contrast-agent 4.3.2 → 4.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/contrast/agent.rb +5 -1
- data/lib/contrast/agent/assess.rb +0 -9
- data/lib/contrast/agent/assess/contrast_event.rb +0 -2
- data/lib/contrast/agent/assess/contrast_object.rb +5 -2
- data/lib/contrast/agent/assess/finalizers/hash.rb +7 -0
- data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +17 -3
- data/lib/contrast/agent/assess/policy/propagation_method.rb +28 -13
- data/lib/contrast/agent/assess/policy/propagator/append.rb +28 -13
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +21 -16
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +23 -13
- data/lib/contrast/agent/assess/policy/propagator/split.rb +14 -7
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +30 -14
- data/lib/contrast/agent/assess/policy/trigger_method.rb +13 -8
- data/lib/contrast/agent/assess/policy/trigger_node.rb +28 -7
- data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +59 -0
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -2
- data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +6 -4
- data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +2 -4
- data/lib/contrast/agent/assess/properties.rb +0 -2
- data/lib/contrast/agent/assess/property/tagged.rb +37 -19
- data/lib/contrast/agent/assess/tracker.rb +1 -1
- data/lib/contrast/agent/middleware.rb +85 -55
- data/lib/contrast/agent/patching/policy/patch_status.rb +1 -1
- data/lib/contrast/agent/patching/policy/patcher.rb +51 -44
- data/lib/contrast/agent/patching/policy/trigger_node.rb +5 -2
- data/lib/contrast/agent/protect/rule/sqli.rb +17 -11
- data/lib/contrast/agent/request_context.rb +12 -0
- data/lib/contrast/agent/thread.rb +1 -1
- data/lib/contrast/agent/thread_watcher.rb +20 -5
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/api/communication/messaging_queue.rb +18 -21
- data/lib/contrast/api/communication/response_processor.rb +8 -1
- data/lib/contrast/api/communication/socket_client.rb +22 -14
- data/lib/contrast/api/decorators.rb +2 -0
- data/lib/contrast/api/decorators/agent_startup.rb +58 -0
- data/lib/contrast/api/decorators/application_startup.rb +51 -0
- data/lib/contrast/api/decorators/route_coverage.rb +15 -5
- data/lib/contrast/api/decorators/trace_event.rb +42 -14
- data/lib/contrast/components/agent.rb +2 -0
- data/lib/contrast/components/app_context.rb +4 -22
- data/lib/contrast/components/sampling.rb +48 -6
- data/lib/contrast/components/settings.rb +5 -4
- data/lib/contrast/framework/manager.rb +13 -12
- data/lib/contrast/framework/rails/support.rb +42 -43
- data/lib/contrast/framework/sinatra/support.rb +100 -41
- data/lib/contrast/logger/log.rb +31 -15
- data/lib/contrast/utils/class_util.rb +3 -1
- data/lib/contrast/utils/heap_dump_util.rb +103 -87
- data/lib/contrast/utils/invalid_configuration_util.rb +21 -12
- data/resources/assess/policy.json +3 -9
- data/resources/deadzone/policy.json +6 -0
- data/ruby-agent.gemspec +54 -16
- metadata +105 -136
- data/lib/contrast/agent/assess/rule.rb +0 -18
- data/lib/contrast/agent/assess/rule/base.rb +0 -52
- data/lib/contrast/agent/assess/rule/redos.rb +0 -67
- data/lib/contrast/framework/sinatra/patch/base.rb +0 -83
- data/lib/contrast/framework/sinatra/patch/support.rb +0 -27
- data/lib/contrast/utils/prevent_serialization.rb +0 -52
@@ -26,19 +26,9 @@ module Contrast
|
|
26
26
|
def cs__report_finding rule_id, user_provided_options, call_location
|
27
27
|
with_contrast_scope do
|
28
28
|
finding = Contrast::Api::Dtm::Finding.new
|
29
|
-
finding.rule_id = rule_id
|
30
|
-
path = call_location.path
|
31
|
-
# just get the file name, not the full path
|
32
|
-
path = path.split(Contrast::Utils::ObjectShare::SLASH).last
|
33
|
-
session_id = user_provided_options[:key].to_s if user_provided_options
|
34
|
-
|
35
29
|
finding.version = Contrast::Agent::Assess::Policy::TriggerMethod::CURRENT_FINDING_VERSION
|
36
|
-
finding.
