contrast-agent 6.1.1 → 6.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (152) hide show
  1. checksums.yaml +4 -4
  2. data/ext/cs__assess_basic_object/cs__assess_basic_object.c +7 -5
  3. data/ext/cs__assess_kernel/cs__assess_kernel.c +14 -3
  4. data/ext/cs__assess_kernel/cs__assess_kernel.h +2 -0
  5. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +10 -3
  6. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +2 -1
  7. data/ext/cs__assess_regexp/cs__assess_regexp.c +9 -7
  8. data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.c → cs__assess_string_interpolation/cs__assess_string_interpolation.c} +14 -3
  9. data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.h → cs__assess_string_interpolation/cs__assess_string_interpolation.h} +1 -1
  10. data/ext/{cs__assess_string_interpolation26 → cs__assess_string_interpolation}/extconf.rb +0 -0
  11. data/ext/cs__common/cs__common.c +5 -4
  12. data/ext/cs__contrast_patch/cs__contrast_patch.c +3 -10
  13. data/lib/contrast/agent/assess/events/source_event.rb +16 -12
  14. data/lib/contrast/agent/assess/policy/policy_node.rb +6 -0
  15. data/lib/contrast/agent/assess/policy/propagation_method.rb +3 -39
  16. data/lib/contrast/agent/assess/policy/propagation_node.rb +8 -0
  17. data/lib/contrast/agent/assess/policy/propagator/base.rb +2 -0
  18. data/lib/contrast/agent/assess/policy/source_method.rb +2 -47
  19. data/lib/contrast/agent/assess/policy/source_node.rb +1 -0
  20. data/lib/contrast/agent/assess/policy/trigger_node.rb +8 -0
  21. data/lib/contrast/agent/assess/property/evented.rb +4 -18
  22. data/lib/contrast/agent/assess/tag.rb +19 -0
  23. data/lib/contrast/agent/at_exit_hook.rb +9 -8
  24. data/lib/contrast/agent/inventory/database_config.rb +18 -7
  25. data/lib/contrast/agent/inventory/dependency_analysis.rb +3 -2
  26. data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +13 -9
  27. data/lib/contrast/agent/middleware.rb +4 -0
  28. data/lib/contrast/agent/patching/policy/after_load_patcher.rb +27 -2
  29. data/lib/contrast/agent/patching/policy/policy.rb +5 -0
  30. data/lib/contrast/agent/patching/policy/policy_node.rb +6 -0
  31. data/lib/contrast/agent/patching/policy/trigger_node.rb +3 -0
  32. data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +3 -4
  33. data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +1 -0
  34. data/lib/contrast/agent/protect/policy/rule_applicator.rb +2 -2
  35. data/lib/contrast/agent/protect/rule/base.rb +1 -0
  36. data/lib/contrast/agent/protect/rule/no_sqli.rb +2 -0
  37. data/lib/contrast/agent/protect/rule/xss.rb +4 -0
  38. data/lib/contrast/agent/reporting/reporter.rb +33 -17
  39. data/lib/contrast/agent/reporting/reporter_heartbeat.rb +21 -15
  40. data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +3 -18
  41. data/lib/contrast/agent/reporting/reporting_events/application_update.rb +5 -24
  42. data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +8 -1
  43. data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +83 -16
  44. data/lib/contrast/agent/reporting/reporting_events/finding.rb +9 -3
  45. data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +10 -1
  46. data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +11 -1
  47. data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb +11 -1
  48. data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb +12 -1
  49. data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +10 -1
  50. data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +11 -1
  51. data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +11 -1
  52. data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +11 -1
  53. data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +11 -1
  54. data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +29 -32
  55. data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +18 -20
  56. data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +11 -24
  57. data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +13 -6
  58. data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +10 -4
  59. data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +10 -4
  60. data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +9 -0
  61. data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +10 -1
  62. data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +11 -4
  63. data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +0 -8
  64. data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +2 -6
  65. data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +0 -32
  66. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +1 -4
  67. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +1 -11
  68. data/lib/contrast/agent/reporting/reporting_utilities/response.rb +60 -2
  69. data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +32 -10
  70. data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +1 -1
  71. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +58 -26
  72. data/lib/contrast/agent/reporting/settings/application_settings.rb +8 -23
