contrast-agent 6.14.0 → 6.15.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (80) hide show
  1. checksums.yaml +4 -4
  2. data/ext/cs__scope/cs__scope.c +2 -1
  3. data/lib/contrast/agent/{assess.rb → assess/assess.rb} +1 -1
  4. data/lib/contrast/agent/{module_data.rb → assess/module_data.rb} +0 -0
  5. data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +3 -0
  6. data/lib/contrast/agent/assess/policy/policy_node.rb +3 -2
  7. data/lib/contrast/agent/assess/policy/propagation_method.rb +2 -2
  8. data/lib/contrast/agent/assess/policy/propagator/database_write.rb +0 -1
  9. data/lib/contrast/agent/assess/policy/source_method.rb +1 -1
  10. data/lib/contrast/agent/assess/policy/trigger_method.rb +36 -1
  11. data/lib/contrast/agent/{excluder.rb → excluder/excluder.rb} +0 -0
  12. data/lib/contrast/agent/{exclusion_matcher.rb → excluder/exclusion_matcher.rb} +0 -0
  13. data/lib/contrast/agent/{at_exit_hook.rb → hooks/at_exit_hook.rb} +0 -0
  14. data/lib/contrast/agent/{tracepoint_hook.rb → hooks/tracepoint_hook.rb} +0 -0
  15. data/lib/contrast/agent/inventory/database_config.rb +1 -0
  16. data/lib/contrast/agent/{inventory.rb → inventory/inventory.rb} +0 -0
  17. data/lib/contrast/agent/{middleware.rb → middleware/middleware.rb} +3 -3
  18. data/lib/contrast/agent/{static_analysis.rb → middleware/static_analysis.rb} +0 -0
  19. data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +5 -5
  20. data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb +1 -1
  21. data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +1 -1
  22. data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +1 -1
  23. data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +1 -1
  24. data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +1 -1
  25. data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +1 -1
  26. data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +1 -1
  27. data/lib/contrast/agent/protect/rule/base.rb +121 -134
  28. data/lib/contrast/agent/protect/rule/{bot_blocker.rb → bot_blocker/bot_blocker.rb} +2 -2
  29. data/lib/contrast/agent/protect/rule/{cmd_injection.rb → cmdi/cmd_injection.rb} +1 -1
  30. data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb +3 -3
  31. data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb +1 -1
  32. data/lib/contrast/agent/protect/rule/cmdi/cmdi_chained_command.rb +2 -2
  33. data/lib/contrast/agent/protect/rule/cmdi/cmdi_dangerous_path.rb +2 -2
  34. data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +1 -1
  35. data/lib/contrast/agent/protect/rule/{deserialization.rb → deserialization/deserialization.rb} +2 -2
  36. data/lib/contrast/agent/protect/rule/{no_sqli.rb → no_sqli/no_sqli.rb} +3 -3
  37. data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +1 -1
  38. data/lib/contrast/agent/protect/rule/{path_traversal.rb → path_traversal/path_traversal.rb} +2 -2
  39. data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb +3 -3
  40. data/lib/contrast/agent/protect/rule/{sql_sample_builder.rb → sqli/sql_sample_builder.rb} +0 -1
  41. data/lib/contrast/agent/protect/rule/{sqli.rb → sqli/sqli.rb} +2 -2
  42. data/lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb +1 -1
  43. data/lib/contrast/agent/protect/rule/{unsafe_file_upload.rb → unsafe_file_upload/unsafe_file_upload.rb} +2 -2
  44. data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +1 -1
  45. data/lib/contrast/agent/protect/rule/utils/builders.rb +111 -0
  46. data/lib/contrast/agent/protect/rule/utils/filters.rb +110 -0
  47. data/lib/contrast/agent/protect/rule/{xss.rb → xss/xss.rb} +2 -2
  48. data/lib/contrast/agent/protect/rule/{xxe.rb → xxe/xxe.rb} +2 -2
  49. data/lib/contrast/agent/protect/rule.rb +8 -9
  50. data/lib/contrast/agent/{disable_reaction.rb → reactions/disable_reaction.rb} +0 -0
  51. data/lib/contrast/agent/reporting/reporter.rb +1 -1
  52. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +3 -3
  53. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +1 -1
  54. data/lib/contrast/agent/reporting/reporting_workers/application_server_worker.rb +1 -1
  55. data/lib/contrast/agent/reporting/reporting_workers/reporter_heartbeat.rb +1 -1
  56. data/lib/contrast/agent/reporting/reporting_workers/server_settings_worker.rb +1 -1
  57. data/lib/contrast/agent/{request.rb → request/request.rb} +0 -0
  58. data/lib/contrast/agent/{request_context.rb → request/request_context.rb} +3 -3
  59. data/lib/contrast/agent/{request_context_extend.rb → request/request_context_extend.rb} +0 -0
  60. data/lib/contrast/agent/{request_handler.rb → request/request_handler.rb} +0 -0
  61. data/lib/contrast/agent/{response.rb → response/response.rb} +0 -0
  62. data/lib/contrast/agent/{scope.rb → scope/scope.rb} +0 -0
  63. data/lib/contrast/agent/telemetry/base.rb +2 -2
  64. data/lib/contrast/agent/{telemetry.rb → telemetry/telemetry.rb} +0 -0
  65. data/lib/contrast/agent/{thread.rb → thread/thread.rb} +0 -0
  66. data/lib/contrast/agent/{thread_watcher.rb → thread/thread_watcher.rb} +0 -0
  67. data/lib/contrast/agent/{worker_thread.rb → thread/worker_thread.rb} +0 -0
  68. data/lib/contrast/agent/version.rb +1 -1
