contrast-agent 6.1.2 → 6.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +0 -3
- data/.simplecov +1 -0
- data/Rakefile +0 -27
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +7 -5
- data/ext/cs__assess_kernel/cs__assess_kernel.c +14 -3
- data/ext/cs__assess_kernel/cs__assess_kernel.h +2 -0
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +10 -3
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +2 -1
- data/ext/cs__assess_regexp/cs__assess_regexp.c +9 -7
- data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.c → cs__assess_string_interpolation/cs__assess_string_interpolation.c} +14 -3
- data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.h → cs__assess_string_interpolation/cs__assess_string_interpolation.h} +1 -1
- data/ext/{cs__assess_string_interpolation26 → cs__assess_string_interpolation}/extconf.rb +0 -0
- data/ext/cs__common/cs__common.c +5 -4
- data/ext/cs__contrast_patch/cs__contrast_patch.c +3 -10
- data/lib/contrast/agent/assess/events/source_event.rb +16 -12
- data/lib/contrast/agent/assess/policy/policy_node.rb +6 -0
- data/lib/contrast/agent/assess/policy/propagation_method.rb +3 -41
- data/lib/contrast/agent/assess/policy/propagation_node.rb +8 -0
- data/lib/contrast/agent/assess/policy/propagator/base.rb +2 -0
- data/lib/contrast/agent/assess/policy/source_method.rb +2 -47
- data/lib/contrast/agent/assess/policy/source_node.rb +1 -0
- data/lib/contrast/agent/assess/policy/trigger_method.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_node.rb +8 -0
- data/lib/contrast/agent/assess/property/evented.rb +4 -18
- data/lib/contrast/agent/assess/tag.rb +19 -0
- data/lib/contrast/agent/at_exit_hook.rb +9 -8
- data/lib/contrast/agent/inventory/database_config.rb +6 -3
- data/lib/contrast/agent/inventory/dependency_analysis.rb +3 -2
- data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +13 -9
- data/lib/contrast/agent/middleware.rb +4 -0
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +27 -2
- data/lib/contrast/agent/patching/policy/policy.rb +5 -0
- data/lib/contrast/agent/patching/policy/policy_node.rb +6 -0
- data/lib/contrast/agent/patching/policy/trigger_node.rb +3 -0
- data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +3 -4
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +1 -0
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +2 -2
- data/lib/contrast/agent/protect/rule/base.rb +1 -0
- data/lib/contrast/agent/protect/rule/no_sqli.rb +2 -0
- data/lib/contrast/agent/protect/rule/xss.rb +4 -0
- data/lib/contrast/agent/reporting/reporter.rb +33 -17
- data/lib/contrast/agent/reporting/reporter_heartbeat.rb +21 -15
- data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +3 -18
- data/lib/contrast/agent/reporting/reporting_events/application_update.rb +5 -24
- data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +8 -1
- data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +83 -16
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +9 -3
- data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +10 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb +12 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +10 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +29 -32
- data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +18 -20
- data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +11 -24
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +13 -6
- data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +10 -4
- data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +10 -4
- data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +9 -0
- data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +10 -1
- data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +11 -4
- data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +0 -8
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +2 -6
- data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +0 -32
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +1 -4
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +1 -11
- data/lib/contrast/agent/reporting/reporting_utilities/response.rb +60 -2
- data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +32 -10
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +58 -26
- data/lib/contrast/agent/reporting/settings/application_settings.rb +8 -23
- data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +27 -33
- data/lib/contrast/agent/reporting/settings/bot_blocker.rb +68 -0
- data/lib/contrast/agent/reporting/settings/code_exclusion.rb +27 -0
- data/lib/contrast/agent/reporting/settings/exclusion_base.rb +33 -0
- data/lib/contrast/agent/reporting/settings/exclusions.rb +39 -57
- data/lib/contrast/agent/reporting/settings/helpers.rb +56 -0
- data/lib/contrast/agent/reporting/settings/input_exclusion.rb +37 -0
