contrast-agent 4.13.0 → 5.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (390) hide show
  1. checksums.yaml +4 -4
  2. data/.simplecov +2 -1
  3. data/Gemfile +1 -1
  4. data/LICENSE.txt +1 -1
  5. data/Rakefile +1 -1
  6. data/exe/contrast_service +1 -1
  7. data/ext/build_funchook.rb +1 -1
  8. data/ext/cs__assess_array/cs__assess_array.c +1 -1
  9. data/ext/cs__assess_array/extconf.rb +1 -1
  10. data/ext/cs__assess_basic_object/cs__assess_basic_object.c +1 -1
  11. data/ext/cs__assess_basic_object/extconf.rb +1 -1
  12. data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
  13. data/ext/cs__assess_fiber_track/extconf.rb +1 -1
  14. data/ext/cs__assess_hash/cs__assess_hash.c +1 -1
  15. data/ext/cs__assess_hash/extconf.rb +1 -1
  16. data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -1
  17. data/ext/cs__assess_kernel/extconf.rb +1 -1
  18. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +1 -1
  19. data/ext/cs__assess_marshal_module/extconf.rb +1 -1
  20. data/ext/cs__assess_module/cs__assess_module.c +1 -1
  21. data/ext/cs__assess_module/extconf.rb +1 -1
  22. data/ext/cs__assess_regexp/cs__assess_regexp.c +1 -1
  23. data/ext/cs__assess_regexp/extconf.rb +1 -1
  24. data/ext/cs__assess_string/cs__assess_string.c +1 -1
  25. data/ext/cs__assess_string/extconf.rb +1 -1
  26. data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +1 -1
  27. data/ext/cs__assess_string_interpolation26/extconf.rb +1 -1
  28. data/ext/cs__assess_yield_track/cs__assess_yield_track.c +1 -1
  29. data/ext/cs__assess_yield_track/extconf.rb +1 -1
  30. data/ext/cs__common/cs__common.c +1 -1
  31. data/ext/cs__common/extconf.rb +1 -1
  32. data/ext/cs__contrast_patch/cs__contrast_patch.c +1 -1
  33. data/ext/cs__contrast_patch/extconf.rb +1 -1
  34. data/ext/cs__os_information/cs__os_information.c +1 -1
  35. data/ext/cs__os_information/extconf.rb +1 -1
  36. data/ext/extconf_common.rb +1 -1
  37. data/lib/contrast/agent/assess/contrast_event.rb +7 -11
  38. data/lib/contrast/agent/assess/contrast_object.rb +1 -1
  39. data/lib/contrast/agent/assess/events/event_data.rb +30 -0
  40. data/lib/contrast/agent/assess/events/event_factory.rb +14 -6
  41. data/lib/contrast/agent/assess/events/source_event.rb +22 -3
  42. data/lib/contrast/agent/assess/finalizers/freeze.rb +1 -1
  43. data/lib/contrast/agent/assess/finalizers/hash.rb +1 -1
  44. data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +7 -7
  45. data/lib/contrast/agent/assess/policy/patcher.rb +1 -35
  46. data/lib/contrast/agent/assess/policy/policy.rb +1 -1
  47. data/lib/contrast/agent/assess/policy/policy_node.rb +7 -7
  48. data/lib/contrast/agent/assess/policy/policy_scanner.rb +6 -1
  49. data/lib/contrast/agent/assess/policy/preshift.rb +1 -1
  50. data/lib/contrast/agent/assess/policy/propagation_method.rb +55 -28
  51. data/lib/contrast/agent/assess/policy/propagation_node.rb +1 -1
  52. data/lib/contrast/agent/assess/policy/propagator/append.rb +1 -1
  53. data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
  54. data/lib/contrast/agent/assess/policy/propagator/center.rb +2 -2
  55. data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
  56. data/lib/contrast/agent/assess/policy/propagator/database_write.rb +6 -2
  57. data/lib/contrast/agent/assess/policy/propagator/insert.rb +5 -2
  58. data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -1
  59. data/lib/contrast/agent/assess/policy/propagator/match_data.rb +7 -3
  60. data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -1
  61. data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -1
  62. data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +1 -1
  63. data/lib/contrast/agent/assess/policy/propagator/remove.rb +1 -1
  64. data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -1
  65. data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -1
  66. data/lib/contrast/agent/assess/policy/propagator/select.rb +3 -2
  67. data/lib/contrast/agent/assess/policy/propagator/splat.rb +1 -1
  68. data/lib/contrast/agent/assess/policy/propagator/split.rb +27 -25
  69. data/lib/contrast/agent/assess/policy/propagator/substitution.rb +3 -157
  70. data/lib/contrast/agent/assess/policy/propagator/substitution_utils.rb +190 -0
  71. data/lib/contrast/agent/assess/policy/propagator/trim.rb +9 -4
  72. data/lib/contrast/agent/assess/policy/propagator.rb +1 -1
  73. data/lib/contrast/agent/assess/policy/source_method.rb +39 -26
  74. data/lib/contrast/agent/assess/policy/source_node.rb +1 -1
  75. data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +1 -1
  76. data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +1 -1
  77. data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +7 -2
  78. data/lib/contrast/agent/assess/policy/trigger/xpath.rb +1 -1
  79. data/lib/contrast/agent/assess/policy/trigger_method.rb +68 -18
  80. data/lib/contrast/agent/assess/policy/trigger_node.rb +15 -7
  81. data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +1 -1
  82. data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
  83. data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +1 -1
  84. data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +2 -2
  85. data/lib/contrast/agent/assess/properties.rb +1 -1
  86. data/lib/contrast/agent/assess/property/evented.rb +25 -12
  87. data/lib/contrast/agent/assess/property/tagged.rb +52 -58
  88. data/lib/contrast/agent/assess/property/updated.rb +1 -1
  89. data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +1 -19
  90. data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +1 -13
  91. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +42 -60
  92. data/lib/contrast/agent/assess/rule/provider.rb +1 -1
  93. data/lib/contrast/agent/assess/rule/response/autocomplete_rule.rb +130 -0
  94. data/lib/contrast/agent/assess/rule/response/base_rule.rb +117 -0
  95. data/lib/contrast/agent/assess/tag.rb +1 -1
  96. data/lib/contrast/agent/assess/tracker.rb +1 -1
  97. data/lib/contrast/agent/assess.rb +1 -2
  98. data/lib/contrast/agent/at_exit_hook.rb +1 -1
  99. data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +13 -8
  100. data/lib/contrast/agent/deadzone/policy/policy.rb +1 -1
  101. data/lib/contrast/agent/disable_reaction.rb +1 -1
