contrast-agent 6.15.2 → 6.15.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +2 -2
- data/lib/contrast/agent/request/request_context.rb +2 -0
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/framework/sinatra/support.rb +22 -38
- data/lib/contrast/utils/hash_digest.rb +7 -6
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bb55239bd37c7b0d2c3adc47d2e47ff25e331694b9be68522a29f8e4ce8c1220
|
|
4
|
+
data.tar.gz: 41a5a677403dd10c0dcd67673b32e32aa8f8ad04a82d963891f95ceaa25b46a1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 94aaa0a8ed0b9fb08fb5c206bee3695cd1cc1f3a8b7752fa8c52abfb563a4e58fac60162ab13c4f06ceb785532ae1a76b93dcc8f348e99d29b112b265a88051b
|
|
7
|
+
data.tar.gz: 658421a2a8558bac001eb707340f0bc763012d06b9fdcfe1137fb3ceff6f53966d7cc9af9bced07f08411b5e44af1ad5c4f5805b54abaae0ad71dcc81011fbb9
|
|
@@ -33,8 +33,8 @@ module Contrast
|
|
|
33
33
|
# Parse the given controller and route from a Rack based application framework in order to create an instance
|
|
34
34
|
# of this class
|
|
35
35
|
#
|
|
36
|
-
# @param final_controller [Grape::API
|
|
37
|
-
# entrypoint of the route actively being executed
|
|
36
|
+
# @param final_controller [Class<Grape::API>, Class<Sinatra::Base>] the controller responsible for the
|
|
37
|
+
# definition of the entrypoint of the route actively being executed
|
|
38
38
|
# @param method [String] the HTTP request method of the route actively being executed
|
|
39
39
|
# @param route_pattern [Grape::Router::Route, Mustermann::Sinatra] the pattern to which the url maps
|
|
40
40
|
# @param url [String] the literal url of the route actively being executed
|
|
@@ -135,6 +135,8 @@ module Contrast
|
|
|
135
135
|
@observed_route = Contrast::Agent::Reporting::ObservedRoute.new
|
|
136
136
|
reporting_route = Contrast::Agent.framework_manager.get_route_information(@request)
|
|
137
137
|
append_to_observed_route(reporting_route)
|
|
138
|
+
rescue StandardError => e
|
|
139
|
+
logger.error('Unable to determine current route', e)
|
|
138
140
|
end
|
|
139
141
|
end
|
|
140
142
|
end
|
|
@@ -67,30 +67,39 @@ module Contrast
|
|
|
67
67
|
# Given the current request - return a RouteCoverage object
|
|
68
68
|
|
|
69
69
|
# @param request [Contrast::Agent::Request] a contrast tracked request.
|
|
70
|
-
# @param
|
|
70
|
+
# @param _controller [::Sinatra::Base] optionally use this controller instead of global ::Sinatra::Base.
|
|
71
71
|
# @return [Contrast::Agent::Reporting::RouteCoverage, nil] a Dtm describing the route
|
|
72
72
|
# matched to the request if a match was found.
|
|
73
|
-
def current_route_coverage request,
|
|
74
|
-
return unless sinatra_controller?(controller)
|
|
75
|
-
|
|
73
|
+
def current_route_coverage request, _controller = ::Sinatra::Base, full_route = nil
|
|
76
74
|
method = request.env[::Rack::REQUEST_METHOD] # GET, PUT, POST, etc...
|
|
77
|
-
|
|
75
|
+
route = _cleaned_route(request)
|
|
78
76
|
# Find route match--checking superclasses if necessary.
|
|
79
|
-
|
|
80
|
-
|
|
77
|
+
sinatra_controllers.each do |potential_controller|
|
|
78
|
+
next unless sinatra_controller?(potential_controller)
|
|
79
|
+
|
|
80
|
+
next if potential_controller.nil? || potential_controller.cs__class == NilClass
|
|
81
81
|
|
|
82
|
-
|
|
82
|
+
route_patterns = potential_controller.routes.fetch(method) { [] }.
|
|
83
|
+
map(&:first)
|
|
84
|
+
route_pattern = route_patterns.find do |matcher|
|
|
85
|
+
matcher.params(route) # ::Mustermann::Sinatra match.