  73. data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +27 -33
  74. data/lib/contrast/agent/reporting/settings/bot_blocker.rb +68 -0
  75. data/lib/contrast/agent/reporting/settings/code_exclusion.rb +27 -0
  76. data/lib/contrast/agent/reporting/settings/exclusion_base.rb +33 -0
  77. data/lib/contrast/agent/reporting/settings/exclusions.rb +39 -57
  78. data/lib/contrast/agent/reporting/settings/helpers.rb +56 -0
  79. data/lib/contrast/agent/reporting/settings/input_exclusion.rb +37 -0
  80. data/lib/contrast/agent/reporting/settings/ip_filter.rb +35 -0
  81. data/lib/contrast/agent/reporting/settings/keyword.rb +74 -0
  82. data/lib/contrast/agent/reporting/settings/log_enhancer.rb +65 -0
  83. data/lib/contrast/agent/reporting/settings/protect.rb +4 -2
  84. data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +62 -115
  85. data/lib/contrast/agent/reporting/settings/reaction.rb +11 -2
  86. data/lib/contrast/agent/reporting/settings/rule_definition.rb +63 -0
  87. data/lib/contrast/agent/reporting/settings/sampling.rb +10 -0
  88. data/lib/contrast/agent/reporting/settings/sanitizer.rb +38 -0
  89. data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +9 -1
  90. data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +7 -0
  91. data/lib/contrast/agent/reporting/settings/server_features.rb +8 -0
  92. data/lib/contrast/agent/reporting/settings/syslog.rb +176 -0
  93. data/lib/contrast/agent/reporting/settings/url_exclusion.rb +42 -0
  94. data/lib/contrast/agent/reporting/settings/validator.rb +17 -0
  95. data/lib/contrast/agent/request.rb +5 -7
  96. data/lib/contrast/agent/request_context.rb +8 -13
  97. data/lib/contrast/agent/request_context_extend.rb +8 -9
  98. data/lib/contrast/agent/request_handler.rb +10 -35
  99. data/lib/contrast/agent/rule_set.rb +4 -0
  100. data/lib/contrast/agent/service_heartbeat.rb +1 -1
  101. data/lib/contrast/agent/static_analysis.rb +6 -15
  102. data/lib/contrast/agent/telemetry/base.rb +35 -35
  103. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +2 -0
  104. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +2 -0
  105. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +5 -2
  106. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +3 -0
  107. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +3 -0
  108. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb +0 -1
  109. data/lib/contrast/agent/thread_watcher.rb +2 -6
  110. data/lib/contrast/agent/version.rb +1 -1
  111. data/lib/contrast/agent.rb +1 -3
  112. data/lib/contrast/api/communication/socket.rb +1 -0
  113. data/lib/contrast/api/decorators/message.rb +0 -6
  114. data/lib/contrast/api/decorators.rb +0 -3
  115. data/lib/contrast/components/assess.rb +0 -6
  116. data/lib/contrast/components/config.rb +18 -2
  117. data/lib/contrast/config/base_configuration.rb +0 -13
  118. data/lib/contrast/config/root_configuration.rb +1 -0
  119. data/lib/contrast/config/ruby_configuration.rb +2 -9
  120. data/lib/contrast/configuration.rb +0 -2
  121. data/lib/contrast/extension/assess/eval_trigger.rb +0 -4
  122. data/lib/contrast/extension/assess/hash.rb +3 -2
  123. data/lib/contrast/extension/assess/kernel.rb +22 -0
  124. data/lib/contrast/extension/assess/marshal.rb +16 -0
  125. data/lib/contrast/extension/assess/string.rb +21 -20
  126. data/lib/contrast/framework/base_support.rb +13 -4
  127. data/lib/contrast/framework/grape/support.rb +6 -6
  128. data/lib/contrast/framework/manager.rb +7 -23
  129. data/lib/contrast/framework/manager_extend.rb +1 -1
  130. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +11 -15
  131. data/lib/contrast/framework/rails/support.rb +9 -2
  132. data/lib/contrast/framework/sinatra/support.rb +3 -2
  133. data/lib/contrast/logger/aliased_logging.rb +33 -26
  134. data/lib/contrast/utils/assess/source_method_utils.rb +0 -9
  135. data/lib/contrast/utils/lru_cache.rb +3 -0
  136. data/lib/contrast/utils/middleware_utils.rb +2 -0
  137. data/lib/contrast/utils/response_utils.rb +14 -1
  138. data/lib/contrast/utils/telemetry.rb +9 -0
  139. data/lib/contrast/utils/telemetry_client.rb +7 -7
  140. data/lib/contrast/utils/telemetry_hash.rb +36 -12
  141. data/lib/contrast/utils/telemetry_identifier.rb +8 -0
  142. data/lib/contrast/utils/thread_tracker.rb +26 -9
  143. data/lib/contrast/utils/timer.rb +6 -1
  144. data/lib/contrast.rb +1 -3
  145. data/resources/assess/policy.json +2 -11
  146. data/ruby-agent.gemspec +1 -1
  147. metadata +36 -22
  148. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb +0 -30
  149. data/lib/contrast/api/decorators/application_update.rb +0 -52
  150. data/lib/contrast/api/decorators/library.rb +0 -56
  151. data/lib/contrast/api/decorators/library_usage_update.rb +0 -31
  152. data/lib/contrast/framework/platform_version.rb +0 -22
@@ -0,0 +1,56 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ module Contrast
5
+ module Agent
6
+ module Reporting
7
+ module Settings
8
+ # Helper methods used across the settings.
