contrast-agent 6.0.0 → 6.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.simplecov +1 -1
- data/Rakefile +1 -1
- data/ext/build_funchook.rb +3 -3
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +5 -1
- data/ext/cs__assess_regexp/cs__assess_regexp.c +15 -2
- data/ext/cs__assess_regexp/cs__assess_regexp.h +2 -0
- data/ext/cs__assess_string/cs__assess_string.c +8 -0
- data/ext/cs__assess_test/cs__assess_test.h +9 -0
- data/ext/cs__assess_test/cs__assess_tests.c +22 -0
- data/ext/cs__assess_test/extconf.rb +5 -0
- data/ext/cs__common/cs__common.c +101 -0
- data/ext/cs__common/cs__common.h +29 -5
- data/ext/cs__contrast_patch/cs__contrast_patch.c +1 -1
- data/ext/cs__tests/cs__tests.c +12 -0
- data/ext/cs__tests/cs__tests.h +3 -0
- data/ext/cs__tests/extconf.rb +5 -0
- data/ext/extconf_common.rb +1 -1
- data/lib/contrast/agent/assess/contrast_object.rb +16 -16
- data/lib/contrast/agent/assess/events/source_event.rb +17 -19
- data/lib/contrast/agent/assess/finalizers/hash.rb +2 -2
- data/lib/contrast/agent/assess/policy/policy.rb +9 -10
- data/lib/contrast/agent/assess/policy/policy_node.rb +9 -10
- data/lib/contrast/agent/assess/policy/policy_scanner.rb +2 -16
- data/lib/contrast/agent/assess/policy/propagation_method.rb +3 -3
- data/lib/contrast/agent/assess/policy/propagation_node.rb +2 -3
- data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/buffer.rb +2 -1
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/split.rb +17 -21
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +1 -1
- data/lib/contrast/agent/assess/policy/source_node.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_method.rb +10 -18
- data/lib/contrast/agent/assess/policy/trigger_node.rb +16 -16
- data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +1 -1
- data/lib/contrast/agent/assess/property/evented.rb +2 -2
- data/lib/contrast/agent/assess/property/tagged.rb +2 -2
- data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +6 -8
- data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +6 -7
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +12 -7
- data/lib/contrast/agent/assess/rule/response/base_rule.rb +13 -6
- data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +66 -43
- data/lib/contrast/agent/assess/rule/response/click_jacking_header_rule.rb +4 -4
- data/lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb +6 -6
- data/lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb +4 -4
- data/lib/contrast/agent/assess/rule/response/hsts_header_rule.rb +4 -4
- data/lib/contrast/agent/assess/rule/response/x_content_type_header_rule.rb +4 -4
- data/lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb +3 -4
- data/lib/contrast/agent/assess/tag.rb +13 -14
- data/lib/contrast/agent/at_exit_hook.rb +12 -1
- data/lib/contrast/agent/inventory/database_config.rb +22 -7
- data/lib/contrast/agent/middleware.rb +9 -6
- data/lib/contrast/agent/patching/policy/after_load_patch.rb +3 -5
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +2 -2
- data/lib/contrast/agent/patching/policy/method_policy_extend.rb +4 -4
- data/lib/contrast/agent/patching/policy/patch.rb +20 -19
- data/lib/contrast/agent/patching/policy/patch_status.rb +10 -3
- data/lib/contrast/agent/patching/policy/patcher.rb +1 -1
- data/lib/contrast/agent/patching/policy/policy.rb +13 -15
- data/lib/contrast/agent/patching/policy/policy_node.rb +19 -21
- data/lib/contrast/agent/patching/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +126 -122
- data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +2 -2
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +4 -4
- data/lib/contrast/agent/protect/rule/base.rb +30 -18
- data/lib/contrast/agent/protect/rule/base_service.rb +31 -14
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +16 -9
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +3 -3
- data/lib/contrast/agent/protect/rule/default_scanner.rb +2 -1
- data/lib/contrast/agent/protect/rule/deserialization.rb +18 -7
- data/lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb +74 -74
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +71 -53
- data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +3 -3
- data/lib/contrast/agent/protect/rule/no_sqli.rb +15 -16
- data/lib/contrast/agent/protect/rule/path_traversal.rb +13 -3
- data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +2 -2
- data/lib/contrast/agent/protect/rule/sqli/sqli_worth_watching.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli.rb +16 -23
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +61 -61
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_matcher.rb +29 -29
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +32 -32
- data/lib/contrast/agent/protect/rule/xss.rb +17 -0
- data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +14 -13
- data/lib/contrast/agent/protect/rule/xxe.rb +25 -3
- data/lib/contrast/agent/reaction_processor.rb +1 -1
- data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +36 -36
- data/lib/contrast/agent/reporting/masker/masker.rb +18 -21
- data/lib/contrast/agent/reporting/masker/masker_utils.rb +10 -6
- data/lib/contrast/agent/reporting/reporter.rb +11 -16
- data/lib/contrast/agent/reporting/reporter_heartbeat.rb +49 -0
- data/lib/contrast/agent/reporting/reporting_events/agent_startup.rb +6 -2
- data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +51 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +96 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +70 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +182 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +56 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_stack.rb +22 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +70 -0
- data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +6 -2
- data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +60 -0
- data/lib/contrast/agent/reporting/reporting_events/application_reporting_event.rb +27 -0
- data/lib/contrast/agent/reporting/reporting_events/application_startup.rb +15 -11
- data/lib/contrast/agent/reporting/reporting_events/application_update.rb +7 -12
- data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +9 -3
- data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +2 -4
