contrast-agent 4.0.0 → 4.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Rakefile +1 -0
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +22 -10
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +4 -3
- data/lib/contrast/agent/assess/contrast_event.rb +49 -130
- data/lib/contrast/agent/assess/contrast_object.rb +51 -0
- data/lib/contrast/agent/assess/events/source_event.rb +4 -9
- data/lib/contrast/agent/assess/policy/patcher.rb +4 -3
- data/lib/contrast/agent/assess/policy/policy_node.rb +31 -59
- data/lib/contrast/agent/assess/policy/preshift.rb +3 -3
- data/lib/contrast/agent/assess/policy/propagation_method.rb +13 -19
- data/lib/contrast/agent/assess/policy/propagation_node.rb +12 -24
- data/lib/contrast/agent/assess/policy/propagator/append.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/center.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +1 -3
- data/lib/contrast/agent/assess/policy/propagator/insert.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/match_data.rb +3 -2
- data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/remove.rb +2 -4
- data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/select.rb +3 -4
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +2 -4
- data/lib/contrast/agent/assess/policy/propagator/split.rb +73 -117
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +11 -11
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +3 -7
- data/lib/contrast/agent/assess/policy/source_method.rb +2 -14
- data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +5 -8
- data/lib/contrast/agent/assess/policy/trigger/xpath.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
- data/lib/contrast/agent/assess/property/tagged.rb +21 -15
- data/lib/contrast/agent/assess/rule/redos.rb +1 -1
- data/lib/contrast/agent/assess/tracker.rb +16 -18
- data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +7 -0
- data/lib/contrast/agent/middleware.rb +50 -1
- data/lib/contrast/agent/patching/policy/method_policy.rb +1 -1
- data/lib/contrast/agent/patching/policy/patch.rb +6 -0
- data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +47 -1
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +53 -0
- data/lib/contrast/agent/protect/rule/base.rb +63 -14
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +12 -28
- data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -4
- data/lib/contrast/agent/protect/rule/deserialization.rb +4 -1
- data/lib/contrast/agent/protect/rule/no_sqli.rb +3 -3
- data/lib/contrast/agent/protect/rule/sqli.rb +3 -3
- data/lib/contrast/agent/protect/rule/xxe.rb +32 -11
- data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +10 -6
- data/lib/contrast/agent/reaction_processor.rb +1 -1
- data/lib/contrast/agent/response.rb +5 -5
- data/lib/contrast/agent/rewriter.rb +3 -3
- data/lib/contrast/agent/scope.rb +81 -55
- data/lib/contrast/agent/static_analysis.rb +13 -7
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/api/decorators/library.rb +1 -0
- data/lib/contrast/api/decorators/library_usage_update.rb +1 -0
- data/lib/contrast/api/decorators/trace_event.rb +19 -31
- data/lib/contrast/api/decorators/trace_event_object.rb +11 -3
- data/lib/contrast/api/decorators/trace_event_signature.rb +27 -5
- data/lib/contrast/api/decorators/user_input.rb +2 -1
- data/lib/contrast/common_agent_configuration.rb +2 -1
- data/lib/contrast/components/assess.rb +36 -0
- data/lib/contrast/components/interface.rb +5 -3
- data/lib/contrast/components/scope.rb +72 -6
- data/lib/contrast/components/settings.rb +6 -3
- data/lib/contrast/config/assess_configuration.rb +2 -1
- data/lib/contrast/extension/assess/array.rb +2 -3
- data/lib/contrast/extension/assess/erb.rb +1 -3
- data/lib/contrast/extension/assess/exec_trigger.rb +1 -4
- data/lib/contrast/extension/assess/fiber.rb +2 -3
