contrast-agent 4.4.1 → 4.9.0

data/ruby-agent.gemspec

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require_relative './lib/contrast/agent/version'
@@ -22,7 +22,7 @@ end
 def self.add_dev_dependencies spec
   add_builders(spec)
   add_debuggers(spec)
-  add_linters(spec)
+  add_linters(spec) # if RUBY_VERSION >= '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
   add_specs(spec)
 end
 
@@ -41,15 +41,17 @@ end
 
 # Dependencies used for framework testing.
 def self.add_frameworks spec
-  spec.add_development_dependency 'rails', '>= 3'
+  spec.add_development_dependency 'rack-protection', '>= 2'
+  spec.add_development_dependency 'rails', '6.0.3.5'
   spec.add_development_dependency 'sinatra', '>= 2'
 end
 
 # Dependencies used for linting prior to commit.
 def self.add_linters spec
-  spec.add_development_dependency 'debride'
-  spec.add_development_dependency 'fasterer'
-  spec.add_development_dependency 'flay'
+  spec.add_development_dependency 'debride', '1.8.2'
+  spec.add_development_dependency 'fasterer', '0.9.0'
+  spec.add_development_dependency 'flay', '2.12.1'
+  # spec.add_development_dependency 'steep', '0.44.1' # TODO: RUBY-714 uncomment w/ EOL of 2.5
   add_rubocop(spec)
 end
 
@@ -67,28 +69,31 @@ def self.add_specs spec
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec-benchmark'
   spec.add_development_dependency 'rspec_junit_formatter', '0.3.0'
+  spec.add_development_dependency 'rspec-rails', '5.0'
+  spec.add_development_dependency 'warning'
+  spec.add_development_dependency 'tzinfo-data' # Alpine rspec-rails requirement.
 end
 
 def self.add_coverage spec
-  spec.add_development_dependency 'codecov'
-  spec.add_development_dependency 'simplecov', '0.20.0'
+  spec.add_development_dependency 'codecov', '0.5.2'
+  spec.add_development_dependency 'simplecov', '0.21.2'
 end
 
 # Dependencies used to run all of our Rubocop during the linting phase.
 def self.add_rubocop spec
-  spec.add_development_dependency 'rubocop', '1.6.1'
-  spec.add_development_dependency 'rubocop-performance', '1.9.1'
+  spec.add_development_dependency 'rubocop', '1.13.0'
+  spec.add_development_dependency 'rubocop-performance', '1.11.0'
   spec.add_development_dependency 'rubocop-rails', '2.9.1'
   spec.add_development_dependency 'rubocop-rake', '0.5.1'
-  spec.add_development_dependency 'rubocop-rspec', '2.1.0'
+  spec.add_development_dependency 'rubocop-rspec', '2.2.0'
 end
 
 # Dependencies not mocked out during RSpec that we test real code of, beyond just frameworks.
 def self.add_tested_gems spec
-  spec.add_development_dependency 'debase'
+  spec.add_development_dependency 'async'
   spec.add_development_dependency 'execjs'
-  spec.add_development_dependency 'sqlite3', '1.3.9'
-  spec.add_development_dependency 'therubyracer'
+  spec.add_development_dependency 'rhino'
+  spec.add_development_dependency 'sqlite3'
   spec.add_development_dependency 'tilt'
   spec.add_development_dependency 'xpath'
 end
@@ -100,7 +105,7 @@ end
 # corresponding update to the fake gem server data in TeamServer.
 def self.add_dependencies spec
   spec.add_dependency 'ougai', '~> 1.8'
-  spec.add_dependency 'parser', '~> 2.6' # TODO: RUBY-714 remove w/ EOL of 2.5
+  spec.add_dependency 'parser', '>= 2.6' # if RUBY_VERSION < '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
   spec.add_dependency 'protobuf', '~> 3.10'
   spec.add_dependency 'rack', '~> 2.0'
 end
@@ -111,7 +116,7 @@ def self.add_files spec
     # Directories used for testing:
     f.match(%r{^(spec|test)/}) ||
         # Directories used in pipelines
-        f.match(%r{^(\.github|bin|internal_resources|vendor)/}) ||
+        f.match(%r{^(\.github|bin|internal_resources|sig|vendor)/}) ||
         # Configuration and other files that don't belong to one directory
         f.match(/(Dockerfile)/)  ||
         f.match(/(.*\.csv)/)     ||
@@ -152,9 +157,7 @@ Gem::Specification.new do |spec|
   spec.name    = 'contrast-agent'
   spec.version = Contrast::Agent::VERSION
 
