contrast-agent 3.15.0 → 4.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ac8fc7d0e9c127859cf7bdb149c7ac519286c4329bd81ad28db4963128e0cd63
-  data.tar.gz: 784afc67ef269df8dfbaed392e8ad28e2e3b679113ed8679625f95033e324929
+  metadata.gz: 772706612c29bc99cb9861c736056218e830881daba5ea2f9a4a2e86ecaf83ab
+  data.tar.gz: 85d07cd9104e2b6f0c1e04e5ee4d1562ad8de62a7155dd761cdcaa554f4e68fd
 SHA512:
-  metadata.gz: c1a5563b34a4eba33fdf8094986362f70c88bda53102899bb01ad0096588d26883b5e7ad475e41afa15b95674b8c2810cfe6546c6779b8e3b2030bf7bb1e33d6
-  data.tar.gz: 1a1eb220719c1caf3f7153108bff4ac5132130d6879dc2b425e6dd31720e4c76bda9c27c0ac65fa00ccb846a31cb173e04dc7d3320ba3079ea9b785a62991f00
+  metadata.gz: 2e80a24fd38c3f88377abc59e146c755ec6e0272a64fd3af6d840888e33672513fc62539d9d9eae6de49d5c46bcce34ce656a8f8afe3fa71c0e80a3215b58753
+  data.tar.gz: 8bf6282052071f42dba4e40b0cd3abf9f15531a4e0fdff208d047d5a679c5268a903be5d93ec178d2ace254b5784548753c795088fdd6edac56bcd38ac1d2997

data/Rakefile

@@ -18,6 +18,7 @@ Dir['ext/cs__*'].each do |extension|
   end
 end
 
+desc 'compile the protobuf files for the agent, translating them to .rb classes'
 task :contrast_pb_compile do
   # do some stuff before compile
 

data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c

@@ -5,28 +5,39 @@
 #include "../cs__common/cs__common.h"
 #include <ruby.h>
 
-static VALUE contrast_assess_marshal_module_load(const int argc,
+static VALUE contrast_marshal_module_load(const int argc,
                                                  const VALUE *argv) {
     VALUE result;
     VALUE source_string;
-    result = rb_call_super(argc, argv);
 
+    // Our patches only need only apply in the case where there was valid input.
     if (argc >= 1) {
         source_string = argv[0];
+    } else {
+        source_string = Qnil;
+    }
+
+    // Run our protect code ahead of the original method
+    if (source_string != Qnil) {
+        rb_funcall(marshal_propagator, rb_sym_protect_marshal_load, 1, source_string);
+    }
 
+    // Invoke the original method
+    result = rb_call_super(argc, argv);
+
+    // Run our assess code after the original method
+    if (source_string != Qnil) {
         VALUE tracked =
             rb_funcall(properties_hash, rb_sym_hash_tracked, 1, source_string);
 
+        // Assuming the source is tracked and needs assess checks
         if (tracked == Qtrue) {
             VALUE skip =
                 rb_funcall(contrast_patcher(), rb_sym_skip_assess_analysis, 0);
-
+            // And Assess is enabled and applies to this request
             if (skip == Qfalse) {
-                VALUE scope =
-                    rb_funcall(contrast_patcher(), rb_sym_enter_scope, 0);
-                rb_funcall(marshal_module, rb_sym_assess_load_trigger_check, 2,
+                rb_funcall(marshal_propagator, rb_sym_assess_marshal_load, 2,
                            source_string, result);
-                rb_funcall(contrast_patcher(), rb_sym_exit_scope, 0);
             }
         }
     }
@@ -37,10 +48,11 @@ void Init_cs__assess_marshal_module(void) {
     // Contrast::Agent::Assess::Tracker::PROPERTIES_HASH
     VALUE tracker = rb_define_class_under(assess, "Tracker", rb_cObject);
     properties_hash = rb_const_get(tracker, rb_intern("PROPERTIES_HASH"));
-    marshal_module =
+    marshal_propagator =
         rb_define_class_under(core_assess, "MarshalPropagator", rb_cObject);
-    rb_sym_assess_load_trigger_check = rb_intern("cs__load_trigger_check");
+    rb_sym_assess_marshal_load = rb_intern("cs__load_assess");
+    rb_sym_protect_marshal_load = rb_intern("cs__load_protect");
 
     contrast_register_singleton_prepend_patch(
-        "Marshal", "load", &contrast_assess_marshal_module_load);
+        "Marshal", "load", &contrast_marshal_module_load);
 }

data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h

@@ -1,8 +1,9 @@
 #include <ruby.h>
 
-static VALUE marshal_module;
+static VALUE marshal_propagator;
 
