RubyGems - contrast-agent - Versions diffs - 3.8.4 → 6.9.0 - Mend

contrast-agent 3.8.4 → 6.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (676) hide show

checksums.yaml +4 -4
data/.dockerignore +0 -1
data/.flayignore +1 -0
data/.gitignore +8 -5
data/.gitmodules +0 -3
data/.rspec +0 -1
data/.rspec_parallel +6 -0
data/.simplecov +6 -2
data/Gemfile +1 -1
data/LICENSE.txt +1 -1
data/Rakefile +5 -2
data/ext/build_funchook.rb +27 -11
data/ext/cs__assess_array/cs__assess_array.c +45 -7
data/ext/cs__assess_array/cs__assess_array.h +5 -1
data/ext/cs__assess_array/extconf.rb +3 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +39 -17
data/ext/cs__assess_basic_object/cs__assess_basic_object.h +2 -1
data/ext/cs__assess_basic_object/extconf.rb +3 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +9 -13
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +3 -4
data/ext/cs__assess_fiber_track/extconf.rb +3 -0
data/ext/cs__assess_hash/cs__assess_hash.c +46 -21
data/ext/cs__assess_hash/cs__assess_hash.h +5 -6
data/ext/cs__assess_hash/extconf.rb +3 -0
data/ext/cs__assess_kernel/cs__assess_kernel.c +29 -15
data/ext/cs__assess_kernel/cs__assess_kernel.h +3 -0
data/ext/cs__assess_kernel/extconf.rb +3 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +55 -23
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +6 -3
data/ext/cs__assess_marshal_module/extconf.rb +3 -0
data/ext/cs__assess_module/cs__assess_module.c +82 -23
data/ext/cs__assess_module/cs__assess_module.h +10 -0
data/ext/cs__assess_module/extconf.rb +3 -0
data/ext/cs__assess_regexp/cs__assess_regexp.c +28 -9
data/ext/cs__assess_regexp/cs__assess_regexp.h +3 -0
data/ext/cs__assess_regexp/extconf.rb +3 -0
data/ext/cs__assess_string/cs__assess_string.c +53 -21
data/ext/cs__assess_string/cs__assess_string.h +7 -1
data/ext/cs__assess_string/extconf.rb +3 -0
data/ext/cs__assess_string_interpolation/cs__assess_string_interpolation.c +39 -0
data/ext/cs__assess_string_interpolation/cs__assess_string_interpolation.h +13 -0
data/ext/cs__assess_string_interpolation/extconf.rb +5 -0
data/ext/cs__assess_test/cs__assess_test.h +9 -0
data/ext/cs__assess_test/cs__assess_tests.c +22 -0
data/ext/cs__assess_test/extconf.rb +5 -0
data/ext/cs__assess_yield_track/cs__assess_yield_track.c +30 -0
data/ext/cs__assess_yield_track/cs__assess_yield_track.h +11 -0
data/ext/cs__assess_yield_track/extconf.rb +5 -0
data/ext/cs__common/cs__common.c +246 -10
data/ext/cs__common/cs__common.h +71 -2
data/ext/cs__common/extconf.rb +3 -16
data/ext/cs__contrast_patch/cs__contrast_patch.c +255 -155
data/ext/cs__contrast_patch/cs__contrast_patch.h +13 -14
data/ext/cs__contrast_patch/extconf.rb +3 -0
data/ext/cs__os_information/cs__os_information.c +34 -0
data/ext/cs__os_information/cs__os_information.h +7 -0
data/ext/cs__os_information/extconf.rb +5 -0
data/ext/cs__scope/cs__scope.c +755 -55
data/ext/cs__scope/cs__scope.h +75 -20
data/ext/cs__scope/extconf.rb +3 -0
data/ext/cs__tests/cs__tests.c +12 -0
data/ext/cs__tests/cs__tests.h +3 -0
data/ext/cs__tests/extconf.rb +5 -0
data/ext/extconf_common.rb +4 -34
data/lib/contrast/agent/assess/contrast_object.rb +54 -0
data/lib/contrast/agent/assess/events/event_data.rb +30 -0
data/lib/contrast/agent/assess/finalizers/freeze.rb +15 -0
data/lib/contrast/agent/assess/finalizers/hash.rb +107 -0
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +58 -36
data/lib/contrast/agent/assess/policy/patcher.rb +13 -48
data/lib/contrast/agent/assess/policy/policy.rb +20 -37
data/lib/contrast/agent/assess/policy/policy_node.rb +96 -200
data/lib/contrast/agent/assess/policy/policy_node_utils.rb +50 -0
data/lib/contrast/agent/assess/policy/policy_scanner.rb +15 -12
data/lib/contrast/agent/assess/policy/preshift.rb +50 -19
data/lib/contrast/agent/assess/policy/propagation_method.rb +200 -192
data/lib/contrast/agent/assess/policy/propagation_node.rb +49 -41
data/lib/contrast/agent/assess/policy/propagator/append.rb +32 -15
data/lib/contrast/agent/assess/policy/propagator/base.rb +5 -3
data/lib/contrast/agent/assess/policy/propagator/buffer.rb +119 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +12 -8
data/lib/contrast/agent/assess/policy/propagator/custom.rb +7 -3
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +34 -25
data/lib/contrast/agent/assess/policy/propagator/insert.rb +15 -11
data/lib/contrast/agent/assess/policy/propagator/keep.rb +23 -6
data/lib/contrast/agent/assess/policy/propagator/match_data.rb +118 -0
data/lib/contrast/agent/assess/policy/propagator/next.rb +7 -6
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +13 -6
data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/remove.rb +53 -41
data/lib/contrast/agent/assess/policy/propagator/replace.rb +5 -3
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +7 -6
data/lib/contrast/agent/assess/policy/propagator/select.rb +45 -36
data/lib/contrast/agent/assess/policy/propagator/splat.rb +44 -21
data/lib/contrast/agent/assess/policy/propagator/split.rb +176 -22
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +7 -132
data/lib/contrast/agent/assess/policy/propagator/substitution_utils.rb +190 -0
data/lib/contrast/agent/assess/policy/propagator/trim.rb +74 -52
data/lib/contrast/agent/assess/policy/propagator.rb +21 -18
data/lib/contrast/agent/assess/policy/source_method.rb +176 -177
data/lib/contrast/agent/assess/policy/source_node.rb +3 -17
data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +32 -0
data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +34 -0
data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +102 -0
data/lib/contrast/agent/assess/policy/trigger/xpath.rb +57 -0
data/lib/contrast/agent/assess/policy/trigger_method.rb +160 -173
data/lib/contrast/agent/assess/policy/trigger_node.rb +162 -39
data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +60 -0
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +8 -38
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +22 -7
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +6 -15
data/lib/contrast/agent/assess/properties.rb +15 -354
data/lib/contrast/agent/assess/property/evented.rb +58 -0
data/lib/contrast/agent/assess/property/tagged.rb +246 -0
data/lib/contrast/agent/assess/property/updated.rb +131 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +58 -19
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +22 -17
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +93 -81
data/lib/contrast/agent/assess/rule/provider.rb +4 -4
data/lib/contrast/agent/assess/rule/response/auto_complete_rule.rb +69 -0
data/lib/contrast/agent/assess/rule/response/base_rule.rb +121 -0
data/lib/contrast/agent/assess/rule/response/body_rule.rb +107 -0
data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +195 -0
data/lib/contrast/agent/assess/rule/response/click_jacking_header_rule.rb +26 -0
data/lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb +100 -0
data/lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb +26 -0
data/lib/contrast/agent/assess/rule/response/framework/rails_support.rb +34 -0
data/lib/contrast/agent/assess/rule/response/header_rule.rb +70 -0
data/lib/contrast/agent/assess/rule/response/hsts_header_rule.rb +36 -0
data/lib/contrast/agent/assess/rule/response/parameters_pollution_rule.rb +61 -0
data/lib/contrast/agent/assess/rule/response/x_content_type_header_rule.rb +26 -0
data/lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb +34 -0
data/lib/contrast/agent/assess/tag.rb +84 -41
data/lib/contrast/agent/assess/tracker.rb +70 -0
data/lib/contrast/agent/assess.rb +7 -29
data/lib/contrast/agent/at_exit_hook.rb +28 -17
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +11 -6
data/lib/contrast/agent/deadzone/policy/policy.rb +11 -7
data/lib/contrast/agent/disable_reaction.rb +6 -10
data/lib/contrast/agent/excluder.rb +224 -0
data/lib/contrast/agent/exclusion_matcher.rb +40 -74
data/lib/contrast/agent/inventory/database_config.rb +174 -0
data/lib/contrast/agent/inventory/dependencies.rb +52 -0
data/lib/contrast/agent/inventory/dependency_analysis.rb +34 -0
data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +120 -0
data/lib/contrast/agent/inventory/policy/datastores.rb +51 -0
data/lib/contrast/agent/inventory/policy/policy.rb +5 -5
data/lib/contrast/agent/inventory/policy/trigger_node.rb +2 -2
data/lib/contrast/agent/inventory.rb +14 -0
data/lib/contrast/agent/middleware.rb +146 -299
data/lib/contrast/agent/module_data.rb +5 -4
data/lib/contrast/agent/patching/policy/after_load_patch.rb +54 -7
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +103 -27
data/lib/contrast/agent/patching/policy/method_policy.rb +53 -64
data/lib/contrast/agent/patching/policy/method_policy_extend.rb +113 -0
data/lib/contrast/agent/patching/policy/module_policy.rb +27 -47
data/lib/contrast/agent/patching/policy/patch.rb +147 -241
data/lib/contrast/agent/patching/policy/patch_status.rb +21 -45
data/lib/contrast/agent/patching/policy/patcher.rb +126 -161
data/lib/contrast/agent/patching/policy/policy.rb +66 -57
data/lib/contrast/agent/patching/policy/policy_node.rb +63 -32
data/lib/contrast/agent/patching/policy/trigger_node.rb +32 -15
data/lib/contrast/agent/protect/exploitable_collection.rb +38 -0
data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +170 -0
data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb +116 -0
