contrast-agent 4.14.1 → 5.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (389) hide show
  1. checksums.yaml +4 -4
  2. data/.simplecov +1 -1
  3. data/Gemfile +1 -1
  4. data/LICENSE.txt +1 -1
  5. data/Rakefile +1 -1
  6. data/exe/contrast_service +1 -1
  7. data/ext/build_funchook.rb +1 -1
  8. data/ext/cs__assess_array/cs__assess_array.c +1 -1
  9. data/ext/cs__assess_array/extconf.rb +1 -1
  10. data/ext/cs__assess_basic_object/cs__assess_basic_object.c +1 -1
  11. data/ext/cs__assess_basic_object/extconf.rb +1 -1
  12. data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
  13. data/ext/cs__assess_fiber_track/extconf.rb +1 -1
  14. data/ext/cs__assess_hash/cs__assess_hash.c +1 -1
  15. data/ext/cs__assess_hash/extconf.rb +1 -1
  16. data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -1
  17. data/ext/cs__assess_kernel/extconf.rb +1 -1
  18. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +1 -1
  19. data/ext/cs__assess_marshal_module/extconf.rb +1 -1
  20. data/ext/cs__assess_module/cs__assess_module.c +1 -1
  21. data/ext/cs__assess_module/extconf.rb +1 -1
  22. data/ext/cs__assess_regexp/cs__assess_regexp.c +1 -1
  23. data/ext/cs__assess_regexp/extconf.rb +1 -1
  24. data/ext/cs__assess_string/cs__assess_string.c +1 -1
  25. data/ext/cs__assess_string/extconf.rb +1 -1
  26. data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +1 -1
  27. data/ext/cs__assess_string_interpolation26/extconf.rb +1 -1
  28. data/ext/cs__assess_yield_track/cs__assess_yield_track.c +1 -1
  29. data/ext/cs__assess_yield_track/extconf.rb +1 -1
  30. data/ext/cs__common/cs__common.c +1 -1
  31. data/ext/cs__common/extconf.rb +1 -1
  32. data/ext/cs__contrast_patch/cs__contrast_patch.c +1 -1
  33. data/ext/cs__contrast_patch/extconf.rb +1 -1
  34. data/ext/cs__os_information/cs__os_information.c +1 -1
  35. data/ext/cs__os_information/extconf.rb +1 -1
  36. data/ext/extconf_common.rb +1 -1
  37. data/lib/contrast/agent/assess/contrast_event.rb +7 -11
  38. data/lib/contrast/agent/assess/contrast_object.rb +1 -1
  39. data/lib/contrast/agent/assess/events/event_data.rb +30 -0
  40. data/lib/contrast/agent/assess/events/event_factory.rb +14 -6
  41. data/lib/contrast/agent/assess/events/source_event.rb +22 -3
  42. data/lib/contrast/agent/assess/finalizers/freeze.rb +1 -1
  43. data/lib/contrast/agent/assess/finalizers/hash.rb +1 -1
  44. data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +7 -7
  45. data/lib/contrast/agent/assess/policy/patcher.rb +1 -35
  46. data/lib/contrast/agent/assess/policy/policy.rb +1 -1
  47. data/lib/contrast/agent/assess/policy/policy_node.rb +2 -2
  48. data/lib/contrast/agent/assess/policy/policy_scanner.rb +1 -1
  49. data/lib/contrast/agent/assess/policy/preshift.rb +1 -1
  50. data/lib/contrast/agent/assess/policy/propagation_method.rb +55 -28
  51. data/lib/contrast/agent/assess/policy/propagation_node.rb +1 -1
  52. data/lib/contrast/agent/assess/policy/propagator/append.rb +1 -1
  53. data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
  54. data/lib/contrast/agent/assess/policy/propagator/center.rb +1 -1
  55. data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
  56. data/lib/contrast/agent/assess/policy/propagator/database_write.rb +6 -2
  57. data/lib/contrast/agent/assess/policy/propagator/insert.rb +5 -2
  58. data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -1
  59. data/lib/contrast/agent/assess/policy/propagator/match_data.rb +7 -3
  60. data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -1
  61. data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -1
  62. data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +1 -1
  63. data/lib/contrast/agent/assess/policy/propagator/remove.rb +1 -1
  64. data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -1
  65. data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -1
  66. data/lib/contrast/agent/assess/policy/propagator/select.rb +3 -2
  67. data/lib/contrast/agent/assess/policy/propagator/splat.rb +1 -1
  68. data/lib/contrast/agent/assess/policy/propagator/split.rb +27 -25
  69. data/lib/contrast/agent/assess/policy/propagator/substitution.rb +3 -5
  70. data/lib/contrast/agent/assess/policy/propagator/substitution_utils.rb +190 -0
  71. data/lib/contrast/agent/assess/policy/propagator/trim.rb +9 -4
  72. data/lib/contrast/agent/assess/policy/propagator.rb +1 -1
  73. data/lib/contrast/agent/assess/policy/source_method.rb +39 -26
  74. data/lib/contrast/agent/assess/policy/source_node.rb +1 -1
  75. data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +1 -1
  76. data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +1 -1
  77. data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +7 -2
  78. data/lib/contrast/agent/assess/policy/trigger/xpath.rb +1 -1
  79. data/lib/contrast/agent/assess/policy/trigger_method.rb +37 -24
  80. data/lib/contrast/agent/assess/policy/trigger_node.rb +1 -1
  81. data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +1 -1
  82. data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
  83. data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +1 -1
  84. data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +1 -1
  85. data/lib/contrast/agent/assess/properties.rb +1 -1
  86. data/lib/contrast/agent/assess/property/evented.rb +25 -12
  87. data/lib/contrast/agent/assess/property/tagged.rb +1 -1
  88. data/lib/contrast/agent/assess/property/updated.rb +1 -1
  89. data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +1 -19
  90. data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +1 -13
  91. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +7 -59
  92. data/lib/contrast/agent/assess/rule/provider.rb +1 -1
  93. data/lib/contrast/agent/assess/rule/response/autocomplete_rule.rb +130 -0
  94. data/lib/contrast/agent/assess/rule/response/base_rule.rb +117 -0
  95. data/lib/contrast/agent/assess/tag.rb +1 -1
  96. data/lib/contrast/agent/assess/tracker.rb +1 -1
  97. data/lib/contrast/agent/assess.rb +1 -2
  98. data/lib/contrast/agent/at_exit_hook.rb +1 -1
  99. data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +13 -8
