contrast-agent 5.2.0 → 6.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/cs__assess_array/cs__assess_array.c +7 -0
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +19 -5
- data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
- data/ext/cs__assess_hash/cs__assess_hash.c +3 -4
- data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -2
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +26 -12
- data/ext/cs__assess_module/cs__assess_module.c +1 -1
- data/ext/cs__assess_regexp/cs__assess_regexp.c +15 -2
- data/ext/cs__assess_regexp/cs__assess_regexp.h +2 -0
- data/ext/cs__assess_string/cs__assess_string.c +21 -1
- data/ext/cs__assess_test/cs__assess_test.h +9 -0
- data/ext/cs__assess_test/cs__assess_tests.c +22 -0
- data/ext/cs__assess_test/extconf.rb +5 -0
- data/ext/cs__common/cs__common.c +113 -11
- data/ext/cs__common/cs__common.h +29 -5
- data/ext/cs__contrast_patch/cs__contrast_patch.c +55 -44
- data/ext/cs__os_information/cs__os_information.c +13 -10
- data/ext/cs__scope/cs__scope.c +146 -97
- data/ext/cs__tests/cs__tests.c +12 -0
- data/ext/cs__tests/cs__tests.h +3 -0
- data/ext/cs__tests/extconf.rb +5 -0
- data/lib/contrast/agent/assess/contrast_object.rb +16 -16
- data/lib/contrast/agent/assess/events/source_event.rb +17 -19
- data/lib/contrast/agent/assess/finalizers/hash.rb +2 -0
- data/lib/contrast/agent/assess/policy/policy_node.rb +50 -27
- data/lib/contrast/agent/assess/policy/policy_node_utils.rb +51 -0
- data/lib/contrast/agent/assess/policy/policy_scanner.rb +2 -16
- data/lib/contrast/agent/assess/policy/preshift.rb +8 -2
- data/lib/contrast/agent/assess/policy/propagation_method.rb +47 -13
- data/lib/contrast/agent/assess/policy/propagator/buffer.rb +118 -0
- data/lib/contrast/agent/assess/policy/propagator/keep.rb +19 -4
- data/lib/contrast/agent/assess/policy/propagator/remove.rb +18 -2
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +17 -3
- data/lib/contrast/agent/assess/policy/propagator/split.rb +15 -19
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/substitution_utils.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator.rb +1 -0
- data/lib/contrast/agent/assess/policy/source_method.rb +7 -7
- data/lib/contrast/agent/assess/policy/trigger_method.rb +4 -10
- data/lib/contrast/agent/assess/property/tagged.rb +1 -1
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +7 -2
- data/lib/contrast/agent/assess/rule/response/auto_complete_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/base_rule.rb +11 -3
- data/lib/contrast/agent/assess/rule/response/body_rule.rb +3 -3
- data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +60 -36
- data/lib/contrast/agent/assess/rule/response/framework/rails_support.rb +3 -3
- data/lib/contrast/agent/assess/rule/response/parameters_pollution_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb +1 -2
- data/lib/contrast/agent/at_exit_hook.rb +1 -1
- data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +0 -7
- data/lib/contrast/agent/deadzone/policy/policy.rb +0 -6
- data/lib/contrast/agent/exclusion_matcher.rb +3 -3
- data/lib/contrast/agent/inventory/database_config.rb +10 -3
- data/lib/contrast/agent/middleware.rb +5 -3
- data/lib/contrast/agent/patching/policy/after_load_patch.rb +0 -2
- data/lib/contrast/agent/patching/policy/patch.rb +13 -12
- data/lib/contrast/agent/patching/policy/patcher.rb +4 -4
- data/lib/contrast/agent/patching/policy/policy_node.rb +15 -2
- data/lib/contrast/agent/protect/exploitable_collection.rb +38 -0
- data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +66 -9
- data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +2 -1
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +2 -2
- data/lib/contrast/agent/protect/rule/base.rb +37 -5
- data/lib/contrast/agent/protect/rule/base_service.rb +3 -1
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +13 -0
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +83 -0
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_worth_watching.rb +64 -0
- data/lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb +96 -0
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +8 -0
- data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +231 -0
- data/lib/contrast/agent/protect/rule/no_sqli.rb +27 -0
- data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +18 -54
- data/lib/contrast/agent/protect/rule/sqli/sqli_worth_watching.rb +1 -4
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +82 -0
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_matcher.rb +45 -0
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +42 -0
- data/lib/contrast/agent/reporting/attack_result/attack_result.rb +63 -0
- data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +52 -0
- data/lib/contrast/agent/reporting/attack_result/response_type.rb +29 -0
- data/lib/contrast/agent/reporting/attack_result/user_input.rb +87 -0
- data/lib/contrast/agent/reporting/masker/masker.rb +243 -0
- data/lib/contrast/agent/reporting/masker/masker_utils.rb +62 -0
- data/lib/contrast/agent/reporting/report.rb +2 -0
- data/lib/contrast/agent/reporting/reporter.rb +29 -22
- data/lib/contrast/agent/reporting/reporter_heartbeat.rb +49 -0
- data/lib/contrast/agent/reporting/reporting_events/agent_startup.rb +34 -0
- data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +53 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +48 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +64 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +70 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +57 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +56 -0
- data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +12 -4
- data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +58 -0