  102. data/lib/contrast/agent/exclusion_matcher.rb +1 -1
  103. data/lib/contrast/agent/inventory/database_config.rb +115 -77
  104. data/lib/contrast/agent/inventory/dependencies.rb +1 -1
  105. data/lib/contrast/agent/inventory/dependency_analysis.rb +1 -1
  106. data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +3 -3
  107. data/lib/contrast/agent/inventory/policy/datastores.rb +1 -1
  108. data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
  109. data/lib/contrast/agent/inventory/policy/trigger_node.rb +1 -1
  110. data/lib/contrast/agent/inventory.rb +1 -1
  111. data/lib/contrast/agent/metric_telemetry_event.rb +3 -3
  112. data/lib/contrast/agent/middleware.rb +8 -77
  113. data/lib/contrast/agent/module_data.rb +1 -1
  114. data/lib/contrast/agent/patching/policy/after_load_patch.rb +1 -1
  115. data/lib/contrast/agent/patching/policy/after_load_patcher.rb +1 -1
  116. data/lib/contrast/agent/patching/policy/method_policy.rb +31 -104
  117. data/lib/contrast/agent/patching/policy/method_policy_extend.rb +113 -0
  118. data/lib/contrast/agent/patching/policy/module_policy.rb +1 -1
  119. data/lib/contrast/agent/patching/policy/patch.rb +1 -1
  120. data/lib/contrast/agent/patching/policy/patch_status.rb +2 -26
  121. data/lib/contrast/agent/patching/policy/patcher.rb +13 -13
  122. data/lib/contrast/agent/patching/policy/policy.rb +1 -1
  123. data/lib/contrast/agent/patching/policy/policy_node.rb +1 -1
  124. data/lib/contrast/agent/patching/policy/trigger_node.rb +1 -1
  125. data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +1 -1
  126. data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +1 -1
  127. data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +1 -1
  128. data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +1 -1
  129. data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +1 -1
  130. data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +1 -1
  131. data/lib/contrast/agent/protect/policy/policy.rb +1 -1
  132. data/lib/contrast/agent/protect/policy/rule_applicator.rb +1 -1
  133. data/lib/contrast/agent/protect/policy/trigger_node.rb +1 -1
  134. data/lib/contrast/agent/protect/rule/base.rb +1 -1
  135. data/lib/contrast/agent/protect/rule/base_service.rb +1 -1
  136. data/lib/contrast/agent/protect/rule/cmd_injection.rb +1 -1
  137. data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
  138. data/lib/contrast/agent/protect/rule/deserialization.rb +1 -1
  139. data/lib/contrast/agent/protect/rule/http_method_tampering.rb +1 -1
  140. data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +1 -1
  141. data/lib/contrast/agent/protect/rule/no_sqli.rb +1 -1
  142. data/lib/contrast/agent/protect/rule/path_traversal.rb +1 -1
  143. data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +1 -1
  144. data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
  145. data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
  146. data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -2
  147. data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
  148. data/lib/contrast/agent/protect/rule/sqli.rb +1 -1
  149. data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +1 -1
  150. data/lib/contrast/agent/protect/rule/xss.rb +1 -1
  151. data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +1 -1
  152. data/lib/contrast/agent/protect/rule/xxe.rb +1 -1
  153. data/lib/contrast/agent/protect/rule.rb +1 -1
  154. data/lib/contrast/agent/reaction_processor.rb +1 -1
  155. data/lib/contrast/agent/reporting/report.rb +27 -0
  156. data/lib/contrast/agent/reporting/reporter.rb +115 -0
  157. data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +49 -0
  158. data/lib/contrast/agent/reporting/reporting_events/application_update.rb +82 -0
  159. data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +80 -0
  160. data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +59 -0
  161. data/lib/contrast/agent/reporting/reporting_events/finding.rb +185 -0
  162. data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +264 -0
  163. data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +57 -0
  164. data/lib/contrast/agent/reporting/reporting_events/finding_object.rb +90 -0
  165. data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +121 -0
  166. data/lib/contrast/agent/reporting/reporting_events/finding_signature.rb +105 -0
  167. data/lib/contrast/agent/reporting/reporting_events/finding_stack.rb +67 -0
  168. data/lib/contrast/agent/reporting/reporting_events/finding_taint_range.rb +58 -0
  169. data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +93 -0
  170. data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +50 -0
  171. data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +54 -0
  172. data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +66 -0
  173. data/lib/contrast/agent/reporting/reporting_events/preflight.rb +39 -0
  174. data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +75 -0
  175. data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +47 -0
  176. data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +76 -0
  177. data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +66 -0
  178. data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +65 -0
  179. data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +52 -0
  180. data/lib/contrast/agent/reporting/reporting_events/trace_event_source.rb +30 -0
  181. data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +137 -0
  182. data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +67 -0
  183. data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +165 -0
  184. data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +55 -0
  185. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +86 -0
  186. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +154 -0
  187. data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +66 -0
  188. data/lib/contrast/agent/reporting/reporting_utilities/response.rb +30 -0
  189. data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +57 -0
  190. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +196 -0
  191. data/lib/contrast/agent/reporting/settings/application_settings.rb +67 -0
