contrast-agent 5.1.0 → 6.0.0

data/lib/contrast/utils/class_util.rb

@@ -50,8 +50,8 @@ module Contrast
         # After implementing the LRU Cache, we firstly need to check if already had that object cached and if we have
         # it - we can return it directly; otherwise we'll calculate and store the result before returning.
         #
-        # TODO: RUBY-1327
-        # Once we move to 2.7+, we can combine the caches using ID b/c the memory location stops being the id
+        # Combining of the caches have close performance, but keeping the two with current implementation has
+        # a slight advantage in performance. For now we can keep the things the way they are.
         #
         # @param object [Object, nil] the entity to convert to a String
         # @return [String, Object] the human readable form of the String, as defined by
@@ -98,16 +98,7 @@ module Contrast
         def truly_defined? name
           return false unless name
 
-          segments = name.split(Contrast::Utils::ObjectShare::DOUBLE_COLON)
-          previous_module = Module
-          segments.each do |segment|
-            return false if previous_module.cs__autoload?(segment)
-            return false unless previous_module.cs__const_defined?(segment)
-
-            previous_module = previous_module.cs__const_get(segment)
-          end
-
-          true
+          Module.cs__const_defined?(name)
         rescue NameError # account for nonsense / poorly formatted constants
           false
         end

data/lib/contrast/utils/hash_digest.rb

@@ -29,7 +29,7 @@ module Contrast
       # request or Contrast::REQUEST_TRACKER.current.request uri and used request
       # method.
       #
-      # @param finding [Contrast::Api::Dtm::Finding] finding to be reported
+      # @param finding [Contrast::Api::Dtm::Finding, Contrast::Agent::Reporting::Finding] finding to be reported
       # @param request [Contrast::Agent::Request] our wrapper around the Rack::Request.
       # @return checksum [Integer, nil] returns nil if there is no request context or tracking
       # is disabled.
@@ -38,12 +38,20 @@ module Contrast
         return unless context || ::Contrast::ASSESS.non_request_tracking?
 
         if (route = finding.routes[0])
-          update(route.route) # the normalized URL used to access the method in the route.
-          update(route.verb) # the HTTP Verb used  to access the method in the route.
-        elsif request ||= context&.request
-          update(request.normalized_uri) # the normalized URL used to access the method in the route.
-          update(request.request_method) # The HTTP method used in the request
+          if finding.cs__is_a?(Contrast::Agent::Reporting::Finding) && (observation = route.observations[0])
+            update(observation.url)
+            update(observation.verb)
+          else
+            update(route.route) # the normalized URL used to access the method in the route.
+            update(route.verb) # the HTTP Verb used  to access the method in the route.
+          end
+          return
         end
+
+        return unless request ||= context&.request
+
+        update(request.normalized_uri) # the normalized URL used to access the method in the route.
+        update(request.request_method) # The HTTP method used in the request
       end
 
