contrast-agent 4.3.2 → 4.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitmodules +1 -1
- data/.simplecov +1 -1
- data/Gemfile +1 -1
- data/LICENSE.txt +1 -1
- data/Rakefile +2 -3
- data/exe/contrast_service +1 -1
- data/ext/build_funchook.rb +4 -4
- data/ext/cs__assess_active_record_named/cs__active_record_named.c +1 -1
- data/ext/cs__assess_active_record_named/extconf.rb +1 -1
- data/ext/cs__assess_array/cs__assess_array.c +1 -1
- data/ext/cs__assess_array/extconf.rb +1 -1
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +1 -1
- data/ext/cs__assess_basic_object/extconf.rb +1 -1
- data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
- data/ext/cs__assess_fiber_track/extconf.rb +1 -1
- data/ext/cs__assess_hash/cs__assess_hash.c +4 -2
- data/ext/cs__assess_hash/extconf.rb +1 -1
- data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -1
- data/ext/cs__assess_kernel/extconf.rb +1 -1
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +1 -1
- data/ext/cs__assess_marshal_module/extconf.rb +1 -1
- data/ext/cs__assess_module/cs__assess_module.c +1 -1
- data/ext/cs__assess_module/extconf.rb +1 -1
- data/ext/cs__assess_regexp/cs__assess_regexp.c +1 -1
- data/ext/cs__assess_regexp/extconf.rb +1 -1
- data/ext/cs__assess_string/cs__assess_string.c +1 -1
- data/ext/cs__assess_string/extconf.rb +1 -1
- data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +1 -1
- data/ext/cs__assess_string_interpolation26/extconf.rb +1 -1
- data/ext/cs__assess_yield_track/cs__assess_yield_track.c +1 -1
- data/ext/cs__assess_yield_track/extconf.rb +1 -1
- data/ext/cs__common/cs__common.c +5 -5
- data/ext/cs__common/cs__common.h +4 -4
- data/ext/cs__common/extconf.rb +1 -1
- data/ext/cs__contrast_patch/cs__contrast_patch.c +22 -25
- data/ext/cs__contrast_patch/extconf.rb +1 -1
- data/ext/cs__protect_kernel/cs__protect_kernel.c +1 -1
- data/ext/cs__protect_kernel/extconf.rb +1 -1
- data/ext/extconf_common.rb +2 -6
- data/lib/contrast-agent.rb +1 -1
- data/lib/contrast.rb +20 -1
- data/lib/contrast/agent.rb +6 -4
- data/lib/contrast/agent/assess.rb +2 -11
- data/lib/contrast/agent/assess/contrast_event.rb +54 -71
- data/lib/contrast/agent/assess/contrast_object.rb +7 -4
- data/lib/contrast/agent/assess/events/event_factory.rb +3 -2
- data/lib/contrast/agent/assess/events/source_event.rb +7 -2
- data/lib/contrast/agent/assess/finalizers/freeze.rb +1 -1
- data/lib/contrast/agent/assess/finalizers/hash.rb +33 -34
- data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +34 -16
- data/lib/contrast/agent/assess/policy/patcher.rb +11 -18
- data/lib/contrast/agent/assess/policy/policy.rb +1 -1
- data/lib/contrast/agent/assess/policy/policy_node.rb +26 -34
- data/lib/contrast/agent/assess/policy/policy_scanner.rb +1 -1
- data/lib/contrast/agent/assess/policy/preshift.rb +4 -2
- data/lib/contrast/agent/assess/policy/propagation_method.rb +32 -30
- data/lib/contrast/agent/assess/policy/propagation_node.rb +20 -9
- data/lib/contrast/agent/assess/policy/propagator.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/append.rb +29 -14
- data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/center.rb +3 -2
- data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +22 -17
- data/lib/contrast/agent/assess/policy/propagator/insert.rb +4 -2
- data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/match_data.rb +3 -2
- data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/remove.rb +23 -19
- data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/select.rb +3 -13
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +24 -14
- data/lib/contrast/agent/assess/policy/propagator/split.rb +18 -15
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +32 -22
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +64 -45
- data/lib/contrast/agent/assess/policy/rewriter_patch.rb +7 -4
- data/lib/contrast/agent/assess/policy/source_method.rb +92 -81
- data/lib/contrast/agent/assess/policy/source_node.rb +1 -1
- data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +8 -6
- data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +2 -4
- data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +7 -3
- data/lib/contrast/agent/assess/policy/trigger/xpath.rb +7 -8
- data/lib/contrast/agent/assess/policy/trigger_method.rb +109 -76
- data/lib/contrast/agent/assess/policy/trigger_node.rb +33 -11
- data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +60 -0