- data/lib/contrast/agent/reporting/settings/ip_filter.rb +35 -0
- data/lib/contrast/agent/reporting/settings/keyword.rb +74 -0
- data/lib/contrast/agent/reporting/settings/log_enhancer.rb +65 -0
- data/lib/contrast/agent/reporting/settings/protect.rb +4 -2
- data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +62 -115
- data/lib/contrast/agent/reporting/settings/reaction.rb +11 -2
- data/lib/contrast/agent/reporting/settings/rule_definition.rb +63 -0
- data/lib/contrast/agent/reporting/settings/sampling.rb +10 -0
- data/lib/contrast/agent/reporting/settings/sanitizer.rb +38 -0
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +9 -1
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +7 -0
- data/lib/contrast/agent/reporting/settings/server_features.rb +8 -0
- data/lib/contrast/agent/reporting/settings/syslog.rb +176 -0
- data/lib/contrast/agent/reporting/settings/url_exclusion.rb +42 -0
- data/lib/contrast/agent/reporting/settings/validator.rb +17 -0
- data/lib/contrast/agent/request.rb +5 -7
- data/lib/contrast/agent/request_context.rb +8 -13
- data/lib/contrast/agent/request_context_extend.rb +8 -9
- data/lib/contrast/agent/request_handler.rb +10 -35
- data/lib/contrast/agent/rule_set.rb +4 -0
- data/lib/contrast/agent/service_heartbeat.rb +1 -1
- data/lib/contrast/agent/static_analysis.rb +6 -15
- data/lib/contrast/agent/telemetry/base.rb +35 -35
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +2 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +2 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +5 -2
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +3 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +3 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb +0 -1
- data/lib/contrast/agent/thread_watcher.rb +2 -6
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent.rb +1 -3
- data/lib/contrast/api/communication/socket.rb +1 -0
- data/lib/contrast/api/decorators/message.rb +0 -6
- data/lib/contrast/api/decorators.rb +0 -3
- data/lib/contrast/api/dtm.pb.rb +1 -1
- data/lib/contrast/api/settings.pb.rb +1 -1
- data/lib/contrast/components/assess.rb +0 -6
- data/lib/contrast/components/config.rb +18 -2
- data/lib/contrast/config/base_configuration.rb +0 -13
- data/lib/contrast/config/root_configuration.rb +1 -0
- data/lib/contrast/config/ruby_configuration.rb +2 -9
- data/lib/contrast/configuration.rb +0 -2
- data/lib/contrast/extension/assess/eval_trigger.rb +0 -4
- data/lib/contrast/extension/assess/hash.rb +3 -2
- data/lib/contrast/extension/assess/kernel.rb +22 -0
- data/lib/contrast/extension/assess/marshal.rb +16 -0
- data/lib/contrast/extension/assess/string.rb +21 -20
- data/lib/contrast/framework/base_support.rb +13 -4
- data/lib/contrast/framework/grape/support.rb +6 -6
- data/lib/contrast/framework/manager.rb +7 -23
- data/lib/contrast/framework/manager_extend.rb +1 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +11 -15
- data/lib/contrast/framework/rails/support.rb +9 -2
- data/lib/contrast/framework/sinatra/support.rb +3 -2
- data/lib/contrast/logger/aliased_logging.rb +33 -26
- data/lib/contrast/utils/assess/source_method_utils.rb +0 -9
- data/lib/contrast/utils/lru_cache.rb +3 -0
- data/lib/contrast/utils/middleware_utils.rb +2 -0
- data/lib/contrast/utils/patching/policy/patch_utils.rb +5 -22
- data/lib/contrast/utils/response_utils.rb +14 -1
- data/lib/contrast/utils/telemetry.rb +9 -0
- data/lib/contrast/utils/telemetry_client.rb +7 -7
- data/lib/contrast/utils/telemetry_hash.rb +36 -12
- data/lib/contrast/utils/telemetry_identifier.rb +8 -0
- data/lib/contrast/utils/thread_tracker.rb +26 -9
- data/lib/contrast/utils/timer.rb +6 -1
- data/lib/contrast.rb +35 -3
- data/lib/protobuf/code_generator.rb +129 -0
- data/lib/protobuf/decoder.rb +28 -0
- data/lib/protobuf/deprecation.rb +117 -0
- data/lib/protobuf/descriptors/google/protobuf/compiler/plugin.pb.rb +79 -0
- data/lib/protobuf/descriptors/google/protobuf/descriptor.pb.rb +360 -0
- data/lib/protobuf/descriptors.rb +3 -0
- data/lib/protobuf/encoder.rb +11 -0
- data/lib/protobuf/enum.rb +365 -0
- data/lib/protobuf/exceptions.rb +9 -0
- data/lib/protobuf/field/base_field.rb +380 -0
- data/lib/protobuf/field/base_field_object_definitions.rb +504 -0
- data/lib/protobuf/field/bool_field.rb +64 -0
- data/lib/protobuf/field/bytes_field.rb +67 -0
- data/lib/protobuf/field/double_field.rb +25 -0
- data/lib/protobuf/field/enum_field.rb +56 -0
- data/lib/protobuf/field/field_array.rb +102 -0
- data/lib/protobuf/field/field_hash.rb +122 -0
- data/lib/protobuf/field/fixed32_field.rb +25 -0
- data/lib/protobuf/field/fixed64_field.rb +28 -0
- data/lib/protobuf/field/float_field.rb +43 -0
- data/lib/protobuf/field/int32_field.rb +21 -0
