RubyGems - contrast-agent - Versions diffs - 4.4.1 → 4.9.0 - Mend

contrast-agent 4.4.1 → 4.9.0

Files changed (314) hide show

checksums.yaml +4 -4
data/.gitignore +6 -1
data/.gitmodules +1 -1
data/.simplecov +2 -1
data/Gemfile +1 -1
data/LICENSE.txt +1 -1
data/Rakefile +2 -3
data/exe/contrast_service +1 -1
data/ext/build_funchook.rb +4 -4
data/ext/cs__assess_active_record_named/cs__active_record_named.c +1 -1
data/ext/cs__assess_active_record_named/extconf.rb +1 -1
data/ext/cs__assess_array/cs__assess_array.c +1 -1
data/ext/cs__assess_array/extconf.rb +1 -1
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +1 -1
data/ext/cs__assess_basic_object/extconf.rb +1 -1
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
data/ext/cs__assess_fiber_track/extconf.rb +1 -1
data/ext/cs__assess_hash/cs__assess_hash.c +4 -2
data/ext/cs__assess_hash/extconf.rb +1 -1
data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -1
data/ext/cs__assess_kernel/extconf.rb +1 -1
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +1 -1
data/ext/cs__assess_marshal_module/extconf.rb +1 -1
data/ext/cs__assess_module/cs__assess_module.c +1 -1
data/ext/cs__assess_module/extconf.rb +1 -1
data/ext/cs__assess_regexp/cs__assess_regexp.c +1 -1
data/ext/cs__assess_regexp/extconf.rb +1 -1
data/ext/cs__assess_string/cs__assess_string.c +1 -1
data/ext/cs__assess_string/extconf.rb +1 -1
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +1 -1
data/ext/cs__assess_string_interpolation26/extconf.rb +1 -1
data/ext/cs__assess_yield_track/cs__assess_yield_track.c +1 -1
data/ext/cs__assess_yield_track/extconf.rb +1 -1
data/ext/cs__common/cs__common.c +5 -5
data/ext/cs__common/cs__common.h +4 -4
data/ext/cs__common/extconf.rb +1 -1
data/ext/cs__contrast_patch/cs__contrast_patch.c +22 -25
data/ext/cs__contrast_patch/extconf.rb +1 -1
data/ext/cs__protect_kernel/cs__protect_kernel.c +1 -1
data/ext/cs__protect_kernel/extconf.rb +1 -1
data/ext/extconf_common.rb +2 -6
data/lib/contrast-agent.rb +1 -1
data/lib/contrast.rb +44 -15
data/lib/contrast/agent.rb +1 -3
data/lib/contrast/agent/assess.rb +2 -2
data/lib/contrast/agent/assess/contrast_event.rb +54 -72
data/lib/contrast/agent/assess/contrast_object.rb +3 -3
data/lib/contrast/agent/assess/events/event_factory.rb +3 -2
data/lib/contrast/agent/assess/events/source_event.rb +7 -2
data/lib/contrast/agent/assess/finalizers/freeze.rb +1 -1
data/lib/contrast/agent/assess/finalizers/hash.rb +28 -38
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +24 -20
data/lib/contrast/agent/assess/policy/patcher.rb +17 -22
data/lib/contrast/agent/assess/policy/policy.rb +2 -2
data/lib/contrast/agent/assess/policy/policy_node.rb +26 -34
data/lib/contrast/agent/assess/policy/policy_scanner.rb +4 -6
data/lib/contrast/agent/assess/policy/preshift.rb +8 -6
data/lib/contrast/agent/assess/policy/propagation_method.rb +12 -25
data/lib/contrast/agent/assess/policy/propagation_node.rb +20 -9
data/lib/contrast/agent/assess/policy/propagator.rb +2 -1
data/lib/contrast/agent/assess/policy/propagator/append.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/center.rb +3 -2
data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +4 -7
data/lib/contrast/agent/assess/policy/propagator/insert.rb +4 -2
data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/match_data.rb +3 -2
data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/remove.rb +23 -19
data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/select.rb +3 -13
data/lib/contrast/agent/assess/policy/propagator/splat.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/split.rb +13 -14
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +4 -11
data/lib/contrast/agent/assess/policy/propagator/trim.rb +64 -45
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +14 -11
data/lib/contrast/agent/assess/policy/source_method.rb +97 -86
data/lib/contrast/agent/assess/policy/source_node.rb +1 -1
data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +8 -6
