RubyGems - contrast-agent - Versions diffs - 3.9.1 → 6.15.3 - Mend

contrast-agent 3.9.1 → 6.15.3

Files changed (705) hide show

checksums.yaml +4 -4
data/.dockerignore +0 -1
data/.flayignore +1 -0
data/.gitignore +8 -5
data/.gitmodules +0 -3
data/.rspec +0 -1
data/.rspec_parallel +6 -0
data/.simplecov +6 -2
data/Gemfile +1 -1
data/LICENSE.txt +1 -1
data/Rakefile +5 -2
data/ext/build_funchook.rb +16 -13
data/ext/cs__assess_array/cs__assess_array.c +50 -6
data/ext/cs__assess_array/cs__assess_array.h +5 -1
data/ext/cs__assess_array/extconf.rb +3 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +39 -17
data/ext/cs__assess_basic_object/cs__assess_basic_object.h +2 -1
data/ext/cs__assess_basic_object/extconf.rb +3 -0
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +9 -13
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +3 -4
data/ext/cs__assess_fiber_track/extconf.rb +3 -0
data/ext/cs__assess_hash/cs__assess_hash.c +46 -21
data/ext/cs__assess_hash/cs__assess_hash.h +5 -6
data/ext/cs__assess_hash/extconf.rb +3 -0
data/ext/cs__assess_kernel/cs__assess_kernel.c +29 -15
data/ext/cs__assess_kernel/cs__assess_kernel.h +3 -0
data/ext/cs__assess_kernel/extconf.rb +3 -0
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +57 -23
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +6 -3
data/ext/cs__assess_marshal_module/extconf.rb +3 -0
data/ext/cs__assess_module/cs__assess_module.c +82 -22
data/ext/cs__assess_module/cs__assess_module.h +10 -0
data/ext/cs__assess_module/extconf.rb +3 -0
data/ext/cs__assess_regexp/cs__assess_regexp.c +28 -9
data/ext/cs__assess_regexp/cs__assess_regexp.h +3 -0
data/ext/cs__assess_regexp/extconf.rb +3 -0
data/ext/cs__assess_string/cs__assess_string.c +53 -21
data/ext/cs__assess_string/cs__assess_string.h +7 -1
data/ext/cs__assess_string/extconf.rb +3 -0
data/ext/cs__assess_string_interpolation/cs__assess_string_interpolation.c +39 -0
data/ext/cs__assess_string_interpolation/cs__assess_string_interpolation.h +13 -0
data/ext/cs__assess_string_interpolation/extconf.rb +5 -0
data/ext/cs__assess_test/cs__assess_test.h +9 -0
data/ext/cs__assess_test/cs__assess_tests.c +22 -0
data/ext/cs__assess_test/extconf.rb +5 -0
data/ext/cs__assess_yield_track/cs__assess_yield_track.c +4 -8
data/ext/cs__assess_yield_track/cs__assess_yield_track.h +1 -2
data/ext/cs__assess_yield_track/extconf.rb +3 -0
data/ext/cs__common/cs__common.c +240 -4
data/ext/cs__common/cs__common.h +68 -1
data/ext/cs__common/extconf.rb +3 -16
data/ext/cs__contrast_patch/cs__contrast_patch.c +162 -83
data/ext/cs__contrast_patch/cs__contrast_patch.h +11 -15
data/ext/cs__contrast_patch/extconf.rb +3 -0
data/ext/cs__os_information/cs__os_information.c +34 -0
data/ext/cs__os_information/cs__os_information.h +7 -0
data/ext/cs__os_information/extconf.rb +5 -0
data/ext/cs__scope/cs__scope.c +980 -0
data/ext/cs__scope/cs__scope.h +90 -0
data/ext/cs__scope/extconf.rb +5 -0
data/ext/cs__tests/cs__tests.c +12 -0
data/ext/cs__tests/cs__tests.h +3 -0
data/ext/cs__tests/extconf.rb +5 -0
data/ext/extconf_common.rb +4 -34
data/lib/contrast/agent/assess/assess.rb +23 -0
data/lib/contrast/agent/assess/contrast_object.rb +54 -0
data/lib/contrast/agent/assess/events/event_data.rb +30 -0
data/lib/contrast/agent/assess/finalizers/freeze.rb +15 -0
data/lib/contrast/agent/assess/finalizers/hash.rb +107 -0
data/lib/contrast/agent/{module_data.rb → assess/module_data.rb} +5 -4
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +23 -48
data/lib/contrast/agent/assess/policy/patcher.rb +13 -48
data/lib/contrast/agent/assess/policy/policy.rb +20 -23
data/lib/contrast/agent/assess/policy/policy_node.rb +97 -200
data/lib/contrast/agent/assess/policy/policy_node_utils.rb +50 -0
data/lib/contrast/agent/assess/policy/policy_scanner.rb +15 -12
data/lib/contrast/agent/assess/policy/preshift.rb +49 -18
data/lib/contrast/agent/assess/policy/propagation_method.rb +200 -194
data/lib/contrast/agent/assess/policy/propagation_node.rb +49 -41
data/lib/contrast/agent/assess/policy/propagator/append.rb +32 -15
data/lib/contrast/agent/assess/policy/propagator/base.rb +5 -3
data/lib/contrast/agent/assess/policy/propagator/buffer.rb +119 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +12 -8
data/lib/contrast/agent/assess/policy/propagator/custom.rb +7 -3
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +33 -25
data/lib/contrast/agent/assess/policy/propagator/insert.rb +15 -11
data/lib/contrast/agent/assess/policy/propagator/keep.rb +23 -6
data/lib/contrast/agent/assess/policy/propagator/match_data.rb +118 -0
data/lib/contrast/agent/assess/policy/propagator/next.rb +7 -6
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +13 -6
data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/remove.rb +53 -41
data/lib/contrast/agent/assess/policy/propagator/replace.rb +5 -3
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +7 -6
data/lib/contrast/agent/assess/policy/propagator/select.rb +45 -36
data/lib/contrast/agent/assess/policy/propagator/splat.rb +44 -21
data/lib/contrast/agent/assess/policy/propagator/split.rb +133 -147
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +7 -132
data/lib/contrast/agent/assess/policy/propagator/substitution_utils.rb +190 -0
data/lib/contrast/agent/assess/policy/propagator/trim.rb +74 -52
data/lib/contrast/agent/assess/policy/propagator.rb +21 -18
data/lib/contrast/agent/assess/policy/source_method.rb +126 -188
data/lib/contrast/agent/assess/policy/source_node.rb +3 -17
data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +9 -7
data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +3 -5
data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +103 -0
data/lib/contrast/agent/assess/policy/trigger/xpath.rb +57 -0
data/lib/contrast/agent/assess/policy/trigger_method.rb +143 -206
data/lib/contrast/agent/assess/policy/trigger_node.rb +144 -66
data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +98 -0
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +8 -38
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +9 -7
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +6 -15
data/lib/contrast/agent/assess/properties.rb +15 -383
data/lib/contrast/agent/assess/property/evented.rb +58 -0
data/lib/contrast/agent/assess/property/tagged.rb +246 -0
data/lib/contrast/agent/assess/property/updated.rb +131 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +58 -19
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +22 -17
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +93 -81
data/lib/contrast/agent/assess/rule/provider.rb +4 -4
data/lib/contrast/agent/assess/rule/response/auto_complete_rule.rb +69 -0
data/lib/contrast/agent/assess/rule/response/base_rule.rb +121 -0
data/lib/contrast/agent/assess/rule/response/body_rule.rb +107 -0
data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +195 -0
data/lib/contrast/agent/assess/rule/response/click_jacking_header_rule.rb +26 -0
data/lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb +100 -0
data/lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb +26 -0
data/lib/contrast/agent/assess/rule/response/framework/rails_support.rb +34 -0
data/lib/contrast/agent/assess/rule/response/header_rule.rb +70 -0
data/lib/contrast/agent/assess/rule/response/hsts_header_rule.rb +36 -0
data/lib/contrast/agent/assess/rule/response/parameters_pollution_rule.rb +61 -0
data/lib/contrast/agent/assess/rule/response/x_content_type_header_rule.rb +26 -0
data/lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb +34 -0
data/lib/contrast/agent/assess/tag.rb +84 -41
data/lib/contrast/agent/assess/tracker.rb +70 -0
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +11 -6
data/lib/contrast/agent/deadzone/policy/policy.rb +11 -7
data/lib/contrast/agent/excluder/excluder.rb +306 -0
data/lib/contrast/agent/excluder/exclusion_matcher.rb +112 -0
data/lib/contrast/agent/hooks/at_exit_hook.rb +44 -0
