contrast-agent 4.2.0 → 4.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 713e0f9cd16184d4b5da094f0d05b006870f557edfa0fc0ac199bf1035acfe45
-  data.tar.gz: f37a1ab7901a7c42bf5dce897c6dd0218f4df40d057c8719e3027f802ecd3c52
+  metadata.gz: b4d68285ac88a47686f1f2010c289acd21aef951c5189301cf26b0fff4ccd4ec
+  data.tar.gz: 80c18eddb06ed198fba30c8845f26ca608125bdba1ab9fc54386bfc5b1e7aa71
 SHA512:
-  metadata.gz: f1bcf5495957815fbe1acc801e9cdc9567a1a25f657b425a335cfa1412054ecdf4f92662d0eef0b19bdc2a1c5295b758d19ed4adf4cb7f37ef67bfaf4b67262f
-  data.tar.gz: bd3e6f02d68c7eaa9385f6626e52b3fe16cecbac10d53f8c82dd01b733c9f39666183afd21df601318ed95c482338b786e13cb8f087c8076872cd5fb3f4cfad8
+  metadata.gz: 262f3392e5af935faca1fd6404935911f4f1b1a6da2c086820988c726a68a9f99a1778c3f05b7d1b2a469024aaedb2b213176597c9525c622153f3300333aac5
+  data.tar.gz: 908ea4039a1a72c4d2b3d7354cd54362d9a3a3a5ca806ac645e858e2462701735618b12c07f0481496066ebf391749403b94a36e41ef4ac98dffea599ddb9c41

data/Rakefile

@@ -18,6 +18,7 @@ Dir['ext/cs__*'].each do |extension|
   end
 end
 
+desc 'compile the protobuf files for the agent, translating them to .rb classes'
 task :contrast_pb_compile do
   # do some stuff before compile
 

data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c

@@ -5,28 +5,39 @@
 #include "../cs__common/cs__common.h"
 #include <ruby.h>
 
-static VALUE contrast_assess_marshal_module_load(const int argc,
+static VALUE contrast_marshal_module_load(const int argc,
                                                  const VALUE *argv) {
     VALUE result;
     VALUE source_string;
-    result = rb_call_super(argc, argv);
 
+    // Our patches only need only apply in the case where there was valid input.
     if (argc >= 1) {
         source_string = argv[0];
+    } else {
+        source_string = Qnil;
+    }
+
+    // Run our protect code ahead of the original method
+    if (source_string != Qnil) {
+        rb_funcall(marshal_propagator, rb_sym_protect_marshal_load, 1, source_string);
+    }
 
+    // Invoke the original method
+    result = rb_call_super(argc, argv);
+
+    // Run our assess code after the original method
+    if (source_string != Qnil) {
         VALUE tracked =
             rb_funcall(properties_hash, rb_sym_hash_tracked, 1, source_string);
 
+        // Assuming the source is tracked and needs assess checks
         if (tracked == Qtrue) {
             VALUE skip =
                 rb_funcall(contrast_patcher(), rb_sym_skip_assess_analysis, 0);
-
+            // And Assess is enabled and applies to this request
             if (skip == Qfalse) {
-                VALUE scope =
-                    rb_funcall(contrast_patcher(), rb_sym_enter_scope, 0);
-                rb_funcall(marshal_module, rb_sym_assess_load_trigger_check, 2,
+                rb_funcall(marshal_propagator, rb_sym_assess_marshal_load, 2,
                            source_string, result);
-                rb_funcall(contrast_patcher(), rb_sym_exit_scope, 0);
             }
         }
     }
@@ -37,10 +48,11 @@ void Init_cs__assess_marshal_module(void) {
     // Contrast::Agent::Assess::Tracker::PROPERTIES_HASH
     VALUE tracker = rb_define_class_under(assess, "Tracker", rb_cObject);
     properties_hash = rb_const_get(tracker, rb_intern("PROPERTIES_HASH"));
-    marshal_module =
+    marshal_propagator =
         rb_define_class_under(core_assess, "MarshalPropagator", rb_cObject);
-    rb_sym_assess_load_trigger_check = rb_intern("cs__load_trigger_check");
+    rb_sym_assess_marshal_load = rb_intern("cs__load_assess");
+    rb_sym_protect_marshal_load = rb_intern("cs__load_protect");
 
     contrast_register_singleton_prepend_patch(
-        "Marshal", "load", &contrast_assess_marshal_module_load);
+        "Marshal", "load", &contrast_marshal_module_load);
 }

data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h

@@ -1,8 +1,9 @@
 #include <ruby.h>
 
-static VALUE marshal_module;
+static VALUE marshal_propagator;
 
-static VALUE rb_sym_assess_load_trigger_check;
+static VALUE rb_sym_assess_marshal_load;
+static VALUE rb_sym_protect_marshal_load;
 static VALUE properties_hash;
 
