contrast-agent 6.10.0 → 6.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.simplecov +1 -1
- data/Gemfile +1 -1
- data/Rakefile +1 -1
- data/ext/build_funchook.rb +2 -2
- data/ext/cs__assess_array/cs__assess_array.c +24 -18
- data/ext/cs__assess_array/extconf.rb +1 -1
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +1 -1
- data/ext/cs__assess_basic_object/extconf.rb +1 -1
- data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
- data/ext/cs__assess_fiber_track/extconf.rb +1 -1
- data/ext/cs__assess_hash/cs__assess_hash.c +1 -1
- data/ext/cs__assess_hash/extconf.rb +1 -1
- data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -1
- data/ext/cs__assess_kernel/extconf.rb +1 -1
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +7 -5
- data/ext/cs__assess_marshal_module/extconf.rb +1 -1
- data/ext/cs__assess_module/cs__assess_module.c +1 -1
- data/ext/cs__assess_module/extconf.rb +1 -1
- data/ext/cs__assess_regexp/cs__assess_regexp.c +1 -1
- data/ext/cs__assess_regexp/extconf.rb +1 -1
- data/ext/cs__assess_string/cs__assess_string.c +1 -1
- data/ext/cs__assess_string/extconf.rb +1 -1
- data/ext/cs__assess_string_interpolation/cs__assess_string_interpolation.c +1 -1
- data/ext/cs__assess_string_interpolation/extconf.rb +1 -1
- data/ext/cs__assess_test/extconf.rb +1 -1
- data/ext/cs__assess_yield_track/cs__assess_yield_track.c +1 -1
- data/ext/cs__assess_yield_track/extconf.rb +1 -1
- data/ext/cs__common/cs__common.c +1 -1
- data/ext/cs__common/extconf.rb +1 -1
- data/ext/cs__contrast_patch/cs__contrast_patch.c +12 -10
- data/ext/cs__contrast_patch/extconf.rb +1 -1
- data/ext/cs__os_information/cs__os_information.c +1 -1
- data/ext/cs__os_information/extconf.rb +1 -1
- data/ext/cs__scope/cs__scope.c +390 -207
- data/ext/cs__scope/cs__scope.h +3 -1
- data/ext/cs__scope/extconf.rb +1 -1
- data/ext/cs__tests/cs__tests.c +1 -1
- data/ext/cs__tests/extconf.rb +1 -1
- data/ext/extconf_common.rb +1 -1
- data/lib/contrast/agent/assess/contrast_object.rb +1 -1
- data/lib/contrast/agent/assess/events/event_data.rb +1 -1
- data/lib/contrast/agent/assess/finalizers/freeze.rb +1 -1
- data/lib/contrast/agent/assess/finalizers/hash.rb +1 -1
- data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +1 -1
- data/lib/contrast/agent/assess/policy/patcher.rb +1 -1
- data/lib/contrast/agent/assess/policy/policy.rb +1 -1
- data/lib/contrast/agent/assess/policy/policy_node.rb +1 -1
- data/lib/contrast/agent/assess/policy/policy_node_utils.rb +1 -1
- data/lib/contrast/agent/assess/policy/policy_scanner.rb +1 -1
- data/lib/contrast/agent/assess/policy/preshift.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagation_method.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagation_node.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/append.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/buffer.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/center.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/insert.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/match_data.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/remove.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/select.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/split.rb +2 -5
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/substitution_utils.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/trim.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator.rb +1 -1
- data/lib/contrast/agent/assess/policy/source_method.rb +1 -3
- data/lib/contrast/agent/assess/policy/source_node.rb +1 -1
- data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +1 -1
- data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +2 -1
- data/lib/contrast/agent/assess/policy/trigger/xpath.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_method.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +1 -1
- data/lib/contrast/agent/assess/properties.rb +1 -1
- data/lib/contrast/agent/assess/property/evented.rb +1 -1
- data/lib/contrast/agent/assess/property/tagged.rb +1 -1
- data/lib/contrast/agent/assess/property/updated.rb +1 -1
- data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +1 -1
- data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +1 -1
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/provider.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/auto_complete_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/base_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/body_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/click_jacking_header_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/framework/rails_support.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/header_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/hsts_header_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/parameters_pollution_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/x_content_type_header_rule.rb +1 -1
- data/lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb +1 -1
- data/lib/contrast/agent/assess/tag.rb +1 -1
- data/lib/contrast/agent/assess/tracker.rb +1 -1
- data/lib/contrast/agent/assess.rb +1 -1
- data/lib/contrast/agent/at_exit_hook.rb +1 -1
- data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +1 -1
- data/lib/contrast/agent/deadzone/policy/policy.rb +1 -1
- data/lib/contrast/agent/disable_reaction.rb +1 -1
- data/lib/contrast/agent/excluder.rb +125 -43
- data/lib/contrast/agent/exclusion_matcher.rb +11 -55
- data/lib/contrast/agent/inventory/database_config.rb +1 -1
- data/lib/contrast/agent/inventory/dependencies.rb +1 -1
- data/lib/contrast/agent/inventory/dependency_analysis.rb +1 -1
- data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +1 -1
- data/lib/contrast/agent/inventory/policy/datastores.rb +1 -1
- data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
- data/lib/contrast/agent/inventory/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/inventory.rb +1 -1
- data/lib/contrast/agent/middleware.rb +22 -9
- data/lib/contrast/agent/module_data.rb +1 -1
- data/lib/contrast/agent/patching/policy/after_load_patch.rb +1 -1
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +1 -1