data/lib/contrast/agent/hooks/tracepoint_hook.rb +57 -0
data/lib/contrast/agent/inventory/database_config.rb +175 -0
data/lib/contrast/agent/inventory/dependencies.rb +52 -0
data/lib/contrast/agent/inventory/dependency_analysis.rb +34 -0
data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +120 -0
data/lib/contrast/agent/inventory/inventory.rb +14 -0
data/lib/contrast/agent/inventory/policy/datastores.rb +51 -0
data/lib/contrast/agent/inventory/policy/policy.rb +5 -5
data/lib/contrast/agent/inventory/policy/trigger_node.rb +2 -2
data/lib/contrast/agent/middleware/middleware.rb +214 -0
data/lib/contrast/agent/middleware/static_analysis.rb +51 -0
data/lib/contrast/agent/patching/policy/after_load_patch.rb +22 -11
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +103 -52
data/lib/contrast/agent/patching/policy/method_policy.rb +38 -62
data/lib/contrast/agent/patching/policy/method_policy_extend.rb +117 -0
data/lib/contrast/agent/patching/policy/module_policy.rb +27 -47
data/lib/contrast/agent/patching/policy/patch.rb +129 -254
data/lib/contrast/agent/patching/policy/patch_status.rb +21 -43
data/lib/contrast/agent/patching/policy/patcher.rb +125 -159
data/lib/contrast/agent/patching/policy/policy.rb +63 -58
data/lib/contrast/agent/patching/policy/policy_node.rb +55 -37
data/lib/contrast/agent/patching/policy/trigger_node.rb +32 -16
data/lib/contrast/agent/protect/exploitable_collection.rb +38 -0
data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +165 -0
data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb +122 -0
data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +67 -0
data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +97 -0
data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +72 -0
data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +141 -0
data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +58 -0
data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +125 -0
data/lib/contrast/agent/protect/policy/policy.rb +10 -10
data/lib/contrast/agent/protect/policy/rule_applicator.rb +119 -0
data/lib/contrast/agent/protect/policy/trigger_node.rb +2 -2
data/lib/contrast/agent/protect/rule/base.rb +274 -173
data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker.rb +89 -0
data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb +98 -0
data/lib/contrast/agent/protect/rule/cmdi/cmd_injection.rb +86 -0
data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb +90 -0
data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb +170 -0
data/lib/contrast/agent/protect/rule/cmdi/cmdi_chained_command.rb +63 -0
data/lib/contrast/agent/protect/rule/cmdi/cmdi_dangerous_path.rb +62 -0
data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +27 -0
data/lib/contrast/agent/protect/rule/default_scanner.rb +69 -25
data/lib/contrast/agent/protect/rule/{deserialization.rb → deserialization/deserialization.rb} +29 -24
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +2 -3
data/lib/contrast/agent/protect/rule/no_sqli/no_sqli.rb +105 -0
data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +226 -0
data/lib/contrast/agent/protect/rule/{path_traversal.rb → path_traversal/path_traversal.rb} +48 -55
data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_input_classification.rb +61 -0
data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb +139 -0
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -3
data/lib/contrast/agent/protect/rule/sqli/sql_sample_builder.rb +154 -0
data/lib/contrast/agent/protect/rule/sqli/sqli.rb +101 -0
data/lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb +37 -0
data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +27 -0
data/lib/contrast/agent/protect/rule/sqli/sqli_semantic/sqli_dangerous_functions.rb +67 -0
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload.rb +56 -0
data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +62 -0
data/lib/contrast/agent/protect/rule/utils/builders.rb +111 -0
data/lib/contrast/agent/protect/rule/utils/filters.rb +110 -0
data/lib/contrast/agent/protect/rule/xss/reflected_xss_input_classification.rb +58 -0
data/lib/contrast/agent/protect/rule/xss/xss.rb +50 -0
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +25 -21
data/lib/contrast/agent/protect/rule/xxe/xxe.rb +149 -0
data/lib/contrast/agent/protect/rule.rb +20 -27
data/lib/contrast/agent/reactions/disable_reaction.rb +20 -0
data/lib/contrast/agent/reporting/attack_result/attack_result.rb +71 -0
data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +86 -0
data/lib/contrast/agent/reporting/attack_result/response_type.rb +29 -0
data/lib/contrast/agent/reporting/attack_result/user_input.rb +97 -0
data/lib/contrast/agent/reporting/connection_status.rb +45 -0
data/lib/contrast/agent/reporting/details/bot_blocker_details.rb +29 -0
data/lib/contrast/agent/reporting/details/cmd_injection_details.rb +30 -0
data/lib/contrast/agent/reporting/details/details.rb +17 -0
data/lib/contrast/agent/reporting/details/ip_denylist_details.rb +35 -0
data/lib/contrast/agent/reporting/details/no_sqli_details.rb +36 -0
data/lib/contrast/agent/reporting/details/path_traversal_details.rb +24 -0
data/lib/contrast/agent/reporting/details/path_traversal_semantic_analysis_details.rb +32 -0
data/lib/contrast/agent/reporting/details/protect_rule_details.rb +17 -0
data/lib/contrast/agent/reporting/details/sqli_dangerous_functions.rb +22 -0
data/lib/contrast/agent/reporting/details/sqli_details.rb +36 -0
data/lib/contrast/agent/reporting/details/untrusted_deserialization_details.rb +27 -0
data/lib/contrast/agent/reporting/details/virtual_patch_details.rb +30 -0
data/lib/contrast/agent/reporting/details/xss_details.rb +33 -0
data/lib/contrast/agent/reporting/details/xss_match.rb +30 -0
data/lib/contrast/agent/reporting/details/xxe_details.rb +36 -0
data/lib/contrast/agent/reporting/details/xxe_match.rb +25 -0
data/lib/contrast/agent/reporting/details/xxe_wrapper.rb +25 -0
data/lib/contrast/agent/reporting/input_analysis/details/bot_blocker_details.rb +27 -0
data/lib/contrast/agent/reporting/input_analysis/details/protect_rule_details.rb +15 -0
data/lib/contrast/agent/reporting/input_analysis/input_analysis.rb +55 -0
data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb +129 -0
data/lib/contrast/agent/reporting/input_analysis/input_type.rb +44 -0
data/lib/contrast/agent/reporting/input_analysis/score_level.rb +21 -0
data/lib/contrast/agent/reporting/masker/masker.rb +258 -0
data/lib/contrast/agent/reporting/masker/masker_utils.rb +33 -0
data/lib/contrast/agent/reporting/report.rb +32 -0
data/lib/contrast/agent/reporting/reporter.rb +163 -0
data/lib/contrast/agent/reporting/reporting_events/agent_startup.rb +34 -0
data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +120 -0
data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +101 -0
data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +79 -0
data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +101 -0
data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +74 -0
data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_stack.rb +22 -0
data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +78 -0
data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +43 -0
data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +57 -0
data/lib/contrast/agent/reporting/reporting_events/application_reporting_event.rb +37 -0
data/lib/contrast/agent/reporting/reporting_events/application_settings.rb +40 -0
data/lib/contrast/agent/reporting/reporting_events/application_startup.rb +44 -0
data/lib/contrast/agent/reporting/reporting_events/application_startup_instrumentation.rb +27 -0
data/lib/contrast/agent/reporting/reporting_events/application_update.rb +55 -0
data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +66 -0
data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +122 -0