- data/lib/contrast/extension/assess/hash.rb +4 -2
- data/lib/contrast/extension/assess/kernel.rb +1 -2
- data/lib/contrast/extension/assess/marshal.rb +34 -26
- data/lib/contrast/extension/assess/regexp.rb +3 -8
- data/lib/contrast/extension/assess/string.rb +1 -2
- data/lib/contrast/framework/base_support.rb +51 -53
- data/lib/contrast/framework/manager.rb +3 -2
- data/lib/contrast/framework/rack/patch/session_cookie.rb +2 -2
- data/lib/contrast/framework/rack/support.rb +2 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
- data/lib/contrast/framework/rails/patch/assess_configuration.rb +1 -1
- data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +1 -1
- data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +1 -1
- data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +1 -1
- data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +1 -1
- data/lib/contrast/framework/rails/support.rb +2 -1
- data/lib/contrast/framework/sinatra/support.rb +3 -2
- data/lib/contrast/logger/application.rb +0 -3
- data/lib/contrast/utils/duck_utils.rb +1 -1
- data/lib/contrast/utils/heap_dump_util.rb +1 -1
- data/lib/contrast/utils/object_share.rb +3 -3
- data/lib/contrast/utils/preflight_util.rb +1 -1
- data/lib/contrast/utils/prevent_serialization.rb +1 -1
- data/lib/contrast/utils/resource_loader.rb +1 -1
- data/lib/contrast/utils/sha256_builder.rb +2 -2
- data/lib/contrast/utils/string_utils.rb +1 -1
- data/lib/contrast/utils/tag_util.rb +9 -13
- data/resources/assess/policy.json +9 -9
- data/resources/deadzone/policy.json +150 -0
- data/resources/protect/policy.json +12 -0
- data/ruby-agent.gemspec +10 -6
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +69 -25
|
@@ -128,9 +128,10 @@ module Contrast
|
|
|
128
128
|
# @param method_name [Symbol] the method to call on each FrameworkSupport class
|
|
129
129
|
# @return [Array]
|
|
130
130
|
def data_for_all_frameworks method_name
|
|
131
|
-
@_frameworks.flat_map do |framework|
|
|
131
|
+
data = @_frameworks.flat_map do |framework|
|
|
132
132
|
framework.send(method_name)
|
|
133
|
-
end
|
|
133
|
+
end
|
|
134
|
+
data.compact
|
|
134
135
|
end
|
|
135
136
|
|
|
136
137
|
# This returns a single object from the first framework to successfully respond
|
|
@@ -26,7 +26,7 @@ module Contrast
|
|
|
26
26
|
@_instrument ||= begin
|
|
27
27
|
::Rack::Session::Cookie.class_eval do
|
|
28
28
|
alias_method :cs__patched_initialize, :initialize
|
|
29
|
-
def initialize app, options = {}
|
|
29
|
+
def initialize app, options = {} # rubocop:disable Style/OptionHash
|
|
30
30
|
Contrast::Framework::Rack::Patch::SessionCookie.analyze(options)
|
|
31
31
|
cs__patched_initialize(app, options)
|
|
32
32
|
end
|
|
@@ -37,7 +37,7 @@ module Contrast
|
|
|
37
37
|
|
|
38
38
|
def analyze options
|
|
39
39
|
return unless AGENT.enabled?
|
|
40
|
-
return if
|
|
40
|
+
return if ASSESS.forcibly_disabled?
|
|
41
41
|
|
|
42
42
|
apply_session_timeout(options)
|
|
43
43
|
apply_httponly(options)
|
|
@@ -9,7 +9,8 @@ module Contrast
|
|
|
9
9
|
module Rack
|
|
10
10
|
# Used when Rack is present to define framework specific behavior. For
|
|
11
11
|
# now, the only part of this implemented is the Patch Support.
|
|
12
|
-
|
|
12
|
+
module Support
|
|
13
|
+
extend Contrast::Framework::BaseSupport
|
|
13
14
|
extend Contrast::Framework::Rack::Patch::Support
|
|
14
15
|
class << self
|
|
15
16
|
def detection_class
|
|
@@ -7,7 +7,7 @@ module Contrast
|
|
|
7
7
|
module Patch
|
|
8
8
|
# This class acts as our patch into the ActionController::Live::Buffer
|
|
9
9
|
# class, allowing us to track the close event on streamed responses.
|
|
10
|
-
|
|
10
|
+
module ActionControllerLiveBuffer
|
|
11
11
|
class << self
|
|
12
12
|
def send_messages
|
|
13
13
|
return unless (context = Contrast::Agent::REQUEST_TRACKER.current)
