contrast-agent 6.1.1 → 6.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (152) hide show
  1. checksums.yaml +4 -4
  2. data/ext/cs__assess_basic_object/cs__assess_basic_object.c +7 -5
  3. data/ext/cs__assess_kernel/cs__assess_kernel.c +14 -3
  4. data/ext/cs__assess_kernel/cs__assess_kernel.h +2 -0
  5. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +10 -3
  6. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +2 -1
  7. data/ext/cs__assess_regexp/cs__assess_regexp.c +9 -7
  8. data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.c → cs__assess_string_interpolation/cs__assess_string_interpolation.c} +14 -3
  9. data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.h → cs__assess_string_interpolation/cs__assess_string_interpolation.h} +1 -1
  10. data/ext/{cs__assess_string_interpolation26 → cs__assess_string_interpolation}/extconf.rb +0 -0
  11. data/ext/cs__common/cs__common.c +5 -4
  12. data/ext/cs__contrast_patch/cs__contrast_patch.c +3 -10
  13. data/lib/contrast/agent/assess/events/source_event.rb +16 -12
  14. data/lib/contrast/agent/assess/policy/policy_node.rb +6 -0
  15. data/lib/contrast/agent/assess/policy/propagation_method.rb +3 -39
  16. data/lib/contrast/agent/assess/policy/propagation_node.rb +8 -0
  17. data/lib/contrast/agent/assess/policy/propagator/base.rb +2 -0
  18. data/lib/contrast/agent/assess/policy/source_method.rb +2 -47
  19. data/lib/contrast/agent/assess/policy/source_node.rb +1 -0
  20. data/lib/contrast/agent/assess/policy/trigger_node.rb +8 -0
  21. data/lib/contrast/agent/assess/property/evented.rb +4 -18
  22. data/lib/contrast/agent/assess/tag.rb +19 -0
  23. data/lib/contrast/agent/at_exit_hook.rb +9 -8
  24. data/lib/contrast/agent/inventory/database_config.rb +18 -7
  25. data/lib/contrast/agent/inventory/dependency_analysis.rb +3 -2
  26. data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +13 -9
  27. data/lib/contrast/agent/middleware.rb +4 -0
  28. data/lib/contrast/agent/patching/policy/after_load_patcher.rb +27 -2
  29. data/lib/contrast/agent/patching/policy/policy.rb +5 -0
  30. data/lib/contrast/agent/patching/policy/policy_node.rb +6 -0
  31. data/lib/contrast/agent/patching/policy/trigger_node.rb +3 -0
  32. data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +3 -4
  33. data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +1 -0
  34. data/lib/contrast/agent/protect/policy/rule_applicator.rb +2 -2
  35. data/lib/contrast/agent/protect/rule/base.rb +1 -0
  36. data/lib/contrast/agent/protect/rule/no_sqli.rb +2 -0
  37. data/lib/contrast/agent/protect/rule/xss.rb +4 -0
  38. data/lib/contrast/agent/reporting/reporter.rb +33 -17
  39. data/lib/contrast/agent/reporting/reporter_heartbeat.rb +21 -15
  40. data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +3 -18
  41. data/lib/contrast/agent/reporting/reporting_events/application_update.rb +5 -24
  42. data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +8 -1
  43. data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +83 -16
  44. data/lib/contrast/agent/reporting/reporting_events/finding.rb +9 -3
  45. data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +10 -1
  46. data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +11 -1
  47. data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb +11 -1
  48. data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb +12 -1
  49. data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +10 -1
  50. data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +11 -1
  51. data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +11 -1
  52. data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +11 -1
  53. data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +11 -1
  54. data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +29 -32
  55. data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +18 -20
  56. data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +11 -24
  57. data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +13 -6
  58. data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +10 -4
  59. data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +10 -4
  60. data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +9 -0
  61. data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +10 -1
  62. data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +11 -4
  63. data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +0 -8
  64. data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +2 -6
  65. data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +0 -32
  66. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +1 -4
  67. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +1 -11
  68. data/lib/contrast/agent/reporting/reporting_utilities/response.rb +60 -2
  69. data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +32 -10
  70. data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +1 -1
  71. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +58 -26
