contrast-agent 4.10.0 → 4.13.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (87) hide show
  1. checksums.yaml +4 -4
  2. data/ext/cs__assess_module/cs__assess_module.c +48 -0
  3. data/ext/cs__assess_module/cs__assess_module.h +7 -0
  4. data/ext/cs__common/cs__common.c +24 -7
  5. data/ext/cs__common/cs__common.h +12 -2
  6. data/ext/cs__contrast_patch/cs__contrast_patch.c +48 -11
  7. data/ext/cs__contrast_patch/cs__contrast_patch.h +5 -2
  8. data/ext/cs__os_information/cs__os_information.c +31 -0
  9. data/ext/cs__os_information/cs__os_information.h +7 -0
  10. data/ext/{cs__protect_kernel → cs__os_information}/extconf.rb +0 -0
  11. data/lib/contrast/agent/assess/contrast_event.rb +1 -1
  12. data/lib/contrast/agent/assess/contrast_object.rb +1 -4
  13. data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +2 -0
  14. data/lib/contrast/agent/assess/policy/preshift.rb +25 -11
  15. data/lib/contrast/agent/assess/policy/propagation_method.rb +2 -116
  16. data/lib/contrast/agent/assess/policy/propagation_node.rb +4 -4
  17. data/lib/contrast/agent/assess/policy/propagator/database_write.rb +2 -0
  18. data/lib/contrast/agent/assess/policy/propagator/match_data.rb +4 -4
  19. data/lib/contrast/agent/assess/policy/propagator/remove.rb +4 -9
  20. data/lib/contrast/agent/assess/policy/source_method.rb +2 -71
  21. data/lib/contrast/agent/assess/policy/trigger_method.rb +4 -107
  22. data/lib/contrast/agent/assess/policy/trigger_node.rb +52 -19
  23. data/lib/contrast/agent/assess/property/tagged.rb +15 -132
  24. data/lib/contrast/agent/deadzone/policy/policy.rb +6 -0
  25. data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +2 -1
  26. data/lib/contrast/agent/metric_telemetry_event.rb +26 -0
  27. data/lib/contrast/agent/middleware.rb +22 -0
  28. data/lib/contrast/agent/patching/policy/after_load_patcher.rb +0 -1
  29. data/lib/contrast/agent/patching/policy/method_policy.rb +54 -9
  30. data/lib/contrast/agent/patching/policy/patch.rb +37 -238
  31. data/lib/contrast/agent/patching/policy/patcher.rb +3 -42
  32. data/lib/contrast/agent/request.rb +5 -3
  33. data/lib/contrast/agent/request_context.rb +32 -11
  34. data/lib/contrast/agent/request_handler.rb +7 -3
  35. data/lib/contrast/agent/rule_set.rb +2 -4
  36. data/lib/contrast/agent/scope.rb +32 -20
  37. data/lib/contrast/agent/startup_metrics_telemetry_event.rb +71 -0
  38. data/lib/contrast/agent/static_analysis.rb +4 -2
  39. data/lib/contrast/agent/telemetry.rb +129 -0
  40. data/lib/contrast/agent/telemetry_event.rb +34 -0
  41. data/lib/contrast/agent/thread_watcher.rb +43 -14
  42. data/lib/contrast/agent/tracepoint_hook.rb +11 -3
  43. data/lib/contrast/agent/version.rb +1 -1
  44. data/lib/contrast/agent.rb +6 -1
  45. data/lib/contrast/components/api.rb +34 -0
  46. data/lib/contrast/components/app_context.rb +24 -0
  47. data/lib/contrast/components/assess.rb +7 -0
  48. data/lib/contrast/components/config.rb +90 -11
  49. data/lib/contrast/components/contrast_service.rb +6 -0
  50. data/lib/contrast/config/api_configuration.rb +22 -0
  51. data/lib/contrast/config/assess_configuration.rb +1 -0
  52. data/lib/contrast/config/env_variables.rb +25 -0
  53. data/lib/contrast/config/root_configuration.rb +1 -0
  54. data/lib/contrast/config/service_configuration.rb +2 -1
  55. data/lib/contrast/config.rb +1 -0
  56. data/lib/contrast/configuration.rb +3 -0
  57. data/lib/contrast/framework/manager.rb +14 -12