|
37
|
-
finding
|
38
|
-
file_path = call_location.absolute_path
|
39
|
-
snippet = file_snippet(file_path, call_location)
|
40
|
-
finding.properties[CS__SNIPPET] = Contrast::Utils::StringUtils.force_utf8(snippet)
|
41
|
-
|
30
|
+
finding.rule_id = rule_id
|
31
|
+
set_properties(finding, user_provided_options, call_location)
|
42
32
|
hash = Contrast::Utils::HashDigest.generate_config_hash(finding)
|
43
33
|
finding.hash_code = Contrast::Utils::StringUtils.force_utf8(hash)
|
44
34
|
finding.preflight = Contrast::Utils::PreflightUtil.create_preflight(finding)
|
@@ -50,6 +40,25 @@ module Contrast
|
|
50
40
|
|
51
41
|
private
|
52
42
|
|
43
|
+
# Set the properties needed to report and subsequently render this finding on the finding given.
|
44
|
+
#
|
45
|
+
# @param finding [Contrast::Api::Dtm::Finding] the configuration finding to populate
|
46
|
+
# @param user_provided_options [Hash] the configuration value(s) which
|
47
|
+
# violated the rule
|
48
|
+
# @param call_location [Thread::Backtrace::Location] the location where
|
49
|
+
# the bad configuration was set
|
50
|
+
def set_properties finding, user_provided_options, call_location
|
51
|
+
path = call_location.path
|
52
|
+
# just get the file name, not the full path
|
53
|
+
path = path.split(Contrast::Utils::ObjectShare::SLASH).last
|
54
|
+
session_id = user_provided_options[:key].to_s if user_provided_options
|
55
|
+
finding.properties[CS__SESSION_ID] = Contrast::Utils::StringUtils.force_utf8(session_id)
|
56
|
+
finding.properties[CS__PATH] = Contrast::Utils::StringUtils.force_utf8(path)
|
57
|
+
file_path = call_location.absolute_path
|
58
|
+
snippet = file_snippet(file_path, call_location)
|
59
|
+
finding.properties[CS__SNIPPET] = Contrast::Utils::StringUtils.force_utf8(snippet)
|
60
|
+
end
|
61
|
+
|
53
62
|
def file_snippet file_path, call_location
|
54
63
|
idx = call_location&.lineno
|
55
64
|
if file_path && idx && File.exist?(file_path)
|
@@ -1173,26 +1173,20 @@
|
|
1173
1173
|
"instance_method": true,
|
1174
1174
|
"method_visibility": "public",
|
1175
1175
|
"method_name":"match",
|
1176
|
-
"source":"P0"
|
1177
|
-
"trigger_class": "Contrast::Agent::Assess::Rule::Redos",
|
1178
|
-
"trigger_method": "regexp_complexity_check"
|
1176
|
+
"source":"P0"
|
1179
1177
|
|
1180
1178
|
}, {
|
1181
1179
|
"class_name":"String",
|
1182
1180
|
"instance_method": true,
|
1183
1181
|
"method_visibility": "public",
|
1184
1182
|
"method_name":"=~",
|
1185
|
-
"source":"O"
|
1186
|
-
"trigger_class": "Contrast::Agent::Assess::Rule::Redos",
|
1187
|
-
"trigger_method": "regexp_complexity_check"
|
1183
|
+
"source":"O"
|
1188
1184
|
}, {
|
1189
1185
|
"class_name":"Regexp",
|
1190
1186
|
"instance_method": true,
|
1191
1187
|
"method_visibility": "public",
|
1192
1188
|
"method_name":"=~",
|
1193
|
-
"source":"P0"
|
1194
|
-
"trigger_class": "Contrast::Agent::Assess::Rule::Redos",
|
1195
|
-
"trigger_method": "regexp_complexity_check"
|
1189
|
+
"source":"P0"
|
1196
1190
|
|
1197
1191
|
}
|
1198
1192
|
]
|
@@ -205,6 +205,12 @@
|
|
205
205
|
"method_visibility": "public",
|
206
206
|
"method_name":"exists?",
|
207
207
|
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/request/session.rb#L201"
|
208
|
+
}, {
|
209
|
+
"class_name":"ActionView::Template",
|
210
|
+
"instance_method":true,
|
211
|
+
"method_visibility": "private",
|
212
|
+
"method_name":"method_name",
|
213
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionview/lib/action_view/template.rb#L368"
|
208
214
|
}
|
209
215
|
]
|
210
216
|
}
|
data/ruby-agent.gemspec
CHANGED
@@ -20,39 +20,77 @@ end
|
|
20
20
|
|
21
21
|
# Add those dependencies required to develop or test the Agent
|
22
22
|
def self.add_dev_dependencies spec
|
23
|
-
spec
|
24
|
-
spec
|
23
|
+
add_builders(spec)
|
24
|
+
add_debuggers(spec)
|
25
|
+
add_linters(spec)
|
26
|
+
add_specs(spec)
|
27
|
+
end
|
28
|
+
|
29
|
+
# Dependencies used to build the agent during development.
|
30
|
+
def self.add_builders spec
|
25
31
|
spec.add_development_dependency 'bundler'
|
26
|
-
spec.add_development_dependency '
|
27
|
-
spec.add_development_dependency '
|
32
|
+
spec.add_development_dependency 'rake', '>= 12.3.3'
|
33
|
+
spec.add_development_dependency 'rake-compiler', '~> 0'
