contrast-agent 6.1.0 → 6.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.simplecov +1 -1
- data/Rakefile +1 -1
- data/ext/build_funchook.rb +3 -3
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +5 -1
- data/ext/extconf_common.rb +1 -1
- data/lib/contrast/agent/assess/finalizers/hash.rb +2 -2
- data/lib/contrast/agent/assess/policy/policy.rb +9 -10
- data/lib/contrast/agent/assess/policy/policy_node.rb +9 -10
- data/lib/contrast/agent/assess/policy/propagation_method.rb +3 -3
- data/lib/contrast/agent/assess/policy/propagation_node.rb +2 -3
- data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/buffer.rb +2 -1
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/split.rb +2 -2
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +1 -1
- data/lib/contrast/agent/assess/policy/source_node.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_method.rb +7 -7
- data/lib/contrast/agent/assess/policy/trigger_node.rb +16 -16
- data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +1 -1
- data/lib/contrast/agent/assess/property/evented.rb +2 -2
- data/lib/contrast/agent/assess/property/tagged.rb +2 -2
- data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +6 -8
- data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +6 -7
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +5 -5
- data/lib/contrast/agent/assess/rule/response/base_rule.rb +2 -3
- data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +8 -9
- data/lib/contrast/agent/assess/rule/response/click_jacking_header_rule.rb +4 -4
- data/lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb +6 -6
- data/lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb +4 -4
- data/lib/contrast/agent/assess/rule/response/hsts_header_rule.rb +4 -4
- data/lib/contrast/agent/assess/rule/response/x_content_type_header_rule.rb +4 -4
- data/lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb +3 -4
- data/lib/contrast/agent/assess/tag.rb +13 -14
- data/lib/contrast/agent/at_exit_hook.rb +13 -1
- data/lib/contrast/agent/inventory/database_config.rb +12 -4
- data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +9 -5
- data/lib/contrast/agent/middleware.rb +6 -3
- data/lib/contrast/agent/patching/policy/after_load_patch.rb +3 -3
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +2 -2
- data/lib/contrast/agent/patching/policy/method_policy_extend.rb +4 -4
- data/lib/contrast/agent/patching/policy/patch.rb +9 -9
- data/lib/contrast/agent/patching/policy/patch_status.rb +10 -3
- data/lib/contrast/agent/patching/policy/policy.rb +13 -15
- data/lib/contrast/agent/patching/policy/policy_node.rb +19 -21
- data/lib/contrast/agent/patching/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +125 -125
- data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +2 -2
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +4 -4
- data/lib/contrast/agent/protect/rule/base.rb +30 -18
- data/lib/contrast/agent/protect/rule/base_service.rb +31 -14
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +16 -9
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +3 -3
- data/lib/contrast/agent/protect/rule/default_scanner.rb +2 -1
- data/lib/contrast/agent/protect/rule/deserialization.rb +18 -7
- data/lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb +74 -74
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +71 -53
- data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +3 -3
- data/lib/contrast/agent/protect/rule/no_sqli.rb +15 -16
- data/lib/contrast/agent/protect/rule/path_traversal.rb +13 -3
- data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +2 -2
- data/lib/contrast/agent/protect/rule/sqli/sqli_worth_watching.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli.rb +16 -23
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +61 -61
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_matcher.rb +29 -29
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +32 -32
- data/lib/contrast/agent/protect/rule/xss.rb +21 -0
- data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +14 -13
- data/lib/contrast/agent/protect/rule/xxe.rb +25 -3
- data/lib/contrast/agent/reaction_processor.rb +1 -1
- data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +36 -36
- data/lib/contrast/agent/reporting/masker/masker.rb +10 -10
- data/lib/contrast/agent/reporting/masker/masker_utils.rb +2 -2
- data/lib/contrast/agent/reporting/reporter.rb +2 -11
- data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +8 -10
- data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +53 -5
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +25 -19
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +129 -17
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +20 -21
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_stack.rb +22 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +26 -12
- data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +7 -22
- data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +7 -5
- data/lib/contrast/agent/reporting/reporting_events/application_startup.rb +4 -10
- data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +75 -15
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +2 -2
- data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +5 -19
- data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +6 -22
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +2 -3
- data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +1 -3
- data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +9 -0
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +1 -2
