contrast-agent 6.6.2 → 6.6.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (72) hide show
  1. checksums.yaml +4 -4
  2. data/lib/contrast/agent/assess/policy/trigger_method.rb +21 -6
  3. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +2 -0
  4. data/lib/contrast/agent/at_exit_hook.rb +1 -7
  5. data/lib/contrast/agent/inventory/database_config.rb +16 -12
  6. data/lib/contrast/agent/inventory/policy/datastores.rb +1 -2
  7. data/lib/contrast/agent/middleware.rb +0 -1
  8. data/lib/contrast/agent/protect/rule/base.rb +16 -20
  9. data/lib/contrast/agent/protect/rule/cmd_injection.rb +5 -4
  10. data/lib/contrast/agent/protect/rule/deserialization.rb +5 -4
  11. data/lib/contrast/agent/protect/rule/path_traversal.rb +9 -7
  12. data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +16 -14
  13. data/lib/contrast/agent/protect/rule/sqli.rb +1 -1
  14. data/lib/contrast/agent/protect/rule/xxe.rb +9 -6
  15. data/lib/contrast/agent/reporting/attack_result/attack_result.rb +8 -0
  16. data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +85 -36
  17. data/lib/contrast/agent/reporting/attack_result/user_input.rb +11 -0
  18. data/lib/contrast/agent/reporting/details/bot_blocker_details.rb +29 -0
  19. data/lib/contrast/agent/reporting/details/cmd_injection_details.rb +30 -0
  20. data/lib/contrast/agent/reporting/details/details.rb +18 -0
  21. data/lib/contrast/agent/reporting/details/http_method_tempering_details.rb +27 -0
  22. data/lib/contrast/agent/reporting/details/ip_denylist_details.rb +27 -0
  23. data/lib/contrast/agent/reporting/details/no_sqli_details.rb +36 -0
  24. data/lib/contrast/agent/reporting/details/path_traversal_details.rb +24 -0
  25. data/lib/contrast/agent/reporting/details/path_traversal_semantic_analysis_details.rb +32 -0
  26. data/lib/contrast/agent/reporting/details/protect_rule_details.rb +17 -0
  27. data/lib/contrast/agent/reporting/details/sqli_details.rb +36 -0
  28. data/lib/contrast/agent/reporting/details/untrusted_deserialization_details.rb +27 -0
  29. data/lib/contrast/agent/reporting/details/virtual_patch_details.rb +24 -0
  30. data/lib/contrast/agent/reporting/details/xss_details.rb +33 -0
  31. data/lib/contrast/agent/reporting/details/xss_match.rb +30 -0
  32. data/lib/contrast/agent/reporting/details/xxe_details.rb +36 -0
  33. data/lib/contrast/agent/reporting/details/xxe_match.rb +25 -0
  34. data/lib/contrast/agent/reporting/details/xxe_wrapper.rb +25 -0
  35. data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb +1 -1
  36. data/lib/contrast/agent/reporting/masker/masker.rb +78 -65
  37. data/lib/contrast/agent/reporting/masker/masker_utils.rb +1 -30
  38. data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +84 -15
  39. data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +13 -25
  40. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +17 -22
  41. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +46 -125
  42. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +5 -16
  43. data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +10 -18
  44. data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +6 -14
  45. data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +29 -20
  46. data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +45 -10
  47. data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +2 -2
  48. data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +0 -7
  49. data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +1 -1