- data/lib/contrast/agent/reporting/reporting_events/application_reporting_event.rb +27 -0
- data/lib/contrast/agent/reporting/reporting_events/application_startup.rb +50 -0
- data/lib/contrast/agent/reporting/reporting_events/application_startup_instrumentation.rb +27 -0
- data/lib/contrast/agent/reporting/reporting_events/application_update.rb +7 -12
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +10 -4
- data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +2 -4
- data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +3 -3
- data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +5 -5
- data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +6 -2
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +16 -12
- data/lib/contrast/agent/reporting/reporting_events/poll.rb +6 -2
- data/lib/contrast/agent/reporting/reporting_events/preflight.rb +10 -8
- data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +8 -11
- data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +2 -1
- data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +8 -6
- data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +12 -20
- data/lib/contrast/agent/reporting/reporting_events/server_reporting_event.rb +27 -0
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +17 -27
- data/lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb +38 -0
- data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +8 -0
- data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +6 -0
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +23 -7
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +64 -76
- data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response.rb +17 -7
- data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +100 -0
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +75 -13
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_mode.rb +63 -0
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +154 -113
- data/lib/contrast/agent/reporting/settings/application_settings.rb +9 -0
- data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +5 -33
- data/lib/contrast/agent/reporting/settings/protect.rb +1 -1
- data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +2 -2
- data/lib/contrast/agent/reporting/settings/sampling.rb +36 -0
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +110 -0
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +58 -0
- data/lib/contrast/agent/request.rb +3 -3
- data/lib/contrast/agent/request_context.rb +1 -1
- data/lib/contrast/agent/request_context_extend.rb +2 -2
- data/lib/contrast/agent/request_handler.rb +7 -3
- data/lib/contrast/agent/response.rb +2 -0
- data/lib/contrast/agent/service_heartbeat.rb +6 -48
- data/lib/contrast/agent/static_analysis.rb +1 -1
- data/lib/contrast/agent/telemetry/base.rb +151 -0
- data/lib/contrast/agent/telemetry/events/event.rb +35 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +59 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +44 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +115 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +83 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +64 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb +20 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb +32 -0
- data/lib/contrast/agent/telemetry/events/metric_event.rb +28 -0
- data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb +123 -0
- data/lib/contrast/agent/thread_watcher.rb +52 -68
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent/worker_thread.rb +8 -0
- data/lib/contrast/agent.rb +4 -3
- data/lib/contrast/api/communication/messaging_queue.rb +28 -11
- data/lib/contrast/api/communication/response_processor.rb +7 -10
- data/lib/contrast/api/communication/speedracer.rb +1 -1
- data/lib/contrast/api/decorators/activity.rb +33 -0
- data/lib/contrast/api/decorators/address.rb +1 -1
- data/lib/contrast/api/decorators/http_request.rb +1 -1
- data/lib/contrast/api/decorators/response_type.rb +30 -0
- data/lib/contrast/api/decorators.rb +1 -0
- data/lib/contrast/components/app_context.rb +0 -4
- data/lib/contrast/components/assess.rb +14 -0
- data/lib/contrast/components/config.rb +13 -22
- data/lib/contrast/components/contrast_service.rb +9 -0
- data/lib/contrast/components/protect.rb +2 -2
- data/lib/contrast/components/sampling.rb +7 -11
- data/lib/contrast/components/settings.rb +116 -8
- data/lib/contrast/config/agent_configuration.rb +34 -41
- data/lib/contrast/config/api_configuration.rb +16 -75
- data/lib/contrast/config/api_proxy_configuration.rb +9 -48
- data/lib/contrast/config/application_configuration.rb +24 -95
- data/lib/contrast/config/assess_configuration.rb +21 -76
- data/lib/contrast/config/assess_rules_configuration.rb +13 -38
- data/lib/contrast/config/base_configuration.rb +11 -76
- data/lib/contrast/config/certification_configuration.rb +15 -68
- data/lib/contrast/config/exception_configuration.rb +15 -59
- data/lib/contrast/config/heap_dump_configuration.rb +19 -73
- data/lib/contrast/config/inventory_configuration.rb +11 -55
- data/lib/contrast/config/logger_configuration.rb +8 -41
- data/lib/contrast/config/protect_configuration.rb +23 -10
- data/lib/contrast/config/protect_rule_configuration.rb +23 -37
- data/lib/contrast/config/protect_rules_configuration.rb +39 -43
- data/lib/contrast/config/request_audit_configuration.rb +16 -55
- data/lib/contrast/config/root_configuration.rb +70 -13
- data/lib/contrast/config/ruby_configuration.rb +14 -47
- data/lib/contrast/config/sampling_configuration.rb +12 -65
- data/lib/contrast/config/server_configuration.rb +13 -45
- data/lib/contrast/config/service_configuration.rb +36 -17
- data/lib/contrast/configuration.rb +21 -13
- data/lib/contrast/extension/assess/string.rb +20 -1
