contrast-agent 5.3.0 → 6.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.simplecov +1 -1
- data/Rakefile +1 -1
- data/ext/build_funchook.rb +3 -3
- data/ext/cs__assess_array/cs__assess_array.c +7 -0
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +24 -6
- data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
- data/ext/cs__assess_hash/cs__assess_hash.c +3 -4
- data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -2
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +26 -12
- data/ext/cs__assess_module/cs__assess_module.c +1 -1
- data/ext/cs__assess_regexp/cs__assess_regexp.c +15 -2
- data/ext/cs__assess_regexp/cs__assess_regexp.h +2 -0
- data/ext/cs__assess_string/cs__assess_string.c +21 -1
- data/ext/cs__assess_test/cs__assess_test.h +9 -0
- data/ext/cs__assess_test/cs__assess_tests.c +22 -0
- data/ext/cs__assess_test/extconf.rb +5 -0
- data/ext/cs__common/cs__common.c +113 -11
- data/ext/cs__common/cs__common.h +29 -5
- data/ext/cs__contrast_patch/cs__contrast_patch.c +55 -44
- data/ext/cs__os_information/cs__os_information.c +13 -10
- data/ext/cs__scope/cs__scope.c +146 -97
- data/ext/cs__tests/cs__tests.c +12 -0
- data/ext/cs__tests/cs__tests.h +3 -0
- data/ext/cs__tests/extconf.rb +5 -0
- data/ext/extconf_common.rb +1 -1
- data/lib/contrast/agent/assess/contrast_object.rb +16 -16
- data/lib/contrast/agent/assess/events/source_event.rb +17 -19
- data/lib/contrast/agent/assess/finalizers/hash.rb +4 -2
- data/lib/contrast/agent/assess/policy/policy.rb +9 -10
- data/lib/contrast/agent/assess/policy/policy_node.rb +58 -36
- data/lib/contrast/agent/assess/policy/policy_node_utils.rb +51 -0
- data/lib/contrast/agent/assess/policy/policy_scanner.rb +2 -16
- data/lib/contrast/agent/assess/policy/preshift.rb +8 -2
- data/lib/contrast/agent/assess/policy/propagation_method.rb +48 -14
- data/lib/contrast/agent/assess/policy/propagation_node.rb +2 -3
- data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/buffer.rb +119 -0
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/keep.rb +19 -4
- data/lib/contrast/agent/assess/policy/propagator/remove.rb +18 -2
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +17 -3
- data/lib/contrast/agent/assess/policy/propagator/split.rb +17 -21
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/substitution_utils.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +2 -2
- data/lib/contrast/agent/assess/policy/propagator.rb +1 -0
- data/lib/contrast/agent/assess/policy/source_method.rb +7 -7
- data/lib/contrast/agent/assess/policy/source_node.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_method.rb +11 -17
- data/lib/contrast/agent/assess/policy/trigger_node.rb +16 -16
- data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +1 -1
- data/lib/contrast/agent/assess/property/evented.rb +2 -2
- data/lib/contrast/agent/assess/property/tagged.rb +3 -3
- data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +6 -8
- data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +6 -7
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +12 -7
- data/lib/contrast/agent/assess/rule/response/auto_complete_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/base_rule.rb +13 -6
- data/lib/contrast/agent/assess/rule/response/body_rule.rb +3 -3
- data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +66 -43
- data/lib/contrast/agent/assess/rule/response/click_jacking_header_rule.rb +4 -4
- data/lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb +6 -6
- data/lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb +4 -4
- data/lib/contrast/agent/assess/rule/response/hsts_header_rule.rb +4 -4
- data/lib/contrast/agent/assess/rule/response/parameters_pollution_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/x_content_type_header_rule.rb +4 -4
- data/lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb +3 -4
- data/lib/contrast/agent/assess/tag.rb +13 -14
- data/lib/contrast/agent/at_exit_hook.rb +12 -1
- data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +0 -7
- data/lib/contrast/agent/deadzone/policy/policy.rb +0 -6
- data/lib/contrast/agent/exclusion_matcher.rb +3 -3
- data/lib/contrast/agent/inventory/database_config.rb +10 -3
- data/lib/contrast/agent/middleware.rb +10 -5
- data/lib/contrast/agent/patching/policy/after_load_patch.rb +3 -5
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +2 -2
- data/lib/contrast/agent/patching/policy/method_policy_extend.rb +4 -4
- data/lib/contrast/agent/patching/policy/patch.rb +20 -19
- data/lib/contrast/agent/patching/policy/patch_status.rb +10 -3
- data/lib/contrast/agent/patching/policy/patcher.rb +4 -4
- data/lib/contrast/agent/patching/policy/policy.rb +13 -15
- data/lib/contrast/agent/patching/policy/policy_node.rb +32 -21
- data/lib/contrast/agent/patching/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/protect/exploitable_collection.rb +38 -0
- data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +132 -75
- data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +4 -3
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +3 -3
- data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +4 -4
- data/lib/contrast/agent/protect/rule/base.rb +53 -9
- data/lib/contrast/agent/protect/rule/base_service.rb +31 -12
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +23 -3
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +83 -0
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_worth_watching.rb +64 -0
- data/lib/contrast/agent/protect/rule/default_scanner.rb +2 -1
- data/lib/contrast/agent/protect/rule/deserialization.rb +18 -7
- data/lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb +96 -0
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +72 -46
- data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +231 -0
- data/lib/contrast/agent/protect/rule/no_sqli.rb +28 -2
- data/lib/contrast/agent/protect/rule/path_traversal.rb +13 -3
- data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +18 -54