9
+ module Helpers
10
+ class << self
11
+ # Fills instance variable [Array] with new settings as new instance type
12
+ # for each entry.
13
+ #
14
+ # @param instance_type [Class] a class to create new instance from to
15
+ # @param instance_variable [Array] instance variable accessor method
16
+ # return an array to fill.
17
+ # @param array [Array] array to be used to fill the iv.
18
+ # fill the iv with the new type containing data from the provided array
19
+ # param.
20
+ # @return instance_variable [Class]
21
+ def array_to_iv instance_type, instance_variable, array
22
+ return unless array.is_a?(Array)
23
+
24
+ array.each_with_index do |entry, index|
25
+ new_instance = instance_type.new
26
+ instance_type::ATTRIBUTES.each do |attr|
27
+ new_instance.send("#{ attr }=".to_sym, entry[no_more_underscore(attr)])
28
+ end
29
+ instance_variable[index] = new_instance
30
+ end
31
+
32
+ instance_variable
33
+ end
34
+
35
+ # :attr_name => :attrName
36
+ # return original if no '_'
37
+ #
38
+ # @param attr_name [Symbol]
39
+ # @return normalized_name [Symbol]
40
+ def no_more_underscore attr_name
41
+ name = attr_name.to_s
42
+ idx = name.index('_')
43
+ return attr_name if idx.nil? || (idx.zero? && idx >= name.length)
44
+
45
+ result = name
46
+ result.slice!(idx)
47
+ result.insert(idx, name[idx]&.upcase)
48
+ result.slice!(idx + 1)
49
+ result.index('_') ? no_more_underscore(result).to_sym : result.to_sym
50
+ end
51
+ end
52
+ end
53
+ end
54
+ end
55
+ end
56
+ end
@@ -0,0 +1,37 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/settings/exclusion_base'
5
+ require 'contrast/utils/object_share'
6
+
7
+ module Contrast
8
+ module Agent
9
+ module Reporting
10
+ module Settings
11
+ # InputExclusions class
12
+ class InputExclusion < ExclusionBase
13
+ ATTRIBUTES = BASE_ATTRIBUTES.dup << :type
14
+ ATTRIBUTES.cs__freeze
15
+ VALID_INPUT_TYPES = %w[COOKIE PARAMETER HEADER BODY QUERYSTRING].cs__freeze
16
+
17
+ # @return type [String] The type of the input
18
+ def type
19
+ @_type ||= Contrast::Utils::ObjectShare::EMPTY_STRING
20
+ end
21
+
22
+ # @param new_type [String] Set new input type.
23
+ # @return type [String] The type of the input.
24
+ def type= new_type
25
+ @_type = new_type if VALID_INPUT_TYPES.include?(new_type)
26
+ end
27
+
28
+ def to_controlled_hash
29
+ hash = super
30
+ hash[:type] = type
31
+ hash
32
+ end
33
+ end
34
+ end
35
+ end
36
+ end
37
+ end
@@ -0,0 +1,35 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ module Contrast
5
+ module Agent
6
+ module Reporting
7
+ module Settings
8
+ # The IP addresses for which to disable protection.
9
+ class IpFilter
10
+ ATTRIBUTES = %i[expires ip name uuid].cs__freeze
11
+
12
+ # The value in milliseconds since epoch for expiration. Value of '0' means no expiration.
13
+ #
14
+ # @return expires [Integer] The time after which the filter is no longer valid.
15
+ attr_accessor :expires
16
+ # @return ip [String] The IP or range of IPs to which this message pertains.
17
+ attr_accessor :ip
18
+ # @return name [String] The user defined name of the filter.
19
+ attr_accessor :name
20
+ # @return uuid [String] The identifier of the filter as defined by TeamServer.