- data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +0 -10
- data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +1 -2
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +6 -7
- data/lib/contrast/agent/reporting/reporting_utilities/response.rb +61 -3
- data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +33 -11
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +8 -8
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +64 -32
- data/lib/contrast/agent/reporting/settings/application_settings.rb +8 -23
- data/lib/contrast/agent/reporting/settings/assess.rb +5 -5
- data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +28 -34
- data/lib/contrast/agent/reporting/settings/bot_blocker.rb +68 -0
- data/lib/contrast/agent/reporting/settings/code_exclusion.rb +27 -0
- data/lib/contrast/agent/reporting/settings/exclusion_base.rb +33 -0
- data/lib/contrast/agent/reporting/settings/exclusions.rb +39 -57
- data/lib/contrast/agent/reporting/settings/helpers.rb +56 -0
- data/lib/contrast/agent/reporting/settings/input_exclusion.rb +37 -0
- data/lib/contrast/agent/reporting/settings/ip_filter.rb +35 -0
- data/lib/contrast/agent/reporting/settings/keyword.rb +74 -0
- data/lib/contrast/agent/reporting/settings/log_enhancer.rb +65 -0
- data/lib/contrast/agent/reporting/settings/protect.rb +22 -5
- data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +62 -115
- data/lib/contrast/agent/reporting/settings/reaction.rb +13 -4
- data/lib/contrast/agent/reporting/settings/rule_definition.rb +63 -0
- data/lib/contrast/agent/reporting/settings/sampling.rb +10 -0
- data/lib/contrast/agent/reporting/settings/sanitizer.rb +38 -0
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +11 -3
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +9 -2
- data/lib/contrast/agent/reporting/settings/server_features.rb +10 -2
- data/lib/contrast/agent/reporting/settings/syslog.rb +176 -0
- data/lib/contrast/agent/reporting/settings/url_exclusion.rb +42 -0
- data/lib/contrast/agent/reporting/settings/validator.rb +17 -0
- data/lib/contrast/agent/request.rb +2 -2
- data/lib/contrast/agent/request_context.rb +27 -19
- data/lib/contrast/agent/request_context_extend.rb +10 -23
- data/lib/contrast/agent/request_handler.rb +9 -5
- data/lib/contrast/agent/rule_set.rb +2 -2
- data/lib/contrast/agent/scope.rb +1 -1
- data/lib/contrast/agent/static_analysis.rb +4 -8
- data/lib/contrast/agent/telemetry/base.rb +9 -5
- data/lib/contrast/agent/telemetry/events/exceptions/obfuscate.rb +119 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +2 -2
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +1 -1
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +1 -1
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb +16 -18
- data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb +2 -2
- data/lib/contrast/agent/thread_watcher.rb +4 -5
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent.rb +1 -3
- data/lib/contrast/api/communication/messaging_queue.rb +1 -1
- data/lib/contrast/api/communication/service_lifecycle.rb +1 -1
- data/lib/contrast/api/communication/socket.rb +1 -1
- data/lib/contrast/api/communication/socket_client.rb +1 -1
- data/lib/contrast/api/communication/speedracer.rb +2 -2
- data/lib/contrast/api/decorators/agent_startup.rb +10 -9
- data/lib/contrast/api/decorators/application_settings.rb +1 -1
- data/lib/contrast/api/decorators/application_startup.rb +4 -4
- data/lib/contrast/api/decorators/application_update.rb +0 -8
- data/lib/contrast/api/decorators/response_type.rb +4 -17
- data/lib/contrast/api/decorators.rb +0 -1
- data/lib/contrast/components/agent.rb +1 -1
- data/lib/contrast/components/base.rb +1 -1
- data/lib/contrast/components/config.rb +6 -6
- data/lib/contrast/components/contrast_service.rb +4 -1
- data/lib/contrast/components/sampling.rb +1 -1
- data/lib/contrast/components/settings.rb +52 -28
- data/lib/contrast/config/assess_rules_configuration.rb +1 -1
- data/lib/contrast/config/protect_rules_configuration.rb +1 -1
- data/lib/contrast/config/root_configuration.rb +1 -1
- data/lib/contrast/configuration.rb +4 -4
- data/lib/contrast/extension/assess/array.rb +1 -1
- data/lib/contrast/extension/assess/erb.rb +1 -1
- data/lib/contrast/extension/assess/marshal.rb +1 -1
- data/lib/contrast/extension/assess/string.rb +1 -1
- data/lib/contrast/extension/extension.rb +2 -2
- data/lib/contrast/framework/base_support.rb +13 -12
- data/lib/contrast/framework/grape/support.rb +9 -9
- data/lib/contrast/framework/manager.rb +7 -9
- data/lib/contrast/framework/manager_extend.rb +2 -1
- data/lib/contrast/framework/rack/patch/session_cookie.rb +1 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +15 -3
- data/lib/contrast/framework/rails/patch/assess_configuration.rb +3 -3
- data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +1 -1
- data/lib/contrast/framework/rails/patch/support.rb +1 -1
- data/lib/contrast/framework/rails/support.rb +11 -4
- data/lib/contrast/framework/sinatra/support.rb +4 -3
- data/lib/contrast/logger/aliased_logging.rb +27 -15
- data/lib/contrast/logger/cef_log.rb +14 -14
- data/lib/contrast/logger/format.rb +1 -1
- data/lib/contrast/logger/log.rb +8 -8
- data/lib/contrast/tasks/config.rb +12 -12
- data/lib/contrast/tasks/service.rb +2 -2
- data/lib/contrast/utils/assess/tracking_util.rb +4 -4
- data/lib/contrast/utils/class_util.rb +4 -4
- data/lib/contrast/utils/findings.rb +3 -3
- data/lib/contrast/utils/hash_digest.rb +6 -7
- data/lib/contrast/utils/head_dump_utils_extend.rb +1 -1
