contrast-agent 3.16.0 → 4.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (128) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +1 -0
  3. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +22 -10
  4. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +4 -3
  5. data/lib/contrast/agent.rb +2 -3
  6. data/lib/contrast/agent/assess/contrast_event.rb +49 -130
  7. data/lib/contrast/agent/assess/contrast_object.rb +51 -0
  8. data/lib/contrast/agent/assess/events/source_event.rb +4 -9
  9. data/lib/contrast/agent/assess/policy/patcher.rb +4 -3
  10. data/lib/contrast/agent/assess/policy/policy_node.rb +31 -59
  11. data/lib/contrast/agent/assess/policy/policy_scanner.rb +17 -6
  12. data/lib/contrast/agent/assess/policy/preshift.rb +3 -3
  13. data/lib/contrast/agent/assess/policy/propagation_method.rb +13 -19
  14. data/lib/contrast/agent/assess/policy/propagation_node.rb +12 -24
  15. data/lib/contrast/agent/assess/policy/propagator/append.rb +1 -2
  16. data/lib/contrast/agent/assess/policy/propagator/center.rb +1 -2
  17. data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
  18. data/lib/contrast/agent/assess/policy/propagator/database_write.rb +1 -3
  19. data/lib/contrast/agent/assess/policy/propagator/insert.rb +1 -2
  20. data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -2
  21. data/lib/contrast/agent/assess/policy/propagator/match_data.rb +3 -2
  22. data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -2
  23. data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -2
  24. data/lib/contrast/agent/assess/policy/propagator/remove.rb +2 -4
  25. data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -2
  26. data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -2
  27. data/lib/contrast/agent/assess/policy/propagator/select.rb +3 -4
  28. data/lib/contrast/agent/assess/policy/propagator/splat.rb +2 -4
  29. data/lib/contrast/agent/assess/policy/propagator/split.rb +73 -117
  30. data/lib/contrast/agent/assess/policy/propagator/substitution.rb +11 -11
  31. data/lib/contrast/agent/assess/policy/propagator/trim.rb +3 -7
  32. data/lib/contrast/agent/assess/policy/source_method.rb +2 -14
  33. data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +5 -8
  34. data/lib/contrast/agent/assess/policy/trigger/xpath.rb +1 -1
  35. data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
  36. data/lib/contrast/agent/assess/property/tagged.rb +21 -15
  37. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +3 -2
  38. data/lib/contrast/agent/assess/rule/redos.rb +1 -1
  39. data/lib/contrast/agent/assess/tracker.rb +16 -18
  40. data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +7 -0
  41. data/lib/contrast/agent/inventory.rb +15 -0
  42. data/lib/contrast/agent/inventory/dependencies.rb +50 -0
  43. data/lib/contrast/agent/inventory/dependency_analysis.rb +37 -0
  44. data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +104 -0
  45. data/lib/contrast/agent/inventory/gemfile_digest_cache.rb +38 -0
  46. data/lib/contrast/agent/middleware.rb +51 -3
  47. data/lib/contrast/agent/patching/policy/method_policy.rb +1 -1
  48. data/lib/contrast/agent/patching/policy/patch.rb +6 -0
  49. data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +47 -1
  50. data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +4 -3
  51. data/lib/contrast/agent/protect/policy/rule_applicator.rb +53 -0
  52. data/lib/contrast/agent/protect/rule/base.rb +63 -14
  53. data/lib/contrast/agent/protect/rule/cmd_injection.rb +12 -28
  54. data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -4
  55. data/lib/contrast/agent/protect/rule/deserialization.rb +4 -1
  56. data/lib/contrast/agent/protect/rule/no_sqli.rb +3 -3
  57. data/lib/contrast/agent/protect/rule/sqli.rb +3 -3
  58. data/lib/contrast/agent/protect/rule/xxe.rb +32 -11
  59. data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +10 -6
  60. data/lib/contrast/agent/reaction_processor.rb +1 -1
  61. data/lib/contrast/agent/request_handler.rb +1 -1
  62. data/lib/contrast/agent/response.rb +5 -5
  63. data/lib/contrast/agent/rewriter.rb +3 -3
