contrast-agent 3.15.0 → 4.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Rakefile +1 -0
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +22 -10
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +4 -3
- data/lib/contrast/agent.rb +4 -12
- data/lib/contrast/agent/assess/contrast_event.rb +121 -130
- data/lib/contrast/agent/assess/contrast_object.rb +51 -0
- data/lib/contrast/agent/assess/events/source_event.rb +5 -10
- data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +10 -3
- data/lib/contrast/agent/assess/policy/patcher.rb +4 -3
- data/lib/contrast/agent/assess/policy/policy_node.rb +46 -69
- data/lib/contrast/agent/assess/policy/policy_scanner.rb +19 -2
- data/lib/contrast/agent/assess/policy/preshift.rb +3 -3
- data/lib/contrast/agent/assess/policy/propagation_method.rb +13 -19
- data/lib/contrast/agent/assess/policy/propagation_node.rb +12 -24
- data/lib/contrast/agent/assess/policy/propagator/append.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/center.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +1 -3
- data/lib/contrast/agent/assess/policy/propagator/insert.rb +2 -3
- data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/match_data.rb +3 -5
- data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/remove.rb +2 -4
- data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/select.rb +4 -7
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +2 -9
- data/lib/contrast/agent/assess/policy/propagator/split.rb +77 -122
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +32 -25
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +3 -7
- data/lib/contrast/agent/assess/policy/source_method.rb +2 -14
- data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +9 -13
- data/lib/contrast/agent/assess/policy/trigger/xpath.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_method.rb +39 -14
- data/lib/contrast/agent/assess/policy/trigger_node.rb +31 -37
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
- data/lib/contrast/agent/assess/property/evented.rb +5 -18
- data/lib/contrast/agent/assess/property/tagged.rb +28 -16
- data/lib/contrast/agent/assess/property/updated.rb +0 -5
- data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +58 -5
- data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +23 -8
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +83 -14
- data/lib/contrast/agent/assess/rule/redos.rb +1 -1
- data/lib/contrast/agent/assess/tag.rb +1 -1
- data/lib/contrast/agent/assess/tracker.rb +16 -18
- data/lib/contrast/agent/at_exit_hook.rb +5 -5
- data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +7 -0
- data/lib/contrast/agent/inventory.rb +15 -0
- data/lib/contrast/agent/inventory/dependencies.rb +50 -0
- data/lib/contrast/agent/inventory/dependency_analysis.rb +37 -0
- data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +104 -0
- data/lib/contrast/agent/inventory/gemfile_digest_cache.rb +38 -0
- data/lib/contrast/agent/middleware.rb +51 -3
- data/lib/contrast/agent/patching/policy/after_load_patch.rb +5 -5
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +20 -20
- data/lib/contrast/agent/patching/policy/method_policy.rb +1 -1
- data/lib/contrast/agent/patching/policy/module_policy.rb +10 -10
- data/lib/contrast/agent/patching/policy/patch.rb +6 -0
- data/lib/contrast/agent/patching/policy/policy.rb +16 -2
- data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +3 -5
- data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +47 -1
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +4 -3
- data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +53 -0
- data/lib/contrast/agent/protect/rule/base.rb +63 -14
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +12 -28