- data/lib/protobuf/field/int64_field.rb +34 -0
- data/lib/protobuf/field/integer_field.rb +23 -0
- data/lib/protobuf/field/message_field.rb +51 -0
- data/lib/protobuf/field/sfixed32_field.rb +27 -0
- data/lib/protobuf/field/sfixed64_field.rb +28 -0
- data/lib/protobuf/field/signed_integer_field.rb +29 -0
- data/lib/protobuf/field/sint32_field.rb +21 -0
- data/lib/protobuf/field/sint64_field.rb +21 -0
- data/lib/protobuf/field/string_field.rb +51 -0
- data/lib/protobuf/field/uint32_field.rb +21 -0
- data/lib/protobuf/field/uint64_field.rb +21 -0
- data/lib/protobuf/field/varint_field.rb +77 -0
- data/lib/protobuf/field.rb +74 -0
- data/lib/protobuf/generators/base.rb +85 -0
- data/lib/protobuf/generators/enum_generator.rb +39 -0
- data/lib/protobuf/generators/extension_generator.rb +27 -0
- data/lib/protobuf/generators/field_generator.rb +193 -0
- data/lib/protobuf/generators/file_generator.rb +262 -0
- data/lib/protobuf/generators/group_generator.rb +122 -0
- data/lib/protobuf/generators/message_generator.rb +104 -0
- data/lib/protobuf/generators/option_generator.rb +17 -0
- data/lib/protobuf/generators/printable.rb +160 -0
- data/lib/protobuf/generators/service_generator.rb +50 -0
- data/lib/protobuf/lifecycle.rb +33 -0
- data/lib/protobuf/logging.rb +39 -0
- data/lib/protobuf/message/fields.rb +233 -0
- data/lib/protobuf/message/serialization.rb +85 -0
- data/lib/protobuf/message.rb +241 -0
- data/lib/protobuf/optionable.rb +72 -0
- data/lib/protobuf/tasks/compile.rake +80 -0
- data/lib/protobuf/tasks.rb +1 -0
- data/lib/protobuf/varint.rb +20 -0
- data/lib/protobuf/varint_pure.rb +31 -0
- data/lib/protobuf/version.rb +3 -0
- data/lib/protobuf/wire_type.rb +10 -0
- data/lib/protobuf.rb +91 -0
- data/proto/dynamic_discovery.proto +46 -0
- data/proto/google/protobuf/compiler/plugin.proto +183 -0
- data/proto/google/protobuf/descriptor.proto +911 -0
- data/proto/rpc.proto +71 -0
- data/resources/assess/policy.json +2 -11
- data/ruby-agent.gemspec +2 -2
- metadata +105 -30
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb +0 -30
- data/lib/contrast/api/decorators/application_update.rb +0 -52
- data/lib/contrast/api/decorators/library.rb +0 -56
- data/lib/contrast/api/decorators/library_usage_update.rb +0 -31
- data/lib/contrast/framework/platform_version.rb +0 -22
data/proto/rpc.proto
ADDED
@@ -0,0 +1,71 @@
|
|
1
|
+
// Copyright (c) 2009 Shardul Deo
|
2
|
+
//
|
3
|
+
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
|
+
// of this software and associated documentation files (the "Software"), to deal
|
5
|
+
// in the Software without restriction, including without limitation the rights
|
6
|
+
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
7
|
+
// copies of the Software, and to permit persons to whom the Software is
|
8
|
+
// furnished to do so, subject to the following conditions:
|
9
|
+
//
|
10
|
+
// The above copyright notice and this permission notice shall be included in
|
11
|
+
// all copies or substantial portions of the Software.
|
12
|
+
//
|
13
|
+
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
|
+
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
16
|
+
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
|
+
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
|
+
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
19
|
+
// THE SOFTWARE.
|
20
|
+
|
21
|
+
// Authors: Shardul Deo, BJ Neilsen
|
22
|
+
//
|
23
|
+
// Protobufs needed for socket rpcs.
|
24
|
+
|
25
|
+
syntax = "proto2";
|
26
|
+
|
27
|
+
package protobuf.socketrpc;
|
28
|
+
|
29
|
+
message Request
|
30
|
+
{
|
31
|
+
required string service_name = 1; // Fully- qualified Service class name
|
32
|
+
required string method_name = 2; // Service method to invoke
|
33
|
+
optional bytes request_proto = 3; // Serialized request bytes
|
34
|
+
optional string caller = 4; // Calling hostname or address
|
35
|
+
repeated Header headers = 5; // General purpose request headers
|
36
|
+
}
|
37
|
+
|
38
|
+
message Response
|
39
|
+
{
|
40
|
+
optional bytes response_proto = 1; // Serialized response
|
41
|
+
optional string error = 2; // Error message, if any
|
42
|
+
optional bool callback = 3 [default = false]; // Was callback invoked (not sure what this is for)
|
43
|
+
optional ErrorReason error_reason = 4; // Error Reason
|
44
|
+
optional string server = 5; // Server hostname or address
|
45
|
+
}
|
46
|
+
|
47
|
+
message Header {
|
48
|
+
required string key = 1;
|
49
|
+
optional string value = 2;
|
50
|
+
}
|
51
|
+
|
52
|
+
// Possible error reasons
|
53
|
+
// The server-side errors are returned in the response from the server.
|
54
|
+
// The client-side errors are returned by the client-side code when it doesn't
|
55
|
+
// have a response from the server.
