contrast-agent 3.8.4 → 6.9.0

data/ext/cs__contrast_patch/cs__contrast_patch.c

@@ -1,8 +1,9 @@
-/* Copyright (c) 2020 Contrast Security, Inc.  See
+/* Copyright (c) 2022 Contrast Security, Inc.  See
  * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
 
 #include "cs__contrast_patch.h"
 #include "../cs__common/cs__common.h"
+#include "../cs__scope/cs__scope.h"
 #include <ruby.h>
 
 VALUE build_preshift(const VALUE method_policy, const VALUE object,
@@ -28,22 +29,35 @@ VALUE contrast_patch_call_original(const VALUE *args) {
     int argc;
     VALUE method, method_id, object;
     VALUE *params;
-    object = args[0];
-    method = args[1];
+    argc = NUM2INT(args[0]);
+    params = (VALUE *)args[1];
+    object = args[2];
+    method = args[3];
     method_id = SYM2ID(method);
-    argc = NUM2INT(args[2]);
-    params = (VALUE *)args[3];
 
-    /* It looks like we can find the last Ruby block given so long as we don't
-     * change Ruby method scope (always call this function from C, not Ruby),
-     * which is the point of this C call.
-     */
+/* It looks like we can find the last Ruby block given so long as we don't
+ * change Ruby method scope (always call this function from C, not Ruby),
+ * which is the point of this C call.
+ */
+/* Ruby >= 2.7 */
+#ifdef RB_PASS_CALLED_KEYWORDS
+    if (rb_block_given_p()) {
+        return rb_funcall_with_block_kw(object, method_id, argc, params,
+                                        rb_block_proc(),
+                                        RB_PASS_CALLED_KEYWORDS);
+    } else {
+        return rb_funcallv_kw(object, method_id, argc, params,
+                              RB_PASS_CALLED_KEYWORDS);
+    }
+/* Ruby < 2.7 */
+#else
     if (rb_block_given_p()) {
         return rb_funcall_with_block(object, method_id, argc, params,
                                      rb_block_proc());
     } else {
         return rb_funcall2(object, method_id, argc, params);
     }
+#endif
 }
 
 VALUE contrast_call_pre_patch(const VALUE method_policy, const VALUE method,
@@ -75,15 +89,33 @@ VALUE contrast_call_post_patch(const VALUE method_policy, const VALUE preshift,
                       method_policy, preshift, object, ret, send, block);
 }
 
-VALUE contrast_patch_call_rescue(const VALUE *args) {
-    int argc;
-    VALUE exception, object, preshift, method_policy, method;
-    VALUE *argv;
-
+/* wrap rb_ensure so we can rescue an exception */
+VALUE rescue_func(VALUE arg1) {
+    VALUE exception;
     /* rb_errinfo() gives the value of $!, the exception that
      * triggered a rescue block.
      */
     exception = rb_errinfo();
+    rb_exc_raise(exception);
+
+    return Qnil;
+}
+
+/**
+  * In the event that the original_method call throws an exception we need to ensure that contrast_post_patch is called
+  * to report that error. However, if there is no error we will call post_patch with the original_return instead of
+  * Qnil.
+  *
+**/
+VALUE contrast_patch_call_ensure(const VALUE *args) {
+    // we do not need to ensure that post patch is called if no error was thrown
+    if(!RTEST(rb_errinfo())) {
+        return Qnil;
+    }
+
+    int argc;
+    VALUE object, preshift, method_policy, method;
+    VALUE *argv;
 
     object = args[0];
     method = args[1];
@@ -94,29 +126,137 @@ VALUE contrast_patch_call_rescue(const VALUE *args) {
 
     contrast_call_post_patch(method_policy, preshift, object, Qnil, argc, argv);
 
-    /* exit scope */
-    rb_funcall(contrast_patcher(), rb_sym_exit_scope, 0);
+    return Qnil;
+}
 
-    /* reraise the exception that got us here */
-    rb_exc_raise(exception);
+VALUE ensure_wrapper(const VALUE *args) {
+    VALUE original_method, original_args, ensure_args;
 
