RubyGems - contrast-agent - Versions diffs - 3.8.4 - Mend

contrast-agent 3.8.4

Files changed (500) hide show

checksums.yaml +7 -0
data/.clang-format +5 -0
data/.dockerignore +10 -0
data/.gitignore +58 -0
data/.gitmodules +6 -0
data/.rspec +6 -0
data/.simplecov +4 -0
data/Gemfile +7 -0
data/LICENSE.txt +12 -0
data/Rakefile +15 -0
data/exe/contrast_service +29 -0
data/ext/build_funchook.rb +48 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.c +47 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.h +10 -0
data/ext/cs__assess_active_record_named/extconf.rb +2 -0
data/ext/cs__assess_array/cs__assess_array.c +38 -0
data/ext/cs__assess_array/cs__assess_array.h +9 -0
data/ext/cs__assess_array/extconf.rb +2 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +50 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.h +17 -0
data/ext/cs__assess_basic_object/extconf.rb +2 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +86 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +34 -0
data/ext/cs__assess_fiber_track/extconf.rb +2 -0
data/ext/cs__assess_hash/cs__assess_hash.c +64 -0
data/ext/cs__assess_hash/cs__assess_hash.h +24 -0
data/ext/cs__assess_hash/extconf.rb +2 -0
data/ext/cs__assess_kernel/cs__assess_kernel.c +36 -0
data/ext/cs__assess_kernel/cs__assess_kernel.h +10 -0
data/ext/cs__assess_kernel/extconf.rb +2 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +47 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +18 -0
data/ext/cs__assess_marshal_module/extconf.rb +2 -0
data/ext/cs__assess_module/cs__assess_module.c +78 -0
data/ext/cs__assess_module/cs__assess_module.h +25 -0
data/ext/cs__assess_module/extconf.rb +2 -0
data/ext/cs__assess_regexp/cs__assess_regexp.c +48 -0
data/ext/cs__assess_regexp/cs__assess_regexp.h +22 -0
data/ext/cs__assess_regexp/extconf.rb +2 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +63 -0
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +29 -0
data/ext/cs__assess_regexp_track/extconf.rb +2 -0
data/ext/cs__assess_string/cs__assess_string.c +38 -0
data/ext/cs__assess_string/cs__assess_string.h +19 -0
data/ext/cs__assess_string/extconf.rb +2 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +31 -0
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +13 -0
data/ext/cs__assess_string_interpolation26/extconf.rb +2 -0
data/ext/cs__common/cs__common.c +60 -0
data/ext/cs__common/cs__common.h +28 -0
data/ext/cs__common/extconf.rb +20 -0
data/ext/cs__contrast_patch/cs__contrast_patch.c +445 -0
data/ext/cs__contrast_patch/cs__contrast_patch.h +196 -0
data/ext/cs__contrast_patch/extconf.rb +2 -0
data/ext/cs__protect_kernel/cs__protect_kernel.c +37 -0
data/ext/cs__protect_kernel/cs__protect_kernel.h +11 -0
data/ext/cs__protect_kernel/extconf.rb +2 -0
data/ext/cs__scope/cs__scope.c +96 -0
data/ext/cs__scope/cs__scope.h +33 -0
data/ext/cs__scope/extconf.rb +2 -0
data/ext/extconf_common.rb +49 -0
data/funchook/LICENSE +360 -0
data/funchook/Makefile +29 -0
data/funchook/Makefile.in +29 -0
data/funchook/README.md +121 -0
data/funchook/appveyor.yml +42 -0
data/funchook/autogen.sh +3 -0
data/funchook/autom4te.cache/output.0 +4976 -0
data/funchook/autom4te.cache/requests +78 -0
data/funchook/autom4te.cache/traces.0 +364 -0
data/funchook/config.guess +1530 -0
data/funchook/config.log +490 -0
data/funchook/config.status +1016 -0
data/funchook/config.sub +1773 -0
data/funchook/configure +4976 -0
data/funchook/configure.ac +59 -0
data/funchook/distorm/COPYING +26 -0
data/funchook/distorm/MANIFEST +25 -0
data/funchook/distorm/MANIFEST.in +4 -0
data/funchook/distorm/README.md +12 -0
data/funchook/distorm/disOps/disOps.py +795 -0
data/funchook/distorm/disOps/x86db.py +404 -0
data/funchook/distorm/disOps/x86header.py +247 -0
data/funchook/distorm/disOps/x86sets.py +1664 -0
data/funchook/distorm/examples/cs/TestdiStorm/Program.cs +79 -0
data/funchook/distorm/examples/cs/TestdiStorm/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/TestdiStorm/TestdiStorm.csproj +69 -0
data/funchook/distorm/examples/cs/distorm-net.sln +26 -0
data/funchook/distorm/examples/cs/distorm-net/CodeInfo.cs +23 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedInst.cs +15 -0
data/funchook/distorm/examples/cs/distorm-net/DecodedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedInst.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/DecomposedResult.cs +14 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.cs +1268 -0
data/funchook/distorm/examples/cs/distorm-net/Opcodes.tt +37 -0
data/funchook/distorm/examples/cs/distorm-net/Operand.cs +25 -0
data/funchook/distorm/examples/cs/distorm-net/Properties/AssemblyInfo.cs +36 -0
data/funchook/distorm/examples/cs/distorm-net/diStorm3.cs +411 -0
data/funchook/distorm/examples/cs/distorm-net/distorm-net.csproj +80 -0
data/funchook/distorm/examples/cs/readme +3 -0
data/funchook/distorm/examples/ddk/README +48 -0
data/funchook/distorm/examples/ddk/distorm.ini +11 -0
data/funchook/distorm/examples/ddk/dummy.c +15 -0
data/funchook/distorm/examples/ddk/main.c +91 -0
data/funchook/distorm/examples/ddk/makefile +1 -0
data/funchook/distorm/examples/ddk/sources +10 -0
data/funchook/distorm/examples/java/Makefile +23 -0
