contrast-agent 5.3.0 → 6.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/cs__assess_array/cs__assess_array.c +7 -0
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +19 -5
- data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
- data/ext/cs__assess_hash/cs__assess_hash.c +3 -4
- data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -2
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +26 -12
- data/ext/cs__assess_module/cs__assess_module.c +1 -1
- data/ext/cs__assess_string/cs__assess_string.c +13 -1
- data/ext/cs__common/cs__common.c +12 -11
- data/ext/cs__contrast_patch/cs__contrast_patch.c +54 -43
- data/ext/cs__os_information/cs__os_information.c +13 -10
- data/ext/cs__scope/cs__scope.c +146 -97
- data/lib/contrast/agent/assess/finalizers/hash.rb +2 -0
- data/lib/contrast/agent/assess/policy/policy_node.rb +50 -27
- data/lib/contrast/agent/assess/policy/policy_node_utils.rb +51 -0
- data/lib/contrast/agent/assess/policy/preshift.rb +8 -2
- data/lib/contrast/agent/assess/policy/propagation_method.rb +47 -13
- data/lib/contrast/agent/assess/policy/propagator/buffer.rb +118 -0
- data/lib/contrast/agent/assess/policy/propagator/keep.rb +19 -4
- data/lib/contrast/agent/assess/policy/propagator/remove.rb +18 -2
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +17 -3
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/substitution_utils.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator.rb +1 -0
- data/lib/contrast/agent/assess/policy/source_method.rb +7 -7
- data/lib/contrast/agent/assess/policy/trigger_method.rb +3 -1
- data/lib/contrast/agent/assess/property/tagged.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/auto_complete_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/body_rule.rb +3 -3
- data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/parameters_pollution_rule.rb +1 -1
- data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +0 -7
- data/lib/contrast/agent/deadzone/policy/policy.rb +0 -6
- data/lib/contrast/agent/exclusion_matcher.rb +3 -3
- data/lib/contrast/agent/middleware.rb +3 -1
- data/lib/contrast/agent/patching/policy/patcher.rb +3 -3
- data/lib/contrast/agent/patching/policy/policy_node.rb +15 -2
- data/lib/contrast/agent/protect/exploitable_collection.rb +38 -0
- data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +61 -8
- data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +2 -1
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +2 -2
- data/lib/contrast/agent/protect/rule/base.rb +37 -5
- data/lib/contrast/agent/protect/rule/base_service.rb +3 -1
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +13 -0
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +83 -0
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_worth_watching.rb +64 -0
- data/lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb +96 -0
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +8 -0
- data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +231 -0
- data/lib/contrast/agent/protect/rule/no_sqli.rb +27 -0
- data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +18 -54
- data/lib/contrast/agent/protect/rule/sqli/sqli_worth_watching.rb +1 -4
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +82 -0
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_matcher.rb +45 -0
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +42 -0
- data/lib/contrast/agent/reporting/attack_result/attack_result.rb +63 -0
- data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +52 -0
- data/lib/contrast/agent/reporting/attack_result/response_type.rb +29 -0
- data/lib/contrast/agent/reporting/attack_result/user_input.rb +87 -0
- data/lib/contrast/agent/reporting/masker/masker.rb +246 -0
- data/lib/contrast/agent/reporting/masker/masker_utils.rb +58 -0
- data/lib/contrast/agent/reporting/report.rb +2 -0
- data/lib/contrast/agent/reporting/reporter.rb +23 -11
- data/lib/contrast/agent/reporting/reporting_events/agent_startup.rb +30 -0
- data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +7 -3
- data/lib/contrast/agent/reporting/reporting_events/application_startup.rb +40 -0
- data/lib/contrast/agent/reporting/reporting_events/application_startup_instrumentation.rb +27 -0
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +5 -5
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +9 -9
- data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +2 -1
- data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +2 -1
- data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +8 -6
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +16 -5
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +27 -26
- data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +97 -0
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +68 -6
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_mode.rb +63 -0
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +122 -96
- data/lib/contrast/agent/reporting/settings/application_settings.rb +9 -0
- data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +5 -33
- data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +1 -1
- data/lib/contrast/agent/reporting/settings/sampling.rb +36 -0
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +110 -0