       # Update to CRC checksum the event source name and source type.

data/lib/contrast/utils/input_classification.rb

@@ -0,0 +1,73 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/object_share'
+require 'contrast/agent/reporting/input_analysis/input_type'
+require 'contrast/agent/reporting/input_analysis/score_level'
+require 'contrast/agent/protect/input_analyzer/input_analyzer'
+
+module Contrast
+  module Agent
+    module Protect
+      module Rule
+        # This module will include all the similar information for all input classifications
+        # between different rules
+        module InputClassificationBase
+          include Contrast::Agent::Reporting::InputType
+          include Contrast::Agent::Reporting::ScoreLevel
+
+          # Input Classification stage is done to determine if an user input is
+          # WORTHWATCHING or to be ignored.
+          #
+          # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
+          # @param value [String, Array<String>] the value of the input.
+          # @param input_analysis [Contrast::Agent::Reporting::InputAnalysis] Holds all the results from the
+          #                                                       agent analysis from the current
+          #                                                       Request.
+          # @return ia [Contrast::Agent::Reporting::InputAnalysis] with updated results.
+          def classify input_type, value, input_analysis # rubocop:disable Lint/UnusedMethodArgument
+            return false unless input_analysis.request
+
+            true
+          end
+
+          # Creates new isntance of InputAnalysisResult with basic info.
+          #
+          # @param rule_id [String] The name of the Protect Rule.
+          # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
+          # @param value [String, Array<String>] the value of the input.
+          # @param path [String] the path of the current request context.
+          #
+          # @return res [Contrast::Agent::Reporting::InputAnalysisResult]
+          def new_ia_result rule_id, input_type, path, value = nil
+            res = Contrast::Agent::Reporting::InputAnalysisResult.new
+            res.rule_id = rule_id
+            res.input_type = input_type
+            res.path = path
+            res.value = value
+            res
+          end
+
+          # This methods checks if input is value that matches a key in the input.
+          #
+          # @param request [Contrast::Agent::Request] the current request context.
+          # @param result [Contrast::Agent::Reporting::InputAnalysisResult] result to be updated.
+          # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
+          # @param value [String, Array<String>] the value of the input.
+          #
+          # @return result [Contrast::Agent::Reporting::InputAnalysisResult] updated with key result.
+          def add_needed_key request, result, input_type, value
+            case input_type
+            when COOKIE_VALUE
+              result.key = request.cookies.key(value)
+            when PARAMETER_VALUE
+              result.key = request.parameters.key(value)
+            else
+              result.key
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/utils/log_utils.rb

@@ -1,6 +1,9 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'socket'
+require 'contrast/agent/version'
+
 module Contrast
   module Utils
     # Method utility used by Contrast::Logger::log
@@ -106,3 +109,114 @@ module Contrast
     end
   end
 end
+
+module Contrast
+  module Utils
+    # These are the utilities for the CEF Logger, which will use the default ruby logger as we are not
+    # interested in special logging. We have the format we need and that's all we need. It would be useless
+    # to use Ougai
+    module CEFLogUtils
+      include Contrast::Utils::LogUtils
+      # <date> <host> CEF:<version>|<company>|<product>|<agent version>|<event type>
+      # |<event message>|<severity>|<other name-value pairs>
+      DEFAULT_CEF_NAME = 'security.log'
+      DEFAULT_LEVEL    = ::Logger::Severity::INFO
+      VALID_LEVELS     = ::Logger::SEV_LABEL
+      PROGNAME         = 'Contrast Agent Ruby'
+      DATE_TIME_FORMAT = '%b %d %Y %H:%M:%S.%L%z'
+      AGENT_VERSION    = Contrast::Agent::VERSION
+      EVENT_TYPE       = 'SECURITY'
+      DEFAULT_METADATA = '-'
+
+      private
+
+      def build path: STDOUT_STR, level_const: DEFAULT_LEVEL
+        logger = case path
+                 when STDOUT_STR, STDERR_STR
+                   ::Logger.new(Object.cs__const_get(path))
+                 else
+                   ::Logger.new(path)
+                 end
+        logger.progname = PROGNAME
+        logger.level = level_const
+        change_logger_formatter logger
+        logger
+      end
+
+      def context
+        Contrast::Agent::REQUEST_TRACKER.current
+      end
+
+      def change_logger_formatter logger
+        ip_address = extract_ip_address
+        logger.formatter = proc do |severity, datetime, progname, msg|
+          date_format = datetime.strftime(DATE_TIME_FORMAT)
+          message = []
+          message << "#{ date_format } #{ ip_address }"
+          message << 'CEF:0|Contrast Security'
+          message << progname
+          message << AGENT_VERSION
+          message << EVENT_TYPE
+          message << msg[0]
+          message << severity
+          message << extract_metadata(msg[1], msg[2])
+          "#{ message.join('|') }\n"
+        end
+      end
+
+      # This method will extract the metadata information from context and other places
+      #
+      # initial structure of the data:
+      # <metadata> := <message-source>" "<source-ip>" "<source-port>" "<request-url>" "<request-method>" \
+      # "<application>" "<outcome>
+      # it could come from: blockEntry, lei, bbi(bot blocker), vp(virtual patch) or pri(rule)
+      # initially here we will use case to add it
+      def extract_metadata rule_id = nil, outcome = nil
+        message = []
+        sender_info = context&.activity&.http_request&.sender
+        rule_id ? message << "pri=#{ rule_id } " : 'asd'
+        request_method = if context.request.rack_request.env['REQUEST_METHOD'].length.positive?
+                           context.request.rack_request.env['REQUEST_METHOD']
+                         else
+                           DEFAULT_METADATA
+                         end
+        app_name = ::Contrast::APP_CONTEXT.app_name
+        attach_request_and_sender_info message, sender_info
+        message << "request=#{ context.request.url } "
+        message << "requestMethod=#{ request_method } "
+        message << "app=#{ app_name } "
+        message << "outcome=#{ outcome } "
+      end
+
+      def attach_request_and_sender_info message, sender_info
+        # here, instead of the ip, we need to report the first non-private 'X-Forwarded-For' Header if available.
+        # if not we return '-'
+        needed_header = extract_sender_ip
+        # I'm not sure if we should report the sender ip from the ActivityDtm
+        src = if needed_header
+                needed_header
+              else
+                sender_info.ip.length > 1 ? sender_info.ip : DEFAULT_METADATA
+              end
+        message << "src=#{ src }"
+        message << "port=#{ sender_info.port }"
+      end
+
+      def extract_ip_address
+        res = Socket.getifaddrs.reject do |ifaddr|
+          !ifaddr.addr.ipv4? ||
+              (ifaddr.flags & Socket::IFF_MULTICAST).zero? ||
+              ifaddr.name != 'en0' # rubocop:disable Security/Module/Name
+        end
+        return unless res.length.positive?
+
+        res[0].addr.ip_address
+      end
+
+      def extract_sender_ip
+        request_headers = context.activity.http_request.request_headers&.transform_keys(&:to_s)
+        request_headers['X-Forwarded-For']
+      end
+    end
+  end
+end

