contrast-agent 3.8.4 → 6.9.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (676) hide show
  1. checksums.yaml +4 -4
  2. data/.dockerignore +0 -1
  3. data/.flayignore +1 -0
  4. data/.gitignore +8 -5
  5. data/.gitmodules +0 -3
  6. data/.rspec +0 -1
  7. data/.rspec_parallel +6 -0
  8. data/.simplecov +6 -2
  9. data/Gemfile +1 -1
  10. data/LICENSE.txt +1 -1
  11. data/Rakefile +5 -2
  12. data/ext/build_funchook.rb +27 -11
  13. data/ext/cs__assess_array/cs__assess_array.c +45 -7
  14. data/ext/cs__assess_array/cs__assess_array.h +5 -1
  15. data/ext/cs__assess_array/extconf.rb +3 -0
  16. data/ext/cs__assess_basic_object/cs__assess_basic_object.c +39 -17
  17. data/ext/cs__assess_basic_object/cs__assess_basic_object.h +2 -1
  18. data/ext/cs__assess_basic_object/extconf.rb +3 -0
  19. data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +9 -13
  20. data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +3 -4
  21. data/ext/cs__assess_fiber_track/extconf.rb +3 -0
  22. data/ext/cs__assess_hash/cs__assess_hash.c +46 -21
  23. data/ext/cs__assess_hash/cs__assess_hash.h +5 -6
  24. data/ext/cs__assess_hash/extconf.rb +3 -0
  25. data/ext/cs__assess_kernel/cs__assess_kernel.c +29 -15
  26. data/ext/cs__assess_kernel/cs__assess_kernel.h +3 -0
  27. data/ext/cs__assess_kernel/extconf.rb +3 -0
  28. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +55 -23
  29. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +6 -3
  30. data/ext/cs__assess_marshal_module/extconf.rb +3 -0
  31. data/ext/cs__assess_module/cs__assess_module.c +82 -23
  32. data/ext/cs__assess_module/cs__assess_module.h +10 -0
  33. data/ext/cs__assess_module/extconf.rb +3 -0
  34. data/ext/cs__assess_regexp/cs__assess_regexp.c +28 -9
  35. data/ext/cs__assess_regexp/cs__assess_regexp.h +3 -0
  36. data/ext/cs__assess_regexp/extconf.rb +3 -0
  37. data/ext/cs__assess_string/cs__assess_string.c +53 -21
  38. data/ext/cs__assess_string/cs__assess_string.h +7 -1
  39. data/ext/cs__assess_string/extconf.rb +3 -0
  40. data/ext/cs__assess_string_interpolation/cs__assess_string_interpolation.c +39 -0
  41. data/ext/cs__assess_string_interpolation/cs__assess_string_interpolation.h +13 -0
  42. data/ext/cs__assess_string_interpolation/extconf.rb +5 -0
  43. data/ext/cs__assess_test/cs__assess_test.h +9 -0
  44. data/ext/cs__assess_test/cs__assess_tests.c +22 -0
  45. data/ext/cs__assess_test/extconf.rb +5 -0
  46. data/ext/cs__assess_yield_track/cs__assess_yield_track.c +30 -0
  47. data/ext/cs__assess_yield_track/cs__assess_yield_track.h +11 -0
  48. data/ext/cs__assess_yield_track/extconf.rb +5 -0
  49. data/ext/cs__common/cs__common.c +246 -10
  50. data/ext/cs__common/cs__common.h +71 -2
  51. data/ext/cs__common/extconf.rb +3 -16
  52. data/ext/cs__contrast_patch/cs__contrast_patch.c +255 -155
  53. data/ext/cs__contrast_patch/cs__contrast_patch.h +13 -14
  54. data/ext/cs__contrast_patch/extconf.rb +3 -0
  55. data/ext/cs__os_information/cs__os_information.c +34 -0
  56. data/ext/cs__os_information/cs__os_information.h +7 -0
  57. data/ext/cs__os_information/extconf.rb +5 -0
  58. data/ext/cs__scope/cs__scope.c +755 -55
  59. data/ext/cs__scope/cs__scope.h +75 -20
  60. data/ext/cs__scope/extconf.rb +3 -0
  61. data/ext/cs__tests/cs__tests.c +12 -0
  62. data/ext/cs__tests/cs__tests.h +3 -0
  63. data/ext/cs__tests/extconf.rb +5 -0
  64. data/ext/extconf_common.rb +4 -34
  65. data/lib/contrast/agent/assess/contrast_object.rb +54 -0
  66. data/lib/contrast/agent/assess/events/event_data.rb +30 -0
  67. data/lib/contrast/agent/assess/finalizers/freeze.rb +15 -0
  68. data/lib/contrast/agent/assess/finalizers/hash.rb +107 -0
  69. data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +58 -36
  70. data/lib/contrast/agent/assess/policy/patcher.rb +13 -48
  71. data/lib/contrast/agent/assess/policy/policy.rb +20 -37
  72. data/lib/contrast/agent/assess/policy/policy_node.rb +96 -200
  73. data/lib/contrast/agent/assess/policy/policy_node_utils.rb +50 -0
  74. data/lib/contrast/agent/assess/policy/policy_scanner.rb +15 -12
  75. data/lib/contrast/agent/assess/policy/preshift.rb +50 -19
  76. data/lib/contrast/agent/assess/policy/propagation_method.rb +200 -192
  77. data/lib/contrast/agent/assess/policy/propagation_node.rb +49 -41
  78. data/lib/contrast/agent/assess/policy/propagator/append.rb +32 -15
  79. data/lib/contrast/agent/assess/policy/propagator/base.rb +5 -3
  80. data/lib/contrast/agent/assess/policy/propagator/buffer.rb +119 -0
  81. data/lib/contrast/agent/assess/policy/propagator/center.rb +12 -8
  82. data/lib/contrast/agent/assess/policy/propagator/custom.rb +7 -3
  83. data/lib/contrast/agent/assess/policy/propagator/database_write.rb +34 -25
  84. data/lib/contrast/agent/assess/policy/propagator/insert.rb +15 -11
  85. data/lib/contrast/agent/assess/policy/propagator/keep.rb +23 -6
  86. data/lib/contrast/agent/assess/policy/propagator/match_data.rb +118 -0
  87. data/lib/contrast/agent/assess/policy/propagator/next.rb +7 -6
  88. data/lib/contrast/agent/assess/policy/propagator/prepend.rb +13 -6
  89. data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +73 -0
  90. data/lib/contrast/agent/assess/policy/propagator/remove.rb +53 -41
  91. data/lib/contrast/agent/assess/policy/propagator/replace.rb +5 -3
  92. data/lib/contrast/agent/assess/policy/propagator/reverse.rb +7 -6
  93. data/lib/contrast/agent/assess/policy/propagator/select.rb +45 -36
  94. data/lib/contrast/agent/assess/policy/propagator/splat.rb +44 -21
  95. data/lib/contrast/agent/assess/policy/propagator/split.rb +176 -22
  96. data/lib/contrast/agent/assess/policy/propagator/substitution.rb +7 -132
  97. data/lib/contrast/agent/assess/policy/propagator/substitution_utils.rb +190 -0
  98. data/lib/contrast/agent/assess/policy/propagator/trim.rb +74 -52
  99. data/lib/contrast/agent/assess/policy/propagator.rb +21 -18
  100. data/lib/contrast/agent/assess/policy/source_method.rb +176 -177
  101. data/lib/contrast/agent/assess/policy/source_node.rb +3 -17
  102. data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +32 -0
  103. data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +34 -0
  104. data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +102 -0
  105. data/lib/contrast/agent/assess/policy/trigger/xpath.rb +57 -0
  106. data/lib/contrast/agent/assess/policy/trigger_method.rb +160 -173
  107. data/lib/contrast/agent/assess/policy/trigger_node.rb +162 -39
  108. data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +60 -0
  109. data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +8 -38
  110. data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +22 -7
  111. data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +6 -15
  112. data/lib/contrast/agent/assess/properties.rb +15 -354
  113. data/lib/contrast/agent/assess/property/evented.rb +58 -0
  114. data/lib/contrast/agent/assess/property/tagged.rb +246 -0
  115. data/lib/contrast/agent/assess/property/updated.rb +131 -0
  116. data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +58 -19
  117. data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +22 -17
  118. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +93 -81
  119. data/lib/contrast/agent/assess/rule/provider.rb +4 -4
  120. data/lib/contrast/agent/assess/rule/response/auto_complete_rule.rb +69 -0
  121. data/lib/contrast/agent/assess/rule/response/base_rule.rb +121 -0
  122. data/lib/contrast/agent/assess/rule/response/body_rule.rb +107 -0
  123. data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +195 -0
  124. data/lib/contrast/agent/assess/rule/response/click_jacking_header_rule.rb +26 -0
  125. data/lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb +100 -0
  126. data/lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb +26 -0
  127. data/lib/contrast/agent/assess/rule/response/framework/rails_support.rb +34 -0
  128. data/lib/contrast/agent/assess/rule/response/header_rule.rb +70 -0
  129. data/lib/contrast/agent/assess/rule/response/hsts_header_rule.rb +36 -0
  130. data/lib/contrast/agent/assess/rule/response/parameters_pollution_rule.rb +61 -0
  131. data/lib/contrast/agent/assess/rule/response/x_content_type_header_rule.rb +26 -0
  132. data/lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb +34 -0
  133. data/lib/contrast/agent/assess/tag.rb +84 -41
  134. data/lib/contrast/agent/assess/tracker.rb +70 -0
  135. data/lib/contrast/agent/assess.rb +7 -29
  136. data/lib/contrast/agent/at_exit_hook.rb +28 -17
  137. data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +11 -6
  138. data/lib/contrast/agent/deadzone/policy/policy.rb +11 -7
  139. data/lib/contrast/agent/disable_reaction.rb +6 -10
  140. data/lib/contrast/agent/excluder.rb +224 -0
  141. data/lib/contrast/agent/exclusion_matcher.rb +40 -74
  142. data/lib/contrast/agent/inventory/database_config.rb +174 -0
  143. data/lib/contrast/agent/inventory/dependencies.rb +52 -0
  144. data/lib/contrast/agent/inventory/dependency_analysis.rb +34 -0
  145. data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +120 -0
  146. data/lib/contrast/agent/inventory/policy/datastores.rb +51 -0
  147. data/lib/contrast/agent/inventory/policy/policy.rb +5 -5
  148. data/lib/contrast/agent/inventory/policy/trigger_node.rb +2 -2
  149. data/lib/contrast/agent/inventory.rb +14 -0
  150. data/lib/contrast/agent/middleware.rb +146 -299
  151. data/lib/contrast/agent/module_data.rb +5 -4
  152. data/lib/contrast/agent/patching/policy/after_load_patch.rb +54 -7
  153. data/lib/contrast/agent/patching/policy/after_load_patcher.rb +103 -27
  154. data/lib/contrast/agent/patching/policy/method_policy.rb +53 -64
  155. data/lib/contrast/agent/patching/policy/method_policy_extend.rb +113 -0
  156. data/lib/contrast/agent/patching/policy/module_policy.rb +27 -47
  157. data/lib/contrast/agent/patching/policy/patch.rb +147 -241
  158. data/lib/contrast/agent/patching/policy/patch_status.rb +21 -45
  159. data/lib/contrast/agent/patching/policy/patcher.rb +126 -161
  160. data/lib/contrast/agent/patching/policy/policy.rb +66 -57
  161. data/lib/contrast/agent/patching/policy/policy_node.rb +63 -32
  162. data/lib/contrast/agent/patching/policy/trigger_node.rb +32 -15
  163. data/lib/contrast/agent/protect/exploitable_collection.rb +38 -0
  164. data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +170 -0
  165. data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb +116 -0
  166. data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +65 -0
  167. data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +97 -0
  168. data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +69 -0
  169. data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +138 -0
  170. data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +55 -0
  171. data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +125 -0
  172. data/lib/contrast/agent/protect/policy/policy.rb +10 -10
  173. data/lib/contrast/agent/protect/policy/rule_applicator.rb +102 -0
  174. data/lib/contrast/agent/protect/policy/trigger_node.rb +2 -2
  175. data/lib/contrast/agent/protect/rule/base.rb +205 -95
  176. data/lib/contrast/agent/protect/rule/base_service.rb +73 -14
  177. data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb +98 -0
  178. data/lib/contrast/agent/protect/rule/bot_blocker.rb +81 -0
  179. data/lib/contrast/agent/protect/rule/cmd_injection.rb +53 -123
  180. data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb +132 -0
  181. data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb +169 -0
  182. data/lib/contrast/agent/protect/rule/cmdi/cmdi_chained_command.rb +64 -0
  183. data/lib/contrast/agent/protect/rule/cmdi/cmdi_dangerous_path.rb +63 -0
  184. data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +27 -0
  185. data/lib/contrast/agent/protect/rule/default_scanner.rb +69 -25
  186. data/lib/contrast/agent/protect/rule/deserialization.rb +32 -48
  187. data/lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb +96 -0
  188. data/lib/contrast/agent/protect/rule/http_method_tampering.rb +65 -62
  189. data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +2 -3
  190. data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +226 -0
  191. data/lib/contrast/agent/protect/rule/no_sqli.rb +47 -53
  192. data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_input_classification.rb +61 -0
  193. data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb +114 -0
  194. data/lib/contrast/agent/protect/rule/path_traversal.rb +57 -26
  195. data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +155 -0
  196. data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
  197. data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
  198. data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -2
  199. data/lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb +37 -0
  200. data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +28 -0
  201. data/lib/contrast/agent/protect/rule/sqli/sqli_semantic/sqli_dangerous_functions.rb +67 -0
  202. data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
  203. data/lib/contrast/agent/protect/rule/sqli.rb +78 -62
  204. data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +58 -0
  205. data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +19 -2
  206. data/lib/contrast/agent/protect/rule/xss/reflected_xss_input_classification.rb +58 -0
  207. data/lib/contrast/agent/protect/rule/xss.rb +20 -2
  208. data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +25 -21
  209. data/lib/contrast/agent/protect/rule/xxe.rb +69 -39
  210. data/lib/contrast/agent/protect/rule.rb +22 -25
  211. data/lib/contrast/agent/reporting/attack_result/attack_result.rb +71 -0
  212. data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +86 -0
  213. data/lib/contrast/agent/reporting/attack_result/response_type.rb +29 -0
  214. data/lib/contrast/agent/reporting/attack_result/user_input.rb +98 -0
  215. data/lib/contrast/agent/reporting/details/bot_blocker_details.rb +29 -0
  216. data/lib/contrast/agent/reporting/details/cmd_injection_details.rb +30 -0
  217. data/lib/contrast/agent/reporting/details/details.rb +18 -0
  218. data/lib/contrast/agent/reporting/details/http_method_tempering_details.rb +27 -0
  219. data/lib/contrast/agent/reporting/details/ip_denylist_details.rb +35 -0
  220. data/lib/contrast/agent/reporting/details/no_sqli_details.rb +36 -0
  221. data/lib/contrast/agent/reporting/details/path_traversal_details.rb +24 -0
  222. data/lib/contrast/agent/reporting/details/path_traversal_semantic_analysis_details.rb +32 -0