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +58 -0
- data/lib/contrast/agent/request_context.rb +1 -1
- data/lib/contrast/agent/request_context_extend.rb +1 -1
- data/lib/contrast/agent/request_handler.rb +4 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +51 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +36 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +97 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +65 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +47 -0
- data/lib/contrast/agent/{metric_telemetry_event.rb → telemetry/events/metric_telemetry_event.rb} +1 -1
- data/lib/contrast/agent/{startup_metrics_telemetry_event.rb → telemetry/events/startup_metrics_telemetry_event.rb} +3 -3
- data/lib/contrast/agent/{telemetry_event.rb → telemetry/events/telemetry_event.rb} +1 -1
- data/lib/contrast/agent/{telemetry.rb → telemetry/telemetry.rb} +32 -19
- data/lib/contrast/agent/thread_watcher.rb +1 -1
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent.rb +3 -0
- data/lib/contrast/api/communication/speedracer.rb +1 -1
- data/lib/contrast/api/decorators/address.rb +1 -1
- data/lib/contrast/api/decorators/response_type.rb +30 -0
- data/lib/contrast/api/decorators.rb +1 -0
- data/lib/contrast/components/app_context.rb +0 -4
- data/lib/contrast/components/assess.rb +14 -0
- data/lib/contrast/components/protect.rb +2 -2
- data/lib/contrast/components/sampling.rb +7 -11
- data/lib/contrast/components/settings.rb +106 -8
- data/lib/contrast/config/agent_configuration.rb +13 -30
- data/lib/contrast/config/api_configuration.rb +4 -67
- data/lib/contrast/config/api_proxy_configuration.rb +2 -45
- data/lib/contrast/config/application_configuration.rb +9 -84
- data/lib/contrast/config/assess_configuration.rb +10 -69
- data/lib/contrast/config/assess_rules_configuration.rb +9 -38
- data/lib/contrast/config/base_configuration.rb +17 -50
- data/lib/contrast/config/certification_configuration.rb +6 -63
- data/lib/contrast/config/exception_configuration.rb +5 -52
- data/lib/contrast/config/heap_dump_configuration.rb +6 -64
- data/lib/contrast/config/inventory_configuration.rb +2 -49
- data/lib/contrast/config/logger_configuration.rb +0 -36
- data/lib/contrast/config/protect_configuration.rb +17 -7
- data/lib/contrast/config/protect_rule_configuration.rb +12 -30
- data/lib/contrast/config/protect_rules_configuration.rb +21 -26
- data/lib/contrast/config/request_audit_configuration.rb +6 -48
- data/lib/contrast/config/root_configuration.rb +52 -12
- data/lib/contrast/config/ruby_configuration.rb +0 -36
- data/lib/contrast/config/sampling_configuration.rb +1 -57
- data/lib/contrast/config/server_configuration.rb +0 -36
- data/lib/contrast/config/service_configuration.rb +5 -44
- data/lib/contrast/configuration.rb +2 -3
- data/lib/contrast/extension/assess/string.rb +20 -1
- data/lib/contrast/extension/module.rb +0 -1
- data/lib/contrast/framework/manager.rb +2 -2
- data/lib/contrast/logger/application.rb +1 -1
- data/lib/contrast/logger/cef_log.rb +1 -1
- data/lib/contrast/tasks/config.rb +90 -3
- data/lib/contrast/utils/assess/object_store.rb +36 -0
- data/lib/contrast/utils/assess/propagation_method_utils.rb +6 -0
- data/lib/contrast/utils/class_util.rb +3 -12
- data/lib/contrast/utils/input_classification.rb +73 -0
- data/lib/contrast/utils/log_utils.rb +1 -1
- data/lib/contrast/utils/middleware_utils.rb +9 -8
- data/lib/contrast/utils/net_http_base.rb +1 -1
- data/lib/contrast/utils/object_share.rb +2 -1
- data/lib/contrast/utils/os.rb +0 -5
- data/lib/contrast/utils/patching/policy/patch_utils.rb +4 -5
- data/lib/contrast/utils/response_utils.rb +18 -33
- data/lib/contrast/utils/telemetry.rb +1 -1
- data/lib/contrast/utils/telemetry_client.rb +1 -1
- data/lib/contrast/utils/telemetry_identifier.rb +1 -1
- data/resources/assess/policy.json +98 -0
- data/resources/deadzone/policy.json +0 -86
- data/ruby-agent.gemspec +9 -8
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +73 -28
@@ -2,6 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/api/settings.pb'
|
5
|
+
require 'contrast/agent/reporting/settings/sensitive_data_masking'
|
5
6
|
|
6
7
|
module Contrast
|
7
8
|
module Components
|
@@ -13,12 +14,14 @@ module Contrast
|
|
13
14
|
APPLICATION_STATE_BASE = Struct.new(:modes_by_id, :exclusion_matchers).
|
14
15
|
new(Hash.new(Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION), [])
|
15
16
|
PROTECT_STATE_BASE = Struct.new(:enabled, :rules).new(false, {})
|
16
|
-
ASSESS_STATE_BASE = Struct.new(:enabled, :sampling_settings, :disabled_assess_rules).new(false, nil,
|
17
|
+
ASSESS_STATE_BASE = Struct.new(:enabled, :sampling_settings, :disabled_assess_rules, :session_id).new(false, nil,
|
18
|
+
[], nil) do
|
17
19
|
def sampling_settings= new_val
|
18
20
|
@sampling_settings = new_val
|
19
21
|
Contrast::Utils::Assess::SamplingUtil.instance.update
|
20
22
|
end
|
21
23
|
end
|
24
|
+
SENSITIVE_DATA_MASKING_BASE = Contrast::Agent::Reporting::Settings::SensitiveDataMasking.new
|
22
25
|
|
23
26
|
# This is a class.
|
24
27
|
class Interface
|
@@ -26,7 +29,63 @@ module Contrast
|
|
26
29
|
|
27
30
|
# tainted_columns are database columns that receive unsanitized input.
|
28
31
|
attr_reader :tainted_columns # This can probably go into assess_state?
