RubyGems - contrast-agent - Versions diffs - 4.3.2 → 4.7.0 - Mend

contrast-agent 4.3.2 → 4.7.0

Files changed (317) hide show

checksums.yaml +4 -4
data/.gitmodules +1 -1
data/.simplecov +1 -1
data/Gemfile +1 -1
data/LICENSE.txt +1 -1
data/Rakefile +2 -3
data/exe/contrast_service +1 -1
data/ext/build_funchook.rb +4 -4
data/ext/cs__assess_active_record_named/cs__active_record_named.c +1 -1
data/ext/cs__assess_active_record_named/extconf.rb +1 -1
data/ext/cs__assess_array/cs__assess_array.c +1 -1
data/ext/cs__assess_array/extconf.rb +1 -1
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +1 -1
data/ext/cs__assess_basic_object/extconf.rb +1 -1
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
data/ext/cs__assess_fiber_track/extconf.rb +1 -1
data/ext/cs__assess_hash/cs__assess_hash.c +4 -2
data/ext/cs__assess_hash/extconf.rb +1 -1
data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -1
data/ext/cs__assess_kernel/extconf.rb +1 -1
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +1 -1
data/ext/cs__assess_marshal_module/extconf.rb +1 -1
data/ext/cs__assess_module/cs__assess_module.c +1 -1
data/ext/cs__assess_module/extconf.rb +1 -1
data/ext/cs__assess_regexp/cs__assess_regexp.c +1 -1
data/ext/cs__assess_regexp/extconf.rb +1 -1
data/ext/cs__assess_string/cs__assess_string.c +1 -1
data/ext/cs__assess_string/extconf.rb +1 -1
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +1 -1
data/ext/cs__assess_string_interpolation26/extconf.rb +1 -1
data/ext/cs__assess_yield_track/cs__assess_yield_track.c +1 -1
data/ext/cs__assess_yield_track/extconf.rb +1 -1
data/ext/cs__common/cs__common.c +5 -5
data/ext/cs__common/cs__common.h +4 -4
data/ext/cs__common/extconf.rb +1 -1
data/ext/cs__contrast_patch/cs__contrast_patch.c +22 -25
data/ext/cs__contrast_patch/extconf.rb +1 -1
data/ext/cs__protect_kernel/cs__protect_kernel.c +1 -1
data/ext/cs__protect_kernel/extconf.rb +1 -1
data/ext/extconf_common.rb +2 -6
data/lib/contrast-agent.rb +1 -1
data/lib/contrast.rb +20 -1
data/lib/contrast/agent.rb +6 -4
data/lib/contrast/agent/assess.rb +2 -11
data/lib/contrast/agent/assess/contrast_event.rb +54 -71
data/lib/contrast/agent/assess/contrast_object.rb +7 -4
data/lib/contrast/agent/assess/events/event_factory.rb +3 -2
data/lib/contrast/agent/assess/events/source_event.rb +7 -2
data/lib/contrast/agent/assess/finalizers/freeze.rb +1 -1
data/lib/contrast/agent/assess/finalizers/hash.rb +33 -34
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +34 -16
data/lib/contrast/agent/assess/policy/patcher.rb +11 -18
data/lib/contrast/agent/assess/policy/policy.rb +1 -1
data/lib/contrast/agent/assess/policy/policy_node.rb +26 -34
data/lib/contrast/agent/assess/policy/policy_scanner.rb +1 -1
data/lib/contrast/agent/assess/policy/preshift.rb +4 -2
data/lib/contrast/agent/assess/policy/propagation_method.rb +32 -30
data/lib/contrast/agent/assess/policy/propagation_node.rb +20 -9
data/lib/contrast/agent/assess/policy/propagator.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/append.rb +29 -14
data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/center.rb +3 -2
data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +22 -17
data/lib/contrast/agent/assess/policy/propagator/insert.rb +4 -2
data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/match_data.rb +3 -2
data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/remove.rb +23 -19
data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/select.rb +3 -13
data/lib/contrast/agent/assess/policy/propagator/splat.rb +24 -14
data/lib/contrast/agent/assess/policy/propagator/split.rb +18 -15
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +32 -22
data/lib/contrast/agent/assess/policy/propagator/trim.rb +64 -45
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +7 -4
data/lib/contrast/agent/assess/policy/source_method.rb +92 -81
data/lib/contrast/agent/assess/policy/source_node.rb +1 -1
data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +8 -6
data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +2 -4