- data/lib/contrast/utils/invalid_configuration_util.rb +1 -1
- data/lib/contrast/utils/log_utils.rb +4 -4
- data/lib/contrast/utils/lru_cache.rb +1 -1
- data/lib/contrast/utils/metrics_hash.rb +1 -1
- data/lib/contrast/utils/middleware_utils.rb +5 -5
- data/lib/contrast/utils/net_http_base.rb +4 -4
- data/lib/contrast/utils/os.rb +1 -1
- data/lib/contrast/utils/patching/policy/patch_utils.rb +2 -2
- data/lib/contrast/utils/request_utils.rb +2 -2
- data/lib/contrast/utils/response_utils.rb +14 -1
- data/lib/contrast/utils/sha256_builder.rb +4 -4
- data/lib/contrast/utils/stack_trace_utils.rb +31 -13
- data/lib/contrast/utils/telemetry.rb +15 -9
- data/lib/contrast/utils/telemetry_client.rb +5 -5
- data/lib/contrast/utils/telemetry_hash.rb +37 -13
- data/lib/contrast/utils/telemetry_identifier.rb +10 -2
- data/lib/contrast/utils/thread_tracker.rb +26 -9
- data/lib/contrast/utils/timer.rb +7 -2
- data/lib/contrast.rb +1 -3
- data/resources/assess/policy.json +1 -1
- metadata +28 -14
- data/lib/contrast/api/decorators/library_usage_update.rb +0 -31
@@ -2,6 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/agent/telemetry/events/exceptions/telemetry_exceptions'
|
5
|
+
require 'contrast/agent/telemetry/events/exceptions/obfuscate'
|
5
6
|
|
6
7
|
module Contrast
|
7
8
|
module Logger
|
@@ -16,7 +17,7 @@ module Contrast
|
|
16
17
|
# @param data [Object] Any structured data
|
17
18
|
def warn message = nil, exception = nil, data = nil, &block
|
18
19
|
# build Telemetry Exclusion
|
19
|
-
|
20
|
+
build_exception(ALIASED_WARN, message, exception, data)
|
20
21
|
super(message, exception, data, &block)
|
21
22
|
end
|
22
23
|
|
@@ -25,7 +26,7 @@ module Contrast
|
|
25
26
|
# @param data [Object] Any structured data
|
26
27
|
def error message = nil, exception = nil, data = nil, &block
|
27
28
|
# build Telemetry Exclusion
|
28
|
-
|
29
|
+
build_exception(ALIASED_ERROR, message, exception, data)
|
29
30
|
super(message, exception, data, &block)
|
30
31
|
end
|
31
32
|
|
@@ -34,25 +35,31 @@ module Contrast
|
|
34
35
|
# @param data [Object] Any structured data
|
35
36
|
def fatal message = nil, exception = nil, data = nil, &block
|
36
37
|
# build Telemetry Exclusion
|
37
|
-
|
38
|
+
build_exception(ALIASED_FATAL, message, exception, data)
|
38
39
|
super(message, exception, data, &block)
|
39
40
|
end
|
40
41
|
|
41
42
|
private
|
42
43
|
|
43
|
-
def
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
message_exception_type = exception ? exception.cs__class.to_s : stack_frame_type.split('/').last
|
44
|
+
def build_exception type, message = nil, exception = nil, data = nil
|
45
|
+
stack_trace = get_stack_trace(type)
|
46
|
+
stack_frame_type = Contrast::Agent::Telemetry::TelemetryException::Obfuscate.obfuscate_type(
|
47
|
+
stack_trace[1].path.delete_prefix(Dir.pwd))
|
48
48
|
stack_frame_function = stack_trace[1].label
|
49
49
|
key = "#{ stack_frame_type }|#{ stack_frame_function }|#{ message }"
|
50
50
|
if TELEMETRY_EXCEPTIONS[key]
|
51
|
-
TELEMETRY_EXCEPTIONS.increment
|
51
|
+
TELEMETRY_EXCEPTIONS.increment(key)
|
52
52
|
return
|
53
53
|
end
|
54
54
|
|
55
|
-
|
55
|
+
return if TELEMETRY_EXCEPTIONS.exception_limit?
|
56
|
+
|
57
|
+
message_exception_type = Contrast::Agent::Telemetry::TelemetryException::Obfuscate.obfuscate_exception_type(
|
58
|
+
exception ? exception.cs__class.to_s : stack_frame_type.split('/').last)
|
59
|
+
|
60
|
+
event_message = create_message(stack_frame_function,
|
61
|
+
stack_frame_type, message_exception_type,
|
62
|
+
data, exception,
|
56
63
|
message)
|
57
64
|
TELEMETRY_EXCEPTIONS[key] = event_message
|
58
65
|
rescue StandardError => e
|
@@ -65,10 +72,10 @@ module Contrast
|
|
65
72
|
else
|
66
73
|
message
|
67
74
|
end
|
68
|
-
module_name =
|
69
|
-
stack_frame = Contrast::Agent::Telemetry::TelemetryException::StackFrame.build
|
75
|
+
module_name = message_exception_type ? message_exception_type.split('::')[0] : nil
|
76
|
+
stack_frame = Contrast::Agent::Telemetry::TelemetryException::StackFrame.build(stack_frame_function,
|
70
77
|
stack_frame_type,
|
71
|
-
module_name
|
78
|
+
module_name)
|
72
79
|
message_exception = Contrast::Agent::Telemetry::TelemetryException::MessageException.build(
|
73
80
|
message_exception_type,
|
74
81
|
message_for_exception,
|
@@ -79,8 +86,13 @@ module Contrast
|
|
79
86
|
else
|
80
87
|
exception.cs__is_a?(Hash) ? exception : {}
|
81
88
|
end
|
82
|
-
message = Contrast::Agent::Telemetry::TelemetryException::Message.build
|
83
|
-
Contrast::Agent::Telemetry::TelemetryException::Event.new
|
89
|
+
message = Contrast::Agent::Telemetry::TelemetryException::Message.build(tags, [message_exception])
|
90
|
+
Contrast::Agent::Telemetry::TelemetryException::Event.new(message)
|
91
|
+
end
|
92
|
+
|
93
|
+
def get_stack_trace type
|
94
|
+
start = caller_locations&.find_index { |stack| stack.to_s.include?(type) }
|
95
|
+
start ? caller_locations(start + 1, 20) : caller_locations(20, 20)
|
84
96
|
end
|
85
97
|
end
|
86
98
|
end
|
@@ -30,7 +30,7 @@ module Contrast
|
|
30
30
|
else
|
31
31
|
cs__error(*args, **kwargs)
|
32
32
|
end
|
33
|
-
args.each { |arg| raise
|
33
|
+
args.each { |arg| raise(arg) if arg && arg.cs__class < Exception }
|
34
34
|
end
|
35
35
|
end
|
36
36
|
end
|
@@ -69,11 +69,11 @@ module Contrast
|
|
69
69
|
if @_cef_logger
|
70
70
|
@_cef_logger.error('Unable to process update to LoggerManager.', e)
|
71
71
|
else
|
72
|
-
puts
|
73
|
-
raise
|
72
|
+
puts('Unable to process update to LoggerManager.')