data/funchook/distorm/examples/java/distorm/src/Main.java +43 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/CodeInfo.java +27 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedInst.java +32 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedInst.java +89 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedResult.java +11 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/OpcodeEnum.java +131 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Opcodes.java +1123 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/Operand.java +24 -0
data/funchook/distorm/examples/java/distorm/src/diStorm3/distorm3.java +41 -0
data/funchook/distorm/examples/java/jdistorm.c +405 -0
data/funchook/distorm/examples/java/jdistorm.h +40 -0
data/funchook/distorm/examples/java/jdistorm.sln +20 -0
data/funchook/distorm/examples/java/jdistorm.vcproj +208 -0
data/funchook/distorm/examples/linux/Makefile +15 -0
data/funchook/distorm/examples/linux/main.c +181 -0
data/funchook/distorm/examples/tests/Makefile +15 -0
data/funchook/distorm/examples/tests/main.cpp +42 -0
data/funchook/distorm/examples/tests/main.py +66 -0
data/funchook/distorm/examples/tests/test_distorm3.py +1672 -0
data/funchook/distorm/examples/tests/tests.sln +20 -0
data/funchook/distorm/examples/tests/tests.vcxproj +82 -0
data/funchook/distorm/examples/tests/tests.vcxproj.filters +22 -0
data/funchook/distorm/examples/win32/disasm.sln +25 -0
data/funchook/distorm/examples/win32/disasm.vcxproj +201 -0
data/funchook/distorm/examples/win32/disasm.vcxproj.filters +14 -0
data/funchook/distorm/examples/win32/main.cpp +163 -0
data/funchook/distorm/include/distorm.h +482 -0
data/funchook/distorm/include/mnemonics.h +301 -0
data/funchook/distorm/make/linux/Makefile +28 -0
data/funchook/distorm/make/mac/Makefile +24 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj +239 -0
data/funchook/distorm/make/win32/cdistorm.vcxproj.filters +80 -0
data/funchook/distorm/make/win32/distorm.sln +25 -0
data/funchook/distorm/make/win32/resource.h +14 -0
data/funchook/distorm/make/win32/resource.rc +99 -0
data/funchook/distorm/python/distorm3/__init__.py +957 -0
data/funchook/distorm/python/distorm3/sample.py +51 -0
data/funchook/distorm/setup.cfg +10 -0
data/funchook/distorm/setup.py +266 -0
data/funchook/distorm/src/config.h +169 -0
data/funchook/distorm/src/decoder.c +641 -0
data/funchook/distorm/src/decoder.h +33 -0
data/funchook/distorm/src/distorm.c +413 -0
data/funchook/distorm/src/instructions.c +597 -0
data/funchook/distorm/src/instructions.h +463 -0
data/funchook/distorm/src/insts.c +7939 -0
data/funchook/distorm/src/insts.h +64 -0
data/funchook/distorm/src/mnemonics.c +284 -0
data/funchook/distorm/src/operands.c +1290 -0
data/funchook/distorm/src/operands.h +28 -0
data/funchook/distorm/src/prefix.c +368 -0
data/funchook/distorm/src/prefix.h +64 -0
data/funchook/distorm/src/textdefs.c +172 -0
data/funchook/distorm/src/textdefs.h +57 -0
data/funchook/distorm/src/wstring.c +47 -0
data/funchook/distorm/src/wstring.h +35 -0
data/funchook/distorm/src/x86defs.h +82 -0
data/funchook/include/funchook.h +123 -0
data/funchook/install-sh +527 -0
data/funchook/src/Makefile +70 -0
data/funchook/src/Makefile.in +70 -0
data/funchook/src/__strerror.h +109 -0
data/funchook/src/config.h +101 -0
data/funchook/src/config.h.in +100 -0
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.c +440 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_internal.h +155 -0
data/funchook/src/funchook_io.c +182 -0
data/funchook/src/funchook_io.h +64 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.S +134 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.c +480 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_windows.c +397 -0
data/funchook/src/funchook_x86.c +622 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.so +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.c +115 -0
data/funchook/src/os_func.h +75 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.c +94 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/os_func_windows.c +32 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.c +1688 -0
data/funchook/src/printf_base.h +46 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +43 -0
data/funchook/test/Makefile.in +43 -0
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.c +25 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/libfunchook_test2.c +18 -0
data/funchook/test/suffix.list +600 -0
data/funchook/test/test_main.c +430 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.S +10 -0
data/funchook/test/x86_64_test.o +0 -0
data/funchook/test/x86_test.S +339 -0
data/funchook/win32/config.h +1 -0
data/funchook/win32/funchook.sln +52 -0
data/funchook/win32/funchook.vcxproj +188 -0
data/funchook/win32/funchook.vcxproj.filters +84 -0
data/funchook/win32/funchook_test.vcxproj +170 -0
data/funchook/win32/funchook_test.vcxproj.filters +22 -0
data/funchook/win32/funchook_test_dll.vcxproj +184 -0
data/funchook/win32/funchook_test_dll.vcxproj.filters +30 -0
data/funchook/win32/funchook_test_exe.def +3 -0
data/lib/contrast-agent.rb +8 -0
data/lib/contrast.rb +57 -0
data/lib/contrast/agent.rb +80 -0
data/lib/contrast/agent/assess.rb +45 -0
data/lib/contrast/agent/assess/adjusted_span.rb +25 -0
data/lib/contrast/agent/assess/class_reverter.rb +82 -0
data/lib/contrast/agent/assess/contrast_event.rb +398 -0
data/lib/contrast/agent/assess/frozen_properties.rb +41 -0
data/lib/contrast/agent/assess/insulator.rb +53 -0
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +78 -0
data/lib/contrast/agent/assess/policy/patcher.rb +85 -0
data/lib/contrast/agent/assess/policy/policy.rb +116 -0
data/lib/contrast/agent/assess/policy/policy_node.rb +289 -0
