contrast-agent 4.2.0 → 4.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Rakefile +1 -0
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +22 -10
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +4 -3
- data/lib/contrast/agent/assess/contrast_event.rb +49 -130
- data/lib/contrast/agent/assess/contrast_object.rb +51 -0
- data/lib/contrast/agent/assess/events/source_event.rb +4 -9
- data/lib/contrast/agent/assess/policy/patcher.rb +4 -3
- data/lib/contrast/agent/assess/policy/policy_node.rb +31 -59
- data/lib/contrast/agent/assess/policy/preshift.rb +3 -3
- data/lib/contrast/agent/assess/policy/propagation_method.rb +13 -19
- data/lib/contrast/agent/assess/policy/propagation_node.rb +12 -24
- data/lib/contrast/agent/assess/policy/propagator/append.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/center.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +1 -3
- data/lib/contrast/agent/assess/policy/propagator/insert.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/match_data.rb +3 -2
- data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/remove.rb +2 -4
- data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -2
- data/lib/contrast/agent/assess/policy/propagator/select.rb +3 -4
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +2 -4
- data/lib/contrast/agent/assess/policy/propagator/split.rb +73 -117
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +11 -11
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +3 -7
- data/lib/contrast/agent/assess/policy/source_method.rb +2 -14
- data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +5 -8
- data/lib/contrast/agent/assess/policy/trigger/xpath.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
- data/lib/contrast/agent/assess/property/tagged.rb +21 -15
- data/lib/contrast/agent/assess/rule/redos.rb +1 -1
- data/lib/contrast/agent/assess/tracker.rb +16 -18
- data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +7 -0
- data/lib/contrast/agent/middleware.rb +50 -1
- data/lib/contrast/agent/patching/policy/method_policy.rb +1 -1
- data/lib/contrast/agent/patching/policy/patch.rb +4 -4
- data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +47 -1
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +53 -0
- data/lib/contrast/agent/protect/rule/base.rb +63 -14
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +3 -3
- data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -4
- data/lib/contrast/agent/protect/rule/deserialization.rb +4 -1
- data/lib/contrast/agent/protect/rule/no_sqli.rb +3 -3
- data/lib/contrast/agent/protect/rule/sqli.rb +3 -3
- data/lib/contrast/agent/protect/rule/xxe.rb +32 -11
- data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +10 -6
- data/lib/contrast/agent/reaction_processor.rb +1 -1
- data/lib/contrast/agent/response.rb +5 -5
- data/lib/contrast/agent/rewriter.rb +3 -3
- data/lib/contrast/agent/scope.rb +33 -13
- data/lib/contrast/agent/static_analysis.rb +13 -7
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/api/decorators/library.rb +1 -0
- data/lib/contrast/api/decorators/library_usage_update.rb +1 -0
- data/lib/contrast/api/decorators/trace_event.rb +19 -31
- data/lib/contrast/api/decorators/trace_event_object.rb +11 -3
- data/lib/contrast/api/decorators/trace_event_signature.rb +27 -5
- data/lib/contrast/api/decorators/user_input.rb +2 -1
- data/lib/contrast/common_agent_configuration.rb +1 -1
- data/lib/contrast/components/assess.rb +36 -0
- data/lib/contrast/components/interface.rb +5 -3
- data/lib/contrast/components/scope.rb +23 -0
- data/lib/contrast/components/settings.rb +3 -3
- data/lib/contrast/config/assess_configuration.rb +2 -1
- data/lib/contrast/extension/assess/array.rb +1 -2
- data/lib/contrast/extension/assess/erb.rb +1 -3
- data/lib/contrast/extension/assess/exec_trigger.rb +1 -1
- data/lib/contrast/extension/assess/fiber.rb +2 -3
- data/lib/contrast/extension/assess/hash.rb +4 -2
- data/lib/contrast/extension/assess/kernel.rb +1 -2
- data/lib/contrast/extension/assess/marshal.rb +34 -26
- data/lib/contrast/extension/assess/regexp.rb +3 -8
- data/lib/contrast/extension/assess/string.rb +1 -2
- data/lib/contrast/framework/base_support.rb +51 -53