  58. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +9 -6
  59. data/lib/contrast/framework/rails/patch/support.rb +31 -29
  60. data/lib/contrast/logger/application.rb +4 -0
  61. data/lib/contrast/utils/assess/propagation_method_utils.rb +129 -0
  62. data/lib/contrast/utils/assess/property/tagged_utils.rb +142 -0
  63. data/lib/contrast/utils/assess/source_method_utils.rb +83 -0
  64. data/lib/contrast/utils/assess/trigger_method_utils.rb +138 -0
  65. data/lib/contrast/utils/class_util.rb +58 -44
  66. data/lib/contrast/utils/exclude_key.rb +20 -0
  67. data/lib/contrast/utils/io_util.rb +42 -34
  68. data/lib/contrast/utils/lru_cache.rb +45 -0
  69. data/lib/contrast/utils/metrics_hash.rb +59 -0
  70. data/lib/contrast/utils/os.rb +23 -0
  71. data/lib/contrast/utils/patching/policy/patch_utils.rb +232 -0
  72. data/lib/contrast/utils/patching/policy/patcher_utils.rb +54 -0
  73. data/lib/contrast/utils/requests_client.rb +150 -0
  74. data/lib/contrast/utils/ruby_ast_rewriter.rb +1 -1
  75. data/lib/contrast/utils/telemetry.rb +77 -0
  76. data/lib/contrast/utils/telemetry_identifier.rb +137 -0
  77. data/lib/contrast.rb +19 -1
  78. data/resources/assess/policy.json +12 -6
  79. data/resources/deadzone/policy.json +86 -5
  80. data/ruby-agent.gemspec +2 -1
  81. data/service_executables/VERSION +1 -1
  82. data/service_executables/linux/contrast-service +0 -0
  83. data/service_executables/mac/contrast-service +0 -0
  84. metadata +32 -14
  85. data/ext/cs__protect_kernel/cs__protect_kernel.c +0 -47
  86. data/ext/cs__protect_kernel/cs__protect_kernel.h +0 -12
  87. data/lib/contrast/extension/protect/kernel.rb +0 -29
@@ -0,0 +1,137 @@
1
+ # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/telemetry'
5
+ require 'contrast/utils/os'
6
+ require 'socket'
7
+
8
+ module Contrast
9
+ module Utils
10
+ # Tools for supporting the Telemetry feature
11
+ module Telemetry
12
+ # Gets info about the instrumented application required to build unique identifiers,
13
+ # used in the agent's Telemetry.
14
+ module Identifier
15
+ MAC_REGEX = /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/.cs__freeze
16
+ LINUX_OS_REG = /hwaddr=.*?(([A-F0-9]{2}:){5}[A-F0-9]{2})/im.cs__freeze
17
+ MAC_OS_PRIMARY = 'en0'.cs__freeze
18
+ LINUX_PRIMARY = 'enp'.cs__freeze
19
+
20
+ # Sinatra and Grape both use similar approach to identify the app_name.
21
+ # Rails has a different way of doing it, but to unify this we'll use this one.
22
+ # If app_name is changed/renamed during production it would still get the
23
+ # new folder's name.
24
+ #
25
+ # @ return [String] name of the application from the current working directory
26
+ def self.app_name
27
+ @_app_name ||= File.basename(Dir.pwd)
28
+ end
29
+
30
+ # Returns the MAC address of the primary network interface, depending on the used OS.
31
+ # If the primary is unknown it finds the first available network interface and gets it's
32
+ # MAC address instead.
33
+ #
34
+ # @return [String, nil] MAC address of the primary network interface or
35
+ # the first available one, or nil if nothing found
36
+ def self.mac
37
+ @_mac = find_mac MAC_OS_PRIMARY if Contrast::Utils::OS.mac? && @_mac.nil?
38
+ @_mac = find_mac LINUX_PRIMARY if Contrast::Utils::OS.linux? && @_mac.nil?
39
+ # or find any available
40
+ @_mac = find_mac if @_mac.nil?
41
+ @_mac
42
+ end
43
+
44
+ class << self
45
+ private
46
+
47
+ # Finds the primary MAC address of all listed network adapters.
