contrast-agent 6.2.0 → 6.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +7 -5
- data/ext/cs__assess_kernel/cs__assess_kernel.c +14 -3
- data/ext/cs__assess_kernel/cs__assess_kernel.h +2 -0
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +10 -3
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +2 -1
- data/ext/cs__assess_regexp/cs__assess_regexp.c +9 -7
- data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.c → cs__assess_string_interpolation/cs__assess_string_interpolation.c} +14 -3
- data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.h → cs__assess_string_interpolation/cs__assess_string_interpolation.h} +1 -1
- data/ext/{cs__assess_string_interpolation26 → cs__assess_string_interpolation}/extconf.rb +0 -0
- data/ext/cs__common/cs__common.c +5 -4
- data/ext/cs__contrast_patch/cs__contrast_patch.c +3 -10
- data/lib/contrast/agent/assess/events/source_event.rb +16 -12
- data/lib/contrast/agent/assess/policy/policy_node.rb +6 -0
- data/lib/contrast/agent/assess/policy/propagation_method.rb +3 -39
- data/lib/contrast/agent/assess/policy/propagation_node.rb +8 -0
- data/lib/contrast/agent/assess/policy/propagator/base.rb +2 -0
- data/lib/contrast/agent/assess/policy/source_method.rb +2 -47
- data/lib/contrast/agent/assess/policy/source_node.rb +1 -0
- data/lib/contrast/agent/assess/policy/trigger_node.rb +8 -0
- data/lib/contrast/agent/assess/property/evented.rb +4 -18
- data/lib/contrast/agent/assess/tag.rb +19 -0
- data/lib/contrast/agent/at_exit_hook.rb +8 -8
- data/lib/contrast/agent/inventory/database_config.rb +6 -3
- data/lib/contrast/agent/inventory/dependency_analysis.rb +3 -2
- data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +10 -10
- data/lib/contrast/agent/middleware.rb +4 -0
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +27 -2
- data/lib/contrast/agent/patching/policy/policy.rb +5 -0
- data/lib/contrast/agent/patching/policy/policy_node.rb +6 -0
- data/lib/contrast/agent/patching/policy/trigger_node.rb +3 -0
- data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +3 -4
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +1 -0
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +2 -2
- data/lib/contrast/agent/protect/rule/base.rb +1 -0
- data/lib/contrast/agent/protect/rule/no_sqli.rb +2 -0
- data/lib/contrast/agent/reporting/reporter.rb +32 -7
- data/lib/contrast/agent/reporting/reporter_heartbeat.rb +21 -15
- data/lib/contrast/agent/reporting/reporting_events/application_update.rb +5 -24
- data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +8 -1
- data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +8 -1
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +7 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +10 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb +12 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +10 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +29 -32
- data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +13 -1
- data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +11 -8
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +12 -5
- data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +8 -1
- data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +9 -1
- data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +10 -1
- data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +11 -4
- data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +0 -8
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +1 -4
- data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +0 -22
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +1 -3
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +1 -11
- data/lib/contrast/agent/request.rb +5 -7
- data/lib/contrast/agent/request_context.rb +8 -17
- data/lib/contrast/agent/request_context_extend.rb +8 -9
- data/lib/contrast/agent/request_handler.rb +9 -38
- data/lib/contrast/agent/rule_set.rb +4 -0
- data/lib/contrast/agent/service_heartbeat.rb +1 -1
- data/lib/contrast/agent/static_analysis.rb +6 -11
- data/lib/contrast/agent/telemetry/base.rb +35 -35
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +2 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +2 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +5 -2
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +3 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +3 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb +0 -1
- data/lib/contrast/agent/thread_watcher.rb +1 -4
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/api/communication/socket.rb +1 -0
- data/lib/contrast/api/decorators/message.rb +0 -6
- data/lib/contrast/api/decorators.rb +0 -2
- data/lib/contrast/components/assess.rb +0 -6
- data/lib/contrast/components/config.rb +18 -2
- data/lib/contrast/config/base_configuration.rb +0 -13
- data/lib/contrast/config/root_configuration.rb +1 -0
- data/lib/contrast/config/ruby_configuration.rb +2 -9
- data/lib/contrast/configuration.rb +0 -2
- data/lib/contrast/extension/assess/eval_trigger.rb +0 -4
- data/lib/contrast/extension/assess/hash.rb +3 -2
- data/lib/contrast/extension/assess/kernel.rb +22 -0
- data/lib/contrast/extension/assess/marshal.rb +16 -0
- data/lib/contrast/extension/assess/string.rb +21 -20
- data/lib/contrast/framework/base_support.rb +8 -0
- data/lib/contrast/framework/manager.rb +6 -20
- data/lib/contrast/framework/manager_extend.rb +0 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +11 -16