  192. data/lib/contrast/agent/reporting/settings/assess.rb +45 -0
  193. data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +136 -0
  194. data/lib/contrast/agent/reporting/settings/exclusions.rb +123 -0
  195. data/lib/contrast/agent/reporting/settings/protect.rb +89 -0
  196. data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +243 -0
  197. data/lib/contrast/agent/reporting/settings/reaction.rb +30 -0
  198. data/lib/contrast/agent/reporting/settings/server_features.rb +78 -0
  199. data/lib/contrast/agent/request.rb +46 -84
  200. data/lib/contrast/agent/request_context.rb +20 -131
  201. data/lib/contrast/agent/request_context_extend.rb +163 -0
  202. data/lib/contrast/agent/request_handler.rb +41 -5
  203. data/lib/contrast/agent/response.rb +25 -88
  204. data/lib/contrast/agent/rule_set.rb +1 -1
  205. data/lib/contrast/agent/scope.rb +1 -1
  206. data/lib/contrast/agent/service_heartbeat.rb +1 -1
  207. data/lib/contrast/agent/startup_metrics_telemetry_event.rb +73 -23
  208. data/lib/contrast/agent/static_analysis.rb +14 -4
  209. data/lib/contrast/agent/telemetry.rb +16 -8
  210. data/lib/contrast/agent/telemetry_event.rb +9 -10
  211. data/lib/contrast/agent/thread.rb +1 -1
  212. data/lib/contrast/agent/thread_watcher.rb +32 -6
  213. data/lib/contrast/agent/tracepoint_hook.rb +1 -4
  214. data/lib/contrast/agent/version.rb +2 -2
  215. data/lib/contrast/agent/worker_thread.rb +1 -1
  216. data/lib/contrast/agent.rb +16 -1
  217. data/lib/contrast/api/communication/connection_status.rb +11 -8
  218. data/lib/contrast/api/communication/messaging_queue.rb +38 -4
  219. data/lib/contrast/api/communication/response_processor.rb +22 -11
  220. data/lib/contrast/api/communication/service_lifecycle.rb +14 -4
  221. data/lib/contrast/api/communication/socket.rb +7 -9
  222. data/lib/contrast/api/communication/socket_client.rb +33 -13
  223. data/lib/contrast/api/communication/speedracer.rb +38 -2
  224. data/lib/contrast/api/communication/tcp_socket.rb +5 -4
  225. data/lib/contrast/api/communication/unix_socket.rb +2 -1
  226. data/lib/contrast/api/communication.rb +1 -1
  227. data/lib/contrast/api/decorators/address.rb +1 -1
  228. data/lib/contrast/api/decorators/agent_startup.rb +1 -1
  229. data/lib/contrast/api/decorators/application_settings.rb +1 -1
  230. data/lib/contrast/api/decorators/application_startup.rb +1 -1
  231. data/lib/contrast/api/decorators/application_update.rb +1 -1
  232. data/lib/contrast/api/decorators/architecture_component.rb +36 -0
  233. data/lib/contrast/api/decorators/finding.rb +29 -0
  234. data/lib/contrast/api/decorators/http_request.rb +3 -2
  235. data/lib/contrast/api/decorators/input_analysis.rb +1 -1
  236. data/lib/contrast/api/decorators/instrumentation_mode.rb +1 -1
  237. data/lib/contrast/api/decorators/library.rb +1 -1
  238. data/lib/contrast/api/decorators/library_usage_update.rb +1 -1
  239. data/lib/contrast/api/decorators/message.rb +1 -1
  240. data/lib/contrast/api/decorators/rasp_rule_sample.rb +1 -1
  241. data/lib/contrast/api/decorators/route_coverage.rb +1 -1
  242. data/lib/contrast/api/decorators/server_features.rb +1 -1
  243. data/lib/contrast/api/decorators/trace_event.rb +1 -1
  244. data/lib/contrast/api/decorators/trace_event_object.rb +1 -1
  245. data/lib/contrast/api/decorators/trace_event_signature.rb +1 -1
  246. data/lib/contrast/api/decorators/trace_taint_range.rb +1 -1
  247. data/lib/contrast/api/decorators/trace_taint_range_tags.rb +1 -1
  248. data/lib/contrast/api/decorators/user_input.rb +1 -1
  249. data/lib/contrast/api/decorators.rb +2 -1
  250. data/lib/contrast/api.rb +1 -1
  251. data/lib/contrast/components/agent.rb +5 -24
  252. data/lib/contrast/components/api.rb +67 -2
  253. data/lib/contrast/components/app_context.rb +12 -66
  254. data/lib/contrast/components/app_context_extend.rb +78 -0
  255. data/lib/contrast/components/assess.rb +12 -8
  256. data/lib/contrast/components/base.rb +24 -1
  257. data/lib/contrast/components/config.rb +38 -23
  258. data/lib/contrast/components/contrast_service.rb +6 -1
  259. data/lib/contrast/components/heap_dump.rb +1 -1
  260. data/lib/contrast/components/inventory.rb +5 -1
  261. data/lib/contrast/components/logger.rb +1 -1
  262. data/lib/contrast/components/protect.rb +6 -2
  263. data/lib/contrast/components/sampling.rb +3 -3
  264. data/lib/contrast/components/scope.rb +1 -1
  265. data/lib/contrast/components/settings.rb +25 -12
  266. data/lib/contrast/config/agent_configuration.rb +2 -2
  267. data/lib/contrast/config/api_configuration.rb +9 -4
  268. data/lib/contrast/config/api_proxy_configuration.rb +14 -0
  269. data/lib/contrast/config/application_configuration.rb +3 -4
  270. data/lib/contrast/config/assess_configuration.rb +4 -4
  271. data/lib/contrast/config/assess_rules_configuration.rb +1 -1
  272. data/lib/contrast/config/base_configuration.rb +18 -29
  273. data/lib/contrast/config/certification_configuration.rb +15 -0
  274. data/lib/contrast/config/env_variables.rb +3 -10
  275. data/lib/contrast/config/exception_configuration.rb +1 -1
  276. data/lib/contrast/config/heap_dump_configuration.rb +7 -7
  277. data/lib/contrast/config/inventory_configuration.rb +2 -6
  278. data/lib/contrast/config/logger_configuration.rb +1 -1
  279. data/lib/contrast/config/protect_configuration.rb +1 -1
  280. data/lib/contrast/config/protect_rule_configuration.rb +2 -2
  281. data/lib/contrast/config/protect_rules_configuration.rb +1 -1
  282. data/lib/contrast/config/request_audit_configuration.rb +18 -0
  283. data/lib/contrast/config/root_configuration.rb +1 -1
  284. data/lib/contrast/config/ruby_configuration.rb +10 -7
  285. data/lib/contrast/config/sampling_configuration.rb +1 -1
  286. data/lib/contrast/config/server_configuration.rb +1 -1
  287. data/lib/contrast/config/service_configuration.rb +2 -3
  288. data/lib/contrast/config.rb +1 -2
  289. data/lib/contrast/configuration.rb +2 -3
  290. data/lib/contrast/extension/assess/array.rb +9 -9
  291. data/lib/contrast/extension/assess/erb.rb +15 -5
  292. data/lib/contrast/extension/assess/eval_trigger.rb +3 -1
  293. data/lib/contrast/extension/assess/exec_trigger.rb +2 -1
  294. data/lib/contrast/extension/assess/fiber.rb +6 -3