- data/lib/contrast/extension/module.rb +0 -1
- data/lib/contrast/framework/manager.rb +2 -2
- data/lib/contrast/framework/rails/patch/support.rb +13 -45
- data/lib/contrast/logger/aliased_logging.rb +87 -0
- data/lib/contrast/logger/application.rb +1 -5
- data/lib/contrast/logger/cef_log.rb +1 -1
- data/lib/contrast/tasks/config.rb +100 -4
- data/lib/contrast/utils/assess/object_store.rb +36 -0
- data/lib/contrast/utils/assess/propagation_method_utils.rb +6 -0
- data/lib/contrast/utils/class_util.rb +5 -18
- data/lib/contrast/utils/input_classification.rb +73 -0
- data/lib/contrast/utils/invalid_configuration_util.rb +1 -1
- data/lib/contrast/utils/log_utils.rb +3 -1
- data/lib/contrast/utils/middleware_utils.rb +10 -9
- data/lib/contrast/utils/net_http_base.rb +1 -1
- data/lib/contrast/utils/object_share.rb +2 -1
- data/lib/contrast/utils/os.rb +0 -5
- data/lib/contrast/utils/patching/policy/patch_utils.rb +4 -5
- data/lib/contrast/utils/response_utils.rb +18 -33
- data/lib/contrast/utils/telemetry.rb +20 -2
- data/lib/contrast/utils/telemetry_client.rb +23 -11
- data/lib/contrast/utils/telemetry_hash.rb +41 -0
- data/lib/contrast/utils/telemetry_identifier.rb +16 -1
- data/lib/contrast.rb +9 -0
- data/resources/assess/policy.json +98 -0
- data/resources/deadzone/policy.json +0 -86
- data/ruby-agent.gemspec +10 -9
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +98 -30
- data/lib/contrast/agent/metric_telemetry_event.rb +0 -26
- data/lib/contrast/agent/startup_metrics_telemetry_event.rb +0 -121
- data/lib/contrast/agent/telemetry.rb +0 -137
- data/lib/contrast/agent/telemetry_event.rb +0 -33
- data/lib/contrast/utils/exclude_key.rb +0 -20
@@ -36,7 +36,7 @@ module Contrast
|
|
36
36
|
# @param ret [Object] the Return of the invoked method
|
37
37
|
# @param args [Array<Object>] the Arguments with which the method was invoked
|
38
38
|
# @return [Object, nil] the tracked Return or nil if no changes were made
|
39
|
-
def
|
39
|
+
def apply_source method_policy, object, ret, args
|
40
40
|
return unless analyze?(method_policy, object, ret, args)
|
41
41
|
return unless (source_node = method_policy.source_node)
|
42
42
|
|
@@ -56,11 +56,11 @@ module Contrast
|
|
56
56
|
target = dup
|
57
57
|
end
|
58
58
|
|
59
|
-
|
59
|
+
process_source(source_node, target, source_data, source_node.type, nil, *args)
|
60
60
|
|
61
61
|
return_val
|
62
62
|
end
|
63
|
-
Contrast::Components::Logger.add_trace_log_timing_for(SourceMethod, :
|
63
|
+
Contrast::Components::Logger.add_trace_log_timing_for(SourceMethod, :apply_source)
|
64
64
|
|
65
65
|
private
|
66
66
|
|
@@ -75,7 +75,7 @@ module Contrast
|
|
75
75
|
# @param source_name [String, nil] the name of this source, i.e. the key used to accessed if from a map or
|
76
76
|
# nil if a type like BODY
|
77
77
|
# @param args [Array<Object>] the Arguments with which the method was invoked
|
78
|
-
def
|
78
|
+
def process_source source_node, target, source_data, source_type, source_name = nil, *args
|
79
79
|
context = Contrast::Agent::REQUEST_TRACKER.current
|
80
80
|
return unless context && source_node && target
|
81
81
|
|
@@ -90,7 +90,7 @@ module Contrast
|
|
90
90
|
# values back to ourselves and try again
|
91
91
|
elsif Contrast::Utils::DuckUtils.iterable_enumerable?(target)
|
92
92
|
target.each do |value|
|
93
|
-
|
93
|
+
process_source(source_node, value, source_data, source_type, source_name, *args)
|
94
94
|
end
|
95
95
|
end
|
96
96
|
rescue StandardError => e
|
@@ -116,8 +116,8 @@ module Contrast
|
|
116
116
|
key = key.dup
|
117
117
|
to_replace << key
|
118
118
|
end
|
119
|
-
|
120
|
-
|
119
|
+
process_source(source_node, key, source_data, key_type(source_type), key, *args)
|
120
|
+
process_source(source_node, value, source_data, source_type, key, *args)
|
121
121
|
end
|
122
122
|
handle_hash_key(target, to_replace)
|
123
123
|
end
|
@@ -12,6 +12,7 @@ require 'contrast/agent/reporting/reporting_events/preflight'
|
|
12
12
|
require 'contrast/agent/reporting/reporting_events/preflight_message'
|
13
13
|
require 'contrast/agent/reporting/reporting_events/route_discovery'
|
14
14
|
require 'contrast/agent/reporting/reporting_utilities/reporting_storage'
|
15
|
+
require 'contrast/agent/reporting/reporting_utilities/build_preflight'
|
15
16
|
|
16
17
|
module Contrast
|
17
18
|
module Agent
|
@@ -152,16 +153,9 @@ module Contrast
|
|
152
153
|
ruby_finding.attach_data trigger_node, source, object, ret, request, *args
|
153
154
|
hash_code = Contrast::Utils::HashDigest.generate_event_hash(ruby_finding, source, request)
|
154
155
|
ruby_finding.hash_code = hash_code
|
155
|
-
|
156
|
-
Contrast::Agent::Reporting::
|
157
|
-
|
158
|
-
new_preflight = Contrast::Agent::Reporting::Preflight.new
|
159
|
-
new_preflight_message = Contrast::Agent::Reporting::PreflightMessage.new
|
160
|
-
new_preflight_message.routes << Contrast::Agent::Reporting::RouteDiscovery.convert(request.route)
|
161
|
-
new_preflight_message.hash_code = hash_code
|
162
|
-
new_preflight_message.data = "#{ trigger_node.rule_id },#{ hash_code }"
|
163
|
-
new_preflight.messages << new_preflight_message
|
164
|
-
Contrast::Agent.reporter&.send_event_immediately(new_preflight)
|
156
|
+
|
157
|
+
new_preflight = Contrast::Agent::Reporting::BuildPreflight.build(ruby_finding, request)
|
158
|
+
Contrast::Agent.reporter&.send_event(new_preflight)
|
165
159
|
end
|
166
160
|
|
167
161
|
private
|
@@ -40,7 +40,7 @@ module Contrast
|
|
40
40
|
# @param ranges [Array<Range>] the ranges to delete
|
41
41
|
# @param shift [Boolean] move remaining tags to the left to account
|
42
42
|
# for the deletion
|
43
|
-
def delete_tags_at_ranges ranges, shift
|
43
|
+
def delete_tags_at_ranges ranges, shift: true
|
44
44
|
return unless tracked?
