contrast-agent 6.12.0 → 6.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +38 -0
  3. data/lib/contrast/agent/version.rb +1 -1
  4. data/resources/assess/policy.json +26 -0
  5. data/ruby-agent.gemspec +1 -1
  6. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6772cdef949fd96dd24342c5f4a9a7b813a4d77873a9aa117c1a6750088a647f
4
- data.tar.gz: 8008b5a90911e19594a32a5dba27079d0f7f5e857e34b1cedb974a4e8422fb2d
3
+ metadata.gz: bf537fe7f51e1701577cb567c81862d9ed3b9eaadf89d45da26ddc65e9135afb
4
+ data.tar.gz: b344f21256b15416fb395ed6f91880d4579b39d9bdb331df9492965ddf385129
5
5
  SHA512:
6
- metadata.gz: e70042ce2030918ecbafedfc2b254fd15ff9bc8316fecbd2901e0d8a6581e46505b039d5c21a932b595423565a36b16872362897bc344dc77d61ef8ac41ec8e8
7
- data.tar.gz: 3d8cf2341b2258470ec334be4b81efccbea5a27c26c49b5ca0106e3b44e29f6c878aee0c28dcb7b0c0a84887fb1f298978f0419522503ee8293e0053f9a63bc9
6
+ metadata.gz: cab435e1cfaf07a8f5c101805d3ca0046062071e10d61e3fcef4012e989e145bca2d586113176c89a96019eb32c2a6487de7149a01b4139d95c3b31d648a3ec5
7
+ data.tar.gz: 5270af8f8b5c398d974857194adff85b826c75cd603006eac060d8762985220f13d095cd4b01ae94976b22a261c6250daa4ee05176b2bc635f7455bbd5eeeaf0
data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb CHANGED
@@ -10,6 +10,10 @@ module Contrast
10
10
  # before serializing that finding as a DTM to report to the TeamServer.
11
11
  module REDOSValidator
12
12
  RULE_NAME = 'redos'
13
+ # If Regexp is set to Float::Infinite this is the maximum number it will receive
14
+ POSITIVE_INFINITY = 18_446_744_073.709553
15
+ # We are checking and for negative infinity (-1.0/0.0 )
16
+ NEGATIVE_INFINITY = -POSITIVE_INFINITY
13
17
 
14
18
  class << self
15
19
  def valid? _patcher, object, _ret, args
@@ -49,8 +53,42 @@ module Contrast
49
53
 
50
54
  # Use #match? because it doesn't fill out global variables
51
55
  # in the way match or =~ do.
56
+ #
57
+ # Since ruby 3.2.0 the Regexp now have a timeout option. we need to check and see if the timeout
58
+ # is set. If so we can assume that the regexp is safe.
59
+ # puts "SAFE #{regexp_timeout_safe?(regexp)}"
60
+ return false if regexp_timeout_safe?(regexp)
61
+
62
+ # report only if pattern is bad:
52
63
  VULNERABLE_PATTERN.match?(regexp.source)
53
64
  end
65
+
66
+ # Check and see if a regexp is with safely set Timeout or not.
67
+ #
68
+ # @param regexp [Regexp]
69
+ # @return [Boolean]
70
+ def regexp_timeout_safe? regexp
71
+ return false if RUBY_VERSION < '3.2.0'
72
+ # Global
73
+ return false if Regexp.timeout.nil? || regexp_infinite?(Regexp)
74
+
75
+ # Local
76
+ return false if regexp.cs__is_a?(Regexp) && !(regexp.timeout.nil? || regexp_infinite?(regexp))
77
+
78
+ true
79
+ end
80
+
81
+ private
82
+
83
+ # Check and see if the set timeout is set to infinity:
84
+ #
85
+ # @param regexp[Regexp] Instance or class
86
+ # @return[Boolean]
87
+ def regexp_infinite? regexp
88
+ return false unless regexp.timeout == POSITIVE_INFINITY || regexp.timeout == NEGATIVE_INFINITY
89
+
90
+ true
91
+ end
54
92
  end
55
93
  end
56
94
  end
data/lib/contrast/agent/version.rb CHANGED
@@ -3,6 +3,6 @@
3
3
 
