contrast-agent 5.1.0 → 5.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/cs__assess_kernel/cs__assess_kernel.c +7 -4
- data/ext/cs__assess_module/cs__assess_module.c +7 -7
- data/ext/cs__common/cs__common.c +4 -0
- data/ext/cs__common/cs__common.h +1 -0
- data/ext/cs__contrast_patch/cs__contrast_patch.c +52 -27
- data/ext/cs__contrast_patch/cs__contrast_patch.h +2 -0
- data/ext/cs__scope/cs__scope.c +747 -0
- data/ext/cs__scope/cs__scope.h +88 -0
- data/ext/cs__scope/extconf.rb +5 -0
- data/lib/contrast/agent/assess/contrast_event.rb +20 -13
- data/lib/contrast/agent/assess/contrast_object.rb +4 -1
- data/lib/contrast/agent/assess/policy/propagation_node.rb +2 -5
- data/lib/contrast/agent/assess/policy/propagator/match_data.rb +2 -0
- data/lib/contrast/agent/assess/policy/trigger_method.rb +4 -1
- data/lib/contrast/agent/assess/rule/response/{autocomplete_rule.rb → auto_complete_rule.rb} +4 -3
- data/lib/contrast/agent/assess/rule/response/base_rule.rb +12 -79
- data/lib/contrast/agent/assess/rule/response/body_rule.rb +109 -0
- data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +157 -0
- data/lib/contrast/agent/assess/rule/response/click_jacking_header_rule.rb +26 -0
- data/lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb +14 -15
- data/lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb +5 -25
- data/lib/contrast/agent/assess/rule/response/framework/rails_support.rb +29 -0
- data/lib/contrast/agent/assess/rule/response/header_rule.rb +70 -0
- data/lib/contrast/agent/assess/rule/response/hsts_header_rule.rb +12 -36
- data/lib/contrast/agent/assess/rule/response/parameters_pollution_rule.rb +2 -1
- data/lib/contrast/agent/assess/rule/response/x_content_type_header_rule.rb +26 -0
- data/lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb +36 -0
- data/lib/contrast/agent/middleware.rb +1 -0
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +1 -3
- data/lib/contrast/agent/patching/policy/patch.rb +2 -6
- data/lib/contrast/agent/patching/policy/patcher.rb +1 -1
- data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +94 -0
- data/lib/contrast/agent/protect/rule/base.rb +28 -1
- data/lib/contrast/agent/protect/rule/base_service.rb +10 -1
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +2 -0
- data/lib/contrast/agent/protect/rule/deserialization.rb +6 -0
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +5 -1
- data/lib/contrast/agent/protect/rule/no_sqli.rb +1 -0
- data/lib/contrast/agent/protect/rule/path_traversal.rb +1 -0
- data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +124 -0
- data/lib/contrast/agent/protect/rule/sqli/sqli_worth_watching.rb +121 -0
- data/lib/contrast/agent/protect/rule/sqli.rb +33 -0
- data/lib/contrast/agent/protect/rule/xxe.rb +4 -0
- data/lib/contrast/agent/reporting/input_analysis/input_analysis.rb +44 -0
- data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb +115 -0
- data/lib/contrast/agent/reporting/input_analysis/input_type.rb +44 -0
- data/lib/contrast/agent/reporting/input_analysis/score_level.rb +21 -0
- data/lib/contrast/agent/reporting/report.rb +1 -0
- data/lib/contrast/agent/reporting/reporter.rb +8 -1
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +69 -36
- data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +88 -59
- data/lib/contrast/agent/reporting/reporting_events/{finding_object.rb → finding_event_object.rb} +24 -20
- data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb +39 -0
- data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb +40 -0
- data/lib/contrast/agent/reporting/reporting_events/{finding_signature.rb → finding_event_signature.rb} +29 -24
- data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +12 -8
- data/lib/contrast/agent/reporting/reporting_events/{finding_stack.rb → finding_event_stack.rb} +23 -19
- data/lib/contrast/agent/reporting/reporting_events/{finding_taint_range.rb → finding_event_taint_range.rb} +17 -15
- data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +26 -53
- data/lib/contrast/agent/reporting/reporting_events/poll.rb +29 -0
- data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +5 -4
- data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +1 -0
- data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +10 -3
- data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +1 -0
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +28 -20
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +13 -1
- data/lib/contrast/agent/request_context.rb +6 -1
- data/lib/contrast/agent/request_context_extend.rb +85 -21
- data/lib/contrast/agent/scope.rb +102 -107
- data/lib/contrast/agent/service_heartbeat.rb +45 -2
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/api/decorators/bot_blocker.rb +37 -0