|
29
|
-
|
32
|
+
# Current state for Assess.
|
33
|
+
# enabled [Boolean] Indicate if the assess feature set is enabled for this server or not.
|
34
|
+
#
|
35
|
+
# sampling [Hash<AssessSampling>] Hash of AssessSampling Used to control the sampling feature in the agent: {
|
36
|
+
# baseline [Integer] The number of baseline requests to take before switching to sampling
|
37
|
+
# for the window.
|
38
|
+
# enabled [Boolean] If the sampling feature should be used or not.
|
39
|
+
# frequency [Integer] The number of requests to skip before observing during the sampling
|
40
|
+
# window after the baseline.
|
41
|
+
# responseFrequency [Integer]
|
42
|
+
# window [Integer]
|
43
|
+
# }
|
44
|
+
#
|
45
|
+
# disabled_assess_rules [array<AssessRuleID(String)>] Assess rules to disable for this application.
|
46
|
+
attr_reader :assess_state
|
47
|
+
# Current State for Protect.
|
48
|
+
# enabled [Boolean] Indicate if the protect feature set is enabled for this server or not.
|
49
|
+
#
|
50
|
+
# Protection rules are returned as:
|
51
|
+
# rules [Hash<RULE_ID => MODE>, nil] Hash with rule_id as key and mode as value
|
52
|
+
attr_reader :protect_state
|
53
|
+
# Current Application State.
|
54
|
+
#
|
55
|
+
# modes_by_id [Hash<Rule_id => Mode] Returns Hash with rules and their current mode.
|
56
|
+
# exclusion_matchers [Array] Array of all the exclusions.
|
57
|
+
# code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
|
58
|
+
# name [String] The name of the exclusion as defined by the user in TS.
|
59
|
+
# modes [String] If this exclusion applies to assess or protect. [assess, defend]
|
60
|
+
# assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
|
61
|
+
# denylist [String] The call, if in the stack, should result in the agent not taking action.
|
62
|
+
# input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
|
63
|
+
# name [String] The name of the input.
|
64
|
+
# modes [String] If this exclusion applies to assess or protect. [assess, defend]
|
65
|
+
# assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
|
66
|
+
# protect_rules [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
|
67
|
+
# urls [Array] Array of URLs to which the exclusions apply. URL [String]
|
68
|
+
# match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
|
69
|
+
# type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
|
70
|
+
# }
|
71
|
+
# url_exclusions [Array<UrlExclusions>] Array of UrlExclusions: {
|
72
|
+
# name [String] The name of the input.
|
73
|
+
# modes [String] If this exclusion applies to assess or protect. [assess, defend]
|
74
|
+
# assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
|
75
|
+
# protect_rules [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
|
76
|
+
# urls [Array] Array of URLs to which the exclusions apply. URL [String]
|
77
|
+
# match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
|
78
|
+
# type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
|
79
|
+
# }
|
80
|
+
attr_reader :application_state
|
81
|
+
# This the structure that will hold the masking rules send from TS.
|
82
|
+
#
|
83
|
+
# @return [Contrast::Agent::Reporting::Settings::SensitiveDataMasking]:
|
84
|
+
# mask_http_body [Boolean] Policy flag to enable the use of masking on request body.
|
85
|
+
# rules [Array<Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule>]
|
86
|
+
# Rules to follow when using the masking. Each rules contains Id [String]
|
87
|
+
# and Keywords [Array<String>].
|
88
|
+
attr_reader :sensitive_data_masking
|
30
89
|
|
31
90
|
def initialize
|
32
91
|
reset_state
|
@@ -38,10 +97,14 @@ module Contrast
|
|
38
97
|
|
39
98
|
# @param features [Contrast::Api::Settings::ServerFeatures, Contrast::Agent::Reporting::Response]
|
40
99
|
def update_from_server_features features
|
41
|
-
if features
|
42
|
-
|
43
|
-
|
44
|
-
|
100
|
+
if features.cs__is_a?(Contrast::Agent::Reporting::Response)
|
101
|
+
server_features = features.server_features
|
102
|
+
log_file = server_features.log_file
|
103
|
+
log_level = server_features.log_level
|
104
|
+
Contrast::Logger::Log.instance.update(log_file, log_level) if log_file || log_level
|
105
|
+
@protect_state.enabled = server_features.protect.enabled?
|
106
|
+
@assess_state.enabled = server_features.assess.enabled?
|
107
|
+
@assess_state.sampling_settings = server_features.assess.sampling
|
45
108
|
else
|
46
109
|
@protect_state.enabled = features.protect_enabled?
|
47
110
|
@assess_state.enabled = features.assess_enabled?
