contrast-agent 6.5.0 → 6.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/contrast/agent/assess/policy/source_method.rb +10 -9
- data/lib/contrast/agent/inventory/database_config.rb +2 -1
- data/lib/contrast/agent/inventory/policy/datastores.rb +1 -1
- data/lib/contrast/agent/middleware.rb +6 -5
- data/lib/contrast/agent/protect/rule/base.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +5 -5
- data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +1 -1
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/api/communication/response_processor.rb +1 -1
- data/lib/contrast/components/agent.rb +1 -1
- data/lib/contrast/components/api.rb +60 -23
- data/lib/contrast/components/logger.rb +0 -10
- data/lib/contrast/components/protect.rb +41 -1
- data/lib/contrast/components/sampling.rb +29 -0
- data/lib/contrast/config/assess_configuration.rb +5 -3
- data/lib/contrast/config/root_configuration.rb +9 -9
- data/lib/contrast/config.rb +0 -3
- data/lib/contrast/framework/rails/support.rb +3 -2
- data/lib/contrast/logger/application.rb +2 -1
- data/lib/contrast/logger/log.rb +0 -69
- data/lib/contrast/logger/time.rb +19 -12
- data/lib/contrast/utils/net_http_base.rb +2 -2
- data/lib/contrast.rb +2 -2
- data/resources/assess/policy.json +11 -0
- data/resources/deadzone/policy.json +139 -19
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +12 -15
- data/lib/contrast/config/api_configuration.rb +0 -56
- data/lib/contrast/config/protect_configuration.rb +0 -33
- data/lib/contrast/config/sampling_configuration.rb +0 -35
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0ba6de8e82da25931f2fd6d90f515451c33521c02c0fd00e0120ea05701bdc23
|
4
|
+
data.tar.gz: 953297f4f0908bcdcf4791f91869dcf69312f44fe05e743e1e681ce9d3aa9b6f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f7e96583d53e23400fd53fd24aed86c728e0d9b8d79a17179cc1bb96a50ad002e047805b10cea0eaa362802c494ff0b45463a16b53a008e9921723cd9e6e43f9
|
7
|
+
data.tar.gz: f3c7c2a5b575233f4f8d3e9058b281352133625ab42d50b3c6590c7178728ceda8c494953890a0d50e1413ad5f1e50c04595cc035d5f3ed247611f3a1401095e
|
@@ -38,19 +38,20 @@ module Contrast
|
|
38
38
|
# @param ret [Object] the Return of the invoked method
|
39
39
|
# @param args [Array<Object>] the Arguments with which the method was invoked
|
40
40
|
def apply_source method_policy, object, ret, args
|
41
|
-
|
42
|
-
|
43
|
-
|
41
|
+
logger.trace_with_time('Elapsed time for Contrast::Agent::Assess::Policy::SourceMethod#apply_source') do
|
42
|
+
return unless analyze?(method_policy, object, ret, args)
|
43
|
+
return if event_limit?(method_policy)
|
44
|
+
return unless (source_node = method_policy.source_node)
|
44
45
|
|
45
|
-
|
46
|
-
|
46
|
+
# used to hold the object and ret
|
47
|
+
source_data = Contrast::Agent::Assess::Events::EventData.new(nil, nil, object, ret, nil)
|
47
48
|
|
48
|
-
|
49
|
-
|
49
|
+
return unless (target = determine_target(source_node, source_data, args))
|
50
|
+
return if target.cs__frozen? && !Contrast::Agent::Assess::Tracker.trackable?(target)
|
50
51
|
|
51
|
-
|
52
|
+
process_source(source_node, target, source_data, source_node.type, nil, *args)
|
53
|
+
end
|
52
54
|
end
|
53
|
-
Contrast::Components::Logger.add_trace_log_timing_for(SourceMethod, :apply_source)
|
54
55
|
|
55
56
|
private
|
56
57
|
|
@@ -21,7 +21,7 @@ module Contrast
|
|
21
21
|
DATA_STORE_MARKER = 'data_store'
|
22
22
|
|
23
23
|
def report_data_store _method, _exception, properties, object, _args
|
24
|
-
return unless ::Contrast::INVENTORY.
|
24
|
+
return unless ::Contrast::INVENTORY.enable
|
25
25
|
|
26
26
|
marker = properties[DATA_STORE_MARKER]
|
27
27
|
return unless marker
|
@@ -61,13 +61,14 @@ module Contrast
|
|
61
61
|
# @return [Array,Rack::Response] the Response of this and subsequent Middlewares to be passed back to the user up
|
62
62
|
# the Rack framework.
|
63
63
|
def call env
|
64
|
-
|
64
|
+
logger.trace_with_time('Elapsed time for Contrast::Agent::Middleware#call') do
|
65
|
+
return app.call(env) unless ::Contrast::AGENT.enabled?
|
65
66
|
|
66
|
-
|
67
|
-
|
68
|
-
|
67
|
+
Contrast::Agent.heapdump_util.start_thread!
|
68
|
+
handle_first_request
|
69
|
+
call_with_agent(env)
|
70
|
+
end
|
69
71
|
end
|
70
|
-
::Contrast::Components::Logger.add_trace_log_timing_for(::Contrast::Agent::Middleware, :call)
|
71
72
|
|
72
73
|
private
|
73
74
|
|
@@ -26,12 +26,12 @@ module Contrast
|
|
26
26
|
# event field of Contrast::Agent::Reporting::ReportingEvent
|
27
27
|
# @param response_data [Net::HTTP::Response]
|
28
28
|
def audit_event event, response_data = nil
|
29
|
-
return unless ::Contrast::API.request_audit_requests
|
29
|
+
return unless ::Contrast::API.request_audit_requests || ::Contrast::API.request_audit_responses
|
30
30
|
|
31
31
|
file_name = event.cs__respond_to?(:file_name) ? event.file_name : event.cs__class.cs__name.to_s.downcase
|
32
32
|
data = event.to_controlled_hash.to_json
|
33
33
|
log_data(:request, file_name, data) if data
|
34
|
-
return unless ::Contrast::API.request_audit_responses
|
34
|
+
return unless ::Contrast::API.request_audit_responses
|
35
35
|
|
36
36
|
data = response_data&.body || 'There is no available response'
|
37
37
|
log_data(:response, file_name, data)
|
@@ -94,7 +94,7 @@ module Contrast
|
|
94
94
|
# Retrieves the configuration value if the request audit is enabled
|
95
95
|
# @return [Boolean]
|
96
96
|
def enabled?
|
97
|
-
::Contrast::API.request_audit_enable
|
97
|
+
::Contrast::API.request_audit_enable
|
98
98
|
end
|
99
99
|
|
100
100
|
# The boolean values for the requests and the responses should be taken under
|
@@ -107,13 +107,13 @@ module Contrast
|
|
107
107
|
# Retrieve the configuration value if the audit for requests is enabled
|
108
108
|
# @return [Boolean]
|
109
109
|
def enabled_for_requests?
|
110
|
-
::Contrast::API.request_audit_requests
|
110
|
+
::Contrast::API.request_audit_requests
|
111
111
|
end
|
112
112
|
|
113
113
|
# Retrieve the configuration value if the audit for responses is enabled
|
114
114
|
# @return [Boolean]
|
115
115
|
def enabled_for_responses?