  100. data/lib/contrast/agent/deadzone/policy/policy.rb +1 -1
  101. data/lib/contrast/agent/disable_reaction.rb +1 -1
  102. data/lib/contrast/agent/exclusion_matcher.rb +1 -1
  103. data/lib/contrast/agent/inventory/database_config.rb +115 -77
  104. data/lib/contrast/agent/inventory/dependencies.rb +1 -1
  105. data/lib/contrast/agent/inventory/dependency_analysis.rb +1 -1
  106. data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +3 -3
  107. data/lib/contrast/agent/inventory/policy/datastores.rb +1 -1
  108. data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
  109. data/lib/contrast/agent/inventory/policy/trigger_node.rb +1 -1
  110. data/lib/contrast/agent/inventory.rb +1 -1
  111. data/lib/contrast/agent/metric_telemetry_event.rb +1 -1
  112. data/lib/contrast/agent/middleware.rb +3 -2
  113. data/lib/contrast/agent/module_data.rb +1 -1
  114. data/lib/contrast/agent/patching/policy/after_load_patch.rb +1 -1
  115. data/lib/contrast/agent/patching/policy/after_load_patcher.rb +1 -1
  116. data/lib/contrast/agent/patching/policy/method_policy.rb +28 -15
  117. data/lib/contrast/agent/patching/policy/method_policy_extend.rb +12 -10
  118. data/lib/contrast/agent/patching/policy/module_policy.rb +1 -1
  119. data/lib/contrast/agent/patching/policy/patch.rb +1 -1
  120. data/lib/contrast/agent/patching/policy/patch_status.rb +2 -26
  121. data/lib/contrast/agent/patching/policy/patcher.rb +1 -5
  122. data/lib/contrast/agent/patching/policy/policy.rb +1 -1
  123. data/lib/contrast/agent/patching/policy/policy_node.rb +1 -1
  124. data/lib/contrast/agent/patching/policy/trigger_node.rb +1 -1
  125. data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +1 -1
  126. data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +1 -1
  127. data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +1 -1
  128. data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +1 -1
  129. data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +1 -1
  130. data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +1 -1
  131. data/lib/contrast/agent/protect/policy/policy.rb +1 -1
  132. data/lib/contrast/agent/protect/policy/rule_applicator.rb +1 -1
  133. data/lib/contrast/agent/protect/policy/trigger_node.rb +1 -1
  134. data/lib/contrast/agent/protect/rule/base.rb +1 -1
  135. data/lib/contrast/agent/protect/rule/base_service.rb +1 -1
  136. data/lib/contrast/agent/protect/rule/cmd_injection.rb +1 -1
  137. data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
  138. data/lib/contrast/agent/protect/rule/deserialization.rb +1 -1
  139. data/lib/contrast/agent/protect/rule/http_method_tampering.rb +1 -1
  140. data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +1 -1
  141. data/lib/contrast/agent/protect/rule/no_sqli.rb +1 -1
  142. data/lib/contrast/agent/protect/rule/path_traversal.rb +1 -1
  143. data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +1 -1
  144. data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
  145. data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
  146. data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -2
  147. data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
  148. data/lib/contrast/agent/protect/rule/sqli.rb +1 -1
  149. data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +1 -1
  150. data/lib/contrast/agent/protect/rule/xss.rb +1 -1
  151. data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +1 -1
  152. data/lib/contrast/agent/protect/rule/xxe.rb +1 -1
  153. data/lib/contrast/agent/protect/rule.rb +1 -1
  154. data/lib/contrast/agent/reaction_processor.rb +1 -1
  155. data/lib/contrast/agent/reporting/report.rb +7 -1
  156. data/lib/contrast/agent/reporting/reporter.rb +21 -48
  157. data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +49 -0
  158. data/lib/contrast/agent/reporting/reporting_events/application_update.rb +82 -0
  159. data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +80 -0
  160. data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +59 -0
  161. data/lib/contrast/agent/reporting/reporting_events/finding.rb +138 -43
  162. data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +264 -0
  163. data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +57 -0
  164. data/lib/contrast/agent/reporting/reporting_events/finding_object.rb +90 -0
  165. data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +121 -0
  166. data/lib/contrast/agent/reporting/reporting_events/finding_signature.rb +105 -0
  167. data/lib/contrast/agent/reporting/reporting_events/finding_stack.rb +67 -0
  168. data/lib/contrast/agent/reporting/reporting_events/finding_taint_range.rb +58 -0
  169. data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +93 -0
  170. data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +50 -0
  171. data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +54 -0
  172. data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +66 -0
  173. data/lib/contrast/agent/reporting/reporting_events/preflight.rb +20 -6
  174. data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +36 -17
  175. data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +28 -18
  176. data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +76 -0
  177. data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +66 -0
  178. data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +65 -0
  179. data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +52 -0
  180. data/lib/contrast/agent/reporting/reporting_events/trace_event_source.rb +30 -0
  181. data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +22 -12
  182. data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +67 -0
  183. data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +165 -0
  184. data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +55 -0
  185. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +74 -156
  186. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +154 -0
  187. data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +1 -1
  188. data/lib/contrast/agent/reporting/reporting_utilities/response.rb +30 -0
  189. data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +57 -0
