contrast-agent 4.4.1 → 4.9.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (314) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +6 -1
  3. data/.gitmodules +1 -1
  4. data/.simplecov +2 -1
  5. data/Gemfile +1 -1
  6. data/LICENSE.txt +1 -1
  7. data/Rakefile +2 -3
  8. data/exe/contrast_service +1 -1
  9. data/ext/build_funchook.rb +4 -4
  10. data/ext/cs__assess_active_record_named/cs__active_record_named.c +1 -1
  11. data/ext/cs__assess_active_record_named/extconf.rb +1 -1
  12. data/ext/cs__assess_array/cs__assess_array.c +1 -1
  13. data/ext/cs__assess_array/extconf.rb +1 -1
  14. data/ext/cs__assess_basic_object/cs__assess_basic_object.c +1 -1
  15. data/ext/cs__assess_basic_object/extconf.rb +1 -1
  16. data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
  17. data/ext/cs__assess_fiber_track/extconf.rb +1 -1
  18. data/ext/cs__assess_hash/cs__assess_hash.c +4 -2
  19. data/ext/cs__assess_hash/extconf.rb +1 -1
  20. data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -1
  21. data/ext/cs__assess_kernel/extconf.rb +1 -1
  22. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +1 -1
  23. data/ext/cs__assess_marshal_module/extconf.rb +1 -1
  24. data/ext/cs__assess_module/cs__assess_module.c +1 -1
  25. data/ext/cs__assess_module/extconf.rb +1 -1
  26. data/ext/cs__assess_regexp/cs__assess_regexp.c +1 -1
  27. data/ext/cs__assess_regexp/extconf.rb +1 -1
  28. data/ext/cs__assess_string/cs__assess_string.c +1 -1
  29. data/ext/cs__assess_string/extconf.rb +1 -1
  30. data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +1 -1
  31. data/ext/cs__assess_string_interpolation26/extconf.rb +1 -1
  32. data/ext/cs__assess_yield_track/cs__assess_yield_track.c +1 -1
  33. data/ext/cs__assess_yield_track/extconf.rb +1 -1
  34. data/ext/cs__common/cs__common.c +5 -5
  35. data/ext/cs__common/cs__common.h +4 -4
  36. data/ext/cs__common/extconf.rb +1 -1
  37. data/ext/cs__contrast_patch/cs__contrast_patch.c +22 -25
  38. data/ext/cs__contrast_patch/extconf.rb +1 -1
  39. data/ext/cs__protect_kernel/cs__protect_kernel.c +1 -1
  40. data/ext/cs__protect_kernel/extconf.rb +1 -1
  41. data/ext/extconf_common.rb +2 -6
  42. data/lib/contrast-agent.rb +1 -1
  43. data/lib/contrast.rb +44 -15
  44. data/lib/contrast/agent.rb +1 -3
  45. data/lib/contrast/agent/assess.rb +2 -2
  46. data/lib/contrast/agent/assess/contrast_event.rb +54 -72
  47. data/lib/contrast/agent/assess/contrast_object.rb +3 -3
  48. data/lib/contrast/agent/assess/events/event_factory.rb +3 -2
  49. data/lib/contrast/agent/assess/events/source_event.rb +7 -2
  50. data/lib/contrast/agent/assess/finalizers/freeze.rb +1 -1
  51. data/lib/contrast/agent/assess/finalizers/hash.rb +28 -38
  52. data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +24 -20
  53. data/lib/contrast/agent/assess/policy/patcher.rb +17 -22
  54. data/lib/contrast/agent/assess/policy/policy.rb +2 -2
  55. data/lib/contrast/agent/assess/policy/policy_node.rb +26 -34
  56. data/lib/contrast/agent/assess/policy/policy_scanner.rb +4 -6
  57. data/lib/contrast/agent/assess/policy/preshift.rb +8 -6
  58. data/lib/contrast/agent/assess/policy/propagation_method.rb +12 -25
  59. data/lib/contrast/agent/assess/policy/propagation_node.rb +20 -9
  60. data/lib/contrast/agent/assess/policy/propagator.rb +2 -1
  61. data/lib/contrast/agent/assess/policy/propagator/append.rb +1 -1
  62. data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
  63. data/lib/contrast/agent/assess/policy/propagator/center.rb +3 -2
  64. data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
  65. data/lib/contrast/agent/assess/policy/propagator/database_write.rb +4 -7
  66. data/lib/contrast/agent/assess/policy/propagator/insert.rb +4 -2
  67. data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -1
  68. data/lib/contrast/agent/assess/policy/propagator/match_data.rb +3 -2
  69. data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -1
  70. data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -1
  71. data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +73 -0
  72. data/lib/contrast/agent/assess/policy/propagator/remove.rb +23 -19
  73. data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -1
  74. data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -1
  75. data/lib/contrast/agent/assess/policy/propagator/select.rb +3 -13
  76. data/lib/contrast/agent/assess/policy/propagator/splat.rb +1 -1
  77. data/lib/contrast/agent/assess/policy/propagator/split.rb +13 -14
  78. data/lib/contrast/agent/assess/policy/propagator/substitution.rb +4 -11
  79. data/lib/contrast/agent/assess/policy/propagator/trim.rb +64 -45
  80. data/lib/contrast/agent/assess/policy/rewriter_patch.rb +14 -11
  81. data/lib/contrast/agent/assess/policy/source_method.rb +97 -86
  82. data/lib/contrast/agent/assess/policy/source_node.rb +1 -1
  83. data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +8 -6
  84. data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +2 -4
  85. data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +7 -3
  86. data/lib/contrast/agent/assess/policy/trigger/xpath.rb +7 -11
  87. data/lib/contrast/agent/assess/policy/trigger_method.rb +104 -77