data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +2 -4
data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +7 -3
data/lib/contrast/agent/assess/policy/trigger/xpath.rb +7 -11
data/lib/contrast/agent/assess/policy/trigger_method.rb +104 -77
data/lib/contrast/agent/assess/policy/trigger_node.rb +6 -5
data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +5 -4
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +2 -3
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +1 -1
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +2 -9
data/lib/contrast/agent/assess/properties.rb +1 -1
data/lib/contrast/agent/assess/property/evented.rb +9 -6
data/lib/contrast/agent/assess/property/tagged.rb +1 -1
data/lib/contrast/agent/assess/property/updated.rb +1 -1
data/lib/contrast/agent/assess/rule/provider.rb +1 -1
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +12 -6
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +5 -2
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +8 -10
data/lib/contrast/agent/assess/tag.rb +1 -1
data/lib/contrast/agent/assess/tracker.rb +1 -1
data/lib/contrast/agent/at_exit_hook.rb +4 -4
data/lib/contrast/agent/class_reopener.rb +10 -7
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +1 -1
data/lib/contrast/agent/deadzone/policy/policy.rb +7 -3
data/lib/contrast/agent/disable_reaction.rb +5 -8
data/lib/contrast/agent/exclusion_matcher.rb +8 -15
data/lib/contrast/agent/inventory.rb +1 -2
data/lib/contrast/agent/inventory/dependencies.rb +3 -1
data/lib/contrast/agent/inventory/dependency_analysis.rb +3 -7
data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +38 -28
data/lib/contrast/agent/inventory/policy/datastores.rb +4 -5
data/lib/contrast/agent/inventory/policy/policy.rb +2 -2
data/lib/contrast/agent/inventory/policy/trigger_node.rb +1 -1
data/lib/contrast/agent/middleware.rb +52 -80
data/lib/contrast/agent/module_data.rb +4 -4
data/lib/contrast/agent/patching/policy/after_load_patch.rb +4 -4
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +10 -10
data/lib/contrast/agent/patching/policy/method_policy.rb +7 -3
data/lib/contrast/agent/patching/policy/module_policy.rb +15 -8
data/lib/contrast/agent/patching/policy/patch.rb +32 -38
data/lib/contrast/agent/patching/policy/patch_status.rb +7 -8
data/lib/contrast/agent/patching/policy/patcher.rb +29 -28
data/lib/contrast/agent/patching/policy/policy.rb +16 -25
data/lib/contrast/agent/patching/policy/policy_node.rb +17 -8
data/lib/contrast/agent/patching/policy/trigger_node.rb +22 -9
data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +3 -4
data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +6 -10
data/lib/contrast/agent/protect/policy/policy.rb +2 -2
data/lib/contrast/agent/protect/policy/rule_applicator.rb +8 -10
data/lib/contrast/agent/protect/policy/trigger_node.rb +1 -1
data/lib/contrast/agent/protect/rule.rb +1 -1
data/lib/contrast/agent/protect/rule/base.rb +26 -40
data/lib/contrast/agent/protect/rule/base_service.rb +10 -6
data/lib/contrast/agent/protect/rule/cmd_injection.rb +19 -24
data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/deserialization.rb +7 -14
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +4 -15
data/lib/contrast/agent/protect/rule/no_sqli.rb +7 -3
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +2 -4
data/lib/contrast/agent/protect/rule/path_traversal.rb +7 -11
data/lib/contrast/agent/protect/rule/sqli.rb +3 -3
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -2
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +2 -2
data/lib/contrast/agent/protect/rule/xss.rb +2 -2
data/lib/contrast/agent/protect/rule/xxe.rb +6 -13
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +2 -3
data/lib/contrast/agent/reaction_processor.rb +14 -14
data/lib/contrast/agent/request.rb +29 -27
data/lib/contrast/agent/request_context.rb +20 -30
data/lib/contrast/agent/request_handler.rb +6 -4