  190. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +196 -0
  191. data/lib/contrast/agent/reporting/settings/application_settings.rb +67 -0
  192. data/lib/contrast/agent/reporting/settings/assess.rb +45 -0
  193. data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +136 -0
  194. data/lib/contrast/agent/reporting/settings/exclusions.rb +123 -0
  195. data/lib/contrast/agent/reporting/settings/protect.rb +89 -0
  196. data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +243 -0
  197. data/lib/contrast/agent/reporting/settings/reaction.rb +30 -0
  198. data/lib/contrast/agent/reporting/settings/server_features.rb +78 -0
  199. data/lib/contrast/agent/request.rb +44 -3
  200. data/lib/contrast/agent/request_context.rb +20 -7
  201. data/lib/contrast/agent/request_context_extend.rb +26 -1
  202. data/lib/contrast/agent/request_handler.rb +41 -5
  203. data/lib/contrast/agent/response.rb +23 -15
  204. data/lib/contrast/agent/rule_set.rb +1 -1
  205. data/lib/contrast/agent/scope.rb +1 -1
  206. data/lib/contrast/agent/service_heartbeat.rb +1 -1
  207. data/lib/contrast/agent/startup_metrics_telemetry_event.rb +34 -7
  208. data/lib/contrast/agent/static_analysis.rb +13 -3
  209. data/lib/contrast/agent/telemetry.rb +1 -1
  210. data/lib/contrast/agent/telemetry_event.rb +1 -1
  211. data/lib/contrast/agent/thread.rb +1 -1
  212. data/lib/contrast/agent/thread_watcher.rb +3 -3
  213. data/lib/contrast/agent/tracepoint_hook.rb +1 -4
  214. data/lib/contrast/agent/version.rb +2 -2
  215. data/lib/contrast/agent/worker_thread.rb +1 -1
  216. data/lib/contrast/agent.rb +4 -4
  217. data/lib/contrast/api/communication/connection_status.rb +1 -1
  218. data/lib/contrast/api/communication/messaging_queue.rb +4 -4
  219. data/lib/contrast/api/communication/response_processor.rb +9 -5
  220. data/lib/contrast/api/communication/service_lifecycle.rb +1 -1
  221. data/lib/contrast/api/communication/socket.rb +1 -1
  222. data/lib/contrast/api/communication/socket_client.rb +4 -1
  223. data/lib/contrast/api/communication/speedracer.rb +1 -1
  224. data/lib/contrast/api/communication/tcp_socket.rb +1 -1
  225. data/lib/contrast/api/communication/unix_socket.rb +1 -1
  226. data/lib/contrast/api/communication.rb +1 -1
  227. data/lib/contrast/api/decorators/address.rb +1 -1
  228. data/lib/contrast/api/decorators/agent_startup.rb +1 -1
  229. data/lib/contrast/api/decorators/application_settings.rb +1 -1
  230. data/lib/contrast/api/decorators/application_startup.rb +1 -1
  231. data/lib/contrast/api/decorators/application_update.rb +1 -1
  232. data/lib/contrast/api/decorators/architecture_component.rb +36 -0
  233. data/lib/contrast/api/decorators/finding.rb +1 -17
  234. data/lib/contrast/api/decorators/http_request.rb +3 -2
  235. data/lib/contrast/api/decorators/input_analysis.rb +1 -1
  236. data/lib/contrast/api/decorators/instrumentation_mode.rb +1 -1
  237. data/lib/contrast/api/decorators/library.rb +1 -1
  238. data/lib/contrast/api/decorators/library_usage_update.rb +1 -1
  239. data/lib/contrast/api/decorators/message.rb +1 -1
  240. data/lib/contrast/api/decorators/rasp_rule_sample.rb +1 -1
  241. data/lib/contrast/api/decorators/route_coverage.rb +1 -1
  242. data/lib/contrast/api/decorators/server_features.rb +1 -1
  243. data/lib/contrast/api/decorators/trace_event.rb +1 -1
  244. data/lib/contrast/api/decorators/trace_event_object.rb +1 -1
  245. data/lib/contrast/api/decorators/trace_event_signature.rb +1 -1
  246. data/lib/contrast/api/decorators/trace_taint_range.rb +1 -1
  247. data/lib/contrast/api/decorators/trace_taint_range_tags.rb +1 -1
  248. data/lib/contrast/api/decorators/user_input.rb +1 -1
  249. data/lib/contrast/api/decorators.rb +2 -1
  250. data/lib/contrast/api.rb +1 -1
  251. data/lib/contrast/components/agent.rb +5 -24
  252. data/lib/contrast/components/api.rb +18 -9
  253. data/lib/contrast/components/app_context.rb +2 -1
  254. data/lib/contrast/components/app_context_extend.rb +1 -1
  255. data/lib/contrast/components/assess.rb +12 -8
  256. data/lib/contrast/components/base.rb +1 -1
  257. data/lib/contrast/components/config.rb +30 -15
  258. data/lib/contrast/components/contrast_service.rb +1 -1
  259. data/lib/contrast/components/heap_dump.rb +1 -1
  260. data/lib/contrast/components/inventory.rb +5 -1
  261. data/lib/contrast/components/logger.rb +1 -1
  262. data/lib/contrast/components/protect.rb +6 -2
  263. data/lib/contrast/components/sampling.rb +1 -1
  264. data/lib/contrast/components/scope.rb +1 -1
  265. data/lib/contrast/components/settings.rb +25 -12
  266. data/lib/contrast/config/agent_configuration.rb +1 -1
  267. data/lib/contrast/config/api_configuration.rb +2 -2
  268. data/lib/contrast/config/api_proxy_configuration.rb +1 -1
  269. data/lib/contrast/config/application_configuration.rb +1 -1
  270. data/lib/contrast/config/assess_configuration.rb +1 -1
  271. data/lib/contrast/config/assess_rules_configuration.rb +1 -1
  272. data/lib/contrast/config/base_configuration.rb +1 -1
  273. data/lib/contrast/config/certification_configuration.rb +1 -1
  274. data/lib/contrast/config/env_variables.rb +1 -1
  275. data/lib/contrast/config/exception_configuration.rb +1 -1
  276. data/lib/contrast/config/heap_dump_configuration.rb +1 -1
  277. data/lib/contrast/config/inventory_configuration.rb +1 -1
  278. data/lib/contrast/config/logger_configuration.rb +1 -1
  279. data/lib/contrast/config/protect_configuration.rb +1 -1
  280. data/lib/contrast/config/protect_rule_configuration.rb +1 -1
  281. data/lib/contrast/config/protect_rules_configuration.rb +1 -1
  282. data/lib/contrast/config/request_audit_configuration.rb +1 -1
  283. data/lib/contrast/config/root_configuration.rb +1 -1
  284. data/lib/contrast/config/ruby_configuration.rb +4 -1
  285. data/lib/contrast/config/sampling_configuration.rb +1 -1
  286. data/lib/contrast/config/server_configuration.rb +1 -1
  287. data/lib/contrast/config/service_configuration.rb +1 -1
  288. data/lib/contrast/config.rb +1 -1
  289. data/lib/contrast/configuration.rb +1 -1