data/lib/contrast/agent/assess/policy/policy_scanner.rb +44 -0
data/lib/contrast/agent/assess/policy/preshift.rb +94 -0
data/lib/contrast/agent/assess/policy/propagation_method.rb +260 -0
data/lib/contrast/agent/assess/policy/propagation_node.rb +127 -0
data/lib/contrast/agent/assess/policy/propagator.rb +35 -0
data/lib/contrast/agent/assess/policy/propagator/append.rb +54 -0
data/lib/contrast/agent/assess/policy/propagator/base.rb +37 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/custom.rb +36 -0
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +62 -0
data/lib/contrast/agent/assess/policy/propagator/insert.rb +55 -0
data/lib/contrast/agent/assess/policy/propagator/keep.rb +26 -0
data/lib/contrast/agent/assess/policy/propagator/next.rb +42 -0
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +50 -0
data/lib/contrast/agent/assess/policy/propagator/remove.rb +76 -0
data/lib/contrast/agent/assess/policy/propagator/replace.rb +27 -0
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +38 -0
data/lib/contrast/agent/assess/policy/propagator/select.rb +86 -0
data/lib/contrast/agent/assess/policy/propagator/splat.rb +60 -0
data/lib/contrast/agent/assess/policy/propagator/split.rb +49 -0
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +169 -0
data/lib/contrast/agent/assess/policy/propagator/trim.rb +81 -0
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +79 -0
data/lib/contrast/agent/assess/policy/source_method.rb +209 -0
data/lib/contrast/agent/assess/policy/source_node.rb +62 -0
data/lib/contrast/agent/assess/policy/trigger_method.rb +209 -0
data/lib/contrast/agent/assess/policy/trigger_node.rb +198 -0
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +77 -0
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +31 -0
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +40 -0
data/lib/contrast/agent/assess/properties.rb +392 -0
data/lib/contrast/agent/assess/rule.rb +18 -0
data/lib/contrast/agent/assess/rule/base.rb +72 -0
data/lib/contrast/agent/assess/rule/csrf.rb +66 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +28 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +69 -0
data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +132 -0
data/lib/contrast/agent/assess/rule/provider.rb +21 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +62 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +73 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +121 -0
data/lib/contrast/agent/assess/rule/redos.rb +68 -0
data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +47 -0
data/lib/contrast/agent/assess/rule/response_watcher.rb +36 -0
data/lib/contrast/agent/assess/rule/watcher.rb +36 -0
data/lib/contrast/agent/assess/tag.rb +151 -0
data/lib/contrast/agent/at_exit_hook.rb +33 -0
data/lib/contrast/agent/class_reopener.rb +195 -0
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +26 -0
data/lib/contrast/agent/deadzone/policy/policy.rb +57 -0
data/lib/contrast/agent/disable_reaction.rb +24 -0
data/lib/contrast/agent/exclusion_matcher.rb +190 -0
data/lib/contrast/agent/feature_state.rb +379 -0
data/lib/contrast/agent/inventory/policy/policy.rb +32 -0
data/lib/contrast/agent/inventory/policy/trigger_node.rb +22 -0
data/lib/contrast/agent/logger_manager.rb +116 -0
data/lib/contrast/agent/middleware.rb +352 -0
data/lib/contrast/agent/module_data.rb +16 -0
data/lib/contrast/agent/patching/policy/after_load_patch.rb +37 -0
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +58 -0
data/lib/contrast/agent/patching/policy/method_policy.rb +94 -0
data/lib/contrast/agent/patching/policy/module_policy.rb +116 -0
data/lib/contrast/agent/patching/policy/patch.rb +312 -0
data/lib/contrast/agent/patching/policy/patch_status.rb +192 -0
data/lib/contrast/agent/patching/policy/patcher.rb +310 -0
data/lib/contrast/agent/patching/policy/policy.rb +138 -0
data/lib/contrast/agent/patching/policy/policy_node.rb +80 -0
data/lib/contrast/agent/patching/policy/policy_unpatcher.rb +28 -0
data/lib/contrast/agent/patching/policy/trigger_node.rb +81 -0
data/lib/contrast/agent/protect/policy/policy.rb +37 -0
data/lib/contrast/agent/protect/policy/trigger_node.rb +23 -0
data/lib/contrast/agent/protect/rule.rb +58 -0
data/lib/contrast/agent/protect/rule/base.rb +300 -0
data/lib/contrast/agent/protect/rule/base_service.rb +88 -0
data/lib/contrast/agent/protect/rule/cmd_injection.rb +156 -0
data/lib/contrast/agent/protect/rule/csrf.rb +118 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +103 -0
data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +85 -0
data/lib/contrast/agent/protect/rule/default_scanner.rb +300 -0
data/lib/contrast/agent/protect/rule/deserialization.rb +193 -0
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +80 -0
data/lib/contrast/agent/protect/rule/no_sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +40 -0
data/lib/contrast/agent/protect/rule/path_traversal.rb +143 -0
data/lib/contrast/agent/protect/rule/sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +16 -0
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +38 -0
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +22 -0
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +19 -0
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +20 -0
data/lib/contrast/agent/protect/rule/xss.rb +24 -0
data/lib/contrast/agent/protect/rule/xxe.rb +120 -0
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +82 -0
data/lib/contrast/agent/railtie.rb +30 -0