data/lib/contrast/agent/response.rb +3 -4
data/lib/contrast/agent/rewriter.rb +10 -7
data/lib/contrast/agent/rule_set.rb +6 -5
data/lib/contrast/agent/scope.rb +1 -1
data/lib/contrast/agent/service_heartbeat.rb +5 -7
data/lib/contrast/agent/static_analysis.rb +7 -6
data/lib/contrast/agent/thread.rb +3 -5
data/lib/contrast/agent/thread_watcher.rb +4 -5
data/lib/contrast/agent/tracepoint_hook.rb +6 -6
data/lib/contrast/agent/version.rb +2 -2
data/lib/contrast/agent/worker_thread.rb +1 -1
data/lib/contrast/api.rb +1 -1
data/lib/contrast/api/communication.rb +1 -1
data/lib/contrast/api/communication/connection_status.rb +1 -1
data/lib/contrast/api/communication/messaging_queue.rb +5 -6
data/lib/contrast/api/communication/response_processor.rb +13 -15
data/lib/contrast/api/communication/service_lifecycle.rb +10 -7
data/lib/contrast/api/communication/socket.rb +1 -1
data/lib/contrast/api/communication/socket_client.rb +23 -32
data/lib/contrast/api/communication/speedracer.rb +10 -15
data/lib/contrast/api/communication/tcp_socket.rb +1 -1
data/lib/contrast/api/communication/unix_socket.rb +1 -1
data/lib/contrast/api/decorators.rb +1 -1
data/lib/contrast/api/decorators/address.rb +3 -4
data/lib/contrast/api/decorators/agent_startup.rb +8 -10
data/lib/contrast/api/decorators/application_settings.rb +1 -1
data/lib/contrast/api/decorators/application_startup.rb +14 -10
data/lib/contrast/api/decorators/application_update.rb +1 -5
data/lib/contrast/api/decorators/http_request.rb +4 -8
data/lib/contrast/api/decorators/input_analysis.rb +1 -1
data/lib/contrast/api/decorators/instrumentation_mode.rb +35 -0
data/lib/contrast/api/decorators/library.rb +9 -7
data/lib/contrast/api/decorators/library_usage_update.rb +1 -1
data/lib/contrast/api/decorators/message.rb +10 -10
data/lib/contrast/api/decorators/rasp_rule_sample.rb +1 -1
data/lib/contrast/api/decorators/route_coverage.rb +1 -1
data/lib/contrast/api/decorators/server_features.rb +1 -1
data/lib/contrast/api/decorators/trace_event.rb +4 -2
data/lib/contrast/api/decorators/trace_event_object.rb +4 -7
data/lib/contrast/api/decorators/trace_event_signature.rb +1 -1
data/lib/contrast/api/decorators/trace_taint_range.rb +1 -1
data/lib/contrast/api/decorators/trace_taint_range_tags.rb +2 -7
data/lib/contrast/api/decorators/user_input.rb +1 -1
data/lib/contrast/components/agent.rb +20 -26
data/lib/contrast/components/app_context.rb +12 -16
data/lib/contrast/components/assess.rb +20 -25
data/lib/contrast/components/base.rb +40 -0
data/lib/contrast/components/config.rb +3 -4
data/lib/contrast/components/contrast_service.rb +13 -19
data/lib/contrast/components/heap_dump.rb +6 -5
data/lib/contrast/components/inventory.rb +3 -8
data/lib/contrast/components/logger.rb +2 -3
data/lib/contrast/components/protect.rb +14 -20
data/lib/contrast/components/sampling.rb +14 -8
data/lib/contrast/components/scope.rb +2 -5
data/lib/contrast/components/settings.rb +28 -103
data/lib/contrast/config.rb +1 -1
data/lib/contrast/config/agent_configuration.rb +1 -1
data/lib/contrast/config/application_configuration.rb +1 -1
data/lib/contrast/config/assess_configuration.rb +1 -1
data/lib/contrast/config/assess_rules_configuration.rb +2 -4
data/lib/contrast/config/base_configuration.rb +5 -6
data/lib/contrast/config/default_value.rb +1 -1
data/lib/contrast/config/exception_configuration.rb +2 -6
data/lib/contrast/config/heap_dump_configuration.rb +13 -7
data/lib/contrast/config/inventory_configuration.rb +1 -1
data/lib/contrast/config/logger_configuration.rb +2 -6
data/lib/contrast/config/protect_configuration.rb +1 -1
data/lib/contrast/config/protect_rule_configuration.rb +23 -1
data/lib/contrast/config/protect_rules_configuration.rb +1 -1
data/lib/contrast/config/root_configuration.rb +1 -1
data/lib/contrast/config/ruby_configuration.rb +1 -1
data/lib/contrast/config/sampling_configuration.rb +1 -1
data/lib/contrast/config/server_configuration.rb +1 -1