48
+ # If primary is not set or unknown, use the first MAC address found
49
+ # from the listed adapters.
50
+ #
51
+ # @param primary [nil, String] optional param if set look only for primary
52
+ # network adapter's name
53
+ # @return [String, nil] MAC address of the first listed network adapter or
54
+ # nil if not found
55
+ def find_mac primary = nil
56
+ result = nil
57
+ idx = 0
58
+ return if interfaces.empty?
59
+
60
+ while idx < interfaces.length
61
+ addr = interfaces[idx].addr
62
+ name = interfaces[idx].name # rubocop:disable Security/Module/Name
63
+ # retrieving MAC address from primary network interface or first available
64
+ mac = retrieve_mac name, addr, primary
65
+ idx += 1
66
+ next unless mac
67
+
68
+ result = mac if mac && (mac.match? MAC_REGEX)
69
+ break if result && !primary
70
+ end
71
+ result
72
+ end
73
+
74
+ # Retrieves MAC address for primary or any network interface.
75
+ # This is OS dependent search.
76
+ #
77
+ # @param name [Sting] interface name of ifaddr
78
+ # @param addr [String] address info
79
+ # example: #<Addrinfo: LINK[en0 aa:bb:cc:00:11:22]>
80
+ # @param primary [nil, String] optional param if set look only for primary
81
+ # network adapter's name
82
+ # @return mac [nil, String] MAC address of primary network interface,
83
+ # any network interface, or nil if no interface is found.
84
+ def retrieve_mac name, addr, primary
85
+ mac = nil
86
+ # Mac OS allow us to use getnameinfo(sockaddr [, flags]) => [hostname, servicename]
87
+ #
88
+ # returned address:
89
+ # <Socket::Ifaddr en0 UP,BROADCAST,RUNNING,NOTRAILERS,SIMPLEX,MULTICAST LINK[en0 aa:bb:cc:00:11:22]>
90
+ if Contrast::Utils::OS.mac?
91
+ mac = addr.getnameinfo[0] unless primary
92
+ mac = addr.getnameinfo[0] if primary && name.include?(primary)
93
+ end
94
+ # In Linux using Socket::addr#getnameinfo results in ai_family not supported exception.
95
+ # In this case we are relying on match filtering of addresses.
96
+ #
97
+ # returned address:
98
+ # #<Socket::Ifaddr eth0 UP,BROADCAST,RUNNING,MULTICAST,0x10000
99
+ # PACKET[protocol=0 eth0 hatype=1 HOST hwaddr=aa:bb:cc:00:11:22]>
100
+ if primary && Contrast::Utils::OS.linux?
101
+ mac = Regexp.last_match(1) if addr.inspect =~ LINUX_OS_REG && name.include?(primary)
102
+ elsif primary.nil? && Contrast::Utils::OS.linux?
103
+ mac = Regexp.last_match(1) if addr.inspect =~ LINUX_OS_REG
104
+ end
105
+ mac
106
+ end
107
+
108
+ # Returns array of network interfaces.
109
+ # This is OS dependent search.
110
+ #
111
+ # @return interfaces [Array] Returns an array of interface addresses.
112
+ # Socket::Ifaddr - represents a result of getifaddrs().
113
+ def interfaces
114
+ @_interfaces = []
115
+ arr = Socket.getifaddrs
116
+ idx = 0
117
+ check_family = 0
118
+ while idx < arr.length
119
+ # We need only network adapters MACs. Checking for pfamily of every socket address:
120
+ # 18 for Mac OS and 17 for Linux.
121
+ # family should be an address family such as: :INET, :INET6, :UNIX, etc.
122
+ check_family = 18 if Contrast::Utils::OS.mac?
123
+ check_family = 17 if Contrast::Utils::OS.linux?
124
+ if arr[idx].addr.pfamily != check_family
125
+ idx += 1
126
+ next
127
+ end
128
+ @_interfaces << arr[idx]
129
+ idx += 1
130
+ end
131
+ @_interfaces
132
+ end
133
+ end
134
+ end
135
+ end
136
+ end
137
+ end
data/lib/contrast.rb CHANGED
@@ -23,7 +23,7 @@ end
23
23
 
24
24
  if RUBY_VERSION >= '3.0.0'
25
25
  # This fixes Ruby 3.0 issues with Module#(some instance method) patching by preventing the prepending of
26
- # a JSON helper on protobuf load. String.instance_method(:+) is one of the most noticable.