|
56
|
+
enum ErrorReason
|
57
|
+
{
|
58
|
+
// Server-side errors
|
59
|
+
BAD_REQUEST_DATA = 0; // Server received bad request data
|
60
|
+
BAD_REQUEST_PROTO = 1; // Server received bad request proto
|
61
|
+
SERVICE_NOT_FOUND = 2; // Service not found on server
|
62
|
+
METHOD_NOT_FOUND = 3; // Method not found on server
|
63
|
+
RPC_ERROR = 4; // Rpc threw exception on server
|
64
|
+
RPC_FAILED = 5; // Rpc failed on server
|
65
|
+
|
66
|
+
// Client-side errors (these are returned by the client-side code)
|
67
|
+
INVALID_REQUEST_PROTO = 6; // Rpc was called with invalid request proto
|
68
|
+
BAD_RESPONSE_PROTO = 7; // Server returned a bad response proto
|
69
|
+
UNKNOWN_HOST = 8; // Could not find supplied host
|
70
|
+
IO_ERROR = 9; // I/O error while communicating with server
|
71
|
+
}
|
@@ -1092,17 +1092,8 @@
|
|
1092
1092
|
"patch_method": "sprintf_tagger",
|
1093
1093
|
"source": "O,P1",
|
1094
1094
|
"target": "R"
|
1095
|
-
},
|
1096
|
-
|
1097
|
-
"instance_method": true,
|
1098
|
-
"method_visibility": "public",
|
1099
|
-
"method_name":"quote",
|
1100
|
-
"source": "P0",
|
1101
|
-
"target": "R",
|
1102
|
-
"action": "SPLAT",
|
1103
|
-
"tags":["SQL_ENCODED"],
|
1104
|
-
"untags":["SQL_DECODED"]
|
1105
|
-
}, {
|
1095
|
+
},
|
1096
|
+
{
|
1106
1097
|
"class_name":"ActiveRecord::ConnectionAdapters::Quoting",
|
1107
1098
|
"instance_method": true,
|
1108
1099
|
"method_visibility": "public",
|
data/ruby-agent.gemspec
CHANGED
@@ -113,9 +113,9 @@ end
|
|
113
113
|
# dependencies.csv in this directory to indicate that and create a
|
114
114
|
# corresponding update to the fake gem server data in TeamServer.
|
115
115
|
def self.add_dependencies spec
|
116
|
-
spec.add_dependency 'ougai', '
|
117
|
-
spec.add_dependency 'protobuf', '~> 3.10'
|
116
|
+
spec.add_dependency 'ougai', '>= 1.8', '< 3.0.0'
|
118
117
|
spec.add_dependency 'rack', '~> 2.0'
|
118
|
+
spec.add_dependency 'activesupport', '>= 3.2' # TODO: RUBY-1438 remove w/ protobuf code
|
119
119
|
end
|
120
120
|
|
121
121
|
# Enumerate the files required to build the Agent.
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: contrast-agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- galen.palmer@contrastsecurity.com
|
@@ -13,7 +13,7 @@ authors:
|
|
13
13
|
autorequire:
|
14
14
|
bindir: exe
|
15
15
|
cert_chain: []
|
16
|
-
date: 2022-
|
16
|
+
date: 2022-06-08 00:00:00.000000000 Z
|
17
17
|
dependencies:
|
18
18
|
- !ruby/object:Gem::Dependency
|
19
19
|
name: bundler
|
@@ -585,44 +585,50 @@ dependencies:
|
|
585
585
|
name: ougai
|
586
586
|
requirement: !ruby/object:Gem::Requirement
|
587
587
|
requirements:
|
588
|
-
- - "
|
588
|
+
- - ">="
|
589
589
|
- !ruby/object:Gem::Version
|
590
590
|
version: '1.8'
|
591
|
+
- - "<"
|
592
|
+
- !ruby/object:Gem::Version
|
593
|
+
version: 3.0.0
|
591
594
|
type: :runtime
|
592
595
|
prerelease: false
|
593
596
|
version_requirements: !ruby/object:Gem::Requirement
|
594
597
|
requirements:
|
595
|
-
- - "
|
598
|
+
- - ">="
|
596
599
|
- !ruby/object:Gem::Version
|
597
600
|
version: '1.8'
|
601
|
+
- - "<"
|
602
|
+
- !ruby/object:Gem::Version
|
603
|
+
version: 3.0.0
|
598
604
|
- !ruby/object:Gem::Dependency
|
599
|
-
name:
|
605
|
+
name: rack
|
600
606
|
requirement: !ruby/object:Gem::Requirement
|
601
607
|
requirements:
|
602
608
|
- - "~>"
|
603
609
|
- !ruby/object:Gem::Version
|
604
|
-
version: '
|
610
|
+
version: '2.0'
|
605
611
|
type: :runtime
|
606
612
|
prerelease: false
|
607
613
|
version_requirements: !ruby/object:Gem::Requirement
|
608
614
|
requirements:
|
609
615
|
- - "~>"
|
610
616
|
- !ruby/object:Gem::Version
|
611
|
-
version: '
|
617
|
+
version: '2.0'
|
612
618
|
- !ruby/object:Gem::Dependency
|
613
|
-
name:
|
619
|
+
name: activesupport
|
614
620
|
requirement: !ruby/object:Gem::Requirement
|
615
621
|
requirements:
|
616
|
-
- - "
|
622
|
+
- - ">="
|
617
623
|
- !ruby/object:Gem::Version
|
618
|
-
version: '2
|
624
|
+
version: '3.2'
|
619
625
|
type: :runtime
|
620
626
|
prerelease: false
|
621
627
|
version_requirements: !ruby/object:Gem::Requirement
|
622
628
|
requirements:
|
623
|
-
- - "
|
629
|
+
- - ">="
|
624
630
|
- !ruby/object:Gem::Version
|
625
|
-
version: '2
|
631
|
+
version: '3.2'
|
626
632
|
description: This gem instantiates a Rack middleware for rack-based web applications
|
627
633
|
in order to provide Interactive Application Security Testing and Protection.
