RubyGems - contrast-agent - Versions diffs - 4.12.0 → 4.14.1 - Mend

contrast-agent 4.12.0 → 4.14.1

Files changed (131) hide show

checksums.yaml +4 -4
data/.simplecov +1 -0
data/ext/cs__assess_module/cs__assess_module.c +48 -0
data/ext/cs__assess_module/cs__assess_module.h +7 -0
data/ext/cs__common/cs__common.c +5 -0
data/ext/cs__common/cs__common.h +8 -0
data/ext/cs__contrast_patch/cs__contrast_patch.c +16 -1
data/ext/cs__os_information/cs__os_information.c +31 -0
data/ext/cs__os_information/cs__os_information.h +7 -0
data/ext/cs__os_information/extconf.rb +5 -0
data/lib/contrast/agent/assess/policy/policy_node.rb +6 -6
data/lib/contrast/agent/assess/policy/policy_scanner.rb +5 -0
data/lib/contrast/agent/assess/policy/propagation_method.rb +2 -116
data/lib/contrast/agent/assess/policy/propagation_node.rb +4 -4
data/lib/contrast/agent/assess/policy/propagator/center.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +2 -154
data/lib/contrast/agent/assess/policy/source_method.rb +2 -71
data/lib/contrast/agent/assess/policy/trigger_method.rb +45 -110
data/lib/contrast/agent/assess/policy/trigger_node.rb +14 -6
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +1 -1
data/lib/contrast/agent/assess/property/tagged.rb +53 -185
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +40 -6
data/lib/contrast/agent/deadzone/policy/policy.rb +1 -1
data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +1 -0
data/lib/contrast/agent/metric_telemetry_event.rb +26 -0
data/lib/contrast/agent/middleware.rb +14 -62
data/lib/contrast/agent/patching/policy/method_policy.rb +3 -89
data/lib/contrast/agent/patching/policy/method_policy_extend.rb +111 -0
data/lib/contrast/agent/patching/policy/patch.rb +28 -235
data/lib/contrast/agent/patching/policy/patcher.rb +14 -49
data/lib/contrast/agent/reporting/report.rb +21 -0
data/lib/contrast/agent/reporting/reporter.rb +142 -0
data/lib/contrast/agent/reporting/reporting_events/finding.rb +90 -0
data/lib/contrast/agent/reporting/reporting_events/preflight.rb +25 -0
data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +56 -0
data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +37 -0
data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +127 -0
data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +168 -0
data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +66 -0
data/lib/contrast/agent/request.rb +2 -81
data/lib/contrast/agent/request_context.rb +4 -128
data/lib/contrast/agent/request_context_extend.rb +138 -0
data/lib/contrast/agent/request_handler.rb +7 -3
data/lib/contrast/agent/response.rb +2 -73
data/lib/contrast/agent/startup_metrics_telemetry_event.rb +94 -0
data/lib/contrast/agent/static_analysis.rb +5 -3
data/lib/contrast/agent/telemetry.rb +137 -0
data/lib/contrast/agent/telemetry_event.rb +33 -0
data/lib/contrast/agent/thread_watcher.rb +66 -11
data/lib/contrast/agent/version.rb +1 -1
data/lib/contrast/agent.rb +21 -0
data/lib/contrast/api/communication/connection_status.rb +10 -7
data/lib/contrast/api/communication/messaging_queue.rb +37 -3
data/lib/contrast/api/communication/response_processor.rb +15 -8
data/lib/contrast/api/communication/service_lifecycle.rb +13 -3
data/lib/contrast/api/communication/socket.rb +6 -8
data/lib/contrast/api/communication/socket_client.rb +29 -12
data/lib/contrast/api/communication/speedracer.rb +37 -1
data/lib/contrast/api/communication/tcp_socket.rb +4 -3
data/lib/contrast/api/communication/unix_socket.rb +1 -0
data/lib/contrast/api/decorators/finding.rb +45 -0
