contrast-agent 6.1.1 → 6.3.0

data/ruby-agent.gemspec

@@ -113,7 +113,7 @@ end
 # dependencies.csv in this directory to indicate that and create a
 # corresponding update to the fake gem server data in TeamServer.
 def self.add_dependencies spec
-  spec.add_dependency 'ougai', '~> 1.8'
+  spec.add_dependency 'ougai', '>= 1.8', '< 3.0.0'
   spec.add_dependency 'protobuf', '~> 3.10'
   spec.add_dependency 'rack', '~> 2.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 6.1.1
+  version: 6.3.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-05-12 00:00:00.000000000 Z
+date: 2022-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -585,16 +585,22 @@ dependencies:
   name: ougai
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.8'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.8'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: protobuf
   requirement: !ruby/object:Gem::Requirement
@@ -631,22 +637,22 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
-- ext/cs__assess_string/extconf.rb
-- ext/cs__assess_test/extconf.rb
-- ext/cs__assess_string_interpolation26/extconf.rb
-- ext/cs__assess_basic_object/extconf.rb
-- ext/cs__assess_array/extconf.rb
 - ext/cs__assess_regexp/extconf.rb
-- ext/cs__contrast_patch/extconf.rb
+- ext/cs__assess_basic_object/extconf.rb
 - ext/cs__assess_hash/extconf.rb
-- ext/cs__scope/extconf.rb
 - ext/cs__assess_fiber_track/extconf.rb
-- ext/cs__assess_module/extconf.rb
+- ext/cs__assess_string_interpolation/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
+- ext/cs__assess_marshal_module/extconf.rb
+- ext/cs__contrast_patch/extconf.rb
 - ext/cs__os_information/extconf.rb
+- ext/cs__assess_array/extconf.rb
 - ext/cs__tests/extconf.rb
+- ext/cs__assess_module/extconf.rb
 - ext/cs__assess_yield_track/extconf.rb
+- ext/cs__assess_string/extconf.rb
+- ext/cs__scope/extconf.rb
+- ext/cs__assess_test/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -689,9 +695,9 @@ files:
 - ext/cs__assess_string/cs__assess_string.c
 - ext/cs__assess_string/cs__assess_string.h
 - ext/cs__assess_string/extconf.rb
-- ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c
-- ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h
-- ext/cs__assess_string_interpolation26/extconf.rb
+- ext/cs__assess_string_interpolation/cs__assess_string_interpolation.c
+- ext/cs__assess_string_interpolation/cs__assess_string_interpolation.h
+- ext/cs__assess_string_interpolation/extconf.rb
 - ext/cs__assess_test/cs__assess_test.h
 - ext/cs__assess_test/cs__assess_tests.c
 - ext/cs__assess_test/extconf.rb
@@ -1057,14 +1063,27 @@ files:
 - lib/contrast/agent/reporting/settings/application_settings.rb
 - lib/contrast/agent/reporting/settings/assess.rb
 - lib/contrast/agent/reporting/settings/assess_server_feature.rb
+- lib/contrast/agent/reporting/settings/bot_blocker.rb
+- lib/contrast/agent/reporting/settings/code_exclusion.rb
+- lib/contrast/agent/reporting/settings/exclusion_base.rb
 - lib/contrast/agent/reporting/settings/exclusions.rb
+- lib/contrast/agent/reporting/settings/helpers.rb
+- lib/contrast/agent/reporting/settings/input_exclusion.rb
+- lib/contrast/agent/reporting/settings/ip_filter.rb
+- lib/contrast/agent/reporting/settings/keyword.rb
+- lib/contrast/agent/reporting/settings/log_enhancer.rb
 - lib/contrast/agent/reporting/settings/protect.rb
 - lib/contrast/agent/reporting/settings/protect_server_feature.rb
 - lib/contrast/agent/reporting/settings/reaction.rb
+- lib/contrast/agent/reporting/settings/rule_definition.rb
 - lib/contrast/agent/reporting/settings/sampling.rb
+- lib/contrast/agent/reporting/settings/sanitizer.rb
 - lib/contrast/agent/reporting/settings/sensitive_data_masking.rb
 - lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb
 - lib/contrast/agent/reporting/settings/server_features.rb
+- lib/contrast/agent/reporting/settings/syslog.rb
+- lib/contrast/agent/reporting/settings/url_exclusion.rb
+- lib/contrast/agent/reporting/settings/validator.rb
 - lib/contrast/agent/request.rb
 - lib/contrast/agent/request_context.rb
 - lib/contrast/agent/request_context_extend.rb
@@ -1083,7 +1102,6 @@ files:
 - lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb
 - lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb
 - lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb
-- lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb
 - lib/contrast/agent/telemetry/events/metric_event.rb
 - lib/contrast/agent/telemetry/events/startup_metrics_event.rb
 - lib/contrast/agent/thread.rb
@@ -1109,7 +1127,6 @@ files:
 - lib/contrast/api/decorators/agent_startup.rb
 - lib/contrast/api/decorators/application_settings.rb
 - lib/contrast/api/decorators/application_startup.rb
-- lib/contrast/api/decorators/application_update.rb
 - lib/contrast/api/decorators/architecture_component.rb
 - lib/contrast/api/decorators/bot_blocker.rb
 - lib/contrast/api/decorators/finding.rb
@@ -1117,8 +1134,6 @@ files:
 - lib/contrast/api/decorators/input_analysis.rb
 - lib/contrast/api/decorators/instrumentation_mode.rb
 - lib/contrast/api/decorators/ip_denylist.rb
-- lib/contrast/api/decorators/library.rb
-- lib/contrast/api/decorators/library_usage_update.rb
 - lib/contrast/api/decorators/message.rb
 - lib/contrast/api/decorators/rasp_rule_sample.rb
 - lib/contrast/api/decorators/response_type.rb
@@ -1194,7 +1209,6 @@ files:
 - lib/contrast/framework/grape/support.rb
 - lib/contrast/framework/manager.rb
 - lib/contrast/framework/manager_extend.rb
-- lib/contrast/framework/platform_version.rb
 - lib/contrast/framework/rack/patch/session_cookie.rb
 - lib/contrast/framework/rack/patch/support.rb
 - lib/contrast/framework/rack/support.rb