- data/lib/contrast/logger/aliased_logging.rb +2 -0
- data/lib/contrast/utils/assess/source_method_utils.rb +0 -9
- data/lib/contrast/utils/lru_cache.rb +3 -0
- data/lib/contrast/utils/middleware_utils.rb +2 -0
- data/lib/contrast/utils/telemetry_client.rb +7 -7
- data/resources/assess/policy.json +2 -11
- data/ruby-agent.gemspec +1 -1
- metadata +22 -20
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb +0 -30
- data/lib/contrast/api/decorators/application_update.rb +0 -44
- data/lib/contrast/api/decorators/library.rb +0 -56
- data/lib/contrast/framework/platform_version.rb +0 -22
|
@@ -16,6 +16,8 @@ module Contrast
|
|
|
16
16
|
# includes the literal URL and HTTP Verb used to invoke them, as they must have been called at this point to be
|
|
17
17
|
# recorded.
|
|
18
18
|
class DiscoveredRoute < Contrast::Agent::Reporting::ObservedRoute
|
|
19
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
20
|
+
|
|
19
21
|
class << self
|
|
20
22
|
# @param obj [Regexp, Object]
|
|
21
23
|
# @return [String]
|
|
@@ -104,7 +106,12 @@ module Contrast
|
|
|
104
106
|
end
|
|
105
107
|
|
|
106
108
|
def to_controlled_hash
|
|
107
|
-
|
|
109
|
+
begin
|
|
110
|
+
validate
|
|
111
|
+
rescue ArgumentError => e
|
|
112
|
+
logger.error('DiscoveredRoute validation failed with: ', e)
|
|
113
|
+
return
|
|
114
|
+
end
|
|
108
115
|
{ session_id: ::Contrast::ASSESS.session_id, signature: @signature, verb: @verb, url: @url }.compact
|
|
109
116
|
end
|
|
110
117
|
|
|
@@ -130,7 +130,13 @@ module Contrast
|
|
|
130
130
|
# @return [Hash]
|
|
131
131
|
# @raise [ArgumentError]
|
|
132
132
|
def to_controlled_hash
|
|
133
|
-
|
|
133
|
+
begin
|
|
134
|
+
validate
|
|
135
|
+
rescue ArgumentError => e
|
|
136
|
+
logger.error('Finding event validation failed with: ', e)
|
|
137
|
+
return
|
|
138
|
+
end
|
|
139
|
+
|
|
134
140
|
hsh = {
|
|
135
141
|
created: created,
|
|
136
142
|
hash: hash_code.to_s,
|
|
@@ -8,6 +8,7 @@ require 'contrast/agent/reporting/reporting_events/finding_event_signature'
|
|
|
8
8
|
require 'contrast/agent/reporting/reporting_events/finding_event_source'
|
|
9
9
|
require 'contrast/agent/reporting/reporting_events/finding_event_stack'
|
|
10
10
|
require 'contrast/agent/reporting/reporting_events/finding_event_taint_range'
|
|
11
|
+
require 'contrast/components/logger'
