contrast-agent 6.2.0 → 6.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +0 -3
- data/.simplecov +1 -0
- data/Rakefile +0 -27
- data/ext/cs__assess_basic_object/cs__assess_basic_object.c +7 -5
- data/ext/cs__assess_kernel/cs__assess_kernel.c +14 -3
- data/ext/cs__assess_kernel/cs__assess_kernel.h +2 -0
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +10 -3
- data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +2 -1
- data/ext/cs__assess_regexp/cs__assess_regexp.c +9 -7
- data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.c → cs__assess_string_interpolation/cs__assess_string_interpolation.c} +14 -3
- data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.h → cs__assess_string_interpolation/cs__assess_string_interpolation.h} +1 -1
- data/ext/{cs__assess_string_interpolation26 → cs__assess_string_interpolation}/extconf.rb +0 -0
- data/ext/cs__common/cs__common.c +5 -4
- data/ext/cs__contrast_patch/cs__contrast_patch.c +17 -11
- data/lib/contrast/agent/assess/events/source_event.rb +16 -12
- data/lib/contrast/agent/assess/finalizers/hash.rb +1 -0
- data/lib/contrast/agent/assess/policy/policy_node.rb +6 -0
- data/lib/contrast/agent/assess/policy/propagation_method.rb +8 -42
- data/lib/contrast/agent/assess/policy/propagation_node.rb +8 -0
- data/lib/contrast/agent/assess/policy/propagator/base.rb +2 -0
- data/lib/contrast/agent/assess/policy/propagator/custom.rb +4 -0
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +5 -0
- data/lib/contrast/agent/assess/policy/propagator/split.rb +3 -0
- data/lib/contrast/agent/assess/policy/source_method.rb +7 -47
- data/lib/contrast/agent/assess/policy/source_node.rb +1 -0
- data/lib/contrast/agent/assess/policy/trigger_method.rb +9 -3
- data/lib/contrast/agent/assess/policy/trigger_node.rb +8 -0
- data/lib/contrast/agent/assess/property/evented.rb +4 -18
- data/lib/contrast/agent/assess/tag.rb +19 -0
- data/lib/contrast/agent/assess/tracker.rb +12 -0
- data/lib/contrast/agent/at_exit_hook.rb +8 -8
- data/lib/contrast/agent/inventory/database_config.rb +6 -3
- data/lib/contrast/agent/inventory/dependency_analysis.rb +5 -4
- data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +11 -11
- data/lib/contrast/agent/inventory/policy/datastores.rb +1 -1
- data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
- data/lib/contrast/agent/middleware.rb +4 -0
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +27 -2
- data/lib/contrast/agent/patching/policy/method_policy.rb +3 -3
- data/lib/contrast/agent/patching/policy/policy.rb +5 -0
- data/lib/contrast/agent/patching/policy/policy_node.rb +6 -0
- data/lib/contrast/agent/patching/policy/trigger_node.rb +3 -0
- data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +3 -4
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +1 -0
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +2 -2
- data/lib/contrast/agent/protect/rule/base.rb +1 -0
- data/lib/contrast/agent/protect/rule/no_sqli.rb +2 -0
- data/lib/contrast/agent/reporting/reporter.rb +32 -7
- data/lib/contrast/agent/reporting/reporter_heartbeat.rb +22 -18
- data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +17 -21
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +26 -3
- data/lib/contrast/agent/reporting/reporting_events/application_update.rb +5 -24
- data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +8 -1
- data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +8 -1
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +7 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +10 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb +12 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +10 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +11 -1
- data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +29 -32
- data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +13 -1
- data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +11 -8
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +12 -5
- data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +8 -1
- data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +9 -1
- data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +10 -1
- data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +11 -4
- data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +0 -8
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +1 -4
- data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +0 -22
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +1 -3
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +1 -11
- data/lib/contrast/agent/request.rb +5 -7
- data/lib/contrast/agent/request_context.rb +16 -17
- data/lib/contrast/agent/request_context_extend.rb +8 -9
- data/lib/contrast/agent/request_handler.rb +9 -38
- data/lib/contrast/agent/rule_set.rb +4 -0
- data/lib/contrast/agent/service_heartbeat.rb +3 -4
- data/lib/contrast/agent/static_analysis.rb +7 -12
- data/lib/contrast/agent/telemetry/base.rb +35 -35
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +2 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +2 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +5 -2
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +3 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +3 -0
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb +0 -1
- data/lib/contrast/agent/thread_watcher.rb +1 -4
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent/worker_thread.rb +10 -0
- data/lib/contrast/api/communication/socket.rb +1 -0
- data/lib/contrast/api/decorators/message.rb +0 -6
- data/lib/contrast/api/decorators.rb +0 -2