 /*
@@ -13,7 +14,7 @@ static VALUE properties_hash;
  * special case this for now.
  * -HM (shamelessly commenting on DP's work)
  */
-static VALUE contrast_assess_marshal_module_load(const int argc,
+static VALUE contrast_marshal_module_load(const int argc,
                                                  const VALUE *argv);
 
 void Init_cs__assess_marshal_module(void);

data/lib/contrast/agent.rb

@@ -56,8 +56,12 @@ module Contrast
       @_framework_manager ||= Contrast::Framework::Manager.new
     end
 
+    def self.heapdump_util
+      thread_watcher.heapdump_util
+    end
+
     def self.messaging_queue
-      @_messaging_queue ||= Contrast::Api::Communication::MessagingQueue.new
+      thread_watcher.messaging_queue
     end
 
     def self.thread_watcher

data/lib/contrast/agent/assess.rb

@@ -13,18 +13,9 @@ module Contrast
       require 'contrast/agent/rewriter'
       require 'contrast/agent/assess/policy/preshift'
 
-      require 'contrast/utils/prevent_serialization'
-
-      # Rules - generic
-      require 'contrast/agent/assess/rule'
-      require 'contrast/agent/assess/rule/base'
-
       # Dynamic Sources
       require 'contrast/agent/assess/policy/dynamic_source_factory'
 
-      # Rule: REDOS
-      require 'contrast/agent/assess/rule/redos'
-
       # reporting / tracking
       require 'contrast/agent/assess/properties'
       require 'contrast/agent/assess/tag'

data/lib/contrast/agent/assess/contrast_event.rb

@@ -5,10 +5,11 @@ require 'contrast/utils/assess/tracking_util'
 require 'contrast/utils/class_util'
 require 'contrast/utils/duck_utils'
 require 'contrast/utils/object_share'
-require 'contrast/utils/prevent_serialization'
 require 'contrast/utils/stack_trace_utils'
 require 'contrast/utils/string_utils'
 require 'contrast/utils/timer'
+require 'contrast/components/interface'
+require 'contrast/agent/assess/contrast_object'
 
 module Contrast
   module Agent
@@ -26,63 +27,21 @@ module Contrast
       #   created
       # @attr_reader thread [Integer] the object id of the thread on which this
       #   event was generated
-      # @attr_reader object [String] the safe representation of the Object on
-      #   which the method was invoked
-      # @attr_reader ret [String] the safe representation of the Return of the
-      #   invoked method
-      # @attr_reader args [Array<Object>] the safe representation of the
-      #   Arguments with which the method was invoked
+      # @attr_reader object [Contrast::Agent::Assess::ContrastObject] the safe
+      #   representation of the Object on which the method was invoked
+      # @attr_reader ret [Contrast::Agent::Assess::ContrastObject] the safe
+      #   representation of the Return of the invoked method
+      # @attr_reader args [Array<Contrast::Agent::Assess::ContrastObject>] the
+      #   safe representation of the Arguments with which the method was invoked
       class ContrastEvent
-        include Contrast::Utils::PreventSerialization
+        include Contrast::Components::Interface
+        access_component :analysis
 
-        class << self
-          # Given an array of arguments, copy them into a safe, meaning String,
-          # format that we can use to send to SR and TS for rendering.
-          #
-          # @param args [Array<Object>] the arguments to translate
-          # @return [Array<String>] the String forms of those Objects, as
-          #   determined by Contrast::Utils::ClassUtil.to_contrast_string
-          def safe_args_representation args
-            return nil unless args
-            return Contrast::Utils::ObjectShare::EMPTY_ARRAY if args.empty?
-
-            rep = []
-            args.each do |arg|
-              # We have to handle named args
-              rep <<  if arg.is_a?(Hash)
-                        safe_arg_hash_representation(arg)
-                      else
-                        Contrast::Utils::ClassUtil.to_contrast_string(arg)
-                      end
-            end
-            rep
-          end
-
-          # if given an object that can be duped, duplicate it. otherwise just
-          # return the original object. swallow all exceptions from
-          # non-duplicable things.
-          #
-          # we can't just check respond_to? though b/c dup exists on the
-          # base Object class
-          #
-          # @param original [Object, nil] the thing to duplicate
-          # @return [Object, nil] a copy of that thing
-          def safe_dup original
-            return nil unless original
-
-            Contrast::Agent::Assess::Tracker.duplicate(original)
-          end
-
-          private
-
-          def safe_arg_hash_representation hash
-            # since this is the named hash for arguments, only the value is
-            # suspect here
-            hash.transform_values { |v| Contrast::Utils::ClassUtil.to_contrast_string(v) }
-          end
-        end
-
-        attr_reader :event_id, :policy_node, :stack_trace, :time, :thread, :object, :ret, :args
+        attr_reader :event_id, :policy_node, :stack_trace, :time, :thread,
+                    :object,
+                    :ret,
+                    :args,
+                    :tags
 