  223. data/lib/contrast/agent/reporting/details/protect_rule_details.rb +17 -0
  224. data/lib/contrast/agent/reporting/details/sqli_dangerous_functions.rb +22 -0
  225. data/lib/contrast/agent/reporting/details/sqli_details.rb +36 -0
  226. data/lib/contrast/agent/reporting/details/untrusted_deserialization_details.rb +27 -0
  227. data/lib/contrast/agent/reporting/details/virtual_patch_details.rb +30 -0
  228. data/lib/contrast/agent/reporting/details/xss_details.rb +33 -0
  229. data/lib/contrast/agent/reporting/details/xss_match.rb +30 -0
  230. data/lib/contrast/agent/reporting/details/xxe_details.rb +36 -0
  231. data/lib/contrast/agent/reporting/details/xxe_match.rb +25 -0
  232. data/lib/contrast/agent/reporting/details/xxe_wrapper.rb +25 -0
  233. data/lib/contrast/agent/reporting/input_analysis/details/bot_blocker_details.rb +27 -0
  234. data/lib/contrast/agent/reporting/input_analysis/details/protect_rule_details.rb +15 -0
  235. data/lib/contrast/agent/reporting/input_analysis/input_analysis.rb +43 -0
  236. data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb +129 -0
  237. data/lib/contrast/agent/reporting/input_analysis/input_type.rb +44 -0
  238. data/lib/contrast/agent/reporting/input_analysis/score_level.rb +21 -0
  239. data/lib/contrast/agent/reporting/masker/masker.rb +258 -0
  240. data/lib/contrast/agent/reporting/masker/masker_utils.rb +33 -0
  241. data/lib/contrast/agent/reporting/report.rb +31 -0
  242. data/lib/contrast/agent/reporting/reporter.rb +165 -0
  243. data/lib/contrast/agent/reporting/reporter_heartbeat.rb +47 -0
  244. data/lib/contrast/agent/reporting/reporting_events/agent_startup.rb +34 -0
  245. data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +120 -0
  246. data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +85 -0
  247. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +65 -0
  248. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +102 -0
  249. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +68 -0
  250. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_stack.rb +22 -0
  251. data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +62 -0
  252. data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +42 -0
  253. data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +57 -0
  254. data/lib/contrast/agent/reporting/reporting_events/application_reporting_event.rb +27 -0
  255. data/lib/contrast/agent/reporting/reporting_events/application_startup.rb +44 -0
  256. data/lib/contrast/agent/reporting/reporting_events/application_startup_instrumentation.rb +27 -0
  257. data/lib/contrast/agent/reporting/reporting_events/application_update.rb +56 -0
  258. data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +72 -0
  259. data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +126 -0
  260. data/lib/contrast/agent/reporting/reporting_events/finding.rb +210 -0
  261. data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +449 -0
  262. data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +104 -0
  263. data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb +49 -0
  264. data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb +51 -0
  265. data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +106 -0
  266. data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +74 -0
  267. data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +68 -0
  268. data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +71 -0
  269. data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range_tags.rb +105 -0
  270. data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +134 -0
  271. data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +89 -0
  272. data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +48 -0
  273. data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +45 -0
  274. data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +89 -0
  275. data/lib/contrast/agent/reporting/reporting_events/poll.rb +23 -0
  276. data/lib/contrast/agent/reporting/reporting_events/preflight.rb +41 -0
  277. data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +74 -0
  278. data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +66 -0
  279. data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +89 -0
  280. data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +63 -0
  281. data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +53 -0
  282. data/lib/contrast/agent/reporting/reporting_events/server_reporting_event.rb +35 -0
  283. data/lib/contrast/agent/reporting/reporting_events/server_settings.rb +40 -0
  284. data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +130 -0
  285. data/lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb +35 -0
  286. data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +176 -0
  287. data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +54 -0
  288. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +143 -0
  289. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +144 -0
  290. data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +66 -0
  291. data/lib/contrast/agent/reporting/reporting_utilities/response.rb +98 -0
  292. data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +176 -0
  293. data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +117 -0
  294. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_mode.rb +63 -0
  295. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +342 -0
  296. data/lib/contrast/agent/reporting/server_settings_worker.rb +44 -0
  297. data/lib/contrast/agent/reporting/settings/application_settings.rb +61 -0
  298. data/lib/contrast/agent/reporting/settings/assess.rb +45 -0
  299. data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +114 -0
  300. data/lib/contrast/agent/reporting/settings/bot_blocker.rb +68 -0
  301. data/lib/contrast/agent/reporting/settings/code_exclusion.rb +32 -0
  302. data/lib/contrast/agent/reporting/settings/exclusion_base.rb +51 -0
  303. data/lib/contrast/agent/reporting/settings/exclusions.rb +106 -0
  304. data/lib/contrast/agent/reporting/settings/helpers.rb +63 -0
  305. data/lib/contrast/agent/reporting/settings/input_exclusion.rb +43 -0
  306. data/lib/contrast/agent/reporting/settings/ip_filter.rb +35 -0
  307. data/lib/contrast/agent/reporting/settings/keyword.rb +74 -0
  308. data/lib/contrast/agent/reporting/settings/log_enhancer.rb +65 -0
  309. data/lib/contrast/agent/reporting/settings/protect.rb +106 -0
  310. data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +227 -0
  311. data/lib/contrast/agent/reporting/settings/reaction.rb +39 -0
  312. data/lib/contrast/agent/reporting/settings/rule_definition.rb +66 -0
  313. data/lib/contrast/agent/reporting/settings/sampling.rb +46 -0
  314. data/lib/contrast/agent/reporting/settings/sanitizer.rb +38 -0
  315. data/lib/contrast/agent/reporting/settings/security_logger.rb +77 -0
  316. data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +118 -0
  317. data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +65 -0
  318. data/lib/contrast/agent/reporting/settings/server_features.rb +95 -0
  319. data/lib/contrast/agent/reporting/settings/syslog.rb +205 -0
  320. data/lib/contrast/agent/reporting/settings/url_exclusion.rb +42 -0
  321. data/lib/contrast/agent/reporting/settings/validator.rb +17 -0
  322. data/lib/contrast/agent/request.rb +107 -411
  323. data/lib/contrast/agent/request_context.rb +78 -162
  324. data/lib/contrast/agent/request_context_extend.rb +85 -0
  325. data/lib/contrast/agent/request_handler.rb +41 -0
  326. data/lib/contrast/agent/response.rb +37 -165
  327. data/lib/contrast/agent/rule_set.rb +52 -0
  328. data/lib/contrast/agent/scope.rb +142 -20
  329. data/lib/contrast/agent/static_analysis.rb +51 -0
  330. data/lib/contrast/agent/telemetry/base.rb +155 -0
  331. data/lib/contrast/agent/telemetry/events/event.rb +35 -0
  332. data/lib/contrast/agent/telemetry/events/exceptions/obfuscate.rb +119 -0
  333. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +61 -0
  334. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +46 -0
  335. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +118 -0
  336. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +86 -0
  337. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +67 -0
  338. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb +19 -0
  339. data/lib/contrast/agent/telemetry/events/metric_event.rb +28 -0
  340. data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb +123 -0
  341. data/lib/contrast/agent/thread.rb +4 -6
  342. data/lib/contrast/agent/thread_watcher.rb +117 -0
  343. data/lib/contrast/agent/tracepoint_hook.rb +19 -13
  344. data/lib/contrast/agent/version.rb +2 -2
  345. data/lib/contrast/agent/worker_thread.rb +42 -0
  346. data/lib/contrast/agent.rb +83 -50
  347. data/lib/contrast/agent_lib/api/command_injection.rb +46 -0
  348. data/lib/contrast/agent_lib/api/init.rb +101 -0
  349. data/lib/contrast/agent_lib/api/input_tracing.rb +267 -0
  350. data/lib/contrast/agent_lib/api/method_tempering.rb +29 -0
  351. data/lib/contrast/agent_lib/api/panic.rb +87 -0
  352. data/lib/contrast/agent_lib/api/path_semantic_file_security_bypass.rb +40 -0
  353. data/lib/contrast/agent_lib/interface.rb +260 -0
  354. data/lib/contrast/agent_lib/interface_base.rb +118 -0
  355. data/lib/contrast/agent_lib/return_types/eval_result.rb +44 -0
  356. data/lib/contrast/agent_lib/test.rb +29 -0
  357. data/lib/contrast/api/communication/connection_status.rb +59 -0
  358. data/lib/contrast/components/agent.rb +108 -36
  359. data/lib/contrast/components/api.rb +159 -0
  360. data/lib/contrast/components/app_context.rb +124 -134
  361. data/lib/contrast/components/app_context_extend.rb +53 -0
  362. data/lib/contrast/components/assess.rb +187 -24
  363. data/lib/contrast/components/assess_rules.rb +54 -0
  364. data/lib/contrast/components/base.rb +103 -0
  365. data/lib/contrast/components/config/sources.rb +95 -0
  366. data/lib/contrast/components/config.rb +182 -60
  367. data/lib/contrast/components/heap_dump.rb +77 -12
  368. data/lib/contrast/components/inventory.rb +37 -10
  369. data/lib/contrast/components/logger.rb +46 -76
  370. data/lib/contrast/components/polling.rb +36 -0
  371. data/lib/contrast/components/protect.rb +142 -16
  372. data/lib/contrast/components/ruby_component.rb +96 -0
  373. data/lib/contrast/components/sampling.rb +156 -15
  374. data/lib/contrast/components/scope.rb +116 -85
  375. data/lib/contrast/components/security_logger.rb +36 -0
  376. data/lib/contrast/components/settings.rb +197 -90
  377. data/lib/contrast/config/api_proxy_configuration.rb +27 -0
  378. data/lib/contrast/config/base_configuration.rb +20 -94
  379. data/lib/contrast/config/certification_configuration.rb +47 -0
  380. data/lib/contrast/config/config.rb +46 -0
  381. data/lib/contrast/config/diagnostics.rb +114 -0
  382. data/lib/contrast/config/diagnostics_tools.rb +98 -0
  383. data/lib/contrast/config/effective_config.rb +65 -0
  384. data/lib/contrast/config/effective_config_value.rb +32 -0
  385. data/lib/contrast/config/env_variables.rb +18 -0
  386. data/lib/contrast/config/exception_configuration.rb +34 -12
  387. data/lib/contrast/config/protect_rule_configuration.rb +45 -24
  388. data/lib/contrast/config/protect_rules_configuration.rb +97 -22
  389. data/lib/contrast/config/request_audit_configuration.rb +57 -0
  390. data/lib/contrast/config/server_configuration.rb +67 -15
  391. data/lib/contrast/config.rb +6 -22
  392. data/lib/contrast/configuration.rb +231 -108
  393. data/lib/contrast/extension/assess/array.rb +75 -0
  394. data/lib/contrast/extension/assess/erb.rb +61 -0
  395. data/lib/contrast/extension/assess/eval_trigger.rb +47 -0
  396. data/lib/contrast/{core_extensions → extension}/assess/exec_trigger.rb +9 -21
  397. data/lib/contrast/extension/assess/fiber.rb +95 -0
  398. data/lib/contrast/extension/assess/hash.rb +33 -0
  399. data/lib/contrast/extension/assess/kernel.rb +124 -0
  400. data/lib/contrast/extension/assess/marshal.rb +80 -0
  401. data/lib/contrast/extension/assess/regexp.rb +71 -0
  402. data/lib/contrast/extension/assess/string.rb +84 -0
  403. data/lib/contrast/extension/assess.rb +47 -0
  404. data/lib/contrast/{core_extensions → extension}/delegator.rb +3 -1
  405. data/lib/contrast/extension/extension.rb +59 -0
  406. data/lib/contrast/extension/inventory.rb +21 -0
  407. data/lib/contrast/extension/module.rb +16 -0
  408. data/lib/contrast/extension/object.rb +19 -0
  409. data/lib/contrast/extension/protect/psych.rb +7 -0
  410. data/lib/contrast/{core_extensions → extension}/protect.rb +6 -6
  411. data/lib/contrast/extension/thread.rb +50 -0
  412. data/lib/contrast/framework/base_support.rb +78 -0
  413. data/lib/contrast/framework/grape/support.rb +176 -0
  414. data/lib/contrast/framework/manager.rb +158 -0
  415. data/lib/contrast/framework/manager_extend.rb +50 -0
  416. data/lib/contrast/framework/rack/patch/session_cookie.rb +107 -0
  417. data/lib/contrast/framework/rack/patch/support.rb +26 -0
  418. data/lib/contrast/framework/rack/support.rb +23 -0
  419. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +46 -0
  420. data/lib/contrast/framework/rails/patch/assess_configuration.rb +98 -0
  421. data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +31 -0
  422. data/lib/contrast/framework/rails/patch/support.rb +46 -0
  423. data/lib/contrast/framework/rails/railtie.rb +33 -0
  424. data/lib/contrast/framework/rails/support.rb +187 -0
  425. data/lib/contrast/framework/sinatra/support.rb +165 -0
  426. data/lib/contrast/funchook/funchook.rb +45 -0
  427. data/lib/contrast/logger/aliased_logging.rb +101 -0
  428. data/lib/contrast/logger/application.rb +84 -0
  429. data/lib/contrast/logger/cef_log.rb +169 -0
  430. data/lib/contrast/logger/format.rb +61 -0
  431. data/lib/contrast/logger/log.rb +90 -0
  432. data/lib/contrast/logger/request.rb +25 -0
  433. data/lib/contrast/logger/time.rb +57 -0
  434. data/lib/contrast/security_exception.rb +2 -2
  435. data/lib/contrast/tasks/config.rb +144 -0
  436. data/lib/contrast/utils/assess/event_limit_utils.rb +134 -0
  437. data/lib/contrast/utils/assess/object_store.rb +36 -0
  438. data/lib/contrast/utils/assess/propagation_method_utils.rb +155 -0
  439. data/lib/contrast/utils/assess/property/tagged_utils.rb +165 -0
  440. data/lib/contrast/utils/assess/sampling_util.rb +11 -17
  441. data/lib/contrast/utils/assess/source_method_utils.rb +74 -0
  442. data/lib/contrast/utils/assess/split_utils.rb +23 -0
  443. data/lib/contrast/utils/assess/tracking_util.rb +95 -19
