contrast-agent 6.0.0 → 6.1.2

data/lib/contrast/agent/request_context.rb

@@ -1,6 +1,7 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/api/dtm.pb'
 require 'contrast/utils/timer'
 require 'contrast/agent/request'
 require 'contrast/agent/response'
@@ -16,20 +17,6 @@ module Contrast
   module Agent
     # This class acts to encapsulate information about the currently executed request, making it available to the Agent
     # for the duration of the request in a standardized and normalized format which the Agent understands.
-    #
-    # @attr_reader timer [Contrast::Utils::Timer] when the context was created
-    # @attr_reader logging_hash [Hash] context used to log the request
-    # @attr_reader speedracer_input_analysis [Contrast::Api::Settings::InputAnalysis] the protect input analysis of
-    #   sources on this request
-    # @attr_reader request [Contrast::Agent::Request] our wrapper around the Rack::Request for this context
-    # @attr_reader response [Contrast::Agent::Response] our wrapper aroudn the Rack::Response or Array for this context,
-    #   only available after the application has finished its processing
-    # @attr_reader activity [Contrast::Api::Dtm::Activity] the application activity found in this request
-    # @attr_reader server_activity [Contrast::Api::Dtm::ServerActivity] the server activity found in this request
-    # @attr_reader route [Contrast::Api::Dtm::RouteCoverage] the route, used for findings, of this request
-    # @attr_reader observed_route [Contrast::Api::Dtm::ObservedRoute] the route, used for coverage, of this request
-    # @attr_reader new_observed_route [Contrast::Agent::Reporting::ObservedRoute] the route, used for coverage, of this
-    # request
     class RequestContext
       include Contrast::Components::Logger::InstanceMethods
       include Contrast::Components::Scope::InstanceMethods
@@ -37,10 +24,28 @@ module Contrast
       include Contrast::Agent::RequestContextExtend
 
       EMPTY_INPUT_ANALYSIS_PB = Contrast::Api::Settings::InputAnalysis.new
-      INPUT_ANALYSIS = Contrast::Agent::Reporting::InputAnalysis.new
 
-      attr_reader :activity, :logging_hash, :observed_route, :new_observed_route, :request, :response, :route,
-                  :speedracer_input_analysis, :agent_input_analysis, :server_activity, :timer
+      # @return [Contrast::Api::Dtm::Activity] the application activity found in this request
+      attr_reader :activity
+      # @return [Hash] context used to log the request
+      attr_reader :logging_hash
+      # @return [Contrast::Agent::Reporting::ObservedRoute] the route, used for coverage, of this request
+      attr_reader :new_observed_route
+      # @return [Contrast::Api::Dtm::ObservedRoute] the route, used for coverage, of this request
+      attr_reader :observed_route
+      # @return [Contrast::Agent::Request] our wrapper around the Rack::Request for this context
+      attr_reader :request
+      # @return [Contrast::Agent::Response] our wrapper around the Rack::Response or Array for this context,
+      #   only available after the application has finished its processing
+      attr_reader :response
+      # @return [Contrast::Api::Dtm::RouteCoverage] the route, used for findings, of this request
+      attr_reader :route
+      # @return [Contrast::Api::Dtm::ServerActivity] the server activity found in this request
+      attr_reader :server_activity
+      # @return [Contrast::Api::Settings::InputAnalysis] the protect input analysis of sources on this request
+      attr_reader :speedracer_input_analysis
+      # @return [Contrast::Utils::Timer] when the context was created
+      attr_reader :timer
 
       def initialize rack_request, app_loaded: true
         with_contrast_scope do
@@ -61,8 +66,7 @@ module Contrast
           @speedracer_input_analysis = EMPTY_INPUT_ANALYSIS_PB
           speedracer_input_analysis.request = request
 
-          @agent_input_analysis = INPUT_ANALYSIS
-          agent_input_analysis.request = request
+          # TODO: RUBY-1627
 
           # flag to indicate whether the app is fully loaded
           @app_loaded = !!app_loaded

data/lib/contrast/agent/request_context_extend.rb

@@ -76,15 +76,16 @@ module Contrast
         return false unless ::Contrast::PROTECT.enabled?
         return false if @do_not_track
 