data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +7 -3
data/lib/contrast/agent/assess/policy/trigger/xpath.rb +7 -8
data/lib/contrast/agent/assess/policy/trigger_method.rb +109 -76
data/lib/contrast/agent/assess/policy/trigger_node.rb +33 -11
data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +60 -0
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +3 -5
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +7 -5
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +4 -13
data/lib/contrast/agent/assess/properties.rb +1 -3
data/lib/contrast/agent/assess/property/evented.rb +9 -6
data/lib/contrast/agent/assess/property/tagged.rb +38 -20
data/lib/contrast/agent/assess/property/updated.rb +1 -1
data/lib/contrast/agent/assess/rule/provider.rb +1 -1
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +12 -6
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +5 -2
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +4 -6
data/lib/contrast/agent/assess/tag.rb +1 -1
data/lib/contrast/agent/assess/tracker.rb +2 -2
data/lib/contrast/agent/at_exit_hook.rb +1 -1
data/lib/contrast/agent/class_reopener.rb +4 -2
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +1 -1
data/lib/contrast/agent/deadzone/policy/policy.rb +7 -3
data/lib/contrast/agent/disable_reaction.rb +2 -4
data/lib/contrast/agent/exclusion_matcher.rb +6 -12
data/lib/contrast/agent/inventory.rb +1 -2
data/lib/contrast/agent/inventory/dependencies.rb +3 -1
data/lib/contrast/agent/inventory/dependency_analysis.rb +1 -1
data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +35 -23
data/lib/contrast/agent/inventory/policy/datastores.rb +1 -1
data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
data/lib/contrast/agent/inventory/policy/trigger_node.rb +1 -1
data/lib/contrast/agent/middleware.rb +111 -110
data/lib/contrast/agent/module_data.rb +4 -4
data/lib/contrast/agent/patching/policy/after_load_patch.rb +1 -1
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +9 -4
data/lib/contrast/agent/patching/policy/method_policy.rb +7 -3
data/lib/contrast/agent/patching/policy/module_policy.rb +15 -8
data/lib/contrast/agent/patching/policy/patch.rb +23 -29
data/lib/contrast/agent/patching/policy/patch_status.rb +8 -9
data/lib/contrast/agent/patching/policy/patcher.rb +72 -64
data/lib/contrast/agent/patching/policy/policy.rb +14 -21
data/lib/contrast/agent/patching/policy/policy_node.rb +15 -5
data/lib/contrast/agent/patching/policy/trigger_node.rb +26 -10
data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +3 -4
data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +6 -10
data/lib/contrast/agent/protect/policy/policy.rb +1 -1
data/lib/contrast/agent/protect/policy/rule_applicator.rb +6 -6
data/lib/contrast/agent/protect/policy/trigger_node.rb +1 -1
data/lib/contrast/agent/protect/rule.rb +1 -1
data/lib/contrast/agent/protect/rule/base.rb +19 -33
data/lib/contrast/agent/protect/rule/base_service.rb +10 -6
data/lib/contrast/agent/protect/rule/cmd_injection.rb +15 -19
data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/deserialization.rb +7 -14
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +4 -15
data/lib/contrast/agent/protect/rule/no_sqli.rb +7 -3
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +2 -4
data/lib/contrast/agent/protect/rule/path_traversal.rb +6 -6
data/lib/contrast/agent/protect/rule/sqli.rb +19 -13
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -2
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +2 -2
data/lib/contrast/agent/protect/rule/xss.rb +2 -2
data/lib/contrast/agent/protect/rule/xxe.rb +6 -13
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +2 -3
data/lib/contrast/agent/railtie.rb +1 -1
data/lib/contrast/agent/reaction_processor.rb +12 -11
data/lib/contrast/agent/request.rb +25 -24
data/lib/contrast/agent/request_context.rb +25 -23
data/lib/contrast/agent/request_handler.rb +1 -1
data/lib/contrast/agent/response.rb +1 -1
data/lib/contrast/agent/rewriter.rb +6 -4