data/lib/contrast/agent/reaction_processor.rb +47 -0
data/lib/contrast/agent/request.rb +493 -0
data/lib/contrast/agent/request_context.rb +225 -0
data/lib/contrast/agent/require_state.rb +61 -0
data/lib/contrast/agent/response.rb +215 -0
data/lib/contrast/agent/rewriter.rb +244 -0
data/lib/contrast/agent/scope.rb +28 -0
data/lib/contrast/agent/service_heartbeat.rb +37 -0
data/lib/contrast/agent/settings_state.rb +148 -0
data/lib/contrast/agent/socket_client.rb +125 -0
data/lib/contrast/agent/thread.rb +26 -0
data/lib/contrast/agent/tracepoint_hook.rb +51 -0
data/lib/contrast/agent/version.rb +8 -0
data/lib/contrast/api.rb +17 -0
data/lib/contrast/api/.gitkeep +0 -0
data/lib/contrast/api/connection_status.rb +49 -0
data/lib/contrast/api/socket.rb +43 -0
data/lib/contrast/api/speedracer.rb +206 -0
data/lib/contrast/api/tcp_socket.rb +31 -0
data/lib/contrast/api/unix_socket.rb +25 -0
data/lib/contrast/common_agent_configuration.rb +86 -0
data/lib/contrast/components/agent.rb +85 -0
data/lib/contrast/components/app_context.rb +188 -0
data/lib/contrast/components/assess.rb +67 -0
data/lib/contrast/components/config.rb +135 -0
data/lib/contrast/components/contrast_service.rb +113 -0
data/lib/contrast/components/heap_dump.rb +34 -0
data/lib/contrast/components/interface.rb +178 -0
data/lib/contrast/components/inventory.rb +23 -0
data/lib/contrast/components/logger.rb +92 -0
data/lib/contrast/components/protect.rb +38 -0
data/lib/contrast/components/sampling.rb +41 -0
data/lib/contrast/components/scope.rb +106 -0
data/lib/contrast/components/settings.rb +140 -0
data/lib/contrast/config.rb +33 -0
data/lib/contrast/config/agent_configuration.rb +24 -0
data/lib/contrast/config/application_configuration.rb +27 -0
data/lib/contrast/config/assess_configuration.rb +22 -0
data/lib/contrast/config/assess_rules_configuration.rb +18 -0
data/lib/contrast/config/base_configuration.rb +105 -0
data/lib/contrast/config/default_value.rb +16 -0
data/lib/contrast/config/exception_configuration.rb +21 -0
data/lib/contrast/config/heap_dump_configuration.rb +23 -0
data/lib/contrast/config/inventory_configuration.rb +20 -0
data/lib/contrast/config/logger_configuration.rb +20 -0
data/lib/contrast/config/protect_configuration.rb +20 -0
data/lib/contrast/config/protect_rule_configuration.rb +37 -0
data/lib/contrast/config/protect_rules_configuration.rb +30 -0
data/lib/contrast/config/root_configuration.rb +26 -0
data/lib/contrast/config/ruby_configuration.rb +39 -0
data/lib/contrast/config/sampling_configuration.rb +22 -0
data/lib/contrast/config/server_configuration.rb +23 -0
data/lib/contrast/config/service_configuration.rb +22 -0
data/lib/contrast/configuration.rb +214 -0
data/lib/contrast/core_extensions/assess.rb +51 -0
data/lib/contrast/core_extensions/assess/array.rb +58 -0
data/lib/contrast/core_extensions/assess/assess_extension.rb +145 -0
data/lib/contrast/core_extensions/assess/basic_object.rb +15 -0
data/lib/contrast/core_extensions/assess/erb.rb +42 -0
data/lib/contrast/core_extensions/assess/exec_trigger.rb +48 -0
data/lib/contrast/core_extensions/assess/fiber.rb +125 -0
data/lib/contrast/core_extensions/assess/hash.rb +22 -0
data/lib/contrast/core_extensions/assess/kernel.rb +95 -0
data/lib/contrast/core_extensions/assess/module.rb +14 -0
data/lib/contrast/core_extensions/assess/regexp.rb +206 -0
data/lib/contrast/core_extensions/assess/string.rb +75 -0
data/lib/contrast/core_extensions/assess/tilt_template_trigger.rb +73 -0
data/lib/contrast/core_extensions/delegator.rb +14 -0
data/lib/contrast/core_extensions/eval_trigger.rb +52 -0
data/lib/contrast/core_extensions/inventory.rb +22 -0
data/lib/contrast/core_extensions/inventory/datastores.rb +37 -0
data/lib/contrast/core_extensions/module.rb +42 -0
data/lib/contrast/core_extensions/object.rb +27 -0
data/lib/contrast/core_extensions/protect.rb +20 -0
data/lib/contrast/core_extensions/protect/applies_command_injection_rule.rb +70 -0
data/lib/contrast/core_extensions/protect/applies_deserialization_rule.rb +58 -0
data/lib/contrast/core_extensions/protect/applies_no_sqli_rule.rb +81 -0
data/lib/contrast/core_extensions/protect/applies_path_traversal_rule.rb +119 -0
data/lib/contrast/core_extensions/protect/applies_sqli_rule.rb +63 -0
data/lib/contrast/core_extensions/protect/applies_xxe_rule.rb +141 -0
data/lib/contrast/core_extensions/protect/kernel.rb +30 -0
data/lib/contrast/core_extensions/protect/psych.rb +7 -0
data/lib/contrast/core_extensions/thread.rb +31 -0
data/lib/contrast/internal_exception.rb +8 -0
data/lib/contrast/rails_extensions/assess/action_controller_inheritance.rb +48 -0
data/lib/contrast/rails_extensions/assess/active_record.rb +32 -0
data/lib/contrast/rails_extensions/assess/active_record_named.rb +61 -0
data/lib/contrast/rails_extensions/assess/configuration.rb +26 -0
data/lib/contrast/rails_extensions/buffer.rb +30 -0
data/lib/contrast/rails_extensions/rack.rb +45 -0
data/lib/contrast/security_exception.rb +14 -0
data/lib/contrast/sinatra_extensions/assess/cookie.rb +26 -0
data/lib/contrast/sinatra_extensions/inventory/sinatra_base.rb +59 -0
data/lib/contrast/tasks/service.rb +95 -0
data/lib/contrast/utils/assess/sampling_util.rb +96 -0
data/lib/contrast/utils/assess/tracking_util.rb +39 -0
data/lib/contrast/utils/boolean_util.rb +33 -0
data/lib/contrast/utils/cache.rb +69 -0
data/lib/contrast/utils/class_util.rb +58 -0
data/lib/contrast/utils/comment_range.rb +19 -0
data/lib/contrast/utils/data_store_util.rb +23 -0
