contrast-agent 4.7.0 → 4.10.0

data/resources/deadzone/policy.json

@@ -1,6 +1,16 @@
 {
   "deadzones":[
     {
+      "class_name":"Rspec::Core::BacktraceFormatter",
+      "instance_method":true,
+      "method_visibility": "private",
+      "method_name":"matches?"
+    },{
+      "class_name":"Rspec::Core::Example",
+      "instance_method":true,
+      "method_visibility": "private",
+      "method_name":"finish"
+    },{
       "class_name":"Rack::Request::Helpers",
       "instance_method":true,
       "method_visibility": "public",

data/ruby-agent.gemspec

@@ -24,6 +24,7 @@ def self.add_dev_dependencies spec
   add_debuggers(spec)
   add_linters(spec) # if RUBY_VERSION >= '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
   add_specs(spec)
+  add_custom_dependencies(spec)
 end
 
 # Dependencies used to build the agent during development.
@@ -33,14 +34,22 @@ def self.add_builders spec
   spec.add_development_dependency 'rake-compiler', '~> 0'
 end
 
+# Dependencies that are required during testing in actual application
+def self.add_custom_dependencies spec
+  spec.add_development_dependency 'zlib'
+end
+
 # Dependencies used for local debugging during development.
 def self.add_debuggers spec
   spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'pry-byebug', '>= 3.9'
   spec.add_development_dependency 'ruby-debug-ide'
 end
 
 # Dependencies used for framework testing.
 def self.add_frameworks spec
+  spec.add_development_dependency 'grape', '~> 1.5', '>= 1.5.2'
+  spec.add_development_dependency 'rack-protection', '>= 2'
   spec.add_development_dependency 'rails', '6.0.3.5'
   spec.add_development_dependency 'sinatra', '>= 2'
 end
@@ -50,6 +59,7 @@ def self.add_linters spec
   spec.add_development_dependency 'debride', '1.8.2'
   spec.add_development_dependency 'fasterer', '0.9.0'
   spec.add_development_dependency 'flay', '2.12.1'
+  # spec.add_development_dependency 'steep', '0.44.1' # TODO: RUBY-714 uncomment w/ EOL of 2.5
   add_rubocop(spec)
 end
 
@@ -64,15 +74,16 @@ def self.add_specs spec
   spec.add_development_dependency 'factory_bot'
   spec.add_development_dependency 'fake_ftp'
   spec.add_development_dependency 'openssl'
+  spec.add_development_dependency 'parallel_tests'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec-benchmark'
   spec.add_development_dependency 'rspec_junit_formatter', '0.3.0'
   spec.add_development_dependency 'rspec-rails', '5.0'
   spec.add_development_dependency 'tzinfo-data' # Alpine rspec-rails requirement.
+  spec.add_development_dependency 'warning'
 end
 
 def self.add_coverage spec
-  spec.add_development_dependency 'codecov', '0.5.2'
   spec.add_development_dependency 'simplecov', '0.21.2'
 end
 
@@ -89,8 +100,8 @@ end
 def self.add_tested_gems spec
   spec.add_development_dependency 'async'
   spec.add_development_dependency 'execjs'
+  spec.add_development_dependency 'rhino'
   spec.add_development_dependency 'sqlite3'
-  spec.add_development_dependency 'therubyracer'
   spec.add_development_dependency 'tilt'
   spec.add_development_dependency 'xpath'
 end
@@ -113,7 +124,7 @@ def self.add_files spec
     # Directories used for testing:
     f.match(%r{^(spec|test)/}) ||
         # Directories used in pipelines
-        f.match(%r{^(\.github|bin|internal_resources|vendor)/}) ||
+        f.match(%r{^(\.github|bin|internal_resources|sig|vendor)/}) ||
         # Configuration and other files that don't belong to one directory
         f.match(/(Dockerfile)/)  ||
         f.match(/(.*\.csv)/)     ||

