RubyGems - contrast-agent - Versions diffs - 4.2.0 → 4.3.0 - Mend

contrast-agent 4.2.0 → 4.3.0

Files changed (106) hide show

data/lib/contrast/logger/application.rb CHANGED

@@ -41,9 +41,6 @@ module Contrast
           hash[conversion.key] = conversion.dot_path_array.join('.')
         end
         info('Set by environment', overrides: env_translations)
-      rescue StandardError => e
-        puts e
-        sleep(5)
       end
       def application_libraries

data/lib/contrast/utils/duck_utils.rb CHANGED

@@ -4,7 +4,7 @@
 module Contrast
   module Utils
     # Utility methods for identifying instances that can be used interchangeably
-    class DuckUtils
+    module DuckUtils
       class << self
         # Determine if the given object, or the object to which it delegates,
         # responds to the given method.

data/lib/contrast/utils/heap_dump_util.rb CHANGED

@@ -106,7 +106,7 @@ module Contrast
           logger.info('********        HEAP DUMP HAS CONCLUDED      ********')
           logger.info('***     APPLICATION PROCESS WILL EXIT SHORTLY     ***')
           logger.info('*****************************************************')
-          exit # We weren't kidding!
+          exit # rubocop:disable Rails/Exit We weren't kidding!
         end
       end
     end

data/lib/contrast/utils/object_share.rb CHANGED

@@ -1,13 +1,13 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-# rubocop:disable  Object/Freeze
+# rubocop:disable Security/Object/Freeze
 module Contrast
   module Utils
     # A utility class where a series of commonly used Strings and other
     # commonly used objects can be store and frozen to prevent unnecessary
     # duplication.
-    class ObjectShare
+    module ObjectShare
       # Strings
       ASTERISK =      '*'
       BACK_SLASH =    '\\'
@@ -76,4 +76,4 @@ module Contrast
     end
   end
 end
-# rubocop:enable  Object/Freeze
+# rubocop:enable Security/Object/Freeze

data/lib/contrast/utils/preflight_util.rb CHANGED

@@ -4,7 +4,7 @@
 module Contrast
   module Utils
     # Utility for generating preflight message token
-    class PreflightUtil
+    module PreflightUtil
       def self.create_preflight finding
         "#{ finding.rule_id },#{ finding.hash_code }"
       end

data/lib/contrast/utils/prevent_serialization.rb CHANGED

@@ -7,7 +7,7 @@ module Contrast
     #
     # Marshal is pretty cool. It does a lot of things well. What it doesn't
     # mess around with though is StringIO. And what we don't want to do is
-    # serialize ourselves out with Marshal#dump.
+    # serialize ourselves out with Marshal.dump.
     #
     # Unfortunately, we have to mess around w/ that. To isolate our things from
     # user dumped Strings (and so that we can marshal findings), we have

data/lib/contrast/utils/resource_loader.rb CHANGED

@@ -4,7 +4,7 @@
 module Contrast
   module Utils
     # ResourceLoader can attempt to read a file from a predefined resource directory
-    class ResourceLoader
+    module ResourceLoader
       RESOURCES = 'resources'
       # __FILE__/../../../resources

data/lib/contrast/utils/sha256_builder.rb CHANGED

@@ -29,8 +29,8 @@ module Contrast
       # Generate a SHA256 hash of the combined source code of this Gem
       def sha256 path
-        return nil unless path
-        return nil unless File.exist?(path) && !File.directory?(path)
+        return unless path
+        return unless File.exist?(path) && !File.directory?(path)
         @sha256_cache[path] ||= Digest::SHA256.file(path).to_s
       end

data/lib/contrast/utils/string_utils.rb CHANGED

@@ -74,7 +74,7 @@ module Contrast
       # @return [String] a copy of the given String, upper cased, trimmed,
       #   dashes replaced with underscore, and HTTP trimmed
       def self.normalized_key str
-        return nil unless str
+        return unless str
         str = str.to_s
         @_normalized_keys ||= {}