data/lib/contrast/utils/duck_utils.rb +58 -0
data/lib/contrast/utils/env_configuration_item.rb +52 -0
data/lib/contrast/utils/environment_util.rb +152 -0
data/lib/contrast/utils/freeze_util.rb +36 -0
data/lib/contrast/utils/gemfile_reader.rb +191 -0
data/lib/contrast/utils/hash_digest.rb +148 -0
data/lib/contrast/utils/heap_dump_util.rb +113 -0
data/lib/contrast/utils/invalid_configuration_util.rb +88 -0
data/lib/contrast/utils/inventory_util.rb +126 -0
data/lib/contrast/utils/io_util.rb +61 -0
data/lib/contrast/utils/object_share.rb +117 -0
data/lib/contrast/utils/operating_environment.rb +38 -0
data/lib/contrast/utils/os.rb +49 -0
data/lib/contrast/utils/path_util.rb +151 -0
data/lib/contrast/utils/performs_logging.rb +152 -0
data/lib/contrast/utils/preflight_util.rb +13 -0
data/lib/contrast/utils/prevent_serialization.rb +52 -0
data/lib/contrast/utils/rack_assess_session_cookie.rb +104 -0
data/lib/contrast/utils/rails_assess_configuration.rb +95 -0
data/lib/contrast/utils/random_util.rb +22 -0
data/lib/contrast/utils/resource_loader.rb +23 -0
data/lib/contrast/utils/ruby_ast_rewriter.rb +74 -0
data/lib/contrast/utils/scope_util.rb +99 -0
data/lib/contrast/utils/service_response_util.rb +116 -0
data/lib/contrast/utils/service_sender_util.rb +98 -0
data/lib/contrast/utils/sha256_builder.rb +69 -0
data/lib/contrast/utils/sinatra_helper.rb +49 -0
data/lib/contrast/utils/stack_trace_utils.rb +209 -0
data/lib/contrast/utils/string_utils.rb +72 -0
data/lib/contrast/utils/tag_util.rb +139 -0
data/lib/contrast/utils/thread_tracker.rb +54 -0
data/lib/contrast/utils/timer.rb +78 -0
data/resources/assess/policy.json +1673 -0
data/resources/csrf/inject.js +44 -0
data/resources/deadzone/policy.json +55 -0
data/resources/factory-bot-spec/spec_helper.rb +30 -0
data/resources/inventory/policy.json +110 -0
data/resources/protect/policy.json +417 -0
data/resources/rubocops/kernel/catch_cop.rb +37 -0
data/resources/rubocops/kernel/require_cop.rb +37 -0
data/resources/rubocops/kernel/require_relative_cop.rb +33 -0
data/resources/rubocops/module/autoload_cop.rb +37 -0
data/resources/rubocops/module/const_defined_cop.rb +37 -0
data/resources/rubocops/module/const_get_cop.rb +37 -0
data/resources/rubocops/module/const_set_cop.rb +37 -0
data/resources/rubocops/module/constants_cop.rb +37 -0
data/resources/rubocops/module/name_cop.rb +37 -0
data/resources/rubocops/object/class_cop.rb +37 -0
data/resources/rubocops/object/freeze_cop.rb +37 -0
data/resources/rubocops/object/frozen_cop.rb +37 -0
data/resources/rubocops/object/is_a_cop.rb +37 -0
data/resources/rubocops/object/method_cop.rb +37 -0
data/resources/rubocops/object/respond_to_cop.rb +37 -0
data/resources/rubocops/object/singleton_class_cop.rb +37 -0
data/resources/rubocops/regexp/spelling_cop.rb +44 -0
data/resources/rubocops/thread/new_cop.rb +39 -0
data/resources/ruby-spec/ancestors_spec.rb +70 -0
data/resources/ruby-spec/modulo_spec.rb +831 -0
data/resources/ruby-spec/parameters_spec.rb +261 -0
data/resources/ruby-spec/ruby_spec_spec_helper.rb +35 -0
data/resources/test_marker.txt +1 -0
data/ruby-agent.gemspec +129 -0
data/service_executables/.gitkeep +0 -0
data/service_executables/VERSION +1 -0
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +945 -0

data/lib/contrast/agent/protect/rule/csrf.rb ADDED

@@ -0,0 +1,118 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'rack'
+cs__scoped_require 'contrast/utils/object_share'
+cs__scoped_require 'contrast/agent/request'
+cs__scoped_require 'contrast/agent/response'
+cs__scoped_require 'contrast/utils/stack_trace_utils'
+cs__scoped_require 'contrast/utils/timer'
+module Contrast
+  module Agent
+    module Protect
+      module Rule
+        # The Ruby implementation of the Protect Cross-Site Request Forgery
+        # rule.
+        class Csrf < Contrast::Agent::Protect::Rule::Base
+          NAME = 'csrf'
+          def name
+            NAME
+          end
+          def stream_safe?
+            false
+          end
+          def request_evaluator
+            @_request_evaluator ||= Contrast::Agent::Protect::Rule::Csrf::CsrfEvaluator.new
+          end
+          def token_injector
+            @_token_injector ||= Contrast::Agent::Protect::Rule::Csrf::CsrfTokenInjector.new
+          end
+          BLOCK_MESSAGE = 'CSRF rule triggered. Request blocked.'
+          def prefilter context
+            return unless enabled? && mode != :NO_ACTION
+            request = context.request
+            return if request_evaluator.can_ignore_check?(request)
+            parameters = request.parameters
+            return unless parameters&.any?
+            tokens = parameters[token_injector.token_name]
+            expected_token = token_injector.get_expected_token(context)
+            return if valid_token?(expected_token, tokens)
+            # unexpected token is interpreted as an attack with a match
+            ia_result = Contrast::Api::Settings::InputAnalysisResult.new
+            ia_result.input_type = :BODY
+            ia_result.value = build_attack_string(context.request)
+            result = build_attack_with_match(
+                context,
+                ia_result,
+                nil,
+                expected_token,
+                details: build_details(expected_token, tokens))
+            append_to_activity(context, result)
+            raise Contrast::SecurityException.new(self, BLOCK_MESSAGE) if blocked?