|
116
|
-
::Contrast::API.request_audit_requests
|
116
|
+
::Contrast::API.request_audit_requests
|
117
117
|
end
|
118
118
|
|
119
119
|
# Retrieve the configuration value for the path of the audits
|
@@ -24,7 +24,7 @@ module Contrast
|
|
24
24
|
@app_language = RUBY
|
25
25
|
@app_path = Base64.strict_encode64(Contrast::APP_CONTEXT.path)
|
26
26
|
@app_version = Contrast::APP_CONTEXT.app_version
|
27
|
-
@authorization = Base64.strict_encode64("#{ Contrast::API.
|
27
|
+
@authorization = Base64.strict_encode64("#{ Contrast::API.user_name }:#{ Contrast::API.service_key }")
|
28
28
|
@server_name = Base64.strict_encode64(Contrast::APP_CONTEXT.server_name)
|
29
29
|
@server_path = Base64.strict_encode64(Contrast::APP_CONTEXT.server_path)
|
30
30
|
@server_type = Base64.strict_encode64(Contrast::APP_CONTEXT.server_type)
|
@@ -59,7 +59,7 @@ module Contrast
|
|
59
59
|
|
60
60
|
request = build_request(event)
|
61
61
|
response = connection.request(request)
|
62
|
-
audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable
|
62
|
+
audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable
|
63
63
|
process_settings_response(response)
|
64
64
|
process_preflight_response(event, response, connection)
|
65
65
|
response
|
@@ -185,7 +185,7 @@ module Contrast
|
|
185
185
|
::Contrast::SETTINGS.build_protect_rules if ::Contrast::PROTECT.enabled?
|
186
186
|
::Contrast::AGENT.reset_ruleset
|
187
187
|
logger.info('Current rule settings:')
|
188
|
-
::Contrast::PROTECT.
|
188
|
+
::Contrast::PROTECT.defend_rules.each { |k, v| logger.info('Protect Rule mode set', rule: k, mode: v.mode) }
|
189
189
|
logger.info('Disabled Assess Rules', rules: ::Contrast::ASSESS.disabled_rules)
|
190
190
|
end
|
191
191
|
end
|
@@ -80,7 +80,7 @@ module Contrast
|
|
80
80
|
|
81
81
|
logger.info('Current rule settings:')
|
82
82
|
|
83
|
-
::Contrast::PROTECT.
|
83
|
+
::Contrast::PROTECT.defend_rules.each { |k, v| logger.info('Protect Rule mode set', rule: k, mode: v.mode) }
|
84
84
|
logger.info('Disabled Assess Rules', rules: ::Contrast::ASSESS.disabled_rules)
|
85
85
|
end
|
86
86
|
end
|
@@ -3,6 +3,9 @@
|
|
3
3
|
|
4
4
|
require 'contrast/components/base'
|
5
5
|
require 'contrast/components/config'
|
6
|
+
require 'contrast/config/api_proxy_configuration'
|
7
|
+
require 'contrast/config/request_audit_configuration'
|
8
|
+
require 'contrast/config/certification_configuration'
|
6
9
|
|
7
10
|
module Contrast
|
8
11
|
module Components
|
@@ -12,50 +15,86 @@ module Contrast
|
|
12
15
|
# parent_configuration_spec.yaml.
|
13
16
|
class Interface
|
14
17
|
include Contrast::Components::ComponentBase
|
18
|
+
include Contrast::Config::BaseConfiguration
|
19
|
+
|
20
|
+
# @return [String]
|
21
|
+
attr_accessor :api_key
|
22
|
+
# @return [String]
|
23
|
+
attr_accessor :user_name
|
24
|
+
# @return [String]
|
25
|
+
attr_accessor :service_key
|
26
|
+
attr_writer :url
|
27
|
+
|
28
|
+
DEFAULT_URL = 'https://app.contrastsecurity.com/Contrast'
|
29
|
+
|
30
|
+
def initialize hsh = {}
|
31
|
+
return unless hsh
|
32
|
+
|
33
|
+
@api_key = hsh[:api_key]
|
34
|
+
@url = hsh[:url]
|
35
|
+
@user_name = hsh[:user_name]
|
36
|
+
@service_key = hsh[:service_key]
|
37
|
+
@_proxy = Contrast::Config::ApiProxyConfiguration.new(hsh[:proxy])
|
38
|
+
@_request_audit = Contrast::Config::RequestAuditConfiguration.new(hsh[:request_audit])
|
39
|
+
@_certificate = Contrast::Config::CertificationConfiguration.new(hsh[:certificate])
|
40
|
+
end
|
15
41
|
|
16
|
-
def
|
17
|
-
@
|
18
|
-
tmp = ::Contrast::CONFIG.root.api.url
|
19
|
-
tmp += '/Contrast' unless tmp.end_with?('/Contrast')
|
20
|
-
tmp
|
21
|
-
end
|
42
|
+
def url
|
43
|
+
@url.nil? ? DEFAULT_URL : @url
|
22
44
|
end
|
23
45
|
|
24
|
-
|
25
|
-
|
46
|
+
# @return [Contrast::Config::ApiProxyConfiguration]
|
47
|
+
def proxy
|
48
|
+
return @_proxy unless @_proxy.nil?
|
49
|
+
|
50
|
+
@_proxy = Contrast::Config::ApiProxyConfiguration.new
|
26
51
|
end
|
27
52
|
|
28
|
-
|
29
|
-
|
53
|
+
# @return [Contrast::Config::RequestAuditConfiguration]
|
54
|
+
def request_audit
|
55
|
+
return @_request_audit unless @_request_audit.nil?
|
56
|
+
|
57
|
+
@_request_audit = Contrast::Config::RequestAuditConfiguration.new
|
30
58
|
end
|
31
59
|
|
32
|
-
|
33
|
-
|
60
|
+
# @return [Contrast::Config::CertificationConfiguration]
|
61
|
+
def certificate
|
62
|
+
return @_certificate unless @_certificate.nil?
|
63
|
+
|
64
|
+
@_certificate = Contrast::Config::CertificationConfiguration.new
|
34
65
|
end
|
35
66
|
|
36
|
-
def
|
37
|
-
|
67
|
+
def api_url
|
68
|
+
@_api_url ||= begin
|
69
|
+
tmp = Contrast::CONFIG.root.api.url
|
70
|
+
tmp += '/Contrast' unless tmp.end_with?('/Contrast')
|
71
|
+
tmp
|
72
|
+
end
|
73
|
+
end
|
38
74
|
|
39
|
-
|
75
|
+
def proxy_enable
|
76
|
+
return @_proxy_enable unless @_proxy_enable.nil?
|
77
|
+
|
78
|
+
@_proxy_enable = true?(::Contrast::CONFIG.root.api.proxy.enable)
|
40
79
|
end
|
41
80
|
|
42
81
|
def proxy_url
|
43
|
-
|
82
|
+
proxy.url
|
44
83
|
end
|
45
84
|
|
46
|
-
def request_audit_enable
|
85
|
+
def request_audit_enable
|
47
86
|
return @_request_audit_enable unless @_request_audit_enable.nil?
|
48
87
|
|
49
88
|
@_request_audit_enable = true?(::Contrast::CONFIG.root.api.request_audit.enable)
|
50
89
|
end
|
51
90
|
|
52
|
-
def request_audit_requests
|
91
|
+
def request_audit_requests
|
53
92
|
return @_request_audit_requests unless @_request_audit_requests.nil?
|
54
93
|
|
55
94
|
@_request_audit_requests = true?(::Contrast::CONFIG.root.api.request_audit.requests)
|
56
95
|
end
|
57
96
|
|
58
|
-
def request_audit_responses
|
97
|
+
def request_audit_responses
|
59
98
|
return @_request_audit_responses unless @_request_audit_responses.nil?