  88. data/lib/contrast/agent/assess/policy/trigger_node.rb +6 -5
  89. data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +5 -4
  90. data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +2 -3
  91. data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +1 -1
  92. data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +2 -9
  93. data/lib/contrast/agent/assess/properties.rb +1 -1
  94. data/lib/contrast/agent/assess/property/evented.rb +9 -6
  95. data/lib/contrast/agent/assess/property/tagged.rb +1 -1
  96. data/lib/contrast/agent/assess/property/updated.rb +1 -1
  97. data/lib/contrast/agent/assess/rule/provider.rb +1 -1
  98. data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +12 -6
  99. data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +5 -2
  100. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +8 -10
  101. data/lib/contrast/agent/assess/tag.rb +1 -1
  102. data/lib/contrast/agent/assess/tracker.rb +1 -1
  103. data/lib/contrast/agent/at_exit_hook.rb +4 -4
  104. data/lib/contrast/agent/class_reopener.rb +10 -7
  105. data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +1 -1
  106. data/lib/contrast/agent/deadzone/policy/policy.rb +7 -3
  107. data/lib/contrast/agent/disable_reaction.rb +5 -8
  108. data/lib/contrast/agent/exclusion_matcher.rb +8 -15
  109. data/lib/contrast/agent/inventory.rb +1 -2
  110. data/lib/contrast/agent/inventory/dependencies.rb +3 -1
  111. data/lib/contrast/agent/inventory/dependency_analysis.rb +3 -7
  112. data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +38 -28
  113. data/lib/contrast/agent/inventory/policy/datastores.rb +4 -5
  114. data/lib/contrast/agent/inventory/policy/policy.rb +2 -2
  115. data/lib/contrast/agent/inventory/policy/trigger_node.rb +1 -1
  116. data/lib/contrast/agent/middleware.rb +52 -80
  117. data/lib/contrast/agent/module_data.rb +4 -4
  118. data/lib/contrast/agent/patching/policy/after_load_patch.rb +4 -4
  119. data/lib/contrast/agent/patching/policy/after_load_patcher.rb +10 -10
  120. data/lib/contrast/agent/patching/policy/method_policy.rb +7 -3
  121. data/lib/contrast/agent/patching/policy/module_policy.rb +15 -8
  122. data/lib/contrast/agent/patching/policy/patch.rb +32 -38
  123. data/lib/contrast/agent/patching/policy/patch_status.rb +7 -8
  124. data/lib/contrast/agent/patching/policy/patcher.rb +29 -28
  125. data/lib/contrast/agent/patching/policy/policy.rb +16 -25
  126. data/lib/contrast/agent/patching/policy/policy_node.rb +17 -8
  127. data/lib/contrast/agent/patching/policy/trigger_node.rb +22 -9
  128. data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +2 -2
  129. data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +2 -2
  130. data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +2 -2
  131. data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +3 -4
  132. data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +2 -2
  133. data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +6 -10
  134. data/lib/contrast/agent/protect/policy/policy.rb +2 -2
  135. data/lib/contrast/agent/protect/policy/rule_applicator.rb +8 -10
  136. data/lib/contrast/agent/protect/policy/trigger_node.rb +1 -1
  137. data/lib/contrast/agent/protect/rule.rb +1 -1
  138. data/lib/contrast/agent/protect/rule/base.rb +26 -40
  139. data/lib/contrast/agent/protect/rule/base_service.rb +10 -6
  140. data/lib/contrast/agent/protect/rule/cmd_injection.rb +19 -24
  141. data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
  142. data/lib/contrast/agent/protect/rule/deserialization.rb +7 -14
  143. data/lib/contrast/agent/protect/rule/http_method_tampering.rb +4 -15
  144. data/lib/contrast/agent/protect/rule/no_sqli.rb +7 -3
  145. data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +2 -4
  146. data/lib/contrast/agent/protect/rule/path_traversal.rb +7 -11
  147. data/lib/contrast/agent/protect/rule/sqli.rb +3 -3
  148. data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
  149. data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
  150. data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -2
  151. data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
  152. data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +2 -2
  153. data/lib/contrast/agent/protect/rule/xss.rb +2 -2
  154. data/lib/contrast/agent/protect/rule/xxe.rb +6 -13
  155. data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +2 -3
  156. data/lib/contrast/agent/reaction_processor.rb +14 -14
  157. data/lib/contrast/agent/request.rb +29 -27
  158. data/lib/contrast/agent/request_context.rb +20 -30
  159. data/lib/contrast/agent/request_handler.rb +6 -4
  160. data/lib/contrast/agent/response.rb +3 -4
  161. data/lib/contrast/agent/rewriter.rb +10 -7
  162. data/lib/contrast/agent/rule_set.rb +6 -5
  163. data/lib/contrast/agent/scope.rb +1 -1
  164. data/lib/contrast/agent/service_heartbeat.rb +5 -7
  165. data/lib/contrast/agent/static_analysis.rb +7 -6
  166. data/lib/contrast/agent/thread.rb +3 -5
  167. data/lib/contrast/agent/thread_watcher.rb +4 -5
  168. data/lib/contrast/agent/tracepoint_hook.rb +6 -6
  169. data/lib/contrast/agent/version.rb +2 -2