  72. data/lib/contrast/agent/reporting/settings/application_settings.rb +8 -23
  73. data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +27 -33
  74. data/lib/contrast/agent/reporting/settings/bot_blocker.rb +68 -0
  75. data/lib/contrast/agent/reporting/settings/code_exclusion.rb +27 -0
  76. data/lib/contrast/agent/reporting/settings/exclusion_base.rb +33 -0
  77. data/lib/contrast/agent/reporting/settings/exclusions.rb +39 -57
  78. data/lib/contrast/agent/reporting/settings/helpers.rb +56 -0
  79. data/lib/contrast/agent/reporting/settings/input_exclusion.rb +37 -0
  80. data/lib/contrast/agent/reporting/settings/ip_filter.rb +35 -0
  81. data/lib/contrast/agent/reporting/settings/keyword.rb +74 -0
  82. data/lib/contrast/agent/reporting/settings/log_enhancer.rb +65 -0
  83. data/lib/contrast/agent/reporting/settings/protect.rb +4 -2
  84. data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +62 -115
  85. data/lib/contrast/agent/reporting/settings/reaction.rb +11 -2
  86. data/lib/contrast/agent/reporting/settings/rule_definition.rb +63 -0
  87. data/lib/contrast/agent/reporting/settings/sampling.rb +10 -0
  88. data/lib/contrast/agent/reporting/settings/sanitizer.rb +38 -0
  89. data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +9 -1
  90. data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +7 -0
  91. data/lib/contrast/agent/reporting/settings/server_features.rb +8 -0
  92. data/lib/contrast/agent/reporting/settings/syslog.rb +176 -0
  93. data/lib/contrast/agent/reporting/settings/url_exclusion.rb +42 -0
  94. data/lib/contrast/agent/reporting/settings/validator.rb +17 -0
  95. data/lib/contrast/agent/request.rb +5 -7
  96. data/lib/contrast/agent/request_context.rb +8 -13
  97. data/lib/contrast/agent/request_context_extend.rb +8 -9
  98. data/lib/contrast/agent/request_handler.rb +10 -35
  99. data/lib/contrast/agent/rule_set.rb +4 -0
  100. data/lib/contrast/agent/service_heartbeat.rb +1 -1
  101. data/lib/contrast/agent/static_analysis.rb +6 -15
  102. data/lib/contrast/agent/telemetry/base.rb +35 -35
  103. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +2 -0
  104. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +2 -0
  105. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +5 -2
  106. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +3 -0
  107. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +3 -0
  108. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb +0 -1
  109. data/lib/contrast/agent/thread_watcher.rb +2 -6
  110. data/lib/contrast/agent/version.rb +1 -1
  111. data/lib/contrast/agent.rb +1 -3
  112. data/lib/contrast/api/communication/socket.rb +1 -0
  113. data/lib/contrast/api/decorators/message.rb +0 -6
  114. data/lib/contrast/api/decorators.rb +0 -3
  115. data/lib/contrast/components/assess.rb +0 -6
  116. data/lib/contrast/components/config.rb +18 -2
  117. data/lib/contrast/config/base_configuration.rb +0 -13
  118. data/lib/contrast/config/root_configuration.rb +1 -0
  119. data/lib/contrast/config/ruby_configuration.rb +2 -9
  120. data/lib/contrast/configuration.rb +0 -2
  121. data/lib/contrast/extension/assess/eval_trigger.rb +0 -4
  122. data/lib/contrast/extension/assess/hash.rb +3 -2
  123. data/lib/contrast/extension/assess/kernel.rb +22 -0
  124. data/lib/contrast/extension/assess/marshal.rb +16 -0
  125. data/lib/contrast/extension/assess/string.rb +21 -20
  126. data/lib/contrast/framework/base_support.rb +13 -4
  127. data/lib/contrast/framework/grape/support.rb +6 -6
  128. data/lib/contrast/framework/manager.rb +7 -23
  129. data/lib/contrast/framework/manager_extend.rb +1 -1
  130. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +11 -15
  131. data/lib/contrast/framework/rails/support.rb +9 -2
  132. data/lib/contrast/framework/sinatra/support.rb +3 -2
  133. data/lib/contrast/logger/aliased_logging.rb +33 -26
  134. data/lib/contrast/utils/assess/source_method_utils.rb +0 -9
  135. data/lib/contrast/utils/lru_cache.rb +3 -0
  136. data/lib/contrast/utils/middleware_utils.rb +2 -0
  137. data/lib/contrast/utils/response_utils.rb +14 -1
  138. data/lib/contrast/utils/telemetry.rb +9 -0
  139. data/lib/contrast/utils/telemetry_client.rb +7 -7
  140. data/lib/contrast/utils/telemetry_hash.rb +36 -12
  141. data/lib/contrast/utils/telemetry_identifier.rb +8 -0
  142. data/lib/contrast/utils/thread_tracker.rb +26 -9
  143. data/lib/contrast/utils/timer.rb +6 -1
  144. data/lib/contrast.rb +1 -3
  145. data/resources/assess/policy.json +2 -11
  146. data/ruby-agent.gemspec +1 -1
  147. metadata +36 -22
  148. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb +0 -30
  149. data/lib/contrast/api/decorators/application_update.rb +0 -52
  150. data/lib/contrast/api/decorators/library.rb +0 -56
  151. data/lib/contrast/api/decorators/library_usage_update.rb +0 -31
  152. data/lib/contrast/framework/platform_version.rb +0 -22
@@ -17,19 +17,12 @@ module Contrast
17
17
  # discovered during first request processing.
18
18
  attr_reader :routes
19
19
 