- data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +3 -3
- data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +6 -2
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +7 -3
- data/lib/contrast/agent/reporting/reporting_events/poll.rb +6 -2
- data/lib/contrast/agent/reporting/reporting_events/preflight.rb +10 -8
- data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +6 -10
- data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +12 -20
- data/lib/contrast/agent/reporting/reporting_events/server_reporting_event.rb +27 -0
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +17 -27
- data/lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb +38 -0
- data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +8 -0
- data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +6 -0
- data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +1 -2
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +15 -10
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +54 -67
- data/lib/contrast/agent/reporting/reporting_utilities/response.rb +17 -7
- data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +9 -6
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +17 -17
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +47 -32
- data/lib/contrast/agent/reporting/settings/application_settings.rb +1 -1
- data/lib/contrast/agent/reporting/settings/assess.rb +5 -5
- data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +3 -3
- data/lib/contrast/agent/reporting/settings/exclusions.rb +3 -3
- data/lib/contrast/agent/reporting/settings/protect.rb +21 -6
- data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +6 -6
- data/lib/contrast/agent/reporting/settings/reaction.rb +3 -3
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +2 -2
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +2 -2
- data/lib/contrast/agent/reporting/settings/server_features.rb +2 -2
- data/lib/contrast/agent/request.rb +5 -5
- data/lib/contrast/agent/request_context.rb +23 -19
- data/lib/contrast/agent/request_context_extend.rb +11 -24
- data/lib/contrast/agent/request_handler.rb +4 -4
- data/lib/contrast/agent/response.rb +2 -0
- data/lib/contrast/agent/rule_set.rb +2 -2
- data/lib/contrast/agent/scope.rb +1 -1
- data/lib/contrast/agent/service_heartbeat.rb +6 -48
- data/lib/contrast/agent/static_analysis.rb +1 -1
- data/lib/contrast/agent/telemetry/base.rb +155 -0
- data/lib/contrast/agent/telemetry/events/event.rb +35 -0
- data/lib/contrast/agent/telemetry/events/exceptions/obfuscate.rb +119 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +44 -36
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +29 -21
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +91 -73
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +62 -44
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +50 -33
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb +20 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb +30 -0
- data/lib/contrast/agent/telemetry/events/metric_event.rb +28 -0
- data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb +123 -0
- data/lib/contrast/agent/thread_watcher.rb +52 -68
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent/worker_thread.rb +8 -0
- data/lib/contrast/agent.rb +1 -3
- data/lib/contrast/api/communication/messaging_queue.rb +29 -12
- data/lib/contrast/api/communication/response_processor.rb +7 -10
- data/lib/contrast/api/communication/service_lifecycle.rb +1 -1
- data/lib/contrast/api/communication/socket.rb +1 -1
- data/lib/contrast/api/communication/socket_client.rb +1 -1
- data/lib/contrast/api/communication/speedracer.rb +3 -3
- data/lib/contrast/api/decorators/activity.rb +33 -0
- data/lib/contrast/api/decorators/agent_startup.rb +10 -9
- data/lib/contrast/api/decorators/application_settings.rb +1 -1
- data/lib/contrast/api/decorators/application_startup.rb +4 -4
- data/lib/contrast/api/decorators/http_request.rb +1 -1
- data/lib/contrast/api/decorators/response_type.rb +4 -17
- data/lib/contrast/components/agent.rb +1 -1
- data/lib/contrast/components/base.rb +1 -1
- data/lib/contrast/components/config.rb +19 -28
- data/lib/contrast/components/contrast_service.rb +13 -1
- data/lib/contrast/components/sampling.rb +1 -1
- data/lib/contrast/components/settings.rb +58 -24
- data/lib/contrast/config/agent_configuration.rb +21 -11
- data/lib/contrast/config/api_configuration.rb +12 -8
- data/lib/contrast/config/api_proxy_configuration.rb +7 -3
- data/lib/contrast/config/application_configuration.rb +15 -11
- data/lib/contrast/config/assess_configuration.rb +13 -9
- data/lib/contrast/config/assess_rules_configuration.rb +6 -2
- data/lib/contrast/config/base_configuration.rb +3 -35
- data/lib/contrast/config/certification_configuration.rb +9 -5
- data/lib/contrast/config/exception_configuration.rb +10 -7
- data/lib/contrast/config/heap_dump_configuration.rb +13 -9
- data/lib/contrast/config/inventory_configuration.rb +9 -6
- data/lib/contrast/config/logger_configuration.rb +9 -6
- data/lib/contrast/config/protect_configuration.rb +9 -6
- data/lib/contrast/config/protect_rule_configuration.rb +12 -8
- data/lib/contrast/config/protect_rules_configuration.rb +19 -18
- data/lib/contrast/config/request_audit_configuration.rb +10 -7
- data/lib/contrast/config/root_configuration.rb +29 -12
- data/lib/contrast/config/ruby_configuration.rb +14 -11
- data/lib/contrast/config/sampling_configuration.rb +11 -8
- data/lib/contrast/config/server_configuration.rb +13 -9
- data/lib/contrast/config/service_configuration.rb +14 -11
- data/lib/contrast/configuration.rb +23 -14
- data/lib/contrast/extension/assess/array.rb +1 -1
- data/lib/contrast/extension/assess/erb.rb +1 -1
- data/lib/contrast/extension/assess/marshal.rb +1 -1
- data/lib/contrast/extension/assess/string.rb +1 -1
- data/lib/contrast/extension/extension.rb +2 -2
- data/lib/contrast/framework/base_support.rb +8 -8
- data/lib/contrast/framework/grape/support.rb +3 -3
- data/lib/contrast/framework/manager.rb +5 -5
- data/lib/contrast/framework/manager_extend.rb +1 -1
- data/lib/contrast/framework/rack/patch/session_cookie.rb +1 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +14 -3