  295. data/lib/contrast/extension/assess/hash.rb +1 -1
  296. data/lib/contrast/extension/assess/kernel.rb +8 -3
  297. data/lib/contrast/extension/assess/marshal.rb +6 -2
  298. data/lib/contrast/extension/assess/regexp.rb +8 -2
  299. data/lib/contrast/extension/assess/string.rb +8 -2
  300. data/lib/contrast/extension/assess.rb +1 -1
  301. data/lib/contrast/extension/delegator.rb +1 -1
  302. data/lib/contrast/extension/extension.rb +2 -4
  303. data/lib/contrast/extension/inventory.rb +1 -1
  304. data/lib/contrast/extension/kernel.rb +1 -1
  305. data/lib/contrast/extension/module.rb +1 -1
  306. data/lib/contrast/extension/protect/psych.rb +1 -1
  307. data/lib/contrast/extension/protect.rb +1 -1
  308. data/lib/contrast/extension/thread.rb +32 -13
  309. data/lib/contrast/framework/base_support.rb +5 -1
  310. data/lib/contrast/framework/grape/support.rb +25 -1
  311. data/lib/contrast/framework/manager.rb +33 -36
  312. data/lib/contrast/framework/manager_extend.rb +50 -0
  313. data/lib/contrast/framework/platform_version.rb +1 -1
  314. data/lib/contrast/framework/rack/patch/session_cookie.rb +1 -1
  315. data/lib/contrast/framework/rack/patch/support.rb +1 -1
  316. data/lib/contrast/framework/rack/support.rb +1 -1
  317. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
  318. data/lib/contrast/framework/rails/patch/assess_configuration.rb +1 -1
  319. data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +1 -1
  320. data/lib/contrast/framework/rails/patch/support.rb +1 -1
  321. data/lib/contrast/framework/rails/railtie.rb +2 -2
  322. data/lib/contrast/framework/rails/support.rb +46 -2
  323. data/lib/contrast/framework/sinatra/support.rb +26 -3
  324. data/lib/contrast/funchook/funchook.rb +21 -18
  325. data/lib/contrast/logger/application.rb +1 -1
  326. data/lib/contrast/logger/format.rb +1 -1
  327. data/lib/contrast/logger/log.rb +9 -104
  328. data/lib/contrast/logger/request.rb +1 -1
  329. data/lib/contrast/logger/time.rb +1 -1
  330. data/lib/contrast/security_exception.rb +1 -1
  331. data/lib/contrast/tasks/config.rb +1 -1
  332. data/lib/contrast/tasks/service.rb +1 -1
  333. data/lib/contrast/utils/assess/propagation_method_utils.rb +1 -1
  334. data/lib/contrast/utils/assess/property/tagged_utils.rb +24 -1
  335. data/lib/contrast/utils/assess/sampling_util.rb +4 -4
  336. data/lib/contrast/utils/assess/source_method_utils.rb +1 -1
  337. data/lib/contrast/utils/assess/split_utils.rb +23 -0
  338. data/lib/contrast/utils/assess/tracking_util.rb +21 -16
  339. data/lib/contrast/utils/assess/trigger_method_utils.rb +4 -3
  340. data/lib/contrast/utils/class_util.rb +19 -15
  341. data/lib/contrast/utils/duck_utils.rb +1 -1
  342. data/lib/contrast/utils/env_configuration_item.rb +2 -2
  343. data/lib/contrast/utils/exclude_key.rb +1 -1
  344. data/lib/contrast/utils/findings.rb +65 -0
  345. data/lib/contrast/utils/hash_digest.rb +46 -79
  346. data/lib/contrast/utils/hash_digest_extend.rb +129 -0
  347. data/lib/contrast/utils/head_dump_utils_extend.rb +74 -0
  348. data/lib/contrast/utils/heap_dump_util.rb +3 -66
  349. data/lib/contrast/utils/invalid_configuration_util.rb +32 -2
  350. data/lib/contrast/utils/io_util.rb +2 -2
  351. data/lib/contrast/utils/job_servers_running.rb +1 -1
  352. data/lib/contrast/utils/log_utils.rb +108 -0
  353. data/lib/contrast/utils/lru_cache.rb +1 -1
  354. data/lib/contrast/utils/metrics_hash.rb +2 -2
  355. data/lib/contrast/utils/middleware_utils.rb +87 -0
  356. data/lib/contrast/utils/net_http_base.rb +165 -0
  357. data/lib/contrast/utils/object_share.rb +2 -6
  358. data/lib/contrast/utils/os.rb +9 -5
  359. data/lib/contrast/utils/patching/policy/patch_utils.rb +63 -99
  360. data/lib/contrast/utils/patching/policy/patcher_utils.rb +1 -1
  361. data/lib/contrast/utils/preflight_util.rb +1 -1
  362. data/lib/contrast/utils/request_utils.rb +96 -0
  363. data/lib/contrast/utils/resource_loader.rb +1 -1
  364. data/lib/contrast/utils/response_utils.rb +97 -0
  365. data/lib/contrast/utils/sha256_builder.rb +1 -1
  366. data/lib/contrast/utils/stack_trace_utils.rb +1 -1
  367. data/lib/contrast/utils/string_utils.rb +69 -67
  368. data/lib/contrast/utils/tag_util.rb +11 -10
  369. data/lib/contrast/utils/telemetry.rb +11 -10
  370. data/lib/contrast/utils/telemetry_client.rb +90 -0
  371. data/lib/contrast/utils/telemetry_identifier.rb +18 -25
  372. data/lib/contrast/utils/thread_tracker.rb +1 -1
  373. data/lib/contrast/utils/timer.rb +1 -1
  374. data/lib/contrast-agent.rb +1 -1
  375. data/lib/contrast.rb +1 -1
  376. data/ruby-agent.gemspec +9 -10
  377. metadata +102 -49
  378. data/ext/cs__assess_active_record_named/cs__active_record_named.c +0 -46
  379. data/ext/cs__assess_active_record_named/cs__active_record_named.h +0 -11
  380. data/ext/cs__assess_active_record_named/extconf.rb +0 -5
  381. data/lib/contrast/agent/assess/policy/rewriter_patch.rb +0 -95
  382. data/lib/contrast/agent/class_reopener.rb +0 -258
  383. data/lib/contrast/agent/rewriter.rb +0 -259
  384. data/lib/contrast/config/default_value.rb +0 -17
  385. data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +0 -37
  386. data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +0 -41
  387. data/lib/contrast/framework/rails/rewrite/active_record_named.rb +0 -75
  388. data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +0 -35
  389. data/lib/contrast/utils/requests_client.rb +0 -150
  390. data/lib/contrast/utils/ruby_ast_rewriter.rb +0 -82
@@ -0,0 +1,196 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ module Contrast
5
+ module Agent
6
+ module Reporting
7
+ # This module holds utilities required by the reporting service response handler
8
+ module ResponseHandlerUtils
9
+ ANALYZE_WHEN = '200'
10
+ SLEEP_WHEN = %w[401 408 500].cs__freeze
11
+
12
+ private
13
+
14
+ # check if response code is valid before analyze it
15
+ #
16
+ # @param response_code [Integer]
17
+ # @return [Boolean]
18
+ def analyze_response_code? response_code
19
+ # 200 Successful recording of the server record on the database. FeatureSet successfully returned
20
+ # 401:
21
+ # If any authentication errors occur. Agents should enter a suspended mode
22
+ # (no reporting) and attempt to reconnect in 15 minutes.