  290. data/lib/contrast/extension/assess/array.rb +4 -2
  291. data/lib/contrast/extension/assess/erb.rb +15 -5
  292. data/lib/contrast/extension/assess/eval_trigger.rb +3 -1
  293. data/lib/contrast/extension/assess/exec_trigger.rb +2 -1
  294. data/lib/contrast/extension/assess/fiber.rb +6 -3
  295. data/lib/contrast/extension/assess/hash.rb +1 -1
  296. data/lib/contrast/extension/assess/kernel.rb +8 -3
  297. data/lib/contrast/extension/assess/marshal.rb +6 -2
  298. data/lib/contrast/extension/assess/regexp.rb +8 -2
  299. data/lib/contrast/extension/assess/string.rb +8 -2
  300. data/lib/contrast/extension/assess.rb +1 -1
  301. data/lib/contrast/extension/delegator.rb +1 -1
  302. data/lib/contrast/extension/extension.rb +2 -4
  303. data/lib/contrast/extension/inventory.rb +1 -1
  304. data/lib/contrast/extension/kernel.rb +1 -1
  305. data/lib/contrast/extension/module.rb +1 -1
  306. data/lib/contrast/extension/protect/psych.rb +1 -1
  307. data/lib/contrast/extension/protect.rb +1 -1
  308. data/lib/contrast/extension/thread.rb +1 -1
  309. data/lib/contrast/framework/base_support.rb +5 -1
  310. data/lib/contrast/framework/grape/support.rb +25 -1
  311. data/lib/contrast/framework/manager.rb +26 -5
  312. data/lib/contrast/framework/manager_extend.rb +1 -1
  313. data/lib/contrast/framework/platform_version.rb +1 -1
  314. data/lib/contrast/framework/rack/patch/session_cookie.rb +1 -1
  315. data/lib/contrast/framework/rack/patch/support.rb +1 -1
  316. data/lib/contrast/framework/rack/support.rb +1 -1
  317. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
  318. data/lib/contrast/framework/rails/patch/assess_configuration.rb +1 -1
  319. data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +1 -1
  320. data/lib/contrast/framework/rails/patch/support.rb +1 -1
  321. data/lib/contrast/framework/rails/railtie.rb +1 -1
  322. data/lib/contrast/framework/rails/support.rb +46 -2
  323. data/lib/contrast/framework/sinatra/support.rb +24 -2
  324. data/lib/contrast/funchook/funchook.rb +21 -18
  325. data/lib/contrast/logger/application.rb +1 -1
  326. data/lib/contrast/logger/format.rb +1 -1
  327. data/lib/contrast/logger/log.rb +1 -1
  328. data/lib/contrast/logger/request.rb +1 -1
  329. data/lib/contrast/logger/time.rb +1 -1
  330. data/lib/contrast/security_exception.rb +1 -1
  331. data/lib/contrast/tasks/config.rb +1 -1
  332. data/lib/contrast/tasks/service.rb +1 -1
  333. data/lib/contrast/utils/assess/propagation_method_utils.rb +1 -1
  334. data/lib/contrast/utils/assess/property/tagged_utils.rb +1 -1
  335. data/lib/contrast/utils/assess/sampling_util.rb +4 -4
  336. data/lib/contrast/utils/assess/source_method_utils.rb +1 -1
  337. data/lib/contrast/utils/assess/split_utils.rb +23 -0
  338. data/lib/contrast/utils/assess/tracking_util.rb +1 -1
  339. data/lib/contrast/utils/assess/trigger_method_utils.rb +3 -2
  340. data/lib/contrast/utils/class_util.rb +1 -1
  341. data/lib/contrast/utils/duck_utils.rb +1 -1
  342. data/lib/contrast/utils/env_configuration_item.rb +2 -2
  343. data/lib/contrast/utils/exclude_key.rb +1 -1
  344. data/lib/contrast/utils/findings.rb +5 -2
  345. data/lib/contrast/utils/hash_digest.rb +36 -6
  346. data/lib/contrast/utils/hash_digest_extend.rb +44 -1
  347. data/lib/contrast/utils/head_dump_utils_extend.rb +1 -1
  348. data/lib/contrast/utils/heap_dump_util.rb +1 -1
  349. data/lib/contrast/utils/invalid_configuration_util.rb +6 -5
  350. data/lib/contrast/utils/io_util.rb +1 -1
  351. data/lib/contrast/utils/job_servers_running.rb +1 -1
  352. data/lib/contrast/utils/log_utils.rb +1 -1
  353. data/lib/contrast/utils/lru_cache.rb +1 -1
  354. data/lib/contrast/utils/metrics_hash.rb +2 -2
  355. data/lib/contrast/utils/middleware_utils.rb +1 -1
  356. data/lib/contrast/utils/net_http_base.rb +14 -7
  357. data/lib/contrast/utils/object_share.rb +1 -6
  358. data/lib/contrast/utils/os.rb +9 -5
  359. data/lib/contrast/utils/patching/policy/patch_utils.rb +63 -99
  360. data/lib/contrast/utils/patching/policy/patcher_utils.rb +1 -1
  361. data/lib/contrast/utils/preflight_util.rb +1 -1
  362. data/lib/contrast/utils/request_utils.rb +9 -1
  363. data/lib/contrast/utils/resource_loader.rb +1 -1
  364. data/lib/contrast/utils/response_utils.rb +1 -1
  365. data/lib/contrast/utils/sha256_builder.rb +1 -1
  366. data/lib/contrast/utils/stack_trace_utils.rb +1 -1
  367. data/lib/contrast/utils/string_utils.rb +69 -67
  368. data/lib/contrast/utils/tag_util.rb +2 -1
  369. data/lib/contrast/utils/telemetry.rb +1 -1
  370. data/lib/contrast/utils/telemetry_client.rb +1 -1
  371. data/lib/contrast/utils/telemetry_identifier.rb +1 -1
  372. data/lib/contrast/utils/thread_tracker.rb +1 -1
  373. data/lib/contrast/utils/timer.rb +1 -1
  374. data/lib/contrast-agent.rb +1 -1
  375. data/lib/contrast.rb +1 -1
  376. data/ruby-agent.gemspec +4 -5
  377. metadata +58 -30
  378. data/ext/cs__assess_active_record_named/cs__active_record_named.c +0 -46
  379. data/ext/cs__assess_active_record_named/cs__active_record_named.h +0 -11
  380. data/ext/cs__assess_active_record_named/extconf.rb +0 -5
  381. data/lib/contrast/agent/assess/policy/rewriter_patch.rb +0 -95
  382. data/lib/contrast/agent/class_reopener.rb +0 -258
  383. data/lib/contrast/agent/rewriter.rb +0 -259
  384. data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +0 -37
  385. data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +0 -41
  386. data/lib/contrast/framework/rails/rewrite/active_record_named.rb +0 -75
  387. data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +0 -35
  388. data/lib/contrast/utils/ruby_ast_rewriter.rb +0 -82
  389. data/lib/contrast/utils/substitution_utils.rb +0 -167
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/components/logger'
@@ -15,7 +15,7 @@ module Contrast
15
15
  ERROR_MESSAGES = [
16
16
  'The key is not string or does not meet the requirements.',
17
17
  'The key extends the allowed length.',
18
- 'VThe provided value is not the right data type'
18
+ 'The provided value is not the right data type'
19
19
  ].cs__freeze
20
20
  KEY_REGEXP = /[a-zA-Z0-9_-]{1,63}/.cs__freeze
21
21
 