-static VALUE rb_sym_assess_load_trigger_check;
+static VALUE rb_sym_assess_marshal_load;
+static VALUE rb_sym_protect_marshal_load;
 static VALUE properties_hash;
 
 /*
@@ -13,7 +14,7 @@ static VALUE properties_hash;
  * special case this for now.
  * -HM (shamelessly commenting on DP's work)
  */
-static VALUE contrast_assess_marshal_module_load(const int argc,
+static VALUE contrast_marshal_module_load(const int argc,
                                                  const VALUE *argv);
 
 void Init_cs__assess_marshal_module(void);

data/lib/contrast/agent.rb

@@ -23,7 +23,6 @@ require 'contrast/extension/protect'
 require 'contrast/extension/protect/kernel'
 
 require 'contrast/utils/object_share'
-require 'contrast/utils/boolean_util'
 require 'contrast/utils/string_utils'
 require 'contrast/utils/io_util'
 require 'contrast/utils/os'
@@ -88,18 +87,11 @@ require 'contrast/agent/assess'
 # protect rules
 require 'contrast/agent/protect/rule'
 
-# application libraries
-require 'contrast/utils/gemfile_reader'
+# application libraries and technologies
+require 'contrast/agent/inventory'
 
 # rack event monitoring
 require 'contrast/agent/middleware'
 
-# TODO: RUBY-919
-# Refactor to use Contrast::Framework::Manager
-# Contrast::Framework::Manager.before_load_patches!
-if defined?(::Rails)
-  require 'contrast/framework/rails/patch/support'
-  require 'contrast/framework/rails/patch/rails_application_configuration'
-  Contrast::Framework::Rails::Patch::RailsApplicationConfiguration.instrument
-  require 'contrast/agent/railtie' if ::Rails::VERSION::MAJOR.to_i >= 3
-end
+# Install the patches we need before the application has a chance to initialize
+Contrast::Agent.framework_manager.before_load_patches!

data/lib/contrast/agent/assess/contrast_event.rb

@@ -9,6 +9,8 @@ require 'contrast/utils/prevent_serialization'
 require 'contrast/utils/stack_trace_utils'
 require 'contrast/utils/string_utils'
 require 'contrast/utils/timer'
+require 'contrast/components/interface'
+require 'contrast/agent/assess/contrast_object'
 
 module Contrast
   module Agent
@@ -16,46 +18,32 @@ module Contrast
       # This class holds the data about an event in the application
       # We'll use it to build an event that TeamServer can consume if
       # the object to which this event belongs ends in a trigger.
+      #
+      # @attr_reader event_id [Integer] the atomic id of this event
+      # @attr_reader policy_node [Contrast::Agent::Assess::Policy::PolicyNode]
+      #   the node that governs this event.
+      # @attr_reader stack_trace [Array<String>] the execution stack at the
+      #   time the method for this event was invoked
+      # @attr_reader time [Integer] the time, in epoch ms, when this event was
+      #   created
+      # @attr_reader thread [Integer] the object id of the thread on which this
+      #   event was generated
+      # @attr_reader object [Contrast::Agent::Assess::ContrastObject] the safe
+      #   representation of the Object on which the method was invoked
+      # @attr_reader ret [Contrast::Agent::Assess::ContrastObject] the safe
+      #   representation of the Return of the invoked method
+      # @attr_reader args [Array<Contrast::Agent::Assess::ContrastObject>] the
+      #   safe representation of the Arguments with which the method was invoked
       class ContrastEvent
         include Contrast::Utils::PreventSerialization
+        include Contrast::Components::Interface
+        access_component :analysis
 
