contrast-agent 6.1.1 → 6.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +7 -5
- data/ext/cs__assess_kernel/cs__assess_kernel.c +14 -3
- data/ext/cs__assess_kernel/cs__assess_kernel.h +2 -0
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +10 -3
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +2 -1
- data/ext/cs__assess_regexp/cs__assess_regexp.c +9 -7
- data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.c → cs__assess_string_interpolation/cs__assess_string_interpolation.c} +14 -3
- data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.h → cs__assess_string_interpolation/cs__assess_string_interpolation.h} +1 -1
- data/ext/{cs__assess_string_interpolation26 → cs__assess_string_interpolation}/extconf.rb +0 -0
- data/ext/cs__common/cs__common.c +5 -4
- data/ext/cs__contrast_patch/cs__contrast_patch.c +3 -10
- data/lib/contrast/agent/assess/events/source_event.rb +16 -12
- data/lib/contrast/agent/assess/policy/policy_node.rb +6 -0
- data/lib/contrast/agent/assess/policy/propagation_method.rb +3 -39
- data/lib/contrast/agent/assess/policy/propagation_node.rb +8 -0
- data/lib/contrast/agent/assess/policy/propagator/base.rb +2 -0
- data/lib/contrast/agent/assess/policy/source_method.rb +2 -47
- data/lib/contrast/agent/assess/policy/source_node.rb +1 -0
- data/lib/contrast/agent/assess/policy/trigger_node.rb +8 -0
- data/lib/contrast/agent/assess/property/evented.rb +4 -18
- data/lib/contrast/agent/assess/tag.rb +19 -0
- data/lib/contrast/agent/at_exit_hook.rb +9 -8
- data/lib/contrast/agent/inventory/database_config.rb +18 -7
- data/lib/contrast/agent/inventory/dependency_analysis.rb +3 -2
- data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +13 -9
- data/lib/contrast/agent/middleware.rb +4 -0
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +27 -2
- data/lib/contrast/agent/patching/policy/policy.rb +5 -0
- data/lib/contrast/agent/patching/policy/policy_node.rb +6 -0
- data/lib/contrast/agent/patching/policy/trigger_node.rb +3 -0
- data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +3 -4
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +1 -0
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +2 -2
- data/lib/contrast/agent/protect/rule/base.rb +1 -0
- data/lib/contrast/agent/protect/rule/no_sqli.rb +2 -0
- data/lib/contrast/agent/protect/rule/xss.rb +4 -0
- data/lib/contrast/agent/reporting/reporter.rb +33 -17
- data/lib/contrast/agent/reporting/reporter_heartbeat.rb +21 -15
- data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +3 -18
- data/lib/contrast/agent/reporting/reporting_events/application_update.rb +5 -24
- data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +8 -1
- data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +83 -16
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +9 -3
- data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +10 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb +12 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +10 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +29 -32
- data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +18 -20
- data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +11 -24
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +13 -6
- data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +10 -4
- data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +10 -4
- data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +9 -0
- data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +10 -1
- data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +11 -4
- data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +0 -8
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +2 -6
- data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +0 -32