- data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -4
- data/lib/contrast/agent/protect/rule/deserialization.rb +4 -1
- data/lib/contrast/agent/protect/rule/no_sqli.rb +3 -3
- data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +1 -0
- data/lib/contrast/agent/protect/rule/sqli.rb +3 -3
- data/lib/contrast/agent/protect/rule/xxe.rb +32 -11
- data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +10 -6
- data/lib/contrast/agent/reaction_processor.rb +1 -1
- data/lib/contrast/agent/request.rb +34 -34
- data/lib/contrast/agent/request_handler.rb +1 -1
- data/lib/contrast/agent/response.rb +5 -5
- data/lib/contrast/agent/rewriter.rb +3 -3
- data/lib/contrast/agent/scope.rb +81 -55
- data/lib/contrast/agent/static_analysis.rb +15 -9
- data/lib/contrast/agent/tracepoint_hook.rb +1 -1
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/api/communication/socket_client.rb +36 -1
- data/lib/contrast/api/decorators.rb +3 -0
- data/lib/contrast/api/decorators/address.rb +13 -14
- data/lib/contrast/api/decorators/application_update.rb +1 -1
- data/lib/contrast/api/decorators/library.rb +54 -0
- data/lib/contrast/api/decorators/library_usage_update.rb +31 -0
- data/lib/contrast/api/decorators/message.rb +1 -0
- data/lib/contrast/api/decorators/trace_event.rb +31 -41
- data/lib/contrast/api/decorators/trace_event_object.rb +11 -3
- data/lib/contrast/api/decorators/trace_event_signature.rb +27 -5
- data/lib/contrast/api/decorators/user_input.rb +2 -1
- data/lib/contrast/common_agent_configuration.rb +2 -1
- data/lib/contrast/components/agent.rb +6 -5
- data/lib/contrast/components/app_context.rb +39 -30
- data/lib/contrast/components/assess.rb +36 -0
- data/lib/contrast/components/config.rb +29 -37
- data/lib/contrast/components/contrast_service.rb +9 -9
- data/lib/contrast/components/interface.rb +30 -6
- data/lib/contrast/components/inventory.rb +6 -1
- data/lib/contrast/components/scope.rb +72 -6
- data/lib/contrast/components/settings.rb +23 -23
- data/lib/contrast/config/assess_configuration.rb +2 -1
- data/lib/contrast/config/inventory_configuration.rb +2 -2
- data/lib/contrast/config/service_configuration.rb +4 -2
- data/lib/contrast/configuration.rb +1 -1
- data/lib/contrast/extension/assess/array.rb +9 -6
- data/lib/contrast/extension/assess/erb.rb +6 -3
- data/lib/contrast/extension/assess/eval_trigger.rb +6 -6
- data/lib/contrast/extension/assess/exec_trigger.rb +0 -3
- data/lib/contrast/extension/assess/fiber.rb +5 -6
- data/lib/contrast/extension/assess/hash.rb +7 -5
- data/lib/contrast/extension/assess/kernel.rb +19 -22
- data/lib/contrast/extension/assess/marshal.rb +40 -28
- data/lib/contrast/extension/assess/regexp.rb +6 -11
- data/lib/contrast/extension/assess/string.rb +14 -13
- data/lib/contrast/extension/protect/kernel.rb +3 -3
- data/lib/contrast/framework/base_support.rb +51 -53
- data/lib/contrast/framework/manager.rb +6 -5
- data/lib/contrast/framework/rack/patch/session_cookie.rb +10 -10
- data/lib/contrast/framework/rack/support.rb +2 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +14 -14
- data/lib/contrast/framework/rails/patch/assess_configuration.rb +1 -1
- data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +11 -11
- data/lib/contrast/framework/rails/patch/support.rb +1 -1
- data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +12 -12
- data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +13 -13
- data/lib/contrast/framework/rails/rewrite/active_record_named.rb +3 -3
- data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +13 -13
- data/lib/contrast/framework/rails/support.rb +5 -1
- data/lib/contrast/framework/sinatra/patch/base.rb +11 -11
- data/lib/contrast/framework/sinatra/support.rb +7 -6