-    return Qnil;
+    original_method = args[0];
+    original_args = (VALUE)args[1];
+    ensure_args = (VALUE)args[2];
+
+    //this ensure if being treated as a rescue due to issues surrounding Kernel#throw
+    return rb_ensure(original_method, original_args, contrast_patch_call_ensure,
+                     (VALUE)ensure_args);
 }
 
 VALUE contrast_call_super(const VALUE *args) {
-    int argc = NUM2INT(args[0]);
-    VALUE *argv = (VALUE *)args[1];
+    int argc;
+    VALUE *argv;
+    argc = NUM2INT(args[0]);
+    argv = (VALUE *)args[1];
 
     return rb_call_super(argc, argv);
 }
 
+VALUE contrast_run_patches(const VALUE *wrapped_args) {
+    VALUE impl, method, method_policy, object, original_args, original_ret,
+        preshift, transformed_ret;
+    int argc;
+    VALUE *argv;
+    VALUE ensure_args[6];
+    VALUE rescue_wrapper_args[3];
+
+    impl = wrapped_args[0];
+    original_args = wrapped_args[1];
+    method = wrapped_args[2];
+    method_policy = wrapped_args[3];
+    object = wrapped_args[4];
+    argc = NUM2INT(wrapped_args[5]);
+    argv = (VALUE *)wrapped_args[6];
+
+    rescue_wrapper_args[0] = contrast_patch_call_original;
+    rescue_wrapper_args[1] = original_args;
+    rescue_wrapper_args[2] = ensure_args;
+
+    ensure_args[0] = object;
+    ensure_args[1] = method;
+    ensure_args[2] = INT2NUM(argc);
+    ensure_args[3] = (VALUE)argv;
+    ensure_args[4] = method_policy;
+
+    /* Tracking, triggering, and propagation here. */
+    contrast_call_pre_patch(method_policy, method, object, argc, argv, Qnil);
+
+    /* Capture pre-call state */
+    preshift = build_preshift(method_policy, object, argc, argv);
+    ensure_args[5] = preshift;
+
+    /* We wrap a call to the original method with a rescue block, and we use
+     * rb_rescue2 to capture all Exception-inheriting exceptions (and if your
+     * software is well-behaved, all exceptions should inherit from Exception.)
+     *
+     * The rescue block is responsible for doing Contrast post-call analysis
+     * in the event the original method has thrown an exception.
+     *
+     * EDGE CASES:
+     * Given how extensively we patch and instrument, this code is
+     * prone to some esoteric edge cases that are not well-documented or
+     * easy to research.
+     *
+     * There is an esoteric edge case in core Ruby, upon Thread#kill, where
+     * it raises Fixnum 8 (Qnil==8).  This is an intentional choice on the
+     * part of the core Ruby devs, as blindly rescuing Thread#kill would be
+     * disastrous.
+     * A consequence of this is that Thread#kill will leak scope, if you
+     * happen to ever instrument it.
+     *
+     * If you are within a catch block, and the original function results
+     * in a throw, you will leak scope.  We handle this by not instrumenting
+     * methods that do that.  (Tracked in RUBY-552.)
+     *
+     * If you're thinking of cleaning this up by using rb_protect,
+     * you will catch ALL exceptions, as well as ANYTHING
+     * else that unwinds the stack.  This includes fiber context switches
+     * (which are used to implement Enumerator#next) and catch/throw blocks.
+     * I spent a week debugging that so you don't have to.  -ajm
+     */
+
+    switch (impl) {
+    case IMPL_ALIAS_INSTANCE:
+    case IMPL_ALIAS_SINGLETON:
+        original_ret =
+            rb_rescue(ensure_wrapper, rescue_wrapper_args, rescue_func, Qnil);
+        break;
+    case IMPL_PREPEND_INSTANCE:
+    case IMPL_PREPEND_SINGLETON:
+        rescue_wrapper_args[0] = contrast_call_super;
+        original_ret =
+            rb_rescue(ensure_wrapper, rescue_wrapper_args, rescue_func, Qnil);
+        break;
+    };
+
+    /* If you're here, the original method did not throw an exception
+     * (or unwind the stack otherwise).
+     * If the original method threw an exception, contrast_patch_call_rescue
+     * re-raises the original exception, which unwinds the stack back to the
+     * call site.  This means the rest of this function is not executed.
+     * post_patch is called in the ensure_wrapper on exception.  rb_rescue
+     * raises the exception so the below will not be executed in that event.
+     */
+
+    /* Invoke Contrast post-call patching. */
+    contrast_call_post_patch(method_policy, preshift, object,
+                                               original_ret, argc, argv);
+
+    return original_ret;
+}
+
+VALUE contrast_ensure_function(const VALUE method_policy) {
+    /* exit scope */
+    VALUE scopes = rb_funcall(method_policy, rb_sym_scopes_to_exit, 0);
+
+    inst_methods_exit_method_scope(contrast_patcher(), scopes);
+    inst_methods_exit_cntr_scope(contrast_patcher(), 0);
+
+    return Qnil;
+}
+
 VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
                               const patch_impl impl, const VALUE object) {
-    VALUE cs__method, known, method, ret, transformed_ret, original_ret,
-        method_policy, preshift;
+    VALUE cs__method, known, method, method_policy;
     VALUE original_args[4];
-    VALUE rescue_args[7];
-
     int do_contrast, nested_scope;
 
