contrast-agent 4.3.2 → 4.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitmodules +1 -1
- data/.simplecov +1 -1
- data/Gemfile +1 -1
- data/LICENSE.txt +1 -1
- data/Rakefile +2 -3
- data/exe/contrast_service +1 -1
- data/ext/build_funchook.rb +4 -4
- data/ext/cs__assess_active_record_named/cs__active_record_named.c +1 -1
- data/ext/cs__assess_active_record_named/extconf.rb +1 -1
- data/ext/cs__assess_array/cs__assess_array.c +1 -1
- data/ext/cs__assess_array/extconf.rb +1 -1
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +1 -1
- data/ext/cs__assess_basic_object/extconf.rb +1 -1
- data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
- data/ext/cs__assess_fiber_track/extconf.rb +1 -1
- data/ext/cs__assess_hash/cs__assess_hash.c +4 -2
- data/ext/cs__assess_hash/extconf.rb +1 -1
- data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -1
- data/ext/cs__assess_kernel/extconf.rb +1 -1
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +1 -1
- data/ext/cs__assess_marshal_module/extconf.rb +1 -1
- data/ext/cs__assess_module/cs__assess_module.c +1 -1
- data/ext/cs__assess_module/extconf.rb +1 -1
- data/ext/cs__assess_regexp/cs__assess_regexp.c +1 -1
- data/ext/cs__assess_regexp/extconf.rb +1 -1
- data/ext/cs__assess_string/cs__assess_string.c +1 -1
- data/ext/cs__assess_string/extconf.rb +1 -1
- data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +1 -1
- data/ext/cs__assess_string_interpolation26/extconf.rb +1 -1
- data/ext/cs__assess_yield_track/cs__assess_yield_track.c +1 -1
- data/ext/cs__assess_yield_track/extconf.rb +1 -1
- data/ext/cs__common/cs__common.c +5 -5
- data/ext/cs__common/cs__common.h +4 -4
- data/ext/cs__common/extconf.rb +1 -1
- data/ext/cs__contrast_patch/cs__contrast_patch.c +22 -25
- data/ext/cs__contrast_patch/extconf.rb +1 -1
- data/ext/cs__protect_kernel/cs__protect_kernel.c +1 -1
- data/ext/cs__protect_kernel/extconf.rb +1 -1
- data/ext/extconf_common.rb +2 -6
- data/lib/contrast-agent.rb +1 -1
- data/lib/contrast.rb +20 -1
- data/lib/contrast/agent.rb +6 -4
- data/lib/contrast/agent/assess.rb +2 -11
- data/lib/contrast/agent/assess/contrast_event.rb +54 -71
- data/lib/contrast/agent/assess/contrast_object.rb +7 -4
- data/lib/contrast/agent/assess/events/event_factory.rb +3 -2
- data/lib/contrast/agent/assess/events/source_event.rb +7 -2
- data/lib/contrast/agent/assess/finalizers/freeze.rb +1 -1
- data/lib/contrast/agent/assess/finalizers/hash.rb +33 -34
- data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +34 -16
- data/lib/contrast/agent/assess/policy/patcher.rb +11 -18
- data/lib/contrast/agent/assess/policy/policy.rb +1 -1
- data/lib/contrast/agent/assess/policy/policy_node.rb +26 -34
- data/lib/contrast/agent/assess/policy/policy_scanner.rb +1 -1
- data/lib/contrast/agent/assess/policy/preshift.rb +4 -2
- data/lib/contrast/agent/assess/policy/propagation_method.rb +32 -30
- data/lib/contrast/agent/assess/policy/propagation_node.rb +20 -9
- data/lib/contrast/agent/assess/policy/propagator.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/append.rb +29 -14
- data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/center.rb +3 -2
- data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +22 -17
- data/lib/contrast/agent/assess/policy/propagator/insert.rb +4 -2
- data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/match_data.rb +3 -2
- data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/remove.rb +23 -19
- data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/select.rb +3 -13
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +24 -14
- data/lib/contrast/agent/assess/policy/propagator/split.rb +18 -15
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +32 -22
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +64 -45
- data/lib/contrast/agent/assess/policy/rewriter_patch.rb +7 -4
- data/lib/contrast/agent/assess/policy/source_method.rb +92 -81
- data/lib/contrast/agent/assess/policy/source_node.rb +1 -1
- data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +8 -6
- data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +2 -4
- data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +7 -3
- data/lib/contrast/agent/assess/policy/trigger/xpath.rb +7 -8
- data/lib/contrast/agent/assess/policy/trigger_method.rb +109 -76
- data/lib/contrast/agent/assess/policy/trigger_node.rb +33 -11
- data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +60 -0
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +3 -5
- data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +7 -5
- data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +4 -13
- data/lib/contrast/agent/assess/properties.rb +1 -3
- data/lib/contrast/agent/assess/property/evented.rb +9 -6
- data/lib/contrast/agent/assess/property/tagged.rb +38 -20
- data/lib/contrast/agent/assess/property/updated.rb +1 -1
- data/lib/contrast/agent/assess/rule/provider.rb +1 -1
- data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +12 -6
- data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +5 -2
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +4 -6
- data/lib/contrast/agent/assess/tag.rb +1 -1
- data/lib/contrast/agent/assess/tracker.rb +2 -2
