contrast-agent 4.14.1 → 5.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.simplecov +1 -1
- data/Gemfile +1 -1
- data/LICENSE.txt +1 -1
- data/Rakefile +1 -1
- data/exe/contrast_service +1 -1
- data/ext/build_funchook.rb +1 -1
- data/ext/cs__assess_array/cs__assess_array.c +1 -1
- data/ext/cs__assess_array/extconf.rb +1 -1
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +1 -1
- data/ext/cs__assess_basic_object/extconf.rb +1 -1
- data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
- data/ext/cs__assess_fiber_track/extconf.rb +1 -1
- data/ext/cs__assess_hash/cs__assess_hash.c +1 -1
- data/ext/cs__assess_hash/extconf.rb +1 -1
- data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -1
- data/ext/cs__assess_kernel/extconf.rb +1 -1
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +1 -1
- data/ext/cs__assess_marshal_module/extconf.rb +1 -1
- data/ext/cs__assess_module/cs__assess_module.c +1 -1
- data/ext/cs__assess_module/extconf.rb +1 -1
- data/ext/cs__assess_regexp/cs__assess_regexp.c +1 -1
- data/ext/cs__assess_regexp/extconf.rb +1 -1
- data/ext/cs__assess_string/cs__assess_string.c +1 -1
- data/ext/cs__assess_string/extconf.rb +1 -1
- data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +1 -1
- data/ext/cs__assess_string_interpolation26/extconf.rb +1 -1
- data/ext/cs__assess_yield_track/cs__assess_yield_track.c +1 -1
- data/ext/cs__assess_yield_track/extconf.rb +1 -1
- data/ext/cs__common/cs__common.c +1 -1
- data/ext/cs__common/extconf.rb +1 -1
- data/ext/cs__contrast_patch/cs__contrast_patch.c +1 -1
- data/ext/cs__contrast_patch/extconf.rb +1 -1
- data/ext/cs__os_information/cs__os_information.c +1 -1
- data/ext/cs__os_information/extconf.rb +1 -1
- data/ext/extconf_common.rb +1 -1
- data/lib/contrast/agent/assess/contrast_event.rb +7 -11
- data/lib/contrast/agent/assess/contrast_object.rb +1 -1
- data/lib/contrast/agent/assess/events/event_data.rb +30 -0
- data/lib/contrast/agent/assess/events/event_factory.rb +14 -6
- data/lib/contrast/agent/assess/events/source_event.rb +22 -3
- data/lib/contrast/agent/assess/finalizers/freeze.rb +1 -1
- data/lib/contrast/agent/assess/finalizers/hash.rb +1 -1
- data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +7 -7
- data/lib/contrast/agent/assess/policy/patcher.rb +1 -35
- data/lib/contrast/agent/assess/policy/policy.rb +1 -1
- data/lib/contrast/agent/assess/policy/policy_node.rb +2 -2
- data/lib/contrast/agent/assess/policy/policy_scanner.rb +1 -1
- data/lib/contrast/agent/assess/policy/preshift.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagation_method.rb +55 -28
- data/lib/contrast/agent/assess/policy/propagation_node.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/append.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/center.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +6 -2
- data/lib/contrast/agent/assess/policy/propagator/insert.rb +5 -2
- data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/match_data.rb +7 -3
- data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/remove.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/select.rb +3 -2
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/split.rb +27 -25
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +3 -5
- data/lib/contrast/agent/assess/policy/propagator/substitution_utils.rb +190 -0
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +9 -4
- data/lib/contrast/agent/assess/policy/propagator.rb +1 -1
- data/lib/contrast/agent/assess/policy/source_method.rb +39 -26
- data/lib/contrast/agent/assess/policy/source_node.rb +1 -1
- data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +1 -1
- data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +7 -2
- data/lib/contrast/agent/assess/policy/trigger/xpath.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_method.rb +37 -24
- data/lib/contrast/agent/assess/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +1 -1
- data/lib/contrast/agent/assess/properties.rb +1 -1
- data/lib/contrast/agent/assess/property/evented.rb +25 -12
- data/lib/contrast/agent/assess/property/tagged.rb +1 -1
- data/lib/contrast/agent/assess/property/updated.rb +1 -1
- data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +1 -19
- data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +1 -13
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +7 -59
- data/lib/contrast/agent/assess/rule/provider.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/autocomplete_rule.rb +130 -0
- data/lib/contrast/agent/assess/rule/response/base_rule.rb +117 -0
- data/lib/contrast/agent/assess/tag.rb +1 -1
- data/lib/contrast/agent/assess/tracker.rb +1 -1
- data/lib/contrast/agent/assess.rb +1 -2
- data/lib/contrast/agent/at_exit_hook.rb +1 -1
- data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +13 -8
- data/lib/contrast/agent/deadzone/policy/policy.rb +1 -1
- data/lib/contrast/agent/disable_reaction.rb +1 -1
- data/lib/contrast/agent/exclusion_matcher.rb +1 -1
- data/lib/contrast/agent/inventory/database_config.rb +115 -77
- data/lib/contrast/agent/inventory/dependencies.rb +1 -1
- data/lib/contrast/agent/inventory/dependency_analysis.rb +1 -1
- data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +3 -3
- data/lib/contrast/agent/inventory/policy/datastores.rb +1 -1
- data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
- data/lib/contrast/agent/inventory/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/inventory.rb +1 -1
- data/lib/contrast/agent/metric_telemetry_event.rb +1 -1
