.arg_types << Contrast::Utils::StringUtils.force_utf8(arg_type)
+              end
+            end
+            signature.constructor = policy_node.method_name == :new
+            # if there's a ret, then this method isn't nil. not 100% full proof since you can
+            # return nil, but this is the best we've got currently.
+            signature.void_method = ret_obj.nil?
+            # 8 is STATIC in Java... we have to placate them for now
+            # it has been requested that flags be removed since it isn't used
+            signature.flags = 8 unless policy_node.instance_method?
+            signature
+          end
+        end
+      end
+    end
+  end
+end
+Contrast::Api::Dtm::TraceEventSignature.include(Contrast::Api::Decorators::TraceEventSignature)

data/lib/contrast/api/decorators/trace_taint_range.rb ADDED

@@ -0,0 +1,51 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/utils/object_share'
+cs__scoped_require 'contrast/utils/string_utils'
+module Contrast
+  module Api
+    module Decorators
+      # Used to decorate the TraceTaintRange protobuf model
+      module TraceTaintRange
+        def self.included klass
+          klass.extend(ClassMethods)
+        end
+        # Class methods for TraceEventObject
+        module ClassMethods
+          # Convert the tags from Contrast::Agent::Assess::Property::Tagged to
+          # the form required for their Event's DTM.
+          #
+          # @param tags [Hash{String => Array<Contrast::Agent::Assess::Tag>}]
+          # @return [Array<Contrast::Api::Dtm::TraceTaintRange>]
+          def build_for_event tags
+            return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless tags&.any?
+            ranges = []
+            tags.each_value do |value|
+              next if value.empty?
+              value.each { |tag| ranges << build(tag) }
+            end
+            ranges
+          end
+          # Convert our Tags to their DTM equivalent
+          #
+          # @param tag [Contrast::Agent::Assess::Tag]
+          # @return [Contrast::Api::Dtm::TraceTaintRange]
+          def build tag
+            range = Contrast::Api::Dtm::TraceTaintRange.new
+            range.tag = Contrast::Utils::StringUtils.protobuf_safe_string(tag.label)
+            range.range = tag.start_idx.to_s + Contrast::Utils::ObjectShare::COLON + tag.end_idx.to_s
+            range
+          end
+        end
+      end
+    end
+  end
+end
+Contrast::Api::Dtm::TraceTaintRange.include(Contrast::Api::Decorators::TraceTaintRange)

