contrast-agent 4.9.0 → 4.12.0

data/resources/assess/policy.json

@@ -33,6 +33,23 @@
       "target": "R",
       "type": "BODY",
       "tags":["NO_NEWLINES", "CROSS_SITE"]
+    }, {
+      "class_name":"ActionDispatch::Request",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "body",
+      "source": "P0",
+      "target": "R",
+      "type": "BODY",
+      "tags":["NO_NEWLINES", "CROSS_SITE"]
+    },  {
+      "class_name":"ActionDispatch::Cookies::CookieJar",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "[]",
+      "target": "R",
+      "type": "COOKIE",
+      "tags":["NO_NEWLINES", "CROSS_SITE"]
     }, {
       "class_name":"Rack::Request::Helpers",
       "instance_method": true,
@@ -129,10 +146,45 @@
       "target":"R",
       "type":"PARAMETER",
       "tags":["CROSS_SITE"]
+    }, {
+      "class_name":"Grape::Env",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"[]",
+      "source": "P0",
+      "target":"R",
+      "type":"HEADER",
+      "tags":["CROSS_SITE"]
+    }, {
+      "class_name":"Grape::Request",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"headers",
+      "source": "P0",
+      "target":"R",
+      "type":"HEADER",
+      "tags":["NO_NEWLINES", "CROSS_SITE"]
+    }, {
+      "class_name":"Grape::Request",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"body",
+      "target":"R",
+      "type":"BODY",
+      "tags":["CROSS_SITE"]
+    }, {
+      "class_name":"Grape::Validations::Base",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"validate!",
+      "source": "P0",
+      "target":"R",
+      "type":"PARAMETER",
+      "tags":["CROSS_SITE"]
     }
   ],
   "propagators":[
-    {
+     {
       "class_name":"String",
       "instance_method": true,
       "method_visibility": "public",
@@ -140,7 +192,7 @@
       "source":"O",
       "target":"R",
       "action":"KEEP"
-    },     {
+    }, {
       "class_name": "String",
       "instance_method": true,
       "method_visibility": "public",
@@ -148,8 +200,15 @@
       "source": "O",
       "target": "R",
       "action": "KEEP"
-    },
-    {
+    }, {
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "force_encoding",
+      "source": "O",
+      "target": "R",
+      "action": "SPLAT"
+    }, {
       "class_name": "String",
       "instance_method": true,
       "method_visibility": "public",
@@ -157,8 +216,7 @@
       "source": "O",
       "target": "R",
       "action": "KEEP"
-    },
-    {
+    }, {
       "class_name": "String",
       "instance_method": true,
       "method_visibility": "public",
@@ -166,7 +224,7 @@
       "source": "O,P0",
       "target": "R",
       "action": "SPLIT"
-    },{
+    }, {
       "class_name": "String",
       "instance_method": true,
       "method_visibility": "public",
@@ -722,6 +780,24 @@
       "patch_method": "select_tagger",
       "source": "O",
       "target": "R"
+    },{
+      "class_name":"CGI::Util",
+      "method_name":"unescape",
+      "instance_method": true,
+      "method_visibility": "public",
+      "source":"P0",
+      "target":"R",
+      "action":"SPLAT",
+      "tags":[],
+      "untags":[]
+    }, {
+      "class_name":"StringIO",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "read",
+      "source": "O",
+      "target": "R",
+      "action": "SPLAT"
     }, {
       "class_name":"CGI::Util",
       "method_name":"escapeHTML",
@@ -742,6 +818,16 @@
       "action":"SPLAT",
       "tags":["HTML_ENCODED"],
       "untags":["HTML_DECODED"]
+    }, {
+      "class_name":"Rack::Utils",
+      "method_name":"escape_html",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source":"P0",
+      "target":"R",
+      "action":"SPLAT",
+      "tags":["HTML_ENCODED"],
+      "untags":["HTML_DECODED"]
     }, {
       "class_name":"CGI::Util",
       "method_name":"h",
@@ -1287,6 +1373,18 @@
           "instance_method": true,
           "method_visibility": "public",
           "source":"P0"
+        }, {
+          "class_name":"Rack::Response",
+          "method_name":"body=",
+          "instance_method": true,
+          "method_visibility": "public",
+          "source":"P0"
+        }, {
+          "class_name":"Rack::Response",
+          "method_name":"write",
+          "instance_method": true,
+          "method_visibility": "public",
+          "source":"P0"
         }, {
           "class_name":"Sinatra::Helpers",
           "method_name":"body",
@@ -1347,12 +1445,108 @@
           "method_visibility": "public",
           "method_name":"async_exec",
           "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::Relation::Calculations",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"calculate",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::FinderMethods",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"exists?",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::FinderMethods",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"find_by",
+          "source":"P0"
         }, {
           "class_name":"ActiveRecord::Querying",
           "instance_method": false,
           "method_visibility": "public",
           "method_name":"select",
           "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::QueryMethods",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"from",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::QueryMethods",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"group",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::QueryMethods",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"having",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::QueryMethods",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"joins",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::QueryMethods",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"lock",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::QueryMethods",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"select",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::QueryMethods",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"reselect",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::QueryMethods",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"where",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::QueryMethods",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"rewhere",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::QueryMethods::WhereChain",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"not",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::Relation",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"delete_by",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::Relation",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"destroy_by",
+          "source":"P0"
+        }, {
+          "class_name":"ActiveRecord::Relation",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name":"update_all",
+          "source":"P0"
         }
       ]
     }, {
@@ -1685,6 +1879,13 @@
           "method_visibility": "public",
           "method_name": "redirect_to",
           "source": "P0"
+        },
+        {
+          "class_name": "Grape::DSL::InsideRoute",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "redirect",
+          "source": "P0"
         }
       ]
     }, {