20
- class << self
21
- def convert app_update_dtm
22
- app_inventory = new
23
- app_inventory.attach_data(app_update_dtm)
24
- app_inventory
25
- end
26
- end
27
-
28
20
  def initialize
29
- @routes = []
30
21
  @event_type = :application_inventory
31
22
  @event_method = :POST
32
23
  @event_endpoint = Contrast::Agent::Reporting::Endpoints.application_inventory
24
+ # The API spec limits us to 500 routes, so we'll enforce that here to not hold on to superfulous data.
25
+ @routes = Contrast::Agent.framework_manager.find_route_discovery_data.take(500)
33
26
  super
34
27
  end
35
28
 
@@ -39,18 +32,10 @@ module Contrast
39
32
 
40
33
  def to_controlled_hash
41
34
  {
42
- session_id: @agent_session_id_value,
35
+ session_id: ::Contrast::ASSESS.session_id,
43
36
  routes: routes.map(&:to_controlled_hash)
44
37
  }
45
38
  end
46
-
47
- # @param inventory_dtm [Contrast::Api::Dtm::ApplicationUpdate]
48
- # @return [Contrast::Agent::Reporting::ApplicationInventory]
49
- def attach_data inventory_dtm
50
- inventory_dtm.routes.each do |route|
51
- @routes << Contrast::Agent::Reporting::DiscoveredRoute.convert(route)
52
- end
53
- end
54
39
  end
55
40
  end
56
41
  end
@@ -17,23 +17,16 @@ module Contrast
17
17
  # system. Contains data used by TeamServer to render the Flow Map and SCA features.
18
18
  #
19
19
  # @attr_reader components [Array<Contrast::Agent::Reporting::ArchitectureComponent>]
20
- # @attr_reader libraries [Array<Contrast::Agent::Reporting::LibraryDiscovery>]
20
+ # @attr_accessor libraries [Array<Contrast::Agent::Reporting::LibraryDiscovery>]
21
21
  class ApplicationUpdate < Contrast::Agent::Reporting::ApplicationReportingEvent
22
- attr_reader :components, :libraries
23
-
24
- class << self
25
- # @param app_update_dtm [Contrast::Api::Dtm::ApplicationUpdate]
26
- # @return [Contrast::Agent::Reporting::ApplicationUpdate]
27
- def convert app_update_dtm
28
- report = new
29
- report.attach_data(app_update_dtm)
30
- report
31
- end
32
- end
22
+ attr_reader :components
23
+ attr_accessor :libraries
33
24
 