-  spec.email = %w[
-    ruby@contrastsecurity.com
-  ]
+  spec.email = %w[ruby@contrastsecurity.com]
 
   spec.summary      = 'Contrast Security\'s agent for rack-based applications.'
   spec.description  = 'This gem instantiates a Rack middleware for rack-based ' \
@@ -162,7 +165,7 @@ Gem::Specification.new do |spec|
     'Testing and Protection.'
   spec.homepage     = 'https://www.contrastsecurity.com'
   spec.license      = 'CONTRAST SECURITY (see license file)'
-  spec.required_ruby_version = ['>= 2.5.0', '< 2.8.0']
+  spec.required_ruby_version = ['>= 2.5.0', '< 3.1.0']
 
   spec.bindir        = 'exe'
   spec.executables   = ['contrast_service']
@@ -171,7 +174,8 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   unless File.exist?(File.join(Dir.pwd, 'contrast_security.yaml'))
-    spec.post_install_message = 'To generate the required contrast_security.yaml file you can run: bundle exec rake contrast:config:create'
+    spec.post_install_message = 'To generate the required contrast_security.yaml file you can run: '\
+                                'bundle exec rake contrast:config:create'
   end
 
   add_authors(spec)

data/service_executables/VERSION

@@ -1 +1 @@
-2.17.4
+2.21.2

data/sonar-project.properties

@@ -0,0 +1,9 @@
+sonar.projectKey=Contrast-Security-Inc_ruby-agent
+sonar.organization=contrast-security-inc
+
+# Ignore C/CPP/ObjC files
+sonar.c.file.suffixes=-
+sonar.cpp.file.suffixes=-
+sonar.objc.file.suffixes=-
+
+sonar.ruby.coverage.reportPaths=coverage/coverage-formatted.json