- data/lib/contrast/agent/protect/rule/sqli/sqli_worth_watching.rb +2 -5
- data/lib/contrast/agent/protect/rule/sqli.rb +16 -23
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +82 -0
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_matcher.rb +45 -0
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +42 -0
- data/lib/contrast/agent/protect/rule/xss.rb +17 -0
- data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +14 -13
- data/lib/contrast/agent/protect/rule/xxe.rb +25 -3
- data/lib/contrast/agent/reaction_processor.rb +1 -1
- data/lib/contrast/agent/reporting/attack_result/attack_result.rb +63 -0
- data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +52 -0
- data/lib/contrast/agent/reporting/attack_result/response_type.rb +29 -0
- data/lib/contrast/agent/reporting/attack_result/user_input.rb +87 -0
- data/lib/contrast/agent/reporting/masker/masker.rb +243 -0
- data/lib/contrast/agent/reporting/masker/masker_utils.rb +62 -0
- data/lib/contrast/agent/reporting/report.rb +2 -0
- data/lib/contrast/agent/reporting/reporter.rb +29 -22
- data/lib/contrast/agent/reporting/reporter_heartbeat.rb +49 -0
- data/lib/contrast/agent/reporting/reporting_events/agent_startup.rb +34 -0
- data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +51 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +96 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +70 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +182 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +56 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_stack.rb +22 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +70 -0
- data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +13 -5
- data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +60 -0
- data/lib/contrast/agent/reporting/reporting_events/application_reporting_event.rb +27 -0
- data/lib/contrast/agent/reporting/reporting_events/application_startup.rb +44 -0
- data/lib/contrast/agent/reporting/reporting_events/application_startup_instrumentation.rb +27 -0
- data/lib/contrast/agent/reporting/reporting_events/application_update.rb +7 -12
- data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +10 -4
- data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +2 -4
- data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +3 -3
- data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +5 -5
- data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +6 -2
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +16 -12
- data/lib/contrast/agent/reporting/reporting_events/poll.rb +6 -2
- data/lib/contrast/agent/reporting/reporting_events/preflight.rb +10 -8
- data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +8 -11
- data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +2 -1
- data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +8 -6
- data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +12 -20
- data/lib/contrast/agent/reporting/reporting_events/server_reporting_event.rb +27 -0
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +17 -27
- data/lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb +38 -0
- data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +8 -0
- data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +6 -0
- data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +1 -2
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +29 -13
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +64 -76
- data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response.rb +17 -7
- data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +100 -0
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +75 -13
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_mode.rb +63 -0
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +163 -122
- data/lib/contrast/agent/reporting/settings/application_settings.rb +10 -1
- data/lib/contrast/agent/reporting/settings/assess.rb +5 -5
- data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +7 -35
- data/lib/contrast/agent/reporting/settings/exclusions.rb +3 -3
- data/lib/contrast/agent/reporting/settings/protect.rb +21 -6
- data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +6 -6
- data/lib/contrast/agent/reporting/settings/reaction.rb +3 -3
- data/lib/contrast/agent/reporting/settings/sampling.rb +36 -0
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +110 -0
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +58 -0
- data/lib/contrast/agent/reporting/settings/server_features.rb +2 -2
- data/lib/contrast/agent/request.rb +5 -5
- data/lib/contrast/agent/request_context.rb +25 -21
- data/lib/contrast/agent/request_context_extend.rb +12 -25
- data/lib/contrast/agent/request_handler.rb +7 -3
- data/lib/contrast/agent/response.rb +2 -0
- data/lib/contrast/agent/rule_set.rb +2 -2
- data/lib/contrast/agent/scope.rb +1 -1
- data/lib/contrast/agent/service_heartbeat.rb +6 -48
- data/lib/contrast/agent/static_analysis.rb +1 -1
- data/lib/contrast/agent/telemetry/base.rb +155 -0
- data/lib/contrast/agent/telemetry/events/event.rb +35 -0
- data/lib/contrast/agent/telemetry/events/exceptions/obfuscate.rb +119 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +59 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +44 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +115 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +83 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +64 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb +20 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb +30 -0
- data/lib/contrast/agent/telemetry/events/metric_event.rb +28 -0
- data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb +123 -0
- data/lib/contrast/agent/thread_watcher.rb +52 -68
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent/worker_thread.rb +8 -0
- data/lib/contrast/agent.rb +4 -3
- data/lib/contrast/api/communication/messaging_queue.rb +29 -12