- data/lib/contrast/framework/rails/patch/assess_configuration.rb +3 -3
- data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +1 -1
- data/lib/contrast/framework/rails/patch/support.rb +14 -46
- data/lib/contrast/framework/rails/support.rb +2 -2
- data/lib/contrast/framework/sinatra/support.rb +1 -1
- data/lib/contrast/logger/aliased_logging.rb +94 -0
- data/lib/contrast/logger/application.rb +0 -4
- data/lib/contrast/logger/cef_log.rb +14 -14
- data/lib/contrast/logger/format.rb +1 -1
- data/lib/contrast/logger/log.rb +8 -8
- data/lib/contrast/tasks/config.rb +30 -21
- data/lib/contrast/tasks/service.rb +2 -2
- data/lib/contrast/utils/assess/tracking_util.rb +4 -4
- data/lib/contrast/utils/class_util.rb +6 -10
- data/lib/contrast/utils/findings.rb +3 -3
- data/lib/contrast/utils/hash_digest.rb +6 -7
- data/lib/contrast/utils/head_dump_utils_extend.rb +1 -1
- data/lib/contrast/utils/invalid_configuration_util.rb +2 -2
- data/lib/contrast/utils/log_utils.rb +6 -4
- data/lib/contrast/utils/lru_cache.rb +1 -1
- data/lib/contrast/utils/metrics_hash.rb +1 -1
- data/lib/contrast/utils/middleware_utils.rb +6 -6
- data/lib/contrast/utils/net_http_base.rb +4 -4
- data/lib/contrast/utils/object_share.rb +1 -1
- data/lib/contrast/utils/os.rb +1 -1
- data/lib/contrast/utils/patching/policy/patch_utils.rb +2 -2
- data/lib/contrast/utils/request_utils.rb +2 -2
- data/lib/contrast/utils/sha256_builder.rb +4 -4
- data/lib/contrast/utils/stack_trace_utils.rb +31 -13
- data/lib/contrast/utils/telemetry.rb +22 -7
- data/lib/contrast/utils/telemetry_client.rb +27 -15
- data/lib/contrast/utils/telemetry_hash.rb +41 -0
- data/lib/contrast/utils/telemetry_identifier.rb +18 -3
- data/lib/contrast/utils/timer.rb +1 -1
- data/lib/contrast.rb +9 -0
- data/resources/assess/policy.json +1 -1
- data/ruby-agent.gemspec +1 -1
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +41 -16
- data/lib/contrast/agent/telemetry/events/metric_telemetry_event.rb +0 -26
- data/lib/contrast/agent/telemetry/events/startup_metrics_telemetry_event.rb +0 -121
- data/lib/contrast/agent/telemetry/events/telemetry_event.rb +0 -33
- data/lib/contrast/agent/telemetry/telemetry.rb +0 -150
- data/lib/contrast/utils/exclude_key.rb +0 -20
@@ -13,16 +13,26 @@ module Contrast
|
|
13
13
|
# At least one, but not necessarily all, setting will differ from the agent's current set.
|
14
14
|
# Agents are able to replace all application settings with those in this message.
|
15
15
|
#
|
16
|
-
# @return
|
17
|
-
|
18
|
-
@_application_settings ||= Contrast::Agent::Reporting::Settings::ApplicationSettings.new
|
19
|
-
end
|
16
|
+
# @return [Contrast::Agent::Reporting::Settings::ApplicationSettings, nil]
|
17
|
+
attr_accessor :application_settings
|
20
18
|
|
21
19
|
# All of the feature server_features
|
22
20
|
#
|
23
|
-
# @return
|
24
|
-
|
25
|
-
|
21
|
+
# @return [Contrast::Agent::Reporting::Settings::FeatureSettings, nil]
|
22
|
+
attr_accessor :server_features
|
23
|
+
|
24
|
+
class << self
|
25
|
+
def application_response
|
26
|
+
res = new
|
27
|
+
res.application_settings = Contrast::Agent::Reporting::Settings::ApplicationSettings.new
|
28
|
+
res
|
29
|
+
end
|
30
|
+
|
31
|
+
def server_response
|
32
|
+
res = new
|
33
|
+
res.server_features = Contrast::Agent::Reporting::Settings::ServerFeatures.new
|
34
|
+
res
|
35
|
+
end
|
26
36
|
end
|
27
37
|
end
|
28
38
|
end
|
@@ -15,7 +15,7 @@ module Contrast
|
|
15
15
|
return unless assessments
|
16
16
|
|
17
17
|
res.application_settings.assess.disabled_rules = assessments[:disabledRules]
|
18
|
-
res.application_settings.assess.session_id = assessments[:
|
18
|
+
res.application_settings.assess.session_id = assessments[:session_id]
|
19
19
|
end
|
20
20
|
|
21
21
|
# @param response_data [Hash]
|
@@ -24,6 +24,7 @@ module Contrast
|
|
24
24
|
protect = response_data[:settings][:defend]
|
25
25
|
return unless protect
|
26
26
|
|
27
|
+
# TODO: RUBY-1636 should this be `:rules` or `:protectionRules`
|
27
28
|
res.application_settings.protect.protection_rules = protect[:protectionRules]
|
28
29
|
res.application_settings.protect.virtual_patches = protect[:virtualPatches]
|
29
30
|
end
|
@@ -48,7 +49,7 @@ module Contrast
|
|
48
49
|
# @param response_data [Hash]
|
49
50
|
# @param res [Contrast::Agent::Reporting::Response]
|
50
51
|
def extract_assess_server_features response_data, res
|
51
|
-
assess = response_data[:assessment]
|
52
|
+
assess = response_data[:features][:assessment]
|
52
53
|
return unless assess
|
53
54
|
|
54
55
|
res.server_features.assess.enabled = assess[:enabled]
|
@@ -60,18 +61,20 @@ module Contrast
|
|
60
61
|
# @param response_data [Hash]
|
61
62
|
# @param res [Contrast::Agent::Reporting::Response]
|
62
63
|
def extract_protect_server_features response_data, res
|
63
|
-
protect = response_data[:defend]
|
64
|
+
protect = response_data[:features][:defend]
|
64
65
|
return unless protect
|
65
66
|
|
66
67
|
res.server_features.protect.enabled = protect[:enabled]
|
67
|
-
res.server_features.protect.bot_blocker = protect[:
|
68
|
+
res.server_features.protect.bot_blocker = protect[:'bot-blocker']
|
69
|
+
# TODO: RUBY-1636 should this be `:rules` or `:protectionRules`
|
70
|
+
# process the botBlockers field
|
68
71
|
res.server_features.protect.syslog = protect[:syslog]
|
69
72
|
end
|
70
73
|
|
71
74
|
# @param response_data [Hash]
|
72
75
|
# @param res [Contrast::Agent::Reporting::Response]
|
73
76
|
def extract_protect_lists response_data, res
|
74
|
-
protect = response_data[:defend]
|
77
|
+
protect = response_data[:features][:defend]
|
75
78
|
return unless protect
|
76
79
|
|
77
80
|
res.server_features.protect.ip_allowlist = protect[:ipAllowlist]
|
@@ -89,7 +92,7 @@ module Contrast
|
|
89
92
|
sensitive_data = response_data[:settings][:sensitive_data_masking_policy]
|
90
93
|
res.application_settings.sensitive_data_masking.mask_http_body = sensitive_data[:mask_http_body]
|
91
94
|
res.application_settings.sensitive_data_masking.mask_attack_vector = sensitive_data[:mask_attack_vector]
|
92
|
-
res.application_settings.sensitive_data_masking.build_rules_form_settings
|
95
|
+
res.application_settings.sensitive_data_masking.build_rules_form_settings(sensitive_data[:rules])
