contrast-agent 4.11.0 → 4.14.0

data/resources/deadzone/policy.json

@@ -1,11 +1,6 @@
 {
   "deadzones":[
     {
-      "class_name":"Rspec::Core::BacktraceFormatter",
-      "instance_method":true,
-      "method_visibility": "private",
-      "method_name":"matches?"
-    },{
       "class_name":"Rspec::Core::Example",
       "instance_method":true,
       "method_visibility": "private",
@@ -205,6 +200,92 @@
       "method_visibility": "public",
       "method_name":"exists?",
       "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/request/session.rb#L201"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BaseMatcher"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeAKindOf"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeAnInstanceOf"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeBetween"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Be"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeComparedTo"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeFalsey"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeHelpers"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeNil"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BePredicate"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeTruthy"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeWithin"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Change"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::ChangeRelatively"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::SpecificValuesChange"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Compound"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Compound::And"
+    }, {
+      "class_name": "RSpec::Matchers::BuiltIn::Compound::Or"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::ContainExactly"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Cover"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::EndWith"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Eq"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Eql"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Equal"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Exist"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Has"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::HaveAttributes"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::All"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Match"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::NegativeOperatorMatcher"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::OperatorMatcher"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Output"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::PositiveOperatorMatcher"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::RaiseError"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::RespondTo"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Satisfy"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::StartWith"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::ThrowSymbol"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::YieldControl"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::YieldSuccessiveArgs"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::YieldWithArgs"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::YieldWithNoArgs"
+    },{
+      "class_name": "SimpleCov"
     }
   ]
 }

data/ruby-agent.gemspec

@@ -89,11 +89,11 @@ end
 
 # Dependencies used to run all of our Rubocop during the linting phase.
 def self.add_rubocop spec
-  spec.add_development_dependency 'rubocop', '1.13.0'
-  spec.add_development_dependency 'rubocop-performance', '1.11.0'
-  spec.add_development_dependency 'rubocop-rails', '2.9.1'
-  spec.add_development_dependency 'rubocop-rake', '0.5.1'
-  spec.add_development_dependency 'rubocop-rspec', '2.2.0'
+  spec.add_development_dependency 'rubocop', '1.22.3'
+  spec.add_development_dependency 'rubocop-performance', '1.12.0'
+  spec.add_development_dependency 'rubocop-rails', '2.12.4'
+  spec.add_development_dependency 'rubocop-rake', '0.6.0'
+  spec.add_development_dependency 'rubocop-rspec', '2.6.0'
 end
 
 # Dependencies not mocked out during RSpec that we test real code of, beyond just frameworks.
@@ -150,7 +150,8 @@ def self.add_files spec
                    'shared_libraries/libfunchook.so',
                    'shared_libraries/funchook.h',
                    'funchook/src/libfunchook.dylib',
-                   'funchook/src/libfunchook.so')
+                   'funchook/src/libfunchook.so',
+                   '.secrets.baseline')
   end
 end
 