- data/lib/contrast/api/communication/response_processor.rb +7 -10
- data/lib/contrast/api/communication/service_lifecycle.rb +1 -1
- data/lib/contrast/api/communication/socket.rb +1 -1
- data/lib/contrast/api/communication/socket_client.rb +1 -1
- data/lib/contrast/api/communication/speedracer.rb +3 -3
- data/lib/contrast/api/decorators/activity.rb +33 -0
- data/lib/contrast/api/decorators/address.rb +1 -1
- data/lib/contrast/api/decorators/agent_startup.rb +10 -9
- data/lib/contrast/api/decorators/application_settings.rb +1 -1
- data/lib/contrast/api/decorators/application_startup.rb +4 -4
- data/lib/contrast/api/decorators/http_request.rb +1 -1
- data/lib/contrast/api/decorators/response_type.rb +17 -0
- data/lib/contrast/api/decorators.rb +1 -0
- data/lib/contrast/components/agent.rb +1 -1
- data/lib/contrast/components/app_context.rb +0 -4
- data/lib/contrast/components/assess.rb +14 -0
- data/lib/contrast/components/base.rb +1 -1
- data/lib/contrast/components/config.rb +19 -28
- data/lib/contrast/components/contrast_service.rb +13 -1
- data/lib/contrast/components/protect.rb +2 -2
- data/lib/contrast/components/sampling.rb +8 -12
- data/lib/contrast/components/settings.rb +151 -19
- data/lib/contrast/config/agent_configuration.rb +34 -41
- data/lib/contrast/config/api_configuration.rb +16 -75
- data/lib/contrast/config/api_proxy_configuration.rb +9 -48
- data/lib/contrast/config/application_configuration.rb +24 -95
- data/lib/contrast/config/assess_configuration.rb +21 -76
- data/lib/contrast/config/assess_rules_configuration.rb +13 -38
- data/lib/contrast/config/base_configuration.rb +11 -76
- data/lib/contrast/config/certification_configuration.rb +15 -68
- data/lib/contrast/config/exception_configuration.rb +15 -59
- data/lib/contrast/config/heap_dump_configuration.rb +19 -73
- data/lib/contrast/config/inventory_configuration.rb +11 -55
- data/lib/contrast/config/logger_configuration.rb +8 -41
- data/lib/contrast/config/protect_configuration.rb +23 -10
- data/lib/contrast/config/protect_rule_configuration.rb +23 -37
- data/lib/contrast/config/protect_rules_configuration.rb +39 -43
- data/lib/contrast/config/request_audit_configuration.rb +16 -55
- data/lib/contrast/config/root_configuration.rb +71 -14
- data/lib/contrast/config/ruby_configuration.rb +14 -47
- data/lib/contrast/config/sampling_configuration.rb +12 -65
- data/lib/contrast/config/server_configuration.rb +13 -45
- data/lib/contrast/config/service_configuration.rb +18 -54
- data/lib/contrast/configuration.rb +25 -17
- data/lib/contrast/extension/assess/array.rb +1 -1
- data/lib/contrast/extension/assess/erb.rb +1 -1
- data/lib/contrast/extension/assess/marshal.rb +1 -1
- data/lib/contrast/extension/assess/string.rb +20 -1
- data/lib/contrast/extension/extension.rb +2 -2
- data/lib/contrast/extension/module.rb +0 -1
- data/lib/contrast/framework/base_support.rb +8 -8
- data/lib/contrast/framework/grape/support.rb +3 -3
- data/lib/contrast/framework/manager.rb +7 -7
- data/lib/contrast/framework/manager_extend.rb +1 -1
- data/lib/contrast/framework/rack/patch/session_cookie.rb +1 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +14 -3
- data/lib/contrast/framework/rails/patch/assess_configuration.rb +3 -3
- data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +1 -1
- data/lib/contrast/framework/rails/patch/support.rb +14 -46
- data/lib/contrast/framework/rails/support.rb +2 -2
- data/lib/contrast/framework/sinatra/support.rb +1 -1
- data/lib/contrast/logger/aliased_logging.rb +94 -0
- data/lib/contrast/logger/application.rb +1 -5
- data/lib/contrast/logger/cef_log.rb +15 -15
- data/lib/contrast/logger/format.rb +1 -1
- data/lib/contrast/logger/log.rb +8 -8
- data/lib/contrast/tasks/config.rb +100 -4
- data/lib/contrast/tasks/service.rb +2 -2
- data/lib/contrast/utils/assess/object_store.rb +36 -0
- data/lib/contrast/utils/assess/propagation_method_utils.rb +6 -0
- data/lib/contrast/utils/assess/tracking_util.rb +4 -4
- data/lib/contrast/utils/class_util.rb +9 -22
- data/lib/contrast/utils/findings.rb +3 -3
- data/lib/contrast/utils/hash_digest.rb +6 -7
- data/lib/contrast/utils/head_dump_utils_extend.rb +1 -1
- data/lib/contrast/utils/input_classification.rb +73 -0
- data/lib/contrast/utils/invalid_configuration_util.rb +2 -2
- data/lib/contrast/utils/log_utils.rb +7 -5
- data/lib/contrast/utils/lru_cache.rb +1 -1
- data/lib/contrast/utils/metrics_hash.rb +1 -1
- data/lib/contrast/utils/middleware_utils.rb +15 -14
- data/lib/contrast/utils/net_http_base.rb +5 -5
- data/lib/contrast/utils/object_share.rb +2 -1
- data/lib/contrast/utils/os.rb +1 -6
- data/lib/contrast/utils/patching/policy/patch_utils.rb +6 -7
- data/lib/contrast/utils/request_utils.rb +2 -2
- data/lib/contrast/utils/response_utils.rb +18 -33
- data/lib/contrast/utils/sha256_builder.rb +4 -4
- data/lib/contrast/utils/stack_trace_utils.rb +31 -13
- data/lib/contrast/utils/telemetry.rb +22 -7
- data/lib/contrast/utils/telemetry_client.rb +28 -16
- data/lib/contrast/utils/telemetry_hash.rb +41 -0
- data/lib/contrast/utils/telemetry_identifier.rb +18 -3
- data/lib/contrast/utils/timer.rb +1 -1
- data/lib/contrast.rb +9 -0
- data/resources/assess/policy.json +99 -1
- data/resources/deadzone/policy.json +0 -86
- data/ruby-agent.gemspec +10 -9
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +99 -29
- data/lib/contrast/agent/metric_telemetry_event.rb +0 -26
- data/lib/contrast/agent/startup_metrics_telemetry_event.rb +0 -121
- data/lib/contrast/agent/telemetry.rb +0 -137
- data/lib/contrast/agent/telemetry_event.rb +0 -33
- data/lib/contrast/utils/exclude_key.rb +0 -20
@@ -0,0 +1,243 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/components/logger'
|
5
|
+
require 'contrast/agent/reporting/reporter'
|
6
|
+
require 'contrast/utils/object_share'
|
7
|
+
require 'contrast/agent/reporting/attack_result/response_type'
|
8
|
+
require 'contrast/agent/reporting/masker/masker_utils'