34
25
  def initialize
35
26
  @event_method = :PUT
36
27
  @event_endpoint = "#{ Contrast::API.api_url }/api/ng/update/application"
28
+ @components = []
29
+ @libraries = []
37
30
  super
38
31
  end
39
32
 
@@ -41,18 +34,6 @@ module Contrast
41
34
  'update-application'
42
35
  end
43
36
 
44
- # Attach the data from the protobuf models to this reporter so that it can be sent to TeamServer directly.
45
- #
46
- # @param app_update_dtm [Contrast::Api::Dtm::ApplicationUpdate]
47
- def attach_data app_update_dtm
48
- @components = app_update_dtm.components.map do |component|
49
- Contrast::Agent::Reporting::ArchitectureComponent.convert(component)
50
- end
51
- @libraries = app_update_dtm.libraries.values.map do |library|
52
- Contrast::Agent::Reporting::LibraryDiscovery.convert(library)
53
- end
54
- end
55
-
56
37
  # Convert the instance variables on the class, and other information, into the identifiers required for
57
38
  # TeamServer to process the JSON form of this message.
58
39
  #
@@ -2,6 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/api/dtm.pb'
5
+ require 'contrast/components/logger'
5
6
 
6
7
  module Contrast
7
8
  module Agent
@@ -17,6 +18,7 @@ module Contrast
17
18
  # @attr_reader url [String] the url used to connect to the component. Required for reporting.
18
19
  # @attr_reader vendor [String] the publisher of the component, like MySQL.
19
20
  class ArchitectureComponent
21
+ include Contrast::Components::Logger::InstanceMethods
20
22
  # required attributes
21
23
  attr_reader :type, :url
22
24
  # optional attributes
@@ -55,7 +57,12 @@ module Contrast
55
57
  # @return [Hash]
56
58
  # @raise [ArgumentError]
57
59
  def to_controlled_hash
58
- validate
60
+ begin
61
+ validate
62
+ rescue ArgumentError => e
63
+ logger.error('ArchitectureComponent validation failed with: ', e)
64
+ return
65
+ end
59
66
  {
60
67
  remoteHost: remote_host,
61
68
  remotePort: remote_port,
@@ -16,16 +16,87 @@ module Contrast
16
16
  # includes the literal URL and HTTP Verb used to invoke them, as they must have been called at this point to be
17
17
  # recorded.
18
18
  class DiscoveredRoute < Contrast::Agent::Reporting::ObservedRoute
19
+ include Contrast::Components::Logger::InstanceMethods
20
+
19
21
  class << self
20
- # @param dtm [Contrast::Api::Dtm::RouteCoverage]
22
+ # @param obj [Regexp, Object]
23
+ # @return [String]
24
+ def source_or_string obj
25
+ if obj.cs__is_a?(Regexp)
26
+ obj.source
27
+ elsif obj.cs__respond_to?(:safe_string)
28
+ obj.safe_string
29
+ else
30
+ obj.to_s
31
+ end
32
+ end
33
+
34
+ # Convert ActionDispatch::Journey::Route to Contrast::Agent::Reporting::DiscoveredRoute
35
+ #
36
+ # @param journey_obj [ActionDispatch::Journey::Route] a rails route
37
+ # @param url [String, nil] use url from string instead of journey object.
21
38
  # @return [Contrast::Agent::Reporting::DiscoveredRoute]
22
- def convert dtm
23
- discovered_route = new
24
- discovered_route.attach_data(dtm)
25
- discovered_route
39
+ def from_action_dispatch_journey journey_obj, url = nil
40
+ msg = new
41
+ msg.signature = "#{ journey_obj.defaults[:controller] }##{ journey_obj.defaults[:action] }"
42
+
43
+ verb = source_or_string(journey_obj.verb)
44
+ msg.verb = Contrast::Utils::StringUtils.force_utf8(verb)
45
+
46
+ url ||= source_or_string(journey_obj.path.spec)
47
+ msg.url = Contrast::Utils::StringUtils.force_utf8(url)
48
+ msg
49
+ end
50
+
51
+ # Convert Grape route data to discovered route.
52
+ #
53
+ # @param controller [::Grape::API] the route's final controller.
54
+ # @param method [String] GET, PUT, POST, etc...
55
+ # @param url [String, nil] use url from string instead matched pattern.
56
+ # @param pattern [String, Grape::Router::Route] the pattern that was matched in routing.
57
+ # @return [Contrast::Agent::Reporting::DiscoveredRoute]
58
+ def from_grape_controller controller, method, pattern, url = nil
59
+ if pattern.cs__is_a?(Grape::Router::Route)
60
+ safe_pattern = pattern.pattern&.path&.to_s
61
+ safe_url = source_or_string(url || safe_pattern)
62
+ else
63
+ safe_pattern = source_or_string(pattern)
64
+ safe_url = source_or_string(url || pattern)
65
+ end
66
+
67
+ msg = new
68
+ msg.signature = "#{ controller }##{ method } #{ safe_pattern }"
69
+ msg.verb = Contrast::Utils::StringUtils.force_utf8(method)
70
+ msg.url = Contrast::Utils::StringUtils.force_utf8(safe_url)
71
+ msg
72
+ end
73
+
74
+ # Convert Sinatra route data to discovered route.
75
+ #
76
+ # @param controller [::Sinatra::Base] the route's final controller.
77
+ # @param method [String] GET, PUT, POST, etc...
78
+ # @param pattern [::Mustermann::Sinatra] the pattern that was matched in routing.
79
+ # @param url [String, nil] use url from string instead matched pattern.
80
+ # @return [Contrast::Agent::Reporting::DiscoveredRoute]
81
+ def from_sinatra_route controller, method, pattern, url = nil
82
+ safe_pattern = source_or_string(pattern)
83
+ safe_url = source_or_string(url || pattern)
84
+
85
+ msg = new
86
+ msg.signature = "#{ controller }##{ method } #{ safe_pattern }"
87
+ msg.verb = Contrast::Utils::StringUtils.force_utf8(method)
88
+ msg.url = Contrast::Utils::StringUtils.force_utf8(safe_url)
89
+ msg
26
90
  end
27
91
  end
28
92
 