data/lib/contrast/agent/rule_set.rb +3 -3
data/lib/contrast/agent/scope.rb +1 -1
data/lib/contrast/agent/service_heartbeat.rb +3 -4
data/lib/contrast/agent/static_analysis.rb +1 -1
data/lib/contrast/agent/thread.rb +2 -2
data/lib/contrast/agent/thread_watcher.rb +21 -6
data/lib/contrast/agent/tracepoint_hook.rb +2 -2
data/lib/contrast/agent/version.rb +2 -2
data/lib/contrast/agent/worker_thread.rb +1 -1
data/lib/contrast/api.rb +1 -1
data/lib/contrast/api/communication.rb +1 -1
data/lib/contrast/api/communication/connection_status.rb +1 -1
data/lib/contrast/api/communication/messaging_queue.rb +19 -22
data/lib/contrast/api/communication/response_processor.rb +13 -8
data/lib/contrast/api/communication/service_lifecycle.rb +5 -3
data/lib/contrast/api/communication/socket.rb +1 -1
data/lib/contrast/api/communication/socket_client.rb +30 -35
data/lib/contrast/api/communication/speedracer.rb +6 -10
data/lib/contrast/api/communication/tcp_socket.rb +1 -1
data/lib/contrast/api/communication/unix_socket.rb +1 -1
data/lib/contrast/api/decorators.rb +3 -1
data/lib/contrast/api/decorators/address.rb +1 -1
data/lib/contrast/api/decorators/agent_startup.rb +58 -0
data/lib/contrast/api/decorators/application_settings.rb +1 -1
data/lib/contrast/api/decorators/application_startup.rb +57 -0
data/lib/contrast/api/decorators/application_update.rb +1 -1
data/lib/contrast/api/decorators/http_request.rb +1 -1
data/lib/contrast/api/decorators/input_analysis.rb +1 -1
data/lib/contrast/api/decorators/instrumentation_mode.rb +37 -0
data/lib/contrast/api/decorators/library.rb +9 -7
data/lib/contrast/api/decorators/library_usage_update.rb +1 -1
data/lib/contrast/api/decorators/message.rb +4 -4
data/lib/contrast/api/decorators/rasp_rule_sample.rb +1 -1
data/lib/contrast/api/decorators/route_coverage.rb +16 -6
data/lib/contrast/api/decorators/server_features.rb +1 -1
data/lib/contrast/api/decorators/trace_event.rb +46 -16
data/lib/contrast/api/decorators/trace_event_object.rb +2 -4
data/lib/contrast/api/decorators/trace_event_signature.rb +1 -1
data/lib/contrast/api/decorators/trace_taint_range.rb +1 -1
data/lib/contrast/api/decorators/trace_taint_range_tags.rb +2 -7
data/lib/contrast/api/decorators/user_input.rb +1 -1
data/lib/contrast/components/agent.rb +16 -15
data/lib/contrast/components/app_context.rb +11 -29
data/lib/contrast/components/assess.rb +6 -11
data/lib/contrast/components/config.rb +3 -2
data/lib/contrast/components/contrast_service.rb +8 -9
data/lib/contrast/components/heap_dump.rb +1 -1
data/lib/contrast/components/interface.rb +4 -3
data/lib/contrast/components/inventory.rb +1 -1
data/lib/contrast/components/logger.rb +1 -1
data/lib/contrast/components/protect.rb +11 -14
data/lib/contrast/components/sampling.rb +55 -7
data/lib/contrast/components/scope.rb +2 -1
data/lib/contrast/components/settings.rb +29 -99
data/lib/contrast/config.rb +1 -1
data/lib/contrast/config/agent_configuration.rb +1 -1
data/lib/contrast/config/application_configuration.rb +1 -1
data/lib/contrast/config/assess_configuration.rb +1 -1
data/lib/contrast/config/assess_rules_configuration.rb +2 -4
data/lib/contrast/config/base_configuration.rb +5 -6
data/lib/contrast/config/default_value.rb +1 -1
data/lib/contrast/config/exception_configuration.rb +2 -6
data/lib/contrast/config/heap_dump_configuration.rb +13 -7
data/lib/contrast/config/inventory_configuration.rb +1 -1
data/lib/contrast/config/logger_configuration.rb +2 -6
data/lib/contrast/config/protect_configuration.rb +1 -1
data/lib/contrast/config/protect_rule_configuration.rb +23 -1
data/lib/contrast/config/protect_rules_configuration.rb +1 -1
data/lib/contrast/config/root_configuration.rb +1 -1
data/lib/contrast/config/ruby_configuration.rb +1 -1
data/lib/contrast/config/sampling_configuration.rb +1 -1
data/lib/contrast/config/server_configuration.rb +1 -1
data/lib/contrast/config/service_configuration.rb +1 -1
data/lib/contrast/configuration.rb +4 -15
data/lib/contrast/delegators/input_analysis.rb +12 -0
data/lib/contrast/extension/assess.rb +1 -1