|
@@ -52,10 +115,13 @@ module Contrast
|
|
52
115
|
# @param features [Contrast::Api::Settings::ApplicationSettings, Contrast::Agent::Reporting::Response]
|
53
116
|
def update_from_application_settings features
|
54
117
|
if features&.class == Contrast::Agent::Reporting::Response
|
55
|
-
|
118
|
+
settings = features.application_settings
|
119
|
+
@application_state.modes_by_id = settings.protect.protection_rules_to_settings_hash
|
56
120
|
# TODO: RUBY-1438 this needs to be translated
|
57
121
|
# @application_state.exclusion_matchers = new_vals[:exclusion_matchers]
|
58
|
-
|
122
|
+
update_sensitive_data_policy(settings.sensitive_data_masking)
|
123
|
+
@assess_state.disabled_assess_rules = settings.assess.disabled_rules
|
124
|
+
@assess_state.session_id = settings.assess.session_id if settings.assess.session_id
|
59
125
|
else
|
60
126
|
new_vals = features.application_state_translation
|
61
127
|
@application_state.modes_by_id = new_vals[:modes_by_id]
|
@@ -70,6 +136,7 @@ module Contrast
|
|
70
136
|
@assess_state = ASSESS_STATE_BASE.dup
|
71
137
|
@application_state = APPLICATION_STATE_BASE.dup
|
72
138
|
@tainted_columns = {}
|
139
|
+
@sensitive_data_masking = SENSITIVE_DATA_MASKING_BASE.dup
|
73
140
|
end
|
74
141
|
|
75
142
|
def build_protect_rules
|
@@ -86,6 +153,37 @@ module Contrast
|
|
86
153
|
Contrast::Agent::Protect::Rule::Xss.new
|
87
154
|
Contrast::Agent::Protect::Rule::Xxe.new
|
88
155
|
end
|
156
|
+
|
157
|
+
# Update the sensitive data masking policy from settings,
|
158
|
+
# received from TS. In case the settings are empty,
|
159
|
+
# keep current ones.
|
160
|
+
#
|
161
|
+
# @param sensitive_data_masking [Contrast::Agent::Reporting::Settings::SensitiveDataMasking]
|
162
|
+
# Ts Response settings for sensitive data masking policy
|
163
|
+
def update_sensitive_data_policy sensitive_data_masking
|
164
|
+
@sensitive_data_masking.mask_http_body = sensitive_data_masking.mask_http_body? unless
|
165
|
+
settings_empty?(sensitive_data_masking.mask_http_body?)
|
166
|
+
@sensitive_data_masking.mask_attack_vector = sensitive_data_masking.mask_attack_vector? unless
|
167
|
+
settings_empty?(sensitive_data_masking.mask_attack_vector?)
|
168
|
+
return if settings_empty?(sensitive_data_masking.rules)
|
169
|
+
|
170
|
+
@sensitive_data_masking.rules = sensitive_data_masking.rules
|
171
|
+
# update with the newly received rules.
|
172
|
+
Contrast::Agent::Reporting::Masker.send(:update_dictionary)
|
173
|
+
end
|
174
|
+
|
175
|
+
private
|
176
|
+
|
177
|
+
# check if settings are empty and return true if so.
|
178
|
+
#
|
179
|
+
# @param settings [String, Boolean, Array, Hash]
|
180
|
+
# @return true | false
|
181
|
+
def settings_empty? settings
|
182
|
+
return false if !!settings == settings
|
183
|
+
return true if settings.nil? || settings.empty?
|
184
|
+
|
185
|
+
false
|
186
|
+
end
|
89
187
|
end
|
90
188
|
end
|
91
189
|
end
|
@@ -12,7 +12,10 @@ module Contrast
|
|
12
12
|
# Common Configuration settings. Those in this section pertain to the
|
13
13
|
# core functionality of the Agent.
|
14
14
|
class AgentConfiguration < BaseConfiguration
|
15
|
-
|
15
|
+
# @return [Boolean, nil]
|
16
|
+
attr_accessor :enable
|
17
|
+
# @return [Boolean, nil]
|
18
|
+
attr_accessor :omit_body
|
16
19
|
attr_writer :ruby, :service, :logger, :heap_dump
|
17
20
|
|
18
21
|
def initialize hsh = {}
|
@@ -23,47 +26,27 @@ module Contrast
|
|
23
26
|
@logger = Contrast::Config::LoggerConfiguration.new(traverse_config(hsh, :logger))
|
24
27
|
@ruby = Contrast::Config::RubyConfiguration.new(traverse_config(hsh, :ruby))
|
25
28
|
@heap_dump = Contrast::Config::HeapDumpConfiguration.new(traverse_config(hsh, :heap_dump))
