contrast-agent 3.9.1 → 6.15.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (705) hide show
  1. checksums.yaml +4 -4
  2. data/.dockerignore +0 -1
  3. data/.flayignore +1 -0
  4. data/.gitignore +8 -5
  5. data/.gitmodules +0 -3
  6. data/.rspec +0 -1
  7. data/.rspec_parallel +6 -0
  8. data/.simplecov +6 -2
  9. data/Gemfile +1 -1
  10. data/LICENSE.txt +1 -1
  11. data/Rakefile +5 -2
  12. data/ext/build_funchook.rb +16 -13
  13. data/ext/cs__assess_array/cs__assess_array.c +50 -6
  14. data/ext/cs__assess_array/cs__assess_array.h +5 -1
  15. data/ext/cs__assess_array/extconf.rb +3 -0
  16. data/ext/cs__assess_basic_object/cs__assess_basic_object.c +39 -17
  17. data/ext/cs__assess_basic_object/cs__assess_basic_object.h +2 -1
  18. data/ext/cs__assess_basic_object/extconf.rb +3 -0
  19. data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +9 -13
  20. data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +3 -4
  21. data/ext/cs__assess_fiber_track/extconf.rb +3 -0
  22. data/ext/cs__assess_hash/cs__assess_hash.c +46 -21
  23. data/ext/cs__assess_hash/cs__assess_hash.h +5 -6
  24. data/ext/cs__assess_hash/extconf.rb +3 -0
  25. data/ext/cs__assess_kernel/cs__assess_kernel.c +29 -15
  26. data/ext/cs__assess_kernel/cs__assess_kernel.h +3 -0
  27. data/ext/cs__assess_kernel/extconf.rb +3 -0
  28. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +57 -23
  29. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +6 -3
  30. data/ext/cs__assess_marshal_module/extconf.rb +3 -0
  31. data/ext/cs__assess_module/cs__assess_module.c +82 -22
  32. data/ext/cs__assess_module/cs__assess_module.h +10 -0
  33. data/ext/cs__assess_module/extconf.rb +3 -0
  34. data/ext/cs__assess_regexp/cs__assess_regexp.c +28 -9
  35. data/ext/cs__assess_regexp/cs__assess_regexp.h +3 -0
  36. data/ext/cs__assess_regexp/extconf.rb +3 -0
  37. data/ext/cs__assess_string/cs__assess_string.c +53 -21
  38. data/ext/cs__assess_string/cs__assess_string.h +7 -1
  39. data/ext/cs__assess_string/extconf.rb +3 -0
  40. data/ext/cs__assess_string_interpolation/cs__assess_string_interpolation.c +39 -0
  41. data/ext/cs__assess_string_interpolation/cs__assess_string_interpolation.h +13 -0
  42. data/ext/cs__assess_string_interpolation/extconf.rb +5 -0
  43. data/ext/cs__assess_test/cs__assess_test.h +9 -0
  44. data/ext/cs__assess_test/cs__assess_tests.c +22 -0
  45. data/ext/cs__assess_test/extconf.rb +5 -0
  46. data/ext/cs__assess_yield_track/cs__assess_yield_track.c +4 -8
  47. data/ext/cs__assess_yield_track/cs__assess_yield_track.h +1 -2
  48. data/ext/cs__assess_yield_track/extconf.rb +3 -0
  49. data/ext/cs__common/cs__common.c +240 -4
  50. data/ext/cs__common/cs__common.h +68 -1
  51. data/ext/cs__common/extconf.rb +3 -16
  52. data/ext/cs__contrast_patch/cs__contrast_patch.c +162 -83
  53. data/ext/cs__contrast_patch/cs__contrast_patch.h +11 -15
  54. data/ext/cs__contrast_patch/extconf.rb +3 -0
  55. data/ext/cs__os_information/cs__os_information.c +34 -0
  56. data/ext/cs__os_information/cs__os_information.h +7 -0
  57. data/ext/cs__os_information/extconf.rb +5 -0
  58. data/ext/cs__scope/cs__scope.c +980 -0
  59. data/ext/cs__scope/cs__scope.h +90 -0
  60. data/ext/cs__scope/extconf.rb +5 -0
  61. data/ext/cs__tests/cs__tests.c +12 -0
  62. data/ext/cs__tests/cs__tests.h +3 -0
  63. data/ext/cs__tests/extconf.rb +5 -0
  64. data/ext/extconf_common.rb +4 -34
  65. data/lib/contrast/agent/assess/assess.rb +23 -0
  66. data/lib/contrast/agent/assess/contrast_object.rb +54 -0
  67. data/lib/contrast/agent/assess/events/event_data.rb +30 -0
  68. data/lib/contrast/agent/assess/finalizers/freeze.rb +15 -0
  69. data/lib/contrast/agent/assess/finalizers/hash.rb +107 -0
  70. data/lib/contrast/agent/{module_data.rb → assess/module_data.rb} +5 -4
  71. data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +23 -48
  72. data/lib/contrast/agent/assess/policy/patcher.rb +13 -48
  73. data/lib/contrast/agent/assess/policy/policy.rb +20 -23
  74. data/lib/contrast/agent/assess/policy/policy_node.rb +97 -200
  75. data/lib/contrast/agent/assess/policy/policy_node_utils.rb +50 -0
  76. data/lib/contrast/agent/assess/policy/policy_scanner.rb +15 -12
  77. data/lib/contrast/agent/assess/policy/preshift.rb +49 -18
  78. data/lib/contrast/agent/assess/policy/propagation_method.rb +200 -194
  79. data/lib/contrast/agent/assess/policy/propagation_node.rb +49 -41
  80. data/lib/contrast/agent/assess/policy/propagator/append.rb +32 -15
  81. data/lib/contrast/agent/assess/policy/propagator/base.rb +5 -3
  82. data/lib/contrast/agent/assess/policy/propagator/buffer.rb +119 -0
  83. data/lib/contrast/agent/assess/policy/propagator/center.rb +12 -8
  84. data/lib/contrast/agent/assess/policy/propagator/custom.rb +7 -3
  85. data/lib/contrast/agent/assess/policy/propagator/database_write.rb +33 -25
  86. data/lib/contrast/agent/assess/policy/propagator/insert.rb +15 -11
  87. data/lib/contrast/agent/assess/policy/propagator/keep.rb +23 -6
  88. data/lib/contrast/agent/assess/policy/propagator/match_data.rb +118 -0
  89. data/lib/contrast/agent/assess/policy/propagator/next.rb +7 -6
  90. data/lib/contrast/agent/assess/policy/propagator/prepend.rb +13 -6
  91. data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +73 -0
  92. data/lib/contrast/agent/assess/policy/propagator/remove.rb +53 -41
  93. data/lib/contrast/agent/assess/policy/propagator/replace.rb +5 -3
  94. data/lib/contrast/agent/assess/policy/propagator/reverse.rb +7 -6
  95. data/lib/contrast/agent/assess/policy/propagator/select.rb +45 -36
  96. data/lib/contrast/agent/assess/policy/propagator/splat.rb +44 -21
  97. data/lib/contrast/agent/assess/policy/propagator/split.rb +133 -147
  98. data/lib/contrast/agent/assess/policy/propagator/substitution.rb +7 -132
  99. data/lib/contrast/agent/assess/policy/propagator/substitution_utils.rb +190 -0
  100. data/lib/contrast/agent/assess/policy/propagator/trim.rb +74 -52
  101. data/lib/contrast/agent/assess/policy/propagator.rb +21 -18
  102. data/lib/contrast/agent/assess/policy/source_method.rb +126 -188
  103. data/lib/contrast/agent/assess/policy/source_node.rb +3 -17
  104. data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +9 -7
  105. data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +3 -5
  106. data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +103 -0
  107. data/lib/contrast/agent/assess/policy/trigger/xpath.rb +57 -0
  108. data/lib/contrast/agent/assess/policy/trigger_method.rb +143 -206
  109. data/lib/contrast/agent/assess/policy/trigger_node.rb +144 -66
  110. data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +98 -0
  111. data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +8 -38
  112. data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +9 -7
  113. data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +6 -15
  114. data/lib/contrast/agent/assess/properties.rb +15 -383
  115. data/lib/contrast/agent/assess/property/evented.rb +58 -0
  116. data/lib/contrast/agent/assess/property/tagged.rb +246 -0
  117. data/lib/contrast/agent/assess/property/updated.rb +131 -0
  118. data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +58 -19
  119. data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +22 -17
  120. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +93 -81
  121. data/lib/contrast/agent/assess/rule/provider.rb +4 -4
  122. data/lib/contrast/agent/assess/rule/response/auto_complete_rule.rb +69 -0
  123. data/lib/contrast/agent/assess/rule/response/base_rule.rb +121 -0
  124. data/lib/contrast/agent/assess/rule/response/body_rule.rb +107 -0
  125. data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +195 -0
  126. data/lib/contrast/agent/assess/rule/response/click_jacking_header_rule.rb +26 -0
  127. data/lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb +100 -0
  128. data/lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb +26 -0
  129. data/lib/contrast/agent/assess/rule/response/framework/rails_support.rb +34 -0
  130. data/lib/contrast/agent/assess/rule/response/header_rule.rb +70 -0
  131. data/lib/contrast/agent/assess/rule/response/hsts_header_rule.rb +36 -0
  132. data/lib/contrast/agent/assess/rule/response/parameters_pollution_rule.rb +61 -0
  133. data/lib/contrast/agent/assess/rule/response/x_content_type_header_rule.rb +26 -0
  134. data/lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb +34 -0
  135. data/lib/contrast/agent/assess/tag.rb +84 -41
  136. data/lib/contrast/agent/assess/tracker.rb +70 -0
  137. data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +11 -6
  138. data/lib/contrast/agent/deadzone/policy/policy.rb +11 -7
  139. data/lib/contrast/agent/excluder/excluder.rb +306 -0
  140. data/lib/contrast/agent/excluder/exclusion_matcher.rb +112 -0
  141. data/lib/contrast/agent/hooks/at_exit_hook.rb +44 -0
  142. data/lib/contrast/agent/hooks/tracepoint_hook.rb +57 -0
  143. data/lib/contrast/agent/inventory/database_config.rb +175 -0
  144. data/lib/contrast/agent/inventory/dependencies.rb +52 -0
  145. data/lib/contrast/agent/inventory/dependency_analysis.rb +34 -0
  146. data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +120 -0
  147. data/lib/contrast/agent/inventory/inventory.rb +14 -0
  148. data/lib/contrast/agent/inventory/policy/datastores.rb +51 -0
  149. data/lib/contrast/agent/inventory/policy/policy.rb +5 -5
  150. data/lib/contrast/agent/inventory/policy/trigger_node.rb +2 -2
  151. data/lib/contrast/agent/middleware/middleware.rb +214 -0
  152. data/lib/contrast/agent/middleware/static_analysis.rb +51 -0
  153. data/lib/contrast/agent/patching/policy/after_load_patch.rb +22 -11
  154. data/lib/contrast/agent/patching/policy/after_load_patcher.rb +103 -52
  155. data/lib/contrast/agent/patching/policy/method_policy.rb +38 -62
  156. data/lib/contrast/agent/patching/policy/method_policy_extend.rb +117 -0
  157. data/lib/contrast/agent/patching/policy/module_policy.rb +27 -47
  158. data/lib/contrast/agent/patching/policy/patch.rb +129 -254
  159. data/lib/contrast/agent/patching/policy/patch_status.rb +21 -43
  160. data/lib/contrast/agent/patching/policy/patcher.rb +125 -159
  161. data/lib/contrast/agent/patching/policy/policy.rb +63 -58
  162. data/lib/contrast/agent/patching/policy/policy_node.rb +55 -37
  163. data/lib/contrast/agent/patching/policy/trigger_node.rb +32 -16
  164. data/lib/contrast/agent/protect/exploitable_collection.rb +38 -0
  165. data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +165 -0
  166. data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb +122 -0
  167. data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +67 -0
  168. data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +97 -0
  169. data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +72 -0
  170. data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +141 -0
  171. data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +58 -0
  172. data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +125 -0
  173. data/lib/contrast/agent/protect/policy/policy.rb +10 -10
  174. data/lib/contrast/agent/protect/policy/rule_applicator.rb +119 -0
  175. data/lib/contrast/agent/protect/policy/trigger_node.rb +2 -2
  176. data/lib/contrast/agent/protect/rule/base.rb +274 -173
  177. data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker.rb +89 -0