- data/lib/contrast/logger/application.rb +1 -4
- data/lib/contrast/logger/log.rb +7 -2
- data/lib/contrast/utils/duck_utils.rb +1 -1
- data/lib/contrast/utils/heap_dump_util.rb +1 -1
- data/lib/contrast/utils/invalid_configuration_util.rb +2 -5
- data/lib/contrast/utils/inventory_util.rb +0 -7
- data/lib/contrast/utils/object_share.rb +3 -3
- data/lib/contrast/utils/preflight_util.rb +1 -1
- data/lib/contrast/utils/prevent_serialization.rb +1 -1
- data/lib/contrast/utils/resource_loader.rb +1 -1
- data/lib/contrast/utils/sha256_builder.rb +2 -14
- data/lib/contrast/utils/string_utils.rb +1 -1
- data/lib/contrast/utils/tag_util.rb +9 -13
- data/resources/assess/policy.json +31 -12
- data/resources/deadzone/policy.json +156 -0
- data/resources/protect/policy.json +12 -0
- data/ruby-agent.gemspec +11 -6
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +91 -28
- data/lib/contrast/utils/boolean_util.rb +0 -30
- data/lib/contrast/utils/gemfile_reader.rb +0 -193
@@ -48,14 +48,9 @@ module Contrast
|
|
48
48
|
|
49
49
|
target = info_hash[:back_ref]
|
50
50
|
with_contrast_scope do
|
51
|
-
result = info_hash[:result]
|
52
|
-
return unless
|
53
|
-
|
54
|
-
string = info_hash[:string]
|
55
|
-
return unless string
|
56
|
-
|
57
|
-
properties = Contrast::Agent::Assess::Tracker.properties(target)
|
58
|
-
return unless properties
|
51
|
+
return unless (result = info_hash[:result])
|
52
|
+
return unless (string = info_hash[:string])
|
53
|
+
return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))
|
59
54
|
|
60
55
|
properties.splat_from(string, target)
|
61
56
|
properties.build_event(
|
@@ -71,9 +66,9 @@ module Contrast
|
|
71
66
|
|
72
67
|
def instrument_regexp_track
|
73
68
|
@_instrument_regexp_track ||= begin
|
74
|
-
|
75
|
-
|
76
|
-
|
69
|
+
require 'cs__assess_regexp/cs__assess_regexp'
|
70
|
+
true
|
71
|
+
end
|
77
72
|
rescue StandardError, LoadError => e
|
78
73
|
logger.error('Error loading regexp track patch', e)
|
79
74
|
false
|
@@ -36,15 +36,18 @@ module Contrast
|
|
36
36
|
return unless inputs.any? { |input| Contrast::Agent::Assess::Tracker.tracked?(input) }
|
37
37
|
|
38
38
|
with_contrast_scope do
|
39
|
-
properties = Contrast::Agent::Assess::Tracker.properties(result)
|
40
|
-
return unless properties
|
39
|
+
return unless (properties = Contrast::Agent::Assess::Tracker.properties!(result))
|
41
40
|
|
41
|
+
parent_events = []
|
42
42
|
offset = 0
|
43
43
|
inputs.each do |input|
|
44
44
|
properties.copy_from(input, result, offset)
|
45
45
|
offset += input.length
|
46
|
+
parent_event = Contrast::Agent::Assess::Tracker.properties(input)&.event
|
47
|
+
parent_events << parent_event if parent_event
|
46
48
|
end
|
47
49
|
properties.build_event(INTERPOLATION_NODE, result, inputs, result, inputs)
|
50
|
+
properties.event.instance_variable_set(:@_parent_events, parent_events)
|
48
51
|
end
|
49
52
|
rescue StandardError => e
|
50
53
|
logger.error('Unable to track interpolation', e)
|
@@ -52,9 +55,9 @@ module Contrast
|
|
52
55
|
|
53
56
|
def instrument_string
|
54
57
|
@_instrument_string ||= begin
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
+
require 'cs__assess_string/cs__assess_string'
|
59
|
+
true
|
60
|
+
end
|
58
61
|
rescue StandardError, LoadError => e
|
59
62
|
logger.error('Error loading hash track patch', e)
|
60
63
|
false
|
@@ -63,14 +66,12 @@ module Contrast
|
|
63
66
|
def instrument_string_interpolation
|
64
67
|
if @_instrument_string_interpolation.nil?
|
65
68
|
@_instrument_string_interpolation = begin
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
false
|
73
|
-
end
|
69
|
+
require 'cs__assess_string_interpolation26/cs__assess_string_interpolation26' if AGENT.patch_interpolation? && Funchook.available?