data/lib/contrast/utils/tag_util.rb CHANGED

@@ -19,16 +19,15 @@ module Contrast
             relationship = tag.compare_range(range.start_idx, range.end_idx)
             case relationship
-            when Contrast::Agent::Assess::Tag::BELOW
               # since the tags are ordered, if we're below, nope out
-              return false
-            when Contrast::Agent::Assess::Tag::LOW_SPAN
-              # if we ever get a low span, that means a low part
-              # won't be covered. there's no need to continue
-              return false
-            when Contrast::Agent::Assess::Tag::WITHOUT
-              # if we ever get a without, that means a low part won't
-              # be covered. there's no need to continue
+            when Contrast::Agent::Assess::Tag::BELOW,
+                # if we ever get a low span, that means a low part
+                # won't be covered. there's no need to continue
+                Contrast::Agent::Assess::Tag::LOW_SPAN,
+                # if we ever get a without, that means a low part won't
+                # be covered. there's no need to continue
+                Contrast::Agent::Assess::Tag::WITHOUT
               return false
             when Contrast::Agent::Assess::Tag::WITHIN
               # if we're within, then 0 out this tag since it is
@@ -131,10 +130,7 @@ module Contrast
           smallered = []
           curr = nil
           tags.each do |tag|
-            if curr.nil?
-              curr = tag
-              smallered << curr
-            elsif tag.start_idx <= curr.end_idx
+            if curr && tag.start_idx <= curr.end_idx
               curr.update_end(tag.end_idx) if tag.end_idx > curr.end_idx
             else
               curr = tag

data/resources/assess/policy.json CHANGED

@@ -640,7 +640,7 @@
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
       "patch_method": "gsub_tagger",
-      "source": "O,P",
+      "source": "O,P1",
       "target": "R"
     }, {
       "class_name": "String",
@@ -650,7 +650,7 @@
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
       "patch_method": "gsub_tagger",
-      "source": "O,P",
+      "source": "O,P1",
       "target": "O"
     }, {
       "class_name": "String",
@@ -660,7 +660,7 @@
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
       "patch_method": "sub_tagger",
-      "source": "O,P",
+      "source": "O,P1",
       "target": "R"
     }, {
       "class_name": "String",
@@ -670,7 +670,7 @@
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Substitution",
       "patch_method": "sub_tagger",
-      "source": "O,P",
+      "source": "O,P1",
       "target": "O"
     }, {
       "class_name": "String",
@@ -680,7 +680,7 @@
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
       "patch_method": "tr_tagger",
-      "source": "O,P",
+      "source": "O,P1",
       "target": "R"
     }, {
       "class_name": "String",
@@ -690,7 +690,7 @@
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
       "patch_method": "tr_tagger",
-      "source": "O,P",
+      "source": "O,P1",
       "target": "O"
     }, {
       "class_name": "String",
@@ -700,7 +700,7 @@
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
       "patch_method": "tr_s_tagger",
-      "source": "O,P",
+      "source": "O,P1",
       "target": "R"
     }, {
       "class_name": "String",
@@ -710,7 +710,7 @@
       "action": "CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Trim",
       "patch_method": "tr_s_tagger",
-      "source": "O,P",
+      "source": "O,P1",
       "target": "O"
     }, {
       "class_name": "String",
@@ -984,7 +984,7 @@
       "action": "CUSTOM",
       "patch_class": "Contrast::Extension::Assess::KernelPropagator",
       "patch_method": "sprintf_tagger",
-      "source": "O,P",
+      "source": "O,P1",
       "target": "R"
     }, {
       "class_name":"ActiveRecord::ConnectionAdapters::Quoting",