data/lib/contrast/api/decorators/trace_taint_range_tags.rb ADDED

@@ -0,0 +1,109 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+module Contrast
+  module Api
+    module Decorators
+      # A holder for the valid tags that can be sent to the Service, and
+      # ultimately TS, that we have to honor. Placed here so as not to clutter
+      # other code.
+      module TraceTaintRangeTags
+        # EventTagTypeDTM
+        VALID_TAGS = %w[
+          XML_ENCODED
+          XML_DECODED
+          HTML_ENCODED
+          HTML_DECODED
+          URL_ENCODED
+          URL_DECODED
+          CSS_ENCODED
+          CSS_DECODED
+          BASE64_ENCODED
+          BASE64_DECODED
+          JAVASCRIPT_ENCODED
+          JAVASCRIPT_DECODED
+          JAVA_ENCODED
+          JAVA_DECODED
+          CSV_ENCODED
+          CSV_DECODED
+          SQL_ENCODED
+          SQL_DECODED
+          LDAP_ENCODED
+          LDAP_DECODED
+          XPATH_ENCODED
+          XPATH_DECODED
+          OS_ENCODED
+          OS_DECODED
+          VBSCRIPT_ENCODED
+          VBSCRIPT_DECODED
+          POTENTIAL_SANITIZED
+          POTENTIAL_VALIDATED
+          NO_CONTROL_CHARS
+          CUSTOM
+          CUSTOM_ENCODED
+          CUSTOM_ENCODED_CMD_INJECTION
+          CUSTOM_ENCODED_EXPRESSION_LANGUAGE_INJECTION
+          CUSTOM_ENCODED_HEADER_INJECTION
+          CUSTOM_ENCODED_HQL_INJECTION
+          CUSTOM_ENCODED_LDAP_INJECTION
+          CUSTOM_ENCODED_LOG_INJECTION
+          CUSTOM_ENCODED_NOSQL_INJECTION
+          CUSTOM_ENCODED_PATH_TRAVERSAL
+          CUSTOM_ENCODED_REDOS
+          CUSTOM_ENCODED_REFLECTED_XSS
+          CUSTOM_ENCODED_REFLECTION_INJECTION
+          CUSTOM_ENCODED_SMTP_INJECTION
+          CUSTOM_ENCODED_SQL_INJECTION
+          CUSTOM_ENCODED_SSRF
+          CUSTOM_ENCODED_STORED_XSS
+          CUSTOM_ENCODED_TRUST_BOUNDARY_VIOLATION
+          CUSTOM_ENCODED_UNSAFE_CODE_EXECUTION
+          CUSTOM_ENCODED_UNSAFE_READLINE
+          CUSTOM_ENCODED_UNSAFE_XML_DECODE
+          CUSTOM_ENCODED_UNTRUSTED_DESERIALIZATION
+          CUSTOM_ENCODED_UNVALIDATED_FORWARD
+          CUSTOM_ENCODED_UNVALIDATED_REDIRECT
+          CUSTOM_ENCODED_XPATH_INJECTION
+          CUSTOM_ENCODED_XXE
+          CUSTOM_SECURITY_CONTROL_APPLIED
+          CUSTOM_VALIDATED
+          CUSTOM_VALIDATED_CMD_INJECTION
+          CUSTOM_VALIDATED_EXPRESSION_LANGUAGE_INJECTION
+          CUSTOM_VALIDATED_HEADER_INJECTION
+          CUSTOM_VALIDATED_HQL_INJECTION
+          CUSTOM_VALIDATED_LDAP_INJECTION
+          CUSTOM_VALIDATED_LOG_INJECTION
+          CUSTOM_VALIDATED_NOSQL_INJECTION
+          CUSTOM_VALIDATED_PATH_TRAVERSAL
+          CUSTOM_VALIDATED_REDOS
+          CUSTOM_VALIDATED_REFLECTED_XSS
+          CUSTOM_VALIDATED_REFLECTION_INJECTION
+          CUSTOM_VALIDATED_SMTP_INJECTION
+          CUSTOM_VALIDATED_SQL_INJECTION
+          CUSTOM_VALIDATED_SSRF
+          CUSTOM_VALIDATED_STORED_XSS
+          CUSTOM_VALIDATED_TRUST_BOUNDARY_VIOLATION
+          CUSTOM_VALIDATED_UNSAFE_CODE_EXECUTION
+          CUSTOM_VALIDATED_UNSAFE_READLINE
+          CUSTOM_VALIDATED_UNSAFE_XML_DECODE
+          CUSTOM_VALIDATED_UNTRUSTED_DESERIALIZATION
+          CUSTOM_VALIDATED_UNVALIDATED_FORWARD
+          CUSTOM_VALIDATED_UNVALIDATED_REDIRECT
+          CUSTOM_VALIDATED_XPATH_INJECTION
+          CUSTOM_VALIDATED_XXE
+          DATABASE_WRITE
+        ].cs__freeze
+        VALID_SOURCE_TAGS = %w[
+          NO_NEWLINES
+          UNTRUSTED
+          CROSS_SITE
+          LIMITED_CHARS
+        ].cs__freeze
+      end
+    end
+  end
+end