data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +65 -0
data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +97 -0
data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +69 -0
data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +138 -0
data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +55 -0
data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +125 -0
data/lib/contrast/agent/protect/policy/policy.rb +10 -10
data/lib/contrast/agent/protect/policy/rule_applicator.rb +102 -0
data/lib/contrast/agent/protect/policy/trigger_node.rb +2 -2
data/lib/contrast/agent/protect/rule/base.rb +205 -95
data/lib/contrast/agent/protect/rule/base_service.rb +73 -14
data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb +98 -0
data/lib/contrast/agent/protect/rule/bot_blocker.rb +81 -0
data/lib/contrast/agent/protect/rule/cmd_injection.rb +53 -123
data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb +132 -0
data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb +169 -0
data/lib/contrast/agent/protect/rule/cmdi/cmdi_chained_command.rb +64 -0
data/lib/contrast/agent/protect/rule/cmdi/cmdi_dangerous_path.rb +63 -0
data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +27 -0
data/lib/contrast/agent/protect/rule/default_scanner.rb +69 -25
data/lib/contrast/agent/protect/rule/deserialization.rb +32 -48
data/lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb +96 -0
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +65 -62
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +2 -3
data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +226 -0
data/lib/contrast/agent/protect/rule/no_sqli.rb +47 -53
data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_input_classification.rb +61 -0
data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb +114 -0
data/lib/contrast/agent/protect/rule/path_traversal.rb +57 -26
data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +155 -0
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -2
data/lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb +37 -0
data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +28 -0
data/lib/contrast/agent/protect/rule/sqli/sqli_semantic/sqli_dangerous_functions.rb +67 -0
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/sqli.rb +78 -62
data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +58 -0
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +19 -2
data/lib/contrast/agent/protect/rule/xss/reflected_xss_input_classification.rb +58 -0
data/lib/contrast/agent/protect/rule/xss.rb +20 -2
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +25 -21
data/lib/contrast/agent/protect/rule/xxe.rb +69 -39
data/lib/contrast/agent/protect/rule.rb +22 -25
data/lib/contrast/agent/reporting/attack_result/attack_result.rb +71 -0
data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +86 -0
data/lib/contrast/agent/reporting/attack_result/response_type.rb +29 -0
data/lib/contrast/agent/reporting/attack_result/user_input.rb +98 -0
data/lib/contrast/agent/reporting/details/bot_blocker_details.rb +29 -0
data/lib/contrast/agent/reporting/details/cmd_injection_details.rb +30 -0
data/lib/contrast/agent/reporting/details/details.rb +18 -0
data/lib/contrast/agent/reporting/details/http_method_tempering_details.rb +27 -0
data/lib/contrast/agent/reporting/details/ip_denylist_details.rb +35 -0
data/lib/contrast/agent/reporting/details/no_sqli_details.rb +36 -0
data/lib/contrast/agent/reporting/details/path_traversal_details.rb +24 -0
data/lib/contrast/agent/reporting/details/path_traversal_semantic_analysis_details.rb +32 -0
data/lib/contrast/agent/reporting/details/protect_rule_details.rb +17 -0
data/lib/contrast/agent/reporting/details/sqli_dangerous_functions.rb +22 -0
data/lib/contrast/agent/reporting/details/sqli_details.rb +36 -0
data/lib/contrast/agent/reporting/details/untrusted_deserialization_details.rb +27 -0
data/lib/contrast/agent/reporting/details/virtual_patch_details.rb +30 -0
data/lib/contrast/agent/reporting/details/xss_details.rb +33 -0
data/lib/contrast/agent/reporting/details/xss_match.rb +30 -0
data/lib/contrast/agent/reporting/details/xxe_details.rb +36 -0
data/lib/contrast/agent/reporting/details/xxe_match.rb +25 -0
data/lib/contrast/agent/reporting/details/xxe_wrapper.rb +25 -0
data/lib/contrast/agent/reporting/input_analysis/details/bot_blocker_details.rb +27 -0
data/lib/contrast/agent/reporting/input_analysis/details/protect_rule_details.rb +15 -0
data/lib/contrast/agent/reporting/input_analysis/input_analysis.rb +43 -0
data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb +129 -0
data/lib/contrast/agent/reporting/input_analysis/input_type.rb +44 -0
data/lib/contrast/agent/reporting/input_analysis/score_level.rb +21 -0
data/lib/contrast/agent/reporting/masker/masker.rb +258 -0
data/lib/contrast/agent/reporting/masker/masker_utils.rb +33 -0
data/lib/contrast/agent/reporting/report.rb +31 -0
data/lib/contrast/agent/reporting/reporter.rb +165 -0
data/lib/contrast/agent/reporting/reporter_heartbeat.rb +47 -0
data/lib/contrast/agent/reporting/reporting_events/agent_startup.rb +34 -0
data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +120 -0
data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +85 -0
data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +65 -0
data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +102 -0
data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +68 -0
data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_stack.rb +22 -0
data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +62 -0
data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +42 -0
data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +57 -0
data/lib/contrast/agent/reporting/reporting_events/application_reporting_event.rb +27 -0
data/lib/contrast/agent/reporting/reporting_events/application_startup.rb +44 -0
data/lib/contrast/agent/reporting/reporting_events/application_startup_instrumentation.rb +27 -0
data/lib/contrast/agent/reporting/reporting_events/application_update.rb +56 -0
data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +72 -0
data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +126 -0
data/lib/contrast/agent/reporting/reporting_events/finding.rb +210 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +449 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +104 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb +49 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb +51 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +106 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +74 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +68 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +71 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range_tags.rb +105 -0
data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +134 -0
data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +89 -0
data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +48 -0
data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +45 -0
data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +89 -0
data/lib/contrast/agent/reporting/reporting_events/poll.rb +23 -0
data/lib/contrast/agent/reporting/reporting_events/preflight.rb +41 -0
data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +74 -0
data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +66 -0
data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +89 -0
data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +63 -0
data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +53 -0
data/lib/contrast/agent/reporting/reporting_events/server_reporting_event.rb +35 -0
data/lib/contrast/agent/reporting/reporting_events/server_settings.rb +40 -0
data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +130 -0
data/lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb +35 -0
data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +176 -0
data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +54 -0
data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +143 -0
data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +144 -0
data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +66 -0
data/lib/contrast/agent/reporting/reporting_utilities/response.rb +98 -0
data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +176 -0
data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +117 -0
data/lib/contrast/agent/reporting/reporting_utilities/response_handler_mode.rb +63 -0
data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +342 -0
data/lib/contrast/agent/reporting/server_settings_worker.rb +44 -0
data/lib/contrast/agent/reporting/settings/application_settings.rb +61 -0
data/lib/contrast/agent/reporting/settings/assess.rb +45 -0
data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +114 -0
data/lib/contrast/agent/reporting/settings/bot_blocker.rb +68 -0
data/lib/contrast/agent/reporting/settings/code_exclusion.rb +32 -0
data/lib/contrast/agent/reporting/settings/exclusion_base.rb +51 -0
data/lib/contrast/agent/reporting/settings/exclusions.rb +106 -0
data/lib/contrast/agent/reporting/settings/helpers.rb +63 -0
data/lib/contrast/agent/reporting/settings/input_exclusion.rb +43 -0
data/lib/contrast/agent/reporting/settings/ip_filter.rb +35 -0
data/lib/contrast/agent/reporting/settings/keyword.rb +74 -0