93
+ # @return [String] the controller, method, and pattern of this route
94
+ attr_accessor :signature
95
+ # @return [String] the url (or url pattern) used to access this route
96
+ attr_accessor :url
97
+ # @return [String, nil] the HTTP verb used to access this route or nil for any verb
98
+ attr_accessor :verb
99
+
29
100
  def initialize
30
101
  super
31
102
  @event_type = :discovered_route
@@ -34,18 +105,14 @@ module Contrast
34
105
  @url = Contrast::Utils::ObjectShare::EMPTY_STRING
35
106
  end
36
107
 
37
- # @param dtm[Contrast::Api::Dtm::RouteCoverage]
38
- def attach_data dtm
39
- @signature = dtm.route
40
- @verb = dtm.verb
41
- @url = dtm.url
42
- end
43
-
44
108
  def to_controlled_hash
45
- validate
46
- dr_hash = { session_id: @agent_session_id_value, signature: @signature, verb: @verb, url: @url }
47
- dr_hash.delete(:verb) unless @verb
48
- dr_hash
109
+ begin
110
+ validate
111
+ rescue ArgumentError => e
112
+ logger.error('DiscoveredRoute validation failed with: ', e)
113
+ return
114
+ end
115
+ { session_id: ::Contrast::ASSESS.session_id, signature: @signature, verb: @verb, url: @url }.compact
49
116
  end
50
117
 