|
|
86
|
+
end
|
|
87
|
+
next unless route_pattern
|
|
83
88
|
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
89
|
+
full_route ||= request.env[::Rack::PATH_INFO]
|
|
90
|
+
new_route_coverage = Contrast::Agent::Reporting::RouteCoverage.new
|
|
91
|
+
new_route_coverage.attach_rack_based_data(potential_controller, method, route_pattern, full_route)
|
|
92
|
+
return new_route_coverage
|
|
93
|
+
end
|
|
94
|
+
nil
|
|
87
95
|
end
|
|
88
96
|
|
|
89
97
|
# Search object space for sinatra controllers--any class that subclasses ::Sinatra::Base.
|
|
90
98
|
#
|
|
91
|
-
# @return [Array<::Sinatra::Base
|
|
99
|
+
# @return [Array<Class<::Sinatra::Base>>] sinatra controlelrs
|
|
92
100
|
def sinatra_controllers
|
|
93
|
-
|
|
101
|
+
@_sinatra_controllers ||=
|
|
102
|
+
[::Sinatra::Base] + ObjectSpace.each_object(Class).select { |clazz| sinatra_controller?(clazz) }
|
|
94
103
|
end
|
|
95
104
|
|
|
96
105
|
def retrieve_request env
|
|
@@ -112,31 +121,6 @@ module Contrast
|
|
|
112
121
|
|
|
113
122
|
private
|
|
114
123
|
|
|
115
|
-
# Given a controller and a route to match against, find the route_pattern and class that will serve the
|
|
116
|
-
# route. This is recursive as Sinatra's routing is recursive from subclass to super.
|
|
117
|
-
#
|
|
118
|
-
# @param controller [Sinatra::Base, #routes] a Sinatra application.
|
|
119
|
-
# @param method [::Rack::REQUEST_METHOD] GET, POST, PUT, etc...
|
|
120
|
-
# @param route [String] the relative route passed from Rack.
|
|
121
|
-
# @return [Array[Sinatra::Base, Mustermann::Sinatra], nil] Either the controller that
|
|
122
|
-
# will handle the route along with the route pattern or nil if no match.
|
|
123
|
-
def _route_recurse controller, method, route
|
|
124
|
-
return if controller.nil? || controller.cs__class == NilClass
|
|
125
|
-
|
|
126
|
-
route_patterns = controller.routes.fetch(method) { [] }.
|
|
127
|
-
map(&:first)
|
|
128
|
-
route_pattern = route_patterns&.find do |matcher|
|
|
129
|
-
matcher.params(route) # ::Mustermann::Sinatra match.
|
|
130
|
-
end
|
|
131
|
-
|
|
132
|
-
return controller, route_pattern if route_pattern
|
|
133
|
-
|
|
134
|
-
# Check routes defined in superclass if present.
|
|
135
|
-
return unless controller.superclass&.instance_variable_get(:@routes)
|
|
136
|
-
|
|
137
|
-
_route_recurse(controller.superclass, method, route)
|
|
138
|
-
end
|
|
139
|
-
|
|
140
124
|
# Get route and do some cleanup matching that of Sinatra::Base#process_route.
|
|
141
125
|
#
|
|
142
126
|
# @param request [Contrast::Agent::Request] a contrast tracked request.
|
|
@@ -44,14 +44,15 @@ module Contrast
|
|
|
44
44
|
update(route.signature)
|
|
45
45
|
if (observation = route.observations[0])
|
|
46
46
|
update(observation.verb)
|
|
47
|
+
else
|
|
48
|
+
update(request.request_method)
|
|
47
49
|
end
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
return unless request ||= context&.request
|
|
50
|
+
else
|
|
51
|
+
return unless request ||= context&.request
|
|
52
52
|
|
|
53
|
-
|
|
54
|
-
|
|
53
|
+
update(request.normalized_uri) # the normalized URL used to access the method in the route.
|
|
54
|
+
update(request.request_method)
|
|
55
|
+
end
|
|
55
56
|
end
|
|
56
57
|
|
|
57
58
|
# Update to CRC checksum the event source name and source type.
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: contrast-agent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.15.
|
|
4
|
+
version: 6.15.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- galen.palmer@contrastsecurity.com
|
|
@@ -13,7 +13,7 @@ authors:
|
|
|
13
13
|
autorequire:
|
|
14
14
|
bindir: exe
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date: 2023-02-
|
|
16
|
+
date: 2023-02-23 00:00:00.000000000 Z
|
|
17
17
|
dependencies:
|
|
18
18
|
- !ruby/object:Gem::Dependency
|
|
19
19
|
name: bundler
|