+          end
+          def valid_token? expected, actual_tokens
+            actual_tokens&.include?(expected)
+          end
+          def postfilter context
+            return unless enabled? && POSTFILTER_MODES.include?(mode)
+            token_injector.do_injection(context)
+          end
+          def build_sample context, evaluation, _url, **kwargs
+            sample = build_base_sample(context, evaluation)
+            sample.csrf = kwargs[:details]
+            sample
+          end
+          # Build a subclass of the RaspRuleSample using the query string and the
+          # evaluation
+          def build_details expected, actual_tokens
+            details = Contrast::Api::Dtm::CsrfDetails.new
+            details.name = Contrast::Utils::StringUtils.protobuf_safe_string(token_injector.token_name)
+            details.expected = Contrast::Utils::StringUtils.protobuf_safe_string(expected)
+            presented = build_presented_token(actual_tokens)
+            details.presented = Contrast::Utils::StringUtils.protobuf_safe_string(presented)
+            details
+          end
+          def build_presented_token actual_tokens
+            return Contrast::Utils::ObjectShare::EMPTY_STRING unless actual_tokens&.any?
+            actual_tokens.first
+          end
+          # Convert the request parameters into an attack string
+          def build_attack_string request
+            arr = []
+            request.dtm.normalized_request_params.each_with_index do |(name, value), index|
+              arr << Contrast::Utils::ObjectShare::AND unless index.zero?
+              arr += [name.to_s, Contrast::Utils::ObjectShare::EQUALS, value.values.to_s]
+            end
+            if arr.empty?
+              request.query_string
+            else
+              arr.join
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb ADDED

@@ -0,0 +1,103 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/utils/object_share'
+cs__scoped_require 'contrast/components/interface'
+cs__scoped_require 'uri'
+# This class is used by the CSRF rule to determine if the given Request is
+# susceptible to CSRF / if the rule applies to it.
+class Contrast::Agent::Protect::Rule::Csrf::CsrfEvaluator # rubocop:disable Style/ClassAndModuleChildren
+  include Contrast::Components::Interface
+  access_component :logging
+  def can_ignore_check? request
+    if !form_submittable_method?(request)
+      logger.debug("Ignoring method #{ request.request_method } for URI #{ request.uri }")
+      true
+    elsif ajax_request?(request)
+      logger.debug("Ignoring Ajax request for URI #{ request.uri }")
+      true
+    elsif empty_post?(request)
+      logger.debug("Ignoring empty POST request for URI #{ request.uri }")
+      true
+    elsif !form_content_type?(request)
+      logger.debug("Ignoring POST request with Content-Type #{ request.content_type } for URI #{ request.uri }")
+      true
+    elsif request.static_request?
+      logger.debug("Ignoring static request for URI #{ request.uri }")
+      true
+    elsif origin_is_referer?(request)
+      logger.debug("Ignoring equivalent origin-referer for URI #{ request.uri }")
+      true
+    elsif login_page?(request)
+      logger.debug("Ignoring possible login page for URI #{ request.uri }")
+      true
+    else
+      false
+    end
+  rescue StandardError => e
+    logger.warn(e, 'Unable to determine if CSRF can be ignored')
+  end
+  POST_METHOD = 'POST'
+  def form_submittable_method? request
+    POST_METHOD == request.request_method
+  end
+  REQUESTED_WITH = 'X-REQUESTED-WITH'
+  def ajax_request? request
+    requested_with = request.header_value(REQUESTED_WITH)
+    !requested_with.nil? && !requested_with.empty?
+  end
+  USER_AGENT = 'USER-AGENT'
+  def empty_user_agent? request
+    agent = request.header_value(USER_AGENT)
+    agent.nil? || agent.empty?
+  end
+  def empty_post? request
+    request.request_body_str.empty? && (request.query_string.nil? || request.query_string.empty?)
+  end
+  FORM_CONTENT_TYPES = %w[text/plain multipart/form-data application/x-www-form-urlencoded].cs__freeze
+  def form_content_type? request
+    content_type = request.content_type
+    return true if content_type.nil? || content_type.empty?
+    content_type.start_with?(*FORM_CONTENT_TYPES)
+  end
+  ORIGIN = 'ORIGIN'
+  REFERER = 'REFERER'
+  def origin_is_referer? request
+    origin = request.header_value(ORIGIN)
+    referer = request.header_value(REFERER)
+    return false unless origin && referer
+    return false if origin.empty? || referer.empty?
+    origin = trim_origin(origin)
+    referer = URI(referer).host
+    origin == referer
+  end
+  HTTP = 'http://'
+  HTTPS = 'https://'
+  def trim_origin origin_header
+    origin_header = if origin_header.to_s.start_with?(HTTP, HTTPS)
+                      URI(origin_header).host
+                    else
+                      idx = origin_header.index(Contrast::Utils::ObjectShare::COLON)
+                      idx.nil? ? origin_header : origin_header[0, idx]
+                    end
+    origin_header
+  end
+  LOGIN_MARKERS = %w[login auth j_security verify validate sessions].cs__freeze
+  def login_page? request
+    url = request.url.downcase
+    LOGIN_MARKERS.any? { |marker| url.index(marker) }
+  end
+end

data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb ADDED

@@ -0,0 +1,85 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+cs__scoped_require 'contrast/utils/object_share'
+cs__scoped_require 'contrast/utils/random_util'
+# This class is used by the CSRF rule to inject the Contrast CSRF token into
+# the Response's body, allowing for the detection of CSRF attacks.
+class Contrast::Agent::Protect::Rule::Csrf::CsrfTokenInjector # rubocop:disable Style/ClassAndModuleChildren
+  TKN_NAME = 'cs_csrf_tkn'
+  def token_name
+    TKN_NAME
+  end
+  SESSION_TOKEN_PREFIX = '__CONTRAST__'
+  def token_key
+    @_token_key ||= SESSION_TOKEN_PREFIX + token_name
+  end
+  def javascript
+    @_javascript ||= build_javascript
+  end
+  SCRIPT_LOC = File.join('csrf', 'inject.js').cs__freeze
+  NAME_MARKER = '!TOKEN_NAME!'