  64. data/lib/contrast/agent/scope.rb +81 -55
  65. data/lib/contrast/agent/static_analysis.rb +14 -8
  66. data/lib/contrast/agent/tracepoint_hook.rb +1 -1
  67. data/lib/contrast/agent/version.rb +1 -1
  68. data/lib/contrast/api/decorators.rb +3 -0
  69. data/lib/contrast/api/decorators/address.rb +0 -1
  70. data/lib/contrast/api/decorators/application_update.rb +1 -1
  71. data/lib/contrast/api/decorators/library.rb +54 -0
  72. data/lib/contrast/api/decorators/library_usage_update.rb +31 -0
  73. data/lib/contrast/api/decorators/trace_event.rb +19 -31
  74. data/lib/contrast/api/decorators/trace_event_object.rb +11 -3
  75. data/lib/contrast/api/decorators/trace_event_signature.rb +27 -5
  76. data/lib/contrast/api/decorators/user_input.rb +2 -1
  77. data/lib/contrast/common_agent_configuration.rb +2 -1
  78. data/lib/contrast/components/agent.rb +6 -5
  79. data/lib/contrast/components/assess.rb +36 -0
  80. data/lib/contrast/components/config.rb +29 -37
  81. data/lib/contrast/components/interface.rb +30 -6
  82. data/lib/contrast/components/inventory.rb +6 -1
  83. data/lib/contrast/components/scope.rb +72 -6
  84. data/lib/contrast/components/settings.rb +6 -3
  85. data/lib/contrast/config/assess_configuration.rb +2 -1
  86. data/lib/contrast/config/inventory_configuration.rb +2 -2
  87. data/lib/contrast/extension/assess/array.rb +2 -3
  88. data/lib/contrast/extension/assess/erb.rb +1 -3
  89. data/lib/contrast/extension/assess/exec_trigger.rb +1 -4
  90. data/lib/contrast/extension/assess/fiber.rb +2 -3
  91. data/lib/contrast/extension/assess/hash.rb +4 -2
  92. data/lib/contrast/extension/assess/kernel.rb +1 -2
  93. data/lib/contrast/extension/assess/marshal.rb +34 -26
  94. data/lib/contrast/extension/assess/regexp.rb +3 -8
  95. data/lib/contrast/extension/assess/string.rb +1 -2
  96. data/lib/contrast/framework/base_support.rb +51 -53
  97. data/lib/contrast/framework/manager.rb +3 -2
  98. data/lib/contrast/framework/rack/patch/session_cookie.rb +2 -2
  99. data/lib/contrast/framework/rack/support.rb +2 -1
  100. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
  101. data/lib/contrast/framework/rails/patch/assess_configuration.rb +1 -1
  102. data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +1 -1
  103. data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +1 -1
  104. data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +1 -1
  105. data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +1 -1
  106. data/lib/contrast/framework/rails/support.rb +5 -1
  107. data/lib/contrast/framework/sinatra/support.rb +3 -2
  108. data/lib/contrast/logger/application.rb +1 -4
  109. data/lib/contrast/utils/duck_utils.rb +1 -1
  110. data/lib/contrast/utils/heap_dump_util.rb +1 -1
  111. data/lib/contrast/utils/inventory_util.rb +0 -7
  112. data/lib/contrast/utils/object_share.rb +3 -3
  113. data/lib/contrast/utils/preflight_util.rb +1 -1
  114. data/lib/contrast/utils/prevent_serialization.rb +1 -1
  115. data/lib/contrast/utils/resource_loader.rb +1 -1
  116. data/lib/contrast/utils/sha256_builder.rb +2 -14
  117. data/lib/contrast/utils/string_utils.rb +1 -1
  118. data/lib/contrast/utils/tag_util.rb +9 -13
  119. data/resources/assess/policy.json +9 -9
  120. data/resources/deadzone/policy.json +150 -0
  121. data/resources/protect/policy.json +12 -0
  122. data/ruby-agent.gemspec +10 -6
  123. data/service_executables/VERSION +1 -1
  124. data/service_executables/linux/contrast-service +0 -0
  125. data/service_executables/mac/contrast-service +0 -0
  126. metadata +76 -27
  127. data/lib/contrast/utils/boolean_util.rb +0 -30
  128. data/lib/contrast/utils/gemfile_reader.rb +0 -193
@@ -128,9 +128,10 @@ module Contrast
128
128
  # @param method_name [Symbol] the method to call on each FrameworkSupport class
129
129
  # @return [Array]
130
130
  def data_for_all_frameworks method_name
131
- @_frameworks.flat_map do |framework|
131
+ data = @_frameworks.flat_map do |framework|
132
132
  framework.send(method_name)
133
- end.compact
133
+ end
134
+ data.compact
134
135
  end
135
136
 