26
+ # a JSON helper on protobuf load. String.instance_method(:+) is one of the most noticeable.
27
27
  # TODO: RUBY-1132 Remove this once Ruby 3 is fixed.
28
28
  # See bug here: https://bugs.ruby-lang.org/issues/17725
29
29
  class Class
@@ -35,6 +35,7 @@ if RUBY_VERSION >= '3.0.0'
35
35
  end
36
36
 
37
37
  require 'contrast/components/agent'
38
+ require 'contrast/components/api'
38
39
  require 'contrast/components/app_context'
39
40
  require 'contrast/components/assess'
40
41
  require 'contrast/components/config'
@@ -47,6 +48,7 @@ require 'contrast/components/scope'
47
48
  require 'contrast/components/settings'
48
49
 
49
50
  module Contrast
51
+ API = Contrast::Components::Api::Interface.new
50
52
  SCOPE = Contrast::Components::Scope::Interface.new
51
53
  CONFIG = Contrast::Components::Config::Interface.new
52
54
  SETTINGS = Contrast::Components::Settings::Interface.new
@@ -76,3 +78,19 @@ if RUBY_VERSION >= '3.0.0'
76
78
  Class.alias_method(:prepend, :cs__orig_prepend)
77
79
  Class.remove_method(:cs__orig_prepend)
78
80
  end
81
+
82
+ if RUBY_VERSION < '3.0.0'
83
+ # Better handles ancestors for older ruby versions.
84
+ # This is called from C, tread lightly.
85
+ class Module
86
+ @_included_in = []
87
+ # Returns array with modules including this instance
88
+ def included_in
89
+ @_included_in ||= [] unless cs__frozen?
90
+ end
91
+
92
+ def self.included_in
93
+ @_included_in ||= [] unless cs__frozen?
94
+ end
95
+ end
96
+ end
@@ -50,7 +50,7 @@
50
50
  "target": "R",
51
51
  "type": "COOKIE",
52
52
  "tags":["NO_NEWLINES", "CROSS_SITE"]
53
- }, {
53
+ }, {
54
54
  "class_name":"Rack::Request::Helpers",
55
55
  "instance_method": true,
56
56
  "method_visibility": "public",
@@ -200,8 +200,15 @@
200
200
  "source": "O",
201
201
  "target": "R",
202
202
  "action": "KEEP"
203
- },
204
- {
203
+ }, {
204
+ "class_name": "String",
205
+ "instance_method": true,
206
+ "method_visibility": "public",
207
+ "method_name": "force_encoding",
208
+ "source": "O",
209
+ "target": "R",
210
+ "action": "SPLAT"
211
+ }, {
205
212
  "class_name": "String",
206
213
  "instance_method": true,
207
214
  "method_visibility": "public",
@@ -209,8 +216,7 @@
209
216
  "source": "O",
210
217
  "target": "R",
211
218
  "action": "KEEP"
212
- },
213
- {
219
+ }, {
214
220
  "class_name": "String",
215
221
  "instance_method": true,
216
222
  "method_visibility": "public",
@@ -218,7 +224,7 @@
218
224
  "source": "O,P0",
219
225
  "target": "R",
220
226
  "action": "SPLIT"
221
- },{
227
+ }, {
222
228
  "class_name": "String",
223
229
  "instance_method": true,
224
230
  "method_visibility": "public",
@@ -1,11 +1,6 @@
1
1
  {
2
2
  "deadzones":[
3
3
  {
4
- "class_name":"Rspec::Core::BacktraceFormatter",
5
- "instance_method":true,
6
- "method_visibility": "private",
7
- "method_name":"matches?"