- data/lib/contrast/agent/middleware.rb +3 -2
- data/lib/contrast/agent/module_data.rb +1 -1
- data/lib/contrast/agent/patching/policy/after_load_patch.rb +1 -1
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +1 -1
- data/lib/contrast/agent/patching/policy/method_policy.rb +28 -15
- data/lib/contrast/agent/patching/policy/method_policy_extend.rb +12 -10
- data/lib/contrast/agent/patching/policy/module_policy.rb +1 -1
- data/lib/contrast/agent/patching/policy/patch.rb +1 -1
- data/lib/contrast/agent/patching/policy/patch_status.rb +2 -26
- data/lib/contrast/agent/patching/policy/patcher.rb +1 -5
- data/lib/contrast/agent/patching/policy/policy.rb +1 -1
- data/lib/contrast/agent/patching/policy/policy_node.rb +1 -1
- data/lib/contrast/agent/patching/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/policy.rb +1 -1
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +1 -1
- data/lib/contrast/agent/protect/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/protect/rule/base.rb +1 -1
- data/lib/contrast/agent/protect/rule/base_service.rb +1 -1
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +1 -1
- data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/deserialization.rb +1 -1
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +1 -1
- data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/no_sqli.rb +1 -1
- data/lib/contrast/agent/protect/rule/path_traversal.rb +1 -1
- data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -2
- data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli.rb +1 -1
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +1 -1
- data/lib/contrast/agent/protect/rule/xss.rb +1 -1
- data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +1 -1
- data/lib/contrast/agent/protect/rule/xxe.rb +1 -1
- data/lib/contrast/agent/protect/rule.rb +1 -1
- data/lib/contrast/agent/reaction_processor.rb +1 -1
- data/lib/contrast/agent/reporting/report.rb +7 -1
- data/lib/contrast/agent/reporting/reporter.rb +21 -48
- data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +49 -0
- data/lib/contrast/agent/reporting/reporting_events/application_update.rb +82 -0
- data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +80 -0
- data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +59 -0
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +138 -43
- data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +264 -0
- data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +57 -0
- data/lib/contrast/agent/reporting/reporting_events/finding_object.rb +90 -0
- data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +121 -0
- data/lib/contrast/agent/reporting/reporting_events/finding_signature.rb +105 -0
- data/lib/contrast/agent/reporting/reporting_events/finding_stack.rb +67 -0
- data/lib/contrast/agent/reporting/reporting_events/finding_taint_range.rb +58 -0
- data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +93 -0
- data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +50 -0
- data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +54 -0
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +66 -0
- data/lib/contrast/agent/reporting/reporting_events/preflight.rb +20 -6
- data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +36 -17
- data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +28 -18
- data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +76 -0
- data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +66 -0
- data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +65 -0
- data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +52 -0
- data/lib/contrast/agent/reporting/reporting_events/trace_event_source.rb +30 -0
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +22 -12
- data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +67 -0
- data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +165 -0
- data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +55 -0
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +74 -156
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +154 -0
- data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response.rb +30 -0
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +57 -0
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +196 -0
- data/lib/contrast/agent/reporting/settings/application_settings.rb +67 -0
- data/lib/contrast/agent/reporting/settings/assess.rb +45 -0
- data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +136 -0
- data/lib/contrast/agent/reporting/settings/exclusions.rb +123 -0
- data/lib/contrast/agent/reporting/settings/protect.rb +89 -0
- data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +243 -0
- data/lib/contrast/agent/reporting/settings/reaction.rb +30 -0
- data/lib/contrast/agent/reporting/settings/server_features.rb +78 -0
- data/lib/contrast/agent/request.rb +44 -3
- data/lib/contrast/agent/request_context.rb +20 -7
- data/lib/contrast/agent/request_context_extend.rb +26 -1
- data/lib/contrast/agent/request_handler.rb +41 -5
- data/lib/contrast/agent/response.rb +23 -15
- data/lib/contrast/agent/rule_set.rb +1 -1
- data/lib/contrast/agent/scope.rb +1 -1
- data/lib/contrast/agent/service_heartbeat.rb +1 -1
- data/lib/contrast/agent/startup_metrics_telemetry_event.rb +34 -7
- data/lib/contrast/agent/static_analysis.rb +13 -3
- data/lib/contrast/agent/telemetry.rb +1 -1
- data/lib/contrast/agent/telemetry_event.rb +1 -1
- data/lib/contrast/agent/thread.rb +1 -1
- data/lib/contrast/agent/thread_watcher.rb +3 -3
- data/lib/contrast/agent/tracepoint_hook.rb +1 -4