data/service_executables/VERSION

@@ -1 +1 @@
-2.19.0
+2.21.2

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 4.7.0
+  version: 4.10.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-05-10 00:00:00.000000000 Z
+date: 2021-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -71,6 +71,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: ruby-debug-ide
   requirement: !ruby/object:Gem::Requirement
@@ -198,33 +212,53 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 2.2.0
 - !ruby/object:Gem::Dependency
-  name: codecov
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.5.2
+        version: 0.21.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.5.2
+        version: 0.21.2
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: grape
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.21.2
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.21.2
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.2
+- !ruby/object:Gem::Dependency
+  name: rack-protection
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -282,7 +316,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: rhino
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -296,7 +330,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: therubyracer
+  name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -407,6 +441,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: parallel_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -477,6 +525,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: warning
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: zlib
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: ougai
   requirement: !ruby/object:Gem::Requirement
@@ -541,20 +617,20 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_string/extconf.rb
-- ext/cs__protect_kernel/extconf.rb
-- ext/cs__assess_regexp/extconf.rb
-- ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_array/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
 - ext/cs__assess_fiber_track/extconf.rb
 - ext/cs__assess_marshal_module/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
 - ext/cs__assess_basic_object/extconf.rb
+- ext/cs__assess_string/extconf.rb
+- ext/cs__assess_regexp/extconf.rb
+- ext/cs__protect_kernel/extconf.rb
+- ext/cs__contrast_patch/extconf.rb
+- ext/cs__assess_active_record_named/extconf.rb
 - ext/cs__assess_module/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
 - ext/cs__assess_hash/extconf.rb
-- ext/cs__assess_active_record_named/extconf.rb
 - ext/cs__assess_string_interpolation26/extconf.rb
+- ext/cs__assess_array/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -563,6 +639,7 @@ files:
 - ".gitignore"
 - ".gitmodules"
 - ".rspec"
+- ".rspec_parallel"
 - ".simplecov"
 - Gemfile
 - LICENSE.txt
@@ -775,6 +852,7 @@ files:
 - lib/contrast/agent/assess/policy/propagator/match_data.rb
 - lib/contrast/agent/assess/policy/propagator/next.rb
 - lib/contrast/agent/assess/policy/propagator/prepend.rb
+- lib/contrast/agent/assess/policy/propagator/rack_protection.rb
 - lib/contrast/agent/assess/policy/propagator/remove.rb
 - lib/contrast/agent/assess/policy/propagator/replace.rb
 - lib/contrast/agent/assess/policy/propagator/reverse.rb
@@ -813,6 +891,7 @@ files:
 - lib/contrast/agent/disable_reaction.rb
 - lib/contrast/agent/exclusion_matcher.rb
 - lib/contrast/agent/inventory.rb
+- lib/contrast/agent/inventory/database_config.rb
 - lib/contrast/agent/inventory/dependencies.rb
 - lib/contrast/agent/inventory/dependency_analysis.rb
 - lib/contrast/agent/inventory/dependency_usage_analysis.rb
@@ -850,6 +929,7 @@ files:
 - lib/contrast/agent/protect/rule/no_sqli.rb
 - lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb
 - lib/contrast/agent/protect/rule/path_traversal.rb
+- lib/contrast/agent/protect/rule/sql_sample_builder.rb
 - lib/contrast/agent/protect/rule/sqli.rb
 - lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb
 - lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
@@ -859,7 +939,6 @@ files:
 - lib/contrast/agent/protect/rule/xss.rb
 - lib/contrast/agent/protect/rule/xxe.rb
 - lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb
-- lib/contrast/agent/railtie.rb
 - lib/contrast/agent/reaction_processor.rb
 - lib/contrast/agent/request.rb
 - lib/contrast/agent/request_context.rb
@@ -913,10 +992,10 @@ files:
 - lib/contrast/components/agent.rb
 - lib/contrast/components/app_context.rb
 - lib/contrast/components/assess.rb
+- lib/contrast/components/base.rb
 - lib/contrast/components/config.rb
 - lib/contrast/components/contrast_service.rb
 - lib/contrast/components/heap_dump.rb
-- lib/contrast/components/interface.rb
 - lib/contrast/components/inventory.rb
 - lib/contrast/components/logger.rb
 - lib/contrast/components/protect.rb
@@ -943,7 +1022,6 @@ files:
 - lib/contrast/config/server_configuration.rb
 - lib/contrast/config/service_configuration.rb
 - lib/contrast/configuration.rb
-- lib/contrast/delegators/input_analysis.rb
 - lib/contrast/extension/assess.rb
 - lib/contrast/extension/assess/array.rb
 - lib/contrast/extension/assess/erb.rb
@@ -956,6 +1034,7 @@ files:
 - lib/contrast/extension/assess/regexp.rb
 - lib/contrast/extension/assess/string.rb
 - lib/contrast/extension/delegator.rb
+- lib/contrast/extension/extension.rb
 - lib/contrast/extension/inventory.rb
 - lib/contrast/extension/kernel.rb
 - lib/contrast/extension/module.rb
@@ -964,6 +1043,7 @@ files:
 - lib/contrast/extension/protect/psych.rb
 - lib/contrast/extension/thread.rb
 - lib/contrast/framework/base_support.rb
+- lib/contrast/framework/grape/support.rb
 - lib/contrast/framework/manager.rb
 - lib/contrast/framework/platform_version.rb
 - lib/contrast/framework/rack/patch/session_cookie.rb
@@ -973,6 +1053,7 @@ files:
 - lib/contrast/framework/rails/patch/assess_configuration.rb
 - lib/contrast/framework/rails/patch/rails_application_configuration.rb
 - lib/contrast/framework/rails/patch/support.rb
+- lib/contrast/framework/rails/railtie.rb
 - lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb
 - lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb
 - lib/contrast/framework/rails/rewrite/active_record_named.rb
@@ -996,7 +1077,6 @@ files:
 - lib/contrast/utils/hash_digest.rb
 - lib/contrast/utils/heap_dump_util.rb
 - lib/contrast/utils/invalid_configuration_util.rb
-- lib/contrast/utils/inventory_util.rb
 - lib/contrast/utils/io_util.rb
 - lib/contrast/utils/job_servers_running.rb
 - lib/contrast/utils/object_share.rb

