contrast-agent 4.13.1 → 4.14.0

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 4.13.1
+  version: 4.14.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-11-19 00:00:00.000000000 Z
+date: 2021-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -147,70 +147,70 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.13.0
+        version: 1.22.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.13.0
+        version: 1.22.3
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.11.0
+        version: 1.12.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.11.0
+        version: 1.12.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.9.1
+        version: 2.12.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.9.1
+        version: 2.12.4
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.5.1
+        version: 0.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.5.1
+        version: 0.6.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.2.0
+        version: 2.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.2.0
+        version: 2.6.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -617,20 +617,20 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_fiber_track/extconf.rb
-- ext/cs__os_information/extconf.rb
+- ext/cs__assess_basic_object/extconf.rb
+- ext/cs__assess_string/extconf.rb
+- ext/cs__assess_hash/extconf.rb
+- ext/cs__assess_module/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
 - ext/cs__assess_array/extconf.rb
 - ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
-- ext/cs__assess_regexp/extconf.rb
+- ext/cs__os_information/extconf.rb
 - ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__assess_module/extconf.rb
-- ext/cs__assess_hash/extconf.rb
+- ext/cs__assess_fiber_track/extconf.rb
+- ext/cs__assess_string_interpolation26/extconf.rb
 - ext/cs__assess_active_record_named/extconf.rb
+- ext/cs__assess_regexp/extconf.rb
 - ext/cs__assess_yield_track/extconf.rb
-- ext/cs__assess_string/extconf.rb
-- ext/cs__assess_basic_object/extconf.rb
-- ext/cs__assess_string_interpolation26/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -904,6 +904,7 @@ files:
 - lib/contrast/agent/patching/policy/after_load_patch.rb
 - lib/contrast/agent/patching/policy/after_load_patcher.rb
 - lib/contrast/agent/patching/policy/method_policy.rb
+- lib/contrast/agent/patching/policy/method_policy_extend.rb
 - lib/contrast/agent/patching/policy/module_policy.rb
 - lib/contrast/agent/patching/policy/patch.rb
 - lib/contrast/agent/patching/policy/patch_status.rb
@@ -941,8 +942,18 @@ files:
 - lib/contrast/agent/protect/rule/xxe.rb
 - lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb
 - lib/contrast/agent/reaction_processor.rb
+- lib/contrast/agent/reporting/report.rb
+- lib/contrast/agent/reporting/reporter.rb
+- lib/contrast/agent/reporting/reporting_events/finding.rb
+- lib/contrast/agent/reporting/reporting_events/preflight.rb
+- lib/contrast/agent/reporting/reporting_events/preflight_message.rb
+- lib/contrast/agent/reporting/reporting_events/reporting_event.rb
+- lib/contrast/agent/reporting/reporting_utilities/audit.rb
+- lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb
+- lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb
 - lib/contrast/agent/request.rb
 - lib/contrast/agent/request_context.rb
+- lib/contrast/agent/request_context_extend.rb
 - lib/contrast/agent/request_handler.rb
 - lib/contrast/agent/response.rb
 - lib/contrast/agent/rewriter.rb
@@ -976,6 +987,7 @@ files:
