contrast-agent 3.15.0 → 3.16.0

data/lib/contrast/framework/rails/rewrite/active_record_named.rb

@@ -58,9 +58,9 @@ module Contrast
 
             def instrument
               @_instrument_named_track ||= begin
-                                                 require 'cs__assess_active_record_named/cs__assess_active_record_named'
-                                                 true
-                                               end
+                require 'cs__assess_active_record_named/cs__assess_active_record_named'
+                true
+              end
             rescue StandardError, LoadError => e
               logger.error('Error loading active record named track patch', e)
               false

data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb

@@ -12,19 +12,19 @@ module Contrast
         class ActiveRecordTimeZoneInherited
           def self.instrument
             @_instrument ||= begin
-                               ::ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods.class_eval do
-                                 private
+              ::ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods.class_eval do
+                private
 
-                                 alias_method :cs__patched_inherited, :inherited
-                                 def inherited klass # rubocop:disable Lint/MissingSuper
-                                   klass&.instance_variable_set(:@cs__defining_class, true)
-                                   cs__patched_inherited(klass) # This calls the original inherited, which should handle super as needed.
-                                 ensure
-                                   klass&.instance_variable_set(:@cs__defining_class, false)
-                                 end
-                               end
-                               true
-                             end
+                alias_method :cs__patched_inherited, :inherited
+                def inherited klass # rubocop:disable Lint/MissingSuper
+                  klass&.instance_variable_set(:@cs__defining_class, true)
+                  cs__patched_inherited(klass) # This calls the original inherited, which should handle super as needed.
+                ensure
+                  klass&.instance_variable_set(:@cs__defining_class, false)
+                end
+              end
+              true
+            end
           end
         end
       end

data/lib/contrast/framework/sinatra/patch/base.rb

@@ -34,17 +34,17 @@ module Contrast
 
             def instrument
               @_instrument ||= begin
-                                ::Sinatra::Base.class_eval do
-                                  alias_method :cs__patched_sinatra_base_call!, :call!
-                                  # publicly available method for Sinatra::Base things -- unfortunately,
-                                  # getting the routes appear to require a lookup every time
-                                  def call! *args
-                                    Contrast::Framework::Sinatra::Patch::Base.map_route(cs__class, settings, *args)
-                                    cs__patched_sinatra_base_call!(*args)
-                                  end
-                                end
-                                true
-                              end
+                ::Sinatra::Base.class_eval do
+                  alias_method :cs__patched_sinatra_base_call!, :call!
+                  # publicly available method for Sinatra::Base things -- unfortunately,
+                  # getting the routes appear to require a lookup every time
+                  def call! *args
+                    Contrast::Framework::Sinatra::Patch::Base.map_route(cs__class, settings, *args)
+                    cs__patched_sinatra_base_call!(*args)
+                  end
+                end
+                true
+              end
             end
 
             private

data/lib/contrast/framework/sinatra/support.rb

@@ -70,10 +70,10 @@ module Contrast
             return nil unless defined?(::Sinatra) && defined?(::Sinatra::Base)
 
             @_app_class ||= begin
-                              sinatra_layers = ObjectSpace.each_object(::Sinatra::Base).to_a
-                              result_layer = sinatra_layers.find { |layer| layer.app.nil? }
-                              result_layer
-                            end
+              sinatra_layers = ObjectSpace.each_object(::Sinatra::Base).to_a
+              result_layer = sinatra_layers.find { |layer| layer.app.nil? }
+              result_layer
+            end
           end
 
           # Iterate over every class that extends Sinatra::Base, pull out its routes

data/lib/contrast/logger/log.rb

@@ -49,14 +49,19 @@ module Contrast
         path        = valid_path(config_path   || log_file)
         level_const = valid_level(config_level || log_level)
 
+        path_change = path != previous_path
+        level_change = level_const != previous_level
+
         # don't needlessly recreate logger
-        return if @_logger && (path == previous_path) && (level_const == previous_level)
+        return if @_logger && !(path_change || level_change)
 
         @previous_path  = path
         @previous_level = level_const
 
         @_logger = build(path: path, level_const: level_const)
-        log_update
+        # If we're logging to a new path, then let's start it w/ our helpful
+        # data gathering messages
+        log_update if path_change
       rescue StandardError => e
         if logger
           logger.error('Unable to process update to LoggerManager.', e)

data/lib/contrast/utils/invalid_configuration_util.rb

@@ -1,6 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/agent/assess/policy/trigger_method'
 require 'contrast/components/interface'
 
 module Contrast
@@ -41,11 +42,7 @@ module Contrast
           hash = Contrast::Utils::HashDigest.generate_config_hash(finding)
           finding.hash_code = Contrast::Utils::StringUtils.force_utf8(hash)
           finding.preflight = Contrast::Utils::PreflightUtil.create_preflight(finding)
-
-          activity = Contrast::Api::Dtm::Activity.new
-          activity.findings << finding
-
-          Contrast::Agent.messaging_queue.send_event_eventually(activity)
+          Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding)
         end
       rescue StandardError => e
         logger.error('Unable to build a finding', e, rule: rule_id)