51
118
  def validate
@@ -130,12 +130,18 @@ module Contrast
130
130
  # @return [Hash]
131
131
  # @raise [ArgumentError]
132
132
  def to_controlled_hash
133
- validate
133
+ begin
134
+ validate
135
+ rescue ArgumentError => e
136
+ logger.error('Finding event validation failed with: ', e)
137
+ return
138
+ end
139
+
134
140
  hsh = {
135
141
  created: created,
136
142
  hash: hash_code.to_s,
137
143
  ruleId: rule_id,
138
- session_id: @agent_session_id_value.to_s,
144
+ session_id: ::Contrast::ASSESS.session_id,
139
145
  version: 4
140
146
  }
141
147
  hsh[:events] = events.map(&:to_controlled_hash) if event_based?
@@ -152,7 +158,7 @@ module Contrast
152
158
  # @raise [ArgumentError]
153
159
  def validate
154
160
  raise(ArgumentError, "#{ self } did not have a proper rule. Unable to continue.") unless @rule_id
155
- unless @agent_session_id_value
161
+ unless ::Contrast::ASSESS.session_id
156
162
  raise(ArgumentError, "#{ self } did not have a proper session id. Unable to continue.")
157
163
  end
158
164
  if event_based? && events.empty?
@@ -8,6 +8,7 @@ require 'contrast/agent/reporting/reporting_events/finding_event_signature'
8
8
  require 'contrast/agent/reporting/reporting_events/finding_event_source'
9
9
  require 'contrast/agent/reporting/reporting_events/finding_event_stack'
10
10
  require 'contrast/agent/reporting/reporting_events/finding_event_taint_range'
11
+ require 'contrast/components/logger'
11
12
 
12
13
  module Contrast
13
14
  module Agent
@@ -17,6 +18,8 @@ module Contrast
17
18
  # construct the vulnerability information for the assess feature. They represent the operation the application
18
19
  # underwent that transformed data during the dataflow.
19
20
  class FindingEvent
21
+ include Contrast::Components::Logger::InstanceMethods
22
+
20
23
  # @return [Symbol] what the event did; CREATION, A2O, A2P, A2A, A2R, O2A, O2O, O2P, O2R, P2A, P2O, P2P, P2R,
21
24
  # TAG, TRIGGER.
22
25
  attr_reader :action
@@ -120,7 +123,13 @@ module Contrast
120
123
  # @return [Hash]
121
124
  # @raise [ArgumentError]
122
125
  def to_controlled_hash # rubocop:disable Metrics/AbcSize
123
- validate
126
+ begin
127
+ validate
128
+ rescue ArgumentError => e
129
+ logger.error('FindingEvent validation failed with: ', e)
130
+ return
131
+ end
132
+
124
133
  {
125
134
  action: action,
126
135
  args: args.map(&:to_controlled_hash),
@@ -3,6 +3,7 @@
3
3
 
4
4
  require 'base64'
5
5
  require 'contrast/agent/assess/contrast_object'
6
+ require 'contrast/components/logger'
6
7
 
7
8
  module Contrast
8
9
  module Agent
@@ -12,6 +13,8 @@ module Contrast
12
13
  # TeamServer to construct the vulnerability information for the assess feature. They represent those parts of the
13
14
  # objects that were acted on in a Dataflow Finding.
14
15
  class FindingEventObject
16
+ include Contrast::Components::Logger::InstanceMethods
17
+
15
18
  # @return [Integer] the id of the Object this represents.
16
19
  attr_reader :hash
17
20
  # @return [Boolean] if the Object is tracked or not
@@ -52,7 +55,13 @@ module Contrast
52
55
  # @return [Hash]
53
56
  # @raise [ArgumentError]
54
57
  def to_controlled_hash
55
- validate
58
+ begin
59
+ validate
60
+ rescue ArgumentError => e
61
+ logger.error('FindingEventObject validation failed with: ', e)
62
+ return
63
+ end
64
+
56
65
  {
57
66
  hash: hash,
58
67
  tracked: tracked,
@@ -60,6 +69,7 @@ module Contrast
60
69
  }
61
70
  end
62
71
 
72
+ # @raise [ArgumentError]
63
73
  def validate
64
74
  raise(ArgumentError, "#{ self } did not have a proper hash. Unable to continue.") unless hash
65
75
  raise(ArgumentError, "#{ self } did not have a proper tracked. Unable to continue.") if tracked.nil?
@@ -2,6 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'base64'
5
+ require 'contrast/components/logger'
5
6
 
6
7
  module Contrast
7
8
  module Agent
@@ -11,6 +12,8 @@ module Contrast
11
12
  # used by TeamServer to relate this event to those that came previously. They represent the events that directly
12
13
  # preceding the FindingEvent generated.
13
14
  class FindingEventParentObject
15
+ include Contrast::Components::Logger::InstanceMethods
16
+
14
17
  # @return [Integer] the Id of the parent event
15
18
  attr_reader :id
16
19
 