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +1 -4
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +1 -11
- data/lib/contrast/agent/reporting/reporting_utilities/response.rb +60 -2
- data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +32 -10
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +58 -26
- data/lib/contrast/agent/reporting/settings/application_settings.rb +8 -23
- data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +27 -33
- data/lib/contrast/agent/reporting/settings/bot_blocker.rb +68 -0
- data/lib/contrast/agent/reporting/settings/code_exclusion.rb +27 -0
- data/lib/contrast/agent/reporting/settings/exclusion_base.rb +33 -0
- data/lib/contrast/agent/reporting/settings/exclusions.rb +39 -57
- data/lib/contrast/agent/reporting/settings/helpers.rb +56 -0
- data/lib/contrast/agent/reporting/settings/input_exclusion.rb +37 -0
- data/lib/contrast/agent/reporting/settings/ip_filter.rb +35 -0
- data/lib/contrast/agent/reporting/settings/keyword.rb +74 -0
- data/lib/contrast/agent/reporting/settings/log_enhancer.rb +65 -0
- data/lib/contrast/agent/reporting/settings/protect.rb +4 -2
- data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +62 -115
- data/lib/contrast/agent/reporting/settings/reaction.rb +11 -2
- data/lib/contrast/agent/reporting/settings/rule_definition.rb +63 -0
- data/lib/contrast/agent/reporting/settings/sampling.rb +10 -0
- data/lib/contrast/agent/reporting/settings/sanitizer.rb +38 -0
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +9 -1
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +7 -0
- data/lib/contrast/agent/reporting/settings/server_features.rb +8 -0
- data/lib/contrast/agent/reporting/settings/syslog.rb +176 -0
- data/lib/contrast/agent/reporting/settings/url_exclusion.rb +42 -0
- data/lib/contrast/agent/reporting/settings/validator.rb +17 -0
- data/lib/contrast/agent/request.rb +5 -7
- data/lib/contrast/agent/request_context.rb +8 -13
- data/lib/contrast/agent/request_context_extend.rb +8 -9
- data/lib/contrast/agent/request_handler.rb +10 -35
- data/lib/contrast/agent/rule_set.rb +4 -0
- data/lib/contrast/agent/service_heartbeat.rb +1 -1
- data/lib/contrast/agent/static_analysis.rb +6 -15
- data/lib/contrast/agent/telemetry/base.rb +35 -35
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +2 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +2 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +5 -2
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +3 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +3 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb +0 -1
- data/lib/contrast/agent/thread_watcher.rb +2 -6
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent.rb +1 -3
- data/lib/contrast/api/communication/socket.rb +1 -0
- data/lib/contrast/api/decorators/message.rb +0 -6
- data/lib/contrast/api/decorators.rb +0 -3
- data/lib/contrast/components/assess.rb +0 -6
- data/lib/contrast/components/config.rb +18 -2
- data/lib/contrast/config/base_configuration.rb +0 -13
- data/lib/contrast/config/root_configuration.rb +1 -0
- data/lib/contrast/config/ruby_configuration.rb +2 -9
- data/lib/contrast/configuration.rb +0 -2
- data/lib/contrast/extension/assess/eval_trigger.rb +0 -4
- data/lib/contrast/extension/assess/hash.rb +3 -2
- data/lib/contrast/extension/assess/kernel.rb +22 -0
- data/lib/contrast/extension/assess/marshal.rb +16 -0
- data/lib/contrast/extension/assess/string.rb +21 -20
- data/lib/contrast/framework/base_support.rb +13 -4
- data/lib/contrast/framework/grape/support.rb +6 -6
- data/lib/contrast/framework/manager.rb +7 -23
- data/lib/contrast/framework/manager_extend.rb +1 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +11 -15