data/lib/contrast/components/api.rb +90 -0
data/lib/contrast/components/app_context.rb +10 -41
data/lib/contrast/components/app_context_extend.rb +78 -0
data/lib/contrast/components/base.rb +23 -0
data/lib/contrast/components/config.rb +92 -13
data/lib/contrast/components/contrast_service.rb +11 -0
data/lib/contrast/components/sampling.rb +2 -2
data/lib/contrast/config/agent_configuration.rb +1 -1
data/lib/contrast/config/api_configuration.rb +27 -0
data/lib/contrast/config/api_proxy_configuration.rb +14 -0
data/lib/contrast/config/application_configuration.rb +2 -3
data/lib/contrast/config/assess_configuration.rb +3 -3
data/lib/contrast/config/base_configuration.rb +17 -28
data/lib/contrast/config/certification_configuration.rb +15 -0
data/lib/contrast/config/env_variables.rb +18 -0
data/lib/contrast/config/heap_dump_configuration.rb +6 -6
data/lib/contrast/config/inventory_configuration.rb +1 -5
data/lib/contrast/config/protect_rule_configuration.rb +1 -1
data/lib/contrast/config/request_audit_configuration.rb +18 -0
data/lib/contrast/config/root_configuration.rb +1 -0
data/lib/contrast/config/ruby_configuration.rb +6 -6
data/lib/contrast/config/service_configuration.rb +2 -2
data/lib/contrast/config.rb +1 -1
data/lib/contrast/configuration.rb +4 -2
data/lib/contrast/extension/assess/array.rb +5 -7
data/lib/contrast/extension/thread.rb +31 -12
data/lib/contrast/framework/manager.rb +22 -44
data/lib/contrast/framework/manager_extend.rb +50 -0
data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +9 -6
data/lib/contrast/framework/rails/patch/support.rb +31 -29
data/lib/contrast/framework/rails/railtie.rb +1 -1
data/lib/contrast/framework/sinatra/support.rb +2 -1
data/lib/contrast/logger/application.rb +4 -0
data/lib/contrast/logger/log.rb +8 -103
data/lib/contrast/utils/assess/propagation_method_utils.rb +129 -0
data/lib/contrast/utils/assess/property/tagged_utils.rb +165 -0
data/lib/contrast/utils/assess/source_method_utils.rb +83 -0
data/lib/contrast/utils/assess/tracking_util.rb +20 -15
data/lib/contrast/utils/assess/trigger_method_utils.rb +138 -0
data/lib/contrast/utils/class_util.rb +18 -14
data/lib/contrast/utils/exclude_key.rb +20 -0
data/lib/contrast/utils/findings.rb +62 -0
data/lib/contrast/utils/hash_digest.rb +10 -73
data/lib/contrast/utils/hash_digest_extend.rb +86 -0
data/lib/contrast/utils/head_dump_utils_extend.rb +74 -0
data/lib/contrast/utils/heap_dump_util.rb +2 -65
data/lib/contrast/utils/invalid_configuration_util.rb +29 -0
data/lib/contrast/utils/io_util.rb +1 -1
data/lib/contrast/utils/log_utils.rb +108 -0
data/lib/contrast/utils/metrics_hash.rb +59 -0
data/lib/contrast/utils/middleware_utils.rb +87 -0
data/lib/contrast/utils/net_http_base.rb +158 -0
data/lib/contrast/utils/object_share.rb +1 -0
data/lib/contrast/utils/os.rb +23 -0
data/lib/contrast/utils/patching/policy/patch_utils.rb +232 -0
data/lib/contrast/utils/patching/policy/patcher_utils.rb +54 -0
data/lib/contrast/utils/request_utils.rb +88 -0
data/lib/contrast/utils/response_utils.rb +97 -0
data/lib/contrast/utils/substitution_utils.rb +167 -0
data/lib/contrast/utils/tag_util.rb +9 -9
data/lib/contrast/utils/telemetry.rb +79 -0
data/lib/contrast/utils/telemetry_client.rb +90 -0
data/lib/contrast/utils/telemetry_identifier.rb +130 -0
data/lib/contrast.rb +18 -0
data/ruby-agent.gemspec +7 -6
data/service_executables/VERSION +1 -1
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +69 -22
data/lib/contrast/config/default_value.rb +0 -17