- data/lib/contrast/agent/patching/policy/method_policy.rb +1 -1
- data/lib/contrast/agent/patching/policy/method_policy_extend.rb +7 -3
- data/lib/contrast/agent/patching/policy/module_policy.rb +1 -1
- data/lib/contrast/agent/patching/policy/patch.rb +1 -1
- data/lib/contrast/agent/patching/policy/patch_status.rb +1 -1
- data/lib/contrast/agent/patching/policy/patcher.rb +1 -1
- data/lib/contrast/agent/patching/policy/policy.rb +1 -1
- data/lib/contrast/agent/patching/policy/policy_node.rb +1 -1
- data/lib/contrast/agent/patching/policy/trigger_node.rb +2 -2
- data/lib/contrast/agent/protect/exploitable_collection.rb +1 -1
- data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +4 -2
- data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb +12 -11
- data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +3 -3
- data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/policy.rb +1 -1
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +6 -1
- data/lib/contrast/agent/protect/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/protect/rule/base.rb +9 -19
- data/lib/contrast/agent/protect/rule/base_service.rb +34 -12
- data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb +1 -1
- data/lib/contrast/agent/protect/rule/bot_blocker.rb +1 -1
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +1 -1
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb +9 -51
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb +12 -19
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_chained_command.rb +11 -12
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_dangerous_path.rb +11 -12
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +1 -1
- data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/deserialization.rb +2 -3
- data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +1 -1
- data/lib/contrast/agent/protect/rule/no_sqli.rb +1 -13
- data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_input_classification.rb +1 -1
- data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb +34 -9
- data/lib/contrast/agent/protect/rule/path_traversal.rb +1 -47
- data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -3
- data/lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli/sqli_semantic/sqli_dangerous_functions.rb +5 -5
- data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/sqli.rb +1 -13
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +1 -1
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +1 -2
- data/lib/contrast/agent/protect/rule/xss/reflected_xss_input_classification.rb +1 -1
- data/lib/contrast/agent/protect/rule/xss.rb +1 -1
- data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +1 -1
- data/lib/contrast/agent/protect/rule/xxe.rb +2 -3
- data/lib/contrast/agent/protect/rule.rb +1 -1
- data/lib/contrast/agent/reporting/attack_result/attack_result.rb +1 -1
- data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +1 -1
- data/lib/contrast/agent/reporting/attack_result/response_type.rb +1 -1
- data/lib/contrast/agent/reporting/attack_result/user_input.rb +1 -1
- data/lib/contrast/{api/communication → agent/reporting}/connection_status.rb +3 -17
- data/lib/contrast/agent/reporting/details/bot_blocker_details.rb +1 -1
- data/lib/contrast/agent/reporting/details/cmd_injection_details.rb +1 -1
- data/lib/contrast/agent/reporting/details/details.rb +1 -1
- data/lib/contrast/agent/reporting/details/ip_denylist_details.rb +1 -1
- data/lib/contrast/agent/reporting/details/no_sqli_details.rb +1 -1
- data/lib/contrast/agent/reporting/details/path_traversal_details.rb +1 -1
- data/lib/contrast/agent/reporting/details/path_traversal_semantic_analysis_details.rb +1 -1
- data/lib/contrast/agent/reporting/details/protect_rule_details.rb +1 -1
- data/lib/contrast/agent/reporting/details/sqli_dangerous_functions.rb +1 -1
- data/lib/contrast/agent/reporting/details/sqli_details.rb +1 -1
- data/lib/contrast/agent/reporting/details/untrusted_deserialization_details.rb +1 -1
- data/lib/contrast/agent/reporting/details/virtual_patch_details.rb +1 -1
- data/lib/contrast/agent/reporting/details/xss_details.rb +1 -1
- data/lib/contrast/agent/reporting/details/xss_match.rb +1 -1
- data/lib/contrast/agent/reporting/details/xxe_details.rb +1 -1
- data/lib/contrast/agent/reporting/details/xxe_match.rb +1 -1
- data/lib/contrast/agent/reporting/details/xxe_wrapper.rb +1 -1
- data/lib/contrast/agent/reporting/input_analysis/details/bot_blocker_details.rb +1 -1
- data/lib/contrast/agent/reporting/input_analysis/details/protect_rule_details.rb +1 -1
- data/lib/contrast/agent/reporting/input_analysis/input_analysis.rb +1 -1
- data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb +1 -1
- data/lib/contrast/agent/reporting/input_analysis/input_type.rb +1 -1
- data/lib/contrast/agent/reporting/input_analysis/score_level.rb +1 -1
- data/lib/contrast/agent/reporting/masker/masker.rb +1 -1
- data/lib/contrast/agent/reporting/masker/masker_utils.rb +1 -1
- data/lib/contrast/agent/reporting/report.rb +1 -1
- data/lib/contrast/agent/reporting/reporter.rb +14 -17
- data/lib/contrast/agent/reporting/reporting_events/agent_startup.rb +2 -2
- data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +5 -4
- data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +13 -9
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +5 -6
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +4 -3
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_stack.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +19 -12
- data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +2 -2
- data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +2 -2
- data/lib/contrast/agent/reporting/reporting_events/application_reporting_event.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_events/application_settings.rb +2 -2
- data/lib/contrast/agent/reporting/reporting_events/application_startup.rb +2 -2
- data/lib/contrast/agent/reporting/reporting_events/application_startup_instrumentation.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_events/application_update.rb +2 -3
- data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +4 -10
- data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +10 -14