|
|
11
12
|
|
|
12
13
|
module Contrast
|
|
13
14
|
module Agent
|
|
@@ -17,6 +18,8 @@ module Contrast
|
|
|
17
18
|
# construct the vulnerability information for the assess feature. They represent the operation the application
|
|
18
19
|
# underwent that transformed data during the dataflow.
|
|
19
20
|
class FindingEvent
|
|
21
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
22
|
+
|
|
20
23
|
# @return [Symbol] what the event did; CREATION, A2O, A2P, A2A, A2R, O2A, O2O, O2P, O2R, P2A, P2O, P2P, P2R,
|
|
21
24
|
# TAG, TRIGGER.
|
|
22
25
|
attr_reader :action
|
|
@@ -120,7 +123,13 @@ module Contrast
|
|
|
120
123
|
# @return [Hash]
|
|
121
124
|
# @raise [ArgumentError]
|
|
122
125
|
def to_controlled_hash # rubocop:disable Metrics/AbcSize
|
|
123
|
-
|
|
126
|
+
begin
|
|
127
|
+
validate
|
|
128
|
+
rescue ArgumentError => e
|
|
129
|
+
logger.error('FindingEvent validation failed with: ', e)
|
|
130
|
+
return
|
|
131
|
+
end
|
|
132
|
+
|
|
124
133
|
{
|
|
125
134
|
action: action,
|
|
126
135
|
args: args.map(&:to_controlled_hash),
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
|
|
4
4
|
require 'base64'
|
|
5
5
|
require 'contrast/agent/assess/contrast_object'
|
|
6
|
+
require 'contrast/components/logger'
|
|
6
7
|
|
|
7
8
|
module Contrast
|
|
8
9
|
module Agent
|
|
@@ -12,6 +13,8 @@ module Contrast
|
|
|
12
13
|
# TeamServer to construct the vulnerability information for the assess feature. They represent those parts of the
|
|
13
14
|
# objects that were acted on in a Dataflow Finding.
|
|
14
15
|
class FindingEventObject
|
|
16
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
17
|
+
|
|
15
18
|
# @return [Integer] the id of the Object this represents.
|
|
16
19
|
attr_reader :hash
|
|
17
20
|
# @return [Boolean] if the Object is tracked or not
|
|
@@ -52,7 +55,13 @@ module Contrast
|
|
|
52
55
|
# @return [Hash]
|
|
53
56
|
# @raise [ArgumentError]
|
|
54
57
|
def to_controlled_hash
|
|
55
|
-
|
|
58
|
+
begin
|
|
59
|
+
validate
|
|
60
|
+
rescue ArgumentError => e
|
|
61
|
+
logger.error('FindingEventObject validation failed with: ', e)
|
|
62
|
+
return
|
|
63
|
+
end
|
|
64
|
+
|
|
56
65
|
{
|
|
57
66
|
hash: hash,
|
|
58
67
|
tracked: tracked,
|
|
@@ -60,6 +69,7 @@ module Contrast
|
|
|
60
69
|
}
|
|
61
70
|
end
|
|
62
71
|
|
|
72
|
+
# @raise [ArgumentError]
|
|
63
73
|
def validate
|
|
64
74
|
raise(ArgumentError, "#{ self } did not have a proper hash. Unable to continue.") unless hash
|
|
65
75
|
raise(ArgumentError, "#{ self } did not have a proper tracked. Unable to continue.") if tracked.nil?
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require 'base64'
|
|
5
|
+
require 'contrast/components/logger'
|
|
5
6
|
|
|
6
7
|
module Contrast
|
|
7
8
|
module Agent
|
|
@@ -11,6 +12,8 @@ module Contrast
|
|
|
11
12
|
# used by TeamServer to relate this event to those that came previously. They represent the events that directly
|
|
12
13
|
# preceding the FindingEvent generated.
|
|
13
14
|
class FindingEventParentObject
|
|
15
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
16
|
+
|
|
14
17
|
# @return [Integer] the Id of the parent event
|
|
15
18
|
attr_reader :id
|
|
16
19
|
|
|
@@ -24,12 +27,19 @@ module Contrast
|
|
|
24
27
|
# @return [Hash]
|
|
25
28
|
# @raise [ArgumentError]
|
|
26
29
|
def to_controlled_hash
|
|
27
|
-
|
|
30
|
+
begin
|
|
31
|
+
validate
|
|
32
|
+
rescue ArgumentError => e
|
|
33
|
+
logger.error('FindingEventParentObject validation failed with: ', e)
|
|
34
|
+
return
|
|
35
|
+
end
|
|
36
|
+
|
|
28
37
|
{
|
|
29
38
|
id: id
|
|
30
39
|
}
|
|
31
40
|
end
|
|
32
41
|
|
|
42
|
+
# @raise [ArgumentError]
|
|
33
43
|
def validate
|
|
34
44
|
raise(ArgumentError, "#{ self } did not have a proper id. Unable to continue.") unless id
|
|
35
45
|
end
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require 'contrast/components/logger'