data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb CHANGED Viewed

@@ -4,6 +4,7 @@
 require 'contrast/agent/assess/policy/trigger_method'
 require 'contrast/components/logger'
 require 'contrast/extension/module'
+require 'contrast/agent/reporting/report'
 module Contrast
   module Agent
@@ -66,7 +67,8 @@ module Contrast
                 # if it looks like a placeholder / pointer to a config, skip it
                 next unless value_passes?(value)
-                build_finding(clazz, constant_string)
+                new_finding_and_reporting clazz, constant_string
+                build_finding clazz, constant_string
               end
             end
@@ -138,7 +140,8 @@ module Contrast
               # sort. We leave it to each rule to properly handle these nodes.
               return unless value_node_passes?(value)
-              build_finding(mod, name)
+              new_finding_and_reporting mod, name
+              build_finding mod, name
             end
             # Constants can be set as frozen directly. We need to account for
@@ -161,6 +164,14 @@ module Contrast
             def build_finding clazz, constant_string
               class_name = clazz.cs__name
+              finding = assign_finding class_name, constant_string
+              Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding)
+            rescue StandardError => e
+              logger.error('Unable to build a finding for Hardcoded Rule', e)
+              nil
+            end
+            def assign_finding class_name, constant_string
               finding = Contrast::Api::Dtm::Finding.new
               finding.rule_id = Contrast::Utils::StringUtils.protobuf_safe_string(rule_id)
               finding.version = Contrast::Agent::Assess::Policy::TriggerMethod::CURRENT_FINDING_VERSION
@@ -173,10 +184,33 @@ module Contrast
               hash = Contrast::Utils::HashDigest.generate_class_scanning_hash(finding)
               finding.hash_code = Contrast::Utils::StringUtils.protobuf_safe_string(hash)
               finding.preflight = Contrast::Utils::PreflightUtil.create_preflight(finding)
-              Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding)
-            rescue StandardError => e
-              logger.error('Unable to build a finding for Hardcoded Rule', e)
-              nil
+              finding
+            end
+            def new_finding_and_reporting clazz, constant_string
+              return unless Contrast::Agent::Reporter.enabled?
+              # sent to reporter
+              # and add logger message for the report of the preflight
+              new_preflight = Contrast::Agent::Reporting::Preflight.new
+              new_preflight_message = Contrast::Agent::Reporting::PreflightMessage.new
+              new_preflight_message.hash_code = hash
+              new_preflight_message.data = "#{ rule_id },#{ hash }"
+              new_preflight.messages << new_preflight_message
+              # extract to new method
+              # here we will generate new type of finding
+              ruby_finding = Contrast::Agent::Reporting::Finding.new rule_id
+              ruby_finding.hash_code = hash
+              ruby_finding.properties[SOURCE_KEY] = clazz.cs__name
+              ruby_finding.properties[CONSTANT_NAME_KEY] = constant_string
+              ruby_finding.properties[CODE_SOURCE_KEY] = constant_string + redacted_marker
+              save_and_report_finding ruby_finding, new_preflight
+            end
+            def save_and_report_finding ruby_finding, new_preflight
+              Contrast::Agent::Reporting::ReportingStorage[hash] = ruby_finding
+              Contrast::Agent.reporter_queue.send_event_immediately(new_preflight)
             end
           end
         end

data/lib/contrast/agent/deadzone/policy/policy.rb CHANGED Viewed

@@ -38,7 +38,7 @@ module Contrast
           def validate
             return if class_name
-            raise(ArgumentError, "#{ @node_class } #{ id } did not have a proper class name. Unable to create.")
+            raise(ArgumentError, "#{ node_class } #{ id } did not have a proper class name. Unable to create.")
           end
           def module_names

data/lib/contrast/agent/inventory/dependency_usage_analysis.rb CHANGED Viewed

@@ -71,6 +71,7 @@ module Contrast
         # Populate the library_usages field of the Activity message using the data stored in the @gemdigest_cache.
         #
+        # TODO: RUBY-1355
         # @param activity [Contrast::Api::Dtm::Activity] the message to which to append the usage data
         def generate_library_usage activity
           return unless enabled?

data/lib/contrast/agent/metric_telemetry_event.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/utils/metrics_hash'
+require 'contrast/agent/telemetry_event'
+module Contrast
+  module Agent
+    # This class will hold the basic information for a Telemetry Event
+    class MetricTelemetryEvent < Contrast::Agent::TelemetryEvent
+      include Contrast::Utils
+      attr_reader :fields
+      def initialize
+        super
+        @fields = MetricsHash.new(Numeric)
+        @fields['_filler'] = 0
+      end
+      def to_hash **_args
+        super.merge!({ fields: @fields })
+      end
+    end
+  end
+end