|
93
96
|
end
|
94
97
|
end
|
95
98
|
end
|
@@ -14,7 +14,7 @@ module Contrast
|
|
14
14
|
module Agent
|
15
15
|
module Reporting
|
16
16
|
# This class will facilitate the Response capture and analysis functionality.
|
17
|
-
class ResponseHandler
|
17
|
+
class ResponseHandler
|
18
18
|
include Contrast::Components::Logger::InstanceMethods
|
19
19
|
include Contrast::Agent::Reporting::ResponseHandlerUtils
|
20
20
|
# 15 min
|
@@ -26,19 +26,19 @@ module Contrast
|
|
26
26
|
# @return response [Net::HTTP::Response, nil]
|
27
27
|
def process response
|
28
28
|
logger.debug('Reporter Received a response')
|
29
|
-
return unless analyze_response?
|
29
|
+
return unless analyze_response?(response)
|
30
30
|
|
31
31
|
# Handle the response body and obtain server_features or app_settings
|
32
|
-
report_response = convert_response
|
33
|
-
|
32
|
+
report_response = convert_response(response)
|
34
33
|
return unless report_response
|
35
34
|
|
36
|
-
|
37
|
-
|
38
|
-
#
|
39
|
-
|
40
|
-
|
41
|
-
|
35
|
+
# Update Server Features and Application Settings to provide current agent settings
|
36
|
+
update_agent_settings(report_response)
|
37
|
+
# Process any reactions, including message logging and shutting down
|
38
|
+
update_reaction(report_response)
|
39
|
+
update_ruleset(report_response)
|
40
|
+
logger.trace('Agent settings updated in response to TeamServer', protect_on: ::Contrast::PROTECT.enabled?,
|
41
|
+
assess_on: ::Contrast::ASSESS.enabled?)
|
42
42
|
response
|
43
43
|
rescue StandardError => e
|
44
44
|
logger.error('Unable to process response from TeamServer', e)
|
@@ -78,17 +78,17 @@ module Contrast
|
|
78
78
|
def handle_error response
|
79
79
|
case response&.code
|
80
80
|
when ERROR_CODES[:message_not_sent]
|
81
|
-
handle_response_errors
|
81
|
+
handle_response_errors(response, UNSUCCESSFULLY_RECEIVED_MSG, mode.running)
|
82
82
|
when ERROR_CODES[:access_forbidden]
|
83
|
-
handle_response_errors
|
83
|
+
handle_response_errors(response, FORBIDDEN_MSG, mode.running)
|
84
84
|
when ERROR_CODES[:access_forbidden_no_action]
|
85
|
-
handle_response_errors
|
85
|
+
handle_response_errors(response, FORBIDDEN_NO_ACTION_MSG, mode.running)
|
86
86
|
when ERROR_CODES[:application_do_not_exist]
|
87
|
-
handle_response_errors
|
87
|
+
handle_response_errors(response, APP_NON_EXISTENT_MSG, mode.disabled)
|
88
88
|
when ERROR_CODES[:unprocessable_entity]
|
89
|
-
handle_response_errors
|
89
|
+
handle_response_errors(response, UNPROCESSABLE_ENTITY_MSG, mode.disabled)
|
90
90
|
when ERROR_CODES[:too_many_requests]
|
91
|
-
handle_response_errors
|
91
|
+
handle_response_errors(response, RETRY_AFTER_MSG, mode.resending)
|
92
92
|
else
|
93
93
|
logger.debug('Response Error code could not be processed')
|
94
94
|
end
|
@@ -102,7 +102,7 @@ module Contrast
|
|
102
102
|
# @param error_message [String, nil] Error message if any received.
|
103
103
|
def suspend_reporting message, timeout, error_message
|
104
104
|
@_timeout = timeout || Contrast::Agent::Reporting::ResponseHandler::TIMEOUT
|
105
|
-
log_debug_msg
|
105
|
+
log_debug_msg(message, timeout: @_timeout, error_message: error_message || 'none')
|
106
106
|
@_sleep = true
|
107
107
|
end
|
108
108
|
|
@@ -78,9 +78,9 @@ module Contrast
|
|
78
78
|
# in the standard format per RFC 2616
|
79
79
|
# used for in observed routes message.
|
80
80
|
return false unless response && (response_code = response&.code)
|
81
|
-
return true if ANALYZE_WHEN.include?
|
81
|
+
return true if ANALYZE_WHEN.include?(response_code)
|
82
82
|
|
83
|
-
handle_error
|
83
|
+
handle_error(response) if ERROR_CODES.value?(response_code)