- data/lib/contrast/agent/at_exit_hook.rb +1 -1
- data/lib/contrast/agent/class_reopener.rb +4 -2
- data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +1 -1
- data/lib/contrast/agent/deadzone/policy/policy.rb +7 -3
- data/lib/contrast/agent/disable_reaction.rb +2 -4
- data/lib/contrast/agent/exclusion_matcher.rb +6 -12
- data/lib/contrast/agent/inventory.rb +1 -2
- data/lib/contrast/agent/inventory/dependencies.rb +3 -1
- data/lib/contrast/agent/inventory/dependency_analysis.rb +1 -1
- data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +35 -23
- data/lib/contrast/agent/inventory/policy/datastores.rb +1 -1
- data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
- data/lib/contrast/agent/inventory/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/middleware.rb +111 -110
- data/lib/contrast/agent/module_data.rb +4 -4
- data/lib/contrast/agent/patching/policy/after_load_patch.rb +1 -1
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +9 -4
- data/lib/contrast/agent/patching/policy/method_policy.rb +7 -3
- data/lib/contrast/agent/patching/policy/module_policy.rb +15 -8
- data/lib/contrast/agent/patching/policy/patch.rb +23 -29
- data/lib/contrast/agent/patching/policy/patch_status.rb +8 -9
- data/lib/contrast/agent/patching/policy/patcher.rb +72 -64
- data/lib/contrast/agent/patching/policy/policy.rb +14 -21
- data/lib/contrast/agent/patching/policy/policy_node.rb +15 -5
- data/lib/contrast/agent/patching/policy/trigger_node.rb +26 -10
- data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +2 -2
- data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +2 -2
- data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +2 -2
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +3 -4
- data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +2 -2
- data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +6 -10
- data/lib/contrast/agent/protect/policy/policy.rb +1 -1
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +6 -6
- data/lib/contrast/agent/protect/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/protect/rule.rb +1 -1
- data/lib/contrast/agent/protect/rule/base.rb +19 -33
- data/lib/contrast/agent/protect/rule/base_service.rb +10 -6
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +15 -19
- data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/deserialization.rb +7 -14
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +4 -15
- data/lib/contrast/agent/protect/rule/no_sqli.rb +7 -3
- data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +2 -4
- data/lib/contrast/agent/protect/rule/path_traversal.rb +6 -6
- data/lib/contrast/agent/protect/rule/sqli.rb +19 -13
- data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -2
- data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +2 -2
- data/lib/contrast/agent/protect/rule/xss.rb +2 -2
- data/lib/contrast/agent/protect/rule/xxe.rb +6 -13
- data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +2 -3
- data/lib/contrast/agent/railtie.rb +1 -1
- data/lib/contrast/agent/reaction_processor.rb +12 -11
- data/lib/contrast/agent/request.rb +25 -24
- data/lib/contrast/agent/request_context.rb +25 -23
- data/lib/contrast/agent/request_handler.rb +1 -1
- data/lib/contrast/agent/response.rb +1 -1
- data/lib/contrast/agent/rewriter.rb +6 -4
- data/lib/contrast/agent/rule_set.rb +3 -3
- data/lib/contrast/agent/scope.rb +1 -1
- data/lib/contrast/agent/service_heartbeat.rb +3 -4
- data/lib/contrast/agent/static_analysis.rb +1 -1
- data/lib/contrast/agent/thread.rb +2 -2
- data/lib/contrast/agent/thread_watcher.rb +21 -6
- data/lib/contrast/agent/tracepoint_hook.rb +2 -2
- data/lib/contrast/agent/version.rb +2 -2
- data/lib/contrast/agent/worker_thread.rb +1 -1
- data/lib/contrast/api.rb +1 -1
- data/lib/contrast/api/communication.rb +1 -1
- data/lib/contrast/api/communication/connection_status.rb +1 -1
- data/lib/contrast/api/communication/messaging_queue.rb +19 -22
- data/lib/contrast/api/communication/response_processor.rb +13 -8
- data/lib/contrast/api/communication/service_lifecycle.rb +5 -3
- data/lib/contrast/api/communication/socket.rb +1 -1
- data/lib/contrast/api/communication/socket_client.rb +30 -35
- data/lib/contrast/api/communication/speedracer.rb +6 -10
- data/lib/contrast/api/communication/tcp_socket.rb +1 -1
- data/lib/contrast/api/communication/unix_socket.rb +1 -1
- data/lib/contrast/api/decorators.rb +3 -1
- data/lib/contrast/api/decorators/address.rb +1 -1
- data/lib/contrast/api/decorators/agent_startup.rb +58 -0
- data/lib/contrast/api/decorators/application_settings.rb +1 -1
- data/lib/contrast/api/decorators/application_startup.rb +57 -0
- data/lib/contrast/api/decorators/application_update.rb +1 -1
- data/lib/contrast/api/decorators/http_request.rb +1 -1
- data/lib/contrast/api/decorators/input_analysis.rb +1 -1
- data/lib/contrast/api/decorators/instrumentation_mode.rb +37 -0
- data/lib/contrast/api/decorators/library.rb +9 -7
- data/lib/contrast/api/decorators/library_usage_update.rb +1 -1
- data/lib/contrast/api/decorators/message.rb +4 -4
- data/lib/contrast/api/decorators/rasp_rule_sample.rb +1 -1
- data/lib/contrast/api/decorators/route_coverage.rb +16 -6