data/lib/contrast/agent/reporting/settings/log_enhancer.rb +65 -0
data/lib/contrast/agent/reporting/settings/protect.rb +106 -0
data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +227 -0
data/lib/contrast/agent/reporting/settings/reaction.rb +39 -0
data/lib/contrast/agent/reporting/settings/rule_definition.rb +66 -0
data/lib/contrast/agent/reporting/settings/sampling.rb +46 -0
data/lib/contrast/agent/reporting/settings/sanitizer.rb +38 -0
data/lib/contrast/agent/reporting/settings/security_logger.rb +77 -0
data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +118 -0
data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +65 -0
data/lib/contrast/agent/reporting/settings/server_features.rb +95 -0
data/lib/contrast/agent/reporting/settings/syslog.rb +205 -0
data/lib/contrast/agent/reporting/settings/url_exclusion.rb +42 -0
data/lib/contrast/agent/reporting/settings/validator.rb +17 -0
data/lib/contrast/agent/request.rb +107 -411
data/lib/contrast/agent/request_context.rb +78 -162
data/lib/contrast/agent/request_context_extend.rb +85 -0
data/lib/contrast/agent/request_handler.rb +41 -0
data/lib/contrast/agent/response.rb +37 -165
data/lib/contrast/agent/rule_set.rb +52 -0
data/lib/contrast/agent/scope.rb +142 -20
data/lib/contrast/agent/static_analysis.rb +51 -0
data/lib/contrast/agent/telemetry/base.rb +155 -0
data/lib/contrast/agent/telemetry/events/event.rb +35 -0
data/lib/contrast/agent/telemetry/events/exceptions/obfuscate.rb +119 -0
data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +61 -0
data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +46 -0
data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +118 -0
data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +86 -0
data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +67 -0
data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb +19 -0
data/lib/contrast/agent/telemetry/events/metric_event.rb +28 -0
data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb +123 -0
data/lib/contrast/agent/thread.rb +4 -6
data/lib/contrast/agent/thread_watcher.rb +117 -0
data/lib/contrast/agent/tracepoint_hook.rb +19 -13
data/lib/contrast/agent/version.rb +2 -2
data/lib/contrast/agent/worker_thread.rb +42 -0
data/lib/contrast/agent.rb +83 -50
data/lib/contrast/agent_lib/api/command_injection.rb +46 -0
data/lib/contrast/agent_lib/api/init.rb +101 -0
data/lib/contrast/agent_lib/api/input_tracing.rb +267 -0
data/lib/contrast/agent_lib/api/method_tempering.rb +29 -0
data/lib/contrast/agent_lib/api/panic.rb +87 -0
data/lib/contrast/agent_lib/api/path_semantic_file_security_bypass.rb +40 -0
data/lib/contrast/agent_lib/interface.rb +260 -0
data/lib/contrast/agent_lib/interface_base.rb +118 -0
data/lib/contrast/agent_lib/return_types/eval_result.rb +44 -0
data/lib/contrast/agent_lib/test.rb +29 -0
data/lib/contrast/api/communication/connection_status.rb +59 -0
data/lib/contrast/components/agent.rb +108 -36
data/lib/contrast/components/api.rb +159 -0
data/lib/contrast/components/app_context.rb +124 -134
data/lib/contrast/components/app_context_extend.rb +53 -0
data/lib/contrast/components/assess.rb +187 -24
data/lib/contrast/components/assess_rules.rb +54 -0
data/lib/contrast/components/base.rb +103 -0
data/lib/contrast/components/config/sources.rb +95 -0
data/lib/contrast/components/config.rb +182 -60
data/lib/contrast/components/heap_dump.rb +77 -12
data/lib/contrast/components/inventory.rb +37 -10
data/lib/contrast/components/logger.rb +46 -76
data/lib/contrast/components/polling.rb +36 -0
data/lib/contrast/components/protect.rb +142 -16
data/lib/contrast/components/ruby_component.rb +96 -0
data/lib/contrast/components/sampling.rb +156 -15
data/lib/contrast/components/scope.rb +116 -85
data/lib/contrast/components/security_logger.rb +36 -0
data/lib/contrast/components/settings.rb +197 -90
data/lib/contrast/config/api_proxy_configuration.rb +27 -0
data/lib/contrast/config/base_configuration.rb +20 -94
data/lib/contrast/config/certification_configuration.rb +47 -0
data/lib/contrast/config/config.rb +46 -0
data/lib/contrast/config/diagnostics.rb +114 -0
data/lib/contrast/config/diagnostics_tools.rb +98 -0
data/lib/contrast/config/effective_config.rb +65 -0
data/lib/contrast/config/effective_config_value.rb +32 -0
data/lib/contrast/config/env_variables.rb +18 -0
data/lib/contrast/config/exception_configuration.rb +34 -12
data/lib/contrast/config/protect_rule_configuration.rb +45 -24
data/lib/contrast/config/protect_rules_configuration.rb +97 -22
data/lib/contrast/config/request_audit_configuration.rb +57 -0
data/lib/contrast/config/server_configuration.rb +67 -15
data/lib/contrast/config.rb +6 -22
data/lib/contrast/configuration.rb +231 -108
data/lib/contrast/extension/assess/array.rb +75 -0
data/lib/contrast/extension/assess/erb.rb +61 -0
data/lib/contrast/extension/assess/eval_trigger.rb +47 -0
data/lib/contrast/{core_extensions → extension}/assess/exec_trigger.rb +9 -21
data/lib/contrast/extension/assess/fiber.rb +95 -0
data/lib/contrast/extension/assess/hash.rb +33 -0
data/lib/contrast/extension/assess/kernel.rb +124 -0
data/lib/contrast/extension/assess/marshal.rb +80 -0
data/lib/contrast/extension/assess/regexp.rb +71 -0
data/lib/contrast/extension/assess/string.rb +84 -0
data/lib/contrast/extension/assess.rb +47 -0
data/lib/contrast/{core_extensions → extension}/delegator.rb +3 -1
data/lib/contrast/extension/extension.rb +59 -0
data/lib/contrast/extension/inventory.rb +21 -0
data/lib/contrast/extension/module.rb +16 -0
data/lib/contrast/extension/object.rb +19 -0
data/lib/contrast/extension/protect/psych.rb +7 -0
data/lib/contrast/{core_extensions → extension}/protect.rb +6 -6
data/lib/contrast/extension/thread.rb +50 -0
data/lib/contrast/framework/base_support.rb +78 -0
data/lib/contrast/framework/grape/support.rb +176 -0
data/lib/contrast/framework/manager.rb +158 -0
data/lib/contrast/framework/manager_extend.rb +50 -0
data/lib/contrast/framework/rack/patch/session_cookie.rb +107 -0
data/lib/contrast/framework/rack/patch/support.rb +26 -0
data/lib/contrast/framework/rack/support.rb +23 -0
data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +46 -0
data/lib/contrast/framework/rails/patch/assess_configuration.rb +98 -0
data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +31 -0
data/lib/contrast/framework/rails/patch/support.rb +46 -0
data/lib/contrast/framework/rails/railtie.rb +33 -0
data/lib/contrast/framework/rails/support.rb +187 -0
data/lib/contrast/framework/sinatra/support.rb +165 -0
data/lib/contrast/funchook/funchook.rb +45 -0
data/lib/contrast/logger/aliased_logging.rb +101 -0
data/lib/contrast/logger/application.rb +84 -0
data/lib/contrast/logger/cef_log.rb +169 -0
data/lib/contrast/logger/format.rb +61 -0
data/lib/contrast/logger/log.rb +90 -0
data/lib/contrast/logger/request.rb +25 -0
data/lib/contrast/logger/time.rb +57 -0
data/lib/contrast/security_exception.rb +2 -2
data/lib/contrast/tasks/config.rb +144 -0
data/lib/contrast/utils/assess/event_limit_utils.rb +134 -0
data/lib/contrast/utils/assess/object_store.rb +36 -0
data/lib/contrast/utils/assess/propagation_method_utils.rb +155 -0
data/lib/contrast/utils/assess/property/tagged_utils.rb +165 -0
data/lib/contrast/utils/assess/sampling_util.rb +11 -17
data/lib/contrast/utils/assess/source_method_utils.rb +74 -0
data/lib/contrast/utils/assess/split_utils.rb +23 -0
data/lib/contrast/utils/assess/tracking_util.rb +95 -19
data/lib/contrast/utils/assess/trigger_method_utils.rb +132 -0
data/lib/contrast/utils/class_util.rb +125 -38
data/lib/contrast/utils/duck_utils.rb +54 -43
data/lib/contrast/utils/env_configuration_item.rb +4 -3
data/lib/contrast/utils/findings.rb +66 -0
data/lib/contrast/utils/hash_digest.rb +52 -100
data/lib/contrast/utils/hash_digest_extend.rb +129 -0
data/lib/contrast/utils/head_dump_utils_extend.rb +74 -0
data/lib/contrast/utils/heap_dump_util.rb +44 -88
data/lib/contrast/utils/input_classification_base.rb +155 -0
data/lib/contrast/utils/invalid_configuration_util.rb +36 -50
data/lib/contrast/utils/io_util.rb +47 -51
data/lib/contrast/utils/job_servers_running.rb +47 -0
data/lib/contrast/utils/log_utils.rb +254 -0
data/lib/contrast/utils/lru_cache.rb +48 -0
data/lib/contrast/utils/metrics_hash.rb +59 -0
data/lib/contrast/utils/middleware_utils.rb +89 -0
data/lib/contrast/utils/net_http_base.rb +167 -0
data/lib/contrast/utils/object_share.rb +7 -48
data/lib/contrast/utils/os.rb +14 -24
data/lib/contrast/utils/patching/policy/patch_utils.rb +175 -0
data/lib/contrast/utils/patching/policy/patcher_utils.rb +54 -0
data/lib/contrast/utils/reporting/application_activity_batch_utils.rb +81 -0
data/lib/contrast/utils/request_utils.rb +96 -0
data/lib/contrast/utils/resource_loader.rb +2 -2
data/lib/contrast/utils/response_utils.rb +79 -0
data/lib/contrast/utils/routes_sent.rb +60 -0
data/lib/contrast/utils/sha256_builder.rb +9 -21
data/lib/contrast/utils/stack_trace_utils.rb +68 -184
data/lib/contrast/utils/string_utils.rb +82 -52
data/lib/contrast/utils/tag_util.rb +58 -44
data/lib/contrast/utils/telemetry.rb +103 -0
data/lib/contrast/utils/telemetry_client.rb +107 -0
data/lib/contrast/utils/telemetry_hash.rb +65 -0
data/lib/contrast/utils/telemetry_identifier.rb +153 -0
data/lib/contrast/utils/thread_tracker.rb +27 -23
data/lib/contrast/utils/timer.rb +20 -55