data/lib/contrast/agent/reporting/reporting_events/finding.rb +201 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +442 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +96 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb +45 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb +47 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +99 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +63 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +65 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +67 -0
data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range_tags.rb +105 -0
data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +126 -0
data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +89 -0
data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +48 -0
data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +37 -0
data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +83 -0
data/lib/contrast/agent/reporting/reporting_events/poll.rb +23 -0
data/lib/contrast/agent/reporting/reporting_events/preflight.rb +52 -0
data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +66 -0
data/lib/contrast/agent/reporting/reporting_events/reportable_hash.rb +47 -0
data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +35 -0
data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +87 -0
data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +59 -0
data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +49 -0
data/lib/contrast/agent/reporting/reporting_events/server_reporting_event.rb +35 -0
data/lib/contrast/agent/reporting/reporting_events/server_settings.rb +40 -0
data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +133 -0
data/lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb +38 -0
data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +176 -0
data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +57 -0
data/lib/contrast/agent/reporting/reporting_utilities/ng_response_extractor.rb +137 -0
data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +138 -0
data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +161 -0
data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +66 -0
data/lib/contrast/agent/reporting/reporting_utilities/response.rb +98 -0
data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +149 -0
data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +118 -0
data/lib/contrast/agent/reporting/reporting_utilities/response_handler_mode.rb +63 -0
data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +393 -0
data/lib/contrast/agent/reporting/reporting_workers/application_server_worker.rb +46 -0
data/lib/contrast/agent/reporting/reporting_workers/reporter_heartbeat.rb +51 -0
data/lib/contrast/agent/reporting/reporting_workers/reporting_workers.rb +14 -0
data/lib/contrast/agent/reporting/reporting_workers/server_settings_worker.rb +46 -0
data/lib/contrast/agent/reporting/settings/application_settings.rb +61 -0
data/lib/contrast/agent/reporting/settings/assess.rb +58 -0
data/lib/contrast/agent/reporting/settings/assess_rule.rb +18 -0
data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +114 -0
data/lib/contrast/agent/reporting/settings/bot_blocker.rb +68 -0
data/lib/contrast/agent/reporting/settings/exclusion_base.rb +129 -0
data/lib/contrast/agent/reporting/settings/exclusions.rb +86 -0
data/lib/contrast/agent/reporting/settings/helpers.rb +101 -0
data/lib/contrast/agent/reporting/settings/input_exclusion.rb +87 -0
data/lib/contrast/agent/reporting/settings/ip_filter.rb +35 -0
data/lib/contrast/agent/reporting/settings/keyword.rb +74 -0
data/lib/contrast/agent/reporting/settings/log_enhancer.rb +65 -0
data/lib/contrast/agent/reporting/settings/protect.rb +111 -0
data/lib/contrast/agent/reporting/settings/protect_rule.rb +18 -0
data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +227 -0
data/lib/contrast/agent/reporting/settings/reaction.rb +39 -0
data/lib/contrast/agent/reporting/settings/rule_definition.rb +66 -0
data/lib/contrast/agent/reporting/settings/sampling.rb +46 -0
data/lib/contrast/agent/reporting/settings/sanitizer.rb +38 -0
data/lib/contrast/agent/reporting/settings/security_logger.rb +77 -0
data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +118 -0
data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +65 -0
data/lib/contrast/agent/reporting/settings/server_features.rb +95 -0
data/lib/contrast/agent/reporting/settings/syslog.rb +205 -0
data/lib/contrast/agent/reporting/settings/url_exclusion.rb +18 -0
data/lib/contrast/agent/reporting/settings/validator.rb +17 -0
data/lib/contrast/agent/reporting/settings/virtual_patch.rb +56 -0
data/lib/contrast/agent/reporting/settings/virtual_patch_condition.rb +47 -0
data/lib/contrast/agent/request/request.rb +189 -0
data/lib/contrast/agent/request/request_context.rb +143 -0
data/lib/contrast/agent/request/request_context_extend.rb +105 -0
data/lib/contrast/agent/request/request_handler.rb +41 -0
data/lib/contrast/agent/response/response.rb +87 -0
data/lib/contrast/agent/scope/scope.rb +158 -0
data/lib/contrast/agent/telemetry/base.rb +171 -0
data/lib/contrast/agent/telemetry/client.rb +111 -0
data/lib/contrast/agent/telemetry/event.rb +35 -0
data/lib/contrast/agent/telemetry/exception/base.rb +61 -0
data/lib/contrast/agent/telemetry/exception/event.rb +46 -0
data/lib/contrast/agent/telemetry/exception/message.rb +118 -0
data/lib/contrast/agent/telemetry/exception/message_exception.rb +86 -0
data/lib/contrast/agent/telemetry/exception/stack_frame.rb +67 -0
data/lib/contrast/agent/telemetry/exception.rb +19 -0
data/lib/contrast/agent/telemetry/hash.rb +71 -0
data/lib/contrast/agent/telemetry/identifier.rb +153 -0
data/lib/contrast/agent/telemetry/metric_event.rb +28 -0
data/lib/contrast/agent/telemetry/startup_metrics_event.rb +123 -0
data/lib/contrast/agent/telemetry/telemetry.rb +109 -0
data/lib/contrast/agent/{thread.rb → thread/thread.rb} +4 -6
data/lib/contrast/agent/thread/thread_watcher.rb +126 -0
data/lib/contrast/agent/thread/worker_thread.rb +42 -0
data/lib/contrast/agent/version.rb +2 -2
data/lib/contrast/agent.rb +96 -57
data/lib/contrast/agent_lib/api/command_injection.rb +46 -0
data/lib/contrast/agent_lib/api/init.rb +95 -0
data/lib/contrast/agent_lib/api/input_tracing.rb +265 -0
data/lib/contrast/agent_lib/api/panic.rb +87 -0
data/lib/contrast/agent_lib/api/path_semantic_file_security_bypass.rb +40 -0
data/lib/contrast/agent_lib/interface.rb +245 -0
data/lib/contrast/agent_lib/interface_base.rb +131 -0
data/lib/contrast/agent_lib/return_types/eval_result.rb +44 -0
data/lib/contrast/agent_lib/test.rb +29 -0
data/lib/contrast/components/agent.rb +104 -48
data/lib/contrast/components/api.rb +159 -0
data/lib/contrast/components/app_context.rb +125 -98
data/lib/contrast/components/app_context_extend.rb +53 -0
data/lib/contrast/components/assess.rb +210 -24
data/lib/contrast/components/assess_rules.rb +54 -0
data/lib/contrast/components/base.rb +103 -0
data/lib/contrast/components/config/sources.rb +95 -0
data/lib/contrast/components/config.rb +182 -60
data/lib/contrast/components/heap_dump.rb +77 -12
data/lib/contrast/components/inventory.rb +37 -10
data/lib/contrast/components/logger.rb +46 -76
data/lib/contrast/components/polling.rb +39 -0
data/lib/contrast/components/protect.rb +142 -16
data/lib/contrast/components/ruby_component.rb +135 -0
data/lib/contrast/components/rule_set.rb +52 -0
data/lib/contrast/components/sampling.rb +156 -15
data/lib/contrast/components/scope.rb +125 -116
data/lib/contrast/components/security_logger.rb +36 -0
data/lib/contrast/components/settings.rb +239 -88
data/lib/contrast/config/api_proxy_configuration.rb +27 -0
data/lib/contrast/config/base_configuration.rb +20 -94
data/lib/contrast/config/certification_configuration.rb +47 -0
data/lib/contrast/config/config.rb +48 -0
data/lib/contrast/config/diagnostics.rb +123 -0
data/lib/contrast/config/diagnostics_tools.rb +99 -0
data/lib/contrast/config/effective_config.rb +131 -0