     /* Do Contrast analysis, unless our subsequent checks tell us no. */
@@ -128,10 +268,10 @@ VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
      * which is unnecessary, or run Contrast analysis on Contrast code,
      * which will never terminate.
      */
-    nested_scope = RTEST(rb_funcall(contrast_patcher(), rb_sym_in_scope, 0));
+    nested_scope = inst_methods_in_cntr_scope(contrast_patcher(), 0);
 
     /* enter scope */
-    rb_funcall(contrast_patcher(), rb_sym_enter_scope, 0);
+    inst_methods_enter_cntr_scope(contrast_patcher(), 0);
 
     /* Get the name of the calling method */
     method = rb_funcall(object, rb_sym_method, 0);
@@ -141,10 +281,14 @@ VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
      */
     switch (impl) {
     case IMPL_ALIAS_INSTANCE:
-    case IMPL_PREPEND:
+    case IMPL_PREPEND_INSTANCE:
         known =
             rb_funcall(patch_status, rb_sym_info_for, 3, object, method, Qtrue);
         break;
+    case IMPL_PREPEND_SINGLETON:
+        known = rb_funcall(patch_status, rb_sym_info_for, 3, object, method,
+                           Qfalse);
+        break;
     case IMPL_ALIAS_SINGLETON:
         known = rb_funcall(patch_status, rb_sym_info_for, 3, object, method,
                            Qfalse);
@@ -158,6 +302,22 @@ VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
         method_policy = Qnil;
     }
 
+    /* Check conditions for not doing Contrast analysis */
+    if (nested_scope == Qtrue) {
+        /* if we were in scope */
+        do_contrast = 0;
+    } else if (!RTEST(known)) {
+        /* nothing to be done with entirely unknown method*/
+        do_contrast = 0;
+    } else if (!RTEST(method_policy)) {
+        /* nothing to be done without a method policy */
+        do_contrast = 0;
+    }
+
+    original_args[0] = INT2NUM(argc);
+    original_args[1] = (VALUE)argv;
+    original_args[2] = object;
+
     if (impl == IMPL_ALIAS_INSTANCE || impl == IMPL_ALIAS_SINGLETON) {
         /* Alias patching moves the original method to "cs__#{method}" */
         cs__method = rb_funcall(known, rb_sym_brackets, 1, INT2NUM(1));
@@ -168,140 +328,43 @@ VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
                 rb_funcall(contrast_patcher(), rb_sym_build_method_name, 2,
                            object, method);
         }
+        original_args[3] = cs__method;
     }
 