- data/lib/contrast/agent/version.rb +2 -2
- data/lib/contrast/agent/worker_thread.rb +1 -1
- data/lib/contrast/agent.rb +4 -4
- data/lib/contrast/api/communication/connection_status.rb +1 -1
- data/lib/contrast/api/communication/messaging_queue.rb +4 -4
- data/lib/contrast/api/communication/response_processor.rb +9 -5
- data/lib/contrast/api/communication/service_lifecycle.rb +1 -1
- data/lib/contrast/api/communication/socket.rb +1 -1
- data/lib/contrast/api/communication/socket_client.rb +4 -1
- data/lib/contrast/api/communication/speedracer.rb +1 -1
- data/lib/contrast/api/communication/tcp_socket.rb +1 -1
- data/lib/contrast/api/communication/unix_socket.rb +1 -1
- data/lib/contrast/api/communication.rb +1 -1
- data/lib/contrast/api/decorators/address.rb +1 -1
- data/lib/contrast/api/decorators/agent_startup.rb +1 -1
- data/lib/contrast/api/decorators/application_settings.rb +1 -1
- data/lib/contrast/api/decorators/application_startup.rb +1 -1
- data/lib/contrast/api/decorators/application_update.rb +1 -1
- data/lib/contrast/api/decorators/architecture_component.rb +36 -0
- data/lib/contrast/api/decorators/finding.rb +1 -17
- data/lib/contrast/api/decorators/http_request.rb +3 -2
- data/lib/contrast/api/decorators/input_analysis.rb +1 -1
- data/lib/contrast/api/decorators/instrumentation_mode.rb +1 -1
- data/lib/contrast/api/decorators/library.rb +1 -1
- data/lib/contrast/api/decorators/library_usage_update.rb +1 -1
- data/lib/contrast/api/decorators/message.rb +1 -1
- data/lib/contrast/api/decorators/rasp_rule_sample.rb +1 -1
- data/lib/contrast/api/decorators/route_coverage.rb +1 -1
- data/lib/contrast/api/decorators/server_features.rb +1 -1
- data/lib/contrast/api/decorators/trace_event.rb +1 -1
- data/lib/contrast/api/decorators/trace_event_object.rb +1 -1
- data/lib/contrast/api/decorators/trace_event_signature.rb +1 -1
- data/lib/contrast/api/decorators/trace_taint_range.rb +1 -1
- data/lib/contrast/api/decorators/trace_taint_range_tags.rb +1 -1
- data/lib/contrast/api/decorators/user_input.rb +1 -1
- data/lib/contrast/api/decorators.rb +2 -1
- data/lib/contrast/api.rb +1 -1
- data/lib/contrast/components/agent.rb +5 -24
- data/lib/contrast/components/api.rb +18 -9
- data/lib/contrast/components/app_context.rb +2 -1
- data/lib/contrast/components/app_context_extend.rb +1 -1
- data/lib/contrast/components/assess.rb +12 -8
- data/lib/contrast/components/base.rb +1 -1
- data/lib/contrast/components/config.rb +30 -15
- data/lib/contrast/components/contrast_service.rb +1 -1
- data/lib/contrast/components/heap_dump.rb +1 -1
- data/lib/contrast/components/inventory.rb +5 -1
- data/lib/contrast/components/logger.rb +1 -1
- data/lib/contrast/components/protect.rb +6 -2
- data/lib/contrast/components/sampling.rb +1 -1
- data/lib/contrast/components/scope.rb +1 -1
- data/lib/contrast/components/settings.rb +25 -12
- data/lib/contrast/config/agent_configuration.rb +1 -1
- data/lib/contrast/config/api_configuration.rb +2 -2
- data/lib/contrast/config/api_proxy_configuration.rb +1 -1
- data/lib/contrast/config/application_configuration.rb +1 -1
- data/lib/contrast/config/assess_configuration.rb +1 -1
- data/lib/contrast/config/assess_rules_configuration.rb +1 -1
- data/lib/contrast/config/base_configuration.rb +1 -1
- data/lib/contrast/config/certification_configuration.rb +1 -1
- data/lib/contrast/config/env_variables.rb +1 -1
- data/lib/contrast/config/exception_configuration.rb +1 -1
- data/lib/contrast/config/heap_dump_configuration.rb +1 -1
- data/lib/contrast/config/inventory_configuration.rb +1 -1
- data/lib/contrast/config/logger_configuration.rb +1 -1
- data/lib/contrast/config/protect_configuration.rb +1 -1
- data/lib/contrast/config/protect_rule_configuration.rb +1 -1
- data/lib/contrast/config/protect_rules_configuration.rb +1 -1
- data/lib/contrast/config/request_audit_configuration.rb +1 -1
- data/lib/contrast/config/root_configuration.rb +1 -1
- data/lib/contrast/config/ruby_configuration.rb +4 -1
- data/lib/contrast/config/sampling_configuration.rb +1 -1
- data/lib/contrast/config/server_configuration.rb +1 -1
- data/lib/contrast/config/service_configuration.rb +1 -1
- data/lib/contrast/config.rb +1 -1
- data/lib/contrast/configuration.rb +1 -1
- data/lib/contrast/extension/assess/array.rb +4 -2
- data/lib/contrast/extension/assess/erb.rb +15 -5
- data/lib/contrast/extension/assess/eval_trigger.rb +3 -1
- data/lib/contrast/extension/assess/exec_trigger.rb +2 -1
- data/lib/contrast/extension/assess/fiber.rb +6 -3
- data/lib/contrast/extension/assess/hash.rb +1 -1
- data/lib/contrast/extension/assess/kernel.rb +8 -3
- data/lib/contrast/extension/assess/marshal.rb +6 -2
- data/lib/contrast/extension/assess/regexp.rb +8 -2
- data/lib/contrast/extension/assess/string.rb +8 -2
- data/lib/contrast/extension/assess.rb +1 -1
- data/lib/contrast/extension/delegator.rb +1 -1
- data/lib/contrast/extension/extension.rb +2 -4
- data/lib/contrast/extension/inventory.rb +1 -1
- data/lib/contrast/extension/kernel.rb +1 -1
- data/lib/contrast/extension/module.rb +1 -1
- data/lib/contrast/extension/protect/psych.rb +1 -1
- data/lib/contrast/extension/protect.rb +1 -1
- data/lib/contrast/extension/thread.rb +1 -1
- data/lib/contrast/framework/base_support.rb +5 -1
- data/lib/contrast/framework/grape/support.rb +25 -1
- data/lib/contrast/framework/manager.rb +26 -5
- data/lib/contrast/framework/manager_extend.rb +1 -1
- data/lib/contrast/framework/platform_version.rb +1 -1
- data/lib/contrast/framework/rack/patch/session_cookie.rb +1 -1