data/lib/contrast/agent/middleware.rb CHANGED Viewed

@@ -10,8 +10,11 @@ require 'contrast/utils/object_share'
 require 'contrast/components/logger'
 require 'contrast/components/scope'
 require 'contrast/utils/heap_dump_util'
+require 'contrast/utils/telemetry'
 require 'contrast/agent/request_handler'
 require 'contrast/agent/static_analysis'
+require 'contrast/agent/startup_metrics_telemetry_event'
+require 'contrast/utils/middleware_utils'
 require 'contrast/utils/timer'
@@ -23,6 +26,7 @@ module Contrast
     class Middleware
       include Contrast::Components::Logger::InstanceMethods
       include Contrast::Components::Scope::InstanceMethods
+      include Contrast::Utils::MiddlewareUtils
       attr_reader :app
@@ -64,21 +68,6 @@ module Contrast
       private
-      def setup_agent
-        ::Contrast::SETTINGS.reset_state
-        inform_deprecations
-        if ::Contrast::CONFIG.invalid?
-          ::Contrast::AGENT.disable!
-          logger.error('!!! CONFIG FILE IS INVALID - DISABLING CONTRAST AGENT !!!')
-        elsif ::Contrast::AGENT.disabled?
-          logger.warn('Contrast disabled by configuration. Continuing without instrumentation.')
-        else
-          ::Contrast::AGENT.enable!
-        end
-      end
       # Startup the Agent as part of the initialization process:
       # - start the service sending thread, responsible for sending and processing messages
       # - start the heartbeat thread, which triggers service startup
@@ -89,6 +78,13 @@ module Contrast
           Contrast::Agent.thread_watcher.ensure_running?
         end
+        if Contrast::Agent::Telemetry.enabled?
+          logger.debug_with_time('middleware: sending startup metrics telemetry event') do
+            event = Contrast::Agent::StartupMetricsTelemetryEvent.new
+            Contrast::Agent.thread_watcher.telemetry_queue.send_event(event)
+          end
+        end
         logger.debug_with_time('middleware: instrument shared libraries and patch') do
           Contrast::Agent::Patching::Policy::Patcher.patch
         end
@@ -165,6 +161,9 @@ module Contrast
         with_contrast_scope do
           context.extract_after(response) # update context with final response information
+          # Build and report all collected findings prior response
+          Contrast::Agent::FINDINGS.report_collected_findings unless Contrast::Agent::FINDINGS.collection.empty?
           if Contrast::Agent.framework_manager.streaming?(env)
             context.reset_activity
             request_handler.stream_safe_postfilter
@@ -178,53 +177,6 @@ module Contrast
         logger.error('Unable to execute agent post_call', e)
       end
-      def application_code env
-        logger.trace_with_time('application') do
-          app.call(env)
-        end
-      rescue Contrast::SecurityException => e
-        logger.trace('Security Exception raised during application lifecycle to prevent an attack', e)
-        raise e
-      end
-      SECURITY_EXCEPTION_MARKER = 'Contrast::SecurityException'
-      # We're only going to suppress SecurityExceptions indicating a blocked attack. And, only if the
-      # config.agent.ruby.exceptions.capture? is set
-      def handle_exception exception
-        if security_exception?(exception)
-          exception_control = ::Contrast::AGENT.exception_control
-          raise exception unless exception_control[:enable]
-          [exception_control[:status], {}, [exception_control[:message]]]
-        else
-          logger.debug('Re-throwing original error', exception)
-          raise exception
-        end
-      end
-      # Is the given exception one raised by our Protect code?
-      #
-      # @param exception [Exception]
-      # @return [Boolean]
-      def security_exception? exception
-        exception.is_a?(Contrast::SecurityException) || exception.message&.include?(SECURITY_EXCEPTION_MARKER)
-      end
-      # As we deprecate support to prepare to remove dead code, we need to inform our users still relying on the now
-      # deprecated and soon to be removed functionality. This method handles doing that by leveraging the standard
-      # Kernel#warn approach
-      def inform_deprecations
-        # Ruby 2.5 is currently in security maintenance, meaning int is only receiving updates for security issues. It
-        # will move to eol on 31 March 2021. As such, we can remove support for it in Q3. We'll begin the deprecation
-        # warnings now so that customers have time to reach out if they'll be impacted.
-        # TODO: RUBY-715 remove this part of the method, leaving it empty if there are no other deprecations, when we
-        #   drop 2.5 support.
-        return unless RUBY_VERSION < '2.6.0'
-        Kernel.warn('[Contrast Security] [DEPRECATION] Support for Ruby 2.5 will be removed in April 2021. '\
-                    'Please contact Customer Support prior if you require continued support.')
-      end
     end
   end
 end