data/lib/contrast/config/effective_config_value.rb +32 -0
data/lib/contrast/config/env_variables.rb +18 -0
data/lib/contrast/config/exception_configuration.rb +34 -12
data/lib/contrast/config/protect_rule_configuration.rb +45 -24
data/lib/contrast/config/protect_rules_configuration.rb +97 -22
data/lib/contrast/config/request_audit_configuration.rb +57 -0
data/lib/contrast/config/server_configuration.rb +67 -15
data/lib/contrast/config/validate.rb +140 -0
data/lib/contrast/config/yaml_file.rb +129 -0
data/lib/contrast/config.rb +6 -22
data/lib/contrast/configuration.rb +241 -109
data/lib/contrast/extension/assess/array.rb +75 -0
data/lib/contrast/extension/assess/erb.rb +61 -0
data/lib/contrast/extension/assess/eval_trigger.rb +47 -0
data/lib/contrast/{extensions/ruby_core → extension}/assess/exec_trigger.rb +9 -21
data/lib/contrast/extension/assess/fiber.rb +95 -0
data/lib/contrast/extension/assess/hash.rb +33 -0
data/lib/contrast/extension/assess/kernel.rb +124 -0
data/lib/contrast/extension/assess/marshal.rb +80 -0
data/lib/contrast/extension/assess/regexp.rb +71 -0
data/lib/contrast/extension/assess/string.rb +85 -0
data/lib/contrast/extension/assess.rb +47 -0
data/lib/contrast/{extensions/ruby_core → extension}/delegator.rb +3 -1
data/lib/contrast/extension/extension.rb +59 -0
data/lib/contrast/extension/inventory.rb +21 -0
data/lib/contrast/{extensions/ruby_core → extension}/module.rb +2 -3
data/lib/contrast/extension/object.rb +19 -0
data/lib/contrast/extension/protect/psych.rb +7 -0
data/lib/contrast/{extensions/ruby_core → extension}/protect.rb +6 -6
data/lib/contrast/extension/thread.rb +50 -0
data/lib/contrast/framework/base_support.rb +69 -54
data/lib/contrast/framework/grape/support.rb +176 -0
data/lib/contrast/framework/manager.rb +112 -60
data/lib/contrast/framework/manager_extend.rb +50 -0
data/lib/contrast/framework/rack/patch/session_cookie.rb +108 -0
data/lib/contrast/framework/rack/patch/support.rb +26 -0
data/lib/contrast/framework/rack/support.rb +23 -0
data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +46 -0
data/lib/contrast/framework/rails/patch/assess_configuration.rb +98 -0
data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +31 -0
data/lib/contrast/framework/rails/patch/support.rb +46 -0
data/lib/contrast/framework/rails/railtie.rb +33 -0
data/lib/contrast/framework/rails/support.rb +187 -0
data/lib/contrast/framework/sinatra/patch/encrypted_session_cookie.rb +39 -0
data/lib/contrast/framework/sinatra/support.rb +162 -0
data/lib/contrast/funchook/funchook.rb +44 -0
data/lib/contrast/logger/aliased_logging.rb +158 -0
data/lib/contrast/logger/application.rb +84 -0
data/lib/contrast/logger/cef_log.rb +169 -0
data/lib/contrast/logger/format.rb +61 -0
data/lib/contrast/logger/log.rb +90 -0
data/lib/contrast/logger/request.rb +25 -0
data/lib/contrast/logger/time.rb +57 -0
data/lib/contrast/security_exception.rb +2 -2
data/lib/contrast/tasks/config.rb +33 -0
data/lib/contrast/utils/assess/event_limit_utils.rb +134 -0
data/lib/contrast/utils/assess/object_store.rb +36 -0
data/lib/contrast/utils/assess/propagation_method_utils.rb +155 -0
data/lib/contrast/utils/assess/property/tagged_utils.rb +165 -0
data/lib/contrast/utils/assess/sampling_util.rb +11 -17
data/lib/contrast/utils/assess/source_method_utils.rb +74 -0
data/lib/contrast/utils/assess/split_utils.rb +23 -0
data/lib/contrast/utils/assess/tracking_util.rb +96 -18
data/lib/contrast/utils/assess/trigger_method_utils.rb +132 -0
data/lib/contrast/utils/class_util.rb +80 -48
data/lib/contrast/utils/duck_utils.rb +18 -9
data/lib/contrast/utils/env_configuration_item.rb +4 -3
data/lib/contrast/utils/findings.rb +66 -0
data/lib/contrast/utils/hash_digest.rb +52 -99
data/lib/contrast/utils/hash_digest_extend.rb +129 -0
data/lib/contrast/utils/head_dump_utils_extend.rb +74 -0
data/lib/contrast/utils/heap_dump_util.rb +44 -88
data/lib/contrast/utils/input_classification_base.rb +169 -0
data/lib/contrast/utils/invalid_configuration_util.rb +31 -45
data/lib/contrast/utils/io_util.rb +47 -51
data/lib/contrast/utils/job_servers_running.rb +21 -11
data/lib/contrast/utils/log_utils.rb +254 -0
data/lib/contrast/utils/lru_cache.rb +48 -0
data/lib/contrast/utils/metrics_hash.rb +59 -0
data/lib/contrast/utils/middleware_utils.rb +97 -0
data/lib/contrast/utils/net_http_base.rb +173 -0
data/lib/contrast/utils/object_share.rb +8 -48
data/lib/contrast/utils/os.rb +14 -24
data/lib/contrast/utils/patching/policy/patch_utils.rb +175 -0
data/lib/contrast/utils/patching/policy/patcher_utils.rb +54 -0
data/lib/contrast/utils/reporting/application_activity_batch_utils.rb +89 -0
data/lib/contrast/utils/request_utils.rb +96 -0
data/lib/contrast/utils/resource_loader.rb +2 -2
data/lib/contrast/utils/response_utils.rb +79 -0
data/lib/contrast/utils/routes_sent.rb +63 -0
data/lib/contrast/utils/sha256_builder.rb +9 -21
data/lib/contrast/utils/silence_maker.rb +16 -0
data/lib/contrast/utils/stack_trace_utils.rb +68 -184
data/lib/contrast/utils/string_utils.rb +82 -52
data/lib/contrast/utils/tag_util.rb +58 -44
data/lib/contrast/utils/thread_tracker.rb +27 -23
data/lib/contrast/utils/timer.rb +20 -55
data/lib/contrast-agent.rb +2 -2
data/lib/contrast.rb +106 -43
data/resources/assess/policy.json +481 -120
data/resources/deadzone/policy.json +280 -10
data/resources/inventory/policy.json +2 -2
data/resources/protect/policy.json +36 -17
data/ruby-agent.gemspec +116 -46
data/sonar-project.properties +9 -0
metadata +694 -317
data/exe/contrast_service +0 -29
data/ext/cs__assess_active_record_named/cs__active_record_named.c +0 -47
data/ext/cs__assess_active_record_named/cs__active_record_named.h +0 -10
data/ext/cs__assess_active_record_named/extconf.rb +0 -2
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +0 -63
data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +0 -29
data/ext/cs__assess_regexp_track/extconf.rb +0 -2
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +0 -31
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +0 -13
data/ext/cs__assess_string_interpolation26/extconf.rb +0 -2
data/ext/cs__protect_kernel/cs__protect_kernel.c +0 -37
data/ext/cs__protect_kernel/cs__protect_kernel.h +0 -11
data/ext/cs__protect_kernel/extconf.rb +0 -2
data/funchook/Makefile +0 -29
data/funchook/autom4te.cache/output.0 +0 -4976
data/funchook/autom4te.cache/requests +0 -78
data/funchook/autom4te.cache/traces.0 +0 -364
data/funchook/config.log +0 -490
data/funchook/config.status +0 -1016
data/funchook/configure +0 -4976
data/funchook/src/Makefile +0 -70
data/funchook/src/config.h +0 -101
data/funchook/src/config.h.in +0 -100
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.so +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +0 -43
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.o +0 -0
data/lib/contrast/agent/assess/adjusted_span.rb +0 -25
data/lib/contrast/agent/assess/contrast_event.rb +0 -399
data/lib/contrast/agent/assess/frozen_properties.rb +0 -41
data/lib/contrast/agent/assess/insulator.rb +0 -53
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +0 -80
data/lib/contrast/agent/assess/rule/base.rb +0 -72
data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +0 -28
data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +0 -73
data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +0 -132
data/lib/contrast/agent/assess/rule/csrf.rb +0 -66
data/lib/contrast/agent/assess/rule/redos.rb +0 -68
data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +0 -47
data/lib/contrast/agent/assess/rule/response_watcher.rb +0 -36
data/lib/contrast/agent/assess/rule/watcher.rb +0 -36
data/lib/contrast/agent/assess/rule.rb +0 -18
data/lib/contrast/agent/assess.rb +0 -44
data/lib/contrast/agent/at_exit_hook.rb +0 -33
data/lib/contrast/agent/class_reopener.rb +0 -238
data/lib/contrast/agent/disable_reaction.rb +0 -24
data/lib/contrast/agent/exclusion_matcher.rb +0 -190