-    /* Check conditions for not doing Contrast analysis */
-    if (nested_scope) {
-        /* if we were in scope */
-        do_contrast = 0;
-    } else if (!RTEST(known)) {
-        /* nothing to be done with entirely unknown method*/
-        do_contrast = 0;
-    } else if (!RTEST(method_policy)) {
-        /* nothing to be done without a method policy */
-        do_contrast = 0;
-    } else if (!RTEST(rb_funcall(contrast_patcher(), rb_sym_in_request_context,
-                                 0))) {
-        /* (RUBY-290, checking for a request_context is to be deprecated)
-         * if we're not within a request context, don't analyze (by fiat)
-         * We reset scope at the end of request contexts right now, don't remove
-         * this check without also handling that code.
-         */
-        do_contrast = 0;
-    }
+    /* Enter any scopes specific to method policy */
+    VALUE scopes = rb_funcall(method_policy, rb_sym_scopes_to_enter, 0);
 
-    switch (impl) {
-    case IMPL_ALIAS_INSTANCE:
-    case IMPL_ALIAS_SINGLETON:
-        original_args[0] = object;
-        original_args[1] = cs__method;
-        original_args[2] = INT2NUM(argc);
-        original_args[3] = (VALUE)argv;
-        break;
-    case IMPL_PREPEND:
-        original_args[0] = INT2NUM(argc);
-        original_args[1] = (VALUE)argv;
-        break;
-    }
+    inst_methods_enter_method_scope(contrast_patcher(), scopes);
 
     /* If we're not doing Contrast analysis, exit scope and treat as normal. */
     if (!do_contrast) {
         goto call_original;
     }
 
-    rescue_args[0] = object;
-    rescue_args[1] = method;
-    rescue_args[2] = INT2NUM(argc);
-    rescue_args[3] = (VALUE)argv;
-    rescue_args[4] = method_policy;
-
-    /* Tracking, triggering, and propagation here. */
-    contrast_call_pre_patch(method_policy, method, object, argc, argv, Qnil);
-
-    /* Capture pre-call state */
-    preshift = build_preshift(method_policy, object, argc, argv);
-    rescue_args[5] = preshift;
-
-    /* We wrap a call to the original method with a rescue block, and we use
-     * rb_rescue2 to capture all Exception-inheriting exceptions (and if your
-     * software is well-behaved, all exceptions should inherit from Exception.)
-     *
-     * The rescue block is responsible for doing Contrast post-call analysis
-     * in the event the original method has thrown an exception.
-     *
-     * EDGE CASES:
-     * Given how extensively we patch and instrument, this code is
-     * prone to some esoteric edge cases that are not well-documented or
-     * easy to research.
-     *
-     * There is an esoteric edge case in core Ruby, upon Thread#kill, where
-     * it raises Fixnum 8 (Qnil==8).  This is an intentional choice on the
-     * part of the core Ruby devs, as blindly rescuing Thread#kill would be
-     * disastrous.
-     * A consequence of this is that Thread#kill will leak scope, if you
-     * happen to ever instrument it.
-     *
-     * If you are within a catch block, and the original function results
-     * in a throw, you will leak scope.  We handle this by not instrumenting
-     * methods that do that.  (Tracked in RUBY-552.)
-     *
-     * If you're thinking of cleaning this up by using rb_protect,
-     * you will catch ALL exceptions, as well as ANYTHING
-     * else that unwinds the stack.  This includes fiber context switches
-     * (which are used to implement Enumerator#next) and catch/throw blocks.
-     * I spent a week debugging that so you don't have to.  -ajm
-     */
-
-    switch (impl) {
-    case IMPL_ALIAS_INSTANCE:
-    case IMPL_ALIAS_SINGLETON:
-        original_ret = rb_rescue2(
-            contrast_patch_call_original, (VALUE)original_args,
-            contrast_patch_call_rescue, (VALUE)rescue_args, rb_eException, 0);
-        break;
-    case IMPL_PREPEND:
-        original_ret = rb_rescue2(contrast_call_super, (VALUE)original_args,
-                                  contrast_patch_call_rescue,
-                                  (VALUE)rescue_args, rb_eException, 0);
-        break;
-    };
-
-    /* If you're here, the original method did not throw an exception
-     * (or unwind the stack otherwise).
-     * If the original method threw an exception, contrast_patch_call_rescue
-     * re-raises the original exception, which unwinds the stack back to the
-     * call site.  This means the rest of this function is not executed.
-     */
-
-    /* Invoke Contrast post-call patching.
-     * Post-call patching may transform the return value,
-     * hence the assignment.
-     */
-    transformed_ret = contrast_call_post_patch(method_policy, preshift, object,
-                                               original_ret, argc, argv);
-
-    /* Special case for tracking frozen sources */
-    if (transformed_ret != Qnil) {
-        ret = transformed_ret;
-    } else {
-        ret = original_ret;
-    }
-
-    /* exit scope */
-    rb_funcall(contrast_patcher(), rb_sym_exit_scope, 0);
+    /* Otherwise, invoke Contrast analysis. */
+    VALUE wrapped_args[7];
+    wrapped_args[0] = impl;
+    wrapped_args[1] = (VALUE)original_args;
+    wrapped_args[2] = method;
+    wrapped_args[3] = method_policy;
+    wrapped_args[4] = object;
+    wrapped_args[5] = INT2NUM(argc);
+    wrapped_args[6] = (VALUE)argv;
 