-        class << self
-          def safe_args_representation args
-            return nil unless args
-            return Contrast::Utils::ObjectShare::EMPTY_ARRAY if args.empty?
-
-            rep = []
-            args.each do |arg|
-              # We have to handle named args
-              rep <<  if arg.is_a?(Hash)
-                        safe_arg_hash_representation(arg)
-                      else
-                        Contrast::Utils::ClassUtil.to_contrast_string(arg)
-                      end
-            end
-            rep
-          end
-
-          def safe_arg_hash_representation hash
-            # since this is the named hash for arguments, only the value is
-            # suspect here
-            hash.transform_values { |v| Contrast::Utils::ClassUtil.to_contrast_string(v) }
-          end
-
-          # if given an object that can be duped, duplicate it. otherwise just
-          # return the original object. swallow all exceptions from
-          # non-duplicable things.
-          #
-          # we can't just check respond_to? though b/c dup exists on the
-          # base Object class
-          def safe_dup original
-            return nil unless original
-
-            Contrast::Agent::Assess::Tracker.duplicate(original)
-          end
-        end
-
-        attr_reader :event_id, :parent_ids, :policy_node, :stack_trace, :time, :thread, :object, :ret, :args
+        attr_reader :event_id, :policy_node, :stack_trace, :time, :thread,
+                    :object,
+                    :ret,
+                    :args,
+                    :tags
 
         # We need this to track the parent id's of events to build up a flow
         # chart of the finding
@@ -70,85 +58,38 @@ module Contrast
           end
         end
 
+        # @param policy_node [Contrast::Agent::Assess::Policy::PolicyNode]
+        #   the node that governs this event.
+        # @param tagged [Object] the Target to which this event pertains.
+        # @param object [Object] the Object on which the method was invoked
+        # @param ret [Object] the Return of the invoked method
+        # @param args [Array<Object>] the Arguments with which the method
+        #   was invoked
         def initialize policy_node, tagged, object, ret, args
           @policy_node = policy_node
-          # so long as this event is built in a factory, we know Contrast Code
+
+          # Capture stacktraces only as configured.
+          #
+          # So long as this event is built in a factory, we know Contrast Code
           # will be the first three events
-          @stack_trace = caller(3, 20)
+          @stack_trace = if ASSESS.capture_stacktrace?(policy_node)
+                           caller(3, 20)
+                         else
+                           Contrast::Utils::ObjectShare::EMPTY_ARRAY
+                         end
+
           @time = Contrast::Utils::Timer.now_ms
           @thread = Thread.current.object_id
 
           # These methods rely on the above being set. Don't move them!
           @event_id = Contrast::Agent::Assess::ContrastEvent.next_atomic_id
-          @parent_ids = find_parent_ids(policy_node, object, ret, args)
-          snapshot(tagged, object, ret, args)
-        end
-
-        # Parent IDs are the event ids of all the sources of this event which
-        # were tracked prior to this event occurring
-        def find_parent_ids policy_node, object, ret, args
-          mapped = policy_node.sources.map do |source|
-            value_of_source(source, object, ret, args)
-          end
-          selected = mapped.select do |source|
-            source && Contrast::Agent::Assess::Tracker.properties(source)&.events&.last
-          end
-          selected.map do |source|
-            properties = Contrast::Agent::Assess::Tracker.properties(source)
-            properties.events.last.event_id
-          end
+          @tags = Contrast::Agent::Assess::Tracker.properties(tagged)&.tags
+          find_parent_events!(policy_node, object, ret, args)
+          snapshot!(object, ret, args)
         end
 