data/lib/contrast/agent/feature_state.rb +0 -379
data/lib/contrast/agent/logger_manager.rb +0 -116
data/lib/contrast/agent/middleware.rb +0 -350
data/lib/contrast/agent/protect/rule/base_service.rb +0 -88
data/lib/contrast/agent/protect/rule/cmd_injection.rb +0 -156
data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +0 -103
data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +0 -85
data/lib/contrast/agent/protect/rule/csrf.rb +0 -118
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +0 -80
data/lib/contrast/agent/protect/rule/no_sqli.rb +0 -101
data/lib/contrast/agent/protect/rule/sqli.rb +0 -101
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +0 -20
data/lib/contrast/agent/protect/rule/xss.rb +0 -24
data/lib/contrast/agent/protect/rule/xxe.rb +0 -120
data/lib/contrast/agent/railtie.rb +0 -36
data/lib/contrast/agent/reaction_processor.rb +0 -47
data/lib/contrast/agent/request.rb +0 -475
data/lib/contrast/agent/request_context.rb +0 -225
data/lib/contrast/agent/require_state.rb +0 -61
data/lib/contrast/agent/response.rb +0 -215
data/lib/contrast/agent/rewriter.rb +0 -245
data/lib/contrast/agent/scope.rb +0 -125
data/lib/contrast/agent/service_heartbeat.rb +0 -40
data/lib/contrast/agent/settings_state.rb +0 -152
data/lib/contrast/agent/socket_client.rb +0 -128
data/lib/contrast/agent/tracepoint_hook.rb +0 -51
data/lib/contrast/api/connection_status.rb +0 -49
data/lib/contrast/api/dtm_pb.rb +0 -718
data/lib/contrast/api/settings_pb.rb +0 -416
data/lib/contrast/api/socket.rb +0 -43
data/lib/contrast/api/speedracer.rb +0 -186
data/lib/contrast/api/tcp_socket.rb +0 -31
data/lib/contrast/api/unix_socket.rb +0 -25
data/lib/contrast/api.rb +0 -18
data/lib/contrast/common_agent_configuration.rb +0 -86
data/lib/contrast/components/contrast_service.rb +0 -117
data/lib/contrast/components/interface.rb +0 -178
data/lib/contrast/config/agent_configuration.rb +0 -24
data/lib/contrast/config/application_configuration.rb +0 -27
data/lib/contrast/config/assess_configuration.rb +0 -22
data/lib/contrast/config/assess_rules_configuration.rb +0 -18
data/lib/contrast/config/default_value.rb +0 -16
data/lib/contrast/config/heap_dump_configuration.rb +0 -23
data/lib/contrast/config/inventory_configuration.rb +0 -20
data/lib/contrast/config/logger_configuration.rb +0 -20
data/lib/contrast/config/protect_configuration.rb +0 -20
data/lib/contrast/config/root_configuration.rb +0 -26
data/lib/contrast/config/ruby_configuration.rb +0 -44
data/lib/contrast/config/sampling_configuration.rb +0 -22
data/lib/contrast/config/service_configuration.rb +0 -22
data/lib/contrast/delegators/application_update.rb +0 -32
data/lib/contrast/delegators.rb +0 -9
data/lib/contrast/extensions/framework/rack/cookie.rb +0 -24
data/lib/contrast/extensions/framework/rack/request.rb +0 -24
data/lib/contrast/extensions/framework/rack/response.rb +0 -23
data/lib/contrast/extensions/framework/rails/action_controller_railties_helper_inherited.rb +0 -20
data/lib/contrast/extensions/framework/rails/active_record.rb +0 -26
data/lib/contrast/extensions/framework/rails/active_record_named.rb +0 -53
data/lib/contrast/extensions/framework/rails/active_record_time_zone_inherited.rb +0 -21
data/lib/contrast/extensions/framework/rails/buffer.rb +0 -28
data/lib/contrast/extensions/framework/rails/configuration.rb +0 -27
data/lib/contrast/extensions/framework/sinatra/base.rb +0 -59
data/lib/contrast/extensions/ruby_core/assess/array.rb +0 -59
data/lib/contrast/extensions/ruby_core/assess/assess_extension.rb +0 -143
data/lib/contrast/extensions/ruby_core/assess/basic_object.rb +0 -15
data/lib/contrast/extensions/ruby_core/assess/erb.rb +0 -42
data/lib/contrast/extensions/ruby_core/assess/fiber.rb +0 -124
data/lib/contrast/extensions/ruby_core/assess/hash.rb +0 -22
data/lib/contrast/extensions/ruby_core/assess/kernel.rb +0 -95
data/lib/contrast/extensions/ruby_core/assess/module.rb +0 -14
data/lib/contrast/extensions/ruby_core/assess/regexp.rb +0 -206
data/lib/contrast/extensions/ruby_core/assess/string.rb +0 -75
data/lib/contrast/extensions/ruby_core/assess/tilt_template_trigger.rb +0 -73
data/lib/contrast/extensions/ruby_core/assess/xpath_library_trigger.rb +0 -40
data/lib/contrast/extensions/ruby_core/assess.rb +0 -52
data/lib/contrast/extensions/ruby_core/eval_trigger.rb +0 -52
data/lib/contrast/extensions/ruby_core/inventory/datastores.rb +0 -37
data/lib/contrast/extensions/ruby_core/inventory.rb +0 -22
data/lib/contrast/extensions/ruby_core/protect/applies_command_injection_rule.rb +0 -72
data/lib/contrast/extensions/ruby_core/protect/applies_deserialization_rule.rb +0 -60
data/lib/contrast/extensions/ruby_core/protect/applies_no_sqli_rule.rb +0 -83
data/lib/contrast/extensions/ruby_core/protect/applies_path_traversal_rule.rb +0 -123
data/lib/contrast/extensions/ruby_core/protect/applies_sqli_rule.rb +0 -65
data/lib/contrast/extensions/ruby_core/protect/applies_xxe_rule.rb +0 -143
data/lib/contrast/extensions/ruby_core/protect/kernel.rb +0 -30
data/lib/contrast/extensions/ruby_core/protect/psych.rb +0 -7
data/lib/contrast/extensions/ruby_core/thread.rb +0 -31
data/lib/contrast/framework/platform_version.rb +0 -21
data/lib/contrast/framework/rails_support.rb +0 -88
data/lib/contrast/framework/sinatra_application_helper.rb +0 -49
data/lib/contrast/framework/sinatra_support.rb +0 -94
data/lib/contrast/framework/view_technologies_descriptor.rb +0 -20
data/lib/contrast/internal_exception.rb +0 -8
data/lib/contrast/tasks/service.rb +0 -95
data/lib/contrast/utils/boolean_util.rb +0 -33
data/lib/contrast/utils/cache.rb +0 -69
data/lib/contrast/utils/comment_range.rb +0 -19
data/lib/contrast/utils/data_store_util.rb +0 -23
data/lib/contrast/utils/environment_util.rb +0 -82
data/lib/contrast/utils/freeze_util.rb +0 -32
data/lib/contrast/utils/gemfile_reader.rb +0 -191
data/lib/contrast/utils/inventory_util.rb +0 -126
data/lib/contrast/utils/performs_logging.rb +0 -152
data/lib/contrast/utils/preflight_util.rb +0 -13
data/lib/contrast/utils/prevent_serialization.rb +0 -52
data/lib/contrast/utils/rack_assess_session_cookie.rb +0 -104
data/lib/contrast/utils/rails_assess_configuration.rb +0 -95
data/lib/contrast/utils/random_util.rb +0 -22
data/lib/contrast/utils/ruby_ast_rewriter.rb +0 -74
data/lib/contrast/utils/service_response_util.rb +0 -110
data/lib/contrast/utils/service_sender_util.rb +0 -106
data/lib/contrast/utils/sinatra_helper.rb +0 -55
data/resources/csrf/inject.js +0 -44
data/resources/factory-bot-spec/spec_helper.rb +0 -30
data/resources/rubocops/kernel/catch_cop.rb +0 -37
data/resources/rubocops/kernel/require_cop.rb +0 -37
data/resources/rubocops/kernel/require_relative_cop.rb +0 -33
data/resources/rubocops/module/autoload_cop.rb +0 -37
data/resources/rubocops/module/const_defined_cop.rb +0 -37
data/resources/rubocops/module/const_get_cop.rb +0 -37
data/resources/rubocops/module/const_set_cop.rb +0 -37
data/resources/rubocops/module/constants_cop.rb +0 -37
data/resources/rubocops/module/name_cop.rb +0 -37
data/resources/rubocops/object/class_cop.rb +0 -37
data/resources/rubocops/object/freeze_cop.rb +0 -37
data/resources/rubocops/object/frozen_cop.rb +0 -37
data/resources/rubocops/object/is_a_cop.rb +0 -37
data/resources/rubocops/object/method_cop.rb +0 -37
data/resources/rubocops/object/respond_to_cop.rb +0 -37
data/resources/rubocops/object/singleton_class_cop.rb +0 -37
data/resources/rubocops/regexp/spelling_cop.rb +0 -44
data/resources/rubocops/thread/new_cop.rb +0 -39
data/resources/ruby-spec/ancestors_spec.rb +0 -70
data/resources/ruby-spec/modulo_spec.rb +0 -831
data/resources/ruby-spec/parameters_spec.rb +0 -261
data/resources/ruby-spec/ruby_spec_spec_helper.rb +0 -35
data/service_executables/.gitkeep +0 -0
data/service_executables/VERSION +0 -1
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
data/shared_libraries/funchook.h +0 -123
data/shared_libraries/libfunchook.so +0 -0

