contrast-agent 4.11.0 → 4.12.0

data/lib/contrast/agent/patching/policy/patcher.rb

@@ -246,6 +246,7 @@ module Contrast
             def patch_into_instance_methods module_data, module_policy
               mod = module_data.mod
               methods = all_instance_methods(mod, true)
+              methods.delete(:initialize) if mod.to_s.starts_with?('RSpec') && mod.to_s.include?('Matchers')
               patch_into_methods(mod, methods, module_policy, true)
             end
 
@@ -309,6 +310,5 @@ require 'contrast/extension/module'
 require 'contrast/extension/assess'
 require 'contrast/extension/inventory'
 require 'contrast/extension/protect'
-require 'contrast/extension/protect/kernel'
 
 require 'cs__contrast_patch/cs__contrast_patch'

data/lib/contrast/agent/request_context.rb

@@ -60,14 +60,10 @@ module Contrast
           # generic holder for properties that can be set throughout this request
           @_properties = {}
 
-          @sample = true
-
           if ::Contrast::ASSESS.enabled?
-            @sample_request, @sample_response = Contrast::Utils::Assess::SamplingUtil.instance.sample?(@request)
+            @sample_req, @sample_res = Contrast::Utils::Assess::SamplingUtil.instance.sample?(@request)
           end
 
-          @sample_response &&= ::Contrast::ASSESS.scan_response?
-
           append_route_coverage(Contrast::Agent.framework_manager.get_route_dtm(@request))
         end
       end
@@ -77,11 +73,31 @@ module Contrast
       end
 
       def analyze_request?
-        @sample_request
+        analyze_request_assess? || analyze_req_res_protect?
       end
 
       def analyze_response?
-        @sample_response
+        analyze_response_assess? || analyze_req_res_protect?
+      end
+
+      def analyze_req_res_protect?
+        ::Contrast::PROTECT.enabled?
+      end
+
+      def analyze_request_assess?
+        return false unless analyze_req_res_assess?
+
+        @sample_req
+      end
+
+      def analyze_response_assess?
+        return false unless analyze_req_res_assess?
+
+        @sample_res &&= ::Contrast::ASSESS.scan_response?
+      end
+
+      def analyze_req_res_assess?
+        ::Contrast::ASSESS.enabled?
       end
 
       # Convert the discovered route for this request to appropriate forms and disseminate it to those locations
@@ -171,7 +187,7 @@ module Contrast
       # that has been accumulated since the last request
       def extract_after rack_response
         @response = Contrast::Agent::Response.new(rack_response)
-        activity.http_response = @response.dtm if @sample_response
+        activity.http_response = @response.dtm if @sample_res
       rescue StandardError => e
         logger.error('Unable to extract information after request', e)
       end

data/lib/contrast/agent/rule_set.rb

@@ -16,8 +16,7 @@ module Contrast
       # terminate requests on attack detection if set to block at perimeter
       def prefilter
         context = Contrast::Agent::REQUEST_TRACKER.current
-        # TODO: RUBY-801 We shouldn't be responsible for knowing what modes are enabled
-        return unless context&.analyze_request? || ::Contrast::PROTECT.enabled?
+        return unless context&.analyze_request?
 
         logger.trace_with_time('Running prefilter...') do
           map { |rule| rule.prefilter(context) }
@@ -33,8 +32,7 @@ module Contrast
       # has been created. The main actions here are analyzing the response for unsafe state or actions.
       def postfilter
         context = Contrast::Agent::REQUEST_TRACKER.current
-        # TODO: RUBY-801 We shouldn't be responsible for knowing what modes are enabled
-        return unless context&.analyze_response? || ::Contrast::PROTECT.enabled?
+        return unless context&.analyze_response?
 
         logger.trace_with_time('Running postfilter...') do
           map { |rule| rule.postfilter(context) }