|
9
|
+
|
10
|
+
module Contrast
|
11
|
+
module Agent
|
12
|
+
module Reporting
|
13
|
+
# This module duty is to mask any activity containing sensitive information - PII masking.
|
14
|
+
module Masker
|
15
|
+
MASK = 'contrast-redacted-'
|
16
|
+
BODY_MASK = 'contrast-redacted-body'
|
17
|
+
BODY_BINARY_MASK = BODY_MASK.bytes.to_s.cs__freeze
|
18
|
+
|
19
|
+
class << self
|
20
|
+
include Contrast::Components::Logger::InstanceMethods
|
21
|
+
include Contrast::Utils::ObjectShare
|
22
|
+
include Contrast::Agent::Reporting::MaskerUtils
|
23
|
+
|
24
|
+
# Keyword dictionary, extracted from the TS response.
|
25
|
+
#
|
26
|
+
# @return Array<Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule>
|
27
|
+
def dictionary
|
28
|
+
@_dictionary ||= update_dictionary
|
29
|
+
end
|
30
|
+
|
31
|
+
# Mask sensitive data according to the contrast sensitive data rules.
|
32
|
+
#
|
33
|
+
# @param [Contrast::Api::Dtm::Activity]
|
34
|
+
def mask activity
|
35
|
+
return unless Contrast::Agent::Reporter.enabled?
|
36
|
+
return unless activity
|
37
|
+
|
38
|
+
logger.debug('Searching for sensitive data',
|
39
|
+
activity: activity.__id__,
|
40
|
+
request: activity.http_request&.uuid)
|
41
|
+
mask_body(activity)
|
42
|
+
mask_query_string(activity)
|
43
|
+
mask_request_params(activity)
|
44
|
+
mask_request_cookies(activity)
|
45
|
+
mask_request_headers(activity)
|
46
|
+
rescue StandardError => _e
|
47
|
+
logger.debug('Could not mask activity!', activity: activity.__id__, request: activity.http_request&.uuid)
|
48
|
+
end
|
49
|
+
|
50
|
+
private
|
51
|
+
|
52
|
+
# When called this will overwrite existing rules with those
|
53
|
+
# in settings. Ideally we need to call this on init and when
|
54
|
+
# the Agent receives new rules from TS response.This is called
|
55
|
+
# from Contrast::Components::Settings.
|
56
|
+
#
|
57
|
+
# To make it save this is private method because if new
|
58
|
+
# settings arrive and they might be empty as edge case,
|
59
|
+
# this will produce dictionary with empty rules and this
|
60
|
+
# is not desirable.
|
61
|
+
def update_dictionary
|
62
|
+
@_dictionary = Contrast::SETTINGS.sensitive_data_masking.rules
|
63
|
+
end
|
64
|
+
|
65
|
+
# Mask request body:
|
66
|
+
#
|
67
|
+
# @param activity [Contrast::Api::Dtm::Activity]
|
68
|
+
# @return masked_body [String, nil]
|
69
|
+
def mask_body activity
|
70
|
+
return unless mask_body?
|
71
|
+
|
72
|
+
body = activity.http_request.request_body
|
73
|
+
return if body.nil? || body.empty?
|
74
|
+
|
75
|
+
activity.http_request.request_body = BODY_MASK
|
76
|
+
activity.http_request.request_body_binary = BODY_BINARY_MASK
|
77
|
+
end
|
78
|
+
|
79
|
+
# Mask request params.
|
80
|
+
#
|
81
|
+
# @param activity [Contrast::Api::Dtm::Activity]
|
82
|
+
# @return masked_body [String, nil]
|
83
|
+
def mask_request_params activity
|
84
|
+
params = activity.http_request.normalized_request_params
|
85
|
+
return unless params
|
86
|
+
|
87
|
+
mask_with_dictionary(activity.results, params)
|
88
|
+
end
|
89
|
+
|
90
|
+
def mask_request_headers activity
|
91
|
+
if activity.http_request.parsed_request_headers
|
92
|
+
# Used normalized request_headers
|
93
|
+
mask_with_dictionary(activity.results, activity.http_request.normalized_request_headers)
|
94
|
+
else
|
95
|
+
headers = activity.http_request.request_headers
|
96
|
+
mask_field_hash(headers, activity.results)
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
# Mask Cookies.
|
101
|
+
#
|
102
|
+
# @param activity [Contrast::Api::Dtm::Activity] Activity to mask
|
103
|
+
# @return masked_values [Hash, nil]
|
104
|
+
def mask_request_cookies activity
|
105
|
+
cookies = activity.http_request.normalized_cookies
|
106
|
+
return unless cookies
|
107
|
+
|
108
|
+
mask_with_dictionary(activity.results, cookies)
|
109
|
+
end
|
110
|
+
|
111
|
+
# Mask request query string:
|
112
|
+
# exp: password => sensitive to password => contrast-redacted-password
|
113
|
+
#
|
114
|
+
# @param activity [Contrast::Api::Dtm::Activity]
|
115
|
+
# @return masked_query [String]
|
116
|
+
def mask_query_string activity
|
117
|
+
qs = activity.http_request.query_string
|
118
|
+
return if qs.nil? || qs.empty?
|
119
|
+
|
120
|
+
mask_field_hash(qs, activity.results) unless qs.cs__is_a?(String)
|
121
|
+
mask_raw_query(qs, activity.results)
|
122
|
+
end
|
123
|
+
|
124
|
+
# Mask if the value in the passed hash are matched against dictionary
|
125
|
+
# keyword. If the mask_attack_vector flag is set, this will also mask
|
126
|
+
# any attack.
|
127
|
+
#
|
128
|
+
# @param results [Array<Contrast::Api::Dtm::AttackResults>]
|
129
|
+
# results to match against.
|
130
|
+
# @param hash [Hash] Normalized hash representing the key/val pair from
|
131
|
+
# the activity's http request parameters.
|
132
|
+
# @return nil | Protobuf::Field::FieldHash
|
133
|
+
def mask_with_dictionary results, hash
|
134
|
+
return if hash.nil? || hash.empty?