- data/lib/contrast/framework/rails/support.rb +9 -2
- data/lib/contrast/framework/sinatra/support.rb +3 -2
- data/lib/contrast/logger/aliased_logging.rb +33 -26
- data/lib/contrast/utils/assess/source_method_utils.rb +0 -9
- data/lib/contrast/utils/lru_cache.rb +3 -0
- data/lib/contrast/utils/middleware_utils.rb +2 -0
- data/lib/contrast/utils/response_utils.rb +14 -1
- data/lib/contrast/utils/telemetry.rb +9 -0
- data/lib/contrast/utils/telemetry_client.rb +7 -7
- data/lib/contrast/utils/telemetry_hash.rb +36 -12
- data/lib/contrast/utils/telemetry_identifier.rb +8 -0
- data/lib/contrast/utils/thread_tracker.rb +26 -9
- data/lib/contrast/utils/timer.rb +6 -1
- data/lib/contrast.rb +1 -3
- data/resources/assess/policy.json +2 -11
- data/ruby-agent.gemspec +1 -1
- metadata +36 -22
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb +0 -30
- data/lib/contrast/api/decorators/application_update.rb +0 -52
- data/lib/contrast/api/decorators/library.rb +0 -56
- data/lib/contrast/api/decorators/library_usage_update.rb +0 -31
- data/lib/contrast/framework/platform_version.rb +0 -22
data/ruby-agent.gemspec
CHANGED
@@ -113,7 +113,7 @@ end
|
|
113
113
|
# dependencies.csv in this directory to indicate that and create a
|
114
114
|
# corresponding update to the fake gem server data in TeamServer.
|
115
115
|
def self.add_dependencies spec
|
116
|
-
spec.add_dependency 'ougai', '
|
116
|
+
spec.add_dependency 'ougai', '>= 1.8', '< 3.0.0'
|
117
117
|
spec.add_dependency 'protobuf', '~> 3.10'
|
118
118
|
spec.add_dependency 'rack', '~> 2.0'
|
119
119
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: contrast-agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- galen.palmer@contrastsecurity.com
|
@@ -13,7 +13,7 @@ authors:
|
|
13
13
|
autorequire:
|
14
14
|
bindir: exe
|
15
15
|
cert_chain: []
|
16
|
-
date: 2022-
|
16
|
+
date: 2022-06-06 00:00:00.000000000 Z
|
17
17
|
dependencies:
|
18
18
|
- !ruby/object:Gem::Dependency
|
19
19
|
name: bundler
|
@@ -585,16 +585,22 @@ dependencies:
|
|
585
585
|
name: ougai
|
586
586
|
requirement: !ruby/object:Gem::Requirement
|
587
587
|
requirements:
|
588
|
-
- - "
|
588
|
+
- - ">="
|
589
589
|
- !ruby/object:Gem::Version
|
590
590
|
version: '1.8'
|
591
|
+
- - "<"
|
592
|
+
- !ruby/object:Gem::Version
|
593
|
+
version: 3.0.0
|
591
594
|
type: :runtime
|
592
595
|
prerelease: false
|
593
596
|
version_requirements: !ruby/object:Gem::Requirement
|
594
597
|
requirements:
|
595
|
-
- - "
|
598
|
+
- - ">="
|
596
599
|
- !ruby/object:Gem::Version
|
597
600
|
version: '1.8'
|
601
|
+
- - "<"
|
602
|
+
- !ruby/object:Gem::Version
|
603
|
+
version: 3.0.0
|
598
604
|
- !ruby/object:Gem::Dependency
|
599
605
|
name: protobuf
|
600
606
|
requirement: !ruby/object:Gem::Requirement
|
@@ -631,22 +637,22 @@ executables:
|
|
631
637
|
- contrast_service
|
632
638
|
extensions:
|
633
639
|
- ext/cs__common/extconf.rb
|
634
|
-
- ext/cs__assess_marshal_module/extconf.rb
|
635
|
-
- ext/cs__assess_kernel/extconf.rb
|
636
|
-
- ext/cs__assess_string/extconf.rb
|
637
|
-
- ext/cs__assess_test/extconf.rb
|
638
|
-
- ext/cs__assess_string_interpolation26/extconf.rb
|
639
|
-
- ext/cs__assess_basic_object/extconf.rb
|
640
|
-
- ext/cs__assess_array/extconf.rb
|
641
640
|
- ext/cs__assess_regexp/extconf.rb
|
642
|
-
- ext/
|
641
|
+
- ext/cs__assess_basic_object/extconf.rb
|
643
642
|
- ext/cs__assess_hash/extconf.rb
|
644
|
-
- ext/cs__scope/extconf.rb
|
645
643
|
- ext/cs__assess_fiber_track/extconf.rb
|
646
|
-
- ext/
|
644
|
+
- ext/cs__assess_string_interpolation/extconf.rb
|
645
|
+
- ext/cs__assess_kernel/extconf.rb
|
646
|
+
- ext/cs__assess_marshal_module/extconf.rb
|
647
|
+
- ext/cs__contrast_patch/extconf.rb
|
647
648
|
- ext/cs__os_information/extconf.rb
|
649
|
+
- ext/cs__assess_array/extconf.rb
|
648
650
|
- ext/cs__tests/extconf.rb
|
651
|
+
- ext/cs__assess_module/extconf.rb
|
649
652
|
- ext/cs__assess_yield_track/extconf.rb
|
653
|
+
- ext/cs__assess_string/extconf.rb
|
654
|
+
- ext/cs__scope/extconf.rb
|
655
|
+
- ext/cs__assess_test/extconf.rb
|
650