|
45
45
|
|
46
46
|
# Stage one - delete the tags w/o changing their
|
@@ -113,12 +113,17 @@ module Contrast
|
|
113
113
|
class_name = clazz.cs__name
|
114
114
|
|
115
115
|
finding = assign_finding class_name, constant_string
|
116
|
-
Contrast::
|
116
|
+
activity = Contrast::Api::Dtm::Activity.new
|
117
|
+
activity.findings << finding
|
118
|
+
Contrast::Agent.messaging_queue.send_event_eventually(activity, force: true)
|
117
119
|
rescue StandardError => e
|
118
120
|
logger.error('Unable to build a finding for Hardcoded Rule', e)
|
119
121
|
nil
|
120
122
|
end
|
121
123
|
|
124
|
+
# @param class_name [String] the name of the class in which the hardcoded value is present
|
125
|
+
# @param constant_string [String] the name of the constant
|
126
|
+
# @return [Contrast::Api::Dtm::Finding]
|
122
127
|
def assign_finding class_name, constant_string
|
123
128
|
finding = Contrast::Api::Dtm::Finding.new
|
124
129
|
finding.rule_id = Contrast::Utils::StringUtils.protobuf_safe_string(rule_id)
|
@@ -158,7 +163,7 @@ module Contrast
|
|
158
163
|
|
159
164
|
def save_and_report_finding ruby_finding, new_preflight
|
160
165
|
Contrast::Agent::Reporting::ReportingStorage[hash] = ruby_finding
|
161
|
-
Contrast::Agent.reporter&.
|
166
|
+
Contrast::Agent.reporter&.send_event(new_preflight)
|
162
167
|
end
|
163
168
|
end
|
164
169
|
end
|
@@ -32,7 +32,7 @@ module Contrast
|
|
32
32
|
# @return [Hash, nil] the evidence required to prove the violation of the rule
|
33
33
|
def violated? response
|
34
34
|
body = response.body
|
35
|
-
forms = html_elements(body, FORM_START_REGEXP, true)
|
35
|
+
forms = html_elements(body, FORM_START_REGEXP, capture_overflow: true)
|
36
36
|
forms.each do |form|
|
37
37
|
# Because TeamServer will reject any subsequent form on the same page due to deduplication, we can
|
38
38
|
# skip out on the first violation.
|
@@ -4,6 +4,7 @@
|
|
4
4
|
require 'rack'
|
5
5
|
require 'json'
|
6
6
|
require 'contrast/agent/reporting/reporting_utilities/dtm_message'
|
7
|
+
require 'contrast/agent/reporting/reporting_utilities/build_preflight'
|
7
8
|
require 'contrast/utils/hash_digest'
|
8
9
|
require 'contrast/utils/preflight_util'
|
9
10
|
require 'contrast/utils/string_utils'
|
@@ -32,8 +33,13 @@ module Contrast
|
|
32
33
|
|
33
34
|
if Contrast::Agent::Reporter.enabled?
|
34
35
|
report = Contrast::Agent::Reporting::DtmMessage.dtm_to_event(finding)
|
35
|
-
|
36
|
-
|
36
|
+
if report.is_a?(Contrast::Agent::Reporting::Finding)
|
37
|
+
request = Contrast::Agent::REQUEST_TRACKER.current&.request
|
38
|
+
preflight = Contrast::Agent::Reporting::BuildPreflight.build(report, request)
|
39
|
+
Contrast::Agent.reporter&.send_event(preflight)
|
40
|
+
else
|
41
|
+
Contrast::Agent.reporter&.send_event(report)
|
42
|
+
end
|
37
43
|
else
|
38
44
|
Contrast::Agent::REQUEST_TRACKER.current.activity.findings << finding
|
39
45
|
end
|
@@ -58,7 +64,7 @@ module Contrast
|
|
58
64
|
|
59
65
|
# Determine if the Response violates the Rule or not. If it does, return the evidence that proves it so.
|
60
66
|
#
|
61
|
-
# @param
|
67
|
+
# @param _response [Contrast::Agent::Response] the response of the application
|
62
68
|
# @return [Hash, nil] the evidence required to prove the violation of the rule
|
63
69
|
def violated? _response; end
|
64
70
|
|
@@ -92,6 +98,8 @@ module Contrast
|
|
92
98
|
evidence.each_pair do |key, value|
|
93
99
|
finding.properties[key] = if value.cs__is_a?(Hash)
|
94
100
|
Contrast::Utils::StringUtils.protobuf_format(value.to_json)
|
101
|
+
elsif value.cs__is_a?(Array)
|
102
|
+
value.map { Contrast::Utils::StringUtils.protobuf_format(_1) }.to_s
|
95
103
|
else
|
96
104
|
Contrast::Utils::StringUtils.protobuf_format(value)