data/service_executables/VERSION

@@ -1 +1 @@
-2.21.2
+2.27.3

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 4.11.0
+  version: 4.14.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-09-23 00:00:00.000000000 Z
+date: 2021-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -147,70 +147,70 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.13.0
+        version: 1.22.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.13.0
+        version: 1.22.3
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.11.0
+        version: 1.12.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.11.0
+        version: 1.12.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.9.1
+        version: 2.12.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.9.1
+        version: 2.12.4
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.5.1
+        version: 0.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.5.1
+        version: 0.6.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.2.0
+        version: 2.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.2.0
+        version: 2.6.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -617,20 +617,20 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_array/extconf.rb
-- ext/cs__assess_regexp/extconf.rb
-- ext/cs__protect_kernel/extconf.rb
-- ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
-- ext/cs__assess_string_interpolation26/extconf.rb
-- ext/cs__assess_fiber_track/extconf.rb
+- ext/cs__assess_basic_object/extconf.rb
 - ext/cs__assess_string/extconf.rb
 - ext/cs__assess_hash/extconf.rb
+- ext/cs__assess_module/extconf.rb
 - ext/cs__assess_kernel/extconf.rb
+- ext/cs__assess_array/extconf.rb
 - ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_basic_object/extconf.rb
-- ext/cs__assess_module/extconf.rb
+- ext/cs__os_information/extconf.rb
+- ext/cs__assess_marshal_module/extconf.rb
+- ext/cs__assess_fiber_track/extconf.rb
+- ext/cs__assess_string_interpolation26/extconf.rb
 - ext/cs__assess_active_record_named/extconf.rb
+- ext/cs__assess_regexp/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -688,9 +688,9 @@ files:
 - ext/cs__contrast_patch/cs__contrast_patch.c
 - ext/cs__contrast_patch/cs__contrast_patch.h
 - ext/cs__contrast_patch/extconf.rb
-- ext/cs__protect_kernel/cs__protect_kernel.c
-- ext/cs__protect_kernel/cs__protect_kernel.h
-- ext/cs__protect_kernel/extconf.rb
+- ext/cs__os_information/cs__os_information.c
+- ext/cs__os_information/cs__os_information.h
+- ext/cs__os_information/extconf.rb
 - ext/extconf_common.rb
 - funchook/LICENSE
 - funchook/Makefile.in
@@ -898,11 +898,13 @@ files:
 - lib/contrast/agent/inventory/policy/datastores.rb
 - lib/contrast/agent/inventory/policy/policy.rb
 - lib/contrast/agent/inventory/policy/trigger_node.rb
+- lib/contrast/agent/metric_telemetry_event.rb
 - lib/contrast/agent/middleware.rb
 - lib/contrast/agent/module_data.rb
 - lib/contrast/agent/patching/policy/after_load_patch.rb
 - lib/contrast/agent/patching/policy/after_load_patcher.rb
 - lib/contrast/agent/patching/policy/method_policy.rb
+- lib/contrast/agent/patching/policy/method_policy_extend.rb
 - lib/contrast/agent/patching/policy/module_policy.rb
 - lib/contrast/agent/patching/policy/patch.rb
 - lib/contrast/agent/patching/policy/patch_status.rb
@@ -940,15 +942,28 @@ files:
 - lib/contrast/agent/protect/rule/xxe.rb
 - lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb
 - lib/contrast/agent/reaction_processor.rb
+- lib/contrast/agent/reporting/report.rb
+- lib/contrast/agent/reporting/reporter.rb
+- lib/contrast/agent/reporting/reporting_events/finding.rb
+- lib/contrast/agent/reporting/reporting_events/preflight.rb
+- lib/contrast/agent/reporting/reporting_events/preflight_message.rb
+- lib/contrast/agent/reporting/reporting_events/reporting_event.rb
+- lib/contrast/agent/reporting/reporting_utilities/audit.rb
+- lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb
+- lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb
 - lib/contrast/agent/request.rb
 - lib/contrast/agent/request_context.rb
+- lib/contrast/agent/request_context_extend.rb
 - lib/contrast/agent/request_handler.rb
 - lib/contrast/agent/response.rb
 - lib/contrast/agent/rewriter.rb
 - lib/contrast/agent/rule_set.rb
 - lib/contrast/agent/scope.rb
 - lib/contrast/agent/service_heartbeat.rb
+- lib/contrast/agent/startup_metrics_telemetry_event.rb
 - lib/contrast/agent/static_analysis.rb
+- lib/contrast/agent/telemetry.rb