data/lib/contrast/config/service_configuration.rb +1 -1
data/lib/contrast/configuration.rb +7 -19
data/lib/contrast/extension/assess.rb +1 -1
data/lib/contrast/extension/assess/array.rb +4 -11
data/lib/contrast/extension/assess/erb.rb +2 -8
data/lib/contrast/extension/assess/eval_trigger.rb +5 -14
data/lib/contrast/extension/assess/exec_trigger.rb +4 -14
data/lib/contrast/extension/assess/fiber.rb +9 -18
data/lib/contrast/extension/assess/hash.rb +4 -4
data/lib/contrast/extension/assess/kernel.rb +5 -14
data/lib/contrast/extension/assess/marshal.rb +7 -15
data/lib/contrast/extension/assess/regexp.rb +7 -11
data/lib/contrast/extension/assess/string.rb +9 -7
data/lib/contrast/extension/delegator.rb +1 -1
data/lib/contrast/extension/inventory.rb +1 -1
data/lib/contrast/extension/kernel.rb +3 -3
data/lib/contrast/extension/module.rb +1 -1
data/lib/contrast/extension/protect.rb +1 -1
data/lib/contrast/extension/protect/kernel.rb +1 -6
data/lib/contrast/extension/protect/psych.rb +1 -1
data/lib/contrast/extension/thread.rb +1 -1
data/lib/contrast/framework/base_support.rb +1 -1
data/lib/contrast/framework/manager.rb +7 -12
data/lib/contrast/framework/platform_version.rb +1 -1
data/lib/contrast/framework/rack/patch/session_cookie.rb +12 -25
data/lib/contrast/framework/rack/patch/support.rb +7 -5
data/lib/contrast/framework/rack/support.rb +1 -1
data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
data/lib/contrast/framework/rails/patch/assess_configuration.rb +13 -10
data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +4 -4
data/lib/contrast/framework/rails/patch/support.rb +42 -36
data/lib/contrast/framework/rails/railtie.rb +34 -0
data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +5 -2
data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +3 -1
data/lib/contrast/framework/rails/rewrite/active_record_named.rb +6 -5
data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +3 -1
data/lib/contrast/framework/rails/support.rb +3 -3
data/lib/contrast/framework/sinatra/support.rb +4 -2
data/lib/contrast/funchook/funchook.rb +6 -9
data/lib/contrast/logger/application.rb +14 -16
data/lib/contrast/logger/format.rb +3 -6
data/lib/contrast/logger/log.rb +27 -10
data/lib/contrast/logger/request.rb +2 -7
data/lib/contrast/logger/time.rb +1 -1
data/lib/contrast/security_exception.rb +2 -2
data/lib/contrast/tasks/config.rb +1 -1
data/lib/contrast/tasks/service.rb +7 -8
data/lib/contrast/utils/assess/sampling_util.rb +3 -4
data/lib/contrast/utils/assess/tracking_util.rb +4 -7
data/lib/contrast/utils/class_util.rb +15 -11
data/lib/contrast/utils/duck_utils.rb +1 -1
data/lib/contrast/utils/env_configuration_item.rb +1 -1
data/lib/contrast/utils/hash_digest.rb +16 -24
data/lib/contrast/utils/heap_dump_util.rb +6 -4
data/lib/contrast/utils/invalid_configuration_util.rb +5 -4
data/lib/contrast/utils/inventory_util.rb +3 -4
data/lib/contrast/utils/io_util.rb +4 -6
data/lib/contrast/utils/job_servers_running.rb +14 -8
data/lib/contrast/utils/object_share.rb +1 -1
data/lib/contrast/utils/os.rb +5 -5
data/lib/contrast/utils/preflight_util.rb +1 -1
data/lib/contrast/utils/resource_loader.rb +1 -1
data/lib/contrast/utils/ruby_ast_rewriter.rb +3 -2
data/lib/contrast/utils/sha256_builder.rb +1 -1
data/lib/contrast/utils/stack_trace_utils.rb +1 -1
data/lib/contrast/utils/string_utils.rb +3 -4
data/lib/contrast/utils/tag_util.rb +26 -20
data/lib/contrast/utils/thread_tracker.rb +1 -1
data/lib/contrast/utils/timer.rb +1 -1
data/resources/assess/policy.json +60 -2
data/resources/deadzone/policy.json +7 -17
data/ruby-agent.gemspec +25 -21
data/service_executables/VERSION +1 -1
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
data/sonar-project.properties +9 -0
metadata +108 -51
data/lib/contrast/agent/inventory/gemfile_digest_cache.rb +0 -38
data/lib/contrast/agent/railtie.rb +0 -31
data/lib/contrast/common_agent_configuration.rb +0 -87
data/lib/contrast/components/interface.rb +0 -195