|
60
99
|
|
61
100
|
@_request_audit_responses = true?(::Contrast::CONFIG.root.api.request_audit.responses)
|
@@ -65,10 +104,8 @@ module Contrast
|
|
65
104
|
@_request_audit_path ||= ::Contrast::CONFIG.root.api.request_audit.path.to_s
|
66
105
|
end
|
67
106
|
|
68
|
-
def
|
69
|
-
|
70
|
-
|
71
|
-
@_certification_enabled = certification_truly_enabled?(::Contrast::CONFIG.root.api.certificate)
|
107
|
+
def certification_enable
|
108
|
+
@_certification_enable ||= certification_truly_enabled?(::Contrast::CONFIG.root.api.certificate)
|
72
109
|
end
|
73
110
|
|
74
111
|
def certification_ca_file
|
@@ -16,16 +16,6 @@ module Contrast
|
|
16
16
|
def cef_logger
|
17
17
|
@_cef_logger ||= Contrast::Logger::CEFLog.instance.tap(&:build_logger)
|
18
18
|
end
|
19
|
-
|
20
|
-
def add_trace_perf_logging_for sym, custom_message = nil
|
21
|
-
logger.add_trace_perf_logging(self, sym, custom_message)
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
class << self
|
26
|
-
def add_trace_log_timing_for clazz, method_name, custom_message = nil
|
27
|
-
Contrast::Logger::Log.instance.add_method_to_trace_timing(clazz, method_name, custom_message)
|
28
|
-
end
|
29
19
|
end
|
30
20
|
|
31
21
|
# So This class here follows the update for the configuration
|
@@ -2,6 +2,8 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/components/base'
|
5
|
+
require 'contrast/config/exception_configuration'
|
6
|
+
require 'contrast/config/protect_rule_configuration'
|
5
7
|
|
6
8
|
module Contrast
|
7
9
|
module Components
|
@@ -10,6 +12,39 @@ module Contrast
|
|
10
12
|
# its parent_configuration_spec.yaml. Specifically, this allows for querying the state of the Protect product.
|
11
13
|
class Interface
|
12
14
|
include Contrast::Components::ComponentBase
|
15
|
+
include Contrast::Config::BaseConfiguration
|
16
|
+
|
17
|
+
# @return [Boolean, nil]
|
18
|
+
attr_accessor :enable
|
19
|
+
|
20
|
+
def initialize hsh = {}
|
21
|
+
return unless hsh
|
22
|
+
|
23
|
+
@_exceptions = Contrast::Config::ExceptionConfiguration.new(hsh[:exceptions])
|
24
|
+
@_rules = Contrast::Config::ProtectRulesConfiguration.new(hsh[:rules])
|
25
|
+
@enable = hsh[:enable]
|
26
|
+
end
|
27
|
+
|
28
|
+
# @return [Contrast::Config::ExceptionConfiguration]
|
29
|
+
def exceptions
|
30
|
+
@_exceptions ||= Contrast::Config::ExceptionConfiguration.new
|
31
|
+
end
|
32
|
+
|
33
|
+
# Name is kept the same - rules to correspond to config,
|
34
|
+
# mapping. - root.protect.rules
|
35
|
+
#
|
36
|
+
# @return [Contrast::Config::ProtectRulesConfiguration]
|
37
|
+
def rules
|
38
|
+
@_rules ||= Contrast::Config::ProtectRulesConfiguration.new
|
39
|
+
end
|
40
|
+
|
41
|
+
def rules= new_rules
|
42
|
+
@_rules = new_rules
|
43
|
+
end
|
44
|
+
|
45
|
+
def exceptions= new_exceptions
|
46
|
+
@_exceptions = new_exceptions
|
47
|
+
end
|
13
48
|
|
14
49
|
def enabled?
|
15
50
|
# config overrides if forcibly set
|
@@ -23,7 +58,12 @@ module Contrast
|
|
23
58
|
::Contrast::CONFIG.root.protect.rules
|
24
59
|
end
|
25
60
|
|
26
|
-
|
61
|
+
# Returns Protect array of all initialized
|
62
|
+
# protect rules.
|
63
|
+
#
|
64
|
+
# @return defend_rules[Hash<Contrast::SETTINGS.protect_state.rules>]
|
65
|
+
#
|
66
|
+
def defend_rules
|
27
67
|
::Contrast::SETTINGS.protect_state.rules
|
28
68
|
end
|
29
69
|
|
@@ -91,6 +91,35 @@ module Contrast
|
|
91
91
|
include Constants
|
92
92
|
include ClassMethods
|
93
93
|
end
|
94
|
+
|
95
|
+
class Interface # :nodoc:
|
96
|
+
include InstanceMethods
|
97
|
+
include Contrast::Config::BaseConfiguration
|
98
|
+
|
99
|
+
# @return [Integer, nil]
|
100
|
+
attr_reader :baseline
|
101
|
+
# @return [Integer, nil]
|
102
|
+
attr_reader :request_frequency
|
103
|
+
# @return [Integer, nil]
|
104
|
+
attr_reader :response_frequency
|
105
|
+
# @return [Integer, nil]
|
106
|
+
attr_reader :window_ms
|
107
|
+
|
108
|
+
def initialize hsh = {}
|
109
|
+
return unless hsh
|
110
|
+
|
111
|
+
@enable = hsh[:enable]
|
112
|
+
@baseline = hsh[:baseline]
|
113
|
+
@request_frequency = hsh[:request_frequency]
|
114
|
+
@response_frequency = hsh[:response_frequency]
|
115
|
+
@window_ms = hsh[:window_ms]
|
116
|
+
end
|
117
|
+
|
118
|
+
# @return [Boolean, false]
|
119
|
+
def enable
|
120
|
+
!!@enable
|
121
|
+
end
|
122
|
+
end
|
94
123
|
end
|
95
124
|
end
|
96
125
|
end
|
@@ -1,6 +1,8 @@
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require 'contrast/components/sampling'
|
5
|
+
|
4
6
|
module Contrast
|
5
7
|
module Config
|
6
8
|
# Common Configuration settings. Those in this section pertain to the
|
@@ -28,7 +30,7 @@ module Contrast
|
|
28
30
|
@enable_scan_response = hsh[:enable_scan_response]
|
29
31
|
@enable_dynamic_sources = hsh[:enable_dynamic_sources]
|
30
32
|
@enable_original_object = hsh[:enable_original_object]
|
31
|
-
@sampling = Contrast::
|
33
|
+
@sampling = Contrast::Components::Sampling::Interface.new(hsh[:sampling])
|
32
34
|
@rules = Contrast::Config::AssessRulesConfiguration.new(hsh[:rules])
|
33
35
|
@stacktraces = hsh[:stacktraces]
|
34
36
|
@max_context_source_events = hsh[:max_context_source_events]
|
@@ -52,9 +54,9 @@ module Contrast
|
|
52
54
|
@enable_original_object.nil? ? true : @enable_original_object
|
53
55
|
end
|
54
56
|
|
55
|
-
# @return [Contrast::
|
57
|
+
# @return [Contrast::Components::Sampling::Interface]
|
56
58
|
def sampling
|
57
|
-
@sampling ||= Contrast::
|
59
|
+
@sampling ||= Contrast::Components::Sampling::Interface.new
|
58
60
|
end
|
59
61
|
|
60
62
|
# @return [Contrast::Config::AssessRulesConfiguration]
|
@@ -3,14 +3,14 @@
|
|
3
3
|
|
4
4
|
require 'contrast/components/agent'
|
5
5
|
require 'contrast/components/inventory'
|
6
|
-
|
6
|
+
require 'contrast/components/protect'