  444. data/lib/contrast/utils/assess/trigger_method_utils.rb +132 -0
  445. data/lib/contrast/utils/class_util.rb +125 -38
  446. data/lib/contrast/utils/duck_utils.rb +54 -43
  447. data/lib/contrast/utils/env_configuration_item.rb +4 -3
  448. data/lib/contrast/utils/findings.rb +66 -0
  449. data/lib/contrast/utils/hash_digest.rb +52 -100
  450. data/lib/contrast/utils/hash_digest_extend.rb +129 -0
  451. data/lib/contrast/utils/head_dump_utils_extend.rb +74 -0
  452. data/lib/contrast/utils/heap_dump_util.rb +44 -88
  453. data/lib/contrast/utils/input_classification_base.rb +155 -0
  454. data/lib/contrast/utils/invalid_configuration_util.rb +36 -50
  455. data/lib/contrast/utils/io_util.rb +47 -51
  456. data/lib/contrast/utils/job_servers_running.rb +47 -0
  457. data/lib/contrast/utils/log_utils.rb +254 -0
  458. data/lib/contrast/utils/lru_cache.rb +48 -0
  459. data/lib/contrast/utils/metrics_hash.rb +59 -0
  460. data/lib/contrast/utils/middleware_utils.rb +89 -0
  461. data/lib/contrast/utils/net_http_base.rb +167 -0
  462. data/lib/contrast/utils/object_share.rb +7 -48
  463. data/lib/contrast/utils/os.rb +14 -24
  464. data/lib/contrast/utils/patching/policy/patch_utils.rb +175 -0
  465. data/lib/contrast/utils/patching/policy/patcher_utils.rb +54 -0
  466. data/lib/contrast/utils/reporting/application_activity_batch_utils.rb +81 -0
  467. data/lib/contrast/utils/request_utils.rb +96 -0
  468. data/lib/contrast/utils/resource_loader.rb +2 -2
  469. data/lib/contrast/utils/response_utils.rb +79 -0
  470. data/lib/contrast/utils/routes_sent.rb +60 -0
  471. data/lib/contrast/utils/sha256_builder.rb +9 -21
  472. data/lib/contrast/utils/stack_trace_utils.rb +68 -184
  473. data/lib/contrast/utils/string_utils.rb +82 -52
  474. data/lib/contrast/utils/tag_util.rb +58 -44
  475. data/lib/contrast/utils/telemetry.rb +103 -0
  476. data/lib/contrast/utils/telemetry_client.rb +107 -0
  477. data/lib/contrast/utils/telemetry_hash.rb +65 -0
  478. data/lib/contrast/utils/telemetry_identifier.rb +153 -0
  479. data/lib/contrast/utils/thread_tracker.rb +27 -23
  480. data/lib/contrast/utils/timer.rb +20 -55
  481. data/lib/contrast-agent.rb +2 -2
  482. data/lib/contrast.rb +105 -43
  483. data/resources/assess/policy.json +523 -137
  484. data/resources/deadzone/policy.json +280 -10
  485. data/resources/inventory/policy.json +2 -2
  486. data/resources/protect/policy.json +30 -17
  487. data/ruby-agent.gemspec +114 -45
  488. data/sonar-project.properties +9 -0
  489. metadata +694 -287
  490. data/exe/contrast_service +0 -29
  491. data/ext/cs__assess_active_record_named/cs__active_record_named.c +0 -47
  492. data/ext/cs__assess_active_record_named/cs__active_record_named.h +0 -10
  493. data/ext/cs__assess_active_record_named/extconf.rb +0 -2
  494. data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +0 -63
  495. data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +0 -29
  496. data/ext/cs__assess_regexp_track/extconf.rb +0 -2
  497. data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +0 -31
  498. data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +0 -13
  499. data/ext/cs__assess_string_interpolation26/extconf.rb +0 -2
  500. data/ext/cs__protect_kernel/cs__protect_kernel.c +0 -37
  501. data/ext/cs__protect_kernel/cs__protect_kernel.h +0 -11
  502. data/ext/cs__protect_kernel/extconf.rb +0 -2
  503. data/funchook/Makefile +0 -29
  504. data/funchook/autom4te.cache/output.0 +0 -4976
  505. data/funchook/autom4te.cache/requests +0 -78
  506. data/funchook/autom4te.cache/traces.0 +0 -364
  507. data/funchook/config.log +0 -490
  508. data/funchook/config.status +0 -1016
  509. data/funchook/configure +0 -4976
  510. data/funchook/src/Makefile +0 -70
  511. data/funchook/src/config.h +0 -101
  512. data/funchook/src/config.h.in +0 -100
  513. data/funchook/src/decoder.o +0 -0
  514. data/funchook/src/distorm.o +0 -0
  515. data/funchook/src/funchook.o +0 -0
  516. data/funchook/src/funchook_io.o +0 -0
  517. data/funchook/src/funchook_syscall.o +0 -0
  518. data/funchook/src/funchook_unix.o +0 -0
  519. data/funchook/src/funchook_x86.o +0 -0
  520. data/funchook/src/instructions.o +0 -0
  521. data/funchook/src/insts.o +0 -0
  522. data/funchook/src/libfunchook.so +0 -0
  523. data/funchook/src/mnemonics.o +0 -0
  524. data/funchook/src/operands.o +0 -0
  525. data/funchook/src/os_func.o +0 -0
  526. data/funchook/src/os_func_unix.o +0 -0
  527. data/funchook/src/prefix.o +0 -0
  528. data/funchook/src/printf_base.o +0 -0
  529. data/funchook/src/textdefs.o +0 -0
  530. data/funchook/src/wstring.o +0 -0
  531. data/funchook/test/Makefile +0 -43
  532. data/funchook/test/funchook_test +0 -0
  533. data/funchook/test/libfunchook_test.so +0 -0
  534. data/funchook/test/test_main.o +0 -0
  535. data/funchook/test/x86_64_test.o +0 -0
  536. data/lib/contrast/agent/assess/adjusted_span.rb +0 -25
  537. data/lib/contrast/agent/assess/class_reverter.rb +0 -82
  538. data/lib/contrast/agent/assess/contrast_event.rb +0 -398
  539. data/lib/contrast/agent/assess/frozen_properties.rb +0 -41
  540. data/lib/contrast/agent/assess/insulator.rb +0 -53
  541. data/lib/contrast/agent/assess/policy/rewriter_patch.rb +0 -79
  542. data/lib/contrast/agent/assess/rule/base.rb +0 -72
  543. data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +0 -28
  544. data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +0 -69
  545. data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +0 -132
  546. data/lib/contrast/agent/assess/rule/csrf.rb +0 -66
  547. data/lib/contrast/agent/assess/rule/redos.rb +0 -68
  548. data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +0 -47
  549. data/lib/contrast/agent/assess/rule/response_watcher.rb +0 -36
  550. data/lib/contrast/agent/assess/rule/watcher.rb +0 -36
  551. data/lib/contrast/agent/assess/rule.rb +0 -18
  552. data/lib/contrast/agent/class_reopener.rb +0 -195
  553. data/lib/contrast/agent/feature_state.rb +0 -379
  554. data/lib/contrast/agent/logger_manager.rb +0 -116
  555. data/lib/contrast/agent/patching/policy/policy_unpatcher.rb +0 -28
  556. data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +0 -103
  557. data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +0 -85
  558. data/lib/contrast/agent/protect/rule/csrf.rb +0 -118
  559. data/lib/contrast/agent/railtie.rb +0 -30
  560. data/lib/contrast/agent/reaction_processor.rb +0 -47
  561. data/lib/contrast/agent/require_state.rb +0 -61
  562. data/lib/contrast/agent/rewriter.rb +0 -244
  563. data/lib/contrast/agent/service_heartbeat.rb +0 -37
  564. data/lib/contrast/agent/settings_state.rb +0 -148
  565. data/lib/contrast/agent/socket_client.rb +0 -125
  566. data/lib/contrast/api/connection_status.rb +0 -49
  567. data/lib/contrast/api/dtm_pb.rb +0 -718
  568. data/lib/contrast/api/settings_pb.rb +0 -416
  569. data/lib/contrast/api/socket.rb +0 -43
  570. data/lib/contrast/api/speedracer.rb +0 -206
  571. data/lib/contrast/api/tcp_socket.rb +0 -31
  572. data/lib/contrast/api/unix_socket.rb +0 -25
  573. data/lib/contrast/api.rb +0 -17
  574. data/lib/contrast/common_agent_configuration.rb +0 -86
  575. data/lib/contrast/components/contrast_service.rb +0 -113
  576. data/lib/contrast/components/interface.rb +0 -178
  577. data/lib/contrast/config/agent_configuration.rb +0 -24
  578. data/lib/contrast/config/application_configuration.rb +0 -27
  579. data/lib/contrast/config/assess_configuration.rb +0 -22
  580. data/lib/contrast/config/assess_rules_configuration.rb +0 -18
  581. data/lib/contrast/config/default_value.rb +0 -16
  582. data/lib/contrast/config/heap_dump_configuration.rb +0 -23
  583. data/lib/contrast/config/inventory_configuration.rb +0 -20
  584. data/lib/contrast/config/logger_configuration.rb +0 -20
  585. data/lib/contrast/config/protect_configuration.rb +0 -20
  586. data/lib/contrast/config/root_configuration.rb +0 -26
  587. data/lib/contrast/config/ruby_configuration.rb +0 -39
  588. data/lib/contrast/config/sampling_configuration.rb +0 -22
  589. data/lib/contrast/config/service_configuration.rb +0 -22
  590. data/lib/contrast/core_extensions/assess/array.rb +0 -58
  591. data/lib/contrast/core_extensions/assess/assess_extension.rb +0 -145
  592. data/lib/contrast/core_extensions/assess/basic_object.rb +0 -15
  593. data/lib/contrast/core_extensions/assess/erb.rb +0 -42
  594. data/lib/contrast/core_extensions/assess/fiber.rb +0 -125
  595. data/lib/contrast/core_extensions/assess/hash.rb +0 -22
  596. data/lib/contrast/core_extensions/assess/kernel.rb +0 -95
  597. data/lib/contrast/core_extensions/assess/module.rb +0 -14
  598. data/lib/contrast/core_extensions/assess/regexp.rb +0 -206
  599. data/lib/contrast/core_extensions/assess/string.rb +0 -75
  600. data/lib/contrast/core_extensions/assess/tilt_template_trigger.rb +0 -73
  601. data/lib/contrast/core_extensions/assess.rb +0 -51
  602. data/lib/contrast/core_extensions/eval_trigger.rb +0 -52
  603. data/lib/contrast/core_extensions/inventory/datastores.rb +0 -37
  604. data/lib/contrast/core_extensions/inventory.rb +0 -22
  605. data/lib/contrast/core_extensions/module.rb +0 -42
  606. data/lib/contrast/core_extensions/object.rb +0 -27
  607. data/lib/contrast/core_extensions/protect/applies_command_injection_rule.rb +0 -70
  608. data/lib/contrast/core_extensions/protect/applies_deserialization_rule.rb +0 -58
  609. data/lib/contrast/core_extensions/protect/applies_no_sqli_rule.rb +0 -81
  610. data/lib/contrast/core_extensions/protect/applies_path_traversal_rule.rb +0 -119
  611. data/lib/contrast/core_extensions/protect/applies_sqli_rule.rb +0 -63
  612. data/lib/contrast/core_extensions/protect/applies_xxe_rule.rb +0 -141
  613. data/lib/contrast/core_extensions/protect/kernel.rb +0 -30
  614. data/lib/contrast/core_extensions/protect/psych.rb +0 -7
  615. data/lib/contrast/core_extensions/thread.rb +0 -31
  616. data/lib/contrast/internal_exception.rb +0 -8
  617. data/lib/contrast/rails_extensions/assess/action_controller_inheritance.rb +0 -48
  618. data/lib/contrast/rails_extensions/assess/active_record.rb +0 -32
  619. data/lib/contrast/rails_extensions/assess/active_record_named.rb +0 -61
  620. data/lib/contrast/rails_extensions/assess/configuration.rb +0 -26
  621. data/lib/contrast/rails_extensions/buffer.rb +0 -30
  622. data/lib/contrast/rails_extensions/rack.rb +0 -45
  623. data/lib/contrast/sinatra_extensions/assess/cookie.rb +0 -26
  624. data/lib/contrast/sinatra_extensions/inventory/sinatra_base.rb +0 -59
  625. data/lib/contrast/tasks/service.rb +0 -95
  626. data/lib/contrast/utils/boolean_util.rb +0 -33
  627. data/lib/contrast/utils/cache.rb +0 -69
  628. data/lib/contrast/utils/comment_range.rb +0 -19
  629. data/lib/contrast/utils/data_store_util.rb +0 -23
  630. data/lib/contrast/utils/environment_util.rb +0 -152
  631. data/lib/contrast/utils/freeze_util.rb +0 -36
  632. data/lib/contrast/utils/gemfile_reader.rb +0 -191
  633. data/lib/contrast/utils/inventory_util.rb +0 -126
  634. data/lib/contrast/utils/operating_environment.rb +0 -38
  635. data/lib/contrast/utils/path_util.rb +0 -151
  636. data/lib/contrast/utils/performs_logging.rb +0 -152
  637. data/lib/contrast/utils/preflight_util.rb +0 -13
  638. data/lib/contrast/utils/prevent_serialization.rb +0 -52
  639. data/lib/contrast/utils/rack_assess_session_cookie.rb +0 -104
  640. data/lib/contrast/utils/rails_assess_configuration.rb +0 -95
  641. data/lib/contrast/utils/random_util.rb +0 -22
  642. data/lib/contrast/utils/ruby_ast_rewriter.rb +0 -74
  643. data/lib/contrast/utils/scope_util.rb +0 -99
  644. data/lib/contrast/utils/service_response_util.rb +0 -116
  645. data/lib/contrast/utils/service_sender_util.rb +0 -98
  646. data/lib/contrast/utils/sinatra_helper.rb +0 -49
  647. data/resources/csrf/inject.js +0 -44
  648. data/resources/factory-bot-spec/spec_helper.rb +0 -30
  649. data/resources/rubocops/kernel/catch_cop.rb +0 -37
  650. data/resources/rubocops/kernel/require_cop.rb +0 -37
  651. data/resources/rubocops/kernel/require_relative_cop.rb +0 -33
  652. data/resources/rubocops/module/autoload_cop.rb +0 -37
  653. data/resources/rubocops/module/const_defined_cop.rb +0 -37
  654. data/resources/rubocops/module/const_get_cop.rb +0 -37
  655. data/resources/rubocops/module/const_set_cop.rb +0 -37
  656. data/resources/rubocops/module/constants_cop.rb +0 -37
  657. data/resources/rubocops/module/name_cop.rb +0 -37
  658. data/resources/rubocops/object/class_cop.rb +0 -37
  659. data/resources/rubocops/object/freeze_cop.rb +0 -37
  660. data/resources/rubocops/object/frozen_cop.rb +0 -37
  661. data/resources/rubocops/object/is_a_cop.rb +0 -37
  662. data/resources/rubocops/object/method_cop.rb +0 -37
  663. data/resources/rubocops/object/respond_to_cop.rb +0 -37
  664. data/resources/rubocops/object/singleton_class_cop.rb +0 -37
  665. data/resources/rubocops/regexp/spelling_cop.rb +0 -44
  666. data/resources/rubocops/thread/new_cop.rb +0 -39
  667. data/resources/ruby-spec/ancestors_spec.rb +0 -70
  668. data/resources/ruby-spec/modulo_spec.rb +0 -831
  669. data/resources/ruby-spec/parameters_spec.rb +0 -261
  670. data/resources/ruby-spec/ruby_spec_spec_helper.rb +0 -35
  671. data/service_executables/.gitkeep +0 -0
  672. data/service_executables/VERSION +0 -1
  673. data/service_executables/linux/contrast-service +0 -0
  674. data/service_executables/mac/contrast-service +0 -0
  675. data/shared_libraries/funchook.h +0 -123
  676. data/shared_libraries/libfunchook.so +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: da212693eda842e7117b2c758361ea67915854a4888b3ea0315c51f33951fea3
4
- data.tar.gz: d43b26947e6eb4219f97bf90542a3948077578617f925fa90a94d4151674e88e
3
+ metadata.gz: b850f63bce180f09f998f5363f58b01e9c69db61a2f98a31db97fb59b82564d7
4
+ data.tar.gz: 811072666998fb4daf0f49d2514d875b45c18d79d29398639862f1c2144aa930
5
5
  SHA512:
6
- metadata.gz: 017607d5a9cc4be26f5b970ae072851fb50a3487c9da3d625ed72d346bbbff29daec0dfd5cf2a9b5dcb1445512d9d951a77360980c9ec9f2c37f9759ff706598
7
- data.tar.gz: 2a17b8dd9099c3558c5d8d1a2ba085eaec28149ef0def59d04e129e0cd2f863e2e2a6e27ae9defa873163df7b539d6600a620d7674553a71a3899e3e1d426b60
6
+ metadata.gz: ac0f4dcea0a62d6aa000659943f2b994a02940148fffdff2901ff4ff61d27fd257170ec4f48d0b1925d569dbc20de89a8866f76a17dd1c22aa15d9c80e4e9eb1
7
+ data.tar.gz: bd2490f015d1a5c8be5f0e7a0fc60e5acdc436b03e32420cbf19542a53b760c843cd84a17a0e7a8a3794ec69e3aa909e63fabdb32f4c32d5daa48ece261176aa
data/.dockerignore CHANGED
@@ -4,7 +4,6 @@ docker/
4
4
  code-deploy/
5
5
 