         # We need this to track the parent id's of events to build up a flow
         # chart of the finding
@@ -106,16 +65,25 @@ module Contrast
         #   was invoked
         def initialize policy_node, tagged, object, ret, args
           @policy_node = policy_node
-          # so long as this event is built in a factory, we know Contrast Code
+
+          # Capture stacktraces only as configured.
+          #
+          # So long as this event is built in a factory, we know Contrast Code
           # will be the first three events
-          @stack_trace = caller(3, 20)
+          @stack_trace = if ASSESS.capture_stacktrace?(policy_node)
+                           caller(3, 20)
+                         else
+                           Contrast::Utils::ObjectShare::EMPTY_ARRAY
+                         end
+
           @time = Contrast::Utils::Timer.now_ms
           @thread = Thread.current.object_id
 
           # These methods rely on the above being set. Don't move them!
           @event_id = Contrast::Agent::Assess::ContrastEvent.next_atomic_id
+          @tags = Contrast::Agent::Assess::Tracker.properties(tagged)&.tags
           find_parent_events!(policy_node, object, ret, args)
-          snapshot!(tagged, object, ret, args)
+          snapshot!(object, ret, args)
         end
 
         def parent_events
@@ -128,22 +96,17 @@ module Contrast
         #    Per TS law, each policy_node must have at least a source or a target.
         #    The only type of policy_node w/o targets is a Trigger, but that may
         #    change.
-        # 2) If I have a highlight, it means that I have a P target that is
-        #    not in integer form (it was a named / keyword type for which I had
-        #    to find the index). I need to address this so that TS can process
-        #    it.
-        # 3) I'll set the event's source and target to TS values.
-        # 4) Return the highlight or the first source/target as the taint
-        #    target.
+        # 2) I'll set the event's source and target to TS values.
+        # 3) Return the first source/target as the taint target.
         def determine_taint_target event_dtm
           if @policy_node&.targets&.any?
             event_dtm.source = @policy_node.source_string if @policy_node.source_string
-            event_dtm.target = @highlight ? "P#{ @highlight }" : @policy_node.target_string
-            @highlight || @policy_node.targets[0]
+            event_dtm.target = @policy_node.target_string
+            @policy_node.targets[0]
           elsif policy_node&.sources&.any?
-            event_dtm.source = @highlight ? "P#{ @highlight }" : @policy_node.source_string
+            event_dtm.source = @policy_node.source_string
             event_dtm.target = @policy_node.target_string if @policy_node.target_string
-            @highlight || @policy_node.sources[0]
+            @policy_node.sources[0]
           end
         end
 
@@ -193,16 +156,7 @@ module Contrast
           when Contrast::Utils::ObjectShare::RETURN_KEY
             ret
           else
-            if source.is_a?(Integer)
-              args[source]
-            else
-              args.each do |search|
-                next unless search.is_a?(Hash)
-
-                s = search[source]
-                return s if s
-              end
-            end
+            args[source]
           end
         end
 
@@ -212,65 +166,28 @@ module Contrast
         # them for our later use. We set those safe values to this event's
         # instance variables.
         #
-        # @param tagged [Object] the Target to which this event pertains.
         # @param object [Object] the Object on which the method was invoked
         # @param ret [Object] the Return of the invoked method
         # @param args [Array<Object>] the Arguments with which the method
         #   was invoked
-        def snapshot! tagged, object, ret, args
-          target = @policy_node.target
-          case target
-            # If the target is nil, this rule was violated simply by a method
-            # being called. We'll save all the information, but nothing will be
-            # marked up, as nothing need be tracked
-          when nil
-            @object = Contrast::Utils::ClassUtil.to_contrast_string(object)
-            @args = cs__class.safe_args_representation(args)
-            @ret = Contrast::Utils::ClassUtil.to_contrast_string(ret)
-            # If the target is O, then we dup the O and safely represent the rest
-          when Contrast::Utils::ObjectShare::OBJECT_KEY
-            @object = cs__class.safe_dup(tagged)
-            @args = cs__class.safe_args_representation(args)
-            @ret = Contrast::Utils::ClassUtil.to_contrast_string(ret)
-            # If the target is R, then we dup the R and safely represent the rest
-          when Contrast::Utils::ObjectShare::RETURN_KEY
-            @object = Contrast::Utils::ClassUtil.to_contrast_string(object)
-            @args = cs__class.safe_args_representation(args)
-            @ret = cs__class.safe_dup(tagged)
-            # If the target is P*, then we need to dup things a differently. We
-            # need to find the true target inside so that we can mark it up
-            # later, but the other args should be represented as their safe form.
-          else
-            @object = Contrast::Utils::ClassUtil.to_contrast_string(object)
-            @args = cs__class.safe_args_representation(args)
-            @ret = Contrast::Utils::ClassUtil.to_contrast_string(ret)
-            save_target_arg(target, tagged)
-          end
+        def snapshot! object, ret, args
+          @object = Contrast::Agent::Assess::ContrastObject.new(object) if object
+          @ret = Contrast::Agent::Assess::ContrastObject.new(ret) if ret
+          @args = safe_args_representation(args)
+          self
         end
 