- data/lib/contrast/api/decorators/server_features.rb +1 -1
- data/lib/contrast/api/decorators/trace_event.rb +46 -16
- data/lib/contrast/api/decorators/trace_event_object.rb +2 -4
- data/lib/contrast/api/decorators/trace_event_signature.rb +1 -1
- data/lib/contrast/api/decorators/trace_taint_range.rb +1 -1
- data/lib/contrast/api/decorators/trace_taint_range_tags.rb +2 -7
- data/lib/contrast/api/decorators/user_input.rb +1 -1
- data/lib/contrast/components/agent.rb +16 -15
- data/lib/contrast/components/app_context.rb +11 -29
- data/lib/contrast/components/assess.rb +6 -11
- data/lib/contrast/components/config.rb +3 -2
- data/lib/contrast/components/contrast_service.rb +8 -9
- data/lib/contrast/components/heap_dump.rb +1 -1
- data/lib/contrast/components/interface.rb +4 -3
- data/lib/contrast/components/inventory.rb +1 -1
- data/lib/contrast/components/logger.rb +1 -1
- data/lib/contrast/components/protect.rb +11 -14
- data/lib/contrast/components/sampling.rb +55 -7
- data/lib/contrast/components/scope.rb +2 -1
- data/lib/contrast/components/settings.rb +29 -99
- data/lib/contrast/config.rb +1 -1
- data/lib/contrast/config/agent_configuration.rb +1 -1
- data/lib/contrast/config/application_configuration.rb +1 -1
- data/lib/contrast/config/assess_configuration.rb +1 -1
- data/lib/contrast/config/assess_rules_configuration.rb +2 -4
- data/lib/contrast/config/base_configuration.rb +5 -6
- data/lib/contrast/config/default_value.rb +1 -1
- data/lib/contrast/config/exception_configuration.rb +2 -6
- data/lib/contrast/config/heap_dump_configuration.rb +13 -7
- data/lib/contrast/config/inventory_configuration.rb +1 -1
- data/lib/contrast/config/logger_configuration.rb +2 -6
- data/lib/contrast/config/protect_configuration.rb +1 -1
- data/lib/contrast/config/protect_rule_configuration.rb +23 -1
- data/lib/contrast/config/protect_rules_configuration.rb +1 -1
- data/lib/contrast/config/root_configuration.rb +1 -1
- data/lib/contrast/config/ruby_configuration.rb +1 -1
- data/lib/contrast/config/sampling_configuration.rb +1 -1
- data/lib/contrast/config/server_configuration.rb +1 -1
- data/lib/contrast/config/service_configuration.rb +1 -1
- data/lib/contrast/configuration.rb +4 -15
- data/lib/contrast/delegators/input_analysis.rb +12 -0
- data/lib/contrast/extension/assess.rb +1 -1
- data/lib/contrast/extension/assess/array.rb +2 -7
- data/lib/contrast/extension/assess/erb.rb +2 -8
- data/lib/contrast/extension/assess/eval_trigger.rb +3 -11
- data/lib/contrast/extension/assess/exec_trigger.rb +4 -14
- data/lib/contrast/extension/assess/fiber.rb +3 -13
- data/lib/contrast/extension/assess/hash.rb +1 -1
- data/lib/contrast/extension/assess/kernel.rb +3 -10
- data/lib/contrast/extension/assess/marshal.rb +3 -11
- data/lib/contrast/extension/assess/regexp.rb +2 -7
- data/lib/contrast/extension/assess/string.rb +4 -2
- data/lib/contrast/extension/delegator.rb +1 -1
- data/lib/contrast/extension/inventory.rb +1 -1
- data/lib/contrast/extension/kernel.rb +5 -3
- data/lib/contrast/extension/module.rb +1 -1
- data/lib/contrast/extension/protect.rb +1 -1
- data/lib/contrast/extension/protect/kernel.rb +1 -1
- data/lib/contrast/extension/protect/psych.rb +1 -1
- data/lib/contrast/extension/thread.rb +1 -1
- data/lib/contrast/framework/base_support.rb +1 -1
- data/lib/contrast/framework/manager.rb +14 -17
- data/lib/contrast/framework/platform_version.rb +1 -1
- data/lib/contrast/framework/rack/patch/session_cookie.rb +6 -19
- data/lib/contrast/framework/rack/patch/support.rb +7 -5
- data/lib/contrast/framework/rack/support.rb +1 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
- data/lib/contrast/framework/rails/patch/assess_configuration.rb +8 -3
- data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +4 -4
- data/lib/contrast/framework/rails/patch/support.rb +5 -3
- data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +5 -2
- data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +3 -1
- data/lib/contrast/framework/rails/rewrite/active_record_named.rb +3 -1
- data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +3 -1
- data/lib/contrast/framework/rails/support.rb +45 -46
- data/lib/contrast/framework/sinatra/support.rb +103 -42
- data/lib/contrast/funchook/funchook.rb +2 -6
- data/lib/contrast/logger/application.rb +13 -10
- data/lib/contrast/logger/format.rb +3 -6
- data/lib/contrast/logger/log.rb +36 -19
- data/lib/contrast/logger/request.rb +2 -3
- data/lib/contrast/logger/time.rb +1 -1
- data/lib/contrast/security_exception.rb +2 -2
- data/lib/contrast/tasks/config.rb +1 -1
- data/lib/contrast/tasks/service.rb +6 -2
- data/lib/contrast/utils/assess/sampling_util.rb +1 -1
- data/lib/contrast/utils/assess/tracking_util.rb +2 -3
- data/lib/contrast/utils/class_util.rb +18 -12
- data/lib/contrast/utils/duck_utils.rb +1 -1
- data/lib/contrast/utils/env_configuration_item.rb +1 -1
- data/lib/contrast/utils/hash_digest.rb +16 -24
- data/lib/contrast/utils/heap_dump_util.rb +104 -88
- data/lib/contrast/utils/invalid_configuration_util.rb +22 -13
- data/lib/contrast/utils/inventory_util.rb +1 -1
- data/lib/contrast/utils/io_util.rb +2 -2
- data/lib/contrast/utils/job_servers_running.rb +10 -5