|
|
5
|
+
|
|
4
6
|
module Contrast
|
|
5
7
|
module Agent
|
|
6
8
|
module Reporting
|
|
@@ -8,6 +10,8 @@ module Contrast
|
|
|
8
10
|
# system to relay this information in the Finding/Trace messages. Events have properties on them which are held
|
|
9
11
|
# as an array of key-value pairs.
|
|
10
12
|
class FindingEventProperty
|
|
13
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
14
|
+
|
|
11
15
|
# @return [String] the key of the property
|
|
12
16
|
attr_reader :key
|
|
13
17
|
# @return [String] the value of the source
|
|
@@ -24,13 +28,20 @@ module Contrast
|
|
|
24
28
|
# @return [Hash]
|
|
25
29
|
# @raise [ArgumentError]
|
|
26
30
|
def to_controlled_hash
|
|
27
|
-
|
|
31
|
+
begin
|
|
32
|
+
validate
|
|
33
|
+
rescue ArgumentError => e
|
|
34
|
+
logger.error('FindingEventProperty validation failed with: ', e)
|
|
35
|
+
return
|
|
36
|
+
end
|
|
37
|
+
|
|
28
38
|
{
|
|
29
39
|
key: key,
|
|
30
40
|
value: value
|
|
31
41
|
}
|
|
32
42
|
end
|
|
33
43
|
|
|
44
|
+
# @raise [ArgumentError]
|
|
34
45
|
def validate
|
|
35
46
|
raise(ArgumentError, "#{ self } did not have a proper key. Unable to continue.") unless key && !key.empty?
|
|
36
47
|
end
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require 'contrast/utils/object_share'
|
|
5
|
+
require 'contrast/components/logger'
|
|
5
6
|
|
|
6
7
|
module Contrast
|
|
7
8
|
module Agent
|
|
@@ -11,6 +12,8 @@ module Contrast
|
|
|
11
12
|
# TeamServer to construct the method signature for the assess feature. They represent the method invoked when the
|
|
12
13
|
# FindingEvent was generated.
|
|
13
14
|
class FindingEventSignature
|
|
15
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
16
|
+
|
|
14
17
|
# @return [String] the types of the arguments in this event; may be different for each invocation of the
|
|
15
18
|
# method.
|
|
16
19
|
attr_reader :arg_types
|
|
@@ -73,7 +76,13 @@ module Contrast
|
|
|
73
76
|
# @return [Hash]
|
|
74
77
|
# @raise [ArgumentError]
|
|
75
78
|
def to_controlled_hash
|
|
76
|
-
|
|
79
|
+
begin
|
|
80
|
+
validate
|
|
81
|
+
rescue ArgumentError => e
|
|
82
|
+
logger.error('FindingEventSignature validation failed with: ', e)
|
|
83
|
+
return
|
|
84
|
+
end
|
|
85
|
+
|
|
77
86
|
{
|
|
78
87
|
argTypes: arg_types,
|
|
79
88
|
className: class_name,
|
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
require 'base64'
|
|
5
5
|
require 'contrast/agent/assess/contrast_event'
|
|
6
6
|
require 'contrast/agent/assess/events/source_event'
|
|
7
|
+
require 'contrast/components/logger'
|
|
7
8
|
|
|
8
9
|
module Contrast
|
|
9
10
|
module Agent
|
|
@@ -13,6 +14,8 @@ module Contrast
|
|
|
13
14
|
# to construct the vulnerability information for the assess feature. They indicate the type of data that the
|
|
14
15
|
# event represents.
|
|
15
16
|
class FindingEventSource
|
|
17
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
18
|
+
|
|
16
19
|
# @return [String] the name of the source
|
|
17
20
|
attr_reader :name
|
|
18
21
|
# @return [String] the type of the source
|
|
@@ -45,13 +48,20 @@ module Contrast
|
|
|
45
48
|
# @return [Hash]
|
|
46
49
|
# @raise [ArgumentError]
|
|
47
50
|
def to_controlled_hash
|
|
48
|
-
|
|
51
|
+
begin
|
|
52
|
+
validate
|
|
53
|
+
rescue ArgumentError => e
|
|
54
|
+
logger.error('FindingEventSource validation failed with: ', e)
|
|
55
|
+
return
|
|
56
|
+
end
|
|
57
|
+
|
|
49
58
|
{
|
|
50
59
|
sourceName: name, # rubocop:disable Security/Module/Name
|
|
51
60
|
sourceType: type
|
|
52
61
|
}
|
|
53
62
|
end
|
|
54
63
|
|
|
64
|
+
# @raise [ArgumentError]
|
|
55
65
|
def validate
|
|
56
66
|
raise(ArgumentError, "#{ self } did not have a proper type. Unable to continue.") unless type && !type.empty?