data/lib/contrast-agent.rb +2 -2
data/lib/contrast.rb +105 -43
data/resources/assess/policy.json +523 -137
data/resources/deadzone/policy.json +280 -10
data/resources/inventory/policy.json +2 -2
data/resources/protect/policy.json +30 -17
data/ruby-agent.gemspec +114 -45
data/sonar-project.properties +9 -0
metadata +694 -287
data/exe/contrast_service +0 -29
data/ext/cs__assess_active_record_named/cs__active_record_named.c +0 -47
data/ext/cs__assess_active_record_named/cs__active_record_named.h +0 -10
data/ext/cs__assess_active_record_named/extconf.rb +0 -2
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +0 -63
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +0 -29
data/ext/cs__assess_regexp_track/extconf.rb +0 -2
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +0 -31
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +0 -13
data/ext/cs__assess_string_interpolation26/extconf.rb +0 -2
data/ext/cs__protect_kernel/cs__protect_kernel.c +0 -37
data/ext/cs__protect_kernel/cs__protect_kernel.h +0 -11
data/ext/cs__protect_kernel/extconf.rb +0 -2
data/funchook/Makefile +0 -29
data/funchook/autom4te.cache/output.0 +0 -4976
data/funchook/autom4te.cache/requests +0 -78
data/funchook/autom4te.cache/traces.0 +0 -364
data/funchook/config.log +0 -490
data/funchook/config.status +0 -1016
data/funchook/configure +0 -4976
data/funchook/src/Makefile +0 -70
data/funchook/src/config.h +0 -101
data/funchook/src/config.h.in +0 -100
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.so +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +0 -43
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.o +0 -0
data/lib/contrast/agent/assess/adjusted_span.rb +0 -25
data/lib/contrast/agent/assess/class_reverter.rb +0 -82
data/lib/contrast/agent/assess/contrast_event.rb +0 -398
data/lib/contrast/agent/assess/frozen_properties.rb +0 -41
data/lib/contrast/agent/assess/insulator.rb +0 -53
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +0 -79
data/lib/contrast/agent/assess/rule/base.rb +0 -72
data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +0 -28
data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +0 -69
data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +0 -132
data/lib/contrast/agent/assess/rule/csrf.rb +0 -66
data/lib/contrast/agent/assess/rule/redos.rb +0 -68
data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +0 -47
data/lib/contrast/agent/assess/rule/response_watcher.rb +0 -36
data/lib/contrast/agent/assess/rule/watcher.rb +0 -36
data/lib/contrast/agent/assess/rule.rb +0 -18
data/lib/contrast/agent/class_reopener.rb +0 -195
data/lib/contrast/agent/feature_state.rb +0 -379
data/lib/contrast/agent/logger_manager.rb +0 -116
data/lib/contrast/agent/patching/policy/policy_unpatcher.rb +0 -28
data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +0 -103
data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +0 -85
data/lib/contrast/agent/protect/rule/csrf.rb +0 -118
data/lib/contrast/agent/railtie.rb +0 -30
data/lib/contrast/agent/reaction_processor.rb +0 -47
data/lib/contrast/agent/require_state.rb +0 -61
data/lib/contrast/agent/rewriter.rb +0 -244
data/lib/contrast/agent/service_heartbeat.rb +0 -37
data/lib/contrast/agent/settings_state.rb +0 -148
data/lib/contrast/agent/socket_client.rb +0 -125
data/lib/contrast/api/connection_status.rb +0 -49
data/lib/contrast/api/dtm_pb.rb +0 -718
data/lib/contrast/api/settings_pb.rb +0 -416
data/lib/contrast/api/socket.rb +0 -43
data/lib/contrast/api/speedracer.rb +0 -206
data/lib/contrast/api/tcp_socket.rb +0 -31
data/lib/contrast/api/unix_socket.rb +0 -25
data/lib/contrast/api.rb +0 -17
data/lib/contrast/common_agent_configuration.rb +0 -86
data/lib/contrast/components/contrast_service.rb +0 -113
data/lib/contrast/components/interface.rb +0 -178
data/lib/contrast/config/agent_configuration.rb +0 -24
data/lib/contrast/config/application_configuration.rb +0 -27
data/lib/contrast/config/assess_configuration.rb +0 -22
data/lib/contrast/config/assess_rules_configuration.rb +0 -18
data/lib/contrast/config/default_value.rb +0 -16
data/lib/contrast/config/heap_dump_configuration.rb +0 -23
data/lib/contrast/config/inventory_configuration.rb +0 -20
data/lib/contrast/config/logger_configuration.rb +0 -20
data/lib/contrast/config/protect_configuration.rb +0 -20
data/lib/contrast/config/root_configuration.rb +0 -26
data/lib/contrast/config/ruby_configuration.rb +0 -39
data/lib/contrast/config/sampling_configuration.rb +0 -22
data/lib/contrast/config/service_configuration.rb +0 -22
data/lib/contrast/core_extensions/assess/array.rb +0 -58
data/lib/contrast/core_extensions/assess/assess_extension.rb +0 -145
data/lib/contrast/core_extensions/assess/basic_object.rb +0 -15
data/lib/contrast/core_extensions/assess/erb.rb +0 -42
data/lib/contrast/core_extensions/assess/fiber.rb +0 -125
data/lib/contrast/core_extensions/assess/hash.rb +0 -22
data/lib/contrast/core_extensions/assess/kernel.rb +0 -95
data/lib/contrast/core_extensions/assess/module.rb +0 -14
data/lib/contrast/core_extensions/assess/regexp.rb +0 -206
data/lib/contrast/core_extensions/assess/string.rb +0 -75
data/lib/contrast/core_extensions/assess/tilt_template_trigger.rb +0 -73
data/lib/contrast/core_extensions/assess.rb +0 -51
data/lib/contrast/core_extensions/eval_trigger.rb +0 -52
data/lib/contrast/core_extensions/inventory/datastores.rb +0 -37
data/lib/contrast/core_extensions/inventory.rb +0 -22
data/lib/contrast/core_extensions/module.rb +0 -42
data/lib/contrast/core_extensions/object.rb +0 -27
data/lib/contrast/core_extensions/protect/applies_command_injection_rule.rb +0 -70
data/lib/contrast/core_extensions/protect/applies_deserialization_rule.rb +0 -58
data/lib/contrast/core_extensions/protect/applies_no_sqli_rule.rb +0 -81
data/lib/contrast/core_extensions/protect/applies_path_traversal_rule.rb +0 -119
data/lib/contrast/core_extensions/protect/applies_sqli_rule.rb +0 -63
data/lib/contrast/core_extensions/protect/applies_xxe_rule.rb +0 -141
data/lib/contrast/core_extensions/protect/kernel.rb +0 -30
data/lib/contrast/core_extensions/protect/psych.rb +0 -7
data/lib/contrast/core_extensions/thread.rb +0 -31
data/lib/contrast/internal_exception.rb +0 -8
data/lib/contrast/rails_extensions/assess/action_controller_inheritance.rb +0 -48
data/lib/contrast/rails_extensions/assess/active_record.rb +0 -32
data/lib/contrast/rails_extensions/assess/active_record_named.rb +0 -61
data/lib/contrast/rails_extensions/assess/configuration.rb +0 -26
data/lib/contrast/rails_extensions/buffer.rb +0 -30
data/lib/contrast/rails_extensions/rack.rb +0 -45
data/lib/contrast/sinatra_extensions/assess/cookie.rb +0 -26
data/lib/contrast/sinatra_extensions/inventory/sinatra_base.rb +0 -59
data/lib/contrast/tasks/service.rb +0 -95
data/lib/contrast/utils/boolean_util.rb +0 -33
data/lib/contrast/utils/cache.rb +0 -69
data/lib/contrast/utils/comment_range.rb +0 -19
data/lib/contrast/utils/data_store_util.rb +0 -23
data/lib/contrast/utils/environment_util.rb +0 -152
data/lib/contrast/utils/freeze_util.rb +0 -36
data/lib/contrast/utils/gemfile_reader.rb +0 -191
data/lib/contrast/utils/inventory_util.rb +0 -126
data/lib/contrast/utils/operating_environment.rb +0 -38
data/lib/contrast/utils/path_util.rb +0 -151
data/lib/contrast/utils/performs_logging.rb +0 -152
data/lib/contrast/utils/preflight_util.rb +0 -13
data/lib/contrast/utils/prevent_serialization.rb +0 -52
data/lib/contrast/utils/rack_assess_session_cookie.rb +0 -104
data/lib/contrast/utils/rails_assess_configuration.rb +0 -95
data/lib/contrast/utils/random_util.rb +0 -22
data/lib/contrast/utils/ruby_ast_rewriter.rb +0 -74
data/lib/contrast/utils/scope_util.rb +0 -99
data/lib/contrast/utils/service_response_util.rb +0 -116
data/lib/contrast/utils/service_sender_util.rb +0 -98
data/lib/contrast/utils/sinatra_helper.rb +0 -49
data/resources/csrf/inject.js +0 -44
data/resources/factory-bot-spec/spec_helper.rb +0 -30
data/resources/rubocops/kernel/catch_cop.rb +0 -37
data/resources/rubocops/kernel/require_cop.rb +0 -37
data/resources/rubocops/kernel/require_relative_cop.rb +0 -33
data/resources/rubocops/module/autoload_cop.rb +0 -37
data/resources/rubocops/module/const_defined_cop.rb +0 -37
data/resources/rubocops/module/const_get_cop.rb +0 -37
data/resources/rubocops/module/const_set_cop.rb +0 -37
data/resources/rubocops/module/constants_cop.rb +0 -37
data/resources/rubocops/module/name_cop.rb +0 -37
data/resources/rubocops/object/class_cop.rb +0 -37
data/resources/rubocops/object/freeze_cop.rb +0 -37
data/resources/rubocops/object/frozen_cop.rb +0 -37
data/resources/rubocops/object/is_a_cop.rb +0 -37
data/resources/rubocops/object/method_cop.rb +0 -37
data/resources/rubocops/object/respond_to_cop.rb +0 -37
data/resources/rubocops/object/singleton_class_cop.rb +0 -37
data/resources/rubocops/regexp/spelling_cop.rb +0 -44
data/resources/rubocops/thread/new_cop.rb +0 -39
data/resources/ruby-spec/ancestors_spec.rb +0 -70
data/resources/ruby-spec/modulo_spec.rb +0 -831
data/resources/ruby-spec/parameters_spec.rb +0 -261
data/resources/ruby-spec/ruby_spec_spec_helper.rb +0 -35
data/service_executables/.gitkeep +0 -0
data/service_executables/VERSION +0 -1
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
data/shared_libraries/funchook.h +0 -123
data/shared_libraries/libfunchook.so +0 -0