data/lib/contrast/api/decorators/user_input.rb ADDED

@@ -0,0 +1,40 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/utils/string_utils'
+cs__scoped_require 'contrast/utils/assess/tracking_util'
+cs__scoped_require 'base64'
+module Contrast
+  module Api
+    module Decorators
+      # Used to decorate the TraceEventObject protobuf model
+      module UserInput
+        UNKNOWN_USER_INPUT = Contrast::Api::Dtm::UserInput.new.tap do |user_input|
+          user_input.input_type = :UNKNOWN
+        end.cs__freeze
+        def self.included klass
+          klass.extend(ClassMethods)
+        end
+        # Used to add class methods to UserInput
+        module ClassMethods
+          def build_from_ia_result ia_result
+            return UNKNOWN_USER_INPUT.dup unless ia_result
+            user_input = new
+            user_input.input_type = ia_result.input_type.to_i
+            user_input.matcher_ids = ia_result.ids
+            user_input.path = ia_result.path.to_s
+            user_input.key = ia_result.key.to_s
+            user_input.value = ia_result.value.to_s
+            user_input
+          end
+        end
+      end
+    end
+  end
+end
+Contrast::Api::Dtm::UserInput.include(Contrast::Api::Decorators::UserInput)

data/lib/contrast/components/app_context.rb CHANGED

@@ -1,7 +1,6 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/utils/sinatra_helper'
 cs__scoped_require 'rubygems/version'
 module Contrast
@@ -23,12 +22,6 @@ module Contrast
         DEFAULT_SERVER_NAME = 'localhost'
         DEFAULT_SERVER_PATH = '/'
-        def ready?
-          @_ready ||= AGENT.enabled? &&
-              Contrast::Utils::ServiceSenderUtil.connection_established? &&
-              Contrast::Utils::ServiceResponseUtil.update_received?
-        end
         def initialize
           original_pid
         end

data/lib/contrast/components/config.rb CHANGED

@@ -3,6 +3,7 @@
 cs__scoped_require 'contrast/utils/boolean_util'
 cs__scoped_require 'contrast/utils/env_configuration_item'
+cs__scoped_require 'contrast/utils/object_share'
 cs__scoped_require 'contrast/configuration'
 module Contrast
@@ -69,17 +70,11 @@ module Contrast
         end
         def session_id
-          @_session_id ||= begin
-                             s = raw.application.session_id || ''
-                             s.empty? ? nil : s
-                           end
+          @_session_id ||= raw.application.session_id || Contrast::Utils::ObjectShare::EMPTY_STRING
         end
         def session_metadata
-          @_session_metadata ||= begin
-                                   s = raw.application.session_metadata || ''
-                                   s.empty? ? nil : s
-                                 end
+          @_session_metadata ||= raw.application.session_metadata || Contrast::Utils::ObjectShare::EMPTY_STRING
         end
         def valid?
@@ -98,7 +93,7 @@ module Contrast
           # If the config is invalid, and you want to know about it, then
           # you have a circular dependency if you try to log it,
           # hence `log: false`.
-          if session_id && session_metadata
+          if !session_id.empty? && !session_metadata.empty?
             if log
               cs__class.log_error(SESSION_VARIABLES)
             else

data/lib/contrast/components/interface.rb CHANGED

@@ -120,7 +120,7 @@ module Contrast
             @_access_component[sym] = true
           else
-            raise NotImplementedError, "#{ self } asked to access undefined component '#{ sym }'."
+            raise NoMethodError, "#{ self } asked to access undefined component '#{ sym }'."
           end
         end
       end

data/lib/contrast/components/settings.rb CHANGED

@@ -75,12 +75,6 @@ module Contrast
           end
         end
-        def session_id
-          # TODO: RUBY-900 we shouldn't send things w/o having session id,
-          #   figure out how this happened and fix it.
-          application_state[:session_id] || Contrast::Utils::ObjectShare::EMPTY_STRING
-        end
         def initialize
           reset_state
         end

data/lib/contrast/configuration.rb CHANGED

@@ -88,13 +88,13 @@ module Contrast
           puts "!!! Contrast - Configuration file at #{ path } is not readable by current user"
           next
         end
-        config = yaml_to_hash(path)
+        config = yaml_to_hash(path) || {}
         break
       end
       if config.empty?
         puts "!!! Contrast - working directory: #{ Dir.pwd }"
-        puts '!!! Contrast - configuration file could not be found at any of the search paths'
+        puts '!!! Contrast - valid configuration file could not be found at any of the search paths'
         puts 'Valid configuration paths are: '
         configuration_paths.each do |path|
           puts(path)

