contrast-agent 4.0.0 → 4.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (107) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +1 -0
  3. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +22 -10
  4. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +4 -3
  5. data/lib/contrast/agent/assess/contrast_event.rb +49 -130
  6. data/lib/contrast/agent/assess/contrast_object.rb +51 -0
  7. data/lib/contrast/agent/assess/events/source_event.rb +4 -9
  8. data/lib/contrast/agent/assess/policy/patcher.rb +4 -3
  9. data/lib/contrast/agent/assess/policy/policy_node.rb +31 -59
  10. data/lib/contrast/agent/assess/policy/preshift.rb +3 -3
  11. data/lib/contrast/agent/assess/policy/propagation_method.rb +13 -19
  12. data/lib/contrast/agent/assess/policy/propagation_node.rb +12 -24
  13. data/lib/contrast/agent/assess/policy/propagator/append.rb +1 -2
  14. data/lib/contrast/agent/assess/policy/propagator/center.rb +1 -2
  15. data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
  16. data/lib/contrast/agent/assess/policy/propagator/database_write.rb +1 -3
  17. data/lib/contrast/agent/assess/policy/propagator/insert.rb +1 -2
  18. data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -2
  19. data/lib/contrast/agent/assess/policy/propagator/match_data.rb +3 -2
  20. data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -2
  21. data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -2
  22. data/lib/contrast/agent/assess/policy/propagator/remove.rb +2 -4
  23. data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -2
  24. data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -2
  25. data/lib/contrast/agent/assess/policy/propagator/select.rb +3 -4
  26. data/lib/contrast/agent/assess/policy/propagator/splat.rb +2 -4
  27. data/lib/contrast/agent/assess/policy/propagator/split.rb +73 -117
  28. data/lib/contrast/agent/assess/policy/propagator/substitution.rb +11 -11
  29. data/lib/contrast/agent/assess/policy/propagator/trim.rb +3 -7
  30. data/lib/contrast/agent/assess/policy/source_method.rb +2 -14
  31. data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +5 -8
  32. data/lib/contrast/agent/assess/policy/trigger/xpath.rb +1 -1
  33. data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
  34. data/lib/contrast/agent/assess/property/tagged.rb +21 -15
  35. data/lib/contrast/agent/assess/rule/redos.rb +1 -1
  36. data/lib/contrast/agent/assess/tracker.rb +16 -18
  37. data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +7 -0
  38. data/lib/contrast/agent/middleware.rb +50 -1
  39. data/lib/contrast/agent/patching/policy/method_policy.rb +1 -1
  40. data/lib/contrast/agent/patching/policy/patch.rb +6 -0
  41. data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +47 -1
  42. data/lib/contrast/agent/protect/policy/rule_applicator.rb +53 -0
  43. data/lib/contrast/agent/protect/rule/base.rb +63 -14
  44. data/lib/contrast/agent/protect/rule/cmd_injection.rb +12 -28
  45. data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -4
  46. data/lib/contrast/agent/protect/rule/deserialization.rb +4 -1
  47. data/lib/contrast/agent/protect/rule/no_sqli.rb +3 -3
  48. data/lib/contrast/agent/protect/rule/sqli.rb +3 -3
  49. data/lib/contrast/agent/protect/rule/xxe.rb +32 -11
  50. data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +10 -6
  51. data/lib/contrast/agent/reaction_processor.rb +1 -1
  52. data/lib/contrast/agent/response.rb +5 -5
  53. data/lib/contrast/agent/rewriter.rb +3 -3