|
135
|
+
|
136
|
+
hash.each do |key, val|
|
137
|
+
match = dictionary_matcher(key)
|
138
|
+
next unless match
|
139
|
+
|
140
|
+
# The normalized values are paired.
|
141
|
+
# key => Contrast::Api::Dtm::Pair (key, val<Values>).
|
142
|
+
# try one level down
|
143
|
+
if val.cs__respond_to?(:values)
|
144
|
+
mask_values(key, val, results)
|
145
|
+
else
|
146
|
+
# Just assign keys.
|
147
|
+
mask_hash(key, val, hash, results)
|
148
|
+
end
|
149
|
+
end
|
150
|
+
hash
|
151
|
+
end
|
152
|
+
|
153
|
+
# Mask the values of DTM pair with attack vector condition check.
|
154
|
+
# if the attack vector flag is set then mask the attack value.
|
155
|
+
#
|
156
|
+
# @param key [String] current iterable key from Protobuf::Field::FieldHash
|
157
|
+
# pointing to Contrast::Api::Dtm::Pair<key, val>(holding the value to mask)
|
158
|
+
# @param results [Array<Contrast::Api::Dtm::AttackResults>]
|
159
|
+
# results to match against.
|
160
|
+
# @param val [Contrast::Api::Dtm::Pair<Value>]
|
161
|
+
def mask_values key, val, results
|
162
|
+
val.values.each.with_index do |v, idx|
|
163
|
+
# Mask the attack vector only if the flag is set.
|
164
|
+
val.values[idx] = MASK + key.downcase if attack_vector?(results, v) && mask_attack_vector?
|
165
|
+
# It is not attack vector and we mask it as normal.
|
166
|
+
val.values[idx] = MASK + key.downcase unless attack_vector?(results, v)
|
167
|
+
end
|
168
|
+
val
|
169
|
+
end
|
170
|
+
|
171
|
+
# Handles the masking of Field hash with string values.
|
172
|
+
# this case is used when called from #mask_field_hash
|
173
|
+
# and #mask_raw_query helper methods. Since they dont
|
174
|
+
# return values containing sub-values (key, val<Values>).
|
175
|
+
#
|
176
|
+
# @param key [String] current iterable key from Protobuf::Field::FieldHash
|
177
|
+
# @param val [String] normalized value to be matched against the results
|
178
|
+
# and masked.
|
179
|
+
# @param hash [Hash] Normalized hash representing the key/val pair.
|
180
|
+
# @param results [Array<Contrast::Api::Dtm::AttackResults>]
|
181
|
+
# results to match against.
|
182
|
+
def mask_hash key, val, hash, results
|
183
|
+
hash[key] = MASK + key.downcase if attack_vector?(results, val) && mask_attack_vector?
|
184
|
+
hash[key] = MASK + key.downcase unless attack_vector?(results, val)
|
185
|
+
end
|
186
|
+
|
187
|
+
# Match to see if values matches input from AttackResults array.
|
188
|
+
# If match is found and the attack result's response is any of
|
189
|
+
# [BAP(Block At Perimeter), BLOCKED, PROBED] the return is true.
|
190
|
+
#
|
191
|
+
# @param results [Array<Contrast::Api::Dtm::AttackResults>]
|
192
|
+
# results to match against.
|
193
|
+
# @param value [String] Input to match.
|
194
|
+
# @return true | false
|
195
|
+
def attack_vector? results, value
|
196
|
+
return false unless value && results
|
197
|
+
|
198
|
+
results.each do |result|
|
199
|
+
# Check samples Contrast::Api::Dtm::RaspRuleSample
|
200
|
+
# is the value in sample and the response is valid?
|
201
|
+
result.samples.any? do |sample|
|
202
|
+
# Check user input Contrast::Api::Dtm::UserInput.
|
203
|
+
match = sample.user_input.value == value.to_s &&
|
204
|
+
result.response&.name != Contrast::Agent::Reporting::ResponseType::NO_ACTION
|
205
|
+
|
206
|
+
return match if match
|
207
|
+
end
|
208
|
+
end
|
209
|
+
false
|
210
|
+
end
|
211
|
+
|
212
|
+
# Consult with our current settings state.
|
213
|
+
#
|
214
|
+
# @return true | false
|
215
|
+
def mask_attack_vector?
|
216
|
+
Contrast::SETTINGS.sensitive_data_masking.mask_attack_vector?
|
217
|
+
end
|
218
|
+
|
219
|
+
# Consult with our current settings state.
|
220
|
+
#
|
221
|
+
# @return true | false
|
222
|
+
def mask_body?
|
223
|
+
Contrast::SETTINGS.sensitive_data_masking.mask_http_body?
|
224
|
+
end
|
225
|
+
|
226
|
+
# Check to see if value is matched in the dictionary.
|
227
|
+
#
|
228
|
+
# @param value [String] Value to check.
|
229
|
+
# @return match [String, nil] from the Dictionary, or nil.
|
230
|
+
def dictionary_matcher value
|
231
|
+
return unless @_dictionary
|
232
|
+
|
233
|
+
@_dictionary.each do |rule|
|
234
|
+
idx = rule.keywords.find_index(value.downcase)
|
235
|
+
return rule.keywords[idx] if idx
|
236
|
+
end
|
237
|
+
nil
|
238
|
+
end
|
239
|
+
end
|
240
|
+
end
|
241
|
+
end
|
242
|
+
end
|
243
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/utils/object_share'
|
5
|
+
|
6
|
+
module Contrast
|
7
|
+
module Agent
|
8
|
+
module Reporting
|
9
|
+
# helper methods used for masking
|
10
|
+
module MaskerUtils
|
11
|
+
include Contrast::Utils::ObjectShare
|
12
|
+
# Helper to deal with Protobuf FieldHash.
|
13
|
+
#
|
14
|
+
# @param field_hash [Protobuf::Field::FieldHash] hash to be masked
|
15
|
+
# @param results [Array<Contrast::Api::Dtm::AttackResults>]
|
16
|
+
# results to match against.
|
17
|
+
# @return [Hash]
|
18
|
+
def mask_field_hash field_hash, results
|
19
|
+
return {} unless field_hash&.any?