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '4.11.0'
+    VERSION = '4.12.0'
   end
 end

data/lib/contrast/agent.rb

@@ -20,7 +20,6 @@ require 'contrast/extension/delegator'
 require 'contrast/extension/inventory'
 require 'contrast/extension/module'
 require 'contrast/extension/protect'
-require 'contrast/extension/protect/kernel'
 
 require 'contrast/utils/object_share'
 require 'contrast/utils/string_utils'

data/lib/contrast/components/assess.rb

@@ -88,6 +88,13 @@ module Contrast
           @_require_scan
         end
 
+        def require_dynamic_sources?
+          if @_require_dynamic_sources.nil?
+            @_require_dynamic_sources = !false?(::Contrast::CONFIG.root.assess.enable_dynamic_sources)
+          end
+          @_require_dynamic_sources
+        end
+
         def tags
           ::Contrast::CONFIG.root.assess&.tags
         end

data/lib/contrast/config/assess_configuration.rb

@@ -10,6 +10,7 @@ module Contrast
           tags: EMPTY_VALUE,
           enable: EMPTY_VALUE,
           enable_scan_response: Contrast::Config::DefaultValue.new('true'),
+          enable_dynamic_sources: Contrast::Config::DefaultValue.new('true'),
           sampling: Contrast::Config::SamplingConfiguration,
           rules: Contrast::Config::AssessRulesConfiguration,
           stacktraces: Contrast::Config::DefaultValue.new('ALL')

data/lib/contrast/utils/class_util.rb

@@ -9,17 +9,15 @@ module Contrast
   module Utils
     # Utility methods for exploring the complete space of Objects
     class ClassUtil
-      @lru_cache = LRUCache.new
+      @lru_cache = LRUCache.new(300)
+      @string_cache = LRUCache.new(300)
       class << self
-        # some classes have had things prepended to them, like Marshal in Rails
-        # 5 and higher. Their ActiveSupport::MarshalWithAutoloading will break
-        # our alias patching approach, as will any other prepend on something
-        # that we touch. Prepend and Alias are inherently incompatible monkey
-        # patching approaches. As such, we need to know if something has been
-        # prepended to.
+        # some classes have had things prepended to them, like Marshal in Rails 5 and higher. Their
+        # ActiveSupport::MarshalWithAutoloading will break our alias patching approach, as will any other prepend on
+        # something that we touch. Prepend and Alias are inherently incompatible monkey patching approaches. As such,
+        # we need to know if something has been prepended to.
         #
-        # @param mod [Module] the Module to check to see if it has had something
-        #   prepended
+        # @param mod [Module] the Module to check to see if it has had something prepended
         # @param ancestors [Array<Module>] the array of ancestors for the mod
         # @return [Boolean] if the mod has been prepended or not
         def prepended? mod, ancestors = nil
@@ -27,8 +25,13 @@ module Contrast
           ancestors[0] != mod
         end
 
-        # return true if the given method is overwritten by one of the ancestors
-        # in the ancestor change that comes before the given module
+        # return true if the given method is overwritten by one of the ancestors in the ancestor change that comes
+        # before the given module
+        #
+        # @param mod [Module] the Module to check to see if it has had something prepended
+        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] the policy that holds the method we
+        #   need to check
+        # @return [Boolean] if this method specifically was prepended
         def prepended_method? mod, method_policy
           target_module = determine_target_class mod, method_policy.instance_method
           ancestors = target_module.ancestors
@@ -43,49 +46,49 @@ module Contrast
           false
         end
 
-        # Return a String representing the object invoking this method in the
-        # form expected by our dataflow events.
+        # Return a String representing the object invoking this method in the form expected by our dataflow events.
+        # After implementing the LRU Cache, we firstly need to check if already had that object cached and if we have
+        # it - we can return it directly; otherwise we'll calculate and store the result before returning.
+        #
+        # TODO: RUBY-1327
+        # Once we move to 2.7+, we can combine the caches using ID b/c the memory location stops being the id
         #
         # @param object [Object, nil] the entity to convert to a String
         # @return [String] the human readable form of the String, as defined by
         #   https://bitbucket.org/contrastsecurity/assess-specifications/src/master/vulnerability/capture-snapshot.md
-
         def to_contrast_string object
-          # After implementing the LRU Cache, we firstly need to check if already had that object cached
-          # and if we have it - we can return it directly
-          return @lru_cache[object.__id__] if @lru_cache.key? object.__id__
-
-          # Only treat object like a string if it actually is a string+
-          # some subclasses of String override string methods we depend on
-          @lru_cache[object.__id__] = if object.cs__class == String
-                                        cached = to_cached_string(object)
-                                        return cached if cached
-
-                                        object.dup
-                                      elsif object.nil?
-                                        Contrast::Utils::ObjectShare::NIL_STRING
-                                      elsif object.cs__is_a?(Symbol)
-                                        ":#{ object }"
-                                      elsif object.cs__is_a?(Module) || object.cs__is_a?(Class)
-                                        "#{ object.cs__name }@#{ object.__id__ }"
-                                      elsif object.cs__is_a?(Regexp)
-                                        object.source
-                                      elsif use_to_s?(object)
-                                        object.to_s
-                                      else
-                                        "#{ object.cs__class.cs__name }@#{ object.__id__ }"
-                                      end
+          # Only treat object like a string if it actually is a string+ some subclasses of String override string
+          # methods we depend on
+          if object.cs__class == String
+            return @string_cache[object] if @string_cache.key? object
+
+            @string_cache[object] = to_cached_string(object) || object.dup
+          else
+            return @lru_cache[object.__id__] if @lru_cache.key? object.__id__
+
+            @lru_cache[object.__id__] = if object.nil?
+                                          Contrast::Utils::ObjectShare::NIL_STRING
+                                        elsif object.cs__is_a?(Symbol)
+                                          ":#{ object }"
+                                        elsif object.cs__is_a?(Module) || object.cs__is_a?(Class)
+                                          "#{ object.cs__name }@#{ object.__id__ }"
+                                        elsif object.cs__is_a?(Regexp)
+                                          object.source
+                                        elsif use_to_s?(object)
+                                          object.to_s
+                                        else
+                                          "#{ object.cs__class.cs__name }@#{ object.__id__ }"
+                                        end
+          end
         end
 