23
+ # 408:
24
+ # If the FeatureSet from TeamServer cannot be constructed in time.
25
+ # Agents should enter a suspended mode (no reporting) and attempt to reconnect in 15 minutes.
26
+ # 500:
27
+ # If any server error occurs. Agents should enter a suspended mode
28
+ # (no reporting) and attempt to reconnect in 15 minutes.
29
+ # 204, 304
30
+ # Successful update of the server record on the database.
31
+ # No FeatureSet update since the last time an activity was sent.
32
+ @_sleep = true if SLEEP_WHEN.include? response_code
33
+ return true if ANALYZE_WHEN.include? response_code
34
+
35
+ false
36
+ end
37
+
38
+ # Applies the settings from the TS response
39
+ #
40
+ # @param response [Contrast::Agent::Reporting::Response]
41
+ def update_agent_settings response
42
+ if response.server_features
43
+ log_file = response.server_features.log_file
44
+ log_level = response.server_features.log_level
45
+ Contrast::Logger::Log.instance.update(log_file, log_level) if log_file && log_level
46
+ Contrast::SETTINGS.update_from_server_features(response)
47
+ end
48
+ Contrast::SETTINGS.update_from_application_settings(response) if response.application_settings
49
+ end
50
+
51
+ # Process the given Reactions from the application settings based on what
52
+ # TeamServer has indicated. Each Reaction will result in a log message
53
+ # and, optionally, an action.
54
+ #
55
+ # @param response [Contrast::Agent::Reporting::Response]
56
+ def update_reaction response
57
+ return unless response.application_settings.reactions.any?
58
+
59
+ response.application_settings.reactions.each do |reaction|
60
+ # The enums are all uppercase, we need to downcase them before attempting to log.
61
+ level = if reaction.level.nil?
62
+ :error
63
+ else
64
+ reaction.level.downcase
65
+ end
66
+
67
+ logger.with_level(level, reaction.message) if reaction.message
68
+
69
+ case reaction.operation
70
+ when Contrast::Agent::Reporting::Settings::Reaction::OPERATIONS.second
71
+ # DISABLED
72
+ Contrast::Agent::DisableReaction.run reaction, level
73
+ when Contrast::Agent::Reporting::Settings::Reaction::OPERATIONS.first
74
+ # NOOP
75
+ else
76
+ logger.warn('ReactionProcessor received a reaction with an unknown operation',
77
+ operation: reaction.operation)
78
+ end
79
+ end
80
+ end
81
+
82
+ # Converts response from Net to Reporting Response object
83
+ #
84
+ # @param response [Net::HTTP::Response, nil]
85
+ # @return response [Contrast::Agent::Reporting::Response]
86
+ def convert_response response
87
+ response_body = response&.body
88
+ return unless response_body
89
+
90
+ response_data = JSON.parse(response_body)
91
+ return unless response_data.cs__is_a?(Hash)
92
+
93
+ response_data = response_data.deep_symbolize_keys
94
+ # check if response contains application settings or Feature settings
95
+ if response_data[:settings]
96
+ # the response contains ApplicationSettings
97
+ logger.trace('Agent: Received updated application settings')
98
+ build_application_settings response_data
99
+ else
100
+ # the response contains FeatureSettings
101
+ logger.trace('Agent: Received updated server features')
102
+ build_feature_settings response_data
103
+ end
104
+ rescue StandardError => e
105
+ logger.error('Unable to convert response', e)
106
+ nil
107
+ end
108
+
109
+ # @param response_data [Hash]
110
+ # @return res [Contrast::Agent::Reporting::Response]
111
+ def build_application_settings response_data
112
+ res = Contrast::Agent::Reporting::Response.new
113
+ extract_assess response_data, res
114
+ extract_protect response_data, res
115
+ extract_exclusions response_data, res
116
+ extract_reactions response_data, res
117
+ res
118
+ end
119
+
120
+ # @param response_data [Hash]
121
+ # @return res [Contrast::Agent::Reporting::Response]
122
+ def build_feature_settings response_data
123
+ res = Contrast::Agent::Reporting::Response.new
124
+ extract_assess_server_features response_data, res
125
+ extract_protect_server_features response_data, res
126
+ extract_protect_lists response_data, res
127
+ res.server_features.log_level = response_data[:logLevel]
128
+ res.server_features.log_file = response_data[:logFile]
129
+ res.server_features.telemetry = response_data[:telemetry]
130
+ res
131
+ end
132
+
133
+ # @param response_data [Hash]
134
+ # @return res [Contrast::Agent::Reporting::Response]
135
+ def extract_assess response_data, res
136
+ assessments = response_data[:settings][:assessment]
137
+ res.application_settings.assess.disabled_rules = assessments[:disabledRules]
138
+ res.application_settings.assess.session_id = assessments[:session_id]
139
+ end
140
+
141
+ # @param response_data [Hash]
142
+ # @return res [Contrast::Agent::Reporting::Response]
143
+ def extract_protect response_data, res
144
+ protect = response_data[:settings][:defend]
145
+ res.application_settings.protect.protection_rules = protect[:protectionRules]
146
+ res.application_settings.protect.virtual_patches = protect[:virtualPatches]
147
+ end
148
+
149
+ # @param response_data [Hash]
150
+ # @return res [Contrast::Agent::Reporting::Response]
151
+ def extract_exclusions response_data, res
152
+ exclusions = response_data[:settings][:exceptions]
153
+ res.application_settings.exclusions.code_exclusions = exclusions[:codeExceptions]
154
+ res.application_settings.exclusions.input_exclusions = exclusions[:inputExceptions]
155
+ res.application_settings.exclusions.url_exclusions = exclusions[:urlExceptions]
156
+ end
157
+
158
+ # @param response_data [Hash]
159
+ # @return res [Contrast::Agent::Reporting::Response]
160
+ def extract_reactions response_data, res
161
+ res.application_settings.reactions = response_data[:settings][:reactions]
162
+ end
163
+
164
+ # @param response_data [Hash]
165
+ # @return res [Contrast::Agent::Reporting::Response]
166
+ def extract_assess_server_features response_data, res