|
20
|
+
|
21
|
+
hash = {}
|
22
|
+
# Because this is the start of a built string, we have to be sure that it is not frozen.
|
23
|
+
masked = +''
|
24
|
+
field_hash.each do |entry|
|
25
|
+
# Protobuf::Field::FieldHash produces array, with the key as first param and value as second.
|
26
|
+
new_value = entry[1].delete(SEMICOLON).split(SPACE)
|
27
|
+
new_value.each do |value|
|
28
|
+
arr = value.split(EQUALS)
|
29
|
+
# Add to new hash.
|
30
|
+
hash[arr[0]] = arr[1]
|
31
|
+
end
|
32
|
+
# Mask the newly created hash.
|
33
|
+
mask_with_dictionary(results, hash)
|
34
|
+
|
35
|
+
# Restore to original form.
|
36
|
+
hash.each { |k, v| masked += "#{ k }=#{ v }; " }
|
37
|
+
masked.rstrip!
|
38
|
+
field_hash[entry[0]] = masked
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
# Mask raw query as it comes from the env.
|
43
|
+
# exp:
|
44
|
+
# 'ssn=1234567&id=%272%20or%202%20=%202%27' =>
|
45
|
+
# 'ssn=contrast-redacted-ssn&id=contrast-redacted-id'
|
46
|
+
#
|
47
|
+
# @param query [String]
|
48
|
+
# @param results [Array<Contrast::Api::Dtm::AttackResults>]
|
49
|
+
# results to match against.
|
50
|
+
def mask_raw_query query, results
|
51
|
+
masked = EMPTY_STRING
|
52
|
+
hash = URI.decode_www_form(query).to_h
|
53
|
+
mask_with_dictionary(results, hash)
|
54
|
+
# Restore to string form.
|
55
|
+
hash.each { |k, v| masked += "#{ k }=#{ v }&" }
|
56
|
+
query = masked
|
57
|
+
query.chomp!(masked[-1])
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
@@ -26,3 +26,5 @@ require 'contrast/agent/reporting/reporting_events/observed_route'
|
|
26
26
|
require 'contrast/agent/reporting/reporting_events/route_coverage'
|
27
27
|
require 'contrast/agent/reporting/reporting_events/observed_library_usage'
|
28
28
|
require 'contrast/agent/reporting/reporting_events/poll'
|
29
|
+
# Sensitive data masking
|
30
|
+
require 'contrast/agent/reporting/masker/masker'
|
@@ -4,6 +4,7 @@
|
|
4
4
|
require 'contrast/agent/worker_thread'
|
5
5
|
require 'contrast/agent/reporting/report'
|
6
6
|
require 'contrast/components/logger'
|
7
|
+
require 'contrast/agent/reporting/reporting_events/agent_startup'
|
7
8
|
|
8
9
|
module Contrast
|
9
10
|
module Agent
|
@@ -11,8 +12,6 @@ module Contrast
|
|
11
12
|
class Reporter < WorkerThread
|
12
13
|
include Contrast::Components::Logger::InstanceMethods
|
13
14
|
include Contrast::Utils::ObjectShare
|
14
|
-
# 15 min
|
15
|
-
TIMEOUT = 900.cs__freeze
|
16
15
|
|
17
16
|
class << self
|
18
17
|
# check if we can report to TS
|
@@ -32,10 +31,6 @@ module Contrast
|
|
32
31
|
@_connection ||= client.initialize_connection
|
33
32
|
end
|
34
33
|
|
35
|
-
def audit
|
36
|
-
@_audit ||= Contrast::Agent::Reporting::Audit.new
|
37
|
-
end
|
38
|
-
|
39
34
|
def attempt_to_start?
|
40
35
|
unless cs__class.enabled?
|
41
36
|
logger.warn('Reporter service is disabled!')
|
@@ -58,19 +53,25 @@ module Contrast
|
|
58
53
|
# to figure out why that is and lock it so that it isn't.
|
59
54
|
next unless client && connection
|
60
55
|
|
61
|
-
|
62
|
-
begin
|
63
|
-
response = client.send_event(event, connection)
|
64
|
-
audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable?
|
65
|
-
rescue StandardError => e
|
66
|
-
logger.error('Could not send message to service from Reporter queue.', e)
|
67
|
-
end
|
68
|
-
sleep(TIMEOUT) if client.sleep?
|
69
|
-
client.wake_up
|
56
|
+
process_event(queue.pop)
|
70
57
|
end
|
71
58
|
end
|
72
59
|
end
|
73
60
|
|
61
|
+
# Suspend the Reporter and try sending the event after the timeout.
|
62
|
+
# The timeout is either default 15 min or received via TS response.
|
63
|
+
#
|
64
|
+
# @param event [Contrast::Agent::Reporting::ReportingEvent] Freshly pop-ed event.
|
65
|
+
def handle_resend event
|
66
|
+
sleep(client.timeout) if client.sleep?
|
67
|
+
# Retry once than discard the event. This is trigger on too many events of
|
68
|
+
# same kind error.
|
69
|
+
client.send_event(event, connection) if client.mode.status == client.mode.resending
|
70
|
+
client.mode.reset_mode
|
71
|
+
client.wake_up
|
72
|
+
end
|
73
|
+
|
74
|
+
# @param event [Contrast::Agent::Reporting::ReportingEvent]
|
74
75
|
def send_event event
|
75
76
|
if ::Contrast::AGENT.disabled?
|
76
77
|
logger.warn('Attempted to queue event with Agent disabled', caller: caller, event: event)
|
@@ -80,23 +81,21 @@ module Contrast
|
|
80
81
|
return unless cs__class.enabled?