- data/lib/contrast/utils/object_share.rb +1 -1
- data/lib/contrast/utils/os.rb +3 -2
- data/lib/contrast/utils/preflight_util.rb +1 -1
- data/lib/contrast/utils/resource_loader.rb +1 -1
- data/lib/contrast/utils/ruby_ast_rewriter.rb +3 -2
- data/lib/contrast/utils/sha256_builder.rb +1 -1
- data/lib/contrast/utils/stack_trace_utils.rb +1 -1
- data/lib/contrast/utils/string_utils.rb +1 -1
- data/lib/contrast/utils/tag_util.rb +1 -1
- data/lib/contrast/utils/thread_tracker.rb +1 -1
- data/lib/contrast/utils/timer.rb +1 -1
- data/resources/assess/policy.json +8 -11
- data/resources/deadzone/policy.json +7 -17
- data/ruby-agent.gemspec +66 -27
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- data/sonar-project.properties +9 -0
- metadata +154 -156
- data/lib/contrast/agent/assess/rule.rb +0 -18
- data/lib/contrast/agent/assess/rule/base.rb +0 -52
- data/lib/contrast/agent/assess/rule/redos.rb +0 -67
- data/lib/contrast/agent/inventory/gemfile_digest_cache.rb +0 -38
- data/lib/contrast/common_agent_configuration.rb +0 -87
- data/lib/contrast/framework/sinatra/patch/base.rb +0 -83
- data/lib/contrast/framework/sinatra/patch/support.rb +0 -27
- data/lib/contrast/utils/prevent_serialization.rb +0 -52
|
@@ -1,7 +1,9 @@
|
|
|
1
|
-
# Copyright (c)
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require 'rubygems/version'
|
|
5
|
+
require 'contrast/api/decorators/agent_startup'
|
|
6
|
+
require 'contrast/api/decorators/application_startup'
|
|
5
7
|
require 'contrast/utils/object_share'
|
|
6
8
|
|
|
7
9
|
module Contrast
|
|
@@ -35,9 +37,9 @@ module Contrast
|
|
|
35
37
|
end
|
|
36
38
|
end
|
|
37
39
|
|
|
38
|
-
def
|
|
39
|
-
@
|
|
40
|
-
tmp = CONFIG.root.application.name
|
|
40
|
+
def app_name
|
|
41
|
+
@_app_name ||= begin
|
|
42
|
+
tmp = CONFIG.root.application.name # rubocop:disable Security/Module/Name
|
|
41
43
|
tmp = Contrast::Agent.framework_manager.app_name unless Contrast::Utils::StringUtils.present?(tmp)
|
|
42
44
|
tmp = File.basename(Dir.pwd) unless Contrast::Utils::StringUtils.present?(tmp)
|
|
43
45
|
Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_NAME)
|
|
@@ -57,7 +59,7 @@ module Contrast
|
|
|
57
59
|
|
|
58
60
|
def server_name
|
|
59
61
|
@_server_name ||= begin
|
|
60
|
-
tmp = CONFIG.root.server.name
|
|
62
|
+
tmp = CONFIG.root.server.name # rubocop:disable Security/Module/Name
|
|
61
63
|
tmp = Socket.gethostname unless Contrast::Utils::StringUtils.present?(tmp)
|
|
62
64
|
tmp = Contrast::Utils::StringUtils.force_utf8(tmp)
|
|
63
65
|
Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_NAME)
|
|
@@ -77,36 +79,16 @@ module Contrast
|
|
|
77
79
|
end
|
|
78
80
|
|
|
79
81
|
def build_app_startup_message
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
msg.group = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.group
|
|
83
|
-
msg.app_version = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.version.to_s
|
|
84
|
-
msg.code = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.code
|
|
85
|
-
msg.metadata = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.metadata
|
|
86
|
-
# Other fields have limits in TeamServer, the rest don't.
|
|
87
|
-
msg.session_id = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.session_id, truncate: false
|
|
88
|
-
msg.session_metadata = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.session_metadata, truncate: false
|
|
89
|
-
|
|
90
|
-
msg
|
|
82
|
+
Contrast::Api::Dtm::ApplicationCreate.build
|
|
91
83
|
end
|
|
92
84
|
|
|
93
85
|
def build_agent_startup_message
|
|
94
|
-
msg = Contrast::Api::Dtm::AgentStartup.
|
|
95
|
-
msg.server_name = Contrast::Utils::StringUtils.protobuf_format server_name
|
|
96
|
-
msg.server_path = Contrast::Utils::StringUtils.protobuf_format server_path
|
|
97
|
-
msg.server_type = Contrast::Utils::StringUtils.protobuf_format server_type
|
|
98
|
-
msg.server_version = Contrast::Agent::VERSION
|
|
99
|
-
msg.version = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.version
|
|
100
|
-
msg.environment = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.environment
|
|
101
|
-
msg.server_tags = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.tags
|
|
102
|
-
msg.application_tags = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.tags
|
|
103
|
-
msg.library_tags = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.inventory.tags
|
|
104
|
-
msg.finding_tags = Contrast::Utils::StringUtils.protobuf_format ASSESS.tags
|
|
86
|
+
msg = Contrast::Api::Dtm::AgentStartup.build(server_name, server_path, server_type)
|
|
105
87
|
logger.info('Application context',
|
|
106
88
|
server_name: msg.server_name,
|
|
107
89
|
server_path: msg.server_path,
|
|
108
90
|
server_type: msg.server_type,
|
|
109
|
-
application_name:
|
|
91
|
+
application_name: app_name,
|
|
110
92
|
application_path: path,
|
|
111
93
|
application_language: Contrast::Utils::ObjectShare::RUBY)
|
|
112
94
|
|
|
@@ -126,7 +108,7 @@ module Contrast
|
|
|
126
108
|
end
|
|
127
109
|
|
|
128
110
|
def client_id
|
|
129
|
-
@_client_id ||= [
|
|
111
|
+
@_client_id ||= [app_name, pgid].join('-')
|
|
130
112
|
end
|
|
131
113
|
|
|
132
114
|
def instrument_middleware_stack?