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +2 -11
- data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +5 -12
- data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +4 -12
- data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb +9 -13
- data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb +9 -13
- data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +5 -12
- data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +10 -21
- data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +9 -12
- data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +10 -14
- data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range_tags.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +4 -12
- data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +14 -14
- data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +14 -14
- data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +3 -11
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +10 -16
- data/lib/contrast/agent/reporting/reporting_events/poll.rb +2 -2
- data/lib/contrast/agent/reporting/reporting_events/preflight.rb +13 -2
- data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +5 -13
- data/lib/contrast/agent/reporting/reporting_events/reportable_hash.rb +47 -0
- data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +4 -35
- data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +1 -3
- data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +9 -13
- data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +9 -13
- data/lib/contrast/agent/reporting/reporting_events/server_reporting_event.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_events/server_settings.rb +2 -2
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +5 -2
- data/lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb +5 -2
- data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +8 -8
- data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +6 -3
- data/lib/contrast/agent/reporting/reporting_utilities/ng_response_extractor.rb +4 -4
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +6 -19
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +20 -3
- data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +2 -22
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_mode.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +26 -9
- data/lib/contrast/agent/reporting/reporting_workers/application_server_worker.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_workers/reporter_heartbeat.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_workers/reporting_workers.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_workers/server_settings_worker.rb +1 -1
- data/lib/contrast/agent/reporting/settings/application_settings.rb +1 -1
- data/lib/contrast/agent/reporting/settings/assess.rb +1 -1
- data/lib/contrast/agent/reporting/settings/assess_rule.rb +1 -1
- data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +1 -1
- data/lib/contrast/agent/reporting/settings/bot_blocker.rb +1 -1
- data/lib/contrast/agent/reporting/settings/exclusion_base.rb +90 -12
- data/lib/contrast/agent/reporting/settings/exclusions.rb +11 -31
- data/lib/contrast/agent/reporting/settings/helpers.rb +41 -5
- data/lib/contrast/agent/reporting/settings/input_exclusion.rb +54 -10
- data/lib/contrast/agent/reporting/settings/ip_filter.rb +1 -1
- data/lib/contrast/agent/reporting/settings/keyword.rb +1 -1
- data/lib/contrast/agent/reporting/settings/log_enhancer.rb +1 -1
- data/lib/contrast/agent/reporting/settings/protect.rb +1 -1
- data/lib/contrast/agent/reporting/settings/protect_rule.rb +1 -1
- data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +1 -1
- data/lib/contrast/agent/reporting/settings/reaction.rb +1 -1
- data/lib/contrast/agent/reporting/settings/rule_definition.rb +1 -1
- data/lib/contrast/agent/reporting/settings/sampling.rb +1 -1
- data/lib/contrast/agent/reporting/settings/sanitizer.rb +1 -1
- data/lib/contrast/agent/reporting/settings/security_logger.rb +1 -1
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +1 -1
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +1 -1
- data/lib/contrast/agent/reporting/settings/server_features.rb +1 -1
- data/lib/contrast/agent/reporting/settings/syslog.rb +1 -1
- data/lib/contrast/agent/reporting/settings/url_exclusion.rb +2 -26
- data/lib/contrast/agent/reporting/settings/validator.rb +1 -1
- data/lib/contrast/agent/reporting/settings/virtual_patch.rb +1 -1
- data/lib/contrast/agent/reporting/settings/virtual_patch_condition.rb +1 -1
- data/lib/contrast/agent/request.rb +1 -1
- data/lib/contrast/agent/request_context.rb +1 -1
- data/lib/contrast/agent/request_context_extend.rb +1 -1
- data/lib/contrast/agent/request_handler.rb +1 -1
- data/lib/contrast/agent/response.rb +1 -1
- data/lib/contrast/agent/rule_set.rb +1 -1
- data/lib/contrast/agent/scope.rb +9 -1
- data/lib/contrast/agent/static_analysis.rb +1 -1
- data/lib/contrast/agent/telemetry/base.rb +23 -17
- data/lib/contrast/agent/telemetry/client.rb +109 -0
- data/lib/contrast/agent/telemetry/{events/event.rb → event.rb} +1 -1
- data/lib/contrast/agent/telemetry/{events/exceptions/telemetry_exception_base.rb → exception/base.rb} +2 -2
- data/lib/contrast/agent/telemetry/{events/exceptions/telemetry_exception_event.rb → exception/event.rb} +10 -10
- data/lib/contrast/agent/telemetry/{events/exceptions/telemetry_exception_message.rb → exception/message.rb} +9 -9
- data/lib/contrast/agent/telemetry/{events/exceptions/telemetry_exception_message_exception.rb → exception/message_exception.rb} +9 -9
- data/lib/contrast/agent/telemetry/{events/exceptions/telemetry_exception_stack_frame.rb → exception/stack_frame.rb} +4 -4
- data/lib/contrast/agent/telemetry/exception.rb +19 -0
- data/lib/contrast/agent/telemetry/hash.rb +71 -0
- data/lib/contrast/{utils/telemetry_identifier.rb → agent/telemetry/identifier.rb} +5 -5
- data/lib/contrast/agent/telemetry/{events/metric_event.rb → metric_event.rb} +2 -2
- data/lib/contrast/agent/telemetry/{events/startup_metrics_event.rb → startup_metrics_event.rb} +2 -2
- data/lib/contrast/{utils → agent}/telemetry.rb +4 -4
- data/lib/contrast/agent/thread.rb +1 -1