|
|
@@ -10,7 +10,7 @@ module Contrast
|
|
|
10
10
|
# for the runtime detection of insecure configurations on individual
|
|
11
11
|
# ActionDispatch::Session::AbstractStore instances within the
|
|
12
12
|
# application.
|
|
13
|
-
|
|
13
|
+
module RailsApplicationConfiguration
|
|
14
14
|
def self.instrument
|
|
15
15
|
@_instrument ||= begin
|
|
16
16
|
::Rails::Application::Configuration.class_eval do
|
|
@@ -12,7 +12,7 @@ module Contrast
|
|
|
12
12
|
# TODO: RUBY-714 remove w/ EOL of 2.5
|
|
13
13
|
# @deprecated Changes to this class are discouraged as this approach is
|
|
14
14
|
# being phased out with support for those language versions.
|
|
15
|
-
|
|
15
|
+
module ActionControllerRailtiesHelperInherited
|
|
16
16
|
def self.instrument
|
|
17
17
|
@_instrument ||= begin
|
|
18
18
|
::ActionController::Railties::Helpers.class_eval do
|
|
@@ -14,7 +14,7 @@ module Contrast
|
|
|
14
14
|
# TODO: RUBY-714 remove w/ EOL of 2.5
|
|
15
15
|
# @deprecated Changes to this class are discouraged as this approach is
|
|
16
16
|
# being phased out with support for those language versions.
|
|
17
|
-
|
|
17
|
+
module ActiveRecordAttributeMethodsRead
|
|
18
18
|
def self.instrument
|
|
19
19
|
@_instrument ||= begin
|
|
20
20
|
::ActiveRecord::AttributeMethods::Read::ClassMethods.class_eval do
|
|
@@ -9,7 +9,7 @@ module Contrast
|
|
|
9
9
|
# TODO: RUBY-714 remove w/ EOL of 2.5
|
|
10
10
|
# @deprecated Changes to this class are discouraged as this approach is
|
|
11
11
|
# being phased out with support for those language versions.
|
|
12
|
-
|
|
12
|
+
module ActiveRecordTimeZoneInherited
|
|
13
13
|
def self.instrument
|
|
14
14
|
@_instrument ||= begin
|
|
15
15
|
::ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods.class_eval do
|
|
@@ -10,7 +10,8 @@ module Contrast
|
|
|
10
10
|
module Framework
|
|
11
11
|
module Rails
|
|
12
12
|
# Used when Rails is present to define framework specific behavior
|
|
13
|
-
class Support
|
|
13
|
+
class Support
|
|
14
|
+
extend Contrast::Framework::BaseSupport
|
|
14
15
|
extend Contrast::Framework::Rails::Patch::Support
|
|
15
16
|
|
|
16
17
|
class << self
|
|
@@ -8,7 +8,8 @@ module Contrast
|
|
|
8
8
|
module Framework
|
|
9
9
|
module Sinatra
|
|
10
10
|
# Used when Sinatra is present to define framework specific behavior
|
|
11
|
-
class Support
|
|
11
|
+
class Support
|
|
12
|
+
extend Contrast::Framework::BaseSupport
|
|
12
13
|
extend Contrast::Framework::Sinatra::Patch::Support
|
|
13
14
|
class << self
|
|
14
15
|
def detection_class
|
|
@@ -67,7 +68,7 @@ module Contrast
|
|
|
67
68
|
private
|
|
68
69
|
|
|
69
70
|
def app_class
|
|
70
|
-
return
|
|
71
|
+
return unless defined?(::Sinatra) && defined?(::Sinatra::Base)
|
|
71
72
|
|
|
72
73
|
@_app_class ||= begin
|
|
73
74
|
sinatra_layers = ObjectSpace.each_object(::Sinatra::Base).to_a
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
module Contrast
|
|
5
5
|
module Utils
|
|
6
6
|
# Utility methods for identifying instances that can be used interchangeably
|
|
7
|
-
|
|
7
|
+
module DuckUtils
|
|
8
8
|
class << self
|
|
9
9
|
# Determine if the given object, or the object to which it delegates,
|
|
10
10
|
# responds to the given method.
|
|
@@ -106,7 +106,7 @@ module Contrast
|
|
|
106
106
|
logger.info('******** HEAP DUMP HAS CONCLUDED ********')
|
|
107
107
|
logger.info('*** APPLICATION PROCESS WILL EXIT SHORTLY ***')
|
|
108
108
|
logger.info('*****************************************************')
|
|
109
|
-
exit # We weren't kidding!