  178. data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb +98 -0
  179. data/lib/contrast/agent/protect/rule/cmdi/cmd_injection.rb +86 -0
  180. data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb +90 -0
  181. data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb +170 -0
  182. data/lib/contrast/agent/protect/rule/cmdi/cmdi_chained_command.rb +63 -0
  183. data/lib/contrast/agent/protect/rule/cmdi/cmdi_dangerous_path.rb +62 -0
  184. data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +27 -0
  185. data/lib/contrast/agent/protect/rule/default_scanner.rb +69 -25
  186. data/lib/contrast/agent/protect/rule/{deserialization.rb → deserialization/deserialization.rb} +29 -24
  187. data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +2 -3
  188. data/lib/contrast/agent/protect/rule/no_sqli/no_sqli.rb +105 -0
  189. data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +226 -0
  190. data/lib/contrast/agent/protect/rule/{path_traversal.rb → path_traversal/path_traversal.rb} +48 -55
  191. data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_input_classification.rb +61 -0
  192. data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb +139 -0
  193. data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
  194. data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
  195. data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -3
  196. data/lib/contrast/agent/protect/rule/sqli/sql_sample_builder.rb +154 -0
  197. data/lib/contrast/agent/protect/rule/sqli/sqli.rb +101 -0
  198. data/lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb +37 -0
  199. data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +27 -0
  200. data/lib/contrast/agent/protect/rule/sqli/sqli_semantic/sqli_dangerous_functions.rb +67 -0
  201. data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
  202. data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload.rb +56 -0
  203. data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +62 -0
  204. data/lib/contrast/agent/protect/rule/utils/builders.rb +111 -0
  205. data/lib/contrast/agent/protect/rule/utils/filters.rb +110 -0
  206. data/lib/contrast/agent/protect/rule/xss/reflected_xss_input_classification.rb +58 -0
  207. data/lib/contrast/agent/protect/rule/xss/xss.rb +50 -0
  208. data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +25 -21
  209. data/lib/contrast/agent/protect/rule/xxe/xxe.rb +149 -0
  210. data/lib/contrast/agent/protect/rule.rb +20 -27
  211. data/lib/contrast/agent/reactions/disable_reaction.rb +20 -0
  212. data/lib/contrast/agent/reporting/attack_result/attack_result.rb +71 -0
  213. data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +86 -0
  214. data/lib/contrast/agent/reporting/attack_result/response_type.rb +29 -0
  215. data/lib/contrast/agent/reporting/attack_result/user_input.rb +97 -0
  216. data/lib/contrast/agent/reporting/connection_status.rb +45 -0
  217. data/lib/contrast/agent/reporting/details/bot_blocker_details.rb +29 -0
  218. data/lib/contrast/agent/reporting/details/cmd_injection_details.rb +30 -0
  219. data/lib/contrast/agent/reporting/details/details.rb +17 -0
  220. data/lib/contrast/agent/reporting/details/ip_denylist_details.rb +35 -0
  221. data/lib/contrast/agent/reporting/details/no_sqli_details.rb +36 -0
  222. data/lib/contrast/agent/reporting/details/path_traversal_details.rb +24 -0
  223. data/lib/contrast/agent/reporting/details/path_traversal_semantic_analysis_details.rb +32 -0
  224. data/lib/contrast/agent/reporting/details/protect_rule_details.rb +17 -0
  225. data/lib/contrast/agent/reporting/details/sqli_dangerous_functions.rb +22 -0
  226. data/lib/contrast/agent/reporting/details/sqli_details.rb +36 -0
  227. data/lib/contrast/agent/reporting/details/untrusted_deserialization_details.rb +27 -0
  228. data/lib/contrast/agent/reporting/details/virtual_patch_details.rb +30 -0
  229. data/lib/contrast/agent/reporting/details/xss_details.rb +33 -0
  230. data/lib/contrast/agent/reporting/details/xss_match.rb +30 -0
  231. data/lib/contrast/agent/reporting/details/xxe_details.rb +36 -0
  232. data/lib/contrast/agent/reporting/details/xxe_match.rb +25 -0
  233. data/lib/contrast/agent/reporting/details/xxe_wrapper.rb +25 -0
  234. data/lib/contrast/agent/reporting/input_analysis/details/bot_blocker_details.rb +27 -0
  235. data/lib/contrast/agent/reporting/input_analysis/details/protect_rule_details.rb +15 -0
  236. data/lib/contrast/agent/reporting/input_analysis/input_analysis.rb +55 -0
  237. data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb +129 -0
  238. data/lib/contrast/agent/reporting/input_analysis/input_type.rb +44 -0
  239. data/lib/contrast/agent/reporting/input_analysis/score_level.rb +21 -0
  240. data/lib/contrast/agent/reporting/masker/masker.rb +258 -0
  241. data/lib/contrast/agent/reporting/masker/masker_utils.rb +33 -0
  242. data/lib/contrast/agent/reporting/report.rb +32 -0
  243. data/lib/contrast/agent/reporting/reporter.rb +163 -0
  244. data/lib/contrast/agent/reporting/reporting_events/agent_startup.rb +34 -0
  245. data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +120 -0
  246. data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +101 -0
  247. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +79 -0
  248. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +101 -0
  249. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +74 -0
  250. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_stack.rb +22 -0
  251. data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +78 -0
  252. data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +43 -0
  253. data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +57 -0
  254. data/lib/contrast/agent/reporting/reporting_events/application_reporting_event.rb +37 -0
  255. data/lib/contrast/agent/reporting/reporting_events/application_settings.rb +40 -0
  256. data/lib/contrast/agent/reporting/reporting_events/application_startup.rb +44 -0
  257. data/lib/contrast/agent/reporting/reporting_events/application_startup_instrumentation.rb +27 -0
  258. data/lib/contrast/agent/reporting/reporting_events/application_update.rb +55 -0
  259. data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +66 -0
  260. data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +122 -0
  261. data/lib/contrast/agent/reporting/reporting_events/finding.rb +201 -0
  262. data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +442 -0
  263. data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +96 -0
  264. data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb +45 -0
  265. data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb +47 -0
  266. data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +99 -0
  267. data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +63 -0
  268. data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +65 -0
  269. data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +67 -0
  270. data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range_tags.rb +105 -0
  271. data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +126 -0
  272. data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +89 -0
  273. data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +48 -0
  274. data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +37 -0
  275. data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +83 -0
  276. data/lib/contrast/agent/reporting/reporting_events/poll.rb +23 -0
  277. data/lib/contrast/agent/reporting/reporting_events/preflight.rb +52 -0
  278. data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +66 -0
  279. data/lib/contrast/agent/reporting/reporting_events/reportable_hash.rb +47 -0
  280. data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +35 -0
  281. data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +87 -0
  282. data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +59 -0
  283. data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +49 -0
  284. data/lib/contrast/agent/reporting/reporting_events/server_reporting_event.rb +35 -0
  285. data/lib/contrast/agent/reporting/reporting_events/server_settings.rb +40 -0
  286. data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +133 -0
  287. data/lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb +38 -0
  288. data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +176 -0
  289. data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +57 -0
  290. data/lib/contrast/agent/reporting/reporting_utilities/ng_response_extractor.rb +137 -0
  291. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +138 -0
  292. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +161 -0
  293. data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +66 -0
  294. data/lib/contrast/agent/reporting/reporting_utilities/response.rb +98 -0
  295. data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +149 -0
  296. data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +118 -0
  297. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_mode.rb +63 -0
  298. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +393 -0
  299. data/lib/contrast/agent/reporting/reporting_workers/application_server_worker.rb +46 -0
  300. data/lib/contrast/agent/reporting/reporting_workers/reporter_heartbeat.rb +51 -0
  301. data/lib/contrast/agent/reporting/reporting_workers/reporting_workers.rb +14 -0
  302. data/lib/contrast/agent/reporting/reporting_workers/server_settings_worker.rb +46 -0
  303. data/lib/contrast/agent/reporting/settings/application_settings.rb +61 -0
  304. data/lib/contrast/agent/reporting/settings/assess.rb +58 -0
  305. data/lib/contrast/agent/reporting/settings/assess_rule.rb +18 -0
  306. data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +114 -0
  307. data/lib/contrast/agent/reporting/settings/bot_blocker.rb +68 -0
  308. data/lib/contrast/agent/reporting/settings/exclusion_base.rb +129 -0
  309. data/lib/contrast/agent/reporting/settings/exclusions.rb +86 -0
  310. data/lib/contrast/agent/reporting/settings/helpers.rb +101 -0
  311. data/lib/contrast/agent/reporting/settings/input_exclusion.rb +87 -0
  312. data/lib/contrast/agent/reporting/settings/ip_filter.rb +35 -0
  313. data/lib/contrast/agent/reporting/settings/keyword.rb +74 -0
  314. data/lib/contrast/agent/reporting/settings/log_enhancer.rb +65 -0
  315. data/lib/contrast/agent/reporting/settings/protect.rb +111 -0
  316. data/lib/contrast/agent/reporting/settings/protect_rule.rb +18 -0
  317. data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +227 -0
  318. data/lib/contrast/agent/reporting/settings/reaction.rb +39 -0
  319. data/lib/contrast/agent/reporting/settings/rule_definition.rb +66 -0
  320. data/lib/contrast/agent/reporting/settings/sampling.rb +46 -0
  321. data/lib/contrast/agent/reporting/settings/sanitizer.rb +38 -0
  322. data/lib/contrast/agent/reporting/settings/security_logger.rb +77 -0
  323. data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +118 -0
  324. data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +65 -0
  325. data/lib/contrast/agent/reporting/settings/server_features.rb +95 -0
  326. data/lib/contrast/agent/reporting/settings/syslog.rb +205 -0
  327. data/lib/contrast/agent/reporting/settings/url_exclusion.rb +18 -0
  328. data/lib/contrast/agent/reporting/settings/validator.rb +17 -0