|
|
57
67
|
end
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require 'contrast/components/logger'
|
|
5
|
+
|
|
4
6
|
module Contrast
|
|
5
7
|
module Agent
|
|
6
8
|
module Reporting
|
|
@@ -9,6 +11,8 @@ module Contrast
|
|
|
9
11
|
# to construct the vulnerability information for the assess feature. They represent the callstack at the time
|
|
10
12
|
# that each FindingEvent was generated.
|
|
11
13
|
class FindingEventStack
|
|
14
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
15
|
+
|
|
12
16
|
# @return [String] unused
|
|
13
17
|
attr_reader :eval
|
|
14
18
|
# @return [String] the stack frame to show in TeamServer; the value of an entry in #caller
|
|
@@ -51,7 +55,13 @@ module Contrast
|
|
|
51
55
|
# @return [Hash]
|
|
52
56
|
# @raise [ArgumentError]
|
|
53
57
|
def to_controlled_hash
|
|
54
|
-
|
|
58
|
+
begin
|
|
59
|
+
validate
|
|
60
|
+
rescue ArgumentError => e
|
|
61
|
+
logger.error('FindingEventStack validation failed with: ', e)
|
|
62
|
+
return
|
|
63
|
+
end
|
|
64
|
+
|
|
55
65
|
{
|
|
56
66
|
file: file
|
|
57
67
|
# eval: eval, # This is unused by the Ruby agent
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require 'contrast/agent/assess/tag'
|
|
5
|
+
require 'contrast/components/logger'
|
|
5
6
|
|
|
6
7
|
module Contrast
|
|
7
8
|
module Agent
|
|
@@ -11,6 +12,8 @@ module Contrast
|
|
|
11
12
|
# TeamServer to construct the vulnerability information for the assess feature. They represent those parts of the
|
|
12
13
|
# objects that are tracked because of a security relevant operation acting on them.
|
|
13
14
|
class FindingEventTaintRange
|
|
15
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
16
|
+
|
|
14
17
|
# @return [String] the range (inclusive:exclusive), that this tag covers.
|
|
15
18
|
attr_reader :range
|
|
16
19
|
# @return [String] the type of action this tag represents.
|
|
@@ -41,13 +44,20 @@ module Contrast
|
|
|
41
44
|
# @return [Hash]
|
|
42
45
|
# @raise [ArgumentError]
|
|
43
46
|
def to_controlled_hash
|
|
44
|
-
|
|
47
|
+
begin
|
|
48
|
+
validate
|
|
49
|
+
rescue ArgumentError => e
|
|
50
|
+
logger.error('FindingEventTaintRange validation failed with: ', e)
|
|
51
|
+
return
|
|
52
|
+
end
|
|
53
|
+
|
|
45
54
|
{
|
|
46
55
|
range: range,
|
|
47
56
|
tag: tag
|
|
48
57
|
}
|
|
49
58
|
end
|
|
50
59
|
|
|
60
|
+
# @raise [ArgumentError]
|
|
51
61
|
def validate
|
|
52
62
|
unless range && !range.empty?
|
|
53
63
|
raise(ArgumentError, "#{ self } did not have a proper range. Unable to continue.")
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require 'contrast/components/logger'
|
|
5
|
+
|
|
4
6
|
module Contrast
|
|
5
7
|
module Agent
|
|
6
8
|
module Reporting
|
|
@@ -9,6 +11,8 @@ module Contrast
|
|
|
9
11
|
# HTTP information for the assess feature. They represent the literal request made that resulted in the
|
|
10
12
|
# vulnerability being triggered.
|
|
11
13
|
class FindingRequest
|
|
14
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
15
|
+
|
|
12
16
|
# @return [String] the body of this request
|
|
13
17
|
attr_reader :body
|
|
14
18
|
# @return [Hash<String,Array<String>>] the headers of this request
|
|
@@ -68,7 +72,13 @@ module Contrast
|
|
|
68
72
|
# @return [Hash]
|
|
69
73
|
# @raise [ArgumentError]
|
|
70
74
|
def to_controlled_hash
|
|
71
|
-
|
|
75
|
+
begin
|
|
76
|
+
validate
|
|
77
|
+
rescue ArgumentError => e
|
|
78
|
+
logger.error('FindingRequest validation failed with: ', e)
|
|
79
|
+
return
|
|
80
|
+
end
|
|
81
|
+
|
|
72
82
|
{
|
|
73
83
|
body: body,
|
|
74
84
|
headers: headers,
|
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require 'contrast/api/dtm.pb'
|
|
5
|
+
require 'contrast/utils/string_utils'
|
|
6
|
+
require 'contrast/components/logger'