|
73
|
+
raise(e) if ENV['CONTRAST__AGENT__RUBY_MORE_COWBELL']
|
74
74
|
|
75
|
-
puts
|
76
|
-
puts
|
75
|
+
puts(e.message)
|
76
|
+
puts(e.backtrace.join("\n"))
|
77
77
|
end
|
78
78
|
# rubocop:enable Rails/Output
|
79
79
|
end
|
@@ -99,28 +99,28 @@ module Contrast
|
|
99
99
|
|
100
100
|
def virtual_patch_message patch, outcome
|
101
101
|
message = "Virtual Patch #{ patch.fetch(:name, '') } - #{ patch[:uuid] } was triggered by this request."
|
102
|
-
log
|
102
|
+
log([message, patch, outcome], ::Logger::Severity::DEBUG)
|
103
103
|
end
|
104
104
|
|
105
105
|
def bot_blocking_message matching_bot, outcome
|
106
106
|
message = "User agent #{ matching_bot[:user_agent] } matched the disallowed value #{ matching_bot[:bot] }"
|
107
|
-
log
|
107
|
+
log([message, matching_bot, outcome], ::Logger::Severity::DEBUG)
|
108
108
|
end
|
109
109
|
|
110
110
|
def ip_denylisted_message remote_ip, block_entry, outcome
|
111
111
|
message = "IP Address #{ remote_ip } matched the disallowed value" \
|
112
112
|
"#{ block_entry[:ip] } in the IP Blacklist #{ block_entry[:uuid] }"
|
113
|
-
log
|
113
|
+
log([message, block_entry, outcome], ::Logger::Severity::DEBUG)
|
114
114
|
end
|
115
115
|
|
116
116
|
def successful_attack rule_id, outcome, input_type = nil, input_value = nil
|
117
117
|
if input_type.present? && input_value.present?
|
118
118
|
successful_attack_with_input = "#{ input_type } had a value that successfully exploited" \
|
119
119
|
"#{ rule_id } - #{ input_value }"
|
120
|
-
log
|
120
|
+
log([successful_attack_with_input, rule_id, outcome], ::Logger::Severity::WARN)
|
121
121
|
else
|
122
122
|
successful_attack_wo_input = "An effective attack was detected against #{ rule_id }"
|
123
|
-
log
|
123
|
+
log([successful_attack_wo_input, rule_id, outcome], ::Logger::Severity::WARN)
|
124
124
|
end
|
125
125
|
end
|
126
126
|
|
@@ -128,10 +128,10 @@ module Contrast
|
|
128
128
|
if input_type.present? && input_value.present?
|
129
129
|
ineffective_attack_with_input = "#{ input_type } had a value that matched a signature for, " \
|
130
130
|
"but did not successfully exploit #{ rule_id } - #{ input_value }"
|
131
|
-
log
|
131
|
+
log([ineffective_attack_with_input, rule_id, outcome], ::Logger::Severity::WARN)
|
132
132
|
else
|
133
133
|
ineffective_attack_wo_input = "An unsuccessful attack was detected against #{ rule_id }"
|
134
|
-
log
|
134
|
+
log([ineffective_attack_wo_input, rule_id, outcome], ::Logger::Severity::WARN)
|
135
135
|
end
|
136
136
|
end
|
137
137
|
|
@@ -140,10 +140,10 @@ module Contrast
|
|
140
140
|
if input_type.present? && input_value.present?
|
141
141
|
suspicious_attack_with = "#{ input_type } included a potential attack value that was detected" \
|
142
142
|
"as suspicious using #{ rule_id } - #{ input_value }"
|
143
|
-
log
|
143
|
+
log([suspicious_attack_with, rule_id, outcome], ::Logger::WARN)
|
144
144
|
elsif input_value.present?
|
145
145
|
suspicious_attack_without = "Suspicious activity indicates a potential attack using #{ rule_id }"
|
146
|
-
log
|
146
|
+
log([suspicious_attack_without, rule_id, outcome], ::Logger::WARN)
|
147
147
|
end
|
148
148
|
end
|
149
149
|
end
|
@@ -10,6 +10,7 @@ module Contrast
|
|
10
10
|
# Our format for the Ougai logger allowing for custom log format that
|
11
11
|
# extends the behavior of the default Ougai logger
|
12
12
|
class Format < Ougai::Formatters::Bunyan
|
13
|
+
NO_REQUEST_HASH = { request_id: -1 }.cs__freeze
|
13
14
|
LOG_TRACKER = Contrast::Utils::ThreadTracker.new
|
14
15
|
# Our override of the _call method to add in the extra data that we want,
|
15
16
|
# based on
|
@@ -49,7 +50,6 @@ module Contrast
|
|
49
50
|
hash
|
50
51
|
end
|
51
52
|
|
52
|
-
NO_REQUEST_HASH = { request_id: -1 }.cs__freeze
|
53
53
|
def request_hash
|
54
54
|
@request_tracker_defined ||= defined?(Contrast::Agent) && defined?(Contrast::Agent::REQUEST_TRACKER)
|
55
55
|
return NO_REQUEST_HASH unless @request_tracker_defined
|
data/lib/contrast/logger/log.rb
CHANGED
@@ -44,8 +44,8 @@ module Contrast
|
|
44
44
|
untimed_func_symbol = "untimed_#{ meth_spec.method_name }".to_sym
|
45
45
|
send_to = class_method ? meth_spec.clazz.cs__singleton_class : meth_spec.clazz
|
46
46
|
meth_spec.clazz.class_eval do
|
47
|
-
include
|
48
|
-
extend
|
47
|
+
include(Contrast::Components::Logger::InstanceMethods)
|
48
|
+
extend(Contrast::Components::Logger::InstanceMethods)
|
49
49
|
|
50
50
|
send_to.send(:alias_method, untimed_func_symbol, meth_spec.method_name)
|
51
51
|
meth_spec.aliased = true
|
@@ -73,7 +73,7 @@ module Contrast
|
|
73
73
|
next if meth_spec.aliased
|
74
74
|
|
75
75
|
is_class_method = meth_spec.clazz.singleton_methods(false).include?(meth_spec.method_name)
|
76
|
-
trace_time_class_method
|
76
|
+
trace_time_class_method(meth_spec, is_class_method)
|
77
77
|
end
|
78
78
|
end
|
79
79
|
end
|
@@ -96,7 +96,7 @@ module Contrast
|
|
96
96
|
else
|
97
97
|
cs__error(*args, **kwargs)
|
98
98
|
end
|
99
|
-
args.each { |arg| raise
|
99
|
+
args.each { |arg| raise(arg) if arg && arg.cs__class < Exception }
|
100
100
|
end
|
101
101
|
end
|
102
102
|
end
|
@@ -142,11 +142,11 @@ module Contrast
|
|
142
142
|
if logger
|
143
143
|
logger.error('Unable to process update to LoggerManager.', e)
|
144
144
|
else
|
145
|
-
puts
|
146
|
-
raise
|
145
|
+
puts('Unable to process update to LoggerManager.')