  329. data/lib/contrast/agent/reporting/settings/virtual_patch.rb +56 -0
  330. data/lib/contrast/agent/reporting/settings/virtual_patch_condition.rb +47 -0
  331. data/lib/contrast/agent/request/request.rb +189 -0
  332. data/lib/contrast/agent/request/request_context.rb +143 -0
  333. data/lib/contrast/agent/request/request_context_extend.rb +105 -0
  334. data/lib/contrast/agent/request/request_handler.rb +41 -0
  335. data/lib/contrast/agent/response/response.rb +87 -0
  336. data/lib/contrast/agent/scope/scope.rb +158 -0
  337. data/lib/contrast/agent/telemetry/base.rb +171 -0
  338. data/lib/contrast/agent/telemetry/client.rb +111 -0
  339. data/lib/contrast/agent/telemetry/event.rb +35 -0
  340. data/lib/contrast/agent/telemetry/exception/base.rb +61 -0
  341. data/lib/contrast/agent/telemetry/exception/event.rb +46 -0
  342. data/lib/contrast/agent/telemetry/exception/message.rb +118 -0
  343. data/lib/contrast/agent/telemetry/exception/message_exception.rb +86 -0
  344. data/lib/contrast/agent/telemetry/exception/stack_frame.rb +67 -0
  345. data/lib/contrast/agent/telemetry/exception.rb +19 -0
  346. data/lib/contrast/agent/telemetry/hash.rb +71 -0
  347. data/lib/contrast/agent/telemetry/identifier.rb +153 -0
  348. data/lib/contrast/agent/telemetry/metric_event.rb +28 -0
  349. data/lib/contrast/agent/telemetry/startup_metrics_event.rb +123 -0
  350. data/lib/contrast/agent/telemetry/telemetry.rb +109 -0
  351. data/lib/contrast/agent/{thread.rb → thread/thread.rb} +4 -6
  352. data/lib/contrast/agent/thread/thread_watcher.rb +126 -0
  353. data/lib/contrast/agent/thread/worker_thread.rb +42 -0
  354. data/lib/contrast/agent/version.rb +2 -2
  355. data/lib/contrast/agent.rb +96 -57
  356. data/lib/contrast/agent_lib/api/command_injection.rb +46 -0
  357. data/lib/contrast/agent_lib/api/init.rb +95 -0
  358. data/lib/contrast/agent_lib/api/input_tracing.rb +265 -0
  359. data/lib/contrast/agent_lib/api/panic.rb +87 -0
  360. data/lib/contrast/agent_lib/api/path_semantic_file_security_bypass.rb +40 -0
  361. data/lib/contrast/agent_lib/interface.rb +245 -0
  362. data/lib/contrast/agent_lib/interface_base.rb +131 -0
  363. data/lib/contrast/agent_lib/return_types/eval_result.rb +44 -0
  364. data/lib/contrast/agent_lib/test.rb +29 -0
  365. data/lib/contrast/components/agent.rb +104 -48
  366. data/lib/contrast/components/api.rb +159 -0
  367. data/lib/contrast/components/app_context.rb +125 -98
  368. data/lib/contrast/components/app_context_extend.rb +53 -0
  369. data/lib/contrast/components/assess.rb +210 -24
  370. data/lib/contrast/components/assess_rules.rb +54 -0
  371. data/lib/contrast/components/base.rb +103 -0
  372. data/lib/contrast/components/config/sources.rb +95 -0
  373. data/lib/contrast/components/config.rb +182 -60
  374. data/lib/contrast/components/heap_dump.rb +77 -12
  375. data/lib/contrast/components/inventory.rb +37 -10
  376. data/lib/contrast/components/logger.rb +46 -76
  377. data/lib/contrast/components/polling.rb +39 -0
  378. data/lib/contrast/components/protect.rb +142 -16
  379. data/lib/contrast/components/ruby_component.rb +135 -0
  380. data/lib/contrast/components/rule_set.rb +52 -0
  381. data/lib/contrast/components/sampling.rb +156 -15
  382. data/lib/contrast/components/scope.rb +125 -116
  383. data/lib/contrast/components/security_logger.rb +36 -0
  384. data/lib/contrast/components/settings.rb +239 -88
  385. data/lib/contrast/config/api_proxy_configuration.rb +27 -0
  386. data/lib/contrast/config/base_configuration.rb +20 -94
  387. data/lib/contrast/config/certification_configuration.rb +47 -0
  388. data/lib/contrast/config/config.rb +48 -0
  389. data/lib/contrast/config/diagnostics.rb +123 -0
  390. data/lib/contrast/config/diagnostics_tools.rb +99 -0
  391. data/lib/contrast/config/effective_config.rb +131 -0
  392. data/lib/contrast/config/effective_config_value.rb +32 -0
  393. data/lib/contrast/config/env_variables.rb +18 -0
  394. data/lib/contrast/config/exception_configuration.rb +34 -12
  395. data/lib/contrast/config/protect_rule_configuration.rb +45 -24
  396. data/lib/contrast/config/protect_rules_configuration.rb +97 -22
  397. data/lib/contrast/config/request_audit_configuration.rb +57 -0
  398. data/lib/contrast/config/server_configuration.rb +67 -15
  399. data/lib/contrast/config/validate.rb +140 -0
  400. data/lib/contrast/config/yaml_file.rb +129 -0
  401. data/lib/contrast/config.rb +6 -22
  402. data/lib/contrast/configuration.rb +241 -109
  403. data/lib/contrast/extension/assess/array.rb +75 -0
  404. data/lib/contrast/extension/assess/erb.rb +61 -0
  405. data/lib/contrast/extension/assess/eval_trigger.rb +47 -0
  406. data/lib/contrast/{extensions/ruby_core → extension}/assess/exec_trigger.rb +9 -21
  407. data/lib/contrast/extension/assess/fiber.rb +95 -0
  408. data/lib/contrast/extension/assess/hash.rb +33 -0
  409. data/lib/contrast/extension/assess/kernel.rb +124 -0
  410. data/lib/contrast/extension/assess/marshal.rb +80 -0
  411. data/lib/contrast/extension/assess/regexp.rb +71 -0
  412. data/lib/contrast/extension/assess/string.rb +85 -0
  413. data/lib/contrast/extension/assess.rb +47 -0
  414. data/lib/contrast/{extensions/ruby_core → extension}/delegator.rb +3 -1
  415. data/lib/contrast/extension/extension.rb +59 -0
  416. data/lib/contrast/extension/inventory.rb +21 -0
  417. data/lib/contrast/{extensions/ruby_core → extension}/module.rb +2 -3
  418. data/lib/contrast/extension/object.rb +19 -0
  419. data/lib/contrast/extension/protect/psych.rb +7 -0
  420. data/lib/contrast/{extensions/ruby_core → extension}/protect.rb +6 -6
  421. data/lib/contrast/extension/thread.rb +50 -0
  422. data/lib/contrast/framework/base_support.rb +69 -54
  423. data/lib/contrast/framework/grape/support.rb +176 -0
  424. data/lib/contrast/framework/manager.rb +112 -60
  425. data/lib/contrast/framework/manager_extend.rb +50 -0
  426. data/lib/contrast/framework/rack/patch/session_cookie.rb +108 -0
  427. data/lib/contrast/framework/rack/patch/support.rb +26 -0
  428. data/lib/contrast/framework/rack/support.rb +23 -0
  429. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +46 -0
  430. data/lib/contrast/framework/rails/patch/assess_configuration.rb +98 -0
  431. data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +31 -0
  432. data/lib/contrast/framework/rails/patch/support.rb +46 -0
  433. data/lib/contrast/framework/rails/railtie.rb +33 -0
  434. data/lib/contrast/framework/rails/support.rb +187 -0
  435. data/lib/contrast/framework/sinatra/patch/encrypted_session_cookie.rb +39 -0
  436. data/lib/contrast/framework/sinatra/support.rb +162 -0
  437. data/lib/contrast/funchook/funchook.rb +44 -0
  438. data/lib/contrast/logger/aliased_logging.rb +158 -0
  439. data/lib/contrast/logger/application.rb +84 -0
  440. data/lib/contrast/logger/cef_log.rb +169 -0
  441. data/lib/contrast/logger/format.rb +61 -0
  442. data/lib/contrast/logger/log.rb +90 -0
  443. data/lib/contrast/logger/request.rb +25 -0
  444. data/lib/contrast/logger/time.rb +57 -0
  445. data/lib/contrast/security_exception.rb +2 -2
  446. data/lib/contrast/tasks/config.rb +33 -0
  447. data/lib/contrast/utils/assess/event_limit_utils.rb +134 -0
  448. data/lib/contrast/utils/assess/object_store.rb +36 -0
  449. data/lib/contrast/utils/assess/propagation_method_utils.rb +155 -0
  450. data/lib/contrast/utils/assess/property/tagged_utils.rb +165 -0
  451. data/lib/contrast/utils/assess/sampling_util.rb +11 -17
  452. data/lib/contrast/utils/assess/source_method_utils.rb +74 -0
  453. data/lib/contrast/utils/assess/split_utils.rb +23 -0
  454. data/lib/contrast/utils/assess/tracking_util.rb +96 -18
  455. data/lib/contrast/utils/assess/trigger_method_utils.rb +132 -0
  456. data/lib/contrast/utils/class_util.rb +80 -48
  457. data/lib/contrast/utils/duck_utils.rb +18 -9
  458. data/lib/contrast/utils/env_configuration_item.rb +4 -3
  459. data/lib/contrast/utils/findings.rb +66 -0
  460. data/lib/contrast/utils/hash_digest.rb +52 -99
  461. data/lib/contrast/utils/hash_digest_extend.rb +129 -0
  462. data/lib/contrast/utils/head_dump_utils_extend.rb +74 -0
  463. data/lib/contrast/utils/heap_dump_util.rb +44 -88
  464. data/lib/contrast/utils/input_classification_base.rb +169 -0
  465. data/lib/contrast/utils/invalid_configuration_util.rb +31 -45
  466. data/lib/contrast/utils/io_util.rb +47 -51
  467. data/lib/contrast/utils/job_servers_running.rb +21 -11
  468. data/lib/contrast/utils/log_utils.rb +254 -0
  469. data/lib/contrast/utils/lru_cache.rb +48 -0
  470. data/lib/contrast/utils/metrics_hash.rb +59 -0
  471. data/lib/contrast/utils/middleware_utils.rb +97 -0
  472. data/lib/contrast/utils/net_http_base.rb +173 -0
  473. data/lib/contrast/utils/object_share.rb +8 -48
  474. data/lib/contrast/utils/os.rb +14 -24
  475. data/lib/contrast/utils/patching/policy/patch_utils.rb +175 -0
  476. data/lib/contrast/utils/patching/policy/patcher_utils.rb +54 -0
  477. data/lib/contrast/utils/reporting/application_activity_batch_utils.rb +89 -0
  478. data/lib/contrast/utils/request_utils.rb +96 -0
  479. data/lib/contrast/utils/resource_loader.rb +2 -2
  480. data/lib/contrast/utils/response_utils.rb +79 -0
  481. data/lib/contrast/utils/routes_sent.rb +63 -0
  482. data/lib/contrast/utils/sha256_builder.rb +9 -21
  483. data/lib/contrast/utils/silence_maker.rb +16 -0
  484. data/lib/contrast/utils/stack_trace_utils.rb +68 -184
  485. data/lib/contrast/utils/string_utils.rb +82 -52
  486. data/lib/contrast/utils/tag_util.rb +58 -44
  487. data/lib/contrast/utils/thread_tracker.rb +27 -23
  488. data/lib/contrast/utils/timer.rb +20 -55
  489. data/lib/contrast-agent.rb +2 -2
  490. data/lib/contrast.rb +106 -43
  491. data/resources/assess/policy.json +481 -120
  492. data/resources/deadzone/policy.json +280 -10
  493. data/resources/inventory/policy.json +2 -2
  494. data/resources/protect/policy.json +36 -17
  495. data/ruby-agent.gemspec +116 -46
  496. data/sonar-project.properties +9 -0
  497. metadata +694 -317
  498. data/exe/contrast_service +0 -29
  499. data/ext/cs__assess_active_record_named/cs__active_record_named.c +0 -47
  500. data/ext/cs__assess_active_record_named/cs__active_record_named.h +0 -10
  501. data/ext/cs__assess_active_record_named/extconf.rb +0 -2
  502. data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +0 -63
  503. data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +0 -29
  504. data/ext/cs__assess_regexp_track/extconf.rb +0 -2
  505. data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +0 -31
  506. data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +0 -13
  507. data/ext/cs__assess_string_interpolation26/extconf.rb +0 -2
  508. data/ext/cs__protect_kernel/cs__protect_kernel.c +0 -37
  509. data/ext/cs__protect_kernel/cs__protect_kernel.h +0 -11
  510. data/ext/cs__protect_kernel/extconf.rb +0 -2
  511. data/funchook/Makefile +0 -29
  512. data/funchook/autom4te.cache/output.0 +0 -4976
  513. data/funchook/autom4te.cache/requests +0 -78
  514. data/funchook/autom4te.cache/traces.0 +0 -364
  515. data/funchook/config.log +0 -490
  516. data/funchook/config.status +0 -1016
  517. data/funchook/configure +0 -4976
  518. data/funchook/src/Makefile +0 -70
  519. data/funchook/src/config.h +0 -101
  520. data/funchook/src/config.h.in +0 -100
  521. data/funchook/src/decoder.o +0 -0