data/lib/contrast/extension/assess/array.rb +2 -7
data/lib/contrast/extension/assess/erb.rb +2 -8
data/lib/contrast/extension/assess/eval_trigger.rb +3 -11
data/lib/contrast/extension/assess/exec_trigger.rb +4 -14
data/lib/contrast/extension/assess/fiber.rb +3 -13
data/lib/contrast/extension/assess/hash.rb +1 -1
data/lib/contrast/extension/assess/kernel.rb +3 -10
data/lib/contrast/extension/assess/marshal.rb +3 -11
data/lib/contrast/extension/assess/regexp.rb +2 -7
data/lib/contrast/extension/assess/string.rb +4 -2
data/lib/contrast/extension/delegator.rb +1 -1
data/lib/contrast/extension/inventory.rb +1 -1
data/lib/contrast/extension/kernel.rb +5 -3
data/lib/contrast/extension/module.rb +1 -1
data/lib/contrast/extension/protect.rb +1 -1
data/lib/contrast/extension/protect/kernel.rb +1 -1
data/lib/contrast/extension/protect/psych.rb +1 -1
data/lib/contrast/extension/thread.rb +1 -1
data/lib/contrast/framework/base_support.rb +1 -1
data/lib/contrast/framework/manager.rb +14 -17
data/lib/contrast/framework/platform_version.rb +1 -1
data/lib/contrast/framework/rack/patch/session_cookie.rb +6 -19
data/lib/contrast/framework/rack/patch/support.rb +7 -5
data/lib/contrast/framework/rack/support.rb +1 -1
data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
data/lib/contrast/framework/rails/patch/assess_configuration.rb +8 -3
data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +4 -4
data/lib/contrast/framework/rails/patch/support.rb +5 -3
data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +5 -2
data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +3 -1
data/lib/contrast/framework/rails/rewrite/active_record_named.rb +3 -1
data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +3 -1
data/lib/contrast/framework/rails/support.rb +45 -46
data/lib/contrast/framework/sinatra/support.rb +103 -42
data/lib/contrast/funchook/funchook.rb +2 -6
data/lib/contrast/logger/application.rb +13 -10
data/lib/contrast/logger/format.rb +3 -6
data/lib/contrast/logger/log.rb +36 -19
data/lib/contrast/logger/request.rb +2 -3
data/lib/contrast/logger/time.rb +1 -1
data/lib/contrast/security_exception.rb +2 -2
data/lib/contrast/tasks/config.rb +1 -1
data/lib/contrast/tasks/service.rb +6 -2
data/lib/contrast/utils/assess/sampling_util.rb +1 -1
data/lib/contrast/utils/assess/tracking_util.rb +2 -3
data/lib/contrast/utils/class_util.rb +18 -12
data/lib/contrast/utils/duck_utils.rb +1 -1
data/lib/contrast/utils/env_configuration_item.rb +1 -1
data/lib/contrast/utils/hash_digest.rb +16 -24
data/lib/contrast/utils/heap_dump_util.rb +104 -88
data/lib/contrast/utils/invalid_configuration_util.rb +22 -13
data/lib/contrast/utils/inventory_util.rb +1 -1
data/lib/contrast/utils/io_util.rb +2 -2
data/lib/contrast/utils/job_servers_running.rb +10 -5
data/lib/contrast/utils/object_share.rb +1 -1
data/lib/contrast/utils/os.rb +3 -2
data/lib/contrast/utils/preflight_util.rb +1 -1
data/lib/contrast/utils/resource_loader.rb +1 -1
data/lib/contrast/utils/ruby_ast_rewriter.rb +3 -2
data/lib/contrast/utils/sha256_builder.rb +1 -1
data/lib/contrast/utils/stack_trace_utils.rb +1 -1
data/lib/contrast/utils/string_utils.rb +1 -1
data/lib/contrast/utils/tag_util.rb +1 -1
data/lib/contrast/utils/thread_tracker.rb +1 -1
data/lib/contrast/utils/timer.rb +1 -1
data/resources/assess/policy.json +8 -11
data/resources/deadzone/policy.json +7 -17
data/ruby-agent.gemspec +66 -27
data/service_executables/VERSION +1 -1
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
data/sonar-project.properties +9 -0
metadata +154 -156
data/lib/contrast/agent/assess/rule.rb +0 -18
data/lib/contrast/agent/assess/rule/base.rb +0 -52
data/lib/contrast/agent/assess/rule/redos.rb +0 -67
data/lib/contrast/agent/inventory/gemfile_digest_cache.rb +0 -38
data/lib/contrast/common_agent_configuration.rb +0 -87
data/lib/contrast/framework/sinatra/patch/base.rb +0 -83
data/lib/contrast/framework/sinatra/patch/support.rb +0 -27
data/lib/contrast/utils/prevent_serialization.rb +0 -52