|
7
7
|
module Contrast
|
8
8
|
module Config
|
9
9
|
# The base of the Common Configuration settings.
|
10
10
|
class RootConfiguration
|
11
11
|
include Contrast::Config::BaseConfiguration
|
12
12
|
|
13
|
-
# @return [Contrast::
|
13
|
+
# @return [Contrast::Components::Api::Interface]
|
14
14
|
attr_writer :api
|
15
15
|
# @return [Contrast::Components::Agent::Interface]
|
16
16
|
attr_writer :agent
|
@@ -22,7 +22,7 @@ module Contrast
|
|
22
22
|
attr_writer :assess
|
23
23
|
# @return [Contrast::Components::Inventory::Interface]
|
24
24
|
attr_writer :inventory
|
25
|
-
# @return [Contrast::
|
25
|
+
# @return [Contrast::Components::Protect::Interface]
|
26
26
|
attr_writer :protect
|
27
27
|
# @return [Contrast::Config::ServiceConfiguration]
|
28
28
|
attr_writer :service
|
@@ -33,20 +33,20 @@ module Contrast
|
|
33
33
|
def initialize hsh = {}
|
34
34
|
raise(ArgumentError, 'Expected a hash') unless hsh.is_a?(Hash)
|
35
35
|
|
36
|
-
@api = Contrast::
|
36
|
+
@api = Contrast::Components::Api::Interface.new(hsh[:api])
|
37
37
|
@enable = hsh[:enable]
|
38
38
|
@agent = Contrast::Components::Agent::Interface.new(hsh[:agent])
|
39
39
|
@application = Contrast::Config::ApplicationConfiguration.new(hsh[:application])
|
40
40
|
@server = Contrast::Config::ServerConfiguration.new(hsh[:server])
|
41
41
|
@assess = Contrast::Config::AssessConfiguration.new(hsh[:assess])
|
42
42
|
@inventory = Contrast::Components::Inventory::Interface.new(hsh[:inventory])
|
43
|
-
@protect = Contrast::
|
43
|
+
@protect = Contrast::Components::Protect::Interface.new(hsh[:protect])
|
44
44
|
@service = Contrast::Config::ServiceConfiguration.new(hsh[:service])
|
45
45
|
end
|
46
46
|
|
47
|
-
# @return [Contrast::
|
47
|
+
# @return [Contrast::Components::Api::Interface]
|
48
48
|
def api
|
49
|
-
@api ||= Contrast::
|
49
|
+
@api ||= Contrast::Components::Api::Interface.new
|
50
50
|
end
|
51
51
|
|
52
52
|
# @return [Contrast::Components::Agent::Interface]
|
@@ -74,9 +74,9 @@ module Contrast
|
|
74
74
|
@inventory ||= Contrast::Components::Inventory::Interface.new
|
75
75
|
end
|
76
76
|
|
77
|
-
# @return [Contrast::
|
77
|
+
# @return [Contrast::Components::Protect::Interface]
|
78
78
|
def protect
|
79
|
-
@protect ||= Contrast::
|
79
|
+
@protect ||= Contrast::Components::Protect::Interface.new
|
80
80
|
end
|
81
81
|
|
82
82
|
# @return [Contrast::Config::ServiceConfiguration]
|
data/lib/contrast/config.rb
CHANGED
@@ -16,12 +16,9 @@ require 'contrast/config/exception_configuration'
|
|
16
16
|
require 'contrast/config/assess_rules_configuration'
|
17
17
|
require 'contrast/config/protect_rule_configuration'
|
18
18
|
require 'contrast/config/protect_rules_configuration'
|
19
|
-
require 'contrast/config/sampling_configuration'
|
20
19
|
|
21
20
|
require 'contrast/config/ruby_configuration'
|
22
|
-
require 'contrast/config/api_configuration'
|
23
21
|
require 'contrast/config/application_configuration'
|
24
22
|
require 'contrast/config/server_configuration'
|
25
23
|
require 'contrast/config/assess_configuration'
|
26
|
-
require 'contrast/config/protect_configuration'
|
27
24
|
require 'contrast/config/root_configuration'
|
@@ -59,7 +59,7 @@ module Contrast
|
|
59
59
|
# ActionDispatch::Journey::Path::Pattern::MatchData, Hash, ActionDispatch::Journey::Route, Array<String>
|
60
60
|
match, _params, route, path = get_full_route(request.rack_request)
|
61
61
|
unless route
|
62
|
-
logger.warn(
|
62
|
+
logger.warn("Unable to determine the current route of this request: #{ request.rack_request }")
|
63
63
|
return
|
64
64
|
end
|
65
65
|
|
@@ -90,7 +90,7 @@ module Contrast
|
|
90
90
|
# ActionDispatch::Journey::Path::Pattern::MatchData, Hash, ActionDispatch::Journey::Route, Array<String>
|
91
91
|
match, _params, route, path = get_full_route(request.rack_request)
|
92
92
|
unless route
|
93
|
-
logger.warn(
|
93
|
+
logger.warn("Unable to determine the current route of this request: #{ request.rack_request }")
|
94
94
|
return
|
95
95
|
end
|
96
96
|
|
@@ -182,6 +182,7 @@ module Contrast
|
|
182
182
|
route_list += find_all_routes(route.app.app, [])
|
183
183
|
end
|
184
184
|
end
|
185
|
+
logger.debug("Routes Found: #{ route_list }")
|
185
186
|
route_list
|
186
187
|
end
|
187
188
|
|
@@ -12,7 +12,8 @@ module Contrast
|
|
12
12
|
return unless info?
|
13
13
|
|
14
14
|
info('Process environment information', p_id: Process.pid, pp_id: Process.ppid,
|
15
|
-
agent_version: Contrast::Agent::VERSION
|
15
|
+
agent_version: Contrast::Agent::VERSION,
|
16
|
+
ruby_version: RUBY_VERSION)
|
16
17
|
ENV.each do |env_key, env_value|
|
17
18
|
env_key = env_key.to_s
|
18
19
|
next unless ENV_KEYS.include?(env_key) ||
|
data/lib/contrast/logger/log.rb
CHANGED
@@ -13,72 +13,6 @@ require 'contrast/logger/time'
|
|
13
13
|
require 'contrast/components/config'
|
14
14
|
require 'contrast/utils/log_utils'
|
15
15
|
|
16
|
-
module Contrast
|
17
|
-
# This module allows us to dynamically weave timing into our code, so that only when the time is actually needed do
|
18
|
-
# we pay the penalty for that timing block
|
19
|
-
module TraceTiming
|
20
|
-
def methods_to_time
|
21
|
-
@_methods_to_time ||= []
|
22
|
-
end
|
23
|
-
|
24
|
-
# Store info about methods for later patching.
|
25
|
-
METHOD_INFO = Struct.new(:clazz, :method_name, :custom_msg, :aliased)