- data/lib/contrast/api/dtm.pb.rb +1 -1
- data/lib/contrast/api/settings.pb.rb +1 -1
- data/lib/contrast/components/agent.rb +51 -13
- data/lib/contrast/components/assess.rb +16 -6
- data/lib/contrast/components/config.rb +18 -2
- data/lib/contrast/components/contrast_service.rb +1 -1
- data/lib/contrast/components/heap_dump.rb +51 -1
- data/lib/contrast/components/inventory.rb +19 -13
- data/lib/contrast/components/logger.rb +18 -0
- data/lib/contrast/config/assess_configuration.rb +28 -0
- data/lib/contrast/config/base_configuration.rb +8 -15
- data/lib/contrast/config/root_configuration.rb +12 -8
- data/lib/contrast/config/ruby_configuration.rb +2 -9
- data/lib/contrast/config/service_configuration.rb +4 -4
- data/lib/contrast/config.rb +0 -6
- data/lib/contrast/configuration.rb +0 -2
- data/lib/contrast/extension/assess/eval_trigger.rb +0 -4
- data/lib/contrast/extension/assess/hash.rb +3 -2
- data/lib/contrast/extension/assess/kernel.rb +22 -0
- data/lib/contrast/extension/assess/marshal.rb +16 -0
- data/lib/contrast/extension/assess/string.rb +21 -20
- data/lib/contrast/extension/object.rb +19 -0
- data/lib/contrast/framework/base_support.rb +8 -0
- data/lib/contrast/framework/manager.rb +6 -20
- data/lib/contrast/framework/manager_extend.rb +0 -1
- data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +11 -16
- data/lib/contrast/framework/rails/support.rb +4 -1
- data/lib/contrast/logger/aliased_logging.rb +2 -0
- data/lib/contrast/logger/log.rb +2 -1
- data/lib/contrast/utils/assess/event_limit_utils.rb +96 -0
- data/lib/contrast/utils/assess/propagation_method_utils.rb +27 -7
- data/lib/contrast/utils/assess/source_method_utils.rb +0 -9
- data/lib/contrast/utils/log_utils.rb +2 -2
- data/lib/contrast/utils/lru_cache.rb +3 -0
- data/lib/contrast/utils/middleware_utils.rb +2 -0
- data/lib/contrast/utils/patching/policy/patch_utils.rb +6 -23
- data/lib/contrast/utils/telemetry_client.rb +7 -7
- data/lib/contrast.rb +37 -18
- data/lib/protobuf/code_generator.rb +129 -0
- data/lib/protobuf/decoder.rb +28 -0
- data/lib/protobuf/deprecation.rb +117 -0
- data/lib/protobuf/descriptors/google/protobuf/compiler/plugin.pb.rb +79 -0
- data/lib/protobuf/descriptors/google/protobuf/descriptor.pb.rb +360 -0
- data/lib/protobuf/descriptors.rb +3 -0
- data/lib/protobuf/encoder.rb +11 -0
- data/lib/protobuf/enum.rb +365 -0
- data/lib/protobuf/exceptions.rb +9 -0
- data/lib/protobuf/field/base_field.rb +380 -0
- data/lib/protobuf/field/base_field_object_definitions.rb +504 -0
- data/lib/protobuf/field/bool_field.rb +64 -0
- data/lib/protobuf/field/bytes_field.rb +67 -0
- data/lib/protobuf/field/double_field.rb +25 -0
- data/lib/protobuf/field/enum_field.rb +56 -0
- data/lib/protobuf/field/field_array.rb +102 -0
- data/lib/protobuf/field/field_hash.rb +122 -0
- data/lib/protobuf/field/fixed32_field.rb +25 -0
- data/lib/protobuf/field/fixed64_field.rb +28 -0
- data/lib/protobuf/field/float_field.rb +43 -0
- data/lib/protobuf/field/int32_field.rb +21 -0
- data/lib/protobuf/field/int64_field.rb +34 -0
- data/lib/protobuf/field/integer_field.rb +23 -0
- data/lib/protobuf/field/message_field.rb +51 -0
- data/lib/protobuf/field/sfixed32_field.rb +27 -0
- data/lib/protobuf/field/sfixed64_field.rb +28 -0
- data/lib/protobuf/field/signed_integer_field.rb +29 -0
- data/lib/protobuf/field/sint32_field.rb +21 -0
- data/lib/protobuf/field/sint64_field.rb +21 -0
- data/lib/protobuf/field/string_field.rb +51 -0
- data/lib/protobuf/field/uint32_field.rb +21 -0
- data/lib/protobuf/field/uint64_field.rb +21 -0
- data/lib/protobuf/field/varint_field.rb +77 -0
- data/lib/protobuf/field.rb +74 -0
- data/lib/protobuf/generators/base.rb +85 -0
- data/lib/protobuf/generators/enum_generator.rb +39 -0
- data/lib/protobuf/generators/extension_generator.rb +27 -0
- data/lib/protobuf/generators/field_generator.rb +193 -0
- data/lib/protobuf/generators/file_generator.rb +262 -0
- data/lib/protobuf/generators/group_generator.rb +122 -0
- data/lib/protobuf/generators/message_generator.rb +104 -0
- data/lib/protobuf/generators/option_generator.rb +17 -0
- data/lib/protobuf/generators/printable.rb +160 -0
- data/lib/protobuf/generators/service_generator.rb +50 -0
- data/lib/protobuf/lifecycle.rb +33 -0
- data/lib/protobuf/logging.rb +39 -0
- data/lib/protobuf/message/fields.rb +233 -0
- data/lib/protobuf/message/serialization.rb +85 -0
- data/lib/protobuf/message.rb +241 -0
- data/lib/protobuf/optionable.rb +72 -0
- data/lib/protobuf/tasks/compile.rake +80 -0
- data/lib/protobuf/tasks.rb +1 -0
- data/lib/protobuf/varint.rb +20 -0
- data/lib/protobuf/varint_pure.rb +31 -0
- data/lib/protobuf/version.rb +3 -0
- data/lib/protobuf/wire_type.rb +10 -0
- data/lib/protobuf.rb +91 -0
- data/proto/dynamic_discovery.proto +46 -0
- data/proto/google/protobuf/compiler/plugin.proto +183 -0
- data/proto/google/protobuf/descriptor.proto +911 -0
- data/proto/rpc.proto +71 -0
- data/resources/assess/policy.json +6 -23
- data/ruby-agent.gemspec +4 -2
- metadata +122 -33
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb +0 -30
- data/lib/contrast/api/decorators/application_update.rb +0 -44
- data/lib/contrast/api/decorators/library.rb +0 -56
- data/lib/contrast/config/agent_configuration.rb +0 -63
- data/lib/contrast/config/heap_dump_configuration.rb +0 -59
- data/lib/contrast/config/inventory_configuration.rb +0 -33
- data/lib/contrast/config/logger_configuration.rb +0 -26
- data/lib/contrast/framework/platform_version.rb +0 -22
@@ -2,6 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/utils/object_share'
|
5
|
+
require 'contrast/components/logger'