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Contrast
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'net/http'
@@ -27,7 +27,8 @@ module Contrast
27
27
 
28
28
  addr = URI(url)
29
29
  # the proxy is enabled only if there is provided url even if the enable is set to true
30
- return if addr.host.nil? || addr.port.nil? || addr.scheme != 'https'
30
+ return if addr.host.nil? || addr.port.nil?
31
+ return if addr.scheme != 'https' && !addr.host.to_s.include?('localhost') # TODO: RUBY-99999 allow http w/ localhost # rubocop:disable Layout/LineLength
31
32
 
32
33
  proxy_addr = URI(Contrast::API.proxy_url) if proxy_enabled?
33
34
  net_http_client = initialize_client addr, proxy_addr, use_proxy, use_custom_cert
@@ -36,12 +37,13 @@ module Contrast
36
37
  net_http_client.start
37
38
  return unless net_http_client.started?
38
39
 
39
- logger.warn("Starting #{ service_name } connection test")
40
+ logger.debug("Starting #{ service_name } connection test")
40
41
  return unless connection_verified? net_http_client
41
42
 
43
+ logger.debug('Client verified', service: service_name, url: url)
42
44
  net_http_client
43
- rescue Net::OpenTimeout, Net::ReadTimeout, SocketError, OpenSSL::SSL::SSLError => e
44
- logger.warn("#{ service_name } connection failed", e.message)
45
+ rescue StandardError => e
46
+ logger.error('Connection failed', e, service: service_name, url: url)
45
47
  nil
46
48
  end
47
49
 
@@ -67,7 +69,8 @@ module Contrast
67
69
  client.ipaddr
68
70
  end
69
71
  response = client.request(Net::HTTP::Get.new(client.address))
70
- verify_cert = OpenSSL::SSL.verify_certificate_identity(client.peer_cert, client.address)
72
+ verify_cert = client.address.to_s.include?('localhost') ||
73
+ OpenSSL::SSL.verify_certificate_identity(client.peer_cert, client.address)
71
74
  resolved = resolved? client.address, ipaddr
72
75
  @_connection_verified = if resolved && response && verify_cert
73
76
  true
@@ -134,6 +137,8 @@ module Contrast
134
137
  else
135
138
  Net::HTTP.new(addr.host, addr.port)
136
139
  end
140
+ return initialize_client if addr.host.to_s.include?('localhost') # TODO: RUBY-99999 allow http w/ localhost
141
+
137
142
  assign_cert(initialize_client) if use_custom_cert && Contrast::API.certification_enabled?
138
143
  initialize_client.use_ssl = true
139
144
  initialize_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
@@ -151,7 +156,9 @@ module Contrast
151
156
  #
152
157
  # @return @_proxy_enabled [Boolean] True if proxy is enabled and url is present else false
153
158
  def proxy_enabled?
154
- @_proxy_enabled ||= Contrast::API.proxy_enabled? && !Contrast::API.proxy_url.nil? if @_proxy_enabled.nil?
159
+ return @_proxy_enabled unless @_proxy_enabled.nil?
160
+
161
+ @_proxy_enabled = Contrast::API.proxy_enabled? && !Contrast::API.proxy_url.nil?
155
162
  end
156
163
  end
157
164
  end
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  # rubocop:disable Security/Object/Freeze
@@ -47,8 +47,6 @@ module Contrast
47
47
  CACHE = 'cache'
48
48
 
49
49
  CONTRAST_PATCHED_METHOD_START = 'cs__patched_'
50
- CONTRAST_MODULE_START = 'Contrast::'
51
- ANONYMOUS_CLASS_MARKER = '#<'
52
50
  DOUBLE_COLON = '::'
53
51
 
54
52
  EMPTY_ARRAY = [].freeze
@@ -66,9 +64,6 @@ module Contrast
66
64
  TRUE = 'true'
67
65
  FALSE = 'false'
68
66
 
69
- CLASS = 'Class'
70
- MODULE = 'Module'
71
-
72
67
  OBJECT_KEY = 'O'
73
68
  RETURN_KEY = 'R'
74
69
  UNKNOWN = 'unknown'
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/components/scope'
@@ -36,11 +36,14 @@ module Contrast
36
36
  # Check current OS type
37
37
  # returns true if check is correct or false if not
38
38
  def windows?
39
- (/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM) != nil
39
+ return @_windows unless @_windows.nil?
40
+
41
+ @_windows = !(/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM).nil?
40
42
  end
41
43
 
42
44
  def mac?
43
- RUBY_PLATFORM.include? 'darwin'
45
+ @_mac = RUBY_PLATFORM.include? 'darwin' if @_mac.nil?
46
+ @_mac
44
47
  end
45
48
 
46
49
  def unix?
@@ -48,11 +51,12 @@ module Contrast
48
51
  end
49
52
 
50
53
  def linux?
51
- unix? and !mac?
54
+ (unix? and !mac?)
52
55
  end
53
56
 
54
57
  def jruby?
55
- RUBY_ENGINE == 'jruby'
58
+ @_jruby = RUBY_ENGINE == 'jruby' if @_jruby.nil?
59
+ @_jruby
56
60
  end
57
61
  end
58
62
  end
@@ -1,21 +1,17 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Contrast
5
5
  module Utils
6
6
  module Patching
7
- # This module will include all methods for different patch applies from Patch module
8
- # and some other module methods from the same place, so we can ease the main module
7
+ # This module will include all methods for different patch applies from Patch module and some other module
8
+ # methods from the same place, so we can ease the main module
9
9
  module PatchUtils
10
- # Method to choose which replaced return from the post_patch to
11
- # actually return
10
+ # Method to choose which replaced return from the post_patch to actually return.
12
11
  #
13
- # @param propagated_ret [Object, nil] The replaced return from the
14
- # propagation patch.
15
- # @param source_ret [Object, nil] The replaced return from the
16
- # source patch.
17
- # @param ret [Object, nil] The original return of the patched
18
- # method.
12
+ # @param propagated_ret [Object, nil] The replaced return from the propagation patch.
13
+ # @param source_ret [Object, nil] The replaced return from the source patch.
14
+ # @param ret [Object, nil] The original return of the patched method.
19
15
  # @return [Object, nil] The thing to return from the post patch.
20
16
  def handle_return propagated_ret, source_ret, ret
21
17
  safe_return = propagated_ret || source_ret || ret
@@ -23,8 +19,8 @@ module Contrast
23
19
  safe_return
24
20
  end
25
21
 
