contrast-agent 6.6.3 → 6.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (185) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +3 -0
  3. data/.gitmodules +0 -3
  4. data/ext/cs__scope/cs__scope.c +1 -1
  5. data/lib/contrast/agent/assess/contrast_event.rb +2 -24
  6. data/lib/contrast/agent/assess/events/source_event.rb +7 -61
  7. data/lib/contrast/agent/assess/finalizers/hash.rb +11 -0
  8. data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +0 -55
  9. data/lib/contrast/agent/assess/policy/policy_node.rb +3 -3
  10. data/lib/contrast/agent/assess/policy/policy_node_utils.rb +0 -1
  11. data/lib/contrast/agent/assess/policy/propagation_node.rb +4 -4
  12. data/lib/contrast/agent/assess/policy/source_method.rb +24 -1
  13. data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +7 -5
  14. data/lib/contrast/agent/assess/policy/trigger/xpath.rb +6 -1
  15. data/lib/contrast/agent/assess/policy/trigger_method.rb +38 -119
  16. data/lib/contrast/agent/assess/policy/trigger_node.rb +3 -3
  17. data/lib/contrast/agent/assess/property/evented.rb +2 -12
  18. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +42 -82
  19. data/lib/contrast/agent/assess/rule/response/base_rule.rb +11 -27
  20. data/lib/contrast/agent/assess/rule/response/body_rule.rb +1 -3
  21. data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +77 -62
  22. data/lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb +1 -1
  23. data/lib/contrast/agent/assess/rule/response/framework/rails_support.rb +6 -1
  24. data/lib/contrast/agent/assess/rule/response/header_rule.rb +5 -5
  25. data/lib/contrast/agent/assess/rule/response/hsts_header_rule.rb +1 -1
  26. data/lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb +1 -1
  27. data/lib/contrast/agent/assess/tracker.rb +1 -7
  28. data/lib/contrast/agent/at_exit_hook.rb +1 -7
  29. data/lib/contrast/agent/excluder.rb +206 -0
  30. data/lib/contrast/agent/exclusion_matcher.rb +6 -0
  31. data/lib/contrast/agent/inventory/database_config.rb +18 -23
  32. data/lib/contrast/agent/middleware.rb +0 -1
  33. data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +4 -0
  34. data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +1 -0
  35. data/lib/contrast/agent/protect/rule/base.rb +64 -24
  36. data/lib/contrast/agent/protect/rule/base_service.rb +1 -0
  37. data/lib/contrast/agent/protect/rule/cmd_injection.rb +18 -104
  38. data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb +129 -0
  39. data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb +169 -0
  40. data/lib/contrast/agent/protect/rule/deserialization.rb +7 -5
  41. data/lib/contrast/agent/protect/rule/path_traversal.rb +9 -7
  42. data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +16 -14
  43. data/lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb +51 -0
  44. data/lib/contrast/agent/protect/rule/sqli/sqli_semantic/sqli_dangerous_functions.rb +67 -0
  45. data/lib/contrast/agent/protect/rule/sqli.rb +6 -31
  46. data/lib/contrast/agent/protect/rule/xxe.rb +11 -6
  47. data/lib/contrast/agent/protect/rule.rb +3 -1
  48. data/lib/contrast/agent/reporting/attack_result/attack_result.rb +8 -0
  49. data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +91 -36
  50. data/lib/contrast/agent/reporting/attack_result/user_input.rb +11 -0
  51. data/lib/contrast/agent/reporting/details/bot_blocker_details.rb +29 -0
  52. data/lib/contrast/agent/reporting/details/cmd_injection_details.rb +30 -0
  53. data/lib/contrast/agent/reporting/details/details.rb +18 -0
  54. data/lib/contrast/agent/reporting/details/http_method_tempering_details.rb +27 -0
  55. data/lib/contrast/agent/reporting/details/ip_denylist_details.rb +27 -0
  56. data/lib/contrast/agent/reporting/details/no_sqli_details.rb +36 -0
  57. data/lib/contrast/agent/reporting/details/path_traversal_details.rb +24 -0
  58. data/lib/contrast/agent/reporting/details/path_traversal_semantic_analysis_details.rb +32 -0
  59. data/lib/contrast/agent/reporting/details/protect_rule_details.rb +17 -0
  60. data/lib/contrast/agent/reporting/details/sqli_dangerous_functions.rb +22 -0