|
84
84
|
# There was error, so analyze the Error and nothing more.
|
85
85
|
false
|
86
86
|
end
|
@@ -95,16 +95,16 @@ module Contrast
|
|
95
95
|
def handle_response_errors response, message, mode
|
96
96
|
# Set the current mode status.
|
97
97
|
@_mode.status = mode
|
98
|
-
ready_after, error_message, auth_error = extract_response_info
|
98
|
+
ready_after, error_message, auth_error = extract_response_info(response)
|
99
99
|
# log, suspend, disable:
|
100
100
|
if mode == @_mode.running
|
101
|
-
log_debug_msg
|
101
|
+
log_debug_msg(message,
|
102
102
|
response: response.__id__,
|
103
103
|
request: Contrast::Agent::REQUEST_TRACKER.current&.request&.type,
|
104
104
|
error_message: error_message || 'none',
|
105
|
-
auth_error: auth_error || 'none'
|
105
|
+
auth_error: auth_error || 'none')
|
106
106
|
end
|
107
|
-
suspend_reporting
|
107
|
+
suspend_reporting(message, ready_after, error_message) if mode == @_mode.resending
|
108
108
|
return unless mode == @_mode.disabled
|
109
109
|
|
110
110
|
stop_reporting(message, application: Contrast::APP_CONTEXT.app_name, error_message: error_message)
|
@@ -142,8 +142,8 @@ module Contrast
|
|
142
142
|
def update_agent_settings response
|
143
143
|
return unless response
|
144
144
|
|
145
|
-
Contrast::SETTINGS.update_from_server_features(response) if response.server_features
|
146
|
-
Contrast::SETTINGS.update_from_application_settings(response) if response.application_settings
|
145
|
+
::Contrast::SETTINGS.update_from_server_features(response) if response.server_features
|
146
|
+
::Contrast::SETTINGS.update_from_application_settings(response) if response.application_settings
|
147
147
|
end
|
148
148
|
|
149
149
|
# Process the given Reactions from the application settings based on what
|
@@ -152,23 +152,18 @@ module Contrast
|
|
152
152
|
#
|
153
153
|
# @param response [Contrast::Agent::Reporting::Response]
|
154
154
|
def update_reaction response
|
155
|
-
return unless response.application_settings
|
155
|
+
return unless response.application_settings&.reactions&.any?
|
156
156
|
|
157
157
|
response.application_settings.reactions.each do |reaction|
|
158
158
|
# The enums are all uppercase, we need to downcase them before attempting to log.
|
159
|
-
level =
|
160
|
-
:error
|
161
|
-
else
|
162
|
-
reaction.level.downcase
|
163
|
-
end
|
164
|
-
|
159
|
+
level = reaction.level.nil? ? :error : reaction.level.downcase
|
165
160
|
logger.with_level(level, reaction.message) if reaction.message
|
166
161
|
|
167
162
|
case reaction.operation
|
168
|
-
when Contrast::Agent::Reporting::Settings::Reaction::OPERATIONS
|
163
|
+
when Contrast::Agent::Reporting::Settings::Reaction::OPERATIONS[1]
|
169
164
|
# DISABLED
|
170
|
-
Contrast::Agent::DisableReaction.run
|
171
|
-
when Contrast::Agent::Reporting::Settings::Reaction::OPERATIONS
|
165
|
+
Contrast::Agent::DisableReaction.run(reaction, level)
|
166
|
+
when Contrast::Agent::Reporting::Settings::Reaction::OPERATIONS[0]
|
172
167
|
# NOOP
|
173
168
|
else
|
174
169
|
logger.warn('ReactionProcessor received a reaction with an unknown operation',
|
@@ -177,6 +172,24 @@ module Contrast
|
|
177
172
|
end
|
178
173
|
end
|
179
174
|
|
175
|
+
# This can't go in the Settings component because protect and assess depend on settings
|
176
|
+
# I don't think it should go into contrast_service because that only handles connection specific data.
|
177
|
+
#
|
178
|
+
# @param response [Contrast::Agent::Reporting::Response]
|
179
|
+
def update_ruleset response
|
180
|
+
logger.info('Updating features from TeamServer')
|
181
|
+
return unless response&.server_features || response&.application_settings
|
182
|
+
return unless ::Contrast::AGENT.enabled?
|
183
|
+
|
184
|
+
logger.trace_with_time('Rebuilding rule modes from TeamServer') do
|
185
|
+
::Contrast::SETTINGS.build_protect_rules if ::Contrast::PROTECT.enabled?
|
186
|
+
::Contrast::AGENT.reset_ruleset
|
187
|
+
logger.info('Current rule settings:')
|
188
|
+
::Contrast::PROTECT.rules.each { |k, v| logger.info('Protect Rule mode set', rule: k, mode: v.mode) }
|
189
|
+
logger.info('Disabled Assess Rules', rules: ::Contrast::ASSESS.disabled_rules)
|
190
|
+
end
|
191
|
+
end
|
192
|
+
|
180
193
|
# Converts response from Net to Reporting Response object
|
181
194
|
#
|
182
195
|
# @param response [Net::HTTP::Response, nil]
|
@@ -192,12 +205,14 @@ module Contrast
|
|
192
205
|
# check if response contains application settings or Feature settings
|
193
206
|
if response_data[:settings]
|
194
207
|
# the response contains ApplicationSettings
|
195
|
-
|
196
|
-
|
208
|
+
app_settings = build_application_settings(response_data)
|
209
|
+
logger.trace('Agent: Received updated application settings', raw: response_data, processed: app_settings)
|
210
|
+
app_settings
|
197
211
|
else
|
198
212
|
# the response contains FeatureSettings
|
199
|
-
|
200
|
-
|
213
|
+
server_features = build_feature_settings(response_data)
|
214
|
+
logger.trace('Agent: Received updated application settings', raw: response_data, processed: server_features)
|
215
|
+
server_features
|
201
216
|
end
|
202
217
|
rescue StandardError => e
|
203
218
|
logger.error('Unable to convert response', e)
|
@@ -207,22 +222,22 @@ module Contrast
|
|
207
222
|
# @param response_data [Hash]
|
208
223
|
# @return res [Contrast::Agent::Reporting::Response]
|
209
224
|
def build_application_settings response_data
|
210
|
-
res = Contrast::Agent::Reporting::Response.
|
211
|
-
extract_assess
|
212
|
-
extract_protect
|
213
|
-
extract_exclusions
|
214
|
-
extract_reactions
|
215
|
-
extract_sensitive_data_policy
|
225
|
+
res = Contrast::Agent::Reporting::Response.application_response
|
226
|
+
extract_assess(response_data, res)
|
227
|
+
extract_protect(response_data, res)
|
228
|
+
extract_exclusions(response_data, res)
|
229
|
+
extract_reactions(response_data, res)
|
230
|
+
extract_sensitive_data_policy(response_data, res)
|
216
231
|
res
|
217
232
|
end
|
218
233
|
|
219
234
|
# @param response_data [Hash]
|
220
235
|
# @return res [Contrast::Agent::Reporting::Response]
|
221
236
|
def build_feature_settings response_data
|
222
|
-
res = Contrast::Agent::Reporting::Response.