  50. data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +2 -2
  51. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +2 -1
  52. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +1 -1
  53. data/lib/contrast/agent/request.rb +2 -0
  54. data/lib/contrast/agent/request_context.rb +13 -4
  55. data/lib/contrast/agent/request_context_extend.rb +59 -40
  56. data/lib/contrast/agent/request_handler.rb +7 -9
  57. data/lib/contrast/agent/service_heartbeat.rb +1 -1
  58. data/lib/contrast/agent/version.rb +1 -1
  59. data/lib/contrast/api/decorators/message.rb +1 -1
  60. data/lib/contrast/components/app_context.rb +62 -8
  61. data/lib/contrast/components/app_context_extend.rb +8 -8
  62. data/lib/contrast/config/assess_configuration.rb +1 -1
  63. data/lib/contrast/config/root_configuration.rb +6 -4
  64. data/lib/contrast/config.rb +0 -1
  65. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -6
  66. data/lib/contrast/utils/assess/event_limit_utils.rb +26 -7
  67. data/lib/contrast/utils/log_utils.rb +16 -10
  68. data/lib/contrast/utils/net_http_base.rb +5 -6
  69. data/lib/contrast/utils/string_utils.rb +2 -6
  70. data/lib/contrast.rb +1 -1
  71. metadata +30 -14
  72. data/lib/contrast/config/application_configuration.rb +0 -57
data/lib/contrast.rb CHANGED
@@ -81,7 +81,7 @@ module Contrast
81
81
  AGENT = CONFIG.root.agent
82
82
  LOGGER = AGENT.logger
83
83
  CONTRAST_SERVICE = Contrast::Components::ContrastService::Interface.new
84
- APP_CONTEXT = Contrast::Components::AppContext::Interface.new
84
+ APP_CONTEXT = CONFIG.root.application
85
85
  end
86
86
 
87
87
  module Contrast
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: contrast-agent
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.6.2
4
+ version: 6.6.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
13
13
  autorequire:
14
14
  bindir: exe
15
15
  cert_chain: []
16
- date: 2022-07-15 00:00:00.000000000 Z
16
+ date: 2022-08-04 00:00:00.000000000 Z
17
17
  dependencies:
18
18
  - !ruby/object:Gem::Dependency
19
19
  name: bundler
@@ -665,22 +665,22 @@ executables:
665
665
  - contrast_service
666
666
  extensions:
667
667
  - ext/cs__common/extconf.rb
668
- - ext/cs__assess_fiber_track/extconf.rb
669
- - ext/cs__assess_string/extconf.rb
668
+ - ext/cs__tests/extconf.rb
670
669
  - ext/cs__assess_module/extconf.rb
671
- - ext/cs__assess_test/extconf.rb
672
- - ext/cs__assess_kernel/extconf.rb
673
- - ext/cs__assess_yield_track/extconf.rb
670
+ - ext/cs__assess_array/extconf.rb
674
671
  - ext/cs__assess_hash/extconf.rb
672
+ - ext/cs__assess_basic_object/extconf.rb
673
+ - ext/cs__assess_regexp/extconf.rb
675
674
  - ext/cs__os_information/extconf.rb
675
+ - ext/cs__assess_test/extconf.rb
676
+ - ext/cs__assess_string/extconf.rb
676
677
  - ext/cs__contrast_patch/extconf.rb
677
- - ext/cs__assess_marshal_module/extconf.rb
678
- - ext/cs__assess_regexp/extconf.rb
679
- - ext/cs__assess_array/extconf.rb
680
- - ext/cs__scope/extconf.rb
681
- - ext/cs__assess_basic_object/extconf.rb
682
- - ext/cs__tests/extconf.rb
683
678
  - ext/cs__assess_string_interpolation/extconf.rb
679
+ - ext/cs__scope/extconf.rb
680
+ - ext/cs__assess_marshal_module/extconf.rb
681
+ - ext/cs__assess_fiber_track/extconf.rb
682
+ - ext/cs__assess_yield_track/extconf.rb
683
+ - ext/cs__assess_kernel/extconf.rb
684
684
  extra_rdoc_files: []
685
685
  files:
686
686
  - ".clang-format"
@@ -1026,6 +1026,23 @@ files:
1026
1026
  - lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb
1027
1027