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: da212693eda842e7117b2c758361ea67915854a4888b3ea0315c51f33951fea3
-  data.tar.gz: d43b26947e6eb4219f97bf90542a3948077578617f925fa90a94d4151674e88e
+  metadata.gz: b850f63bce180f09f998f5363f58b01e9c69db61a2f98a31db97fb59b82564d7
+  data.tar.gz: 811072666998fb4daf0f49d2514d875b45c18d79d29398639862f1c2144aa930
 SHA512:
-  metadata.gz: 017607d5a9cc4be26f5b970ae072851fb50a3487c9da3d625ed72d346bbbff29daec0dfd5cf2a9b5dcb1445512d9d951a77360980c9ec9f2c37f9759ff706598
-  data.tar.gz: 2a17b8dd9099c3558c5d8d1a2ba085eaec28149ef0def59d04e129e0cd2f863e2e2a6e27ae9defa873163df7b539d6600a620d7674553a71a3899e3e1d426b60
+  metadata.gz: ac0f4dcea0a62d6aa000659943f2b994a02940148fffdff2901ff4ff61d27fd257170ec4f48d0b1925d569dbc20de89a8866f76a17dd1c22aa15d9c80e4e9eb1
+  data.tar.gz: bd2490f015d1a5c8be5f0e7a0fc60e5acdc436b03e32420cbf19542a53b760c843cd84a17a0e7a8a3794ec69e3aa909e63fabdb32f4c32d5daa48ece261176aa