-    return ret;
+    return rb_ensure(contrast_run_patches, (VALUE)wrapped_args,
+                     contrast_ensure_function, method_policy);
 
 call_original:
 
     /* exit scope */
-    rb_funcall(contrast_patcher(), rb_sym_exit_scope, 0);
+    contrast_ensure_function(method_policy);
 
     switch (impl) {
     case IMPL_ALIAS_INSTANCE:
     case IMPL_ALIAS_SINGLETON:
         return contrast_patch_call_original(original_args);
-    case IMPL_PREPEND:
+    case IMPL_PREPEND_INSTANCE:
+    case IMPL_PREPEND_SINGLETON:
         return contrast_call_super(original_args);
     };
 }
@@ -316,9 +379,14 @@ VALUE contrast_alias_singleton_patch(const int argc, const VALUE *argv,
     return contrast_patch_dispatch(argc, argv, IMPL_ALIAS_SINGLETON, object);
 }
 
-VALUE contrast_prepend_patch(const int argc, const VALUE *argv,
-                             const VALUE object) {
-    return contrast_patch_dispatch(argc, argv, IMPL_PREPEND, object);
+VALUE contrast_prepend_instance_patch(const int argc, const VALUE *argv,
+                                      const VALUE object) {
+    return contrast_patch_dispatch(argc, argv, IMPL_PREPEND_INSTANCE, object);
+}
+
+VALUE contrast_prepend_singleton_patch(const int argc, const VALUE *argv,
+                                       const VALUE object) {
+    return contrast_patch_dispatch(argc, argv, IMPL_PREPEND_SINGLETON, object);
 }
 
 VALUE contrast_patch_define_method(const VALUE self, const VALUE clazz,
@@ -330,8 +398,9 @@ VALUE contrast_patch_define_method(const VALUE self, const VALUE clazz,
         rb_funcall(method_policy, rb_sym_instance_method, 0);
     char *cStr;
     VALUE str;
-    rb_funcall(patch_status, rb_sym_set_info_for, 5, clazz, original_method_name,
-               method_policy, is_instance_method, cs_method);
+    rb_funcall(patch_status, rb_sym_set_info_for, 5, clazz,
+               original_method_name, method_policy, is_instance_method,
+               cs_method);
 
     /* Some methods we patch rely on a specific C level patch,
      * in those cases we should still add the method to the info_for hash
@@ -383,29 +452,57 @@ VALUE contrast_patch_define_method(const VALUE self, const VALUE clazz,
 VALUE contrast_patch_prepend(const VALUE self, const VALUE originalModule,
                              const VALUE method_policy) {
 