-        service_response = Contrast::Agent.messaging_queue.send_event_immediately(@activity.http_request)
+        service_response = Contrast::Agent&.messaging_queue&.send_event_immediately(@activity.http_request)
         return false unless service_response
 
         handle_protect_state(service_response)
         ia = service_response.input_analysis
         if ia
-          service_extract_logging ia
+          service_extract_logging(ia)
+          # TODO: RUBY-1629
           # using Agent analysis
-          initialize_agent_input_analysis request
+          # initialize_agent_input_analysis request
 
           @speedracer_input_analysis = ia
           speedracer_input_analysis.request = request
@@ -93,7 +94,7 @@ module Contrast
           false
         end
       rescue Contrast::SecurityException => e
-        raise e
+        raise(e)
       rescue StandardError => e
         logger.warn('Unable to extract Contrast Service information from request', e)
         false
@@ -115,7 +116,7 @@ module Contrast
         # If Contrast Service has NOT handled the input analysis, handle them here
         build_attack_results(agent_settings)
         logger.debug('Contrast Service said to block this request')
-        raise Contrast::SecurityException.new(nil, (state.security_message || 'Blocking suspicious behavior'))
+        raise(Contrast::SecurityException.new(nil, (state.security_message || 'Blocking suspicious behavior')))
       end
 
       # append anything we've learned to the request seen message this is the sum-total of all inventory information
@@ -147,7 +148,7 @@ module Contrast
 
       # This here is for things we don't have implemented
       def log_to_cef
-        activity.results.each { |attack_result| logging_logic attack_result, attack_result.rule_id.downcase }
+        activity.results.each { |attack_result| logging_logic(attack_result, attack_result.rule_id.downcase) }
       end
 
       # @param input_analysis [Contrast::Api::Settings::InputAnalysis]
@@ -172,7 +173,7 @@ module Contrast
           next unless rule
 
           logger.debug(BUILD_ATTACK_LOGGER_MESSAGE, result: ia_result.inspect) if logger.debug?
-          results_by_rule[rule_id] = attack_result rule, rule_id, ia_result, results_by_rule
+          results_by_rule[rule_id] = attack_result(rule, rule_id, ia_result, results_by_rule)
         end
 
         results_by_rule.each_pair do |_, attack_result|
@@ -199,20 +200,6 @@ module Contrast
                           end
       end
 
-      # Sets request to be used with agent and service input analysis.
-      #
-      # @param request [Contrast::Agent::Request] our wrapper around the Rack::Request
-      # for this context
-      def initialize_agent_input_analysis request
-        # using Agent analysis
-        ia = Contrast::Agent::Protect::InputAnalyzer.analyse request
-        if ia
-          @agent_input_analysis = ia
-        else
-          logger.trace('Analysis from Agent was empty.')
-        end
-      end
-
       def logging_logic result, rule_id
         rules = %w[bot_blocker virtual_patch ip_denylist]
         return unless rules.include?(rule_id)
@@ -221,14 +208,14 @@ module Contrast
         outcome = Contrast::Api::Dtm::AttackResult::ResponseType.get_name_by_tag(result.response)
         case rule_id
         when /bot_blocker/i
-          blocker_to_json = Contrast::Api::Dtm::BotBlockerDetails.to_controlled_hash rule_details
+          blocker_to_json = Contrast::Api::Dtm::BotBlockerDetails.to_controlled_hash(rule_details)
           cef_logger.bot_blocking_message(blocker_to_json, outcome)
         when /virtual_patch/i
-          virtual_patch_to_json = Contrast::Api::Dtm::VirtualPatchDetails.to_controlled_hash rule_details
+          virtual_patch_to_json = Contrast::Api::Dtm::VirtualPatchDetails.to_controlled_hash(rule_details)
           cef_logger.virtual_patch_message(virtual_patch_to_json, outcome)
         when /ip_denylist/i
           sender_ip = extract_sender_ip
-          ip_denylist_to_json = Contrast::Api::Dtm::IpDenylistDetails.to_controlled_hash rule_details
+          ip_denylist_to_json = Contrast::Api::Dtm::IpDenylistDetails.to_controlled_hash(rule_details)
           return unless sender_ip
           return unless sender_ip.include?(ip_denylist_to_json[:ip])
 