|
26
|
-
|
27
|
-
# Add a method to the list of methods to be trace timed if logger set to TRACE. Enables trace timing after if
|
28
|
-
# logger set to TRACE.
|
29
|
-
#
|
30
|
-
# @param: clazz [Class] the class of the method to time.
|
31
|
-
# @param: method [Symbol] the method to time.
|
32
|
-
# @param: method [String] optional custom logging message.
|
33
|
-
def add_method_to_trace_timing clazz, method, msg = nil
|
34
|
-
methods_to_time.append(METHOD_INFO.new(clazz, method, msg, false))
|
35
|
-
enable_trace_timing if logger.level == ::Ougai::Logging::TRACE
|
36
|
-
end
|
37
|
-
|
38
|
-
# Add a method to the list of methods to be trace timed if logger set to TRACE. Enables trace timing after if
|
39
|
-
# logger set to TRACE.
|
40
|
-
#
|
41
|
-
# @param: meth_spec [METHOD_INFO] specs about the method to be timed.
|
42
|
-
# @param: class_method [Boolean] whether this is or isn't a class/module method.
|
43
|
-
def trace_time_class_method meth_spec, class_method # rubocop:disable Metrics/AbcSize
|
44
|
-
untimed_func_symbol = "untimed_#{ meth_spec.method_name }".to_sym
|
45
|
-
send_to = class_method ? meth_spec.clazz.cs__singleton_class : meth_spec.clazz
|
46
|
-
meth_spec.clazz.class_eval do
|
47
|
-
include(Contrast::Components::Logger::InstanceMethods)
|
48
|
-
extend(Contrast::Components::Logger::InstanceMethods)
|
49
|
-
|
50
|
-
send_to.send(:alias_method, untimed_func_symbol, meth_spec.method_name)
|
51
|
-
meth_spec.aliased = true
|
52
|
-
|
53
|
-
log_message = "Elapsed time for #{ meth_spec.method_name }."
|
54
|
-
log_message = meth_spec.custom_message if meth_spec.custom_msg
|
55
|
-
|
56
|
-
send_to.send(:define_method, meth_spec.method_name) do |*args, **kwargs, &block| # rubocop:disable Performance/Kernel/DefineMethod
|
57
|
-
start = Process.clock_gettime(Process::CLOCK_MONOTONIC)
|
58
|
-
rv = if kwargs.empty?
|
59
|
-
send(untimed_func_symbol, *args, &block)
|
60
|
-
else
|
61
|
-
send(untimed_func_symbol, *args, **kwargs, &block)
|
62
|
-
end
|
63
|
-
delta = Process.clock_gettime(Process::CLOCK_MONOTONIC) - start
|
64
|
-
logger.trace(log_message, elapsed: delta * 1000)
|
65
|
-
rv
|
66
|
-
end
|
67
|
-
end
|
68
|
-
end
|
69
|
-
|
70
|
-
# Enable trace timing of methods specified in @_methods_to_time via aliasing.
|
71
|
-
def enable_trace_timing
|
72
|
-
methods_to_time.each do |meth_spec|
|
73
|
-
next if meth_spec.aliased
|
74
|
-
|
75
|
-
is_class_method = meth_spec.clazz.singleton_methods(false).include?(meth_spec.method_name)
|
76
|
-
trace_time_class_method(meth_spec, is_class_method)
|
77
|
-
end
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|
81
|
-
|
82
16
|
module Contrast
|
83
17
|
# Used as a wrapper around our logging. The module option specifically adds in a new method for error that raises the
|
84
18
|
# logged exception, used in testing so that we can see if anything unexpected happens without it being swallowed
|
@@ -105,7 +39,6 @@ module Contrast
|
|
105
39
|
# level based on updates to TeamServer.
|
106
40
|
class Log
|
107
41
|
include Singleton
|
108
|
-
include ::Contrast::TraceTiming
|
109
42
|
include Contrast::Utils::LogUtils
|
110
43
|
|
111
44
|
attr_reader :previous_path, :previous_level
|
@@ -132,8 +65,6 @@ module Contrast
|
|
132
65
|
@previous_path = current_path
|
133
66
|
@previous_level = current_level_const
|
134
67
|
|
135
|
-
enable_trace_timing if current_level_const == ::Ougai::Logging::TRACE
|
136
|
-
|
137
68
|
progname = Contrast::CONFIG.root.agent.logger.progname
|
138
69
|
@_logger = build(path: current_path, level_const: current_level_const, progname: progname)
|
139
70
|
# If we're logging to a new path, then let's start it w/ our helpful
|
data/lib/contrast/logger/time.rb
CHANGED
@@ -8,31 +8,38 @@ module Contrast
|
|
8
8
|
module Time
|
9
9
|
# Log the message at the given level.
|
10
10
|
#
|
11
|
-
# @param level [String] the name of the method to use. Should be one of
|
12
|
-
# trace, debug, info, warn, error
|
11
|
+
# @param level [String] the name of the method to use. Should be one of trace, debug, info, warn, error
|
13
12
|
# @param message [String] the message to log
|
14
13
|
def with_level level, message
|
15
14
|
send(level.to_sym, message)
|
16
15
|
end
|
17
16
|
|
18
|
-
# Log, at the debug level, the action with a message including the time
|
19
|
-
#
|
17
|
+
# Log, at the debug level, the action with a message including the time it took for the wrapped function to
|
18
|
+
# complete. If not logging to debug, simply yield the given block.
|
20
19
|
#
|
21
|
-
# @param msgs [Array<Object>] the arguments to pass to the logger.
|
22
|
-
#
|
20
|
+
# @param msgs [Array<Object>] the arguments to pass to the logger. msgs[0] will be modified to include the elapsed
|
21
|
+
# time.
|
23
22
|
# @param block [Block, Proc] the block to execute
|
24
23
|
def debug_with_time *msgs, &block
|
25
|
-
|
24
|
+
if debug?
|
25
|
+
log_with_time(:debug, *msgs, &block)
|
26
|
+
elsif block
|
27
|
+
yield
|
28
|
+
end
|
26
29
|
end
|
27
30
|
|
28
|
-
# Log, at the trace level, the action with a message including the time
|
29
|
-
#
|
31
|
+
# Log, at the trace level, the action with a message including the time it took for the wrapped function to
|
32
|
+
# complete. If not logging to debug, simply yield the given block.
|
30
33
|
#
|
31
|
-
# @param msgs [Array<Object>] the arguments to pass to the logger.
|
32
|
-
#
|
34
|
+
# @param msgs [Array<Object>] the arguments to pass to the logger. msgs[0] will be modified to include the elapsed
|
35
|
+
# time.
|
33
36
|
# @param block [Block, Proc] the block to execute
|
34
37
|
def trace_with_time *msgs, &block
|
35
|
-
|
38
|
+
if trace?
|
39
|
+
log_with_time(:trace, *msgs, &block)
|
40
|
+
elsif block
|
41
|
+
yield
|
42
|
+
end
|
36
43
|
end
|
37
44
|
|
38
45
|
private
|
@@ -131,7 +131,7 @@ module Contrast
|
|
131
131
|
end
|
132
132
|
return initialize_client if addr.host.to_s.include?('localhost') # TODO: RUBY-99999 allow http w/ localhost
|
133
133
|
|
134
|
-
assign_cert(initialize_client) if use_custom_cert && Contrast::API.
|
134
|
+
assign_cert(initialize_client) if use_custom_cert && Contrast::API.certification_enable
|
135
135
|
initialize_client.use_ssl = true
|
136
136
|
initialize_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
137
137
|
initialize_client.verify_depth = 5
|
@@ -150,7 +150,7 @@ module Contrast
|
|
150
150
|
def proxy_enabled?
|
151
151
|
return @_proxy_enabled unless @_proxy_enabled.nil?