+    const VALUE instance = Qtrue;
+    const VALUE singleton = Qfalse;
     const VALUE original_method_name =
         rb_funcall(method_policy, rb_sym_method_name, 0);
     const VALUE is_private =
         rb_funcall(method_policy, rb_sym_private_method, 0);
     const VALUE is_instance_method =
         rb_funcall(method_policy, rb_sym_instance_method, 0);
-    rb_funcall(patch_status, rb_sym_set_info_for, 5, originalModule,
-               original_method_name, method_policy, Qtrue, Qnil);
+
+    // Set the value for instance or singleton method
+    if (RTEST(is_instance_method)) {
+        rb_funcall(patch_status, rb_sym_set_info_for, 5, originalModule,
+                   original_method_name, method_policy, instance, Qnil);
+
+    } else {
+        rb_funcall(patch_status, rb_sym_set_info_for, 5, originalModule,
+                   original_method_name, method_policy, singleton, Qnil);
+    }
+
     VALUE module = rb_define_module_under(originalModule, "ContrastPrepend");
     VALUE str = rb_funcall(original_method_name, rb_sym_cs_to_s, 0);
     char *cMethodName = StringValueCStr(str);
     if (RTEST(is_instance_method)) {
         if (RTEST(is_private)) {
             rb_define_private_method(module, cMethodName,
-                                     contrast_prepend_patch, -1);
+                                     contrast_prepend_instance_patch, -1);
         } else {
-            rb_define_method(module, cMethodName, contrast_prepend_patch, -1);
+            rb_define_method(module, cMethodName,
+                             contrast_prepend_instance_patch, -1);
         }
     } else {
-        rb_define_singleton_method(module, cMethodName, contrast_prepend_patch,
-                                   -1);
+        rb_define_singleton_method(module, cMethodName,
+                                   contrast_prepend_singleton_patch, -1);
     }
     rb_prepend_module(originalModule, module);
+
+    if (rb_ver_below_three()) {
+        VALUE module_at;
+        VALUE rb_incl_in_mod_ary =
+            rb_funcall(originalModule, rb_intern("included_in"), 0);
+        if (RB_TYPE_P(rb_incl_in_mod_ary, T_ARRAY)) {
+            int i = 0;
+            int size = RARRAY_LEN(rb_incl_in_mod_ary);
+            for (i = 0; i < size; ++i) {
+                module_at = rb_ary_entry(rb_incl_in_mod_ary, i);
+                if (RB_TYPE_P(module_at, T_MODULE)) {
+                    rb_include_module(module_at, module);
+                }
+            }
+        }
+    }
     return Qtrue;
 }
 
@@ -417,7 +514,6 @@ void Init_cs__contrast_patch(void) {
     rb_sym_contrast_apply_pre_patch = rb_intern("apply_pre_patch");
     rb_sym_cs_to_s = rb_intern("to_s");
     rb_sym_custom_patch = rb_intern("requires_custom_patch?");
-    rb_sym_in_request_context = rb_intern("in_request_context?");
     rb_sym_info_for = rb_intern("info_for");
     rb_sym_propagation_node = rb_intern("propagation_node");
     rb_sym_set_info_for = rb_intern("set_info_for");
@@ -430,6 +526,10 @@ void Init_cs__contrast_patch(void) {
     rb_sym_instance_method = rb_intern("instance_method");
     rb_sym_cs_singleton_class = rb_intern("cs__singleton_class");
 
+    rb_sym_enter_method_scope = rb_intern("enter_method_scope!");
+    rb_sym_exit_method_scope = rb_intern("exit_method_scope!");
+    rb_sym_scopes_to_enter = rb_intern("scopes_to_enter");
+    rb_sym_scopes_to_exit = rb_intern("scopes_to_exit");
 
     rb_define_module_function(contrast_patcher(), "contrast_define_method",
                               contrast_patch_define_method, 3);

data/ext/cs__contrast_patch/cs__contrast_patch.h

@@ -1,11 +1,6 @@
+#include "../cs__common/cs__common.h"
 #include <ruby.h>
 
-typedef enum {
-  IMPL_ALIAS_INSTANCE,
-  IMPL_ALIAS_SINGLETON,
-  IMPL_PREPEND
-} patch_impl;
-
 /* Calls to Contrast modules */
 /* Contrast::Agent::Patching::Policy::PatchStatus */
 static VALUE patch_status;
@@ -21,7 +16,10 @@ static VALUE rb_sym_contrast_apply_pre_patch;
 static VALUE rb_sym_custom_patch;
 static VALUE rb_sym_cs_to_s;
 