data/lib/contrast/utils/middleware_utils.rb

@@ -8,6 +8,13 @@ module Contrast
     module MiddlewareUtils
       private
 
+      # TODO: RUBY-1609 update this part of the method for Ruby Version and Year
+      LANGUAGE_DEPRECATION_VERSION = '2.7'
+      LANGUAGE_DEPRECATION_YEAR = '2023'
+      LANGUAGE_DEPRECATION_WARNING =
+        "[Contrast Security] [DEPRECATION] Support for Ruby #{ LANGUAGE_DEPRECATION_VERSION } will be removed in "\
+        "April #{ LANGUAGE_DEPRECATION_YEAR }. Please contact Customer Support prior if you require continued support."
+
       def setup_agent
         ::Contrast::SETTINGS.reset_state
 
@@ -51,15 +58,8 @@ module Contrast
       # deprecated and soon to be removed functionality. This method handles doing that by leveraging the standard
       # Kernel#warn approach
       def inform_deprecations
-        # Ruby 2.5 is currently in security maintenance, meaning int is only receiving updates for security issues. It
-        # will move to eol on 31 March 2021. As such, we can remove support for it in Q3. We'll begin the deprecation
-        # warnings now so that customers have time to reach out if they'll be impacted.
-        # TODO: RUBY-715 remove this part of the method, leaving it empty if there are no other deprecations, when we
-        #   drop 2.5 support.
-        return unless RUBY_VERSION < '2.6.0'
-
-        Kernel.warn('[Contrast Security] [DEPRECATION] Support for Ruby 2.5 will be removed in April 2021. '\
-                    'Please contact Customer Support prior if you require continued support.')
+        # Warn customers that they're on a version that's losing support in the next year.
+        Kernel.warn(LANGUAGE_DEPRECATION_WARNING) if RUBY_VERSION.start_with?(LANGUAGE_DEPRECATION_VERSION)
       end
 
       # Displays Telemetry disclaimer if Telemetry is enabled.

data/lib/contrast/utils/net_http_base.rb

@@ -22,7 +22,7 @@ module Contrast
       # @param use_custom_cert [Boolean] flag used to indicate whether the client is to use
       # self signed certificates provided by config [default = false]
       # @return [Net::HTTP, nil] Return open connection or nil
-      def initialize_connection service_name, url, use_proxy = false, use_custom_cert = false
+      def initialize_connection service_name, url, use_proxy: false, use_custom_cert: false
         return unless url
 
         addr = URI(url)
@@ -59,15 +59,7 @@ module Contrast
         return @_connection_verified unless @_connection_verified.nil?
         return false if client.nil?
 