|
5
6
|
|
6
7
|
module Contrast
|
7
8
|
module Agent
|
@@ -11,6 +12,8 @@ module Contrast
|
|
11
12
|
# TeamServer to construct the method signature for the assess feature. They represent the method invoked when the
|
12
13
|
# FindingEvent was generated.
|
13
14
|
class FindingEventSignature
|
15
|
+
include Contrast::Components::Logger::InstanceMethods
|
16
|
+
|
14
17
|
# @return [String] the types of the arguments in this event; may be different for each invocation of the
|
15
18
|
# method.
|
16
19
|
attr_reader :arg_types
|
@@ -73,7 +76,13 @@ module Contrast
|
|
73
76
|
# @return [Hash]
|
74
77
|
# @raise [ArgumentError]
|
75
78
|
def to_controlled_hash
|
76
|
-
|
79
|
+
begin
|
80
|
+
validate
|
81
|
+
rescue ArgumentError => e
|
82
|
+
logger.error('FindingEventSignature validation failed with: ', e)
|
83
|
+
return
|
84
|
+
end
|
85
|
+
|
77
86
|
{
|
78
87
|
argTypes: arg_types,
|
79
88
|
className: class_name,
|
@@ -4,6 +4,7 @@
|
|
4
4
|
require 'base64'
|
5
5
|
require 'contrast/agent/assess/contrast_event'
|
6
6
|
require 'contrast/agent/assess/events/source_event'
|
7
|
+
require 'contrast/components/logger'
|
7
8
|
|
8
9
|
module Contrast
|
9
10
|
module Agent
|
@@ -13,6 +14,8 @@ module Contrast
|
|
13
14
|
# to construct the vulnerability information for the assess feature. They indicate the type of data that the
|
14
15
|
# event represents.
|
15
16
|
class FindingEventSource
|
17
|
+
include Contrast::Components::Logger::InstanceMethods
|
18
|
+
|
16
19
|
# @return [String] the name of the source
|
17
20
|
attr_reader :name
|
18
21
|
# @return [String] the type of the source
|
@@ -45,13 +48,20 @@ module Contrast
|
|
45
48
|
# @return [Hash]
|
46
49
|
# @raise [ArgumentError]
|
47
50
|
def to_controlled_hash
|
48
|
-
|
51
|
+
begin
|
52
|
+
validate
|
53
|
+
rescue ArgumentError => e
|
54
|
+
logger.error('FindingEventSource validation failed with: ', e)
|
55
|
+
return
|
56
|
+
end
|
57
|
+
|
49
58
|
{
|
50
59
|
sourceName: name, # rubocop:disable Security/Module/Name
|
51
60
|
sourceType: type
|
52
61
|
}
|
53
62
|
end
|
54
63
|
|
64
|
+
# @raise [ArgumentError]
|
55
65
|
def validate
|
56
66
|
raise(ArgumentError, "#{ self } did not have a proper type. Unable to continue.") unless type && !type.empty?
|
57
67
|
end
|
@@ -1,6 +1,8 @@
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require 'contrast/components/logger'
|
5
|
+
|
4
6
|
module Contrast
|
5
7
|
module Agent
|
6
8
|
module Reporting
|
@@ -9,6 +11,8 @@ module Contrast
|
|
9
11
|
# to construct the vulnerability information for the assess feature. They represent the callstack at the time
|
10
12
|
# that each FindingEvent was generated.
|
11
13
|
class FindingEventStack
|
14
|
+
include Contrast::Components::Logger::InstanceMethods
|
15
|
+
|
12
16
|
# @return [String] unused
|
13
17
|
attr_reader :eval
|
14
18
|
# @return [String] the stack frame to show in TeamServer; the value of an entry in #caller
|
@@ -51,7 +55,13 @@ module Contrast
|
|
51
55
|
# @return [Hash]
|
52
56
|
# @raise [ArgumentError]
|
53
57
|
def to_controlled_hash
|
54
|
-
|
58
|
+
begin
|
59
|
+
validate
|
60
|
+
rescue ArgumentError => e
|
61
|
+
logger.error('FindingEventStack validation failed with: ', e)
|
62
|
+
return
|
63
|
+
end
|
64
|
+
|
55
65
|
{
|
56
66
|
file: file
|
57
67
|
# eval: eval, # This is unused by the Ruby agent
|
@@ -2,6 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/agent/assess/tag'
|
5
|
+
require 'contrast/components/logger'