  170. data/lib/contrast/agent/worker_thread.rb +1 -1
  171. data/lib/contrast/api.rb +1 -1
  172. data/lib/contrast/api/communication.rb +1 -1
  173. data/lib/contrast/api/communication/connection_status.rb +1 -1
  174. data/lib/contrast/api/communication/messaging_queue.rb +5 -6
  175. data/lib/contrast/api/communication/response_processor.rb +13 -15
  176. data/lib/contrast/api/communication/service_lifecycle.rb +10 -7
  177. data/lib/contrast/api/communication/socket.rb +1 -1
  178. data/lib/contrast/api/communication/socket_client.rb +23 -32
  179. data/lib/contrast/api/communication/speedracer.rb +10 -15
  180. data/lib/contrast/api/communication/tcp_socket.rb +1 -1
  181. data/lib/contrast/api/communication/unix_socket.rb +1 -1
  182. data/lib/contrast/api/decorators.rb +1 -1
  183. data/lib/contrast/api/decorators/address.rb +3 -4
  184. data/lib/contrast/api/decorators/agent_startup.rb +8 -10
  185. data/lib/contrast/api/decorators/application_settings.rb +1 -1
  186. data/lib/contrast/api/decorators/application_startup.rb +14 -10
  187. data/lib/contrast/api/decorators/application_update.rb +1 -5
  188. data/lib/contrast/api/decorators/http_request.rb +4 -8
  189. data/lib/contrast/api/decorators/input_analysis.rb +1 -1
  190. data/lib/contrast/api/decorators/instrumentation_mode.rb +35 -0
  191. data/lib/contrast/api/decorators/library.rb +9 -7
  192. data/lib/contrast/api/decorators/library_usage_update.rb +1 -1
  193. data/lib/contrast/api/decorators/message.rb +10 -10
  194. data/lib/contrast/api/decorators/rasp_rule_sample.rb +1 -1
  195. data/lib/contrast/api/decorators/route_coverage.rb +1 -1
  196. data/lib/contrast/api/decorators/server_features.rb +1 -1
  197. data/lib/contrast/api/decorators/trace_event.rb +4 -2
  198. data/lib/contrast/api/decorators/trace_event_object.rb +4 -7
  199. data/lib/contrast/api/decorators/trace_event_signature.rb +1 -1
  200. data/lib/contrast/api/decorators/trace_taint_range.rb +1 -1
  201. data/lib/contrast/api/decorators/trace_taint_range_tags.rb +2 -7
  202. data/lib/contrast/api/decorators/user_input.rb +1 -1
  203. data/lib/contrast/components/agent.rb +20 -26
  204. data/lib/contrast/components/app_context.rb +12 -16
  205. data/lib/contrast/components/assess.rb +20 -25
  206. data/lib/contrast/components/base.rb +40 -0
  207. data/lib/contrast/components/config.rb +3 -4
  208. data/lib/contrast/components/contrast_service.rb +13 -19
  209. data/lib/contrast/components/heap_dump.rb +6 -5
  210. data/lib/contrast/components/inventory.rb +3 -8
  211. data/lib/contrast/components/logger.rb +2 -3
  212. data/lib/contrast/components/protect.rb +14 -20
  213. data/lib/contrast/components/sampling.rb +14 -8
  214. data/lib/contrast/components/scope.rb +2 -5
  215. data/lib/contrast/components/settings.rb +28 -103
  216. data/lib/contrast/config.rb +1 -1
  217. data/lib/contrast/config/agent_configuration.rb +1 -1
  218. data/lib/contrast/config/application_configuration.rb +1 -1
  219. data/lib/contrast/config/assess_configuration.rb +1 -1
  220. data/lib/contrast/config/assess_rules_configuration.rb +2 -4
  221. data/lib/contrast/config/base_configuration.rb +5 -6
  222. data/lib/contrast/config/default_value.rb +1 -1
  223. data/lib/contrast/config/exception_configuration.rb +2 -6
  224. data/lib/contrast/config/heap_dump_configuration.rb +13 -7
  225. data/lib/contrast/config/inventory_configuration.rb +1 -1
  226. data/lib/contrast/config/logger_configuration.rb +2 -6
  227. data/lib/contrast/config/protect_configuration.rb +1 -1
  228. data/lib/contrast/config/protect_rule_configuration.rb +23 -1
  229. data/lib/contrast/config/protect_rules_configuration.rb +1 -1
  230. data/lib/contrast/config/root_configuration.rb +1 -1
  231. data/lib/contrast/config/ruby_configuration.rb +1 -1
  232. data/lib/contrast/config/sampling_configuration.rb +1 -1
  233. data/lib/contrast/config/server_configuration.rb +1 -1
  234. data/lib/contrast/config/service_configuration.rb +1 -1
  235. data/lib/contrast/configuration.rb +7 -19
  236. data/lib/contrast/extension/assess.rb +1 -1
  237. data/lib/contrast/extension/assess/array.rb +4 -11
  238. data/lib/contrast/extension/assess/erb.rb +2 -8
  239. data/lib/contrast/extension/assess/eval_trigger.rb +5 -14
  240. data/lib/contrast/extension/assess/exec_trigger.rb +4 -14
  241. data/lib/contrast/extension/assess/fiber.rb +9 -18
  242. data/lib/contrast/extension/assess/hash.rb +4 -4
  243. data/lib/contrast/extension/assess/kernel.rb +5 -14
  244. data/lib/contrast/extension/assess/marshal.rb +7 -15
  245. data/lib/contrast/extension/assess/regexp.rb +7 -11
  246. data/lib/contrast/extension/assess/string.rb +9 -7
  247. data/lib/contrast/extension/delegator.rb +1 -1
  248. data/lib/contrast/extension/inventory.rb +1 -1
  249. data/lib/contrast/extension/kernel.rb +3 -3
  250. data/lib/contrast/extension/module.rb +1 -1
  251. data/lib/contrast/extension/protect.rb +1 -1
  252. data/lib/contrast/extension/protect/kernel.rb +1 -6
  253. data/lib/contrast/extension/protect/psych.rb +1 -1
  254. data/lib/contrast/extension/thread.rb +1 -1
  255. data/lib/contrast/framework/base_support.rb +1 -1