  522. data/funchook/src/distorm.o +0 -0
  523. data/funchook/src/funchook.o +0 -0
  524. data/funchook/src/funchook_io.o +0 -0
  525. data/funchook/src/funchook_syscall.o +0 -0
  526. data/funchook/src/funchook_unix.o +0 -0
  527. data/funchook/src/funchook_x86.o +0 -0
  528. data/funchook/src/instructions.o +0 -0
  529. data/funchook/src/insts.o +0 -0
  530. data/funchook/src/libfunchook.so +0 -0
  531. data/funchook/src/mnemonics.o +0 -0
  532. data/funchook/src/operands.o +0 -0
  533. data/funchook/src/os_func.o +0 -0
  534. data/funchook/src/os_func_unix.o +0 -0
  535. data/funchook/src/prefix.o +0 -0
  536. data/funchook/src/printf_base.o +0 -0
  537. data/funchook/src/textdefs.o +0 -0
  538. data/funchook/src/wstring.o +0 -0
  539. data/funchook/test/Makefile +0 -43
  540. data/funchook/test/funchook_test +0 -0
  541. data/funchook/test/libfunchook_test.so +0 -0
  542. data/funchook/test/test_main.o +0 -0
  543. data/funchook/test/x86_64_test.o +0 -0
  544. data/lib/contrast/agent/assess/adjusted_span.rb +0 -25
  545. data/lib/contrast/agent/assess/contrast_event.rb +0 -399
  546. data/lib/contrast/agent/assess/frozen_properties.rb +0 -41
  547. data/lib/contrast/agent/assess/insulator.rb +0 -53
  548. data/lib/contrast/agent/assess/policy/rewriter_patch.rb +0 -80
  549. data/lib/contrast/agent/assess/rule/base.rb +0 -72
  550. data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +0 -28
  551. data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +0 -73
  552. data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +0 -132
  553. data/lib/contrast/agent/assess/rule/csrf.rb +0 -66
  554. data/lib/contrast/agent/assess/rule/redos.rb +0 -68
  555. data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +0 -47
  556. data/lib/contrast/agent/assess/rule/response_watcher.rb +0 -36
  557. data/lib/contrast/agent/assess/rule/watcher.rb +0 -36
  558. data/lib/contrast/agent/assess/rule.rb +0 -18
  559. data/lib/contrast/agent/assess.rb +0 -44
  560. data/lib/contrast/agent/at_exit_hook.rb +0 -33
  561. data/lib/contrast/agent/class_reopener.rb +0 -238
  562. data/lib/contrast/agent/disable_reaction.rb +0 -24
  563. data/lib/contrast/agent/exclusion_matcher.rb +0 -190
  564. data/lib/contrast/agent/feature_state.rb +0 -379
  565. data/lib/contrast/agent/logger_manager.rb +0 -116
  566. data/lib/contrast/agent/middleware.rb +0 -350
  567. data/lib/contrast/agent/protect/rule/base_service.rb +0 -88
  568. data/lib/contrast/agent/protect/rule/cmd_injection.rb +0 -156
  569. data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +0 -103
  570. data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +0 -85
  571. data/lib/contrast/agent/protect/rule/csrf.rb +0 -118
  572. data/lib/contrast/agent/protect/rule/http_method_tampering.rb +0 -80
  573. data/lib/contrast/agent/protect/rule/no_sqli.rb +0 -101
  574. data/lib/contrast/agent/protect/rule/sqli.rb +0 -101
  575. data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +0 -20
  576. data/lib/contrast/agent/protect/rule/xss.rb +0 -24
  577. data/lib/contrast/agent/protect/rule/xxe.rb +0 -120
  578. data/lib/contrast/agent/railtie.rb +0 -36
  579. data/lib/contrast/agent/reaction_processor.rb +0 -47
  580. data/lib/contrast/agent/request.rb +0 -475
  581. data/lib/contrast/agent/request_context.rb +0 -225
  582. data/lib/contrast/agent/require_state.rb +0 -61
  583. data/lib/contrast/agent/response.rb +0 -215
  584. data/lib/contrast/agent/rewriter.rb +0 -245
  585. data/lib/contrast/agent/scope.rb +0 -125
  586. data/lib/contrast/agent/service_heartbeat.rb +0 -40
  587. data/lib/contrast/agent/settings_state.rb +0 -152
  588. data/lib/contrast/agent/socket_client.rb +0 -128
  589. data/lib/contrast/agent/tracepoint_hook.rb +0 -51
  590. data/lib/contrast/api/connection_status.rb +0 -49
  591. data/lib/contrast/api/dtm_pb.rb +0 -718
  592. data/lib/contrast/api/settings_pb.rb +0 -416
  593. data/lib/contrast/api/socket.rb +0 -43
  594. data/lib/contrast/api/speedracer.rb +0 -186
  595. data/lib/contrast/api/tcp_socket.rb +0 -31
  596. data/lib/contrast/api/unix_socket.rb +0 -25
  597. data/lib/contrast/api.rb +0 -18
  598. data/lib/contrast/common_agent_configuration.rb +0 -86
  599. data/lib/contrast/components/contrast_service.rb +0 -117
  600. data/lib/contrast/components/interface.rb +0 -178
  601. data/lib/contrast/config/agent_configuration.rb +0 -24
  602. data/lib/contrast/config/application_configuration.rb +0 -27
  603. data/lib/contrast/config/assess_configuration.rb +0 -22
  604. data/lib/contrast/config/assess_rules_configuration.rb +0 -18
  605. data/lib/contrast/config/default_value.rb +0 -16
  606. data/lib/contrast/config/heap_dump_configuration.rb +0 -23
  607. data/lib/contrast/config/inventory_configuration.rb +0 -20
  608. data/lib/contrast/config/logger_configuration.rb +0 -20
  609. data/lib/contrast/config/protect_configuration.rb +0 -20
  610. data/lib/contrast/config/root_configuration.rb +0 -26
  611. data/lib/contrast/config/ruby_configuration.rb +0 -44
  612. data/lib/contrast/config/sampling_configuration.rb +0 -22
  613. data/lib/contrast/config/service_configuration.rb +0 -22
  614. data/lib/contrast/delegators/application_update.rb +0 -32
  615. data/lib/contrast/delegators.rb +0 -9
  616. data/lib/contrast/extensions/framework/rack/cookie.rb +0 -24
  617. data/lib/contrast/extensions/framework/rack/request.rb +0 -24
  618. data/lib/contrast/extensions/framework/rack/response.rb +0 -23
  619. data/lib/contrast/extensions/framework/rails/action_controller_railties_helper_inherited.rb +0 -20
  620. data/lib/contrast/extensions/framework/rails/active_record.rb +0 -26
  621. data/lib/contrast/extensions/framework/rails/active_record_named.rb +0 -53
  622. data/lib/contrast/extensions/framework/rails/active_record_time_zone_inherited.rb +0 -21
  623. data/lib/contrast/extensions/framework/rails/buffer.rb +0 -28
  624. data/lib/contrast/extensions/framework/rails/configuration.rb +0 -27
  625. data/lib/contrast/extensions/framework/sinatra/base.rb +0 -59
  626. data/lib/contrast/extensions/ruby_core/assess/array.rb +0 -59
  627. data/lib/contrast/extensions/ruby_core/assess/assess_extension.rb +0 -143
  628. data/lib/contrast/extensions/ruby_core/assess/basic_object.rb +0 -15
  629. data/lib/contrast/extensions/ruby_core/assess/erb.rb +0 -42
  630. data/lib/contrast/extensions/ruby_core/assess/fiber.rb +0 -124
  631. data/lib/contrast/extensions/ruby_core/assess/hash.rb +0 -22
  632. data/lib/contrast/extensions/ruby_core/assess/kernel.rb +0 -95
  633. data/lib/contrast/extensions/ruby_core/assess/module.rb +0 -14
  634. data/lib/contrast/extensions/ruby_core/assess/regexp.rb +0 -206
  635. data/lib/contrast/extensions/ruby_core/assess/string.rb +0 -75
  636. data/lib/contrast/extensions/ruby_core/assess/tilt_template_trigger.rb +0 -73
  637. data/lib/contrast/extensions/ruby_core/assess/xpath_library_trigger.rb +0 -40
  638. data/lib/contrast/extensions/ruby_core/assess.rb +0 -52
  639. data/lib/contrast/extensions/ruby_core/eval_trigger.rb +0 -52
  640. data/lib/contrast/extensions/ruby_core/inventory/datastores.rb +0 -37
  641. data/lib/contrast/extensions/ruby_core/inventory.rb +0 -22
  642. data/lib/contrast/extensions/ruby_core/protect/applies_command_injection_rule.rb +0 -72
  643. data/lib/contrast/extensions/ruby_core/protect/applies_deserialization_rule.rb +0 -60
  644. data/lib/contrast/extensions/ruby_core/protect/applies_no_sqli_rule.rb +0 -83
  645. data/lib/contrast/extensions/ruby_core/protect/applies_path_traversal_rule.rb +0 -123
  646. data/lib/contrast/extensions/ruby_core/protect/applies_sqli_rule.rb +0 -65
  647. data/lib/contrast/extensions/ruby_core/protect/applies_xxe_rule.rb +0 -143
  648. data/lib/contrast/extensions/ruby_core/protect/kernel.rb +0 -30
  649. data/lib/contrast/extensions/ruby_core/protect/psych.rb +0 -7
  650. data/lib/contrast/extensions/ruby_core/thread.rb +0 -31
  651. data/lib/contrast/framework/platform_version.rb +0 -21
  652. data/lib/contrast/framework/rails_support.rb +0 -88
  653. data/lib/contrast/framework/sinatra_application_helper.rb +0 -49
  654. data/lib/contrast/framework/sinatra_support.rb +0 -94
  655. data/lib/contrast/framework/view_technologies_descriptor.rb +0 -20
  656. data/lib/contrast/internal_exception.rb +0 -8
  657. data/lib/contrast/tasks/service.rb +0 -95
  658. data/lib/contrast/utils/boolean_util.rb +0 -33
  659. data/lib/contrast/utils/cache.rb +0 -69
  660. data/lib/contrast/utils/comment_range.rb +0 -19
  661. data/lib/contrast/utils/data_store_util.rb +0 -23
  662. data/lib/contrast/utils/environment_util.rb +0 -82
  663. data/lib/contrast/utils/freeze_util.rb +0 -32
  664. data/lib/contrast/utils/gemfile_reader.rb +0 -191
  665. data/lib/contrast/utils/inventory_util.rb +0 -126
  666. data/lib/contrast/utils/performs_logging.rb +0 -152
  667. data/lib/contrast/utils/preflight_util.rb +0 -13
  668. data/lib/contrast/utils/prevent_serialization.rb +0 -52
  669. data/lib/contrast/utils/rack_assess_session_cookie.rb +0 -104
  670. data/lib/contrast/utils/rails_assess_configuration.rb +0 -95
  671. data/lib/contrast/utils/random_util.rb +0 -22
  672. data/lib/contrast/utils/ruby_ast_rewriter.rb +0 -74
  673. data/lib/contrast/utils/service_response_util.rb +0 -110
  674. data/lib/contrast/utils/service_sender_util.rb +0 -106
  675. data/lib/contrast/utils/sinatra_helper.rb +0 -55
  676. data/resources/csrf/inject.js +0 -44
  677. data/resources/factory-bot-spec/spec_helper.rb +0 -30
  678. data/resources/rubocops/kernel/catch_cop.rb +0 -37
  679. data/resources/rubocops/kernel/require_cop.rb +0 -37
  680. data/resources/rubocops/kernel/require_relative_cop.rb +0 -33
  681. data/resources/rubocops/module/autoload_cop.rb +0 -37
  682. data/resources/rubocops/module/const_defined_cop.rb +0 -37
  683. data/resources/rubocops/module/const_get_cop.rb +0 -37
  684. data/resources/rubocops/module/const_set_cop.rb +0 -37
  685. data/resources/rubocops/module/constants_cop.rb +0 -37
  686. data/resources/rubocops/module/name_cop.rb +0 -37
  687. data/resources/rubocops/object/class_cop.rb +0 -37
  688. data/resources/rubocops/object/freeze_cop.rb +0 -37
  689. data/resources/rubocops/object/frozen_cop.rb +0 -37
  690. data/resources/rubocops/object/is_a_cop.rb +0 -37
  691. data/resources/rubocops/object/method_cop.rb +0 -37
  692. data/resources/rubocops/object/respond_to_cop.rb +0 -37
  693. data/resources/rubocops/object/singleton_class_cop.rb +0 -37
  694. data/resources/rubocops/regexp/spelling_cop.rb +0 -44
  695. data/resources/rubocops/thread/new_cop.rb +0 -39
  696. data/resources/ruby-spec/ancestors_spec.rb +0 -70
  697. data/resources/ruby-spec/modulo_spec.rb +0 -831
  698. data/resources/ruby-spec/parameters_spec.rb +0 -261
  699. data/resources/ruby-spec/ruby_spec_spec_helper.rb +0 -35
  700. data/service_executables/.gitkeep +0 -0
  701. data/service_executables/VERSION +0 -1
  702. data/service_executables/linux/contrast-service +0 -0
  703. data/service_executables/mac/contrast-service +0 -0
  704. data/shared_libraries/funchook.h +0 -123
  705. data/shared_libraries/libfunchook.so +0 -0
@@ -1,8 +1,9 @@
1
- /* Copyright (c) 2020 Contrast Security, Inc. See
1
+ /* Copyright (c) 2023 Contrast Security, Inc. See
2
2
  * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
3
3
 