- data/lib/contrast/api/decorators/ip_denylist.rb +37 -0
- data/lib/contrast/api/decorators/rasp_rule_sample.rb +29 -0
- data/lib/contrast/api/decorators/user_input.rb +11 -1
- data/lib/contrast/api/decorators/virtual_patch.rb +34 -0
- data/lib/contrast/components/logger.rb +5 -0
- data/lib/contrast/components/protect.rb +4 -2
- data/lib/contrast/components/scope.rb +98 -91
- data/lib/contrast/config/agent_configuration.rb +58 -12
- data/lib/contrast/config/api_configuration.rb +100 -12
- data/lib/contrast/config/api_proxy_configuration.rb +55 -3
- data/lib/contrast/config/application_configuration.rb +114 -15
- data/lib/contrast/config/assess_configuration.rb +106 -12
- data/lib/contrast/config/assess_rules_configuration.rb +44 -3
- data/lib/contrast/config/base_configuration.rb +1 -0
- data/lib/contrast/config/certification_configuration.rb +74 -3
- data/lib/contrast/config/exception_configuration.rb +61 -3
- data/lib/contrast/config/heap_dump_configuration.rb +101 -17
- data/lib/contrast/config/inventory_configuration.rb +64 -3
- data/lib/contrast/config/logger_configuration.rb +46 -3
- data/lib/contrast/config/protect_rule_configuration.rb +36 -9
- data/lib/contrast/config/protect_rules_configuration.rb +120 -17
- data/lib/contrast/config/request_audit_configuration.rb +68 -3
- data/lib/contrast/config/ruby_configuration.rb +96 -22
- data/lib/contrast/config/sampling_configuration.rb +76 -10
- data/lib/contrast/config/server_configuration.rb +56 -11
- data/lib/contrast/configuration.rb +6 -3
- data/lib/contrast/logger/cef_log.rb +151 -0
- data/lib/contrast/utils/hash_digest.rb +14 -6
- data/lib/contrast/utils/log_utils.rb +114 -0
- data/lib/contrast/utils/middleware_utils.rb +6 -7
- data/lib/contrast/utils/net_http_base.rb +12 -9
- data/lib/contrast/utils/patching/policy/patch_utils.rb +0 -4
- data/lib/contrast.rb +4 -3
- data/ruby-agent.gemspec +1 -1
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +41 -21
- data/lib/contrast/agent/assess/rule/response/cachecontrol_rule.rb +0 -184
- data/lib/contrast/agent/assess/rule/response/clickjacking_rule.rb +0 -66
- data/lib/contrast/agent/assess/rule/response/x_content_type_rule.rb +0 -52
- data/lib/contrast/agent/assess/rule/response/x_xss_protection_rule.rb +0 -53
- data/lib/contrast/extension/kernel.rb +0 -54
@@ -6,18 +6,112 @@ module Contrast
|
|
6
6
|
# Common Configuration settings. Those in this section pertain to the
|
7
7
|
# assess functionality of the Agent.
|
8
8
|
class AssessConfiguration < BaseConfiguration
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
9
|
+
# @return [String, nil]
|
10
|
+
attr_reader :tags
|
11
|
+
|
12
|
+
DEFAULT_STACKTRACES = 'ALL'
|
13
|
+
|
14
|
+
def initialize hsh = {}
|
15
|
+
@enable = traverse_config(hsh, :enable)
|
16
|
+
@tags = traverse_config(hsh, :tags)
|
17
|
+
@enable_scan_response = traverse_config(hsh, :enable_scan_response)
|
18
|
+
@enable_dynamic_sources = traverse_config(hsh, :enable_dynamic_sources)
|
19
|
+