|
34
|
+
end
|
35
|
+
|
36
|
+
# Dependencies used for local debugging during development.
|
37
|
+
def self.add_debuggers spec
|
38
|
+
spec.add_development_dependency 'pry'
|
39
|
+
spec.add_development_dependency 'ruby-debug-ide'
|
40
|
+
end
|
41
|
+
|
42
|
+
# Dependencies used for framework testing.
|
43
|
+
def self.add_frameworks spec
|
44
|
+
spec.add_development_dependency 'rails', '>= 3'
|
45
|
+
spec.add_development_dependency 'sinatra', '>= 2'
|
46
|
+
end
|
47
|
+
|
48
|
+
# Dependencies used for linting prior to commit.
|
49
|
+
def self.add_linters spec
|
28
50
|
spec.add_development_dependency 'debride'
|
29
|
-
spec.add_development_dependency 'execjs'
|
30
|
-
spec.add_development_dependency 'factory_bot'
|
31
|
-
spec.add_development_dependency 'fake_ftp'
|
32
51
|
spec.add_development_dependency 'fasterer'
|
33
52
|
spec.add_development_dependency 'flay'
|
53
|
+
add_rubocop(spec)
|
54
|
+
end
|
55
|
+
|
56
|
+
# Dependencies used to run our current RSpec test suite.
|
57
|
+
def self.add_specs spec
|
58
|
+
add_coverage(spec)
|
59
|
+
add_frameworks(spec)
|
60
|
+
add_tested_gems(spec)
|
61
|
+
|
62
|
+
spec.add_development_dependency 'benchmark-ips'
|
63
|
+
spec.add_development_dependency 'climate_control' # mock ENV
|
64
|
+
spec.add_development_dependency 'factory_bot'
|
65
|
+
spec.add_development_dependency 'fake_ftp'
|
34
66
|
spec.add_development_dependency 'openssl'
|
35
|
-
spec.add_development_dependency 'parser', '~> 2.6'
|
36
|
-
spec.add_development_dependency 'pry'
|
37
|
-
spec.add_development_dependency 'rails', '>= 3'
|
38
|
-
spec.add_development_dependency 'rake', '>= 12.3.3'
|
39
|
-
spec.add_development_dependency 'rake-compiler', '~> 0'
|
40
67
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
41
68
|
spec.add_development_dependency 'rspec-benchmark'
|
42
69
|
spec.add_development_dependency 'rspec_junit_formatter', '0.3.0'
|
70
|
+
end
|
71
|
+
|
72
|
+
def self.add_coverage spec
|
73
|
+
spec.add_development_dependency 'codecov'
|
74
|
+
spec.add_development_dependency 'simplecov', '0.20.0'
|
75
|
+
end
|
76
|
+
|
77
|
+
# Dependencies used to run all of our Rubocop during the linting phase.
|
78
|
+
def self.add_rubocop spec
|
43
79
|
spec.add_development_dependency 'rubocop', '1.6.1'
|
44
80
|
spec.add_development_dependency 'rubocop-performance', '1.9.1'
|
45
81
|
spec.add_development_dependency 'rubocop-rails', '2.9.1'
|
46
82
|
spec.add_development_dependency 'rubocop-rake', '0.5.1'
|
47
83
|
spec.add_development_dependency 'rubocop-rspec', '2.1.0'
|
48
|
-
|
49
|
-
|
50
|
-
|
84
|
+
end
|
85
|
+
|
86
|
+
# Dependencies not mocked out during RSpec that we test real code of, beyond just frameworks.
|
87
|
+
def self.add_tested_gems spec
|
88
|
+
spec.add_development_dependency 'debase'
|
89
|
+
spec.add_development_dependency 'execjs'
|
51
90
|
spec.add_development_dependency 'sqlite3', '1.3.9'
|
52
91
|
spec.add_development_dependency 'therubyracer'
|
53
92
|
spec.add_development_dependency 'tilt'
|
54
93
|
spec.add_development_dependency 'xpath'
|
55
|
-
spec.add_development_dependency 'yarjuf', '~> 2.0'