6
6
  Jenkinsfile
7
- bitbucket-pipelines.yml
8
7
  docker-compose.yml
9
8
  .rubocop.yml
10
9
  .travis.yml
data/.flayignore ADDED
@@ -0,0 +1 @@
1
+ ./lib/contrast/api/*_pb.rb
data/.gitignore CHANGED
@@ -1,8 +1,8 @@
1
1
  /.bundle/
2
2
  /.yardoc
3
3
  /_yardoc/
4
- /Gemfile.lock
5
4
  /coverage/
5
+ /Gemfile.lock
6
6
  /data/*
7
7
  /doc/
8
8
  /log/
@@ -18,6 +18,13 @@
18
18
  /ext/**/*.so
19
19
  /ext/**/*.bundle
20
20
 
21
+ bin
22
+ ruby-spec
23
+ mspec
24
+
25
+ # rspec generated files
26
+ /spec/dummy_files/*
27
+
21
28
  # Funchook artifacts
22
29
  /ext/**/funchook.h
23
30
  /ext/**/libfunchook.dylib
@@ -49,10 +56,6 @@ contrast-agent-*.gem
49
56
 
50
57
  .ruby-version
51
58
  .ruby-gemset
52
- service_executables/*-*
53
-
54
- # Generated Protobuf files
55
- /lib/contrast/api/*_pb.rb
56
59
 