  54. data/lib/contrast/agent/scope.rb +81 -55
  55. data/lib/contrast/agent/static_analysis.rb +13 -7
  56. data/lib/contrast/agent/version.rb +1 -1
  57. data/lib/contrast/api/decorators/library.rb +1 -0
  58. data/lib/contrast/api/decorators/library_usage_update.rb +1 -0
  59. data/lib/contrast/api/decorators/trace_event.rb +19 -31
  60. data/lib/contrast/api/decorators/trace_event_object.rb +11 -3
  61. data/lib/contrast/api/decorators/trace_event_signature.rb +27 -5
  62. data/lib/contrast/api/decorators/user_input.rb +2 -1
  63. data/lib/contrast/common_agent_configuration.rb +2 -1
  64. data/lib/contrast/components/assess.rb +36 -0
  65. data/lib/contrast/components/interface.rb +5 -3
  66. data/lib/contrast/components/scope.rb +72 -6
  67. data/lib/contrast/components/settings.rb +6 -3
  68. data/lib/contrast/config/assess_configuration.rb +2 -1
  69. data/lib/contrast/extension/assess/array.rb +2 -3
  70. data/lib/contrast/extension/assess/erb.rb +1 -3
  71. data/lib/contrast/extension/assess/exec_trigger.rb +1 -4
  72. data/lib/contrast/extension/assess/fiber.rb +2 -3
  73. data/lib/contrast/extension/assess/hash.rb +4 -2
  74. data/lib/contrast/extension/assess/kernel.rb +1 -2
  75. data/lib/contrast/extension/assess/marshal.rb +34 -26
  76. data/lib/contrast/extension/assess/regexp.rb +3 -8
  77. data/lib/contrast/extension/assess/string.rb +1 -2
  78. data/lib/contrast/framework/base_support.rb +51 -53
  79. data/lib/contrast/framework/manager.rb +3 -2
  80. data/lib/contrast/framework/rack/patch/session_cookie.rb +2 -2
  81. data/lib/contrast/framework/rack/support.rb +2 -1
  82. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
  83. data/lib/contrast/framework/rails/patch/assess_configuration.rb +1 -1
  84. data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +1 -1
  85. data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +1 -1
  86. data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +1 -1
  87. data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +1 -1
  88. data/lib/contrast/framework/rails/support.rb +2 -1
  89. data/lib/contrast/framework/sinatra/support.rb +3 -2
  90. data/lib/contrast/logger/application.rb +0 -3
  91. data/lib/contrast/utils/duck_utils.rb +1 -1
  92. data/lib/contrast/utils/heap_dump_util.rb +1 -1
  93. data/lib/contrast/utils/object_share.rb +3 -3
  94. data/lib/contrast/utils/preflight_util.rb +1 -1
  95. data/lib/contrast/utils/prevent_serialization.rb +1 -1
  96. data/lib/contrast/utils/resource_loader.rb +1 -1
  97. data/lib/contrast/utils/sha256_builder.rb +2 -2
  98. data/lib/contrast/utils/string_utils.rb +1 -1
  99. data/lib/contrast/utils/tag_util.rb +9 -13
  100. data/resources/assess/policy.json +9 -9
  101. data/resources/deadzone/policy.json +150 -0
  102. data/resources/protect/policy.json +12 -0
  103. data/ruby-agent.gemspec +10 -6
  104. data/service_executables/VERSION +1 -1
  105. data/service_executables/linux/contrast-service +0 -0
  106. data/service_executables/mac/contrast-service +0 -0
  107. metadata +69 -25
@@ -128,9 +128,10 @@ module Contrast
128
128
  # @param method_name [Symbol] the method to call on each FrameworkSupport class
129
129
  # @return [Array]
130
130
  def data_for_all_frameworks method_name
131
- @_frameworks.flat_map do |framework|
131
+ data = @_frameworks.flat_map do |framework|
132
132
  framework.send(method_name)
133
- end.compact
133
+ end
134
+ data.compact
134
135
  end
135
136
 