  69. data/lib/contrast/agent.rb +11 -11
  70. data/lib/contrast/components/agent.rb +1 -1
  71. data/lib/contrast/components/assess.rb +1 -0
  72. data/lib/contrast/{agent → components}/rule_set.rb +0 -0
  73. data/lib/contrast/components/scope.rb +1 -1
  74. data/lib/contrast/components/settings.rb +1 -1
  75. data/lib/contrast/extension/assess/exec_trigger.rb +1 -1
  76. data/lib/contrast/extension/assess/string.rb +4 -3
  77. data/lib/contrast.rb +1 -1
  78. data/ruby-agent.gemspec +4 -2
  79. metadata +53 -58
  80. data/lib/contrast/agent/protect/rule/base_service.rb +0 -175
@@ -0,0 +1,111 @@
1
+ # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ module Contrast
5
+ module Agent
6
+ module Protect
7
+ module Rule
8
+ # Module to hold base builder methods used by Contrast::Agent::Protect::Rule::Base class.
9
+ module Builders
10
+ # A given input, candidate_string, was determined to violate a
11
+ # protect rule and did exploit the application, or at least made it
12
+ # to exploitable code in the case where we blocked the attack. As
13
+ # such, we need to build a result to report this violation to
14
+ # TeamServer.
15
+ #
16
+ # @param context [Contrast::Agent::RequestContext] the context of the
17
+ # request in which this input is evaluated.
18
+ # @param ia_result [Contrast::Agent::Reporting::InputAnalysis] the
19
+ # analysis of the input that was determined to be an attack
20
+ # @param result [Contrast::Agent::Reporting::AttackResult, nil] previous
21
+ # attack result for this rule, if one exists, in the case of
22
+ # multiple inputs being found to violate the protection criteria
23
+ # @param candidate_string [String] the value of the input which may
24
+ # be an attack
25
+ # @param kwargs [Hash] key - value pairs of context individual rules
26
+ # need to build out details to send to the TeamServer to tell the
27
+ # story of the attack
28
+ # @return [Contrast::Agent::Reporting::AttackResult] the attack result from
29
+ # this input
30
+ def build_attack_with_match context, ia_result, result, candidate_string, **kwargs
31
+ result ||= build_attack_result(context)
32
+ update_successful_attack_response(context, ia_result, result, candidate_string)
33
+ append_sample(context, ia_result, result, candidate_string, **kwargs)
34
+
35
+ result
36
+ end
37
+
38
+ # A given input, candidate_string, was determined to violate a
39
+ # protect rule but did not exploit the application. As such, we need
40
+ # to build a result to report this violation to TeamServer.
41
+ #
42
+ # @param context [Contrast::Agent::RequestContext, nil] the context of the
43
+ # request in which this input is evaluated.
44
+ # @param ia_result [Contrast::Agent::Reporting::InputAnalysis] the
45
+ # analysis of the input that was determined to be an attack
46
+ # @param result [Contrast::Agent::Reporting::AttackResult, nil] previous
47
+ # attack result for this rule, if one exists, in the case of
48
+ # multiple inputs being found to violate the protection criteria
49
+ # @param kwargs [Hash, nil] key - value pairs of context individual rules
50
+ # need to build out details to send to TeamServer to tell the
51
+ # story of the attack
52
+ # @return [Contrast::Agent::Reporting::AttackResult] the attack result from
53
+ # this input
54
+ def build_attack_without_match context, ia_result, result, **kwargs
55
+ result ||= build_attack_result(context)
56
+ update_perimeter_attack_response(context, ia_result, result)
57
+ append_sample(context, ia_result, result, nil, **kwargs)
58
+
59
+ result
60
+ end
61
+
62
+ # Set up an attack result for the current rule
63
+ #
64
+ # @param _context [Contrast::Agent::RequestContext] the context of
65
+ # the current request
66
+ # @return [Contrast::Agent::Reporting::AttackResult]
67
+ def build_attack_result _context
68
+ result = Contrast::Agent::Reporting::AttackResult.new
69
+ result.rule_id = rule_name
70
+ result
71
+ end
72
+
73
+ # Override if rule can make use of the candidate string or kwargs to
74
+ # build rasp rule sample.
75
+ #
76
+ # @param context [Contrast::Agent::RequestContext]
77
+ # @param ia_result [Contrast::Agent::Reporting::Settings::InputAnalysisResult] the analysis of the input that
78
+ # was determined to be an attack
79
+ # @param _candidate_string [String] potential attack value/ input containing attack value
80
+ # @param _kwargs [Hash]
81
+ # @return [Contrast::Agent::Reporting::RaspRuleSample]
82
+ def build_sample context, ia_result, _candidate_string, **_kwargs
83
+ build_base_sample(context, ia_result)
84
+ end
85
+
86
+ # @param context [Contrast::Agent::RequestContext]
87
+ # @param ia_result [Contrast::Agent::Reporting::Settings::InputAnalysisResult] the analysis of the input that
88
+ # was determined to be an attack
89
+ # @return [Contrast::Agent::Reporting::RaspRuleSample]
90
+ def build_base_sample context, ia_result
91
+ Contrast::Agent::Reporting::RaspRuleSample.build(context, ia_result)
92
+ end
93
+
94
+ # Used to build and report semantic rules.
95
+ #
96
+ # @param context [Contrast::Agent::RequestContext] current request contest
97