136
137
  # This returns a single object from the first framework to successfully respond
@@ -26,7 +26,7 @@ module Contrast
26
26
  @_instrument ||= begin
27
27
  ::Rack::Session::Cookie.class_eval do
28
28
  alias_method :cs__patched_initialize, :initialize
29
- def initialize app, options = {}
29
+ def initialize app, options = {} # rubocop:disable Style/OptionHash
30
30
  Contrast::Framework::Rack::Patch::SessionCookie.analyze(options)
31
31
  cs__patched_initialize(app, options)
32
32
  end
@@ -37,7 +37,7 @@ module Contrast
37
37
 
38
38
  def analyze options
39
39
  return unless AGENT.enabled?
40
- return if PROTECT.enabled?
40
+ return if ASSESS.forcibly_disabled?
41
41
 
42
42
  apply_session_timeout(options)
43
43
  apply_httponly(options)
@@ -9,7 +9,8 @@ module Contrast
9
9
  module Rack
10
10
  # Used when Rack is present to define framework specific behavior. For
11
11
  # now, the only part of this implemented is the Patch Support.
12
- class Support < BaseSupport
12
+ module Support
13
+ extend Contrast::Framework::BaseSupport
13
14
  extend Contrast::Framework::Rack::Patch::Support
14
15
  class << self
15
16
  def detection_class
@@ -7,7 +7,7 @@ module Contrast
7
7
  module Patch
8
8
  # This class acts as our patch into the ActionController::Live::Buffer
9
9
  # class, allowing us to track the close event on streamed responses.
10
- class ActionControllerLiveBuffer
10
+ module ActionControllerLiveBuffer
11
11
  class << self
12
12
  def send_messages
13
13
  return unless (context = Contrast::Agent::REQUEST_TRACKER.current)
@@ -23,7 +23,7 @@ module Contrast
23
23
  include Contrast::Utils::InvalidConfigurationUtil
24
24
 
25
25
  def analyze_session_store *args
26
- return if PROTECT.enabled?
26
+ return if ASSESS.forcibly_disabled?
27
27
 