136
137
  # This returns a single object from the first framework to successfully respond
@@ -26,7 +26,7 @@ module Contrast
26
26
  @_instrument ||= begin
27
27
  ::Rack::Session::Cookie.class_eval do
28
28
  alias_method :cs__patched_initialize, :initialize
29
- def initialize app, options = {}
29
+ def initialize app, options = {} # rubocop:disable Style/OptionHash
30
30
  Contrast::Framework::Rack::Patch::SessionCookie.analyze(options)
31
31
  cs__patched_initialize(app, options)
32
32
  end
@@ -37,7 +37,7 @@ module Contrast
37
37
 
38
38
  def analyze options
39
39
  return unless AGENT.enabled?
40
- return if PROTECT.enabled?
40
+ return if ASSESS.forcibly_disabled?
41
41
 
42
42
  apply_session_timeout(options)
43
43
  apply_httponly(options)
@@ -9,7 +9,8 @@ module Contrast
9
9
  module Rack
10
10
  # Used when Rack is present to define framework specific behavior. For
11
11
  # now, the only part of this implemented is the Patch Support.
12
- class Support < BaseSupport
12
+ module Support
13
+ extend Contrast::Framework::BaseSupport
13
14
  extend Contrast::Framework::Rack::Patch::Support
14
15
  class << self
15
16
  def detection_class
@@ -7,7 +7,7 @@ module Contrast
7
7
  module Patch
8
8
  # This class acts as our patch into the ActionController::Live::Buffer
9
9
  # class, allowing us to track the close event on streamed responses.
10
- class ActionControllerLiveBuffer
10
+ module ActionControllerLiveBuffer
11
11
  class << self
12
12
  def send_messages
13
13
  return unless (context = Contrast::Agent::REQUEST_TRACKER.current)
@@ -23,7 +23,7 @@ module Contrast
23
23
  include Contrast::Utils::InvalidConfigurationUtil
24
24
 
25
25
  def analyze_session_store *args
26
- return if PROTECT.enabled?
26
+ return if ASSESS.forcibly_disabled?
27
27
 
28
28
  apply_httponly_disabled(*args)
29
29
  apply_secure_cookie_disabled(*args)
@@ -10,7 +10,7 @@ module Contrast
10
10
  # for the runtime detection of insecure configurations on individual
11
11
  # ActionDispatch::Session::AbstractStore instances within the
12
12
  # application.
13
- class RailsApplicationConfiguration
13
+ module RailsApplicationConfiguration
14
14
  def self.instrument
15
15
  @_instrument ||= begin
16
16
  ::Rails::Application::Configuration.class_eval do
@@ -12,7 +12,7 @@ module Contrast
12
12
  # TODO: RUBY-714 remove w/ EOL of 2.5
13
13
  # @deprecated Changes to this class are discouraged as this approach is
14
14
  # being phased out with support for those language versions.
15
- class ActionControllerRailtiesHelperInherited
15
+ module ActionControllerRailtiesHelperInherited
16
16
  def self.instrument
17
17
  @_instrument ||= begin
18
18
  ::ActionController::Railties::Helpers.class_eval do
@@ -14,7 +14,7 @@ module Contrast
14
14
  # TODO: RUBY-714 remove w/ EOL of 2.5
15
15
  # @deprecated Changes to this class are discouraged as this approach is
16
16
  # being phased out with support for those language versions.
17
- class ActiveRecordAttributeMethodsRead
17
+ module ActiveRecordAttributeMethodsRead
18
18
  def self.instrument
19
19
  @_instrument ||= begin
20
20
  ::ActiveRecord::AttributeMethods::Read::ClassMethods.class_eval do
@@ -9,7 +9,7 @@ module Contrast
9
9
  # TODO: RUBY-714 remove w/ EOL of 2.5
10
10
  # @deprecated Changes to this class are discouraged as this approach is
11
11
  # being phased out with support for those language versions.
12
- class ActiveRecordTimeZoneInherited
12
+ module ActiveRecordTimeZoneInherited
13
13
  def self.instrument
14
14
  @_instrument ||= begin
15
15
  ::ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods.class_eval do
@@ -10,7 +10,8 @@ module Contrast
10
10
  module Framework
11
11
  module Rails
12
12
  # Used when Rails is present to define framework specific behavior
13
- class Support < BaseSupport
13
+ class Support
14
+ extend Contrast::Framework::BaseSupport
14
15
  extend Contrast::Framework::Rails::Patch::Support
15
16
 