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +3 -5
- data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +7 -5
- data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +4 -13
- data/lib/contrast/agent/assess/properties.rb +1 -3
- data/lib/contrast/agent/assess/property/evented.rb +9 -6
- data/lib/contrast/agent/assess/property/tagged.rb +38 -20
- data/lib/contrast/agent/assess/property/updated.rb +1 -1
- data/lib/contrast/agent/assess/rule/provider.rb +1 -1
- data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +12 -6
- data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +5 -2
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +4 -6
- data/lib/contrast/agent/assess/tag.rb +1 -1
- data/lib/contrast/agent/assess/tracker.rb +2 -2
- data/lib/contrast/agent/at_exit_hook.rb +1 -1
- data/lib/contrast/agent/class_reopener.rb +4 -2
- data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +1 -1
- data/lib/contrast/agent/deadzone/policy/policy.rb +7 -3
- data/lib/contrast/agent/disable_reaction.rb +2 -4
- data/lib/contrast/agent/exclusion_matcher.rb +6 -12
- data/lib/contrast/agent/inventory.rb +1 -2
- data/lib/contrast/agent/inventory/dependencies.rb +3 -1
- data/lib/contrast/agent/inventory/dependency_analysis.rb +1 -1
- data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +35 -23
- data/lib/contrast/agent/inventory/policy/datastores.rb +1 -1
- data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
- data/lib/contrast/agent/inventory/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/middleware.rb +111 -110
- data/lib/contrast/agent/module_data.rb +4 -4
- data/lib/contrast/agent/patching/policy/after_load_patch.rb +1 -1
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +9 -4
- data/lib/contrast/agent/patching/policy/method_policy.rb +7 -3
- data/lib/contrast/agent/patching/policy/module_policy.rb +15 -8
- data/lib/contrast/agent/patching/policy/patch.rb +23 -29
- data/lib/contrast/agent/patching/policy/patch_status.rb +8 -9
- data/lib/contrast/agent/patching/policy/patcher.rb +72 -64
- data/lib/contrast/agent/patching/policy/policy.rb +14 -21
- data/lib/contrast/agent/patching/policy/policy_node.rb +15 -5
- data/lib/contrast/agent/patching/policy/trigger_node.rb +26 -10
- data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +2 -2
- data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +2 -2
- data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +2 -2
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +3 -4
- data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +2 -2
- data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +6 -10
- data/lib/contrast/agent/protect/policy/policy.rb +1 -1
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +6 -6
- data/lib/contrast/agent/protect/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/protect/rule.rb +1 -1
- data/lib/contrast/agent/protect/rule/base.rb +19 -33
- data/lib/contrast/agent/protect/rule/base_service.rb +10 -6
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +15 -19
- data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/deserialization.rb +7 -14
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +4 -15
- data/lib/contrast/agent/protect/rule/no_sqli.rb +7 -3
- data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +2 -4
- data/lib/contrast/agent/protect/rule/path_traversal.rb +6 -6
- data/lib/contrast/agent/protect/rule/sqli.rb +19 -13
- data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -2
- data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +2 -2
- data/lib/contrast/agent/protect/rule/xss.rb +2 -2
- data/lib/contrast/agent/protect/rule/xxe.rb +6 -13
- data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +2 -3
- data/lib/contrast/agent/railtie.rb +1 -1
- data/lib/contrast/agent/reaction_processor.rb +12 -11
- data/lib/contrast/agent/request.rb +25 -24
- data/lib/contrast/agent/request_context.rb +25 -23
- data/lib/contrast/agent/request_handler.rb +1 -1
- data/lib/contrast/agent/response.rb +1 -1
- data/lib/contrast/agent/rewriter.rb +6 -4
- data/lib/contrast/agent/rule_set.rb +3 -3
- data/lib/contrast/agent/scope.rb +1 -1
- data/lib/contrast/agent/service_heartbeat.rb +3 -4
- data/lib/contrast/agent/static_analysis.rb +1 -1
- data/lib/contrast/agent/thread.rb +2 -2
- data/lib/contrast/agent/thread_watcher.rb +21 -6
- data/lib/contrast/agent/tracepoint_hook.rb +2 -2
- data/lib/contrast/agent/version.rb +2 -2