|
628
634
|
email:
|
@@ -631,22 +637,22 @@ executables:
|
|
631
637
|
- contrast_service
|
632
638
|
extensions:
|
633
639
|
- ext/cs__common/extconf.rb
|
634
|
-
- ext/cs__assess_marshal_module/extconf.rb
|
635
|
-
- ext/cs__assess_kernel/extconf.rb
|
636
|
-
- ext/cs__assess_string/extconf.rb
|
637
|
-
- ext/cs__assess_test/extconf.rb
|
638
|
-
- ext/cs__assess_string_interpolation26/extconf.rb
|
639
|
-
- ext/cs__assess_basic_object/extconf.rb
|
640
|
-
- ext/cs__assess_array/extconf.rb
|
641
640
|
- ext/cs__assess_regexp/extconf.rb
|
642
|
-
- ext/
|
641
|
+
- ext/cs__assess_basic_object/extconf.rb
|
643
642
|
- ext/cs__assess_hash/extconf.rb
|
644
|
-
- ext/cs__scope/extconf.rb
|
645
643
|
- ext/cs__assess_fiber_track/extconf.rb
|
646
|
-
- ext/
|
644
|
+
- ext/cs__assess_string_interpolation/extconf.rb
|
645
|
+
- ext/cs__assess_kernel/extconf.rb
|
646
|
+
- ext/cs__assess_marshal_module/extconf.rb
|
647
|
+
- ext/cs__contrast_patch/extconf.rb
|
647
648
|
- ext/cs__os_information/extconf.rb
|
649
|
+
- ext/cs__assess_array/extconf.rb
|
648
650
|
- ext/cs__tests/extconf.rb
|
651
|
+
- ext/cs__assess_module/extconf.rb
|
649
652
|
- ext/cs__assess_yield_track/extconf.rb
|
653
|
+
- ext/cs__assess_string/extconf.rb
|
654
|
+
- ext/cs__scope/extconf.rb
|
655
|
+
- ext/cs__assess_test/extconf.rb
|
650
656
|
extra_rdoc_files: []
|
651
657
|
files:
|
652
658
|
- ".clang-format"
|
@@ -689,9 +695,9 @@ files:
|
|
689
695
|
- ext/cs__assess_string/cs__assess_string.c
|
690
696
|
- ext/cs__assess_string/cs__assess_string.h
|
691
697
|
- ext/cs__assess_string/extconf.rb
|
692
|
-
- ext/
|
693
|
-
- ext/
|
694
|
-
- ext/
|
698
|
+
- ext/cs__assess_string_interpolation/cs__assess_string_interpolation.c
|
699
|
+
- ext/cs__assess_string_interpolation/cs__assess_string_interpolation.h
|
700
|
+
- ext/cs__assess_string_interpolation/extconf.rb
|
695
701
|
- ext/cs__assess_test/cs__assess_test.h
|
696
702
|
- ext/cs__assess_test/cs__assess_tests.c
|
697
703
|
- ext/cs__assess_test/extconf.rb
|
@@ -1057,14 +1063,27 @@ files:
|
|
1057
1063
|
- lib/contrast/agent/reporting/settings/application_settings.rb
|
1058
1064
|
- lib/contrast/agent/reporting/settings/assess.rb
|
1059
1065
|
- lib/contrast/agent/reporting/settings/assess_server_feature.rb
|
1066
|
+
- lib/contrast/agent/reporting/settings/bot_blocker.rb
|
1067
|
+
- lib/contrast/agent/reporting/settings/code_exclusion.rb
|
1068
|
+
- lib/contrast/agent/reporting/settings/exclusion_base.rb
|
1060
1069
|
- lib/contrast/agent/reporting/settings/exclusions.rb
|
1070
|
+
- lib/contrast/agent/reporting/settings/helpers.rb
|
1071
|
+
- lib/contrast/agent/reporting/settings/input_exclusion.rb
|
1072
|
+
- lib/contrast/agent/reporting/settings/ip_filter.rb
|
1073
|
+
- lib/contrast/agent/reporting/settings/keyword.rb
|
1074
|
+
- lib/contrast/agent/reporting/settings/log_enhancer.rb
|
1061
1075
|
- lib/contrast/agent/reporting/settings/protect.rb
|
1062
1076
|
- lib/contrast/agent/reporting/settings/protect_server_feature.rb
|
1063
1077
|
- lib/contrast/agent/reporting/settings/reaction.rb
|
1078
|
+
- lib/contrast/agent/reporting/settings/rule_definition.rb
|
1064
1079
|
- lib/contrast/agent/reporting/settings/sampling.rb
|
1080
|
+
- lib/contrast/agent/reporting/settings/sanitizer.rb
|
1065
1081
|
- lib/contrast/agent/reporting/settings/sensitive_data_masking.rb
|
1066
1082
|
- lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb
|
1067
1083
|
- lib/contrast/agent/reporting/settings/server_features.rb
|
1084
|
+
- lib/contrast/agent/reporting/settings/syslog.rb
|
1085
|
+
- lib/contrast/agent/reporting/settings/url_exclusion.rb
|
1086
|
+
- lib/contrast/agent/reporting/settings/validator.rb
|
1068
1087
|
- lib/contrast/agent/request.rb
|
1069
1088
|
- lib/contrast/agent/request_context.rb
|
1070
1089
|
- lib/contrast/agent/request_context_extend.rb
|
@@ -1083,7 +1102,6 @@ files:
|
|
1083
1102
|
- lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb
|
1084
1103
|
- lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb
|
1085
1104
|
- lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb
|
1086
|
-
- lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb
|
1087
1105
|
- lib/contrast/agent/telemetry/events/metric_event.rb
|
1088
1106
|
- lib/contrast/agent/telemetry/events/startup_metrics_event.rb
|
1089
1107
|
- lib/contrast/agent/thread.rb
|
@@ -1109,7 +1127,6 @@ files:
|
|
1109
1127
|
- lib/contrast/api/decorators/agent_startup.rb
|
1110
1128
|
- lib/contrast/api/decorators/application_settings.rb
|
1111
1129
|
- lib/contrast/api/decorators/application_startup.rb
|
1112
|
-
- lib/contrast/api/decorators/application_update.rb
|
1113
1130
|
- lib/contrast/api/decorators/architecture_component.rb
|
1114
1131
|
- lib/contrast/api/decorators/bot_blocker.rb
|
1115
1132
|
- lib/contrast/api/decorators/finding.rb
|
@@ -1117,8 +1134,6 @@ files:
|
|
1117
1134
|
- lib/contrast/api/decorators/input_analysis.rb
|
1118
1135
|
- lib/contrast/api/decorators/instrumentation_mode.rb
|
1119
1136
|
- lib/contrast/api/decorators/ip_denylist.rb
|
1120
|
-
- lib/contrast/api/decorators/library.rb
|
1121
|
-
- lib/contrast/api/decorators/library_usage_update.rb
|
1122
1137
|
- lib/contrast/api/decorators/message.rb
|
1123
1138
|
- lib/contrast/api/decorators/rasp_rule_sample.rb
|
1124
1139
|
- lib/contrast/api/decorators/response_type.rb
|
@@ -1194,7 +1209,6 @@ files:
|
|
1194
1209
|
- lib/contrast/framework/grape/support.rb
|
1195
1210
|
- lib/contrast/framework/manager.rb
|
1196
1211
|
- lib/contrast/framework/manager_extend.rb
|
1197
|
-
- lib/contrast/framework/platform_version.rb
|
1198
1212
|
- lib/contrast/framework/rack/patch/session_cookie.rb
|
1199
1213
|
- lib/contrast/framework/rack/patch/support.rb
|
1200
1214
|
- lib/contrast/framework/rack/support.rb
|
@@ -1259,6 +1273,67 @@ files:
|
|
1259
1273
|
- lib/contrast/utils/telemetry_identifier.rb
|
1260
1274
|
- lib/contrast/utils/thread_tracker.rb
|
1261
1275
|
- lib/contrast/utils/timer.rb
|
1276
|
+
- lib/protobuf.rb
|
1277
|
+
- lib/protobuf/code_generator.rb
|
1278
|
+
- lib/protobuf/decoder.rb
|
1279
|
+
- lib/protobuf/deprecation.rb
|
1280
|
+
- lib/protobuf/descriptors.rb
|
1281
|
+
- lib/protobuf/descriptors/google/protobuf/compiler/plugin.pb.rb
|
1282
|
+
- lib/protobuf/descriptors/google/protobuf/descriptor.pb.rb
|
1283
|
+
- lib/protobuf/encoder.rb
|
1284
|
+
- lib/protobuf/enum.rb
|
1285
|
+
- lib/protobuf/exceptions.rb
|
1286
|
+
- lib/protobuf/field.rb
|
1287
|
+
- lib/protobuf/field/base_field.rb
|
1288
|
+
- lib/protobuf/field/base_field_object_definitions.rb
|
1289
|
+
- lib/protobuf/field/bool_field.rb
|
1290
|
+
- lib/protobuf/field/bytes_field.rb
|
1291
|
+
- lib/protobuf/field/double_field.rb
|
1292
|
+
- lib/protobuf/field/enum_field.rb
|
1293
|
+
- lib/protobuf/field/field_array.rb
|
1294
|
+
- lib/protobuf/field/field_hash.rb
|
1295
|
+
- lib/protobuf/field/fixed32_field.rb
|
1296
|
+
- lib/protobuf/field/fixed64_field.rb
|
1297
|
+
- lib/protobuf/field/float_field.rb
|
1298
|
+
- lib/protobuf/field/int32_field.rb
|
1299
|
+
- lib/protobuf/field/int64_field.rb
|
1300
|
+
- lib/protobuf/field/integer_field.rb
|
1301
|
+
- lib/protobuf/field/message_field.rb
|
1302
|
+
- lib/protobuf/field/sfixed32_field.rb
|
1303
|
+
- lib/protobuf/field/sfixed64_field.rb
|
1304
|
+
- lib/protobuf/field/signed_integer_field.rb
|
1305
|
+
- lib/protobuf/field/sint32_field.rb
|
1306
|
+
- lib/protobuf/field/sint64_field.rb
|
1307
|
+
- lib/protobuf/field/string_field.rb
|
1308
|
+
- lib/protobuf/field/uint32_field.rb
|
1309
|
+
- lib/protobuf/field/uint64_field.rb
|
1310
|
+
- lib/protobuf/field/varint_field.rb
|
1311
|
+
- lib/protobuf/generators/base.rb
|
1312
|
+
- lib/protobuf/generators/enum_generator.rb
|
1313
|
+