+  VALUE_MARKER = '!TOKEN_VALUE!'
+  def build_javascript
+    script = Contrast::Utils::ResourceLoader.load(SCRIPT_LOC)
+    script&.sub!(NAME_MARKER, TKN_NAME)
+    script
+  end
+  CSRF_TOKEN_LENGTH = 8
+  def get_expected_token context
+    cookies = context.request.request_cookies
+    token = cookies[token_key]
+    return token if token
+    return unless context.response
+    build_token(context)
+  end
+  def build_token context
+    token = Contrast::Utils::RandomUtil.secure_random_string(CSRF_TOKEN_LENGTH)
+    context&.response&.set_header(token_key, token)
+    token
+  end
+  CONTENT_TYPE = 'CONTENT-TYPE'
+  def wedge_token? response
+    return true unless response
+    content_type = response.header(CONTENT_TYPE)
+    return true unless content_type
+    content_type = content_type.to_s
+    !content_type.start_with?(*DATA_CONTENT_TYPES)
+  end
+  END_BODY_TAG = %r{</body>}i.cs__freeze
+  def do_injection context
+    return unless wedge_token?(context&.response)
+    body_string = context&.response&.body
+    return unless body_string
+    index = body_string.index(END_BODY_TAG)
+    return unless index
+    injection = get_expected_token(context)
+    return unless injection
+    injection = javascript.sub(VALUE_MARKER, injection)
+    body_string.insert(index, injection)
+    context&.response&.update_body(body_string)
+  end
+  DATA_CONTENT_TYPES = [
+    'image/', 'audio/', 'video/',
+    'application/json', 'application/xml',
+    'application/octet', 'application/force',
+    'text/json', 'text/xml'
+  ].cs__freeze
+end

data/lib/contrast/agent/protect/rule/default_scanner.rb ADDED

@@ -0,0 +1,300 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+# The base class used to determine if a user input crosses a token boundary or
+# state, indicating a successful attack using SQL or NoSQL Injection.
+#
+# @deprecated RUBY-356: this class and those that extend it are being phased out
+#   in favor of the more performant code in the Service.
+class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/ClassAndModuleChildren
+  # Potential states
+  # :STATE_INSIDE_TOKEN
+  # :STATE_INSIDE_NUMBER
+  # :STATE_EXPECTING_TOKEN
+  # :STATE_INSIDE_DOUBLEQUOTE
+  # :STATE_INSIDE_SINGLEQUOTE
+  # :STATE_INSIDE_STRING_ESCAPE_BLOCK
+  # :STATE_INSIDE_LINE_COMMENT  # inside a comment that will continue to the end of the line
+  # :STATE_INSIDE_BLOCK_COMMENT # inside a commend that will end with a closing tag
+  # :STATE_SKIP_NEXT_CHARACTER
+  def crosses_boundary query, index, input
+    last_boundary = 0
+    token_boundaries(query).each do |boundary|
+      if boundary > index
+        return last_boundary, boundary if boundary < index + input.length
+        break
+      end
+      last_boundary = boundary
+    end
+    nil
+  end
+  def token_boundaries query
+    @_token_boundaries ||= scan_token_boundaries(query)
+  end
+  CANARY = "select * from tbl where bar='bar';#' and pwd='sec3r3t'; # CANARY"
+  def scan_token_boundaries query
+    boundaries = []
+    return boundaries unless query && !query.empty?
+    state = :STATE_EXPECTING_TOKEN
+    index = 0
+    while index < query.length
+      char = query[index]
+      previous_state = state
+      state = process_state(boundaries, state, char, index, query)
+      case state
+      when :STATE_SKIP_NEXT_CHARACTER
+        index += 1
+        state = previous_state
+      when :STATE_INSIDE_STRING_ESCAPE_BLOCK
+        index = find_escape_sequence_boundary(query, index + 1)
+        state = previous_state
+      when :STATE_INSIDE_BLOCK_COMMENT
+        index = find_block_comment_boundary(query, index + 2)
+        index += 1
+        state = previous_state
+        boundaries << index
+      when :STATE_INSIDE_LINE_COMMENT
+        index = find_new_line_boundary(query, index + 1)
+        state = previous_state
+        boundaries << index
+      end
+      index += 1
+    end
+    boundaries
+  end
+  def process_state boundaries, current_state, char, index, query
+    case current_state
+    when :STATE_EXPECTING_TOKEN
+      process_expecting_token(boundaries, char, index, query)
+    when :STATE_INSIDE_NUMBER
+      process_number(boundaries, char, index, query)
+    when :STATE_INSIDE_TOKEN
+      process_inside_token(boundaries, char, index, query)
+    when :STATE_INSIDE_DOUBLEQUOTE
+      process_double_quote(boundaries, char, index, query)
+    when :STATE_INSIDE_SINGLEQUOTE
+      process_single_quote(boundaries, char, index, query)
+    end
+  end
+  def process_expecting_token boundaries, char, index, query
+    if char == Contrast::Utils::ObjectShare::SINGLE_QUOTE
+      boundaries << index
+      :STATE_INSIDE_SINGLEQUOTE
+    elsif char == Contrast::Utils::ObjectShare::DOUBLE_QUOTE
+      boundaries << index
+      :STATE_INSIDE_DOUBLEQUOTE
+    elsif char.match?(Contrast::Utils::ObjectShare::DIGIT_REGEXP)
+      boundaries << index
+      :STATE_INSIDE_NUMBER
+    elsif start_line_comment?(char, index, query)
+      boundaries << index
+      :STATE_INSIDE_LINE_COMMENT
+    elsif start_block_comment?(char, index, query)
+      boundaries << index
+      :STATE_INSIDE_BLOCK_COMMENT
+    elsif char.match?(Contrast::Utils::ObjectShare::NOT_WHITE_SPACE_REGEXP)
+      boundaries << index
+      :STATE_INSIDE_TOKEN
+    else
+      :STATE_EXPECTING_TOKEN
+    end
+  end
+  def process_inside_token boundaries, char, index, query