|
56
94
|
end
|
57
95
|
|
58
96
|
# Add those dependencies required to run the Agent in customer applications.
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: contrast-agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- galen.palmer@contrastsecurity.com
|
@@ -13,10 +13,10 @@ authors:
|
|
13
13
|
autorequire:
|
14
14
|
bindir: exe
|
15
15
|
cert_chain: []
|
16
|
-
date: 2021-02-
|
16
|
+
date: 2021-02-25 00:00:00.000000000 Z
|
17
17
|
dependencies:
|
18
18
|
- !ruby/object:Gem::Dependency
|
19
|
-
name:
|
19
|
+
name: bundler
|
20
20
|
requirement: !ruby/object:Gem::Requirement
|
21
21
|
requirements:
|
22
22
|
- - ">="
|
@@ -30,35 +30,35 @@ dependencies:
|
|
30
30
|
- !ruby/object:Gem::Version
|
31
31
|
version: '0'
|
32
32
|
- !ruby/object:Gem::Dependency
|
33
|
-
name:
|
33
|
+
name: rake
|
34
34
|
requirement: !ruby/object:Gem::Requirement
|
35
35
|
requirements:
|
36
36
|
- - ">="
|
37
37
|
- !ruby/object:Gem::Version
|
38
|
-
version:
|
38
|
+
version: 12.3.3
|
39
39
|
type: :development
|
40
40
|
prerelease: false
|
41
41
|
version_requirements: !ruby/object:Gem::Requirement
|
42
42
|
requirements:
|
43
43
|
- - ">="
|
44
44
|
- !ruby/object:Gem::Version
|
45
|
-
version:
|
45
|
+
version: 12.3.3
|
46
46
|
- !ruby/object:Gem::Dependency
|
47
|
-
name:
|
47
|
+
name: rake-compiler
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
49
49
|
requirements:
|
50
|
-
- - "
|
50
|
+
- - "~>"
|
51
51
|
- !ruby/object:Gem::Version
|
52
52
|
version: '0'
|
53
53
|
type: :development
|
54
54
|
prerelease: false
|
55
55
|
version_requirements: !ruby/object:Gem::Requirement
|
56
56
|
requirements:
|
57
|
-
- - "
|
57
|
+
- - "~>"
|
58
58
|
- !ruby/object:Gem::Version
|
59
59
|
version: '0'
|
60
60
|
- !ruby/object:Gem::Dependency
|
61
|
-
name:
|
61
|
+
name: pry
|
62
62
|
requirement: !ruby/object:Gem::Requirement
|
63
63
|
requirements:
|
64
64
|
- - ">="
|
@@ -72,7 +72,7 @@ dependencies:
|
|
72
72
|
- !ruby/object:Gem::Version
|
73
73
|
version: '0'
|
74
74
|
- !ruby/object:Gem::Dependency
|
75
|
-
name:
|
75
|
+
name: ruby-debug-ide
|
76
76
|
requirement: !ruby/object:Gem::Requirement
|
77
77
|
requirements:
|
78
78
|
- - ">="
|
@@ -100,7 +100,7 @@ dependencies:
|
|
100
100
|
- !ruby/object:Gem::Version
|
101
101
|
version: '0'
|
102
102
|
- !ruby/object:Gem::Dependency
|
103
|
-
name:
|
103
|
+
name: fasterer
|
104
104
|
requirement: !ruby/object:Gem::Requirement
|
105
105
|
requirements:
|
106
106
|
- - ">="
|
@@ -114,7 +114,7 @@ dependencies:
|
|
114
114
|
- !ruby/object:Gem::Version
|
115
115
|
version: '0'
|
116
116
|
- !ruby/object:Gem::Dependency
|
117
|
-
name:
|
117
|
+
name: flay
|
118
118
|
requirement: !ruby/object:Gem::Requirement
|
119
119
|
requirements:
|
120
120
|
- - ">="
|
@@ -128,77 +128,77 @@ dependencies:
|
|
128
128
|
- !ruby/object:Gem::Version
|
129
129
|
version: '0'
|
130
130
|
- !ruby/object:Gem::Dependency
|
131
|
-
name:
|
131
|
+
name: rubocop
|
132
132
|
requirement: !ruby/object:Gem::Requirement
|
133
133
|
requirements:
|
134
|
-
- -
|
134
|
+
- - '='
|
135
135
|
- !ruby/object:Gem::Version
|
136
|
-
version:
|
136
|
+
version: 1.6.1
|
137
137
|
type: :development
|
138
138
|
prerelease: false
|
139
139
|
version_requirements: !ruby/object:Gem::Requirement
|
140
140
|
requirements:
|
141
|
-
- -
|
141
|
+
- - '='
|
142
142
|
- !ruby/object:Gem::Version
|
143
|
-
version:
|
143
|
+
version: 1.6.1
|
144
144
|
- !ruby/object:Gem::Dependency
|
145
|
-
name:
|
145
|
+
name: rubocop-performance
|
146
146
|
requirement: !ruby/object:Gem::Requirement
|
147
147
|
requirements:
|
148