|
5
6
|
|
6
7
|
module Contrast
|
7
8
|
module Agent
|
@@ -11,6 +12,8 @@ module Contrast
|
|
11
12
|
# TeamServer to construct the vulnerability information for the assess feature. They represent those parts of the
|
12
13
|
# objects that are tracked because of a security relevant operation acting on them.
|
13
14
|
class FindingEventTaintRange
|
15
|
+
include Contrast::Components::Logger::InstanceMethods
|
16
|
+
|
14
17
|
# @return [String] the range (inclusive:exclusive), that this tag covers.
|
15
18
|
attr_reader :range
|
16
19
|
# @return [String] the type of action this tag represents.
|
@@ -41,13 +44,20 @@ module Contrast
|
|
41
44
|
# @return [Hash]
|
42
45
|
# @raise [ArgumentError]
|
43
46
|
def to_controlled_hash
|
44
|
-
|
47
|
+
begin
|
48
|
+
validate
|
49
|
+
rescue ArgumentError => e
|
50
|
+
logger.error('FindingEventTaintRange validation failed with: ', e)
|
51
|
+
return
|
52
|
+
end
|
53
|
+
|
45
54
|
{
|
46
55
|
range: range,
|
47
56
|
tag: tag
|
48
57
|
}
|
49
58
|
end
|
50
59
|
|
60
|
+
# @raise [ArgumentError]
|
51
61
|
def validate
|
52
62
|
unless range && !range.empty?
|
53
63
|
raise(ArgumentError, "#{ self } did not have a proper range. Unable to continue.")
|
@@ -1,6 +1,8 @@
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require 'contrast/components/logger'
|
5
|
+
|
4
6
|
module Contrast
|
5
7
|
module Agent
|
6
8
|
module Reporting
|
@@ -9,6 +11,8 @@ module Contrast
|
|
9
11
|
# HTTP information for the assess feature. They represent the literal request made that resulted in the
|
10
12
|
# vulnerability being triggered.
|
11
13
|
class FindingRequest
|
14
|
+
include Contrast::Components::Logger::InstanceMethods
|
15
|
+
|
12
16
|
# @return [String] the body of this request
|
13
17
|
attr_reader :body
|
14
18
|
# @return [Hash<String,Array<String>>] the headers of this request
|
@@ -68,7 +72,13 @@ module Contrast
|
|
68
72
|
# @return [Hash]
|
69
73
|
# @raise [ArgumentError]
|
70
74
|
def to_controlled_hash
|
71
|
-
|
75
|
+
begin
|
76
|
+
validate
|
77
|
+
rescue ArgumentError => e
|
78
|
+
logger.error('FindingRequest validation failed with: ', e)
|
79
|
+
return
|
80
|
+
end
|
81
|
+
|
72
82
|
{
|
73
83
|
body: body,
|
74
84
|
headers: headers,
|
@@ -2,6 +2,8 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/api/dtm.pb'
|
5
|
+
require 'contrast/utils/string_utils'
|
6
|
+
require 'contrast/components/logger'
|
5
7
|
|
6
8
|
module Contrast
|
7
9
|
module Agent
|
@@ -16,41 +18,31 @@ module Contrast
|
|
16
18
|
# @attr_reader file [String] the name of the Gem. Required for reporting.
|
17
19
|
# @attr_reader hash [String] the Sha256 of the Gem, matching its hash in RubyGems. Required for reporting.
|
18
20
|
# @attr_reader internal_date [Integer] the time, in ms, when the Gem was published. Required for reporting.
|
19
|
-
# @
|
21
|
+
# @attr_accessor manifest [String] the YAML form of the Gem's specification.
|
20
22
|
# @attr_reader tags [String] Inventory tags set by the user via configuration.
|
21
23
|
# @attr_reader url [String] The homepage of the Gem.
|
22
24
|
# @attr_reader version [String] The version of the Gem.
|
23
25
|
class LibraryDiscovery
|
26
|
+
include Contrast::Components::Logger::InstanceMethods
|
27
|
+
|
28
|
+
StringUtils = Contrast::Utils::StringUtils
|
29
|
+
|
24
30
|
# required attributes
|
25
31
|
attr_reader :external_date, :file, :hash, :internal_date
|
26
32
|
# optional attributes
|
27
|
-
attr_reader :class_count, :
