contrast-agent 6.4.0 → 6.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ext/cs__contrast_patch/cs__contrast_patch.c +14 -1
- data/lib/contrast/agent/assess/finalizers/hash.rb +1 -0
- data/lib/contrast/agent/assess/policy/propagation_method.rb +5 -1
- data/lib/contrast/agent/assess/policy/propagator/custom.rb +4 -0
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +5 -0
- data/lib/contrast/agent/assess/policy/propagator/split.rb +3 -0
- data/lib/contrast/agent/assess/policy/source_method.rb +5 -0
- data/lib/contrast/agent/assess/policy/trigger_method.rb +8 -2
- data/lib/contrast/agent/assess/tracker.rb +12 -0
- data/lib/contrast/agent/inventory/database_config.rb +2 -1
- data/lib/contrast/agent/inventory/dependency_analysis.rb +2 -2
- data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +1 -1
- data/lib/contrast/agent/inventory/policy/datastores.rb +1 -1
- data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
- data/lib/contrast/agent/patching/policy/method_policy.rb +3 -3
- data/lib/contrast/agent/protect/rule/base.rb +1 -1
- data/lib/contrast/agent/reporting/reporter_heartbeat.rb +1 -3
- data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +17 -21
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +26 -3
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +5 -5
- data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +1 -1
- data/lib/contrast/agent/request_context.rb +8 -0
- data/lib/contrast/agent/service_heartbeat.rb +2 -3
- data/lib/contrast/agent/static_analysis.rb +1 -1
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent/worker_thread.rb +10 -0
- data/lib/contrast/api/communication/response_processor.rb +1 -1
- data/lib/contrast/components/agent.rb +52 -14
- data/lib/contrast/components/api.rb +60 -23
- data/lib/contrast/components/assess.rb +16 -0
- data/lib/contrast/components/contrast_service.rb +1 -1
- data/lib/contrast/components/heap_dump.rb +51 -1
- data/lib/contrast/components/inventory.rb +19 -13
- data/lib/contrast/components/logger.rb +18 -0
- data/lib/contrast/components/protect.rb +41 -1
- data/lib/contrast/components/sampling.rb +29 -0
- data/lib/contrast/config/assess_configuration.rb +33 -3
- data/lib/contrast/config/base_configuration.rb +8 -2
- data/lib/contrast/config/root_configuration.rb +19 -16
- data/lib/contrast/config/service_configuration.rb +4 -4
- data/lib/contrast/config.rb +0 -9
- data/lib/contrast/extension/object.rb +19 -0
- data/lib/contrast/framework/rails/support.rb +7 -3
- data/lib/contrast/logger/log.rb +2 -1
- data/lib/contrast/utils/assess/event_limit_utils.rb +96 -0
- data/lib/contrast/utils/assess/propagation_method_utils.rb +27 -7
- data/lib/contrast/utils/log_utils.rb +2 -2
- data/lib/contrast/utils/net_http_base.rb +2 -2
- data/lib/contrast/utils/patching/policy/patch_utils.rb +1 -1
- data/lib/contrast.rb +6 -21
- data/resources/assess/policy.json +15 -12
- data/resources/deadzone/policy.json +139 -19
- data/ruby-agent.gemspec +2 -0
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +43 -20
- data/lib/contrast/config/agent_configuration.rb +0 -63
- data/lib/contrast/config/api_configuration.rb +0 -56
- data/lib/contrast/config/heap_dump_configuration.rb +0 -59
- data/lib/contrast/config/inventory_configuration.rb +0 -33
- data/lib/contrast/config/logger_configuration.rb +0 -26
- data/lib/contrast/config/protect_configuration.rb +0 -33
- data/lib/contrast/config/sampling_configuration.rb +0 -35
@@ -1,15 +1,18 @@
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require 'contrast/components/agent'
|
5
|
+
require 'contrast/components/inventory'
|
6
|
+
require 'contrast/components/protect'