@sampling = Contrast::Config::SamplingConfiguration.new(traverse_config(hsh, :sampling))
|
20
|
+
@rules = Contrast::Config::AssessRulesConfiguration.new(traverse_config(hsh, :rules))
|
21
|
+
@stacktraces = traverse_config(hsh, :stacktraces)
|
22
|
+
@configuration_map = {}
|
23
|
+
build_configuration_map
|
24
|
+
end
|
25
|
+
|
26
|
+
# @return [Boolean, true]
|
27
|
+
def enable
|
28
|
+
@enable.nil? ? true : @enable
|
29
|
+
end
|
30
|
+
|
31
|
+
# @return [Boolean, true]
|
32
|
+
def enable_scan_response
|
33
|
+
@enable_scan_response.nil? ? true : @enable_scan_response
|
34
|
+
end
|
35
|
+
|
36
|
+
# @return [Boolean, true]
|
37
|
+
def enable_dynamic_sources
|
38
|
+
@enable_dynamic_sources.nil? ? true : @enable_dynamic_sources
|
39
|
+
end
|
40
|
+
|
41
|
+
# @return [Contrast::Config::SamplingConfiguration]
|
42
|
+
def sampling
|
43
|
+
@sampling ||= Contrast::Config::SamplingConfiguration.new
|
44
|
+
end
|
45
|
+
|
46
|
+
# @return [Contrast::Config::AssessRulesConfiguration]
|
47
|
+
def rules
|
48
|
+
@rules ||= Contrast::Config::AssessRulesConfiguration.new
|
49
|
+
end
|
50
|
+
|
51
|
+
# @return [String] stacktrace level
|
52
|
+
def stacktraces
|
53
|
+
@stacktraces ||= DEFAULT_STACKTRACES
|
54
|
+
end
|
55
|
+
|
56
|
+
def enable= value
|
57
|
+
self['enable'] = value
|
58
|
+
end
|
59
|
+
|
60
|
+
def tags= value
|
61
|
+
self['tags'] = value
|
62
|
+
end
|
63
|
+
|
64
|
+
def enable_scan_response= value
|
65
|
+
self['enable_scan_response'] = value
|
66
|
+
end
|
67
|
+
|
68
|
+
def enable_dynamic_sources= value
|
69
|
+
self['enable_dynamic_sources'] = value
|
70
|
+
end
|
71
|
+
|
72
|
+
def sampling= value
|
73
|
+
self['sampling'] = value
|
74
|
+
end
|
75
|
+
|
76
|
+
def rules= value
|
77
|
+
self['rules'] = value
|
78
|
+
end
|
79
|
+
|
80
|
+
def stacktraces= value
|
81
|
+
self['stacktraces'] = value
|
82
|
+
end
|
83
|
+
# TODO: RUBY-1493 MOVE TO BASE CONFIG
|
84
|
+
|
85
|
+
def []= key, value
|
86
|
+
instance_variable_set("@#{ key }".to_sym, value)
|
87
|
+
@configuration_map[key] = value
|
88
|
+
end
|
89
|
+
|
90
|
+
def [] key
|
91
|
+
send(key.to_sym)
|
92
|
+
end
|
93
|
+
|
94
|
+
# Traverse the given entity to build out the configuration graph.
|
95
|
+
#
|
96
|
+
# The values will be either a hash, indicating internal nodes to
|
97
|
+
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
98
|
+
# leaf node.
|
99
|
+
#
|
100
|
+
# The spec_key are the Contrast defined keys based on the instance variables of
|
101
|
+
# a given configuration.
|
102
|
+
def traverse_config values, spec_key
|
103
|
+
internal_nodes = values.cs__respond_to?(:has_key?)
|
104
|
+
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
105
|
+
val == EMPTY_VALUE ? nil : val
|
106
|
+
end
|
107
|
+
|
108
|
+
def build_configuration_map
|
109
|
+
instance_variables.each do |key|
|
110
|
+
str_key = key.to_s.tr('@', '')
|
111
|
+
next if str_key == 'configuration_map'
|
112
|
+
|
113
|
+
@configuration_map[str_key] = send(str_key.to_sym)