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c)
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
module Contrast
|
|
@@ -19,7 +19,7 @@ module Contrast
|
|
|
19
19
|
return false if forcibly_disabled?
|
|
20
20
|
return true if forcibly_enabled?
|
|
21
21
|
|
|
22
|
-
SETTINGS.
|
|
22
|
+
SETTINGS.assess_state.enabled == true
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
def tainted_columns
|
|
@@ -58,10 +58,9 @@ module Contrast
|
|
|
58
58
|
# node types (SourceNode, PolicyNode, TriggerNode, PropagationNode)
|
|
59
59
|
#
|
|
60
60
|
# @param policy_node [Contrast::Agent::Assess::Policy::PolicyNode] The node in question.
|
|
61
|
-
# @
|
|
61
|
+
# @return [Boolean] to capture or not to capture, that is the question.
|
|
62
62
|
def capture_stacktrace? policy_node
|
|
63
63
|
return true if capture_stacktrace_value == :ALL
|
|
64
|
-
|
|
65
64
|
return false if capture_stacktrace_value == :NONE
|
|
66
65
|
|
|
67
66
|
# Below here capture_stacktrace_value must be :SOME.
|
|
@@ -90,8 +89,9 @@ module Contrast
|
|
|
90
89
|
CONFIG.root.assess&.tags
|
|
91
90
|
end
|
|
92
91
|
|
|
93
|
-
def
|
|
94
|
-
|
|
92
|
+
def disabled_rules
|
|
93
|
+
# TODO: RUBY-903
|
|
94
|
+
CONFIG.root.assess&.rules&.disabled_rules || SETTINGS.assess_state.disabled_assess_rules || []
|
|
95
95
|
end
|
|
96
96
|
|
|
97
97
|
private
|
|
@@ -100,11 +100,6 @@ module Contrast
|
|
|
100
100
|
@_forcibly_enabled = true?(CONFIG.root.assess.enable) if @_forcibly_enabled.nil?
|
|
101
101
|
@_forcibly_enabled
|
|
102
102
|
end
|
|
103
|
-
|
|
104
|
-
def disabled_rules
|
|
105
|
-
# TODO: RUBY-903
|
|
106
|
-
CONFIG.root.assess&.rules&.disabled_rules || SETTINGS.disabled_assess_rules || []
|
|
107
|
-
end
|
|
108
103
|
end
|
|
109
104
|
|
|
110
105
|
COMPONENT_INTERFACE = Interface.new
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c)
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require 'contrast/utils/env_configuration_item'
|
|
@@ -56,7 +56,8 @@ module Contrast
|
|
|
56
56
|
|
|
57
57
|
private
|
|
58
58
|
|
|
59
|
-
SESSION_VARIABLES =
|
|
59
|
+
SESSION_VARIABLES = 'Invalid configuration. '\
|
|
60
|
+
"Setting both application.session_id and application.session_metadata is not allowed.\n"
|
|
60
61
|
def validate log: false
|
|
61
62
|
# The config has information about how to construct the logger.
|
|
62
63
|
# If the config is invalid, and you want to know about it, then
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c)
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require 'monitor'
|
|
@@ -25,14 +25,13 @@ module Contrast
|
|
|
25
25
|
def use_bundled_service?
|
|
26
26
|
# Validates the config to decide if it's suitable for starting
|
|
27
27
|
# the bundled service
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
end
|
|
28
|
+
|
|
29
|
+
# Requirement says "must be true" but that
|
|
30
|
+
# should be "must not be false" -- oops.
|
|
31
|
+
@_use_bundled_service ||= !false?(CONFIG.root.agent.start_bundled_service) &&
|
|
32
|
+
# Either a valid host or a valid socket
|
|
33
|
+
# Path validity is the service's problem
|
|
34
|
+
(LOCALHOST.match?(host) || !!socket_path)
|
|
36
35
|
end
|
|
37
36
|
|
|
38
37
|
def host
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c)
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
module Contrast
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c)
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require 'delegate'
|
|
@@ -134,7 +134,7 @@ module Contrast
|
|
|
134
134
|
if (mods = component_map[sym]) # rubocop:disable Style/GuardClause
|
|
135
135
|
# We may support multiple components via one access request.
|
|
136
136
|
mods.each do |m|
|
|
137
|
-
name = Contrast::Components.component_const_name(m.