-        def snapshot tagged, object, ret, args
-          target = @policy_node.target
-          case target
-            # If the target is nil, this rule was violated simply by a method
-            # being called. We'll save all the information, but nothing will be
-            # marked up, as nothing need be tracked
-          when nil
-            @object = Contrast::Utils::ClassUtil.to_contrast_string(object)
-            @args = cs__class.safe_args_representation(args)
-            @ret = Contrast::Utils::ClassUtil.to_contrast_string(ret)
-            # If the target is O, then we dup the O and safely represent the rest
-          when Contrast::Utils::ObjectShare::OBJECT_KEY
-            @object = cs__class.safe_dup(tagged)
-            @args = cs__class.safe_args_representation(args)
-            @ret = Contrast::Utils::ClassUtil.to_contrast_string(ret)
-            # If the target is R, then we dup the R and safely represent the rest
-          when Contrast::Utils::ObjectShare::RETURN_KEY
-            @object = Contrast::Utils::ClassUtil.to_contrast_string(object)
-            @args = cs__class.safe_args_representation(args)
-            @ret = cs__class.safe_dup(tagged)
-            # If the target is P*, then we need to dup things a differently. We
-            # need to find the true target inside so that we can mark it up
-            # later, but the other args should be represented as their safe form.
-          else
-            @object = Contrast::Utils::ClassUtil.to_contrast_string(object)
-            @args = cs__class.safe_args_representation(args)
-            @ret = Contrast::Utils::ClassUtil.to_contrast_string(ret)
-            save_target_arg(target, tagged)
-          end
-        end
-
-        # I know we're creating an extra string here since we replace the safe
-        # one w/ a dup, but good enough for now. Trying not to make this too
-        # complicated. - HM 8/8/19
-        def save_target_arg target, tagged
-          return if @args.cs__frozen?
-
-          if target.is_a?(Integer)
-            @args[target] = cs__class.safe_dup(tagged)
-            return
-          end
-
-          @args.each_with_index do |search, index|
-            next unless search.is_a?(Hash)
-            next unless search[target]
-
-            search[target] = cs__class.safe_dup(tagged)
-            @highlight = index
-            break
-          end
+        def parent_events
+          @_parent_events ||= []
         end
 
         # We have to do a little work to figure out what our TS appropriate
@@ -157,25 +98,59 @@ module Contrast
         #    Per TS law, each policy_node must have at least a source or a target.
         #    The only type of policy_node w/o targets is a Trigger, but that may
         #    change.
-        # 2) If I have a highlight, it means that I have a P target that is
-        #    not in integer form (it was a named / keyword type for which I had
-        #    to find the index). I need to address this so that TS can process
-        #    it.
-        # 3) I'll set the event's source and target to TS values.
-        # 4) Return the highlight or the first source/target as the taint
-        #    target.
+        # 2) I'll set the event's source and target to TS values.
+        # 3) Return the first source/target as the taint target.
         def determine_taint_target event_dtm
           if @policy_node&.targets&.any?
             event_dtm.source = @policy_node.source_string if @policy_node.source_string
-            event_dtm.target = @highlight ? "P#{ @highlight }" : @policy_node.target_string
-            @highlight || @policy_node.targets[0]
+            event_dtm.target = @policy_node.target_string
+            @policy_node.targets[0]
           elsif policy_node&.sources&.any?
-            event_dtm.source = @highlight ? "P#{ @highlight }" : @policy_node.source_string
+            event_dtm.source = @policy_node.source_string
             event_dtm.target = @policy_node.target_string if @policy_node.target_string
-            @highlight || @policy_node.sources[0]
+            @policy_node.sources[0]
+          end
+        end
+
+        # Convert this event into a DTM that TeamServer can consume
+        def to_dtm_event
+          Contrast::Api::Dtm::TraceEvent.build(self)
+        end
+
+        private
+
+        # Parent events are the events of all the sources of this event which
+        # were tracked prior to this event occurring. Depending on which, if
+        # any of the sources were tracked, there may be more than one parent.
+        #
+        # All events except for [Contrast::Agent::Assess::Events::SourceEvent]
+        # will have at least one parent.
+        #
+        # We set those events to this event's instance variables.
+        #
+        # @param policy_node [Contrast::Agent::Assess::Policy::PolicyNode]
+        #   the node that governs this event.
+        # @param object [Object] the Object on which the method was invoked
+        # @param ret [Object] the Return of the invoked method
+        # @param args [Array<Object>] the Arguments with which the method
+        #   was invoked
+        def find_parent_events! policy_node, object, ret, args
+          policy_node.sources.each do |source_marker|
+            source = value_of_source(source_marker, object, ret, args)
+            next unless source
+
+            event = Contrast::Agent::Assess::Tracker.properties(source)&.event
+            parent_events << event if event
           end
         end
 