data/lib/contrast/extension/assess.rb CHANGED

@@ -20,7 +20,6 @@ module Contrast
       cs__scoped_require 'contrast/agent/assess/rule/provider'
       # tagging / dataflow
-      cs__scoped_require 'contrast/agent/assess/adjusted_span'
       cs__scoped_require 'contrast/agent/assess/policy/policy_node'
       cs__scoped_require 'contrast/agent/assess/policy/source_node'
       cs__scoped_require 'contrast/agent/assess/policy/source_method'

data/lib/contrast/extension/assess/assess_extension.rb CHANGED

@@ -122,8 +122,7 @@ module Contrast
               range = existing[0]
               range.repurpose(0, ret_length)
             else
-              span = Contrast::Agent::Assess::AdjustedSpan.new(0, ret_length)
-              ret.cs__properties.add_tag(key, span)
+              ret.cs__properties.add_tag(key, 0...ret_length)
             end
           end
         end

data/lib/contrast/extension/assess/fiber.rb CHANGED

@@ -99,7 +99,7 @@ module Contrast
           def instrument_fiber_track
             @_instrument_fiber_variables ||= begin
-                cs__scoped_require 'cs__assess_fiber_track/cs__assess_fiber_track'
+                cs__scoped_require 'cs__assess_fiber_track/cs__assess_fiber_track' if Funchook.available?
                 true
               end
           rescue StandardError, LoadError => e

data/lib/contrast/extension/assess/string.rb CHANGED

@@ -65,7 +65,7 @@ module Contrast
           def instrument_string_interpolation
             if @_instrument_string_interpolation.nil?
               @_instrument_string_interpolation = begin
-                                                    if AGENT.patch_interpolation?
+                                                    if AGENT.patch_interpolation? && Funchook.available?
                                                       cs__scoped_require 'cs__assess_string_interpolation26/cs__assess_string_interpolation26'
                                                     end
                                                     true

data/lib/contrast/extension/inventory.rb CHANGED

@@ -11,7 +11,6 @@ module Contrast
     #   relevant given the move to C based patching and the lessons learned
     #   therein.
     module Inventory
-      cs__scoped_require 'contrast/internal_exception'
       cs__scoped_require 'contrast/security_exception'
       # patching
       cs__scoped_require 'contrast/agent/inventory/policy/trigger_node'

data/lib/contrast/framework/base_support.rb CHANGED

@@ -23,13 +23,6 @@ module Contrast
           raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
         end
-        # Iterate through known locations, looking for files
-        # that represent view or template files. If found, for each file in the directory
-        # append the technology and the view object to the application update instance
-        def scan_views
-          raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
-        end
         # Find all the predefined routes for this application and append them to the
         # provided inventory message
         # msg should be a Contrast::Api::Dtm::ApplicationUpdate or some other msg
@@ -73,22 +66,6 @@ module Contrast
         def streaming? _env
           false
         end
-        protected
-        def source_or_string obj
-          if obj.cs__is_a?(Regexp)
-            obj.source
-          elsif obj.cs__respond_to?(:safe_string)
-            obj.safe_string
-          else
-            obj.to_s
-          end
-        end
-        def scan_view_directories view_technology_descriptors
-          view_technology_descriptors.reject(&:empty?)
-        end
       end
     end
   end

data/lib/contrast/framework/manager.rb CHANGED

@@ -1,7 +1,6 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/framework/view_technologies_descriptor'
 cs__scoped_require 'contrast/framework/platform_version'
 cs__scoped_require 'contrast/framework/rack/support'
 cs__scoped_require 'contrast/framework/rails/support'
@@ -59,10 +58,6 @@ module Contrast
         patches
       end
-      def find_applicable_view_technologies
-        scan_views_for_all_frameworks
-      end
       def find_route_discovery_data
         routes_for_all_frameworks
       end
@@ -124,10 +119,6 @@ module Contrast
         Contrast::Utils::ClassUtil.truly_defined?(klass)
       end
-      def scan_views_for_all_frameworks
-        data_for_all_frameworks :scan_views
-      end
       def routes_for_all_frameworks
         data_for_all_frameworks :collect_routes
       end