|
114
|
+
end
|
21
115
|
end
|
22
116
|
end
|
23
117
|
end
|
@@ -6,10 +6,51 @@ module Contrast
|
|
6
6
|
# Common Configuration settings. Those in this section pertain to the
|
7
7
|
# disabled assess rule functionality of the Agent.
|
8
8
|
class AssessRulesConfiguration < BaseConfiguration
|
9
|
-
|
9
|
+
# @return [Array, nil] list of disabled assess rules
|
10
|
+
attr_reader :disabled_rules
|
10
11
|
|
11
|
-
def initialize hsh
|
12
|
-
|
12
|
+
def initialize hsh = {}
|
13
|
+
@disabled_rules = traverse_config(hsh, :disabled_rules)
|
14
|
+
@configuration_map = {}
|
15
|
+
build_configuration_map
|
16
|
+
end
|
17
|
+
|
18
|
+
def disabled_rules= value
|
19
|
+
self['disabled_rules'] = value
|
20
|
+
end
|
21
|
+
|
22
|
+
# TODO: RUBY-1493 MOVE TO BASE CONFIG
|
23
|
+
|
24
|
+
def []= key, value
|
25
|
+
instance_variable_set("@#{ key }".to_sym, value)
|
26
|
+
@configuration_map[key] = value
|
27
|
+
end
|
28
|
+
|
29
|
+
def [] key
|
30
|
+
send(key.to_sym)
|
31
|
+
end
|
32
|
+
|
33
|
+
# Traverse the given entity to build out the configuration graph.
|
34
|
+
#
|
35
|
+
# The values will be either a hash, indicating internal nodes to
|
36
|
+
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
37
|
+
# leaf node.
|
38
|
+
#
|
39
|
+
# The spec_key are the Contrast defined keys based on the instance variables of
|
40
|
+
# a given configuration.
|
41
|
+
def traverse_config values, spec_key
|
42
|
+
internal_nodes = values.cs__respond_to?(:has_key?)
|
43
|
+
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
44
|
+
val == EMPTY_VALUE ? nil : val
|
45
|
+
end
|
46
|
+
|
47
|
+
def build_configuration_map
|
48
|
+
instance_variables.each do |key|
|
49
|
+
str_key = key.to_s.tr('@', '')
|
50
|
+
next if str_key == 'configuration_map'
|
51
|
+
|
52
|
+
@configuration_map[str_key] = send(str_key.to_sym)
|
53
|
+
end
|
13
54
|
end
|
14
55
|
end
|
15
56
|
end
|
@@ -30,6 +30,7 @@ module Contrast
|
|
30
30
|
def assign_value_to_path_array dot_path_array, value
|
31
31
|
current_level = self
|
32
32
|
dot_path_array[0...-1].each do |segment|
|
33
|
+
segment = segment.tr('-', '_')
|
33
34
|
current_level = current_level.send(segment) if current_level.cs__respond_to?(segment)
|
34
35
|
end
|
35
36
|
last_entry = dot_path_array[-1]
|
@@ -5,10 +5,81 @@ module Contrast
|
|
5
5
|
module Config
|
6
6
|
# Certificate Configuration
|
7
7
|
class CertificationConfiguration < BaseConfiguration
|
8
|
-
|
8
|
+
# @return [String] path to CA Cert file
|
9
|
+
attr_reader :ca_file
|
10
|
+
# @return [String] path to Certification file
|
11
|
+
attr_reader :cert_file
|
12
|
+
# @return [String] path to Certification Key file
|
13
|
+
attr_reader :key_file
|
9
14
|
|
10
|
-
def initialize hsh
|
11
|
-
|
15
|
+
def initialize hsh = {}
|
16
|
+
@enable = traverse_config(hsh, :enable)
|
17
|
+
@ca_file = traverse_config(hsh, :ca_file)
|
18
|
+
@cert_file = traverse_config(hsh, :cert_file)
|
19
|
+
@key_file = traverse_config(hsh, :key_file)
|
20
|
+
@configuration_map = {}
|
21
|
+
build_configuration_map
|
22
|
+
end
|
23
|
+
|
24
|
+
# GETTERS
|
25
|
+
|
26
|
+
# @return [Boolean]
|
27
|
+
def enable
|
28
|
+
return false if @enable.nil?