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 4.4.1
+  version: 4.9.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-03-10 00:00:00.000000000 Z
+date: 2021-06-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -89,72 +89,72 @@ dependencies:
   name: debride
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.8.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.8.2
 - !ruby/object:Gem::Dependency
   name: fasterer
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.9.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.9.0
 - !ruby/object:Gem::Dependency
   name: flay
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.12.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.12.1
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.1
+        version: 1.13.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.1
+        version: 1.13.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.9.1
+        version: 1.11.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.9.1
+        version: 1.11.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rails
   requirement: !ruby/object:Gem::Requirement
@@ -189,56 +189,70 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.1.0
+        version: 2.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.1.0
+        version: 2.2.0
 - !ruby/object:Gem::Dependency
   name: codecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.5.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.5.2
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.20.0
+        version: 0.21.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.20.0
+        version: 0.21.2
 - !ruby/object:Gem::Dependency
-  name: rails
+  name: rack-protection
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 6.0.3.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 6.0.3.5
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
@@ -254,7 +268,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2'
 - !ruby/object:Gem::Dependency
-  name: debase
+  name: async
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -282,21 +296,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: rhino
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.9
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.9
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: therubyracer
+  name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -449,6 +463,48 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.3.0
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: warning
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: tzinfo-data
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: ougai
   requirement: !ruby/object:Gem::Requirement
@@ -467,14 +523,14 @@ dependencies:
   name: parser
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.6'
 - !ruby/object:Gem::Dependency
@@ -513,20 +569,20 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_basic_object/extconf.rb
 - ext/cs__assess_string_interpolation26/extconf.rb
-- ext/cs__assess_array/extconf.rb
-- ext/cs__protect_kernel/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
+- ext/cs__contrast_patch/extconf.rb
 - ext/cs__assess_module/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
 - ext/cs__assess_string/extconf.rb
+- ext/cs__assess_array/extconf.rb
 - ext/cs__assess_active_record_named/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
-- ext/cs__contrast_patch/extconf.rb
 - ext/cs__assess_hash/extconf.rb
 - ext/cs__assess_regexp/extconf.rb
-- ext/cs__assess_marshal_module/extconf.rb
 - ext/cs__assess_fiber_track/extconf.rb
+- ext/cs__assess_marshal_module/extconf.rb
+- ext/cs__protect_kernel/extconf.rb
+- ext/cs__assess_basic_object/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -747,6 +803,7 @@ files:
 - lib/contrast/agent/assess/policy/propagator/match_data.rb
 - lib/contrast/agent/assess/policy/propagator/next.rb
 - lib/contrast/agent/assess/policy/propagator/prepend.rb
+- lib/contrast/agent/assess/policy/propagator/rack_protection.rb
 - lib/contrast/agent/assess/policy/propagator/remove.rb
 - lib/contrast/agent/assess/policy/propagator/replace.rb
 - lib/contrast/agent/assess/policy/propagator/reverse.rb
@@ -788,7 +845,6 @@ files:
 - lib/contrast/agent/inventory/dependencies.rb
 - lib/contrast/agent/inventory/dependency_analysis.rb
 - lib/contrast/agent/inventory/dependency_usage_analysis.rb
-- lib/contrast/agent/inventory/gemfile_digest_cache.rb
 - lib/contrast/agent/inventory/policy/datastores.rb
 - lib/contrast/agent/inventory/policy/policy.rb
 - lib/contrast/agent/inventory/policy/trigger_node.rb
@@ -832,7 +888,6 @@ files:
 - lib/contrast/agent/protect/rule/xss.rb
 - lib/contrast/agent/protect/rule/xxe.rb
 - lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb
-- lib/contrast/agent/railtie.rb
 - lib/contrast/agent/reaction_processor.rb
 - lib/contrast/agent/request.rb
 - lib/contrast/agent/request_context.rb
@@ -868,6 +923,7 @@ files:
 - lib/contrast/api/decorators/application_update.rb
 - lib/contrast/api/decorators/http_request.rb
 - lib/contrast/api/decorators/input_analysis.rb
+- lib/contrast/api/decorators/instrumentation_mode.rb
 - lib/contrast/api/decorators/library.rb
 - lib/contrast/api/decorators/library_usage_update.rb
 - lib/contrast/api/decorators/message.rb
@@ -882,14 +938,13 @@ files:
 - lib/contrast/api/decorators/user_input.rb
 - lib/contrast/api/dtm.pb.rb
 - lib/contrast/api/settings.pb.rb
-- lib/contrast/common_agent_configuration.rb
 - lib/contrast/components/agent.rb
 - lib/contrast/components/app_context.rb
 - lib/contrast/components/assess.rb
+- lib/contrast/components/base.rb
 - lib/contrast/components/config.rb
 - lib/contrast/components/contrast_service.rb
 - lib/contrast/components/heap_dump.rb
-- lib/contrast/components/interface.rb
 - lib/contrast/components/inventory.rb
 - lib/contrast/components/logger.rb
 - lib/contrast/components/protect.rb
@@ -945,6 +1000,7 @@ files:
 - lib/contrast/framework/rails/patch/assess_configuration.rb
 - lib/contrast/framework/rails/patch/rails_application_configuration.rb
 - lib/contrast/framework/rails/patch/support.rb
+- lib/contrast/framework/rails/railtie.rb
 - lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb
 - lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb
 - lib/contrast/framework/rails/rewrite/active_record_named.rb
@@ -993,6 +1049,7 @@ files:
 - service_executables/linux/contrast-service
 - service_executables/mac/contrast-service
 - shared_libraries/.gitkeep
+- sonar-project.properties
 homepage: https://www.contrastsecurity.com
 licenses:
 - CONTRAST SECURITY (see license file)
@@ -1013,14 +1070,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.5.0
   - - "<"
     - !ruby/object:Gem::Version
-      version: 2.8.0
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Contrast Security's agent for rack-based applications.