data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb DELETED Viewed

@@ -1,73 +0,0 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-cs__scoped_require 'contrast/utils/object_share'
-cs__scoped_require 'contrast/components/interface'
-module Contrast
-  module Agent
-    module Assess
-      module Rule
-        class Csrf
-          # This class is called by our patches to determine if a CSRF
-          # vulnerability exists within an application. It is used through a
-          # CUSTOM propagation in order to capture that a Database call was
-          # made in response to a request that did not have the Contrast CSRF
-          # token.
-          class CsrfApplicator
-            include Contrast::Components::Interface
-            access_component :logging, :analysis, :scope
-            CS__CSRF_LOG_MSG = 'applying CSRF assess rule'
-            class << self
-              def csrf_tagger patcher, preshift, _ret, _block
-                return unless rule&.enabled?
-                idx = patcher.sources[0].to_i
-                args = preshift.args
-                return unless args&.length.to_i > idx
-                sql = args[idx]
-                return unless sql
-                with_contrast_scope do
-                  logger.debug(nil, CS__CSRF_LOG_MSG)
-                  rule.record_db_state_change(
-                      Contrast::Agent::REQUEST_TRACKER.current,
-                      sql)
-                end
-              end
-              def apply_csrf_rule sql
-                context = Contrast::Agent::REQUEST_TRACKER.current
-                return unless context&.app_loaded?
-                return unless ASSESS.enabled?
-                return unless sql
-                rule = Contrast::Agent::FeatureState.instance.assess_rule(
-                    Contrast::Agent::Assess::Rule::Csrf::NAME)
-                return unless rule&.enabled?
-                with_contrast_scope do
-                  logger.debug(CS__CSRF_LOG_MSG)
-                  rule.record_db_state_change(context, sql)
-                end
-              rescue StandardError => e
-                logger.warn(e, 'Error running CSRF assess rule')
-              end
-              private
-              def rule
-                @_rule ||= Contrast::Agent::FeatureState.instance.assess_rule(
-                    Contrast::Agent::Assess::Rule::Csrf::NAME)
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb DELETED Viewed