 - lib/contrast/api/decorators/application_settings.rb
 - lib/contrast/api/decorators/application_startup.rb
 - lib/contrast/api/decorators/application_update.rb
+- lib/contrast/api/decorators/finding.rb
 - lib/contrast/api/decorators/http_request.rb
 - lib/contrast/api/decorators/input_analysis.rb
 - lib/contrast/api/decorators/instrumentation_mode.rb
@@ -996,6 +1008,7 @@ files:
 - lib/contrast/components/agent.rb
 - lib/contrast/components/api.rb
 - lib/contrast/components/app_context.rb
+- lib/contrast/components/app_context_extend.rb
 - lib/contrast/components/assess.rb
 - lib/contrast/components/base.rb
 - lib/contrast/components/config.rb
@@ -1010,11 +1023,12 @@ files:
 - lib/contrast/config.rb
 - lib/contrast/config/agent_configuration.rb
 - lib/contrast/config/api_configuration.rb
+- lib/contrast/config/api_proxy_configuration.rb
 - lib/contrast/config/application_configuration.rb
 - lib/contrast/config/assess_configuration.rb
 - lib/contrast/config/assess_rules_configuration.rb
 - lib/contrast/config/base_configuration.rb
-- lib/contrast/config/default_value.rb
+- lib/contrast/config/certification_configuration.rb
 - lib/contrast/config/env_variables.rb
 - lib/contrast/config/exception_configuration.rb
 - lib/contrast/config/heap_dump_configuration.rb
@@ -1023,6 +1037,7 @@ files:
 - lib/contrast/config/protect_configuration.rb
 - lib/contrast/config/protect_rule_configuration.rb
 - lib/contrast/config/protect_rules_configuration.rb
+- lib/contrast/config/request_audit_configuration.rb
 - lib/contrast/config/root_configuration.rb
 - lib/contrast/config/ruby_configuration.rb
 - lib/contrast/config/sampling_configuration.rb
@@ -1051,6 +1066,7 @@ files:
 - lib/contrast/framework/base_support.rb
 - lib/contrast/framework/grape/support.rb
 - lib/contrast/framework/manager.rb
+- lib/contrast/framework/manager_extend.rb
 - lib/contrast/framework/platform_version.rb
 - lib/contrast/framework/rack/patch/session_cookie.rb
 - lib/contrast/framework/rack/patch/support.rb
@@ -1085,26 +1101,35 @@ files:
 - lib/contrast/utils/duck_utils.rb
 - lib/contrast/utils/env_configuration_item.rb
 - lib/contrast/utils/exclude_key.rb
+- lib/contrast/utils/findings.rb
 - lib/contrast/utils/hash_digest.rb
+- lib/contrast/utils/hash_digest_extend.rb
+- lib/contrast/utils/head_dump_utils_extend.rb
 - lib/contrast/utils/heap_dump_util.rb
 - lib/contrast/utils/invalid_configuration_util.rb
 - lib/contrast/utils/io_util.rb
 - lib/contrast/utils/job_servers_running.rb
+- lib/contrast/utils/log_utils.rb
 - lib/contrast/utils/lru_cache.rb
 - lib/contrast/utils/metrics_hash.rb
+- lib/contrast/utils/middleware_utils.rb
+- lib/contrast/utils/net_http_base.rb
 - lib/contrast/utils/object_share.rb
 - lib/contrast/utils/os.rb
 - lib/contrast/utils/patching/policy/patch_utils.rb
 - lib/contrast/utils/patching/policy/patcher_utils.rb
 - lib/contrast/utils/preflight_util.rb
-- lib/contrast/utils/requests_client.rb
+- lib/contrast/utils/request_utils.rb
 - lib/contrast/utils/resource_loader.rb
+- lib/contrast/utils/response_utils.rb
 - lib/contrast/utils/ruby_ast_rewriter.rb
 - lib/contrast/utils/sha256_builder.rb
 - lib/contrast/utils/stack_trace_utils.rb
 - lib/contrast/utils/string_utils.rb
+- lib/contrast/utils/substitution_utils.rb
 - lib/contrast/utils/tag_util.rb
 - lib/contrast/utils/telemetry.rb
+- lib/contrast/utils/telemetry_client.rb
 - lib/contrast/utils/telemetry_identifier.rb
 - lib/contrast/utils/thread_tracker.rb
 - lib/contrast/utils/timer.rb

