RubyGems - contrast-agent - Versions diffs - 4.9.1 → 4.10.0 - Mend

contrast-agent 4.9.1 → 4.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (86) hide show

checksums.yaml +4 -4
data/.rspec +0 -1
data/.rspec_parallel +6 -0
data/ext/cs__contrast_patch/cs__contrast_patch.c +0 -1
data/ext/cs__contrast_patch/cs__contrast_patch.h +0 -2
data/lib/contrast/agent/assess/contrast_event.rb +0 -1
data/lib/contrast/agent/assess/finalizers/hash.rb +0 -1
data/lib/contrast/agent/assess/policy/patcher.rb +0 -1
data/lib/contrast/agent/assess/policy/policy_scanner.rb +0 -2
data/lib/contrast/agent/assess/policy/preshift.rb +8 -5
data/lib/contrast/agent/assess/policy/propagation_method.rb +100 -57
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +0 -2
data/lib/contrast/agent/assess/policy/propagator/match_data.rb +31 -11
data/lib/contrast/agent/assess/policy/propagator/split.rb +3 -2
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +1 -0
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +0 -1
data/lib/contrast/agent/assess/policy/source_method.rb +13 -17
data/lib/contrast/agent/assess/policy/trigger/xpath.rb +0 -1
data/lib/contrast/agent/assess/policy/trigger_method.rb +59 -83
data/lib/contrast/agent/assess/property/evented.rb +2 -1
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +0 -1
data/lib/contrast/agent/disable_reaction.rb +1 -1
data/lib/contrast/agent/exclusion_matcher.rb +0 -4
data/lib/contrast/agent/inventory/database_config.rb +117 -0
data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +5 -4
data/lib/contrast/agent/inventory/policy/datastores.rb +2 -2
data/lib/contrast/agent/middleware.rb +1 -0
data/lib/contrast/agent/patching/policy/after_load_patch.rb +3 -0
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +18 -12
data/lib/contrast/agent/patching/policy/module_policy.rb +2 -4
data/lib/contrast/agent/patching/policy/patch.rb +5 -0
data/lib/contrast/agent/patching/policy/patch_status.rb +3 -7
data/lib/contrast/agent/patching/policy/patcher.rb +8 -8
data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +1 -1
data/lib/contrast/agent/protect/rule/no_sqli.rb +7 -53
data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +137 -0
data/lib/contrast/agent/protect/rule/sqli.rb +7 -70
data/lib/contrast/agent/reaction_processor.rb +1 -1
data/lib/contrast/agent/request.rb +5 -2
data/lib/contrast/agent/request_context.rb +19 -22
data/lib/contrast/agent/static_analysis.rb +1 -1
data/lib/contrast/agent/tracepoint_hook.rb +6 -1
data/lib/contrast/agent/version.rb +1 -1
data/lib/contrast/api/communication/messaging_queue.rb +12 -6
data/lib/contrast/api/communication/service_lifecycle.rb +4 -1
data/lib/contrast/api/communication/socket_client.rb +4 -4
data/lib/contrast/api/decorators/agent_startup.rb +4 -4
data/lib/contrast/api/decorators/application_startup.rb +6 -5
data/lib/contrast/api/decorators/route_coverage.rb +24 -1
data/lib/contrast/components/agent.rb +5 -2
data/lib/contrast/components/assess.rb +6 -3
data/lib/contrast/components/base.rb +2 -2
data/lib/contrast/components/config.rb +1 -0
data/lib/contrast/components/contrast_service.rb +4 -2
data/lib/contrast/components/logger.rb +13 -8
data/lib/contrast/components/scope.rb +9 -28
data/lib/contrast/config/base_configuration.rb +14 -6
data/lib/contrast/configuration.rb +19 -15
data/lib/contrast/extension/assess/array.rb +1 -11
data/lib/contrast/extension/assess/eval_trigger.rb +0 -20
data/lib/contrast/extension/assess/fiber.rb +0 -11
data/lib/contrast/extension/assess/hash.rb +0 -10
data/lib/contrast/extension/assess/kernel.rb +1 -10
data/lib/contrast/extension/assess/marshal.rb +3 -11
data/lib/contrast/extension/assess/regexp.rb +0 -11
data/lib/contrast/extension/assess/string.rb +1 -26
data/lib/contrast/extension/extension.rb +61 -0
data/lib/contrast/extension/protect/kernel.rb +0 -10
data/lib/contrast/framework/grape/support.rb +174 -0
data/lib/contrast/framework/manager.rb +42 -6
data/lib/contrast/framework/rack/support.rb +1 -1
data/lib/contrast/framework/rails/patch/assess_configuration.rb +0 -1
data/lib/contrast/framework/rails/patch/support.rb +6 -3
data/lib/contrast/framework/rails/railtie.rb +1 -1
data/lib/contrast/framework/rails/rewrite/active_record_named.rb +1 -0
data/lib/contrast/framework/rails/support.rb +60 -13
data/lib/contrast/framework/sinatra/support.rb +1 -1
data/lib/contrast/logger/log.rb +89 -15
data/lib/contrast/utils/io_util.rb +1 -1
data/lib/contrast/utils/ruby_ast_rewriter.rb +16 -13
data/lib/contrast/utils/tag_util.rb +2 -1
data/resources/assess/policy.json +197 -2
data/resources/deadzone/policy.json +10 -0
data/ruby-agent.gemspec +10 -1
metadata +78 -12
data/lib/contrast/utils/inventory_util.rb +0 -113