+    if char == Contrast::Utils::ObjectShare::SINGLE_QUOTE
+      boundaries << index
+      :STATE_INSIDE_SINGLEQUOTE
+    elsif char == Contrast::Utils::ObjectShare::DOUBLE_QUOTE
+      boundaries << index
+      :STATE_INSIDE_DOUBLEQUOTE
+    elsif start_line_comment?(char, index, query)
+      boundaries << index
+      :STATE_INSIDE_LINE_COMMENT
+    elsif start_block_comment?(char, index, query)
+      boundaries << index
+      :STATE_INSIDE_BLOCK_COMMENT
+    elsif operator?(char)
+      boundaries << index
+      :STATE_EXPECTING_TOKEN
+    elsif char.match?(Contrast::Utils::ObjectShare::WHITE_SPACE_REGEXP)
+      boundaries << index
+      :STATE_EXPECTING_TOKEN
+    else
+      :STATE_INSIDE_TOKEN
+    end
+  end
+  def process_number boundaries, char, index, _query
+    if char.match?(Contrast::Utils::ObjectShare::DIGIT_REGEXP) || char == Contrast::Utils::ObjectShare::PERIOD
+      :STATE_INSIDE_NUMBER
+    else
+      boundaries << index
+      :STATE_EXPECTING_TOKEN
+    end
+  end
+  def process_double_quote boundaries, char, index, query
+    if escape_char?(char)
+      :STATE_SKIP_NEXT_CHARACTER
+    elsif escape_sequence_start?(char)
+      :STATE_INSIDE_STRING_ESCAPE_BLOCK
+    elsif char == Contrast::Utils::ObjectShare::DOUBLE_QUOTE
+      if double_quote_escape_in_double_quote? && double_quote?(query, index + 1)
+        :STATE_SKIP_NEXT_CHARACTER
+      else
+        boundaries << index
+        :STATE_EXPECTING_TOKEN
+      end
+    else
+      :STATE_INSIDE_DOUBLEQUOTE
+    end
+  end
+  def process_single_quote boundaries, char, index, query
+    if escape_char?(char)
+      :STATE_SKIP_NEXT_CHARACTER
+    elsif escape_sequence_start?(char)
+      :STATE_INSIDE_STRING_ESCAPE_BLOCK
+    elsif char == Contrast::Utils::ObjectShare::SINGLE_QUOTE
+      if singe_quote_escape_in_singe_quote? && single_quote?(query, index + 1)
+        :STATE_SKIP_NEXT_CHARACTER
+      else
+        boundaries << index
+        :STATE_EXPECTING_TOKEN
+      end
+    else
+      :STATE_INSIDE_SINGLEQUOTE
+    end
+  end
+  def double_quote? query, index
+    return false unless index >= 0 && index < query.length
+    query[index] == Contrast::Utils::ObjectShare::DOUBLE_QUOTE
+  end
+  def single_quote? query, index
+    return false unless index >= 0 && index < query.length
+    query[index] == Contrast::Utils::ObjectShare::SINGLE_QUOTE
+  end
+  def find_escape_sequence_boundary query, index
+    idx = index
+    while idx < query.length
+      char = query[idx]
+      break if escape_sequence_end?(char)
+      idx += 1
+    end
+    idx
+  end
+  def find_block_comment_boundary query, index
+    idx = index
+    while idx < query.length
+      char = query[idx]
+      break if end_block_comment?(char, idx, query)
+      idx += 1
+    end
+    idx
+  end
+  def find_new_line_boundary query, index
+    idx = index
+    while idx < query.length
+      char = query[idx]
+      break if char == Contrast::Utils::ObjectShare::NEW_LINE
+      break if char == Contrast::Utils::ObjectShare::RETURN
+      idx += 1
+    end
+    idx
+  end
+  OPERATOR_PATTERN = %r{[+=*^/%><!-]}.cs__freeze
+  def operator? char
+    char.match?(OPERATOR_PATTERN)
+  end
+  # @note: Any class extending this module should override these methods as needed
+  # Are the current and subsequent characters both '-' ?
+  def start_line_comment? char, index, query
+    return false unless char == Contrast::Utils::ObjectShare::DASH
+    return false unless (query.length - 2) >= index
+    query[index + 1] == Contrast::Utils::ObjectShare::DASH
+  end
+  # Is the current character / sequence of characters the start of a block comment
+  # We assume '/*' starts the comment by default
+  def start_block_comment? char, index, query
+    return false unless char == Contrast::Utils::ObjectShare::SLASH
+    return false unless (query.length - 2) >= index
+    query[index + 1] == Contrast::Utils::ObjectShare::ASTERISK
+  end
+  # Is the current character / sequence of characters the end of a block comment
+  # We assume '*/' ends the comment by default
+  def end_block_comment? char, index, query
+    return false unless char == Contrast::Utils::ObjectShare::ASTERISK
+    return false unless (query.length - 2) >= index
+    query[index + 1] == Contrast::Utils::ObjectShare::SLASH
+  end
+  # Indicates if '""' inside of double quotes is the equivalent of '\"'
+  # We assume no by default
+  def double_quote_escape_in_double_quote?
+    false
+  end
+  # Indicates if "''" inside of single quotes is the equivalent of "\'"
+  # We assume yes by default
+  def singe_quote_escape_in_singe_quote?
+    true
+  end
+  # Does this language let the user redefine the escape character
+  # We assume no by default
+  def redefines_escape_char?
+    false
+  end
+  # Is the character provided an escape character?
+  # By default, we'll assume
+  def escape_char? char
+    char == Contrast::Utils::ObjectShare::BACK_SLASH
+  end
+  # Does this language support string escape sequences?
+  # We assume no by default
+  def support_string_escape_sequence?
+    false
+  end
+  # Is this the start of a string escape sequence?
+  # Since escape sequences aren't supported, the answer is always false
+  def escape_sequence_start? _char
+    false
+  end
+  # Is this the end of a string escape sequence?
+  # Since escape sequences aren't supported, the answer is always false
+  def escape_sequence_end? _char
+    false
+  end
+end