|
146
|
+
raise(e) if ENV['CONTRAST__AGENT__RUBY_MORE_COWBELL']
|
147
147
|
|
148
|
-
puts
|
149
|
-
puts
|
148
|
+
puts(e.message)
|
149
|
+
puts(e.backtrace.join("\n"))
|
150
150
|
end
|
151
151
|
end
|
152
152
|
|
@@ -75,7 +75,7 @@ module Contrast
|
|
75
75
|
missing = []
|
76
76
|
api_hash = config.root.api.to_hash
|
77
77
|
api_hash.each_key do |key|
|
78
|
-
value = mask_keys
|
78
|
+
value = mask_keys(api_hash, key)
|
79
79
|
if value.is_a?(Contrast::Config::ApiProxyConfiguration)
|
80
80
|
Contrast::Config.validate_proxy(value)
|
81
81
|
elsif value.is_a?(Contrast::Config::CertificationConfiguration)
|
@@ -92,31 +92,31 @@ module Contrast
|
|
92
92
|
end
|
93
93
|
|
94
94
|
def self.validate_proxy config
|
95
|
-
puts
|
95
|
+
puts("Proxy Enabled: #{ config.enable }")
|
96
96
|
return unless config.enable
|
97
97
|
|
98
|
-
puts
|
98
|
+
puts("Proxy URL: #{ config.url }")
|
99
99
|
abort('Proxy Enabled but no Proxy URL given') unless config.url
|
100
100
|
end
|
101
101
|
|
102
102
|
def self.validate_cert config
|
103
|
-
puts
|
103
|
+
puts("Certification Enabled: #{ config.enable }")
|
104
104
|
return unless config.enable
|
105
105
|
|
106
|
-
puts
|
106
|
+
puts("CA File: #{ config.ca_file }")
|
107
107
|
abort('CA file path not provided') unless config.ca_file
|
108
|
-
puts
|
108
|
+
puts("Cert File: #{ config.cert_file }")
|
109
109
|
abort('Cert file path not provided') unless config.cert_file
|
110
|
-
puts
|
110
|
+
puts("Key File: #{ config.key_file }")
|
111
111
|
abort('Key file path not provided') unless config.key_file
|
112
112
|
end
|
113
113
|
|
114
114
|
def self.validate_audit config
|
115
|
-
puts
|
115
|
+
puts("Request Audit Enabled: #{ config.enable }")
|
116
116
|
return unless config.enable
|
117
117
|
|
118
118
|
config.each do |k, v|
|
119
|
-
puts
|
119
|
+
puts("#{ k }::#{ v }")
|
120
120
|
end
|
121
121
|
end
|
122
122
|
|
@@ -125,7 +125,7 @@ module Contrast
|
|
125
125
|
reporter = Contrast::Agent::Reporter.new
|
126
126
|
reporter_headers = reporter.client.headers.to_hash
|
127
127
|
reporter_headers.each_key do |key|
|
128
|
-
value = mask_keys
|
128
|
+
value = mask_keys(reporter_headers, key)
|
129
129
|
missing << key if value.nil?
|
130
130
|
end
|
131
131
|
abort("Missing required header values: #{ missing.join(', ') }") unless missing.empty?
|
@@ -135,13 +135,13 @@ module Contrast
|
|
135
135
|
def self.test_connection reporter
|
136
136
|
connection = reporter.connection
|
137
137
|
abort('Failed to Initialize Connection please check error logs for details') unless connection
|
138
|
-
abort('Failed to Start Client please check error logs for details') unless reporter.client.startup!