@@ -24,12 +27,19 @@ module Contrast
24
27
  # @return [Hash]
25
28
  # @raise [ArgumentError]
26
29
  def to_controlled_hash
27
- validate
30
+ begin
31
+ validate
32
+ rescue ArgumentError => e
33
+ logger.error('FindingEventParentObject validation failed with: ', e)
34
+ return
35
+ end
36
+
28
37
  {
29
38
  id: id
30
39
  }
31
40
  end
32
41
 
42
+ # @raise [ArgumentError]
33
43
  def validate
34
44
  raise(ArgumentError, "#{ self } did not have a proper id. Unable to continue.") unless id
35
45
  end
@@ -1,6 +1,8 @@
1
1
  # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
+ require 'contrast/components/logger'
5
+
4
6
  module Contrast
5
7
  module Agent
6
8
  module Reporting
@@ -8,6 +10,8 @@ module Contrast
8
10
  # system to relay this information in the Finding/Trace messages. Events have properties on them which are held
9
11
  # as an array of key-value pairs.
10
12
  class FindingEventProperty
13
+ include Contrast::Components::Logger::InstanceMethods
14
+
11
15
  # @return [String] the key of the property
12
16
  attr_reader :key
13
17
  # @return [String] the value of the source
@@ -24,13 +28,20 @@ module Contrast
24
28
  # @return [Hash]
25
29
  # @raise [ArgumentError]
26
30
  def to_controlled_hash
27
- validate
31
+ begin
32
+ validate
33
+ rescue ArgumentError => e
34
+ logger.error('FindingEventProperty validation failed with: ', e)
35
+ return
36
+ end
37
+
28
38
  {
29
39
  key: key,
30
40
  value: value
31
41
  }
32
42
  end
33
43
 
44
+ # @raise [ArgumentError]
34
45
  def validate
35
46
  raise(ArgumentError, "#{ self } did not have a proper key. Unable to continue.") unless key && !key.empty?
36
47
  end
@@ -2,6 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/utils/object_share'
5
+ require 'contrast/components/logger'
5
6
 
6
7
  module Contrast
7
8
  module Agent
@@ -11,6 +12,8 @@ module Contrast
11
12
  # TeamServer to construct the method signature for the assess feature. They represent the method invoked when the
12
13
  # FindingEvent was generated.
13
14
  class FindingEventSignature
15
+ include Contrast::Components::Logger::InstanceMethods
16
+
14
17
  # @return [String] the types of the arguments in this event; may be different for each invocation of the
15
18
  # method.
16
19
  attr_reader :arg_types
@@ -73,7 +76,13 @@ module Contrast
73
76
  # @return [Hash]
74
77
  # @raise [ArgumentError]
75
78
  def to_controlled_hash
76
- validate
79
+ begin
80
+ validate
81
+ rescue ArgumentError => e
82
+ logger.error('FindingEventSignature validation failed with: ', e)
83
+ return
84
+ end
85
+
77
86
  {
78
87
  argTypes: arg_types,
79
88
  className: class_name,
@@ -4,6 +4,7 @@
4
4
  require 'base64'
5
5
  require 'contrast/agent/assess/contrast_event'
6
6
  require 'contrast/agent/assess/events/source_event'
7
+ require 'contrast/components/logger'
7
8
 
8
9
  module Contrast
9
10
  module Agent
@@ -13,6 +14,8 @@ module Contrast
13
14
  # to construct the vulnerability information for the assess feature. They indicate the type of data that the
14
15
  # event represents.
15
16
  class FindingEventSource
17
+ include Contrast::Components::Logger::InstanceMethods
18
+
16
19
  # @return [String] the name of the source
17
20
  attr_reader :name
18
21
  # @return [String] the type of the source
@@ -45,13 +48,20 @@ module Contrast
45
48
  # @return [Hash]
46
49
  # @raise [ArgumentError]
47
50
  def to_controlled_hash
48
- validate
51
+ begin
52
+ validate
53
+ rescue ArgumentError => e
54
+ logger.error('FindingEventSource validation failed with: ', e)
55
+ return
56
+ end
57
+
49
58
  {
50
59
  sourceName: name, # rubocop:disable Security/Module/Name
51
60
  sourceType: type
52
61
  }
53
62
  end
54
63
 