|
|
5
7
|
|
|
6
8
|
module Contrast
|
|
7
9
|
module Agent
|
|
@@ -16,41 +18,31 @@ module Contrast
|
|
|
16
18
|
# @attr_reader file [String] the name of the Gem. Required for reporting.
|
|
17
19
|
# @attr_reader hash [String] the Sha256 of the Gem, matching its hash in RubyGems. Required for reporting.
|
|
18
20
|
# @attr_reader internal_date [Integer] the time, in ms, when the Gem was published. Required for reporting.
|
|
19
|
-
# @
|
|
21
|
+
# @attr_accessor manifest [String] the YAML form of the Gem's specification.
|
|
20
22
|
# @attr_reader tags [String] Inventory tags set by the user via configuration.
|
|
21
23
|
# @attr_reader url [String] The homepage of the Gem.
|
|
22
24
|
# @attr_reader version [String] The version of the Gem.
|
|
23
25
|
class LibraryDiscovery
|
|
26
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
27
|
+
|
|
28
|
+
StringUtils = Contrast::Utils::StringUtils
|
|
29
|
+
|
|
24
30
|
# required attributes
|
|
25
31
|
attr_reader :external_date, :file, :hash, :internal_date
|
|
26
32
|
# optional attributes
|
|
27
|
-
attr_reader :class_count, :
|
|
28
|
-
|
|
29
|
-
class << self
|
|
30
|
-
# Convert a DTM for SpeedRacer to an Event for TeamServer.
|
|
31
|
-
#
|
|
32
|
-
# @param library_dtm [Contrast::Api::Dtm::Library]
|
|
33
|
-
# @return [Contrast::Agent::Reporting::LibraryDiscovery]
|
|
34
|
-
def convert library_dtm
|
|
35
|
-
report = new
|
|
36
|
-
report.attach_data(library_dtm)
|
|
37
|
-
report
|
|
38
|
-
end
|
|
39
|
-
end
|
|
33
|
+
attr_reader :class_count, :tags, :url, :version
|
|
34
|
+
attr_accessor :manifest
|
|
40
35
|
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
@
|
|
46
|
-
@external_date =
|
|
47
|
-
@
|
|
48
|
-
@
|
|
49
|
-
@
|
|
50
|
-
@manifest = library_dtm.manifest
|
|
36
|
+
def initialize digest, spec
|
|
37
|
+
@file = StringUtils.force_utf8(spec.name) # rubocop:disable Security/Module/Name
|
|
38
|
+
@hash = StringUtils.force_utf8(digest)
|
|
39
|
+
@version = StringUtils.force_utf8(spec.version)
|
|
40
|
+
@manifest = StringUtils.force_utf8(StringUtils.force_utf8(spec.to_yaml.to_s))
|
|
41
|
+
@external_date = (spec.date.to_f * 1000.0).to_i
|
|
42
|
+
@internal_date = @external_date
|
|
43
|
+
@url = StringUtils.force_utf8(spec.homepage)
|
|
44
|
+
@class_count = Contrast::Utils::Sha256Builder.instance.files(spec.full_gem_path.to_s).length
|
|
51
45
|
@tags = Contrast::INVENTORY.tags
|
|
52
|
-
@url = library_dtm.url
|
|
53
|
-
@version = library_dtm.version
|
|
54
46
|
end
|
|
55
47
|
|
|
56
48
|
# Convert the instance variables on the class, and other information, into the identifiers required for
|
|
@@ -59,8 +51,14 @@ module Contrast
|
|
|
59
51
|
# @return [Hash]
|
|
60
52
|
# @raise [ArgumentError]
|
|
61
53
|
def to_controlled_hash
|
|
62
|
-
|
|
63
|
-
|
|
54
|
+
begin
|
|
55
|
+
validate
|
|
56
|
+
rescue ArgumentError => e
|
|
57
|
+
logger.error('LibraryDiscovery validation failed with: ', e)