  61. data/lib/contrast/agent/reporting/details/sqli_details.rb +36 -0
  62. data/lib/contrast/agent/reporting/details/untrusted_deserialization_details.rb +27 -0
  63. data/lib/contrast/agent/reporting/details/virtual_patch_details.rb +24 -0
  64. data/lib/contrast/agent/reporting/details/xss_details.rb +33 -0
  65. data/lib/contrast/agent/reporting/details/xss_match.rb +30 -0
  66. data/lib/contrast/agent/reporting/details/xxe_details.rb +36 -0
  67. data/lib/contrast/agent/reporting/details/xxe_match.rb +25 -0
  68. data/lib/contrast/agent/reporting/details/xxe_wrapper.rb +25 -0
  69. data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb +1 -1
  70. data/lib/contrast/agent/reporting/masker/masker.rb +78 -65
  71. data/lib/contrast/agent/reporting/masker/masker_utils.rb +1 -30
  72. data/lib/contrast/agent/reporting/reporter.rb +1 -2
  73. data/lib/contrast/agent/reporting/reporting_events/agent_startup.rb +2 -2
  74. data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +81 -15
  75. data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +13 -25
  76. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +17 -22
  77. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +46 -125
  78. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +5 -16
  79. data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +10 -18
  80. data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +6 -14
  81. data/lib/contrast/agent/reporting/reporting_events/application_startup.rb +1 -1
  82. data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +7 -21
  83. data/lib/contrast/agent/reporting/reporting_events/finding.rb +19 -49
  84. data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +12 -9
  85. data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +1 -1
  86. data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +23 -21
  87. data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +5 -18
  88. data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +1 -0
  89. data/lib/contrast/{api/decorators/trace_taint_range_tags.rb → agent/reporting/reporting_events/finding_event_taint_range_tags.rb} +7 -6
  90. data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +45 -10
  91. data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +1 -1
  92. data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +2 -2
  93. data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +10 -14
  94. data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +11 -0
  95. data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +3 -1
  96. data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +11 -23
  97. data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +8 -26
  98. data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +1 -1
  99. data/lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb +4 -7
  100. data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +1 -1
  101. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +2 -1
  102. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +3 -3
  103. data/lib/contrast/agent/request.rb +4 -2
  104. data/lib/contrast/agent/request_context.rb +12 -15
  105. data/lib/contrast/agent/request_context_extend.rb +67 -69
  106. data/lib/contrast/agent/request_handler.rb +1 -11
  107. data/lib/contrast/agent/response.rb +0 -18
  108. data/lib/contrast/agent/service_heartbeat.rb +1 -1
  109. data/lib/contrast/agent/telemetry/events/event.rb +1 -1
  110. data/lib/contrast/agent/telemetry/events/metric_event.rb +1 -1
  111. data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb +3 -3
  112. data/lib/contrast/agent/version.rb +1 -1
  113. data/lib/contrast/api/communication/messaging_queue.rb +2 -3
  114. data/lib/contrast/api/communication/socket_client.rb +4 -4
  115. data/lib/contrast/api/communication/speedracer.rb +4 -8
  116. data/lib/contrast/api/decorators/agent_startup.rb +5 -6
  117. data/lib/contrast/api/decorators/application_settings.rb +2 -1
  118. data/lib/contrast/api/decorators/application_startup.rb +6 -6
  119. data/lib/contrast/api/decorators/message.rb +0 -4