|
152
152
|
|
153
|
-
@_proxy_enabled = Contrast::API.
|
153
|
+
@_proxy_enabled = Contrast::API.proxy_enable && !Contrast::API.proxy_url.nil?
|
154
154
|
end
|
155
155
|
|
156
156
|
# Retrieve the IP address from the client.
|
data/lib/contrast.rb
CHANGED
@@ -71,9 +71,9 @@ require 'contrast/agent/telemetry/events/exceptions/telemetry_exception_event'
|
|
71
71
|
require 'protobuf' # TODO: RUBY-1438
|
72
72
|
|
73
73
|
module Contrast
|
74
|
-
API = Contrast::Components::Api::Interface.new
|
75
|
-
SCOPE = Contrast::Components::Scope::Interface.new
|
76
74
|
CONFIG = Contrast::Components::Config::Interface.new
|
75
|
+
SCOPE = Contrast::Components::Scope::Interface.new
|
76
|
+
API = CONFIG.root.api
|
77
77
|
SETTINGS = Contrast::Components::Settings::Interface.new
|
78
78
|
ASSESS = Contrast::Components::Assess::Interface.new
|
79
79
|
PROTECT = Contrast::Components::Protect::Interface.new
|
@@ -1096,6 +1096,17 @@
|
|
1096
1096
|
"tags":["SQL_ENCODED"],
|
1097
1097
|
"untags":["SQL_DECODED"]
|
1098
1098
|
},
|
1099
|
+
{
|
1100
|
+
"class_name":"ActiveRecord::ConnectionAdapters::Quoting",
|
1101
|
+
"instance_method": true,
|
1102
|
+
"method_visibility": "public",
|
1103
|
+
"method_name":"quote",
|
1104
|
+
"source": "P0",
|
1105
|
+
"target": "R",
|
1106
|
+
"action": "SPLAT",
|
1107
|
+
"tags":["SQL_ENCODED"],
|
1108
|
+
"untags":["SQL_DECODED"]
|
1109
|
+
},
|
1099
1110
|
{
|
1100
1111
|
"class_name":"IO",
|
1101
1112
|
"method_name":"initialize",
|
@@ -1,7 +1,7 @@
|
|
1
1
|
{
|
2
2
|
"deadzones":[
|
3
3
|
{
|
4
|
-
"class_name":"
|
4
|
+
"class_name":"RSpec::Core::Example",
|
5
5
|
"instance_method":true,
|
6
6
|
"method_visibility": "private",
|
7
7
|
"method_name":"finish"
|
@@ -49,19 +49,20 @@
|
|
49
49
|
"class_name":"Rack::Session::Cookie",
|
50
50
|
"instance_method":true,
|
51
51
|
"method_visibility": "public",
|
52
|
-
"method_name":"
|
52
|
+
"method_name":"set_session"
|
53
53
|
}, {
|
54
54
|
"class_name":"Rack::Session::Abstract::Persisted",
|
55
55
|
"instance_method":true,
|
56
56
|
"method_visibility": "private",
|
57
57
|
"method_name":"session_exists?",
|
58
|
-
"code": "https://github.com/rack/rack/blob/
|
58
|
+
"code": "https://github.com/rack/rack-session/blob/main/lib/rack/session/abstract/id.rb#L339"
|
59
59
|
}, {
|
60
60
|
"class_name":"ActionDispatch::FileHandler",
|
61
61
|
"instance_method":true,
|
62
62
|
"method_visibility": "public",
|
63
63
|
"method_name":"match?",
|
64
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/static.rb#L30"
|
64
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/static.rb#L30",
|
65
|
+
"note": "Removable once Rails 6.0 is no longer supported"
|
65
66
|
}, {
|
66
67
|
"class_name":"ActionDispatch::Http::MimeNegotiation",
|
67
68
|
"instance_method":true,
|
@@ -109,97 +110,216 @@
|
|
109
110
|
"instance_method":true,
|
110
111
|
"method_visibility": "public",
|
111
112
|
"method_name":"cookie_jar",
|
112
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L11"
|
113
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L11",
|
114
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
115
|
+
}, {
|
116
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
117
|
+
"instance_method":true,
|
118
|
+
"method_visibility": "public",
|
119
|
+
"method_name":"cookie_jar",
|
120
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L11"
|
113
121
|
}, {
|
114
122
|
"class_name":"ActionDispatch::Request",
|
115
123
|
"instance_method":true,
|
116
124
|
"method_visibility": "public",
|
117
125
|
"method_name":"have_cookie_jar?",
|
118
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L24"
|
126
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L24",
|
127
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
128
|
+
}, {
|
129
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
130
|
+
"instance_method":true,
|
131
|
+
"method_visibility": "public",
|
132
|
+
"method_name":"have_cookie_jar?",
|
133
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L24"
|
119
134
|
}, {
|
120
135
|
"class_name":"ActionDispatch::Request",
|
121
136
|
"instance_method":true,
|
122
137
|
"method_visibility": "public",
|
123
138
|
"method_name":"key_generator",
|
124
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L32"
|
139
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L32",
|
140
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
141
|
+
}, {
|
142
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
143
|
+
"instance_method":true,
|
144
|
+
"method_visibility": "public",
|
145
|
+
"method_name":"key_generator",
|
146
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L32"
|
125
147
|
}, {
|
126
148
|
"class_name":"ActionDispatch::Request",
|
127
149
|
"instance_method":true,
|
128
150
|
"method_visibility": "public",
|
129
151
|
"method_name":"signed_cookie_salt",
|
130
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L36"
|
152
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L36",
|
153
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
154
|
+
}, {
|
155
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
156
|
+
"instance_method":true,
|
157
|
+
"method_visibility": "public",
|
158
|
+
"method_name":"signed_cookie_salt",
|
159
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L36"
|
131
160
|
}, {
|
132
161
|
"class_name":"ActionDispatch::Request",
|
133
162
|
"instance_method":true,
|
134
163
|
"method_visibility": "public",
|
135
164
|
"method_name":"encrypted_cookie_salt",
|
136
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L40"
|
165
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L40",
|
166
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
167
|
+
}, {
|
168
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
169
|
+
"instance_method":true,
|
170
|
+
"method_visibility": "public",
|
171
|
+
"method_name":"encrypted_cookie_salt",
|
172
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L40"
|
137
173
|
}, {
|
138
174
|
"class_name":"ActionDispatch::Request",
|
139
175
|
"instance_method":true,
|
140
176
|
"method_visibility": "public",
|
141
177
|
"method_name":"encrypted_signed_cookie_salt",
|
142
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L44"
|
178
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L44",
|
179
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
180
|
+
}, {
|
181
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
182
|
+
"instance_method":true,
|
183
|
+
"method_visibility": "public",
|
184
|
+
"method_name":"encrypted_signed_cookie_salt",
|
185
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L44"
|
143
186
|
}, {
|
144
187
|
"class_name":"ActionDispatch::Request",
|
145
188
|
"instance_method":true,
|
146
189
|
"method_visibility": "public",
|
147
190
|
"method_name":"authenticated_encrypted_cookie_salt",
|
148