- data/lib/contrast/agent/thread_watcher.rb +28 -31
- data/lib/contrast/agent/tracepoint_hook.rb +1 -1
- data/lib/contrast/agent/version.rb +2 -2
- data/lib/contrast/agent/worker_thread.rb +1 -1
- data/lib/contrast/agent.rb +6 -2
- data/lib/contrast/agent_lib/api/command_injection.rb +1 -1
- data/lib/contrast/agent_lib/api/init.rb +1 -1
- data/lib/contrast/agent_lib/api/input_tracing.rb +1 -1
- data/lib/contrast/agent_lib/api/panic.rb +1 -1
- data/lib/contrast/agent_lib/api/path_semantic_file_security_bypass.rb +1 -1
- data/lib/contrast/agent_lib/interface.rb +1 -1
- data/lib/contrast/agent_lib/interface_base.rb +2 -2
- data/lib/contrast/agent_lib/return_types/eval_result.rb +1 -1
- data/lib/contrast/agent_lib/test.rb +1 -1
- data/lib/contrast/components/agent.rb +1 -1
- data/lib/contrast/components/api.rb +1 -1
- data/lib/contrast/components/app_context.rb +1 -1
- data/lib/contrast/components/app_context_extend.rb +1 -1
- data/lib/contrast/components/assess.rb +1 -1
- data/lib/contrast/components/assess_rules.rb +1 -1
- data/lib/contrast/components/base.rb +1 -1
- data/lib/contrast/components/config/sources.rb +1 -1
- data/lib/contrast/components/config.rb +2 -2
- data/lib/contrast/components/heap_dump.rb +1 -1
- data/lib/contrast/components/inventory.rb +1 -1
- data/lib/contrast/components/logger.rb +1 -1
- data/lib/contrast/components/polling.rb +4 -4
- data/lib/contrast/components/protect.rb +1 -1
- data/lib/contrast/components/ruby_component.rb +45 -6
- data/lib/contrast/components/sampling.rb +6 -6
- data/lib/contrast/components/scope.rb +9 -1
- data/lib/contrast/components/security_logger.rb +1 -1
- data/lib/contrast/components/settings.rb +13 -12
- data/lib/contrast/config/api_proxy_configuration.rb +1 -1
- data/lib/contrast/config/base_configuration.rb +1 -1
- data/lib/contrast/config/certification_configuration.rb +1 -1
- data/lib/contrast/config/config.rb +14 -12
- data/lib/contrast/config/diagnostics.rb +12 -3
- data/lib/contrast/config/diagnostics_tools.rb +2 -1
- data/lib/contrast/config/effective_config.rb +81 -15
- data/lib/contrast/config/effective_config_value.rb +4 -4
- data/lib/contrast/config/env_variables.rb +1 -1
- data/lib/contrast/config/exception_configuration.rb +1 -1
- data/lib/contrast/config/protect_rule_configuration.rb +1 -1
- data/lib/contrast/config/protect_rules_configuration.rb +1 -1
- data/lib/contrast/config/request_audit_configuration.rb +1 -1
- data/lib/contrast/config/server_configuration.rb +2 -2
- data/lib/contrast/config.rb +1 -1
- data/lib/contrast/configuration.rb +1 -1
- data/lib/contrast/extension/assess/array.rb +1 -1
- data/lib/contrast/extension/assess/erb.rb +1 -1
- data/lib/contrast/extension/assess/eval_trigger.rb +1 -1
- data/lib/contrast/extension/assess/exec_trigger.rb +1 -1
- data/lib/contrast/extension/assess/fiber.rb +1 -1
- data/lib/contrast/extension/assess/hash.rb +1 -1
- data/lib/contrast/extension/assess/kernel.rb +1 -1
- data/lib/contrast/extension/assess/marshal.rb +1 -1
- data/lib/contrast/extension/assess/regexp.rb +1 -1
- data/lib/contrast/extension/assess/string.rb +1 -1
- data/lib/contrast/extension/assess.rb +1 -1
- data/lib/contrast/extension/delegator.rb +1 -1
- data/lib/contrast/extension/extension.rb +1 -1
- data/lib/contrast/extension/inventory.rb +1 -1
- data/lib/contrast/extension/module.rb +1 -1
- data/lib/contrast/extension/object.rb +1 -1
- data/lib/contrast/extension/protect/psych.rb +1 -1
- data/lib/contrast/extension/protect.rb +1 -1
- data/lib/contrast/extension/thread.rb +1 -1
- data/lib/contrast/framework/base_support.rb +1 -1
- data/lib/contrast/framework/grape/support.rb +1 -1
- data/lib/contrast/framework/manager.rb +1 -1
- data/lib/contrast/framework/manager_extend.rb +1 -1
- data/lib/contrast/framework/rack/patch/session_cookie.rb +3 -2
- data/lib/contrast/framework/rack/patch/support.rb +1 -1
- data/lib/contrast/framework/rack/support.rb +1 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
- data/lib/contrast/framework/rails/patch/assess_configuration.rb +1 -1
- data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +1 -1
- data/lib/contrast/framework/rails/patch/support.rb +1 -1
- data/lib/contrast/framework/rails/railtie.rb +1 -1
- data/lib/contrast/framework/rails/support.rb +1 -1
- data/lib/contrast/framework/sinatra/patch/encrypted_session_cookie.rb +39 -0
- data/lib/contrast/framework/sinatra/support.rb +14 -1
- data/lib/contrast/funchook/funchook.rb +1 -1
- data/lib/contrast/logger/aliased_logging.rb +12 -14
- data/lib/contrast/logger/application.rb +1 -1
- data/lib/contrast/logger/cef_log.rb +1 -1
- data/lib/contrast/logger/format.rb +1 -1
- data/lib/contrast/logger/log.rb +1 -1
- data/lib/contrast/logger/request.rb +1 -1
- data/lib/contrast/logger/time.rb +1 -1
- data/lib/contrast/security_exception.rb +1 -1
- data/lib/contrast/tasks/config.rb +1 -1
- data/lib/contrast/utils/assess/event_limit_utils.rb +1 -1
- data/lib/contrast/utils/assess/object_store.rb +1 -1
- data/lib/contrast/utils/assess/propagation_method_utils.rb +1 -1
- data/lib/contrast/utils/assess/property/tagged_utils.rb +1 -1
- data/lib/contrast/utils/assess/sampling_util.rb +1 -1
- data/lib/contrast/utils/assess/source_method_utils.rb +1 -1
- data/lib/contrast/utils/assess/split_utils.rb +1 -1
- data/lib/contrast/utils/assess/tracking_util.rb +1 -1
- data/lib/contrast/utils/assess/trigger_method_utils.rb +1 -1
- data/lib/contrast/utils/class_util.rb +1 -1
- data/lib/contrast/utils/duck_utils.rb +19 -1
- data/lib/contrast/utils/env_configuration_item.rb +1 -1
- data/lib/contrast/utils/findings.rb +1 -1
- data/lib/contrast/utils/hash_digest.rb +1 -1
- data/lib/contrast/utils/hash_digest_extend.rb +1 -1
- data/lib/contrast/utils/head_dump_utils_extend.rb +1 -1
- data/lib/contrast/utils/heap_dump_util.rb +2 -2
- data/lib/contrast/utils/input_classification_base.rb +2 -5
- data/lib/contrast/utils/invalid_configuration_util.rb +1 -1
- data/lib/contrast/utils/io_util.rb +1 -1
- data/lib/contrast/utils/job_servers_running.rb +1 -1
- data/lib/contrast/utils/log_utils.rb +3 -3
- data/lib/contrast/utils/lru_cache.rb +1 -1
- data/lib/contrast/utils/metrics_hash.rb +1 -1
- data/lib/contrast/utils/middleware_utils.rb +5 -5