8
- },{
9
4
  "class_name":"Rspec::Core::Example",
10
5
  "instance_method":true,
11
6
  "method_visibility": "private",
@@ -205,6 +200,92 @@
205
200
  "method_visibility": "public",
206
201
  "method_name":"exists?",
207
202
  "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/request/session.rb#L201"
203
+ },{
204
+ "class_name": "RSpec::Matchers::BuiltIn::BaseMatcher"
205
+ },{
206
+ "class_name": "RSpec::Matchers::BuiltIn::BeAKindOf"
207
+ },{
208
+ "class_name": "RSpec::Matchers::BuiltIn::BeAnInstanceOf"
209
+ },{
210
+ "class_name": "RSpec::Matchers::BuiltIn::BeBetween"
211
+ },{
212
+ "class_name": "RSpec::Matchers::BuiltIn::Be"
213
+ },{
214
+ "class_name": "RSpec::Matchers::BuiltIn::BeComparedTo"
215
+ },{
216
+ "class_name": "RSpec::Matchers::BuiltIn::BeFalsey"
217
+ },{
218
+ "class_name": "RSpec::Matchers::BuiltIn::BeHelpers"
219
+ },{
220
+ "class_name": "RSpec::Matchers::BuiltIn::BeNil"
221
+ },{
222
+ "class_name": "RSpec::Matchers::BuiltIn::BePredicate"
223
+ },{
224
+ "class_name": "RSpec::Matchers::BuiltIn::BeTruthy"
225
+ },{
226
+ "class_name": "RSpec::Matchers::BuiltIn::BeWithin"
227
+ },{
228
+ "class_name": "RSpec::Matchers::BuiltIn::Change"
229
+ },{
230
+ "class_name": "RSpec::Matchers::BuiltIn::ChangeRelatively"
231
+ },{
232
+ "class_name": "RSpec::Matchers::BuiltIn::SpecificValuesChange"
233
+ },{
234
+ "class_name": "RSpec::Matchers::BuiltIn::Compound"
235
+ },{
236
+ "class_name": "RSpec::Matchers::BuiltIn::Compound::And"
237
+ }, {
238
+ "class_name": "RSpec::Matchers::BuiltIn::Compound::Or"
239
+ },{
240
+ "class_name": "RSpec::Matchers::BuiltIn::ContainExactly"
241
+ },{
242
+ "class_name": "RSpec::Matchers::BuiltIn::Cover"
243
+ },{
244
+ "class_name": "RSpec::Matchers::BuiltIn::EndWith"
245
+ },{
246
+ "class_name": "RSpec::Matchers::BuiltIn::Eq"
247
+ },{
248
+ "class_name": "RSpec::Matchers::BuiltIn::Eql"
249
+ },{
250
+ "class_name": "RSpec::Matchers::BuiltIn::Equal"
251
+ },{
252
+ "class_name": "RSpec::Matchers::BuiltIn::Exist"
253
+ },{
254
+ "class_name": "RSpec::Matchers::BuiltIn::Has"
255
+ },{
256
+ "class_name": "RSpec::Matchers::BuiltIn::HaveAttributes"
257
+ },{
258
+ "class_name": "RSpec::Matchers::BuiltIn::All"
259
+ },{
260
+ "class_name": "RSpec::Matchers::BuiltIn::Match"
261
+ },{
262
+ "class_name": "RSpec::Matchers::BuiltIn::NegativeOperatorMatcher"
263
+ },{
264
+ "class_name": "RSpec::Matchers::BuiltIn::OperatorMatcher"
265
+ },{
266
+ "class_name": "RSpec::Matchers::BuiltIn::Output"
267
+ },{
268
+ "class_name": "RSpec::Matchers::BuiltIn::PositiveOperatorMatcher"
269
+ },{
270
+ "class_name": "RSpec::Matchers::BuiltIn::RaiseError"
271
+ },{
272
+ "class_name": "RSpec::Matchers::BuiltIn::RespondTo"
273
+ },{
274
+ "class_name": "RSpec::Matchers::BuiltIn::Satisfy"
275
+ },{
276
+ "class_name": "RSpec::Matchers::BuiltIn::StartWith"
277
+ },{
278
+ "class_name": "RSpec::Matchers::BuiltIn::ThrowSymbol"
279
+ },{
280
+ "class_name": "RSpec::Matchers::BuiltIn::YieldControl"
281
+ },{
282
+ "class_name": "RSpec::Matchers::BuiltIn::YieldSuccessiveArgs"
283
+ },{
284
+ "class_name": "RSpec::Matchers::BuiltIn::YieldWithArgs"
285
+ },{
286
+ "class_name": "RSpec::Matchers::BuiltIn::YieldWithNoArgs"
287
+ },{
288
+ "class_name": "SimpleCov"
208
289
  }
209
290
  ]
210
291
  }
data/ruby-agent.gemspec CHANGED
@@ -150,7 +150,8 @@ def self.add_files spec
150
150
  'shared_libraries/libfunchook.so',
151
151
  'shared_libraries/funchook.h',
152
152
  'funchook/src/libfunchook.dylib',
153
- 'funchook/src/libfunchook.so')