data/lib/contrast/agent/request_handler.rb

@@ -47,21 +47,21 @@ module Contrast
       # This method is used to send our JSON messages directly to TeamServer at the end of each request. As we move
       # more endpoints over, this method will take the messages originally sent by #send_actiivty_messages. At the end,
       # that method should be removed.
-      # TODO: RUBY-1358
-      def report_activity
+      def report_activity # rubocop:disable Metrics/AbcSize
         return unless Contrast::Agent::Reporter.enabled?
 
         reporter = Contrast::Agent.reporter
         return unless reporter
 
         # Mask Sensitive Data
-        Contrast::Agent::Reporting::Masker.mask context.activity
+        Contrast::Agent::Reporting::Masker.mask(context.activity)
 
         Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.generate_library_usage(context.activity)
         [
           context.new_observed_route,
           Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.server_activity),
-          Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity.library_usages)
+          Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity.library_usages),
+          Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity)
         ].each do |event|
           reporter.send_event(event)
         rescue StandardError => e

data/lib/contrast/agent/response.rb

@@ -22,6 +22,8 @@ module Contrast
 
       extend Forwardable
 
+      # @return [Array, Rack::Response] The Rack Response passed by the application & middleware. It can be an Array
+      #   in format [response_code, header_hash, response_body] or an instance of Rack::Response
       attr_reader :rack_response
 
       def initialize rack_response

data/lib/contrast/agent/rule_set.rb

@@ -23,7 +23,7 @@ module Contrast
         end
       rescue Contrast::SecurityException => e
         logger.warn('RASP threw security exception in prefilter', e)
-        raise e
+        raise(e)
       rescue StandardError => e
         logger.error('Unexpected exception during prefilter', e)
       end
@@ -39,7 +39,7 @@ module Contrast
         end
       rescue Contrast::SecurityException => e
         logger.warn('RASP threw security exception in postfilter', e)
-        raise e
+        raise(e)
       rescue StandardError => e
         logger.error('Unexpected exception during postfilter', e)
       end

data/lib/contrast/agent/scope.rb

@@ -142,7 +142,7 @@ module Contrast
         # @param scope_sym [Symbol] scope to check.
         # @return [Boolean] true | false
         def valid_scope? scope_sym
-          Contrast::Agent::Scope::SCOPE_LIST.include? scope_sym
+          Contrast::Agent::Scope::SCOPE_LIST.include?(scope_sym)
         end
       end
     end

data/lib/contrast/agent/service_heartbeat.rb

@@ -7,71 +7,29 @@ require 'contrast/agent/reporting/report'
 
 module Contrast
   module Agent
-    # The ServiceHeartbeat functions to keep the Contrast Service alive and
-    # ensure that it maintains this Agent's ApplicationContext.
+    # The ServiceHeartbeat functions to keep the Contrast Service alive and ensure that it maintains this Agent's
+    # ApplicationContext.
     class ServiceHeartbeat < WorkerThread
       include Contrast::Components::Logger::InstanceMethods
 
       # Spec recommends 30 seconds, we're going with 15.
       REFRESH_INTERVAL_SEC = 15
 
-      # check if we can report to TS
-      #
-      # @return[Boolean] true if bypass is enabled, or false if bypass disabled
-      def enabled?
-        @_enabled = Contrast::CONTRAST_SERVICE.use_agent_communication? if @_enabled.nil?
-        @_enabled
-      end
-
-      def client
-        @_client ||= Contrast::Agent::Reporting::ReporterClient.new
-      end
-
-      def connection
-        @_connection ||= client.initialize_connection
-      end
-
       def start_thread!
+        return if ::Contrast::CONTRAST_SERVICE.unnecessary?
         return if running?
 