- data/lib/contrast/agent/worker_thread.rb +1 -1
- data/lib/contrast/api.rb +1 -1
- data/lib/contrast/api/communication.rb +1 -1
- data/lib/contrast/api/communication/connection_status.rb +1 -1
- data/lib/contrast/api/communication/messaging_queue.rb +19 -22
- data/lib/contrast/api/communication/response_processor.rb +13 -8
- data/lib/contrast/api/communication/service_lifecycle.rb +5 -3
- data/lib/contrast/api/communication/socket.rb +1 -1
- data/lib/contrast/api/communication/socket_client.rb +30 -35
- data/lib/contrast/api/communication/speedracer.rb +6 -10
- data/lib/contrast/api/communication/tcp_socket.rb +1 -1
- data/lib/contrast/api/communication/unix_socket.rb +1 -1
- data/lib/contrast/api/decorators.rb +3 -1
- data/lib/contrast/api/decorators/address.rb +1 -1
- data/lib/contrast/api/decorators/agent_startup.rb +58 -0
- data/lib/contrast/api/decorators/application_settings.rb +1 -1
- data/lib/contrast/api/decorators/application_startup.rb +57 -0
- data/lib/contrast/api/decorators/application_update.rb +1 -1
- data/lib/contrast/api/decorators/http_request.rb +1 -1
- data/lib/contrast/api/decorators/input_analysis.rb +1 -1
- data/lib/contrast/api/decorators/instrumentation_mode.rb +37 -0
- data/lib/contrast/api/decorators/library.rb +9 -7
- data/lib/contrast/api/decorators/library_usage_update.rb +1 -1
- data/lib/contrast/api/decorators/message.rb +4 -4
- data/lib/contrast/api/decorators/rasp_rule_sample.rb +1 -1
- data/lib/contrast/api/decorators/route_coverage.rb +16 -6
- data/lib/contrast/api/decorators/server_features.rb +1 -1
- data/lib/contrast/api/decorators/trace_event.rb +46 -16
- data/lib/contrast/api/decorators/trace_event_object.rb +2 -4
- data/lib/contrast/api/decorators/trace_event_signature.rb +1 -1
- data/lib/contrast/api/decorators/trace_taint_range.rb +1 -1
- data/lib/contrast/api/decorators/trace_taint_range_tags.rb +2 -7
- data/lib/contrast/api/decorators/user_input.rb +1 -1
- data/lib/contrast/components/agent.rb +16 -15
- data/lib/contrast/components/app_context.rb +11 -29
- data/lib/contrast/components/assess.rb +6 -11
- data/lib/contrast/components/config.rb +3 -2
- data/lib/contrast/components/contrast_service.rb +8 -9
- data/lib/contrast/components/heap_dump.rb +1 -1
- data/lib/contrast/components/interface.rb +4 -3
- data/lib/contrast/components/inventory.rb +1 -1
- data/lib/contrast/components/logger.rb +1 -1
- data/lib/contrast/components/protect.rb +11 -14
- data/lib/contrast/components/sampling.rb +55 -7
- data/lib/contrast/components/scope.rb +2 -1
- data/lib/contrast/components/settings.rb +29 -99
- data/lib/contrast/config.rb +1 -1
- data/lib/contrast/config/agent_configuration.rb +1 -1
- data/lib/contrast/config/application_configuration.rb +1 -1
- data/lib/contrast/config/assess_configuration.rb +1 -1
- data/lib/contrast/config/assess_rules_configuration.rb +2 -4
- data/lib/contrast/config/base_configuration.rb +5 -6
- data/lib/contrast/config/default_value.rb +1 -1
- data/lib/contrast/config/exception_configuration.rb +2 -6
- data/lib/contrast/config/heap_dump_configuration.rb +13 -7
- data/lib/contrast/config/inventory_configuration.rb +1 -1
- data/lib/contrast/config/logger_configuration.rb +2 -6
- data/lib/contrast/config/protect_configuration.rb +1 -1
- data/lib/contrast/config/protect_rule_configuration.rb +23 -1
- data/lib/contrast/config/protect_rules_configuration.rb +1 -1
- data/lib/contrast/config/root_configuration.rb +1 -1
- data/lib/contrast/config/ruby_configuration.rb +1 -1
- data/lib/contrast/config/sampling_configuration.rb +1 -1
- data/lib/contrast/config/server_configuration.rb +1 -1
- data/lib/contrast/config/service_configuration.rb +1 -1
- data/lib/contrast/configuration.rb +4 -15
- data/lib/contrast/delegators/input_analysis.rb +12 -0
- data/lib/contrast/extension/assess.rb +1 -1
- data/lib/contrast/extension/assess/array.rb +2 -7
- data/lib/contrast/extension/assess/erb.rb +2 -8
- data/lib/contrast/extension/assess/eval_trigger.rb +3 -11
- data/lib/contrast/extension/assess/exec_trigger.rb +4 -14
- data/lib/contrast/extension/assess/fiber.rb +3 -13
- data/lib/contrast/extension/assess/hash.rb +1 -1
- data/lib/contrast/extension/assess/kernel.rb +3 -10
- data/lib/contrast/extension/assess/marshal.rb +3 -11
- data/lib/contrast/extension/assess/regexp.rb +2 -7
- data/lib/contrast/extension/assess/string.rb +4 -2
- data/lib/contrast/extension/delegator.rb +1 -1