-        # The method const_defined? can cause autoload, which is bad for us.
-        # The method autoload? doesn't traverse namespaces. This method lets us
-        # provide a constant, as a String, and parse it to determine if it has
-        # been truly truly defined, meaning it existed before this method was
-        # invoked, not as a result of it.
+        # The method const_defined? can cause autoload, which is bad for us. The method autoload? doesn't traverse
+        # namespaces. This method lets us provide a constant, as a String, and parse it to determine if it has been
+        # truly truly defined, meaning it existed before this method was invoked, not as a result of it.
         #
-        # This is required to handle a bug in Ruby prior to 2.7.0. When we drop
-        # support for 2.6.X, we should remove this code.
-        # https://bugs.ruby-lang.org/issues/10741
+        # TODO: RUBY-1326
+        # This is required to handle a bug in Ruby prior to 2.7.0. When we drop support for 2.6.X, we should remove
+        # this code. https://bugs.ruby-lang.org/issues/10741
         # @param name [String] the name of the constant to look up
         # @return [Boolean]
         def truly_defined? name
@@ -108,7 +111,8 @@ module Contrast
         private
 
         # Some objects have nice to_s that we can use to make them human readable. If they do, we should leverage them.
-        # We used to do this by default, but this opened us up to danger, so we're instead using an allow list approach.
+        # We used to do this by default, but this opened us up to danger, so we're instead using an allow list
+        # approach.
         #
         # @param object [Object] something that may have a safe to_s method
         # @return [Boolean] if we should invoke to_s to represent the object
@@ -119,6 +123,11 @@ module Contrast
           false
         end
 
+        # Find the target class based on the instance, or module, provided. If a module, return it.
+        #
+        # @param mod [Module] the Module, or instance of a Module, that we need to check
+        # @param is_instance [Boolean] is the object provided an instance of a class, requiring lookup by class
+        # @return [Module]
         def determine_target_class mod, is_instance
           return mod if mod.singleton_class?
 
@@ -127,13 +136,11 @@ module Contrast
           mod
         end
 
-        # If the String matches a common String in our ObjectShare, return that
-        # rather that for use as the representation of the String rather than
-        # forcing a duplication of the String.
+        # If the String matches a common String in our ObjectShare, return that rather that for use as the
+        # representation of the String rather than forcing a duplication of the String.
         #
-        # @param string [String] some string of which we want a Contrast
-        #   representation.
-        # @return [String,nil] the ObjectShare version of the String or nil
+        # @param string [String] some string of which we want a Contrast representation.
+        # @return [String, nil] the ObjectShare version of the String or nil
         def to_cached_string string
           return Contrast::Utils::ObjectShare::EMPTY_STRING if string.empty?
           return Contrast::Utils::ObjectShare::SLASH if string == Contrast::Utils::ObjectShare::SLASH

data/lib/contrast/utils/lru_cache.rb

@@ -1,8 +1,6 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/components/logger'
-
 module Contrast
   module Utils
     # A LRU(Least Recently Used) Cache store.
@@ -38,6 +36,10 @@ module Contrast
       def values
         @cache.values
       end
+
+      def clear
+        @cache.clear
+      end
     end
   end
 end