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L48"
|
191
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L48",
|
192
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
193
|
+
}, {
|
194
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
195
|
+
"instance_method":true,
|
196
|
+
"method_visibility": "public",
|
197
|
+
"method_name":"authenticated_encrypted_cookie_salt",
|
198
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L48"
|
149
199
|
}, {
|
150
200
|
"class_name":"ActionDispatch::Request",
|
151
201
|
"instance_method":true,
|
152
202
|
"method_visibility": "public",
|
153
203
|
"method_name":"use_authenticated_cookie_encryption",
|
154
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L52"
|
204
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L52",
|
205
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
206
|
+
}, {
|
207
|
+
"new": true,
|
208
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
209
|
+
"instance_method": true,
|
210
|
+
"method_visibility": "public",
|
211
|
+
"method_name": "use_authenticated_cookie_encryption",
|
212
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L52"
|
155
213
|
}, {
|
156
214
|
"class_name":"ActionDispatch::Request",
|
157
215
|
"instance_method":true,
|
158
216
|
"method_visibility": "public",
|
159
217
|
"method_name":"encrypted_cookie_cipher",
|
160
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L56"
|
218
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L56",
|
219
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
220
|
+
}, {
|
221
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
222
|
+
"instance_method":true,
|
223
|
+
"method_visibility": "public",
|
224
|
+
"method_name":"encrypted_cookie_cipher",
|
225
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L56"
|
161
226
|
}, {
|
162
227
|
"class_name":"ActionDispatch::Request",
|
163
228
|
"instance_method":true,
|
164
229
|
"method_visibility": "public",
|
165
230
|
"method_name":"signed_cookie_digest",
|
166
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L60"
|
231
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L60",
|
232
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
233
|
+
}, {
|
234
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
235
|
+
"instance_method":true,
|
236
|
+
"method_visibility": "public",
|
237
|
+
"method_name":"signed_cookie_digest",
|
238
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L60"
|
167
239
|
}, {
|
168
240
|
"class_name":"ActionDispatch::Request",
|
169
241
|
"instance_method":true,
|
170
242
|
"method_visibility": "public",
|
171
243
|
"method_name":"secret_key_base",
|
172
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L64"
|
244
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L64",
|
245
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
246
|
+
}, {
|
247
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
248
|
+
"instance_method":true,
|
249
|
+
"method_visibility": "public",
|
250
|
+
"method_name":"secret_key_base",
|
251
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L64"
|
173
252
|
}, {
|
174
253
|
"class_name":"ActionDispatch::Request",
|
175
254
|
"instance_method":true,
|
176
255
|
"method_visibility": "public",
|
177
256
|
"method_name":"cookies_serializer",
|
178
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L68"
|
257
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L68",
|
258
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
259
|
+
}, {
|
260
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
261
|
+
"instance_method":true,
|
262
|
+
"method_visibility": "public",
|
263
|
+
"method_name":"cookies_serializer",
|
264
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L68"
|
179
265
|
}, {
|
180
266
|
"class_name":"ActionDispatch::Request",
|
181
267
|
"instance_method":true,
|
182
268
|
"method_visibility": "public",
|
183
269
|
"method_name":"cookies_digest",
|
184
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L72"
|
270
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L72",
|
271
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
272
|
+
}, {
|
273
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
274
|
+
"instance_method":true,
|
275
|
+
"method_visibility": "public",
|
276
|
+
"method_name":"cookies_digest",
|
277
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L76"
|
278
|
+
}, {
|
279
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
280
|
+
"instance_method":true,
|
281
|
+
"method_visibility": "public",
|
282
|
+
"method_name":"cookies_same_site_protection",
|
283
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L72"
|
185
284
|
}, {
|
186
285
|
"class_name":"ActionDispatch::Request",
|
187
286
|
"instance_method":true,
|
188
287
|
"method_visibility": "public",
|
189
288
|
"method_name":"cookies_rotations",
|
190
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L76"
|
289
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L76",
|
290
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
291
|
+
}, {
|
292
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
293
|
+
"instance_method":true,
|
294
|
+
"method_visibility": "public",
|
295
|
+
"method_name":"cookies_rotations",
|
296
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L80"
|
191
297
|
}, {
|
192
298
|
"class_name":"ActionDispatch::Request",
|
193
299
|
"instance_method":true,
|
194
300
|
"method_visibility": "public",
|
195
301
|
"method_name":"use_cookies_with_metadata",
|
196
|
-
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L80"
|
302
|
+
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/middleware/cookies.rb#L80",
|
303
|
+
"note": "Removable once Rails 6.1 is no longer supported"
|
304
|
+
}, {
|
305
|
+
"class_name":"ActionDispatch::RequestCookieMethods",
|
306
|
+
"instance_method":true,
|
307
|
+
"method_visibility": "public",
|
308
|
+
"method_name":"use_cookies_with_metadata",
|
309
|
+
"code": "https://github.com/rails/rails/blob/v7.0.3/actionpack/lib/action_dispatch/middleware/cookies.rb#L84"
|
197
310
|
}, {
|
198
311
|
"class_name":"ActionDispatch::Request::Session",
|
199
312
|
"instance_method":true,
|
200
313
|
"method_visibility": "public",
|
201
314
|
"method_name":"exists?",
|
202
315
|
"code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/request/session.rb#L201"
|
316
|
+
}, {
|
317
|
+
"class_name":"OmniAuth::Strategies::OAuth2",
|
318
|
+
"instance_method":true,
|
319
|
+
"method_visibility": "public",
|
320
|
+
"method_name":"request_phase",
|
321
|
+
"code": "https://github.com/omniauth/omniauth-oauth2/blob/v1.7.2/lib/omniauth/strategies/oauth2.rb#L58",
|
322
|
+
"note": "Prevent XSS False Positive from redirect as Omniauth handles security of URL & params"
|
203
323
|
}
|
204
324
|
]
|
205
325
|
}
|
data/service_executables/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.28.