-        report_from_reporter = check_report_provider
-
         @_thread = Contrast::Agent::Thread.new do
           logger.info('Starting heartbeat thread.')
           loop do
-            if report_from_reporter
-              client.send_event(poll_message, connection)
-            else
-              Contrast::Agent.messaging_queue.send_event_eventually(poll_message)
-            end
-
-            sleep REFRESH_INTERVAL_SEC
+            Contrast::Agent.messaging_queue.send_event_eventually(poll_message)
+            sleep(REFRESH_INTERVAL_SEC)
           end
         end
       end
 
       def poll_message
-        @_poll_message ||= if enabled? && client
-                             Contrast::Agent::Reporting::Poll.new
-                           else
-                             Contrast::Api::Dtm::Poll.new
-                           end
-      end
-
-      def check_report_provider
-        return false unless enabled?
-        return false unless client && connection
-
-        client.startup!(connection)
-        true
-      end
-
-      def send_event provider
-        if provider
-          client.send_event(poll_message, connection)
-          return
-        end
-        Contrast::Agent.messaging_queue.send_event_eventually(poll_message)
+        @_poll_message ||= Contrast::Api::Dtm::Poll.new
       end
     end
   end

data/lib/contrast/agent/static_analysis.rb

@@ -40,7 +40,7 @@ module Contrast
             inventory_report = Contrast::Agent::Reporting::ApplicationInventory.convert(app_update_msg)
             Contrast::Agent.reporter.send_event(inventory_report)
           else
-            Contrast::Agent.messaging_queue.send_event_eventually(app_update_msg)
+            Contrast::Agent.messaging_queue.send_event_eventually(app_update_msg, force: true)
           end
         end
 

data/lib/contrast/agent/telemetry/base.rb

@@ -0,0 +1,155 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/config/env_variables'
+require 'contrast/components/logger'
+require 'contrast/utils/telemetry_client'
+require 'contrast/agent/worker_thread'
+require 'contrast/utils/telemetry'
+require 'contrast/agent/telemetry/events/exceptions/telemetry_exceptions'
+require 'contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report'
+
+module Contrast
+  module Agent
+    module Telemetry
+      # This class will initialize and hold everything needed for the telemetry
+      class Base < WorkerThread
+        include Contrast::Components::Logger::InstanceMethods
+        include Contrast::Agent::Telemetry::TelemetryExceptionReport
+
+        # this is where we will send the data from the agents
+        URL = 'https://telemetry.ruby.contrastsecurity.com/'
+        # Suggested timeout after each send is to be 3 hours (10800 seconds)
+        SUGGESTED_TIMEOUT = 10_800
+
+        class << self
+          include Contrast::Components::Logger::InstanceMethods
+          include Contrast::Config::EnvVariables
+
+          def application_id
+            Contrast::Utils::Telemetry::Identifier.application_id
+          end
+
+          def instance_id
+            Contrast::Utils::Telemetry::Identifier.instance_id
+          end
+
+          def enabled?
+            @_enabled = telemetry_enabled? if @_enabled.nil?
+            @_enabled
+          end
+
+          private
+
+          def telemetry_enabled?
+            opt_out_telemetry = return_value(:telemetry_opt_outs).to_s
+            return false if opt_out_telemetry.casecmp?('true') || opt_out_telemetry == '1'
+
+            # In case of connection error, do not create the background thread or queue,
+            # as if the opt-out env var was set
+            @_client = Contrast::Utils::TelemetryClient.new
+            ip_opt_out_telemetry = @_client.initialize_connection(URL)
+            if ip_opt_out_telemetry.nil?
+              logger.warn("Connection was not established properly!!! \n Telemetry reporting will be disabled!")
+              return false
+            end
+
+            true
+          end
+        end
+
+        def client
+          @_client ||= Contrast::Utils::TelemetryClient.new
+        end
+
+        def connection
+          @_connection ||= client.initialize_connection(URL)
+        end
+
+        def error_messages
+          @_error_messages ||= []
+        end
+
+        def attempt_to_start?
+          unless cs__class.enabled?
+            logger.warn('Telemetry service is disabled!')
+            return false
+          end
+
+          logger.debug('Attempting to start telemetry thread') unless running?
+          true
+        end
+
+        def start_thread!
+          return if running?
+
+          # It is recommended that implementations send a single payload of
+          # general metrics every 3 hours, starting from implementation startup.
+          @_thread = Contrast::Agent::Thread.new do
+            logger.debug('Starting background telemetry thread.')
+            loop do
+              next unless client && connection
+
+              # Start pushing exceptions to queue for reporting.
+              push_exceptions
+              until queue.empty?
+                event = queue.pop
+                begin
+                  logger.debug('This is the current processed event', event)
+                  sleep_time = request_with_response(event)
+                  if sleep_time
+                    sleep(sleep_time)
+                    logger.debug('Retrying to process event', event)
+                    retry_sleep_time = request_with_response(event)
+                    sleep(retry_sleep_time) unless retry_sleep_time.nil?
+                  end
+                rescue StandardError => e
+                  logger.error('Could not send message to service from telemetry queue.', e)
+                  stop!
+                end
+              end
+              sleep(SUGGESTED_TIMEOUT)
+            end
+          end
+        end
+
+        def send_event event
+          if ::Contrast::AGENT.disabled?
+            logger.warn('Attempted to queue event with Agent disabled', caller: caller, event: event)
+            return
+          end
+
+          return unless cs__class.enabled?
+
+          logger.debug('Enqueued event for sending', event_type: event.cs__class)
+          queue << event if event
+        end
+
+        def delete_queue!
+          @_queue&.clear
+          @_queue&.close
+          @_queue = nil
+        end
+
+        def stop!
+          return unless running?
+
+          @_enabled = false
+          delete_queue!
+          super
+        end
+
+        def request_with_response event
+          res = client.send_request(event, connection)
+          client.handle_response(res)
+        end
+
+        private
+
+        def queue
+          @_queue ||= Queue.new
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/telemetry/events/event.rb