21
+ attr_accessor :uuid
22
+
23
+ def to_controlled_hash
24
+ {
25
+ expires: expires,
26
+ ip: ip,
27
+ name: name, # rubocop:disable Security/Module/Name
28
+ uuid: uuid
29
+ }
30
+ end
31
+ end
32
+ end
33
+ end
34
+ end
35
+ end
@@ -0,0 +1,74 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/settings/helpers'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Settings
10
+ # The words to search for in input that indicate an attack
11
+ class Keyword
12
+ ATTRIBUTES = %i[id value case_sensitive score prohibited_features mandatory_features].cs__freeze
13
+
14
+ # @return id [String]
15
+ attr_accessor :id
16
+ # @return value [string]
17
+ attr_accessor :value
18
+ # @return case_sensitive [Boolean]
19
+ attr_accessor :case_sensitive
20
+ # @return score [Integer] The impact of matching this entry;
21
+ # higher meaning more likely to be an attack
22
+ attr_accessor :score
23
+
24
+ # Disable this pattern or keyword if agent implements one of
25
+ # the specified features
26
+ #
27
+ # @return [Array<String>]
28
+ def prohibited_features
29
+ @_prohibited_features ||= []
30
+ end
31
+
32
+ # Disable this pattern or keyword if agent implements one of
33
+ # the specified features
34
+ #
35
+ # @return [Array<String>]
36
+ def mandatory_features
37
+ @_mandatory_features ||= []
38
+ end
39
+
40
+ # Set the features.
41
+ #
42
+ # @param features [Array]
43
+ # @return [Array<String>]
44
+ def prohibited_features= features
45
+ @_prohibited_features = features if features.is_a?(Array)
46
+ end
47
+
48
+ # Set the features.
49
+ #
50
+ # @param features [Array]
51
+ # @return [Array<String>]
52
+ def mandatory_features= features
53
+ @_mandatory_features = features if features.is_a?(Array)
54
+ end
55
+
56
+ def to_controlled_hash
57
+ {
58
+ id: id,
59
+ value: value,
60
+ caseSensitive: case_sensitive,
61
+ score: score,
62
+ prohibitedFeatures: prohibited_features,
63
+ mandatoryFeatures: mandatory_features
64
+ }
65
+ end
66
+ end
67
+
68
+ # A word or pattern whose presence in an input represents an attack
69
+ class Pattern < Keyword
70
+ end
71
+ end
72
+ end
73
+ end
74
+ end
@@ -0,0 +1,65 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/utils/object_share'
5
+
6
+ module Contrast
7
+ module Agent
8
+ module Reporting
9
+ module Settings
10
+ # All of the apis to add new logging calls to the application at runtime
11
+ class LogEnhancer
12
+ ATTRIBUTES = %i[id api format level name type].cs__freeze
13
+ LOG_LEVELS = %w[TRACE DEBUG INFO WARN ERROR].cs__freeze
14
+ TYPES = %w[AUDIT ERROR SECURITY].cs__freeze
15
+
16
+ # @return api [String] The method signature to instrument, as understood by the agent.
17
+ attr_accessor :api
18
+ # @return format [String] The format of the message to log.
19
+ attr_accessor :format
20
+ # @return id [Integer] The identifier of the enhancer as defined by TeamServer.
21
+ attr_accessor :id
22
+ # @return name [String] The user defined name of the enhancer.
23
+ attr_accessor :name
24
+
25
+ # @return level [String] The level at which to log this message. Trace as 0 and Error as 4.
26
+ # [ TRACE, DEBUG, INFO, WARN, ERROR ]
27
+ def level
28
+ @_level ||= Contrast::Utils::ObjectShare::EMPTY_STRING
29
+ end
30
+
31
+ # @param new_level [String] new level to set.
32
+ # @return level [String] The level at which to log this message. Trace as 0 and Error as 4.
33
+ # [ TRACE, DEBUG, INFO, WARN, ERROR ]
34
+ def level= new_level
35
+ @_level = new_level if LOG_LEVELS.include?(new_level)
36
+ end
37
+
38
+ # @return type [String] The type of log message to generate. Audit as 0, Security as 2.
39
+ # [ AUDIT, ERROR, SECURITY ]
40
+ def type
41
+ @_type ||= Contrast::Utils::ObjectShare::EMPTY_STRING
42
+ end
43
+
44
+ # @param new_type [String] new type to set.
45
+ # @return type [String] The type of log message to generate. Audit as 0, Security as 2.
