RubyGems - contrast-agent - Versions diffs - 3.15.0 → 3.16.0 - Mend

contrast-agent 3.15.0 → 3.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (74) hide show

data/lib/contrast/framework/rails/rewrite/active_record_named.rb CHANGED

@@ -58,9 +58,9 @@ module Contrast
             def instrument
               @_instrument_named_track ||= begin
-                                                 require 'cs__assess_active_record_named/cs__assess_active_record_named'
-                                                 true
-                                               end
+                require 'cs__assess_active_record_named/cs__assess_active_record_named'
+                true
+              end
             rescue StandardError, LoadError => e
               logger.error('Error loading active record named track patch', e)
               false

data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb CHANGED

@@ -12,19 +12,19 @@ module Contrast
         class ActiveRecordTimeZoneInherited
           def self.instrument
             @_instrument ||= begin
-                               ::ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods.class_eval do
-                                 private
+              ::ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods.class_eval do
+                private
-                                 alias_method :cs__patched_inherited, :inherited
-                                 def inherited klass # rubocop:disable Lint/MissingSuper
-                                   klass&.instance_variable_set(:@cs__defining_class, true)
-                                   cs__patched_inherited(klass) # This calls the original inherited, which should handle super as needed.
-                                 ensure
-                                   klass&.instance_variable_set(:@cs__defining_class, false)
-                                 end
-                               end
-                               true
-                             end
+                alias_method :cs__patched_inherited, :inherited
+                def inherited klass # rubocop:disable Lint/MissingSuper
+                  klass&.instance_variable_set(:@cs__defining_class, true)
+                  cs__patched_inherited(klass) # This calls the original inherited, which should handle super as needed.
+                ensure
+                  klass&.instance_variable_set(:@cs__defining_class, false)
+                end
+              end
+              true
+            end
           end
         end
       end

data/lib/contrast/framework/sinatra/patch/base.rb CHANGED

@@ -34,17 +34,17 @@ module Contrast
             def instrument
               @_instrument ||= begin
-                                ::Sinatra::Base.class_eval do
-                                  alias_method :cs__patched_sinatra_base_call!, :call!
-                                  # publicly available method for Sinatra::Base things -- unfortunately,
-                                  # getting the routes appear to require a lookup every time
-                                  def call! *args
-                                    Contrast::Framework::Sinatra::Patch::Base.map_route(cs__class, settings, *args)
-                                    cs__patched_sinatra_base_call!(*args)
-                                  end
-                                end
-                                true
-                              end
+                ::Sinatra::Base.class_eval do
+                  alias_method :cs__patched_sinatra_base_call!, :call!
+                  # publicly available method for Sinatra::Base things -- unfortunately,
+                  # getting the routes appear to require a lookup every time
+                  def call! *args
+                    Contrast::Framework::Sinatra::Patch::Base.map_route(cs__class, settings, *args)
+                    cs__patched_sinatra_base_call!(*args)
+                  end
+                end
+                true
+              end
             end
             private

data/lib/contrast/framework/sinatra/support.rb CHANGED

@@ -70,10 +70,10 @@ module Contrast
             return nil unless defined?(::Sinatra) && defined?(::Sinatra::Base)
             @_app_class ||= begin
-                              sinatra_layers = ObjectSpace.each_object(::Sinatra::Base).to_a
-                              result_layer = sinatra_layers.find { |layer| layer.app.nil? }
-                              result_layer
-                            end
+              sinatra_layers = ObjectSpace.each_object(::Sinatra::Base).to_a
+              result_layer = sinatra_layers.find { |layer| layer.app.nil? }
+              result_layer
+            end
           end
           # Iterate over every class that extends Sinatra::Base, pull out its routes

data/lib/contrast/logger/log.rb CHANGED

@@ -49,14 +49,19 @@ module Contrast
         path        = valid_path(config_path   || log_file)
         level_const = valid_level(config_level || log_level)
+        path_change = path != previous_path
+        level_change = level_const != previous_level
         # don't needlessly recreate logger
-        return if @_logger && (path == previous_path) && (level_const == previous_level)
+        return if @_logger && !(path_change || level_change)
         @previous_path  = path
         @previous_level = level_const
         @_logger = build(path: path, level_const: level_const)
-        log_update
+        # If we're logging to a new path, then let's start it w/ our helpful
+        # data gathering messages
+        log_update if path_change
       rescue StandardError => e
         if logger
           logger.error('Unable to process update to LoggerManager.', e)

data/lib/contrast/utils/invalid_configuration_util.rb CHANGED

@@ -1,6 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+require 'contrast/agent/assess/policy/trigger_method'
 require 'contrast/components/interface'
 module Contrast
@@ -41,11 +42,7 @@ module Contrast
           hash = Contrast::Utils::HashDigest.generate_config_hash(finding)
           finding.hash_code = Contrast::Utils::StringUtils.force_utf8(hash)
           finding.preflight = Contrast::Utils::PreflightUtil.create_preflight(finding)
-          activity = Contrast::Api::Dtm::Activity.new
-          activity.findings << finding
-          Contrast::Agent.messaging_queue.send_event_eventually(activity)
+          Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding)
         end
       rescue StandardError => e
         logger.error('Unable to build a finding', e, rule: rule_id)