  - lib/contrast/agent/reporting/attack_result/response_type.rb
1028
1028
  - lib/contrast/agent/reporting/attack_result/user_input.rb
1029
+ - lib/contrast/agent/reporting/details/bot_blocker_details.rb
1030
+ - lib/contrast/agent/reporting/details/cmd_injection_details.rb
1031
+ - lib/contrast/agent/reporting/details/details.rb
1032
+ - lib/contrast/agent/reporting/details/http_method_tempering_details.rb
1033
+ - lib/contrast/agent/reporting/details/ip_denylist_details.rb
1034
+ - lib/contrast/agent/reporting/details/no_sqli_details.rb
1035
+ - lib/contrast/agent/reporting/details/path_traversal_details.rb
1036
+ - lib/contrast/agent/reporting/details/path_traversal_semantic_analysis_details.rb
1037
+ - lib/contrast/agent/reporting/details/protect_rule_details.rb
1038
+ - lib/contrast/agent/reporting/details/sqli_details.rb
1039
+ - lib/contrast/agent/reporting/details/untrusted_deserialization_details.rb
1040
+ - lib/contrast/agent/reporting/details/virtual_patch_details.rb
1041
+ - lib/contrast/agent/reporting/details/xss_details.rb
1042
+ - lib/contrast/agent/reporting/details/xss_match.rb
1043
+ - lib/contrast/agent/reporting/details/xxe_details.rb
1044
+ - lib/contrast/agent/reporting/details/xxe_match.rb
1045
+ - lib/contrast/agent/reporting/details/xxe_wrapper.rb
1029
1046
  - lib/contrast/agent/reporting/input_analysis/input_analysis.rb
1030
1047
  - lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb
1031
1048
  - lib/contrast/agent/reporting/input_analysis/input_type.rb
@@ -1193,7 +1210,6 @@ files:
1193
1210
  - lib/contrast/components/settings.rb
1194
1211
  - lib/contrast/config.rb
1195
1212
  - lib/contrast/config/api_proxy_configuration.rb
1196
- - lib/contrast/config/application_configuration.rb
1197
1213
  - lib/contrast/config/assess_configuration.rb
1198
1214
  - lib/contrast/config/assess_rules_configuration.rb
1199
1215
  - lib/contrast/config/base_configuration.rb
@@ -1,57 +0,0 @@
1
- # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
- # frozen_string_literal: true
3
-
4
- require 'contrast/utils/object_share'
5
-
6
- module Contrast
7
- module Config
8
- # Common Configuration settings. Those in this section pertain to the
9
- # application identification functionality of the Agent.
10
- class ApplicationConfiguration
11
- include Contrast::Config::BaseConfiguration
12
-
13
- # @return [String]
14
- attr_accessor :name
15
- # @return [String]
16
- attr_accessor :version
17
- # @return [String]
18
- attr_accessor :language
19
- # @return [String]
20
- attr_accessor :path
21
- # @return [String]
22
- attr_accessor :group
23
- # @return [String]
24
- attr_accessor :tags
25
- # @return [String]
26
- attr_accessor :code
27
- # @return [String]
28
- attr_accessor :metadata
29
- attr_writer :session_id, :session_metadata
30
-
31
- def initialize hsh = {}
32
- return unless hsh
33
-
34
- @name = hsh[:name]
35
- @version = hsh[:version]
36
- @language = hsh[:language]
37
- @path = hsh[:path]
38
- @group = hsh[:group]
39
- @tags = hsh[:tags]
40
- @code = hsh[:code]
41
- @metadata = hsh[:metadata]
42
- @session_id = hsh[:session_id]
43
- @session_metadata = hsh[:session_metadata]
44
- end
45
-
46
- # @return [String, Contrast::Utils::ObjectShare::EMPTY_STRING]
47
- def session_id
48
- @session_id ||= Contrast::Utils::ObjectShare::EMPTY_STRING
49
- end
50
-
51
- # @return [String, Contrast::Utils::ObjectShare::EMPTY_STRING]
52
- def session_metadata
53
- @session_metadata ||= Contrast::Utils::ObjectShare::EMPTY_STRING
54
- end
55
- end
56
- end
57
- end