data/resources/assess/policy.json

@@ -275,7 +275,7 @@
       "instance_method": true,
       "method_visibility": "public",
       "method_name":"insert",
-      "source":"P1",
+      "source":"O,P1",
       "target":"O",
       "action":"INSERT"
     }, {
@@ -614,7 +614,6 @@
       "action":"CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::MatchData",
       "patch_method": "captures_tagger"
-
     }, {
       "class_name":"MatchData",
       "instance_method": true,
@@ -640,7 +639,9 @@
       "method_name": "gsub",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
-      "patch_method": "gsub_tagger"
+      "patch_method": "gsub_tagger",
+      "source": "O,P",
+      "target": "R"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -648,7 +649,9 @@
       "method_name": "gsub!",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
-      "patch_method": "gsub_tagger"
+      "patch_method": "gsub_tagger",
+      "source": "O,P",
+      "target": "O"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -656,7 +659,9 @@
       "method_name": "sub",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
-      "patch_method": "sub_tagger"
+      "patch_method": "sub_tagger",
+      "source": "O,P",
+      "target": "R"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -664,7 +669,9 @@
       "method_name": "sub!",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
-      "patch_method": "sub_tagger"
+      "patch_method": "sub_tagger",
+      "source": "O,P",
+      "target": "O"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -672,7 +679,9 @@
       "method_name": "tr",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
-      "patch_method": "tr_tagger"
+      "patch_method": "tr_tagger",
+      "source": "O,P",
+      "target": "R"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -680,7 +689,9 @@
       "method_name": "tr!",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
-      "patch_method": "tr_tagger"
+      "patch_method": "tr_tagger",
+      "source": "O,P",
+      "target": "O"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -688,7 +699,9 @@
       "method_name": "tr_s",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
-      "patch_method": "tr_s_tagger"
+      "patch_method": "tr_s_tagger",
+      "source": "O,P",
+      "target": "R"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -696,7 +709,9 @@
       "method_name": "tr_s!",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
-      "patch_method": "tr_s_tagger"
+      "patch_method": "tr_s_tagger",
+      "source": "O,P",
+      "target": "O"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -704,7 +719,9 @@
       "method_name": "[]",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Select",
-      "patch_method": "select_tagger"
+      "patch_method": "select_tagger",
+      "source": "O",
+      "target": "R"
     }, {
       "class_name":"CGI::Util",
       "method_name":"escapeHTML",
@@ -966,7 +983,9 @@
       "method_name": "sprintf",
       "action": "CUSTOM",
       "patch_class": "Contrast::Extension::Assess::KernelPropagator",
-      "patch_method": "sprintf_tagger"
+      "patch_method": "sprintf_tagger",
+      "source": "O,P",
+      "target": "R"
     }, {
       "class_name":"ActiveRecord::ConnectionAdapters::Quoting",
       "instance_method": true,

data/ruby-agent.gemspec

@@ -28,6 +28,7 @@ def self.add_dev_dependencies spec
   spec.add_development_dependency 'factory_bot'
   spec.add_development_dependency 'fake_ftp'
   spec.add_development_dependency 'fasterer'
+  spec.add_development_dependency 'flay'
   spec.add_development_dependency 'openssl'
   spec.add_development_dependency 'parser', '~> 2.6'
   spec.add_development_dependency 'pry'
@@ -37,9 +38,9 @@ def self.add_dev_dependencies spec
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec-benchmark'
   spec.add_development_dependency 'rspec_junit_formatter', '0.3.0'
-  spec.add_development_dependency 'rubocop', '0.89.1'
-  spec.add_development_dependency 'rubocop-performance', '1.7.1'
-  spec.add_development_dependency 'rubocop-rspec', '1.42.0'
+  spec.add_development_dependency 'rubocop', '0.93.1'
+  spec.add_development_dependency 'rubocop-performance', '1.8.1'
+  spec.add_development_dependency 'rubocop-rspec', '1.43.2'
   spec.add_development_dependency 'ruby-debug-ide'
   spec.add_development_dependency 'simplecov', '~> 0.18'
   spec.add_development_dependency 'sinatra', '>= 2'

data/service_executables/VERSION

@@ -1 +1 @@
-2.12.0
+2.14.3

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 3.15.0
+  version: 3.16.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-09-18 00:00:00.000000000 Z
+date: 2020-10-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: amazing_print
@@ -140,6 +140,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: flay
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: openssl
   requirement: !ruby/object:Gem::Requirement
@@ -272,42 +286,42 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.89.1
+        version: 0.93.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.89.1
+        version: 0.93.1
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.7.1
+        version: 1.8.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.7.1
+        version: 1.8.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.42.0
+        version: 1.43.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.42.0
+        version: 1.43.2
 - !ruby/object:Gem::Dependency
   name: ruby-debug-ide
   requirement: !ruby/object:Gem::Requirement
@@ -484,18 +498,18 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
 - ext/cs__assess_module/extconf.rb
-- ext/cs__assess_active_record_named/extconf.rb
-- ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_string/extconf.rb
-- ext/cs__assess_fiber_track/extconf.rb
-- ext/cs__assess_regexp/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
+- ext/cs__protect_kernel/extconf.rb
+- ext/cs__assess_array/extconf.rb
 - ext/cs__assess_hash/extconf.rb
 - ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__assess_array/extconf.rb
-- ext/cs__protect_kernel/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
+- ext/cs__assess_regexp/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
+- ext/cs__assess_string/extconf.rb
+- ext/cs__contrast_patch/extconf.rb
+- ext/cs__assess_active_record_named/extconf.rb
+- ext/cs__assess_fiber_track/extconf.rb
 - ext/cs__assess_basic_object/extconf.rb
 - ext/cs__assess_string_interpolation26/extconf.rb
 extra_rdoc_files: []