- data/lib/contrast/framework/rack/patch/support.rb +1 -1
- data/lib/contrast/framework/rack/support.rb +1 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
- data/lib/contrast/framework/rails/patch/assess_configuration.rb +1 -1
- data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +1 -1
- data/lib/contrast/framework/rails/patch/support.rb +1 -1
- data/lib/contrast/framework/rails/railtie.rb +1 -1
- data/lib/contrast/framework/rails/support.rb +46 -2
- data/lib/contrast/framework/sinatra/support.rb +24 -2
- data/lib/contrast/funchook/funchook.rb +21 -18
- data/lib/contrast/logger/application.rb +1 -1
- data/lib/contrast/logger/format.rb +1 -1
- data/lib/contrast/logger/log.rb +1 -1
- data/lib/contrast/logger/request.rb +1 -1
- data/lib/contrast/logger/time.rb +1 -1
- data/lib/contrast/security_exception.rb +1 -1
- data/lib/contrast/tasks/config.rb +1 -1
- data/lib/contrast/tasks/service.rb +1 -1
- data/lib/contrast/utils/assess/propagation_method_utils.rb +1 -1
- data/lib/contrast/utils/assess/property/tagged_utils.rb +1 -1
- data/lib/contrast/utils/assess/sampling_util.rb +4 -4
- data/lib/contrast/utils/assess/source_method_utils.rb +1 -1
- data/lib/contrast/utils/assess/split_utils.rb +23 -0
- data/lib/contrast/utils/assess/tracking_util.rb +1 -1
- data/lib/contrast/utils/assess/trigger_method_utils.rb +3 -2
- data/lib/contrast/utils/class_util.rb +1 -1
- data/lib/contrast/utils/duck_utils.rb +1 -1
- data/lib/contrast/utils/env_configuration_item.rb +2 -2
- data/lib/contrast/utils/exclude_key.rb +1 -1
- data/lib/contrast/utils/findings.rb +5 -2
- data/lib/contrast/utils/hash_digest.rb +36 -6
- data/lib/contrast/utils/hash_digest_extend.rb +44 -1
- data/lib/contrast/utils/head_dump_utils_extend.rb +1 -1
- data/lib/contrast/utils/heap_dump_util.rb +1 -1
- data/lib/contrast/utils/invalid_configuration_util.rb +6 -5
- data/lib/contrast/utils/io_util.rb +1 -1
- data/lib/contrast/utils/job_servers_running.rb +1 -1
- data/lib/contrast/utils/log_utils.rb +1 -1
- data/lib/contrast/utils/lru_cache.rb +1 -1
- data/lib/contrast/utils/metrics_hash.rb +2 -2
- data/lib/contrast/utils/middleware_utils.rb +1 -1
- data/lib/contrast/utils/net_http_base.rb +14 -7
- data/lib/contrast/utils/object_share.rb +1 -6
- data/lib/contrast/utils/os.rb +9 -5
- data/lib/contrast/utils/patching/policy/patch_utils.rb +63 -99
- data/lib/contrast/utils/patching/policy/patcher_utils.rb +1 -1
- data/lib/contrast/utils/preflight_util.rb +1 -1
- data/lib/contrast/utils/request_utils.rb +9 -1
- data/lib/contrast/utils/resource_loader.rb +1 -1
- data/lib/contrast/utils/response_utils.rb +1 -1
- data/lib/contrast/utils/sha256_builder.rb +1 -1
- data/lib/contrast/utils/stack_trace_utils.rb +1 -1
- data/lib/contrast/utils/string_utils.rb +69 -67
- data/lib/contrast/utils/tag_util.rb +2 -1
- data/lib/contrast/utils/telemetry.rb +1 -1
- data/lib/contrast/utils/telemetry_client.rb +1 -1
- data/lib/contrast/utils/telemetry_identifier.rb +1 -1
- data/lib/contrast/utils/thread_tracker.rb +1 -1
- data/lib/contrast/utils/timer.rb +1 -1
- data/lib/contrast-agent.rb +1 -1
- data/lib/contrast.rb +1 -1
- data/ruby-agent.gemspec +4 -5
- metadata +58 -30
- data/ext/cs__assess_active_record_named/cs__active_record_named.c +0 -46
- data/ext/cs__assess_active_record_named/cs__active_record_named.h +0 -11
- data/ext/cs__assess_active_record_named/extconf.rb +0 -5
- data/lib/contrast/agent/assess/policy/rewriter_patch.rb +0 -95
- data/lib/contrast/agent/class_reopener.rb +0 -258
- data/lib/contrast/agent/rewriter.rb +0 -259
- data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +0 -37
- data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +0 -41
- data/lib/contrast/framework/rails/rewrite/active_record_named.rb +0 -75
- data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +0 -35
- data/lib/contrast/utils/ruby_ast_rewriter.rb +0 -82
- data/lib/contrast/utils/substitution_utils.rb +0 -167
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/components/logger'
|
@@ -15,7 +15,7 @@ module Contrast
|
|
15
15
|
ERROR_MESSAGES = [
|
16
16
|
'The key is not string or does not meet the requirements.',
|
17
17
|
'The key extends the allowed length.',
|
18
|
-
'
|
18
|
+
'The provided value is not the right data type'
|
19
19
|
].cs__freeze
|
20
20
|
KEY_REGEXP = /[a-zA-Z0-9_-]{1,63}/.cs__freeze
|
21
21
|
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Contrast
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'net/http'
|
@@ -27,7 +27,8 @@ module Contrast
|
|
27
27
|
|
28
28
|
addr = URI(url)
|
29
29
|
# the proxy is enabled only if there is provided url even if the enable is set to true
|
30
|
-
return if addr.host.nil? || addr.port.nil?
|
30
|
+
return if addr.host.nil? || addr.port.nil?
|
31
|
+
return if addr.scheme != 'https' && !addr.host.to_s.include?('localhost') # TODO: RUBY-99999 allow http w/ localhost # rubocop:disable Layout/LineLength
|
31
32
|
|
32
33
|
proxy_addr = URI(Contrast::API.proxy_url) if proxy_enabled?
|
33
34
|
net_http_client = initialize_client addr, proxy_addr, use_proxy, use_custom_cert
|
@@ -36,12 +37,13 @@ module Contrast
|
|
36
37
|
net_http_client.start
|
37
38
|
return unless net_http_client.started?
|
38
39
|
|
39
|
-
logger.
|
40
|
+
logger.debug("Starting #{ service_name } connection test")
|
40
41
|
return unless connection_verified? net_http_client
|
41
42
|
|
43
|
+
logger.debug('Client verified', service: service_name, url: url)
|
42
44
|
net_http_client
|
43
|
-
rescue
|
44
|
-
logger.