167
+ assess = response_data[:assessment]
168
+ res.server_features.assess.enabled = assess[:enabled]
169
+ res.server_features.assess.disabled_rules = assess[:disabledRules]
170
+ res.server_features.assess.sampling = assess[:sampling]
171
+ res.server_features.assess.sanitizers = assess[:sanitizers]
172
+ res.server_features.assess.validators = assess[:validators]
173
+ end
174
+
175
+ # @param response_data [Hash]
176
+ # @return res [Contrast::Agent::Reporting::Response]
177
+ def extract_protect_server_features response_data, res
178
+ protect = response_data[:defend]
179
+ res.server_features.protect.enabled = protect[:enabled]
180
+ res.server_features.protect.bot_blocker = protect[:bot_blocker]
181
+ res.server_features.protect.syslog = protect[:syslog]
182
+ end
183
+
184
+ # @param response_data [Hash]
185
+ # @return res [Contrast::Agent::Reporting::Response]
186
+ def extract_protect_lists response_data, res
187
+ protect = response_data[:defend]
188
+ res.server_features.protect.ip_allowlist = protect[:ipAllowlist]
189
+ res.server_features.protect.ip_denylist = protect[:ipDenyList]
190
+ res.server_features.protect.log_enchancers = protect[:logEnhancers]
191
+ res.server_features.protect.rule_definition_list = protect[:ruleDefinitionList]
192
+ end
193
+ end
194
+ end
195
+ end
196
+ end
@@ -0,0 +1,67 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/settings/assess'
5
+ require 'contrast/agent/reporting/settings/protect'
6
+ require 'contrast/agent/reporting/settings/exclusions'
7
+ require 'contrast/agent/reporting/settings/reaction'
8
+
9
+ module Contrast
10
+ module Agent
11
+ module Reporting
12
+ # This module will hold all the settings from the TS responce
13
+ module Settings
14
+ # All of the settings from TeamServer that apply at the application level.
15
+ # At least one, but not necessarily all, setting will differ from the agent's current set.
16
+ # Agents are able to replace all application settings with those in this message.
17
+ class ApplicationSettings
18
+ # Application level settings for the Assess featureset
19
+ #
20
+ # @return assess [Contrast::Agent::Reporting::Settings::Assess]
21
+ def assess
22
+ @_assess ||= Contrast::Agent::Reporting::Settings::Assess.new
23
+ end
24
+
25
+ # Application level settings for the Protect featureset
26
+ #
27
+ # @return protect [Contrast::Agent::Reporting::Settings::Protect]
28
+ def protect
29
+ @_protect ||= Contrast::Agent::Reporting::Settings::Protect.new
30
+ end
31
+
32
+ # Array of all the exclusions
33
+ #
34
+ # @return exclusions [Contrast::Agent::Reporting::Settings::Exclusions]
35
+ def exclusions
36
+ @_exclusions ||= Contrast::Agent::Reporting::Settings::Exclusions.new
37
+ end
38
+
39
+ # Reaction the agent should take based on a state in TS.
40
+ #
41
+ # @return [Array<Contrast::Agent::Reporting::Settings::Reaction>, nil]
42
+ def reactions
43
+ @_reactions
44
+ end
45
+
46
+ # Set the reaction
47
+ #
48
+ # @param reactions [Array<Reaction>] {
49
+ # level [String] The level at which the agent should log this reaction.
50
+ # [ERROR, WARN, INFO, DEBUG, TRACE]
51
+ # message [String] A message to log when receiving this reaction.
52
+ # operation [String] What to do in response to this reaction.[NOOP, DISABLE] }
53
+ # @return [Array<Contrast::Agent::Reporting::Settings::Reaction>]
54
+ def reactions= reactions
55
+ return unless reactions.is_a? Array
56
+
57
+ @_reactions = []
58
+ reactions.each do |r|
59
+ reaction = Contrast::Agent::Reporting::Settings::Reaction.new(r[:level], r[:operation], r[:message])
60
+ @_reactions << reaction
61
+ end
62
+ end
63
+ end
64
+ end
65
+ end
66
+ end
67
+ end
@@ -0,0 +1,45 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/utils/object_share'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ # This module will hold all the settings from the TS responce
10
+ module Settings
11
+ # Application level settings for the Assess featureset.
12
+ class Assess
13
+ # Assess rules to disable for this application.
14
+ #
15
+ # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
16
+ def disabled_rules
17
+ @_disabled_rules ||= []
18
+ end
19
+
20
+ # @param disabled_rules [Array] with AssessRuleID strings
21
+ # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
22
+ def disabled_rules= disabled_rules
23
+ @_disabled_rules = disabled_rules if disabled_rules.is_a? Array
24
+ end
25
+
26
+ # The id of a session on TeamServer under which this session of this application should report
27
+ # Overrides that set by application.session_id (should match if provided).
28
+ #
29
+ # @return session_id [String]
30
+ def session_id
31
+ @_session_id ||= Contrast::Utils::ObjectShare::EMPTY_STRING
32
+ end
33
+
34
+ # Set the session_id
35
+ #
36
+ # @param session_id [String]
37
+ # @return session_id [String]
38
+ def session_id= session_id
39
+ @_session_id = session_id if session_id.is_a? String
40
+ end
41
+ end
42
+ end
43
+ end
44
+ end
45
+ end
@@ -0,0 +1,136 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/utils/object_share'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ # This module will hold all the settings from the TS responce
10
+ module Settings
11
+ # Application level settings for the Assess featureset.
12
+ # Used for the FeatureSet TS response
13
+ class AssessServerFeature
14
+ # Assess rules to disable for this application.
15
+ #
16
+ # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
17
+ def disabled_rules
18
+ @_disabled_rules ||= []
19
+ end
20
+
21
+ # @param disabled_rules [Array<AssessRuleID>] with AssessRuleID strings
22
+ # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
23
+ def disabled_rules= disabled_rules
24
+ @_disabled_rules = disabled_rules if disabled_rules.is_a? Array
25
+ end
26
+
27
+ # Indicate if the assess feature set is enabled for this server or not.