@@ -1,132 +0,0 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-cs__scoped_require 'contrast/agent/assess/rule/response_watcher'
-module Contrast
-  module Agent
-    module Assess
-      module Rule
-        class Csrf
-          # Watchers are how those Rules which do not act on dataflow function.
-          # This one is used by the CSRF rule to determine if a request was
-          # made in a way that is susceptible to a CSRF attack.
-          class Watcher < Contrast::Agent::Assess::Rule::ResponseWatcher
-            def supports? context
-              return false unless super(context)
-              return false unless user_agent?(context)
-              return false unless form_content_type?(context)
-              return false unless form_method?(context)
-              return false if empty_get?(context)
-              true
-            end
-            X_REQUESTED_WITH = 'X-REQUESTED-WITH'
-            # ignore this request if X-Requested-With is set
-            def x_requested_with? context
-              !context.request.normalized_request_headers[X_REQUESTED_WITH].nil?
-            end
-            USER_AGENT = 'USER-AGENT'
-            # ignore this request if User-Agent is NOT set
-            # since that indicates this isn't a browser interaction
-            def user_agent? context
-              !context.request.normalized_request_headers[USER_AGENT].nil?
-            end
-            CONTENT_TYPE = 'CONTENT-TYPE'
-            FORM_TYPES = %w[
-              text/plain
-              multipart/form-data
-              application/x-www-form-urlencoded
-            ].cs__freeze
-            # ignore this request if the Content-Type is NOT set
-            # to a form content type
-            def form_content_type? context
-              type = context.request.content_type
-              # We need to account for the charset being part of the header. It doesn't
-              # affect how we determine CSRF-ability or not
-              type = type.split(Contrast::Utils::ObjectShare::SEMICOLON)[0] if type
-              FORM_TYPES.include?(type)
-            end
-            FORM_METHODS = %w[GET POST].cs__freeze
-            # ignore this request if the request method
-            # is not one that can be set with forms
-            def form_method? context
-              FORM_METHODS.include?(context.request.request_method)
-            end
-            GET = 'GET'
-            # ignore this request if the method is get
-            # and the query string is empty
-            def empty_get? context
-              request = context.request
-              request.request_method ==
-                  GET &&
-                  (request.query_string.nil? || request.query_string.empty?)
-            end
-            # If a parameter contains 'csrf' or 'token', we consider
-            # it to be a guard against CSRF and therefore determine
-            # that this request is not vulnerable.
-            CSRF_PATTERN = /csrf/i.cs__freeze
-            TOKEN_PATTERN = /token/i.cs__freeze
-            def vulnerable? context
-              # having the property 'csrf.token.checked' indicates
-              # that a CSRF check was preformed at some point during
-              # this request, so we consider it to not be vulnerable
-              return false if context.get_property(CHECKED)
-              params = context.request.parameters
-              params.each_key do |key|
-                return false if key.match?(CSRF_PATTERN)
-                return false if key.match?(TOKEN_PATTERN) && looks_like_token?(params[key])
-              end
-              # having no actions means there's no vulnerability
-              return false unless context.get_property(STATE_CHANGING_ACTIONS_KEY)&.any?
-              true
-            end
-            MINIMUM_CSRF_TOKEN_SIZE = 8
-            MAXIMUM_CSRF_TOKEN_SIZE = 24
-            TOKEN_REGEXP = /^[A-Za-z0-9]*$/.cs__freeze
-            def looks_like_token? value
-              return false unless value
-              values = [value]
-              values.each do |parameter|
-                next unless parameter
-                length = parameter.length
-                next if length < MINIMUM_CSRF_TOKEN_SIZE
-                next if length > MAXIMUM_CSRF_TOKEN_SIZE
-                return true if parameter.match?(TOKEN_REGEXP)
-              end
-              false
-            end
-            DATA_KEY = 'actions'
-            def build_finding context
-              actions = context.get_property(STATE_CHANGING_ACTIONS_KEY)
-              return if actions.nil? || actions.empty?
-              string = actions.map(&:to_h).to_json
-              finding = Contrast::Api::Dtm::Finding.new
-              finding.rule_id = Contrast::Agent::Assess::Rule::Csrf::NAME
-              finding.session_id = Contrast::Agent::FeatureState.instance.current_session_id
-              hash_code = Contrast::Utils::HashDigest.generate_response_hash(finding)
-              finding.hash_code = Contrast::Utils::StringUtils.force_utf8(hash_code)
-              finding.properties[DATA_KEY] = Contrast::Utils::StringUtils.force_utf8(string)
-              finding
-            rescue StandardError => e
-              logger.error(e, 'Unable to build a finding for CSRF')
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/contrast/agent/assess/rule/csrf.rb DELETED Viewed

@@ -1,66 +0,0 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-module Contrast
-  module Agent
-    module Assess
-      module Rule
-        # The Ruby implementation of the CSRF Assess Rule.
-        class Csrf < Contrast::Agent::Assess::Rule::ResponseScanningRule
-          NAME = 'csrf'
-          def name
-            NAME
-          end
-          DB_STATE_CHANGE = 'db'
-          ACTION_LIMIT = 3
-          QUERY_SIZE_LIMIT = 50
-          STATE_CHANGING_ACTIONS_KEY = 'csrf.statechange.actions'
-          def record_db_state_change context, query
-            return unless context
-            changes = context.get_property(STATE_CHANGING_ACTIONS_KEY)
-            changes ||= []
-            return unless changes.length < ACTION_LIMIT
-            return unless state_change?(query)
-            action = Contrast::Agent::Assess::Rule::Csrf::CsrfAction.new
-            action.type = DB_STATE_CHANGE
-            action.evidence = query[0..QUERY_SIZE_LIMIT]
-            changes << action
-            context.add_property(STATE_CHANGING_ACTIONS_KEY, changes)
-          end
-          STATE_CHANGE_QUERY_ACTIONS = %w[
-            insert
-            update
-            delete
-            drop
-            create
-            alter
-            upsert
-          ].cs__freeze
-          # Returns true if the given query starts with any
-          # of the STATE_CHANGE_QUERY_ACTIONS listed above
-          def state_change? query
-            return false unless query.is_a?(String) && !query.empty?
-            query.downcase.start_with?(*STATE_CHANGE_QUERY_ACTIONS)
-          end
-          # some watchers keep state and need to be reset in each request.
-          # this one is not one of those.
-          def watcher
-            @_watcher ||= Contrast::Agent::Assess::Rule::Csrf::Watcher.new
-          end
-          # Indicates if this request has been checked for a CSRF token
-          CHECKED = 'csrf.token.checked'
-        end
-      end
-    end
-  end
-end

data/lib/contrast/agent/assess/rule/redos.rb DELETED Viewed

@@ -1,68 +0,0 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-module Contrast
-  module Agent
-    module Assess
-      module Rule
-        # A regexp is only vulnerable to REDOS if it's going to run
-        # with pathologically bad performance.
-        # We report a vulnerability if the regexp is liable to run
-        # with quadratic time for some input.
-        # This vastly errs on the side of false positives.
-        class Redos < Contrast::Agent::Assess::Rule::Base
-          class << self
-            NAME = 'redos'
-            def name
-              NAME
-            end
-            def regexp_complexity_check context, trigger_node, source, object, ret, invoked, *args
-              # we can arrive here either from:
-              #   regexp =~ string
-              #   string =~ regexp
-              #   regexp.match string
-              #
-              # so object/args[0] can be string/regexp or regexp/string.
-              regexp = object.is_a?(Regexp) ? object : args[0]
-              string = object.is_a?(String) ? object : args[0]
-              # (1) regexp must be exploitable
-              return unless regexp_vulnerable?(regexp)
-              # (2) regexp must evaluate against user input
-              if trigger_node.violated?(string) # rubocop:disable Style/GuardClause
-                Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(context, trigger_node, source, object, ret, invoked + 1, args)
-              end
-            end
-            protected
-            VULNERABLE_PATTERN = /[\[(].*?[\[(].*?[\])][*+?].*?[\])][*+?]/.cs__freeze
-            # Does the regexp
-            # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/rules/dataflow/redos.md
-            def regexp_vulnerable? regexp
-              # A pattern is considered vulnerable if it has 2 or more levels of nested multi-matching.
-              # A level is defined as any set of opening and closing control characters immediately followed by a multi match control character.
-              # A control character is defined as one of the OPENING_CHARS, CLOSING_CHARS,
-              # or MULTI_MATCH_CHARS that is not immediately preceded by an escaping \ character.
-              # OPENING_CHARS are ( and [ CLOSING_CHARS are ) and ] MULTI_MATCH_CHARS are +, *, and ?
-              # Nota bene about Regexp#to_s:  it doesn't necessarily give you the original Regexp back
-              # (in the sense of `my_str == Regexp.new(my_str).to_s`), it gives you a Regexp that
-              # will have the same functional characteristics as the original.
-              # Regexp#inspect gives you a "more nicely formatted" version than #to_s.
-              # Regexp#source will give you the original source.
-              # TODO RUBY-683, would we ever get a hit on one but not the other?
-              # Use #match? because it doesn't fill out global variables
-              # in the way match or =~ do.
-              VULNERABLE_PATTERN.match? regexp.source
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/contrast/agent/assess/rule/response_scanning_rule.rb DELETED Viewed