|
29
|
+
|
30
|
+
@enable
|
31
|
+
end
|
32
|
+
|
33
|
+
# SETTERS
|
34
|
+
|
35
|
+
def enable= value
|
36
|
+
self['enable'] = value
|
37
|
+
end
|
38
|
+
|
39
|
+
def ca_file= value
|
40
|
+
self['ca_file'] = value
|
41
|
+
end
|
42
|
+
|
43
|
+
def cert_file= value
|
44
|
+
self['cert_file'] = value
|
45
|
+
end
|
46
|
+
|
47
|
+
def key_file= value
|
48
|
+
self['key_file'] = value
|
49
|
+
end
|
50
|
+
|
51
|
+
# TODO: RUBY-1493 MOVE TO BASE CONFIG
|
52
|
+
|
53
|
+
def []= key, value
|
54
|
+
instance_variable_set("@#{ key }".to_sym, value)
|
55
|
+
@configuration_map[key] = value
|
56
|
+
end
|
57
|
+
|
58
|
+
def [] key
|
59
|
+
send(key.to_sym)
|
60
|
+
end
|
61
|
+
|
62
|
+
# Traverse the given entity to build out the configuration graph.
|
63
|
+
#
|
64
|
+
# The values will be either a hash, indicating internal nodes to
|
65
|
+
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
66
|
+
# leaf node.
|
67
|
+
#
|
68
|
+
# The spec_key are the Contrast defined keys based on the instance variables of
|
69
|
+
# a given configuration.
|
70
|
+
def traverse_config values, spec_key
|
71
|
+
internal_nodes = values.cs__respond_to?(:has_key?)
|
72
|
+
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
73
|
+
val == EMPTY_VALUE ? nil : val
|
74
|
+
end
|
75
|
+
|
76
|
+
def build_configuration_map
|
77
|
+
instance_variables.each do |key|
|
78
|
+
str_key = key.to_s.tr('@', '')
|
79
|
+
next if str_key == 'configuration_map'
|
80
|
+
|
81
|
+
@configuration_map[str_key] = send(str_key.to_sym)
|
82
|
+
end
|
12
83
|
end
|
13
84
|
end
|
14
85
|
end
|
@@ -7,10 +7,68 @@ module Contrast
|
|
7
7
|
# exception handling in Ruby, allowing for the override of Response Code
|
8
8
|
# and Message when Security Exceptions are raised.
|
9
9
|
class ExceptionConfiguration < BaseConfiguration
|
10
|
-
|
10
|
+
# @return [Integer] the HTTP status code override
|
11
|
+
attr_reader :override_status
|
12
|
+
# @return [String] the message text override
|
13
|
+
attr_reader :override_message
|
11
14
|
|
12
|
-
def initialize hsh
|
13
|
-
|
15
|
+
def initialize hsh = {}
|
16
|
+
@capture = traverse_config(hsh, :capture)
|
17
|
+
@override_status = traverse_config(hsh, :override_status)
|
18
|
+
@override_message = traverse_config(hsh, :override_message)
|
19
|
+
@configuration_map = {}
|
20
|
+
build_configuration_map
|
21
|
+
end
|
22
|
+
|
23
|
+
# @return [Boolean] default: false
|
24
|
+
def capture
|
25
|
+
@capture.nil? ? false : @capture
|
26
|
+
end
|
27
|
+
|
28
|
+
def capture= value
|
29
|
+
self['capture'] = value
|
30
|
+
end
|
31
|
+
|
32
|
+
def override_status= value
|
33
|
+
self['override_status'] = value
|
34
|
+
end
|
35
|
+
|
36
|
+
def override_message= value
|
37
|
+
self['override_message'] = value
|
38
|
+
end
|
39
|
+
|
40
|
+
# TODO: RUBY-1493 MOVE TO BASE CONFIG
|
41
|
+
|
42
|
+
def []= key, value
|
43
|
+
instance_variable_set("@#{ key }".to_sym, value)
|
44
|
+
@configuration_map[key] = value
|
45
|
+
end
|
46
|
+
|
47
|
+
def [] key
|
48
|
+
send(key.to_sym)
|
49
|
+
end
|
50
|
+
|
51
|
+
# Traverse the given entity to build out the configuration graph.
|
52
|
+
#
|
53
|
+
# The values will be either a hash, indicating internal nodes to
|
54
|
+
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
55
|
+
# leaf node.
|
56
|
+
#
|
57
|
+
# The spec_key are the Contrast defined keys based on the instance variables of
|
58
|
+
# a given configuration.
|
59
|
+
def traverse_config values, spec_key
|
60
|
+
internal_nodes = values.cs__respond_to?(:has_key?)