46
+ # [ AUDIT, ERROR, SECURITY ]
47
+ def type= new_type
48
+ @_type = new_type if TYPES.include?(new_type)
49
+ end
50
+
51
+ def to_controlled_hash
52
+ {
53
+ id: id,
54
+ api: api,
55
+ format: format,
56
+ name: name, # rubocop:disable Security/Module/Name
57
+ level: level,
58
+ type: type
59
+ }
60
+ end
61
+ end
62
+ end
63
+ end
64
+ end
65
+ end
@@ -2,6 +2,8 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/utils/object_share'
5
+ require 'contrast/api/dtm.pb'
6
+ require 'contrast/api/settings.pb'
5
7
 
6
8
  module Contrast
7
9
  module Agent
@@ -82,12 +84,12 @@ module Contrast
82
84
 
83
85
  api_mode = case setting_mode
84
86
  when PROTECT_RULES_MODE[1]
85
- ::Contrast::Api::Settings::ProtectionRule::Mode::MONITORED
87
+ ::Contrast::Api::Settings::ProtectionRule::Mode::MONITOR
86
88
  when PROTECT_RULES_MODE[2]
87
89
  if rule[:blockAtEntry]
88
90
  ::Contrast::Api::Settings::ProtectionRule::Mode::BLOCK_AT_PERIMETER
89
91
  else
90
- ::Contrast::Api::Settings::ProtectionRule::Mode::BLOCKED
92
+ ::Contrast::Api::Settings::ProtectionRule::Mode::BLOCK
91
93
  end
92
94
  else
93
95
  ::Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION
@@ -2,6 +2,12 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/utils/object_share'
5
+ require 'contrast/agent/reporting/settings/bot_blocker'
6
+ require 'contrast/agent/reporting/settings/ip_filter'
7
+ require 'contrast/agent/reporting/settings/log_enhancer'
8
+ require 'contrast/agent/reporting/settings/rule_definition'
9
+ require 'contrast/agent/reporting/settings/syslog'
10
+ require 'contrast/agent/reporting/settings/helpers'
5
11
 
6
12
  module Contrast
7
13
  module Agent
@@ -28,22 +34,14 @@ module Contrast
28
34
 
29
35
  # Indicate if the bot protection feature set is enabled for this server or not.
30
36
  #
31
- # @return bot_blocker [Boolean]
37
+ # @return bot_blocker [Contrast::Agent::Reporting::Settings::BotBlocker]
32
38
  def bot_blocker
33
- @_bot_blocker
34
- end
35
-
36
- # set bot_blocker
37
- #
38
- # @param bot_blocker [Boolean]
39
- # @return bot_blocker [Boolean]
40
- def bot_blocker= bot_blocker
41
- @_bot_blocker = bot_blocker if !!bot_blocker == bot_blocker
39
+ @_bot_blocker ||= Contrast::Agent::Reporting::Settings::BotBlocker.new
42
40
  end
43
41
 
44
42
  # The IP addresses for which to disable protection.
45
43
  #
46
- # @return ip_allowlist [Array<IpFilter>]
44
+ # @return ip_allowlist [Array<Contrast::Agent::Reporting::Settings::IpFilter>, []]
47
45
  # expires [Integer] The time after which the filter is no longer valid.
48
46
  # ip [String] The IP or range of IPs to which this message pertains.
49
47
  # name [String] The user defined name of the filter.
@@ -60,18 +58,16 @@ module Contrast
60
58
  # name [String] The user defined name of the filter.
61
59
  # uuid [String] The identifier of the filter as defined by TeamServer.
62
60
  # }
63
- # @return ip_allowlist [Array<IpFilter>]
64
- # expires [Integer] The time after which the filter is no longer valid.
65
- # ip [String] The IP or range of IPs to which this message pertains.
66
- # name [String] The user defined name of the filter.
67
- # uuid [String] The identifier of the filter as defined by TeamServer.
61
+ # @return ip_allowlist [Array<Contrast::Agent::Reporting::Settings::IpFilter>]
68
62
  def ip_allowlist= allowlist
69
- @_ip_allowlist = allowlist if allowlist.is_a?(Array)
63
+ Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(Contrast::Agent::Reporting::Settings::IpFilter,
64
+ ip_allowlist,
65
+ allowlist)
70
66
  end
71
67
 
72
68
  # The IP addresses for which to disable protection.
73
69
  #
74
- # @return ip_denylist [Array<IpFilter>]
70
+ # @return ip_denylist [Array<IpFilter>, []]
75
71
  # expires [Integer] The time after which the filter is no longer valid.
76
72
  # ip [String] The IP or range of IPs to which this message pertains.
77
73
  # name [String] The user defined name of the filter.
@@ -88,72 +84,42 @@ module Contrast
88
84
  # name [String] The user defined name of the filter.
89
85
  # uuid [String] The identifier of the filter as defined by TeamServer.
90
86
  # }
91
- # @return ip_denylist [Array<IpFilter>]
92
- # expires [Integer] The time after which the filter is no longer valid.