data/lib/contrast/framework/rack/patch/support.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/agent/patching/policy/after_load_patch'
@@ -12,10 +12,12 @@ module Contrast
         module Support
           # (See BaseSupport#after_load_patches)
           def after_load_patches
-            Set.new([Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                'Rack::Session::Cookie',
-                'contrast/framework/rack/patch/session_cookie',
-                instrumenting_module: 'Contrast::Framework::Rack::Patch::SessionCookie')])
+            Set.new([
+                      Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
+                          'Rack::Session::Cookie',
+                          'contrast/framework/rack/patch/session_cookie',
+                          instrumenting_module: 'Contrast::Framework::Rack::Patch::SessionCookie')
+                    ])
           end
         end
       end

data/lib/contrast/framework/rack/support.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/framework/base_support'

data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 module Contrast

data/lib/contrast/framework/rails/patch/assess_configuration.rb CHANGED Viewed

@@ -1,7 +1,6 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/components/interface'
 require 'contrast/utils/invalid_configuration_util'
 module Contrast
@@ -10,9 +9,8 @@ module Contrast
       module Patch
         # This module is used to analyze rails session storage configuration for assess vulnerabilities
         module AssessConfiguration
-          include Contrast::Components::Interface
+          include Contrast::Components::Logger::InstanceMethods
-          access_component :agent, :analysis, :logging
           CS__SESSION_TIMEOUT_NAME = 'session-timeout'
           SAFE_SESSION_TIMEOUT = (30 * 60 * 1000)
@@ -23,7 +21,7 @@ module Contrast
             include Contrast::Utils::InvalidConfigurationUtil
             def analyze_session_store *args
-              return if ASSESS.forcibly_disabled?
+              return if ::Contrast::ASSESS.forcibly_disabled?
               apply_httponly_disabled(*args)
               apply_secure_cookie_disabled(*args)
@@ -32,7 +30,11 @@ module Contrast
             private
-            def vulnerable_setting? setting_key, safe_settings_value, original_args, safe_default: true, comparison_type: nil
+            def vulnerable_setting?(setting_key,
+                                    safe_settings_value,
+                                    original_args,
+                                    safe_default: true,
+                                    comparison_type: nil)
               # In most cases, Rails is pretty nice and the default value is safe
               return !safe_default unless original_args && original_args.length > 1
@@ -48,8 +50,9 @@ module Contrast
             end
             def apply_session_timeout *args
-              return if ASSESS.rule_disabled? CS__SESSION_TIMEOUT_NAME
-              return unless vulnerable_setting?(:expire_after, SAFE_SESSION_TIMEOUT, args, comparison_type: :greater_than, safe_default: false)
+              return if ::Contrast::ASSESS.rule_disabled? CS__SESSION_TIMEOUT_NAME
+              return unless vulnerable_setting?(:expire_after, SAFE_SESSION_TIMEOUT, args,
+                                                comparison_type: :greater_than, safe_default: false)
               rails_session_settings = args[1]
               cs__report_finding(CS__SESSION_TIMEOUT_NAME, rails_session_settings, caller_locations(3, 2)[0])
@@ -62,7 +65,7 @@ module Contrast
             end
             def apply_secure_cookie_disabled *args
-              return if ASSESS.rule_disabled? CS__SECURE_RULE_NAME
+              return if ::Contrast::ASSESS.rule_disabled? CS__SECURE_RULE_NAME
               return unless vulnerable_setting?(:secure, true, args)
               rails_session_settings = args[1]
@@ -76,7 +79,7 @@ module Contrast
             end
             def apply_httponly_disabled *args
-              return if ASSESS.rule_disabled? CS__HTTPONLY_RULE_NAME
+              return if ::Contrast::ASSESS.rule_disabled? CS__HTTPONLY_RULE_NAME
               return unless vulnerable_setting?(:httponly, true, args)
               rails_session_settings = args[1]

data/lib/contrast/framework/rails/patch/rails_application_configuration.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/framework/rails/patch/assess_configuration'
@@ -15,9 +15,9 @@ module Contrast
             @_instrument ||= begin
               ::Rails::Application::Configuration.class_eval do
                 alias_method :cs__patched_session_store, :session_store
-                def session_store *args
-                  ret = cs__patched_session_store(*args)
-                  Contrast::Framework::Rails::Patch::AssessConfiguration.analyze_session_store(*args)
+                def session_store *args, **kwargs
+                  ret = cs__patched_session_store(*args, **kwargs)
+                  Contrast::Framework::Rails::Patch::AssessConfiguration.analyze_session_store(*args, **kwargs)
                   ret
                 end
               end