|
|
137
|
+
name = Contrast::Components.component_const_name(m.cs__name)
|
|
138
138
|
cs__const_set(name, m::COMPONENT_INTERFACE) if m.cs__const_defined?(:COMPONENT_INTERFACE)
|
|
139
139
|
include m::InstanceMethods if m.cs__const_defined?(:InstanceMethods, false)
|
|
140
140
|
extend m::ClassMethods if m.cs__const_defined?(:ClassMethods, false)
|
|
@@ -181,7 +181,8 @@ require 'contrast/components/agent'
|
|
|
181
181
|
Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:agent] = [Contrast::Components::Agent]
|
|
182
182
|
|
|
183
183
|
require 'contrast/components/contrast_service'
|
|
184
|
-
Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:contrast_service] =
|
|
184
|
+
Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:contrast_service] =
|
|
185
|
+
[Contrast::Components::ContrastService]
|
|
185
186
|
|
|
186
187
|
require 'contrast/components/app_context'
|
|
187
188
|
Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:app_context] = [Contrast::Components::AppContext]
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c)
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
module Contrast
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c)
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require 'contrast/logger/log'
|
|
@@ -1,14 +1,11 @@
|
|
|
1
|
-
# Copyright (c)
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
module Contrast
|
|
5
5
|
module Components
|
|
6
6
|
module Protect
|
|
7
|
-
# A wrapper build around the Common Agent Configuration project to allow
|
|
8
|
-
# for
|
|
9
|
-
# parent_configuration_spec.yaml.
|
|
10
|
-
# Specifically, this allows for querying the state of the Protect
|
|
11
|
-
# product.
|
|
7
|
+
# A wrapper build around the Common Agent Configuration project to allow for access of the values contained in
|
|
8
|
+
# its parent_configuration_spec.yaml. Specifically, this allows for querying the state of the Protect product.
|
|
12
9
|
class Interface
|
|
13
10
|
include Contrast::Components::ComponentBase
|
|
14
11
|
include Contrast::Components::Interface
|
|
@@ -20,7 +17,7 @@ module Contrast
|
|
|
20
17
|
return false if forcibly_disabled?
|
|
21
18
|
return true if forcibly_enabled?
|
|
22
19
|
|
|
23
|
-
SETTINGS.
|
|
20
|
+
SETTINGS.protect_state.enabled == true
|
|
24
21
|
end
|
|
25
22
|
|
|
26
23
|
def rule_config
|
|
@@ -28,15 +25,17 @@ module Contrast
|
|
|
28
25
|
end
|
|
29
26
|
|
|
30
27
|
def rules
|
|
31
|
-
SETTINGS.
|
|
28
|
+
SETTINGS.protect_state.rules
|
|
32
29
|
end
|
|
33
30
|
|
|
34
31
|
def rule_mode rule_id
|
|
35
|
-
CONFIG.root.protect.rules[rule_id]&.
|
|
32
|
+
CONFIG.root.protect.rules[rule_id]&.applicable_mode ||
|
|
33
|
+
SETTINGS.application_state.modes_by_id[rule_id] ||
|
|
34
|
+
Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION
|
|
36
35
|
end
|
|
37
36
|
|
|
38
37
|
def rule name
|
|
39
|
-
SETTINGS.
|
|
38
|
+
SETTINGS.protect_state.rules[name]
|
|
40
39
|
end
|
|
41
40
|
|
|
42
41
|
def report_any_command_execution?
|
|
@@ -56,15 +55,13 @@ module Contrast
|
|
|
56
55
|
end
|
|
57
56
|
|
|
58
57
|
def forcibly_disabled?
|
|
59
|
-
@_forcibly_disabled
|
|
60
|
-
@_forcibly_disabled
|
|
58
|
+
@_forcibly_disabled ||= false?(CONFIG.root.protect.enable)
|
|
61
59
|
end
|
|
62
60
|
|
|
63
61
|
private
|
|
64
62
|
|
|
65
63
|
def forcibly_enabled?
|
|
66
|
-
@_forcibly_enabled
|
|
67
|
-
@_forcibly_enabled
|
|
64
|
+
@_forcibly_enabled ||= true?(CONFIG.root.protect.enable)
|
|
68
65
|
end
|
|
69
66
|
end
|
|
70
67
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c)
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
module Contrast
|
|
@@ -25,14 +25,14 @@ module Contrast
|
|
|
25
25
|
|
|
26
26
|
def sampling_control
|
|
27
27
|
@_sampling_control ||= begin
|
|
28
|
-
|
|
28
|
+
config_settings = CONFIG.root.assess&.sampling
|
|
29
29
|
settings = SETTINGS&.assess_state&.[](:sampling_settings)
|
|
30
30
|
{
|
|
31
|
-
enabled:
|
|
32
|
-
baseline:
|
|
33
|
-
request_frequency:
|
|
34
|
-
response_frequency:
|
|
35
|
-
window:
|
|
31
|
+
enabled: enabled?(config_settings, settings),
|
|
32
|
+
baseline: baseline(config_settings, settings),
|
|
33
|
+
request_frequency: request_frequency(config_settings, settings),
|
|
34
|
+
response_frequency: response_frequency(config_settings, settings),
|
|
35
|
+
window: window(config_settings, settings)
|
|
36
36
|
}
|
|
37
37
|
end
|
|
38
38
|
end
|
|
@@ -41,6 +41,54 @@ module Contrast
|
|
|
41
41
|
def reset_sampling_control
|
|
42
42
|
@_sampling_control = nil
|
|
43
43
|
end
|
|
44
|
+
|
|
45
|
+
private
|
|
46
|
+
|
|
47
|
+
# @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
|
|
48
|
+
# local user input
|
|
49
|
+
# @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
|
|
50
|
+
# @return [Boolean] the resolution of the config_settings, settings, and default value
|
|
51
|
+
def enabled? config_settings, settings
|
|
52
|
+
true?([config_settings&.enable, settings&.enabled, DEFAULT_SAMPLING_ENABLED].reject(&:nil?)[0])
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
# @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
|
|
56
|
+
# local user input
|
|
57
|
+
# @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
|
|
58
|
+
# @return [Integer] the resolution of the config_settings, settings, and default value
|
|
59
|
+
def baseline config_settings, settings
|
|
60
|
+
[config_settings&.baseline, settings&.baseline, DEFAULT_SAMPLING_BASELINE].map(&:to_i).find(&:positive?)