|
61
|
+
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
62
|
+
val == EMPTY_VALUE ? nil : val
|
63
|
+
end
|
64
|
+
|
65
|
+
def build_configuration_map
|
66
|
+
instance_variables.each do |key|
|
67
|
+
str_key = key.to_s.tr('@', '')
|
68
|
+
next if str_key == 'configuration_map'
|
69
|
+
|
70
|
+
@configuration_map[str_key] = send(str_key.to_sym)
|
71
|
+
end
|
14
72
|
end
|
15
73
|
end
|
16
74
|
end
|
@@ -6,23 +6,107 @@ module Contrast
|
|
6
6
|
# Common Configuration settings. Those in this section pertain to the
|
7
7
|
# Heap Dump collection functionality of the Agent.
|
8
8
|
class HeapDumpConfiguration < BaseConfiguration
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
9
|
+
DEFAULT_PATH = 'contrast_heap_dumps' # saved
|
10
|
+
DEFAULT_MS = 10_000
|
11
|
+
DEFAULT_COUNT = 5
|
12
|
+
|
13
|
+
def initialize hsh = {}
|
14
|
+
@enable = traverse_config(hsh, :enable)
|
15
|
+
@path = traverse_config(hsh, :path)
|
16
|
+
@delay_ms = traverse_config(hsh, :delay_ms)
|
17
|
+
@window_ms = traverse_config(hsh, :window_ms)
|
18
|
+
@count = traverse_config(hsh, :count)
|
19
|
+
@clean = traverse_config(hsh, :clean)
|
20
|
+
@configuration_map = {}
|
21
|
+
build_configuration_map
|
22
|
+
end
|
23
|
+
|
24
|
+
# @return [Boolean, false] should dumps be taken
|
25
|
+
def enable
|
26
|
+
!!@enable
|
27
|
+
end
|
28
|
+
|
29
|
+
# @return [String, DEFAULT_PATH] dir to which dumps should be
|
30
|
+
def path
|
31
|
+
@path ||= DEFAULT_PATH
|
32
|
+
end
|
33
|
+
|
34
|
+
# @return [Integer, DEFAULT_MS] time, in ms, after initialization
|
35
|
+
def delay_ms
|
36
|
+
@delay_ms ||= DEFAULT_MS
|
37
|
+
end
|
38
|
+
|
39
|
+
# @return [Integer, DEFAULT_MS] ms between each dump
|
40
|
+
def window_ms
|
41
|
+
@window_ms ||= DEFAULT_MS
|
42
|
+
end
|
43
|
+
|
44
|
+
# @return [Integer, DEFAULT_MS] number of dumps to take
|
45
|
+
def count
|
46
|
+
@count ||= DEFAULT_COUNT
|
47
|
+
end
|
48
|
+
|
49
|
+
# @return [Boolean, false] remove temporary objects or not
|
50
|
+
def clean
|
51
|
+
!!@clean
|
52
|
+
end
|
53
|
+
|
54
|
+
def enable= value
|
55
|
+
self['enable'] = value
|
56
|
+
end
|
57
|
+
|
58
|
+
def path= value
|
59
|
+
self['path'] = value
|
60
|
+
end
|
61
|
+
|
62
|
+
def delay_ms= value
|
63
|
+
self['delay_ms'] = value
|
64
|
+
end
|
65
|
+
|
66
|
+
def window_ms= value
|
67
|
+
self['window_ms'] = value
|
68
|
+
end
|
69
|
+
|
70
|
+
def count= value
|
71
|
+
self['count'] = value
|
72
|
+
end
|
73
|
+
|
74
|
+
def clean= value
|
75
|
+
self['clean'] = value
|
76
|
+
end
|
77
|
+
|
78
|
+
# TODO: RUBY-1493 MOVE TO BASE CONFIG
|
79
|
+
|
80
|
+
def []= key, value
|
81
|
+
instance_variable_set("@#{ key }".to_sym, value)
|
82
|
+
@configuration_map[key] = value
|
83
|
+
end
|
84
|
+
|
85
|
+
def [] key
|
86
|
+
send(key.to_sym)
|
87
|
+
end
|
88
|
+
|
89
|
+
# Traverse the given entity to build out the configuration graph.
|
90
|
+
#
|
91
|
+
# The values will be either a hash, indicating internal nodes to
|
92
|
+
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
93
|
+
# leaf node.
|
94
|
+
#
|
95
|
+
# The spec_key are the Contrast defined keys based on the instance variables of
|
96
|
+
# a given configuration.
|
97
|
+
def traverse_config values, spec_key
|
98
|
+
internal_nodes = values.cs__respond_to?(:has_key?)