4
4
  #include "cs__contrast_patch.h"
5
5
  #include "../cs__common/cs__common.h"
6
+ #include "../cs__scope/cs__scope.h"
6
7
  #include <ruby.h>
7
8
 
8
9
  VALUE build_preshift(const VALUE method_policy, const VALUE object,
@@ -34,17 +35,29 @@ VALUE contrast_patch_call_original(const VALUE *args) {
34
35
  method = args[3];
35
36
  method_id = SYM2ID(method);
36
37
 
37
-
38
- /* It looks like we can find the last Ruby block given so long as we don't
39
- * change Ruby method scope (always call this function from C, not Ruby),
40
- * which is the point of this C call.
41
- */
38
+ /* It looks like we can find the last Ruby block given so long as we don't
39
+ * change Ruby method scope (always call this function from C, not Ruby),
40
+ * which is the point of this C call.
41
+ */
42
+ /* Ruby >= 2.7 */
43
+ #ifdef RB_PASS_CALLED_KEYWORDS
44
+ if (rb_block_given_p()) {
45
+ return rb_funcall_with_block_kw(object, method_id, argc, params,
46
+ rb_block_proc(),
47
+ RB_PASS_CALLED_KEYWORDS);
48
+ } else {
49
+ return rb_funcallv_kw(object, method_id, argc, params,
50
+ RB_PASS_CALLED_KEYWORDS);
51
+ }
52
+ /* Ruby < 2.7 */
53
+ #else
42
54
  if (rb_block_given_p()) {
43
55
  return rb_funcall_with_block(object, method_id, argc, params,
44
56
  rb_block_proc());
45
57
  } else {
46
58
  return rb_funcall2(object, method_id, argc, params);
47
59
  }
60
+ #endif
48
61
  }
49
62
 