-        # Before RUBY 2.7 there is no #ipaddr
-        ipaddr = if RUBY_VERSION < '2.7.0'
-                   socket = TCPSocket.open(client.address, client.port)
-                   ipaddr = socket.peeraddr[3]
-                   socket.close
-                   ipaddr
-                 else
-                   client.ipaddr
-                 end
+        ipaddr = get_ipaddr(client)
         response = client.request(Net::HTTP::Get.new(client.address))
         verify_cert = client.address.to_s.include?('localhost') ||
             OpenSSL::SSL.verify_certificate_identity(client.peer_cert, client.address)
@@ -160,6 +152,17 @@ module Contrast
 
         @_proxy_enabled = Contrast::API.proxy_enabled? && !Contrast::API.proxy_url.nil?
       end
+
+      # Retrieve the IP address from the client.
+      #
+      # @param client [Net::HTTP]
+      # @return [String]
+      def get_ipaddr client
+        socket = TCPSocket.open(client.address, client.port)
+        ipaddr = socket.peeraddr[3]
+        socket.close
+        ipaddr
+      end
     end
   end
 end

data/lib/contrast/utils/object_share.rb

@@ -10,6 +10,7 @@ module Contrast
     module ObjectShare
       # Strings
       ASTERISK =      '*'
+      AMPERSAND =     '&'
       BACK_SLASH =    '\\'
       EMPTY_STRING =  ''
       COLON =         ':'
@@ -38,6 +39,7 @@ module Contrast
       COLON_SLASH_SLASH = '://'
       DOLLAR_SIGN =    '$'
       CARROT =         '^'
+      BANG =           '!'
 
       WRITE_FLAG =    'w'
 
@@ -47,7 +49,6 @@ module Contrast
       CACHE = 'cache'
 
       CONTRAST_PATCHED_METHOD_START = 'cs__patched_'
-      DOUBLE_COLON = '::'
 
       EMPTY_ARRAY = [].freeze
       EMPTY_HASH = {}.freeze

data/lib/contrast/utils/os.rb

@@ -53,11 +53,6 @@ module Contrast
         def linux?
           (unix? and !mac?)
         end
-
-        def jruby?
-          @_jruby = RUBY_ENGINE == 'jruby' if @_jruby.nil?
-          @_jruby
-        end
       end
     end
   end

data/lib/contrast/utils/patching/policy/patch_utils.rb

@@ -35,10 +35,9 @@ module Contrast
         # Given a method, return a symbol in the format
         # <method_start>_unbound_<method_name>
         def build_unbound_method_name patcher_method
-          (Contrast::Utils::ObjectShare::CONTRAST_PATCHED_METHOD_START +
-            'unbound' +
-            Contrast::Utils::ObjectShare::UNDERSCORE +
-            patcher_method.to_s).to_sym
+          "#{ Contrast::Utils::ObjectShare::CONTRAST_PATCHED_METHOD_START }unbound"\
+          "#{ Contrast::Utils::ObjectShare::UNDERSCORE }"\
+          "#{ patcher_method }".to_sym
         end
 
         # ===== PATCH APPLIERS =====
@@ -63,10 +62,6 @@ module Contrast
         rescue StandardError => e
           # Anything else was our bad and we gotta catch that to allow for normal application flow
           logger.error('Unable to apply pre patch to method.', e)
-        rescue Exception => e # rubocop:disable Lint/RescueException
-          # This is something like NoMemoryError that we can't hope to handle.  Nonetheless, shouldn't leak scope.
-          exit_contrast_scope!
-          raise e
         end
 