|
99
|
+
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
100
|
+
val == EMPTY_VALUE ? nil : val
|
101
|
+
end
|
102
|
+
|
103
|
+
def build_configuration_map
|
104
|
+
instance_variables.each do |key|
|
105
|
+
str_key = key.to_s.tr('@', '')
|
106
|
+
next if str_key == 'configuration_map'
|
107
|
+
|
108
|
+
@configuration_map[str_key] = send(str_key.to_sym)
|
109
|
+
end
|
26
110
|
end
|
27
111
|
end
|
28
112
|
end
|
@@ -6,10 +6,71 @@ module Contrast
|
|
6
6
|
# Common Configuration settings. Those in this section pertain to the
|
7
7
|
# inventory functionality of the Agent.
|
8
8
|
class InventoryConfiguration < BaseConfiguration
|
9
|
-
|
9
|
+
# @return [Array, nil] tags
|
10
|
+
attr_reader :tags
|
10
11
|
|
11
|
-
def initialize hsh
|
12
|
-
|
12
|
+
def initialize hsh = {}
|
13
|
+
@enable = traverse_config(hsh, :enable)
|
14
|
+
@analyze_libraries = traverse_config(hsh, :analyze_libraries)
|
15
|
+
@tags = traverse_config(hsh, :tags)
|
16
|
+
@configuration_map = {}
|
17
|
+
build_configuration_map
|
18
|
+
end
|
19
|
+
|
20
|
+
# @return [Boolean, true]
|
21
|
+
def enable
|
22
|
+
@enable.nil? ? true : @enable
|
23
|
+
end
|
24
|
+
|
25
|
+
# @return [Boolean, true]
|
26
|
+
def analyze_libraries
|
27
|
+
@analyze_libraries.nil? ? true : @analyze_libraries
|
28
|
+
end
|
29
|
+
|
30
|
+
def enable= value
|
31
|
+
self['enable'] = value
|
32
|
+
end
|
33
|
+
|
34
|
+
def analyze_libraries= value
|
35
|
+
self['analyze_libraries'] = value
|
36
|
+
end
|
37
|
+
|
38
|
+
def tags= value
|
39
|
+
self['tags'] = value
|
40
|
+
end
|
41
|
+
|
42
|
+
# TODO: RUBY-1493 MOVE TO BASE CONFIG
|
43
|
+
|
44
|
+
def []= key, value
|
45
|
+
instance_variable_set("@#{ key }".to_sym, value)
|
46
|
+
@configuration_map[key] = value
|
47
|
+
end
|
48
|
+
|
49
|
+
def [] key
|
50
|
+
send(key.to_sym)
|
51
|
+
end
|
52
|
+
|
53
|
+
# Traverse the given entity to build out the configuration graph.
|
54
|
+
#
|
55
|
+
# The values will be either a hash, indicating internal nodes to
|
56
|
+
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
57
|
+
# leaf node.
|
58
|
+
#
|
59
|
+
# The spec_key are the Contrast defined keys based on the instance variables of
|
60
|
+
# a given configuration.
|
61
|
+
def traverse_config values, spec_key
|
62
|
+
internal_nodes = values.cs__respond_to?(:has_key?)
|
63
|
+
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
64
|
+
val == EMPTY_VALUE ? nil : val
|
65
|
+
end
|
66
|
+
|
67
|
+
def build_configuration_map
|
68
|
+
instance_variables.each do |key|
|
69
|
+
str_key = key.to_s.tr('@', '')
|
70
|
+
next if str_key == 'configuration_map'
|
71
|
+
|
72
|
+
@configuration_map[str_key] = send(str_key.to_sym)