|
4
7
|
module Contrast
|
5
8
|
module Config
|
6
9
|
# The base of the Common Configuration settings.
|
7
10
|
class RootConfiguration
|
8
11
|
include Contrast::Config::BaseConfiguration
|
9
12
|
|
10
|
-
# @return [Contrast::
|
13
|
+
# @return [Contrast::Components::Api::Interface]
|
11
14
|
attr_writer :api
|
12
|
-
# @return [Contrast::
|
15
|
+
# @return [Contrast::Components::Agent::Interface]
|
13
16
|
attr_writer :agent
|
14
17
|
# @return [Contrast::Config::ApplicationConfiguration]
|
15
18
|
attr_writer :application
|
@@ -17,9 +20,9 @@ module Contrast
|
|
17
20
|
attr_writer :server
|
18
21
|
# @return [Contrast::Config::AssessConfiguration]
|
19
22
|
attr_writer :assess
|
20
|
-
# @return [Contrast::
|
23
|
+
# @return [Contrast::Components::Inventory::Interface]
|
21
24
|
attr_writer :inventory
|
22
|
-
# @return [Contrast::
|
25
|
+
# @return [Contrast::Components::Protect::Interface]
|
23
26
|
attr_writer :protect
|
24
27
|
# @return [Contrast::Config::ServiceConfiguration]
|
25
28
|
attr_writer :service
|
@@ -30,25 +33,25 @@ module Contrast
|
|
30
33
|
def initialize hsh = {}
|
31
34
|
raise(ArgumentError, 'Expected a hash') unless hsh.is_a?(Hash)
|
32
35
|
|
33
|
-
@api = Contrast::
|
36
|
+
@api = Contrast::Components::Api::Interface.new(hsh[:api])
|
34
37
|
@enable = hsh[:enable]
|
35
|
-
@agent = Contrast::
|
38
|
+
@agent = Contrast::Components::Agent::Interface.new(hsh[:agent])
|
36
39
|
@application = Contrast::Config::ApplicationConfiguration.new(hsh[:application])
|
37
40
|
@server = Contrast::Config::ServerConfiguration.new(hsh[:server])
|
38
41
|
@assess = Contrast::Config::AssessConfiguration.new(hsh[:assess])
|
39
|
-
@inventory = Contrast::
|
40
|
-
@protect = Contrast::
|
42
|
+
@inventory = Contrast::Components::Inventory::Interface.new(hsh[:inventory])
|
43
|
+
@protect = Contrast::Components::Protect::Interface.new(hsh[:protect])
|
41
44
|
@service = Contrast::Config::ServiceConfiguration.new(hsh[:service])
|
42
45
|
end
|
43
46
|
|
44
|
-
# @return [Contrast::
|
47
|
+
# @return [Contrast::Components::Api::Interface]
|
45
48
|
def api
|
46
|
-
@api ||= Contrast::
|
49
|
+
@api ||= Contrast::Components::Api::Interface.new
|
47
50
|
end
|
48
51
|
|
49
|
-
# @return [Contrast::
|
52
|
+
# @return [Contrast::Components::Agent::Interface]
|
50
53
|
def agent
|
51
|
-
@agent ||= Contrast::
|
54
|
+
@agent ||= Contrast::Components::Agent::Interface.new
|
52
55
|
end
|
53
56
|
|
54
57
|
# @return [Contrast::Config::ApplicationConfiguration]
|
@@ -66,14 +69,14 @@ module Contrast
|
|
66
69
|
@assess ||= Contrast::Config::AssessConfiguration.new
|
67
70
|
end
|
68
71
|
|
69
|
-
# @return [Contrast::
|
72
|
+
# @return [Contrast::Components::Inventory::Interface]
|
70
73
|
def inventory
|
71
|
-
@inventory ||= Contrast::
|
74
|
+
@inventory ||= Contrast::Components::Inventory::Interface.new
|
72
75
|
end
|
73
76
|
|
74
|
-
# @return [Contrast::
|
77
|
+
# @return [Contrast::Components::Protect::Interface]
|
75
78
|
def protect
|
76
|
-
@protect ||= Contrast::
|
79
|
+
@protect ||= Contrast::Components::Protect::Interface.new
|
77
80
|
end
|
78
81
|
|
79
82
|
# @return [Contrast::Config::ServiceConfiguration]
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
-
require 'contrast/
|
4
|
+
require 'contrast/components/logger'
|
5
5
|
|
6
6
|
module Contrast
|
7
7
|
module Config
|
@@ -31,13 +31,13 @@ module Contrast