57
60
  # IDE stuff
58
61
  tags
data/.gitmodules CHANGED
@@ -1,6 +1,3 @@
1
- [submodule "agent-service-api"]
2
- path = agent-service-api
3
- url = git@bitbucket.org:contrastsecurity/agent-service-api
4
1
  [submodule "funchook"]
5
2
  path = funchook
6
3
  url = https://github.com/kubo/funchook.git
data/.rspec CHANGED
@@ -3,4 +3,3 @@
3
3
  --format documentation
4
4
  --format RspecJunitFormatter
5
5
  --out ./test-results/results.xml
6
- --color
data/.rspec_parallel ADDED
@@ -0,0 +1,6 @@
1
+ --require spec_helper
2
+ --order rand
3
+ --format progress
4
+ --format RspecJunitFormatter
5
+ --out ./test-results/results.xml
6
+ --format ParallelTests::RSpec::FailuresLogger --out tmp/failing_specs.log
data/.simplecov CHANGED
@@ -1,4 +1,8 @@
1
- SimpleCov.minimum_coverage 92.30
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ SimpleCov.minimum_coverage(line: 94)
2
5
  SimpleCov.start do
3
6
  add_filter '/spec/'
4
- end
7
+ enable_coverage :branch
8
+ end
data/Gemfile CHANGED
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  source 'https://rubygems.org'
data/LICENSE.txt CHANGED
@@ -1,4 +1,4 @@
1
- Copyright: 2020 Contrast Security, Inc
1
+ Copyright: 2022 Contrast Security, Inc
2
2
  Contact: support@contrastsecurity.com
3
3
  License: Commercial
4
4
 