|
45
|
+
rescue StandardError => e
|
46
|
+
logger.error('Connection failed', e, service: service_name, url: url)
|
45
47
|
nil
|
46
48
|
end
|
47
49
|
|
@@ -67,7 +69,8 @@ module Contrast
|
|
67
69
|
client.ipaddr
|
68
70
|
end
|
69
71
|
response = client.request(Net::HTTP::Get.new(client.address))
|
70
|
-
verify_cert =
|
72
|
+
verify_cert = client.address.to_s.include?('localhost') ||
|
73
|
+
OpenSSL::SSL.verify_certificate_identity(client.peer_cert, client.address)
|
71
74
|
resolved = resolved? client.address, ipaddr
|
72
75
|
@_connection_verified = if resolved && response && verify_cert
|
73
76
|
true
|
@@ -134,6 +137,8 @@ module Contrast
|
|
134
137
|
else
|
135
138
|
Net::HTTP.new(addr.host, addr.port)
|
136
139
|
end
|
140
|
+
return initialize_client if addr.host.to_s.include?('localhost') # TODO: RUBY-99999 allow http w/ localhost
|
141
|
+
|
137
142
|
assign_cert(initialize_client) if use_custom_cert && Contrast::API.certification_enabled?
|
138
143
|
initialize_client.use_ssl = true
|
139
144
|
initialize_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
@@ -151,7 +156,9 @@ module Contrast
|
|
151
156
|
#
|
152
157
|
# @return @_proxy_enabled [Boolean] True if proxy is enabled and url is present else false
|
153
158
|
def proxy_enabled?
|
154
|
-
@_proxy_enabled
|
159
|
+
return @_proxy_enabled unless @_proxy_enabled.nil?
|
160
|
+
|
161
|
+
@_proxy_enabled = Contrast::API.proxy_enabled? && !Contrast::API.proxy_url.nil?
|
155
162
|
end
|
156
163
|
end
|
157
164
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
# rubocop:disable Security/Object/Freeze
|
@@ -47,8 +47,6 @@ module Contrast
|
|
47
47
|
CACHE = 'cache'
|
48
48
|
|
49
49
|
CONTRAST_PATCHED_METHOD_START = 'cs__patched_'
|
50
|
-
CONTRAST_MODULE_START = 'Contrast::'
|
51
|
-
ANONYMOUS_CLASS_MARKER = '#<'
|
52
50
|
DOUBLE_COLON = '::'
|
53
51
|
|
54
52
|
EMPTY_ARRAY = [].freeze
|
@@ -66,9 +64,6 @@ module Contrast
|
|
66
64
|
TRUE = 'true'
|
67
65
|
FALSE = 'false'
|
68
66
|
|
69
|
-
CLASS = 'Class'
|
70
|
-
MODULE = 'Module'
|
71
|
-
|
72
67
|
OBJECT_KEY = 'O'
|
73
68
|
RETURN_KEY = 'R'
|
74
69
|
UNKNOWN = 'unknown'
|
data/lib/contrast/utils/os.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/components/scope'
|
@@ -36,11 +36,14 @@ module Contrast
|
|
36
36
|
# Check current OS type
|
37
37
|
# returns true if check is correct or false if not
|
38
38
|
def windows?
|
39
|
-
|
39
|
+
return @_windows unless @_windows.nil?
|
40
|
+
|
41
|
+
@_windows = !(/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM).nil?
|
40
42
|
end
|
41
43
|
|
42
44
|
def mac?
|
43
|
-
RUBY_PLATFORM.include? 'darwin'
|
45
|
+
@_mac = RUBY_PLATFORM.include? 'darwin' if @_mac.nil?
|
46
|
+
@_mac
|
44
47
|
end
|
45
48
|
|
46
49
|
def unix?
|
@@ -48,11 +51,12 @@ module Contrast
|
|
48
51
|
end
|
49
52
|
|
50
53
|
def linux?
|
51
|
-
unix? and !mac?
|
54
|
+
(unix? and !mac?)
|
52
55
|
end
|
53
56
|
|
54
57
|
def jruby?
|
55
|
-
RUBY_ENGINE == 'jruby'
|
58
|
+
@_jruby = RUBY_ENGINE == 'jruby' if @_jruby.nil?
