contrast-agent 6.5.1 → 6.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 958ef5b303e23294af4b85759012ab4c80cb0000d97088b4c8f495560701b91e
-  data.tar.gz: 714c35c53e89cc2f6335fda57827c5eba620e2ee42ede41d586f072f074defb8
+  metadata.gz: b9901918f58625ea7f9366f73110afcdd5f05e119261ba9a08f24f36903fe897
+  data.tar.gz: c618ebc74b006529e2317cd62ba59fabbba9d0c8fbf24c7988dfd98ec627b04e
 SHA512:
-  metadata.gz: a3e1c9a23238e9c3a6727fcd19e1ddf177ac699fcb2200eb1ae190f6a9022a3c5b8e0ee109c90793634cbeb54245f07e3b043e244664782f4a83d34896270baa
-  data.tar.gz: 79b54ad82d5df30ff7c95499d0862947703a6f6dadab29d3f946072d6c91cd84e3a4207dad71e2be9584b720471325d8eb8fb7d124c4bf4136c4b01a225560bf
+  metadata.gz: d2f584a6658ab0e316b41021575888d9ecc1eaacf79d971492fd2e6317609bfd0cb3a762a64d620b08fc18c76e2434d05cc3d82f8d587c86cdae5116df6cae61
+  data.tar.gz: df8f941fe730188be0bc3b69bd9a9d6d60f9695be8ee8e8eb0b6e35ab1207d97debba28220ff796bec702ad3b158f53f00f87a58f1c14939092ed843bef66715

data/lib/contrast/agent/inventory/database_config.rb

@@ -66,7 +66,8 @@ module Contrast
                                        # TODO: RUBY-99999 - Remove when Rails 6.0 is not supported
                                        ActiveRecord::Base.connection_config
                                      end
-          rescue StandardError
+          rescue StandardError => e
+            logger.error('Unable to detect db config connection', e)
             nil
           end
 

data/lib/contrast/agent/inventory/policy/datastores.rb

@@ -21,7 +21,7 @@ module Contrast
             DATA_STORE_MARKER = 'data_store'
 
             def report_data_store _method, _exception, properties, object, _args
-              return unless ::Contrast::INVENTORY.enabled
+              return unless ::Contrast::INVENTORY.enable
 
               marker = properties[DATA_STORE_MARKER]
               return unless marker

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '6.5.1'
+    VERSION = '6.6.0'
   end
 end

data/lib/contrast/framework/rails/support.rb

@@ -59,7 +59,7 @@ module Contrast
             # ActionDispatch::Journey::Path::Pattern::MatchData, Hash, ActionDispatch::Journey::Route, Array<String>
             match, _params, route, path = get_full_route(request.rack_request)
             unless route
-              logger.warn('Unable to determine the current route of this request')
+              logger.warn("Unable to determine the current route of this request: #{ request.rack_request }")
               return
             end
 
@@ -90,7 +90,7 @@ module Contrast
             # ActionDispatch::Journey::Path::Pattern::MatchData, Hash, ActionDispatch::Journey::Route, Array<String>
             match, _params, route, path = get_full_route(request.rack_request)
             unless route
-              logger.warn('Unable to determine the current route of this request')
+              logger.warn("Unable to determine the current route of this request: #{ request.rack_request }")
               return
             end
 
@@ -182,6 +182,7 @@ module Contrast
                 route_list += find_all_routes(route.app.app, [])
               end
             end
+            logger.debug("Routes Found: #{ route_list }")
             route_list
           end
 

data/resources/deadzone/policy.json

@@ -313,6 +313,13 @@
       "method_visibility": "public",
       "method_name":"exists?",
       "code": "https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_dispatch/request/session.rb#L201"
+    }, {
+      "class_name":"OmniAuth::Strategies::OAuth2",
+      "instance_method":true,
+      "method_visibility": "public",
+      "method_name":"request_phase",
+      "code": "https://github.com/omniauth/omniauth-oauth2/blob/v1.7.2/lib/omniauth/strategies/oauth2.rb#L58",
+      "note": "Prevent XSS False Positive from redirect as Omniauth handles security of URL & params"
     }
   ]
 }

data/service_executables/VERSION

@@ -1 +1 @@
-2.28.20
+2.28.22

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 6.5.1
+  version: 6.6.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-07-01 00:00:00.000000000 Z
+date: 2022-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -665,22 +665,22 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
+- ext/cs__assess_fiber_track/extconf.rb
+- ext/cs__assess_string/extconf.rb
+- ext/cs__assess_module/extconf.rb
+- ext/cs__assess_test/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
 - ext/cs__assess_yield_track/extconf.rb
+- ext/cs__assess_hash/extconf.rb
 - ext/cs__os_information/extconf.rb
 - ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_array/extconf.rb
-- ext/cs__assess_test/extconf.rb
-- ext/cs__assess_string_interpolation/extconf.rb
-- ext/cs__assess_fiber_track/extconf.rb
 - ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__assess_basic_object/extconf.rb
 - ext/cs__assess_regexp/extconf.rb
-- ext/cs__assess_string/extconf.rb
-- ext/cs__tests/extconf.rb
-- ext/cs__assess_module/extconf.rb
-- ext/cs__assess_hash/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
+- ext/cs__assess_array/extconf.rb
 - ext/cs__scope/extconf.rb
+- ext/cs__assess_basic_object/extconf.rb
+- ext/cs__tests/extconf.rb
+- ext/cs__assess_string_interpolation/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"