data/Rakefile CHANGED
@@ -1,15 +1,18 @@
1
- # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
+ $stdout.sync = true
5
+
4
6
  require 'bundler/gem_tasks'
5
7
  require 'rspec/core/rake_task'
6
8
  require 'rake/extensiontask'
9
+ require 'fileutils'
7
10
 
8
11
  CLOBBER << 'shared_libraries/*'
9
12
 
10
13
  Dir['ext/cs__*'].each do |extension|
11
14
  name = extension.split('/')[1]
12
- Rake::ExtensionTask.new name do |ext|
15
+ Rake::ExtensionTask.new(name) do |ext|
13
16
  ext.lib_dir = "lib/#{ name }"
14
17
  end
15
18
  end
@@ -1,14 +1,27 @@
1
- # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'fileutils'
5
-
6
5
  unless find_header('funchook.h', ext_path)
7
6
 
8
7
  FUNCHOOK_DIR_NAME = 'funchook'
9
8
  FUNCHOOK_DIR = File.expand_path(File.join(File.dirname(File.expand_path(__FILE__)), '..', FUNCHOOK_DIR_NAME))
10
9
 
11
10
  COMMANDS = ['./autogen.sh', './configure', 'make clean', 'make'].freeze
11
+ bundler_install_target_paths = []
12
+
13
+ # .path and .paths diverge in their return type - .path returns strings, .paths returns PathSupports
14
+ possible_gem_paths = Gem.path
15
+ possible_gem_paths.each do |base_path|
16
+ contrast_gem_dir_search = File.join(base_path, 'extensions', '**', '*', 'contrast-agent-*')
17
+ extension_paths = Dir[contrast_gem_dir_search]
18
+ extension_paths.map! do |extension_path|
19
+ target_path = File.join(extension_path, 'shared_libraries')
20
+ FileUtils.mkdir_p(target_path) unless File.exist?(target_path)
21
+ target_path
22
+ end
23
+ bundler_install_target_paths += extension_paths
24
+ end
12
25
 
13
26
  puts 'Building funchook'
14
27
  COMMANDS.each do |command|
@@ -19,15 +32,14 @@ unless find_header('funchook.h', ext_path)
19
32
  end
20
33
 
21
34
  SOURCE_PATHS = [
22
- File.join('include', 'funchook.h'),
23
- File.join('src', 'libfunchook.dylib'),
24
- File.join('src', 'libfunchook.so')
35
+ File.join('include', 'funchook.h'), File.join('src', 'libfunchook.dylib'),
36
+ File.join('src', 'libfunchook.so')
25
37
  ].freeze
26
38
 
27
- TARGET_PATHS = [
39
+ TARGET_PATHS = ([
28
40
  File.expand_path(File.join(File.expand_path(__dir__), '..', 'shared_libraries')),
29
- File.expand_path(__dir__) # should be ext/
30
- ].freeze
41
+ File.expand_path(__dir__)
42
+ ] + bundler_install_target_paths).freeze
31
43
 
32
44
  puts 'Copying required files'
33
45
 
@@ -39,10 +51,14 @@ unless find_header('funchook.h', ext_path)
39
51
  end
40
52
 
41
53
  TARGET_PATHS.each do |target_path|
42
- puts "Copying #{ source_file_path } into #{ target_path }"
54
+ unless File.writable?(target_path)
55
+ puts("Unable to copy into #{ target_path } - directory not writable")
56
+ next
57
+ end
58
+ puts("Copying #{ source_file_path } into #{ target_path }")
43
59
  FileUtils.cp(source_file_path, target_path)
60
+ rescue StandardError
61
+ puts("Error while copying #{ source_file } to #{ target_path }")
44
62
  end
45
63
  end
46
64
  end
47
-
48
- have_header('funchook.h', ext_path)
@@ -1,4 +1,4 @@
1
- /* Copyright (c) 2020 Contrast Security, Inc. See
1
+ /* Copyright (c) 2022 Contrast Security, Inc. See
2
2
  * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
3
3
 
4
4
  #include "cs__assess_array.h"
@@ -22,17 +22,55 @@ static VALUE contrast_assess_array_join(const int argc, const VALUE *argv,
22
22
  }
23
23
  /* Finally, default to empty String. Implicit since nil.to_s is ''*/
24
24
 
25
+ /* call the Array.join but patched one */
25
26
  result = rb_funcall2(ary, rb_sym_assess_array_join, argc, argv);
26
- result = rb_funcall(ary, rb_sym_assess_track_array_join, 2, sep, result);
27
+ /* call the Contrast::Extensions::Assess::ArrayPropagator#cs__track_join */
28
+ result = rb_funcall(array_propagator, rb_sym_assess_track_array_join, 3,
29
+ ary, sep, result);
27
30
 
28
31
  return result;
29
32
  }
30
33
 
34
+ static VALUE contrast_assess_prepend_array_join(const int argc, const VALUE *argv,
35
+ const VALUE ary) {
36
+ VALUE sep, result;
37
+ /* We need to figure out the separator the join method actually used. */
38
+ /* First, check if one was provided. */
39
+ rb_scan_args(argc, argv, "01", &sep);
40
+ /* Second, check to see if `$;` is set*/
41
+ if (NIL_P(sep)) {
42
+ sep = rb_output_fs;
43
+ }
44
+
45
+ /* call the Array.join but patched one */
46
+ result = rb_ary_join(ary, sep);
47
+ /* call the Contrast::Extensions::Assess::ArrayPropagator#cs__track_join */
48
+ result = rb_funcall(array_propagator, rb_sym_assess_track_array_join, 3,
49
+ ary, sep, result);
50
+
51
+ /*call original occurs in ruby*/
52
+ return Qtrue;
53
+ }
54
+
31
55
  void Init_cs__assess_array(void) {
32
- rb_sym_assess_array_join = rb_intern("cs__patched_join");
33
- rb_sym_assess_track_array_join = rb_intern("__cs_track_join");
34
56
 