- data/lib/contrast/extension/inventory.rb +1 -1
- data/lib/contrast/extension/kernel.rb +5 -3
- data/lib/contrast/extension/module.rb +1 -1
- data/lib/contrast/extension/protect.rb +1 -1
- data/lib/contrast/extension/protect/kernel.rb +1 -1
- data/lib/contrast/extension/protect/psych.rb +1 -1
- data/lib/contrast/extension/thread.rb +1 -1
- data/lib/contrast/framework/base_support.rb +1 -1
- data/lib/contrast/framework/manager.rb +14 -17
- data/lib/contrast/framework/platform_version.rb +1 -1
- data/lib/contrast/framework/rack/patch/session_cookie.rb +6 -19
- data/lib/contrast/framework/rack/patch/support.rb +7 -5
- data/lib/contrast/framework/rack/support.rb +1 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
- data/lib/contrast/framework/rails/patch/assess_configuration.rb +8 -3
- data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +4 -4
- data/lib/contrast/framework/rails/patch/support.rb +5 -3
- data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +5 -2
- data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +3 -1
- data/lib/contrast/framework/rails/rewrite/active_record_named.rb +3 -1
- data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +3 -1
- data/lib/contrast/framework/rails/support.rb +45 -46
- data/lib/contrast/framework/sinatra/support.rb +103 -42
- data/lib/contrast/funchook/funchook.rb +2 -6
- data/lib/contrast/logger/application.rb +13 -10
- data/lib/contrast/logger/format.rb +3 -6
- data/lib/contrast/logger/log.rb +36 -19
- data/lib/contrast/logger/request.rb +2 -3
- data/lib/contrast/logger/time.rb +1 -1
- data/lib/contrast/security_exception.rb +2 -2
- data/lib/contrast/tasks/config.rb +1 -1
- data/lib/contrast/tasks/service.rb +6 -2
- data/lib/contrast/utils/assess/sampling_util.rb +1 -1
- data/lib/contrast/utils/assess/tracking_util.rb +2 -3
- data/lib/contrast/utils/class_util.rb +18 -12
- data/lib/contrast/utils/duck_utils.rb +1 -1
- data/lib/contrast/utils/env_configuration_item.rb +1 -1
- data/lib/contrast/utils/hash_digest.rb +16 -24
- data/lib/contrast/utils/heap_dump_util.rb +104 -88
- data/lib/contrast/utils/invalid_configuration_util.rb +22 -13
- data/lib/contrast/utils/inventory_util.rb +1 -1
- data/lib/contrast/utils/io_util.rb +2 -2
- data/lib/contrast/utils/job_servers_running.rb +10 -5
- data/lib/contrast/utils/object_share.rb +1 -1
- data/lib/contrast/utils/os.rb +3 -2
- data/lib/contrast/utils/preflight_util.rb +1 -1
- data/lib/contrast/utils/resource_loader.rb +1 -1
- data/lib/contrast/utils/ruby_ast_rewriter.rb +3 -2
- data/lib/contrast/utils/sha256_builder.rb +1 -1
- data/lib/contrast/utils/stack_trace_utils.rb +1 -1
- data/lib/contrast/utils/string_utils.rb +1 -1
- data/lib/contrast/utils/tag_util.rb +1 -1
- data/lib/contrast/utils/thread_tracker.rb +1 -1
- data/lib/contrast/utils/timer.rb +1 -1
- data/resources/assess/policy.json +8 -11
- data/resources/deadzone/policy.json +7 -17
- data/ruby-agent.gemspec +66 -27
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- data/sonar-project.properties +9 -0
- metadata +154 -156
- data/lib/contrast/agent/assess/rule.rb +0 -18
- data/lib/contrast/agent/assess/rule/base.rb +0 -52
- data/lib/contrast/agent/assess/rule/redos.rb +0 -67
- data/lib/contrast/agent/inventory/gemfile_digest_cache.rb +0 -38
- data/lib/contrast/common_agent_configuration.rb +0 -87
- data/lib/contrast/framework/sinatra/patch/base.rb +0 -83
- data/lib/contrast/framework/sinatra/patch/support.rb +0 -27
- data/lib/contrast/utils/prevent_serialization.rb +0 -52
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/string_utils'
|
@@ -0,0 +1,57 @@
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/api/dtm.pb'
|
5
|
+
require 'contrast/api/decorators/instrumentation_mode'
|
6
|
+
require 'contrast/components/interface'
|
7
|
+
require 'contrast/utils/string_utils'
|
8
|
+
|
9
|
+
module Contrast
|
10
|
+
module Api
|
11
|
+
module Decorators
|
12
|
+
# Used to decorate the ApplicationCreate protobuf model to handle reporting Agent process start
|
13
|
+
module ApplicationStartup
|
14
|
+
include Contrast::Components::ComponentBase
|
15
|
+
include Contrast::Components::Interface
|
16
|
+
access_component :config
|
17
|
+
|
18
|
+
def self.included klass
|
19
|
+
klass.extend(ClassMethods)
|
20
|
+
end
|
21
|
+
|
22
|
+
# Used to add class methods to the AgentStartup class on inclusion of the decorator
|
23
|
+
module ClassMethods
|
24
|
+
# Return a new DTM with the values from the configuration
|
