contrast-agent 4.8.0 → 4.11.0

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 4.8.0
+  version: 4.11.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-05-20 00:00:00.000000000 Z
+date: 2021-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -71,6 +71,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: ruby-debug-ide
   requirement: !ruby/object:Gem::Requirement
@@ -198,33 +212,39 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 2.2.0
 - !ruby/object:Gem::Dependency
-  name: codecov
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.5.2
+        version: 0.21.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.5.2
+        version: 0.21.2
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: grape
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.21.2
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.21.2
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.2
 - !ruby/object:Gem::Dependency
   name: rack-protection
   requirement: !ruby/object:Gem::Requirement
@@ -296,7 +316,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: rhino
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -310,7 +330,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rhino
+  name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -421,6 +441,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: parallel_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -491,6 +525,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: warning
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: zlib
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: ougai
   requirement: !ruby/object:Gem::Requirement
@@ -555,20 +617,20 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_string/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
-- ext/cs__protect_kernel/extconf.rb
-- ext/cs__assess_module/extconf.rb
-- ext/cs__assess_active_record_named/extconf.rb
-- ext/cs__assess_fiber_track/extconf.rb
 - ext/cs__assess_array/extconf.rb
-- ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_string_interpolation26/extconf.rb
 - ext/cs__assess_regexp/extconf.rb
+- ext/cs__protect_kernel/extconf.rb
 - ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__assess_basic_object/extconf.rb
-- ext/cs__assess_hash/extconf.rb
 - ext/cs__assess_yield_track/extconf.rb
+- ext/cs__assess_string_interpolation26/extconf.rb
+- ext/cs__assess_fiber_track/extconf.rb
+- ext/cs__assess_string/extconf.rb
+- ext/cs__assess_hash/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
+- ext/cs__contrast_patch/extconf.rb
+- ext/cs__assess_basic_object/extconf.rb
+- ext/cs__assess_module/extconf.rb
+- ext/cs__assess_active_record_named/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -577,6 +639,7 @@ files:
 - ".gitignore"
 - ".gitmodules"
 - ".rspec"
+- ".rspec_parallel"
 - ".simplecov"
 - Gemfile
 - LICENSE.txt
@@ -828,6 +891,7 @@ files:
 - lib/contrast/agent/disable_reaction.rb
 - lib/contrast/agent/exclusion_matcher.rb
 - lib/contrast/agent/inventory.rb
+- lib/contrast/agent/inventory/database_config.rb
 - lib/contrast/agent/inventory/dependencies.rb
 - lib/contrast/agent/inventory/dependency_analysis.rb
 - lib/contrast/agent/inventory/dependency_usage_analysis.rb
@@ -865,6 +929,7 @@ files:
 - lib/contrast/agent/protect/rule/no_sqli.rb
 - lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb
 - lib/contrast/agent/protect/rule/path_traversal.rb
+- lib/contrast/agent/protect/rule/sql_sample_builder.rb
 - lib/contrast/agent/protect/rule/sqli.rb
 - lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb
 - lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
@@ -927,10 +992,10 @@ files:
 - lib/contrast/components/agent.rb
 - lib/contrast/components/app_context.rb
 - lib/contrast/components/assess.rb
+- lib/contrast/components/base.rb
 - lib/contrast/components/config.rb
 - lib/contrast/components/contrast_service.rb
 - lib/contrast/components/heap_dump.rb
-- lib/contrast/components/interface.rb
 - lib/contrast/components/inventory.rb
 - lib/contrast/components/logger.rb
 - lib/contrast/components/protect.rb
@@ -957,7 +1022,6 @@ files:
 - lib/contrast/config/server_configuration.rb
 - lib/contrast/config/service_configuration.rb
 - lib/contrast/configuration.rb
-- lib/contrast/delegators/input_analysis.rb
 - lib/contrast/extension/assess.rb
 - lib/contrast/extension/assess/array.rb
 - lib/contrast/extension/assess/erb.rb
@@ -970,6 +1034,7 @@ files:
 - lib/contrast/extension/assess/regexp.rb
 - lib/contrast/extension/assess/string.rb
 - lib/contrast/extension/delegator.rb
+- lib/contrast/extension/extension.rb
 - lib/contrast/extension/inventory.rb
 - lib/contrast/extension/kernel.rb
 - lib/contrast/extension/module.rb
@@ -978,6 +1043,7 @@ files:
 - lib/contrast/extension/protect/psych.rb
 - lib/contrast/extension/thread.rb
 - lib/contrast/framework/base_support.rb
+- lib/contrast/framework/grape/support.rb
 - lib/contrast/framework/manager.rb
 - lib/contrast/framework/platform_version.rb
 - lib/contrast/framework/rack/patch/session_cookie.rb
@@ -1011,9 +1077,9 @@ files:
 - lib/contrast/utils/hash_digest.rb
 - lib/contrast/utils/heap_dump_util.rb
 - lib/contrast/utils/invalid_configuration_util.rb
-- lib/contrast/utils/inventory_util.rb
 - lib/contrast/utils/io_util.rb
 - lib/contrast/utils/job_servers_running.rb
+- lib/contrast/utils/lru_cache.rb
 - lib/contrast/utils/object_share.rb
 - lib/contrast/utils/os.rb
 - lib/contrast/utils/preflight_util.rb