50
63
  VALUE contrast_call_pre_patch(const VALUE method_policy, const VALUE method,
@@ -76,15 +89,34 @@ VALUE contrast_call_post_patch(const VALUE method_policy, const VALUE preshift,
76
89
  method_policy, preshift, object, ret, send, block);
77
90
  }
78
91
 
79
- VALUE contrast_patch_call_rescue(const VALUE *args) {
80
- int argc;
81
- VALUE exception, object, preshift, method_policy, method;
82
- VALUE *argv;
83
-
92
+ /* wrap rb_ensure so we can rescue an exception */
93
+ VALUE rescue_func(VALUE arg1) {
94
+ VALUE exception;
84
95
  /* rb_errinfo() gives the value of $!, the exception that
85
96
  * triggered a rescue block.
86
97
  */
87
98
  exception = rb_errinfo();
99
+ rb_exc_raise(exception);
100
+
101
+ return Qnil;
102
+ }
103
+
104
+ /**
105
+ * In the event that the original_method call throws an exception we need to
106
+ *ensure that contrast_post_patch is called to report that error. However, if
107
+ *there is no error we will call post_patch with the original_return instead of
108
+ * Qnil.
109
+ *
110
+ **/
111
+ VALUE contrast_patch_call_ensure(const VALUE *args) {
112
+ // we do not need to ensure that post patch is called if no error was thrown
113
+ if (!RTEST(rb_errinfo())) {
114
+ return Qnil;
115
+ }
116
+
117
+ int argc;
118
+ VALUE object, preshift, method_policy, method;
119
+ VALUE *argv;
88
120
 
89
121
  object = args[0];
90
122
  method = args[1];
@@ -95,12 +127,22 @@ VALUE contrast_patch_call_rescue(const VALUE *args) {
95
127
 
96
128
  contrast_call_post_patch(method_policy, preshift, object, Qnil, argc, argv);
97
129
 
98
- /* reraise the exception that got us here */
99
- rb_exc_raise(exception);
100
-
101
130
  return Qnil;
102
131
  }
103
132
 
133
+ VALUE ensure_wrapper(const VALUE *args) {
134
+ VALUE original_method, original_args, ensure_args;
135
+
136
+ original_method = args[0];
137
+ original_args = (VALUE)args[1];
138
+ ensure_args = (VALUE)args[2];
139
+
140
+ // this ensure if being treated as a rescue due to issues surrounding
141
+ // Kernel#throw
142
+ return rb_ensure(original_method, original_args, contrast_patch_call_ensure,
143
+ (VALUE)ensure_args);
144
+ }
145
+
104
146
  VALUE contrast_call_super(const VALUE *args) {
105
147
  int argc;
106
148
  VALUE *argv;
@@ -111,10 +153,12 @@ VALUE contrast_call_super(const VALUE *args) {
111
153
  }
112
154
 
113
155
  VALUE contrast_run_patches(const VALUE *wrapped_args) {
114
- VALUE impl, method, method_policy, object, original_args, original_ret, preshift, transformed_ret;
156
+ VALUE impl, method, method_policy, object, original_args, original_ret,
157
+ preshift, transformed_ret;
115
158
  int argc;
116
159
  VALUE *argv;
117
- VALUE rescue_args[6];
160
+ VALUE ensure_args[6];
161
+ VALUE rescue_wrapper_args[3];
118
162
 
119
163
  impl = wrapped_args[0];
120
164
  original_args = wrapped_args[1];
@@ -124,18 +168,22 @@ VALUE contrast_run_patches(const VALUE *wrapped_args) {
124
168
  argc = NUM2INT(wrapped_args[5]);
125
169
  argv = (VALUE *)wrapped_args[6];
126
170
 
127
- rescue_args[0] = object;
128
- rescue_args[1] = method;
129
- rescue_args[2] = INT2NUM(argc);
130
- rescue_args[3] = (VALUE)argv;
131
- rescue_args[4] = method_policy;
171
+ rescue_wrapper_args[0] = contrast_patch_call_original;
172
+ rescue_wrapper_args[1] = original_args;
173
+ rescue_wrapper_args[2] = ensure_args;
174
+
175
+ ensure_args[0] = object;
176
+ ensure_args[1] = method;
177
+ ensure_args[2] = INT2NUM(argc);
178
+ ensure_args[3] = (VALUE)argv;
179
+ ensure_args[4] = method_policy;
132
180
 
133
181
  /* Tracking, triggering, and propagation here. */
134
182
  contrast_call_pre_patch(method_policy, method, object, argc, argv, Qnil);
135
183
 
136
184
  /* Capture pre-call state */
137
185
  preshift = build_preshift(method_policy, object, argc, argv);
138
- rescue_args[5] = preshift;
186
+ ensure_args[5] = preshift;
139
187
 
140
188
  /* We wrap a call to the original method with a rescue block, and we use
141
189
  * rb_rescue2 to capture all Exception-inheriting exceptions (and if your
@@ -168,17 +216,17 @@ VALUE contrast_run_patches(const VALUE *wrapped_args) {
168
216
  */
169
217
 