25
|
+
#
|
26
|
+
# @return [Contrast::Api::Dtm::ApplicationCreate]
|
27
|
+
def build
|
28
|
+
msg = new
|
29
|
+
msg.app_version = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.version.to_s
|
30
|
+
msg.code = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.code
|
31
|
+
msg.group = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.group
|
32
|
+
msg.metadata = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.metadata
|
33
|
+
msg.mode = Contrast::Api::Dtm::InstrumentationMode.build
|
34
|
+
session!(msg)
|
35
|
+
msg
|
36
|
+
end
|
37
|
+
|
38
|
+
private
|
39
|
+
|
40
|
+
# Set the session metadata for this ApplicationCreate msg
|
41
|
+
#
|
42
|
+
# @param msg [Contrast::Api::Dtm::ApplicationCreate]
|
43
|
+
def session! msg
|
44
|
+
msg.session_id = Contrast::Utils::StringUtils.protobuf_format(
|
45
|
+
CONFIG.root.application.session_id,
|
46
|
+
truncate: false)
|
47
|
+
msg.session_metadata = Contrast::Utils::StringUtils.protobuf_format(
|
48
|
+
CONFIG.root.application.session_metadata,
|
49
|
+
truncate: false)
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
Contrast::Api::Dtm::ApplicationCreate.include(Contrast::Api::Decorators::ApplicationStartup)
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/components/interface'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/api/dtm.pb'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/string_utils'
|
@@ -0,0 +1,37 @@
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/api/dtm.pb'
|
5
|
+
require 'contrast/components/interface'
|
6
|
+
|
7
|
+
module Contrast
|
8
|
+
module Api
|
9
|
+
module Decorators
|
10
|
+
# Used to decorate the InstrumentationMode protobuf model to handle reporting Agent process start
|
11
|
+
module InstrumentationMode
|
12
|
+
include Contrast::Components::ComponentBase
|
13
|
+
include Contrast::Components::Interface
|
14
|
+
access_component :analysis
|
15
|
+
|
16
|
+
def self.included klass
|
17
|
+
klass.extend(ClassMethods)
|
18
|
+
end
|
19
|
+
|
20
|
+
# Used to add class methods to the AgentStartup class on inclusion of the decorator
|
21
|
+
module ClassMethods
|
22
|
+
# Return a new DTM with the values from the configuration
|
23
|
+
#
|
24
|
+
# @return [Contrast::Api::Dtm::InstrumentationMode]
|
25
|
+
def build
|
26
|
+
msg = new
|
27
|
+
msg.assess = ASSESS.enabled?
|
28
|
+
msg.protect = PROTECT.enabled?
|
29
|
+
msg
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
Contrast::Api::Dtm::InstrumentationMode.include(Contrast::Api::Decorators::InstrumentationMode)
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/string_utils'
|
@@ -10,6 +10,8 @@ module Contrast
|
|
10
10
|
module Decorators
|
11
11
|
# Used to decorate the Library protobuf model to handle Gem::Specification translation
|
12
12
|
module Library
|
13
|
+
StringUtils = Contrast::Utils::StringUtils
|
14
|
+
|
13
15
|
def self.included klass
|
14
16
|
klass.extend(ClassMethods)
|
15
17
|
end
|
@@ -18,13 +20,13 @@ module Contrast
|
|
18
20
|
module ClassMethods
|
19
21
|
def build digest, gem_specification
|
20
22
|
msg = new
|
21
|
-
msg.file_path =
|
22
|
-
msg.hash_code =
|
23
|
-
msg.version =
|
24
|
-
msg.manifest =
|
23
|
+
msg.file_path = StringUtils.force_utf8(gem_specification.name) # rubocop:disable Security/Module/Name
|
24
|
+
msg.hash_code = StringUtils.force_utf8(digest)
|
25
|
+
msg.version = StringUtils.force_utf8(gem_specification.version)
|
26
|
+
msg.manifest = StringUtils.force_utf8(build_manifest(gem_specification))
|
25
27
|
msg.external_ms = date_to_ms(gem_specification.date)
|
26
28
|
msg.internal_ms = msg.external_ms
|
27
|
-
msg.url =
|
29
|
+
msg.url = StringUtils.force_utf8(gem_specification.homepage)
|
28
30
|
msg.class_count = file_count(gem_specification.full_gem_path.to_s)
|
29
31
|
msg.used_class_count = 0
|
30
32
|
msg
|
@@ -37,7 +39,7 @@ module Contrast
|
|
37
39
|
end
|
38
40
|
|
39
41
|
def build_manifest spec
|
40
|
-
|
42
|
+
StringUtils.force_utf8(spec.to_yaml.to_s)
|
41
43
|
rescue StandardError
|
42
44
|
nil
|
43
45
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/string_utils'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/object_share'
|
@@ -38,7 +38,7 @@ module Contrast
|
|
38
38
|
when Contrast::Api::Dtm::ObservedRoute
|
39
39
|
self.observed_route = event
|
40
40
|
else
|
41
|
-
logger.error('Unknown event type received. Unsure how to send.', event_type: event.cs__class.