|
81
82
|
|
82
83
|
logger.debug('Enqueued event for sending', event_type: event.cs__class)
|
83
|
-
audit&.audit_event(event) if ::Contrast::API.request_audit_enable?
|
84
84
|
queue << event
|
85
85
|
end
|
86
86
|
|
87
87
|
# Use this to bypass the messaging queue and leave response processing to the caller
|
88
|
+
#
|
89
|
+
# @param event [Contrast::Agent::Reporting::ReportingEvent]
|
90
|
+
# @return [Net::HTTPResponse, nil]
|
88
91
|
def send_event_immediately event
|
89
92
|
if ::Contrast::AGENT.disabled?
|
90
93
|
logger.warn('Reporter attempted to send event immediately with Agent disabled', caller: caller, event: event)
|
91
94
|
return
|
92
95
|
end
|
93
|
-
|
94
|
-
return unless response
|
95
|
-
|
96
|
-
client.handle_response(event, response, connection)
|
97
|
-
audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable?
|
96
|
+
client.send_event(event, connection, send_immediately: true)
|
98
97
|
rescue StandardError => e
|
99
|
-
logger.error('Could not send message to
|
98
|
+
logger.error('Could not send message to TeamServer from Reporter queue.', e)
|
100
99
|
end
|
101
100
|
|
102
101
|
def delete_queue!
|
@@ -117,6 +116,14 @@ module Contrast
|
|
117
116
|
def queue
|
118
117
|
@_queue ||= Queue.new
|
119
118
|
end
|
119
|
+
|
120
|
+
# @param event [Contrast::Agent::Reporting::ReportingEvent]
|
121
|
+
def process_event event
|
122
|
+
client.send_event(event, connection)
|
123
|
+
handle_resend(event) if client.mode.status == client.mode.resending
|
124
|
+
rescue StandardError => e
|
125
|
+
logger.error('Could not send message to TeamServer from Reporter queue.', e)
|
126
|
+
end
|
120
127
|
end
|
121
128
|
end
|
122
129
|
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/agent/worker_thread'
|
5
|
+
require 'contrast/agent/reporting/report'
|
6
|
+
require 'contrast/components/logger'
|
7
|
+
require 'contrast/agent/reporting/reporting_events/agent_startup'
|
8
|
+
|
9
|
+
module Contrast
|
10
|
+
module Agent
|
11
|
+
# The ReporterHeartbeat will make sure that the process remains marked alive by TeamServer and that we periodically
|
12
|
+
# reach out to get the latest settings for this application.
|
13
|
+
class ReporterHeartbeat < WorkerThread
|
14
|
+
include Contrast::Components::Logger::InstanceMethods
|
15
|
+
|
16
|
+
# TeamServer will mark an application offline after 5 minutes. Sending this every one should be more than enough
|
17
|
+
# to satisfy our goals.
|
18
|
+
REFRESH_INTERVAL_SEC = 60
|
19
|
+
|
20
|
+
# check if we can report to TS
|
21
|
+
#
|
22
|
+
# @return[Boolean] true if bypass is enabled, or false if bypass disabled
|
23
|
+
def enabled?
|
24
|
+
@_enabled = Contrast::CONTRAST_SERVICE.use_agent_communication? if @_enabled.nil?
|
25
|
+
@_enabled
|
26
|
+
end
|
27
|
+
|
28
|
+
def connection
|
29
|
+
@_connection ||= client.initialize_connection
|
30
|
+
end
|
31
|
+
|
32
|
+
def start_thread!
|
33
|
+
return if running?
|
34
|
+
|
35
|
+
@_thread = Contrast::Agent::Thread.new do
|
36
|
+
logger.info('Starting heartbeat thread.')
|
37
|
+
loop do
|
38
|
+
Contrast::Agent.reporter&.send_event(poll_message)
|
39
|
+
sleep(REFRESH_INTERVAL_SEC)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
def poll_message
|
45
|
+
@_poll_message ||= Contrast::Agent::Reporting::Poll.new
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/agent/reporting/reporting_events/server_reporting_event'
|
5
|
+
require 'contrast/config'