28
28
  apply_httponly_disabled(*args)
29
29
  apply_secure_cookie_disabled(*args)
@@ -10,7 +10,7 @@ module Contrast
10
10
  # for the runtime detection of insecure configurations on individual
11
11
  # ActionDispatch::Session::AbstractStore instances within the
12
12
  # application.
13
- class RailsApplicationConfiguration
13
+ module RailsApplicationConfiguration
14
14
  def self.instrument
15
15
  @_instrument ||= begin
16
16
  ::Rails::Application::Configuration.class_eval do
@@ -12,7 +12,7 @@ module Contrast
12
12
  # TODO: RUBY-714 remove w/ EOL of 2.5
13
13
  # @deprecated Changes to this class are discouraged as this approach is
14
14
  # being phased out with support for those language versions.
15
- class ActionControllerRailtiesHelperInherited
15
+ module ActionControllerRailtiesHelperInherited
16
16
  def self.instrument
17
17
  @_instrument ||= begin
18
18
  ::ActionController::Railties::Helpers.class_eval do
@@ -14,7 +14,7 @@ module Contrast
14
14
  # TODO: RUBY-714 remove w/ EOL of 2.5
15
15
  # @deprecated Changes to this class are discouraged as this approach is
16
16
  # being phased out with support for those language versions.
17
- class ActiveRecordAttributeMethodsRead
17
+ module ActiveRecordAttributeMethodsRead
18
18
  def self.instrument
19
19
  @_instrument ||= begin
20
20
  ::ActiveRecord::AttributeMethods::Read::ClassMethods.class_eval do
@@ -9,7 +9,7 @@ module Contrast
9
9
  # TODO: RUBY-714 remove w/ EOL of 2.5
10
10
  # @deprecated Changes to this class are discouraged as this approach is
11
11
  # being phased out with support for those language versions.
12
- class ActiveRecordTimeZoneInherited
12
+ module ActiveRecordTimeZoneInherited
13
13
  def self.instrument
14
14
  @_instrument ||= begin
15
15
  ::ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods.class_eval do
@@ -10,7 +10,8 @@ module Contrast
10
10
  module Framework
11
11
  module Rails
12
12
  # Used when Rails is present to define framework specific behavior
13
- class Support < BaseSupport
13
+ class Support
14
+ extend Contrast::Framework::BaseSupport
14
15
  extend Contrast::Framework::Rails::Patch::Support
15
16
 
16
17
  class << self
@@ -45,6 +46,9 @@ module Contrast
45
46
  find_all_routes(::Rails.application, [])
46
47
  end
47
48
 
49
+ # Find the current route, based on the provided Request wrapper
50
+ # @param request[Contrast::Agent::Request]
51
+ # @return [Contrast::Api::Dtm::RouteCoverage]
48
52
  def current_route request
49
53
  return unless ::Rails.cs__respond_to?(:application)
50
54
 
@@ -8,7 +8,8 @@ module Contrast
8
8
  module Framework
9
9
  module Sinatra
10
10
  # Used when Sinatra is present to define framework specific behavior
11
- class Support < BaseSupport
11
+ class Support
12
+ extend Contrast::Framework::BaseSupport
12
13
  extend Contrast::Framework::Sinatra::Patch::Support
13
14
  class << self
14
15
  def detection_class
@@ -67,7 +68,7 @@ module Contrast
67
68
  private
68
69
 
69
70
  def app_class
70
- return nil unless defined?(::Sinatra) && defined?(::Sinatra::Base)
71
+ return unless defined?(::Sinatra) && defined?(::Sinatra::Base)
71
72
 
72
73
  @_app_class ||= begin
73
74
  sinatra_layers = ObjectSpace.each_object(::Sinatra::Base).to_a
@@ -33,7 +33,7 @@ module Contrast
33
33
  def application_configuration
34
34
  return unless info?
35
35
 
36
- loggable = CONFIG.raw.loggable
36
+ loggable = CONFIG.loggable
37
37
  info('Current configuration', configuration: loggable)
38
38
  env_keys = ENV.keys.select { |env_key| env_key&.to_s&.start_with?(Contrast::Components::Config::CONTRAST_ENV_MARKER) }
39
39
  env_items = env_keys.map { |env_key| Contrast::Utils::EnvConfigurationItem.new(env_key, nil) }
@@ -41,9 +41,6 @@ module Contrast
41
41
  hash[conversion.key] = conversion.dot_path_array.join('.')
42
42
  end
43
43
  info('Set by environment', overrides: env_translations)
44
- rescue StandardError => e
45
- puts e
46
- sleep(5)
47
44
  end
48
45
 