16
17
  class << self
@@ -8,7 +8,8 @@ module Contrast
8
8
  module Framework
9
9
  module Sinatra
10
10
  # Used when Sinatra is present to define framework specific behavior
11
- class Support < BaseSupport
11
+ class Support
12
+ extend Contrast::Framework::BaseSupport
12
13
  extend Contrast::Framework::Sinatra::Patch::Support
13
14
  class << self
14
15
  def detection_class
@@ -67,7 +68,7 @@ module Contrast
67
68
  private
68
69
 
69
70
  def app_class
70
- return nil unless defined?(::Sinatra) && defined?(::Sinatra::Base)
71
+ return unless defined?(::Sinatra) && defined?(::Sinatra::Base)
71
72
 
72
73
  @_app_class ||= begin
73
74
  sinatra_layers = ObjectSpace.each_object(::Sinatra::Base).to_a
@@ -41,9 +41,6 @@ module Contrast
41
41
  hash[conversion.key] = conversion.dot_path_array.join('.')
42
42
  end
43
43
  info('Set by environment', overrides: env_translations)
44
- rescue StandardError => e
45
- puts e
46
- sleep(5)
47
44
  end
48
45
 
49
46
  def application_libraries
@@ -4,7 +4,7 @@
4
4
  module Contrast
5
5
  module Utils
6
6
  # Utility methods for identifying instances that can be used interchangeably
7
- class DuckUtils
7
+ module DuckUtils
8
8
  class << self
9
9
  # Determine if the given object, or the object to which it delegates,
10
10
  # responds to the given method.
@@ -106,7 +106,7 @@ module Contrast
106
106
  logger.info('******** HEAP DUMP HAS CONCLUDED ********')
107
107
  logger.info('*** APPLICATION PROCESS WILL EXIT SHORTLY ***')
108
108
  logger.info('*****************************************************')
109
- exit # We weren't kidding!
109
+ exit # rubocop:disable Rails/Exit We weren't kidding!
110
110
  end
111
111
  end
112
112
  end
@@ -1,13 +1,13 @@
1
1
  # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- # rubocop:disable Object/Freeze
4
+ # rubocop:disable Security/Object/Freeze
5
5
  module Contrast
6
6
  module Utils
7
7
  # A utility class where a series of commonly used Strings and other
8
8
  # commonly used objects can be store and frozen to prevent unnecessary
9
9
  # duplication.
10
- class ObjectShare
10
+ module ObjectShare
11
11
  # Strings
12
12
  ASTERISK = '*'
13
13
  BACK_SLASH = '\\'
@@ -76,4 +76,4 @@ module Contrast
76
76
  end
77
77
  end
78
78
  end
79
- # rubocop:enable Object/Freeze
79
+ # rubocop:enable Security/Object/Freeze
@@ -4,7 +4,7 @@
4
4
  module Contrast
5
5
  module Utils
6
6
  # Utility for generating preflight message token
7
- class PreflightUtil
7
+ module PreflightUtil
8
8
  def self.create_preflight finding
9
9
  "#{ finding.rule_id },#{ finding.hash_code }"
10
10
  end
@@ -7,7 +7,7 @@ module Contrast
7
7
  #
8
8
  # Marshal is pretty cool. It does a lot of things well. What it doesn't
9
9
  # mess around with though is StringIO. And what we don't want to do is
10
- # serialize ourselves out with Marshal#dump.
10
+ # serialize ourselves out with Marshal.dump.
11
11
  #
12
12
  # Unfortunately, we have to mess around w/ that. To isolate our things from
13
13
  # user dumped Strings (and so that we can marshal findings), we have
@@ -4,7 +4,7 @@
4
4
  module Contrast
5
5
  module Utils
6
6
  # ResourceLoader can attempt to read a file from a predefined resource directory
7
- class ResourceLoader
7
+ module ResourceLoader
8
8
  RESOURCES = 'resources'
9
9
 