|
97
105
|
end
|
@@ -45,7 +45,7 @@ module Contrast
|
|
45
45
|
# @param section [String,nil] html section to find element
|
46
46
|
# @param element_start_str [String] element to find in html section
|
47
47
|
# @return [Array<Hash>] the found elements of this section, as well as their start and end indexes.
|
48
|
-
def html_elements section, element_start_str = '', capture_overflow
|
48
|
+
def html_elements section, element_start_str = '', capture_overflow: false
|
49
49
|
elements = []
|
50
50
|
section_start = 0
|
51
51
|
return [] unless section
|
@@ -61,7 +61,7 @@ module Contrast
|
|
61
61
|
next unless element_stop
|
62
62
|
|
63
63
|
section_close = section_start + 6 + element_stop
|
64
|
-
elements << capture(section, section_start, section_close, element_stop, capture_overflow)
|
64
|
+
elements << capture(section, section_start, section_close, element_stop, overflow: capture_overflow)
|
65
65
|
section_start = section_close
|
66
66
|
end
|
67
67
|
elements
|
@@ -82,7 +82,7 @@ module Contrast
|
|
82
82
|
# @param body_close [Integer] the end of the range to take from the body
|
83
83
|
# @param tag_stop [Integer] the index of the end of the html tag from its start
|
84
84
|
# @return [Hash]
|
85
|
-
def capture body, body_start, body_close, tag_stop, overflow
|
85
|
+
def capture body, body_start, body_close, tag_stop, overflow: false
|
86
86
|
tag = {}
|
87
87
|
# Capture the 50 characters in front of the form, or up to the start if the form starts before 50.
|
88
88
|
if overflow
|
@@ -36,50 +36,64 @@ module Contrast
|
|
36
36
|
# @param response [Contrast::Agent::Response] the response of the application
|
37
37
|
# @return [Hash, nil] the evidence required to prove the violation of the rule
|
38
38
|
def violated? response
|
39
|
-
|
40
|
-
return evidence unless evidence.nil?
|
39
|
+
return unless header?(response) && meta_tag?(response)
|
41
40
|
|
42
|
-
|
43
|
-
return
|
44
|
-
return {} if !has_header && !has_tag
|
41
|
+
header_evidence = header_evidence(response)
|
42
|
+
return if header_evidence.nil?
|
45
43
|
|
46
|
-
|
44
|
+
tag_evidence = tag_evidence(response)
|
45
|
+
return if tag_evidence.nil?
|
46
|
+
|
47
|
+
{ DATA => [header_evidence, tag_evidence] }
|
47
48
|
end
|
48
49
|
|
49
|
-
#
|
50
|
+
# Is a cache-control header available?
|
50
51
|
# @param response [Contrast::Agent::Response] the response of the application
|
51
|
-
# @return [
|
52
|
-
def
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
has_header = !!cache_control
|
66
|
-
not_valid = has_header && !valid_header?(cache_control)
|
67
|
-
return has_header, evidence(HEADER_TYPE, NAME, cache_control) if not_valid
|
52
|
+
# @return [Boolean]
|
53
|
+
def header? response
|
54
|
+
cache_control = cache_control_from(response)
|
55
|
+
framework_supported? ? !cache_control.blank? : !!cache_control
|
56
|
+
end
|
57
|
+
|
58
|
+
# Is a cache-control meta tag available?
|
59
|
+
# @param response [Contrast::Agent::Response] the response of the application
|
60
|
+
# @return [Boolean]
|
61
|
+
def meta_tag? response
|
62
|
+
return false if meta_tags(response).empty?
|
63
|
+
|
64
|
+
meta_tags(response).each do |tag|
|
65
|
+
return true if meta_cache_tag? tag[HTML_PROP]
|
68
66
|
end
|
69
|
-
|
67
|
+
|
68
|
+
false
|
70
69
|
end
|
71
70
|
|
72
|
-
|
71
|
+
def meta_tags response
|
72
|
+
return @_meta_tags if defined? @meta_tags
|
73
|
+
|
74
|
+
@_meta_tags = html_elements(response.body&.split(HEAD_TAG)&.last, META_START_STR)
|
75
|
+
end
|
76
|
+
|
77
|
+
# Process Header value to determine if it violates rule
|
78
|
+
# @param response [Contrast::Agent::Response] the response of the application
|
79
|
+
# @return [Hash, nil] the evidence hash or nil
|
80
|
+
def header_evidence response
|
81
|
+
cache_control = cache_control_from(response)
|
82
|
+
value = framework_supported? ? cache_control : cache_control_to_s(cache_control)