|
|
109
|
+
exit # rubocop:disable Rails/Exit We weren't kidding!
|
|
110
110
|
end
|
|
111
111
|
end
|
|
112
112
|
end
|
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
-
# rubocop:disable
|
|
4
|
+
# rubocop:disable Security/Object/Freeze
|
|
5
5
|
module Contrast
|
|
6
6
|
module Utils
|
|
7
7
|
# A utility class where a series of commonly used Strings and other
|
|
8
8
|
# commonly used objects can be store and frozen to prevent unnecessary
|
|
9
9
|
# duplication.
|
|
10
|
-
|
|
10
|
+
module ObjectShare
|
|
11
11
|
# Strings
|
|
12
12
|
ASTERISK = '*'
|
|
13
13
|
BACK_SLASH = '\\'
|
|
@@ -76,4 +76,4 @@ module Contrast
|
|
|
76
76
|
end
|
|
77
77
|
end
|
|
78
78
|
end
|
|
79
|
-
# rubocop:enable
|
|
79
|
+
# rubocop:enable Security/Object/Freeze
|
|
@@ -7,7 +7,7 @@ module Contrast
|
|
|
7
7
|
#
|
|
8
8
|
# Marshal is pretty cool. It does a lot of things well. What it doesn't
|
|
9
9
|
# mess around with though is StringIO. And what we don't want to do is
|
|
10
|
-
# serialize ourselves out with Marshal
|
|
10
|
+
# serialize ourselves out with Marshal.dump.
|
|
11
11
|
#
|
|
12
12
|
# Unfortunately, we have to mess around w/ that. To isolate our things from
|
|
13
13
|
# user dumped Strings (and so that we can marshal findings), we have
|
|
@@ -29,8 +29,8 @@ module Contrast
|
|
|
29
29
|
|
|
30
30
|
# Generate a SHA256 hash of the combined source code of this Gem
|
|
31
31
|
def sha256 path
|
|
32
|
-
return
|
|
33
|
-
return
|
|
32
|
+
return unless path
|
|
33
|
+
return unless File.exist?(path) && !File.directory?(path)
|
|
34
34
|
|
|
35
35
|
@sha256_cache[path] ||= Digest::SHA256.file(path).to_s
|
|
36
36
|
end
|
|
@@ -74,7 +74,7 @@ module Contrast
|
|
|
74
74
|
# @return [String] a copy of the given String, upper cased, trimmed,
|
|
75
75
|
# dashes replaced with underscore, and HTTP trimmed
|
|
76
76
|
def self.normalized_key str
|
|
77
|
-
return
|
|
77
|
+
return unless str
|
|
78
78
|
|
|
79
79
|
str = str.to_s
|
|
80
80
|
@_normalized_keys ||= {}
|
|
@@ -19,16 +19,15 @@ module Contrast
|
|
|
19
19
|
|
|
20
20
|
relationship = tag.compare_range(range.start_idx, range.end_idx)
|
|
21
21
|
case relationship
|
|
22
|
-
when Contrast::Agent::Assess::Tag::BELOW
|
|
23
22
|
# since the tags are ordered, if we're below, nope out
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
23
|
+
when Contrast::Agent::Assess::Tag::BELOW,
|
|
24
|
+
# if we ever get a low span, that means a low part
|
|
25
|
+
# won't be covered. there's no need to continue
|
|
26
|
+
Contrast::Agent::Assess::Tag::LOW_SPAN,
|
|
27
|
+
# if we ever get a without, that means a low part won't
|
|
28
|
+
# be covered. there's no need to continue
|
|
29
|
+
Contrast::Agent::Assess::Tag::WITHOUT
|
|
30
|
+
|
|
32
31
|
return false
|
|
33
32
|
when Contrast::Agent::Assess::Tag::WITHIN
|
|
34
33
|
# if we're within, then 0 out this tag since it is
|
|
@@ -131,10 +130,7 @@ module Contrast
|
|
|
131
130
|
smallered = []
|
|
132
131
|
curr = nil
|
|
133
132
|
tags.each do |tag|
|
|
134
|
-
if curr.