|
1
|
+
2.28.22
|
Binary file
|
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: contrast-agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.6.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- galen.palmer@contrastsecurity.com
|
@@ -13,7 +13,7 @@ authors:
|
|
13
13
|
autorequire:
|
14
14
|
bindir: exe
|
15
15
|
cert_chain: []
|
16
|
-
date: 2022-
|
16
|
+
date: 2022-07-13 00:00:00.000000000 Z
|
17
17
|
dependencies:
|
18
18
|
- !ruby/object:Gem::Dependency
|
19
19
|
name: bundler
|
@@ -665,22 +665,22 @@ executables:
|
|
665
665
|
- contrast_service
|
666
666
|
extensions:
|
667
667
|
- ext/cs__common/extconf.rb
|
668
|
+
- ext/cs__assess_fiber_track/extconf.rb
|
669
|
+
- ext/cs__assess_string/extconf.rb
|
670
|
+
- ext/cs__assess_module/extconf.rb
|
671
|
+
- ext/cs__assess_test/extconf.rb
|
672
|
+
- ext/cs__assess_kernel/extconf.rb
|
668
673
|
- ext/cs__assess_yield_track/extconf.rb
|
674
|
+
- ext/cs__assess_hash/extconf.rb
|
669
675
|
- ext/cs__os_information/extconf.rb
|
670
676
|
- ext/cs__contrast_patch/extconf.rb
|
671
|
-
- ext/cs__assess_array/extconf.rb
|
672
|
-
- ext/cs__assess_test/extconf.rb
|
673
|
-
- ext/cs__assess_string_interpolation/extconf.rb
|
674
|
-
- ext/cs__assess_fiber_track/extconf.rb
|
675
677
|
- ext/cs__assess_marshal_module/extconf.rb
|
676
|
-
- ext/cs__assess_basic_object/extconf.rb
|
677
678
|
- ext/cs__assess_regexp/extconf.rb
|
678
|
-
- ext/
|
679
|
-
- ext/cs__tests/extconf.rb
|
680
|
-
- ext/cs__assess_module/extconf.rb
|
681
|
-
- ext/cs__assess_hash/extconf.rb
|
682
|
-
- ext/cs__assess_kernel/extconf.rb
|
679
|
+
- ext/cs__assess_array/extconf.rb
|
683
680
|
- ext/cs__scope/extconf.rb
|
681
|
+
- ext/cs__assess_basic_object/extconf.rb
|
682
|
+
- ext/cs__tests/extconf.rb
|
683
|
+
- ext/cs__assess_string_interpolation/extconf.rb
|
684
684
|
extra_rdoc_files: []
|
685
685
|
files:
|
686
686
|
- ".clang-format"
|
@@ -1192,7 +1192,6 @@ files:
|
|
1192
1192
|
- lib/contrast/components/scope.rb
|
1193
1193
|
- lib/contrast/components/settings.rb
|
1194
1194
|
- lib/contrast/config.rb
|
1195
|
-
- lib/contrast/config/api_configuration.rb
|
1196
1195
|
- lib/contrast/config/api_proxy_configuration.rb
|
1197
1196
|
- lib/contrast/config/application_configuration.rb
|
1198
1197
|
- lib/contrast/config/assess_configuration.rb
|
@@ -1201,13 +1200,11 @@ files:
|
|
1201
1200
|
- lib/contrast/config/certification_configuration.rb
|
1202
1201
|
- lib/contrast/config/env_variables.rb
|
1203
1202
|
- lib/contrast/config/exception_configuration.rb
|
1204
|
-
- lib/contrast/config/protect_configuration.rb
|
1205
1203
|
- lib/contrast/config/protect_rule_configuration.rb
|
1206
1204
|
- lib/contrast/config/protect_rules_configuration.rb
|
1207
1205
|
- lib/contrast/config/request_audit_configuration.rb
|
1208
1206
|
- lib/contrast/config/root_configuration.rb
|
1209
1207
|
- lib/contrast/config/ruby_configuration.rb
|
1210
|
-
- lib/contrast/config/sampling_configuration.rb
|
1211
1208
|
- lib/contrast/config/server_configuration.rb
|
1212
1209
|
- lib/contrast/config/service_configuration.rb
|
1213
1210
|
- lib/contrast/configuration.rb
|
@@ -1,56 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/config/api_proxy_configuration'
|
5
|
-
require 'contrast/config/certification_configuration'
|
6
|
-
require 'contrast/config/request_audit_configuration'
|
7
|
-
|
8
|
-
module Contrast
|
9
|
-
module Config
|
10
|
-
# Api keys configuration
|
11
|
-
class ApiConfiguration
|
12
|
-
include Contrast::Config::BaseConfiguration
|
13
|
-
|
14
|
-
# @return [String]
|
15
|
-
attr_accessor :api_key
|
16
|
-
# @return [String]
|
17
|
-
attr_accessor :user_name
|
18
|
-
# @return [String]
|
19
|
-
attr_accessor :service_key
|
20
|
-
attr_writer :url, :proxy, :request_audit, :certificate
|
21
|
-
|
22
|
-
DEFAULT_URL = 'https://app.contrastsecurity.com/Contrast'
|
23
|
-
|
24
|
-
def initialize hsh = {}
|
25
|
-
return unless hsh
|
26
|
-
|
27
|
-
@api_key = hsh[:api_key]
|
28
|
-
@url = hsh[:url]
|
29
|
-
@user_name = hsh[:user_name]
|
30
|
-
@service_key = hsh[:service_key]
|
31
|
-
@proxy = Contrast::Config::ApiProxyConfiguration.new(hsh[:proxy])
|
32
|
-
@request_audit = Contrast::Config::RequestAuditConfiguration.new(hsh[:request_audit])
|
33
|
-
@certificate = Contrast::Config::CertificationConfiguration.new(hsh[:certificate])
|
34
|
-
end
|
35
|
-
|
36
|
-
def url
|
37
|
-
@url.nil? ? DEFAULT_URL : @url
|
38
|
-
end
|
39
|
-
|
40
|
-
# @return [Contrast::Config::ApiProxyConfiguration]
|
41
|
-
def proxy
|
42
|
-
@proxy ||= Contrast::Config::ApiProxyConfiguration.new
|
43
|
-
end
|
44
|
-
|
45
|
-
# @return [Contrast::Config::RequestAuditConfiguration]
|
46
|
-
def request_audit
|
47
|
-
@request_audit ||= Contrast::Config::RequestAuditConfiguration.new
|
48
|
-
end
|
49
|
-
|
50
|
-
# @return [Contrast::Config::CertificationConfiguration]
|
51
|
-
def certificate
|
52
|
-
@certificate ||= Contrast::Config::CertificationConfiguration.new
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
@@ -1,33 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
module Contrast
|
5
|
-
module Config
|
6
|
-
# Common Configuration settings. Those in this section pertain to the protect functionality of the Agent.
|
7
|
-
class ProtectConfiguration
|
8
|
-
include Contrast::Config::BaseConfiguration
|
9
|
-
|
10
|
-
# @return [Boolean, nil]
|
11
|
-
attr_accessor :enable
|
12
|
-
attr_writer :exceptions, :rules
|
13
|
-
|
14
|
-
def initialize hsh = {}
|
15
|
-
return unless hsh
|
16
|
-
|
17
|
-
@exceptions = Contrast::Config::ExceptionConfiguration.new(hsh[:exceptions])
|
18
|
-
@rules = Contrast::Config::ProtectRulesConfiguration.new(hsh[:rules])
|
19
|
-
@enable = hsh[:enable]
|
20
|
-
end
|
21
|
-
|
22
|
-
# @return [Contrast::Config::ExceptionConfiguration]
|
23
|
-
def exceptions
|
24
|
-
@exceptions ||= Contrast::Config::ExceptionConfiguration.new
|
25
|
-
end
|
26
|
-
|
27
|
-
# @return [Contrast::Config::ProtectRulesConfiguration]
|
28
|
-
def rules
|
29
|
-
@rules ||= Contrast::Config::ProtectRulesConfiguration.new
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
@@ -1,35 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
module Contrast
|
5
|
-
module Config
|
6
|
-
# Common Configuration settings. Those in this section pertain to the sampling functionality of the Agent.
|
7
|
-
class SamplingConfiguration
|
8
|
-
include Contrast::Config::BaseConfiguration
|
9
|
-
|
10
|
-
# @return [Integer, nil]
|
11
|
-
attr_reader :baseline
|
12
|
-
# @return [Integer, nil]
|
13
|
-
attr_reader :request_frequency
|
14
|
-
# @return [Integer, nil]
|
15
|
-
attr_reader :response_frequency
|
16
|
-
# @return [Integer, nil]
|
17
|
-
attr_reader :window_ms
|
18
|
-
|
19
|
-
def initialize hsh = {}
|
20
|
-
return unless hsh
|
21
|
-
|
22
|
-
@enable = hsh[:enable]
|
23
|
-
@baseline = hsh[:baseline]
|
24
|
-
@request_frequency = hsh[:request_frequency]
|
25
|
-
@response_frequency = hsh[:response_frequency]
|
26
|
-
@window_ms = hsh[:window_ms]
|
27
|
-
end
|
28
|
-
|
29
|
-
# @return [Boolean, false]
|
30
|
-
def enable
|
31
|
-
!!@enable
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|