data/resources/deadzone/policy.json CHANGED Viewed

@@ -1,6 +1,16 @@
 {
   "deadzones":[
     {
+      "class_name":"Rspec::Core::BacktraceFormatter",
+      "instance_method":true,
+      "method_visibility": "private",
+      "method_name":"matches?"
+    },{
+      "class_name":"Rspec::Core::Example",
+      "instance_method":true,
+      "method_visibility": "private",
+      "method_name":"finish"
+    },{
       "class_name":"Rack::Request::Helpers",
       "instance_method":true,
       "method_visibility": "public",

data/ruby-agent.gemspec CHANGED Viewed

@@ -24,6 +24,7 @@ def self.add_dev_dependencies spec
   add_debuggers(spec)
   add_linters(spec) # if RUBY_VERSION >= '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
   add_specs(spec)
+  add_custom_dependencies(spec)
 end
 # Dependencies used to build the agent during development.
@@ -33,14 +34,21 @@ def self.add_builders spec
   spec.add_development_dependency 'rake-compiler', '~> 0'
 end
+# Dependencies that are required during testing in actual application
+def self.add_custom_dependencies spec
+  spec.add_development_dependency 'zlib'
+end
 # Dependencies used for local debugging during development.
 def self.add_debuggers spec
   spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'pry-byebug', '>= 3.9'
   spec.add_development_dependency 'ruby-debug-ide'
 end
 # Dependencies used for framework testing.
 def self.add_frameworks spec
+  spec.add_development_dependency 'grape', '~> 1.5', '>= 1.5.2'
   spec.add_development_dependency 'rack-protection', '>= 2'
   spec.add_development_dependency 'rails', '6.0.3.5'
   spec.add_development_dependency 'sinatra', '>= 2'
@@ -66,12 +74,13 @@ def self.add_specs spec
   spec.add_development_dependency 'factory_bot'
   spec.add_development_dependency 'fake_ftp'
   spec.add_development_dependency 'openssl'
+  spec.add_development_dependency 'parallel_tests'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec-benchmark'
   spec.add_development_dependency 'rspec_junit_formatter', '0.3.0'
   spec.add_development_dependency 'rspec-rails', '5.0'
-  spec.add_development_dependency 'warning'
   spec.add_development_dependency 'tzinfo-data' # Alpine rspec-rails requirement.
+  spec.add_development_dependency 'warning'
 end
 def self.add_coverage spec