data/.dockerignore CHANGED Viewed

@@ -4,7 +4,6 @@ docker/
 code-deploy/
 Jenkinsfile
-bitbucket-pipelines.yml
 docker-compose.yml
 .rubocop.yml
 .travis.yml

data/.flayignore ADDED Viewed

	@@ -0,0 +1 @@
1	+ ./lib/contrast/api/*_pb.rb

data/.gitignore CHANGED Viewed

@@ -1,8 +1,8 @@
 /.bundle/
 /.yardoc
 /_yardoc/
-/Gemfile.lock
 /coverage/
+/Gemfile.lock
 /data/*
 /doc/
 /log/
@@ -18,6 +18,13 @@
 /ext/**/*.so
 /ext/**/*.bundle
+bin
+ruby-spec
+mspec
+# rspec generated files
+/spec/dummy_files/*
 # Funchook artifacts
 /ext/**/funchook.h
 /ext/**/libfunchook.dylib
@@ -49,10 +56,6 @@ contrast-agent-*.gem
 .ruby-version
 .ruby-gemset
-service_executables/*-*
-# Generated Protobuf files
-/lib/contrast/api/*_pb.rb
 # IDE stuff
 tags

data/.gitmodules CHANGED Viewed

@@ -1,6 +1,3 @@
-[submodule "agent-service-api"]
-	path = agent-service-api
-	url = git@bitbucket.org:contrastsecurity/agent-service-api
 [submodule "funchook"]
 	path = funchook
 	url = https://github.com/kubo/funchook.git

data/.rspec CHANGED Viewed

@@ -3,4 +3,3 @@
 --format documentation
 --format RspecJunitFormatter
 --out ./test-results/results.xml
---color

data/.rspec_parallel ADDED Viewed

@@ -0,0 +1,6 @@
+--require spec_helper
+--order rand
+--format progress
+--format RspecJunitFormatter
+--out ./test-results/results.xml
+--format ParallelTests::RSpec::FailuresLogger --out tmp/failing_specs.log

data/.simplecov CHANGED Viewed

@@ -1,4 +1,8 @@
-SimpleCov.minimum_coverage 92.30
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+SimpleCov.minimum_coverage(line: 94)
 SimpleCov.start do
   add_filter '/spec/'
-end
+  enable_coverage :branch
+end

data/Gemfile CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 source 'https://rubygems.org'

data/LICENSE.txt CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright: 2020 Contrast Security, Inc
+Copyright: 2022 Contrast Security, Inc
 Contact: support@contrastsecurity.com
 License: Commercial

data/Rakefile CHANGED Viewed

@@ -1,15 +1,18 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+$stdout.sync = true
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 require 'rake/extensiontask'
+require 'fileutils'
 CLOBBER << 'shared_libraries/*'
 Dir['ext/cs__*'].each do |extension|
   name = extension.split('/')[1]
-  Rake::ExtensionTask.new name do |ext|
+  Rake::ExtensionTask.new(name) do |ext|
     ext.lib_dir = "lib/#{ name }"
   end
 end

data/ext/build_funchook.rb CHANGED Viewed

@@ -1,14 +1,27 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'fileutils'
 unless find_header('funchook.h', ext_path)
   FUNCHOOK_DIR_NAME = 'funchook'
   FUNCHOOK_DIR = File.expand_path(File.join(File.dirname(File.expand_path(__FILE__)), '..', FUNCHOOK_DIR_NAME))
   COMMANDS = ['./autogen.sh', './configure', 'make clean', 'make'].freeze
+  bundler_install_target_paths = []
+  # .path and .paths diverge in their return type - .path returns strings, .paths returns PathSupports
+  possible_gem_paths = Gem.path
+  possible_gem_paths.each do |base_path|
+    contrast_gem_dir_search = File.join(base_path, 'extensions', '**', '*', 'contrast-agent-*')
+    extension_paths = Dir[contrast_gem_dir_search]
+    extension_paths.map! do |extension_path|
+      target_path = File.join(extension_path, 'shared_libraries')
+      FileUtils.mkdir_p(target_path) unless File.exist?(target_path)
+      target_path
+    end
+    bundler_install_target_paths += extension_paths
+  end
   puts 'Building funchook'
   COMMANDS.each do |command|
@@ -19,15 +32,14 @@ unless find_header('funchook.h', ext_path)
   end
   SOURCE_PATHS = [
-    File.join('include', 'funchook.h'),
-    File.join('src',     'libfunchook.dylib'),
-    File.join('src',     'libfunchook.so')
+    File.join('include', 'funchook.h'), File.join('src', 'libfunchook.dylib'),
+    File.join('src', 'libfunchook.so')
   ].freeze
-  TARGET_PATHS = [
+  TARGET_PATHS = ([
     File.expand_path(File.join(File.expand_path(__dir__), '..', 'shared_libraries')),
-    File.expand_path(__dir__) # should be ext/
-  ].freeze
+    File.expand_path(__dir__)
+  ] + bundler_install_target_paths).freeze
   puts 'Copying required files'
@@ -39,10 +51,14 @@ unless find_header('funchook.h', ext_path)
     end
     TARGET_PATHS.each do |target_path|
-      puts "Copying #{ source_file_path } into #{ target_path }"
+      unless File.writable?(target_path)
+        puts("Unable to copy into #{ target_path } - directory not writable")
+        next
+      end
+      puts("Copying #{ source_file_path } into #{ target_path }")
       FileUtils.cp(source_file_path, target_path)
+    rescue StandardError
+      puts("Error while copying #{ source_file } to #{ target_path }")
     end
   end
 end
-have_header('funchook.h', ext_path)

data/ext/cs__assess_array/cs__assess_array.c CHANGED Viewed

@@ -1,4 +1,4 @@
-/* Copyright (c) 2020 Contrast Security, Inc.  See
+/* Copyright (c) 2022 Contrast Security, Inc.  See
  * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
 #include "cs__assess_array.h"
@@ -22,17 +22,55 @@ static VALUE contrast_assess_array_join(const int argc, const VALUE *argv,
     }
     /* Finally, default to empty String. Implicit since nil.to_s is ''*/
+    /* call the Array.join but patched one */
     result = rb_funcall2(ary, rb_sym_assess_array_join, argc, argv);
-    result = rb_funcall(ary, rb_sym_assess_track_array_join, 2, sep, result);
+    /* call the Contrast::Extensions::Assess::ArrayPropagator#cs__track_join */
+    result = rb_funcall(array_propagator, rb_sym_assess_track_array_join, 3,
+                        ary, sep, result);
     return result;
 }
+static VALUE contrast_assess_prepend_array_join(const int argc, const VALUE *argv,
+                                        const VALUE ary) {
+    VALUE sep, result;
+    /* We need to figure out the separator the join method actually used. */
+    /* First, check if one was provided. */
+    rb_scan_args(argc, argv, "01", &sep);
+    /* Second, check to see if `$;` is set*/
+    if (NIL_P(sep)) {
+        sep = rb_output_fs;
+    }
+    /* call the Array.join but patched one */
+    result = rb_ary_join(ary, sep);
+    /* call the Contrast::Extensions::Assess::ArrayPropagator#cs__track_join */
+    result = rb_funcall(array_propagator, rb_sym_assess_track_array_join, 3,
+                        ary, sep, result);
+    /*call original occurs in ruby*/
+    return Qtrue;
+}
 void Init_cs__assess_array(void) {
-    rb_sym_assess_array_join = rb_intern("cs__patched_join");
-    rb_sym_assess_track_array_join = rb_intern("__cs_track_join");
-    VALUE array_class = rb_define_class("Array", rb_cObject);
-    contrast_alias_method(array_class, "cs__patched_join", "join");
-    rb_define_method(array_class, "join", contrast_assess_array_join, -1);
+     VALUE rb_mod_ary = rb_const_get(rb_cObject, rb_intern("Array"));
+     VALUE rb_sym_ary_join = ID2SYM(rb_intern("join"));
+     // check if prepended
+     VALUE is_prepended = contrast_check_prepended(rb_mod_ary, rb_sym_ary_join, Qtrue);
+     // register the cs__track_join method of the Array propagator, and call it here from Ruby.
+     array_propagator = rb_define_class_under(core_assess, "ArrayPropagator", rb_cObject);
+     rb_sym_assess_track_array_join = rb_intern("cs__track_join");
+     // register the cs__join method of the ContrastArray for prepending, and call it here from Ruby.
+     VALUE contrast_array = rb_define_module_under(core_assess, "ContrastArray");
+     rb_define_module_function(contrast_array, "cs__join", contrast_assess_prepend_array_join, -1);
+    if(is_prepended == Qtrue) {
+       // do nothing prepend is done in Ruby
+    } else {
+       // register alias patch
+        rb_sym_assess_array_join =
+            contrast_register_patch("Array", "join", contrast_assess_array_join);
+    }
 }