@@ -1,47 +0,0 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-module Contrast
-  module Agent
-    module Assess
-      module Rule
-        # Those rules which function by scanning the Response body in order to
-        # detect vulnerabilities. These rules should each have their own
-        # Contrast::Agent::Assess::RuleResponseWatcher.
-        #
-        # Note: Most have been moved to the Service, as they typically watch
-        #   the Request or Response bodies, parsing out vulnerabilities
-        #   therein. CSRF is an exception to this as the rule requires a change
-        #   to the Response body to function.
-        class ResponseScanningRule < Contrast::Agent::Assess::Rule::Base
-          def watcher
-            # raise(
-            #     NotImplementedError,
-            #     'A child rule should have overridden the watcher method')
-          end
-          def stream_safe?
-            false
-          end
-          def generate_hash finding
-            Contrast::Utils::HashDigest.generate_response_hash(finding)
-          end
-          def postfilter context
-            findings = watcher.postfilter(context) if watcher && context
-            return unless findings
-            if findings.is_a?(Array)
-              findings.each do |finding|
-                send_report(finding) if finding
-              end
-            else
-              send_report(findings)
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/contrast/agent/assess/rule/response_watcher.rb DELETED Viewed

@@ -1,36 +0,0 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-module Contrast
-  module Agent
-    module Assess
-      module Rule
-        # A watcher focused on the Response body, parsing out vulnerabilities
-        # therein.
-        #
-        # Note: Most have been moved to the Service, as they typically watch
-        #   the Request or Response bodies, parsing out vulnerabilities
-        #   therein. CSRF is an exception to this as the rule requires a change
-        #   to the Response body to function.
-        class ResponseWatcher < Contrast::Agent::Assess::Rule::Watcher
-          def postfilter context
-            return unless supports?(context)
-            return unless vulnerable?(context)
-            build_finding(context)
-          end
-          def vulnerable? _context
-            raise(
-                NotImplementedError,
-                'A child rule should have overridden the vulnerable? method')
-          end
-          def build_finding _context
-            Contrast::Api::Dtm::Finding.new
-          end
-        end
-      end
-    end
-  end
-end

data/lib/contrast/agent/assess/rule/watcher.rb DELETED Viewed

@@ -1,36 +0,0 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-module Contrast
-  module Agent
-    module Assess
-      module Rule
-        # Watchers are how those Rules which do not act on dataflow function.
-        #
-        # Note: Most have been moved to the Service, as they typically watch
-        #   the Request or Response bodies, parsing out vulnerabilities
-        #   therein. CSRF is an exception to this as the rule requires a change
-        #   to the Response body to function.
-        class Watcher
-          def supports? context
-            return false if context.request.static_request?
-            return false unless context.response
-            return false if undesired_response_code? context.response.response_code
-            return false if undesired_response_type? context.response.content_type
-            true
-          end
-          UNDESIRED_RESPONSE_CODES = [301, 302, 307, 404, 410, 500].cs__freeze
-          def undesired_response_code? code
-            UNDESIRED_RESPONSE_CODES.include?(code)
-          end
-          def undesired_response_type? _type
-            false
-          end
-        end
-      end
-    end
-  end
-end

data/lib/contrast/agent/assess/rule.rb DELETED Viewed

@@ -1,18 +0,0 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-module Contrast
-  module Agent
-    module Assess
-      # This is the base module for our assess rule classes. It is intended to
-      # facilitate the patching of the application for Assess functionality. Any
-      # class under this namespace should be required here, providing a single
-      # point of require for this functionality.
-      module Rule
-      end
-    end
-  end
-end
-cs__scoped_require 'contrast/agent/assess/rule/base'
-cs__scoped_require 'contrast/agent/assess/rule/provider'

data/lib/contrast/agent/assess.rb DELETED Viewed

@@ -1,44 +0,0 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-module Contrast
-  module Agent
-    # This is the base module for our assess classes. It is intended to
-    # facilitate the patching of the application for Assess functionality. Any
-    # class under this namespace should be required here, providing a single
-    # point of require for this functionality.
-    module Assess
-      cs__scoped_require 'contrast/agent/module_data'
-      cs__scoped_require 'contrast/agent/rewriter'
-      cs__scoped_require 'contrast/agent/assess/policy/preshift'
-      cs__scoped_require 'contrast/utils/prevent_serialization'
-      # Rules - generic
-      cs__scoped_require 'contrast/agent/assess/rule'
-      cs__scoped_require 'contrast/agent/assess/rule/base'
-      cs__scoped_require 'contrast/agent/assess/rule/response_scanning_rule'
-      cs__scoped_require 'contrast/agent/assess/rule/watcher'
-      cs__scoped_require 'contrast/agent/assess/rule/response_watcher'
-      # Dynamic Sources
-      cs__scoped_require 'contrast/agent/assess/policy/dynamic_source_factory'
-      # Rule: CSRF
-      cs__scoped_require 'contrast/agent/assess/rule/csrf'
-      cs__scoped_require 'contrast/agent/assess/rule/csrf/csrf_applicator'
-      cs__scoped_require 'contrast/agent/assess/rule/csrf/csrf_action'
-      cs__scoped_require 'contrast/agent/assess/rule/csrf/csrf_watcher'
-      # Rule: REDOS
-      cs__scoped_require 'contrast/agent/assess/rule/redos'
-      # reporting / tracking
-      cs__scoped_require 'contrast/agent/assess/insulator'
-      cs__scoped_require 'contrast/agent/assess/properties'
-      cs__scoped_require 'contrast/agent/assess/frozen_properties'
-      cs__scoped_require 'contrast/agent/assess/tag'
-      cs__scoped_require 'contrast/agent/assess/contrast_event'
-    end
-  end
-end

data/lib/contrast/agent/at_exit_hook.rb DELETED Viewed

@@ -1,33 +0,0 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-cs__scoped_require 'contrast/components/interface'
-module Contrast
-  module Agent
-    # This module adds an at_exit hook for us to send messages that may be lost at process exit
-    module AtExitHook
-      include Contrast::Components::Interface
-      access_component :logging, :contrast_service
-      TERMINATION_NOTICE = 'at_exit invoked, host application terminating'
-      def self.exit_hook
-        @_exit_hook ||= begin
-                          at_exit do
-                            logger.debug(TERMINATION_NOTICE)
-                            context = Contrast::Agent::REQUEST_TRACKER.current
-                            CONTRAST_SERVICE.send_message(context.activity) if context
-                            logger.debug(" - current PID  #{ @pid  }")
-                            logger.debug(" - current PPID #{ @ppid }")
-                            logger.debug(" - process PID  #{ Process.pid  }")
-                            logger.debug(" - process PPID #{ Process.ppid }")
-                          end
-                          true
-                        end
-      end
-    end
-  end
-end