26
- # Given a module and method, construct an expected name for the
27
- # alias by which Contrast will reference the original.
22
+ # Given a module and method, construct an expected name for the alias by which Contrast will reference the
23
+ # original.
28
24
  #
29
25
  # @param patched_class [Module] the module being patched
30
26
  # @param patched_method [Symbol] the method being patched
@@ -48,56 +44,44 @@ module Contrast
48
44
  # ===== PATCH APPLIERS =====
49
45
  # THIS IS CALLED FROM C. Do not change the signature lightly.
50
46
  #
51
- # This method functions to call the infilter methods from our
52
- # patches, allowing for analysis and reporting at the point just
53
- # before the patched code is invoked.
47
+ # This method functions to call the infilter methods from our patches, allowing for analysis and reporting at
48
+ # the point just before the patched code is invoked.
54
49
  #
55
- # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
56
- # Mapping of the triggers on the given method.
50
+ # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
51
+ # method.
57
52
  # @param method [Symbol] The method into which we're patching
58
- # @param exception [StandardError] Any exception raised during the
59
- # call of the patched method.
60
- # @param object [Object] The object on which the method is invoked,
61
- # typically what would be returned by self.
62
- # @param args [Array<Object>] The arguments passed to the method
63
- # being invoked.
53
+ # @param exception [StandardError] Any exception raised during the call of the patched method.
54
+ # @param object [Object] The object on which the method is invoked, typically what would be returned by self.
55
+ # @param args [Array<Object>] The arguments passed to the method being invoked.
64
56
  def apply_pre_patch method_policy, method, exception, object, args
65
57
  apply_protect(method_policy, method, exception, object, args)
66
58
  apply_inventory(method_policy, method, exception, object, args)
67
59
  rescue Contrast::SecurityException => e
68
- # We were told to block something, so we gotta. Don't catch this
69
- # one, let it get back to our Middleware or even all the way out to
70
- # the framework
60
+ # We were told to block something, so we gotta. Don't catch this one, let it get back to our Middleware or
61
+ # even all the way out to the framework
71
62
  raise e
72
63
  rescue StandardError => e
73
- # Anything else was our bad and we gotta catch that to allow for
74
- # normal application flow
64
+ # Anything else was our bad and we gotta catch that to allow for normal application flow
75
65
  logger.error('Unable to apply pre patch to method.', e)
76
66
  rescue Exception => e # rubocop:disable Lint/RescueException
77
- # This is something like NoMemoryError that we can't
78
- # hope to handle. Nonetheless, shouldn't leak scope.
67
+ # This is something like NoMemoryError that we can't hope to handle. Nonetheless, shouldn't leak scope.
79
68
  exit_contrast_scope!
80
69
  raise e
81
70
  end
82
71
 
83
72
  # THIS IS CALLED FROM C. Do not change the signature lightly.
84
73
  #
85
- # This method functions to call the infilter methods from our
86
- # patches, allowing for analysis and reporting at the point just
87
- # after the patched code is invoked
74
+ # This method functions to call the infilter methods from our patches, allowing for analysis and reporting at
75
+ # the point just after the patched code is invoked
88
76
  #
89
- # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
90
- # Mapping of the triggers on the given method.
91
- # @param preshift [Contrast::Agent::Assess::PreShift] The capture
92
- # of the state of the code just prior to the invocation of the
93
- # patched method.
94
- # @param object [Object] The object on which the method was
95
- # invoked, typically what would be returned by self.
77
+ # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
78
+ # method.
79
+ # @param preshift [Contrast::Agent::Assess::PreShift] The capture of the state of the code just prior to the
80
+ # invocation of the patched method.
81
+ # @param object [Object] The object on which the method was invoked, typically what would be returned by self.
96
82
  # @param ret [Object] The return of the method that was invoked.
97
- # @param args [Array<Object>] The arguments passed to the method
98
- # being invoked.
99
- # @param block [Proc] The block passed to the method that was
100
- # invoked.
83
+ # @param args [Array<Object>] The arguments passed to the method being invoked.
84
+ # @param block [Proc] The block passed to the method that was invoked.
101
85
  def apply_post_patch method_policy, preshift, object, ret, args, block
102
86
  apply_assess(method_policy, preshift, object, ret, args, block)
103
87
  rescue StandardError => e
@@ -106,15 +90,12 @@ module Contrast
106
90
 
107
91
  # Apply the Protect patch which applies to the given method.
108
92
  #
109
- # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
110
- # Mapping of the triggers on the given method.
93
+ # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
94
+ # method.
111
95
  # @param method [Symbol] The method into which we're patching
112
- # @param exception [StandardError] Any exception raised during the
113
- # call of the patched method.
114
- # @param object [Object] The object on which the method is invoked,
115
- # typically what would be returned by self.
116
- # @param args [Array<Object>] The arguments passed to the method
117
- # being invoked.
96
+ # @param exception [StandardError] Any exception raised during the call of the patched method.
97
+ # @param object [Object] The object on which the method is invoked, typically what would be returned by self.
98
+ # @param args [Array<Object>] The arguments passed to the method being invoked.
118
99
  def apply_protect method_policy, method, exception, object, args
119
100
  return unless ::Contrast::AGENT.enabled?
120
101
  return unless ::Contrast::PROTECT.enabled?
@@ -124,15 +105,12 @@ module Contrast
124
105
 
125
106
  # Apply the Inventory patch which applies to the given method.
126
107
  #
127
- # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
128
- # Mapping of the triggers on the given method.
108
+ # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
109
+ # method.
129
110
  # @param method [Symbol] The method into which we're patching
130
- # @param exception [StandardError] Any exception raised during the
131
- # call of the patched method.
132
- # @param object [Object] The object on which the method is invoked,
133
- # typically what would be returned by self.
134
- # @param args [Array<Object>] The arguments passed to the method
135
- # being invoked.
111
+ # @param exception [StandardError] Any exception raised during the call of the patched method.
112
+ # @param object [Object] The object on which the method is invoked, typically what would be returned by self.
113
+ # @param args [Array<Object>] The arguments passed to the method being invoked.
136
114
  def apply_inventory method_policy, method, exception, object, args
137
115
  return unless ::Contrast::INVENTORY.enabled?
138
116
 