data/ext/cs__assess_array/cs__assess_array.h CHANGED Viewed

@@ -1,9 +1,13 @@
 #include <ruby.h>
+static VALUE array_propagator;
 static VALUE rb_sym_assess_array_join;
 static VALUE rb_sym_assess_track_array_join;
+static VALUE rb_mod_ary, rb_sym_ary_join, is_prepended, contrast_array;
 static VALUE contrast_assess_array_join(const int argc, const VALUE *argv,
                                         const VALUE ary);
+static VALUE contrast_assess_prepend_array_join(const int argc, const VALUE *argv,
+                                        const VALUE ary);
 void Init_cs__assess_array(void);

data/ext/cs__assess_array/extconf.rb CHANGED Viewed

@@ -1,2 +1,5 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
 $TO_MAKE = File.basename(__dir__)
 require_relative '../extconf_common'

data/ext/cs__assess_basic_object/cs__assess_basic_object.c CHANGED Viewed

@@ -1,18 +1,31 @@
-/* Copyright (c) 2020 Contrast Security, Inc.  See
+/* Copyright (c) 2022 Contrast Security, Inc.  See
  * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
 #include "cs__assess_basic_object.h"
 #include "../cs__common/cs__common.h"
+#include "../cs__scope/cs__scope.h"
 #include <ruby.h>
-void contrast_assess_instance_eval_trigger_check(VALUE module, VALUE source,
+/*
+ * Source code of instance_eval:
+ *
+ *                static VALUE
+ *  rb_obj_instance_eval_internal(int argc, const VALUE *argv, VALUE self)
+ *  {
+ *      VALUE klass = singleton_class_for_eval(self);
+ *      return specific_eval(argc, argv, klass, self, RB_PASS_CALLED_KEYWORDS);
+ *  }
+ */
+VALUE contrast_check_and_register_instance_patch(const char *module_name,
+                                                 const char *method_name,
+                                                 VALUE(c_fn)(const int, VALUE *,
+                                                             const VALUE));
+void contrast_assess_instance_eval_trigger_check(VALUE self, VALUE source,
                                                  VALUE ret) {
-    VALUE has_trigger_check =
-        rb_respond_to(rb_cBasicObject, instance_trigger_check_method);
-    if (has_trigger_check) {
-        rb_funcall(rb_cBasicObject, instance_trigger_check_method, 2, source,
-                   ret);
-    }
+    rb_funcall(basic_eval_trigger, instance_trigger_check_method, 3, self,
+               source, ret);
 }
 VALUE
@@ -23,28 +36,37 @@ contrast_assess_basic_object_instance_eval(const int argc, const VALUE *argv,
         return rb_obj_instance_eval(argc, argv, self);
     }
-    int nested_scope =
-        RTEST(rb_funcall(contrast_patcher(), rb_sym_in_scope, 0));
+    VALUE nested_scope = inst_methods_in_cntr_scope(contrast_patcher(), 0);
-    rb_funcall(contrast_patcher(), rb_sym_enter_scope, 0);
+    /* Enter scope */
+    inst_methods_enter_cntr_scope(contrast_patcher(), 0);
+    /* Call the source: */
     VALUE ret = rb_obj_instance_eval(argc, argv, self);
-    if (!nested_scope && argc > 0) {
+    if (nested_scope == Qfalse && argc > 0) {
         VALUE data = argv[0];
         contrast_assess_instance_eval_trigger_check(self, data, ret);
     }
-    rb_funcall(contrast_patcher(), rb_sym_exit_scope, 0);
+    /* Exit scope */
+    inst_methods_exit_cntr_scope(contrast_patcher(), 0);
     return ret;
 }
 void Init_cs__assess_basic_object(void) {
+    basic_eval_trigger =
+        rb_define_class_under(core_assess, "EvalTrigger", rb_cObject);
     instance_trigger_check_method = rb_intern("instance_eval_trigger_check");
-    contrast_alias_method(rb_cBasicObject, "cs__patched_instance_eval",
-                          "instance_eval");
-    rb_define_method(rb_cBasicObject, "instance_eval",
-                     contrast_assess_basic_object_instance_eval, -1);
+    /* We don't keep a reference to the underlying method.
+     * Instead, we call rb_obj_instance_eval directly.
+     * This should work an overwhelming majority of the time,
+     * but if someone else patched BasicObject#instance_eval,
+     * IDK if this is intentional... noting it.  -ajm
+     */
+    contrast_check_and_register_instance_patch(
+        "BasicObject", "instance_eval",
+        contrast_assess_basic_object_instance_eval);
 }

data/ext/cs__assess_basic_object/cs__assess_basic_object.h CHANGED Viewed

@@ -1,6 +1,7 @@
 #include <ruby.h>
-/* Contrast::Agent::Patching::Policy::Patcher */
+/* Contrast::Extension::Assess::EvalTrigger */
+static VALUE basic_eval_trigger;
 static VALUE instance_trigger_check_method;
 void contrast_alias_method(const VALUE target, const char *to,

data/ext/cs__assess_basic_object/extconf.rb CHANGED Viewed

@@ -1,2 +1,5 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
 $TO_MAKE = File.basename(__dir__)
 require_relative '../extconf_common'

data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c CHANGED Viewed

@@ -1,8 +1,8 @@
-/* Copyright (c) 2020 Contrast Security, Inc.  See
+/* Copyright (c) 2022 Contrast Security, Inc.  See
  * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
 #include "cs__assess_fiber_track.h"
-#include <funchook.h>
+#include "../cs__common/cs__common.h"
 #include <ruby.h>
 VALUE rb_fiber_new_hook(VALUE (*func)(ANYARGS), VALUE obj) {
@@ -30,7 +30,7 @@ VALUE rb_fiber_new_hook(VALUE (*func)(ANYARGS), VALUE obj) {
             ID meth;
         };
-        /* underlying object is first entry in Enumerator struct def.
+        /*  underlying object is first entry in Enumerator struct def.
          *  that's all statically defined w/in enumerator.c, so we can't
          *  reference the data types and be safe about it.  (yippee.)
          *  we cut out the TypedData_Get_Struct middleman & just go for it.
@@ -44,7 +44,7 @@ VALUE rb_fiber_new_hook(VALUE (*func)(ANYARGS), VALUE obj) {
         VALUE enumerator_method = ID2SYM(enum_ptr->meth);
         /* e.g.: 1..100, #each_value.  Should reflect #inspect on the enum. */
-        rb_funcall(fiber_class, track_rb_fiber_new, 5, fiber, obj,
+        rb_funcall(fiber_propagator, track_rb_fiber_new, 5, fiber, obj,
                    enumerator_method, underlying, calling_method);
     }
@@ -56,29 +56,25 @@ VALUE rb_fiber_yield_hook(int argc, const VALUE *argv) {
     VALUE yielding_fiber = rb_fiber_current();
     /* propagate from yielding_fiber -> result */
-    rb_funcall(fiber_class, track_rb_fiber_yield, 3, yielding_fiber,
+    rb_funcall(fiber_propagator, track_rb_fiber_yield, 3, yielding_fiber,
                calling_method, *argv);
     return rb_fiber_yield_original(argc, argv);
 }
 int install_fiber_hooks() {
-    funchook_t *funchook = funchook_create();
     rb_fiber_new_original = rb_fiber_new;
-    funchook_prepare(funchook, (void **)&rb_fiber_new_original,
-                     rb_fiber_new_hook);
+    patch_via_funchook(&rb_fiber_new_original, &rb_fiber_new_hook);
     rb_fiber_yield_original = rb_fiber_yield;
-    funchook_prepare(funchook, (void **)&rb_fiber_yield_original,
-                     rb_fiber_yield_hook);
+    patch_via_funchook(&rb_fiber_yield_original, &rb_fiber_yield_hook);
-    funchook_install(funchook, 0);
     return 0;
 }
 void Init_cs__assess_fiber_track(void) {
-    fiber_class = rb_define_class("Fiber", rb_cObject);
+    fiber_propagator =
+        rb_define_class_under(core_assess, "FiberPropagator", rb_cObject);
     track_rb_fiber_new = rb_intern("track_rb_fiber_new");
     track_rb_fiber_yield = rb_intern("track_rb_fiber_yield");
     rb_sym_next = rb_intern("next");