|
59
|
+
@_jruby
|
56
60
|
end
|
57
61
|
end
|
58
62
|
end
|
@@ -1,21 +1,17 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Contrast
|
5
5
|
module Utils
|
6
6
|
module Patching
|
7
|
-
# This module will include all methods for different patch applies from Patch module
|
8
|
-
#
|
7
|
+
# This module will include all methods for different patch applies from Patch module and some other module
|
8
|
+
# methods from the same place, so we can ease the main module
|
9
9
|
module PatchUtils
|
10
|
-
# Method to choose which replaced return from the post_patch to
|
11
|
-
# actually return
|
10
|
+
# Method to choose which replaced return from the post_patch to actually return.
|
12
11
|
#
|
13
|
-
# @param propagated_ret [Object, nil] The replaced return from the
|
14
|
-
#
|
15
|
-
# @param
|
16
|
-
# source patch.
|
17
|
-
# @param ret [Object, nil] The original return of the patched
|
18
|
-
# method.
|
12
|
+
# @param propagated_ret [Object, nil] The replaced return from the propagation patch.
|
13
|
+
# @param source_ret [Object, nil] The replaced return from the source patch.
|
14
|
+
# @param ret [Object, nil] The original return of the patched method.
|
19
15
|
# @return [Object, nil] The thing to return from the post patch.
|
20
16
|
def handle_return propagated_ret, source_ret, ret
|
21
17
|
safe_return = propagated_ret || source_ret || ret
|
@@ -23,8 +19,8 @@ module Contrast
|
|
23
19
|
safe_return
|
24
20
|
end
|
25
21
|
|
26
|
-
# Given a module and method, construct an expected name for the
|
27
|
-
#
|
22
|
+
# Given a module and method, construct an expected name for the alias by which Contrast will reference the
|
23
|
+
# original.
|
28
24
|
#
|
29
25
|
# @param patched_class [Module] the module being patched
|
30
26
|
# @param patched_method [Symbol] the method being patched
|
@@ -48,56 +44,44 @@ module Contrast
|
|
48
44
|
# ===== PATCH APPLIERS =====
|
49
45
|
# THIS IS CALLED FROM C. Do not change the signature lightly.
|
50
46
|
#
|
51
|
-
# This method functions to call the infilter methods from our
|
52
|
-
#
|
53
|
-
# before the patched code is invoked.
|
47
|
+
# This method functions to call the infilter methods from our patches, allowing for analysis and reporting at
|
48
|
+
# the point just before the patched code is invoked.
|
54
49
|
#
|
55
|
-
# @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
|
56
|
-
#
|
50
|
+
# @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
|
51
|
+
# method.
|
57
52
|
# @param method [Symbol] The method into which we're patching
|
58
|
-
# @param exception [StandardError] Any exception raised during the
|
59
|
-
#
|
60
|
-
# @param
|
61
|
-
# typically what would be returned by self.
|
62
|
-
# @param args [Array<Object>] The arguments passed to the method
|
63
|
-
# being invoked.
|
53
|
+
# @param exception [StandardError] Any exception raised during the call of the patched method.
|
54
|
+
# @param object [Object] The object on which the method is invoked, typically what would be returned by self.
|
55
|
+
# @param args [Array<Object>] The arguments passed to the method being invoked.
|
64
56
|
def apply_pre_patch method_policy, method, exception, object, args
|
65
57
|
apply_protect(method_policy, method, exception, object, args)
|
66
58
|
apply_inventory(method_policy, method, exception, object, args)
|
67
59
|
rescue Contrast::SecurityException => e
|
68
|
-
# We were told to block something, so we gotta. Don't catch this
|
69
|
-
#
|
70
|
-
# the framework
|
60
|
+
# We were told to block something, so we gotta. Don't catch this one, let it get back to our Middleware or
|
61
|
+
# even all the way out to the framework
|
71
62
|
raise e
|
72
63
|
rescue StandardError => e
|
73
|
-
# Anything else was our bad and we gotta catch that to allow for
|
74
|
-
# normal application flow
|
64
|
+
# Anything else was our bad and we gotta catch that to allow for normal application flow
|
75
65
|
logger.error('Unable to apply pre patch to method.', e)
|
76
66
|
rescue Exception => e # rubocop:disable Lint/RescueException
|
77
|
-
# This is something like NoMemoryError that we can't
|
78
|
-
# hope to handle. Nonetheless, shouldn't leak scope.
|
67
|
+
# This is something like NoMemoryError that we can't hope to handle. Nonetheless, shouldn't leak scope.
|
79
68
|
exit_contrast_scope!
|
80
69
|
raise e
|
81
70
|
end
|
82
71
|
|
83
72
|
# THIS IS CALLED FROM C. Do not change the signature lightly.
|
84
73
|
#
|
85
|
-
# This method functions to call the infilter methods from our
|
86
|
-
#
|
87
|
-
# after the patched code is invoked
|
74
|
+
# This method functions to call the infilter methods from our patches, allowing for analysis and reporting at
|
75
|
+
# the point just after the patched code is invoked
|
88
76
|
#
|
89
|
-
# @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
|
90
|
-
#
|
91
|
-
# @param preshift [Contrast::Agent::Assess::PreShift] The capture
|
92
|
-
#
|
93
|
-
#
|
94
|
-
# @param object [Object] The object on which the method was
|
95
|
-
# invoked, typically what would be returned by self.
|
77
|
+
# @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
|
78
|
+
# method.
|
79
|
+
# @param preshift [Contrast::Agent::Assess::PreShift] The capture of the state of the code just prior to the
|
80
|
+
# invocation of the patched method.
|
81
|
+
# @param object [Object] The object on which the method was invoked, typically what would be returned by self.
|
96
82
|
# @param ret [Object] The return of the method that was invoked.
|
97
|
-
# @param args [Array<Object>] The arguments passed to the method
|
98
|
-
#
|
99
|
-
# @param block [Proc] The block passed to the method that was
|
100
|
-
# invoked.
|
83
|
+
# @param args [Array<Object>] The arguments passed to the method being invoked.
|
84
|
+
# @param block [Proc] The block passed to the method that was invoked.
|
101
85
|
def apply_post_patch method_policy, preshift, object, ret, args, block
|
102
86
|
apply_assess(method_policy, preshift, object, ret, args, block)
|
103
87
|
rescue StandardError => e
|
@@ -106,15 +90,12 @@ module Contrast
|
|
106
90
|
|
107
91
|
# Apply the Protect patch which applies to the given method.
|
108
92
|
#
|
109
|
-
# @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
|
110
|
-
#
|
93
|
+
# @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
|
94
|
+
# method.
|
111
95
|
# @param method [Symbol] The method into which we're patching
|
112
|
-
# @param exception [StandardError] Any exception raised during the
|
113
|
-
#
|
114
|
-
# @param
|
115
|
-
# typically what would be returned by self.
|
116
|
-
# @param args [Array<Object>] The arguments passed to the method
|
117
|
-
# being invoked.
|
96
|
+
# @param exception [StandardError] Any exception raised during the call of the patched method.
|
97
|
+
# @param object [Object] The object on which the method is invoked, typically what would be returned by self.
|
98
|
+
# @param args [Array<Object>] The arguments passed to the method being invoked.
|
118
99
|
def apply_protect method_policy, method, exception, object, args
|
119
100
|
return unless ::Contrast::AGENT.enabled?
|
120
101
|
return unless ::Contrast::PROTECT.enabled?
|
@@ -124,15 +105,12 @@ module Contrast
|
|
124
105
|
|
125
106
|
# Apply the Inventory patch which applies to the given method.
|
126
107
|
#
|
127
|
-
# @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
|
128
|
-
#
|
108
|
+
# @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
|
109
|
+
# method.
|
129
110
|
# @param method [Symbol] The method into which we're patching
|
130
|
-
# @param exception [StandardError] Any exception raised during the
|
131
|
-
#
|
132
|
-
# @param
|
133
|
-
# typically what would be returned by self.
|
134
|
-
# @param args [Array<Object>] The arguments passed to the method
|
135
|
-
# being invoked.
|
111
|
+
# @param exception [StandardError] Any exception raised during the call of the patched method.
|
112
|
+
# @param object [Object] The object on which the method is invoked, typically what would be returned by self.
|
113
|
+
# @param args [Array<Object>] The arguments passed to the method being invoked.
|
136
114
|
def apply_inventory method_policy, method, exception, object, args
|
137
115
|
return unless ::Contrast::INVENTORY.enabled?