93
- # ip [String] The IP or range of IPs to which this message pertains.
94
- # name [String] The user defined name of the filter.
95
- # uuid [String] The identifier of the filter as defined by TeamServer.
87
+ # @return ip_denylist [Array<Contrast::Agent::Reporting::Settings::IpFilter>]
96
88
  def ip_denylist= denylist
97
- @_ip_denylist = denylist if denylist.is_a?(Array)
89
+ Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(Contrast::Agent::Reporting::Settings::IpFilter,
90
+ ip_denylist,
91
+ denylist)
98
92
  end
99
93
 
100
94
  # All of the apis to add new logging calls to the application at runtime.
101
95
  #
102
- # @return log_enchancers [Array<LogEnchancers>]
103
- # api [String] The method signature to instrument, as understood by the agent.
104
- # format [String] The format of the message to log.
105
- # id [Integer] The identifier of the enhancer as defined by TeamServer.
106
- # level [String] The level at which to log this message. Trace as 0 and Error as 4.
107
- # [ TRACE, DEBUG, INFO, WARN, ERROR ]
108
- # name [String] The user defined name of the enhancer.
109
- # type [String] The type of log message to tenerate. Audit as 0, Security as 2.
110
- # [ AUDIT, ERROR, SECURITY ]
111
- def log_enchancers
112
- @_log_enchancers ||= []
96
+ # @return log_enhancers [Array<Contrast::Agent::Reporting::Settings::LogEnhancer>, []]
97
+ def log_enhancers
98
+ @_log_enhancers ||= []
113
99
  end
114
100
 
115
101
  # All of the apis to add new logging calls to the application at runtime.
116
102
  #
117
- # @param log_enchancers [Array<LogEnchancers>] of LogEnchancers: {
103
+ # @param log_enhancers_array [Array<LogEnhancers>] of LogEnhancers: {
118
104
  # api [String] The method signature to instrument, as understood by the agent.
119
105
  # format [String] The format of the message to log.
120
106
  # id [Integer] The identifier of the enhancer as defined by TeamServer.
121
107
  # level [String] The level at which to log this message. Trace as 0 and Error as 4.
122
108
  # [ TRACE, DEBUG, INFO, WARN, ERROR ]
123
109
  # name [String] The user defined name of the enhancer.
124
- # type [String] The type of log message to tenerate. Audit as 0, Security as 2.
110
+ # type [String] The type of log message to generate. Audit as 0, Security as 2.
125
111
  # [ AUDIT, ERROR, SECURITY ]
126
112
  # }
127
- # @return log_enchancers [Array<LogEnchancers>]
128
- # api [String] The method signature to instrument, as understood by the agent.
129
- # format [String] The format of the message to log.
130
- # id [Integer] The identifier of the enhancer as defined by TeamServer.
131
- # level [String] The level at which to log this message. Trace as 0 and Error as 4.
132
- # [ TRACE, DEBUG, INFO, WARN, ERROR ]
133
- # name [String] The user defined name of the enhancer.
134
- # type [String] The type of log message to tenerate. Audit as 0, Security as 2.
135
- # [ AUDIT, ERROR, SECURITY ]
136
- def log_enchancers= log_enchancers
137
- @_log_enchancers = log_enchancers if log_enchancers.is_a?(Array)
113
+ # @return log_enhancers [Array<Contrast::Agent::Reporting::Settings::LogEnhancer>]
114
+ def log_enhancers= log_enhancers_array
115
+ Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(Contrast::Agent::Reporting::Settings::LogEnhancer,
116
+ log_enhancers,
117
+ log_enhancers_array)
138
118
  end
139
119
 