  256. data/lib/contrast/framework/manager.rb +7 -12
  257. data/lib/contrast/framework/platform_version.rb +1 -1
  258. data/lib/contrast/framework/rack/patch/session_cookie.rb +12 -25
  259. data/lib/contrast/framework/rack/patch/support.rb +7 -5
  260. data/lib/contrast/framework/rack/support.rb +1 -1
  261. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
  262. data/lib/contrast/framework/rails/patch/assess_configuration.rb +13 -10
  263. data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +4 -4
  264. data/lib/contrast/framework/rails/patch/support.rb +42 -36
  265. data/lib/contrast/framework/rails/railtie.rb +34 -0
  266. data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +5 -2
  267. data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +3 -1
  268. data/lib/contrast/framework/rails/rewrite/active_record_named.rb +6 -5
  269. data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +3 -1
  270. data/lib/contrast/framework/rails/support.rb +3 -3
  271. data/lib/contrast/framework/sinatra/support.rb +4 -2
  272. data/lib/contrast/funchook/funchook.rb +6 -9
  273. data/lib/contrast/logger/application.rb +14 -16
  274. data/lib/contrast/logger/format.rb +3 -6
  275. data/lib/contrast/logger/log.rb +27 -10
  276. data/lib/contrast/logger/request.rb +2 -7
  277. data/lib/contrast/logger/time.rb +1 -1
  278. data/lib/contrast/security_exception.rb +2 -2
  279. data/lib/contrast/tasks/config.rb +1 -1
  280. data/lib/contrast/tasks/service.rb +7 -8
  281. data/lib/contrast/utils/assess/sampling_util.rb +3 -4
  282. data/lib/contrast/utils/assess/tracking_util.rb +4 -7
  283. data/lib/contrast/utils/class_util.rb +15 -11
  284. data/lib/contrast/utils/duck_utils.rb +1 -1
  285. data/lib/contrast/utils/env_configuration_item.rb +1 -1
  286. data/lib/contrast/utils/hash_digest.rb +16 -24
  287. data/lib/contrast/utils/heap_dump_util.rb +6 -4
  288. data/lib/contrast/utils/invalid_configuration_util.rb +5 -4
  289. data/lib/contrast/utils/inventory_util.rb +3 -4
  290. data/lib/contrast/utils/io_util.rb +4 -6
  291. data/lib/contrast/utils/job_servers_running.rb +14 -8
  292. data/lib/contrast/utils/object_share.rb +1 -1
  293. data/lib/contrast/utils/os.rb +5 -5
  294. data/lib/contrast/utils/preflight_util.rb +1 -1
  295. data/lib/contrast/utils/resource_loader.rb +1 -1
  296. data/lib/contrast/utils/ruby_ast_rewriter.rb +3 -2
  297. data/lib/contrast/utils/sha256_builder.rb +1 -1
  298. data/lib/contrast/utils/stack_trace_utils.rb +1 -1
  299. data/lib/contrast/utils/string_utils.rb +3 -4
  300. data/lib/contrast/utils/tag_util.rb +26 -20
  301. data/lib/contrast/utils/thread_tracker.rb +1 -1
  302. data/lib/contrast/utils/timer.rb +1 -1
  303. data/resources/assess/policy.json +60 -2
  304. data/resources/deadzone/policy.json +7 -17
  305. data/ruby-agent.gemspec +25 -21
  306. data/service_executables/VERSION +1 -1
  307. data/service_executables/linux/contrast-service +0 -0
  308. data/service_executables/mac/contrast-service +0 -0
  309. data/sonar-project.properties +9 -0
  310. metadata +108 -51
  311. data/lib/contrast/agent/inventory/gemfile_digest_cache.rb +0 -38
  312. data/lib/contrast/agent/railtie.rb +0 -31
  313. data/lib/contrast/common_agent_configuration.rb +0 -87
  314. data/lib/contrast/components/interface.rb +0 -195
data/ruby-agent.gemspec CHANGED
@@ -1,4 +1,4 @@
1
- # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
1
+ # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require_relative './lib/contrast/agent/version'
@@ -22,7 +22,7 @@ end
22
22
  def self.add_dev_dependencies spec
23
23
  add_builders(spec)
24
24
  add_debuggers(spec)
25
- add_linters(spec)
25
+ add_linters(spec) # if RUBY_VERSION >= '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
26
26
  add_specs(spec)
27
27
  end
28
28
 
@@ -41,15 +41,17 @@ end
41
41
 
42
42
  # Dependencies used for framework testing.
43
43
  def self.add_frameworks spec
44
- spec.add_development_dependency 'rails', '>= 3'
44
+ spec.add_development_dependency 'rack-protection', '>= 2'
45
+ spec.add_development_dependency 'rails', '6.0.3.5'
45
46
  spec.add_development_dependency 'sinatra', '>= 2'
46
47
  end
47
48
 
48
49
  # Dependencies used for linting prior to commit.
49
50
  def self.add_linters spec
50
- spec.add_development_dependency 'debride'
51
- spec.add_development_dependency 'fasterer'
52
- spec.add_development_dependency 'flay'
51
+ spec.add_development_dependency 'debride', '1.8.2'
52
+ spec.add_development_dependency 'fasterer', '0.9.0'
53
+ spec.add_development_dependency 'flay', '2.12.1'
54
+ # spec.add_development_dependency 'steep', '0.44.1' # TODO: RUBY-714 uncomment w/ EOL of 2.5
53
55
  add_rubocop(spec)
54
56
  end
55
57
 
@@ -67,28 +69,31 @@ def self.add_specs spec
67
69
  spec.add_development_dependency 'rspec', '~> 3.0'
68
70
  spec.add_development_dependency 'rspec-benchmark'
69
71
  spec.add_development_dependency 'rspec_junit_formatter', '0.3.0'
72
+ spec.add_development_dependency 'rspec-rails', '5.0'
73
+ spec.add_development_dependency 'warning'
74
+ spec.add_development_dependency 'tzinfo-data' # Alpine rspec-rails requirement.