|
70
|
+
true
|
71
|
+
rescue StandardError, LoadError => e
|
72
|
+
logger.error('Error loading interpolation patch', e)
|
73
|
+
false
|
74
|
+
end
|
74
75
|
end
|
75
76
|
@_instrument_string_interpolation
|
76
77
|
end
|
@@ -30,9 +30,9 @@ module Contrast
|
|
30
30
|
|
31
31
|
def instrument
|
32
32
|
@_instrument ||= begin
|
33
|
-
|
34
|
-
|
35
|
-
|
33
|
+
require 'cs__protect_kernel/cs__protect_kernel'
|
34
|
+
true
|
35
|
+
end
|
36
36
|
rescue StandardError, LoadError => e
|
37
37
|
logger.error('Error loading kernel protect patch', e)
|
38
38
|
false
|
@@ -4,68 +4,66 @@
|
|
4
4
|
module Contrast
|
5
5
|
module Framework
|
6
6
|
# The API for all subclasses to implement to correctly support a given framework
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
end
|
7
|
+
module BaseSupport
|
8
|
+
# The top level module name used by the framework
|
9
|
+
def detection_class
|
10
|
+
raise NoMethodError('Subclasses of BaseSupport should implement this method')
|
11
|
+
end
|
13
12
|
|
14
|
-
|
15
|
-
|
16
|
-
|
13
|
+
def version
|
14
|
+
raise NoMethodError('Subclasses of BaseSupport should implement this method')
|
15
|
+
end
|
17
16
|
|
18
|
-
|
19
|
-
|
20
|
-
|
17
|
+
def application_name
|
18
|
+
raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
|
19
|
+
end
|
21
20
|
|
22
|
-
|
23
|
-
|
24
|
-
|
21
|
+
def server_type
|
22
|
+
raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
|
23
|
+
end
|
25
24
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
25
|
+
# Find all the predefined routes for this application and append them to the
|
26
|
+
# provided inventory message
|
27
|
+
# msg should be a Contrast::Api::Dtm::ApplicationUpdate or some other msg
|
28
|
+
# that has a routes array consisting of Contrast::Api::Dtm::RouteCoverage
|
29
|
+
def collect_routes
|
30
|
+
raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
|
31
|
+
end
|
33
32
|
|
34
|
-
|
35
|
-
|
36
|
-
|
33
|
+
def current_route
|
34
|
+
raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
|
35
|
+
end
|
37
36
|
|
38
|
-
|
39
|
-
|
40
|
-
|
37
|
+
def retrieve_request _env
|
38
|
+
raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
|
39
|
+
end
|
41
40
|
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
41
|
+
# Some Frameworks require specific patching for their classes to handle
|
42
|
+
# functionality like configuration scanning. To accommodate this, this
|
43
|
+
# method provides a place to register those patches for invocation on
|
44
|
+
# Agent load.
|
45
|
+
#
|
46
|
+
# By default, and hopefully in all cases, we won't need these patches,
|
47
|
+
# so we're allowing nil here rather than raising an exception.
|
48
|
+
def before_load_patches!; end
|
50
49
|
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
50
|
+
# Some Frameworks require specific patching for their classes to handle
|
51
|
+
# functionality like routing. To accommodate this, this method provides
|
52
|
+
# a place to register those patches for invocation in our
|
53
|
+
# AfterLoadPatcher flow.
|
54
|
+
#
|
55
|
+
# By default, and hopefully in all cases, we won't need these patches,
|
56
|
+
# so we're allowing nil here rather than raising an exception.
|
57
|
+
#
|
58
|
+
# @return [Set<Contrast::Agent::Patching::Policy::AfterLoadPatch>,nil]
|
59
|
+
# those patches required for a Framework which can only be installed
|
60
|
+
# once a specific module has been loaded.
|
61
|
+
def after_load_patches; end
|
63
62
|
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
end
|
63
|
+
# We only support websockets in rails right now, so we won't detect streaming in
|
64
|
+
# any other framework
|
65
|
+
def streaming? _env
|
66
|
+
false
|
69
67
|
end
|
70
68
|
end
|
71
69
|
end
|
@@ -39,9 +39,9 @@ module Contrast
|
|
39
39
|
# configuration.
|
40
40
|
def before_load_patches!