+ # @param potential_attack_string [String]
98
+ def build_violation context, potential_attack_string
99
+ result = build_attack_result(context)
100
+ update_successful_attack_response(context, nil, result, potential_attack_string)
101
+ return unless result
102
+
103
+ append_sample(context, nil, result, potential_attack_string)
104
+ cef_logging(result, :successful_attack)
105
+ result
106
+ end
107
+ end
108
+ end
109
+ end
110
+ end
111
+ end
@@ -0,0 +1,110 @@
1
+ # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
+ # frozen_string_literal: true
3
+
4
+ module Contrast
5
+ module Agent
6
+ module Protect
7
+ module Rule
8
+ # Module to hold required generic filters (prefilter, infilter, postfilter)
9
+ module Filters
10
+ POSTFILTER_MODES = Set.new(%i[BLOCK MONITOR]).cs__freeze
11
+
12
+ # Actions required for the rules that have to happen before the
13
+ # application has completed its processing of the request.
14
+ #
15
+ # For most rules, these actions are performed within the analysis
16
+ # engine and communicated as an input analysis result. Those that
17
+ # require specific action need to provide that action.
18
+ #
19
+ # @param context [Contrast::Agent::RequestContext] the context for
20
+ # the current request
21
+ def prefilter context
22
+ return unless prefilter?(context)
23
+
24
+ ia_results = gather_ia_results(context)
25
+
26
+ ia_results.each do |ia_result|
27
+ result = build_attack_result(context)
28
+ build_attack_without_match(context, ia_result, result)
29
+ append_to_activity(context, result)
30
+
31
+ cef_logging(result, :successful_attack)
32
+ raise(Contrast::SecurityException.new(self, block_message)) if blocked?
33
+ end
34
+ end
35
+
36
+ # Prefilter check always called before infilter to check if the rule is infilter
37
+ # capable, not disabled or in other way excluded by url or input exclusions.
38
+ #
39
+ # @param context [Contrast::Agent::RequestContext]
40
+ # @return [Boolean]
41
+ def prefilter? context
42
+ return false unless context
43
+ return false unless enabled?
44
+ return false unless (results = gather_ia_results(context)) && results.any?
45
+ return false if protect_excluded_by_url?(rule_name, context.request.path)
46
+ return false if protect_excluded_by_input?(results, context.request.path)
47
+
48
+ true
49
+ end
50
+
51
+ # This should only ever be called directly from patched code and will
52
+ # have a different implementation based on the rule. As such, there
53
+ # is not parent implementation.
54
+ #
55
+ # @param _context [Contrast::Agent::RequestContext] the context for
56
+ # the current request
57
+ # @param _match_string [String] the input that violated the rule and
58
+ # matched the attack detection logic
59
+ # @param _kwargs [Hash] key-value pairs used by the rule to build a
60
+ # report.
61
+ def infilter _context, _match_string, **_kwargs; end
62
+
63
+ # Infilter check always called before infilter to check if the rule is infilter
64
+ # capable, not disabled or in other way excluded by url or input exclusions.
65
+ #
66
+ # @param context [Contrast::Agent::RequestContext]
67
+ # @return [Boolean]
68
+ def infilter? context
69
+ return false unless enabled?
70
+ return false unless (results = gather_ia_results(context)) && results.any?
71
+ return false if protect_excluded_by_url?(rule_name, context.request.path)
72
+ return false if protect_excluded_by_input?(results, context.request.path)
73
+
74
+ true
75
+ end
76
+
77
+ # Actions required for the rules that have to happen after the
78
+ # application has completed its processing of the request.
79
+ #
80
+ # Any implementation here needs to account for the fact that
81
+ # responses may be streaming and, as such, transformations of the
82
+ # response itself may not be permissible.
83
+ #
84
+ # Override for rules that need the response
85
+ # Currently postfilter can be applied to streamed responses, if any logic within postfilter changes to modify
86
+ # the response streamed responses will break
87
+ #
88
+ # @param context [Contrast::Agent::RequestContext]
89
+ # @raise [Contrast::SecurityException]
90
+ def postfilter context
91
+ return unless enabled? && POSTFILTER_MODES.include?(mode)
92
+ return false if protect_excluded_by_url?(rule_name, context.request.path)
93
+ return if protect_excluded_by_input?(gather_ia_results(context), context.request.path)
94
+
95
+ return if mode == :NO_ACTION || mode == :PERMIT
96
+
97
+ result = find_postfilter_attacker(context, nil)
98
+ return unless result&.samples&.any?
99
+
100
+ cef_logging(result)
101
+ append_to_activity(context, result)
102
+ return unless result.response == :BLOCKED
103
+
104
+ raise(Contrast::SecurityException.new(self, "#{ rule_name } triggered in postfilter. Response blocked."))
105
+ end
106
+ end
107
+ end
108
+ end
109
+ end
110
+ end
@@ -1,7 +1,7 @@
1
1
  # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- require 'contrast/agent/protect/rule/base_service'
4
+ require 'contrast/agent/protect/rule/base'
5
5
  require 'contrast/agent/protect/rule/xss/reflected_xss_input_classification'
6
6
  require 'contrast/agent/reporting/input_analysis/input_type'
7
7
 