28
+ #
29
+ # @return enabled [Boolean]
30
+ def enabled?
31
+ @_enabled
32
+ end
33
+
34
+ # Set the enabled
35
+ #
36
+ # @param enabled [Boolean]
37
+ # @return enabled [Boolean]
38
+ def enabled= enabled
39
+ @_enabled = enabled if !!enabled == enabled
40
+ end
41
+
42
+ # Used to control the sampling feature in the agent.
43
+ #
44
+ # @return sampling [Hash<AssessSampling>] Hash of AssessSampling: {
45
+ # baseline [Integer] The number of baseline requests to take before switching to sampling
46
+ # for the window.
47
+ # enabled [Boolean] If the sampling feature should be used or not.
48
+ # frequency [Integer] The number of requests to skip before observing during the sampling
49
+ # window after the baseline.
50
+ # responseFrequency [Integer]
51
+ # window [Integer]
52
+ # }
53
+ def sampling
54
+ @_sampling ||= {}
55
+ end
56
+
57
+ # set sampling
58
+ #
59
+ # @param sampling [Hash<AssessSampling>] Hash of AssessSampling: {
60
+ # baseline [Integer] The number of baseline requests to take before switching to sampling
61
+ # for the window.
62
+ # enabled [Boolean] If the sampling feature should be used or not.
63
+ # frequency [Integer] The number of requests to skip before observing during the sampling
64
+ # window after the baseline.
65
+ # responseFrequency [Integer]
66
+ # window [Integer]
67
+ # }
68
+ # @return sampling [Hash<AssessSampling>] Hash of AssessSampling: {
69
+ # baseline [Integer] The number of baseline requests to take before switching to sampling
70
+ # for the window.
71
+ # enabled [Boolean] If the sampling feature should be used or not.
72
+ # frequency [Integer] The number of requests to skip before observing during the sampling
73
+ # window after the baseline.
74
+ # responseFrequency [Integer]
75
+ # window [Integer]
76
+ # }
77
+ def sampling= sampling
78
+ @_sampling = sampling if sampling.is_a? Hash
79
+ end
80
+
81
+ # The sanitizers defined by the user for use by the agent on this server for this organization.
82
+ #
83
+ # @return sanitizers [Array<AssessCustomRules>] AssessCustomRules
84
+ # Api [String], Rules [Array[RulesID]]
85
+ # tags [Array[String]]
86
+ # uuid [String]
87
+ def sanitizers
88
+ @_sanitizers ||= []
89
+ end
90
+
91
+ # set sanitizer
92
+ #
93
+ # @param sanitizers [Array<AssessCustomRules>] of AssessCustomRule: {
94
+ # Api [String], Rules [Array[RulesID]]
95
+ # tags [Array[String]]
96
+ # uuid [String]
97
+ # }
98
+ # @return sanitizers [Array<AssessCustomRules>] AssessCustomRules
99
+ # Api [String], Rules [Array[RulesID]]
100
+ # tags [Array[String]]
101
+ # uuid [String]
102
+ def sanitizers= sanitizers
103
+ @_sanitizers = sanitizers if sanitizers.is_a? Array
104
+ end
105
+
106
+ # The validators defined by the user for use by the agent on this server for this organization.
107
+ #
108
+ # @return validators [Array<AssessCustomRules>] of AssessCustomRule: {
109
+ # Api [String], Rules [Array[RulesID]]
110
+ # tags [Array[String]]
111
+ # uuid [String]
112
+ # }
113
+ def validators
114
+ @_validators ||= []
115
+ end
116
+
117
+ # The validators defined by the user for use by the agent on this server for this organization.
118
+ #
119
+ # @param validators [Array<AssessCustomRules>] of AssessCustomRule: {
120
+ # Api [String], Rules [Array[RulesID]]
121
+ # tags [Array[String]]
122
+ # uuid [String]
123
+ # }
124
+ # @return validators [Array<AssessCustomRules>] of AssessCustomRule: {
125
+ # Api [String], Rules [Array[RulesID]]
126
+ # tags [Array[String]]
127
+ # uuid [String]
128
+ # }
129
+ def validators= validators
130
+ @_validators = validators if validators.is_a? Array
131
+ end
132
+ end
133
+ end
134
+ end
135
+ end
136
+ end
@@ -0,0 +1,123 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ module Contrast
5
+ module Agent
6
+ module Reporting
7
+ # This module will hold all the settings from the TS responce
8
+ module Settings
9
+ # Application level settings for the Exclusions featureset
10
+ # (ApplicationStartupSettingsExclusions)
11
+ class Exclusions
12
+ # Cases where rules should be excluded if violated in a method call
13
+ #
14
+ # @return code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
15
+ # name [String] The name of the exclusion as defined by the user in TS.
16
+ # modes [String] If this exclusion applies to assess or protect. [assess, defend]
17
+ # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
18
+ # denylist [String] The call, if in the stack, should result in the agent not taking action.
19
+ # }
20
+ def code_exclusions
21
+ @_code_exclusions ||= []
22
+ end
23
+
24
+ # set the CodeExclusions array
25
+ #
26
+ # @param code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
27
+ # name [String] The name of the exclusion as defined by the user in TS.
28
+ # modes [String] If this exclusion applies to assess or protect. [assess, defend]
29
+ # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
30
+ # denylist [String] The call, if in the stack, should result in the agent not taking action.
31
+ # }
32
+ # @return code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
33
+ # name [String] The name of the exclusion as defined by the user in TS.
34
+ # modes [String] If this exclusion applies to assess or protect. [assess, defend]
35
+ # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
36
+ # denylist [String] The call, if in the stack, should result in the agent not taking action.
37
+ # }
38
+ def code_exclusions= code_exclusions
39
+ @_code_exclusions = code_exclusions if code_exclusions.is_a? Array
40
+ end
41
+
42
+ # Cases where rules should be excluded if violated from a given input.
43
+ #
44
+ # @return input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
45
+ # name [String] The name of the input.
46
+ # modes [String] If this exclusion applies to assess or protect. [assess, defend]
47
+ # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
48
+ # protect_rules [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
49
+ # urls [Array] Array of URLs to which the exclusions apply. URL [String]
50
+ # match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
51
+ # type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
52
+ # }
53
+ def input_exclusions
54
+ @_input_exclusions ||= []
55
+ end
56
+
57
+ # set the InputExclusions array
58
+ #
59
+ # @param input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
60
+ # name [String] The name of the input.