70
75
  end
71
76
 
72
77
  def self.add_coverage spec
73
- spec.add_development_dependency 'codecov'
74
- spec.add_development_dependency 'simplecov', '0.20.0'
78
+ spec.add_development_dependency 'codecov', '0.5.2'
79
+ spec.add_development_dependency 'simplecov', '0.21.2'
75
80
  end
76
81
 
77
82
  # Dependencies used to run all of our Rubocop during the linting phase.
78
83
  def self.add_rubocop spec
79
- spec.add_development_dependency 'rubocop', '1.6.1'
80
- spec.add_development_dependency 'rubocop-performance', '1.9.1'
84
+ spec.add_development_dependency 'rubocop', '1.13.0'
85
+ spec.add_development_dependency 'rubocop-performance', '1.11.0'
81
86
  spec.add_development_dependency 'rubocop-rails', '2.9.1'
82
87
  spec.add_development_dependency 'rubocop-rake', '0.5.1'
83
- spec.add_development_dependency 'rubocop-rspec', '2.1.0'
88
+ spec.add_development_dependency 'rubocop-rspec', '2.2.0'
84
89
  end
85
90
 
86
91
  # Dependencies not mocked out during RSpec that we test real code of, beyond just frameworks.
87
92
  def self.add_tested_gems spec
88
- spec.add_development_dependency 'debase'
93
+ spec.add_development_dependency 'async'
89
94
  spec.add_development_dependency 'execjs'
90
- spec.add_development_dependency 'sqlite3', '1.3.9'
91
- spec.add_development_dependency 'therubyracer'
95
+ spec.add_development_dependency 'rhino'
96
+ spec.add_development_dependency 'sqlite3'
92
97
  spec.add_development_dependency 'tilt'
93
98
  spec.add_development_dependency 'xpath'
94
99
  end
@@ -100,7 +105,7 @@ end
100
105
  # corresponding update to the fake gem server data in TeamServer.
101
106
  def self.add_dependencies spec
102
107
  spec.add_dependency 'ougai', '~> 1.8'
103
- spec.add_dependency 'parser', '~> 2.6' # TODO: RUBY-714 remove w/ EOL of 2.5
108
+ spec.add_dependency 'parser', '>= 2.6' # if RUBY_VERSION < '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
104
109
  spec.add_dependency 'protobuf', '~> 3.10'
105
110
  spec.add_dependency 'rack', '~> 2.0'
106
111
  end
@@ -111,7 +116,7 @@ def self.add_files spec
111
116
  # Directories used for testing:
112
117
  f.match(%r{^(spec|test)/}) ||
113
118
  # Directories used in pipelines
114
- f.match(%r{^(\.github|bin|internal_resources|vendor)/}) ||
119
+ f.match(%r{^(\.github|bin|internal_resources|sig|vendor)/}) ||
115
120
  # Configuration and other files that don't belong to one directory
116
121
  f.match(/(Dockerfile)/) ||
117
122
  f.match(/(.*\.csv)/) ||
@@ -152,9 +157,7 @@ Gem::Specification.new do |spec|
152
157
  spec.name = 'contrast-agent'
153
158
  spec.version = Contrast::Agent::VERSION
154
159
 
155
- spec.email = %w[
156
- ruby@contrastsecurity.com
157
- ]
160
+ spec.email = %w[ruby@contrastsecurity.com]
158
161
 
159
162
  spec.summary = 'Contrast Security\'s agent for rack-based applications.'
160
163
  spec.description = 'This gem instantiates a Rack middleware for rack-based ' \
@@ -162,7 +165,7 @@ Gem::Specification.new do |spec|
162
165
  'Testing and Protection.'