|
41
|
+
logger.error('Unknown event type received. Unsure how to send.', event_type: event.cs__class.cs__name)
|
42
42
|
return
|
43
43
|
end
|
44
44
|
logger.debug('Wrapping event in message',
|
@@ -46,7 +46,7 @@ module Contrast
|
|
46
46
|
p_id: pid,
|
47
47
|
msg_count: message_count,
|
48
48
|
event_id: event.__id__,
|
49
|
-
event_type: event.cs__class.
|
49
|
+
event_type: event.cs__class.cs__name)
|
50
50
|
end
|
51
51
|
|
52
52
|
# Used to add class methods to the ApplicationUpdate class on inclusion of the decorator
|
@@ -58,7 +58,7 @@ module Contrast
|
|
58
58
|
|
59
59
|
def build event
|
60
60
|
msg = new
|
61
|
-
msg.app_name = APP_CONTEXT.
|
61
|
+
msg.app_name = APP_CONTEXT.app_name
|
62
62
|
msg.app_path = APP_CONTEXT.path
|
63
63
|
msg.app_language = Contrast::Utils::ObjectShare::RUBY
|
64
64
|
msg.client_id = APP_CONTEXT.client_id
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Contrast
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/string_utils'
|
@@ -26,27 +26,37 @@ module Contrast
|
|
26
26
|
end
|
27
27
|
|
28
28
|
# Convert ActionDispatch::Journey::Route to Contrast::Api::Dtm::RouteCoverage
|
29
|
+
#
|
29
30
|
# @param journey_obj [ActionDispatch::Journey::Route] a rails route
|
31
|
+
# @param url [String, nil] use url from string instead of journey object.
|
30
32
|
# @return [Contrast::Api::Dtm::RouteCoverage]
|
31
|
-
def from_action_dispatch_journey journey_obj
|
33
|
+
def from_action_dispatch_journey journey_obj, url = nil
|
32
34
|
msg = new
|
33
35
|
msg.route = "#{ journey_obj.defaults[:controller] }##{ journey_obj.defaults[:action] }"
|
34
36
|
|
35
37
|
verb = source_or_string(journey_obj.verb)
|
36
38
|
msg.verb = Contrast::Utils::StringUtils.force_utf8(verb)
|
37
39
|
|
38
|
-
url
|
40
|
+
url ||= source_or_string(journey_obj.path.spec)
|
39
41
|
msg.url = Contrast::Utils::StringUtils.force_utf8(url)
|
40
42
|
msg
|
41
43
|
end
|
42
44
|
|
43
|
-
|
45
|
+
# Convert Sinatra route data to dtm message.
|
46
|
+
#
|
47
|
+
# @param controller [::Sinatra::Base] the route's final controller.
|
48
|
+
# @param method [String] GET, PUT, POST, etc...
|
49
|
+
# @param method [::Mustermann::Sinatra] the pattern that was matched in routing.
|
50
|
+
# @param url [String, nil] use url from string instead matched pattern.
|
51
|
+
# @return [Contrast::Api::Dtm::RouteCoverage]
|
52
|
+
def from_sinatra_route controller, method, pattern, url = nil
|
44
53
|
safe_pattern = source_or_string(pattern)
|
54
|
+
safe_url = source_or_string(url || pattern)
|
45
55
|
|
46
56
|
msg = new
|
47
|
-
msg.route = "#{
|
57
|
+
msg.route = "#{ controller }##{ method } #{ safe_pattern }"
|
48
58
|
msg.verb = Contrast::Utils::StringUtils.force_utf8(method)
|
49
|
-
msg.url = Contrast::Utils::StringUtils.force_utf8(
|
59
|
+
msg.url = Contrast::Utils::StringUtils.force_utf8(safe_url)
|
50
60
|
msg
|
51
61
|
end
|
52
62
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/string_utils'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/string_utils'
|
@@ -13,8 +13,38 @@ module Contrast
|
|
13
13
|
klass.extend(ClassMethods)