@@ -0,0 +1,35 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/metrics_hash'
+
+module Contrast
+  module Agent
+    module Telemetry
+      # This class will hold the basic information for a Telemetry Event
+      class Event
+        include Contrast::Utils
+
+        attr_reader :tags
+
+        def initialize
+          @tags = MetricsHash.new(String)
+          @timestamp = Time.now.iso8601
+        end
+
+        def path
+          ''
+        end
+
+        def to_hash **_args
+          {
+              tags: @tags,
+              timestamp: @timestamp,
+              instance: Contrast::Agent::Telemetry::Base.instance_id,
+              application: Contrast::Agent::Telemetry::Base.application_id
+          }
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/telemetry/events/exceptions/obfuscate.rb

@@ -0,0 +1,119 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Telemetry
+      module TelemetryException
+        # Here will be all known gems to obfuscate during the building of TelemetryExceptions
+        module Obfuscate
+          # List of known gems to be third parties not containing any
+          # user sensitive data.
+          KNOWN_GEMS = %w[
+            activesupport redis-activesupport redis builder dry-types rails rails-html-sanitizer rails-observers sinatra
+            benchmark-ips bundler climate_control execjs factory_bot debride fake_ftp fasterer flay openssl
+            parallel_tests contrast contrast-agent ruby pry-byebug byebug pry resolv ougai protobuf async nokogiri
+            benchmark grape-order grape-activerecord newrelic newrelic-grape grape-rails-cache grape-msgpack
+            grape-batch rspec rake rubocop grape-jbuilder rack-test rack-protection minitest grape-instrumentation
+            minitest-global_expectations rack-proxy rack-attack rack-ssl grape-cancan grape-attack grape-rake-tasks
+            grape-route-helpers benchmark-memory grape-rabl grape-kaminari grape-path-helpers grape-swagger-entity
+            grape-swagger-rails grape-roar newrelic-rake grapes-wagger-representative grape-forgery_protection
+            grape-papertrail grape-app grape-middleware-logger rack-protection rake-compile rhino rspec-benchmark
+            rspec_junit_formatter rspec-rails rake-performance rubocop-rails rubocop-rake rubocop-rspec
+            ruby-debug-ide simplecov sqlite steep tilt tzinfo-data warning xpath sinatra-activerecord sinatra-param
+            sinatra-partial sinatra-flash sinatra-reloader sinatra-sinatra rake_fly rack rack-accept grape grape-entity
+            sinatra-advanced-routes sinatra-warden grape_logging grape-swagger sinatra-namespace sinatra-resource
+            sinatra-hashfix sinatra-instrumentation sinatra-helpers redis-rack sinatra-support sinatra-assetpack
+            sinatra-router sinatra-cross_origin sinatra_more sinatra-jsonp faraday-rack zlib mustermann mustermann-grape
+            rspec-expectations rspec-core rspec-mocks rspec-sidekiq
+          ].cs__freeze
+          KNOWN_ERRORS = %w[
+            ActiveModel Error Errors Resolv Rspec ActiveRecord nil NilClass NoMemoryError ScriptError
+            LoadError NotImplementedError SyntaxError SecurityError SignalException Interrupt
+            StandardError ArgumentError UncaughtThrowError FiberError IOError EOFError IndexError KeyError
+            StopIteration LocalJumpError NameError NoMethodError RangeError FloatDomainError RegexpError