|
26
|
-
|
27
|
-
|
29
|
+
end
|
30
|
+
|
31
|
+
# @return [Boolean, true]
|
32
|
+
def start_bundled_service
|
33
|
+
@start_bundled_service.nil? ? true : @start_bundled_service
|
28
34
|
end
|
29
35
|
|
30
36
|
def service
|
31
|
-
@service ||= Contrast::Config::ServiceConfiguration.new
|
37
|
+
@service ||= Contrast::Config::ServiceConfiguration.new
|
32
38
|
end
|
33
39
|
|
34
40
|
def logger
|
35
|
-
@logger ||= Contrast::Config::LoggerConfiguration.new
|
41
|
+
@logger ||= Contrast::Config::LoggerConfiguration.new
|
36
42
|
end
|
37
43
|
|
38
44
|
def ruby
|
39
|
-
@ruby ||= Contrast::Config::RubyConfiguration.new
|
45
|
+
@ruby ||= Contrast::Config::RubyConfiguration.new
|
40
46
|
end
|
41
47
|
|
42
48
|
def heap_dump
|
43
|
-
@heap_dump ||= Contrast::Config::HeapDumpConfiguration.new
|
44
|
-
end
|
45
|
-
|
46
|
-
# Traverse the given entity to build out the configuration graph.
|
47
|
-
#
|
48
|
-
# The values will be either a hash, indicating internal nodes to
|
49
|
-
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
50
|
-
# leaf node.
|
51
|
-
#
|
52
|
-
# The spec_key are the Contrast defined keys based on the instance variables of
|
53
|
-
# a given configuration.
|
54
|
-
def traverse_config values, spec_key
|
55
|
-
internal_nodes = values.cs__respond_to?(:has_key?)
|
56
|
-
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
57
|
-
val == EMPTY_VALUE ? nil : val
|
58
|
-
end
|
59
|
-
|
60
|
-
def build_configuration_map
|
61
|
-
instance_variables.each do |key|
|
62
|
-
str_key = key.to_s.tr('@', '')
|
63
|
-
next if str_key == 'configuration_map'
|
64
|
-
|
65
|
-
@configuration_map[str_key] = send(str_key.to_sym)
|
66
|
-
end
|
49
|
+
@heap_dump ||= Contrast::Config::HeapDumpConfiguration.new
|
67
50
|
end
|
68
51
|
end
|
69
52
|
end
|
@@ -10,11 +10,12 @@ module Contrast
|
|
10
10
|
# Api keys configuration
|
11
11
|
class ApiConfiguration < BaseConfiguration
|
12
12
|
# @return [String]
|
13
|
-
|
13
|
+
attr_accessor :api_key
|
14
14
|
# @return [String]
|
15
|
-
|
15
|
+
attr_accessor :user_name
|
16
16
|
# @return [String]
|
17
|
-
|
17
|
+
attr_accessor :service_key
|
18
|
+
attr_writer :url, :proxy, :request_audit, :certificate
|
18
19
|
|
19
20
|
DEFAULT_URL = 'https://app.contrastsecurity.com/Contrast'
|
20
21
|
|
@@ -26,8 +27,6 @@ module Contrast
|
|
26
27
|
@proxy = Contrast::Config::ApiProxyConfiguration.new(traverse_config(hsh, :proxy))
|
27
28
|
@request_audit = Contrast::Config::RequestAuditConfiguration.new(traverse_config(hsh, :request_audit))
|
28
29
|
@certificate = Contrast::Config::CertificationConfiguration.new(traverse_config(hsh, :certificate))
|
29
|
-
@configuration_map = {}
|
30
|
-
build_configuration_map
|
31
30
|
end
|
32
31
|
|
33
32
|
def url
|
@@ -48,68 +47,6 @@ module Contrast
|
|
48
47
|
def certificate
|
49
48
|
@certificate ||= Contrast::Config::CertificationConfiguration.new
|
50
49
|
end
|
51
|
-
|
52
|
-
def api_key= value
|
53
|
-
self['api_key'] = value
|
54
|
-
end
|
55
|
-
|
56
|
-
def url= value
|
57
|
-
self['url'] = value
|
58
|
-
end
|
59
|
-
|
60
|
-
def user_name= value
|
61
|
-
self['user_name'] = value
|
62
|
-
end
|
63
|
-
|
64
|
-
def service_key= value
|
65
|
-
self['service_key'] = value
|
66
|
-
end
|
67
|
-
|
68
|
-
def proxy= value
|
69
|
-
self['proxy'] = value
|
70
|
-
end
|
71
|
-
|
72
|
-
def request_audit= value
|
73
|
-
self['request_audit'] = value
|
74
|
-
end
|
75
|
-
|
76
|
-
def certificate= value
|
77
|
-
self['certificate'] = value
|
78
|
-
end
|
79
|
-
|
80
|
-
# TODO: RUBY-1493 MOVE TO BASE CONFIG
|
81
|
-
|
82
|
-
def []= key, value
|
83
|
-
instance_variable_set("@#{ key }".to_sym, value)
|
84
|
-
@configuration_map[key] = value
|
85
|
-
end
|
86
|
-
|
87
|
-
def [] key
|
88
|
-
send(key.to_sym)
|
89
|
-
end
|
90
|
-
|
91
|
-
# Traverse the given entity to build out the configuration graph.
|
92
|
-
#
|
93
|
-
# The values will be either a hash, indicating internal nodes to
|
94
|
-
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
95
|
-
# leaf node.
|
96
|
-
#
|
97
|
-
# The spec_key are the Contrast defined keys based on the instance variables of
|
98
|
-
# a given configuration.
|
99
|
-
def traverse_config values, spec_key
|
100
|
-
internal_nodes = values.cs__respond_to?(:has_key?)