data/resources/deadzone/policy.json

@@ -1,6 +1,11 @@
 {
   "deadzones":[
     {
+      "class_name":"Rspec::Core::Example",
+      "instance_method":true,
+      "method_visibility": "private",
+      "method_name":"finish"
+    },{
       "class_name":"Rack::Request::Helpers",
       "instance_method":true,
       "method_visibility": "public",
@@ -195,6 +200,92 @@
       "method_visibility": "public",
       "method_name":"exists?",
       "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/request/session.rb#L201"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BaseMatcher"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeAKindOf"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeAnInstanceOf"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeBetween"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Be"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeComparedTo"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeFalsey"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeHelpers"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeNil"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BePredicate"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeTruthy"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::BeWithin"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Change"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::ChangeRelatively"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::SpecificValuesChange"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Compound"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Compound::And"
+    }, {
+      "class_name": "RSpec::Matchers::BuiltIn::Compound::Or"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::ContainExactly"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Cover"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::EndWith"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Eq"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Eql"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Equal"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Exist"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Has"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::HaveAttributes"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::All"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Match"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::NegativeOperatorMatcher"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::OperatorMatcher"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Output"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::PositiveOperatorMatcher"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::RaiseError"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::RespondTo"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::Satisfy"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::StartWith"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::ThrowSymbol"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::YieldControl"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::YieldSuccessiveArgs"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::YieldWithArgs"
+    },{
+      "class_name": "RSpec::Matchers::BuiltIn::YieldWithNoArgs"
+    },{
+      "class_name": "SimpleCov"
     }
   ]
 }

data/ruby-agent.gemspec

@@ -24,6 +24,7 @@ def self.add_dev_dependencies spec
   add_debuggers(spec)
   add_linters(spec) # if RUBY_VERSION >= '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
   add_specs(spec)
+  add_custom_dependencies(spec)
 end
 
 # Dependencies used to build the agent during development.
@@ -33,14 +34,21 @@ def self.add_builders spec
   spec.add_development_dependency 'rake-compiler', '~> 0'
 end
 
+# Dependencies that are required during testing in actual application
+def self.add_custom_dependencies spec
+  spec.add_development_dependency 'zlib'
+end
+
 # Dependencies used for local debugging during development.
 def self.add_debuggers spec
   spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'pry-byebug', '>= 3.9'
   spec.add_development_dependency 'ruby-debug-ide'
 end
 
 # Dependencies used for framework testing.
 def self.add_frameworks spec
+  spec.add_development_dependency 'grape', '~> 1.5', '>= 1.5.2'
   spec.add_development_dependency 'rack-protection', '>= 2'
   spec.add_development_dependency 'rails', '6.0.3.5'
   spec.add_development_dependency 'sinatra', '>= 2'
@@ -66,16 +74,16 @@ def self.add_specs spec
   spec.add_development_dependency 'factory_bot'
   spec.add_development_dependency 'fake_ftp'
   spec.add_development_dependency 'openssl'
+  spec.add_development_dependency 'parallel_tests'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec-benchmark'
   spec.add_development_dependency 'rspec_junit_formatter', '0.3.0'
   spec.add_development_dependency 'rspec-rails', '5.0'
-  spec.add_development_dependency 'warning'
   spec.add_development_dependency 'tzinfo-data' # Alpine rspec-rails requirement.
+  spec.add_development_dependency 'warning'
 end
 
 def self.add_coverage spec
-  spec.add_development_dependency 'codecov', '0.5.2'
   spec.add_development_dependency 'simplecov', '0.21.2'
 end
 