|
14
14
|
end
|
15
15
|
|
16
|
+
# The TeamServer uses the Event's type and action to render it in the Details page. These values control the
|
17
|
+
# left-hand "What happened" column and the data shown in the right-hand data
|
18
|
+
#
|
19
|
+
# @param contrast_event [Contrast::Agent::Assess::ContrastEvent]
|
20
|
+
# @return [Contrast::Api::Dtm::TraceEvent]
|
21
|
+
def build_display_params! contrast_event
|
22
|
+
self.type = contrast_event.policy_node.node_type
|
23
|
+
self.action = contrast_event.policy_node.build_action
|
24
|
+
self
|
25
|
+
end
|
26
|
+
|
27
|
+
# The TeamServer uses the Event's representation of the data to render the actual data used in the dataflow on
|
28
|
+
# the Details page.
|
29
|
+
#
|
30
|
+
# @param contrast_event [Contrast::Agent::Assess::ContrastEvent]
|
31
|
+
# @return [Contrast::Api::Dtm::TraceEvent]
|
32
|
+
def build_dataflow! contrast_event
|
33
|
+
# Figure out what the target of this event was. This can't be pulled into the decorator because SourceEvent
|
34
|
+
# has a custom impl :/
|
35
|
+
taint_target = contrast_event.determine_taint_target(self)
|
36
|
+
truncate_obj = Contrast::Utils::ObjectShare::OBJECT_KEY != taint_target
|
37
|
+
self.object = Contrast::Api::Dtm::TraceEventObject.build(contrast_event.object, truncate_obj)
|
38
|
+
truncate_ret = Contrast::Utils::ObjectShare::RETURN_KEY != taint_target
|
39
|
+
self.ret = Contrast::Api::Dtm::TraceEventObject.build(contrast_event.ret, truncate_ret)
|
40
|
+
build_event_args!(contrast_event, taint_target)
|
41
|
+
build_taint_ranges!(contrast_event)
|
42
|
+
self
|
43
|
+
end
|
44
|
+
|
16
45
|
# Wrapper around build_event_object for the args array. Handles
|
17
46
|
# tainting the correct argument.
|
47
|
+
# @return [Contrast::Api::Dtm::TraceEvent]
|
18
48
|
def build_event_args! contrast_event, taint_target
|
19
49
|
contrast_event.args.each_index do |idx|
|
20
50
|
truncate_arg = taint_target != idx
|
@@ -29,6 +59,7 @@ module Contrast
|
|
29
59
|
# their DTM form in order to report this.
|
30
60
|
#
|
31
61
|
# @param contrast_event [Contrast::Agent::AssessContrastEvent]
|
62
|
+
# @return [Contrast::Api::Dtm::TraceEvent]
|
32
63
|
def build_taint_ranges! contrast_event
|
33
64
|
# If there's no taint_target, this isn't a dataflow trace, but a
|
34
65
|
# trigger one
|
@@ -38,6 +69,10 @@ module Contrast
|
|
38
69
|
self
|
39
70
|
end
|
40
71
|
|
72
|
+
# For each Parent in the ContrastEvent, capture its id and report it to TeamServer.
|
73
|
+
#
|
74
|
+
# @param contrast_event [Contrast::Agent::AssessContrastEvent]
|
75
|
+
# @return [Contrast::Api::Dtm::TraceEvent]
|
41
76
|
def build_parent_ids! contrast_event
|
42
77
|
contrast_event&.parent_events&.each do |event|
|
43
78
|
next unless event
|
@@ -49,6 +84,10 @@ module Contrast
|
|
49
84
|
self
|
50
85
|
end
|
51
86
|
|
87
|
+
# Convert the caller into the Stack DTM TeamServer consumes
|
88
|
+
#
|
89
|
+
# @param contrast_event [Contrast::Agent::AssessContrastEvent]
|
90
|
+
# @return [Contrast::Api::Dtm::TraceEvent]
|
52
91
|
def build_stack! contrast_event
|
53
92
|
# We delayed doing this as long as possible b/c it's expensive
|
54
93
|
stack_dtms = Contrast::Utils::StackTraceUtils.build_assess_stack_array(contrast_event.stack_trace)
|
@@ -60,25 +99,16 @@ module Contrast
|
|
60
99
|
module ClassMethods
|
61
100
|
def build contrast_event
|
62
101
|
event_dtm = new
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
taint_target = contrast_event.determine_taint_target(event_dtm) # This can't be pulled into the decorator because SourceEvent has a custom impl :/
|
67
|
-
|
68
|
-
event_dtm.type = contrast_event.policy_node.node_type
|
69
|
-
event_dtm.action = contrast_event.policy_node.build_action
|
102
|
+
event_dtm.build_display_params!(contrast_event)
|
103
|
+
event_dtm.build_dataflow!(contrast_event)
|
104
|
+
event_dtm.build_stack!(contrast_event)
|
70
105
|
event_dtm.timestamp_ms = contrast_event.time.to_i
|
71
106
|
event_dtm.thread = Contrast::Utils::StringUtils.force_utf8(contrast_event.thread)
|
72
|
-
truncate_obj = Contrast::Utils::ObjectShare::OBJECT_KEY != taint_target
|
73
|
-
event_dtm.object = Contrast::Api::Dtm::TraceEventObject.build(contrast_event.object, truncate_obj)