         # THIS IS CALLED FROM C. Do not change the signature lightly.
@@ -142,7 +137,7 @@ module Contrast
           if method_policy.source_node
             # If we were given a frozen return, and it was the target of a source, and we have frozen sources enabled,
             # we'll need to replace the return. Note, this is not the default case.
-            source_ret = Contrast::Agent::Assess::Policy::SourceMethod.source_patchers(method_policy, object, ret, args)
+            source_ret = Contrast::Agent::Assess::Policy::SourceMethod.apply_source(method_policy, object, ret, args)
           end
           if method_policy.propagation_node
             propagated_ret = Contrast::Agent::Assess::Policy::PropagationMethod.apply_propagation(

data/lib/contrast/utils/response_utils.rb

@@ -36,39 +36,24 @@ module Contrast
         return unless body
         return if defined?(Rack::File) && body.is_a?(Rack::File)
 
-        case body
-        when Rack::BodyProxy
-          handle_rack_body_proxy(body)
-        when ActionDispatch::Response::RackBody
-          extract_body(body.body) if defined?(ActionDispatch::Response::RackBody)
-        when Rack::Response
-          extract_body(body.body)
-        when Contrast::Utils::DuckUtils.quacks_to?(body, :each)
-          acc = []
-          body.each { |tmp| acc << read_or_string(tmp) }
-          acc.compact.join(Contrast::Utils::ObjectShare::NEW_LINE)
-        when ActionView::OutputBuffer
-          # https://stackoverflow.com/questions/15654676/how-to-convert-activesupportsafebuffer-to-string
-          body.to_str
-        else
-          read_or_string(body)
-        end
-        # if body.is_a?(Rack::BodyProxy)
-        #   handle_rack_body_proxy(body)
-        # elsif (defined?(ActionDispatch::Response::RackBody) && body.is_a?(ActionDispatch::Response::RackBody)) ||
-        #       body.is_a?(Rack::Response)
-        #
-        #   extract_body(body.body)
-        # elsif Contrast::Utils::DuckUtils.quacks_to?(body, :each)
-        #   acc = []
-        #   body.each { |tmp| acc << read_or_string(tmp) }
-        #   acc.compact.join(Contrast::Utils::ObjectShare::NEW_LINE)
-        # elsif ActionView::OutputBuffer
-        #   # https://stackoverflow.com/questions/15654676/how-to-convert-activesupportsafebuffer-to-string
-        #   body.to_str
-        # else
-        #   read_or_string(body)
-        # end
+        return handle_rack_body_proxy(body) if body.is_a?(Rack::BodyProxy)
+        return extract_body(body.body) if sub_extractable?(body)
+        return enumerable_text_from(body) if Contrast::Utils::DuckUtils.quacks_to?(body, :each)
+        # https://stackoverflow.com/questions/15654676/how-to-convert-activesupportsafebuffer-to-string
+        return body.to_str if body.is_a?(ActionView::OutputBuffer)
+
+        read_or_string(body)
+      end
+
+      def sub_extractable? body
+        (defined?(ActionDispatch::Response::RackBody) && body.is_a?(ActionDispatch::Response::RackBody)) ||
+            body.is_a?(Rack::Response)
+      end
+
+      def enumerable_text_from body
+        entries = body.map { |entry| read_or_string(entry) }
+        entries.compact!
+        entries.join(Contrast::Utils::ObjectShare::NEW_LINE)
       end
 
       def handle_rack_body_proxy body

data/lib/contrast/utils/telemetry.rb

@@ -1,7 +1,7 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/telemetry'
+require 'contrast/agent/telemetry/telemetry'
 require 'contrast/utils/telemetry_identifier'
 
 module Contrast

data/lib/contrast/utils/telemetry_client.rb

@@ -22,7 +22,7 @@ module Contrast
       # @param url [String]
       # @return [Net::HTTP, nil] Return open connection or nil
       def initialize_connection url
-        super(SERVICE_NAME, url, false, false)
+        super(SERVICE_NAME, url, use_proxy: false, use_custom_cert: false)
       end
 