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
# @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
|
|
64
|
+
# local user input
|
|
65
|
+
# @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
|
|
66
|
+
# @return [Integer] the resolution of the config_settings, settings, and default value
|
|
67
|
+
def request_frequency config_settings, settings
|
|
68
|
+
[
|
|
69
|
+
config_settings&.request_frequency, settings&.request_frequency,
|
|
70
|
+
DEFAULT_SAMPLING_REQUEST_FREQUENCY
|
|
71
|
+
].map(&:to_i).find(&:positive?)
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
# @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
|
|
75
|
+
# local user input
|
|
76
|
+
# @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
|
|
77
|
+
# @return [Integer] the resolution of the config_settings, settings, and default value
|
|
78
|
+
def response_frequency config_settings, settings
|
|
79
|
+
[
|
|
80
|
+
config_settings&.response_frequency, settings&.response_frequency,
|
|
81
|
+
DEFAULT_SAMPLING_RESPONSE_FREQUENCY
|
|
82
|
+
].map(&:to_i).find(&:positive?)
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
# @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
|
|
86
|
+
# local user input
|
|
87
|
+
# @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
|
|
88
|
+
# @return [Integer] the resolution of the config_settings, settings, and default value
|
|
89
|
+
def window config_settings, settings
|
|
90
|
+
[config_settings&.window_ms, settings&.window_ms, DEFAULT_SAMPLING_WINDOW_MS].map(&:to_i).find(&:positive?)
|
|
91
|
+
end
|
|
44
92
|
end
|
|
45
93
|
|
|
46
94
|
module InstanceMethods #:nodoc:
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Copyright (c)
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require 'fiber'
|
|
@@ -109,6 +109,7 @@ module Contrast
|
|
|
109
109
|
|
|
110
110
|
def with_deserialization_scope
|
|
111
111
|
scope_for_current_ec.enter_deserialization_scope!
|
|
112
|
+
yield
|
|
112
113
|
ensure
|
|
113
114
|
scope_for_current_ec.exit_deserialization_scope!
|
|
114
115
|
end
|
|
@@ -1,6 +1,8 @@
|
|
|
1
|
-
# Copyright (c)
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require 'contrast/api/settings.pb'
|
|
5
|
+
|
|
4
6
|
module Contrast
|
|
5
7
|
module Components
|
|
6
8
|
# This component encapsulates the statefulness of settings.
|
|
@@ -8,133 +10,61 @@ module Contrast
|
|
|
8
10
|
# directives (likely provided by TeamServer) about product operation.
|
|
9
11
|
# 'Settings' is not a generic term for 'configurable stuff'.
|
|
10
12
|
module Settings
|
|
13
|
+
APPLICATION_STATE_BASE = Struct.new(:modes_by_id, :exclusion_matchers).
|
|
14
|
+
new(Hash.new(Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION), [])
|
|
15
|
+
PROTECT_STATE_BASE = Struct.new(:enabled, :rules).new(false, {})
|
|
16
|
+
ASSESS_STATE_BASE = Struct.new(:enabled, :sampling_settings, :disabled_assess_rules).new(false, nil, []) do
|
|
17
|
+
def sampling_settings= new_val
|
|
18
|
+
@sampling_settings = new_val
|
|
19
|
+
Contrast::Utils::Assess::SamplingUtil.instance.update
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
11
23
|
# This is a class.
|
|
12
24
|
class Interface
|
|
13
25
|
include Contrast::Components::ComponentBase
|
|
14
26
|
include Contrast::Components::Interface
|
|
15
27
|
access_component :config
|
|
16
28
|
|
|
17
|
-
attr_reader :assess_rules,
|
|
18
|
-
:protect_rules
|
|
19
|
-
|
|
20
|
-
# Other stateful information that doesn't yet cleanly fit anywhere:
|
|
21
|
-
|
|
22
29
|
# tainted_columns are database columns that receive unsanitized input.
|
|
23
|
-
# this statefulness
|
|
24
30
|
attr_reader :tainted_columns # This can probably go into assess_state?
|
|
25
|
-
|
|
26
|
-
# These three 'state' variables represent atomic config/setting state,
|
|
27
|
-
# outside of things like rule defs.
|
|
28
|
-
|
|
29
|
-
def assess_state
|
|
30
|
-
@assess_state ||= { # rubocop:disable Naming/MemoizedInstanceVariableName
|
|
31
|
-
enabled: false,
|
|
32
|
-
sampling_features: nil
|
|
33
|
-
}
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
def protect_state
|
|
37
|
-
@protect_state ||= { # rubocop:disable Naming/MemoizedInstanceVariableName
|
|
38
|
-
enabled: false
|
|
39
|
-
}
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
def application_state
|
|
43
|
-
@application_state ||= { # rubocop:disable Naming/MemoizedInstanceVariableName
|
|
44
|
-
modes_by_id: Hash.new(:NO_ACTION),
|
|
45
|
-
exclusion_matchers: [],
|
|
46
|
-
disabled_assess_rules: []