|
83
|
+
# If header is valid, then this portion of the rule isn't violated.
|
84
|
+
return if valid_header?(value)
|
85
|
+
|
86
|
+
# evidence requires header value string, pull directly instead of rebuilding from hash
|
87
|
+
evidence(HEADER_TYPE, NAME, value)
|
88
|
+
end
|
89
|
+
|
90
|
+
# Process Body to determine if cache control meta tag violates rule
|
73
91
|
# @param response [Contrast::Agent::Response] the response of the application
|
74
|
-
# @return [
|
75
|
-
def
|
76
|
-
|
77
|
-
|
78
|
-
meta_tags = html_elements(body&.split(HEAD_TAG)&.last, META_START_STR)
|
79
|
-
meta_tags.each do |tag|
|
80
|
-
return true, evidence(META_TYPE, PRAGMA, tag[HTML_PROP]) if meta_cache_tag? tag[HTML_PROP]
|
92
|
+
# @return [Hash, nil] the evidence hash or nil
|
93
|
+
def tag_evidence response
|
94
|
+
meta_tags(response).each do |tag|
|
95
|
+
return evidence(META_TYPE, PRAGMA, tag[HTML_PROP]) if meta_cache_tag? tag[HTML_PROP]
|
81
96
|
end
|
82
|
-
[!meta_tags.empty?, nil]
|
83
97
|
end
|
84
98
|
|
85
99
|
def potential_elements section, element_start
|
@@ -121,13 +135,23 @@ module Contrast
|
|
121
135
|
end
|
122
136
|
|
123
137
|
# This method accepts the violation and transforms it to the proper hash
|
124
|
-
# before
|
138
|
+
# before returning a violation
|
125
139
|
#
|
126
140
|
# @param type [String] String of Header or META of the type
|
127
141
|
# @param name [String] String of either cache-control or pragma
|
128
142
|
# @param value [String] String of the violated value
|
129
143
|
def evidence type, name, value
|
130
|
-
{
|
144
|
+
{ type: type, name: name, value: value }.to_json
|
145
|
+
end
|
146
|
+
|
147
|
+
def cache_control_from response
|
148
|
+
# Rails 7 adds support for the cache_control header directly in the
|
149
|
+
# rack response, we should use that value
|
150
|
+
if framework_supported? && response.rack_response.cs__is_a?(Rack::Response)
|
151
|
+
response.rack_response.cache_control
|
152
|
+
else
|
153
|
+
get_header_value(response)
|
154
|
+
end
|
131
155
|
end
|
132
156
|
|
133
157
|
# Rebuilds the String value of the Cache-Control Header
|
@@ -1,8 +1,6 @@
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
-
require 'rails'
|
5
|
-
|
6
4
|
module Contrast
|
7
5
|
module Agent
|
8
6
|
module Assess
|
@@ -10,11 +8,13 @@ module Contrast
|
|
10
8
|
module Response
|
11
9
|
module Framework
|
12
10
|
# Rails 7 supports managing potential unsafe Headers
|
13
|
-
# this module contains methods for checking if Rails 7
|
11
|
+
# this module contains methods for checking if Rails 7 supersedes our rules
|
14
12
|
module RailsSupport
|
15
13
|
RAILS_VERSION = Gem::Version.new('7.0.0')
|
16
14
|
|
17
15
|
def framework_supported?
|
16
|
+
return false unless defined?(::Rails)
|
17
|
+
|
18
18
|
rails_version = ::Rails.version
|
19
19
|
return false unless !!rails_version
|
20
20
|
|
@@ -32,7 +32,7 @@ module Contrast
|
|
32
32
|
# @return [Hash, nil] the evidence required to prove the violation of the rule
|
33
33
|
def violated? response
|
34
34
|
body = response.body
|
35
|
-
forms = html_elements(body, FORM_START_REGEXP, true)
|
35
|
+
forms = html_elements(body, FORM_START_REGEXP, capture_overflow: true)
|
36
36
|
forms.each do |form|
|
37
37
|
# Because TeamServer will reject any subsequent form on the same page due to deduplication, we can
|
38
38
|
# skip out on the first violation.
|
@@ -1,10 +1,9 @@
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require 'contrast/agent/assess/rule/response/framework/rails_support'
|
4
5
|
require 'contrast/agent/assess/rule/response/header_rule'
|
5
6
|
require 'contrast/utils/string_utils'
|
6
|
-
require 'contrast/agent/assess/rule/response/framework/rails_support'
|
7
|
-
require 'rails'
|
8
7
|
|
9
8
|
module Contrast
|
10
9
|
module Agent
|
@@ -31,7 +31,7 @@ module Contrast
|
|
31
31
|
context = Contrast::Agent::REQUEST_TRACKER.current
|
32
32
|
return unless context
|
33
33
|
|
34
|
-
Contrast::Agent.messaging_queue
|
34
|
+
Contrast::Agent.messaging_queue&.send_event_immediately(context.activity)
|
35
35
|
end
|
36
36
|
end
|
37
37
|
end
|
@@ -24,13 +24,6 @@ module Contrast
|
|
24
24
|
def method_scope
|
25
25
|
:contrast
|
26
26
|
end
|
27
|
-
|
28
|
-
# TODO: RUBY-99999 remove, used to clean up logs while debugging
|
29
|
-
# def validate
|
30
|
-
# return if class_name
|
31
|
-
#
|
32
|
-
# raise(ArgumentError, "#{ node_class } #{ id } did not have a proper class name. Unable to create.")
|
33
|
-
# end
|
34
27
|
end
|
35
28
|
end
|
36
29
|
end
|
@@ -35,12 +35,6 @@ module Contrast
|
|
35
35
|
end
|
36
36
|
end
|
37
37
|
|
38
|
-
def validate
|
39
|
-
return if class_name
|
40
|
-
|
41
|
-
raise(ArgumentError, "#{ node_class } #{ id } did not have a proper class name. Unable to create.")