data/lib/contrast/framework/rails/patch/support.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/framework/rails/patch/rails_application_configuration'
@@ -20,45 +20,51 @@ module Contrast
             # (i.e., where we normally patch) we will miss the configuration
             # and will never be able to report session misconfiguration rules.
             Contrast::Framework::Rails::Patch::RailsApplicationConfiguration.instrument
-            require 'contrast/agent/railtie' if ::Rails::VERSION::MAJOR.to_i >= 3
+            require 'contrast/framework/rails/railtie' if ::Rails::VERSION::MAJOR.to_i >= 3
           end
           # (See BaseSupport#after_load_patches)
           def after_load_patches
-            Set.new([
-                      Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                          'ActionController::Live::Buffer',
-                          'contrast/framework/rails/patch/action_controller_live_buffer',
-                          instrumenting_module: 'Contrast::Framework::Rails::Patch::ActionControllerLiveBuffer'),
-                      Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                          'Rails::Application::Configuration',
-                          'contrast/framework/rails/patch/rails_application_configuration',
-                          method_to_instrument: :session_store,
-                          instrumenting_module: 'Contrast::Framework::Rails::Patch::RailsApplicationConfiguration'),
-                      # TODO: RUBY-714 remove w/ EOL of 2.5
-                      #
-                      # @deprecated  Everything past here is used for Rewriting and can
-                      #   be removed once we no longer support 2.5.
-                      Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                          'ActionController::Railties::Helper::ClassMethods',
-                          'contrast/framework/rails/rewrite/action_controller_railties_helper_inherited',
-                          method_to_instrument: :inherited,
-                          instrumenting_module: 'Contrast::Framework::Rails::Rewrite::ActionControllerRailtiesHelperInherited'),
-                      Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                          'ActiveRecord::AttributeMethods::Read::ClassMethods',
-                          'contrast/framework/rails/rewrite/active_record_attribute_methods_read',
-                          instrumenting_module: 'Contrast::Framework::Rails::Rewrite::ActiveRecordAttributeMethodsRead'),
-                      Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                          'ActiveRecord::Scoping::Named::ClassMethods',
-                          'contrast/framework/rails/rewrite/active_record_named',
-                          instrumenting_module: 'Contrast::Framework::Rails::Rewrite::ActiveRecordNamed'),
-                      Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                          'ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods',
-                          'contrast/framework/rails/rewrite/active_record_time_zone_inherited',
-                          method_to_instrument: :inherited,
-                          instrumenting_module: 'Contrast::Framework::Rails::Rewrite::ActiveRecordTimeZoneInherited')
-                    ])
+            patches = Set.new([
+                                Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
+                                    'ActionController::Live::Buffer',
+                                    'contrast/framework/rails/patch/action_controller_live_buffer',
+                                    instrumenting_module: 'Contrast::Framework::Rails::Patch::ActionControllerLiveBuffer'),
+                                Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
+                                    'Rails::Application::Configuration',
+                                    'contrast/framework/rails/patch/rails_application_configuration',
+                                    method_to_instrument: :session_store,
+                                    instrumenting_module: 'Contrast::Framework::Rails::Patch::RailsApplicationConfiguration')
+                              ])
+            if RUBY_VERSION < '2.6.0'
+              patches.merge([
+                              # TODO: RUBY-714 remove w/ EOL of 2.5
+                              #
+                              # @deprecated  Everything past here is used for Rewriting and can
+                              #   be removed once we no longer support 2.5.
+                              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
+                                  'ActionController::Railties::Helper::ClassMethods',
+                                  'contrast/framework/rails/rewrite/action_controller_railties_helper_inherited',
+                                  method_to_instrument: :inherited,
+                                  instrumenting_module:
+                                    'Contrast::Framework::Rails::Rewrite::ActionControllerRailtiesHelperInherited'),
+                              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
+                                  'ActiveRecord::AttributeMethods::Read::ClassMethods',
+                                  'contrast/framework/rails/rewrite/active_record_attribute_methods_read',
+                                  instrumenting_module:
+                                    'Contrast::Framework::Rails::Rewrite::ActiveRecordAttributeMethodsRead'),
+                              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
+                                  'ActiveRecord::Scoping::Named::ClassMethods',
+                                  'contrast/framework/rails/rewrite/active_record_named',
+                                  instrumenting_module: 'Contrast::Framework::Rails::Rewrite::ActiveRecordNamed'),
+                              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
+                                  'ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods',
+                                  'contrast/framework/rails/rewrite/active_record_time_zone_inherited',
+                                  method_to_instrument: :inherited,
+                                  instrumenting_module: 'Contrast::Framework::Rails::Rewrite::ActiveRecordTimeZoneInherited')
+                            ])
+            end
+            patches
           end
         end
       end