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb

@@ -1,30 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-module Contrast
-  module Agent
-    module Telemetry
-      # This module will handle the reporting of the TelemetryExceptionHash
-      module TelemetryExceptionReport
-        # Here we will send any exceptions gathered. The telemetry_hash is split into batches of 256
-        # and then added to the telemetry queue. Since this method is called before entering the
-        # until queue loop any updates after clearing the Contrast::TELEMETRY_EXCEPTIONS would have
-        # to wait for the sending process to be completed, so accumulating new batches.
-        # This methods expects queue and error_messages methods from Contrast::Agent::Telemetry::Base
-        def push_exceptions
-          return unless Contrast::TELEMETRY_EXCEPTIONS&.any?
-
-          Contrast::TELEMETRY_EXCEPTIONS.values.each_slice(256) { |tuple| error_messages.push(tuple) }
-          # Clear the hash. All exceptions now live in @_error_messages instance variable. and we will
-          # add them to the queue. Clearing would make the hash available to be populated again while the
-          # sending is proceeding.
-          Contrast::TELEMETRY_EXCEPTIONS.clear
-          # Add batch to queue. We need to shift here, because we want to report from the oldest batch to
-          # the newest. And even if somehow the array is filled during sending the new messages would stay
-          # and wait their turn.
-          queue << error_messages.shift until error_messages.empty?
-        end
-      end
-    end
-  end
-end