|
|
31
31
|
@host = hsh[:host]
|
32
32
|
@port = hsh[:port]
|
33
33
|
@socket = hsh[:socket]
|
34
|
-
@logger = Contrast::
|
34
|
+
@logger = Contrast::Components::Logger::Interface.new(hsh[:logger])
|
35
35
|
@bypass = hsh[:bypass]
|
36
36
|
end
|
37
37
|
|
38
|
-
# @return [Contrast::
|
38
|
+
# @return [Contrast::Components::Logger::Interface]
|
39
39
|
def logger
|
40
|
-
@logger ||= Contrast::
|
40
|
+
@logger ||= Contrast::Components::Logger::Interface.new
|
41
41
|
end
|
42
42
|
|
43
43
|
# @return [Boolean, false]
|
data/lib/contrast/config.rb
CHANGED
@@ -11,23 +11,14 @@ module Contrast
|
|
11
11
|
end
|
12
12
|
|
13
13
|
require 'contrast/config/base_configuration'
|
14
|
-
|
15
|
-
require 'contrast/config/logger_configuration'
|
16
|
-
|
17
|
-
require 'contrast/config/heap_dump_configuration'
|
18
14
|
require 'contrast/config/service_configuration'
|
19
15
|
require 'contrast/config/exception_configuration'
|
20
16
|
require 'contrast/config/assess_rules_configuration'
|
21
17
|
require 'contrast/config/protect_rule_configuration'
|
22
18
|
require 'contrast/config/protect_rules_configuration'
|
23
|
-
require 'contrast/config/sampling_configuration'
|
24
19
|
|
25
20
|
require 'contrast/config/ruby_configuration'
|
26
|
-
require 'contrast/config/api_configuration'
|
27
|
-
require 'contrast/config/agent_configuration'
|
28
21
|
require 'contrast/config/application_configuration'
|
29
22
|
require 'contrast/config/server_configuration'
|
30
23
|
require 'contrast/config/assess_configuration'
|
31
|
-
require 'contrast/config/inventory_configuration'
|
32
|
-
require 'contrast/config/protect_configuration'
|
33
24
|
require 'contrast/config/root_configuration'
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
# Some developers override various methods on Object, which can often involve
|
5
|
+
# changing expected method parity/behavior which in turn prevents us from being
|
6
|
+
# able to reliably use affected methods.
|
7
|
+
# We alias these method so that we always have access to them.
|
8
|
+
#
|
9
|
+
# Because we use these methods in constructing classes (e.g., calling #freeze
|
10
|
+
# on constants within class definitions) we do this aliasing ASAP.
|
11
|
+
class Object
|
12
|
+
alias_method :cs__class, :class
|
13
|
+
alias_method :cs__freeze, :freeze
|
14
|
+
alias_method :cs__frozen?, :frozen?
|
15
|
+
alias_method :cs__is_a?, :is_a?
|
16
|
+
alias_method :cs__method, :method
|
17
|
+
alias_method :cs__respond_to?, :respond_to?
|
18
|
+
alias_method :cs__singleton_class, :singleton_class
|
19
|
+
end
|
@@ -59,7 +59,7 @@ module Contrast
|
|
59
59
|
# ActionDispatch::Journey::Path::Pattern::MatchData, Hash, ActionDispatch::Journey::Route, Array<String>
|
60
60
|
match, _params, route, path = get_full_route(request.rack_request)
|
61
61
|
unless route
|
62
|
-
logger.warn(
|
62
|
+
logger.warn("Unable to determine the current route of this request: #{ request.rack_request }")
|
63
63
|
return
|
64
64
|
end
|
65
65
|
|
@@ -90,7 +90,7 @@ module Contrast
|
|
90
90
|
# ActionDispatch::Journey::Path::Pattern::MatchData, Hash, ActionDispatch::Journey::Route, Array<String>
|
91
91
|
match, _params, route, path = get_full_route(request.rack_request)
|
92
92
|
unless route
|
93
|
-
logger.warn(
|
93
|
+
logger.warn("Unable to determine the current route of this request: #{ request.rack_request }")