- data/lib/contrast/framework/manager.rb +3 -2
- data/lib/contrast/framework/rack/patch/session_cookie.rb +1 -1
- data/lib/contrast/framework/rack/support.rb +2 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
- data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +1 -1
- data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +1 -1
- data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +1 -1
- data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +1 -1
- data/lib/contrast/framework/rails/support.rb +2 -1
- data/lib/contrast/framework/sinatra/support.rb +3 -2
- data/lib/contrast/logger/application.rb +0 -3
- data/lib/contrast/utils/duck_utils.rb +1 -1
- data/lib/contrast/utils/heap_dump_util.rb +1 -1
- data/lib/contrast/utils/object_share.rb +3 -3
- data/lib/contrast/utils/preflight_util.rb +1 -1
- data/lib/contrast/utils/prevent_serialization.rb +1 -1
- data/lib/contrast/utils/resource_loader.rb +1 -1
- data/lib/contrast/utils/sha256_builder.rb +2 -2
- data/lib/contrast/utils/string_utils.rb +1 -1
- data/lib/contrast/utils/tag_util.rb +9 -13
- data/resources/assess/policy.json +9 -9
- data/resources/deadzone/policy.json +156 -0
- data/resources/protect/policy.json +12 -0
- data/ruby-agent.gemspec +9 -6
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +68 -25
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: contrast-agent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- galen.palmer@contrastsecurity.com
|
|
@@ -13,7 +13,7 @@ authors:
|
|
|
13
13
|
autorequire:
|
|
14
14
|
bindir: exe
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date:
|
|
16
|
+
date: 2021-01-29 00:00:00.000000000 Z
|
|
17
17
|
dependencies:
|
|
18
18
|
- !ruby/object:Gem::Dependency
|
|
19
19
|
name: amazing_print
|
|
@@ -29,6 +29,20 @@ dependencies:
|
|
|
29
29
|
- - ">="
|
|
30
30
|
- !ruby/object:Gem::Version
|
|
31
31
|
version: '0'
|
|
32
|
+
- !ruby/object:Gem::Dependency
|
|
33
|
+
name: benchmark-ips
|
|
34
|
+
requirement: !ruby/object:Gem::Requirement
|
|
35
|
+
requirements:
|
|
36
|
+
- - ">="
|
|
37
|
+
- !ruby/object:Gem::Version
|
|
38
|
+
version: '0'
|
|
39
|
+
type: :development
|
|
40
|
+
prerelease: false
|
|
41
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
42
|
+
requirements:
|
|
43
|
+
- - ">="
|
|
44
|
+
- !ruby/object:Gem::Version
|
|
45
|
+
version: '0'
|
|
32
46
|
- !ruby/object:Gem::Dependency
|
|
33
47
|
name: bundler
|
|
34
48
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -215,16 +229,16 @@ dependencies:
|
|
|
215
229
|
name: rake
|
|
216
230
|
requirement: !ruby/object:Gem::Requirement
|
|
217
231
|
requirements:
|
|
218
|
-
- - "
|
|
232
|
+
- - ">="
|
|
219
233
|
- !ruby/object:Gem::Version
|
|
220
|
-
version:
|
|
234
|
+
version: 12.3.3
|
|
221
235
|
type: :development
|
|
222
236
|
prerelease: false
|
|
223
237
|
version_requirements: !ruby/object:Gem::Requirement
|
|
224
238
|
requirements:
|
|
225
|
-
- - "
|
|
239
|
+
- - ">="
|
|
226
240
|
- !ruby/object:Gem::Version
|
|
227
|
-
version:
|
|
241
|
+
version: 12.3.3
|
|
228
242
|
- !ruby/object:Gem::Dependency
|
|
229
243
|
name: rake-compiler
|
|
230
244
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -287,42 +301,70 @@ dependencies:
|
|
|
287
301
|
requirements:
|
|
288
302
|
- - '='
|
|
289
303
|
- !ruby/object:Gem::Version
|
|
290
|
-
version:
|
|
304
|
+
version: 1.6.1
|
|
291
305
|
type: :development
|
|
292
306
|
prerelease: false
|
|
293
307
|
version_requirements: !ruby/object:Gem::Requirement
|
|
294
308
|
requirements:
|
|
295
309
|
- - '='
|
|
296
310
|
- !ruby/object:Gem::Version
|
|
297
|
-
version:
|
|
311
|
+
version: 1.6.1
|
|
298
312
|
- !ruby/object:Gem::Dependency
|
|
299
313
|
name: rubocop-performance
|
|
300
314
|
requirement: !ruby/object:Gem::Requirement
|
|
301
315
|
requirements:
|
|
302
316
|
- - '='
|
|
303
317
|
- !ruby/object:Gem::Version
|
|
304
|
-
version: 1.
|
|
318
|
+
version: 1.9.1
|
|
305
319
|
type: :development
|
|
306
320
|
prerelease: false
|
|
307
321
|
version_requirements: !ruby/object:Gem::Requirement
|
|
308
322
|
requirements:
|
|
309
323
|
- - '='
|
|
310
324
|
- !ruby/object:Gem::Version
|
|
311
|
-
version: 1.