|
101
|
-
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
102
|
-
val == EMPTY_VALUE ? nil : val
|
103
|
-
end
|
104
|
-
|
105
|
-
def build_configuration_map
|
106
|
-
instance_variables.each do |key|
|
107
|
-
str_key = key.to_s.tr('@', '')
|
108
|
-
next if str_key == 'configuration_map'
|
109
|
-
|
110
|
-
@configuration_map[str_key] = send(str_key.to_sym)
|
111
|
-
end
|
112
|
-
end
|
113
50
|
end
|
114
51
|
end
|
115
52
|
end
|
@@ -6,61 +6,18 @@ module Contrast
|
|
6
6
|
# Api Proxy keys configuration
|
7
7
|
class ApiProxyConfiguration < BaseConfiguration
|
8
8
|
# @return [String] proxy url
|
9
|
-
|
9
|
+
attr_accessor :url
|
10
|
+
attr_writer :enable
|
10
11
|
|
11
12
|
def initialize hsh = {}
|
12
13
|
@enable = traverse_config(hsh, :enable)
|
13
14
|
@url = traverse_config(hsh, :url)
|
14
|
-
@configuration_map = {}
|
15
|
-
build_configuration_map
|
16
15
|
end
|
17
16
|
|
18
17
|
# @return [Boolean, false]
|
19
18
|
def enable
|
20
19
|
@enable.nil? ? false : @enable
|
21
20
|
end
|
22
|
-
|
23
|
-
def enable= value
|
24
|
-
self['enable'] = value
|
25
|
-
end
|
26
|
-
|
27
|
-
def url= value
|
28
|
-
self['url'] = value
|
29
|
-
end
|
30
|
-
|
31
|
-
# TODO: RUBY-1493 MOVE TO BASE CONFIG
|
32
|
-
|
33
|
-
def []= key, value
|
34
|
-
instance_variable_set("@#{ key }".to_sym, value)
|
35
|
-
@configuration_map[key] = value
|
36
|
-
end
|
37
|
-
|
38
|
-
def [] key
|
39
|
-
send(key.to_sym)
|
40
|
-
end
|
41
|
-
|
42
|
-
# Traverse the given entity to build out the configuration graph.
|
43
|
-
#
|
44
|
-
# The values will be either a hash, indicating internal nodes to
|
45
|
-
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
46
|
-
# leaf node.
|
47
|
-
#
|
48
|
-
# The spec_key are the Contrast defined keys based on the instance variables of
|
49
|
-
# a given configuration.
|
50
|
-
def traverse_config values, spec_key
|
51
|
-
internal_nodes = values.cs__respond_to?(:has_key?)
|
52
|
-
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
53
|
-
val == EMPTY_VALUE ? nil : val
|
54
|
-
end
|
55
|
-
|
56
|
-
def build_configuration_map
|
57
|
-
instance_variables.each do |key|
|
58
|
-
str_key = key.to_s.tr('@', '')
|
59
|
-
next if str_key == 'configuration_map'
|
60
|
-
|
61
|
-
@configuration_map[str_key] = send(str_key.to_sym)
|
62
|
-
end
|
63
|
-
end
|
64
21
|
end
|
65
22
|
end
|
66
23
|
end
|
@@ -9,21 +9,22 @@ module Contrast
|
|
9
9
|
# application identification functionality of the Agent.
|
10
10
|
class ApplicationConfiguration < BaseConfiguration
|
11
11
|
# @return [String]
|
12
|
-
|
12
|
+
attr_accessor :name
|
13
13
|
# @return [String]
|
14
|
-
|
14
|
+
attr_accessor :version
|
15
15
|
# @return [String]
|
16
|
-
|
16
|
+
attr_accessor :language
|
17
17
|
# @return [String]
|
18
|
-
|
18
|
+
attr_accessor :path
|
19
19
|
# @return [String]
|
20
|
-
|
20
|
+
attr_accessor :group
|
21
21
|
# @return [String]
|
22
|
-
|
22
|
+
attr_accessor :tags
|
23
23
|
# @return [String]
|
24
|
-
|
24
|
+
attr_accessor :code
|
25
25
|
# @return [String]
|
26
|
-
|
26
|
+
attr_accessor :metadata
|
27
|
+
attr_writer :session_id, :session_metadata
|
27
28
|
|
28
29
|
def initialize hsh = {}
|
29
30
|
@name = traverse_config(hsh, :name)
|
@@ -36,8 +37,6 @@ module Contrast
|
|
36
37
|
@metadata = traverse_config(hsh, :metadata)
|
37
38
|
@session_id = traverse_config(hsh, :session_id)
|
38
39
|
@session_metadata = traverse_config(hsh, :session_metadata)
|
39
|
-
@configuration_map = {}
|
40
|
-
build_configuration_map
|
41
40
|
end
|
42
41
|
|
43
42
|
# @return [String, Contrast::Utils::ObjectShare::EMPTY_STRING]
|
@@ -49,80 +48,6 @@ module Contrast
|
|
49
48
|
def session_metadata
|
50
49
|
@session_metadata ||= Contrast::Utils::ObjectShare::EMPTY_STRING
|
51
50
|
end
|
52
|
-
|
53
|
-
def name= value
|
54
|
-
self['name'] = value
|
55
|
-
end
|
56
|
-
|
57
|
-
def version= value
|
58
|
-
self['version'] = value
|
59
|
-
end
|
60
|
-
|
61
|
-
def language= value
|
62
|
-
self['language'] = value
|
63
|
-
end
|
64
|
-
|
65
|
-
def path= value
|
66
|
-
self['path'] = value
|
67
|
-
end
|
68
|
-
|
69
|
-
def group= value
|
70
|
-
self['group'] = value
|
71
|
-
end
|
72
|
-
|
73
|
-
def tags= value
|
74
|
-
self['tags'] = value
|
75
|
-
end
|
76
|
-
|
77
|
-
def code= value
|
78
|
-
self['code'] = value
|
79
|
-
end
|
80
|
-
|
81
|
-
def metadata= value
|
82
|
-
self['metadata'] = value
|
83
|
-
end
|
84
|
-
|
85
|
-
def session_id= value
|
86
|
-
self['session_id'] = value
|
87
|
-
end
|
88
|
-
|
89
|
-
def session_metadata= value
|
90
|
-
self['session_metadata'] = value
|
91
|
-
end
|
92
|
-
|
93
|
-
# TODO: RUBY-1493 MOVE TO BASE CONFIG
|
94
|
-
|
95
|
-
def []= key, value
|
96
|
-
instance_variable_set("@#{ key }".to_sym, value)
|
97
|
-
@configuration_map[key] = value
|
98
|
-
end
|
99
|
-
|
100
|
-
def [] key
|
101
|
-
send(key.to_sym)