|
94
94
|
return
|
95
95
|
end
|
96
96
|
|
@@ -135,8 +135,11 @@ module Contrast
|
|
135
135
|
# @return [bool] whether the router is an engine or not.
|
136
136
|
def engine_route? route
|
137
137
|
return false unless route&.app&.app
|
138
|
+
return false unless route.app.is_a?(::ActionDispatch::Routing::Mapper::Constraints) ||
|
139
|
+
route.app.is_a?(::ActionDispatch::Routing::RouteSet::Dispatcher)
|
138
140
|
|
139
|
-
route.app.is_a?(
|
141
|
+
clazz = route.app.app.is_a?(Class) ? route.app.app : route.app.app.cs__class
|
142
|
+
clazz < ::Rails::Engine
|
140
143
|
end
|
141
144
|
|
142
145
|
# Recursively get final route traversing engines as required. Because this can only be called once, we store
|
@@ -179,6 +182,7 @@ module Contrast
|
|
179
182
|
route_list += find_all_routes(route.app.app, [])
|
180
183
|
end
|
181
184
|
end
|
185
|
+
logger.debug("Routes Found: #{ route_list }")
|
182
186
|
route_list
|
183
187
|
end
|
184
188
|
|
data/lib/contrast/logger/log.rb
CHANGED
@@ -134,7 +134,8 @@ module Contrast
|
|
134
134
|
|
135
135
|
enable_trace_timing if current_level_const == ::Ougai::Logging::TRACE
|
136
136
|
|
137
|
-
|
137
|
+
progname = Contrast::CONFIG.root.agent.logger.progname
|
138
|
+
@_logger = build(path: current_path, level_const: current_level_const, progname: progname)
|
138
139
|
# If we're logging to a new path, then let's start it w/ our helpful
|
139
140
|
# data gathering messages
|
140
141
|
log_update if path_change
|
@@ -0,0 +1,96 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/components/logger'
|
5
|
+
|
6
|
+
module Contrast
|
7
|
+
module Utils
|
8
|
+
module Assess
|
9
|
+
# EventLimitUtils is used to check and validate the number of source, propagation, or trigger events collected
|
10
|
+
# during the reporting time frame
|
11
|
+
module EventLimitUtils
|
12
|
+
include Contrast::Components::Logger::InstanceMethods
|
13
|
+
# Checks to see if the event limit for the policy type has been met or exceeded
|
14
|
+
# @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] method to check for event limit
|
15
|
+
def event_limit? method_policy
|
16
|
+
return false unless (context = Contrast::Agent::REQUEST_TRACKER.current)
|
17
|
+
|
18
|
+
if method_policy.source_node
|
19
|
+
max = (::Contrast::ASSESS.max_source_events ||
|
20
|
+
Contrast::Config::AssessConfiguration::DEFAULT_MAX_SOURCE_EVENTS)
|
21
|
+
return at_limit?(method_policy, context.source_event_count, max)
|
22
|
+
|
23
|
+
end
|
24
|
+
if method_policy.propagation_node
|
25
|
+
max = (::Contrast::ASSESS.max_propagation_events ||
|
26
|
+
Contrast::Config::AssessConfiguration::DEFAULT_MAX_PROPAGATION_EVENTS)
|
27
|
+
return at_limit?(method_policy, context.propagation_event_count, max)
|
28
|
+
end
|
29
|
+
|
30
|
+
false # policy does not have limit
|
31
|
+
end
|
32
|
+
|
33
|
+
def event_limit_for_rule? rule_id
|
34
|
+
if Contrast::Utils::Timer.now_ms > threshold_time_limit
|
35
|
+
@_rule_counts = nil
|
36
|
+
@_threshold_time_limit = nil
|
37
|
+
threshold_time_limit
|
38
|
+
end
|
39
|
+
rule_counts[rule_id] += 1
|
40
|
+
# TODO: RUBY-1680 remove default
|
41
|
+
rule_counts[rule_id] >=
|
42
|
+
(::Contrast::ASSESS.max_rule_reported || Contrast::Config::AssessConfiguration::DEFAULT_MAX_RULE_REPORTED)
|
43
|
+
end
|
44
|
+
|
45
|
+
# Increments the event count for the type of event that is being tracked
|
46
|
+
#
|
47
|
+
# @param node [Contrast::Agent::Assess::Policy::PolicyNode] policy to increment
|
48
|
+
def increment_event_count node