|
42
|
-
end
|
43
|
-
|
44
38
|
def module_names
|
45
39
|
@_module_names ||= Set.new(deadzones.map(&:class_name))
|
46
40
|
end
|
@@ -51,7 +51,7 @@ module Contrast
|
|
51
51
|
|
52
52
|
@urls = []
|
53
53
|
@exclusion.urls.each do |url|
|
54
|
-
url_pattern = build_regexp(url, true, true)
|
54
|
+
url_pattern = build_regexp(url, start_anchor: true, end_anchor: true)
|
55
55
|
@urls << url_pattern if url_pattern
|
56
56
|
end
|
57
57
|
end
|
@@ -66,7 +66,7 @@ module Contrast
|
|
66
66
|
@wildcard_exclusions = []
|
67
67
|
@exclusion.denylist.each do |code|
|
68
68
|
class_name, method_name = code.split(Contrast::Utils::ObjectShare::COLON)
|
69
|
-
class_pattern = build_regexp(class_name, false, true)
|
69
|
+
class_pattern = build_regexp(class_name, start_anchor: false, end_anchor: true)
|
70
70
|
method_pattern = build_regexp(method_name)
|
71
71
|
next unless class_pattern && method_pattern
|
72
72
|
|
@@ -74,7 +74,7 @@ module Contrast
|
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
77
|
-
def build_regexp pattern, start_anchor
|
77
|
+
def build_regexp pattern, start_anchor: false, end_anchor: false
|
78
78
|
pattern = Contrast::Utils::ObjectShare::CARROT + pattern if start_anchor
|
79
79
|
pattern += Contrast::Utils::ObjectShare::DOLLAR_SIGN if end_anchor
|
80
80
|
Regexp.compile(pattern)
|
@@ -44,20 +44,27 @@ module Contrast
|
|
44
44
|
end
|
45
45
|
end
|
46
46
|
rescue StandardError => e
|
47
|
-
logger.
|
47
|
+
logger.warn('Unable to append db config', e)
|
48
48
|
nil
|
49
49
|
end
|
50
50
|
|
51
51
|
private
|
52
52
|
|
53
53
|
# We capture the active record configuration used by this application, as reported by
|
54
|
-
# ActiveRecord::Base.
|
54
|
+
# ActiveRecord::Base.connection_db_config, so that we can record it once and report it as needed.
|
55
55
|
#
|
56
56
|
# @return [Hash]
|
57
57
|
def active_record_config
|
58
58
|
return @_active_record_config if instance_variable_defined?(:@_active_record_config)
|
59
59
|
|
60
|
-
@_active_record_config = ActiveRecord::Base.
|
60
|
+
@_active_record_config = if ActiveRecord::Base.cs__respond_to?(:connection_db_config)
|
61
|
+
ActiveRecord::Base.connection_db_config
|
62
|
+
else
|
63
|
+
# TODO: RUBY-99999 - Remove when Rails 6.0 is not supported
|
64
|
+
ActiveRecord::Base.connection_config
|
65
|
+
end
|
66
|
+
rescue StandardError
|
67
|
+
nil
|
61
68
|
end
|
62
69
|
|
63
70
|
# The classes we instrument in order to determine which, if any, database(s) an application connects to take
|
@@ -13,7 +13,7 @@ require 'contrast/utils/heap_dump_util'
|
|
13
13
|
require 'contrast/utils/telemetry'
|
14
14
|
require 'contrast/agent/request_handler'
|
15
15
|
require 'contrast/agent/static_analysis'
|
16
|
-
require 'contrast/agent/
|
16
|
+
require 'contrast/agent/telemetry/events/startup_metrics_event'
|
17
17
|
require 'contrast/utils/middleware_utils'
|
18
18
|
|
19
19
|
require 'contrast/utils/timer'
|
@@ -78,9 +78,9 @@ module Contrast
|
|
78
78
|
Contrast::Agent.thread_watcher.ensure_running?
|
79
79
|
end
|
80
80
|
|
81
|
-
if Contrast::Agent::Telemetry.enabled?
|
81
|
+
if Contrast::Agent::Telemetry::Base.enabled?
|
82
82
|
logger.debug_with_time('middleware: sending startup metrics telemetry event') do
|
83
|
-
event = Contrast::Agent::
|
83
|
+
event = Contrast::Agent::Telemetry::StartupMetricsEvent.new
|
84
84
|
Contrast::Agent.thread_watcher.telemetry_queue.send_event(event)
|
85
85
|
end
|
86
86
|
end
|
@@ -163,6 +163,8 @@ module Contrast
|
|
163
163
|
|
164
164
|
# Build and report all collected findings prior response
|
165
165
|
Contrast::Agent::FINDINGS.report_collected_findings unless Contrast::Agent::FINDINGS.collection.empty?
|
166
|
+
# All protect rules, which are trigger but require response to be reported
|
167
|
+
Contrast::Agent::EXPLOITS.report_recorded_exploits context unless Contrast::Agent::EXPLOITS.collection.empty?
|
166
168
|
|
167
169
|
if Contrast::Agent.framework_manager.streaming?(env)
|
168
170
|
context.reset_activity
|
@@ -114,16 +114,15 @@ module Contrast
|
|
114
114
|
# (equivalent to :alias, where `module = module.singleton class`)
|
115
115
|
# (this is a.k.a. "class-method patch")
|
116
116
|
# :prepend -> prepend instance method of module
|
117
|
-
#
|
117
|
+
# :prepending singleton -> prepend singleton method of module
|
118
118
|
# @return [Symbol] new alias for the underlying method (presumably, so the patched method can call it)
|
119
119
|
def register_c_patch target_module_name, unbound_method, impl = :alias_instance
|
120
120
|
# These could be set as AfterLoadPatches.
|
121
121
|
method_name = unbound_method.name.to_sym # rubocop:disable Security/Module/Name -- ruby built in attribute.