+            RuntimeError FrozenError SystemCallError ThreadError TypeError ZeroDivisionError SystemExit
+            SystemStackError fatal Warning buffer OpenSSL SSL SSLError Errno Timeout Exception EOFError
+            ECONNRESET ECONNREFUSED ETIMEDOUT EINVAL ESHUTDOWN EHOSTDOWN EHOSTUNREACH EISCONN
+            ECONNABORTED ENETRESET ENETUNREACH Net HTTPBadResponse HTTPHeaderSyntaxError ProtocolError
+            Faraday BadRequestError UnauthorizedError ForbiddenError ResourceNotFound ProxyAuthError
+            ConflictError UnprocessableEntityError ClientError
+          ].cs__freeze
+          CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'.cs__freeze
+          # This will generate different chars for each agent startup but will be constant
+          # for current run and will make identical obfuscation to be compared if given type
+          # is the same.
+          CYPHER = CHARS.chars.shuffle.join
+
+          class << self
+            # Returns paths for known gems.
+            #
+            # @return [Array<Regexp>] known paths
+            def known_gem_paths
+              @_known_gem_paths ||= KNOWN_GEMS.map do |gem_name|
+                to_regexp(File.join(
+                              'gems', gem_name.tr('-', ''), 'lib'))
+              end
+            end
+
+            # Returns known modules names.
+            #
+            # @return [Array<Regexp>] known modules
+            def known_modules
+              @_known_modules ||= KNOWN_ERRORS.map { |module_name| to_regexp(module_name) }
+            end
+
+            # Obfuscate a type and replace it with random characters.
+            #
+            # @param type [String] the StackFrame type to obfuscate
+            # @return [String] obfuscated type
+            def obfuscate_type type
+              return unless type
+
+              check = type.tr('[^0-9].-', '')
+              type = cypher(type) unless match_known(known_gem_paths, check)
+              type
+            end
+
+            # Obfuscate a type and replace it with random characters.
+            #
+            # @param exception_type [String] the exception type to obfuscate
+            # @return [String] obfuscated exception type
+            def obfuscate_exception_type exception_type
+              return unless exception_type
+
+              exceptions = exception_type.split('::').each do |exception|
+                cypher(exception) unless match_known(known_modules, exception)
+              end
+              exceptions.join('::')
+            end
+
+            private
+
+            # Transforms string to regexp
+            #
+            # @param string [String]
+            def to_regexp string
+              /#{ string }/
+            end
+
+            # Add cypher to path to make it obscure, but unique enough for
+            # comparisons. Mutates original or duplicate if frozen string.
+            #
+            # @param string [String] string to be transformed.
+            def cypher string
+              string = string.dup if string.cs__frozen?
+              string.to_s.tr!(CHARS, CYPHER)
+            end
+
+            # @param known [Array<Regexp>] Array of regexp to match againts
+            # @param type [String] type to check
+            def match_known known, type
+              known.any? { |regexp| type =~ regexp }
+            end
+          end
+        end
+      end
+    end
+  end
+end