data/lib/contrast/agent/railtie.rb

@@ -1,31 +0,0 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'contrast/utils/job_servers_running'
-
-module Contrast
-  module Agent
-    # A Railtie to allow for the automatic hooking of the Agent into a Rails
-    # application.
-    class Railtie < Rails::Railtie
-      include Contrast::Components::Interface
-      access_component :agent, :app_context, :logging
-
-      initializer 'Contrast Ruby Agent Initializer' do |app|
-        Rails.logger.debug("In railtie ::#{ app.middleware.inspect }") if defined?(Rails) && defined?(Rails.logger)
-
-        if APP_CONTEXT.instrument_middleware_stack?
-          AGENT.insert_middleware(app)
-        else
-          Rails.logger.debug('Detected a running job server, skipping Contrast middleware insertion.')
-          logger.debug('Disabling Contrast for process', p_id: Process.pid)
-        end
-      end
-
-      rake_tasks do
-        load 'contrast/tasks/service.rb'
-        load 'contrast/tasks/config.rb'
-      end
-    end
-  end
-end

data/lib/contrast/components/interface.rb

@@ -1,196 +0,0 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'delegate'
-require 'contrast/extension/module'
-require 'contrast/utils/object_share'
-
-module Contrast
-  # This is the base module for our components classes. It is intended to
-  # facilitate the translation of the Common Configuration settings to usable
-  # Ruby methods. Any class under this namespace should be required here,
-  # providing a single point of require for this functionality.
-  module Components
-    # Include this into your classes and modules,
-    # and use 'access_component' to define constants that will allow
-    # interaction with other components.
-    module Interface
-      def self.included klass
-        # Upon inclusion, ComponentInterfaces extends the including with
-        # these two interfaces.
-        # Interface provides a class-level method 'access_component'
-        # that regulates per-class access to agent state.
-        # (It's a glorified `include MyComponent`).
-        klass.extend Contrast::Components::ComponentReceiverClassInterface
-      end
-    end
-
-    # All component access is gated through delegators.
-    #
-    # One delegator is used by the calling class,
-    # so we can tweak outgoing calls.
-    #
-    # The second delegator is used by the receiving component,
-    # so we can tweak incoming calls.
-    #
-    # We use __setobj__ to decide which component implementation to use.
-    # This is intended to provide flexibility in design and
-    # simplicity in testing.
-    class ComponentDelegator < SimpleDelegator
-      # intentionally left blank
-    end
-
-    # All components should inherit from this,
-    # whether Interfaces, InstanceMethods or ClassMethods.
-    module ComponentBase
-      def self.included klass
-        klass.extend  Methods
-        klass.include Methods
-      end
-
-      module Methods # :nodoc:
-        # use this to determine if the configuration value is literally boolean
-        # false or some form of the word `false`, regardless of case. It should
-        # be used for those values which default to `true` as they should only
-        # treat a value explicitly set to `false` as such.
-        #
-        # @param config_param [Boolean,String] the value to check
-        # @return [Boolean] should the value be treated as `false`
-        def false? config_param
-          return false if config_param == true
-          return true if config_param == false
-          return false unless config_param.cs__is_a?(String)
-
-          Contrast::Utils::ObjectShare::FALSE.casecmp?(config_param)
-        end
-
-        # use this to determine if the configuration value is literally boolean
-        # true or some form of the word `true`, regardless of case. It should
-        # be used for those values which default to `false` as they should only
-        # treat a value explicitly set to `true` as such.
-        #
-        # @param config_param [Boolean,String] the value to check
-        # @return [Boolean] should the value be treated as `true`
-        def true? config_param
-          return false if config_param == false
-          return true if config_param == true
-          return false unless config_param.cs__is_a?(String)
-