|
138
|
+
abort('Failed to Start Client please check error logs for details') unless reporter.client.startup!(connection)
|
139
139
|
end
|
140
140
|
|
141
141
|
def self.mask_keys hash, key
|
142
142
|
value = hash[key]
|
143
143
|
redacted_value = Contrast::Configuration::REDACTED if SKIP_LOG.include?(key.to_s)
|
144
|
-
puts
|
144
|
+
puts("#{ key }::#{ redacted_value || value }") unless value.is_a?(Contrast::Config::BaseConfiguration)
|
145
145
|
value
|
146
146
|
end
|
147
147
|
end
|
@@ -11,7 +11,7 @@ module Contrast
|
|
11
11
|
extend Rake::DSL
|
12
12
|
# Start the service if it is not already running
|
13
13
|
def self.start_service
|
14
|
-
puts
|
14
|
+
puts('Starting Contrast Service')
|
15
15
|
service_log = ::Contrast::CONTRAST_SERVICE.logger_path
|
16
16
|
if File.writable?(service_log)
|
17
17
|
spawn('contrast_service', out: File::NULL, err: service_log)
|
@@ -23,7 +23,7 @@ module Contrast
|
|
23
23
|
sleep(0.05) until Contrast::Utils::OS.running?
|
24
24
|
end
|
25
25
|
watcher.join(1)
|
26
|
-
puts
|
26
|
+
puts(Contrast::Utils::OS.running? ? 'Contrast Service started successfully.' : 'Contrast Service did not start.')
|
27
27
|
end
|
28
28
|
|
29
29
|
# Stop the service if it is running
|
@@ -50,9 +50,9 @@ module Contrast
|
|
50
50
|
|
51
51
|
idx += 1
|
52
52
|
if Contrast::Utils::DuckUtils.iterable_hash?(obj)
|
53
|
-
handle_hash
|
53
|
+
handle_hash(obj, idx)
|
54
54
|
elsif Contrast::Utils::DuckUtils.iterable_enumerable?(obj)
|
55
|
-
handle_enumerable
|
55
|
+
handle_enumerable(obj, idx)
|
56
56
|
else
|
57
57
|
Contrast::Agent::Assess::Tracker.tracked?(obj)
|
58
58
|
end
|
@@ -79,9 +79,9 @@ module Contrast
|
|
79
79
|
|
80
80
|
idx += 1
|
81
81
|
if Contrast::Utils::DuckUtils.iterable_hash?(obj)
|
82
|
-
handle_hash
|
82
|
+
handle_hash(obj, idx)
|
83
83
|
elsif Contrast::Utils::DuckUtils.iterable_enumerable?(obj)
|
84
|
-
handle_enumerable
|
84
|
+
handle_enumerable(obj, idx)
|
85
85
|
else
|
86
86
|
Contrast::Agent::Assess::Tracker.trackable?(obj)
|
87
87
|
end
|
@@ -33,7 +33,7 @@ module Contrast
|
|
33
33
|
# need to check
|
34
34
|
# @return [Boolean] if this method specifically was prepended
|
35
35
|
def prepended_method? mod, method_policy
|
36
|
-
target_module = determine_target_class
|
36
|
+
target_module = determine_target_class(mod, method_policy.instance_method)
|
37
37
|
ancestors = target_module.ancestors
|
38
38
|
return false unless prepended?(target_module, ancestors)
|
39
39
|
|
@@ -60,13 +60,13 @@ module Contrast
|
|
60
60
|
# Only treat object like a string if it actually is a string+ some subclasses of String override string
|
61
61
|
# methods we depend on
|
62
62
|
if object.cs__class == String
|
63
|
-
return @string_cache[object] if @string_cache.key?
|
63
|
+
return @string_cache[object] if @string_cache.key?(object)
|
64
64
|
|
65
65
|
@string_cache[object] = to_cached_string(object) || object.dup
|
66
66
|
else
|
67
|
-
return @lru_cache[object.__id__] if @lru_cache.key?
|
67
|
+
return @lru_cache[object.__id__] if @lru_cache.key?(object.__id__)
|
68
68
|
|
69
|
-
@lru_cache[object.__id__] = convert_object
|
69
|
+
@lru_cache[object.__id__] = convert_object(object)
|
70
70
|
end
|
71
71
|
end
|
72
72
|
|
@@ -34,7 +34,7 @@ module Contrast
|
|
34
34
|
# @param ret [Object] the Return of the invoked method
|
35
35
|
# @param args [Array<Object>] the Arguments with which the method was invoked
|
36
36
|
def collect_finding trigger_node, source, object, ret, *args
|
37
|
-
push
|
37
|
+
push(trigger_node, source, object, ret, args)
|
38
38
|
logger.trace('Finding collected', node_id: trigger_node.id,
|
39
39
|
source_id: source.__id__,
|
40
40
|
rule: trigger_node.rule_id)
|
@@ -52,11 +52,11 @@ module Contrast
|
|
52
52
|
|
53
53
|
while @_collection.any?
|
54
54
|
finding = @_collection.pop
|
55
|
-
Contrast::Agent::Assess::Policy::TriggerMethod.build_finding
|
55
|
+
Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(finding[:trigger_node],
|
56
56
|
finding[:source],
|
57
57
|
finding[:object],
|
58
58
|
finding[:ret],
|
59
|
-
finding[:args]
|
59
|
+
finding[:args])
|
60
60
|
end
|
61
61
|
true
|
62
62
|
end
|
@@ -15,8 +15,8 @@ module Contrast
|
|
15
15
|
class HashDigest < Digest::Class
|
16
16
|
include Digest::Instance
|
17
17
|
extend Contrast::Utils::HashDigestExtend
|
18
|
-
|
19
18
|
CONTENT_LENGTH_HEADER = 'Content-Length'
|
19
|
+
CHARS = %w[a b c d e f g].cs__freeze
|
20
20
|
CRYPTO_RULES = %w[crypto-bad-ciphers crypto-bad-mac].cs__freeze
|
21
21
|
CONFIG_PATH_KEY = 'path'
|
22
22
|
CONFIG_SESSION_ID_KEY = 'sessionId'
|
@@ -24,6 +24,11 @@ module Contrast
|
|
24
24
|
CLASS_CONSTANT_NAME_KEY = 'name'
|
25
25
|
CLASS_LINE_NO_KEY = 'lineNo'