data/resources/deadzone/policy.json CHANGED

@@ -55,6 +55,162 @@
       "instance_method":true,
       "method_visibility": "public",
       "method_name":"commit_session"
+    }, {
+      "class_name":"Rack::Session::Abstract::Persisted",
+      "instance_method":true,
+      "method_visibility": "private",
+      "method_name":"session_exists?",
+      "code": "https://github.com/rack/rack/blob/master/lib/rack/session/abstract/id.rb#L334"
+    }, {
+      "class_name":"ActionDispatch::Http::MimeNegotiation",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"formats",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/mime_negotiation.rb#L63"
+    }, {
+      "class_name":"ActionDispatch::FileHandler",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"match?",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/static.rb#L30"
+    }, {
+      "class_name":"ActionDispatch::Journey::Router",
+      "instance_method":true,
+      "method_visibility": "private",
+      "method_name":"find_routes",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/journey/router.rb#L107"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"controler_class_for",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L84"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"engine_script_name=",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L158"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"remote_ip",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L286"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"request_id",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L302"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"local?",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L409"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"cookie_jar",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L11"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"have_cookie_jar?",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L24"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"key_generator",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L32"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"signed_cookie_salt",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L36"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"encrypted_cookie_salt",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L40"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"encrypted_signed_cookie_salt",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L44"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"authenticated_encrypted_cookie_salt",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L48"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"use_authenticated_cookie_encryption",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L52"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"encrypted_cookie_cipher",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L56"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"signed_cookie_digest",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L60"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"secret_key_base",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L64"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"cookies_serializer",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L68"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"cookies_digest",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L72"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"cookies_rotations",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L76"
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"use_cookies_with_metadata",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L80"
+    }, {
+      "class_name":"ActionDispatch::Request::Session",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"exists?",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/request/session.rb#L201"
+    }, {
+      "class_name":"ActionView::Template",
+      "instance_method":true,
+      "method_visibility": "private",
+      "method_name":"method_name",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionview/lib/action_view/template.rb#L368"
     }
   ]
 }

data/resources/protect/policy.json CHANGED

@@ -379,6 +379,18 @@
           "method_visibility": "public",
           "applicator_method": "apply_rule__io",
           "properties": {}
+        },{
+          "class_name": "Nokogiri::XML::Document",
+          "method_name": "parse",
+          "instance_method": false,
+          "method_visibility": "public",
+          "properties": {}
+        }, {
+          "class_name": "Nokogiri::XML::SAX::Parser",
+          "method_name": "parse",
+          "instance_method": true,
+          "method_visibility": "public",
+          "properties": {}
         },{
           "class_name": "Nokogiri::XML::SAX::Parser",
           "method_name": "parse_memory",

data/ruby-agent.gemspec CHANGED

@@ -21,6 +21,7 @@ end
 # Add those dependencies required to develop or test the Agent
 def self.add_dev_dependencies spec
   spec.add_development_dependency 'amazing_print'
+  spec.add_development_dependency 'benchmark-ips'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'climate_control' # mock ENV
   spec.add_development_dependency 'debase'
@@ -34,16 +35,18 @@ def self.add_dev_dependencies spec
   spec.add_development_dependency 'parser', '~> 2.6'
   spec.add_development_dependency 'pry'
   spec.add_development_dependency 'rails', '>= 3'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rake', '>= 12.3.3'
   spec.add_development_dependency 'rake-compiler', '~> 0'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec-benchmark'
   spec.add_development_dependency 'rspec_junit_formatter', '0.3.0'
-  spec.add_development_dependency 'rubocop', '0.93.1'
-  spec.add_development_dependency 'rubocop-performance', '1.8.1'
-  spec.add_development_dependency 'rubocop-rspec', '1.43.2'
+  spec.add_development_dependency 'rubocop', '1.6.1'
+  spec.add_development_dependency 'rubocop-performance', '1.9.1'
+  spec.add_development_dependency 'rubocop-rails', '2.9.1'
+  spec.add_development_dependency 'rubocop-rake', '0.5.1'
+  spec.add_development_dependency 'rubocop-rspec', '2.1.0'
   spec.add_development_dependency 'ruby-debug-ide'
-  spec.add_development_dependency 'simplecov', '~> 0.18'
+  spec.add_development_dependency 'simplecov', '0.20.0'
   spec.add_development_dependency 'sinatra', '>= 2'
   spec.add_development_dependency 'sqlite3', '1.3.9'
   spec.add_development_dependency 'therubyracer'
@@ -59,7 +62,7 @@ end
 # corresponding update to the fake gem server data in TeamServer.
 def self.add_dependencies spec
   spec.add_dependency 'ougai', '~> 1.8'
-  spec.add_dependency 'parser', '~> 2.6'
+  spec.add_dependency 'parser', '~> 2.6' # TODO: RUBY-714 remove w/ EOL of 2.5
   spec.add_dependency 'protobuf', '~> 3.10'
   spec.add_dependency 'rack', '~> 2.0'
 end

data/service_executables/VERSION CHANGED

	@@ -1 +1 @@
1	- 2.16.0
1	+ 2.17.2

data/service_executables/linux/contrast-service CHANGED

Binary file

data/service_executables/mac/contrast-service CHANGED

Binary file