140
120
  # The keywords and patterns required for the input analysis of each rule with that capability.
141
121
  #
142
- # @return rule_defenition_list [Array<RuleDefinition>]
143
- # keywords [Array] The words to search for in input that indicate an attack.{
144
- # caseSensitive [Boolean]
145
- # id [String]
146
- # score [Integer] The impact of matching this entry; higher meaning more
147
- # likely to be an attack
148
- # value [String] }
149
- # name [String] AssessRuleID
150
- # patterns [Array] A word or pattern whose presence in an input represents an attack {
151
- # caseSensitive [Boolean]
152
- # id [String]
153
- # score [Integer] The impact of matching this entry; higher meaning more
154
- # likely to be an attack
155
- # value [String] }
156
- # }
122
+ # @return rule_definition_list [Array<Contrast::Agent::Reporting::Settings::RuleDefinition>]
157
123
  def rule_definition_list
158
124
  @_rule_definition_list ||= []
159
125
  end
@@ -175,66 +141,47 @@ module Contrast
175
141
  # likely to be an attack
176
142
  # value [String] }
177
143
  # }
178
- # @return rule_defenition_list [Array<RuleDefinition>] Array of RuleDefinition: {
179
- # keywords [Array] The words to search for in input that indicate an attack.{
180
- # caseSensitive [Boolean]
181
- # id [String]
182
- # score [Integer] The impact of matching this entry; higher meaning more
183
- # likely to be an attack
184
- # value [String] }
185
- # name [String] AssessRuleID
186
- # patterns [Array] A word or pattern whose presence in an input represents an attack {
187
- # caseSensitive [Boolean]
188
- # id [String]
189
- # score [Integer] The impact of matching this entry; higher meaning more
190
- # likely to be an attack
191
- # value [String] }
192
- # }
144
+ # @return rule_definition_list [Array<Contrast::Agent::Reporting::Settings::RuleDefinition>]
193
145
  def rule_definition_list= list
194
- @_rule_definition_list = list if list.is_a?(Array)
146
+ Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(
147
+ Contrast::Agent::Reporting::Settings::RuleDefinition,
148
+ rule_definition_list,
149
+ list)
195
150
  end
196
151
 
197
152
  # Controls for the syslogging feature in the agent.
198
153
  #
199
- # @return syslog [Hash<logsSettings>]
200
- # syslogConnectionType [String]
201
- # syslogEnabled [Integer]
202
- # syslogFacilityCode [Integer]
203
- # syslogIpAddress [String]
204
- # syslogPortNumber [Integer]
205
- # syslogProtocol [String]
206
- # syslogSeverityExploited [String]
207
- # syslogSeverityProbed [String]
208
- # syslogSeveritySuspicous [String]
154
+ # @return syslog [Contrast::Agent::Reporting::Settings::Syslog]
209
155
  def syslog
210
- @_syslog ||= {}
156
+ @_syslog ||= Contrast::Agent::Reporting::Settings::Syslog.new
211
157
  end
212
158
 
213
- # Controls for the syslogging feature in the agent.
214
- #
215
- # @param log [Hash<logsSettings>] {
216
- # syslogConnectionType [String]
217
- # syslogEnabled [Integer]
218
- # syslogFacilityCode [Integer]
219
- # syslogIpAddress [String]
220
- # syslogPortNumber [Integer]
221
- # syslogProtocol [String]
222
- # syslogSeverityExploited [String]
223
- # syslogSeverityProbed [String]
224
- # syslogSeveritySuspicous [String]
225
- # }
226
- # @return syslog [Hash<logsSettings>]
227
- # syslogConnectionType [String]
228
- # syslogEnabled [Integer]
229
- # syslogFacilityCode [Integer]
230
- # syslogIpAddress [String]
231
- # syslogPortNumber [Integer]
232
- # syslogProtocol [String]
233
- # syslogSeverityExploited [String]
234
- # syslogSeverityProbed [String]
235
- # syslogSeveritySuspicous [String]
236
- def syslog= log
237
- @_syslog = log if log.is_a?(Hash)
159
+ # The protect response should be structured like this:
160
+ # protect{ enable, observability, rules, log_enhancers }
161
+ # instead we receive all the data under the protect:
162
+ # the rules array is merged under protect and the ruleDefinition
163
+ # list is separate:
164
+ # "defend" : {
165
+ # "botBlockers" : [],
166
+ # "enabled" : true,
167
+ # "logEnhancers" : [],
168
+ # "ipDenylist" : [],
169
+ # "ipAllowlist" : [],
170
+ # "syslog" : {},
171
+ # "ruleDefinitionList" : [{...}],
172
+ # "bot-blocker" : false
173
+ # },
174
+ def to_controlled_hash
175
+ {
176
+ botBlockers: bot_blocker.bots.map(&:to_controlled_hash),
177
+ enabled: enabled?,
178
+ logEnhancers: log_enhancers.map(&:to_controlled_hash),
179
+ ipDenylist: ip_denylist.map(&:to_controlled_hash),
180
+ ipAllowlist: ip_allowlist.map(&:to_controlled_hash),
181
+ syslog: syslog.to_controlled_hash,
182
+ ruleDefinitionList: rule_definition_list.map(&:to_controlled_hash),
183
+ 'bot-blocker': bot_blocker.to_controlled_hash
184
+ }
238
185
  end
239
186
  end
240
187
  end
@@ -1,6 +1,8 @@
1
1
  # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
+ require 'contrast/agent/reporting/settings/log_enhancer'
5
+
4
6
  module Contrast
5
7
  module Agent
6
8
  module Reporting
@@ -10,7 +12,6 @@ module Contrast
10
12
  attr_accessor :level, :operation, :message
11
13
 
12
14
  # used to check the parameters and also before reactions settings update
13
- LEVELS = %w[ERROR WARN INFO DEBUG TRACE].cs__freeze
14
15
  OPERATIONS = %w[NOOP DISABLE].cs__freeze
15
16
 