data/lib/contrast/api/decorators/application_update.rb

@@ -1,52 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'contrast/utils/string_utils'
-
-module Contrast
-  module Api
-    module Decorators
-      # Used to decorate the {Contrast::Api::Dtm::ApplicationUpdate} protobuf
-      # model so it can own some of the data massaging required for AppUpdate
-      # dtm.
-      module ApplicationUpdate
-        def self.included klass
-          klass.extend(ClassMethods)
-        end
-
-        def append_library_update library_dtm_list
-          library_dtm_list.each do |library_dtm|
-            libraries[library_dtm.hash_code] = library_dtm
-          end
-        end
-
-        # TS only allows you to report 500 routes per application
-        def append_route_coverage_data route_coverage_dtms
-          route_coverage_dtms.take(500).each do |route_coverage_dtm|
-            routes << route_coverage_dtm
-          end
-        end
-
-        def append_platform_version platform_version
-          self.platform = Contrast::Api::Dtm::Platform.new if platform.nil?
-          platform.major = platform_version.major
-          platform.minor = platform_version.minor
-          platform.build = platform_version.patch
-        end
-
-        # Used to add class methods to the ApplicationUpdate class on inclusion of the decorator
-        module ClassMethods
-          def build
-            msg = new
-            msg.append_route_coverage_data(Contrast::Agent.framework_manager.find_route_discovery_data)
-            msg.append_platform_version(Contrast::Agent.framework_manager.platform_version)
-            msg.append_library_update(Contrast::Agent::Inventory::DependencyAnalysis.instance.library_pb_list)
-            msg
-          end
-        end
-      end
-    end
-  end
-end
-
-Contrast::Api::Dtm::ApplicationUpdate.include(Contrast::Api::Decorators::ApplicationUpdate)

data/lib/contrast/api/decorators/library.rb

@@ -1,56 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'contrast/utils/string_utils'
-require 'contrast/utils/sha256_builder'
-require 'yaml'
-
-module Contrast
-  module Api
-    module Decorators
-      # Used to decorate the Library protobuf model to handle Gem::Specification translation
-      module Library
-        StringUtils = Contrast::Utils::StringUtils
-
-        def self.included klass
-          klass.extend(ClassMethods)
-        end
-
-        # Used to add class methods to the Library class on inclusion of the decorator
-        module ClassMethods
-          def build digest, gem_specification
-            msg = new
-            msg.file_path = StringUtils.force_utf8(gem_specification.name) # rubocop:disable Security/Module/Name
-            msg.hash_code   = StringUtils.force_utf8(digest)
-            msg.version     = StringUtils.force_utf8(gem_specification.version)
-            msg.manifest    = StringUtils.force_utf8(build_manifest(gem_specification))
-            msg.external_ms = date_to_ms(gem_specification.date)
-            msg.internal_ms = msg.external_ms
-            msg.url         = StringUtils.force_utf8(gem_specification.homepage)
-            msg.class_count = file_count(gem_specification.full_gem_path.to_s)
-            msg.used_class_count = 0
-            msg
-          end
-
-          # These are all the code files that are located in the Gem directory loaded
-          # by the current environment; this includes more than Ruby files
-          def file_count path
-            Contrast::Utils::Sha256Builder.instance.files(path).length
-          end
-
-          def build_manifest spec
-            StringUtils.force_utf8(spec.to_yaml.to_s)
-          rescue StandardError
-            nil
-          end
-
-          def date_to_ms date
-            (date.to_f * 1000.0).to_i
-          end
-        end
-      end
-    end
-  end
-end
-
-Contrast::Api::Dtm::Library.include(Contrast::Api::Decorators::Library)

data/lib/contrast/api/decorators/library_usage_update.rb

@@ -1,31 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'contrast/utils/string_utils'
-
-module Contrast
-  module Api
-    module Decorators
-      # Used to decorate the LibraryUsageUpdate protobuf
-      module LibraryUsageUpdate
-        def self.included klass
-          klass.extend(ClassMethods)
-        end
-
-        # Used to add class methods to the LibraryUsageUpdate class on inclusion of the decorator
-        module ClassMethods
-          def build digest, files
-            msg = new
-            msg.hash_code = Contrast::Utils::StringUtils.force_utf8(digest)
-            files.each do |required_file|
-              msg.class_names[required_file] = true
-            end
-            msg
-          end
-        end
-      end
-    end
-  end
-end
-
-Contrast::Api::Dtm::LibraryUsageUpdate.include(Contrast::Api::Decorators::LibraryUsageUpdate)

data/lib/contrast/framework/platform_version.rb

@@ -1,22 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-module Contrast
-  module Framework
-    # Used to map version strings from frameworks to ApplicationUpdate dtm
-    class PlatformVersion
-      attr_reader :major, :minor, :patch
-
-      def initialize major, minor, patch
-        @major = major || ''
-        @minor = minor || ''
-        @patch = patch || ''
-      end
-
-      def self.from_string platform_version_string
-        version_array = platform_version_string.split(Contrast::Utils::ObjectShare::PERIOD)
-        new(version_array[0], version_array[1], version_array[2])
-      end
-    end
-  end
-end