61
+ # modes [String] If this exclusion applies to assess or protect. [assess, defend]
62
+ # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
63
+ # protect_rules [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
64
+ # urls [Array] Array of URLs to which the exclusions apply. URL [String]
65
+ # match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
66
+ # type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
67
+ # }
68
+ # @return input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
69
+ # name [String] The name of the input.
70
+ # modes [String] If this exclusion applies to assess or protect. [assess, defend]
71
+ # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
72
+ # protect_rules [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
73
+ # urls [Array] Array of URLs to which the exclusions apply. URL [String]
74
+ # match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
75
+ # type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
76
+ # }
77
+ def input_exclusions= input_exclusions
78
+ @_input_exclusions = input_exclusions if input_exclusions.is_a? Array
79
+ end
80
+
81
+ # A case where rules should be excluded if violated during a call to a given URL.
82
+ #
83
+ # @return url_exclusions [Array<UrlExclusions>] Array of UrlExclusions: {
84
+ # name [String] The name of the input.
85
+ # modes [String] If this exclusion applies to assess or protect. [assess, defend]
86
+ # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
87
+ # protect_rules [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
88
+ # urls [Array] Array of URLs to which the exclusions apply. URL [String]
89
+ # match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
90
+ # type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
91
+ # }
92
+ def url_exclusions
93
+ @_url_exclusions ||= []
94
+ end
95
+
96
+ # set the UrlExclusions array
97
+ #
98
+ # @param url_exclusions [Array] Array of UrlExclusions: {
99
+ # name [String] The name of the input.
100
+ # modes [String] If this exclusion applies to assess or protect. [assess, defend]
101
+ # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
102
+ # protect_rules [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
103
+ # urls [Array] Array of URLs to which the exclusions apply. URL [String]
104
+ # match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
105
+ # type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
106
+ # }
107
+ # @return url_exclusions [Array<UrlExclusions>] Array of UrlExclusions: {
108
+ # name [String] The name of the input.
109
+ # modes [String] If this exclusion applies to assess or protect. [assess, defend]
110
+ # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
111
+ # protect_rules [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
112
+ # urls [Array] Array of URLs to which the exclusions apply. URL [String]
113
+ # match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
114
+ # type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
115
+ # }
116
+ def url_exclusions= url_exclusions
117
+ @_url_exclusions = url_exclusions if url_exclusions.is_a? Array
118
+ end
119
+ end
120
+ end
121
+ end
122
+ end
123
+ end
@@ -0,0 +1,89 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/utils/object_share'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ # This module will hold all the settings from the TS responce
10
+ module Settings
11
+ # Application level settings for the Protect featureset
12
+ class Protect
13
+ # block at perimeter needs to be check against the blockAtEntry boolean value
14
+ PROTECT_RULES_MODE = %w[OFF BLOCKING MONITORING].cs__freeze
15
+ # The settings for each protect rule for this application
16
+ #
17
+ # @return protection_rules [Array<protectRule>] protectRule: {
18
+ # blockAtEntry [Boolean] If in block mode, to block at perimeter or not.
19
+ # id [String] The id of a rule in Contrast.
20
+ # mode [String] The mode that this rule should run in. [OFF, MONITORING, BLOCKING] }
21
+ def protection_rules
22
+ @_protection_rules ||= []
23
+ end
24
+
25
+ # Set the protection_rules array
26
+ #
27
+ # @param protection_rules [Array<protectRule>] protectRule: {
28
+ # blockAtEntry [Boolean] If in block mode, to block at perimeter or not.
29
+ # id [String] The id of a rule in Contrast.
30
+ # mode [String] The mode that this rule should run in. [OFF, MONITORING, BLOCKING] }
31
+ # @return protection_rules [Array<protectRule>] protectRule: {
32
+ # blockAtEntry [Boolean] If in block mode, to block at perimeter or not.
33
+ # id [String] The id of a rule in Contrast.
34
+ # mode [String] The mode that this rule should run in. [OFF, MONITORING, BLOCKING] }
35
+ def protection_rules= protection_rules
36
+ @_protection_rules = protection_rules if protection_rules.is_a? Array
37
+ end
38
+
39
+ # The virtual patches to apply for this application
40
+ #
41
+ # @return virtual_patches [Array<VirtualPatch>] Array of VirtualPatch: {
42
+ # name [String] The name of the Virtual Patch
43
+ # headers [Array] The headers that must be present in the request to result in the request being blocked
44
+ # parameters [Array] The parameters that must be present in the request
45
+ # to result in the request being blocked.
46
+ # urls [Array] The urls that must be present in the request to result in the request being blocked.
47
+ # uuids [String] The UUID of the Virtual Patch }
48
+ def virtual_patches
49
+ @_virtual_patches ||= []
50
+ end
51
+
52
+ # Set the virtual patches array
53
+ #
54
+ # @param virtual_patches [Array<VirtualPatch>] Array of VirtualPatch: {
55
+ # name [String] The name of the Virtual Patch
56
+ # headers [Array] The headers that must be present in the request to result in the request being blocked
57
+ # parameters [Array] The parameters that must be present in the request
58
+ # to result in the request being blocked.
59
+ # urls [Array] The urls that must be present in the request to result in the request being blocked.
60
+ # uuids [String] The UUID of the Virtual Patch }
61
+ # @return virtual_patches [Array<VirtualPatch>] Array of VirtualPatch: {
62
+ # name [String] The name of the Virtual Patch
63
+ # headers [Array] The headers that must be present in the request to result in the request being blocked
64
+ # parameters [Array] The parameters that must be present in the request
65
+ # to result in the request being blocked.
66
+ # urls [Array] The urls that must be present in the request to result in the request being blocked.
67
+ # uuids [String] The UUID of the Virtual Patch }
68
+ def virtual_patches= virtual_patches
69
+ @_virtual_patches = virtual_patches if virtual_patches.is_a? Array
70
+ end
71
+
72
+ # Converts settings into Agent Settings understandable hash {RULE_ID => MODE}
73
+ #
74
+ # @return rules [Hash<RULE_ID => MODE>, nil] Hash with rule_id as key and mode as value
75
+ def protection_rules_to_settings_hash
76
+ return if protection_rules.empty?
77
+
78
+ modes_by_id = {}
79
+ protection_rules.each do |rule|
80
+ PROTECT_RULES_MODE.include? rule[:mode]
81
+ modes_by_id[rule[:id]] = rule[:mode]
82
+ end
83
+ modes_by_id
84
+ end
85
+ end
86
+ end
87
+ end
88
+ end
89
+ end