49
46
  def application_libraries
@@ -4,7 +4,7 @@
4
4
  module Contrast
5
5
  module Utils
6
6
  # Utility methods for identifying instances that can be used interchangeably
7
- class DuckUtils
7
+ module DuckUtils
8
8
  class << self
9
9
  # Determine if the given object, or the object to which it delegates,
10
10
  # responds to the given method.
@@ -106,7 +106,7 @@ module Contrast
106
106
  logger.info('******** HEAP DUMP HAS CONCLUDED ********')
107
107
  logger.info('*** APPLICATION PROCESS WILL EXIT SHORTLY ***')
108
108
  logger.info('*****************************************************')
109
- exit # We weren't kidding!
109
+ exit # rubocop:disable Rails/Exit We weren't kidding!
110
110
  end
111
111
  end
112
112
  end
@@ -3,7 +3,6 @@
3
3
 
4
4
  require 'contrast/utils/timer'
5
5
  require 'contrast/utils/object_share'
6
- require 'contrast/utils/gemfile_reader'
7
6
  require 'contrast/components/interface'
8
7
 
9
8
  module Contrast
@@ -25,12 +24,6 @@ module Contrast
25
24
  DEFAULT = 'default'
26
25
  LOCALHOST = 'localhost'
27
26
 
28
- def self.inventory_class class_path
29
- Contrast::Utils::GemfileReader.instance.map_class(class_path)
30
- rescue StandardError => e
31
- logger.error('Unable to inventory module', e, path: class_path)
32
- end
33
-
34
27
  def self.active_record_config
35
28
  return @_active_record_config if instance_variable_defined?(:@_active_record_config)
36
29
 
@@ -1,13 +1,13 @@
1
1
  # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- # rubocop:disable Object/Freeze
4
+ # rubocop:disable Security/Object/Freeze
5
5
  module Contrast
6
6
  module Utils
7
7
  # A utility class where a series of commonly used Strings and other
8
8
  # commonly used objects can be store and frozen to prevent unnecessary
9
9
  # duplication.
10
- class ObjectShare
10
+ module ObjectShare
11
11
  # Strings
12
12
  ASTERISK = '*'
13
13
  BACK_SLASH = '\\'
@@ -76,4 +76,4 @@ module Contrast
76
76
  end
77
77
  end
78
78
  end
79
- # rubocop:enable Object/Freeze
79
+ # rubocop:enable Security/Object/Freeze
@@ -4,7 +4,7 @@
4
4
  module Contrast
5
5
  module Utils
6
6
  # Utility for generating preflight message token
7
- class PreflightUtil
7
+ module PreflightUtil
8
8
  def self.create_preflight finding
9
9
  "#{ finding.rule_id },#{ finding.hash_code }"
10
10
  end
@@ -7,7 +7,7 @@ module Contrast
7
7
  #
8
8
  # Marshal is pretty cool. It does a lot of things well. What it doesn't
9
9
  # mess around with though is StringIO. And what we don't want to do is
10
- # serialize ourselves out with Marshal#dump.
10
+ # serialize ourselves out with Marshal.dump.
11
11
  #
12
12
  # Unfortunately, we have to mess around w/ that. To isolate our things from
13
13
  # user dumped Strings (and so that we can marshal findings), we have
@@ -4,7 +4,7 @@
4
4
  module Contrast
5
5
  module Utils
6
6
  # ResourceLoader can attempt to read a file from a predefined resource directory
7
- class ResourceLoader
7
+ module ResourceLoader
8
8
  RESOURCES = 'resources'
9
9
 