|
138
116
|
|
@@ -141,18 +119,14 @@ module Contrast
|
|
141
119
|
|
142
120
|
# Apply the Assess patches which apply to the given method.
|
143
121
|
#
|
144
|
-
# @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
|
145
|
-
#
|
146
|
-
# @param preshift [Contrast::Agent::Assess::PreShift] The capture
|
147
|
-
#
|
148
|
-
#
|
149
|
-
# @param object [Object] The object on which the method was
|
150
|
-
# invoked, typically what would be returned by self.
|
122
|
+
# @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
|
123
|
+
# method.
|
124
|
+
# @param preshift [Contrast::Agent::Assess::PreShift] The capture of the state of the code just prior to the
|
125
|
+
# invocation of the patched method.
|
126
|
+
# @param object [Object] The object on which the method was invoked, typically what would be returned by self.
|
151
127
|
# @param ret [Object] The return of the method that was invoked.
|
152
|
-
# @param args [Array<Object>] The arguments passed to the method
|
153
|
-
#
|
154
|
-
# @param block [Proc] The block passed to the method that was
|
155
|
-
# invoked.
|
128
|
+
# @param args [Array<Object>] The arguments passed to the method being invoked.
|
129
|
+
# @param block [Proc] The block passed to the method that was invoked.
|
156
130
|
def apply_assess method_policy, preshift, object, ret, args, block
|
157
131
|
source_ret = nil
|
158
132
|
propagated_ret = nil
|
@@ -166,9 +140,8 @@ module Contrast
|
|
166
140
|
Contrast::Agent::Assess::Policy::TriggerMethod.apply_trigger_rule(trigger_node, object, ret, args)
|
167
141
|
end
|
168
142
|
if method_policy.source_node
|
169
|
-
# If we were given a frozen return, and it was the target of a
|
170
|
-
#
|
171
|
-
# replace the return. Note, this is not the default case.
|
143
|
+
# If we were given a frozen return, and it was the target of a source, and we have frozen sources enabled,
|
144
|
+
# we'll need to replace the return. Note, this is not the default case.
|
172
145
|
source_ret = Contrast::Agent::Assess::Policy::SourceMethod.source_patchers(method_policy, object, ret, args)