data/lib/contrast/framework/rails/railtie.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/utils/job_servers_running'
+require 'contrast/components/logger'
+module Contrast
+  module Framework
+    module Rails
+      # A Railtie to allow for the automatic hooking of the Agent into a Rails application.
+      class Railtie < ::Rails::Railtie
+        include Contrast::Components::Logger::InstanceMethods
+        initializer 'Contrast Ruby Agent Initializer' do |app|
+        log_rails = defined?(Rails) && defined?(Rails.logger)
+          Rails.logger.debug("In railtie ::#{ app.middleware.inspect }") if log_rails
+          if ::Contrast::APP_CONTEXT.instrument_middleware_stack?
+            ::Contrast::AGENT.insert_middleware(app)
+          else
+            Rails.logger.debug('Detected a running job server, skipping Contrast middleware insertion.') if log_rails
+            logger.debug('Disabling Contrast for process', p_id: Process.pid)
+          end
+        end
+        rake_tasks do
+          load 'contrast/tasks/service.rb'
+          load 'contrast/tasks/config.rb'
+        end
+      end
+    end
+  end
+end

data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb CHANGED Viewed

@@ -1,6 +1,8 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+return unless RUBY_VERSION < '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
 module Contrast
   module Framework
     module Rails
@@ -19,7 +21,8 @@ module Contrast
                 alias_method :cs__patched_helper_inherited, :inherited
                 def inherited klass # rubocop:disable Lint/MissingSuper
                   klass&.instance_variable_set(:@cs__defining_class, true)
-                  cs__patched_helper_inherited(klass) # This calls the original inherited, which should handle super as needed.
+                  # This calls the original inherited, which should handle super as needed.
+                  cs__patched_helper_inherited(klass)
                 ensure
                   klass&.instance_variable_set(:@cs__defining_class, false)
                 end

data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb CHANGED Viewed

@@ -1,6 +1,8 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+return unless RUBY_VERSION < '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
 module Contrast
   module Framework
     module Rails

data/lib/contrast/framework/rails/rewrite/active_record_named.rb CHANGED Viewed

@@ -1,7 +1,9 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/components/interface'
+return unless RUBY_VERSION < '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
+require 'contrast/components/logger'
 module Contrast
   module Framework
@@ -15,12 +17,11 @@ module Contrast
         # @deprecated Changes to this class are discouraged as this approach is
         #   being phased out with support for those language versions.
         class ActiveRecordNamed
-          include Contrast::Components::Interface
-          access_component :agent, :logging
+          include Contrast::Components::Logger::InstanceMethods
           class << self
             def rewrite mod, method_name, body
-              return body unless AGENT.rewrite_interpolation?
+              return body unless ::Contrast::AGENT.rewrite_interpolation?
               return body unless body.is_a?(Proc)
               location = body.source_location

data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb CHANGED Viewed

@@ -1,6 +1,8 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+return unless RUBY_VERSION < '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
 module Contrast
   module Framework
     module Rails

data/lib/contrast/framework/rails/support.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/api/dtm.pb'
@@ -27,8 +27,8 @@ module Contrast
           def application_name
             app_class = ::Rails.application.cs__class
-            # Rails version 6.0.0 deprecated Rails::Application#parent_name, in Rails 6.1.0 that method will be removed entirely
-            # and instead we need to use parent_module_name
+            # Rails version 6.0.0 deprecated Rails::Application#parent_name, in Rails 6.1.0 that method will be removed
+            # entirely and instead we need to use parent_module_name
             return app_class.parent_module_name if Gem::Version.new(::Rails.version) >= RAILS_MODULE_NAME_VERSION
             app_class.parent_name

data/lib/contrast/framework/sinatra/support.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/framework/base_support'
@@ -114,7 +114,9 @@ module Contrast
             return controller, route_pattern if route_pattern
             # Check routes defined in superclass if present.
-            return _route_recurse(controller.superclass, method, route) if controller.superclass&.instance_variable_get(:@routes)
+            return unless controller.superclass&.instance_variable_get(:@routes)
+            _route_recurse(controller.superclass, method, route)
           end
           # Get route and do some cleanup matching that of Sinatra::Base#process_route.