|
|
135
|
-
curr = tag
|
|
136
|
-
smallered << curr
|
|
137
|
-
elsif tag.start_idx <= curr.end_idx
|
|
133
|
+
if curr && tag.start_idx <= curr.end_idx
|
|
138
134
|
curr.update_end(tag.end_idx) if tag.end_idx > curr.end_idx
|
|
139
135
|
else
|
|
140
136
|
curr = tag
|
|
@@ -640,7 +640,7 @@
|
|
|
640
640
|
"action": "CUSTOM",
|
|
641
641
|
"patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
|
|
642
642
|
"patch_method": "gsub_tagger",
|
|
643
|
-
"source": "O,
|
|
643
|
+
"source": "O,P1",
|
|
644
644
|
"target": "R"
|
|
645
645
|
}, {
|
|
646
646
|
"class_name": "String",
|
|
@@ -650,7 +650,7 @@
|
|
|
650
650
|
"action": "CUSTOM",
|
|
651
651
|
"patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
|
|
652
652
|
"patch_method": "gsub_tagger",
|
|
653
|
-
"source": "O,
|
|
653
|
+
"source": "O,P1",
|
|
654
654
|
"target": "O"
|
|
655
655
|
}, {
|
|
656
656
|
"class_name": "String",
|
|
@@ -660,7 +660,7 @@
|
|
|
660
660
|
"action": "CUSTOM",
|
|
661
661
|
"patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
|
|
662
662
|
"patch_method": "sub_tagger",
|
|
663
|
-
"source": "O,
|
|
663
|
+
"source": "O,P1",
|
|
664
664
|
"target": "R"
|
|
665
665
|
}, {
|
|
666
666
|
"class_name": "String",
|
|
@@ -670,7 +670,7 @@
|
|
|
670
670
|
"action": "CUSTOM",
|
|
671
671
|
"patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
|
|
672
672
|
"patch_method": "sub_tagger",
|
|
673
|
-
"source": "O,
|
|
673
|
+
"source": "O,P1",
|
|
674
674
|
"target": "O"
|
|
675
675
|
}, {
|
|
676
676
|
"class_name": "String",
|
|
@@ -680,7 +680,7 @@
|
|
|
680
680
|
"action": "CUSTOM",
|
|
681
681
|
"patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
|
|
682
682
|
"patch_method": "tr_tagger",
|
|
683
|
-
"source": "O,
|
|
683
|
+
"source": "O,P1",
|
|
684
684
|
"target": "R"
|
|
685
685
|
}, {
|
|
686
686
|
"class_name": "String",
|
|
@@ -690,7 +690,7 @@
|
|
|
690
690
|
"action": "CUSTOM",
|
|
691
691
|
"patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
|
|
692
692
|
"patch_method": "tr_tagger",
|
|
693
|
-
"source": "O,
|
|
693
|
+
"source": "O,P1",
|
|
694
694
|
"target": "O"
|
|
695
695
|
}, {
|
|
696
696
|
"class_name": "String",
|
|
@@ -700,7 +700,7 @@
|
|
|
700
700
|
"action": "CUSTOM",
|
|
701
701
|
"patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
|
|
702
702
|
"patch_method": "tr_s_tagger",
|
|
703
|
-
"source": "O,
|
|
703
|
+
"source": "O,P1",
|
|
704
704
|
"target": "R"
|
|
705
705
|
}, {
|
|
706
706
|
"class_name": "String",
|
|
@@ -710,7 +710,7 @@
|
|
|
710
710
|
"action": "CUSTOM",
|
|
711
711
|
"patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
|
|
712
712
|
"patch_method": "tr_s_tagger",
|
|
713
|
-
"source": "O,
|
|
713
|
+
"source": "O,P1",
|
|
714
714
|
"target": "O"
|
|
715
715
|
}, {
|
|
716
716
|
"class_name": "String",
|
|
@@ -984,7 +984,7 @@
|
|
|
984
984
|
"action": "CUSTOM",
|
|
985
985
|
"patch_class": "Contrast::Extension::Assess::KernelPropagator",
|
|
986
986
|
"patch_method": "sprintf_tagger",
|
|
987
|
-
"source": "O,
|
|
987
|
+
"source": "O,P1",
|
|
988
988
|
"target": "R"
|
|
989
989
|
}, {
|
|
990
990
|
"class_name":"ActiveRecord::ConnectionAdapters::Quoting",
|
|
@@ -55,6 +55,156 @@
|
|
|
55
55
|
"instance_method":true,
|
|
56
56
|
"method_visibility": "public",
|
|
57
57
|
"method_name":"commit_session"
|
|
58
|
+
}, {