- data/lib/contrast/utils/net_http_base.rb +3 -3
- data/lib/contrast/utils/object_share.rb +2 -1
- data/lib/contrast/utils/os.rb +1 -1
- data/lib/contrast/utils/patching/policy/patch_utils.rb +3 -3
- data/lib/contrast/utils/patching/policy/patcher_utils.rb +1 -1
- data/lib/contrast/utils/reporting/application_activity_batch_utils.rb +12 -4
- data/lib/contrast/utils/request_utils.rb +1 -1
- data/lib/contrast/utils/resource_loader.rb +1 -1
- data/lib/contrast/utils/response_utils.rb +1 -1
- data/lib/contrast/utils/routes_sent.rb +5 -2
- data/lib/contrast/utils/sha256_builder.rb +1 -1
- data/lib/contrast/utils/silence_maker.rb +16 -0
- data/lib/contrast/utils/stack_trace_utils.rb +1 -1
- data/lib/contrast/utils/string_utils.rb +1 -1
- data/lib/contrast/utils/tag_util.rb +1 -1
- data/lib/contrast/utils/thread_tracker.rb +1 -1
- data/lib/contrast/utils/timer.rb +1 -1
- data/lib/contrast-agent.rb +1 -1
- data/lib/contrast.rb +7 -6
- data/ruby-agent.gemspec +6 -6
- metadata +41 -40
- data/lib/contrast/agent/reporting/settings/code_exclusion.rb +0 -32
- data/lib/contrast/agent/telemetry/events/exceptions/obfuscate.rb +0 -124
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb +0 -19
- data/lib/contrast/utils/telemetry_client.rb +0 -107
- data/lib/contrast/utils/telemetry_hash.rb +0 -65
@@ -1,6 +1,8 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require 'zlib'
|
5
|
+
require 'stringio'
|
4
6
|
require 'contrast/components/logger'
|
5
7
|
require 'contrast/components/scope'
|
6
8
|
require 'contrast/agent/reporting/reporting_events/application_startup'
|
@@ -49,6 +51,7 @@ module Contrast
|
|
49
51
|
# This method will build headers of the request required for TS communication
|
50
52
|
#
|
51
53
|
# @param request [Net::HTTPRequest]
|
54
|
+
# @return [Net::HTTPRequest]
|
52
55
|
def build_headers request
|
53
56
|
app_version = @headers.app_version
|
54
57
|
request['API-Key'] = @headers.api_key
|
@@ -57,12 +60,12 @@ module Contrast
|
|
57
60
|
request['Application-Path'] = @headers.app_path
|
58
61
|
request['Application-Version'] = app_version if app_version
|
59
62
|
request['Authorization'] = @headers.authorization
|
60
|
-
request['Content-Type'] = @headers.content_type
|
61
63
|
request['Server-Name'] = @headers.server_name
|
62
64
|
request['Server-Path'] = @headers.server_path
|
63
65
|
request['Server-Type'] = @headers.server_type
|
64
66
|
request['X-Contrast-Agent'] = @headers.agent_version
|
65
67
|
request['X-Contrast-Header-Encoding'] = @headers.encoding
|
68
|
+
build_encode_and_compress_headers(request)
|
66
69
|
request
|
67
70
|
end
|
68
71
|
|
@@ -134,10 +137,24 @@ module Contrast
|
|
134
137
|
end
|
135
138
|
build_headers(request)
|
136
139
|
event.attach_headers(request)
|
137
|
-
|
140
|
+
# compress:
|
141
|
+
gzip = Zlib::GzipWriter.new(StringIO.new)
|
142
|
+
gzip << event.event_json
|
143
|
+
request.body = gzip.close.string
|
138
144
|
request
|
139
145
|
end
|
140
146
|
end
|
147
|
+
|
148
|
+
# Adds the compression and encoding Headers required for sending
|
149
|
+
# compress and encoded body payload.
|
150
|
+
#
|
151
|
+
# @param request [Net::HTTPRequest]
|
152
|
+
def build_encode_and_compress_headers request
|
153
|
+
request['Content-Type'] = @headers.content_type
|
154
|
+
request['X-Contrast-Header-Encoding'] = @headers.encoding
|
155
|
+
request['X-Contrast-Encoding'] = @headers.compression
|
156
|
+
request['Content-Encoding'] = @headers.compression
|
157
|
+
end
|
141
158
|
end
|
142
159
|
end
|
143
160
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/components/logger'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/agent/reporting/settings/application_settings'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/agent/reporting/settings/assess_rule'
|
@@ -124,28 +124,8 @@ module Contrast
|
|
124
124
|
exclusions = response_data[:exclusions]
|
125
125
|
return unless exclusions
|
126
126
|
|
127
|
-
res.application_settings.exclusions.code_exclusions = exclusions[:code]
|
128
127
|
res.application_settings.exclusions.url_exclusions = exclusions[:url]
|
129
|
-
|
130
|
-
end
|
131
|
-
|
132
|
-
# Input exclusions between NG and non-NG are different, so need to be cast separately.
|
133
|
-
#
|
134
|
-
# @param exclusions [Hash]
|
135
|
-
# @param res [Contrast::Agent::Reporting::Response]
|
136
|
-
def extract_input_exclusions exclusions, res
|
137
|
-
res.application_settings.exclusions.input_exclusions = []
|
138
|
-
exclusions[:input].each do |exclusion_details|
|
139
|
-
input_exclusion = Contrast::Agent::Reporting::Settings::InputExclusion.new
|
140
|
-
input_exclusion.name = exclusion_details[:name]
|
141
|
-
input_exclusion.modes = exclusion_details[:modes]
|
142
|
-
input_exclusion.assess_rules = exclusion_details[:assess_rules]
|
143
|
-
input_exclusion.protect_rules = exclusion_details[:protect_rules]
|
144
|
-
input_exclusion.input_name = exclusion_details[:name]
|
145
|
-
input_exclusion.input_type = exclusion_details[:type]
|
146
|
-
input_exclusion.urls = exclusion_details[:urls]
|
147
|
-
res.application_settings.exclusions.input_exclusions << exclusion
|
148
|
-
end
|
128
|
+
res.application_settings.exclusions.input_exclusions = exclusions[:input]
|
149
129
|
end
|
150
130
|
|
151
131
|
# @param response_data [Hash]
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/agent/reporting/reporting_utilities/response'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Contrast
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/agent/reporting/reporting_utilities/ng_response_extractor'
|
@@ -22,14 +22,14 @@ module Contrast
|
|
22
22
|
unprocessable_entity: '422',
|
23
23
|
too_many_requests: '429'
|
24
24
|
}.cs__freeze
|
25
|
-
APP_NON_EXISTENT_MSG = 'Application does not exist! Either it has not been created or has '\
|
26
|
-
'been deleted or archived. '\
|
25
|
+
APP_NON_EXISTENT_MSG = 'Application does not exist! Either it has not been created or has ' \
|
26
|
+
'been deleted or archived. ' \
|
27
27
|
'Disabling permanently.'
|
28
28
|
SUSPEND_MSG = 'Reporter is temporarily suspended.'
|
29
29
|
UNSUCCESSFULLY_RECEIVED_MSG = 'The Reporter was unable to send message.'