|
|
325
|
+
version: 1.9.1
|
|
326
|
+
- !ruby/object:Gem::Dependency
|
|
327
|
+
name: rubocop-rails
|
|
328
|
+
requirement: !ruby/object:Gem::Requirement
|
|
329
|
+
requirements:
|
|
330
|
+
- - '='
|
|
331
|
+
- !ruby/object:Gem::Version
|
|
332
|
+
version: 2.9.1
|
|
333
|
+
type: :development
|
|
334
|
+
prerelease: false
|
|
335
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
336
|
+
requirements:
|
|
337
|
+
- - '='
|
|
338
|
+
- !ruby/object:Gem::Version
|
|
339
|
+
version: 2.9.1
|
|
340
|
+
- !ruby/object:Gem::Dependency
|
|
341
|
+
name: rubocop-rake
|
|
342
|
+
requirement: !ruby/object:Gem::Requirement
|
|
343
|
+
requirements:
|
|
344
|
+
- - '='
|
|
345
|
+
- !ruby/object:Gem::Version
|
|
346
|
+
version: 0.5.1
|
|
347
|
+
type: :development
|
|
348
|
+
prerelease: false
|
|
349
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
350
|
+
requirements:
|
|
351
|
+
- - '='
|
|
352
|
+
- !ruby/object:Gem::Version
|
|
353
|
+
version: 0.5.1
|
|
312
354
|
- !ruby/object:Gem::Dependency
|
|
313
355
|
name: rubocop-rspec
|
|
314
356
|
requirement: !ruby/object:Gem::Requirement
|
|
315
357
|
requirements:
|
|
316
358
|
- - '='
|
|
317
359
|
- !ruby/object:Gem::Version
|
|
318
|
-
version: 1.
|
|
360
|
+
version: 2.1.0
|
|
319
361
|
type: :development
|
|
320
362
|
prerelease: false
|
|
321
363
|
version_requirements: !ruby/object:Gem::Requirement
|
|
322
364
|
requirements:
|
|
323
365
|
- - '='
|
|
324
366
|
- !ruby/object:Gem::Version
|
|
325
|
-
version: 1.
|
|
367
|
+
version: 2.1.0
|
|
326
368
|
- !ruby/object:Gem::Dependency
|
|
327
369
|
name: ruby-debug-ide
|
|
328
370
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -341,16 +383,16 @@ dependencies:
|
|
|
341
383
|
name: simplecov
|
|
342
384
|
requirement: !ruby/object:Gem::Requirement
|
|
343
385
|
requirements:
|
|
344
|
-
- -
|
|
386
|
+
- - '='
|
|
345
387
|
- !ruby/object:Gem::Version
|
|
346
|
-
version:
|
|
388
|
+
version: 0.20.0
|
|
347
389
|
type: :development
|
|
348
390
|
prerelease: false
|
|
349
391
|
version_requirements: !ruby/object:Gem::Requirement
|
|
350
392
|
requirements:
|
|
351
|
-
- -
|
|
393
|
+
- - '='
|
|
352
394
|
- !ruby/object:Gem::Version
|
|
353
|
-
version:
|
|
395
|
+
version: 0.20.0
|
|
354
396
|
- !ruby/object:Gem::Dependency
|
|
355
397
|
name: sinatra
|
|
356
398
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -499,20 +541,20 @@ executables:
|
|
|
499
541
|
- contrast_service
|
|
500
542
|
extensions:
|
|
501
543
|
- ext/cs__common/extconf.rb
|
|
502
|
-
- ext/
|
|
503
|
-
- ext/cs__assess_fiber_track/extconf.rb
|
|
504
|
-
- ext/cs__assess_basic_object/extconf.rb
|
|
544
|
+
- ext/cs__assess_string_interpolation26/extconf.rb
|
|
505
545
|
- ext/cs__contrast_patch/extconf.rb
|
|
546
|
+
- ext/cs__assess_module/extconf.rb
|
|
547
|
+
- ext/cs__assess_marshal_module/extconf.rb
|
|
548
|
+
- ext/cs__assess_hash/extconf.rb
|
|
506
549
|
- ext/cs__assess_array/extconf.rb
|
|
550
|
+
- ext/cs__assess_basic_object/extconf.rb
|
|
507
551
|
- ext/cs__protect_kernel/extconf.rb
|
|
508
|
-
- ext/
|
|
552
|
+
- ext/cs__assess_string/extconf.rb
|
|
553
|
+
- ext/cs__assess_active_record_named/extconf.rb
|
|
509
554
|
- ext/cs__assess_regexp/extconf.rb
|
|
510
|
-
- ext/cs__assess_hash/extconf.rb
|
|
511
|
-
- ext/cs__assess_module/extconf.rb
|
|
512
|
-
- ext/cs__assess_string_interpolation26/extconf.rb
|
|
513
|
-
- ext/cs__assess_marshal_module/extconf.rb
|
|
514
555
|
- ext/cs__assess_yield_track/extconf.rb
|
|
515
|
-
- ext/
|
|
556
|
+
- ext/cs__assess_fiber_track/extconf.rb
|
|
557
|
+
- ext/cs__assess_kernel/extconf.rb
|
|
516
558
|
extra_rdoc_files: []
|
|
517
559
|
files:
|
|
518
560
|
- ".clang-format"
|
|
@@ -709,6 +751,7 @@ files:
|
|
|
709
751
|
- lib/contrast/agent.rb
|
|
710
752
|
- lib/contrast/agent/assess.rb
|
|
711
753
|
- lib/contrast/agent/assess/contrast_event.rb
|
|
754
|
+
- lib/contrast/agent/assess/contrast_object.rb
|
|
712
755
|
- lib/contrast/agent/assess/events/event_factory.rb
|
|
713
756
|
- lib/contrast/agent/assess/events/source_event.rb
|
|
714
757
|
- lib/contrast/agent/assess/finalizers/freeze.rb
|