|
223
|
-
extract_assess_server_features
|
224
|
-
extract_protect_server_features
|
225
|
-
extract_protect_lists
|
237
|
+
res = Contrast::Agent::Reporting::Response.server_response
|
238
|
+
extract_assess_server_features(response_data, res)
|
239
|
+
extract_protect_server_features(response_data, res)
|
240
|
+
extract_protect_lists(response_data, res)
|
226
241
|
res.server_features.log_level = response_data[:logLevel]
|
227
242
|
res.server_features.log_file = response_data[:logFile]
|
228
243
|
res.server_features.telemetry = response_data[:telemetry]
|
@@ -61,7 +61,7 @@ module Contrast
|
|
61
61
|
# operation [String] What to do in response to this reaction.[NOOP, DISABLE] }
|
62
62
|
# @return [Array<Contrast::Agent::Reporting::Settings::Reaction>]
|
63
63
|
def reactions= reactions
|
64
|
-
return unless reactions.is_a?
|
64
|
+
return unless reactions.is_a?(Array)
|
65
65
|
|
66
66
|
@_reactions = []
|
67
67
|
reactions.each do |r|
|
@@ -12,7 +12,7 @@ module Contrast
|
|
12
12
|
class Assess
|
13
13
|
# Assess rules to disable for this application.
|
14
14
|
#
|
15
|
-
# @return disabled_rules [Array<
|
15
|
+
# @return disabled_rules [Array<String>] Array with string rule_ids
|
16
16
|
def disabled_rules
|
17
17
|
@_disabled_rules ||= []
|
18
18
|
end
|
@@ -20,15 +20,15 @@ module Contrast
|
|
20
20
|
# @param disabled_rules [Array] with AssessRuleID strings
|
21
21
|
# @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
|
22
22
|
def disabled_rules= disabled_rules
|
23
|
-
@_disabled_rules = disabled_rules if disabled_rules.is_a?
|
23
|
+
@_disabled_rules = disabled_rules if disabled_rules.is_a?(Array)
|
24
24
|
end
|
25
25
|
|
26
26
|
# The id of a session on TeamServer under which this session of this application should report
|
27
27
|
# Overrides that set by application.session_id (should match if provided).
|
28
28
|
#
|
29
|
-
# @return session_id [String]
|
29
|
+
# @return session_id [String, nil]
|
30
30
|
def session_id
|
31
|
-
@_session_id
|
31
|
+
@_session_id
|
32
32
|
end
|
33
33
|
|
34
34
|
# Set the session_id
|
@@ -36,7 +36,7 @@ module Contrast
|
|
36
36
|
# @param session_id [String]
|
37
37
|
# @return session_id [String]
|
38
38
|
def session_id= session_id
|
39
|
-
@_session_id = session_id if session_id.is_a?
|
39
|
+
@_session_id = session_id if session_id.is_a?(String) && !session_id.blank?
|
40
40
|
end
|
41
41
|
end
|
42
42
|
end
|
@@ -47,7 +47,7 @@ module Contrast
|
|
47
47
|
# }
|
48
48
|
# @return [Contrast::Agent::Reporting::Settings::Sampling]
|
49
49
|
def sampling= sampling
|
50
|
-
@_sampling = Contrast::Agent::Reporting::Settings::Sampling.new(sampling) if sampling.is_a?
|
50
|
+
@_sampling = Contrast::Agent::Reporting::Settings::Sampling.new(sampling) if sampling.is_a?(Hash)
|
51
51
|
end
|
52
52
|
|
53
53
|
# The sanitizers defined by the user for use by the agent on this server for this organization.
|
@@ -72,7 +72,7 @@ module Contrast
|
|
72
72
|
# tags [Array[String]]
|
73
73
|
# uuid [String]
|
74
74
|
def sanitizers= sanitizers
|
75
|
-
@_sanitizers = sanitizers if sanitizers.is_a?
|
75
|
+
@_sanitizers = sanitizers if sanitizers.is_a?(Array)
|
76
76
|
end
|
77
77
|
|
78
78
|
# The validators defined by the user for use by the agent on this server for this organization.
|
@@ -99,7 +99,7 @@ module Contrast
|
|
99
99
|
# uuid [String]
|
100
100
|
# }
|
101
101
|
def validators= validators
|
102
|
-
@_validators = validators if validators.is_a?
|
102
|
+
@_validators = validators if validators.is_a?(Array)
|
103
103
|
end
|
104
104
|
end
|
105
105
|
end
|
@@ -36,7 +36,7 @@ module Contrast
|
|
36
36
|
# denylist [String] The call, if in the stack, should result in the agent not taking action.
|
37
37
|
# }
|
38
38
|
def code_exclusions= code_exclusions
|
39
|
-
@_code_exclusions = code_exclusions if code_exclusions.is_a?
|
39
|
+
@_code_exclusions = code_exclusions if code_exclusions.is_a?(Array)
|
40
40
|
end
|
41
41
|
|
42
42
|
# Cases where rules should be excluded if violated from a given input.
|
@@ -75,7 +75,7 @@ module Contrast
|
|
75
75
|
# type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
|
76
76
|
# }
|
77
77
|
def input_exclusions= input_exclusions
|
78
|
-
@_input_exclusions = input_exclusions if input_exclusions.is_a?
|
78
|
+
@_input_exclusions = input_exclusions if input_exclusions.is_a?(Array)
|
79
79
|
end
|
80
80
|
|
81
81
|
# A case where rules should be excluded if violated during a call to a given URL.
|
@@ -114,7 +114,7 @@ module Contrast
|
|
114
114
|
# type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
|
115
115
|
# }
|
116
116
|
def url_exclusions= url_exclusions
|
117
|
-
@_url_exclusions = url_exclusions if url_exclusions.is_a?