10
10
  # __FILE__/../../../resources
@@ -29,8 +29,8 @@ module Contrast
29
29
 
30
30
  # Generate a SHA256 hash of the combined source code of this Gem
31
31
  def sha256 path
32
- return nil unless path
33
- return nil unless File.exist?(path) && !File.directory?(path)
32
+ return unless path
33
+ return unless File.exist?(path) && !File.directory?(path)
34
34
 
35
35
  @sha256_cache[path] ||= Digest::SHA256.file(path).to_s
36
36
  end
@@ -52,18 +52,6 @@ module Contrast
52
52
  parent_dir = File.dirname(gems_dir)
53
53
  File.join(parent_dir, Contrast::Utils::ObjectShare::CACHE)
54
54
  end
55
-
56
- def self.files path
57
- instance.files(path)
58
- end
59
-
60
- def self.sha256 path
61
- instance.sha256(path)
62
- end
63
-
64
- def self.build_from_spec spec
65
- instance.build_from_spec(spec)
66
- end
67
55
  end
68
56
  end
69
57
  end
@@ -74,7 +74,7 @@ module Contrast
74
74
  # @return [String] a copy of the given String, upper cased, trimmed,
75
75
  # dashes replaced with underscore, and HTTP trimmed
76
76
  def self.normalized_key str
77
- return nil unless str
77
+ return unless str
78
78
 
79
79
  str = str.to_s
80
80
  @_normalized_keys ||= {}
@@ -19,16 +19,15 @@ module Contrast
19
19
 