|
102
|
-
end
|
103
|
-
|
104
|
-
# Traverse the given entity to build out the configuration graph.
|
105
|
-
#
|
106
|
-
# The values will be either a hash, indicating internal nodes to
|
107
|
-
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
108
|
-
# leaf node.
|
109
|
-
#
|
110
|
-
# The spec_key are the Contrast defined keys based on the instance variables of
|
111
|
-
# a given configuration.
|
112
|
-
def traverse_config values, spec_key
|
113
|
-
internal_nodes = values.cs__respond_to?(:has_key?)
|
114
|
-
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
115
|
-
val == EMPTY_VALUE ? nil : val
|
116
|
-
end
|
117
|
-
|
118
|
-
def build_configuration_map
|
119
|
-
instance_variables.each do |key|
|
120
|
-
str_key = key.to_s.tr('@', '')
|
121
|
-
next if str_key == 'configuration_map'
|
122
|
-
|
123
|
-
@configuration_map[str_key] = send(str_key.to_sym)
|
124
|
-
end
|
125
|
-
end
|
126
51
|
end
|
127
52
|
end
|
128
53
|
end
|
@@ -7,7 +7,10 @@ module Contrast
|
|
7
7
|
# assess functionality of the Agent.
|
8
8
|
class AssessConfiguration < BaseConfiguration
|
9
9
|
# @return [String, nil]
|
10
|
-
|
10
|
+
attr_accessor :tags
|
11
|
+
# @return [Boolean, nil]
|
12
|
+
attr_accessor :enable
|
13
|
+
attr_writer :enable_scan_response, :enable_dynamic_sources, :sampling, :rules, :stacktraces
|
11
14
|
|
12
15
|
DEFAULT_STACKTRACES = 'ALL'
|
13
16
|
|
@@ -16,16 +19,10 @@ module Contrast
|
|
16
19
|
@tags = traverse_config(hsh, :tags)
|
17
20
|
@enable_scan_response = traverse_config(hsh, :enable_scan_response)
|
18
21
|
@enable_dynamic_sources = traverse_config(hsh, :enable_dynamic_sources)
|
22
|
+
@enable_original_object = traverse_config(hsh, :enable_original_object)
|
19
23
|
@sampling = Contrast::Config::SamplingConfiguration.new(traverse_config(hsh, :sampling))
|
20
24
|
@rules = Contrast::Config::AssessRulesConfiguration.new(traverse_config(hsh, :rules))
|
21
25
|
@stacktraces = traverse_config(hsh, :stacktraces)
|
22
|
-
@configuration_map = {}
|
23
|
-
build_configuration_map
|
24
|
-
end
|
25
|
-
|
26
|
-
# @return [Boolean, true]
|
27
|
-
def enable
|
28
|
-
@enable.nil? ? true : @enable
|
29
26
|
end
|
30
27
|
|
31
28
|
# @return [Boolean, true]
|
@@ -38,6 +35,11 @@ module Contrast
|
|
38
35
|
@enable_dynamic_sources.nil? ? true : @enable_dynamic_sources
|
39
36
|
end
|
40
37
|
|
38
|
+
# @return [Boolean, true]
|
39
|
+
def enable_original_object
|
40
|
+
@enable_original_object.nil? ? true : @enable_original_object
|
41
|
+
end
|
42
|
+
|
41
43
|
# @return [Contrast::Config::SamplingConfiguration]
|
42
44
|
def sampling
|
43
45
|
@sampling ||= Contrast::Config::SamplingConfiguration.new
|
@@ -52,67 +54,6 @@ module Contrast
|
|
52
54
|
def stacktraces
|
53
55
|
@stacktraces ||= DEFAULT_STACKTRACES
|
54
56
|
end
|
55
|
-
|
56
|
-
def enable= value
|
57
|
-
self['enable'] = value
|
58
|
-
end
|
59
|
-
|
60
|
-
def tags= value
|
61
|
-
self['tags'] = value
|
62
|
-
end
|
63
|
-
|
64
|
-
def enable_scan_response= value
|
65
|
-
self['enable_scan_response'] = value
|
66
|
-
end
|
67
|
-
|
68
|
-
def enable_dynamic_sources= value
|
69
|
-
self['enable_dynamic_sources'] = value
|
70
|
-
end
|
71
|
-
|
72
|
-
def sampling= value
|
73
|
-
self['sampling'] = value
|
74
|
-
end
|
75
|
-
|
76
|
-
def rules= value
|
77
|
-
self['rules'] = value
|
78
|
-
end
|
79
|
-
|
80
|
-
def stacktraces= value
|
81
|
-
self['stacktraces'] = value
|
82
|
-
end
|
83
|
-
# TODO: RUBY-1493 MOVE TO BASE CONFIG
|
84
|
-
|
85
|
-
def []= key, value
|
86
|
-
instance_variable_set("@#{ key }".to_sym, value)
|
87
|
-
@configuration_map[key] = value
|
88
|
-
end
|
89
|
-
|
90
|
-
def [] key
|
91
|
-
send(key.to_sym)