|
117
|
+
@_url_exclusions = url_exclusions if url_exclusions.is_a?(Array)
|
118
118
|
end
|
119
119
|
end
|
120
120
|
end
|
@@ -11,7 +11,7 @@ module Contrast
|
|
11
11
|
# Application level settings for the Protect featureset
|
12
12
|
class Protect
|
13
13
|
# block at perimeter needs to be check against the blockAtEntry boolean value
|
14
|
-
PROTECT_RULES_MODE = %w[OFF BLOCKING
|
14
|
+
PROTECT_RULES_MODE = %w[OFF MONITORING BLOCKING].cs__freeze
|
15
15
|
# The settings for each protect rule for this application
|
16
16
|
#
|
17
17
|
# @return protection_rules [Array<protectRule>] protectRule: {
|
@@ -33,7 +33,7 @@ module Contrast
|
|
33
33
|
# id [String] The id of a rule in Contrast.
|
34
34
|
# mode [String] The mode that this rule should run in. [OFF, MONITORING, BLOCKING] }
|
35
35
|
def protection_rules= protection_rules
|
36
|
-
@_protection_rules = protection_rules if protection_rules.is_a?
|
36
|
+
@_protection_rules = protection_rules if protection_rules.is_a?(Array)
|
37
37
|
end
|
38
38
|
|
39
39
|
# The virtual patches to apply for this application
|
@@ -66,19 +66,34 @@ module Contrast
|
|
66
66
|
# urls [Array] The urls that must be present in the request to result in the request being blocked.
|
67
67
|
# uuids [String] The UUID of the Virtual Patch }
|
68
68
|
def virtual_patches= virtual_patches
|
69
|
-
@_virtual_patches = virtual_patches if virtual_patches.is_a?
|
69
|
+
@_virtual_patches = virtual_patches if virtual_patches.is_a?(Array)
|
70
70
|
end
|
71
71
|
|
72
72
|
# Converts settings into Agent Settings understandable hash {RULE_ID => MODE}
|
73
73
|
#
|
74
74
|
# @return rules [Hash<RULE_ID => MODE>, nil] Hash with rule_id as key and mode as value
|
75
75
|
def protection_rules_to_settings_hash
|
76
|
-
return if protection_rules.empty?
|
76
|
+
return {} if protection_rules.empty?
|
77
77
|
|
78
78
|
modes_by_id = {}
|
79
79
|
protection_rules.each do |rule|
|
80
|
-
|
81
|
-
|
80
|
+
setting_mode = rule[:mode]
|
81
|
+
next unless PROTECT_RULES_MODE.include?(setting_mode)
|
82
|
+
|
83
|
+
api_mode = case setting_mode
|
84
|
+
when PROTECT_RULES_MODE[1]
|
85
|
+
::Contrast::Api::Settings::ProtectionRule::Mode::MONITORED
|
86
|
+
when PROTECT_RULES_MODE[2]
|
87
|
+
if rule[:blockAtEntry]
|
88
|
+
::Contrast::Api::Settings::ProtectionRule::Mode::BLOCK_AT_PERIMETER
|
89
|
+
else
|
90
|
+
::Contrast::Api::Settings::ProtectionRule::Mode::BLOCKED
|
91
|
+
end
|
92
|
+
else
|
93
|
+
::Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION
|
94
|
+
end
|
95
|
+
|
96
|
+
modes_by_id[rule[:id]] = api_mode
|
82
97
|
end
|
83
98
|
modes_by_id
|
84
99
|
end
|
@@ -23,7 +23,7 @@ module Contrast
|
|
23
23
|
# @param enabled [Boolean]
|
24
24
|
# @return enabled [Boolean]
|
25
25
|
def enabled= enabled
|
26
|
-
@_enabled = enabled
|
26
|
+
@_enabled = enabled
|
27
27
|
end
|
28
28
|
|
29
29
|
# Indicate if the bot protection feature set is enabled for this server or not.
|
@@ -66,7 +66,7 @@ module Contrast
|
|
66
66
|
# name [String] The user defined name of the filter.
|
67
67
|
# uuid [String] The identifier of the filter as defined by TeamServer.
|
68
68
|
def ip_allowlist= allowlist
|
69
|
-
@_ip_allowlist = allowlist if allowlist.is_a?
|
69
|
+
@_ip_allowlist = allowlist if allowlist.is_a?(Array)
|
70
70
|
end
|
71
71
|
|
72
72
|
# The IP addresses for which to disable protection.
|
@@ -94,7 +94,7 @@ module Contrast
|
|
94
94
|
# name [String] The user defined name of the filter.
|
95
95
|
# uuid [String] The identifier of the filter as defined by TeamServer.
|
96
96
|
def ip_denylist= denylist
|
97
|
-
@_ip_denylist = denylist if denylist.is_a?
|
97
|
+
@_ip_denylist = denylist if denylist.is_a?(Array)
|
98
98
|
end
|
99
99
|
|
100
100
|
# All of the apis to add new logging calls to the application at runtime.
|
@@ -134,7 +134,7 @@ module Contrast
|
|
134
134
|
# type [String] The type of log message to tenerate. Audit as 0, Security as 2.
|
135
135
|
# [ AUDIT, ERROR, SECURITY ]
|
136
136
|
def log_enchancers= log_enchancers
|
137
|
-
@_log_enchancers = log_enchancers if log_enchancers.is_a?
|
137
|
+
@_log_enchancers = log_enchancers if log_enchancers.is_a?(Array)
|
138
138
|
end
|
139
139
|
|
140
140
|
# The keywords and patterns required for the input analysis of each rule with that capability.
|
@@ -191,7 +191,7 @@ module Contrast
|
|
191
191
|
# value [String] }
|
192
192
|
# }
|
193
193
|
def rule_definition_list= list
|
194
|
-
@_rule_definition_list = list if list.is_a?
|
194
|
+
@_rule_definition_list = list if list.is_a?(Array)
|
195
195
|
end
|
196
196
|
|
197
197
|
# Controls for the syslogging feature in the agent.
|
@@ -234,7 +234,7 @@ module Contrast
|
|
234
234
|
# syslogSeverityProbed [String]
|
235
235
|
# syslogSeveritySuspicous [String]
|
236
236
|
def syslog= log
|
237
|
-
@_syslog = log if log.is_a?