656
|
extra_rdoc_files: []
|
651
657
|
files:
|
652
658
|
- ".clang-format"
|
@@ -689,9 +695,9 @@ files:
|
|
689
695
|
- ext/cs__assess_string/cs__assess_string.c
|
690
696
|
- ext/cs__assess_string/cs__assess_string.h
|
691
697
|
- ext/cs__assess_string/extconf.rb
|
692
|
-
- ext/
|
693
|
-
- ext/
|
694
|
-
- ext/
|
698
|
+
- ext/cs__assess_string_interpolation/cs__assess_string_interpolation.c
|
699
|
+
- ext/cs__assess_string_interpolation/cs__assess_string_interpolation.h
|
700
|
+
- ext/cs__assess_string_interpolation/extconf.rb
|
695
701
|
- ext/cs__assess_test/cs__assess_test.h
|
696
702
|
- ext/cs__assess_test/cs__assess_tests.c
|
697
703
|
- ext/cs__assess_test/extconf.rb
|
@@ -1057,14 +1063,27 @@ files:
|
|
1057
1063
|
- lib/contrast/agent/reporting/settings/application_settings.rb
|
1058
1064
|
- lib/contrast/agent/reporting/settings/assess.rb
|
1059
1065
|
- lib/contrast/agent/reporting/settings/assess_server_feature.rb
|
1066
|
+
- lib/contrast/agent/reporting/settings/bot_blocker.rb
|
1067
|
+
- lib/contrast/agent/reporting/settings/code_exclusion.rb
|
1068
|
+
- lib/contrast/agent/reporting/settings/exclusion_base.rb
|
1060
1069
|
- lib/contrast/agent/reporting/settings/exclusions.rb
|
1070
|
+
- lib/contrast/agent/reporting/settings/helpers.rb
|
1071
|
+
- lib/contrast/agent/reporting/settings/input_exclusion.rb
|
1072
|
+
- lib/contrast/agent/reporting/settings/ip_filter.rb
|
1073
|
+
- lib/contrast/agent/reporting/settings/keyword.rb
|
1074
|
+
- lib/contrast/agent/reporting/settings/log_enhancer.rb
|
1061
1075
|
- lib/contrast/agent/reporting/settings/protect.rb
|
1062
1076
|
- lib/contrast/agent/reporting/settings/protect_server_feature.rb
|
1063
1077
|
- lib/contrast/agent/reporting/settings/reaction.rb
|
1078
|
+
- lib/contrast/agent/reporting/settings/rule_definition.rb
|
1064
1079
|
- lib/contrast/agent/reporting/settings/sampling.rb
|
1080
|
+
- lib/contrast/agent/reporting/settings/sanitizer.rb
|
1065
1081
|
- lib/contrast/agent/reporting/settings/sensitive_data_masking.rb
|
1066
1082
|
- lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb
|
1067
1083
|
- lib/contrast/agent/reporting/settings/server_features.rb
|
1084
|
+
- lib/contrast/agent/reporting/settings/syslog.rb
|
1085
|
+
- lib/contrast/agent/reporting/settings/url_exclusion.rb
|
1086
|
+
- lib/contrast/agent/reporting/settings/validator.rb
|
1068
1087
|
- lib/contrast/agent/request.rb
|
1069
1088
|
- lib/contrast/agent/request_context.rb
|
1070
1089
|
- lib/contrast/agent/request_context_extend.rb
|
@@ -1083,7 +1102,6 @@ files:
|
|
1083
1102
|
- lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb
|
1084
1103
|
- lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb
|
1085
1104
|
- lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb
|
1086
|
-
- lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb
|
1087
1105
|
- lib/contrast/agent/telemetry/events/metric_event.rb
|
1088
1106
|
- lib/contrast/agent/telemetry/events/startup_metrics_event.rb
|
1089
1107
|
- lib/contrast/agent/thread.rb
|
@@ -1109,7 +1127,6 @@ files:
|
|
1109
1127
|
- lib/contrast/api/decorators/agent_startup.rb
|
1110
1128
|
- lib/contrast/api/decorators/application_settings.rb
|
1111
1129
|
- lib/contrast/api/decorators/application_startup.rb
|
1112
|
-
- lib/contrast/api/decorators/application_update.rb
|
1113
1130
|
- lib/contrast/api/decorators/architecture_component.rb
|
1114
1131
|
- lib/contrast/api/decorators/bot_blocker.rb
|
1115
1132
|
- lib/contrast/api/decorators/finding.rb
|
@@ -1117,8 +1134,6 @@ files:
|
|
1117
1134
|
- lib/contrast/api/decorators/input_analysis.rb
|
1118
1135
|
- lib/contrast/api/decorators/instrumentation_mode.rb
|
1119
1136
|
- lib/contrast/api/decorators/ip_denylist.rb
|
1120
|
-
- lib/contrast/api/decorators/library.rb
|
1121
|
-
- lib/contrast/api/decorators/library_usage_update.rb
|
1122
1137
|
- lib/contrast/api/decorators/message.rb
|
1123
1138
|
- lib/contrast/api/decorators/rasp_rule_sample.rb
|
1124
1139
|
- lib/contrast/api/decorators/response_type.rb
|
@@ -1194,7 +1209,6 @@ files:
|
|
1194
1209
|
- lib/contrast/framework/grape/support.rb
|
1195
1210
|
- lib/contrast/framework/manager.rb
|
1196
1211
|
- lib/contrast/framework/manager_extend.rb
|
1197
|
-
- lib/contrast/framework/platform_version.rb
|
1198
1212
|
- lib/contrast/framework/rack/patch/session_cookie.rb
|
1199
1213
|
- lib/contrast/framework/rack/patch/support.rb
|
1200
1214
|
- lib/contrast/framework/rack/support.rb
|
@@ -1,30 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
module Contrast
|
5
|
-
module Agent
|
6
|
-
module Telemetry
|
7
|
-
# This module will handle the reporting of the TelemetryExceptionHash
|
8
|
-
module TelemetryExceptionReport
|
9
|
-
# Here we will send any exceptions gathered. The telemetry_hash is split into batches of 256
|
10
|
-
# and then added to the telemetry queue. Since this method is called before entering the
|
11
|
-
# until queue loop any updates after clearing the Contrast::TELEMETRY_EXCEPTIONS would have
|
12
|
-
# to wait for the sending process to be completed, so accumulating new batches.
|
13
|
-
# This methods expects queue and error_messages methods from Contrast::Agent::Telemetry::Base
|
14
|
-
def push_exceptions
|
15
|
-
return unless Contrast::TELEMETRY_EXCEPTIONS&.any?
|
16
|
-
|
17
|
-
Contrast::TELEMETRY_EXCEPTIONS.values.each_slice(256) { |tuple| error_messages.push(tuple) }
|
18
|
-
# Clear the hash. All exceptions now live in @_error_messages instance variable. and we will
|
19
|
-
# add them to the queue. Clearing would make the hash available to be populated again while the
|
20
|
-
# sending is proceeding.
|
21
|
-
Contrast::TELEMETRY_EXCEPTIONS.clear
|
22
|
-
# Add batch to queue. We need to shift here, because we want to report from the oldest batch to
|
23
|
-
# the newest. And even if somehow the array is filled during sending the new messages would stay
|
24
|
-
# and wait their turn.
|
25
|
-
queue << error_messages.shift until error_messages.empty?
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
@@ -1,52 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/utils/string_utils'
|
5
|
-
|
6
|
-
module Contrast
|
7
|
-
module Api
|
8
|
-
module Decorators
|
9
|
-
# Used to decorate the {Contrast::Api::Dtm::ApplicationUpdate} protobuf
|
10
|
-
# model so it can own some of the data massaging required for AppUpdate
|
11
|
-
# dtm.
|
12
|
-
module ApplicationUpdate
|
13
|
-
def self.included klass
|
14
|
-
klass.extend(ClassMethods)
|
15
|
-
end
|
16
|
-
|
17
|
-
def append_library_update library_dtm_list
|
18
|
-
library_dtm_list.each do |library_dtm|
|
19
|
-
libraries[library_dtm.hash_code] = library_dtm
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
# TS only allows you to report 500 routes per application
|
24
|
-
def append_route_coverage_data route_coverage_dtms
|
25
|
-
route_coverage_dtms.take(500).each do |route_coverage_dtm|
|
26
|
-
routes << route_coverage_dtm
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
def append_platform_version platform_version
|
31
|
-
self.platform = Contrast::Api::Dtm::Platform.new if platform.nil?