10
10
  # __FILE__/../../../resources
@@ -29,8 +29,8 @@ module Contrast
29
29
 
30
30
  # Generate a SHA256 hash of the combined source code of this Gem
31
31
  def sha256 path
32
- return nil unless path
33
- return nil unless File.exist?(path) && !File.directory?(path)
32
+ return unless path
33
+ return unless File.exist?(path) && !File.directory?(path)
34
34
 
35
35
  @sha256_cache[path] ||= Digest::SHA256.file(path).to_s
36
36
  end
@@ -74,7 +74,7 @@ module Contrast
74
74
  # @return [String] a copy of the given String, upper cased, trimmed,
75
75
  # dashes replaced with underscore, and HTTP trimmed
76
76
  def self.normalized_key str
77
- return nil unless str
77
+ return unless str
78
78
 
79
79
  str = str.to_s
80
80
  @_normalized_keys ||= {}
@@ -19,16 +19,15 @@ module Contrast
19
19
 
20
20
  relationship = tag.compare_range(range.start_idx, range.end_idx)
21
21
  case relationship
22
- when Contrast::Agent::Assess::Tag::BELOW
23
22
  # since the tags are ordered, if we're below, nope out
24
- return false
25
- when Contrast::Agent::Assess::Tag::LOW_SPAN
26
- # if we ever get a low span, that means a low part
27
- # won't be covered. there's no need to continue
28
- return false
29
- when Contrast::Agent::Assess::Tag::WITHOUT
30
- # if we ever get a without, that means a low part won't
31
- # be covered. there's no need to continue
23
+ when Contrast::Agent::Assess::Tag::BELOW,
24
+ # if we ever get a low span, that means a low part
25
+ # won't be covered. there's no need to continue
26
+ Contrast::Agent::Assess::Tag::LOW_SPAN,
27
+ # if we ever get a without, that means a low part won't
28
+ # be covered. there's no need to continue
29
+ Contrast::Agent::Assess::Tag::WITHOUT
30
+
32
31
  return false
33
32
  when Contrast::Agent::Assess::Tag::WITHIN
34
33
  # if we're within, then 0 out this tag since it is
@@ -131,10 +130,7 @@ module Contrast
131
130
  smallered = []
132
131
  curr = nil
133
132
  tags.each do |tag|
134
- if curr.nil?
135
- curr = tag
136
- smallered << curr
137
- elsif tag.start_idx <= curr.end_idx
133
+ if curr && tag.start_idx <= curr.end_idx
138
134
  curr.update_end(tag.end_idx) if tag.end_idx > curr.end_idx
139
135
  else
140
136
  curr = tag
@@ -640,7 +640,7 @@
640
640
  "action": "CUSTOM",
641
641
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
642
642
  "patch_method": "gsub_tagger",
643
- "source": "O,P",
643
+ "source": "O,P1",
644
644
  "target": "R"
645
645
  }, {
646
646
  "class_name": "String",
@@ -650,7 +650,7 @@
650
650
  "action": "CUSTOM",
651
651
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
652
652
  "patch_method": "gsub_tagger",
653
- "source": "O,P",
653
+ "source": "O,P1",
654
654
  "target": "O"
655
655
  }, {
656
656
  "class_name": "String",
@@ -660,7 +660,7 @@
660
660
  "action": "CUSTOM",
661
661
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
662
662
  "patch_method": "sub_tagger",
663
- "source": "O,P",
663
+ "source": "O,P1",
664
664
  "target": "R"
665
665
  }, {
666
666
  "class_name": "String",
@@ -670,7 +670,7 @@
670
670
  "action": "CUSTOM",
671
671
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
672
672
  "patch_method": "sub_tagger",
673
- "source": "O,P",
673
+ "source": "O,P1",
674
674
  "target": "O"
675
675
  }, {
676
676
  "class_name": "String",
@@ -680,7 +680,7 @@
680
680
  "action": "CUSTOM",
681
681
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
682
682
  "patch_method": "tr_tagger",
683
- "source": "O,P",
683
+ "source": "O,P1",
684
684
  "target": "R"
685
685
  }, {
686
686