|
237
|
+
@_syslog = log if log.is_a?(Hash)
|
238
238
|
end
|
239
239
|
end
|
240
240
|
end
|
@@ -19,9 +19,9 @@ module Contrast
|
|
19
19
|
# @param message [String] A message to log when receiving this reaction.
|
20
20
|
# @param operation [String] What to do in response to this reaction.[NOOP, DISABLE]
|
21
21
|
def initialize level, operation, message
|
22
|
-
@level = level if LEVELS.include?
|
23
|
-
@operation = operation if OPERATIONS.include?
|
24
|
-
@message = message if message.is_a?
|
22
|
+
@level = level if LEVELS.include?(level)
|
23
|
+
@operation = operation if OPERATIONS.include?(operation)
|
24
|
+
@message = message if message.is_a?(String)
|
25
25
|
end
|
26
26
|
end
|
27
27
|
end
|
@@ -58,7 +58,7 @@ module Contrast
|
|
58
58
|
# @param rules [Array<Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule>]
|
59
59
|
# @return rules [Array<Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule>, []]
|
60
60
|
def rules= rules
|
61
|
-
@_rules = rules if rules_array?
|
61
|
+
@_rules = rules if rules_array?(rules)
|
62
62
|
end
|
63
63
|
|
64
64
|
# Build rules from hash
|
@@ -99,7 +99,7 @@ module Contrast
|
|
99
99
|
# @param item [Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule]
|
100
100
|
# @return itself [Array<Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule>]
|
101
101
|
def << item
|
102
|
-
return itself unless item.instance_of?
|
102
|
+
return itself unless item.instance_of?(Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule)
|
103
103
|
|
104
104
|
super
|
105
105
|
end
|
@@ -37,7 +37,7 @@ module Contrast
|
|
37
37
|
# @param words_array [Array<String>]
|
38
38
|
# @return keywords [Array<String>] set of keywords
|
39
39
|
def keywords= words_array
|
40
|
-
@_keywords = words_array if string_array?
|
40
|
+
@_keywords = words_array if string_array?(words_array)
|
41
41
|
end
|
42
42
|
|
43
43
|
private
|
@@ -49,7 +49,7 @@ module Contrast
|
|
49
49
|
def string_array? array
|
50
50
|
return false unless array.is_a?(Array) && array.any?
|
51
51
|
|
52
|
-
array.all?
|
52
|
+
array.all?(String)
|
53
53
|
end
|
54
54
|
end
|
55
55
|
end
|
@@ -27,7 +27,7 @@ module Contrast
|
|
27
27
|
# @param log_level [String]
|
28
28
|
# @return log_level [String] [ ERROR, WARN, INFO, DEBUG, TRACE ]
|
29
29
|
def log_level= log_level
|
30
|
-
@_log_level = log_level if log_level.is_a?
|
30
|
+
@_log_level = log_level if log_level.is_a?(String)
|
31
31
|
end
|
32
32
|
|
33
33
|
# Where to log the agent's log file, if set by the user. Overridden by agent.logger.path
|
@@ -43,7 +43,7 @@ module Contrast
|
|
43
43
|
# @param log_file [String] path
|
44
44
|
# @return log_file [String] path
|
45
45
|
def log_file= log_file
|
46
|
-
@_log_file = log_file if log_file.is_a?
|
46
|
+
@_log_file = log_file if log_file.is_a?(String)
|
47
47
|
end
|
48
48
|
|
49
49
|
# Controls for the reporting of telemetry events from the agent to TeamServer.
|
@@ -34,12 +34,14 @@ module Contrast
|
|
34
34
|
LAST_REST_TOKEN = %r{/\d+$}.cs__freeze
|
35
35
|
INNER_NUMBER_MARKER = '/{n}/'
|
36
36
|
LAST_NUMBER_MARKER = '/{n}'
|
37
|
+
STATIC_SUFFIXES = /\.(?:js|css|jpeg|jpg|gif|png|ico|woff|svg|pdf|eot|ttf|jar)$/i.cs__freeze
|
38
|
+
MEDIA_TYPE_MARKERS = %w[image/ text/css text/javascript].cs__freeze
|
37
39
|
|
38
40
|
attr_reader :rack_request
|
39
41
|
attr_accessor :route, :observed_route, :new_observed_route
|
40
42
|
|
41
43
|
# Delegate calls to the following methods to the attribute @rack_request
|
42
|
-
def_delegators :@rack_request, :base_url, :
|
44
|
+
def_delegators :@rack_request, :base_url, :cookies, :env, :ip, :media_type, :path, :port, :query_string,
|
43
45
|
:request_method, :scheme, :url, :user_agent
|
44
46
|
|
45
47
|
# Initialize new Contrast Request
|
@@ -86,9 +88,9 @@ module Contrast
|
|
86
88
|
#
|
87
89
|
# @return type [Symbol<:XML, :JSON, :NORMAL>]
|
88
90
|
def document_type
|
89
|
-
@_document_type ||= if /xml/i.match?(
|
91
|
+
@_document_type ||= if /xml/i.match?(media_type) || body&.start_with?('<?xml')
|
90
92
|
:XML
|
91
|
-
elsif /json/i.match?(
|
93
|
+
elsif /json/i.match?(media_type) || body&.match?(/\s*[{\[]/)
|
92
94
|
:JSON
|
93
95
|
else
|
94
96
|
:NORMAL
|
@@ -181,8 +183,6 @@ module Contrast
|
|
181
183
|
@_hash_id ||= Contrast::Utils::HashDigest.generate_request_hash(self)
|
182
184
|
end
|
183
185
|
|
184
|
-
STATIC_SUFFIXES = /\.(?:js|css|jpeg|jpg|gif|png|ico|woff|svg|pdf|eot|ttf|jar)$/i.cs__freeze
|
185
|
-
MEDIA_TYPE_MARKERS = %w[image/ text/css text/javascript].cs__freeze
|
186
186
|
# Utility method for checking if a request is for a static resource.
|
187
187
|
# @return [Boolean] true, if the request is for a well-known static
|
188
188
|
# type as determined by the request suffix or the accept header.
|