|
30
|
-
FORBIDDEN_MSG = 'Access was forbidden for current Report because the request authentication '\
|
30
|
+
FORBIDDEN_MSG = 'Access was forbidden for current Report because the request authentication ' \
|
31
31
|
'information was not provided'
|
32
|
-
FORBIDDEN_NO_ACTION_MSG = 'Report access was forbidden because the supplied credentials failed '\
|
32
|
+
FORBIDDEN_NO_ACTION_MSG = 'Report access was forbidden because the supplied credentials failed ' \
|
33
33
|
'to authenticate the Agent'
|
34
34
|
UNPROCESSABLE_ENTITY_MSG = 'Reporter received Unprocessable Entity response. Disabling permanently.'
|
35
35
|
RETRY_AFTER_MSG = "There are too many requests of this type being sent by this Agent. #{ SUSPEND_MSG }"
|
@@ -38,13 +38,20 @@ module Contrast
|
|
38
38
|
@_last_response_code ||= ''
|
39
39
|
end
|
40
40
|
|
41
|
-
# String format of the Header:<day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT
|
41
|
+
# String format of the server last modified Header:<day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT
|
42
42
|
#
|
43
43
|
# @return [String]
|
44
44
|
def last_server_modified
|
45
45
|
@_last_server_modified
|
46
46
|
end
|
47
47
|
|
48
|
+
# String format of the app last modified Header:<day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT
|
49
|
+
#
|
50
|
+
# @return [String]
|
51
|
+
def last_application_modified
|
52
|
+
@_last_application_modified
|
53
|
+
end
|
54
|
+
|
48
55
|
private
|
49
56
|
|
50
57
|
# check if response code is valid before analyze it
|
@@ -150,12 +157,21 @@ module Contrast
|
|
150
157
|
# Extract the last modify headers with last update form TS.
|
151
158
|
#
|
152
159
|
# @param response [Net::HTTP::Response, nil]
|
160
|
+
# @param event [Contrast::Agent::Reporting::ServerSettings,
|
161
|
+
# Contrast::Agent::Reporting::ApplicationSettings, nil]
|
153
162
|
# @return last_modified[integer, nil] Time since last server update
|
154
|
-
def extract_response_last_modified response
|
163
|
+
def extract_response_last_modified response, event
|
155
164
|
return unless response.cs__is_a?(Net::HTTPResponse)
|
156
165
|
return unless (header = response['last-modified'])
|
157
166
|
|
158
|
-
|
167
|
+
case event
|
168
|
+
# Server feature based events
|
169
|
+
when Contrast::Agent::Reporting::ServerSettings
|
170
|
+
@_last_server_modified = header
|
171
|
+
# Application settings based events
|
172
|
+
when Contrast::Agent::Reporting::ApplicationSettings
|
173
|
+
@_last_application_modified = header
|
174
|
+
end
|
159
175
|
end
|
160
176
|
|
161
177
|
# Cease reporting about this application
|
@@ -243,7 +259,7 @@ module Contrast
|
|
243
259
|
response_data = JSON.parse(response_body, symbolize_names: true)
|
244
260
|
return unless response_data.cs__is_a?(Hash)
|
245
261
|
|
246
|
-
extract_response_last_modified(response)
|
262
|
+
extract_response_last_modified(response, event)
|
247
263
|
populate_response(response_data, event)
|
248
264
|
rescue StandardError => e
|
249
265
|
logger.error('Unable to convert response', e)
|
@@ -331,6 +347,7 @@ module Contrast
|
|
331
347
|
# @param response_data [Hash] JSON of the response body from a Contrast::Agent::Reporting::ServerSettings event
|
332
348
|
# @param response [Contrast::Agent::Reporting::Response] the object to populate with the body data
|
333
349
|
def extract_server_settings response_data, response
|
350
|
+
response.server_features.telemetry = response_data[:telemetry] if response_data[:telemetry]
|
334
351
|
extract_loggers(response_data, response)
|
335
352
|
extract_protect_server_settings(response_data, response)
|
336
353
|
extract_assess_server_settings(response_data, response)
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/agent/worker_thread'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/agent/worker_thread'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Contrast
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/agent/worker_thread'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/agent/reporting/settings/assess'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/object_share'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/object_share'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/object_share'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/agent/reporting/settings/helpers'
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Contrast
|
@@ -7,43 +7,121 @@ module Contrast
|
|
7
7
|
module Settings
|
8
8
|
# Base class to represent common exclusions fields.
|
9
9
|
class ExclusionBase
|
10
|
-
BASE_ATTRIBUTES = %i[name modes assess_rules protect_rules].cs__freeze
|
10
|
+
BASE_ATTRIBUTES = %i[name modes assess_rules protect_rules urls match_strategy].cs__freeze
|
11
|
+
STRATEGIES = %w[ALL ONLY].cs__freeze
|
11
12
|
|
13
|
+
# Base attribute for exclusion name.
|
14
|
+
# For ng response it corresponds only for the name of the exclusion,
|
15
|
+
# in the new server settings endpoint it is used to store the name
|
16
|
+
# of the input to be excluded.
|
17
|
+
#
|
12
18
|
# @return name [String]
|
13
19
|
attr_accessor :name
|
14
20
|
# @return modes [Array<String>]
|
15
21
|
attr_accessor :modes
|
16
|
-
# @return
|
17
|
-
attr_accessor :
|
18
|
-
# @return protect_rules [Array<String>]
|
19
|
-
attr_accessor :protect_rules
|
22
|
+
# @return urls [Array<String>]
|
23
|
+
attr_accessor :urls
|
20
24
|
|
21
25
|
def initialize
|
22
26
|
@modes = []
|
23
|
-
@
|
24
|
-
@protect_rules = []
|
27
|
+
@urls = []
|
25
28
|
end
|
26
29
|
|
27
|
-
# @return [
|
30
|
+
# @return match_strategy [String] The type of the input.
|
31
|
+
def match_strategy
|
32
|
+
@_match_strategy ||= Contrast::Utils::ObjectShare::EMPTY_STRING
|
33
|
+
end
|
34
|
+
|
35
|
+
# @param new_strategy [String] Set new input type.
|
36
|
+
# @return type [String] The type of the input.
|
37
|
+
def match_strategy= new_strategy
|
38
|
+
@_match_strategy = new_strategy if STRATEGIES.include?(new_strategy)
|
39
|
+
end
|
40
|
+
|
41
|
+
# @return [Boolean] does this exclusion apply to Assess or not.
|
28
42
|
def assess
|
29
43
|
@_assess = modes&.include?('assess') if @_assess.nil?