data/lib/contrast.rb

@@ -23,7 +23,7 @@ end
 
 if RUBY_VERSION >= '3.0.0'
   # This fixes Ruby 3.0 issues with Module#(some instance method) patching by preventing the prepending of
-  # a JSON helper on protobuf load. String.instance_method(:+) is one of the most noticable.
+  # a JSON helper on protobuf load. String.instance_method(:+) is one of the most noticeable.
   # TODO: RUBY-1132 Remove this once Ruby 3 is fixed.
   # See bug here: https://bugs.ruby-lang.org/issues/17725
   class Class

data/resources/assess/policy.json

@@ -50,7 +50,7 @@
       "target": "R",
       "type": "COOKIE",
       "tags":["NO_NEWLINES", "CROSS_SITE"]
-    },  {
+    }, {
       "class_name":"Rack::Request::Helpers",
       "instance_method": true,
       "method_visibility": "public",
@@ -200,8 +200,15 @@
       "source": "O",
       "target": "R",
       "action": "KEEP"
-    },
-    {
+    }, {
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "force_encoding",
+      "source": "O",
+      "target": "R",
+      "action": "SPLAT"
+    }, {
       "class_name": "String",
       "instance_method": true,
       "method_visibility": "public",
@@ -209,8 +216,7 @@
       "source": "O",
       "target": "R",
       "action": "KEEP"
-    },
-    {
+    }, {
       "class_name": "String",
       "instance_method": true,
       "method_visibility": "public",
@@ -218,7 +224,7 @@
       "source": "O,P0",
       "target": "R",
       "action": "SPLIT"
-    },{
+    }, {
       "class_name": "String",
       "instance_method": true,
       "method_visibility": "public",

data/resources/deadzone/policy.json

@@ -1,11 +1,6 @@
 {
   "deadzones":[
     {
-      "class_name":"Rspec::Core::BacktraceFormatter",
-      "instance_method":true,
-      "method_visibility": "private",
-      "method_name":"matches?"
-    },{
       "class_name":"Rspec::Core::Example",
       "instance_method":true,
       "method_visibility": "private",
@@ -205,6 +200,92 @@
       "method_visibility": "public",
       "method_name":"exists?",
       "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/request/session.rb#L201"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BaseMatcher"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeAKindOf"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeAnInstanceOf"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeBetween"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Be"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeComparedTo"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeFalsey"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeHelpers"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeNil"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BePredicate"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeTruthy"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeWithin"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Change"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::ChangeRelatively"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::SpecificValuesChange"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Compound"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Compound::And"
+    }, {
+      "class_name": "RSpec::Matchers::BuiltIn::Compound::Or"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::ContainExactly"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Cover"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::EndWith"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Eq"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Eql"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Equal"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Exist"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Has"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::HaveAttributes"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::All"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Match"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::NegativeOperatorMatcher"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::OperatorMatcher"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Output"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::PositiveOperatorMatcher"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::RaiseError"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::RespondTo"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Satisfy"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::StartWith"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::ThrowSymbol"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::YieldControl"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::YieldSuccessiveArgs"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::YieldWithArgs"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::YieldWithNoArgs"
+    },{
+      "class_name": "SimpleCov"
     }
   ]
 }

data/service_executables/VERSION

@@ -1 +1 @@
-2.21.2
+2.26.0

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 4.11.0
+  version: 4.12.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-09-23 00:00:00.000000000 Z
+date: 2021-10-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -618,19 +618,18 @@ executables:
 extensions:
 - ext/cs__common/extconf.rb
 - ext/cs__assess_array/extconf.rb
-- ext/cs__assess_regexp/extconf.rb
-- ext/cs__protect_kernel/extconf.rb
-- ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
-- ext/cs__assess_string_interpolation26/extconf.rb
 - ext/cs__assess_fiber_track/extconf.rb
+- ext/cs__assess_marshal_module/extconf.rb
+- ext/cs__assess_active_record_named/extconf.rb
+- ext/cs__assess_basic_object/extconf.rb
 - ext/cs__assess_string/extconf.rb
+- ext/cs__assess_string_interpolation26/extconf.rb
 - ext/cs__assess_hash/extconf.rb
+- ext/cs__assess_module/extconf.rb
+- ext/cs__assess_regexp/extconf.rb
 - ext/cs__assess_kernel/extconf.rb
 - ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_basic_object/extconf.rb
-- ext/cs__assess_module/extconf.rb
-- ext/cs__assess_active_record_named/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -688,9 +687,6 @@ files:
 - ext/cs__contrast_patch/cs__contrast_patch.c
 - ext/cs__contrast_patch/cs__contrast_patch.h
 - ext/cs__contrast_patch/extconf.rb
-- ext/cs__protect_kernel/cs__protect_kernel.c
-- ext/cs__protect_kernel/cs__protect_kernel.h
-- ext/cs__protect_kernel/extconf.rb
 - ext/extconf_common.rb
 - funchook/LICENSE
 - funchook/Makefile.in
@@ -1039,7 +1035,6 @@ files:
 - lib/contrast/extension/kernel.rb
 - lib/contrast/extension/module.rb
 - lib/contrast/extension/protect.rb
-- lib/contrast/extension/protect/kernel.rb
 - lib/contrast/extension/protect/psych.rb
 - lib/contrast/extension/thread.rb
 - lib/contrast/framework/base_support.rb