|
73
|
+
end
|
13
74
|
end
|
14
75
|
end
|
15
76
|
end
|
@@ -6,10 +6,53 @@ module Contrast
|
|
6
6
|
# Common Configuration settings. Those in this section pertain to the
|
7
7
|
# logging in the Agent.
|
8
8
|
class LoggerConfiguration < BaseConfiguration
|
9
|
-
|
9
|
+
# @return [String, nil]
|
10
|
+
attr_accessor :path
|
11
|
+
# @return [String, nil]
|
12
|
+
attr_accessor :level
|
13
|
+
# @return [String, nil]
|
14
|
+
attr_accessor :progname
|
10
15
|
|
11
|
-
def initialize hsh
|
12
|
-
|
16
|
+
def initialize hsh = {}
|
17
|
+
@path = traverse_config(hsh, :path)
|
18
|
+
@level = traverse_config(hsh, :level)
|
19
|
+
@progname = traverse_config(hsh, :progname)
|
20
|
+
@configuration_map = {}
|
21
|
+
build_configuration_map
|
22
|
+
end
|
23
|
+
|
24
|
+
# TODO: RUBY-1493 MOVE TO BASE CONFIG
|
25
|
+
|
26
|
+
def []= key, value
|
27
|
+
instance_variable_set("@#{ key }".to_sym, value)
|
28
|
+
@configuration_map[key] = value
|
29
|
+
end
|
30
|
+
|
31
|
+
def [] key
|
32
|
+
send(key.to_sym)
|
33
|
+
end
|
34
|
+
|
35
|
+
# Traverse the given entity to build out the configuration graph.
|
36
|
+
#
|
37
|
+
# The values will be either a hash, indicating internal nodes to
|
38
|
+
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
39
|
+
# leaf node.
|
40
|
+
#
|
41
|
+
# The spec_key are the Contrast defined keys based on the instance variables of
|
42
|
+
# a given configuration.
|
43
|
+
def traverse_config values, spec_key
|
44
|
+
internal_nodes = values.cs__respond_to?(:has_key?)
|
45
|
+
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
46
|
+
val == EMPTY_VALUE ? nil : val
|
47
|
+
end
|
48
|
+
|
49
|
+
def build_configuration_map
|
50
|
+
instance_variables.each do |key|
|
51
|
+
str_key = key.to_s.tr('@', '')
|
52
|
+
next if str_key == 'configuration_map'
|
53
|
+
|
54
|
+
@configuration_map[str_key] = send(str_key.to_sym)
|
55
|
+
end
|
13
56
|
end
|
14
57
|
end
|
15
58
|
end
|
@@ -8,15 +8,15 @@ module Contrast
|
|
8
8
|
# Common Configuration settings. Those in this section pertain to the
|
9
9
|
# rule mode of a single protect rule in the Agent.
|
10
10
|
class ProtectRuleConfiguration < BaseConfiguration
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
11
|
+
attr_accessor :enable, :mode, :disable_system_commands, :detect_custom_code_accessing_system_files
|
12
|
+
|
13
|
+
def initialize hsh = {}
|
14
|
+
@enable = traverse_config(hsh, :enable)
|
15
|
+
@mode = traverse_config(hsh, :mode)
|
16
|
+
@disable_system_commands = traverse_config(hsh, :disable_system_commands)
|
17
|
+
@detect_custom_code_accessing_system_files = traverse_config(hsh, :detect_custom_code_accessing_system_files)
|
18
|
+
@configuration_map = {}
|
19
|
+
build_configuration_map
|
20
20
|
end
|
21
21
|
|
22
22
|
# To convert the user input mode from config to a standard format used by TS & SR, we need to convert the given
|
@@ -40,6 +40,33 @@ module Contrast
|
|
40
40
|
Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION
|
41
41
|
end
|
42
42
|
end
|
43
|
+
|
44
|
+
def [] key
|
45
|
+
send(key.to_sym)
|
46
|
+
end
|
47
|
+
|
48
|
+
# Traverse the given entity to build out the configuration graph.
|
49
|
+
#
|
50
|
+
# The values will be either a hash, indicating internal nodes to
|
51
|
+
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
52
|
+
# leaf node.
|
53
|
+
#
|
54
|
+
# The spec_key are the Contrast defined keys based on the instance variables of
|
55
|
+
# a given configuration.
|
56
|
+
def traverse_config values, spec_key
|
57
|
+
internal_nodes = values.cs__respond_to?(:has_key?)
|
58
|
+
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
59
|
+
val == EMPTY_VALUE ? nil : val
|
60
|
+
end
|
61
|
+
|
62
|
+
def build_configuration_map
|
63
|
+
instance_variables.each do |key|
|
64
|
+
str_key = key.to_s.tr('@', '')
|
65
|
+
next if str_key == 'configuration_map'
|
66
|
+
|
67
|
+
@configuration_map[str_key] = send(str_key.to_sym)
|
68
|
+
end
|
69
|
+
end
|
43
70
|
end
|
44
71
|
end
|
45
72
|
end
|