4
4
  module Contrast
5
5
  module Agent
6
- VERSION = '6.12.0'
6
+ VERSION = '6.13.0'
7
7
  end
8
8
  end
data/resources/assess/policy.json CHANGED
@@ -932,6 +932,22 @@
932
932
  "source":"O",
933
933
  "target":"R",
934
934
  "action":"SPLAT"
935
+ }, {
936
+ "class_name":"IO",
937
+ "method_name":"to_path",
938
+ "instance_method": true,
939
+ "method_visibility": "public",
940
+ "source":"O",
941
+ "target":"R",
942
+ "action":"SPLAT"
943
+ }, {
944
+ "class_name":"IO",
945
+ "method_name":"path",
946
+ "instance_method": true,
947
+ "method_visibility": "public",
948
+ "source":"O",
949
+ "target":"R",
950
+ "action":"SPLAT"
935
951
  }, {
936
952
  "class_name": "ActiveModel::AttributeAssignment",
937
953
  "method_name": "assign_attributes",
@@ -1177,6 +1193,16 @@
1177
1193
  "action": "BUFFER",
1178
1194
  "patch_method": "buffer_keep_splat"
1179
1195
  },
1196
+ {
1197
+ "class_name": "IO::Buffer",
1198
+ "instance_method": true,
1199
+ "method_visibility": "public",
1200
+ "method_name": "read",
1201
+ "source":"P0,O",
1202
+ "target":"O",
1203
+ "action": "BUFFER",
1204
+ "patch_method": "buffer_keep_splat"
1205
+ },
1180
1206
  {
1181
1207
  "class_name": "ERB",
1182
1208
  "method_name": "result",
data/ruby-agent.gemspec CHANGED
@@ -178,7 +178,7 @@ Gem::Specification.new do |spec|
178
178
  'Testing and Protection.'
179
179
  spec.homepage = 'https://www.contrastsecurity.com'
180
180
  spec.license = 'CONTRAST SECURITY (see license file)'
181
- spec.required_ruby_version = ['>= 2.7.0', '< 3.2.0']
181
+ spec.required_ruby_version = ['>= 2.7.0', '< 3.3.0']
182
182
 
183
183
  spec.bindir = 'exe'
184
184
  # Keep cs__common first, it handles funchook.h right now.
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: contrast-agent
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.12.0
4
+ version: 6.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
13
13
  autorequire:
14
14
  bindir: exe
15
15
  cert_chain: []
16
- date: 2023-01-10 00:00:00.000000000 Z
16
+ date: 2023-01-20 00:00:00.000000000 Z
17
17
  dependencies:
18
18
  - !ruby/object:Gem::Dependency
19
19
  name: bundler
@@ -684,22 +684,22 @@ email:
684
684
  executables: []
685
685
  extensions:
686
686
  - ext/cs__common/extconf.rb
687
- - ext/cs__assess_module/extconf.rb
688
- - ext/cs__scope/extconf.rb
689
- - ext/cs__assess_string_interpolation/extconf.rb
690
- - ext/cs__assess_kernel/extconf.rb
691
687
  - ext/cs__assess_basic_object/extconf.rb
692
- - ext/cs__assess_test/extconf.rb
693
- - ext/cs__assess_yield_track/extconf.rb
694
688
  - ext/cs__assess_hash/extconf.rb
689
+ - ext/cs__assess_kernel/extconf.rb
690
+ - ext/cs__assess_string_interpolation/extconf.rb
691
+ - ext/cs__contrast_patch/extconf.rb
695
692
  - ext/cs__assess_string/extconf.rb
693
+ - ext/cs__assess_regexp/extconf.rb
696
694
  - ext/cs__tests/extconf.rb
695
+ - ext/cs__assess_module/extconf.rb
696
+ - ext/cs__assess_yield_track/extconf.rb
697
697
  - ext/cs__assess_fiber_track/extconf.rb
698
- - ext/cs__contrast_patch/extconf.rb
699
- - ext/cs__assess_array/extconf.rb
698
+ - ext/cs__scope/extconf.rb
699
+ - ext/cs__assess_test/extconf.rb
700
700
  - ext/cs__os_information/extconf.rb
701
701
  - ext/cs__assess_marshal_module/extconf.rb
702
- - ext/cs__assess_regexp/extconf.rb
702
+ - ext/cs__assess_array/extconf.rb
703
703
  extra_rdoc_files: []
704
704
  files:
705
705
  - ".clang-format"
@@ -1349,7 +1349,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
1349
1349
  version: 2.7.0
1350
1350
  - - "<"
1351
1351
  - !ruby/object:Gem::Version
1352
- version: 3.2.0
1352
+ version: 3.3.0
1353
1353
  required_rubygems_version: !ruby/object:Gem::Requirement
1354
1354
  requirements:
1355
1355
  - - ">="