|
|
59
|
+
"class_name":"Rack::Session::Abstract::Persisted",
|
|
60
|
+
"instance_method":true,
|
|
61
|
+
"method_visibility": "private",
|
|
62
|
+
"method_name":"session_exists?",
|
|
63
|
+
"code": "https://github.com/rack/rack/blob/master/lib/rack/session/abstract/id.rb#L334"
|
|
64
|
+
}, {
|
|
65
|
+
"class_name":"ActionDispatch::Http::MimeNegotiation",
|
|
66
|
+
"instance_method":true,
|
|
67
|
+
"method_visibility": "public",
|
|
68
|
+
"method_name":"formats",
|
|
69
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/mime_negotiation.rb#L63"
|
|
70
|
+
}, {
|
|
71
|
+
"class_name":"ActionDispatch::FileHandler",
|
|
72
|
+
"instance_method":true,
|
|
73
|
+
"method_visibility": "public",
|
|
74
|
+
"method_name":"match?",
|
|
75
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/static.rb#L30"
|
|
76
|
+
}, {
|
|
77
|
+
"class_name":"ActionDispatch::Journey::Router",
|
|
78
|
+
"instance_method":true,
|
|
79
|
+
"method_visibility": "private",
|
|
80
|
+
"method_name":"find_routes",
|
|
81
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/journey/router.rb#L107"
|
|
82
|
+
}, {
|
|
83
|
+
"class_name":"ActionDispatch::Request",
|
|
84
|
+
"instance_method":true,
|
|
85
|
+
"method_visibility": "public",
|
|
86
|
+
"method_name":"controler_class_for",
|
|
87
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L84"
|
|
88
|
+
}, {
|
|
89
|
+
"class_name":"ActionDispatch::Request",
|
|
90
|
+
"instance_method":true,
|
|
91
|
+
"method_visibility": "public",
|
|
92
|
+
"method_name":"engine_script_name=",
|
|
93
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L158"
|
|
94
|
+
}, {
|
|
95
|
+
"class_name":"ActionDispatch::Request",
|
|
96
|
+
"instance_method":true,
|
|
97
|
+
"method_visibility": "public",
|
|
98
|
+
"method_name":"remote_ip",
|
|
99
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L286"
|
|
100
|
+
}, {
|
|
101
|
+
"class_name":"ActionDispatch::Request",
|
|
102
|
+
"instance_method":true,
|
|
103
|
+
"method_visibility": "public",
|
|
104
|
+
"method_name":"request_id",
|
|
105
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L302"
|
|
106
|
+
}, {
|
|
107
|
+
"class_name":"ActionDispatch::Request",
|
|
108
|
+
"instance_method":true,
|
|
109
|
+
"method_visibility": "public",
|
|
110
|
+
"method_name":"local?",
|
|
111
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L409"
|
|
112
|
+
}, {
|
|
113
|
+
"class_name":"ActionDispatch::Request",
|
|
114
|
+
"instance_method":true,
|
|
115
|
+
"method_visibility": "public",
|
|
116
|
+
"method_name":"cookie_jar",
|
|
117
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L11"
|
|
118
|
+
}, {
|
|
119
|
+
"class_name":"ActionDispatch::Request",
|
|
120
|
+
"instance_method":true,
|
|
121
|
+
"method_visibility": "public",
|
|
122
|
+
"method_name":"have_cookie_jar?",
|
|
123
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L24"
|
|
124
|
+
}, {
|
|
125
|
+
"class_name":"ActionDispatch::Request",
|
|
126
|
+
"instance_method":true,
|
|
127
|
+
"method_visibility": "public",
|
|
128
|
+
"method_name":"key_generator",
|
|
129
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L32"
|
|
130
|
+
}, {
|
|
131
|
+
"class_name":"ActionDispatch::Request",
|
|
132
|
+
"instance_method":true,
|
|
133
|
+
"method_visibility": "public",
|
|
134
|
+
"method_name":"signed_cookie_salt",