+- lib/contrast/agent/telemetry_event.rb
 - lib/contrast/agent/thread.rb
 - lib/contrast/agent/thread_watcher.rb
 - lib/contrast/agent/tracepoint_hook.rb
@@ -972,6 +987,7 @@ files:
 - lib/contrast/api/decorators/application_settings.rb
 - lib/contrast/api/decorators/application_startup.rb
 - lib/contrast/api/decorators/application_update.rb
+- lib/contrast/api/decorators/finding.rb
 - lib/contrast/api/decorators/http_request.rb
 - lib/contrast/api/decorators/input_analysis.rb
 - lib/contrast/api/decorators/instrumentation_mode.rb
@@ -990,7 +1006,9 @@ files:
 - lib/contrast/api/dtm.pb.rb
 - lib/contrast/api/settings.pb.rb
 - lib/contrast/components/agent.rb
+- lib/contrast/components/api.rb
 - lib/contrast/components/app_context.rb
+- lib/contrast/components/app_context_extend.rb
 - lib/contrast/components/assess.rb
 - lib/contrast/components/base.rb
 - lib/contrast/components/config.rb
@@ -1004,11 +1022,14 @@ files:
 - lib/contrast/components/settings.rb
 - lib/contrast/config.rb
 - lib/contrast/config/agent_configuration.rb
+- lib/contrast/config/api_configuration.rb
+- lib/contrast/config/api_proxy_configuration.rb
 - lib/contrast/config/application_configuration.rb
 - lib/contrast/config/assess_configuration.rb
 - lib/contrast/config/assess_rules_configuration.rb
 - lib/contrast/config/base_configuration.rb
-- lib/contrast/config/default_value.rb
+- lib/contrast/config/certification_configuration.rb
+- lib/contrast/config/env_variables.rb
 - lib/contrast/config/exception_configuration.rb
 - lib/contrast/config/heap_dump_configuration.rb
 - lib/contrast/config/inventory_configuration.rb
@@ -1016,6 +1037,7 @@ files:
 - lib/contrast/config/protect_configuration.rb
 - lib/contrast/config/protect_rule_configuration.rb
 - lib/contrast/config/protect_rules_configuration.rb
+- lib/contrast/config/request_audit_configuration.rb
 - lib/contrast/config/root_configuration.rb
 - lib/contrast/config/ruby_configuration.rb
 - lib/contrast/config/sampling_configuration.rb
@@ -1039,12 +1061,12 @@ files:
 - lib/contrast/extension/kernel.rb
 - lib/contrast/extension/module.rb
 - lib/contrast/extension/protect.rb
-- lib/contrast/extension/protect/kernel.rb
 - lib/contrast/extension/protect/psych.rb
 - lib/contrast/extension/thread.rb
 - lib/contrast/framework/base_support.rb
 - lib/contrast/framework/grape/support.rb
 - lib/contrast/framework/manager.rb
+- lib/contrast/framework/manager_extend.rb
 - lib/contrast/framework/platform_version.rb
 - lib/contrast/framework/rack/patch/session_cookie.rb
 - lib/contrast/framework/rack/patch/support.rb
@@ -1069,26 +1091,46 @@ files:
 - lib/contrast/security_exception.rb
 - lib/contrast/tasks/config.rb
 - lib/contrast/tasks/service.rb
+- lib/contrast/utils/assess/propagation_method_utils.rb
+- lib/contrast/utils/assess/property/tagged_utils.rb
 - lib/contrast/utils/assess/sampling_util.rb
+- lib/contrast/utils/assess/source_method_utils.rb
 - lib/contrast/utils/assess/tracking_util.rb
+- lib/contrast/utils/assess/trigger_method_utils.rb
 - lib/contrast/utils/class_util.rb
 - lib/contrast/utils/duck_utils.rb
 - lib/contrast/utils/env_configuration_item.rb
+- lib/contrast/utils/exclude_key.rb
+- lib/contrast/utils/findings.rb
 - lib/contrast/utils/hash_digest.rb
+- lib/contrast/utils/hash_digest_extend.rb
+- lib/contrast/utils/head_dump_utils_extend.rb
 - lib/contrast/utils/heap_dump_util.rb
 - lib/contrast/utils/invalid_configuration_util.rb
 - lib/contrast/utils/io_util.rb
 - lib/contrast/utils/job_servers_running.rb
+- lib/contrast/utils/log_utils.rb
 - lib/contrast/utils/lru_cache.rb
+- lib/contrast/utils/metrics_hash.rb
+- lib/contrast/utils/middleware_utils.rb
+- lib/contrast/utils/net_http_base.rb
 - lib/contrast/utils/object_share.rb
 - lib/contrast/utils/os.rb
+- lib/contrast/utils/patching/policy/patch_utils.rb
+- lib/contrast/utils/patching/policy/patcher_utils.rb
 - lib/contrast/utils/preflight_util.rb
+- lib/contrast/utils/request_utils.rb
 - lib/contrast/utils/resource_loader.rb
+- lib/contrast/utils/response_utils.rb
 - lib/contrast/utils/ruby_ast_rewriter.rb
 - lib/contrast/utils/sha256_builder.rb
 - lib/contrast/utils/stack_trace_utils.rb
 - lib/contrast/utils/string_utils.rb
+- lib/contrast/utils/substitution_utils.rb
 - lib/contrast/utils/tag_util.rb
+- lib/contrast/utils/telemetry.rb
+- lib/contrast/utils/telemetry_client.rb
+- lib/contrast/utils/telemetry_identifier.rb
 - lib/contrast/utils/thread_tracker.rb
 - lib/contrast/utils/timer.rb
 - resources/assess/policy.json