16
17
  # Reaction the agent should take based on a state in TS.
@@ -19,10 +20,18 @@ module Contrast
19
20
  # @param message [String] A message to log when receiving this reaction.
20
21
  # @param operation [String] What to do in response to this reaction.[NOOP, DISABLE]
21
22
  def initialize level, operation, message
22
- @level = level if LEVELS.include?(level)
23
+ @level = level if Contrast::Agent::Reporting::Settings::LogEnhancer::LOG_LEVELS.include?(level)
23
24
  @operation = operation if OPERATIONS.include?(operation)
24
25
  @message = message if message.is_a?(String)
25
26
  end
27
+
28
+ def to_controlled_hash
29
+ {
30
+ message: message,
31
+ level: level,
32
+ operation: operation
33
+ }
34
+ end
26
35
  end
27
36
  end
28
37
  end
@@ -0,0 +1,63 @@
1
+ # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ require 'contrast/agent/reporting/settings/helpers'
5
+ require 'contrast/agent/reporting/settings/keyword'
6
+
7
+ module Contrast
8
+ module Agent
9
+ module Reporting
10
+ module Settings
11
+ # The keywords and patterns required for the input analysis of each rule with that capability.
12
+ class RuleDefinition
13
+ ATTRIBUTES = %i[name keywords patterns].cs__freeze
14
+
15
+ # @return name [String] Name of the rule
16
+ attr_accessor :name
17
+
18
+ # The words to search for in input that indicate an attack
19
+ #
20
+ # @return [array<Contrast::Agent::Reporting::Settings::Keyword>]
21
+ def keywords
22
+ @_keywords ||= []
23
+ end
24
+
25
+ # A word or pattern whose presence in an input represents an attack
26
+ #
27
+ # @return [array<Contrast::Agent::Reporting::Settings::Pattern>]
28
+ def patterns
29
+ @_patterns ||= []
30
+ end
31
+
32
+ # Set keywords.
33
+ #
34
+ # @param keywords_array [Array]
35
+ # @return [array<Contrast::Agent::Reporting::Settings::Keyword>]
36
+ def keywords= keywords_array
37
+ Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(Contrast::Agent::Reporting::Settings::Keyword,
38
+ keywords,
39
+ keywords_array)
40
+ end
41
+
42
+ # Set patterns.
43
+ #
44
+ # @param patterns_array [Array]
45
+ # @return [array<Contrast::Agent::Reporting::Settings::Pattern>]
46
+ def patterns= patterns_array
47
+ Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(Contrast::Agent::Reporting::Settings::Pattern,
48
+ patterns,
49
+ patterns_array)
50
+ end
51
+
52
+ def to_controlled_hash
53
+ {
54
+ name: name, # rubocop:disable Security/Module/Name
55
+ keywords: keywords.map(&:to_controlled_hash),
56
+ patterns: patterns.map(&:to_controlled_hash)
57
+ }
58
+ end
59
+ end
60
+ end
61
+ end
62
+ end
63
+ end
@@ -29,6 +29,16 @@ module Contrast
29
29
  @response_frequency = hsh[:responseFrequency]
30
30
  @window_ms = hsh[:window]
31
31
  end
32
+
33
+ def to_controlled_hash
34
+ {
35
+ baseline: baseline,
36
+ enabled: enabled,
37
+ frequency: request_frequency,
38
+ responseFrequency: response_frequency,
39
+ window: window_ms
40
+ }
41
+ end
32
42
  end
33
43
  end
34
44
  end