|
28
|
-
|
29
|
-
class << self
|
30
|
-
# Convert a DTM for SpeedRacer to an Event for TeamServer.
|
31
|
-
#
|
32
|
-
# @param library_dtm [Contrast::Api::Dtm::Library]
|
33
|
-
# @return [Contrast::Agent::Reporting::LibraryDiscovery]
|
34
|
-
def convert library_dtm
|
35
|
-
report = new
|
36
|
-
report.attach_data(library_dtm)
|
37
|
-
report
|
38
|
-
end
|
39
|
-
end
|
33
|
+
attr_reader :class_count, :tags, :url, :version
|
34
|
+
attr_accessor :manifest
|
40
35
|
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
@
|
46
|
-
@external_date =
|
47
|
-
@
|
48
|
-
@
|
49
|
-
@
|
50
|
-
@manifest = library_dtm.manifest
|
36
|
+
def initialize digest, spec
|
37
|
+
@file = StringUtils.force_utf8(spec.name) # rubocop:disable Security/Module/Name
|
38
|
+
@hash = StringUtils.force_utf8(digest)
|
39
|
+
@version = StringUtils.force_utf8(spec.version)
|
40
|
+
@manifest = StringUtils.force_utf8(StringUtils.force_utf8(spec.to_yaml.to_s))
|
41
|
+
@external_date = (spec.date.to_f * 1000.0).to_i
|
42
|
+
@internal_date = @external_date
|
43
|
+
@url = StringUtils.force_utf8(spec.homepage)
|
44
|
+
@class_count = Contrast::Utils::Sha256Builder.instance.files(spec.full_gem_path.to_s).length
|
51
45
|
@tags = Contrast::INVENTORY.tags
|
52
|
-
@url = library_dtm.url
|
53
|
-
@version = library_dtm.version
|
54
46
|
end
|
55
47
|
|
56
48
|
# Convert the instance variables on the class, and other information, into the identifiers required for
|
@@ -59,8 +51,14 @@ module Contrast
|
|
59
51
|
# @return [Hash]
|
60
52
|
# @raise [ArgumentError]
|
61
53
|
def to_controlled_hash
|
62
|
-
|
63
|
-
|
54
|
+
begin
|
55
|
+
validate
|
56
|
+
rescue ArgumentError => e
|
57
|
+
logger.error('LibraryDiscovery validation failed with: ', e)
|
58
|
+
return
|
59
|
+
end
|
60
|
+
|
61
|
+
{
|
64
62
|
classCount: class_count,
|
65
63
|
externalDate: external_date,
|
66
64
|
file: file,
|
@@ -68,10 +66,9 @@ module Contrast
|
|
68
66
|
internalDate: internal_date,
|
69
67
|
manifest: manifest,
|
70
68
|
url: url,
|
71
|
-
version: version
|
72
|
-
|
73
|
-
|
74
|
-
msg
|
69
|
+
version: version,
|
70
|
+
tags: tags
|
71
|
+
}.compact
|
75
72
|
end
|
76
73
|
|
77
74
|
# Ensure the required fields are present.
|
@@ -1,11 +1,15 @@
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require 'contrast/components/logger'
|
5
|
+
|
4
6
|
module Contrast
|
5
7
|
module Agent
|
6
8
|
module Reporting
|
7
9
|
# The usage, meaning loaded files, of a library seen during this request
|
8
10
|
class LibraryUsageObservation
|
11
|
+
include Contrast::Components::Logger::InstanceMethods
|
12
|
+
|
9
13
|
# @param [String] Sha256Sum of library as identified by the agent
|
10
14
|
attr_accessor :id
|
11
15
|
# @param [Array<String>] List of file paths that have been loaded out of or executed by the library
|
@@ -18,14 +22,22 @@ module Contrast
|
|
18
22
|
@names = class_names
|
19
23
|
end
|
20
24
|
|
25
|
+
# @raise [ArgumentError]
|
21
26
|
def to_controlled_hash
|
22
|
-
|
27
|
+
begin
|
28
|
+
validate
|
29
|
+
rescue ArgumentError => e
|
30
|
+
logger.error('LibraryUsageObservation validation failed with: ', e)
|
31
|
+
return
|
32
|
+
end
|
33
|
+
|
23
34
|
{
|
24
35
|
id: @id,
|
25
36
|
names: @names
|
26
37
|
}
|
27
38
|
end
|
28
39
|
|
40
|
+
# @raise [ArgumentError]
|
29
41
|
def validate
|
30
42
|
raise(ArgumentError, "#{ self } did not have a proper id. Unable to continue.") unless id
|
31
43
|
raise(ArgumentError, "#{ self } did not have a proper names. Unable to continue.") if names.empty?
|
@@ -3,15 +3,16 @@
|
|
3
3
|
|
4
4
|
require 'contrast/agent/reporting/reporting_events/application_reporting_event'
|
5
5
|
require 'contrast/agent/reporting/reporting_events/library_usage_observation'
|
6
|
+
require 'contrast/components/logger'
|
6
7
|
|
7
8
|
module Contrast
|
8
9
|
module Agent
|
9
10
|
module Reporting
|
10
11
|
# List of libraries that have been observed to have something loaded or executed.
|
11
|
-
#
|
12
12
|
class ObservedLibraryUsage < Contrast::Agent::Reporting::ApplicationReportingEvent
|
13
|
-
|
14
|
-
|
13
|
+
include Contrast::Components::Logger::InstanceMethods
|
14
|
+
|
15
|
+
# @return Array[Contrast::Agent::Reporting::LibraryUsageObservation]
|
15
16
|
attr_reader :observations
|
16
17
|
|
17
18
|
def initialize
|
@@ -25,17 +26,19 @@ module Contrast
|
|
25
26
|
end
|
26
27
|
|
27
28
|
def to_controlled_hash
|
28
|
-
|
29
|
+
begin
|
30
|
+
validate
|
31
|
+
rescue ArgumentError => e
|
32
|
+
logger.error('ObservedLibraryUsage validation failed with: ', e)
|
33
|
+
return
|
34
|
+
end
|
35
|
+
|
29
36
|
{ observations: @observations.map(&:to_controlled_hash) }
|
30
37
|
end
|
31
38
|
|
32
39
|
def validate
|
33
40
|
raise(ArgumentError, "#{ self } did not have observations. Unable to continue.") if observations.empty?