|
173
146
|
end
|
174
147
|
if method_policy.propagation_node
|
@@ -190,39 +163,30 @@ module Contrast
|
|
190
163
|
raise e
|
191
164
|
end
|
192
165
|
|
193
|
-
# Generic invocation of the Inventory or Protect patch which apply
|
194
|
-
# to the given method.
|
166
|
+
# Generic invocation of the Inventory or Protect patch which apply to the given method.
|
195
167
|
#
|
196
|
-
# @param trigger_node [Contrast::Agent::Inventory::Policy::TriggerNode]
|
197
|
-
#
|
168
|
+
# @param trigger_node [Contrast::Agent::Inventory::Policy::TriggerNode] Mapping of the specific trigger on the
|
169
|
+
# given method.
|
198
170
|
# @param method [Symbol] The method into which we're patching
|
199
|
-
# @param exception [StandardError] Any exception raised during the
|
200
|
-
#
|
201
|
-
# @param
|
202
|
-
# typically what would be returned by self.
|
203
|
-
# @param args [Array<Object>] The arguments passed to the method
|
204
|
-
# being invoked.
|
171
|
+
# @param exception [StandardError] Any exception raised during the call of the patched method.
|
172
|
+
# @param object [Object] The object on which the method is invoked, typically what would be returned by self.
|
173
|
+
# @param args [Array<Object>] The arguments passed to the method being invoked.
|
205
174
|
def apply_trigger_only trigger_node, method, exception, object, args
|
206
175
|
return unless trigger_node
|
207
176
|
|
208
|
-
# If that rule only applies in the case of an exception being
|
209
|
-
#
|
177
|
+
# If that rule only applies in the case of an exception being thrown and there's no exception here, move
|
178
|
+
# along, or vice versa
|
210
179
|
return if trigger_node.on_exception && !exception
|
211
180
|
return if !trigger_node.on_exception && exception
|
212
181
|
|
213
|
-
# Each patch has an applicator that handles logic for it. Think
|
214
|
-
#
|
215
|
-
#
|
216
|
-
#
|
217
|
-
#
|
218
|
-
#
|
219
|
-
# things, like AppliesXxeRule, have different methods depending
|
220
|
-
# on the library patched. This lets us handle the boilerplate of
|
221
|
-
# patching while still allowing for custom handling of the
|
222
|
-
# methods.
|
182
|
+
# Each patch has an applicator that handles logic for it. Think of this as being similar to propagator
|
183
|
+
# actions, most closely resembling CUSTOM - they all have a common interface but their own logic based on
|
184
|
+
# what's in the method(s) they've been patched into.
|
185
|
+
# Each patch also knows the method of its applicator. Some things, like AppliesXxeRule, have different
|
186
|
+
# methods depending on the library patched. This lets us handle the boilerplate of patching while still
|
187
|
+
# allowing for custom handling of the methods.
|
223
188
|
applicator_method = trigger_node.applicator_method
|
224
|
-
# By calling send like this, we can reuse all the patching.
|
225
|
-
# We `send` to the given method of the given class
|
189
|
+
# By calling send like this, we can reuse all the patching. We `send` to the given method of the given class
|
226
190
|
# (applicator) since they all accept the same inputs
|
227
191
|
trigger_node.applicator.send(applicator_method, method, exception, trigger_node.properties, object, args)
|
228
192
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Contrast
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Contrast
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Contrast
|
@@ -17,6 +17,7 @@ module Contrast
|
|
17
17
|
# key : ''
|
18
18
|
# nested_key : ''
|
19
19
|
# }
|
20
|
+
# @return params_hash [Hash]
|
20
21
|
def normalize_params val, prefix: nil
|
21
22
|
# In non-recursive invocations, val should always be a Hash
|
22
23
|
# (rather than breaking this out into two methods)
|
@@ -48,6 +49,10 @@ module Contrast
|
|
48
49
|
end
|
49
50
|
end
|
50
51
|
|
52
|
+
# Read the response body and rewind.
|
53
|
+
# A well behaved middleware would read the IO object and then rewind.
|
54
|
+
#
|
55
|
+
# @return body [String]
|
51
56
|
def read_body body
|
52
57
|
return body if body.is_a?(String)
|
53
58
|
|
@@ -66,6 +71,9 @@ module Contrast
|
|
66
71
|
end
|
67
72
|
end
|
68
73
|
|
74
|
+
# @param multipart_data [Object<Hash>]
|
75
|
+
# @param current_names [Hash]
|
76
|
+
# @return current_names [Hash<Name =>file_name]
|
69
77
|
def traverse_parsed_multipart multipart_data, current_names
|
70
78
|
return current_names unless multipart_data
|
71
79
|
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Contrast
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Contrast
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'singleton'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/object_share'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/components/logger'
|
@@ -7,84 +7,86 @@ module Contrast
|
|
7
7
|
module Utils
|
8
8
|
# Utilities for encoding and normalizing strings
|
9
9
|
class StringUtils
|
10
|
-
|
10
|
+
class << self
|
11
|
+
include Contrast::Components::Logger::InstanceMethods
|
11
12
|
|
12
|
-
|
13
|
-
|
13
|
+
UTF8 = 'utf-8'
|
14
|
+
HTTP_PREFIX = 'HTTP_'
|
14
15
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
16
|
+
# Convenience method. We assume that we're working on Strings or tags
|
17
|
+
# String representations of things. To that end, we'll to_s anything
|
18
|
+
# that comes in before returning its length.
|
19
|
+
#
|
20
|
+
# But don't worry though, String.to_s just returns self. teehee
|
21
|
+
def ret_length string
|
22
|
+
string.nil? ? 0 : string.to_s.length
|
23
|
+
end
|
23
24
|
|
24
|
-
|
25
|
-
|
26
|
-
|
25
|
+
def present? str
|
26
|
+
!str.nil? && !str.to_s.empty?
|
27
|
+
end
|
27
28
|
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
29
|
+
def protobuf_format data, truncate: true
|
30
|
+
data = data&.to_s
|
31
|
+
data = Contrast::Utils::StringUtils.force_utf8(data)
|
32
|
+
data = Contrast::Utils::StringUtils.truncate(data) if truncate
|
33
|
+
data
|
34
|
+
end
|
34
35
|
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
36
|
+
# Protobuf has a very strict typing. Nil is not a String and will throw
|
37
|
+
# an exception if you try to set it. Use this to be safe.
|
38
|
+
# Uses the object share to avoid creating several new strings per request
|
39
|
+
def protobuf_safe_string string
|
40
|
+
string.nil? ? Contrast::Utils::ObjectShare::EMPTY_STRING : string.to_s
|
41
|
+
end
|
41
42
|
|
42
|
-
|
43
|
-
|
44
|
-
|
43
|
+
# Truncate a string to 255 characters max length
|
44
|
+
def truncate str, default = Contrast::Utils::ObjectShare::EMPTY_STRING
|
45
|
+
return default if str.nil?
|
45
46
|
|
46
|
-
|
47
|
-
|
47
|
+
str.to_s[0..255]
|
48
|
+
end
|
48
49
|
|
49
|
-
|
50
|
-
|
50
|
+
def force_utf8 str
|
51
|
+
return Contrast::Utils::ObjectShare::EMPTY_STRING unless str
|
51
52
|
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
53
|
+
str = str.to_s
|
54
|
+
if str.encoding == Encoding::UTF_8
|
55
|
+
str = str.encode(UTF8, invalid: :replace, undef: :replace) unless str.valid_encoding?
|
56
|
+
else
|
57
|
+
str = str.encode(UTF8, str.encoding, invalid: :replace, undef: :replace)
|
58
|
+
end
|
59
|
+
str.to_s
|
60
|
+
rescue StandardError => e
|
61
|
+
# We were unable to switch the String to a UTF-8 format.
|
62
|
+
# Return non-nil so as not to throw an exception later when trying
|
63
|
+
# to do regexp or other compares on the String
|
64
|
+
logger.trace('Unable to cast String to UTF-8 format', e, value: str)
|
64
65
|
|
65
|
-
|
66
|
-
|
66
|
+
Contrast::Utils::ObjectShare::EMPTY_STRING
|
67
|
+
end
|
67
68
|
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
69
|
+
# Given a string return a normalized version of that string.
|
70
|
+
# Keys are memoized so that the normalization process doesn't need
|
71
|
+
# to happen every time.
|
72
|
+
#
|
73
|
+
# @param str [String] the String to normalize
|
74
|
+
# @return [String] a copy of the given String, upper cased, trimmed,
|
75
|
+
# dashes replaced with underscore, and HTTP trimmed
|
76
|
+
def normalized_key str
|
77
|
+
return unless str
|
77
78
|
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
79
|
+
str = str.to_s
|
80
|
+
@_normalized_keys ||= {}
|
81
|
+
if @_normalized_keys.key?(str)
|
82
|
+
@_normalized_keys[str]
|
83
|
+
else
|
84
|
+
upped = str.upcase
|
85
|
+
stripped = upped.strip! || upped
|
86
|
+
trimmed = stripped.tr!('-', '_') || stripped
|
87
|
+
cut = trimmed.start_with?(HTTP_PREFIX) ? trimmed[5..] : trimmed
|
88
|
+
@_normalized_keys[str] = cut
|
89
|
+
end
|
88
90
|
end
|
89
91
|
end
|
90
92
|
end
|