|
49
|
+
return unless (context = Contrast::Agent::REQUEST_TRACKER.current)
|
50
|
+
|
51
|
+
context.source_event_count += 1 if node.cs__is_a?(Contrast::Agent::Assess::Policy::SourceNode)
|
52
|
+
context.propagation_event_count += 1 if node.cs__is_a?(Contrast::Agent::Assess::Policy::PropagationNode)
|
53
|
+
end
|
54
|
+
|
55
|
+
private
|
56
|
+
|
57
|
+
# helper method to check limit and log when necessary
|
58
|
+
def at_limit? method_policy, current_count, event_max
|
59
|
+
if current_count == event_max
|
60
|
+
logger.warn('Event Limit Reached:',
|
61
|
+
{
|
62
|
+
count: current_count,
|
63
|
+
max: event_max,
|
64
|
+
policy: method_policy.method_name,
|
65
|
+
node: method_policy
|
66
|
+
})
|
67
|
+
# increment to be over count for logging purposes
|
68
|
+
increment_event_count(method_policy)
|
69
|
+
return true
|
70
|
+
elsif current_count > event_max
|
71
|
+
# increment to be over count for logging purposes
|
72
|
+
increment_event_count(method_policy)
|
73
|
+
logger.warn('Event Limit Exceeded:',
|
74
|
+
{
|
75
|
+
count: current_count,
|
76
|
+
policy: method_policy.method_name,
|
77
|
+
node: method_policy
|
78
|
+
})
|
79
|
+
return true
|
80
|
+
end
|
81
|
+
false
|
82
|
+
end
|
83
|
+
|
84
|
+
def rule_counts
|
85
|
+
@_rule_counts ||= Hash.new { |h, k| h[k] = 0 }
|
86
|
+
end
|
87
|
+
|
88
|
+
# the time threshold for which to track rule counts resets when now >= threshold_time_limit
|
89
|
+
# @return [Integer]
|
90
|
+
def threshold_time_limit
|
91
|
+
@_threshold_time_limit ||= Contrast::Utils::Timer.now_ms + (::Contrast::ASSESS.time_limit_threshold || 0)
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
@@ -92,20 +92,24 @@ module Contrast
|
|
92
92
|
# @param preshift [Contrast::Agent::Assess::PreShift] The capture of the state of the code just prior to
|
93
93
|
# the invocation of the patched method.
|
94
94
|
# @param target [Object] the thing to which to propagate
|
95
|
+
# @param propagation_data [Contrast::Agent::Assess::Events::EventData] this will hold the
|
96
|
+
# object [Object] the Object on which the method was invoked
|
97
|
+
# args [Array<Object>] the Arguments with which the method was invoked
|
95
98
|
# @return [Boolean]
|
96
|
-
def can_propagate? propagation_node, preshift, target
|
99
|
+
def can_propagate? propagation_node, preshift, target, propagation_data
|
97
100
|
return false unless appropriate_target?(propagation_node, target)
|
98
101
|
return true if Contrast::Utils::Assess::TrackingUtil.tracked?(target)
|
99
|
-
|
100
|
-
# return true since we don't have preshift while using the original object.
|
101
|
-
return true
|
102
|
-
end
|
103
|
-
return false unless preshift
|
102
|
+
return false unless appropriate_source?(propagation_node, propagation_data, preshift)
|
104
103
|
|
105
104
|
propagation_node.sources.each do |source|
|
106
105
|
case source
|
107
106
|
when Contrast::Utils::ObjectShare::OBJECT_KEY
|
108
|
-
|
107
|
+
source_object = if propagation_node.use_original_object?
|
108
|
+
propagation_data.object
|
109
|
+
else
|
110
|
+
preshift.object
|
111
|
+
end
|
112
|
+
return true if Contrast::Utils::Assess::TrackingUtil.tracked?(source_object)
|
109
113
|
else
|
110
114
|
# has to be P, there's no ret source type (yet? ever?)
|
111
115
|
return true if preshift.args && Contrast::Utils::Assess::TrackingUtil.tracked?(preshift.args[source])
|
@@ -129,6 +133,22 @@ module Contrast
|
|
129
133
|
|
130
134
|
Contrast::Agent::Assess::Tracker.trackable?(target)