data/lib/contrast/utils/invalid_configuration_util.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/agent/assess/policy/trigger_method'
@@ -26,19 +26,9 @@ module Contrast
       def cs__report_finding rule_id, user_provided_options, call_location
         with_contrast_scope do
           finding = Contrast::Api::Dtm::Finding.new
-          finding.rule_id = rule_id
-          path = call_location.path
-          # just get the file name, not the full path
-          path = path.split(Contrast::Utils::ObjectShare::SLASH).last
-          session_id = user_provided_options[:key].to_s if user_provided_options
           finding.version = Contrast::Agent::Assess::Policy::TriggerMethod::CURRENT_FINDING_VERSION
-          finding.properties[CS__SESSION_ID] = Contrast::Utils::StringUtils.force_utf8(session_id)
-          finding.properties[CS__PATH] = Contrast::Utils::StringUtils.force_utf8(path)
-          file_path = call_location.absolute_path
-          snippet = file_snippet(file_path, call_location)
-          finding.properties[CS__SNIPPET] = Contrast::Utils::StringUtils.force_utf8(snippet)
+          finding.rule_id = rule_id
+          set_properties(finding, user_provided_options, call_location)
           hash = Contrast::Utils::HashDigest.generate_config_hash(finding)
           finding.hash_code = Contrast::Utils::StringUtils.force_utf8(hash)
           finding.preflight = Contrast::Utils::PreflightUtil.create_preflight(finding)
@@ -50,6 +40,25 @@ module Contrast
       private
+      # Set the properties needed to report and subsequently render this finding on the finding given.
+      #
+      # @param finding [Contrast::Api::Dtm::Finding] the configuration finding to populate
+      # @param user_provided_options [Hash] the configuration value(s) which
+      #   violated the rule
+      # @param call_location [Thread::Backtrace::Location] the location where
+      #   the bad configuration was set
+      def set_properties finding, user_provided_options, call_location
+        path = call_location.path
+        # just get the file name, not the full path
+        path = path.split(Contrast::Utils::ObjectShare::SLASH).last
+        session_id = user_provided_options[:key].to_s if user_provided_options
+        finding.properties[CS__SESSION_ID] = Contrast::Utils::StringUtils.force_utf8(session_id)
+        finding.properties[CS__PATH] = Contrast::Utils::StringUtils.force_utf8(path)
+        file_path = call_location.absolute_path
+        snippet = file_snippet(file_path, call_location)
+        finding.properties[CS__SNIPPET] = Contrast::Utils::StringUtils.force_utf8(snippet)
+      end
       def file_snippet file_path, call_location
         idx = call_location&.lineno
         if file_path && idx && File.exist?(file_path)