|
34
41
|
end
|
35
|
-
|
36
|
-
def clear
|
37
|
-
@observations = []
|
38
|
-
end
|
39
42
|
end
|
40
43
|
end
|
41
44
|
end
|
@@ -16,6 +16,8 @@ module Contrast
|
|
16
16
|
# includes the literal URL and HTTP Verb used to invoke them, as they must have been called at this point to be
|
17
17
|
# recorded.
|
18
18
|
class ObservedRoute < Contrast::Agent::Reporting::ApplicationReportingEvent
|
19
|
+
include Contrast::Components::Logger::InstanceMethods
|
20
|
+
|
19
21
|
# @param [String] the method signature used to uniquely identify the coverage report.
|
20
22
|
attr_accessor :signature
|
21
23
|
# @param [String] the normalized URL used to access the method in the route.
|
@@ -45,18 +47,23 @@ module Contrast
|
|
45
47
|
# @return [Hash]
|
46
48
|
# @raise [ArgumentError]
|
47
49
|
def to_controlled_hash
|
48
|
-
|
49
|
-
|
50
|
+
begin
|
51
|
+
validate
|
52
|
+
rescue ArgumentError => e
|
53
|
+
logger.error('ObservedRoute validation failed with: ', e)
|
54
|
+
return
|
55
|
+
end
|
56
|
+
|
57
|
+
{
|
50
58
|
session_id: ::Contrast::ASSESS.session_id,
|
51
59
|
sources: @sources.map(&:to_controlled_hash),
|
52
60
|
signature: @signature,
|
53
61
|
verb: @verb,
|
54
62
|
url: @url
|
55
|
-
}
|
56
|
-
rc_hash.delete(:verb) unless @verb
|
57
|
-
rc_hash
|
63
|
+
}.compact
|
58
64
|
end
|
59
65
|
|
66
|
+
# @raise [ArgumentError]
|
60
67
|
def validate
|
61
68
|
raise(ArgumentError, "#{ self } did not have a proper sources. Unable to continue.") if @sources.nil?
|
62
69
|
raise(ArgumentError, "#{ self } did not have a proper signature. Unable to continue.") unless signature
|
@@ -38,7 +38,13 @@ module Contrast
|
|
38
38
|
# @return [Hash]
|
39
39
|
# @raise [ArgumentError]
|
40
40
|
def to_controlled_hash
|
41
|
-
|
41
|
+
begin
|
42
|
+
validate
|
43
|
+
rescue ArgumentError => e
|
44
|
+
logger.error('PreflightMessage validation failed with: ', e)
|
45
|
+
return
|
46
|
+
end
|
47
|
+
|
42
48
|
{
|
43
49
|
code: CODE,
|
44
50
|
app_language: @app_language,
|
@@ -51,6 +57,7 @@ module Contrast
|
|
51
57
|
}
|
52
58
|
end
|
53
59
|
|
60
|
+
# @raise [ArgumentError]
|
54
61
|
def validate
|
55
62
|
raise(ArgumentError, "#{ cs__class } did not have a proper data. Unable to continue.") unless data
|
56
63
|
unless @app_name
|
@@ -14,6 +14,8 @@ module Contrast
|
|
14
14
|
#
|
15
15
|
# @abstract
|
16
16
|
class ReportingEvent
|
17
|
+
include Contrast::Components::Logger::InstanceMethods
|
18
|
+
|
17
19
|
# @return [String] the endpoint, with host, to which this event should be sent
|
18
20
|
attr_reader :event_endpoint
|
19
21
|
# @return event_method [Symbol] the HTTP method to use to send this event
|
@@ -35,7 +37,13 @@ module Contrast
|
|
35
37
|
# @return [Hash]
|
36
38
|
# @raise [ArgumentError]
|
37
39
|
def to_controlled_hash
|
38
|
-
|
40
|
+
begin
|
41
|
+
validate
|
42
|
+
rescue ArgumentError => e
|
43
|
+
logger.error('ReportingEvent validation failed with: ', e)
|
44
|
+
return
|
45
|
+
end
|
46
|
+
|
39
47
|
{}
|
40
48
|
end
|
41
49
|
|
@@ -3,6 +3,7 @@
|
|
3
3
|
|
4
4
|
require 'contrast/agent/reporting/reporting_events/route_discovery_observation'
|
5
5
|
require 'contrast/api/dtm.pb'
|
6
|
+
require 'contrast/components/logger'