64
+ # @raise [ArgumentError]
55
65
  def validate
56
66
  raise(ArgumentError, "#{ self } did not have a proper type. Unable to continue.") unless type && !type.empty?
57
67
  end
@@ -1,6 +1,8 @@
1
1
  # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
+ require 'contrast/components/logger'
5
+
4
6
  module Contrast
5
7
  module Agent
6
8
  module Reporting
@@ -9,6 +11,8 @@ module Contrast
9
11
  # to construct the vulnerability information for the assess feature. They represent the callstack at the time
10
12
  # that each FindingEvent was generated.
11
13
  class FindingEventStack
14
+ include Contrast::Components::Logger::InstanceMethods
15
+
12
16
  # @return [String] unused
13
17
  attr_reader :eval
14
18
  # @return [String] the stack frame to show in TeamServer; the value of an entry in #caller
@@ -51,7 +55,13 @@ module Contrast
51
55
  # @return [Hash]
52
56
  # @raise [ArgumentError]
53
57
  def to_controlled_hash
54
- validate
58
+ begin
59
+ validate
60
+ rescue ArgumentError => e
61
+ logger.error('FindingEventStack validation failed with: ', e)
62
+ return
63
+ end
64
+
55
65
  {
56
66
  file: file
57
67
  # eval: eval, # This is unused by the Ruby agent
@@ -2,6 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/agent/assess/tag'
5
+ require 'contrast/components/logger'
5
6
 
6
7
  module Contrast
7
8
  module Agent
@@ -11,6 +12,8 @@ module Contrast
11
12
  # TeamServer to construct the vulnerability information for the assess feature. They represent those parts of the
12
13
  # objects that are tracked because of a security relevant operation acting on them.
13
14
  class FindingEventTaintRange
15
+ include Contrast::Components::Logger::InstanceMethods
16
+
14
17
  # @return [String] the range (inclusive:exclusive), that this tag covers.
15
18
  attr_reader :range
16
19
  # @return [String] the type of action this tag represents.
@@ -41,13 +44,20 @@ module Contrast
41
44
  # @return [Hash]
42
45
  # @raise [ArgumentError]
43
46
  def to_controlled_hash
44
- validate
47
+ begin
48
+ validate
49
+ rescue ArgumentError => e
50
+ logger.error('FindingEventTaintRange validation failed with: ', e)
51
+ return
52
+ end
53
+
45
54
  {
46
55
  range: range,
47
56
  tag: tag
48
57
  }
49
58
  end
50
59
 
60
+ # @raise [ArgumentError]
51
61
  def validate
52
62
  unless range && !range.empty?
53
63
  raise(ArgumentError, "#{ self } did not have a proper range. Unable to continue.")
@@ -1,6 +1,8 @@
1
1
  # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
+ require 'contrast/components/logger'
5
+
4
6
  module Contrast
5
7
  module Agent
6
8
  module Reporting
@@ -9,6 +11,8 @@ module Contrast
9
11
  # HTTP information for the assess feature. They represent the literal request made that resulted in the
10
12
  # vulnerability being triggered.
11
13
  class FindingRequest
14
+ include Contrast::Components::Logger::InstanceMethods
15
+
12
16
  # @return [String] the body of this request
13
17
  attr_reader :body
14
18
  # @return [Hash<String,Array<String>>] the headers of this request
@@ -68,7 +72,13 @@ module Contrast
68
72
  # @return [Hash]
69
73
  # @raise [ArgumentError]
70
74
  def to_controlled_hash
71
- validate
75
+ begin
76
+ validate
77
+ rescue ArgumentError => e
78
+ logger.error('FindingRequest validation failed with: ', e)
79
+ return
80
+ end
81
+
72
82
  {
73
83
  body: body,
74
84
  headers: headers,