@@ -10,7 +10,7 @@ module Contrast
10
10
  module Protect
11
11
  module Rule
12
12
  # The Ruby implementation of the Protect Cross-Site Scripting rule.
13
- class Xss < Contrast::Agent::Protect::Rule::BaseService
13
+ class Xss < Contrast::Agent::Protect::Rule::Base
14
14
  include Contrast::Agent::Reporting::InputType
15
15
  NAME = 'reflected-xss'
16
16
  BLOCK_MESSAGE = 'XSS rule triggered. Response blocked.'
@@ -1,7 +1,7 @@
1
1
  # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- require 'contrast/agent/protect/rule/base_service'
4
+ require 'contrast/agent/protect/rule/base'
5
5
  require 'contrast/agent/reporting/details/xxe_details'
6
6
  require 'contrast/agent/reporting/details/xxe_match'
7
7
  require 'contrast/agent/reporting/details/xxe_wrapper'
@@ -14,7 +14,7 @@ module Contrast
14
14
  module Rule
15
15
  # Implementation of the XXE Protect Rule used to evaluate XML calls for exploit
16
16
  # of unsafe external entity resolution.
17
- class Xxe < Contrast::Agent::Protect::Rule::BaseService
17
+ class Xxe < Contrast::Agent::Protect::Rule::Base
18
18
  include Contrast::Components::Logger::InstanceMethods
19
19
  INPUT_NAME = 'XML Prolog'
20
20
 