data/resources/assess/policy.json CHANGED

@@ -275,7 +275,7 @@
       "instance_method": true,
       "method_visibility": "public",
       "method_name":"insert",
-      "source":"P1",
+      "source":"O,P1",
       "target":"O",
       "action":"INSERT"
     }, {
@@ -614,7 +614,6 @@
       "action":"CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::MatchData",
       "patch_method": "captures_tagger"
     }, {
       "class_name":"MatchData",
       "instance_method": true,
@@ -640,7 +639,9 @@
       "method_name": "gsub",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
-      "patch_method": "gsub_tagger"
+      "patch_method": "gsub_tagger",
+      "source": "O,P",
+      "target": "R"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -648,7 +649,9 @@
       "method_name": "gsub!",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
-      "patch_method": "gsub_tagger"
+      "patch_method": "gsub_tagger",
+      "source": "O,P",
+      "target": "O"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -656,7 +659,9 @@
       "method_name": "sub",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
-      "patch_method": "sub_tagger"
+      "patch_method": "sub_tagger",
+      "source": "O,P",
+      "target": "R"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -664,7 +669,9 @@
       "method_name": "sub!",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
-      "patch_method": "sub_tagger"
+      "patch_method": "sub_tagger",
+      "source": "O,P",
+      "target": "O"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -672,7 +679,9 @@
       "method_name": "tr",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
-      "patch_method": "tr_tagger"
+      "patch_method": "tr_tagger",
+      "source": "O,P",
+      "target": "R"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -680,7 +689,9 @@
       "method_name": "tr!",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
-      "patch_method": "tr_tagger"
+      "patch_method": "tr_tagger",
+      "source": "O,P",
+      "target": "O"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -688,7 +699,9 @@
       "method_name": "tr_s",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
-      "patch_method": "tr_s_tagger"
+      "patch_method": "tr_s_tagger",
+      "source": "O,P",
+      "target": "R"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -696,7 +709,9 @@
       "method_name": "tr_s!",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
-      "patch_method": "tr_s_tagger"
+      "patch_method": "tr_s_tagger",
+      "source": "O,P",
+      "target": "O"
     }, {
       "class_name": "String",
       "instance_method": true,
@@ -704,7 +719,9 @@
       "method_name": "[]",
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Select",
-      "patch_method": "select_tagger"
+      "patch_method": "select_tagger",
+      "source": "O",
+      "target": "R"
     }, {
       "class_name":"CGI::Util",
       "method_name":"escapeHTML",
@@ -966,7 +983,9 @@
       "method_name": "sprintf",
       "action": "CUSTOM",
       "patch_class": "Contrast::Extension::Assess::KernelPropagator",
-      "patch_method": "sprintf_tagger"
+      "patch_method": "sprintf_tagger",
+      "source": "O,P",
+      "target": "R"
     }, {
       "class_name":"ActiveRecord::ConnectionAdapters::Quoting",
       "instance_method": true,

data/ruby-agent.gemspec CHANGED

@@ -28,6 +28,7 @@ def self.add_dev_dependencies spec
   spec.add_development_dependency 'factory_bot'
   spec.add_development_dependency 'fake_ftp'
   spec.add_development_dependency 'fasterer'
+  spec.add_development_dependency 'flay'
   spec.add_development_dependency 'openssl'
   spec.add_development_dependency 'parser', '~> 2.6'
   spec.add_development_dependency 'pry'
@@ -37,9 +38,9 @@ def self.add_dev_dependencies spec
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec-benchmark'
   spec.add_development_dependency 'rspec_junit_formatter', '0.3.0'
-  spec.add_development_dependency 'rubocop', '0.89.1'
-  spec.add_development_dependency 'rubocop-performance', '1.7.1'
-  spec.add_development_dependency 'rubocop-rspec', '1.42.0'
+  spec.add_development_dependency 'rubocop', '0.93.1'
+  spec.add_development_dependency 'rubocop-performance', '1.8.1'
+  spec.add_development_dependency 'rubocop-rspec', '1.43.2'
   spec.add_development_dependency 'ruby-debug-ide'
   spec.add_development_dependency 'simplecov', '~> 0.18'
   spec.add_development_dependency 'sinatra', '>= 2'

data/service_executables/VERSION CHANGED

	@@ -1 +1 @@
1	- 2.12.0
1	+ 2.14.3

data/service_executables/linux/contrast-service CHANGED

Binary file

data/service_executables/mac/contrast-service CHANGED

Binary file

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 3.15.0
+  version: 3.16.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -12,7 +12,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-09-18 00:00:00.000000000 Z
+date: 2020-10-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: amazing_print
@@ -140,6 +140,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: flay
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: openssl
   requirement: !ruby/object:Gem::Requirement
@@ -272,42 +286,42 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.89.1
+        version: 0.93.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.89.1
+        version: 0.93.1
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.7.1
+        version: 1.8.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.7.1
+        version: 1.8.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.42.0
+        version: 1.43.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.42.0
+        version: 1.43.2
 - !ruby/object:Gem::Dependency
   name: ruby-debug-ide
   requirement: !ruby/object:Gem::Requirement
@@ -484,18 +498,18 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
 - ext/cs__assess_module/extconf.rb
-- ext/cs__assess_active_record_named/extconf.rb
-- ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_string/extconf.rb
-- ext/cs__assess_fiber_track/extconf.rb
-- ext/cs__assess_regexp/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
+- ext/cs__protect_kernel/extconf.rb
+- ext/cs__assess_array/extconf.rb
 - ext/cs__assess_hash/extconf.rb
 - ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__assess_array/extconf.rb
-- ext/cs__protect_kernel/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
+- ext/cs__assess_regexp/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
+- ext/cs__assess_string/extconf.rb
+- ext/cs__contrast_patch/extconf.rb
+- ext/cs__assess_active_record_named/extconf.rb
+- ext/cs__assess_fiber_track/extconf.rb
 - ext/cs__assess_basic_object/extconf.rb
 - ext/cs__assess_string_interpolation26/extconf.rb
 extra_rdoc_files: []