+        # @param source [String] the marker for the source type
+        # @param object [Object] the Object on which the method was invoked
+        # @param ret [Object] the Return of the invoked method
+        # @param args [Array<Object>] the Arguments with which the method
+        #   was invoked
+        # @return [Object,nil] the literal value of the source indicated by the
+        #   given marker
         def value_of_source source, object, ret, args
           case source
           when Contrast::Utils::ObjectShare::OBJECT_KEY
@@ -183,22 +158,38 @@ module Contrast
           when Contrast::Utils::ObjectShare::RETURN_KEY
             ret
           else
-            if source.is_a?(Integer)
-              args[source]
-            else
-              args.each do |search|
-                next unless search.is_a?(Hash)
-
-                s = search[source]
-                return s if s
-              end
-            end
+            args[source]
           end
         end
 
-        # Convert this event into a DTM that TeamServer can consume
-        def to_dtm_event
-          Contrast::Api::Dtm::TraceEvent.build(self)
+        # Everything* is mutable in Ruby. As such, to ensure we can accurately
+        # report the application state at the time of this method's invocation,
+        # we have to snapshot the given values, making safe representations of
+        # them for our later use. We set those safe values to this event's
+        # instance variables.
+        #
+        # @param object [Object] the Object on which the method was invoked
+        # @param ret [Object] the Return of the invoked method
+        # @param args [Array<Object>] the Arguments with which the method
+        #   was invoked
+        def snapshot! object, ret, args
+          @object = Contrast::Agent::Assess::ContrastObject.new(object) if object
+          @ret = Contrast::Agent::Assess::ContrastObject.new(ret) if ret
+          @args = safe_args_representation(args)
+          self
+        end
+
+        # Given an array of arguments, copy them into a safe, meaning String,
+        # format that we can use to send to SR and TS for rendering.
+        #
+        # @param args [Array<Object>] the arguments to translate
+        # @return [Array<Contrast::Agent::Assess::ContrastObject>] the String forms of those Objects, as
+        #   determined by Contrast::Utils::ClassUtil.to_contrast_string
+        def safe_args_representation args
+          return unless args
+          return Contrast::Utils::ObjectShare::EMPTY_ARRAY if args.empty?
+
+          args.map { |arg| arg ? Contrast::Agent::Assess::ContrastObject.new(arg) : nil }
         end
       end
     end

data/lib/contrast/agent/assess/contrast_object.rb

@@ -0,0 +1,51 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/class_util'
+
+module Contrast
+  module Agent
+    module Assess
+      # This class is a convenient holder of our version of an Object. It
+      # creates a String version of the Object from the original provided
+      # and keeps reference to the original's Tags, letting us determine if it
+      # was tracked when we try to report to TeamServer.
+      #
+      # @attr_reader object [String, nil] the Contrast string representing the
+      #   object.
+      # @attr_reader object_type [String] the name of the object's module.
+      # @attr_reader tags [Hash{String => Contrast::Agent::Assess::Tag}, nil]
+      #   the tags on the object before it was captured.
+      #
+      # TODO: RUBY-1083 determine if this is expensive and/or worth not storing
+      #   these values directly on ContrastEvent and passing them around. Args
+      #   probably make the argument for wrapping them b/c otherwise we'll have
+      #   to keep two arrays in synch or make an array of arrays, at which
+      #   point, we may as well make this.
+      class ContrastObject
+        attr_reader :object, :object_type, :tags
+
+        # Capture the details about the object which we need to render it in
+        # TeamServer.
+        #
+        # @param object [Object] the thing to keep a Contrast String of
+        def initialize object
+          if object
+            @object = Contrast::Utils::ClassUtil.to_contrast_string(object)
+            @object_type = object.cs__class.name
+            # TODO: RUBY-1084 determine if we need to copy these tags to
+            #   restore immutability. For instance, if these tags were on a
+            #   String that was then #reverse!'d, would our tags be wrong?
+            @tags = Contrast::Agent::Assess::Tracker.properties(object)&.tags
+          else
+            @object_type = Contrast::Utils::ObjectShare::NIL_STRING
+          end
+        end
+
+        def tracked?
+          tags&.any?
+        end
+      end
+    end
+  end
+end