data/lib/contrast/agent/patching/policy/method_policy.rb CHANGED Viewed

@@ -1,12 +1,15 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+require 'contrast/agent/patching/policy/method_policy_extend'
 module Contrast
   module Agent
     module Patching
       module Policy
         # This class is used to map each method to the trigger node that applies to it
         class MethodPolicy
+          extend Contrast::Agent::Patching::Policy::MethodPolicyExtend
           attr_reader   :deadzone_node, :inventory_node, :propagation_node, :protect_node, :trigger_node
           attr_accessor :source_node, :method_name, :method_visibility, :instance_method
@@ -60,95 +63,6 @@ module Contrast
             # defined by #nodes.
             @_method_scopes ||= nodes.flat_map(&:method_scope).tap(&:compact!).tap(&:uniq!)
           end
-          class << self
-            # Given a Contrast::Agent::Patching::Policy::ModulePolicy, parse
-            # out its information for the given method in order to construct a
-            # Contrast::Agent::Patching::Policy::MethodPolicy
-            #
-            # @param method_name [Symbol] the name of the method for this policy
-            # @param module_policy [Contrast::Agent::Patching::Policy::ModulePolicy]
-            #   the entire policy for this module
-            # @param instance_method [Boolean] true if this method is an
-            #   instance method
-            # @return [Contrast::Agent::Patching::Policy::MethodPolicy]
-            def build_method_policy method_name, module_policy, instance_method
-              source_node =      find_method_node(module_policy.source_nodes, method_name, instance_method)
-              propagation_node = find_method_node(module_policy.propagator_nodes, method_name, instance_method)
-              trigger_node =     find_method_node(module_policy.trigger_nodes, method_name, instance_method)
-              protect_node =     find_method_node(module_policy.protect_nodes, method_name, instance_method)
-              inventory_node =   find_method_node(module_policy.inventory_nodes, method_name, instance_method)
-              deadzone_node =    find_method_node(module_policy.deadzone_nodes, method_name, instance_method)
-              method_visibility = find_visibility(source_node, propagation_node, trigger_node, protect_node,
-                                                  inventory_node, deadzone_node)
-              method_policy = MethodPolicy.new(method_name: method_name,
-                                               method_visibility: method_visibility,
-                                               instance_method: instance_method,
-                                               source_node: source_node,
-                                               propagation_node: propagation_node,
-                                               trigger_node: trigger_node,
-                                               protect_node: protect_node,
-                                               inventory_node: inventory_node,
-                                               deadzone_node: deadzone_node)
-              return method_policy unless check_method_policy_nodes_empty? source_node, propagation_node, trigger_node,
-                                                                           protect_node, inventory_node, deadzone_node
-              create_new_node(module_policy, method_policy) if module_policy.deadzone_nodes&.any?
-              method_policy
-            end
-            def find_method_node nodes, method_name, is_instance_method
-              return unless nodes
-              nodes.find do |node|
-                node.instance_method? == is_instance_method && node.method_name == method_name
-              end
-            end
-            def find_visibility *nodes
-              nodes.find { |node| node }&.method_visibility
-            end
-            def check_method_policy_nodes_empty?(source_node, propagation_node, trigger_node, protect_node,
-                                                 inventory_node, deadzone_node)
-              return false unless source_node.nil? && propagation_node.nil? && trigger_node.nil? && protect_node.nil? &&
-                  inventory_node.nil? && deadzone_node.nil?
-              true
-            end
-            private
-            def create_new_node module_policy, method_policy
-              return if module_policy.deadzone_nodes.empty?
-              module_policy.deadzone_nodes.map do |node|
-                next unless node.method_name.nil?
-                klass = Module.cs__const_get(node.class_name)
-                next unless it_defined? klass, method_policy.method_name
-                new_node = {}
-                new_node['instance_method'] = method_policy.instance_method
-                new_node['method_visibility'] =
-                  klass.private_method_defined?(method_policy.method_name) ? 'private' : 'public'
-                new_node['method_name'] = method_policy.method_name
-                new_node['class_name'] = node.class_name
-                new_node = Contrast::Agent::Deadzone::Policy::DeadzoneNode.new(new_node)
-                method_policy.instance_variable_set(:@method_visibility, new_node.method_visibility)
-                method_policy.instance_variable_set(:@deadzone_node, new_node)
-                module_policy.deadzone_nodes << new_node
-                break unless method_policy.deadzone_node.nil?
-              end
-            end
-            def it_defined? klass, method_name
-              klass.instance_methods(false).include?(method_name) ||
-                  klass.private_instance_methods(false).include?(method_name) ||
-                  klass.singleton_methods(false).include?(method_name)
-            end
-          end
         end
       end
     end