|
|
58
|
+
return
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
{
|
|
64
62
|
classCount: class_count,
|
|
65
63
|
externalDate: external_date,
|
|
66
64
|
file: file,
|
|
@@ -68,10 +66,9 @@ module Contrast
|
|
|
68
66
|
internalDate: internal_date,
|
|
69
67
|
manifest: manifest,
|
|
70
68
|
url: url,
|
|
71
|
-
version: version
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
msg
|
|
69
|
+
version: version,
|
|
70
|
+
tags: tags
|
|
71
|
+
}.compact
|
|
75
72
|
end
|
|
76
73
|
|
|
77
74
|
# Ensure the required fields are present.
|
|
@@ -1,11 +1,15 @@
|
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require 'contrast/components/logger'
|
|
5
|
+
|
|
4
6
|
module Contrast
|
|
5
7
|
module Agent
|
|
6
8
|
module Reporting
|
|
7
9
|
# The usage, meaning loaded files, of a library seen during this request
|
|
8
10
|
class LibraryUsageObservation
|
|
11
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
12
|
+
|
|
9
13
|
# @param [String] Sha256Sum of library as identified by the agent
|
|
10
14
|
attr_accessor :id
|
|
11
15
|
# @param [Array<String>] List of file paths that have been loaded out of or executed by the library
|
|
@@ -18,14 +22,22 @@ module Contrast
|
|
|
18
22
|
@names = class_names
|
|
19
23
|
end
|
|
20
24
|
|
|
25
|
+
# @raise [ArgumentError]
|
|
21
26
|
def to_controlled_hash
|
|
22
|
-
|
|
27
|
+
begin
|
|
28
|
+
validate
|
|
29
|
+
rescue ArgumentError => e
|
|
30
|
+
logger.error('LibraryUsageObservation validation failed with: ', e)
|
|
31
|
+
return
|
|
32
|
+
end
|
|
33
|
+
|
|
23
34
|
{
|
|
24
35
|
id: @id,
|
|
25
36
|
names: @names
|
|
26
37
|
}
|
|
27
38
|
end
|
|
28
39
|
|
|
40
|
+
# @raise [ArgumentError]
|
|
29
41
|
def validate
|
|
30
42
|
raise(ArgumentError, "#{ self } did not have a proper id. Unable to continue.") unless id
|
|
31
43
|
raise(ArgumentError, "#{ self } did not have a proper names. Unable to continue.") if names.empty?
|
|
@@ -3,15 +3,16 @@
|
|
|
3
3
|
|
|
4
4
|
require 'contrast/agent/reporting/reporting_events/application_reporting_event'
|
|
5
5
|
require 'contrast/agent/reporting/reporting_events/library_usage_observation'
|
|
6
|
+
require 'contrast/components/logger'
|
|
6
7
|
|
|
7
8
|
module Contrast
|
|
8
9
|
module Agent
|
|
9
10
|
module Reporting
|
|
10
11
|
# List of libraries that have been observed to have something loaded or executed.
|
|
11
|
-
#
|
|
12
12
|
class ObservedLibraryUsage < Contrast::Agent::Reporting::ApplicationReportingEvent
|
|
13
|
-
|
|
14
|
-
|
|
13
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
14
|
+
|
|
15
|
+
# @return Array[Contrast::Agent::Reporting::LibraryUsageObservation]
|
|
15
16
|
attr_reader :observations
|
|
16
17
|
|
|
17
18
|
def initialize
|
|
@@ -25,17 +26,19 @@ module Contrast
|
|
|
25
26
|
end
|
|
26
27
|
|
|
27
28
|
def to_controlled_hash
|
|
28
|
-
|
|
29
|
+
begin
|
|
30
|
+
validate
|
|
31
|
+
rescue ArgumentError => e
|
|
32
|
+
logger.error('ObservedLibraryUsage validation failed with: ', e)
|
|
33
|
+
return
|
|
34
|
+
end
|
|
35
|
+
|
|
29
36
|
{ observations: @observations.map(&:to_controlled_hash) }
|
|
30
37
|
end
|
|
31
38
|
|
|
32
39
|
def validate
|
|
33
40
|
raise(ArgumentError, "#{ self } did not have observations. Unable to continue.") if observations.empty?
|
|
34
41
|
end
|
|
35
|
-
|
|
36
|
-
def clear
|
|
37
|
-
@observations = []