@@ -141,18 +119,14 @@ module Contrast
141
119
 
142
120
  # Apply the Assess patches which apply to the given method.
143
121
  #
144
- # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
145
- # Mapping of the triggers on the given method.
146
- # @param preshift [Contrast::Agent::Assess::PreShift] The capture
147
- # of the state of the code just prior to the invocation of the
148
- # patched method.
149
- # @param object [Object] The object on which the method was
150
- # invoked, typically what would be returned by self.
122
+ # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
123
+ # method.
124
+ # @param preshift [Contrast::Agent::Assess::PreShift] The capture of the state of the code just prior to the
125
+ # invocation of the patched method.
126
+ # @param object [Object] The object on which the method was invoked, typically what would be returned by self.
151
127
  # @param ret [Object] The return of the method that was invoked.
152
- # @param args [Array<Object>] The arguments passed to the method
153
- # being invoked.
154
- # @param block [Proc] The block passed to the method that was
155
- # invoked.
128
+ # @param args [Array<Object>] The arguments passed to the method being invoked.
129
+ # @param block [Proc] The block passed to the method that was invoked.
156
130
  def apply_assess method_policy, preshift, object, ret, args, block
157
131
  source_ret = nil
158
132
  propagated_ret = nil
@@ -166,9 +140,8 @@ module Contrast
166
140
  Contrast::Agent::Assess::Policy::TriggerMethod.apply_trigger_rule(trigger_node, object, ret, args)
167
141
  end
168
142
  if method_policy.source_node
169
- # If we were given a frozen return, and it was the target of a
170
- # source, and we have frozen sources enabled, we'll need to
171
- # replace the return. Note, this is not the default case.
143
+ # If we were given a frozen return, and it was the target of a source, and we have frozen sources enabled,
144
+ # we'll need to replace the return. Note, this is not the default case.
172
145
  source_ret = Contrast::Agent::Assess::Policy::SourceMethod.source_patchers(method_policy, object, ret, args)
173
146
  end
174
147
  if method_policy.propagation_node
@@ -190,39 +163,30 @@ module Contrast
190
163
  raise e
191
164
  end
192
165
 
193
- # Generic invocation of the Inventory or Protect patch which apply
194
- # to the given method.
166
+ # Generic invocation of the Inventory or Protect patch which apply to the given method.
195
167
  #
196
- # @param trigger_node [Contrast::Agent::Inventory::Policy::TriggerNode]
197
- # Mapping of the specific trigger on the given method.
168
+ # @param trigger_node [Contrast::Agent::Inventory::Policy::TriggerNode] Mapping of the specific trigger on the
169
+ # given method.
198
170
  # @param method [Symbol] The method into which we're patching
199
- # @param exception [StandardError] Any exception raised during the
200
- # call of the patched method.
201
- # @param object [Object] The object on which the method is invoked,
202
- # typically what would be returned by self.
203
- # @param args [Array<Object>] The arguments passed to the method
204
- # being invoked.
171
+ # @param exception [StandardError] Any exception raised during the call of the patched method.
172
+ # @param object [Object] The object on which the method is invoked, typically what would be returned by self.
173
+ # @param args [Array<Object>] The arguments passed to the method being invoked.
205
174
  def apply_trigger_only trigger_node, method, exception, object, args
206
175
  return unless trigger_node
207
176
 
208
- # If that rule only applies in the case of an exception being
209
- # thrown and there's no exception here, move along, or vice versa
177
+ # If that rule only applies in the case of an exception being thrown and there's no exception here, move
178
+ # along, or vice versa
210
179
  return if trigger_node.on_exception && !exception
211
180
  return if !trigger_node.on_exception && exception
212
181
 
213
- # Each patch has an applicator that handles logic for it. Think
214
- # of this as being similar to propagator actions, most closely
215
- # resembling CUSTOM - they all have a common interface but their
216
- # own logic based on what's in the method(s) they've been patched
217
- # into.
218
- # Each patch also knows the method of its applicator. Some
219
- # things, like AppliesXxeRule, have different methods depending
220
- # on the library patched. This lets us handle the boilerplate of
221
- # patching while still allowing for custom handling of the
222
- # methods.
182
+ # Each patch has an applicator that handles logic for it. Think of this as being similar to propagator
183
+ # actions, most closely resembling CUSTOM - they all have a common interface but their own logic based on
184
+ # what's in the method(s) they've been patched into.
185
+ # Each patch also knows the method of its applicator. Some things, like AppliesXxeRule, have different
186
+ # methods depending on the library patched. This lets us handle the boilerplate of patching while still
187
+ # allowing for custom handling of the methods.
223
188
  applicator_method = trigger_node.applicator_method
224
- # By calling send like this, we can reuse all the patching.
225
- # We `send` to the given method of the given class
189
+ # By calling send like this, we can reuse all the patching. We `send` to the given method of the given class
226
190
  # (applicator) since they all accept the same inputs
227
191
  trigger_node.applicator.send(applicator_method, method, exception, trigger_node.properties, object, args)
228
192
  end
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Contrast
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Contrast
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Contrast
@@ -17,6 +17,7 @@ module Contrast
17
17
  # key : ''
18
18
  # nested_key : ''
19
19
  # }
20
+ # @return params_hash [Hash]
20
21
  def normalize_params val, prefix: nil
21
22
  # In non-recursive invocations, val should always be a Hash
22
23
  # (rather than breaking this out into two methods)
@@ -48,6 +49,10 @@ module Contrast
48
49
  end
49
50
  end
50
51
 
52
+ # Read the response body and rewind.
53
+ # A well behaved middleware would read the IO object and then rewind.
54
+ #
55
+ # @return body [String]
51
56
  def read_body body
52
57
  return body if body.is_a?(String)
53
58
 
@@ -66,6 +71,9 @@ module Contrast
66
71
  end
67
72
  end
68
73
 
74
+ # @param multipart_data [Object<Hash>]
75
+ # @param current_names [Hash]
76
+ # @return current_names [Hash<Name =>file_name]
69
77
  def traverse_parsed_multipart multipart_data, current_names
70
78
  return current_names unless multipart_data
71
79
 
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Contrast
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Contrast
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'singleton'
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/utils/object_share'
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/components/logger'
@@ -7,84 +7,86 @@ module Contrast
7
7
  module Utils
8
8
  # Utilities for encoding and normalizing strings
9
9
  class StringUtils
10
- include Contrast::Components::Logger::InstanceMethods
10
+ class << self
11
+ include Contrast::Components::Logger::InstanceMethods
11
12
 