  "class_name": "String",
@@ -690,7 +690,7 @@
690
690
  "action": "CUSTOM",
691
691
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
692
692
  "patch_method": "tr_tagger",
693
- "source": "O,P",
693
+ "source": "O,P1",
694
694
  "target": "O"
695
695
  }, {
696
696
  "class_name": "String",
@@ -700,7 +700,7 @@
700
700
  "action": "CUSTOM",
701
701
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
702
702
  "patch_method": "tr_s_tagger",
703
- "source": "O,P",
703
+ "source": "O,P1",
704
704
  "target": "R"
705
705
  }, {
706
706
  "class_name": "String",
@@ -710,7 +710,7 @@
710
710
  "action": "CUSTOM",
711
711
  "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
712
712
  "patch_method": "tr_s_tagger",
713
- "source": "O,P",
713
+ "source": "O,P1",
714
714
  "target": "O"
715
715
  }, {
716
716
  "class_name": "String",
@@ -984,7 +984,7 @@
984
984
  "action": "CUSTOM",
985
985
  "patch_class": "Contrast::Extension::Assess::KernelPropagator",
986
986
  "patch_method": "sprintf_tagger",
987
- "source": "O,P",
987
+ "source": "O,P1",
988
988
  "target": "R"
989
989
  }, {
990
990
  "class_name":"ActiveRecord::ConnectionAdapters::Quoting",
@@ -55,6 +55,156 @@
55
55
  "instance_method":true,
56
56
  "method_visibility": "public",
57
57
  "method_name":"commit_session"
58
+ }, {
59
+ "class_name":"Rack::Session::Abstract::Persisted",
60
+ "instance_method":true,
61
+ "method_visibility": "private",
62
+ "method_name":"session_exists?",
63
+ "code": "https://github.com/rack/rack/blob/master/lib/rack/session/abstract/id.rb#L334"
64
+ }, {
65
+ "class_name":"ActionDispatch::Http::MimeNegotiation",
66
+ "instance_method":true,
67
+ "method_visibility": "public",
68
+ "method_name":"formats",
69
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/mime_negotiation.rb#L63"
70
+ }, {
71
+ "class_name":"ActionDispatch::FileHandler",
72
+ "instance_method":true,
73
+ "method_visibility": "public",
74
+ "method_name":"match?",
75
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/static.rb#L30"
76
+ }, {
77
+ "class_name":"ActionDispatch::Journey::Router",
78
+ "instance_method":true,
79
+ "method_visibility": "private",
80
+ "method_name":"find_routes",
81
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/journey/router.rb#L107"
82
+ }, {
83
+ "class_name":"ActionDispatch::Request",
84
+ "instance_method":true,
85
+ "method_visibility": "public",
86
+ "method_name":"controler_class_for",
87
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L84"
88
+ }, {
89
+ "class_name":"ActionDispatch::Request",
90
+ "instance_method":true,
91
+ "method_visibility": "public",
92
+ "method_name":"engine_script_name=",
93
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L158"
94
+ }, {
95
+ "class_name":"ActionDispatch::Request",
96
+ "instance_method":true,
97
+ "method_visibility": "public",
98
+ "method_name":"remote_ip",
99
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L286"
100
+ }, {
101
+ "class_name":"ActionDispatch::Request",
102
+ "instance_method":true,
103
+ "method_visibility": "public",
104
+ "method_name":"request_id",
105
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L302"
106
+ }, {
107
+ "class_name":"ActionDispatch::Request",
108
+ "instance_method":true,
109
+ "method_visibility": "public",
110
+ "method_name":"local?",
111
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L409"
112
+ }, {
113
+ "class_name":"ActionDispatch::Request",
114
+ "instance_method":true,
115
+ "method_visibility": "public",
116
+ "method_name":"cookie_jar",
117