data/lib/contrast/funchook/funchook.rb CHANGED Viewed

@@ -1,22 +1,19 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/components/interface'
+require 'contrast/components/logger'
 # This module is used to find funchook library and determine availability
 module Funchook
-  include Contrast::Components::Interface
-  access_component :logging
+  extend Contrast::Components::Logger::InstanceMethods
   attr_accessor :path
   # Possible platform library files
   ACCEPTABLE_FILES = %w[libfunchook.dylib libfunchook.so].cs__freeze
   # Top level agent directories that should have the funchook libraries
-  SEARCH_DIRS = [
-    File.join('ext'),
-    File.join('shared_libraries'),
-    File.join('funchook', 'src')
-  ].cs__freeze
+  SEARCH_DIRS = [File.join('ext'), File.join('shared_libraries'), File.join('funchook', 'src')].cs__freeze
   AGENT_ROOT = File.join(__dir__, '..', '..', '..')

data/lib/contrast/logger/application.rb CHANGED Viewed

@@ -1,25 +1,18 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/components/interface'
 module Contrast
   module Logger
     # Our decorator for the Ougai logger allowing for the logging of the
     # application environment, used to provide context during troubleshooting.
     module Application
-      include Contrast::Components::Interface
-      access_component :config
       ENV_KEYS = %w[HOME PWD RACK_ENV RAILS_ENV RUBY_VERSION GEM_HOME GEM_PATH].cs__freeze
       # Utility method to log some current ruby and rails information from environment
       def application_environment
         return unless info?
-        info('Process environment information',
-             p_id: Process.pid,
-             pp_id: Process.ppid,
-             agent_version: Contrast::Agent::VERSION)
+        info('Process environment information', p_id: Process.pid, pp_id: Process.ppid,
+                                                agent_version: Contrast::Agent::VERSION)
         ENV.each do |env_key, env_value|
           env_key = env_key.to_s
           next unless ENV_KEYS.include?(env_key) ||
@@ -33,9 +26,11 @@ module Contrast
       def application_configuration
         return unless info?
-        loggable = CONFIG.loggable
+        loggable = ::Contrast::CONFIG.loggable
         info('Current configuration', configuration: loggable)
-        env_keys = ENV.keys.select { |env_key| env_key&.to_s&.start_with?(Contrast::Components::Config::CONTRAST_ENV_MARKER) }
+        env_keys = ENV.keys.select do |env_key|
+          env_key&.to_s&.start_with?(Contrast::Components::Config::CONTRAST_ENV_MARKER)
+        end
         env_items = env_keys.map { |env_key| Contrast::Utils::EnvConfigurationItem.new(env_key, nil) }
         env_translations = env_items.each_with_object({}) do |conversion, hash|
           hash[conversion.key] = conversion.dot_path_array.join('.')
@@ -52,7 +47,10 @@ module Contrast
       end
       FRAMEWORKS = %w[rails sinatra grape].cs__freeze
-      WEB_SERVERS = %w[agoo falcon hoof iodine mongrel mongrel2 passenger puma rack skinny thin trinidad unicorn webrick yarn].cs__freeze
+      WEB_SERVERS = %w[
+        agoo falcon hoof iodine mongrel mongrel2 passenger puma rack skinny thin trinidad unicorn
+        webrick yarn
+      ].cs__freeze
       LIBRARIES = %w[excon json mongo moped mysql nokogiri oga ox pg psych sqlite3 typhoeus yaml].cs__freeze
       def log_specific_libraries
         FRAMEWORKS.each(&cs__method(:log_gem_data))
@@ -67,6 +65,7 @@ module Contrast
         Gem.loaded_specs.each_pair do |_name, gem_spec|
           debug('Gem loaded',
+                # rubocop:disable Security/Module/Name -- gems builtin.
                 gem_name: gem_spec.name,
                 gem_version: gem_spec.version.to_s)
         end
@@ -76,9 +75,8 @@ module Contrast
         gem_spec = Gem.loaded_specs[gem_name]
         return unless gem_spec
-        info('Gem loaded',
-             gem_name: gem_spec.name,
-             gem_version: gem_spec.version.to_s)
+        info('Gem loaded', gem_name: gem_spec.name, gem_version: gem_spec.version.to_s)
+        # rubocop:enable Security/Module/Name
       end
     end
   end