163
166
  spec.homepage = 'https://www.contrastsecurity.com'
164
167
  spec.license = 'CONTRAST SECURITY (see license file)'
165
- spec.required_ruby_version = ['>= 2.5.0', '< 2.8.0']
168
+ spec.required_ruby_version = ['>= 2.5.0', '< 3.1.0']
166
169
 
167
170
  spec.bindir = 'exe'
168
171
  spec.executables = ['contrast_service']
@@ -171,7 +174,8 @@ Gem::Specification.new do |spec|
171
174
  spec.require_paths = ['lib']
172
175
 
173
176
  unless File.exist?(File.join(Dir.pwd, 'contrast_security.yaml'))
174
- spec.post_install_message = 'To generate the required contrast_security.yaml file you can run: bundle exec rake contrast:config:create'
177
+ spec.post_install_message = 'To generate the required contrast_security.yaml file you can run: '\
178
+ 'bundle exec rake contrast:config:create'
175
179
  end
176
180
 
177
181
  add_authors(spec)
@@ -1 +1 @@
1
- 2.17.4
1
+ 2.21.2
@@ -0,0 +1,9 @@
1
+ sonar.projectKey=Contrast-Security-Inc_ruby-agent
2
+ sonar.organization=contrast-security-inc
3
+
4
+ # Ignore C/CPP/ObjC files
5
+ sonar.c.file.suffixes=-
6
+ sonar.cpp.file.suffixes=-
7
+ sonar.objc.file.suffixes=-
8
+
9
+ sonar.ruby.coverage.reportPaths=coverage/coverage-formatted.json
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: contrast-agent
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.4.1
4
+ version: 4.9.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
13
13
  autorequire:
14
14
  bindir: exe
15
15
  cert_chain: []
16
- date: 2021-03-10 00:00:00.000000000 Z
16
+ date: 2021-06-24 00:00:00.000000000 Z
17
17
  dependencies:
18
18
  - !ruby/object:Gem::Dependency
19
19
  name: bundler
@@ -89,72 +89,72 @@ dependencies:
89
89
  name: debride
90
90
  requirement: !ruby/object:Gem::Requirement
91
91
  requirements:
92
- - - ">="
92
+ - - '='
93
93
  - !ruby/object:Gem::Version
94
- version: '0'
94
+ version: 1.8.2
95
95
  type: :development
96
96
  prerelease: false
97
97
  version_requirements: !ruby/object:Gem::Requirement
98
98
  requirements:
99
- - - ">="
99
+ - - '='
100
100
  - !ruby/object:Gem::Version
101
- version: '0'
101
+ version: 1.8.2
102
102
  - !ruby/object:Gem::Dependency
103
103
  name: fasterer
104
104
  requirement: !ruby/object:Gem::Requirement
105
105
  requirements:
106
- - - ">="
106
+ - - '='
107
107
  - !ruby/object:Gem::Version
108
- version: '0'
108
+ version: 0.9.0
109
109
  type: :development
110
110
  prerelease: false
111
111
  version_requirements: !ruby/object:Gem::Requirement
112
112
  requirements:
113
- - - ">="
113
+ - - '='
114
114
  - !ruby/object:Gem::Version
115
- version: '0'
115
+ version: 0.9.0
116
116
  - !ruby/object:Gem::Dependency
117
117
  name: flay
118
118
  requirement: !ruby/object:Gem::Requirement
119
119
  requirements:
120
- - - ">="
120
+ - - '='
121
121
  - !ruby/object:Gem::Version
122
- version: '0'
122
+ version: 2.12.1
123
123
  type: :development
124
124
  prerelease: false
125
125
  version_requirements: !ruby/object:Gem::Requirement
126
126
  requirements:
127
- - - ">="
127
+ - - '='
128
128
  - !ruby/object:Gem::Version
129
- version: '0'
129
+ version: 2.12.1
130
130
  - !ruby/object:Gem::Dependency
131
131
  name: rubocop
132
132
  requirement: !ruby/object:Gem::Requirement
133
133
  requirements:
134
134
  - - '='
135
135
  - !ruby/object:Gem::Version
136
- version: 1.6.1
136
+ version: 1.13.0
137
137
  type: :development
138
138
  prerelease: false
139
139
  version_requirements: !ruby/object:Gem::Requirement
140
140
  requirements:
141
141
  - - '='
142
142
  - !ruby/object:Gem::Version
143
- version: 1.6.1
143
+ version: 1.13.0
144
144
  - !ruby/object:Gem::Dependency
145
145
  name: rubocop-performance
146
146
  requirement: !ruby/object:Gem::Requirement
147
147
  requirements:
148
148
  - - '='
149
149
  - !ruby/object:Gem::Version
150
- version: 1.9.1
150
+ version: 1.11.0
151
151
  type: :development
152
152
  prerelease: false
153
153
  version_requirements: !ruby/object:Gem::Requirement
154
154
  requirements:
155
155
  - - '='
156
156
  - !ruby/object:Gem::Version
157
- version: 1.9.1
157
+ version: 1.11.0
158
158
  - !ruby/object:Gem::Dependency
159
159
  name: rubocop-rails
160
160
  requirement: !ruby/object:Gem::Requirement
@@ -189,56 +189,70 @@ dependencies:
189
189
  requirements:
190
190
  - - '='
191
191
  - !ruby/object:Gem::Version
192
- version: 2.1.0
192
+ version: 2.2.0
193
193
  type: :development
194
194
  prerelease: false
195
195
  version_requirements: !ruby/object:Gem::Requirement
196
196
  requirements:
197
197
  - - '='
198
198
  - !ruby/object:Gem::Version
199
- version: 2.1.0
199
+ version: 2.2.0
200
200
  - !ruby/object:Gem::Dependency
201
201
  name: codecov
202
202
  requirement: !ruby/object:Gem::Requirement
203
203
  requirements:
204
- - - ">="
204
+ - - '='
205
205
  - !ruby/object:Gem::Version
206
- version: '0'
206
+ version: 0.5.2
207
207
  type: :development
208
208