35
- VALUE array_class = rb_define_class("Array", rb_cObject);
36
- contrast_alias_method(array_class, "cs__patched_join", "join");
37
- rb_define_method(array_class, "join", contrast_assess_array_join, -1);
57
+ VALUE rb_mod_ary = rb_const_get(rb_cObject, rb_intern("Array"));
58
+ VALUE rb_sym_ary_join = ID2SYM(rb_intern("join"));
59
+ // check if prepended
60
+ VALUE is_prepended = contrast_check_prepended(rb_mod_ary, rb_sym_ary_join, Qtrue);
61
+ // register the cs__track_join method of the Array propagator, and call it here from Ruby.
62
+ array_propagator = rb_define_class_under(core_assess, "ArrayPropagator", rb_cObject);
63
+ rb_sym_assess_track_array_join = rb_intern("cs__track_join");
64
+
65
+ // register the cs__join method of the ContrastArray for prepending, and call it here from Ruby.
66
+ VALUE contrast_array = rb_define_module_under(core_assess, "ContrastArray");
67
+ rb_define_module_function(contrast_array, "cs__join", contrast_assess_prepend_array_join, -1);
68
+
69
+ if(is_prepended == Qtrue) {
70
+ // do nothing prepend is done in Ruby
71
+ } else {
72
+ // register alias patch
73
+ rb_sym_assess_array_join =
74
+ contrast_register_patch("Array", "join", contrast_assess_array_join);
75
+ }
38
76
  }
@@ -1,9 +1,13 @@
1
1
  #include <ruby.h>
2
2
 
3
+ static VALUE array_propagator;
3
4
  static VALUE rb_sym_assess_array_join;
4
5
  static VALUE rb_sym_assess_track_array_join;
5
-
6
+ static VALUE rb_mod_ary, rb_sym_ary_join, is_prepended, contrast_array;
6
7
  static VALUE contrast_assess_array_join(const int argc, const VALUE *argv,
7
8
  const VALUE ary);
8
9
 
10
+ static VALUE contrast_assess_prepend_array_join(const int argc, const VALUE *argv,
11
+ const VALUE ary);
12
+
9
13
  void Init_cs__assess_array(void);
@@ -1,2 +1,5 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
1
4
  $TO_MAKE = File.basename(__dir__)
2
5
  require_relative '../extconf_common'
@@ -1,18 +1,31 @@
1
- /* Copyright (c) 2020 Contrast Security, Inc. See
1
+ /* Copyright (c) 2022 Contrast Security, Inc. See
2
2
  * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
3
3
 
4
4
  #include "cs__assess_basic_object.h"
5
5
  #include "../cs__common/cs__common.h"
6
+ #include "../cs__scope/cs__scope.h"
6
7
  #include <ruby.h>
7
8
 
8
- void contrast_assess_instance_eval_trigger_check(VALUE module, VALUE source,
9
+ /*
10
+ * Source code of instance_eval:
11
+ *
12
+ * static VALUE
13
+ * rb_obj_instance_eval_internal(int argc, const VALUE *argv, VALUE self)
14
+ * {
15
+ * VALUE klass = singleton_class_for_eval(self);
16
+ * return specific_eval(argc, argv, klass, self, RB_PASS_CALLED_KEYWORDS);
17
+ * }
18
+ */
19
+
20
+ VALUE contrast_check_and_register_instance_patch(const char *module_name,
21
+ const char *method_name,
22
+ VALUE(c_fn)(const int, VALUE *,
23
+ const VALUE));
24
+
25
+ void contrast_assess_instance_eval_trigger_check(VALUE self, VALUE source,
9
26
  VALUE ret) {
10
- VALUE has_trigger_check =
11
- rb_respond_to(rb_cBasicObject, instance_trigger_check_method);
12
- if (has_trigger_check) {
13
- rb_funcall(rb_cBasicObject, instance_trigger_check_method, 2, source,
14
- ret);
15
- }
27
+ rb_funcall(basic_eval_trigger, instance_trigger_check_method, 3, self,
28
+ source, ret);
16
29
  }
17
30
 
18
31
  VALUE
@@ -23,28 +36,37 @@ contrast_assess_basic_object_instance_eval(const int argc, const VALUE *argv,
23
36
  return rb_obj_instance_eval(argc, argv, self);
24
37
  }
25
38
 
26
- int nested_scope =
27
- RTEST(rb_funcall(contrast_patcher(), rb_sym_in_scope, 0));
39
+ VALUE nested_scope = inst_methods_in_cntr_scope(contrast_patcher(), 0);
28
40
 
29
- rb_funcall(contrast_patcher(), rb_sym_enter_scope, 0);
41
+ /* Enter scope */
42
+ inst_methods_enter_cntr_scope(contrast_patcher(), 0);
30
43
 
44
+ /* Call the source: */
31
45
  VALUE ret = rb_obj_instance_eval(argc, argv, self);
32
46
 
33
- if (!nested_scope && argc > 0) {
47
+ if (nested_scope == Qfalse && argc > 0) {
34
48
  VALUE data = argv[0];
35
49
  contrast_assess_instance_eval_trigger_check(self, data, ret);
36
50
  }
37
51
 
38
- rb_funcall(contrast_patcher(), rb_sym_exit_scope, 0);
52
+ /* Exit scope */
53
+ inst_methods_exit_cntr_scope(contrast_patcher(), 0);
39
54
 
40
55
  return ret;
41
56
  }
42
57
 
43
58
  void Init_cs__assess_basic_object(void) {
59
+ basic_eval_trigger =
60
+ rb_define_class_under(core_assess, "EvalTrigger", rb_cObject);
44
61
  instance_trigger_check_method = rb_intern("instance_eval_trigger_check");
45
62
 
46
- contrast_alias_method(rb_cBasicObject, "cs__patched_instance_eval",
47
- "instance_eval");
48
- rb_define_method(rb_cBasicObject, "instance_eval",
49
- contrast_assess_basic_object_instance_eval, -1);
63
+ /* We don't keep a reference to the underlying method.
64
+ * Instead, we call rb_obj_instance_eval directly.
65
+ * This should work an overwhelming majority of the time,
66
+ * but if someone else patched BasicObject#instance_eval,
67
+ * IDK if this is intentional... noting it. -ajm
68
+ */
69
+ contrast_check_and_register_instance_patch(
70
+ "BasicObject", "instance_eval",
71
+ contrast_assess_basic_object_instance_eval);
50
72
  }
@@ -1,6 +1,7 @@
1
1
  #include <ruby.h>
2
2
 
3
- /* Contrast::Agent::Patching::Policy::Patcher */
3
+ /* Contrast::Extension::Assess::EvalTrigger */
4
+ static VALUE basic_eval_trigger;
4
5
  static VALUE instance_trigger_check_method;
5
6
 
6
7
  void contrast_alias_method(const VALUE target, const char *to,
@@ -1,2 +1,5 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
1
4
  $TO_MAKE = File.basename(__dir__)
2
5
  require_relative '../extconf_common'
@@ -1,8 +1,8 @@
1
- /* Copyright (c) 2020 Contrast Security, Inc. See
1
+ /* Copyright (c) 2022 Contrast Security, Inc. See
2
2
  * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
3
3
 
4
4
  #include "cs__assess_fiber_track.h"
5
- #include <funchook.h>
5
+ #include "../cs__common/cs__common.h"
6
6
  #include <ruby.h>
7
7
 
8
8
  VALUE rb_fiber_new_hook(VALUE (*func)(ANYARGS), VALUE obj) {
@@ -30,7 +30,7 @@ VALUE rb_fiber_new_hook(VALUE (*func)(ANYARGS), VALUE obj) {
30
30
  ID meth;
31
31
  };
32
32
 
33
- /* underlying object is first entry in Enumerator struct def.
33
+ /* underlying object is first entry in Enumerator struct def.
34
34
  * that's all statically defined w/in enumerator.c, so we can't
35
35
  * reference the data types and be safe about it. (yippee.)
36
36
  * we cut out the TypedData_Get_Struct middleman & just go for it.
@@ -44,7 +44,7 @@ VALUE rb_fiber_new_hook(VALUE (*func)(ANYARGS), VALUE obj) {
44
44
  VALUE enumerator_method = ID2SYM(enum_ptr->meth);
45
45
  /* e.g.: 1..100, #each_value. Should reflect #inspect on the enum. */
46
46
 
47
- rb_funcall(fiber_class, track_rb_fiber_new, 5, fiber, obj,
47
+ rb_funcall(fiber_propagator, track_rb_fiber_new, 5, fiber, obj,
48
48
  enumerator_method, underlying, calling_method);
49
49
  }
50
50
 
@@ -56,29 +56,25 @@ VALUE rb_fiber_yield_hook(int argc, const VALUE *argv) {
56
56
  VALUE yielding_fiber = rb_fiber_current();
57
57
 
58
58
  /* propagate from yielding_fiber -> result */
59
- rb_funcall(fiber_class, track_rb_fiber_yield, 3, yielding_fiber,
59
+ rb_funcall(fiber_propagator, track_rb_fiber_yield, 3, yielding_fiber,
60
60
  calling_method, *argv);
61
61
 
62
62
  return rb_fiber_yield_original(argc, argv);
63
63
  }
64
64
 
65
65
  int install_fiber_hooks() {
66
- funchook_t *funchook = funchook_create();
67
-
68
66
  rb_fiber_new_original = rb_fiber_new;
69
- funchook_prepare(funchook, (void **)&rb_fiber_new_original,
70
- rb_fiber_new_hook);
67
+ patch_via_funchook(&rb_fiber_new_original, &rb_fiber_new_hook);
71
68
 