|
-
- -
|
148
|
+
- - '='
|
149
149
|
- !ruby/object:Gem::Version
|
150
|
-
version:
|
150
|
+
version: 1.9.1
|
151
151
|
type: :development
|
152
152
|
prerelease: false
|
153
153
|
version_requirements: !ruby/object:Gem::Requirement
|
154
154
|
requirements:
|
155
|
-
- -
|
155
|
+
- - '='
|
156
156
|
- !ruby/object:Gem::Version
|
157
|
-
version:
|
157
|
+
version: 1.9.1
|
158
158
|
- !ruby/object:Gem::Dependency
|
159
|
-
name:
|
159
|
+
name: rubocop-rails
|
160
160
|
requirement: !ruby/object:Gem::Requirement
|
161
161
|
requirements:
|
162
|
-
- -
|
162
|
+
- - '='
|
163
163
|
- !ruby/object:Gem::Version
|
164
|
-
version:
|
164
|
+
version: 2.9.1
|
165
165
|
type: :development
|
166
166
|
prerelease: false
|
167
167
|
version_requirements: !ruby/object:Gem::Requirement
|
168
168
|
requirements:
|
169
|
-
- -
|
169
|
+
- - '='
|
170
170
|
- !ruby/object:Gem::Version
|
171
|
-
version:
|
171
|
+
version: 2.9.1
|
172
172
|
- !ruby/object:Gem::Dependency
|
173
|
-
name:
|
173
|
+
name: rubocop-rake
|
174
174
|
requirement: !ruby/object:Gem::Requirement
|
175
175
|
requirements:
|
176
|
-
- -
|
176
|
+
- - '='
|
177
177
|
- !ruby/object:Gem::Version
|
178
|
-
version:
|
178
|
+
version: 0.5.1
|
179
179
|
type: :development
|
180
180
|
prerelease: false
|
181
181
|
version_requirements: !ruby/object:Gem::Requirement
|
182
182
|
requirements:
|
183
|
-
- -
|
183
|
+
- - '='
|
184
184
|
- !ruby/object:Gem::Version
|
185
|
-
version:
|
185
|
+
version: 0.5.1
|
186
186
|
- !ruby/object:Gem::Dependency
|
187
|
-
name:
|
187
|
+
name: rubocop-rspec
|
188
188
|
requirement: !ruby/object:Gem::Requirement
|
189
189
|
requirements:
|
190
|
-
- -
|
190
|
+
- - '='
|
191
191
|
- !ruby/object:Gem::Version
|
192
|
-
version:
|
192
|
+
version: 2.1.0
|
193
193
|
type: :development
|
194
194
|
prerelease: false
|
195
195
|
version_requirements: !ruby/object:Gem::Requirement
|
196
196
|
requirements:
|
197
|
-
- -
|
197
|
+
- - '='
|
198
198
|
- !ruby/object:Gem::Version
|
199
|
-
version:
|
199
|
+
version: 2.1.0
|
200
200
|
- !ruby/object:Gem::Dependency
|
201
|
-
name:
|
201
|
+
name: codecov
|
202
202
|
requirement: !ruby/object:Gem::Requirement
|
203
203
|
requirements:
|
204
204
|
- - ">="
|
@@ -212,63 +212,49 @@ dependencies:
|
|
212
212
|
- !ruby/object:Gem::Version
|
213
213
|
version: '0'
|
214
214
|
- !ruby/object:Gem::Dependency
|
215
|
-
name:
|
215
|
+
name: simplecov
|
216
216
|
requirement: !ruby/object:Gem::Requirement
|
217
217
|
requirements:
|
218
|
-
- -
|
218
|
+
- - '='
|
219
219
|
- !ruby/object:Gem::Version
|
220
|
-
version:
|
220
|
+
version: 0.20.0
|
221
221
|
type: :development
|
222
222
|
prerelease: false
|
223
223
|
version_requirements: !ruby/object:Gem::Requirement
|
224
224
|
requirements:
|
225
|
-
- -
|
225
|
+
- - '='
|
226
226
|
- !ruby/object:Gem::Version
|
227
|
-
version:
|
227
|
+
version: 0.20.0
|
228
228
|
- !ruby/object:Gem::Dependency
|
229
|
-
name:
|
229
|
+
name: rails
|
230
230
|
requirement: !ruby/object:Gem::Requirement
|
231
231
|
requirements:
|
232
232
|
- - ">="
|
233
233
|
- !ruby/object:Gem::Version
|
234
|
-
version:
|
234
|
+
version: '3'
|
235
235
|
type: :development
|
236
236
|
prerelease: false
|
237
237
|
version_requirements: !ruby/object:Gem::Requirement
|
238
238
|
requirements:
|
239
239
|
- - ">="
|
240
240
|
- !ruby/object:Gem::Version
|
241
|
-
version:
|
242
|
-
- !ruby/object:Gem::Dependency
|
243
|
-
name: rake-compiler
|
244
|
-
requirement: !ruby/object:Gem::Requirement
|
245
|
-
requirements:
|
246
|
-
- - "~>"
|
247
|
-
- !ruby/object:Gem::Version
|
248
|