data/lib/contrast/config/default_value.rb

@@ -1,17 +0,0 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-module Contrast
-  module Config
-    # This is the wrapper for the default values in the configurations, used to
-    # differentiate between nil or false defaults and things being set
-    # explicitly to false.
-    class DefaultValue
-      attr_reader :value
-
-      def initialize value
-        @value = value
-      end
-    end
-  end
-end

data/lib/contrast/utils/requests_client.rb

@@ -1,150 +0,0 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'net/http'
-require 'contrast/components/logger'
-require 'contrast/utils/object_share'
-require 'contrast/agent/version'
-require 'socket'
-
-module Contrast
-  module Utils
-    # This module creates a Net::HTTP client and initiates a connection to the provided result
-    module RequestsClient
-      ENDPOINT = 'api/v1/telemetry/metrics' # /TelemetryEvent.path
-
-      class << self
-        include Contrast::Components::Logger::InstanceMethods
-        # This method initializes the Net::HTTP client we'll need
-        # @param url [String]
-        # @return [Net::HTTP, nil]
-        def initialize_connection url
-          addr = URI(url)
-          return if addr.host.nil? || addr.port.nil?
-          return if addr.scheme != 'https'
-
-          @_net_http_client = Net::HTTP.new(addr.host, addr.port)
-          @_net_http_client.open_timeout = 5
-          @_net_http_client.read_timeout = 5
-          @_net_http_client.use_ssl = true
-          @_net_http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
-          @_net_http_client.verify_depth = 5
-          @_net_http_client.start
-          return unless @_net_http_client.started?
-
-          logger.warn('Starting Telemetry connection test')
-          return unless connection_verified? @_net_http_client
-
-          @_net_http_client
-        rescue Net::OpenTimeout, Net::ReadTimeout => e
-          logger.warn('Telemetry connection failed', e.message)
-          nil
-        end
-
-        # This method will be responsible for building the request
-        # @param event[Contrast::Agent::TelemetryEvent,Contrast::Agent::StartupMetricsTelemetryEvent]
-        # @return [Net::HTTP::Post]
-        def build_request event
-          return unless valid_event? event
-
-          string_body = event.to_json.to_s
-          header = { 'User-Agent' => "<#{ Contrast::Utils::ObjectShare::RUBY }>-<#{ Contrast::Agent::VERSION }>" }
-          path = ENDPOINT + event.path
-          @_request = Net::HTTP::Post.new(path, header)
-          @_request.body = string_body
-          @_request
-        end
-
-        # This method will create the actual request and send it
-        # @param event[Contrast::Agent::TelemetryEvent]
-        # @param connection[Net::HTTP]
-        def send_request event, connection
-          return if connection.nil? || event.nil?
-          return unless valid_event? event
-
-          req = build_request event
-          connection.request req
-        end
-
-        # This method will handle the response from the tenant
-        # @param res [Net::HTTPResponse]
-        # @return sleep_time [Integer, nil]
-        def handle_response res
-          status_code = res.code.to_i
-          ready_after = if res.to_hash.keys.map(&:downcase).include?('ready-after')
-                          res['Ready-After']
-                        else
-                          60
-                        end
-          ready_after if status_code == 429
-        end
-
-        # This method will be responsible for validating the event
-        # @param event[Contrast::Agent::TelemetryEvent,Contrast::Agent::StartupMetricsTelemetryEvent]
-        def valid_event? event
-          return false unless event.cs__is_a?(Contrast::Agent::TelemetryEvent)
-          return false unless event.cs__is_a?(Contrast::Agent::StartupMetricsTelemetryEvent)
-
-          true
-        end
-
-        # Validates connection with Telemetry assigned domain.
-        # If connection is running, SSL certificate of the endpoint is valid, Ip address is resolvable
-        # and response is received without peer's reset or refuse of connection,
-        # then validation returns true. Error handling is in place so that the work of the agent will continue as
-        # normal without Telemetry.
-        #
-        # @param client [Net::HTTP]
-        # @return [Boolean] true | false
-        def connection_verified? client
-          return @_connection_verified unless @_connection_verified.nil?
-
-          # Before RUBY 2.7 there is no #ipaddr
-          ipaddr = if RUBY_VERSION < '2.7.0'
-                     socket = TCPSocket.open(client.address, client.port)
-                     ipaddr = socket.peeraddr[3]
-                     socket.close
-                     ipaddr
-                   else
-                     client.ipaddr
-                   end
-          response = client.request(Net::HTTP::Get.new(client.address))
-          verify_cert = OpenSSL::SSL.verify_certificate_identity(client.peer_cert, client.address)
-          resolved = resolved? client.address, ipaddr
-          @_connection_verified = if resolved && response && verify_cert
-                                    true
-                                  else
-                                    false
-                                  end
-        rescue OpenSSL::SSL::SSLError, Resolv::ResolvError, Errno::ECONNRESET, Errno::ECONNREFUSED,
-               Errno::ETIMEDOUT, Errno::ESHUTDOWN, Errno::EHOSTDOWN, Errno::EHOSTUNREACH, Errno::EISCONN,
-               Errno::ECONNABORTED, Errno::ENETRESET, Errno::ENETUNREACH => e
-
-          logger.warn('Telemetry connection failed', e.message)
-          false
-        end
-
-        private
-
-        # Resolves the address of the assigned telemetry domain to array of corresponding IPs (if more than one)
-        # and runs a matcher to see if current connection IP is in the list.
-        # This is called within #verify_connection, if called on it's own there will be no
-        # error handling.
-        #
-        # @param address [String] Human friendly address of assigned telemetry domain
-        # @param ipaddr [String] Machine friendly IP address of the assigned telemetry domain
-        # @return[Boolean] true if both addresses are resolved | false if one of the addresses
-        # is non-resolvable
-        def resolved? address, ipaddr
-          return @_resolved unless @_resolved.nil?
-
-          @_resolved = if (addresses = Resolv.getaddresses address)
-                         addresses.any? { |addr| addr.include?(ipaddr) }
-                       else
-                         false
-                       end
-        end
-      end
-    end
-  end
-end