|
32
|
-
platform.major = platform_version.major
|
33
|
-
platform.minor = platform_version.minor
|
34
|
-
platform.build = platform_version.patch
|
35
|
-
end
|
36
|
-
|
37
|
-
# Used to add class methods to the ApplicationUpdate class on inclusion of the decorator
|
38
|
-
module ClassMethods
|
39
|
-
def build
|
40
|
-
msg = new
|
41
|
-
msg.append_route_coverage_data(Contrast::Agent.framework_manager.find_route_discovery_data)
|
42
|
-
msg.append_platform_version(Contrast::Agent.framework_manager.platform_version)
|
43
|
-
msg.append_library_update(Contrast::Agent::Inventory::DependencyAnalysis.instance.library_pb_list)
|
44
|
-
msg
|
45
|
-
end
|
46
|
-
end
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
Contrast::Api::Dtm::ApplicationUpdate.include(Contrast::Api::Decorators::ApplicationUpdate)
|
@@ -1,56 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/utils/string_utils'
|
5
|
-
require 'contrast/utils/sha256_builder'
|
6
|
-
require 'yaml'
|
7
|
-
|
8
|
-
module Contrast
|
9
|
-
module Api
|
10
|
-
module Decorators
|
11
|
-
# Used to decorate the Library protobuf model to handle Gem::Specification translation
|
12
|
-
module Library
|
13
|
-
StringUtils = Contrast::Utils::StringUtils
|
14
|
-
|
15
|
-
def self.included klass
|
16
|
-
klass.extend(ClassMethods)
|
17
|
-
end
|
18
|
-
|
19
|
-
# Used to add class methods to the Library class on inclusion of the decorator
|
20
|
-
module ClassMethods
|
21
|
-
def build digest, gem_specification
|
22
|
-
msg = new
|
23
|
-
msg.file_path = StringUtils.force_utf8(gem_specification.name) # rubocop:disable Security/Module/Name
|
24
|
-
msg.hash_code = StringUtils.force_utf8(digest)
|
25
|
-
msg.version = StringUtils.force_utf8(gem_specification.version)
|
26
|
-
msg.manifest = StringUtils.force_utf8(build_manifest(gem_specification))
|
27
|
-
msg.external_ms = date_to_ms(gem_specification.date)
|
28
|
-
msg.internal_ms = msg.external_ms
|
29
|
-
msg.url = StringUtils.force_utf8(gem_specification.homepage)
|
30
|
-
msg.class_count = file_count(gem_specification.full_gem_path.to_s)
|
31
|
-
msg.used_class_count = 0
|
32
|
-
msg
|
33
|
-
end
|
34
|
-
|
35
|
-
# These are all the code files that are located in the Gem directory loaded
|
36
|
-
# by the current environment; this includes more than Ruby files
|
37
|
-
def file_count path
|
38
|
-
Contrast::Utils::Sha256Builder.instance.files(path).length
|
39
|
-
end
|
40
|
-
|
41
|
-
def build_manifest spec
|
42
|
-
StringUtils.force_utf8(spec.to_yaml.to_s)
|
43
|
-
rescue StandardError
|
44
|
-
nil
|
45
|
-
end
|
46
|
-
|
47
|
-
def date_to_ms date
|
48
|
-
(date.to_f * 1000.0).to_i
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|
53
|
-
end
|
54
|
-
end
|
55
|
-
|
56
|
-
Contrast::Api::Dtm::Library.include(Contrast::Api::Decorators::Library)
|
@@ -1,31 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/utils/string_utils'
|
5
|
-
|
6
|
-
module Contrast
|
7
|
-
module Api
|
8
|
-
module Decorators
|
9
|
-
# Used to decorate the LibraryUsageUpdate protobuf
|
10
|
-
module LibraryUsageUpdate
|
11
|
-
def self.included klass
|
12
|
-
klass.extend(ClassMethods)
|
13
|
-
end
|
14
|
-
|
15
|
-
# Used to add class methods to the LibraryUsageUpdate class on inclusion of the decorator
|
16
|
-
module ClassMethods
|
17
|
-
def build digest, files
|
18
|
-
msg = new
|
19
|
-
msg.hash_code = Contrast::Utils::StringUtils.force_utf8(digest)
|
20
|
-
files.each do |required_file|
|
21
|
-
msg.class_names[required_file] = true
|
22
|
-
end
|
23
|
-
msg
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
Contrast::Api::Dtm::LibraryUsageUpdate.include(Contrast::Api::Decorators::LibraryUsageUpdate)
|
@@ -1,22 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
module Contrast
|
5
|
-
module Framework
|
6
|
-
# Used to map version strings from frameworks to ApplicationUpdate dtm
|
7
|
-
class PlatformVersion
|
8
|
-
attr_reader :major, :minor, :patch
|
9
|
-
|
10
|
-
def initialize major, minor, patch
|
11
|
-
@major = major || ''
|
12
|
-
@minor = minor || ''
|
13
|
-
@patch = patch || ''
|
14
|
-
end
|
15
|
-
|
16
|
-
def self.from_string platform_version_string
|
17
|
-
version_array = platform_version_string.split(Contrast::Utils::ObjectShare::PERIOD)
|
18
|
-
new(version_array[0], version_array[1], version_array[2])
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|