data/lib/contrast/utils/inventory_util.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/utils/timer'

data/lib/contrast/utils/io_util.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/components/interface'
@@ -20,7 +20,7 @@ module Contrast
         should_rewind_io?(potential_io)
       rescue StandardError => e
-        logger.debug('Encountered an issue determining if rewindable', e, module: potential_io.cs__class.name)
+        logger.debug('Encountered an issue determining if rewindable', e, module: potential_io.cs__class.cs__name)
         false
       end

data/lib/contrast/utils/job_servers_running.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 module Contrast
@@ -24,12 +24,17 @@ module Contrast
         end
         def rake_running?
-          return unless defined?(Rake) &&
-              Rake.cs__respond_to?(:application) &&
-              Rake.application.cs__respond_to?(:top_level_tasks)
+          unless defined?(Rake) &&
+                Rake.cs__respond_to?(:application) &&
+                Rake.application.cs__respond_to?(:top_level_tasks)
+            return
+          end
           disabled_rake_tasks = APP_CONTEXT.disabled_agent_rake_tasks
-          has_disabled_task = Rake.application.top_level_tasks.any? { |top_level_task| disabled_rake_tasks.include?(top_level_task) }
+          has_disabled_task = Rake.application.top_level_tasks.any? do |top_level_task|
+            disabled_rake_tasks.include?(top_level_task)
+          end
           return false unless has_disabled_task
           logger.trace('Detected startup within Rake task')

data/lib/contrast/utils/object_share.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 # rubocop:disable Security/Object/Freeze

data/lib/contrast/utils/os.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/components/interface'
@@ -27,7 +27,8 @@ module Contrast
         # returns an array of zombie process PIDs as strings; empty array if there are none
         def zombie_pids
           with_contrast_scope do
-            zombie_pid_list = `ps aux | grep contrast-servic[e] | grep Z | awk '{print $2}'` # retrieve pid of service processes
+            # retrieve pid of service processes
+            zombie_pid_list = `ps aux | grep contrast-servic[e] | grep Z | awk '{print $2}'`
             zombie_pid_list.split("\n")
           end
         end

data/lib/contrast/utils/preflight_util.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 module Contrast

data/lib/contrast/utils/resource_loader.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 module Contrast

data/lib/contrast/utils/ruby_ast_rewriter.rb CHANGED Viewed

@@ -1,8 +1,9 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'parser/current'
+return unless RUBY_VERSION < '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
+require 'parser/current'
 module Contrast
   module Utils
     # This utility allows us to parse and rewrite the AST in Ruby 2.5,

data/lib/contrast/utils/sha256_builder.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'singleton'

data/lib/contrast/utils/stack_trace_utils.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/utils/object_share'

data/lib/contrast/utils/string_utils.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/components/interface'

data/lib/contrast/utils/tag_util.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 module Contrast

data/lib/contrast/utils/thread_tracker.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 module Contrast

data/lib/contrast/utils/timer.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 module Contrast

data/resources/assess/policy.json CHANGED Viewed

@@ -1173,27 +1173,19 @@
           "instance_method": true,
           "method_visibility": "public",
           "method_name":"match",
-          "source":"P0",
-          "trigger_class": "Contrast::Agent::Assess::Rule::Redos",
-          "trigger_method": "regexp_complexity_check"
+          "source":"P0"
         }, {
           "class_name":"String",
           "instance_method": true,
           "method_visibility": "public",
           "method_name":"=~",
-          "source":"O",
-          "trigger_class": "Contrast::Agent::Assess::Rule::Redos",
-          "trigger_method": "regexp_complexity_check"
+          "source":"O"
         }, {
           "class_name":"Regexp",
           "instance_method": true,
           "method_visibility": "public",
           "method_name":"=~",
-          "source":"P0",
-          "trigger_class": "Contrast::Agent::Assess::Rule::Redos",
-          "trigger_method": "regexp_complexity_check"
+          "source":"P0"
         }
       ]
     }, {
@@ -1429,6 +1421,11 @@
           "instance_method": true,
           "method_visibility": "public",
           "method_name":"rand"
+        }, {
+          "class_name":"Random::Base",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"rand"
         }
       ]
     }, {