|
41
41
|
@_before_load_patches ||= begin
|
42
|
-
|
43
|
-
|
44
|
-
|
42
|
+
SUPPORTED_FRAMEWORKS.each(&:before_load_patches!)
|
43
|
+
true
|
44
|
+
end
|
45
45
|
end
|
46
46
|
|
47
47
|
# Return all the After Load Patches for all the Frameworks we know, even
|
@@ -128,9 +128,10 @@ module Contrast
|
|
128
128
|
# @param method_name [Symbol] the method to call on each FrameworkSupport class
|
129
129
|
# @return [Array]
|
130
130
|
def data_for_all_frameworks method_name
|
131
|
-
@_frameworks.flat_map do |framework|
|
131
|
+
data = @_frameworks.flat_map do |framework|
|
132
132
|
framework.send(method_name)
|
133
|
-
end
|
133
|
+
end
|
134
|
+
data.compact
|
134
135
|
end
|
135
136
|
|
136
137
|
# This returns a single object from the first framework to successfully respond
|
@@ -24,20 +24,20 @@ module Contrast
|
|
24
24
|
|
25
25
|
def instrument
|
26
26
|
@_instrument ||= begin
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
27
|
+
::Rack::Session::Cookie.class_eval do
|
28
|
+
alias_method :cs__patched_initialize, :initialize
|
29
|
+
def initialize app, options = {} # rubocop:disable Style/OptionHash
|
30
|
+
Contrast::Framework::Rack::Patch::SessionCookie.analyze(options)
|
31
|
+
cs__patched_initialize(app, options)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
true
|
35
|
+
end
|
36
36
|
end
|
37
37
|
|
38
38
|
def analyze options
|
39
39
|
return unless AGENT.enabled?
|
40
|
-
return if
|
40
|
+
return if ASSESS.forcibly_disabled?
|
41
41
|
|
42
42
|
apply_session_timeout(options)
|
43
43
|
apply_httponly(options)
|
@@ -9,7 +9,8 @@ module Contrast
|
|
9
9
|
module Rack
|
10
10
|
# Used when Rack is present to define framework specific behavior. For
|
11
11
|
# now, the only part of this implemented is the Patch Support.
|
12
|
-
|
12
|
+
module Support
|
13
|
+
extend Contrast::Framework::BaseSupport
|
13
14
|
extend Contrast::Framework::Rack::Patch::Support
|
14
15
|
class << self
|
15
16
|
def detection_class
|
@@ -7,7 +7,7 @@ module Contrast
|
|
7
7
|
module Patch
|
8
8
|
# This class acts as our patch into the ActionController::Live::Buffer
|
9
9
|
# class, allowing us to track the close event on streamed responses.
|
10
|
-
|
10
|
+
module ActionControllerLiveBuffer
|
11
11
|
class << self
|
12
12
|
def send_messages
|
13
13
|
return unless (context = Contrast::Agent::REQUEST_TRACKER.current)