|
30
44
|
@_assess
|
31
45
|
end
|
32
46
|
|
33
|
-
# @return [Boolean] does this exclusion apply to Protect or not
|
47
|
+
# @return [Boolean] does this exclusion apply to Protect or not.
|
34
48
|
def protect
|
35
49
|
@_protect = modes&.include?('defend') if @_protect.nil?
|
36
50
|
@_protect
|
37
51
|
end
|
38
52
|
|
53
|
+
# Array of all excluded protect rules.
|
54
|
+
#
|
55
|
+
# @return [Array<String>]
|
56
|
+
def protect_rules
|
57
|
+
@_protect_rules ||= rules
|
58
|
+
end
|
59
|
+
|
60
|
+
# Setter for protect rules array.
|
61
|
+
#
|
62
|
+
# @param new_rules [Array<String>]
|
63
|
+
# @return [Array<String>]
|
64
|
+
def protect_rules= new_rules
|
65
|
+
@_protect_rules = new_rules if new_rules.cs__is_a?(Array)
|
66
|
+
end
|
67
|
+
|
68
|
+
# Array of all excluded assess rules.
|
69
|
+
#
|
70
|
+
# @return [Array<String>]
|
71
|
+
def assess_rules
|
72
|
+
@_assess_rules ||= assessment_rules
|
73
|
+
end
|
74
|
+
|
75
|
+
# Setter for assess rules array.
|
76
|
+
#
|
77
|
+
# @param new_rules [Array<String>]
|
78
|
+
# @return [Array<String>]
|
79
|
+
def assess_rules= new_rules
|
80
|
+
@_assess_rules = new_rules if new_rules.cs__is_a?(Array)
|
81
|
+
end
|
82
|
+
|
39
83
|
def to_controlled_hash
|
40
84
|
{
|
41
85
|
name: name, # rubocop:disable Security/Module/Name
|
42
86
|
modes: modes,
|
43
|
-
|
44
|
-
|
87
|
+
urls: urls,
|
88
|
+
assess_rules: assess_rules,
|
89
|
+
protect_rules: protect_rules,
|
90
|
+
match_strategy: match_strategy
|
45
91
|
}
|
46
92
|
end
|
93
|
+
|
94
|
+
private
|
95
|
+
|
96
|
+
# Private getter for assess_rules used with application create response parsing.
|
97
|
+
#
|
98
|
+
# @return [Array<String>]
|
99
|
+
def assessment_rules
|
100
|
+
@_assessment_rules ||= []
|
101
|
+
end
|
102
|
+
|
103
|
+
# Private setter for assess_rules used with application create response parsing.
|
104
|
+
#
|
105
|
+
# @param new_rules [Array<String>]
|
106
|
+
# @return [Array<String>]
|
107
|
+
def assessment_rules= new_rules
|
108
|
+
@_assessment_rules = new_rules if new_rules.cs__is_a?(Array)
|
109
|
+
end
|
110
|
+
|
111
|
+
# Private getter for protect rules used with application create response parsing.
|
112
|
+
#
|
113
|
+
# @return [Array<String>]
|
114
|
+
def rules
|
115
|
+
@_rules ||= []
|
116
|
+
end
|
117
|
+
|
118
|
+
# Private setter for protect rules used with application create response parsing.
|
119
|
+
#
|
120
|
+
# @param new_rules [Array<String>]
|
121
|
+
# @return [Array<String>]
|
122
|
+
def rules= new_rules
|
123
|
+
@_rules = new_rules if new_rules.cs__is_a?(Array)
|
124
|
+
end
|
47
125
|
end
|
48
126
|
end
|
49
127
|
end
|
@@ -1,7 +1,6 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
-
require 'contrast/agent/reporting/settings/code_exclusion'
|
5
4
|
require 'contrast/agent/reporting/settings/input_exclusion'
|
6
5
|
require 'contrast/agent/reporting/settings/url_exclusion'
|
7
6
|
require 'contrast/agent/reporting/settings/helpers'
|
@@ -14,30 +13,6 @@ module Contrast
|
|
14
13
|
# Application level settings for the Exclusions featureset
|
15
14
|
# (ApplicationStartupSettingsExclusions)
|
16
15
|
class Exclusions
|
17
|
-
# Cases where rules should be excluded if violated in a method call
|
18
|
-
#
|
19
|
-
# @return code_exclusions [Array<Contrast::Agent::Reporting::Settings::CodeExclusion>] Array of CodeExclusion
|
20
|
-
def code_exclusions
|
21
|
-
@_code_exclusions ||= []
|
22
|
-
end
|
23
|
-
|
24
|
-
# set the CodeExclusions array
|
25
|
-
#
|
26
|
-
# @param new_code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
|
27
|
-
# name [String] The name of the exclusion as defined by the user in TS.
|
28
|
-
# modes [String] If this exclusion applies to assess or protect. [assess, defend]
|
29
|
-
# protect_rules [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
|
30
|
-
# assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
|
31
|
-
# denylist [String] The call, if in the stack, should result in the agent not taking action.
|
32
|
-
# }
|
33
|
-
# @return code_exclusions [Array<Contrast::Agent::Reporting::Settings::CodeExclusion>] Array of CodeExclusion
|
34
|
-
def code_exclusions= new_code_exclusions
|
35
|
-
@_code_exclusions = Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(
|
36
|
-
Contrast::Agent::Reporting::Settings::CodeExclusion,
|
37
|
-
code_exclusions,
|
38
|
-
new_code_exclusions)
|
39
|
-
end
|
40
|
-
|
41
16
|
# Cases where rules should be excluded if violated from a given input.
|
42
17
|
#
|
43
18
|
# @return input_exclusions [Array<Contrast::Agent::Reporting::Settings::InputExclusion>]
|
@@ -46,7 +21,8 @@ module Contrast
|
|
46
21
|
@_input_exclusions ||= []