|
131
135
|
end
|
136
|
+
|
137
|
+
# A source is appropriate if it is available for propagation
|
138
|
+
#
|
139
|
+
# @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node that governs this
|
140
|
+
# propagation event.
|
141
|
+
# @param propagation_data [Contrast::Agent::Assess::Events::EventData] this will hold the
|
142
|
+
# object [Object] the Object on which the method was invoked
|
143
|
+
# args [Array<Object>] the Arguments with which the method was invoked
|
144
|
+
# @param preshift [Contrast::Agent::Assess::PreShift] The capture of the state of the code just prior to
|
145
|
+
# the invocation of the patched method.
|
146
|
+
# @return [Boolean]
|
147
|
+
def appropriate_source? propagation_node, propagation_data, preshift
|
148
|
+
return true if preshift
|
149
|
+
|
150
|
+
propagation_node.use_original_object? && propagation_data&.object
|
151
|
+
end
|
132
152
|
end
|
133
153
|
end
|
134
154
|
end
|
@@ -19,7 +19,7 @@ module Contrast
|
|
19
19
|
|
20
20
|
private
|
21
21
|
|
22
|
-
def build path: STDOUT_STR, level_const: DEFAULT_LEVEL
|
22
|
+
def build path: STDOUT_STR, level_const: DEFAULT_LEVEL, progname: PROGNAME
|
23
23
|
logger = case path
|
24
24
|
when STDOUT_STR, STDERR_STR
|
25
25
|
::Ougai::Logger.new(Object.cs__const_get(path))
|
@@ -27,7 +27,7 @@ module Contrast
|
|
27
27
|
::Ougai::Logger.new(path)
|
28
28
|
end
|
29
29
|
add_contrast_loggers(logger)
|
30
|
-
logger.progname =
|
30
|
+
logger.progname = progname
|
31
31
|
logger.level = level_const
|
32
32
|
logger.formatter = Contrast::Logger::Format.new
|
33
33
|
logger.formatter.datetime_format = DATE_TIME_FORMAT
|
@@ -131,7 +131,7 @@ module Contrast
|
|
131
131
|
end
|
132
132
|
return initialize_client if addr.host.to_s.include?('localhost') # TODO: RUBY-99999 allow http w/ localhost
|
133
133
|
|
134
|
-
assign_cert(initialize_client) if use_custom_cert && Contrast::API.
|
134
|
+
assign_cert(initialize_client) if use_custom_cert && Contrast::API.certification_enable
|
135
135
|
initialize_client.use_ssl = true
|
136
136
|
initialize_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
137
137
|
initialize_client.verify_depth = 5
|
@@ -150,7 +150,7 @@ module Contrast
|
|
150
150
|
def proxy_enabled?
|
151
151
|
return @_proxy_enabled unless @_proxy_enabled.nil?
|
152
152
|
|
153
|
-
@_proxy_enabled = Contrast::API.
|
153
|
+
@_proxy_enabled = Contrast::API.proxy_enable && !Contrast::API.proxy_url.nil?
|
154
154
|
end
|
155
155
|
|
156
156
|
# Retrieve the IP address from the client.
|
@@ -95,7 +95,7 @@ module Contrast
|
|
95
95
|
# @param object [Object] The object on which the method is invoked, typically what would be returned by self.
|
96
96
|
# @param args [Array<Object>] The arguments passed to the method being invoked.
|
97
97
|
def apply_inventory method_policy, method, exception, object, args
|
98
|
-
return unless ::Contrast::INVENTORY.
|
98
|
+
return unless ::Contrast::INVENTORY.enable
|
99
99
|
|
100
100
|
apply_trigger_only(method_policy&.inventory_node, method, exception, object, args)
|
101
101
|
end
|
data/lib/contrast.rb
CHANGED
@@ -4,22 +4,7 @@
|
|
4
4
|
# Used to prevent deprecation warnings from flooding stdout
|
5
5
|
ENV['PB_IGNORE_DEPRECATIONS'] = 'true'
|
6
6
|
|
7
|
-
|
8
|
-
# changing expected method parity/behavior which in turn prevents us from being
|
9
|
-
# able to reliably use affected methods.
|
10
|
-
# We alias these method so that we always have access to them.
|
11
|
-
#
|
12
|
-
# Because we use these methods in constructing classes (e.g., calling #freeze
|
13
|
-
# on constants within class definitions) we do this aliasing ASAP.
|
14
|
-
class Object
|
15
|
-
alias_method :cs__class, :class
|
16
|
-
alias_method :cs__freeze, :freeze
|
17
|
-
alias_method :cs__frozen?, :frozen?