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L11"
118
+ }, {
119
+ "class_name":"ActionDispatch::Request",
120
+ "instance_method":true,
121
+ "method_visibility": "public",
122
+ "method_name":"have_cookie_jar?",
123
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L24"
124
+ }, {
125
+ "class_name":"ActionDispatch::Request",
126
+ "instance_method":true,
127
+ "method_visibility": "public",
128
+ "method_name":"key_generator",
129
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L32"
130
+ }, {
131
+ "class_name":"ActionDispatch::Request",
132
+ "instance_method":true,
133
+ "method_visibility": "public",
134
+ "method_name":"signed_cookie_salt",
135
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L36"
136
+ }, {
137
+ "class_name":"ActionDispatch::Request",
138
+ "instance_method":true,
139
+ "method_visibility": "public",
140
+ "method_name":"encrypted_cookie_salt",
141
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L40"
142
+ }, {
143
+ "class_name":"ActionDispatch::Request",
144
+ "instance_method":true,
145
+ "method_visibility": "public",
146
+ "method_name":"encrypted_signed_cookie_salt",
147
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L44"
148
+ }, {
149
+ "class_name":"ActionDispatch::Request",
150
+ "instance_method":true,
151
+ "method_visibility": "public",
152
+ "method_name":"authenticated_encrypted_cookie_salt",
153
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L48"
154
+ }, {
155
+ "class_name":"ActionDispatch::Request",
156
+ "instance_method":true,
157
+ "method_visibility": "public",
158
+ "method_name":"use_authenticated_cookie_encryption",
159
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L52"
160
+ }, {
161
+ "class_name":"ActionDispatch::Request",
162
+ "instance_method":true,
163
+ "method_visibility": "public",
164
+ "method_name":"encrypted_cookie_cipher",
165
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L56"
166
+ }, {
167
+ "class_name":"ActionDispatch::Request",
168
+ "instance_method":true,
169
+ "method_visibility": "public",
170
+ "method_name":"signed_cookie_digest",
171
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L60"
172
+ }, {
173
+ "class_name":"ActionDispatch::Request",
174
+ "instance_method":true,
175
+ "method_visibility": "public",
176
+ "method_name":"secret_key_base",
177
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L64"
178
+ }, {
179
+ "class_name":"ActionDispatch::Request",
180
+ "instance_method":true,
181
+ "method_visibility": "public",
182
+ "method_name":"cookies_serializer",
183
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L68"
184
+ }, {
185
+ "class_name":"ActionDispatch::Request",
186
+ "instance_method":true,
187
+ "method_visibility": "public",
188
+ "method_name":"cookies_digest",
189
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L72"
190
+ }, {
191
+ "class_name":"ActionDispatch::Request",
192
+ "instance_method":true,
193
+ "method_visibility": "public",
194
+ "method_name":"cookies_rotations",
195
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L76"
196
+ }, {
197
+ "class_name":"ActionDispatch::Request",
198
+ "instance_method":true,
199
+ "method_visibility": "public",
200
+ "method_name":"use_cookies_with_metadata",
201
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L80"
202
+ }, {
203
+ "class_name":"ActionDispatch::Request::Session",
204
+ "instance_method":true,
205
+ "method_visibility": "public",
206
+ "method_name":"exists?",
207
+ "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/request/session.rb#L201"
58
208
  }
59
209
  ]
60
210
  }