-static VALUE rb_sym_in_request_context;
+static VALUE rb_sym_enter_method_scope;
+static VALUE rb_sym_exit_method_scope;
+static VALUE rb_sym_scopes_to_enter;
+static VALUE rb_sym_scopes_to_exit;
 
 static VALUE rb_sym_build_method_name;
 static VALUE rb_sym_info_for;
@@ -142,8 +140,7 @@ VALUE contrast_call_super(const VALUE *args);
  *          instance (specifically for frozen sources)
  */
 VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
-                              const patch_impl impl,
-                              const VALUE object);
+                              const patch_impl impl, const VALUE object);
 
 VALUE contrast_alias_instance_patch(const int argc, const VALUE *argv,
                                     const VALUE object);
@@ -151,9 +148,11 @@ VALUE contrast_alias_instance_patch(const int argc, const VALUE *argv,
 VALUE contrast_alias_singleton_patch(const int argc, const VALUE *argv,
                                      const VALUE object);
 
+VALUE contrast_prepend_instance_patch(const int argc, const VALUE *argv,
+                                    const VALUE object);
 
-VALUE contrast_prepend_patch(const int argc, const VALUE *argv,
-                             const VALUE object);
+VALUE contrast_prepend_singleton_patch(const int argc, const VALUE *argv,
+                                     const VALUE object);
 
 /*
  * Patches a module's method by prepend:
@@ -171,12 +170,12 @@ VALUE contrast_prepend_patch(const int argc, const VALUE *argv,
  *   - prepending Foo with Foo::ContrastPrepend
  *
  * originalModule - Module; the actual Module being prepended
- * methodPolicy - :MethodPolicy; the method policy that apply to the method being redefined
+ * methodPolicy - :MethodPolicy; the method policy that apply to the method
+ * being redefined
  *
  * return - Boolean; if the prepend occurred or not
  */
-VALUE contrast_patch_prepend(const VALUE self,
-                             const VALUE originalModule,
+VALUE contrast_patch_prepend(const VALUE self, const VALUE originalModule,
                              const VALUE methodPolicy);
 
 /*

data/ext/cs__contrast_patch/extconf.rb

@@ -1,2 +1,5 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
 $TO_MAKE = File.basename(__dir__)
 require_relative '../extconf_common'

data/ext/cs__os_information/cs__os_information.c

@@ -0,0 +1,34 @@
+/* Copyright (c) 2022 Contrast Security, Inc.  See
+ * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
+
+#include "cs__os_information.h"
+#include <dlfcn.h>
+#include <ruby.h>
+#include <sys/utsname.h>
+
+VALUE contrast, utils, os;
+
+VALUE contrast_get_system_information() {
+    struct utsname uname_pointer;
+
+    uname(&uname_pointer);
+
+    VALUE rb_data_hash = rb_hash_new();
+    rb_hash_aset(rb_data_hash, rb_str_new2("os_type"),
+                 rb_str_new2(uname_pointer.sysname));
+    rb_hash_aset(rb_data_hash, rb_str_new2("os_version"),
+                 rb_str_new2(uname_pointer.release));
+    rb_hash_aset(rb_data_hash, rb_str_new2("os_complete_version"),
+                 rb_str_new2(uname_pointer.version));
+    rb_hash_aset(rb_data_hash, rb_str_new2("os_arch"),
+                 rb_str_new2(uname_pointer.machine));
+    return rb_data_hash;
+}
+
+void Init_cs__os_information(void) {
+    contrast = rb_define_module("Contrast");
+    utils = rb_define_module_under(contrast, "Utils");
+    os = rb_define_module_under(utils, "OS");
+    rb_define_module_function(os, "get_system_information",
+                              contrast_get_system_information, 0);
+}

data/ext/cs__os_information/cs__os_information.h

@@ -0,0 +1,7 @@
+#include <ruby.h>
+
+extern VALUE contrast, utils, os;
+
+VALUE contrast_get_system_information();
+
+void Init_cs__os_information(void);

data/ext/cs__os_information/extconf.rb

@@ -0,0 +1,5 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+$TO_MAKE = File.basename(__dir__)
+require_relative '../extconf_common'