data/service_executables/VERSION

@@ -1 +1 @@
-2.21.2
+2.26.0

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 4.9.0
+  version: 4.12.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-06-24 00:00:00.000000000 Z
+date: 2021-10-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -71,6 +71,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: ruby-debug-ide
   requirement: !ruby/object:Gem::Requirement
@@ -198,33 +212,39 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 2.2.0
 - !ruby/object:Gem::Dependency
-  name: codecov
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.5.2
+        version: 0.21.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.5.2
+        version: 0.21.2
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: grape
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.21.2
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.21.2
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.2
 - !ruby/object:Gem::Dependency
   name: rack-protection
   requirement: !ruby/object:Gem::Requirement
@@ -421,6 +441,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: parallel_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -477,6 +511,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: tzinfo-data
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: warning
   requirement: !ruby/object:Gem::Requirement
@@ -492,7 +540,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: tzinfo-data
+  name: zlib
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -569,20 +617,19 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_string_interpolation26/extconf.rb
-- ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_module/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
-- ext/cs__assess_string/extconf.rb
 - ext/cs__assess_array/extconf.rb
-- ext/cs__assess_active_record_named/extconf.rb
-- ext/cs__assess_hash/extconf.rb
-- ext/cs__assess_regexp/extconf.rb
 - ext/cs__assess_fiber_track/extconf.rb
 - ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__protect_kernel/extconf.rb
+- ext/cs__assess_active_record_named/extconf.rb
 - ext/cs__assess_basic_object/extconf.rb
+- ext/cs__assess_string/extconf.rb
+- ext/cs__assess_string_interpolation26/extconf.rb
+- ext/cs__assess_hash/extconf.rb
+- ext/cs__assess_module/extconf.rb
+- ext/cs__assess_regexp/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
+- ext/cs__contrast_patch/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -591,6 +638,7 @@ files:
 - ".gitignore"
 - ".gitmodules"
 - ".rspec"
+- ".rspec_parallel"
 - ".simplecov"
 - Gemfile
 - LICENSE.txt
@@ -639,9 +687,6 @@ files:
 - ext/cs__contrast_patch/cs__contrast_patch.c
 - ext/cs__contrast_patch/cs__contrast_patch.h
 - ext/cs__contrast_patch/extconf.rb
-- ext/cs__protect_kernel/cs__protect_kernel.c
-- ext/cs__protect_kernel/cs__protect_kernel.h
-- ext/cs__protect_kernel/extconf.rb
 - ext/extconf_common.rb
 - funchook/LICENSE
 - funchook/Makefile.in
@@ -842,6 +887,7 @@ files:
 - lib/contrast/agent/disable_reaction.rb
 - lib/contrast/agent/exclusion_matcher.rb
 - lib/contrast/agent/inventory.rb
+- lib/contrast/agent/inventory/database_config.rb
 - lib/contrast/agent/inventory/dependencies.rb
 - lib/contrast/agent/inventory/dependency_analysis.rb
 - lib/contrast/agent/inventory/dependency_usage_analysis.rb
@@ -879,6 +925,7 @@ files:
 - lib/contrast/agent/protect/rule/no_sqli.rb
 - lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb
 - lib/contrast/agent/protect/rule/path_traversal.rb
+- lib/contrast/agent/protect/rule/sql_sample_builder.rb
 - lib/contrast/agent/protect/rule/sqli.rb
 - lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb
 - lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
@@ -983,14 +1030,15 @@ files:
 - lib/contrast/extension/assess/regexp.rb
 - lib/contrast/extension/assess/string.rb
 - lib/contrast/extension/delegator.rb
+- lib/contrast/extension/extension.rb
 - lib/contrast/extension/inventory.rb
 - lib/contrast/extension/kernel.rb
 - lib/contrast/extension/module.rb
 - lib/contrast/extension/protect.rb
-- lib/contrast/extension/protect/kernel.rb
 - lib/contrast/extension/protect/psych.rb
 - lib/contrast/extension/thread.rb
 - lib/contrast/framework/base_support.rb
+- lib/contrast/framework/grape/support.rb
 - lib/contrast/framework/manager.rb
 - lib/contrast/framework/platform_version.rb
 - lib/contrast/framework/rack/patch/session_cookie.rb
@@ -1024,9 +1072,9 @@ files:
 - lib/contrast/utils/hash_digest.rb
 - lib/contrast/utils/heap_dump_util.rb
 - lib/contrast/utils/invalid_configuration_util.rb
-- lib/contrast/utils/inventory_util.rb
 - lib/contrast/utils/io_util.rb
 - lib/contrast/utils/job_servers_running.rb
+- lib/contrast/utils/lru_cache.rb
 - lib/contrast/utils/object_share.rb
 - lib/contrast/utils/os.rb
 - lib/contrast/utils/preflight_util.rb