170
218
  switch (impl) {
171
- case IMPL_ALIAS_INSTANCE:
172
- case IMPL_ALIAS_SINGLETON:
173
- original_ret = rb_rescue2(
174
- contrast_patch_call_original, original_args,
175
- contrast_patch_call_rescue, (VALUE)rescue_args, rb_eException, 0);
176
- break;
177
- case IMPL_PREPEND:
178
- original_ret = rb_rescue2(contrast_call_super, original_args,
179
- contrast_patch_call_rescue,
180
- (VALUE)rescue_args, rb_eException, 0);
181
- break;
219
+ case IMPL_ALIAS_INSTANCE:
220
+ case IMPL_ALIAS_SINGLETON:
221
+ original_ret =
222
+ rb_rescue(ensure_wrapper, rescue_wrapper_args, rescue_func, Qnil);
223
+ break;
224
+ case IMPL_PREPEND_INSTANCE:
225
+ case IMPL_PREPEND_SINGLETON:
226
+ rescue_wrapper_args[0] = contrast_call_super;
227
+ original_ret =
228
+ rb_rescue(ensure_wrapper, rescue_wrapper_args, rescue_func, Qnil);
229
+ break;
182
230
  };
183
231
 
184
232
  /* If you're here, the original method did not throw an exception
@@ -186,27 +234,23 @@ VALUE contrast_run_patches(const VALUE *wrapped_args) {
186
234
  * If the original method threw an exception, contrast_patch_call_rescue
187
235
  * re-raises the original exception, which unwinds the stack back to the
188
236
  * call site. This means the rest of this function is not executed.
237
+ * post_patch is called in the ensure_wrapper on exception. rb_rescue
238
+ * raises the exception so the below will not be executed in that event.
189
239
  */
190
240
 
191
- /* Invoke Contrast post-call patching.
192
- * Post-call patching may transform the return value,
193
- * hence the assignment.
194
- */
195
- transformed_ret = contrast_call_post_patch(method_policy, preshift, object,
196
- original_ret, argc, argv);
241
+ /* Invoke Contrast post-call patching. */
242
+ contrast_call_post_patch(method_policy, preshift, object, original_ret,
243
+ argc, argv);
197
244
 
198
- /* Special case for tracking frozen sources */
199
- if (transformed_ret != Qnil) {
200
- return transformed_ret;
201
- } else {
202
- return original_ret;
203
- }
245
+ return original_ret;
204
246
  }
205
247
 
206
248
  VALUE contrast_ensure_function(const VALUE method_policy) {
207
249
  /* exit scope */
208
- rb_funcall(contrast_patcher(), rb_sym_exit_method_scope, 1, method_policy);
209
- rb_funcall(contrast_patcher(), rb_sym_exit_scope, 0);
250
+ VALUE scopes = rb_funcall(method_policy, rb_sym_scopes_to_exit, 0);
251
+
252
+ inst_methods_exit_method_scope(contrast_patcher(), scopes);
253
+ inst_methods_exit_cntr_scope(contrast_patcher(), 0);
210
254
 
211
255
  return Qnil;
212
256
  }
@@ -226,10 +270,10 @@ VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
226
270
  * which is unnecessary, or run Contrast analysis on Contrast code,
227
271
  * which will never terminate.
228
272
  */
229
- nested_scope = RTEST(rb_funcall(contrast_patcher(), rb_sym_in_scope, 0));
273
+ nested_scope = inst_methods_in_cntr_scope(contrast_patcher(), 0);
230
274
 
231
275
  /* enter scope */
232
- rb_funcall(contrast_patcher(), rb_sym_enter_scope, 0);
276
+ inst_methods_enter_cntr_scope(contrast_patcher(), 0);
233
277
 
234
278
  /* Get the name of the calling method */
235
279
  method = rb_funcall(object, rb_sym_method, 0);
@@ -239,10 +283,14 @@ VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
239
283
  */
240
284
  switch (impl) {
241
285
  case IMPL_ALIAS_INSTANCE:
242
- case IMPL_PREPEND:
286
+ case IMPL_PREPEND_INSTANCE:
243
287
  known =
244
288
  rb_funcall(patch_status, rb_sym_info_for, 3, object, method, Qtrue);
245
289
  break;
290
+ case IMPL_PREPEND_SINGLETON:
291
+ known = rb_funcall(patch_status, rb_sym_info_for, 3, object, method,
292
+ Qfalse);
293
+ break;
246
294
  case IMPL_ALIAS_SINGLETON:
247
295
  known = rb_funcall(patch_status, rb_sym_info_for, 3, object, method,
248
296
  Qfalse);
@@ -257,7 +305,7 @@ VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
257
305
  }
258
306
 
259
307
  /* Check conditions for not doing Contrast analysis */
260
- if (nested_scope) {
308
+ if (nested_scope == Qtrue) {
261
309
  /* if we were in scope */
262
310
  do_contrast = 0;
263
311
  } else if (!RTEST(known)) {
@@ -266,14 +314,6 @@ VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
266
314
  } else if (!RTEST(method_policy)) {
267
315
  /* nothing to be done without a method policy */
268
316
  do_contrast = 0;
269
- } else if (!RTEST(rb_funcall(contrast_patcher(), rb_sym_in_request_context,
270
- 0))) {
271
- /* (RUBY-290, checking for a request_context is to be deprecated)
272
- * if we're not within a request context, don't analyze (by fiat)
273
- * We reset scope at the end of request contexts right now, don't remove
274
- * this check without also handling that code.
275
- */
276
- do_contrast = 0;
277
317
  }
278
318
 
279
319
  original_args[0] = INT2NUM(argc);
@@ -294,7 +334,9 @@ VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
294
334
  }
295
335
 
296
336
  /* Enter any scopes specific to method policy */
297
- rb_funcall(contrast_patcher(), rb_sym_enter_method_scope, 1, method_policy);
337
+ VALUE scopes = rb_funcall(method_policy, rb_sym_scopes_to_enter, 0);
338
+
339
+ inst_methods_enter_method_scope(contrast_patcher(), scopes);
298
340
 
299
341
  /* If we're not doing Contrast analysis, exit scope and treat as normal. */
300
342
  if (!do_contrast) {
@@ -302,16 +344,17 @@ VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
302
344
  }
303
345
 
304
346
  /* Otherwise, invoke Contrast analysis. */
305
- VALUE wrapped_args[7];
306
- wrapped_args[0] = impl;
307
- wrapped_args[1] = (VALUE)original_args;
308
- wrapped_args[2] = method;
309
- wrapped_args[3] = method_policy;
310
- wrapped_args[4] = object;
311
- wrapped_args[5] = INT2NUM(argc);
312
- wrapped_args[6] = (VALUE)argv;
313
-
314
- return rb_ensure(contrast_run_patches, (VALUE)wrapped_args, contrast_ensure_function, method_policy);
347
+ VALUE wrapped_args[7];
348
+ wrapped_args[0] = impl;
349
+ wrapped_args[1] = (VALUE)original_args;
350
+ wrapped_args[2] = method;
351
+ wrapped_args[3] = method_policy;
352
+ wrapped_args[4] = object;
353
+ wrapped_args[5] = INT2NUM(argc);
354
+ wrapped_args[6] = (VALUE)argv;
355
+
356
+ return rb_ensure(contrast_run_patches, (VALUE)wrapped_args,
357
+ contrast_ensure_function, method_policy);
315
358
 
316
359
  call_original:
317
360
 
@@ -322,7 +365,8 @@ call_original:
322
365
  case IMPL_ALIAS_INSTANCE:
323
366
  case IMPL_ALIAS_SINGLETON:
324
367
  return contrast_patch_call_original(original_args);
325
- case IMPL_PREPEND:
368
+ case IMPL_PREPEND_INSTANCE:
369
+ case IMPL_PREPEND_SINGLETON:
326
370
  return contrast_call_super(original_args);
327
371
  };
328
372
  }
@@ -337,9 +381,14 @@ VALUE contrast_alias_singleton_patch(const int argc, const VALUE *argv,
337
381
  return contrast_patch_dispatch(argc, argv, IMPL_ALIAS_SINGLETON, object);
338
382
  }
339
383
 
340
- VALUE contrast_prepend_patch(const int argc, const VALUE *argv,
341
- const VALUE object) {
342
- return contrast_patch_dispatch(argc, argv, IMPL_PREPEND, object);
384
+ VALUE contrast_prepend_instance_patch(const int argc, const VALUE *argv,
385
+ const VALUE object) {
386
+ return contrast_patch_dispatch(argc, argv, IMPL_PREPEND_INSTANCE, object);
387
+ }
388
+
389
+ VALUE contrast_prepend_singleton_patch(const int argc, const VALUE *argv,
390
+ const VALUE object) {
391
+ return contrast_patch_dispatch(argc, argv, IMPL_PREPEND_SINGLETON, object);
343
392
  }
344
393
 
345
394
  VALUE contrast_patch_define_method(const VALUE self, const VALUE clazz,
@@ -351,8 +400,9 @@ VALUE contrast_patch_define_method(const VALUE self, const VALUE clazz,
351
400
  rb_funcall(method_policy, rb_sym_instance_method, 0);
352
401
  char *cStr;
353
402
  VALUE str;
354
- rb_funcall(patch_status, rb_sym_set_info_for, 5, clazz, original_method_name,
355
- method_policy, is_instance_method, cs_method);
403
+ rb_funcall(patch_status, rb_sym_set_info_for, 5, clazz,
404
+ original_method_name, method_policy, is_instance_method,
405
+ cs_method);
356
406
 
357
407
  /* Some methods we patch rely on a specific C level patch,
358
408
  * in those cases we should still add the method to the info_for hash
@@ -404,29 +454,57 @@ VALUE contrast_patch_define_method(const VALUE self, const VALUE clazz,
404
454
  VALUE contrast_patch_prepend(const VALUE self, const VALUE originalModule,
405
455
  const VALUE method_policy) {
406
456
 