12
- UTF8 = 'utf-8'
13
- HTTP_PREFIX = 'HTTP_'
13
+ UTF8 = 'utf-8'
14
+ HTTP_PREFIX = 'HTTP_'
14
15
 
15
- # Convenience method. We assume that we're working on Strings or tags
16
- # String representations of things. To that end, we'll to_s anything
17
- # that comes in before returning its length.
18
- #
19
- # But don't worry though, String.to_s just returns self. teehee
20
- def self.ret_length string
21
- string.nil? ? 0 : string.to_s.length
22
- end
16
+ # Convenience method. We assume that we're working on Strings or tags
17
+ # String representations of things. To that end, we'll to_s anything
18
+ # that comes in before returning its length.
19
+ #
20
+ # But don't worry though, String.to_s just returns self. teehee
21
+ def ret_length string
22
+ string.nil? ? 0 : string.to_s.length
23
+ end
23
24
 
24
- def self.present? str
25
- !str.nil? && !str.to_s.empty?
26
- end
25
+ def present? str
26
+ !str.nil? && !str.to_s.empty?
27
+ end
27
28
 
28
- def self.protobuf_format data, truncate: true
29
- data = data&.to_s
30
- data = Contrast::Utils::StringUtils.force_utf8(data)
31
- data = Contrast::Utils::StringUtils.truncate(data) if truncate
32
- data
33
- end
29
+ def protobuf_format data, truncate: true
30
+ data = data&.to_s
31
+ data = Contrast::Utils::StringUtils.force_utf8(data)
32
+ data = Contrast::Utils::StringUtils.truncate(data) if truncate
33
+ data
34
+ end
34
35
 
35
- # Protobuf has a very strict typing. Nil is not a String and will throw
36
- # an exception if you try to set it. Use this to be safe.
37
- # Uses the object share to avoid creating several new strings per request
38
- def self.protobuf_safe_string string
39
- string.nil? ? Contrast::Utils::ObjectShare::EMPTY_STRING : string.to_s
40
- end
36
+ # Protobuf has a very strict typing. Nil is not a String and will throw
37
+ # an exception if you try to set it. Use this to be safe.
38
+ # Uses the object share to avoid creating several new strings per request
39
+ def protobuf_safe_string string
40
+ string.nil? ? Contrast::Utils::ObjectShare::EMPTY_STRING : string.to_s
41
+ end
41
42
 
42
- # Truncate a string to 255 characters max length
43
- def self.truncate str, default = Contrast::Utils::ObjectShare::EMPTY_STRING
44
- return default if str.nil?
43
+ # Truncate a string to 255 characters max length
44
+ def truncate str, default = Contrast::Utils::ObjectShare::EMPTY_STRING
45
+ return default if str.nil?
45
46
 
46
- str.to_s[0..255]
47
- end
47
+ str.to_s[0..255]
48
+ end
48
49
 
49
- def self.force_utf8 str
50
- return Contrast::Utils::ObjectShare::EMPTY_STRING unless str
50
+ def force_utf8 str
51
+ return Contrast::Utils::ObjectShare::EMPTY_STRING unless str
51
52
 
52
- str = str.to_s
53
- if str.encoding == Encoding::UTF_8
54
- str = str.encode(UTF8, invalid: :replace, undef: :replace) unless str.valid_encoding?
55
- else
56
- str = str.encode(UTF8, str.encoding, invalid: :replace, undef: :replace)
57
- end
58
- str.to_s
59
- rescue StandardError => e
60
- # We were unable to switch the String to a UTF-8 format.
61
- # Return non-nil so as not to throw an exception later when trying
62
- # to do regexp or other compares on the String
63
- logger.trace('Unable to cast String to UTF-8 format', e, value: str)
53
+ str = str.to_s
54
+ if str.encoding == Encoding::UTF_8
55
+ str = str.encode(UTF8, invalid: :replace, undef: :replace) unless str.valid_encoding?
56
+ else
57
+ str = str.encode(UTF8, str.encoding, invalid: :replace, undef: :replace)
58
+ end
59
+ str.to_s
60
+ rescue StandardError => e
61
+ # We were unable to switch the String to a UTF-8 format.
62
+ # Return non-nil so as not to throw an exception later when trying
63
+ # to do regexp or other compares on the String
64
+ logger.trace('Unable to cast String to UTF-8 format', e, value: str)
64
65
 
65
- Contrast::Utils::ObjectShare::EMPTY_STRING
66
- end
66
+ Contrast::Utils::ObjectShare::EMPTY_STRING
67
+ end
67
68
 
68
- # Given a string return a normalized version of that string.
69
- # Keys are memoized so that the normalization process doesn't need
70
- # to happen every time.
71
- #
72
- # @param str [String] the String to normalize
73
- # @return [String] a copy of the given String, upper cased, trimmed,
74
- # dashes replaced with underscore, and HTTP trimmed
75
- def self.normalized_key str
76
- return unless str
69
+ # Given a string return a normalized version of that string.
70
+ # Keys are memoized so that the normalization process doesn't need
71
+ # to happen every time.
72
+ #
73
+ # @param str [String] the String to normalize
74
+ # @return [String] a copy of the given String, upper cased, trimmed,
75
+ # dashes replaced with underscore, and HTTP trimmed
76
+ def normalized_key str
77
+ return unless str
77
78
 
78
- str = str.to_s
79
- @_normalized_keys ||= {}
80
- if @_normalized_keys.key?(str)
81
- @_normalized_keys[str]
82
- else
83
- upped = str.upcase
84
- stripped = upped.strip! || upped
85
- trimmed = stripped.tr!('-', '_') || stripped
86
- cut = trimmed.start_with?(HTTP_PREFIX) ? trimmed[5..-1] : trimmed
87
- @_normalized_keys[str] = cut
79
+ str = str.to_s
80
+ @_normalized_keys ||= {}
81
+ if @_normalized_keys.key?(str)
82
+ @_normalized_keys[str]
83
+ else
84
+ upped = str.upcase
85
+ stripped = upped.strip! || upped
86
+ trimmed = stripped.tr!('-', '_') || stripped
87
+ cut = trimmed.start_with?(HTTP_PREFIX) ? trimmed[5..] : trimmed
88
+ @_normalized_keys[str] = cut
89
+ end
88
90
  end
89
91
  end
90
92
  end