|
74
|
-
truncate_ret = Contrast::Utils::ObjectShare::RETURN_KEY != taint_target
|
75
|
-
event_dtm.ret = Contrast::Api::Dtm::TraceEventObject.build(contrast_event.ret, truncate_ret)
|
76
|
-
event_dtm.build_event_args!(contrast_event, taint_target)
|
77
107
|
event_dtm.build_parent_ids!(contrast_event)
|
78
|
-
event_dtm.build_taint_ranges!(contrast_event)
|
79
|
-
event_dtm.build_stack!(contrast_event)
|
80
108
|
event_dtm.object_id = contrast_event.event_id.to_i
|
81
|
-
event_dtm.signature = Contrast::Api::Dtm::TraceEventSignature.build(contrast_event.ret,
|
109
|
+
event_dtm.signature = Contrast::Api::Dtm::TraceEventSignature.build(contrast_event.ret,
|
110
|
+
contrast_event.policy_node,
|
111
|
+
contrast_event.args)
|
82
112
|
event_dtm
|
83
113
|
end
|
84
114
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/string_utils'
|
@@ -52,9 +52,7 @@ module Contrast
|
|
52
52
|
tmp = []
|
53
53
|
tmp << obj_string[0, UNTRUNCATED_PORTION_LENGTH]
|
54
54
|
tmp << ELLIPSIS
|
55
|
-
tmp << obj_string[
|
56
|
-
obj_string.length - UNTRUNCATED_PORTION_LENGTH,
|
57
|
-
UNTRUNCATED_PORTION_LENGTH]
|
55
|
+
tmp << obj_string[obj_string.length - UNTRUNCATED_PORTION_LENGTH, UNTRUNCATED_PORTION_LENGTH]
|
58
56
|
tmp.join
|
59
57
|
end
|
60
58
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/string_utils'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/object_share'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Contrast
|
@@ -97,12 +97,7 @@ module Contrast
|
|
97
97
|
DATABASE_WRITE
|
98
98
|
].cs__freeze
|
99
99
|
|
100
|
-
VALID_SOURCE_TAGS = %w[
|
101
|
-
NO_NEWLINES
|
102
|
-
UNTRUSTED
|
103
|
-
CROSS_SITE
|
104
|
-
LIMITED_CHARS
|
105
|
-
].cs__freeze
|
100
|
+
VALID_SOURCE_TAGS = %w[NO_NEWLINES UNTRUSTED CROSS_SITE LIMITED_CHARS].cs__freeze
|
106
101
|
end
|
107
102
|
end
|
108
103
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/string_utils'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'rubygems/version'
|
@@ -31,10 +31,12 @@ module Contrast
|
|
31
31
|
|
32
32
|
def disable!
|
33
33
|
@_enabled = false
|
34
|
+
Contrast::Agent::TracePointHook.disable
|
35
|
+
Contrast::Agent.thread_watcher&.shutdown!
|
34
36
|
end
|
35
37
|
|
36
38
|
def ruleset
|
37
|
-
@_ruleset ||= Contrast::Agent::RuleSet.new(
|
39
|
+
@_ruleset ||= Contrast::Agent::RuleSet.new(retrieve_protect_ruleset&.values)
|
38
40
|
end
|
39
41
|
|
40
42
|
def reset_ruleset
|
@@ -67,8 +69,10 @@ module Contrast
|
|
67
69
|
def exception_control
|
68
70
|
@_exception_control ||= {
|
69
71
|
enable: true?(CONFIG.root.agent.ruby.exceptions.capture),
|
70
|
-
status:
|
71
|
-
|
72
|
+
status:
|
73
|
+
CONFIG.root.agent.ruby.exceptions.override_status || 403,
|
74
|
+
message:
|
75
|
+
CONFIG.root.agent.ruby.exceptions.override_message || Contrast::Utils::ObjectShare::OVERRIDE_MESSAGE
|
72
76
|
}
|
73
77
|
end
|
74
78
|
|
@@ -78,8 +82,9 @@ module Contrast
|
|
78
82
|
loaded_module_name.start_with?(*CONFIG.root.agent.ruby.uninstrument_namespace)
|
79
83
|
end
|
80
84
|
|
85
|
+
# Insert ourselves into the application, keeping our middleware at the outermost layer of the onion
|
81
86
|
def insert_middleware app
|
82
|
-
app.middleware.insert_before 0, Contrast::Agent::Middleware
|
87
|
+
app.middleware.insert_before 0, Contrast::Agent::Middleware
|
83
88
|
end
|
84
89
|
|
85
90
|
def enable_tracepoint
|
@@ -92,20 +97,16 @@ module Contrast
|
|
92
97
|
# Ruby exposed the C method for interpolation in version 2.6.0, meaning
|
93
98
|
# we can attempt to patch using Funchook for that version and later.
|
94
99
|
def interpolation_patch_possible?
|
95
|
-
|
100
|
+
if @_interpolation_patch_possible.nil?
|
101
|
+
@_interpolation_patch_possible = Gem::Version.new(RUBY_VERSION) >= INTERPOLATION_HOOKABLE_VERSION
|
102
|
+
end
|
96
103
|
@_interpolation_patch_possible
|
97
104
|
end
|
98
105
|
|
99
|
-
def
|
100
|
-
return {} unless enabled?
|
106
|
+
def retrieve_protect_ruleset
|
107
|
+
return {} unless enabled? && PROTECT.enabled?
|
101
108
|
|
102
|
-
|
103
|
-
ASSESS.rules.merge(PROTECT.rules)
|
104
|
-
elsif ASSESS.enabled?
|
105
|
-
ASSESS.rules
|
106
|
-
else
|
107
|
-
PROTECT.rules
|
108
|
-
end
|
109
|
+
PROTECT.rules
|
109
110
|
end
|
110
111
|
end
|
111
112
|
|