-
version: '0'
|
249
|
-
type: :development
|
250
|
-
prerelease: false
|
251
|
-
version_requirements: !ruby/object:Gem::Requirement
|
252
|
-
requirements:
|
253
|
-
- - "~>"
|
254
|
-
- !ruby/object:Gem::Version
|
255
|
-
version: '0'
|
241
|
+
version: '3'
|
256
242
|
- !ruby/object:Gem::Dependency
|
257
|
-
name:
|
243
|
+
name: sinatra
|
258
244
|
requirement: !ruby/object:Gem::Requirement
|
259
245
|
requirements:
|
260
|
-
- - "
|
246
|
+
- - ">="
|
261
247
|
- !ruby/object:Gem::Version
|
262
|
-
version: '
|
248
|
+
version: '2'
|
263
249
|
type: :development
|
264
250
|
prerelease: false
|
265
251
|
version_requirements: !ruby/object:Gem::Requirement
|
266
252
|
requirements:
|
267
|
-
- - "
|
253
|
+
- - ">="
|
268
254
|
- !ruby/object:Gem::Version
|
269
|
-
version: '
|
255
|
+
version: '2'
|
270
256
|
- !ruby/object:Gem::Dependency
|
271
|
-
name:
|
257
|
+
name: debase
|
272
258
|
requirement: !ruby/object:Gem::Requirement
|
273
259
|
requirements:
|
274
260
|
- - ">="
|
@@ -282,91 +268,77 @@ dependencies:
|
|
282
268
|
- !ruby/object:Gem::Version
|
283
269
|
version: '0'
|
284
270
|
- !ruby/object:Gem::Dependency
|
285
|
-
name:
|
286
|
-
requirement: !ruby/object:Gem::Requirement
|
287
|
-
requirements:
|
288
|
-
- - '='
|
289
|
-
- !ruby/object:Gem::Version
|
290
|
-
version: 0.3.0
|
291
|
-
type: :development
|
292
|
-
prerelease: false
|
293
|
-
version_requirements: !ruby/object:Gem::Requirement
|
294
|
-
requirements:
|
295
|
-
- - '='
|
296
|
-
- !ruby/object:Gem::Version
|
297
|
-
version: 0.3.0
|
298
|
-
- !ruby/object:Gem::Dependency
|
299
|
-
name: rubocop
|
271
|
+
name: execjs
|
300
272
|
requirement: !ruby/object:Gem::Requirement
|
301
273
|
requirements:
|
302
|
-
- -
|
274
|
+
- - ">="
|
303
275
|
- !ruby/object:Gem::Version
|
304
|
-
version:
|
276
|
+
version: '0'
|
305
277
|
type: :development
|
306
278
|
prerelease: false
|
307
279
|
version_requirements: !ruby/object:Gem::Requirement
|
308
280
|
requirements:
|
309
|
-
- -
|
281
|
+
- - ">="
|
310
282
|
- !ruby/object:Gem::Version
|
311
|
-
version:
|
283
|
+
version: '0'
|
312
284
|
- !ruby/object:Gem::Dependency
|
313
|
-
name:
|
285
|
+
name: sqlite3
|
314
286
|
requirement: !ruby/object:Gem::Requirement
|
315
287
|
requirements:
|
316
288
|
- - '='
|
317
289
|
- !ruby/object:Gem::Version
|
318
|
-
version: 1.9
|
290
|
+
version: 1.3.9
|
319
291
|
type: :development
|
320
292
|
prerelease: false
|
321
293
|
version_requirements: !ruby/object:Gem::Requirement
|
322
294
|
requirements:
|
323
295
|
- - '='
|
324
296
|
- !ruby/object:Gem::Version
|
325
|
-
version: 1.9
|
297
|
+
version: 1.3.9
|
326
298
|
- !ruby/object:Gem::Dependency
|
327
|
-
name:
|
299
|
+
name: therubyracer
|
328
300
|
requirement: !ruby/object:Gem::Requirement
|
329
301
|
requirements:
|
330
|
-
- -
|
302
|
+
- - ">="
|
331
303
|
- !ruby/object:Gem::Version
|
332
|
-
version:
|
304
|
+
version: '0'
|
333
305
|
type: :development
|
334
306
|
prerelease: false
|
335
307
|
version_requirements: !ruby/object:Gem::Requirement
|
336
308
|
requirements:
|
337
|
-
- -
|
309
|
+
- - ">="
|
338
310
|
- !ruby/object:Gem::Version
|
339
|
-
version:
|
311
|
+
version: '0'
|
340
312
|
- !ruby/object:Gem::Dependency
|
341
|
-
name:
|
313
|
+
name: tilt
|
342
314
|
requirement: !ruby/object:Gem::Requirement
|
343
315
|
requirements:
|
344
|
-
- -
|
316
|
+
- - ">="
|
345
317
|
- !ruby/object:Gem::Version
|
346
|
-
version: 0
|
318
|
+
version: '0'
|
347
319
|
type: :development
|
348
320
|
prerelease: false
|
349
321
|
version_requirements: !ruby/object:Gem::Requirement
|
350