|
26
26
|
|
27
|
+
def initialize
|
28
|
+
super
|
29
|
+
@crc32 = 0
|
30
|
+
end
|
31
|
+
|
27
32
|
# Update to CRC checksum the finding route and verb if finding route
|
28
33
|
# [Contrast::Api::Dtm::RouteCoverage] is available else update the passed
|
29
34
|
# request or Contrast::REQUEST_TRACKER.current.request uri and used request
|
@@ -77,7 +82,6 @@ module Contrast
|
|
77
82
|
end
|
78
83
|
end
|
79
84
|
|
80
|
-
CHARS = %w[a b c d e f g].cs__freeze
|
81
85
|
# This method converts and integer value for length into a string value
|
82
86
|
# that we can hash on, based on the logarithmic value of the length, and
|
83
87
|
# updates the current hash with that value.
|
@@ -86,11 +90,6 @@ module Contrast
|
|
86
90
|
update(CHARS[Math.log10(chr.to_s.length).to_i] || CHARS[-1])
|
87
91
|
end
|
88
92
|
|
89
|
-
def initialize
|
90
|
-
super
|
91
|
-
@crc32 = 0
|
92
|
-
end
|
93
|
-
|
94
93
|
# Converts given string to CRC checksum. CRC32 checksum ensures that If error
|
95
94
|
# of a single bit occurs, the CRC checksum will fail, regardless of any other
|
96
95
|
# property of the transmitted data, including its length. Called several times
|
@@ -13,7 +13,7 @@ module Contrast
|
|
13
13
|
delay = control[:delay]
|
14
14
|
clean = control[:clean]
|
15
15
|
|
16
|
-
logger.info
|
16
|
+
logger.info(<<~WARNING)
|
17
17
|
*****************************************************
|
18
18
|
******** HEAP DUMP HAS BEEN ENABLED ********
|
19
19
|
*** APPLICATION PROCESS WILL EXIT UPON COMPLETION ***
|
@@ -50,7 +50,7 @@ module Contrast
|
|
50
50
|
new_preflight_message.data = "#{ rule_id },#{ hash_code }"
|
51
51
|
new_preflight.messages << new_preflight_message
|
52
52
|
|
53
|
-
ruby_finding = Contrast::Agent::Reporting::Finding.new
|
53
|
+
ruby_finding = Contrast::Agent::Reporting::Finding.new(rule_id)
|
54
54
|
ruby_finding.hash_code = hash_code
|
55
55
|
set_new_finding_properties(ruby_finding, user_provided_options, call_location)
|
56
56
|
Contrast::Agent.reporter&.send_event(new_preflight)
|
@@ -64,13 +64,13 @@ module Contrast
|
|
64
64
|
# Log once when the path is invalid. We'll change to this path, so no
|
65
65
|
# need to log again.
|
66
66
|
if previous_path != DEFAULT_NAME
|
67
|
-
$stdout.puts
|
67
|
+
$stdout.puts("[!] Unable to write to '#{ path }'. Writing to default log '#{ DEFAULT_NAME }' instead.")
|
68
68
|
end
|
69
69
|
DEFAULT_NAME
|
70
70
|
else
|
71
71
|
# Log once when the path is invalid. We'll change to this path, so no
|
72
72
|
# need to log again.
|
73
|
-
$stdout.puts
|
73
|
+
$stdout.puts("[!] Unable to write to '#{ path }'. Writing to standard out instead.")
|
74
74
|
STDOUT_STR
|
75
75
|
end
|
76
76
|
end
|
@@ -141,7 +141,7 @@ module Contrast
|
|
141
141
|
end
|
142
142
|
logger.progname = PROGNAME
|
143
143
|
logger.level = level_const
|
144
|
-
change_logger_formatter
|
144
|
+
change_logger_formatter(logger)
|
145
145
|
logger
|
146
146
|
end
|
147
147
|
|
@@ -183,7 +183,7 @@ module Contrast
|
|
183
183
|
DEFAULT_METADATA
|
184
184
|
end
|
185
185
|
app_name = ::Contrast::APP_CONTEXT.app_name
|
186
|
-
attach_request_and_sender_info
|
186
|
+
attach_request_and_sender_info(message, sender_info)
|
187
187
|
message << "request=#{ context.request.url } "
|
188
188
|
message << "requestMethod=#{ request_method } "
|
189
189
|
message << "app=#{ app_name } "
|
@@ -6,7 +6,7 @@ module Contrast
|
|
6
6
|
# A LRU(Least Recently Used) Cache store.
|
7
7
|
class LRUCache
|
8
8
|
def initialize capacity = 500
|
9
|
-
raise
|
9
|
+
raise(StandardError('Capacity must be bigger than 0')) if capacity <= 0
|
10
10
|
|
11
11
|
@capacity = capacity
|
12
12
|
@cache = {}
|
@@ -29,7 +29,7 @@ module Contrast
|
|
29
29
|
value_val = value.dup
|
30
30
|
key_val.strip! if key_val.cs__is_a?(String)
|
31
31
|
value_val.strip! if value_val.cs__is_a?(String)
|
32
|
-
return unless valid_pair?
|
32
|
+
return unless valid_pair?(key_val, value_val)
|
33
33
|
|
34
34
|
key_val.downcase!
|
35
35
|
key_val.strip!