|
6
7
|
|
7
8
|
module Contrast
|
8
9
|
module Agent
|
@@ -17,6 +18,8 @@ module Contrast
|
|
17
18
|
# @attr_reader signature [String] the unique identifier for this route; typically the method signature. Required
|
18
19
|
# for reporting.
|
19
20
|
class RouteDiscovery
|
21
|
+
include Contrast::Components::Logger::InstanceMethods
|
22
|
+
|
20
23
|
# required attributes
|
21
24
|
attr_reader :observations, :signature
|
22
25
|
|
@@ -47,7 +50,13 @@ module Contrast
|
|
47
50
|
# @return [Hash]
|
48
51
|
# @raise [ArgumentError]
|
49
52
|
def to_controlled_hash
|
50
|
-
|
53
|
+
begin
|
54
|
+
validate
|
55
|
+
rescue ArgumentError => e
|
56
|
+
logger.error('RouteDiscovery validation failed with: ', e)
|
57
|
+
return
|
58
|
+
end
|
59
|
+
|
51
60
|
{
|
52
61
|
count: 0, # we have this to make TS happy
|
53
62
|
observations: @observations.map(&:to_controlled_hash),
|
@@ -3,6 +3,7 @@
|
|
3
3
|
|
4
4
|
require 'contrast/api/dtm.pb'
|
5
5
|
require 'contrast/utils/string_utils'
|
6
|
+
require 'contrast/components/logger'
|
6
7
|
|
7
8
|
module Contrast
|
8
9
|
module Agent
|
@@ -16,6 +17,8 @@ module Contrast
|
|
16
17
|
# @attr_reader verb [String] the HTTP Method requested to his this endpoint. Empty means all, so is allowed.
|
17
18
|
# for reporting.
|
18
19
|
class RouteDiscoveryObservation
|
20
|
+
include Contrast::Components::Logger::InstanceMethods
|
21
|
+
|
19
22
|
# required attributes
|
20
23
|
attr_reader :url
|
21
24
|
# optional attributes
|
@@ -47,10 +50,14 @@ module Contrast
|
|
47
50
|
# @return [Hash]
|
48
51
|
# @raise [ArgumentError]
|
49
52
|
def to_controlled_hash
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
53
|
+
begin
|
54
|
+
validate
|
55
|
+
rescue ArgumentError => e
|
56
|
+
logger.error('RouteDiscoveryObservation validation failed with: ', e)
|
57
|
+
return
|
58
|
+
end
|
59
|
+
|
60
|
+
{ url: url, verb: verb }.compact
|
54
61
|
end
|
55
62
|
|
56
63
|
# Ensure the required fields are present.
|
@@ -12,14 +12,6 @@ module Contrast
|
|
12
12
|
# for its response, which contains any updated server feature settings from TeamServer. The new Server Settings
|
13
13
|
# endpoint should let us remove this.
|
14
14
|
class ServerActivity < Contrast::Agent::Reporting::ServerReportingEvent
|
15
|
-
class << self
|
16
|
-
# @param _server_activity_dtm [Contrast::Api::Dtm::ServerActivity]
|
17
|
-
# @return [Contrast::Agent::Reporting::ServerActivity]
|
18
|
-
def convert _server_activity_dtm
|
19
|
-
new
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
15
|
def initialize
|
24
16
|
@event_method = :PUT
|
25
17
|
@event_endpoint = "#{ Contrast::API.api_url }/api/ng/activity/server"
|
@@ -44,10 +44,7 @@ module Contrast
|
|
44
44
|
# @param file_name[String] file_name to log
|
45
45
|
# @param data[String] String representation if the logged data
|
46
46
|
def log_data type, file_name, data = nil
|
47
|
-
|
48
|
-
|
49
|
-
logger.debug('logging to file', file_name: file_name) # TODO: RUBY-99999 DO NOT COMMIT THIS
|
50
|
-
write_to_file(type, file_name, data)
|
47
|
+
write_to_file(type, file_name, data) if enabled?
|
51
48
|
end
|
52
49
|
|
53
50
|
# This method will be actually writing to the file
|
@@ -1,7 +1,6 @@
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
-
require 'contrast/agent/reporting/reporting_events/server_activity'
|
5
4
|
require 'contrast/agent/reporting/reporting_events/application_activity'
|
6
5
|
require 'contrast/api/dtm.pb'
|
7
6
|
|
@@ -13,22 +12,6 @@ module Contrast
|
|
13
12
|
# TODO: RUBY-1438 -- remove
|
14
13
|
module DtmMessage
|
15
14
|
class << self
|
16
|
-
# Checks if the message is of Contrast::Api::Dtm::ServerActivity class
|
17
|
-
#
|
18
|
-
# @param dtm [Contrast::Api::Dtm::ServerActivity, Object]
|
19
|
-
# @return [Boolean]
|
20
|
-
def server_activity? dtm
|
21
|
-
dtm.cs__is_a?(Contrast::Api::Dtm::ServerActivity)
|
22
|
-
end
|
23
|
-
|
24
|
-
# Checks if the message is of Contrast::Api::Dtm::ApplicationUpdate class
|
25
|
-
#
|
26
|
-
# @param dtm [Contrast::Api::Dtm::ApplicationUpdate,Object]
|
27
|
-
# @return [Boolean]
|
28
|
-
def application_update? dtm
|
29
|
-
dtm.cs__is_a?(Contrast::Api::Dtm::ApplicationUpdate)