@@ -16,14 +16,13 @@ end
16
16
 
17
17
  # The classes required for All Rasp Rules
18
18
  require 'contrast/agent/protect/rule/base'
19
- require 'contrast/agent/protect/rule/base_service'
20
19
 
21
20
  # The classes required for the XSS Rasp Rule
22
- require 'contrast/agent/protect/rule/xss'
21
+ require 'contrast/agent/protect/rule/xss/xss'
23
22
 
24
23
  # The classes required for the SQLI
25
24
  require 'contrast/agent/protect/rule/default_scanner'
26
- require 'contrast/agent/protect/rule/sqli'
25
+ require 'contrast/agent/protect/rule/sqli/sqli'
27
26
  require 'contrast/agent/protect/rule/sqli/default_sql_scanner'
28
27
  require 'contrast/agent/protect/rule/sqli/mysql_sql_scanner'
29
28
  require 'contrast/agent/protect/rule/sqli/postgres_sql_scanner'
@@ -31,22 +30,22 @@ require 'contrast/agent/protect/rule/sqli/sqlite_sql_scanner'
31
30
  require 'contrast/agent/protect/rule/sqli/sqli_semantic/sqli_dangerous_functions'
32
31
 
33
32
  # The classes required for Path Traversal
34
- require 'contrast/agent/protect/rule/path_traversal'
33
+ require 'contrast/agent/protect/rule/path_traversal/path_traversal'
35
34
 
36
35
  # The classes required for Command Injection and sub-rules
37
- require 'contrast/agent/protect/rule/cmd_injection'
36
+ require 'contrast/agent/protect/rule/cmdi/cmd_injection'
38
37
  require 'contrast/agent/protect/rule/cmdi/cmdi_backdoors'
39
38
 
40
39
  # The classes required for XXE
41
- require 'contrast/agent/protect/rule/xxe'
40
+ require 'contrast/agent/protect/rule/xxe/xxe'
42
41
  require 'contrast/agent/protect/rule/xxe/entity_wrapper'
43
42
 
44
43
  # The classes required for Untrusted Deserialization
45
- require 'contrast/agent/protect/rule/deserialization'
44
+ require 'contrast/agent/protect/rule/deserialization/deserialization'
46
45
 
47
46
  # The classes required for the NoSQLi
48
- require 'contrast/agent/protect/rule/no_sqli'
47
+ require 'contrast/agent/protect/rule/no_sqli/no_sqli'
49
48
  require 'contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner'
50
49
 
51
50
  # The classes required for Unsafe File Upload
52
- require 'contrast/agent/protect/rule/unsafe_file_upload'
51
+ require 'contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload'
@@ -1,7 +1,7 @@
1
1
  # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- require 'contrast/agent/worker_thread'
4
+ require 'contrast/agent/thread/worker_thread'
5
5
  require 'contrast/agent/reporting/report'
6
6
  require 'contrast/components/logger'
7
7
  require 'contrast/agent/reporting/reporting_events/agent_startup'
@@ -1,9 +1,9 @@
1
1
  # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- require 'contrast/agent/protect/rule/cmd_injection'
5
- require 'contrast/agent/protect/rule/deserialization'
6
- require 'contrast/agent/protect/rule/no_sqli'
4
+ require 'contrast/agent/protect/rule/cmdi/cmd_injection'
5
+ require 'contrast/agent/protect/rule/deserialization/deserialization'
6
+ require 'contrast/agent/protect/rule/no_sqli/no_sqli'
7
7
  require 'contrast/agent/reporting/attack_result/user_input'
8
8
  require 'contrast/agent/reporting/attack_result/response_type'
9
9
  require 'contrast/components/logger'
@@ -3,7 +3,7 @@
3
3
 
4
4
  require 'contrast/agent/reporting/reporting_utilities/ng_response_extractor'
5
5
  require 'contrast/agent/reporting/reporting_utilities/response_extractor'
6
- require 'contrast/agent/disable_reaction'
6
+ require 'contrast/agent/reactions/disable_reaction'
7
7
 
8
8
  module Contrast
9
9
  module Agent
@@ -1,7 +1,7 @@
1
1
  # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- require 'contrast/agent/worker_thread'
4
+ require 'contrast/agent/thread/worker_thread'
5
5
  require 'contrast/agent/reporting/report'
6
6
 