|
@@ -37,12 +37,12 @@ module Contrast
|
|
37
37
|
def handle_exception exception
|
38
38
|
if security_exception?(exception)
|
39
39
|
exception_control = ::Contrast::AGENT.exception_control
|
40
|
-
raise
|
40
|
+
raise(exception) unless exception_control[:enable]
|
41
41
|
|
42
42
|
[exception_control[:status], {}, [exception_control[:message]]]
|
43
43
|
else
|
44
44
|
logger.debug('Re-throwing original error', exception)
|
45
|
-
raise
|
45
|
+
raise(exception)
|
46
46
|
end
|
47
47
|
end
|
48
48
|
|
@@ -69,8 +69,8 @@ module Contrast
|
|
69
69
|
return unless Contrast::Agent::Telemetry::Base.enabled?
|
70
70
|
return unless Contrast::Utils::Telemetry.create_telemetry_file
|
71
71
|
|
72
|
-
logger.info
|
73
|
-
$stdout.print
|
72
|
+
logger.info(Contrast::Utils::Telemetry.disclaimer)
|
73
|
+
$stdout.print(Contrast::Utils::Telemetry.disclaimer)
|
74
74
|
true
|
75
75
|
end
|
76
76
|
|
@@ -80,7 +80,7 @@ module Contrast
|
|
80
80
|
end
|
81
81
|
rescue Contrast::SecurityException => e
|
82
82
|
logger.trace('Security Exception raised during application lifecycle to prevent an attack', e)
|
83
|
-
raise
|
83
|
+
raise(e)
|
84
84
|
end
|
85
85
|
end
|
86
86
|
end
|
@@ -31,14 +31,14 @@ module Contrast
|
|
31
31
|
return if addr.scheme != 'https' && !addr.host.to_s.include?('localhost') # TODO: RUBY-99999 allow http w/ localhost # rubocop:disable Layout/LineLength
|
32
32
|
|
33
33
|
proxy_addr = URI(Contrast::API.proxy_url) if proxy_enabled?
|
34
|
-
net_http_client = initialize_client
|
34
|
+
net_http_client = initialize_client(addr, proxy_addr, use_proxy, use_custom_cert)
|
35
35
|
return if net_http_client.nil?
|
36
36
|
|
37
37
|
net_http_client.start
|
38
38
|
return unless net_http_client.started?
|
39
39
|
|
40
40
|
logger.debug("Starting #{ service_name } connection test")
|
41
|
-
return unless connection_verified?
|
41
|
+
return unless connection_verified?(net_http_client)
|
42
42
|
|
43
43
|
logger.debug('Client verified', service: service_name, url: url)
|
44
44
|
net_http_client
|
@@ -63,7 +63,7 @@ module Contrast
|
|
63
63
|
response = client.request(Net::HTTP::Get.new(client.address))
|
64
64
|
verify_cert = client.address.to_s.include?('localhost') ||
|
65
65
|
OpenSSL::SSL.verify_certificate_identity(client.peer_cert, client.address)
|
66
|
-
resolved = resolved?
|
66
|
+
resolved = resolved?(client.address, ipaddr)
|
67
67
|
@_connection_verified = if resolved && response && verify_cert
|
68
68
|
true
|
69
69
|
else
|
@@ -91,7 +91,7 @@ module Contrast
|
|
91
91
|
def resolved? address, ipaddr
|
92
92
|
return @_resolved unless @_resolved.nil?
|
93
93
|
|
94
|
-
@_resolved = if (addresses = Resolv.getaddresses
|
94
|
+
@_resolved = if (addresses = Resolv.getaddresses(address))
|
95
95
|
addresses.any? { |addr| addr.include?(ipaddr) }
|
96
96
|
else
|
97
97
|
false
|
data/lib/contrast/utils/os.rb
CHANGED
@@ -58,7 +58,7 @@ module Contrast
|
|
58
58
|
rescue Contrast::SecurityException => e
|
59
59
|
# We were told to block something, so we gotta. Don't catch this one, let it get back to our Middleware or
|
60
60
|
# even all the way out to the framework
|
61
|
-
raise
|
61
|
+
raise(e)
|
62
62
|
rescue StandardError => e
|
63
63
|
# Anything else was our bad and we gotta catch that to allow for normal application flow
|
64
64
|
logger.error('Unable to apply pre patch to method.', e)
|
@@ -155,7 +155,7 @@ module Contrast
|
|
155
155
|
rescue Exception => e # rubocop:disable Lint/RescueException
|
156
156
|
logger.error('Unable to assess method call.', e)
|
157
157
|
handle_return(propagated_ret, source_ret, ret)
|
158
|
-
raise
|
158
|
+
raise(e)
|
159
159
|
end
|
160
160
|
|
161
161
|
# Generic invocation of the Inventory or Protect patch which apply to the given method.
|
@@ -31,7 +31,7 @@ module Contrast
|
|
31
31
|
k = Contrast::Utils::StringUtils.force_utf8(k)
|
32
32
|
nested_prefix = prefix.nil? ? k : "#{ prefix }[#{ k }]"
|
33
33
|
hash[k] = Contrast::Utils::ObjectShare::EMPTY_STRING
|
34
|
-
hash.merge!
|
34
|
+
hash.merge!(normalize_params(v, prefix: nested_prefix))
|
35
35
|
end
|
36
36
|
res[prefix] = Contrast::Utils::ObjectShare::EMPTY_STRING if prefix
|
37
37
|
res
|
@@ -39,7 +39,7 @@ module Contrast
|
|
39
39
|
idx = 0
|
40
40
|
res = {}
|
41
41
|
while idx < val.length
|
42
|
-
res.merge!
|
42
|
+
res.merge!(normalize_params(val[idx], prefix: "#{ prefix }[#{ idx }]"))
|
43
43
|
idx += 1
|
44
44
|
end
|
45
45
|
res[prefix] = Contrast::Utils::ObjectShare::EMPTY_STRING if prefix
|