data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h CHANGED Viewed

@@ -1,16 +1,15 @@
-#include <funchook.h>
 #include <ruby.h>
 static VALUE rb_sym_next;
-static VALUE fiber_class;
+static VALUE fiber_propagator;
 static VALUE track_rb_fiber_new;
 static VALUE track_rb_fiber_yield;
 VALUE rb_fiber_new(VALUE (*func)(ANYARGS), VALUE obj);
-VALUE *(*rb_fiber_new_original)(VALUE (*func)(ANYARGS), VALUE obj);
+VALUE (*rb_fiber_new_original)(VALUE (*func)(ANYARGS), VALUE obj);
 VALUE rb_fiber_yield(int argc, const VALUE *argv);
-VALUE *(*rb_fiber_yield_original)(int argc, const VALUE *argv);
+VALUE (*rb_fiber_yield_original)(int argc, const VALUE *argv);
 /* If you call `#next` on an enumerator object, that enumerator object
  * instantiates a fiber and runs its given proc inside of that fiber.

data/ext/cs__assess_fiber_track/extconf.rb CHANGED Viewed

@@ -1,2 +1,5 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
 $TO_MAKE = File.basename(__dir__)
 require_relative '../extconf_common'

data/ext/cs__assess_hash/cs__assess_hash.c CHANGED Viewed

@@ -1,64 +1,89 @@
-/* Copyright (c) 2020 Contrast Security, Inc.  See
+/* Copyright (c) 2022 Contrast Security, Inc.  See
  * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
 #include "cs__assess_hash.h"
 #include "../cs__common/cs__common.h"
 #include <ruby.h>
-static VALUE contrast_assess_hash_bracket_get(const int argc, VALUE *argv,
-                                              const VALUE hash) {
+/* Hashes can be constructed thusly):
+ *   irb(main):001:0> Hash[:a, :b]
+ *   => {:a=>:b}
+ *
+ * This method instruments that unique bracket-construction style
+ * of initializing a hash.
+ */
+static VALUE contrast_assess_hash_bracket_constructor(const int argc,
+                                                      VALUE *argv,
+                                                      const VALUE hash) {
     VALUE result;
     /* Array of Arrays: Hash[ [ [key, value], ... ] ]   -> new_hash */
     if (RB_TYPE_P(argv[0], T_ARRAY)) {
         int i;
         for (i = 0; i < argc; i++) {
-            argv[i] =
-                rb_funcall(hash, rb_sym_assess_hash_dup_and_freeze, 1, argv[i]);
+            argv[i] = rb_funcall(hash_propagator,
+                                 rb_sym_assess_hash_dup_and_freeze, 1, argv[i]);
         }
         /* Hash[ key, value, ... ]         -> new_hash */
     } else if (argc > 1) {
         int i;
         for (i = 0; i < argc; i += 2) {
-            argv[i] =
-                rb_funcall(hash, rb_sym_assess_hash_dup_and_freeze, 1, argv[i]);
+            argv[i] = rb_funcall(hash_propagator,
+                                 rb_sym_assess_hash_dup_and_freeze, 1, argv[i]);
         }
     }
+    const VALUE *argv_final = argv;
     /* unhandled case - shouldn't need it since issue is only unfrozen
      * String keys
      * # Hash[ object ]                  -> new_hash
      */
-    result = rb_funcall2(hash, rb_sym_assess_hash_brackets, argc, argv);
+    result = rb_funcall2(hash, rb_sym_assess_hash_bracket_constructor, argc,
+                         argv_final);
     return result;
 }
+/* Hashes, when keyed with a string, will dup & freeze that string.
+ * This is resource-efficient, but inconvenient for instrumentation.
+ */
 static VALUE contrast_assess_hash_bracket_set(const int argc, VALUE *argv,
                                               const VALUE hash) {
     VALUE result;
-    VALUE key;
-    key = rb_funcall2(hash, rb_sym_assess_hash_bracket_set, argc, argv);
-    argv[0] = key;
+    /* Current name (assess_hash_bracket_set).
+     * It doesn't set anything on the hash.
+     * It takes the arg that /would/ have been the key, and preemptively
+     * calls #dup and then #freeze, and then gives you that key.
+     *
+     * We intentionally don't enter Contrast scope for this patch.
+     * #dup instruments the string, and #freeze gets the hash to accept
+     * the key directly, without calling its own #dup/#freeze.
+     * (That naturally happens in C-land, our instrumentation is in Ruby,
+     * so our patches to #dup don't take effect within Hash#[]= unless we
+     * specifically do this instrumentation.
+     * We haven't revisited this approach since we started more extensively
+     * hooking public C functions.)
+     */
+    if (argc > 0) {
+        argv[0] = rb_funcall(hash_propagator, rb_sym_assess_hash_dup_and_freeze,
+                             1, argv[0]);
+    }
+    /* This is the underlying assignment, w/ our instrumented key. */
     result = rb_funcall2(hash, rb_sym_assess_hash_bracket_equals, argc, argv);
     return result;
 }
 void Init_cs__assess_hash(void) {
+    hash_propagator =
+        rb_define_class_under(core_assess, "HashPropagator", rb_cObject);
     rb_sym_assess_hash_dup_and_freeze = rb_intern("cs__duplicate_and_freeze");
-    rb_sym_assess_hash_brackets = rb_intern("cs__patched_[]");
-    rb_sym_assess_hash_bracket_set = rb_intern("cs__bracket_set");
-    rb_sym_assess_hash_bracket_equals = rb_intern("cs__patched_[]=");
     VALUE hash_class = rb_define_class("Hash", rb_cObject);
-    array_class = rb_define_class("Array", rb_cObject);
-    VALUE singleton = rb_singleton_class(hash_class);
-    contrast_alias_method(singleton, "cs__patched_[]", "[]");
-    rb_define_method(singleton, "[]", contrast_assess_hash_bracket_get, -1);
+    rb_sym_assess_hash_bracket_constructor = contrast_register_singleton_patch(
+        "Hash", "[]", contrast_assess_hash_bracket_constructor);
-    contrast_alias_method(hash_class, "cs__patched_[]=", "[]=");
-    rb_define_method(hash_class, "[]=", contrast_assess_hash_bracket_set, -1);
+    rb_sym_assess_hash_bracket_equals = contrast_register_patch(
+        "Hash", "[]=", contrast_assess_hash_bracket_set);
 }

data/ext/cs__assess_hash/cs__assess_hash.h CHANGED Viewed

@@ -1,11 +1,9 @@
 #include <ruby.h>
-static VALUE array_class;
 static VALUE rb_sym_assess_hash_dup_and_freeze;
-static VALUE rb_sym_assess_hash_brackets;
-static VALUE rb_sym_assess_hash_bracket_set;
+static VALUE rb_sym_assess_hash_bracket_constructor;
 static VALUE rb_sym_assess_hash_bracket_equals;
+static VALUE hash_propagator;
 /*
  * Monkeypatch Ruby Hash with Contrast Security Hash in order ot avoid losing
@@ -15,8 +13,9 @@ static VALUE rb_sym_assess_hash_bracket_equals;
  * ahead of time should avoid this, similar to the behavior of the -@ Strings
  * -HM
  */
-static VALUE contrast_assess_hash_bracket_get(const int argc, VALUE *argv,
-                                              const VALUE hash);
+static VALUE contrast_assess_hash_bracket_constructor(const int argc,
+                                                      VALUE *argv,
+                                                      const VALUE hash);
 static VALUE contrast_assess_hash_bracket_set(const int argc, VALUE *argv,
                                               const VALUE hash);

data/ext/cs__assess_hash/extconf.rb CHANGED Viewed

@@ -1,2 +1,5 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
 $TO_MAKE = File.basename(__dir__)
 require_relative '../extconf_common'