|
|
47
|
-
}
|
|
48
|
-
end
|
|
49
|
-
|
|
50
|
-
# These are settings that we receive & store.
|
|
51
|
-
# Rules are settings too, but they're more involved.
|
|
52
|
-
# So, between this block and rules, that's setting state.
|
|
53
|
-
PROTECT_STATE_ATTRS = %i[].cs__freeze
|
|
54
|
-
ASSESS_STATE_ATTRS = %i[sampling_features].cs__freeze
|
|
55
|
-
APPLICATION_STATE_ATTRS = %i[modes_by_id exclusion_matchers disabled_assess_rules].cs__freeze
|
|
56
|
-
|
|
57
|
-
# Meta-define an accessor for each state attribute.
|
|
58
|
-
|
|
59
|
-
PROTECT_STATE_ATTRS.each do |attr|
|
|
60
|
-
# TODO: RUBY-1052
|
|
61
|
-
define_method(attr) do # rubocop:disable Performance/Kernel/DefineMethod
|
|
62
|
-
protect_state[attr]
|
|
63
|
-
end
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
ASSESS_STATE_ATTRS.each do |attr|
|
|
67
|
-
# TODO: RUBY-1052
|
|
68
|
-
define_method(attr) do # rubocop:disable Performance/Kernel/DefineMethod
|
|
69
|
-
assess_state[attr]
|
|
70
|
-
end
|
|
71
|
-
end
|
|
72
|
-
|
|
73
|
-
APPLICATION_STATE_ATTRS.each do |attr|
|
|
74
|
-
# TODO: RUBY-1052
|
|
75
|
-
define_method(attr) do # rubocop:disable Performance/Kernel/DefineMethod
|
|
76
|
-
application_state[attr]
|
|
77
|
-
end
|
|
78
|
-
end
|
|
31
|
+
attr_reader :assess_state, :protect_state, :application_state
|
|
79
32
|
|
|
80
33
|
def initialize
|
|
81
34
|
reset_state
|
|
82
35
|
end
|
|
83
36
|
|
|
84
|
-
def protect_enabled?
|
|
85
|
-
@_protect_enabled = !!protect_state[:enabled] if @_protect_enabled.nil?
|
|
86
|
-
@_protect_enabled
|
|
87
|
-
end
|
|
88
|
-
|
|
89
|
-
def assess_enabled?
|
|
90
|
-
@_assess_enabled = !!assess_state[:enabled] if @_assess_enabled.nil?
|
|
91
|
-
@_assess_enabled
|
|
92
|
-
end
|
|
93
|
-
|
|
94
37
|
def code_exclusions
|
|
95
|
-
exclusion_matchers.select(&:code?)
|
|
38
|
+
@application_state.exclusion_matchers.select(&:code?)
|
|
96
39
|
end
|
|
97
40
|
|
|
41
|
+
# @param server_features [Contrast::Api::Settings::ServerFeatures]
|
|
98
42
|
def update_from_server_features server_features
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
@
|
|
102
|
-
protect_state[:enabled] = server_features.protect_enabled?
|
|
103
|
-
|
|
104
|
-
# assess
|
|
105
|
-
|
|
106
|
-
@_assess_enabled = nil
|
|
107
|
-
assess_state[:enabled] = server_features.assess_enabled?
|
|
108
|
-
assess_state[:sampling_settings] = server_features.assess.sampling
|
|
109
|
-
Contrast::Utils::Assess::SamplingUtil.instance.update
|
|
43
|
+
@protect_state.enabled = server_features.protect_enabled?
|
|
44
|
+
@assess_state.enabled = server_features.assess_enabled?
|
|
45
|
+
@assess_state.sampling_settings = server_features.assess.sampling
|
|
110
46
|
end
|
|
111
47
|
|
|
48
|
+
# @param application_settings [Contrast::Api::Settings::ApplicationSettings]
|
|
112
49
|
def update_from_application_settings application_settings
|
|
113
|
-
|
|
50
|
+
new_vals = application_settings.application_state_translation
|
|
51
|
+
@application_state.modes_by_id = new_vals[:modes_by_id]
|
|
52
|
+
@application_state.exclusion_matchers = new_vals[:exclusion_matchers]
|
|
53
|
+
@assess_state.disabled_assess_rules = new_vals[:disabled_assess_rules]
|
|
114
54
|
end
|
|
115
55
|
|
|
116
56
|
# Wipe state to zero.
|
|
117
57
|
def reset_state
|
|
118
|
-
@
|
|
119
|
-
@
|
|
120
|
-
|
|
58
|
+
@protect_state = PROTECT_STATE_BASE.dup
|
|
59
|
+
@assess_state = ASSESS_STATE_BASE.dup
|
|
60
|
+
@application_state = APPLICATION_STATE_BASE.dup
|
|
121
61
|
@tainted_columns = {}
|
|
122
|
-
|
|
123
|
-
@assess_state = nil
|
|
124
|
-
@protect_state = nil
|
|
125
|
-
@application_state = nil
|
|
126
|
-
end
|
|
127
|
-
|
|
128
|
-
def build_assess_rules
|
|
129
|
-
@assess_rules = {}
|
|
130
|
-
|
|
131
|
-
Contrast::Agent::Assess::Rule::Redos.new
|
|
132
62
|
end
|
|
133
63
|
|
|
134
64
|
def build_protect_rules
|
|
135
|
-
@
|
|
65
|
+
@protect_state.rules = {}
|
|
136
66
|
|
|
137
|
-
#
|
|
67
|
+
# Rules. They add themselves on initialize.
|
|
138
68
|
Contrast::Agent::Protect::Rule::CmdInjection.new
|
|
139
69
|
Contrast::Agent::Protect::Rule::Deserialization.new
|
|
140
70
|
Contrast::Agent::Protect::Rule::HttpMethodTampering.new
|