data/lib/contrast/components/interface.rb

@@ -1,196 +0,0 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'delegate'
-require 'contrast/extension/module'
-require 'contrast/utils/object_share'
-
-module Contrast
-  # This is the base module for our components classes. It is intended to
-  # facilitate the translation of the Common Configuration settings to usable
-  # Ruby methods. Any class under this namespace should be required here,
-  # providing a single point of require for this functionality.
-  module Components
-    # Include this into your classes and modules,
-    # and use 'access_component' to define constants that will allow
-    # interaction with other components.
-    module Interface
-      def self.included klass
-        # Upon inclusion, ComponentInterfaces extends the including with
-        # these two interfaces.
-        # Interface provides a class-level method 'access_component'
-        # that regulates per-class access to agent state.
-        # (It's a glorified `include MyComponent`).
-        klass.extend Contrast::Components::ComponentReceiverClassInterface
-      end
-    end
-
-    # All component access is gated through delegators.
-    #
-    # One delegator is used by the calling class,
-    # so we can tweak outgoing calls.
-    #
-    # The second delegator is used by the receiving component,
-    # so we can tweak incoming calls.
-    #
-    # We use __setobj__ to decide which component implementation to use.
-    # This is intended to provide flexibility in design and
-    # simplicity in testing.
-    class ComponentDelegator < SimpleDelegator
-      # intentionally left blank
-    end
-
-    # All components should inherit from this,
-    # whether Interfaces, InstanceMethods or ClassMethods.
-    module ComponentBase
-      def self.included klass
-        klass.extend  Methods
-        klass.include Methods
-      end
-
-      module Methods # :nodoc:
-        # use this to determine if the configuration value is literally boolean
-        # false or some form of the word `false`, regardless of case. It should
-        # be used for those values which default to `true` as they should only
-        # treat a value explicitly set to `false` as such.
-        #
-        # @param config_param [Boolean,String] the value to check
-        # @return [Boolean] should the value be treated as `false`
-        def false? config_param
-          return false if config_param == true
-          return true if config_param == false
-          return false unless config_param.cs__is_a?(String)
-
-          Contrast::Utils::ObjectShare::FALSE.casecmp?(config_param)
-        end
-
-        # use this to determine if the configuration value is literally boolean
-        # true or some form of the word `true`, regardless of case. It should
-        # be used for those values which default to `false` as they should only
-        # treat a value explicitly set to `true` as such.
-        #
-        # @param config_param [Boolean,String] the value to check
-        # @return [Boolean] should the value be treated as `true`
-        def true? config_param
-          return false if config_param == false
-          return true if config_param == true
-          return false unless config_param.cs__is_a?(String)
-
-          Contrast::Utils::ObjectShare::TRUE.casecmp?(config_param)
-        end
-      end
-    end
-
-    def self.component_const_name mod_name
-      mod_name = mod_name.split('::').last
-      @cache ||= {}
-      @cache[mod_name] ||= mod_name. # CamelCaseName
-          split(/(?=[A-Z])/)&.          # ['Camel', 'Case', 'Name']
-          map(&:upcase)&.               # ['CAMEL', 'CASE', 'NAME']
-          join('_')                     # 'CAMEL_CASE_NAME'
-    end
-
-    # Interface to allow for iteration over each of the configuration
-    # components
-    module ComponentReceiverClassInterface
-      # Components are manually required at the end of
-      # this file, and this constant is then frozen.