|
18
|
-
alias_method :cs__is_a?, :is_a?
|
19
|
-
alias_method :cs__method, :method
|
20
|
-
alias_method :cs__respond_to?, :respond_to?
|
21
|
-
alias_method :cs__singleton_class, :singleton_class
|
22
|
-
end
|
7
|
+
require 'contrast/extension/object'
|
23
8
|
|
24
9
|
# ActiveRecord gives access to the `String#blank?` method, which we've started using. We need to make sure that method
|
25
10
|
# actually exists.
|
@@ -86,15 +71,15 @@ require 'contrast/agent/telemetry/events/exceptions/telemetry_exception_event'
|
|
86
71
|
require 'protobuf' # TODO: RUBY-1438
|
87
72
|
|
88
73
|
module Contrast
|
89
|
-
API = Contrast::Components::Api::Interface.new
|
90
|
-
SCOPE = Contrast::Components::Scope::Interface.new
|
91
74
|
CONFIG = Contrast::Components::Config::Interface.new
|
75
|
+
SCOPE = Contrast::Components::Scope::Interface.new
|
76
|
+
API = CONFIG.root.api
|
92
77
|
SETTINGS = Contrast::Components::Settings::Interface.new
|
93
78
|
ASSESS = Contrast::Components::Assess::Interface.new
|
94
79
|
PROTECT = Contrast::Components::Protect::Interface.new
|
95
|
-
INVENTORY =
|
96
|
-
|
97
|
-
|
80
|
+
INVENTORY = CONFIG.root.inventory
|
81
|
+
AGENT = CONFIG.root.agent
|
82
|
+
LOGGER = AGENT.logger
|
98
83
|
CONTRAST_SERVICE = Contrast::Components::ContrastService::Interface.new
|
99
84
|
APP_CONTEXT = Contrast::Components::AppContext::Interface.new
|
100
85
|
end
|
@@ -692,15 +692,7 @@
|
|
692
692
|
"action":"CUSTOM",
|
693
693
|
"patch_class": "Contrast::Agent::Assess::Policy::Propagator::MatchData",
|
694
694
|
"patch_method": "values_at_tagger"
|
695
|
-
},
|
696
|
-
"class_name":"String",
|
697
|
-
"instance_method": true,
|
698
|
-
"method_visibility": "public",
|
699
|
-
"method_name":"to_sym",
|
700
|
-
"source":"O",
|
701
|
-
"target":"R",
|
702
|
-
"action":"KEEP"
|
703
|
-
}, {
|
695
|
+
},{
|
704
696
|
"class_name": "String",
|
705
697
|
"instance_method": true,
|
706
698
|
"method_visibility": "public",
|
@@ -1104,6 +1096,17 @@
|
|
1104
1096
|
"tags":["SQL_ENCODED"],
|
1105
1097
|
"untags":["SQL_DECODED"]
|
1106
1098
|
},
|
1099
|
+
{
|
1100
|
+
"class_name":"ActiveRecord::ConnectionAdapters::Quoting",
|
1101
|
+
"instance_method": true,
|
1102
|
+
"method_visibility": "public",
|
1103
|
+
"method_name":"quote",
|
1104
|
+
"source": "P0",
|
1105
|
+
"target": "R",
|
1106
|
+
"action": "SPLAT",
|
1107
|
+
"tags":["SQL_ENCODED"],
|
1108
|
+
"untags":["SQL_DECODED"]
|
1109
|
+
},
|
1107
1110
|
{
|
1108
1111
|
"class_name":"IO",
|
1109
1112
|
"method_name":"initialize",
|
@@ -1860,9 +1863,9 @@
|
|
1860
1863
|
"source": "P0"
|
1861
1864
|
},{
|
1862
1865
|
"class_name": "Excon",
|
1863
|
-
"instance_method":
|
1864
|
-
"method_visibility": "
|
1865
|
-
"method_name": "
|
1866
|
+
"instance_method": false,
|
1867
|
+
"method_visibility": "public",
|
1868
|
+
"method_name": "new",
|
1866
1869
|
"source": "P0"
|
1867
1870
|
},
|
1868
1871
|
{
|