322
|
requirements:
|
351
|
-
- -
|
323
|
+
- - ">="
|
352
324
|
- !ruby/object:Gem::Version
|
353
|
-
version: 0
|
325
|
+
version: '0'
|
354
326
|
- !ruby/object:Gem::Dependency
|
355
|
-
name:
|
327
|
+
name: xpath
|
356
328
|
requirement: !ruby/object:Gem::Requirement
|
357
329
|
requirements:
|
358
|
-
- -
|
330
|
+
- - ">="
|
359
331
|
- !ruby/object:Gem::Version
|
360
|
-
version:
|
332
|
+
version: '0'
|
361
333
|
type: :development
|
362
334
|
prerelease: false
|
363
335
|
version_requirements: !ruby/object:Gem::Requirement
|
364
336
|
requirements:
|
365
|
-
- -
|
337
|
+
- - ">="
|
366
338
|
- !ruby/object:Gem::Version
|
367
|
-
version:
|
339
|
+
version: '0'
|
368
340
|
- !ruby/object:Gem::Dependency
|
369
|
-
name:
|
341
|
+
name: benchmark-ips
|
370
342
|
requirement: !ruby/object:Gem::Requirement
|
371
343
|
requirements:
|
372
344
|
- - ">="
|
@@ -380,49 +352,49 @@ dependencies:
|
|
380
352
|
- !ruby/object:Gem::Version
|
381
353
|
version: '0'
|
382
354
|
- !ruby/object:Gem::Dependency
|
383
|
-
name:
|
355
|
+
name: climate_control
|
384
356
|
requirement: !ruby/object:Gem::Requirement
|
385
357
|
requirements:
|
386
|
-
- -
|
358
|
+
- - ">="
|
387
359
|
- !ruby/object:Gem::Version
|
388
|
-
version: 0
|
360
|
+
version: '0'
|
389
361
|
type: :development
|
390
362
|
prerelease: false
|
391
363
|
version_requirements: !ruby/object:Gem::Requirement
|
392
364
|
requirements:
|
393
|
-
- -
|
365
|
+
- - ">="
|
394
366
|
- !ruby/object:Gem::Version
|
395
|
-
version: 0
|
367
|
+
version: '0'
|
396
368
|
- !ruby/object:Gem::Dependency
|
397
|
-
name:
|
369
|
+
name: factory_bot
|
398
370
|
requirement: !ruby/object:Gem::Requirement
|
399
371
|
requirements:
|
400
372
|
- - ">="
|
401
373
|
- !ruby/object:Gem::Version
|
402
|
-
version: '
|
374
|
+
version: '0'
|
403
375
|
type: :development
|
404
376
|
prerelease: false
|
405
377
|
version_requirements: !ruby/object:Gem::Requirement
|
406
378
|
requirements:
|
407
379
|
- - ">="
|
408
380
|
- !ruby/object:Gem::Version
|
409
|
-
version: '
|
381
|
+
version: '0'
|
410
382
|
- !ruby/object:Gem::Dependency
|
411
|
-
name:
|
383
|
+
name: fake_ftp
|
412
384
|
requirement: !ruby/object:Gem::Requirement
|
413
385
|
requirements:
|
414
|
-
- -
|
386
|
+
- - ">="
|
415
387
|
- !ruby/object:Gem::Version
|
416
|
-
version:
|
388
|
+
version: '0'
|
417
389
|
type: :development
|
418
390
|
prerelease: false
|
419
391
|
version_requirements: !ruby/object:Gem::Requirement
|
420
392
|
requirements:
|
421
|
-
- -
|
393
|
+
- - ">="
|
422
394
|
- !ruby/object:Gem::Version
|
423
|
-
version:
|
395
|
+
version: '0'
|
424
396
|
- !ruby/object:Gem::Dependency
|
425
|
-
name:
|
397
|
+
name: openssl
|
426
398
|
requirement: !ruby/object:Gem::Requirement
|
427
399
|
requirements:
|
428
400
|
- - ">="
|
@@ -436,21 +408,21 @@ dependencies:
|
|
436
408
|
- !ruby/object:Gem::Version
|
437
409
|
version: '0'
|
438
410
|
- !ruby/object:Gem::Dependency
|
439
|
-
name:
|
411
|
+
name: rspec
|
440
412
|
requirement: !ruby/object:Gem::Requirement
|
441
413
|
requirements:
|
442
|
-
- - "
|
414
|
+
- - "~>"
|
443
415
|
- !ruby/object:Gem::Version
|
444
|
-
version: '0'
|
416
|
+
version: '3.0'
|
445
417
|
type: :development
|
446
418
|
prerelease: false
|
447
419
|
version_requirements: !ruby/object:Gem::Requirement
|
448
420
|
requirements:
|
449
|
-
- - "
|
421
|
+
- - "~>"
|
450
422
|
- !ruby/object:Gem::Version
|
451
|
-
version: '0'
|
423
|
+
version: '3.0'
|
452
424
|
- !ruby/object:Gem::Dependency
|
453
|
-
name:
|
425
|
+
name: rspec-benchmark
|
454
426
|
requirement: !ruby/object:Gem::Requirement