|
6
|
+
|
7
|
+
module Contrast
|
8
|
+
module Agent
|
9
|
+
module Reporting
|
10
|
+
# AgentStartup Event which sends the agent data to TeamServer on the startup of a server or process,
|
11
|
+
# used to create a new Server entity there.
|
12
|
+
class AgentStartup < Contrast::Agent::Reporting::ServerReportingEvent
|
13
|
+
def initialize
|
14
|
+
@event_method = :PUT
|
15
|
+
@event_endpoint = Contrast::Agent::Reporting::Endpoints::NG_ENDPOINTS[:agent_startup]
|
16
|
+
@event_type = :agent_startup
|
17
|
+
super
|
18
|
+
end
|
19
|
+
|
20
|
+
def file_name
|
21
|
+
'agent-startup'
|
22
|
+
end
|
23
|
+
|
24
|
+
def to_controlled_hash
|
25
|
+
{
|
26
|
+
environment: ::Contrast::CONFIG.root.server.environment,
|
27
|
+
tags: ::Contrast::CONFIG.root.server.tags,
|
28
|
+
version: Contrast::Agent::VERSION
|
29
|
+
}
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/components/logger'
|
5
|
+
require 'contrast/agent/reporting/reporting_events/application_reporting_event'
|
6
|
+
require 'contrast/agent/reporting/reporting_events/application_defend_activity'
|
7
|
+
require 'contrast/agent/reporting/reporting_events/application_inventory_activity'
|
8
|
+
|
9
|
+
module Contrast
|
10
|
+
module Agent
|
11
|
+
module Reporting
|
12
|
+
# This is the new ApplicationActivity class which will include all the needed information for the new reporting
|
13
|
+
# system to report
|
14
|
+
class ApplicationActivity < Contrast::Agent::Reporting::ApplicationReportingEvent
|
15
|
+
class << self
|
16
|
+
# @param app_activity_dtm [Contrast::Api::Dtm::Activity]
|
17
|
+
# @return [Contrast::Agent::Reporting::ApplicationActivity]
|
18
|
+
def convert app_activity_dtm
|
19
|
+
app_activity = new
|
20
|
+
app_activity.attach_data(app_activity_dtm)
|
21
|
+
app_activity
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
def initialize
|
26
|
+
@event_method = :PUT
|
27
|
+
@event_type = :application_activity
|
28
|
+
@event_endpoint = Contrast::Agent::Reporting::Endpoints.application_activity
|
29
|
+
super
|
30
|
+
end
|
31
|
+
|
32
|
+
def file_name
|
33
|
+
'activity-application'
|
34
|
+
end
|
35
|
+
|
36
|
+
def to_controlled_hash
|
37
|
+
hsh = { lastUpdate: since_last_update }
|
38
|
+
hsh[:defend] = @defend&.to_controlled_hash if @defend
|
39
|
+
hsh[:inventory] = @inventory&.to_controlled_hash if @inventory
|
40
|
+
hsh
|
41
|
+
end
|
42
|
+
|
43
|
+
# @param activity_dtm [Contrast::Api::Dtm::ApplicationActivity]
|
44
|
+
def attach_data activity_dtm
|
45
|
+
@defend = Contrast::Agent::Reporting::ApplicationDefendActivity.convert(activity_dtm)
|
46
|
+
@inventory = Contrast::Agent::Reporting::ApplicationInventoryActivity.convert(activity_dtm)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
@@ -0,0 +1,96 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/components/logger'
|
5
|
+
require 'contrast/agent/reporting/reporting_events/application_defend_attacker_activity'
|
6
|
+
|
7
|
+
module Contrast
|
8
|
+
module Agent
|
9
|
+
module Reporting
|
10
|
+
# This is the new ApplicationDefendActivity class which includes information about the defense of the application
|
11
|
+
# which was discovered during exercise of the application during this activity period.
|
12
|
+
class ApplicationDefendActivity
|
13
|
+
# @return [Array<Contrast::Agent::Reporting::ApplicationDefendAttackerActivity>]
|
14
|
+
attr_reader :attackers
|
15
|
+
|
16
|
+
class << self
|
17
|
+
# @param activity_dtm [Contrast::Api::Dtm::ApplicationActivity]
|
18
|
+
# @return [Contrast::Agent::Reporting::ApplicationDefendActivity]
|
19
|
+
def convert activity_dtm
|
20
|
+
activity = new
|
21
|
+
activity.attach_data(activity_dtm.results)
|
22
|
+
activity
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def initialize
|
27
|
+
@attackers = []
|
28
|
+
@event_type = :application_defend_activity
|
29
|
+
super
|
30
|
+
end
|
31
|
+
|
32
|
+
def to_controlled_hash
|
33
|
+
{
|
34
|
+
attackers: attackers.map(&:to_controlled_hash)
|
35
|
+
}
|
36
|
+
end
|
37
|
+
|
38
|
+
# @param attack_dtms [Array<Contrast::Api::Dtm::AttackResult>]
|
39
|
+
def attach_data attack_dtms
|
40
|
+
attack_dtms.each do |attack_result|
|
41
|
+
attacker_activity = Contrast::Agent::Reporting::ApplicationDefendAttackerActivity.convert(attack_result)
|
42
|
+
existing_attacker_activity = attackers.find do |existing|
|
43
|
+
existing.source_forwarded_for == attacker_activity.source_forwarded_for &&
|
44
|
+
existing.source_ip == attacker_activity.source_ip
|
45
|
+
end
|
46
|
+
rule = attack_result.rule_id
|
47
|
+
if existing_attacker_activity
|
48
|
+
attach_existing(existing_attacker_activity, attacker_activity, rule)
|
49
|
+
else
|
50
|
+
attackers << attacker_activity
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
# @param existing_attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
|
56
|
+
# @param attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
|
57
|
+
# @param rule [String]
|
58
|
+
def attach_existing existing_attacker_activity, attacker_activity, rule
|
59
|
+
# TODO: RUBY-1663 figure out attack time mapping
|
60
|
+
new_violation = attacker_activity.protection_rules[rule]
|
61
|
+
if (previously_violated = existing_attacker_activity.protection_rules[rule])
|
62
|
+
if (new_blocked = new_violation.blocked&.samples)
|
63
|
+
unless previously_violated.blocked
|
64
|
+
previously_violated.blocked = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
|
65
|
+
end
|
66
|
+
previously_violated.blocked.samples.concat(new_blocked)
|
67
|
+
end
|
68
|
+
|
69
|
+
if (new_exploited = new_violation.exploited&.samples)
|
70
|
+
unless previously_violated.exploited
|
71
|
+
previously_violated.exploited = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
|
72
|
+
end
|
73
|
+
previously_violated.exploited.samples.concat(new_exploited)
|
74
|
+
end
|
75
|
+
|
76
|
+
if (new_ineffective = new_violation.ineffective&.samples)
|
77
|
+
unless previously_violated.ineffective
|
78
|
+
previously_violated.ineffective = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
|
79
|
+
end
|
80
|
+
previously_violated.ineffective.samples.concat(new_ineffective)
|
81
|
+
end
|
82
|
+
|
83
|
+
if (new_suspicious = new_violation.suspicious&.samples)
|
84
|
+
unless previously_violated.suspicious
|
85
|
+
previously_violated.suspicious = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
|
86
|
+
end
|
87
|
+
previously_violated.suspicious.samples.concat(new_suspicious)
|
88
|
+
end
|
89
|
+
else
|
90
|
+
existing_attacker_activity.protection_rules[rule] = new_violation
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|