- lib/protobuf/generators/extension_generator.rb
|
1314
|
+
- lib/protobuf/generators/field_generator.rb
|
1315
|
+
- lib/protobuf/generators/file_generator.rb
|
1316
|
+
- lib/protobuf/generators/group_generator.rb
|
1317
|
+
- lib/protobuf/generators/message_generator.rb
|
1318
|
+
- lib/protobuf/generators/option_generator.rb
|
1319
|
+
- lib/protobuf/generators/printable.rb
|
1320
|
+
- lib/protobuf/generators/service_generator.rb
|
1321
|
+
- lib/protobuf/lifecycle.rb
|
1322
|
+
- lib/protobuf/logging.rb
|
1323
|
+
- lib/protobuf/message.rb
|
1324
|
+
- lib/protobuf/message/fields.rb
|
1325
|
+
- lib/protobuf/message/serialization.rb
|
1326
|
+
- lib/protobuf/optionable.rb
|
1327
|
+
- lib/protobuf/tasks.rb
|
1328
|
+
- lib/protobuf/tasks/compile.rake
|
1329
|
+
- lib/protobuf/varint.rb
|
1330
|
+
- lib/protobuf/varint_pure.rb
|
1331
|
+
- lib/protobuf/version.rb
|
1332
|
+
- lib/protobuf/wire_type.rb
|
1333
|
+
- proto/dynamic_discovery.proto
|
1334
|
+
- proto/google/protobuf/compiler/plugin.proto
|
1335
|
+
- proto/google/protobuf/descriptor.proto
|
1336
|
+
- proto/rpc.proto
|
1262
1337
|
- resources/assess/policy.json
|
1263
1338
|
- resources/deadzone/policy.json
|
1264
1339
|
- resources/inventory/policy.json
|
@@ -1,30 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
module Contrast
|
5
|
-
module Agent
|
6
|
-
module Telemetry
|
7
|
-
# This module will handle the reporting of the TelemetryExceptionHash
|
8
|
-
module TelemetryExceptionReport
|
9
|
-
# Here we will send any exceptions gathered. The telemetry_hash is split into batches of 256
|
10
|
-
# and then added to the telemetry queue. Since this method is called before entering the
|
11
|
-
# until queue loop any updates after clearing the Contrast::TELEMETRY_EXCEPTIONS would have
|
12
|
-
# to wait for the sending process to be completed, so accumulating new batches.
|
13
|
-
# This methods expects queue and error_messages methods from Contrast::Agent::Telemetry::Base
|
14
|
-
def push_exceptions
|
15
|
-
return unless Contrast::TELEMETRY_EXCEPTIONS&.any?
|
16
|
-
|
17
|
-
Contrast::TELEMETRY_EXCEPTIONS.values.each_slice(256) { |tuple| error_messages.push(tuple) }
|
18
|
-
# Clear the hash. All exceptions now live in @_error_messages instance variable. and we will
|
19
|
-
# add them to the queue. Clearing would make the hash available to be populated again while the
|
20
|
-
# sending is proceeding.
|
21
|
-
Contrast::TELEMETRY_EXCEPTIONS.clear
|
22
|
-
# Add batch to queue. We need to shift here, because we want to report from the oldest batch to
|
23
|
-
# the newest. And even if somehow the array is filled during sending the new messages would stay
|
24
|
-
# and wait their turn.
|
25
|
-
queue << error_messages.shift until error_messages.empty?
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
@@ -1,52 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/utils/string_utils'
|
5
|
-
|
6
|
-
module Contrast
|
7
|
-
module Api
|
8
|
-
module Decorators
|
9
|
-
# Used to decorate the {Contrast::Api::Dtm::ApplicationUpdate} protobuf
|
10
|
-
# model so it can own some of the data massaging required for AppUpdate
|
11
|
-
# dtm.
|
12
|
-
module ApplicationUpdate
|
13
|
-
def self.included klass
|
14
|
-
klass.extend(ClassMethods)
|
15
|
-
end
|
16
|
-
|
17
|
-
def append_library_update library_dtm_list
|
18
|
-
library_dtm_list.each do |library_dtm|
|
19
|
-
libraries[library_dtm.hash_code] = library_dtm
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
# TS only allows you to report 500 routes per application
|
24
|
-
def append_route_coverage_data route_coverage_dtms
|
25
|
-
route_coverage_dtms.take(500).each do |route_coverage_dtm|
|
26
|
-
routes << route_coverage_dtm
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
def append_platform_version platform_version
|
31
|
-
self.platform = Contrast::Api::Dtm::Platform.new if platform.nil?