|
|
135
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L36"
|
|
136
|
+
}, {
|
|
137
|
+
"class_name":"ActionDispatch::Request",
|
|
138
|
+
"instance_method":true,
|
|
139
|
+
"method_visibility": "public",
|
|
140
|
+
"method_name":"encrypted_cookie_salt",
|
|
141
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L40"
|
|
142
|
+
}, {
|
|
143
|
+
"class_name":"ActionDispatch::Request",
|
|
144
|
+
"instance_method":true,
|
|
145
|
+
"method_visibility": "public",
|
|
146
|
+
"method_name":"encrypted_signed_cookie_salt",
|
|
147
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L44"
|
|
148
|
+
}, {
|
|
149
|
+
"class_name":"ActionDispatch::Request",
|
|
150
|
+
"instance_method":true,
|
|
151
|
+
"method_visibility": "public",
|
|
152
|
+
"method_name":"authenticated_encrypted_cookie_salt",
|
|
153
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L48"
|
|
154
|
+
}, {
|
|
155
|
+
"class_name":"ActionDispatch::Request",
|
|
156
|
+
"instance_method":true,
|
|
157
|
+
"method_visibility": "public",
|
|
158
|
+
"method_name":"use_authenticated_cookie_encryption",
|
|
159
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L52"
|
|
160
|
+
}, {
|
|
161
|
+
"class_name":"ActionDispatch::Request",
|
|
162
|
+
"instance_method":true,
|
|
163
|
+
"method_visibility": "public",
|
|
164
|
+
"method_name":"encrypted_cookie_cipher",
|
|
165
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L56"
|
|
166
|
+
}, {
|
|
167
|
+
"class_name":"ActionDispatch::Request",
|
|
168
|
+
"instance_method":true,
|
|
169
|
+
"method_visibility": "public",
|
|
170
|
+
"method_name":"signed_cookie_digest",
|
|
171
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L60"
|
|
172
|
+
}, {
|
|
173
|
+
"class_name":"ActionDispatch::Request",
|
|
174
|
+
"instance_method":true,
|
|
175
|
+
"method_visibility": "public",
|
|
176
|
+
"method_name":"secret_key_base",
|
|
177
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L64"
|
|
178
|
+
}, {
|
|
179
|
+
"class_name":"ActionDispatch::Request",
|
|
180
|
+
"instance_method":true,
|
|
181
|
+
"method_visibility": "public",
|
|
182
|
+
"method_name":"cookies_serializer",
|
|
183
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L68"
|
|
184
|
+
}, {
|
|
185
|
+
"class_name":"ActionDispatch::Request",
|
|
186
|
+
"instance_method":true,
|
|
187
|
+
"method_visibility": "public",
|
|
188
|
+
"method_name":"cookies_digest",
|
|
189
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L72"
|
|
190
|
+
}, {
|
|
191
|
+
"class_name":"ActionDispatch::Request",
|
|
192
|
+
"instance_method":true,
|
|
193
|
+
"method_visibility": "public",
|
|
194
|
+
"method_name":"cookies_rotations",
|
|
195
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L76"
|
|
196
|
+
}, {
|
|
197
|
+
"class_name":"ActionDispatch::Request",
|
|
198
|
+
"instance_method":true,
|
|
199
|
+
"method_visibility": "public",
|
|
200
|
+
"method_name":"use_cookies_with_metadata",
|
|
201
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L80"
|
|
202
|
+
}, {
|
|
203
|
+
"class_name":"ActionDispatch::Request::Session",
|
|
204
|
+
"instance_method":true,
|
|
205
|
+
"method_visibility": "public",
|
|
206
|
+
"method_name":"exists?",
|
|
207
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/request/session.rb#L201"
|
|
58
208
|
}
|
|
59
209
|
]
|
|
60
210
|
}
|