data/resources/deadzone/policy.json CHANGED Viewed

@@ -5,16 +5,6 @@
       "instance_method":true,
       "method_visibility": "public",
       "method_name":"content_type"
-    }, {
-      "class_name":"Rack::Request::Helpers",
-      "instance_method":true,
-      "method_visibility": "public",
-      "method_name":"host_authority"
-    }, {
-      "class_name":"Rack::Request::Helpers",
-      "instance_method":true,
-      "method_visibility": "public",
-      "method_name":"host_with_port"
     }, {
       "class_name":"Rack::Request::Helpers",
       "instance_method":true,
@@ -61,18 +51,18 @@
       "method_visibility": "private",
       "method_name":"session_exists?",
       "code": "https://github.com/rack/rack/blob/master/lib/rack/session/abstract/id.rb#L334"
-    }, {
-      "class_name":"ActionDispatch::Http::MimeNegotiation",
-      "instance_method":true,
-      "method_visibility": "public",
-      "method_name":"formats",
-      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/mime_negotiation.rb#L63"
     }, {
       "class_name":"ActionDispatch::FileHandler",
       "instance_method":true,
       "method_visibility": "public",
       "method_name":"match?",
       "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/static.rb#L30"
+    }, {
+      "class_name":"ActionDispatch::Http::MimeNegotiation",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"formats",
+      "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/mime_negotiation.rb#L63"
     }, {
       "class_name":"ActionDispatch::Journey::Router",
       "instance_method":true,
@@ -83,7 +73,7 @@
       "class_name":"ActionDispatch::Request",
       "instance_method":true,
       "method_visibility": "public",
-      "method_name":"controler_class_for",
+      "method_name":"controller_class_for",
       "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/http/request.rb#L84"
     }, {
       "class_name":"ActionDispatch::Request",