data/lib/contrast/agent/patching/policy/method_policy_extend.rb ADDED Viewed

@@ -0,0 +1,111 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+module Contrast
+  module Agent
+    module Patching
+      module Policy
+        # This class is used to map each method to the trigger node that applies to it
+        module MethodPolicyExtend
+          # Given a Contrast::Agent::Patching::Policy::ModulePolicy, parse
+          # out its information for the given method in order to construct a
+          # Contrast::Agent::Patching::Policy::MethodPolicy
+          #
+          # @param method_name [Symbol] the name of the method for this policy
+          # @param module_policy [Contrast::Agent::Patching::Policy::ModulePolicy]
+          #   the entire policy for this module
+          # @param instance_method [Boolean] true if this method is an
+          #   instance method
+          # @return [Contrast::Agent::Patching::Policy::MethodPolicy]
+          def build_method_policy method_name, module_policy, instance_method
+            source_node =      find_method_node(module_policy.source_nodes, method_name, instance_method)
+            propagation_node = find_method_node(module_policy.propagator_nodes, method_name, instance_method)
+            trigger_node =     find_method_node(module_policy.trigger_nodes, method_name, instance_method)
+            protect_node =     find_method_node(module_policy.protect_nodes, method_name, instance_method)
+            inventory_node =   find_method_node(module_policy.inventory_nodes, method_name, instance_method)
+            deadzone_node =    find_method_node(module_policy.deadzone_nodes, method_name, instance_method)
+            method_visibility = find_visibility(source_node, propagation_node, trigger_node, protect_node,
+                                                inventory_node, deadzone_node)
+            method_policy = MethodPolicy.new(method_name: method_name,
+                                             method_visibility: method_visibility,
+                                             instance_method: instance_method,
+                                             source_node: source_node,
+                                             propagation_node: propagation_node,
+                                             trigger_node: trigger_node,
+                                             protect_node: protect_node,
+                                             inventory_node: inventory_node,
+                                             deadzone_node: deadzone_node)
+            return method_policy unless check_method_policy_nodes_empty? source_node, propagation_node, trigger_node,
+                                                                         protect_node, inventory_node, deadzone_node
+            create_new_node(module_policy, method_policy) if module_policy.deadzone_nodes&.any?
+            method_policy
+          end
+          def find_method_node nodes, method_name, is_instance_method
+            return unless nodes
+            nodes.find do |node|
+              node.instance_method? == is_instance_method && node.method_name == method_name
+            end
+          end
+          def find_visibility *nodes
+            nodes.find { |node| node }&.method_visibility
+          end
+          def check_method_policy_nodes_empty?(source_node, propagation_node, trigger_node, protect_node,
+                                               inventory_node, deadzone_node)
+            return false unless source_node.nil? && propagation_node.nil? && trigger_node.nil? && protect_node.nil? &&
+                inventory_node.nil? && deadzone_node.nil?
+            true
+          end
+          private
+          def create_new_node module_policy, method_policy
+            return if module_policy.deadzone_nodes.empty?
+            module_policy.deadzone_nodes.map do |node|
+              next unless node.method_name.nil?
+              klass = Module.cs__const_get(node.class_name)
+              next unless it_defined? klass, method_policy.method_name
+              new_node = set_new_node method_policy, klass, node
+              method_policy.instance_variable_set(:@method_visibility, new_node.method_visibility)
+              method_policy.instance_variable_set(:@deadzone_node, node)
+              module_policy.deadzone_nodes << new_node
+              break unless method_policy.deadzone_node.nil?
+            end
+          end
+          # Helper method for creating new node
+          #
+          # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
+          #   used to map each method to the trigger node that applies to it
+          # @param klass [String] classname
+          # @param node [Contrast::Agent::Patching::Policy::PolicyNode]
+          # @return @_set_new_node [Contrast::Agent::Deadzone::Policy::DeadzoneNode]
+          def set_new_node method_policy, klass, node
+            new_node = {}
+            new_node['instance_method'] = method_policy.instance_method
+            new_node['method_visibility'] =
+              klass.private_method_defined?(method_policy.method_name) ? 'private' : 'public'
+            new_node['method_name'] = method_policy.method_name
+            new_node['class_name'] = node.class_name
+            @_set_new_node = Contrast::Agent::Deadzone::Policy::DeadzoneNode.new(new_node)
+          end
+          def it_defined? klass, method_name
+            klass.instance_methods(false).include?(method_name) ||
+                klass.private_instance_methods(false).include?(method_name) ||
+                klass.singleton_methods(false).include?(method_name)
+          end
+        end
+      end
+    end
+  end
+end