|
32
|
-
platform.major = platform_version.major
|
33
|
-
platform.minor = platform_version.minor
|
34
|
-
platform.build = platform_version.patch
|
35
|
-
end
|
36
|
-
|
37
|
-
# Used to add class methods to the ApplicationUpdate class on inclusion of the decorator
|
38
|
-
module ClassMethods
|
39
|
-
def build
|
40
|
-
msg = new
|
41
|
-
msg.append_route_coverage_data(Contrast::Agent.framework_manager.find_route_discovery_data)
|
42
|
-
msg.append_platform_version(Contrast::Agent.framework_manager.platform_version)
|
43
|
-
msg.append_library_update(Contrast::Agent::Inventory::DependencyAnalysis.instance.library_pb_list)
|
44
|
-
msg
|
45
|
-
end
|
46
|
-
end
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
Contrast::Api::Dtm::ApplicationUpdate.include(Contrast::Api::Decorators::ApplicationUpdate)
|
@@ -1,56 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/utils/string_utils'
|
5
|
-
require 'contrast/utils/sha256_builder'
|
6
|
-
require 'yaml'
|
7
|
-
|
8
|
-
module Contrast
|
9
|
-
module Api
|
10
|
-
module Decorators
|
11
|
-
# Used to decorate the Library protobuf model to handle Gem::Specification translation
|
12
|
-
module Library
|
13
|
-
StringUtils = Contrast::Utils::StringUtils
|
14
|
-
|
15
|
-
def self.included klass
|
16
|
-
klass.extend(ClassMethods)
|
17
|
-
end
|
18
|
-
|
19
|
-
# Used to add class methods to the Library class on inclusion of the decorator
|
20
|
-
module ClassMethods
|
21
|
-
def build digest, gem_specification
|
22
|
-
msg = new
|
23
|
-
msg.file_path = StringUtils.force_utf8(gem_specification.name) # rubocop:disable Security/Module/Name
|
24
|
-
msg.hash_code = StringUtils.force_utf8(digest)
|
25
|
-
msg.version = StringUtils.force_utf8(gem_specification.version)
|
26
|
-
msg.manifest = StringUtils.force_utf8(build_manifest(gem_specification))
|
27
|
-
msg.external_ms = date_to_ms(gem_specification.date)
|
28
|
-
msg.internal_ms = msg.external_ms
|
29
|
-
msg.url = StringUtils.force_utf8(gem_specification.homepage)
|
30
|
-
msg.class_count = file_count(gem_specification.full_gem_path.to_s)
|
31
|
-
msg.used_class_count = 0
|
32
|
-
msg
|
33
|
-
end
|
34
|
-
|
35
|
-
# These are all the code files that are located in the Gem directory loaded
|
36
|
-
# by the current environment; this includes more than Ruby files
|
37
|
-
def file_count path
|
38
|
-
Contrast::Utils::Sha256Builder.instance.files(path).length
|
39
|
-
end
|
40
|
-
|
41
|
-
def build_manifest spec
|
42
|
-
StringUtils.force_utf8(spec.to_yaml.to_s)
|
43
|
-
rescue StandardError
|
44
|
-
nil
|
45
|
-
end
|
46
|
-
|
47
|
-
def date_to_ms date
|
48
|
-
(date.to_f * 1000.0).to_i
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|
53
|
-
end
|
54
|
-
end
|
55
|
-
|
56
|
-
Contrast::Api::Dtm::Library.include(Contrast::Api::Decorators::Library)
|
@@ -1,31 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/utils/string_utils'
|
5
|
-
|
6
|
-
module Contrast
|
7
|
-
module Api
|
8
|
-
module Decorators
|
9
|
-
# Used to decorate the LibraryUsageUpdate protobuf
|
10
|
-
module LibraryUsageUpdate
|
11
|
-
def self.included klass
|
12
|
-
klass.extend(ClassMethods)
|
13
|
-
end
|
14
|
-
|
15
|
-
# Used to add class methods to the LibraryUsageUpdate class on inclusion of the decorator
|
16
|
-
module ClassMethods
|
17
|
-
def build digest, files
|
18
|
-
msg = new
|
19
|
-
msg.hash_code = Contrast::Utils::StringUtils.force_utf8(digest)
|
20
|
-
files.each do |required_file|
|
21
|
-
msg.class_names[required_file] = true
|
22
|
-
end
|
23
|
-
msg
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
Contrast::Api::Dtm::LibraryUsageUpdate.include(Contrast::Api::Decorators::LibraryUsageUpdate)
|
@@ -1,22 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
module Contrast
|
5
|
-
module Framework
|
6
|
-
# Used to map version strings from frameworks to ApplicationUpdate dtm
|
7
|
-
class PlatformVersion
|
8
|
-
attr_reader :major, :minor, :patch
|
9
|
-
|
10
|
-
def initialize major, minor, patch
|
11
|
-
@major = major || ''
|
12
|
-
@minor = minor || ''
|
13
|
-
@patch = patch || ''
|
14
|
-
end
|
15
|
-
|
16
|
-
def self.from_string platform_version_string
|
17
|
-
version_array = platform_version_string.split(Contrast::Utils::ObjectShare::PERIOD)
|
18
|
-
new(version_array[0], version_array[1], version_array[2])
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|