|
30
|
-
end
|
31
|
-
|
32
15
|
# @param dtm [Contrast::Api::Dtm::Finding,Object]
|
33
16
|
# @return [Boolean]
|
34
17
|
def finding? dtm
|
@@ -47,12 +30,7 @@ module Contrast
|
|
47
30
|
# @param dtm [Contrast::Api::Dtm]
|
48
31
|
# @return event [Contrast::Agent::Reporting::ReportingEvent, nil]
|
49
32
|
def dtm_to_event dtm
|
50
|
-
# For the ServerActivity we need to create and send empty body only. This is done because we need the
|
51
|
-
# response from TS.
|
52
|
-
return Contrast::Agent::Reporting::ServerActivity.new if server_activity?(dtm)
|
53
|
-
|
54
33
|
# For the others, we convert them.
|
55
|
-
return Contrast::Agent::Reporting::ApplicationUpdate.convert(dtm) if application_update?(dtm)
|
56
34
|
return Contrast::Agent::Reporting::Finding.convert(dtm) if finding?(dtm)
|
57
35
|
return Contrast::Agent::Reporting::ApplicationActivity.convert(dtm) if activity?(dtm)
|
58
36
|
|
@@ -53,12 +53,10 @@ module Contrast
|
|
53
53
|
# @param event [Contrast::Agent::Reporting::ReportingEvent] The event to send to TeamServer. Really a
|
54
54
|
# child of the ReportingEvent rather than a literal one.
|
55
55
|
# @param connection [Net::HTTP] open connection
|
56
|
-
# @param send_immediately [Boolean] flag for the logger
|
57
56
|
# @return response [Net::HTTP::Response, nil] response from TS if no response
|
58
|
-
def send_event event, connection
|
57
|
+
def send_event event, connection
|
59
58
|
return unless connection
|
60
59
|
|
61
|
-
log_send_event(event) if send_immediately
|
62
60
|
request = build_request(event)
|
63
61
|
response = connection.request(request)
|
64
62
|
audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable?
|
@@ -39,7 +39,7 @@ module Contrast
|
|
39
39
|
|
40
40
|
STARTUP_EVENTS.each do |event|
|
41
41
|
startup_event = event.new
|
42
|
-
send_event(startup_event, connection
|
42
|
+
send_event(startup_event, connection)
|
43
43
|
rescue StandardError => e
|
44
44
|
handle_error(startup_event, e)
|
45
45
|
end
|
@@ -66,15 +66,6 @@ module Contrast
|
|
66
66
|
request
|
67
67
|
end
|
68
68
|
|
69
|
-
# log the event sent immediately
|
70
|
-
#
|
71
|
-
# @param event [Contrast::Agent::Reporting::ReportingEvent] The event to send to TeamServer. Really a
|
72
|
-
# child of the ReportingEvent rather than a literal one.
|
73
|
-
def log_send_event event
|
74
|
-
logger.debug("#{ Contrast::Agent::Reporting::ReporterClient::SERVICE_NAME } immediately sending event.",
|
75
|
-
event_id: event.__id__, event_type: event.cs__class.cs__name)
|
76
|
-
end
|
77
|
-
|
78
69
|
# Handles standard error case, logs and set status for failure
|
79
70
|
#
|
80
71
|
# @param event [Contrast::Agent::Reporting::ReportingEvent]
|
@@ -96,7 +87,6 @@ module Contrast
|
|
96
87
|
# @param response [Net::HTTP::Response]
|
97
88
|
def process_settings_response response
|
98
89
|
response_handler.process(response)
|
99
|
-
logger.debug('Successfully sent startup messages to TeamServer.')
|
100
90
|
status.success!
|
101
91
|
end
|
102
92
|
|
@@ -17,12 +17,6 @@ module Contrast
|
|
17
17
|
# provides access to the original Rack::Request object as well as extracts
|
18
18
|
# data in a format that the Agent expects, caching those transformations in
|
19
19
|
# order to avoid repeatedly creating Strings & thrashing GC.
|
20
|
-
#
|
21
|
-
# @attr_reader rack_request [Rack::Request] The passed to the Agent RackRequest to be wrapped.
|
22
|
-
# @attr_accessor route [Contrast::Api::Dtm::RouteCoverage] the route, used for findings, of this request
|
23
|
-
# @attr_accessor observed_route [Contrast::Api::Dtm::ObservedRoute] the route, used for coverage of this request
|
24
|
-
# @attr_accessor new_observed_route [Contrast::Agent::Reporting::ObservedRoute] the route, used for coverage, of
|
25
|
-
# this request
|
26
20
|
class Request
|
27
21
|
include Contrast::Utils::RequestUtils
|
28
22
|
include Contrast::Components::Logger::InstanceMethods
|
@@ -37,8 +31,12 @@ module Contrast
|
|
37
31
|
STATIC_SUFFIXES = /\.(?:js|css|jpeg|jpg|gif|png|ico|woff|svg|pdf|eot|ttf|jar)$/i.cs__freeze
|
38
32
|
MEDIA_TYPE_MARKERS = %w[image/ text/css text/javascript].cs__freeze
|
39
33
|
|
34
|
+
# @return [Rack::Request] The passed to the Agent RackRequest to be wrapped.
|
40
35
|
attr_reader :rack_request
|
41
|
-
|
36
|
+
# @return [Contrast::Api::Dtm::RouteCoverage] the route, used for findings, of this request
|
37
|
+
attr_accessor :route
|
38
|
+
# @return [Contrast::Agent::Reporting::ObservedRoute] the route, used for coverage, of this request
|
39
|
+
attr_accessor :observed_route
|
42
40
|
|
43
41
|
# Delegate calls to the following methods to the attribute @rack_request
|
44
42
|
def_delegators :@rack_request, :base_url, :cookies, :env, :ip, :media_type, :path, :port, :query_string,
|