153
+ 'funchook/src/libfunchook.so',
154
+ '.secrets.baseline')
154
155
  end
155
156
  end
156
157
 
@@ -1 +1 @@
1
- 2.21.2
1
+ 2.27.3
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: contrast-agent
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.10.0
4
+ version: 4.13.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
13
13
  autorequire:
14
14
  bindir: exe
15
15
  cert_chain: []
16
- date: 2021-08-31 00:00:00.000000000 Z
16
+ date: 2021-11-19 00:00:00.000000000 Z
17
17
  dependencies:
18
18
  - !ruby/object:Gem::Dependency
19
19
  name: bundler
@@ -618,19 +618,19 @@ executables:
618
618
  extensions:
619
619
  - ext/cs__common/extconf.rb
620
620
  - ext/cs__assess_fiber_track/extconf.rb
621
- - ext/cs__assess_marshal_module/extconf.rb
621
+ - ext/cs__os_information/extconf.rb
622
+ - ext/cs__assess_array/extconf.rb
623
+ - ext/cs__contrast_patch/extconf.rb
622
624
  - ext/cs__assess_kernel/extconf.rb
623
- - ext/cs__assess_basic_object/extconf.rb
624
- - ext/cs__assess_string/extconf.rb
625
625
  - ext/cs__assess_regexp/extconf.rb
626
- - ext/cs__protect_kernel/extconf.rb
627
- - ext/cs__contrast_patch/extconf.rb
628
- - ext/cs__assess_active_record_named/extconf.rb
626
+ - ext/cs__assess_marshal_module/extconf.rb
629
627
  - ext/cs__assess_module/extconf.rb
630
628
  - ext/cs__assess_hash/extconf.rb
631
- - ext/cs__assess_string_interpolation26/extconf.rb
632
- - ext/cs__assess_array/extconf.rb
629
+ - ext/cs__assess_active_record_named/extconf.rb
633
630
  - ext/cs__assess_yield_track/extconf.rb
631
+ - ext/cs__assess_string/extconf.rb
632
+ - ext/cs__assess_basic_object/extconf.rb
633
+ - ext/cs__assess_string_interpolation26/extconf.rb
634
634
  extra_rdoc_files: []
635
635
  files:
636
636
  - ".clang-format"
@@ -688,9 +688,9 @@ files:
688
688
  - ext/cs__contrast_patch/cs__contrast_patch.c
689
689
  - ext/cs__contrast_patch/cs__contrast_patch.h
690
690
  - ext/cs__contrast_patch/extconf.rb
691
- - ext/cs__protect_kernel/cs__protect_kernel.c
692
- - ext/cs__protect_kernel/cs__protect_kernel.h
693
- - ext/cs__protect_kernel/extconf.rb
691
+ - ext/cs__os_information/cs__os_information.c
692
+ - ext/cs__os_information/cs__os_information.h
693
+ - ext/cs__os_information/extconf.rb
694
694
  - ext/extconf_common.rb
695
695
  - funchook/LICENSE
696
696
  - funchook/Makefile.in
@@ -898,6 +898,7 @@ files:
898
898
  - lib/contrast/agent/inventory/policy/datastores.rb
899
899
  - lib/contrast/agent/inventory/policy/policy.rb
900
900
  - lib/contrast/agent/inventory/policy/trigger_node.rb
901
+ - lib/contrast/agent/metric_telemetry_event.rb
901
902
  - lib/contrast/agent/middleware.rb
902
903
  - lib/contrast/agent/module_data.rb
903
904
  - lib/contrast/agent/patching/policy/after_load_patch.rb
@@ -948,7 +949,10 @@ files:
948
949
  - lib/contrast/agent/rule_set.rb
949
950
  - lib/contrast/agent/scope.rb
950
951
  - lib/contrast/agent/service_heartbeat.rb
952
+ - lib/contrast/agent/startup_metrics_telemetry_event.rb
951
953
  - lib/contrast/agent/static_analysis.rb
954
+ - lib/contrast/agent/telemetry.rb
955
+ - lib/contrast/agent/telemetry_event.rb
952
956
  - lib/contrast/agent/thread.rb
953
957
  - lib/contrast/agent/thread_watcher.rb
954
958
  - lib/contrast/agent/tracepoint_hook.rb
@@ -990,6 +994,7 @@ files:
990
994
  - lib/contrast/api/dtm.pb.rb
991
995
  - lib/contrast/api/settings.pb.rb
992
996
  - lib/contrast/components/agent.rb
997
+ - lib/contrast/components/api.rb
993
998
  - lib/contrast/components/app_context.rb
994
999