-      # RUBY-535 to handle this better.
-      COMPONENT_MAP = {} # rubocop:disable Style/MutableConstant
-
-      # TODO: RUBY-535
-      # This module is used via `extend`, so it can't access
-      # constants we define here.
-      def component_map
-        COMPONENT_MAP
-      end
-
-      # .access_component
-      #
-      # to be used as:
-      #
-      # class Abc
-      #   include Contrast::Components::Interface
-      #   access_component :logging, :agent
-      #
-      #   def function
-      #     if AGENT.disabled?
-      #       0 / 3
-      #     end
-      #   rescue
-      #     logger.error "this function did error"
-      #   end
-      # end
-      #
-      # `:logger` creates a #logger and .logger method
-      # `:agent` provides an AGENT constant, analogous to a local singleton.
-      #
-      def access_component *component_set_syms
-        @_access_component ||= {}
-
-        component_set_syms.each do |sym|
-          next if @_access_component[sym]
-
-          if (mods = component_map[sym]) # rubocop:disable Style/GuardClause
-            # We may support multiple components via one access request.
-            mods.each do |m|
-              name = Contrast::Components.component_const_name(m.cs__name)
-              cs__const_set(name, m::COMPONENT_INTERFACE) if m.cs__const_defined?(:COMPONENT_INTERFACE)
-              include m::InstanceMethods               if m.cs__const_defined?(:InstanceMethods, false)
-              extend  m::ClassMethods                  if m.cs__const_defined?(:ClassMethods, false)
-            end
-
-            @_access_component[sym] = true
-          else
-            raise NoMethodError, "#{ self } asked to access undefined component '#{ sym }'."
-          end
-        end
-      end
-    end
-  end
-end
-
-# Components can depend on other components, but it should be a
-# directed acyclic graph.
-
-# Scope shouldn't depend on anything.
-require 'contrast/components/scope'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:scope] = [Contrast::Components::Scope]
-
-# Config depends on Scope.
-require 'contrast/components/config'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:config] = [Contrast::Components::Config]
-
-# Settings should not depend on anything but Config.
-require 'contrast/components/settings'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:settings] = [Contrast::Components::Settings]
-
-require 'contrast/components/assess'
-require 'contrast/components/protect'
-require 'contrast/components/inventory'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:analysis] = [
-  Contrast::Components::Protect,
-  Contrast::Components::Assess,
-  Contrast::Components::Inventory
-]
-
-require 'contrast/components/logger'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:logging] = [Contrast::Components::Logger]
-
-require 'contrast/components/agent'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:agent] = [Contrast::Components::Agent]
-
-require 'contrast/components/contrast_service'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:contrast_service] =
-  [Contrast::Components::ContrastService]
-
-require 'contrast/components/app_context'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:app_context] = [Contrast::Components::AppContext]
-
-require 'contrast/components/heap_dump'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:heap_dump] = [Contrast::Components::HeapDump]
-
-require 'contrast/components/sampling'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:sampling] = [Contrast::Components::Sampling]
-
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP.cs__freeze

data/lib/contrast/delegators/input_analysis.rb

@@ -1,12 +0,0 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-module Contrast
-  module Delegators
-    # Used to decorate the InputAnalysis protobuf model so it can own the
-    # Contrast::Agent::Request from which it came.
-    class InputAnalysis < SimpleDelegator
-      attr_accessor :request
-    end
-  end
-end