|
47
22
|
end
|
48
23
|
|
49
|
-
# set the InputExclusions array
|
24
|
+
# set the InputExclusions array. Pass boolean flag as end element of array for ng endpoint.
|
25
|
+
# example: input_exclusions = [array, boolean]
|
50
26
|
#
|
51
27
|
# @param new_input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
|
52
28
|
# name [String] The name of the input.
|
@@ -60,10 +36,13 @@ module Contrast
|
|
60
36
|
# @return input_exclusions [Array<Contrast::Agent::Reporting::Settings::InputExclusions>]
|
61
37
|
# Array of InputExclusions
|
62
38
|
def input_exclusions= new_input_exclusions
|
39
|
+
# The ng_endpoint check is passed as boolean parameter in the setter method. We need to check and see
|
40
|
+
# if it is set:
|
63
41
|
@_input_exclusions = Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(
|
64
42
|
Contrast::Agent::Reporting::Settings::InputExclusion,
|
65
43
|
input_exclusions,
|
66
|
-
new_input_exclusions
|
44
|
+
new_input_exclusions,
|
45
|
+
ng_endpoint: new_input_exclusions[-1] == !!new_input_exclusions[-1])
|
67
46
|
end
|
68
47
|
|
69
48
|
# A case where rules should be excluded if violated during a call to a given URL.
|
@@ -73,7 +52,8 @@ module Contrast
|
|
73
52
|
@_url_exclusions ||= []
|
74
53
|
end
|
75
54
|
|
76
|
-
# set the
|
55
|
+
# set the url_exclusions array. Pass boolean flag as end element of array for ng endpoint.
|
56
|
+
# example: url_exclusions = [array, boolean]
|
77
57
|
#
|
78
58
|
# @param new_url_exclusions [Array] Array of UrlExclusions: {
|
79
59
|
# name [String] The name of the input.
|
@@ -89,12 +69,12 @@ module Contrast
|
|
89
69
|
@_url_exclusions = Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(
|
90
70
|
Contrast::Agent::Reporting::Settings::UrlExclusion,
|
91
71
|
url_exclusions,
|
92
|
-
new_url_exclusions
|
72
|
+
new_url_exclusions,
|
73
|
+
ng_endpoint: new_url_exclusions[-1] == !!new_url_exclusions[-1])
|
93
74
|
end
|
94
75
|
|
95
76
|
def to_controlled_hash
|
96
77
|
{
|
97
|
-
codeExceptions: code_exclusions.map(&:to_controlled_hash),
|
98
78
|
inputExceptions: input_exclusions.map(&:to_controlled_hash),
|
99
79
|
urlExceptions: url_exclusions.map(&:to_controlled_hash)
|
100
80
|
}
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c)
|
1
|
+
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
module Contrast
|
@@ -8,6 +8,15 @@ module Contrast
|
|
8
8
|
# Helper methods used across the settings.
|
9
9
|
module Helpers
|
10
10
|
class << self
|
11
|
+
# Known exclusion, we need different result, or just memo the output,
|
12
|
+
# saving computing time. Reason to exist: different endpoints require different
|
13
|
+
# attributes.
|
14
|
+
NO_MORE_UNDERSCORE_EXCLUSIONS = {
|
15
|
+
protect_rules: :rules,
|
16
|
+
assess_rules: :assessmentRules,
|
17
|
+
match_strategy: :matchStrategy
|
18
|
+
}.cs__freeze
|
19
|
+
|
11
20
|
# Fills instance variable [Array] with new settings as new instance type
|
12
21
|
# for each entry.
|
13
22
|
#
|
@@ -17,14 +26,24 @@ module Contrast
|
|
17
26
|
# @param array [Array] array to be used to fill the iv.
|
18
27
|
# fill the iv with the new type containing data from the provided array
|
19
28
|
# param.
|
29
|
+
# @param ng_endpoint [Boolean]
|
20
30
|
# @return instance_variable [Class]
|
21
|
-
def array_to_iv instance_type, instance_variable, array
|
31
|
+
def array_to_iv instance_type, instance_variable, array, ng_endpoint: false
|
22
32
|
return unless array.is_a?(Array)
|
23
33
|
|
24
|
-
|
34
|
+
# If we have a ng endpoint we have passed a boolean flag as param to the setter for the
|
35
|
+
# array, and we need to retrieve the original array.
|
36
|
+
payload = if ng_endpoint
|
37
|
+
array[0]
|
38
|
+
else
|
39
|
+
array
|
40
|
+
end
|
41
|
+
|
42
|
+
payload.each_with_index do |entry, index|
|
25
43
|
new_instance = instance_type.new
|
26
44
|
instance_type::ATTRIBUTES.each do |attr|
|
27
|
-
|
45
|
+
key = ng_attribute_filter(attr, ng_endpoint: ng_endpoint)
|
46
|
+
new_instance.send("#{ attr }=".to_sym, entry[key])
|
28
47
|
end
|
29
48
|
instance_variable[index] = new_instance
|
30
49
|
end
|
@@ -36,7 +55,7 @@ module Contrast
|
|
36
55
|
# return original if no '_'
|
37
56
|
#
|
38
57
|
# @param attr_name [Symbol]
|
39
|
-
# @return normalized_name [Symbol]
|
58
|
+
# @return normalized_name [Symbol, nil]
|
40
59
|
def no_more_underscore attr_name
|
41
60
|
name = attr_name.to_s
|
42
61
|
idx = name.index('_')
|
@@ -49,6 +68,23 @@ module Contrast
|
|
49
68
|
result.index('_') ? no_more_underscore(result).to_sym : result.to_sym
|
50
69
|
end
|
51
70
|
|
71
|
+
# Ng endpoints payload is different for exclusions.
|
72
|
+
# This method will filter the attributes needed for each
|
73
|
+
# each endpoint.
|
74
|
+
#
|
75
|
+
# @param attr_name [Symbol]
|
76
|
+
# @param ng_endpoint [Boolean]
|
77
|
+
# @return [Symbol, nil]
|
78
|
+
def ng_attribute_filter attr_name, ng_endpoint: false
|
79
|
+
if NO_MORE_UNDERSCORE_EXCLUSIONS.key?(attr_name)
|
80
|
+
return NO_MORE_UNDERSCORE_EXCLUSIONS[attr_name] if ng_endpoint
|
81
|
+
|
82
|
+
return attr_name
|
83
|
+
end
|
84
|
+
|
85
|
+
no_more_underscore(attr_name)
|
86
|
+
end
|
87
|
+
|
52
88
|
# rule_id => rule-id
|
53
89
|
#
|
54
90
|
# @param id [String, Symbol]
|