       # This method will be responsible for building the request. Because the telemetry collector expects to receive

data/lib/contrast/utils/telemetry_identifier.rb

@@ -1,7 +1,7 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/telemetry'
+require 'contrast/agent/telemetry/telemetry'
 require 'contrast/utils/os'
 require 'socket'
 

data/lib/contrast.rb

@@ -21,10 +21,11 @@ class Object
   alias_method :cs__singleton_class, :singleton_class
 end
 
-if RUBY_VERSION >= '3.0.0'
+if RUBY_VERSION >= '3.0.0' && RUBY_VERSION < '3.1.0'
   # This fixes Ruby 3.0 issues with Module#(some instance method) patching by preventing the prepending of
   # a JSON helper on protobuf load. String.instance_method(:+) is one of the most noticeable.
-  # TODO: RUBY-1132 Remove this once Ruby 3 is fixed.
+  # This is fixed in Ruby 3.1.0
+  # TODO: RUBY-1132 Remove this once Ruby 3 support is dropped.
   # See bug here: https://bugs.ruby-lang.org/issues/17725
   class Class
     alias_method(:cs__orig_prepend, :prepend)
@@ -73,7 +74,7 @@ require 'contrast/utils/preflight_util'
 require 'contrast/utils/assess/sampling_util'
 require 'contrast/agent'
 
-if RUBY_VERSION >= '3.0.0'
+if RUBY_VERSION >= '3.0.0' && RUBY_VERSION < '3.1.0'
   # Put prepend back as it was.
   Class.alias_method(:prepend, :cs__orig_prepend)
   Class.remove_method(:cs__orig_prepend)

data/resources/assess/policy.json

@@ -790,6 +790,16 @@
       "patch_method": "select_tagger",
       "source": "O",
       "target": "R"
+    },{
+      "class_name": "String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "slice",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Select",
+      "patch_method": "select_tagger",
+      "source": "O",
+      "target": "R"
     },{
       "class_name":"CGI::Util",
       "method_name":"unescape",
@@ -1112,6 +1122,67 @@
       "target":"O",
       "action":"SPLAT"
     },
+    {
+      "class_name": "IO::Buffer",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "get_string",
+      "source": "O",
+      "target": "R",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Buffer",
+      "patch_method": "propagate_keep_select"
+    },
+    {
+      "class_name": "IO::Buffer",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "slice",
+      "source": "O",
+      "target": "R",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Buffer",
+      "patch_method": "propagate_keep_select"
+    },
+    {
+      "class_name": "IO::Buffer",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "set_string",
+      "source":"P0,O",
+      "target":"O",
+      "action": "BUFFER",
+      "patch_method": "propagate_insert"
+    },
+    {
+      "class_name": "IO::Buffer",
+      "instance_method": false,
+      "method_visibility": "public",
+      "method_name": "for",
+      "source":"P0",
+      "target":"R",
+      "action": "KEEP"
+    },
+    {
+      "class_name": "IO::Buffer",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "copy",
+      "source":"P0,O",
+      "target":"O",
+      "action": "BUFFER",
+      "patch_method": "buffer_keep_splat"
+    },
+    {
+      "class_name": "IO::Buffer",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name": "pread",
+      "source":"P0,O",
+      "target":"O",
+      "action": "BUFFER",
+      "patch_method": "buffer_keep_splat"
+    },
     {
        "class_name": "ERB",
        "method_name": "result",
@@ -1177,6 +1248,33 @@
       "action": "REMOVE",
       "tags":["HTML_ENCODED"],
       "untags":["HTML_DECODED"]
+    },
+    {
+      "class_name": "IO::Buffer",
+      "instance_method": false,
+      "method_visibility": "public",
+      "method_name": "map",
+      "source": "P0,O",
+      "target": "R",
+      "action": "KEEP"
+    },
+     {
+      "class_name": "IO::Buffer",
+      "method_name": "pwrite",
+      "instance_method": true,
+      "method_visibility": "public",
+      "source": "O",
+      "target": "P0",
+      "action": "KEEP"
+    },
+    {
+      "class_name": "IO::Buffer",
+      "method_name": "write",
+      "instance_method": true,
+      "method_visibility": "public",
+      "source": "O",
+      "target": "P0",
+      "action": "KEEP"
     }
   ],
   "rules":[