-        # I know we're creating an extra string here since we replace the safe
-        # one w/ a dup, but good enough for now. Trying not to make this too
-        # complicated. - HM 8/8/19
+        # Given an array of arguments, copy them into a safe, meaning String,
+        # format that we can use to send to SR and TS for rendering.
         #
-        # @param target [String,Integer] the marker for the target index
-        # @param tagged [Object] the actual Object that we're acting on which
-        #   has tags
-        def save_target_arg target, tagged
-          return if @args.cs__frozen?
-
-          if target.is_a?(Integer)
-            @args[target] = cs__class.safe_dup(tagged)
-            return
-          end
-
-          @args.each_with_index do |search, index|
-            next unless search.is_a?(Hash)
-            next unless search[target]
-
-            search[target] = cs__class.safe_dup(tagged)
-            @highlight = index
-            break
-          end
+        # @param args [Array<Object>] the arguments to translate
+        # @return [Array<Contrast::Agent::Assess::ContrastObject>] the String forms of those Objects, as
+        #   determined by Contrast::Utils::ClassUtil.to_contrast_string
+        def safe_args_representation args
+          return unless args
+          return Contrast::Utils::ObjectShare::EMPTY_ARRAY if args.empty?
+
+          args.map { |arg| arg ? Contrast::Agent::Assess::ContrastObject.new(arg) : nil }
         end
       end
     end

data/lib/contrast/agent/assess/contrast_object.rb

@@ -0,0 +1,54 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/class_util'
+require 'contrast/utils/object_share'
+require 'contrast/agent/assess/tracker'
+
+module Contrast
+  module Agent
+    module Assess
+      # This class is a convenient holder of our version of an Object. It
+      # creates a String version of the Object from the original provided
+      # and keeps reference to the original's Tags, letting us determine if it
+      # was tracked when we try to report to TeamServer.
+      #
+      # @attr_reader object [String, nil] the Contrast string representing the
+      #   object.
+      # @attr_reader object_type [String] the name of the object's module.
+      # @attr_reader tags [Hash{String => Contrast::Agent::Assess::Tag}, nil]
+      #   the tags on the object before it was captured.
+      #
+      # TODO: RUBY-1083 determine if this is expensive and/or worth not storing
+      #   these values directly on ContrastEvent and passing them around. Args
+      #   probably make the argument for wrapping them b/c otherwise we'll have
+      #   to keep two arrays in synch or make an array of arrays, at which
+      #   point, we may as well make this.
+      class ContrastObject
+        attr_reader :object, :object_type, :tags
+
+        # Capture the details about the object which we need to render it in
+        # TeamServer.
+        #
+        # @param object [Object, nil] the thing to keep a Contrast String of
+        def initialize object
+          if object
+            @object = Contrast::Utils::ClassUtil.to_contrast_string(object)
+            @object_type = object.cs__class.name
+            # TODO: RUBY-1084 determine if we need to copy these tags to
+            #   restore immutability. For instance, if these tags were on a
+            #   String that was then #reverse!'d, would our tags be wrong?
+            @tags = Contrast::Agent::Assess::Tracker.properties(object)&.tags
+          else
+            @object = Contrast::Utils::ObjectShare::NIL_STRING
+            @object_type = nil.cs__class.name
+          end
+        end
+
+        def tracked?
+          tags&.any?
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/assess/events/source_event.rb

@@ -58,19 +58,14 @@ module Contrast
 
           # We have to do a little work to figure out what our TS appropriate
           # target is. To break this down, the logic is as follows:
-          # 1) If I have a highlight, it means that I have a P target that is
-          #    not in integer form (it was a named / keyword type for which I had
-          #    to find the index). I need to address this so that TS can process
-          #    it.
-          # 2) I'll set the event's source and target to TS values.
-          # 3) Return the highlight or the first source/target as the taint
-          #    target.
+          # 1) I'll set the event's source and target to TS values.
+          # 2) Return the first source/target as the taint target.
           def determine_taint_target event_dtm
             return unless @policy_node&.targets&.any?
 
             event_dtm.source = @policy_node.source_string if @policy_node.source_string
-            event_dtm.target = @highlight ? "P#{ @highlight }" : @policy_node.target_string
-            @highlight || @policy_node.targets[0]
+            event_dtm.target = @policy_node.target_string
+            @policy_node.targets[0]
           end
         end
       end