7
7
  module Contrast
@@ -1,7 +1,7 @@
1
1
  # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- require 'contrast/agent/worker_thread'
4
+ require 'contrast/agent/thread/worker_thread'
5
5
  require 'contrast/agent/reporting/report'
6
6
  require 'contrast/agent/inventory/dependency_usage_analysis'
7
7
  require 'contrast/agent/reporting/reporting_events/poll'
@@ -1,7 +1,7 @@
1
1
  # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- require 'contrast/agent/worker_thread'
4
+ require 'contrast/agent/thread/worker_thread'
5
5
  require 'contrast/agent/reporting/report'
6
6
 
7
7
  module Contrast
@@ -2,13 +2,13 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/utils/timer'
5
- require 'contrast/agent/request'
6
- require 'contrast/agent/response'
5
+ require 'contrast/agent/request/request'
6
+ require 'contrast/agent/response/response'
7
7
  require 'contrast/agent/inventory/database_config'
8
8
  require 'contrast/components/logger'
9
9
  require 'contrast/components/scope'
10
10
  require 'contrast/utils/request_utils'
11
- require 'contrast/agent/request_context_extend'
11
+ require 'contrast/agent/request/request_context_extend'
12
12
  require 'contrast/agent/reporting/reporting_events/observed_route'
13
13
  require 'contrast/agent/reporting/input_analysis/input_analysis'
14
14
  require 'contrast/agent/reporting/reporting_events/application_activity'
File without changes
@@ -4,8 +4,8 @@
4
4
  require 'contrast/config/env_variables'
5
5
  require 'contrast/components/logger'
6
6
  require 'contrast/agent/telemetry/client'
7
- require 'contrast/agent/worker_thread'
8
- require 'contrast/agent/telemetry'
7
+ require 'contrast/agent/thread/worker_thread'
8
+ require 'contrast/agent/telemetry/telemetry'
9
9
  require 'contrast/agent/telemetry/exception'
10
10
 
11
11
  module Contrast
File without changes
@@ -3,6 +3,6 @@
3
3
 
4
4
  module Contrast
5
5
  module Agent
6
- VERSION = '6.14.0'
6
+ VERSION = '6.15.1'
7
7
  end
8
8
  end
@@ -35,14 +35,14 @@ require 'contrast/utils/findings'
35
35
  # Collect Exploites and Attacks
36
36
  require 'contrast/agent/protect/exploitable_collection'
37
37
  # scoping
38
- require 'contrast/agent/scope'
38
+ require 'contrast/agent/scope/scope'
39
39
 
40
40
  require 'contrast/utils/thread_tracker'
41
41
 
42
42
  # Framework support
43
43
  require 'contrast/framework/manager'
44
44
 
45
- require 'contrast/agent/thread_watcher'
45
+ require 'contrast/agent/thread/thread_watcher'
46
46
  require 'contrast/utils/silence_maker'
47
47
 
48
48
  module Contrast
@@ -103,27 +103,27 @@ end
103
103
 
104
104
  require 'contrast/utils/resource_loader'
105
105
  require 'contrast/utils/duck_utils'
106
- require 'contrast/agent/tracepoint_hook'
107
- require 'contrast/agent/at_exit_hook'
106
+ require 'contrast/agent/hooks/tracepoint_hook'
107
+ require 'contrast/agent/hooks/at_exit_hook'
108
108
 
109
- require 'contrast/agent/exclusion_matcher'
109
+ require 'contrast/agent/excluder/exclusion_matcher'
110
110
 
111
- # threads that handle contrast scope
112
- require 'contrast/agent/thread'
111
+ # threads that handle contrast scoper
112
+ require 'contrast/agent/thread/thread'
113
113
 
114
114
  # keep track of attacks
115
- require 'contrast/agent/request_context'
115
+ require 'contrast/agent/request/request_context'
116
116
 
117
- require 'contrast/agent/assess'
117
+ require 'contrast/agent/assess/assess'
118
118
 
119
119
  # protect rules
120
120
  require 'contrast/agent/protect/rule'
121
121
 
122
122
  # application libraries and technologies
123
- require 'contrast/agent/inventory'
123
+ require 'contrast/agent/inventory/inventory'
124
124
 
125
125
  # rack event monitoring
126
- require 'contrast/agent/middleware'
126
+ require 'contrast/agent/middleware/middleware'
127
127
 