457
+ const VALUE instance = Qtrue;
458
+ const VALUE singleton = Qfalse;
407
459
  const VALUE original_method_name =
408
460
  rb_funcall(method_policy, rb_sym_method_name, 0);
409
461
  const VALUE is_private =
410
462
  rb_funcall(method_policy, rb_sym_private_method, 0);
411
463
  const VALUE is_instance_method =
412
464
  rb_funcall(method_policy, rb_sym_instance_method, 0);
413
- rb_funcall(patch_status, rb_sym_set_info_for, 5, originalModule,
414
- original_method_name, method_policy, Qtrue, Qnil);
465
+
466
+ // Set the value for instance or singleton method
467
+ if (RTEST(is_instance_method)) {
468
+ rb_funcall(patch_status, rb_sym_set_info_for, 5, originalModule,
469
+ original_method_name, method_policy, instance, Qnil);
470
+
471
+ } else {
472
+ rb_funcall(patch_status, rb_sym_set_info_for, 5, originalModule,
473
+ original_method_name, method_policy, singleton, Qnil);
474
+ }
475
+
415
476
  VALUE module = rb_define_module_under(originalModule, "ContrastPrepend");
416
477
  VALUE str = rb_funcall(original_method_name, rb_sym_cs_to_s, 0);
417
478
  char *cMethodName = StringValueCStr(str);
418
479
  if (RTEST(is_instance_method)) {
419
480
  if (RTEST(is_private)) {
420
481
  rb_define_private_method(module, cMethodName,
421
- contrast_prepend_patch, -1);
482
+ contrast_prepend_instance_patch, -1);
422
483
  } else {
423
- rb_define_method(module, cMethodName, contrast_prepend_patch, -1);
484
+ rb_define_method(module, cMethodName,
485
+ contrast_prepend_instance_patch, -1);
424
486
  }
425
487
  } else {
426
- rb_define_singleton_method(module, cMethodName, contrast_prepend_patch,
427
- -1);
488
+ rb_define_singleton_method(module, cMethodName,
489
+ contrast_prepend_singleton_patch, -1);
428
490
  }
429
491
  rb_prepend_module(originalModule, module);
492
+
493
+ if (rb_ver_below_three()) {
494
+ VALUE module_at;
495
+ VALUE rb_incl_in_mod_ary =
496
+ rb_funcall(originalModule, rb_intern("included_in"), 0);
497
+ if (RB_TYPE_P(rb_incl_in_mod_ary, T_ARRAY)) {
498
+ int i = 0;
499
+ int size = RARRAY_LEN(rb_incl_in_mod_ary);
500
+ for (i = 0; i < size; ++i) {
501
+ module_at = rb_ary_entry(rb_incl_in_mod_ary, i);
502
+ if (RB_TYPE_P(module_at, T_MODULE)) {
503
+ rb_include_module(module_at, module);
504
+ }
505
+ }
506
+ }
507
+ }
430
508
  return Qtrue;
431
509
  }
432
510
 
@@ -438,7 +516,6 @@ void Init_cs__contrast_patch(void) {
438
516
  rb_sym_contrast_apply_pre_patch = rb_intern("apply_pre_patch");
439
517
  rb_sym_cs_to_s = rb_intern("to_s");
440
518
  rb_sym_custom_patch = rb_intern("requires_custom_patch?");
441
- rb_sym_in_request_context = rb_intern("in_request_context?");
442
519
  rb_sym_info_for = rb_intern("info_for");
443
520
  rb_sym_propagation_node = rb_intern("propagation_node");
444
521
  rb_sym_set_info_for = rb_intern("set_info_for");
@@ -453,6 +530,8 @@ void Init_cs__contrast_patch(void) {
453
530
 
454
531
  rb_sym_enter_method_scope = rb_intern("enter_method_scope!");
455
532
  rb_sym_exit_method_scope = rb_intern("exit_method_scope!");
533
+ rb_sym_scopes_to_enter = rb_intern("scopes_to_enter");
534
+ rb_sym_scopes_to_exit = rb_intern("scopes_to_exit");
456
535
 
457
536
  rb_define_module_function(contrast_patcher(), "contrast_define_method",
458
537
  contrast_patch_define_method, 3);
@@ -1,11 +1,6 @@
1
+ #include "../cs__common/cs__common.h"
1
2
  #include <ruby.h>
2
3
 
3
- typedef enum {
4
- IMPL_ALIAS_INSTANCE,
5
- IMPL_ALIAS_SINGLETON,
6
- IMPL_PREPEND
7
- } patch_impl;
8
-
9
4
  /* Calls to Contrast modules */
10
5
  /* Contrast::Agent::Patching::Policy::PatchStatus */
11
6
  static VALUE patch_status;
@@ -21,10 +16,10 @@ static VALUE rb_sym_contrast_apply_pre_patch;
21
16
  static VALUE rb_sym_custom_patch;
22
17
  static VALUE rb_sym_cs_to_s;
23
18
 
24
- static VALUE rb_sym_in_request_context;
25
-
26
19
  static VALUE rb_sym_enter_method_scope;
27
20
  static VALUE rb_sym_exit_method_scope;
21
+ static VALUE rb_sym_scopes_to_enter;
22
+ static VALUE rb_sym_scopes_to_exit;
28
23
 
29
24
  static VALUE rb_sym_build_method_name;
30
25
  static VALUE rb_sym_info_for;
@@ -145,8 +140,7 @@ VALUE contrast_call_super(const VALUE *args);
145
140
  * instance (specifically for frozen sources)
146
141
  */
147
142
  VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
148
- const patch_impl impl,
149
- const VALUE object);
143
+ const patch_impl impl, const VALUE object);
150
144
 
151
145
  VALUE contrast_alias_instance_patch(const int argc, const VALUE *argv,
152
146
  const VALUE object);
@@ -154,9 +148,11 @@ VALUE contrast_alias_instance_patch(const int argc, const VALUE *argv,
154
148
  VALUE contrast_alias_singleton_patch(const int argc, const VALUE *argv,
155
149
  const VALUE object);
156
150
 
151
+ VALUE contrast_prepend_instance_patch(const int argc, const VALUE *argv,
152
+ const VALUE object);
157
153
 
158
- VALUE contrast_prepend_patch(const int argc, const VALUE *argv,
159
- const VALUE object);
154
+ VALUE contrast_prepend_singleton_patch(const int argc, const VALUE *argv,
155
+ const VALUE object);
160
156
 
161
157
  /*
162
158
  * Patches a module's method by prepend:
@@ -174,12 +170,12 @@ VALUE contrast_prepend_patch(const int argc, const VALUE *argv,
174
170
  * - prepending Foo with Foo::ContrastPrepend
175
171
  *
176
172
  * originalModule - Module; the actual Module being prepended
177
- * methodPolicy - :MethodPolicy; the method policy that apply to the method being redefined
173
+ * methodPolicy - :MethodPolicy; the method policy that apply to the method
174
+ * being redefined
178
175
  *
179
176
  * return - Boolean; if the prepend occurred or not
180
177
  */
181
- VALUE contrast_patch_prepend(const VALUE self,
182
- const VALUE originalModule,
178
+ VALUE contrast_patch_prepend(const VALUE self, const VALUE originalModule,
183
179
  const VALUE methodPolicy);
184
180
 
185
181
  /*
@@ -1,2 +1,5 @@
1
+ # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
1
4
  $TO_MAKE = File.basename(__dir__)
2
5
  require_relative '../extconf_common'
@@ -0,0 +1,34 @@
1
+ /* Copyright (c) 2023 Contrast Security, Inc. See
2
+ * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
3
+
4
+ #include "cs__os_information.h"
5
+ #include <dlfcn.h>
6
+ #include <ruby.h>
7
+ #include <sys/utsname.h>
8
+
9
+ VALUE contrast, utils, os;
10
+
11
+ VALUE contrast_get_system_information() {
12
+ struct utsname uname_pointer;
13
+
14
+ uname(&uname_pointer);
15
+
16
+ VALUE rb_data_hash = rb_hash_new();
17
+ rb_hash_aset(rb_data_hash, rb_str_new2("os_type"),
18
+ rb_str_new2(uname_pointer.sysname));
19
+ rb_hash_aset(rb_data_hash, rb_str_new2("os_version"),
20
+ rb_str_new2(uname_pointer.release));
21
+ rb_hash_aset(rb_data_hash, rb_str_new2("os_complete_version"),
22
+ rb_str_new2(uname_pointer.version));
23
+ rb_hash_aset(rb_data_hash, rb_str_new2("os_arch"),
24
+ rb_str_new2(uname_pointer.machine));
25
+ return rb_data_hash;
26
+ }
27
+
28
+ void Init_cs__os_information(void) {
29
+ contrast = rb_define_module("Contrast");
30
+ utils = rb_define_module_under(contrast, "Utils");
31
+ os = rb_define_module_under(utils, "OS");
32
+ rb_define_module_function(os, "get_system_information",
33
+ contrast_get_system_information, 0);
34
+ }
@@ -0,0 +1,7 @@
1
+ #include <ruby.h>
2
+
3
+ extern VALUE contrast, utils, os;
4
+
5
+ VALUE contrast_get_system_information();
6
+
7
+ void Init_cs__os_information(void);
@@ -0,0 +1,5 @@
1
+ # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ $TO_MAKE = File.basename(__dir__)
5
+ require_relative '../extconf_common'