|
@@ -19,19 +19,19 @@ module Contrast
|
|
19
19
|
|
20
20
|
def instrument
|
21
21
|
@_instrument ||= begin
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
22
|
+
::ActionController::Live::Buffer.class_eval do
|
23
|
+
# normally pre->in->post filters are applied however, in a streamed response
|
24
|
+
# we can run into a case where it's pre -> in -> post -> more infilters
|
25
|
+
# in order to submit anything found during the infilters after the response has
|
26
|
+
# been written we need to explicitly send them
|
27
|
+
alias_method :cs__close, :close
|
28
|
+
def close
|
29
|
+
Contrast::Framework::Rails::Patch::ActionControllerLiveBuffer.send_messages
|
30
|
+
cs__close
|
31
|
+
end
|
32
|
+
end
|
33
|
+
true
|
34
|
+
end
|
35
35
|
end
|
36
36
|
end
|
37
37
|
end
|
@@ -10,19 +10,19 @@ module Contrast
|
|
10
10
|
# for the runtime detection of insecure configurations on individual
|
11
11
|
# ActionDispatch::Session::AbstractStore instances within the
|
12
12
|
# application.
|
13
|
-
|
13
|
+
module RailsApplicationConfiguration
|
14
14
|
def self.instrument
|
15
15
|
@_instrument ||= begin
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
16
|
+
::Rails::Application::Configuration.class_eval do
|
17
|
+
alias_method :cs__patched_session_store, :session_store
|
18
|
+
def session_store *args
|
19
|
+
ret = cs__patched_session_store(*args)
|
20
|
+
Contrast::Framework::Rails::Patch::AssessConfiguration.analyze_session_store(*args)
|
21
|
+
ret
|
22
|
+
end
|
23
|
+
end
|
24
|
+
true
|
25
|
+
end
|
26
26
|
end
|
27
27
|
end
|
28
28
|
end
|
@@ -11,7 +11,7 @@ module Contrast
|
|
11
11
|
# Extension point allowing for the registration of Patches required to
|
12
12
|
# support the Rails framework.
|
13
13
|
module Support
|
14
|
-
# (See BaseSupport#before_load_patches)
|
14
|
+
# (See BaseSupport#before_load_patches!)
|
15
15
|
def before_load_patches!
|
16
16
|
return unless defined?(::Rails)
|
17
17
|
|
@@ -12,20 +12,20 @@ module Contrast
|
|
12
12
|
# TODO: RUBY-714 remove w/ EOL of 2.5
|
13
13
|
# @deprecated Changes to this class are discouraged as this approach is
|
14
14
|
# being phased out with support for those language versions.
|
15
|
-
|
15
|
+
module ActionControllerRailtiesHelperInherited
|
16
16
|
def self.instrument
|
17
17
|
@_instrument ||= begin
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
18
|
+
::ActionController::Railties::Helpers.class_eval do
|
19
|
+
alias_method :cs__patched_helper_inherited, :inherited
|
20
|
+
def inherited klass # rubocop:disable Lint/MissingSuper
|
21
|
+
klass&.instance_variable_set(:@cs__defining_class, true)
|
22
|
+
cs__patched_helper_inherited(klass) # This calls the original inherited, which should handle super as needed.
|
23
|
+
ensure
|
24
|
+
klass&.instance_variable_set(:@cs__defining_class, false)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
true
|
28
|
+
end
|
29
29
|
end
|
30
30
|
end
|
31
31
|
end
|
@@ -14,23 +14,23 @@ module Contrast
|
|
14
14
|
# TODO: RUBY-714 remove w/ EOL of 2.5
|
15
15
|
# @deprecated Changes to this class are discouraged as this approach is
|
16
16
|
# being phased out with support for those language versions.
|
17
|
-
|
17
|
+
module ActiveRecordAttributeMethodsRead
|
18
18
|
def self.instrument
|
19
19
|
@_instrument ||= begin
|
20
|
-
|
21
|
-
|
20
|
+
::ActiveRecord::AttributeMethods::Read::ClassMethods.class_eval do
|
21
|
+
alias_method :cs__patched_define_method_attribute, :define_method_attribute
|
22
22
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
23
|
+
def define_method_attribute *args, &block
|
24
|
+
ret = cs__patched_define_method_attribute(*args, &block)
|
25
|
+
method_name = args[0]
|
26
|
+
Contrast::Agent::Assess::Policy::Patcher.patch_assess_method(self, method_name)
|
27
|
+
ret
|
28
|
+
end
|
29
29
|
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
30
|
+
protected :cs__patched_define_method_attribute, :define_method_attribute
|
31
|
+
end
|
32
|
+
true
|
33
|
+
end
|
34
34
|
end
|
35
35
|
end
|
36
36
|
end
|