128
128
  # Install the patches we need before the application has a chance to initialize
129
129
  Contrast::Agent.framework_manager.before_load_patches!
@@ -3,7 +3,7 @@
3
3
 
4
4
  require 'rubygems/version'
5
5
  require 'contrast/components/base'
6
- require 'contrast/agent/rule_set'
6
+ require 'contrast/components/rule_set'
7
7
  require 'contrast/components/logger'
8
8
  require 'contrast/components/security_logger'
9
9
  require 'contrast/components/heap_dump'
@@ -45,6 +45,7 @@ module Contrast
45
45
  tags
46
46
  enable_scan_response
47
47
  enable_original_object
48
+ enable_dynamic_sources
48
49
  stacktraces
49
50
  max_context_source_events
50
51
  max_propagation_events
File without changes
@@ -2,7 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'fiber'
5
- require 'contrast/agent/scope'
5
+ require 'contrast/agent/scope/scope'
6
6
  require 'cs__scope/cs__scope'
7
7
 
8
8
  # This is the Scope component.
@@ -1,7 +1,7 @@
1
1
  # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- require 'contrast/agent/excluder'
4
+ require 'contrast/agent/excluder/excluder'
5
5
  require 'contrast/agent/reporting/settings/sensitive_data_masking'
6
6
  require 'contrast/components/config'
7
7
  require 'contrast/components/logger'
@@ -1,7 +1,7 @@
1
1
  # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- require 'contrast/agent/at_exit_hook'
4
+ require 'contrast/agent/hooks/at_exit_hook'
5
5
 
6
6
  module Contrast
7
7
  module Extension
@@ -14,9 +14,6 @@ module Contrast
14
14
  # Contrast::Agent::Assess::Policy::Propagator molds without cluttering up the
15
15
  # String Class or exposing our methods there.
16
16
  class StringPropagator
17
- extend Contrast::Components::Logger::InstanceMethods
18
- extend Contrast::Components::Scope::InstanceMethods
19
-
20
17
  NODE_HASH = {
21
18
  'class_name' => 'String',
22
19
  'instance_method' => true,
@@ -31,6 +28,8 @@ module Contrast
31
28
  INTERPOLATION_NODE = Contrast::Agent::Assess::Policy::PropagationNode.new(NODE_HASH)
32
29
 
33
30
  class << self
31
+ include Contrast::Components::Logger::InstanceMethods
32
+ include Contrast::Components::Scope::InstanceMethods
34
33
  # We call this method from C, and the Scope check is happening there. If we are in
35
34
  # Contrast Scope the method won't be invoked.
36
35
  #
@@ -76,6 +75,8 @@ module Contrast
76
75
  return unless (dynamic_props = Contrast::Agent::Assess::Tracker.properties(source)&.properties)
77
76
 
78
77
  Contrast::Agent::Assess::Tracker.properties(target)&.add_properties(dynamic_props)
78
+ rescue StandardError => e
79
+ logger.error('Unable to copy Dynamic track interpolation', e)
79
80
  end
80
81
  end
81
82
  end
data/lib/contrast.rb CHANGED
@@ -62,7 +62,7 @@ require 'contrast/components/scope'
62
62
  require 'contrast/components/settings'
63
63
  require 'contrast/utils/routes_sent'
64
64
  require 'contrast/agent/telemetry/hash'
65
- require 'contrast/agent/telemetry'
65
+ require 'contrast/agent/telemetry/telemetry'
66
66
  require 'contrast/agent/telemetry/exception/event'
67
67
  require 'contrast/agent_lib/interface'
68
68
 
data/ruby-agent.gemspec CHANGED
@@ -120,10 +120,12 @@ end
120
120
  # dependencies.csv in this directory to indicate that and create a
121
121
  # corresponding update to the fake gem server data in TeamServer.
122
122
  def self.add_dependencies spec
123
+ spec.add_dependency 'ffi', '~> 1.0'
123
124
  spec.add_dependency 'ougai', '>= 1.8', '< 3.0.0'
124
125
  spec.add_dependency 'rack', '~> 2.0'
125
- spec.add_dependency 'contrast-agent-lib', '~> 0.1.0', '>= 0.1.3'
126
- spec.add_dependency 'ffi', '~> 1.0'
126
+
127
+ # bind this directly as we've had issues w/ build changes on bug release
128
+ spec.add_dependency 'contrast-agent-lib', '1.1.0'
127
129
  end
128
130
 
129
131
  # Enumerate the files required to build the Agent.