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 4.9.1
+  version: 4.10.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-07-15 00:00:00.000000000 Z
+date: 2021-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -71,6 +71,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: ruby-debug-ide
   requirement: !ruby/object:Gem::Requirement
@@ -211,6 +225,26 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.21.2
+- !ruby/object:Gem::Dependency
+  name: grape
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.2
 - !ruby/object:Gem::Dependency
   name: rack-protection
   requirement: !ruby/object:Gem::Requirement
@@ -407,6 +441,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: parallel_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -463,6 +511,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: tzinfo-data
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: warning
   requirement: !ruby/object:Gem::Requirement
@@ -478,7 +540,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: tzinfo-data
+  name: zlib
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -555,20 +617,20 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_string/extconf.rb
 - ext/cs__assess_fiber_track/extconf.rb
 - ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__protect_kernel/extconf.rb
-- ext/cs__assess_string_interpolation26/extconf.rb
-- ext/cs__assess_basic_object/extconf.rb
-- ext/cs__assess_active_record_named/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
 - ext/cs__assess_kernel/extconf.rb
-- ext/cs__assess_array/extconf.rb
+- ext/cs__assess_basic_object/extconf.rb
+- ext/cs__assess_string/extconf.rb
 - ext/cs__assess_regexp/extconf.rb
-- ext/cs__assess_hash/extconf.rb
+- ext/cs__protect_kernel/extconf.rb
 - ext/cs__contrast_patch/extconf.rb
+- ext/cs__assess_active_record_named/extconf.rb
 - ext/cs__assess_module/extconf.rb
+- ext/cs__assess_hash/extconf.rb
+- ext/cs__assess_string_interpolation26/extconf.rb
+- ext/cs__assess_array/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -577,6 +639,7 @@ files:
 - ".gitignore"
 - ".gitmodules"
 - ".rspec"
+- ".rspec_parallel"
 - ".simplecov"
 - Gemfile
 - LICENSE.txt
@@ -828,6 +891,7 @@ files:
 - lib/contrast/agent/disable_reaction.rb
 - lib/contrast/agent/exclusion_matcher.rb
 - lib/contrast/agent/inventory.rb
+- lib/contrast/agent/inventory/database_config.rb
 - lib/contrast/agent/inventory/dependencies.rb
 - lib/contrast/agent/inventory/dependency_analysis.rb
 - lib/contrast/agent/inventory/dependency_usage_analysis.rb
@@ -865,6 +929,7 @@ files:
 - lib/contrast/agent/protect/rule/no_sqli.rb
 - lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb
 - lib/contrast/agent/protect/rule/path_traversal.rb
+- lib/contrast/agent/protect/rule/sql_sample_builder.rb
 - lib/contrast/agent/protect/rule/sqli.rb
 - lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb
 - lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
@@ -969,6 +1034,7 @@ files:
 - lib/contrast/extension/assess/regexp.rb
 - lib/contrast/extension/assess/string.rb
 - lib/contrast/extension/delegator.rb
+- lib/contrast/extension/extension.rb
 - lib/contrast/extension/inventory.rb
 - lib/contrast/extension/kernel.rb
 - lib/contrast/extension/module.rb
@@ -977,6 +1043,7 @@ files:
 - lib/contrast/extension/protect/psych.rb
 - lib/contrast/extension/thread.rb
 - lib/contrast/framework/base_support.rb
+- lib/contrast/framework/grape/support.rb
 - lib/contrast/framework/manager.rb
 - lib/contrast/framework/platform_version.rb
 - lib/contrast/framework/rack/patch/session_cookie.rb
@@ -1010,7 +1077,6 @@ files:
 - lib/contrast/utils/hash_digest.rb
 - lib/contrast/utils/heap_dump_util.rb
 - lib/contrast/utils/invalid_configuration_util.rb
-- lib/contrast/utils/inventory_util.rb
 - lib/contrast/utils/io_util.rb
 - lib/contrast/utils/job_servers_running.rb
 - lib/contrast/utils/object_share.rb