  prerelease: false
209
209
  version_requirements: !ruby/object:Gem::Requirement
210
210
  requirements:
211
- - - ">="
211
+ - - '='
212
212
  - !ruby/object:Gem::Version
213
- version: '0'
213
+ version: 0.5.2
214
214
  - !ruby/object:Gem::Dependency
215
215
  name: simplecov
216
216
  requirement: !ruby/object:Gem::Requirement
217
217
  requirements:
218
218
  - - '='
219
219
  - !ruby/object:Gem::Version
220
- version: 0.20.0
220
+ version: 0.21.2
221
221
  type: :development
222
222
  prerelease: false
223
223
  version_requirements: !ruby/object:Gem::Requirement
224
224
  requirements:
225
225
  - - '='
226
226
  - !ruby/object:Gem::Version
227
- version: 0.20.0
227
+ version: 0.21.2
228
228
  - !ruby/object:Gem::Dependency
229
- name: rails
229
+ name: rack-protection
230
230
  requirement: !ruby/object:Gem::Requirement
231
231
  requirements:
232
232
  - - ">="
233
233
  - !ruby/object:Gem::Version
234
- version: '3'
234
+ version: '2'
235
235
  type: :development
236
236
  prerelease: false
237
237
  version_requirements: !ruby/object:Gem::Requirement
238
238
  requirements:
239
239
  - - ">="
240
240
  - !ruby/object:Gem::Version
241
- version: '3'
241
+ version: '2'
242
+ - !ruby/object:Gem::Dependency
243
+ name: rails
244
+ requirement: !ruby/object:Gem::Requirement
245
+ requirements:
246
+ - - '='
247
+ - !ruby/object:Gem::Version
248
+ version: 6.0.3.5
249
+ type: :development
250
+ prerelease: false
251
+ version_requirements: !ruby/object:Gem::Requirement
252
+ requirements:
253
+ - - '='
254
+ - !ruby/object:Gem::Version
255
+ version: 6.0.3.5
242
256
  - !ruby/object:Gem::Dependency
243
257
  name: sinatra
244
258
  requirement: !ruby/object:Gem::Requirement
@@ -254,7 +268,7 @@ dependencies:
254
268
  - !ruby/object:Gem::Version
255
269
  version: '2'
256
270
  - !ruby/object:Gem::Dependency
257
- name: debase
271
+ name: async
258
272
  requirement: !ruby/object:Gem::Requirement
259
273
  requirements:
260
274
  - - ">="
@@ -282,21 +296,21 @@ dependencies:
282
296
  - !ruby/object:Gem::Version
283
297
  version: '0'
284
298
  - !ruby/object:Gem::Dependency
285
- name: sqlite3
299
+ name: rhino
286
300
  requirement: !ruby/object:Gem::Requirement
287
301
  requirements:
288
- - - '='
302
+ - - ">="
289
303
  - !ruby/object:Gem::Version
290
- version: 1.3.9
304
+ version: '0'
291
305
  type: :development
292
306
  prerelease: false
293
307
  version_requirements: !ruby/object:Gem::Requirement
294
308
  requirements:
295
- - - '='
309
+ - - ">="
296
310
  - !ruby/object:Gem::Version
297
- version: 1.3.9
311
+ version: '0'
298
312
  - !ruby/object:Gem::Dependency
299
- name: therubyracer
313
+ name: sqlite3
300
314
  requirement: !ruby/object:Gem::Requirement
301
315
  requirements:
302
316
  - - ">="
@@ -449,6 +463,48 @@ dependencies:
449
463
  - - '='
450
464
  - !ruby/object:Gem::Version
451
465
  version: 0.3.0
466
+ - !ruby/object:Gem::Dependency
467
+ name: rspec-rails
468
+ requirement: !ruby/object:Gem::Requirement
469
+ requirements:
470
+ - - '='
471
+ - !ruby/object:Gem::Version
472
+ version: '5.0'
473
+ type: :development
474
+ prerelease: false
475
+ version_requirements: !ruby/object:Gem::Requirement
476
+ requirements:
477
+ - - '='
478
+ - !ruby/object:Gem::Version
479
+ version: '5.0'
480
+ - !ruby/object:Gem::Dependency
481
+ name: warning
482
+ requirement: !ruby/object:Gem::Requirement
483
+ requirements:
484
+ - - ">="
485
+ - !ruby/object:Gem::Version
486
+ version: '0'
487
+ type: :development
488
+ prerelease: false
489
+ version_requirements: !ruby/object:Gem::Requirement
490
+ requirements:
491
+ - - ">="
492
+ - !ruby/object:Gem::Version
493
+ version: '0'
494
+ - !ruby/object:Gem::Dependency
495
+ name: tzinfo-data
496
+ requirement: !ruby/object:Gem::Requirement
497
+ requirements:
498
+ - - ">="
499
+ - !ruby/object:Gem::Version
500
+ version: '0'
501
+ type: :development
502
+ prerelease: false
503
+ version_requirements: !ruby/object:Gem::Requirement
504
+ requirements:
505
+ - - ">="
506
+ - !ruby/object:Gem::Version
507
+ version: '0'
452
508
  - !ruby/object:Gem::Dependency
453
509
  name: ougai
454
510
  requirement: !ruby/object:Gem::Requirement
@@ -467,14 +523,14 @@ dependencies:
467
523
  name: parser
468
524
  requirement: !ruby/object:Gem::Requirement
469
525
  requirements:
470
- - - "~>"
526
+ - - ">="
471
527
  - !ruby/object:Gem::Version
472
528
  version: '2.6'
473
529
  type: :runtime
474
530
  prerelease: false
475
531
  version_requirements: !ruby/object:Gem::Requirement
476
532
  requirements:
477
- - - "~>"
533
+ - - ">="
478
534
  - !ruby/object:Gem::Version
479
535
  version: '2.6'
480
536
  - !ruby/object:Gem::Dependency
@@ -513,20 +569,20 @@ executables:
513
569
  - contrast_service
514
570
  extensions:
515
571
  - ext/cs__common/extconf.rb
516
- - ext/cs__assess_basic_object/extconf.rb
517
572
  - ext/cs__assess_string_interpolation26/extconf.rb