-          Contrast::Utils::ObjectShare::TRUE.casecmp?(config_param)
-        end
-      end
-    end
-
-    def self.component_const_name mod_name
-      mod_name = mod_name.split('::').last
-      @cache ||= {}
-      @cache[mod_name] ||= mod_name. # CamelCaseName
-          split(/(?=[A-Z])/)&.          # ['Camel', 'Case', 'Name']
-          map(&:upcase)&.               # ['CAMEL', 'CASE', 'NAME']
-          join('_')                     # 'CAMEL_CASE_NAME'
-    end
-
-    # Interface to allow for iteration over each of the configuration
-    # components
-    module ComponentReceiverClassInterface
-      # Components are manually required at the end of
-      # this file, and this constant is then frozen.
-      # RUBY-535 to handle this better.
-      COMPONENT_MAP = {} # rubocop:disable Style/MutableConstant
-
-      # TODO: RUBY-535
-      # This module is used via `extend`, so it can't access
-      # constants we define here.
-      def component_map
-        COMPONENT_MAP
-      end
-
-      # .access_component
-      #
-      # to be used as:
-      #
-      # class Abc
-      #   include Contrast::Components::Interface
-      #   access_component :logging, :agent
-      #
-      #   def function
-      #     if AGENT.disabled?
-      #       0 / 3
-      #     end
-      #   rescue
-      #     logger.error "this function did error"
-      #   end
-      # end
-      #
-      # `:logger` creates a #logger and .logger method
-      # `:agent` provides an AGENT constant, analogous to a local singleton.
-      #
-      def access_component *component_set_syms
-        @_access_component ||= {}
-
-        component_set_syms.each do |sym|
-          next if @_access_component[sym]
-
-          if (mods = component_map[sym]) # rubocop:disable Style/GuardClause
-            # We may support multiple components via one access request.
-            mods.each do |m|
-              name = Contrast::Components.component_const_name(m.cs__name)
-              cs__const_set(name, m::COMPONENT_INTERFACE) if m.cs__const_defined?(:COMPONENT_INTERFACE)
-              include m::InstanceMethods               if m.cs__const_defined?(:InstanceMethods, false)
-              extend  m::ClassMethods                  if m.cs__const_defined?(:ClassMethods, false)
-            end
-
-            @_access_component[sym] = true
-          else
-            raise NoMethodError, "#{ self } asked to access undefined component '#{ sym }'."
-          end
-        end
-      end
-    end
-  end
-end
-
-# Components can depend on other components, but it should be a
-# directed acyclic graph.
-
-# Scope shouldn't depend on anything.
-require 'contrast/components/scope'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:scope] = [Contrast::Components::Scope]
-
-# Config depends on Scope.
-require 'contrast/components/config'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:config] = [Contrast::Components::Config]
-
-# Settings should not depend on anything but Config.
-require 'contrast/components/settings'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:settings] = [Contrast::Components::Settings]
-
-require 'contrast/components/assess'
-require 'contrast/components/protect'
-require 'contrast/components/inventory'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:analysis] = [
-  Contrast::Components::Protect,
-  Contrast::Components::Assess,
-  Contrast::Components::Inventory
-]
-
-require 'contrast/components/logger'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:logging] = [Contrast::Components::Logger]
-
-require 'contrast/components/agent'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:agent] = [Contrast::Components::Agent]
-
-require 'contrast/components/contrast_service'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:contrast_service] =
-  [Contrast::Components::ContrastService]
-
-require 'contrast/components/app_context'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:app_context] = [Contrast::Components::AppContext]
-
-require 'contrast/components/heap_dump'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:heap_dump] = [Contrast::Components::HeapDump]
-
-require 'contrast/components/sampling'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:sampling] = [Contrast::Components::Sampling]
-
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP.cs__freeze