data/lib/contrast/utils/inventory_util.rb DELETED Viewed

@@ -1,113 +0,0 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-require 'contrast/utils/timer'
-require 'contrast/utils/object_share'
-require 'contrast/components/logger'
-module Contrast
-  module Utils
-    # Utilities for getting inventory information from the application
-    class InventoryUtil
-      extend Contrast::Components::Logger::InstanceMethods
-      # TeamServer only accepts certain values for ArchitectureComponents.
-      # DO NOT CHANGE THIS!
-      AC_TYPE_DB = 'db'
-      # TeamServer only accepts certain values for FlowMap Services.
-      # DO NOT CHANGE THIS
-      ADAPTER = 'adapter'
-      HOST = 'host'
-      PORT = 'port'
-      DATABASE = 'database'
-      DEFAULT = 'default'
-      LOCALHOST = 'localhost'
-      def self.active_record_config
-        return @_active_record_config if instance_variable_defined?(:@_active_record_config)
-        @_active_record_config = ActiveRecord::Base.connection_config rescue nil # rubocop:disable Style/RescueModifier
-      end
-      def self.append_db_config activity_or_update, hash_or_str = Contrast::Utils::InventoryUtil.active_record_config
-        arr = build_from_db_config(hash_or_str)
-        return unless arr&.any?
-        arr.each do |a|
-          next unless a
-          if activity_or_update.is_a?(Contrast::Api::Dtm::Activity)
-            activity_or_update.architectures << a
-          else
-            activity_or_update.components << a
-          end
-        end
-      rescue StandardError => e
-        logger.error('Unable to append db config', e)
-        nil
-      end
-      def self.build_from_db_config hash_or_str
-        return unless hash_or_str
-        if hash_or_str.is_a?(Hash)
-          build_from_db_hash(hash_or_str)
-        else
-          build_from_db_string(hash_or_str.to_s)
-        end
-      end
-      def self.build_from_db_hash hash
-        ac = Contrast::Api::Dtm::ArchitectureComponent.new
-        ac.vendor = hash[:adapter] || hash[ADAPTER] || Contrast::Utils::ObjectShare::EMPTY_STRING
-        ac.remote_host = host_from_hash(hash)
-        ac.remote_port = port_from_hash(hash)
-        ac.type = AC_TYPE_DB
-        ac.url = hash[:database] || hash[DATABASE] || DEFAULT
-        [ac]
-      end
-      def self.host_from_hash hash
-        hash[:host] || hash[HOST] || Contrast::Utils::ObjectShare::EMPTY_STRING
-      end
-      def self.port_from_hash hash
-        p = hash[:port] || hash[PORT] || Contrast::Utils::ObjectShare::EMPTY_STRING
-        p.to_i
-      end
-      # Examples:
-      # mongodb://[user:pass@]host1[:port1][,host2[:port2],[,hostN[:portN]]][/[database][?options]]
-      # postgresql://scott:tiger@localhost/mydatabase
-      # mysql+mysqlconnector://scott:tiger@localhost/foo
-      def self.build_from_db_string str
-        adapter, hosts, database = split_connection_str(str)
-        acs = []
-        hosts.split(Contrast::Utils::ObjectShare::COMMA).map do |s|
-          host, port = s.split(Contrast::Utils::ObjectShare::COLON)
-          ac = Contrast::Api::Dtm::ArchitectureComponent.new
-          ac.vendor = Contrast::Utils::StringUtils.force_utf8(adapter)
-          ac.remote_host = Contrast::Utils::StringUtils.force_utf8(host)
-          ac.remote_port = port.to_i
-          ac.type = AC_TYPE_DB
-          ac.url = Contrast::Utils::StringUtils.force_utf8(database)
-          acs << ac
-        end
-        acs
-      end
-      def self.split_connection_str str
-        adapter, str = str.split(Contrast::Utils::ObjectShare::COLON_SLASH_SLASH)
-        _auth, str = str.split(Contrast::Utils::ObjectShare::AT)
-        # Not currently used
-        # user, pass = auth.split(Contrast::Utils::ObjectShare::COLON)
-        hosts, db_and_options = str.split(Contrast::Utils::ObjectShare::SLASH)
-        hosts << LOCALHOST if hosts.empty?
-        database, _options = db_and_options.split(Contrast::Utils::ObjectShare::QUESTION_MARK)
-        [adapter, hosts, database]
-      end
-    end
-  end
-end