data/lib/contrast/utils/inventory_util.rb

@@ -1,114 +0,0 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'contrast/utils/timer'
-require 'contrast/utils/object_share'
-require 'contrast/components/interface'
-
-module Contrast
-  module Utils
-    # Utilities for getting inventory information from the application
-    class InventoryUtil
-      include Contrast::Components::Interface
-      access_component :logging
-
-      # TeamServer only accepts certain values for ArchitectureComponents.
-      # DO NOT CHANGE THIS!
-      AC_TYPE_DB = 'db'
-      # TeamServer only accepts certain values for FlowMap Services.
-      # DO NOT CHANGE THIS
-      ADAPTER = 'adapter'
-      HOST = 'host'
-      PORT = 'port'
-      DATABASE = 'database'
-      DEFAULT = 'default'
-      LOCALHOST = 'localhost'
-
-      def self.active_record_config
-        return @_active_record_config if instance_variable_defined?(:@_active_record_config)
-
-        @_active_record_config = ActiveRecord::Base.connection_config rescue nil # rubocop:disable Style/RescueModifier
-      end
-
-      def self.append_db_config activity_or_update, hash_or_str = Contrast::Utils::InventoryUtil.active_record_config
-        arr = build_from_db_config(hash_or_str)
-        return unless arr&.any?
-
-        arr.each do |a|
-          next unless a
-
-          if activity_or_update.is_a?(Contrast::Api::Dtm::Activity)
-            activity_or_update.architectures << a
-          else
-            activity_or_update.components << a
-          end
-        end
-      rescue StandardError => e
-        logger.error('Unable to append db config', e)
-        nil
-      end
-
-      def self.build_from_db_config hash_or_str
-        return unless hash_or_str
-
-        if hash_or_str.is_a?(Hash)
-          build_from_db_hash(hash_or_str)
-        else
-          build_from_db_string(hash_or_str.to_s)
-        end
-      end
-
-      def self.build_from_db_hash hash
-        ac = Contrast::Api::Dtm::ArchitectureComponent.new
-        ac.vendor = hash[:adapter] || hash[ADAPTER] || Contrast::Utils::ObjectShare::EMPTY_STRING
-        ac.remote_host = host_from_hash(hash)
-        ac.remote_port = port_from_hash(hash)
-        ac.type = AC_TYPE_DB
-        ac.url = hash[:database] || hash[DATABASE] || DEFAULT
-        [ac]
-      end
-
-      def self.host_from_hash hash
-        hash[:host] || hash[HOST] || Contrast::Utils::ObjectShare::EMPTY_STRING
-      end
-
-      def self.port_from_hash hash
-        p = hash[:port] || hash[PORT] || Contrast::Utils::ObjectShare::EMPTY_STRING
-        p.to_i
-      end
-
-      # Examples:
-      # mongodb://[user:pass@]host1[:port1][,host2[:port2],[,hostN[:portN]]][/[database][?options]]
-      # postgresql://scott:tiger@localhost/mydatabase
-      # mysql+mysqlconnector://scott:tiger@localhost/foo
-      def self.build_from_db_string str
-        adapter, hosts, database = split_connection_str(str)
-        acs = []
-        hosts.split(Contrast::Utils::ObjectShare::COMMA).map do |s|
-          host, port = s.split(Contrast::Utils::ObjectShare::COLON)
-
-          ac = Contrast::Api::Dtm::ArchitectureComponent.new
-          ac.vendor = Contrast::Utils::StringUtils.force_utf8(adapter)
-          ac.remote_host = Contrast::Utils::StringUtils.force_utf8(host)
-          ac.remote_port = port.to_i
-          ac.type = AC_TYPE_DB
-          ac.url = Contrast::Utils::StringUtils.force_utf8(database)
-          acs << ac
-        end
-        acs
-      end
-
-      def self.split_connection_str str
-        adapter, str = str.split(Contrast::Utils::ObjectShare::COLON_SLASH_SLASH)
-        _auth, str = str.split(Contrast::Utils::ObjectShare::AT)
-        # Not currently used
-        # user, pass = auth.split(Contrast::Utils::ObjectShare::COLON)
-        hosts, db_and_options = str.split(Contrast::Utils::ObjectShare::SLASH)
-        hosts << LOCALHOST if hosts.empty?
-        database, _options = db_and_options.split(Contrast::Utils::ObjectShare::QUESTION_MARK)
-
-        [adapter, hosts, database]
-      end
-    end
-  end
-end