data/ext/cs__protect_kernel/cs__protect_kernel.c

@@ -1,47 +0,0 @@
-/* Copyright (c) 2021 Contrast Security, Inc.  See
- * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
-
-#include "cs__protect_kernel.h"
-#include "../cs__common/cs__common.h"
-#include <ruby.h>
-
-static VALUE contrast_protect_fork(const int argc, const VALUE *argv,
-                                   const VALUE self) {
-    VALUE ret;
-    if (rb_block_given_p()) {
-        /* We call our hook, but it's a little complicated.
-         * We wrap the fork block with our own lambda in
-         * order to instrument it.  There are no public
-         * methods in the Ruby C API to set the prevailing
-         * block, so we have to use rb_funcall_with_block.
-         * Also, rb_funcall_with_block does a public call,
-         * and our method is private.
-         * So we (as a hack) temporarily set it to public.
-         */
-        VALUE wrapper;
-        wrapper =
-            rb_funcall_with_block(kernel_protect, rb_sym_protect_kernel_wrapper,
-                                  0, NULL, rb_block_proc());
-        rb_funcall(rb_mKernel, rb_intern("public"), 1,
-                   ID2SYM(rb_sym_protect_kernel_fork));
-        ret = rb_funcall_with_block(self, rb_sym_protect_kernel_fork, argc,
-                                    argv, wrapper);
-        rb_funcall(rb_mKernel, rb_intern("private"), 1,
-                   ID2SYM(rb_sym_protect_kernel_fork));
-    } else {
-        ret = rb_funcall2(self, rb_sym_protect_kernel_fork, argc, argv);
-    }
-    return ret;
-}
-
-void Init_cs__protect_kernel(void) {
-    VALUE core_protect = rb_define_module_under(core_extensions, "Protect");
-    kernel_protect = rb_define_module_under(core_protect, "Kernel");
-    rb_sym_protect_kernel_wrapper = rb_intern("build_wrapper");
-
-    rb_sym_protect_kernel_fork =
-        contrast_register_patch("Kernel", "fork", &contrast_protect_fork);
-
-    rb_sym_protect_kernel_fork = contrast_register_singleton_patch(
-        "Kernel", "fork", &contrast_protect_fork);
-}

data/ext/cs__protect_kernel/cs__protect_kernel.h

@@ -1,12 +0,0 @@
-#include <ruby.h>
-
-extern VALUE rb_vm_top_self(void);
-
-static VALUE kernel_protect;
-static VALUE rb_sym_protect_kernel_fork;
-static VALUE rb_sym_protect_kernel_wrapper;
-
-static VALUE contrast_protect_fork(const int argc, const VALUE *argv,
-                                   const VALUE self);
-
-void Init_cs__protect_kernel(void);

data/ext/cs__protect_kernel/extconf.rb

@@ -1,5 +0,0 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-$TO_MAKE = File.basename(__dir__)
-require_relative '../extconf_common'

data/lib/contrast/extension/protect/kernel.rb

@@ -1,29 +0,0 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-module Contrast
-  module Extension
-    module Protect
-      # This Module functions as our patch into the Kernel class for Protect,
-      # allowing us to track activity as it crosses spawned processes.
-      module Kernel
-        class << self
-          def build_wrapper
-            lambda {
-              proc_start
-              yield
-              # AtExitHook handles sending any messages generated in the new forked process
-            }
-          end
-
-          def proc_start
-            context = Contrast::Agent::REQUEST_TRACKER.current
-            return unless context
-
-            context.reset_activity
-          end
-        end
-      end
-    end
-  end
-end