518
- - ext/cs__assess_array/extconf.rb
519
- - ext/cs__protect_kernel/extconf.rb
520
- - ext/cs__assess_kernel/extconf.rb
573
+ - ext/cs__contrast_patch/extconf.rb
521
574
  - ext/cs__assess_module/extconf.rb
575
+ - ext/cs__assess_kernel/extconf.rb
576
+ - ext/cs__assess_yield_track/extconf.rb
522
577
  - ext/cs__assess_string/extconf.rb
578
+ - ext/cs__assess_array/extconf.rb
523
579
  - ext/cs__assess_active_record_named/extconf.rb
524
- - ext/cs__assess_yield_track/extconf.rb
525
- - ext/cs__contrast_patch/extconf.rb
526
580
  - ext/cs__assess_hash/extconf.rb
527
581
  - ext/cs__assess_regexp/extconf.rb
528
- - ext/cs__assess_marshal_module/extconf.rb
529
582
  - ext/cs__assess_fiber_track/extconf.rb
583
+ - ext/cs__assess_marshal_module/extconf.rb
584
+ - ext/cs__protect_kernel/extconf.rb
585
+ - ext/cs__assess_basic_object/extconf.rb
530
586
  extra_rdoc_files: []
531
587
  files:
532
588
  - ".clang-format"
@@ -747,6 +803,7 @@ files:
747
803
  - lib/contrast/agent/assess/policy/propagator/match_data.rb
748
804
  - lib/contrast/agent/assess/policy/propagator/next.rb
749
805
  - lib/contrast/agent/assess/policy/propagator/prepend.rb
806
+ - lib/contrast/agent/assess/policy/propagator/rack_protection.rb
750
807
  - lib/contrast/agent/assess/policy/propagator/remove.rb
751
808
  - lib/contrast/agent/assess/policy/propagator/replace.rb
752
809
  - lib/contrast/agent/assess/policy/propagator/reverse.rb
@@ -788,7 +845,6 @@ files:
788
845
  - lib/contrast/agent/inventory/dependencies.rb
789
846
  - lib/contrast/agent/inventory/dependency_analysis.rb
790
847
  - lib/contrast/agent/inventory/dependency_usage_analysis.rb
791
- - lib/contrast/agent/inventory/gemfile_digest_cache.rb
792
848
  - lib/contrast/agent/inventory/policy/datastores.rb
793
849
  - lib/contrast/agent/inventory/policy/policy.rb
794
850
  - lib/contrast/agent/inventory/policy/trigger_node.rb
@@ -832,7 +888,6 @@ files:
832
888
  - lib/contrast/agent/protect/rule/xss.rb
833
889
  - lib/contrast/agent/protect/rule/xxe.rb
834
890
  - lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb
835
- - lib/contrast/agent/railtie.rb
836
891
  - lib/contrast/agent/reaction_processor.rb
837
892
  - lib/contrast/agent/request.rb
838
893
  - lib/contrast/agent/request_context.rb
@@ -868,6 +923,7 @@ files:
868
923
  - lib/contrast/api/decorators/application_update.rb
869
924
  - lib/contrast/api/decorators/http_request.rb
870
925
  - lib/contrast/api/decorators/input_analysis.rb
926
+ - lib/contrast/api/decorators/instrumentation_mode.rb
871
927
  - lib/contrast/api/decorators/library.rb
872
928
  - lib/contrast/api/decorators/library_usage_update.rb
873
929
  - lib/contrast/api/decorators/message.rb
@@ -882,14 +938,13 @@ files:
882
938
  - lib/contrast/api/decorators/user_input.rb
883
939
  - lib/contrast/api/dtm.pb.rb
884
940
  - lib/contrast/api/settings.pb.rb
885
- - lib/contrast/common_agent_configuration.rb
886
941
  - lib/contrast/components/agent.rb
887
942
  - lib/contrast/components/app_context.rb
888
943
  - lib/contrast/components/assess.rb
944
+ - lib/contrast/components/base.rb
889
945
  - lib/contrast/components/config.rb
890
946
  - lib/contrast/components/contrast_service.rb
891
947
  - lib/contrast/components/heap_dump.rb
892
- - lib/contrast/components/interface.rb
893
948
  - lib/contrast/components/inventory.rb
894
949
  - lib/contrast/components/logger.rb
895
950
  - lib/contrast/components/protect.rb
@@ -945,6 +1000,7 @@ files:
945
1000
  - lib/contrast/framework/rails/patch/assess_configuration.rb
946
1001
  - lib/contrast/framework/rails/patch/rails_application_configuration.rb
947
1002
  - lib/contrast/framework/rails/patch/support.rb
1003
+ - lib/contrast/framework/rails/railtie.rb
948
1004
  - lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb
949
1005
  - lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb
950
1006
  - lib/contrast/framework/rails/rewrite/active_record_named.rb
@@ -993,6 +1049,7 @@ files:
993
1049
  - service_executables/linux/contrast-service
994
1050
  - service_executables/mac/contrast-service
995
1051
  - shared_libraries/.gitkeep
1052
+ - sonar-project.properties
996
1053
  homepage: https://www.contrastsecurity.com
997
1054
  licenses:
998
1055
  - CONTRAST SECURITY (see license file)
@@ -1013,14 +1070,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
1013
1070
  version: 2.5.0
1014
1071
  - - "<"
1015
1072
  - !ruby/object:Gem::Version
1016
- version: 2.8.0
1073
+ version: 3.1.0
1017
1074
  required_rubygems_version: !ruby/object:Gem::Requirement
1018
1075
  requirements:
1019
1076
  - - ">="
1020
1077
  - !ruby/object:Gem::Version
1021
1078
  version: '0'
1022
1079
  requirements: []
1023
- rubygems_version: 3.0.3
1080
+ rubygems_version: 3.1.6
1024
1081
  signing_key:
1025
1082
  specification_version: 4
1026
1083
  summary: Contrast Security's agent for rack-based applications.