data/ruby-agent.gemspec CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require_relative './lib/contrast/agent/version'
@@ -20,39 +20,79 @@ end
 # Add those dependencies required to develop or test the Agent
 def self.add_dev_dependencies spec
-  spec.add_development_dependency 'amazing_print'
-  spec.add_development_dependency 'benchmark-ips'
+  add_builders(spec)
+  add_debuggers(spec)
+  add_linters(spec) # if RUBY_VERSION >= '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
+  add_specs(spec)
+end
+# Dependencies used to build the agent during development.
+def self.add_builders spec
   spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake', '>= 12.3.3'
+  spec.add_development_dependency 'rake-compiler', '~> 0'
+end
+# Dependencies used for local debugging during development.
+def self.add_debuggers spec
+  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'ruby-debug-ide'
+end
+# Dependencies used for framework testing.
+def self.add_frameworks spec
+  spec.add_development_dependency 'rails', '6.0.3.5'
+  spec.add_development_dependency 'sinatra', '>= 2'
+end
+# Dependencies used for linting prior to commit.
+def self.add_linters spec
+  spec.add_development_dependency 'debride', '1.8.2'
+  spec.add_development_dependency 'fasterer', '0.9.0'
+  spec.add_development_dependency 'flay', '2.12.1'
+  add_rubocop(spec)
+end
+# Dependencies used to run our current RSpec test suite.
+def self.add_specs spec
+  add_coverage(spec)
+  add_frameworks(spec)
+  add_tested_gems(spec)
+  spec.add_development_dependency 'benchmark-ips'
   spec.add_development_dependency 'climate_control' # mock ENV
-  spec.add_development_dependency 'debase'
-  spec.add_development_dependency 'debride'
-  spec.add_development_dependency 'execjs'
   spec.add_development_dependency 'factory_bot'
   spec.add_development_dependency 'fake_ftp'
-  spec.add_development_dependency 'fasterer'
-  spec.add_development_dependency 'flay'
   spec.add_development_dependency 'openssl'
-  spec.add_development_dependency 'parser', '~> 2.6'
-  spec.add_development_dependency 'pry'
-  spec.add_development_dependency 'rails', '>= 3'
-  spec.add_development_dependency 'rake', '>= 12.3.3'
-  spec.add_development_dependency 'rake-compiler', '~> 0'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec-benchmark'
   spec.add_development_dependency 'rspec_junit_formatter', '0.3.0'
-  spec.add_development_dependency 'rubocop', '1.6.1'
-  spec.add_development_dependency 'rubocop-performance', '1.9.1'
+  spec.add_development_dependency 'rspec-rails', '5.0'
+  spec.add_development_dependency 'tzinfo-data' # Alpine rspec-rails requirement.
+end
+def self.add_coverage spec
+  spec.add_development_dependency 'codecov', '0.5.2'
+  spec.add_development_dependency 'simplecov', '0.21.2'
+end
+# Dependencies used to run all of our Rubocop during the linting phase.
+def self.add_rubocop spec
+  spec.add_development_dependency 'rubocop', '1.13.0'
+  spec.add_development_dependency 'rubocop-performance', '1.11.0'
   spec.add_development_dependency 'rubocop-rails', '2.9.1'
   spec.add_development_dependency 'rubocop-rake', '0.5.1'
-  spec.add_development_dependency 'rubocop-rspec', '2.1.0'
-  spec.add_development_dependency 'ruby-debug-ide'
-  spec.add_development_dependency 'simplecov', '0.20.0'
-  spec.add_development_dependency 'sinatra', '>= 2'
-  spec.add_development_dependency 'sqlite3', '1.3.9'
+  spec.add_development_dependency 'rubocop-rspec', '2.2.0'
+end
+# Dependencies not mocked out during RSpec that we test real code of, beyond just frameworks.
+def self.add_tested_gems spec
+  spec.add_development_dependency 'async'
+  spec.add_development_dependency 'execjs'
+  spec.add_development_dependency 'sqlite3'
   spec.add_development_dependency 'therubyracer'
   spec.add_development_dependency 'tilt'
   spec.add_development_dependency 'xpath'
-  spec.add_development_dependency 'yarjuf', '~> 2.0'
 end
 # Add those dependencies required to run the Agent in customer applications.
@@ -62,7 +102,7 @@ end
 # corresponding update to the fake gem server data in TeamServer.
 def self.add_dependencies spec
   spec.add_dependency 'ougai', '~> 1.8'
-  spec.add_dependency 'parser', '~> 2.6' # TODO: RUBY-714 remove w/ EOL of 2.5
+  spec.add_dependency 'parser', '>= 2.6' # if RUBY_VERSION < '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
   spec.add_dependency 'protobuf', '~> 3.10'
   spec.add_dependency 'rack', '~> 2.0'
 end
@@ -114,9 +154,7 @@ Gem::Specification.new do |spec|
   spec.name    = 'contrast-agent'
   spec.version = Contrast::Agent::VERSION
-  spec.email = %w[
-    ruby@contrastsecurity.com
-  ]
+  spec.email = %w[ruby@contrastsecurity.com]
   spec.summary      = 'Contrast Security\'s agent for rack-based applications.'
   spec.description  = 'This gem instantiates a Rack middleware for rack-based ' \
@@ -124,7 +162,7 @@ Gem::Specification.new do |spec|
     'Testing and Protection.'
   spec.homepage     = 'https://www.contrastsecurity.com'
   spec.license      = 'CONTRAST SECURITY (see license file)'
-  spec.required_ruby_version = ['>= 2.5.0', '< 2.8.0']
+  spec.required_ruby_version = ['>= 2.5.0', '< 3.1.0']
   spec.bindir        = 'exe'
   spec.executables   = ['contrast_service']
@@ -133,7 +171,8 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
   unless File.exist?(File.join(Dir.pwd, 'contrast_security.yaml'))
-    spec.post_install_message = 'To generate the required contrast_security.yaml file you can run: bundle exec rake contrast:config:create'
+    spec.post_install_message = 'To generate the required contrast_security.yaml file you can run: '\
+                                'bundle exec rake contrast:config:create'
   end
   add_authors(spec)

data/service_executables/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 2.17.4
1	+ 2.19.0

data/service_executables/linux/contrast-service CHANGED Viewed

Binary file

data/service_executables/mac/contrast-service CHANGED Viewed

Binary file

data/sonar-project.properties ADDED Viewed

@@ -0,0 +1,9 @@
+sonar.projectKey=Contrast-Security-Inc_ruby-agent
+sonar.organization=contrast-security-inc
+# Ignore C/CPP/ObjC files
+sonar.c.file.suffixes=-
+sonar.cpp.file.suffixes=-
+sonar.objc.file.suffixes=-
+sonar.ruby.coverage.reportPaths=coverage/coverage-formatted.json