|
122
|
-
underlying_method_name =
|
122
|
+
underlying_method_name = underlying_method_name(method_name, impl)
|
123
123
|
|
124
124
|
target_module = Module.cs__const_get(target_module_name)
|
125
|
-
target_module = target_module.cs__singleton_class if %i[prepend_singleton
|
126
|
-
target_module = target_module.cs__singleton_class if %i[alias_singleton prepend].include? impl
|
125
|
+
target_module = target_module.cs__singleton_class if %i[prepend_singleton alias_singleton].include? impl
|
127
126
|
|
128
127
|
visibility = if target_module.private_instance_methods(false).include?(method_name)
|
129
128
|
:private
|
@@ -161,7 +160,7 @@ module Contrast
|
|
161
160
|
# @param visibility [Symbol] method visibility
|
162
161
|
def reflect_implementation impl, target_module, unbound_method, visibility
|
163
162
|
method_name = unbound_method.name.to_sym # rubocop:disable Security/Module/Name -- ruby built in attribute.
|
164
|
-
underlying_method_name =
|
163
|
+
underlying_method_name = underlying_method_name(method_name, impl)
|
165
164
|
|
166
165
|
case impl
|
167
166
|
when :alias_instance, :alias_singleton
|
@@ -174,14 +173,10 @@ module Contrast
|
|
174
173
|
end
|
175
174
|
target_module.send(visibility, method_name) # e.g., module.private(:my_method)
|
176
175
|
when :prepend_instance, :prepend_singleton
|
176
|
+
prepending_module = Module.new
|
177
|
+
prepending_module.send(:define_method, method_name, unbound_method.bind(target_module))
|
178
|
+
prepending_module.send(visibility, method_name)
|
177
179
|
|
178
|
-
unless target_module.instance_methods(false).include? underlying_method_name
|
179
|
-
|
180
|
-
prepending_module = Module.new
|
181
|
-
prepending_module.send(:define_method, method_name, unbound_method.bind(target_module))
|
182
|
-
prepending_module.send(visibility, method_name)
|
183
|
-
|
184
|
-
end
|
185
180
|
# This prepends to the singleton class (it patches a class method)
|
186
181
|
target_module.prepend prepending_module
|
187
182
|
# rubocop:enable Performance/Kernel/DefineMethod
|
@@ -207,6 +202,12 @@ module Contrast
|
|
207
202
|
|
208
203
|
!ASSESS&.enabled?
|
209
204
|
end
|
205
|
+
|
206
|
+
def underlying_method_name method_name, impl
|
207
|
+
return method_name.to_sym if %i[prepend_instance prepend_singleton].include? impl
|
208
|
+
|
209
|
+
build_unbound_method_name(method_name).to_sym
|
210
|
+
end
|
210
211
|
end
|
211
212
|
end
|
212
213
|
end
|
@@ -133,7 +133,7 @@ module Contrast
|
|
133
133
|
# @param module_data [Contrast::Agent::ModuleData] the module, and its name, that's being patched into
|
134
134
|
# @param redo_patch [Boolean] a trigger to force patching regardless of the state of the
|
135
135
|
# Contrast::Agent::Patching::Policy::PatchStatus status on the Module
|
136
|
-
def patch_into_module module_data, redo_patch
|
136
|
+
def patch_into_module module_data, redo_patch: false
|
137
137
|
status = Contrast::Agent::Patching::Policy::PatchStatus.get_status(module_data.mod)
|
138
138
|
return if (status&.patched? || status&.patching?) && !redo_patch
|
139
139
|
|
@@ -179,7 +179,7 @@ module Contrast
|
|
179
179
|
# @param private [Boolean] Indicate if the query should include
|
180
180
|
# private, as well as public, instance methods
|
181
181
|
# @return [Array<Symbol>]
|
182
|
-
def all_instance_methods mod, private
|
182
|
+
def all_instance_methods mod, private: false
|
183
183
|
instance_methods = mod.instance_methods(false)
|
184
184
|
# C magic rb_define_global_function creates private instance
|
185
185
|
# methods. We need to instrument those dudes
|
@@ -206,8 +206,8 @@ module Contrast
|
|
206
206
|
# this module, sorted by type.
|
207
207
|
def patch_into_instance_methods module_data, module_policy
|
208
208
|
mod = module_data.mod
|
209
|
-
methods = all_instance_methods(mod, true)
|
210
|
-
methods.delete(:initialize) if mod.to_s.
|
209
|
+
methods = all_instance_methods(mod, private: true)
|
210
|
+
methods.delete(:initialize) if mod.to_s.start_with?('RSpec') && mod.to_s.include?('Matchers')
|
211
211
|
patch_into_methods(mod, methods, module_policy, true)
|
212
212
|
end
|
213
213
|
|
@@ -2,6 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/components/scope'
|
5
|
+
require 'contrast/utils/object_share'
|
5
6
|
|
6
7
|
module Contrast
|
7
8
|
module Agent
|
@@ -14,8 +15,20 @@ module Contrast
|
|
14
15
|
class PolicyNode
|
15
16
|
include Contrast::Components::Scope::InstanceMethods
|
16
17
|
|
17
|
-
|
18
|
-
|
18
|
+
# Name of the class in which the method is being invoked.
|
19
|
+
attr_accessor :class_name
|
20
|
+
# Check for instance method.
|
21
|
+
#
|
22
|
+
# @return true | false
|
23
|
+
attr_accessor :instance_method
|
24
|
+
# The symbol representation of the invoked method.
|
25
|
+
attr_accessor :method_name
|
26
|
+
# Visibility of the invoked method [Private, Public, Protected]
|
27
|
+
attr_accessor :method_visibility
|
28
|
+
# Properties parsed from our JSON policy.
|
29
|
+
attr_reader :properties
|
30
|
+
# Scope of the method parsed from our JSON policy.
|
31
|
+
attr_reader :method_scope
|
19
32
|
|
20
33
|
def node_class
|
21
34
|
raise NoMethodError, 'specify the type of the feature for which this node patches'
|