|
455
427
|
requirements:
|
456
428
|
- - ">="
|
@@ -464,19 +436,19 @@ dependencies:
|
|
464
436
|
- !ruby/object:Gem::Version
|
465
437
|
version: '0'
|
466
438
|
- !ruby/object:Gem::Dependency
|
467
|
-
name:
|
439
|
+
name: rspec_junit_formatter
|
468
440
|
requirement: !ruby/object:Gem::Requirement
|
469
441
|
requirements:
|
470
|
-
- -
|
442
|
+
- - '='
|
471
443
|
- !ruby/object:Gem::Version
|
472
|
-
version:
|
444
|
+
version: 0.3.0
|
473
445
|
type: :development
|
474
446
|
prerelease: false
|
475
447
|
version_requirements: !ruby/object:Gem::Requirement
|
476
448
|
requirements:
|
477
|
-
- -
|
449
|
+
- - '='
|
478
450
|
- !ruby/object:Gem::Version
|
479
|
-
version:
|
451
|
+
version: 0.3.0
|
480
452
|
- !ruby/object:Gem::Dependency
|
481
453
|
name: ougai
|
482
454
|
requirement: !ruby/object:Gem::Requirement
|
@@ -792,6 +764,7 @@ files:
|
|
792
764
|
- lib/contrast/agent/assess/policy/trigger/xpath.rb
|
793
765
|
- lib/contrast/agent/assess/policy/trigger_method.rb
|
794
766
|
- lib/contrast/agent/assess/policy/trigger_node.rb
|
767
|
+
- lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb
|
795
768
|
- lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb
|
796
769
|
- lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb
|
797
770
|
- lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb
|
@@ -799,13 +772,10 @@ files:
|
|
799
772
|
- lib/contrast/agent/assess/property/evented.rb
|
800
773
|
- lib/contrast/agent/assess/property/tagged.rb
|
801
774
|
- lib/contrast/agent/assess/property/updated.rb
|
802
|
-
- lib/contrast/agent/assess/rule.rb
|
803
|
-
- lib/contrast/agent/assess/rule/base.rb
|
804
775
|
- lib/contrast/agent/assess/rule/provider.rb
|
805
776
|
- lib/contrast/agent/assess/rule/provider/hardcoded_key.rb
|
806
777
|
- lib/contrast/agent/assess/rule/provider/hardcoded_password.rb
|
807
778
|
- lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb
|
808
|
-
- lib/contrast/agent/assess/rule/redos.rb
|
809
779
|
- lib/contrast/agent/assess/tag.rb
|
810
780
|
- lib/contrast/agent/assess/tracker.rb
|
811
781
|
- lib/contrast/agent/at_exit_hook.rb
|
@@ -892,7 +862,9 @@ files:
|
|
892
862
|
- lib/contrast/api/communication/unix_socket.rb
|
893
863
|
- lib/contrast/api/decorators.rb
|
894
864
|
- lib/contrast/api/decorators/address.rb
|
865
|
+
- lib/contrast/api/decorators/agent_startup.rb
|
895
866
|
- lib/contrast/api/decorators/application_settings.rb
|
867
|
+
- lib/contrast/api/decorators/application_startup.rb
|
896
868
|
- lib/contrast/api/decorators/application_update.rb
|
897
869
|
- lib/contrast/api/decorators/http_request.rb
|
898
870
|
- lib/contrast/api/decorators/input_analysis.rb
|
@@ -978,8 +950,6 @@ files:
|
|
978
950
|
- lib/contrast/framework/rails/rewrite/active_record_named.rb
|
979
951
|
- lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb
|
980
952
|
- lib/contrast/framework/rails/support.rb
|
981
|
-
- lib/contrast/framework/sinatra/patch/base.rb
|
982
|
-
- lib/contrast/framework/sinatra/patch/support.rb
|
983
953
|
- lib/contrast/framework/sinatra/support.rb
|
984
954
|
- lib/contrast/funchook/funchook.rb
|
985
955
|
- lib/contrast/logger/application.rb
|
@@ -1004,7 +974,6 @@ files:
|
|
1004
974
|
- lib/contrast/utils/object_share.rb
|
1005
975
|
- lib/contrast/utils/os.rb
|
1006
976
|
- lib/contrast/utils/preflight_util.rb
|
1007
|
-
- lib/contrast/utils/prevent_serialization.rb
|
1008
977
|
- lib/contrast/utils/resource_loader.rb
|
1009
978
|
- lib/contrast/utils/ruby_ast_rewriter.rb
|
1010
979
|
- lib/contrast/utils/sha256_builder.rb
|