  - lib/contrast/components/assess.rb
995
1000
  - lib/contrast/components/base.rb
@@ -1004,11 +1009,13 @@ files:
1004
1009
  - lib/contrast/components/settings.rb
1005
1010
  - lib/contrast/config.rb
1006
1011
  - lib/contrast/config/agent_configuration.rb
1012
+ - lib/contrast/config/api_configuration.rb
1007
1013
  - lib/contrast/config/application_configuration.rb
1008
1014
  - lib/contrast/config/assess_configuration.rb
1009
1015
  - lib/contrast/config/assess_rules_configuration.rb
1010
1016
  - lib/contrast/config/base_configuration.rb
1011
1017
  - lib/contrast/config/default_value.rb
1018
+ - lib/contrast/config/env_variables.rb
1012
1019
  - lib/contrast/config/exception_configuration.rb
1013
1020
  - lib/contrast/config/heap_dump_configuration.rb
1014
1021
  - lib/contrast/config/inventory_configuration.rb
@@ -1039,7 +1046,6 @@ files:
1039
1046
  - lib/contrast/extension/kernel.rb
1040
1047
  - lib/contrast/extension/module.rb
1041
1048
  - lib/contrast/extension/protect.rb
1042
- - lib/contrast/extension/protect/kernel.rb
1043
1049
  - lib/contrast/extension/protect/psych.rb
1044
1050
  - lib/contrast/extension/thread.rb
1045
1051
  - lib/contrast/framework/base_support.rb
@@ -1069,25 +1075,37 @@ files:
1069
1075
  - lib/contrast/security_exception.rb
1070
1076
  - lib/contrast/tasks/config.rb
1071
1077
  - lib/contrast/tasks/service.rb
1078
+ - lib/contrast/utils/assess/propagation_method_utils.rb
1079
+ - lib/contrast/utils/assess/property/tagged_utils.rb
1072
1080
  - lib/contrast/utils/assess/sampling_util.rb
1081
+ - lib/contrast/utils/assess/source_method_utils.rb
1073
1082
  - lib/contrast/utils/assess/tracking_util.rb
1083
+ - lib/contrast/utils/assess/trigger_method_utils.rb
1074
1084
  - lib/contrast/utils/class_util.rb
1075
1085
  - lib/contrast/utils/duck_utils.rb
1076
1086
  - lib/contrast/utils/env_configuration_item.rb
1087
+ - lib/contrast/utils/exclude_key.rb
1077
1088
  - lib/contrast/utils/hash_digest.rb
1078
1089
  - lib/contrast/utils/heap_dump_util.rb
1079
1090
  - lib/contrast/utils/invalid_configuration_util.rb
1080
1091
  - lib/contrast/utils/io_util.rb
1081
1092
  - lib/contrast/utils/job_servers_running.rb
1093
+ - lib/contrast/utils/lru_cache.rb
1094
+ - lib/contrast/utils/metrics_hash.rb
1082
1095
  - lib/contrast/utils/object_share.rb
1083
1096
  - lib/contrast/utils/os.rb
1097
+ - lib/contrast/utils/patching/policy/patch_utils.rb
1098
+ - lib/contrast/utils/patching/policy/patcher_utils.rb
1084
1099
  - lib/contrast/utils/preflight_util.rb
1100
+ - lib/contrast/utils/requests_client.rb
1085
1101
  - lib/contrast/utils/resource_loader.rb
1086
1102
  - lib/contrast/utils/ruby_ast_rewriter.rb
1087
1103
  - lib/contrast/utils/sha256_builder.rb
1088
1104
  - lib/contrast/utils/stack_trace_utils.rb
1089
1105
  - lib/contrast/utils/string_utils.rb
1090
1106
  - lib/contrast/utils/tag_util.rb
1107
+ - lib/contrast/utils/telemetry.rb
1108
+ - lib/contrast/utils/telemetry_identifier.rb
1091
1109
  - lib/contrast/utils/thread_tracker.rb
1092
1110
  - lib/contrast/utils/timer.rb
1093
1111
  - resources/assess/policy.json
@@ -1,47 +0,0 @@
1
- /* Copyright (c) 2021 Contrast Security, Inc. See
2
- * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
3
-
4
- #include "cs__protect_kernel.h"
5
- #include "../cs__common/cs__common.h"
6
- #include <ruby.h>
7
-
8
- static VALUE contrast_protect_fork(const int argc, const VALUE *argv,
9
- const VALUE self) {
10
- VALUE ret;
11
- if (rb_block_given_p()) {
12
- /* We call our hook, but it's a little complicated.