20
20
  relationship = tag.compare_range(range.start_idx, range.end_idx)
21
21
  case relationship
22
- when Contrast::Agent::Assess::Tag::BELOW
23
22
  # since the tags are ordered, if we're below, nope out
24
- return false
25
- when Contrast::Agent::Assess::Tag::LOW_SPAN
26
- # if we ever get a low span, that means a low part
27
- # won't be covered. there's no need to continue
28
- return false
29
- when Contrast::Agent::Assess::Tag::WITHOUT
30
- # if we ever get a without, that means a low part won't
31
- # be covered. there's no need to continue
23
+ when Contrast::Agent::Assess::Tag::BELOW,
24
+ # if we ever get a low span, that means a low part
25
+ # won't be covered. there's no need to continue
26
+ Contrast::Agent::Assess::Tag::LOW_SPAN,
27
+ # if we ever get a without, that means a low part won't
28
+ # be covered. there's no need to continue
29
+ Contrast::Agent::Assess::Tag::WITHOUT
30
+
32
31
  return false
33
32
  when Contrast::Agent::Assess::Tag::WITHIN
34
33
  # if we're within, then 0 out this tag since it is
@@ -131,10 +130,7 @@ module Contrast
131
130
  smallered = []
132
131
  curr = nil
133
132
  tags.each do |tag|
134
- if curr.nil?
135
- curr = tag
136
- smallered << curr
137
- elsif tag.start_idx <= curr.end_idx
133
+ if curr && tag.start_idx <= curr.end_idx
138
134
  curr.update_end(tag.end_idx) if tag.end_idx > curr.end_idx
139
135
  else
140
136
  curr = tag
@@ -640,7 +640,7 @@
640
640
  "action": "CUSTOM",
641
641
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
642
642
  "patch_method": "gsub_tagger",
643
- "source": "O,P",
643
+ "source": "O,P1",
644
644
  "target": "R"
645
645
  }, {
646
646
  "class_name": "String",
@@ -650,7 +650,7 @@
650
650
  "action": "CUSTOM",
651
651
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
652
652
  "patch_method": "gsub_tagger",
653
- "source": "O,P",
653
+ "source": "O,P1",
654
654
  "target": "O"
655
655
  }, {
656
656
  "class_name": "String",
@@ -660,7 +660,7 @@
660
660
  "action": "CUSTOM",
661
661
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
662
662
  "patch_method": "sub_tagger",
663
- "source": "O,P",
663
+ "source": "O,P1",
664
664
  "target": "R"
665
665
  }, {
666
666
  "class_name": "String",
@@ -670,7 +670,7 @@
670
670
  "action": "CUSTOM",
671
671
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
672
672
  "patch_method": "sub_tagger",
673
- "source": "O,P",
673
+ "source": "O,P1",
674
674
  "target": "O"
675
675
  }, {
676
676
  "class_name": "String",
@@ -680,7 +680,7 @@
680
680
  "action": "CUSTOM",
681
681
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
682
682
  "patch_method": "tr_tagger",
683
- "source": "O,P",
683
+ "source": "O,P1",
684
684
  "target": "R"
685
685
  }, {
686
686
  "class_name": "String",
@@ -690,7 +690,7 @@
690
690
  "action": "CUSTOM",
691
691
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
692
692
  "patch_method": "tr_tagger",
693
- "source": "O,P",
693
+ "source": "O,P1",
694
694
  "target": "O"
695
695
  }, {
696
696
  "class_name": "String",
@@ -700,7 +700,7 @@
700
700
  "action": "CUSTOM",
701
701
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
702
702
  "patch_method": "tr_s_tagger",
703
- "source": "O,P",
703
+ "source": "O,P1",
704
704
  "target": "R"
705
705
  }, {
706
706
  "class_name": "String",
@@ -710,7 +710,7 @@
710
710
  "action": "CUSTOM",
711
711
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
712
712
  "patch_method": "tr_s_tagger",
713
- "source": "O,P",
713
+ "source": "O,P1",
714
714
  "target": "O"
715
715
  }, {
716
716
  "class_name": "String",
@@ -984,7 +984,7 @@
984
984
  "action": "CUSTOM",
985
985
  "patch_class": "Contrast::Extension::Assess::KernelPropagator",
986
986
  "patch_method": "sprintf_tagger",
987
- "source": "O,P",
987
+ "source": "O,P1",
988
988
  "target": "R"
989
989
  }, {
990
990
  "class_name":"ActiveRecord::ConnectionAdapters::Quoting",
@@ -55,6 +55,156 @@
55
55
  "instance_method":true,
56
56
  "method_visibility": "public",
57
57
  "method_name":"commit_session"
58
+ }, {
59
+ "class_name":"Rack::Session::Abstract::Persisted",
60
+ "instance_method":true,
61
+ "method_visibility": "private",
62
+ "method_name":"session_exists?",
63
+ "code": "https://github.com/rack/rack/blob/master/lib/rack/session/abstract/id.rb#L334"
64
+ }, {
65
+ "class_name":"ActionDispatch::Http::MimeNegotiation",
66
+ "instance_method":true,
67
+ "method_visibility": "public",
68
+ "method_name":"formats",
69
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/mime_negotiation.rb#L63"
70
+ }, {
71
+ "class_name":"ActionDispatch::FileHandler",
72
+ "instance_method":true,
73
+ "method_visibility": "public",
74
+ "method_name":"match?",
75
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/static.rb#L30"
76
+ }, {
77
+ "class_name":"ActionDispatch::Journey::Router",
78
+ "instance_method":true,
79
+ "method_visibility": "private",
80
+ "method_name":"find_routes",