|
|
38
|
-
end
|
|
39
42
|
end
|
|
40
43
|
end
|
|
41
44
|
end
|
|
@@ -16,6 +16,8 @@ module Contrast
|
|
|
16
16
|
# includes the literal URL and HTTP Verb used to invoke them, as they must have been called at this point to be
|
|
17
17
|
# recorded.
|
|
18
18
|
class ObservedRoute < Contrast::Agent::Reporting::ApplicationReportingEvent
|
|
19
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
20
|
+
|
|
19
21
|
# @param [String] the method signature used to uniquely identify the coverage report.
|
|
20
22
|
attr_accessor :signature
|
|
21
23
|
# @param [String] the normalized URL used to access the method in the route.
|
|
@@ -45,18 +47,23 @@ module Contrast
|
|
|
45
47
|
# @return [Hash]
|
|
46
48
|
# @raise [ArgumentError]
|
|
47
49
|
def to_controlled_hash
|
|
48
|
-
|
|
49
|
-
|
|
50
|
+
begin
|
|
51
|
+
validate
|
|
52
|
+
rescue ArgumentError => e
|
|
53
|
+
logger.error('ObservedRoute validation failed with: ', e)
|
|
54
|
+
return
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
{
|
|
50
58
|
session_id: ::Contrast::ASSESS.session_id,
|
|
51
59
|
sources: @sources.map(&:to_controlled_hash),
|
|
52
60
|
signature: @signature,
|
|
53
61
|
verb: @verb,
|
|
54
62
|
url: @url
|
|
55
|
-
}
|
|
56
|
-
rc_hash.delete(:verb) unless @verb
|
|
57
|
-
rc_hash
|
|
63
|
+
}.compact
|
|
58
64
|
end
|
|
59
65
|
|
|
66
|
+
# @raise [ArgumentError]
|
|
60
67
|
def validate
|
|
61
68
|
raise(ArgumentError, "#{ self } did not have a proper sources. Unable to continue.") if @sources.nil?
|
|
62
69
|
raise(ArgumentError, "#{ self } did not have a proper signature. Unable to continue.") unless signature
|
|
@@ -38,7 +38,13 @@ module Contrast
|
|
|
38
38
|
# @return [Hash]
|
|
39
39
|
# @raise [ArgumentError]
|
|
40
40
|
def to_controlled_hash
|
|
41
|
-
|
|
41
|
+
begin
|
|
42
|
+
validate
|
|
43
|
+
rescue ArgumentError => e
|
|
44
|
+
logger.error('PreflightMessage validation failed with: ', e)
|
|
45
|
+
return
|
|
46
|
+
end
|
|
47
|
+
|
|
42
48
|
{
|
|
43
49
|
code: CODE,
|
|
44
50
|
app_language: @app_language,
|
|
@@ -51,6 +57,7 @@ module Contrast
|
|
|
51
57
|
}
|
|
52
58
|
end
|
|
53
59
|
|
|
60
|
+
# @raise [ArgumentError]
|
|
54
61
|
def validate
|
|
55
62
|
raise(ArgumentError, "#{ cs__class } did not have a proper data. Unable to continue.") unless data
|
|
56
63
|
unless @app_name
|
|
@@ -14,6 +14,8 @@ module Contrast
|
|
|
14
14
|
#
|
|
15
15
|
# @abstract
|
|
16
16
|
class ReportingEvent
|
|
17
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
18
|
+
|
|
17
19
|
# @return [String] the endpoint, with host, to which this event should be sent
|
|
18
20
|
attr_reader :event_endpoint
|
|
19
21
|
# @return event_method [Symbol] the HTTP method to use to send this event
|
|
@@ -35,7 +37,13 @@ module Contrast
|
|
|
35
37
|
# @return [Hash]
|
|
36
38
|
# @raise [ArgumentError]
|
|
37
39
|
def to_controlled_hash
|
|
38
|
-
|
|
40
|
+
begin
|
|
41
|
+
validate
|
|
42
|
+
rescue ArgumentError => e
|
|
43
|
+
logger.error('ReportingEvent validation failed with: ', e)
|
|
44
|
+
return
|
|
45
|
+
end
|
|
46
|
+
|
|
39
47
|
{}
|
|
40
48
|
end
|
|
41
49
|
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
|
|
4
4
|
require 'contrast/agent/reporting/reporting_events/route_discovery_observation'
|
|
5
5
|
require 'contrast/api/dtm.pb'
|
|
6
|
+
require 'contrast/components/logger'
|
|
6
7
|
|
|
7
8
|
module Contrast
|
|
8
9
|
module Agent
|
|
@@ -17,6 +18,8 @@ module Contrast
|
|
|
17
18
|
# @attr_reader signature [String] the unique identifier for this route; typically the method signature. Required
|
|
18
19
|
# for reporting.
|
|
19
20
|
class RouteDiscovery
|
|
21
|
+
include Contrast::Components::Logger::InstanceMethods
|
|
22
|
+
|
|
20
23
|
# required attributes
|
|
21
24
|
attr_reader :observations, :signature
|
|
22
25
|
|
|
@@ -47,7 +50,13 @@ module Contrast
|
|
|
47
50
|
# @return [Hash]
|
|
48
51
|
# @raise [ArgumentError]
|
|
49
52
|
def to_controlled_hash
|
|
50
|
-
|
|
53
|
+
begin
|
|
54
|
+
validate
|
|
55
|
+
rescue ArgumentError => e
|
|
56
|
+
logger.error('RouteDiscovery validation failed with: ', e)
|
|
57
|
+
return
|
|
58
|
+
end
|
|
59
|
+
|
|
51
60
|
{
|
|
52
61
|
count: 0, # we have this to make TS happy
|
|
53
62
|
observations: @observations.map(&:to_controlled_hash),
|