13
- * We wrap the fork block with our own lambda in
14
- * order to instrument it. There are no public
15
- * methods in the Ruby C API to set the prevailing
16
- * block, so we have to use rb_funcall_with_block.
17
- * Also, rb_funcall_with_block does a public call,
18
- * and our method is private.
19
- * So we (as a hack) temporarily set it to public.
20
- */
21
- VALUE wrapper;
22
- wrapper =
23
- rb_funcall_with_block(kernel_protect, rb_sym_protect_kernel_wrapper,
24
- 0, NULL, rb_block_proc());
25
- rb_funcall(rb_mKernel, rb_intern("public"), 1,
26
- ID2SYM(rb_sym_protect_kernel_fork));
27
- ret = rb_funcall_with_block(self, rb_sym_protect_kernel_fork, argc,
28
- argv, wrapper);
29
- rb_funcall(rb_mKernel, rb_intern("private"), 1,
30
- ID2SYM(rb_sym_protect_kernel_fork));
31
- } else {
32
- ret = rb_funcall2(self, rb_sym_protect_kernel_fork, argc, argv);
33
- }
34
- return ret;
35
- }
36
-
37
- void Init_cs__protect_kernel(void) {
38
- VALUE core_protect = rb_define_module_under(core_extensions, "Protect");
39
- kernel_protect = rb_define_module_under(core_protect, "Kernel");
40
- rb_sym_protect_kernel_wrapper = rb_intern("build_wrapper");
41
-
42
- rb_sym_protect_kernel_fork =
43
- contrast_register_patch("Kernel", "fork", &contrast_protect_fork);
44
-
45
- rb_sym_protect_kernel_fork = contrast_register_singleton_patch(
46
- "Kernel", "fork", &contrast_protect_fork);
47
- }
@@ -1,12 +0,0 @@
1
- #include <ruby.h>
2
-
3
- extern VALUE rb_vm_top_self(void);
4
-
5
- static VALUE kernel_protect;
6
- static VALUE rb_sym_protect_kernel_fork;
7
- static VALUE rb_sym_protect_kernel_wrapper;
8
-
9
- static VALUE contrast_protect_fork(const int argc, const VALUE *argv,
10
- const VALUE self);
11
-
12
- void Init_cs__protect_kernel(void);
@@ -1,29 +0,0 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
- # frozen_string_literal: true
3
-
4
- module Contrast
5
- module Extension
6
- module Protect
7
- # This Module functions as our patch into the Kernel class for Protect,
8
- # allowing us to track activity as it crosses spawned processes.
9
- module Kernel
10
- class << self
11
- def build_wrapper
12
- lambda {
13
- proc_start
14
- yield
15
- # AtExitHook handles sending any messages generated in the new forked process
16
- }
17
- end
18
-
19
- def proc_start
20
- context = Contrast::Agent::REQUEST_TRACKER.current
21
- return unless context
22
-
23
- context.reset_activity
24
- end
25
- end
26
- end
27
- end
28
- end
29
- end