|
92
|
-
end
|
93
|
-
|
94
|
-
# Traverse the given entity to build out the configuration graph.
|
95
|
-
#
|
96
|
-
# The values will be either a hash, indicating internal nodes to
|
97
|
-
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
98
|
-
# leaf node.
|
99
|
-
#
|
100
|
-
# The spec_key are the Contrast defined keys based on the instance variables of
|
101
|
-
# a given configuration.
|
102
|
-
def traverse_config values, spec_key
|
103
|
-
internal_nodes = values.cs__respond_to?(:has_key?)
|
104
|
-
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
105
|
-
val == EMPTY_VALUE ? nil : val
|
106
|
-
end
|
107
|
-
|
108
|
-
def build_configuration_map
|
109
|
-
instance_variables.each do |key|
|
110
|
-
str_key = key.to_s.tr('@', '')
|
111
|
-
next if str_key == 'configuration_map'
|
112
|
-
|
113
|
-
@configuration_map[str_key] = send(str_key.to_sym)
|
114
|
-
end
|
115
|
-
end
|
116
57
|
end
|
117
58
|
end
|
118
59
|
end
|
@@ -6,51 +6,22 @@ module Contrast
|
|
6
6
|
# Common Configuration settings. Those in this section pertain to the
|
7
7
|
# disabled assess rule functionality of the Agent.
|
8
8
|
class AssessRulesConfiguration < BaseConfiguration
|
9
|
+
SPEC_KEY = :disabled_rules.cs__freeze
|
9
10
|
# @return [Array, nil] list of disabled assess rules
|
10
|
-
|
11
|
+
attr_accessor :disabled_rules
|
11
12
|
|
12
13
|
def initialize hsh = {}
|
13
|
-
@disabled_rules =
|
14
|
-
@configuration_map = {}
|
15
|
-
build_configuration_map
|
14
|
+
@disabled_rules = cast_disabled_rules hsh
|
16
15
|
end
|
17
16
|
|
18
|
-
|
19
|
-
self['disabled_rules'] = value
|
20
|
-
end
|
21
|
-
|
22
|
-
# TODO: RUBY-1493 MOVE TO BASE CONFIG
|
23
|
-
|
24
|
-
def []= key, value
|
25
|
-
instance_variable_set("@#{ key }".to_sym, value)
|
26
|
-
@configuration_map[key] = value
|
27
|
-
end
|
28
|
-
|
29
|
-
def [] key
|
30
|
-
send(key.to_sym)
|
31
|
-
end
|
32
|
-
|
33
|
-
# Traverse the given entity to build out the configuration graph.
|
34
|
-
#
|
35
|
-
# The values will be either a hash, indicating internal nodes to
|
36
|
-
# traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
|
37
|
-
# leaf node.
|
38
|
-
#
|
39
|
-
# The spec_key are the Contrast defined keys based on the instance variables of
|
40
|
-
# a given configuration.
|
41
|
-
def traverse_config values, spec_key
|
42
|
-
internal_nodes = values.cs__respond_to?(:has_key?)
|
43
|
-
val = internal_nodes ? value_from_key_config(spec_key, values) : nil
|
44
|
-
val == EMPTY_VALUE ? nil : val
|
45
|
-
end
|
17
|
+
private
|
46
18
|
|
47
|
-
def
|
48
|
-
|
49
|
-
|
50
|
-
|
19
|
+
def cast_disabled_rules hsh
|
20
|
+
return unless hsh
|
21
|
+
return unless hsh.key?(SPEC_KEY)
|
22
|
+
return hsh[SPEC_KEY] if hsh[SPEC_KEY].cs__is_a?(Array)
|
51
23
|
|
52
|
-
|
53
|
-
end
|
24
|
+
hsh[SPEC_KEY].split(',').map(&:strip) if hsh[SPEC_KEY].cs__is_a?(String)
|
54
25
|
end
|
55
26
|
end
|
56
27
|
end
|