72
69
  rb_fiber_yield_original = rb_fiber_yield;
73
- funchook_prepare(funchook, (void **)&rb_fiber_yield_original,
74
- rb_fiber_yield_hook);
70
+ patch_via_funchook(&rb_fiber_yield_original, &rb_fiber_yield_hook);
75
71
 
76
- funchook_install(funchook, 0);
77
72
  return 0;
78
73
  }
79
74
 
80
75
  void Init_cs__assess_fiber_track(void) {
81
- fiber_class = rb_define_class("Fiber", rb_cObject);
76
+ fiber_propagator =
77
+ rb_define_class_under(core_assess, "FiberPropagator", rb_cObject);
82
78
  track_rb_fiber_new = rb_intern("track_rb_fiber_new");
83
79
  track_rb_fiber_yield = rb_intern("track_rb_fiber_yield");
84
80
  rb_sym_next = rb_intern("next");
@@ -1,16 +1,15 @@
1
- #include <funchook.h>
2
1
  #include <ruby.h>
3
2
 
4
3
  static VALUE rb_sym_next;
5
- static VALUE fiber_class;
4
+ static VALUE fiber_propagator;
6
5
  static VALUE track_rb_fiber_new;
7
6
  static VALUE track_rb_fiber_yield;
8
7
 
9
8
  VALUE rb_fiber_new(VALUE (*func)(ANYARGS), VALUE obj);
10
- VALUE *(*rb_fiber_new_original)(VALUE (*func)(ANYARGS), VALUE obj);
9
+ VALUE (*rb_fiber_new_original)(VALUE (*func)(ANYARGS), VALUE obj);
11
10
 
12
11
  VALUE rb_fiber_yield(int argc, const VALUE *argv);
13
- VALUE *(*rb_fiber_yield_original)(int argc, const VALUE *argv);
12
+ VALUE (*rb_fiber_yield_original)(int argc, const VALUE *argv);
14
13
 
15
14
  /* If you call `#next` on an enumerator object, that enumerator object
16
15
  * instantiates a fiber and runs its given proc inside of that fiber.
@@ -1,2 +1,5 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
1
4
  $TO_MAKE = File.basename(__dir__)
2
5
  require_relative '../extconf_common'
@@ -1,64 +1,89 @@
1
- /* Copyright (c) 2020 Contrast Security, Inc. See
1
+ /* Copyright (c) 2022 Contrast Security, Inc. See
2
2
  * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
3
3
 
4
4
  #include "cs__assess_hash.h"
5
5
  #include "../cs__common/cs__common.h"
6
6
  #include <ruby.h>
7
7
 
8
- static VALUE contrast_assess_hash_bracket_get(const int argc, VALUE *argv,
9
- const VALUE hash) {
8
+ /* Hashes can be constructed thusly):
9
+ * irb(main):001:0> Hash[:a, :b]
10
+ * => {:a=>:b}
11
+ *
12
+ * This method instruments that unique bracket-construction style
13
+ * of initializing a hash.
14
+ */
15
+ static VALUE contrast_assess_hash_bracket_constructor(const int argc,
16
+ VALUE *argv,
17
+ const VALUE hash) {
10
18
  VALUE result;
11
19
 
12
20
  /* Array of Arrays: Hash[ [ [key, value], ... ] ] -> new_hash */
13
21
  if (RB_TYPE_P(argv[0], T_ARRAY)) {
14
22
  int i;
15
23
  for (i = 0; i < argc; i++) {
16
- argv[i] =
17
- rb_funcall(hash, rb_sym_assess_hash_dup_and_freeze, 1, argv[i]);
24
+ argv[i] = rb_funcall(hash_propagator,
25
+ rb_sym_assess_hash_dup_and_freeze, 1, argv[i]);
18
26
  }
19
27
  /* Hash[ key, value, ... ] -> new_hash */
20
28
  } else if (argc > 1) {
21
29
  int i;
22
30
  for (i = 0; i < argc; i += 2) {
23
- argv[i] =
24
- rb_funcall(hash, rb_sym_assess_hash_dup_and_freeze, 1, argv[i]);
31
+ argv[i] = rb_funcall(hash_propagator,
32
+ rb_sym_assess_hash_dup_and_freeze, 1, argv[i]);
25
33
  }
26
34
  }
27
35
 
36
+ const VALUE *argv_final = argv;
28
37
  /* unhandled case - shouldn't need it since issue is only unfrozen
29
38
  * String keys
30
39
  * # Hash[ object ] -> new_hash
31
40
  */
32
- result = rb_funcall2(hash, rb_sym_assess_hash_brackets, argc, argv);
41
+ result = rb_funcall2(hash, rb_sym_assess_hash_bracket_constructor, argc,
42
+ argv_final);
33
43
 
34
44
  return result;
35
45
  }
36
46
 
47
+ /* Hashes, when keyed with a string, will dup & freeze that string.
48
+ * This is resource-efficient, but inconvenient for instrumentation.
49
+ */
37
50
  static VALUE contrast_assess_hash_bracket_set(const int argc, VALUE *argv,
38
51
  const VALUE hash) {
39
52
  VALUE result;
40
- VALUE key;
41
-
42
- key = rb_funcall2(hash, rb_sym_assess_hash_bracket_set, argc, argv);
43
- argv[0] = key;
53
+ /* Current name (assess_hash_bracket_set).
54
+ * It doesn't set anything on the hash.
55
+ * It takes the arg that /would/ have been the key, and preemptively
56
+ * calls #dup and then #freeze, and then gives you that key.
57
+ *
58
+ * We intentionally don't enter Contrast scope for this patch.
59
+ * #dup instruments the string, and #freeze gets the hash to accept
60
+ * the key directly, without calling its own #dup/#freeze.
61
+ * (That naturally happens in C-land, our instrumentation is in Ruby,
62
+ * so our patches to #dup don't take effect within Hash#[]= unless we
63
+ * specifically do this instrumentation.
64
+ * We haven't revisited this approach since we started more extensively
65
+ * hooking public C functions.)
66
+ */
67
+ if (argc > 0) {
68
+ argv[0] = rb_funcall(hash_propagator, rb_sym_assess_hash_dup_and_freeze,
69
+ 1, argv[0]);
70
+ }
71
+ /* This is the underlying assignment, w/ our instrumented key. */
44
72
  result = rb_funcall2(hash, rb_sym_assess_hash_bracket_equals, argc, argv);
45
73
 
46
74
  return result;
47
75
  }
48
76
 
49
77
  void Init_cs__assess_hash(void) {
78
+ hash_propagator =
79
+ rb_define_class_under(core_assess, "HashPropagator", rb_cObject);
50
80
  rb_sym_assess_hash_dup_and_freeze = rb_intern("cs__duplicate_and_freeze");
51
- rb_sym_assess_hash_brackets = rb_intern("cs__patched_[]");
52
- rb_sym_assess_hash_bracket_set = rb_intern("cs__bracket_set");
53
- rb_sym_assess_hash_bracket_equals = rb_intern("cs__patched_[]=");
54
81
 
55
82
  VALUE hash_class = rb_define_class("Hash", rb_cObject);
56
- array_class = rb_define_class("Array", rb_cObject);
57
83
 
58
- VALUE singleton = rb_singleton_class(hash_class);
59
- contrast_alias_method(singleton, "cs__patched_[]", "[]");
60
- rb_define_method(singleton, "[]", contrast_assess_hash_bracket_get, -1);
84
+ rb_sym_assess_hash_bracket_constructor = contrast_register_singleton_patch(
85
+ "Hash", "[]", contrast_assess_hash_bracket_constructor);
61
86
 
62
- contrast_alias_method(hash_class, "cs__patched_[]=", "[]=");
63
- rb_define_method(hash_class, "[]=", contrast_assess_hash_bracket_set, -1);
87
+ rb_sym_assess_hash_bracket_equals = contrast_register_patch(
88
+ "Hash", "[]=", contrast_assess_hash_bracket_set);
64
89
  }
@@ -1,11 +1,9 @@
1
1
  #include <ruby.h>
2
2
 
3
- static VALUE array_class;
4
-
5
3
  static VALUE rb_sym_assess_hash_dup_and_freeze;
6
- static VALUE rb_sym_assess_hash_brackets;
7
- static VALUE rb_sym_assess_hash_bracket_set;
4
+ static VALUE rb_sym_assess_hash_bracket_constructor;
8
5
  static VALUE rb_sym_assess_hash_bracket_equals;
6
+ static VALUE hash_propagator;
9
7
 
10
8
  /*
11
9
  * Monkeypatch Ruby Hash with Contrast Security Hash in order ot avoid losing
@@ -15,8 +13,9 @@ static VALUE rb_sym_assess_hash_bracket_equals;
15
13
  * ahead of time should avoid this, similar to the behavior of the -@ Strings
16
14
  * -HM
17
15
  */
18
- static VALUE contrast_assess_hash_bracket_get(const int argc, VALUE *argv,
19
- const VALUE hash);
16
+ static VALUE contrast_assess_hash_bracket_constructor(const int argc,
17
+ VALUE *argv,
18
+ const VALUE hash);
20
19
 
21
20
  static VALUE contrast_assess_hash_bracket_set(const int argc, VALUE *argv,
22
21
  const VALUE hash);
@@ -1,2 +1,5 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
1
4
  $TO_MAKE = File.basename(__dir__)
2
5
  require_relative '../extconf_common'