data/ext/cs__protect_kernel/cs__protect_kernel.c

@@ -1,47 +0,0 @@
-/* Copyright (c) 2021 Contrast Security, Inc.  See
- * https://www.contrastsecurity.com/enduser-terms-0317a for more details. */
-
-#include "cs__protect_kernel.h"
-#include "../cs__common/cs__common.h"
-#include <ruby.h>
-
-static VALUE contrast_protect_fork(const int argc, const VALUE *argv,
-                                   const VALUE self) {
-    VALUE ret;
-    if (rb_block_given_p()) {
-        /* We call our hook, but it's a little complicated.
-         * We wrap the fork block with our own lambda in
-         * order to instrument it.  There are no public
-         * methods in the Ruby C API to set the prevailing
-         * block, so we have to use rb_funcall_with_block.
-         * Also, rb_funcall_with_block does a public call,
-         * and our method is private.
-         * So we (as a hack) temporarily set it to public.
-         */
-        VALUE wrapper;
-        wrapper =
-            rb_funcall_with_block(kernel_protect, rb_sym_protect_kernel_wrapper,
-                                  0, NULL, rb_block_proc());
-        rb_funcall(rb_mKernel, rb_intern("public"), 1,
-                   ID2SYM(rb_sym_protect_kernel_fork));
-        ret = rb_funcall_with_block(self, rb_sym_protect_kernel_fork, argc,
-                                    argv, wrapper);
-        rb_funcall(rb_mKernel, rb_intern("private"), 1,
-                   ID2SYM(rb_sym_protect_kernel_fork));
-    } else {
-        ret = rb_funcall2(self, rb_sym_protect_kernel_fork, argc, argv);
-    }
-    return ret;
-}
-
-void Init_cs__protect_kernel(void) {
-    VALUE core_protect = rb_define_module_under(core_extensions, "Protect");
-    kernel_protect = rb_define_module_under(core_protect, "Kernel");
-    rb_sym_protect_kernel_wrapper = rb_intern("build_wrapper");
-
-    rb_sym_protect_kernel_fork =
-        contrast_register_patch("Kernel", "fork", &contrast_protect_fork);
-
-    rb_sym_protect_kernel_fork = contrast_register_singleton_patch(
-        "Kernel", "fork", &contrast_protect_fork);
-}

data/ext/cs__protect_kernel/cs__protect_kernel.h

@@ -1,12 +0,0 @@
-#include <ruby.h>
-
-extern VALUE rb_vm_top_self(void);
-
-static VALUE kernel_protect;
-static VALUE rb_sym_protect_kernel_fork;
-static VALUE rb_sym_protect_kernel_wrapper;
-
-static VALUE contrast_protect_fork(const int argc, const VALUE *argv,
-                                   const VALUE self);
-
-void Init_cs__protect_kernel(void);

data/lib/contrast/config/default_value.rb

@@ -1,17 +0,0 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-module Contrast
-  module Config
-    # This is the wrapper for the default values in the configurations, used to
-    # differentiate between nil or false defaults and things being set
-    # explicitly to false.
-    class DefaultValue
-      attr_reader :value
-
-      def initialize value
-        @value = value
-      end
-    end
-  end
-end

data/lib/contrast/extension/protect/kernel.rb

@@ -1,29 +0,0 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-module Contrast
-  module Extension
-    module Protect
-      # This Module functions as our patch into the Kernel class for Protect,
-      # allowing us to track activity as it crosses spawned processes.
-      module Kernel
-        class << self
-          def build_wrapper
-            lambda {
-              proc_start
-              yield
-              # AtExitHook handles sending any messages generated in the new forked process
-            }
-          end
-
-          def proc_start
-            context = Contrast::Agent::REQUEST_TRACKER.current
-            return unless context
-
-            context.reset_activity
-          end
-        end
-      end
-    end
-  end
-end