81
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/journey/router.rb#L107"
82
+ }, {
83
+ "class_name":"ActionDispatch::Request",
84
+ "instance_method":true,
85
+ "method_visibility": "public",
86
+ "method_name":"controler_class_for",
87
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L84"
88
+ }, {
89
+ "class_name":"ActionDispatch::Request",
90
+ "instance_method":true,
91
+ "method_visibility": "public",
92
+ "method_name":"engine_script_name=",
93
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L158"
94
+ }, {
95
+ "class_name":"ActionDispatch::Request",
96
+ "instance_method":true,
97
+ "method_visibility": "public",
98
+ "method_name":"remote_ip",
99
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L286"
100
+ }, {
101
+ "class_name":"ActionDispatch::Request",
102
+ "instance_method":true,
103
+ "method_visibility": "public",
104
+ "method_name":"request_id",
105
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L302"
106
+ }, {
107
+ "class_name":"ActionDispatch::Request",
108
+ "instance_method":true,
109
+ "method_visibility": "public",
110
+ "method_name":"local?",
111
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L409"
112
+ }, {
113
+ "class_name":"ActionDispatch::Request",
114
+ "instance_method":true,
115
+ "method_visibility": "public",
116
+ "method_name":"cookie_jar",
117
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L11"
118
+ }, {
119
+ "class_name":"ActionDispatch::Request",
120
+ "instance_method":true,
121
+ "method_visibility": "public",
122
+ "method_name":"have_cookie_jar?",
123
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L24"
124
+ }, {
125
+ "class_name":"ActionDispatch::Request",
126
+ "instance_method":true,
127
+ "method_visibility": "public",
128
+ "method_name":"key_generator",
129
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L32"
130
+ }, {
131
+ "class_name":"ActionDispatch::Request",
132
+ "instance_method":true,
133
+ "method_visibility": "public",
134
+ "method_name":"signed_cookie_salt",
135
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L36"
136
+ }, {
137
+ "class_name":"ActionDispatch::Request",
138
+ "instance_method":true,
139
+ "method_visibility": "public",
140
+ "method_name":"encrypted_cookie_salt",
141
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L40"
142
+ }, {
143
+ "class_name":"ActionDispatch::Request",
144
+ "instance_method":true,
145
+ "method_visibility": "public",
146
+ "method_name":"encrypted_signed_cookie_salt",
147
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L44"
148
+ }, {
149
+ "class_name":"ActionDispatch::Request",
150
+ "instance_method":true,
151
+ "method_visibility": "public",
152
+ "method_name":"authenticated_encrypted_cookie_salt",
153
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L48"
154
+ }, {
155
+ "class_name":"ActionDispatch::Request",
156
+ "instance_method":true,
157
+ "method_visibility": "public",
158
+ "method_name":"use_authenticated_cookie_encryption",
159
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L52"
160
+ }, {
161
+ "class_name":"ActionDispatch::Request",
162
+ "instance_method":true,
163
+ "method_visibility": "public",
164
+ "method_name":"encrypted_cookie_cipher",
165
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L56"
166
+ }, {
167
+ "class_name":"ActionDispatch::Request",
168
+ "instance_method":true,
169
+ "method_visibility": "public",
170
+ "method_name":"signed_cookie_digest",
171
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L60"
172
+ }, {
173
+ "class_name":"ActionDispatch::Request",
174
+ "instance_method":true,
175
+ "method_visibility": "public",
176
+ "method_name":"secret_key_base",
177
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L64"
178
+ }, {
179
+ "class_name":"ActionDispatch::Request",
180
+ "instance_method":true,
181
+ "method_visibility": "public",
182
+ "method_name":"cookies_serializer",
183
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L68"
184
+ }, {
185
+ "class_name":"ActionDispatch::Request",
186
+ "instance_method":true,
187
+ "method_visibility": "public",
188
+ "method_name":"cookies_digest",
189
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L72"
190
+ }, {
191
+ "class_name":"ActionDispatch::Request",
192
+ "instance_method":true,
193
+ "method_visibility": "public",
194
+ "method_name":"cookies_rotations",
195
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L76"
196
+ }, {
197
+ "class_name":"ActionDispatch::Request",
198
+ "instance_method":true,
199
+ "method_visibility": "public",
200
+ "method_name":"use_cookies_with_metadata",
201
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L80"
202
+ }, {
203
+ "class_name":"ActionDispatch::Request::Session",
204
+ "instance_method":true,
205
+ "method_visibility": "public",
206
+ "method_name":"exists?",
207
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/request/session.rb#L201"
58
208
  }
59
209
  ]
60
210
  }