  120. data/lib/contrast/api/decorators/rasp_rule_sample.rb +0 -6
  121. data/lib/contrast/api/decorators.rb +0 -6
  122. data/lib/contrast/api/dtm.pb.rb +0 -489
  123. data/lib/contrast/components/agent.rb +16 -12
  124. data/lib/contrast/components/api.rb +10 -10
  125. data/lib/contrast/components/app_context.rb +9 -9
  126. data/lib/contrast/components/app_context_extend.rb +1 -1
  127. data/lib/contrast/components/assess.rb +92 -38
  128. data/lib/contrast/components/assess_rules.rb +36 -0
  129. data/lib/contrast/components/config.rb +54 -12
  130. data/lib/contrast/components/contrast_service.rb +8 -8
  131. data/lib/contrast/components/heap_dump.rb +1 -1
  132. data/lib/contrast/components/protect.rb +5 -5
  133. data/lib/contrast/components/ruby_component.rb +81 -0
  134. data/lib/contrast/components/sampling.rb +1 -1
  135. data/lib/contrast/components/security_logger.rb +23 -0
  136. data/lib/contrast/components/service.rb +55 -0
  137. data/lib/contrast/components/settings.rb +12 -4
  138. data/lib/contrast/config/base_configuration.rb +1 -1
  139. data/lib/contrast/config/protect_rules_configuration.rb +17 -3
  140. data/lib/contrast/config/server_configuration.rb +1 -1
  141. data/lib/contrast/config.rb +0 -6
  142. data/lib/contrast/configuration.rb +81 -17
  143. data/lib/contrast/extension/assess/exec_trigger.rb +3 -1
  144. data/lib/contrast/extension/assess/marshal.rb +3 -2
  145. data/lib/contrast/extension/assess/string.rb +0 -1
  146. data/lib/contrast/extension/extension.rb +1 -1
  147. data/lib/contrast/framework/base_support.rb +0 -5
  148. data/lib/contrast/framework/grape/support.rb +1 -23
  149. data/lib/contrast/framework/manager.rb +0 -10
  150. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -6
  151. data/lib/contrast/framework/rails/support.rb +5 -58
  152. data/lib/contrast/framework/sinatra/support.rb +2 -21
  153. data/lib/contrast/logger/cef_log.rb +21 -3
  154. data/lib/contrast/logger/log.rb +1 -11
  155. data/lib/contrast/tasks/config.rb +4 -2
  156. data/lib/contrast/utils/assess/event_limit_utils.rb +28 -12
  157. data/lib/contrast/utils/assess/trigger_method_utils.rb +10 -18
  158. data/lib/contrast/utils/findings.rb +6 -5
  159. data/lib/contrast/utils/hash_digest.rb +9 -24
  160. data/lib/contrast/utils/hash_digest_extend.rb +6 -6
  161. data/lib/contrast/utils/invalid_configuration_util.rb +21 -58
  162. data/lib/contrast/utils/log_utils.rb +47 -17
  163. data/lib/contrast/utils/net_http_base.rb +7 -8
  164. data/lib/contrast/utils/patching/policy/patch_utils.rb +3 -2
  165. data/lib/contrast/utils/stack_trace_utils.rb +0 -25
  166. data/lib/contrast/utils/string_utils.rb +9 -0
  167. data/lib/contrast/utils/telemetry_client.rb +13 -7
  168. data/lib/contrast.rb +5 -10
  169. metadata +39 -28
  170. data/lib/contrast/agent/reporting/reporting_events/trace_event_source.rb +0 -30
  171. data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +0 -43
  172. data/lib/contrast/api/decorators/activity.rb +0 -33
  173. data/lib/contrast/api/decorators/architecture_component.rb +0 -36
  174. data/lib/contrast/api/decorators/finding.rb +0 -29
  175. data/lib/contrast/api/decorators/route_coverage.rb +0 -91
  176. data/lib/contrast/api/decorators/trace_event.rb +0 -120
  177. data/lib/contrast/api/decorators/trace_event_object.rb +0 -63
  178. data/lib/contrast/api/decorators/trace_event_signature.rb +0 -69
  179. data/lib/contrast/api/decorators/trace_taint_range.rb +0 -52
  180. data/lib/contrast/config/assess_configuration.rb +0 -93
  181. data/lib/contrast/config/assess_rules_configuration.rb +0 -32
  182. data/lib/contrast/config/root_configuration.rb +0 -90
  183. data/lib/contrast/config/ruby_configuration.rb +0 -81
  184. data/lib/contrast/config/service_configuration.rb +0 -49
  185. data/lib/contrast/utils/preflight_util.rb +0 -13
@@ -15,36 +15,12 @@ module Contrast
15
15
  #
16
16
  class Message < ::Protobuf::Message; end
17
17
  class Poll < ::Protobuf::Message; end
18
- class Noop < ::Protobuf::Message; end
19
- class ServerActivity < ::Protobuf::Message
20
- end
21
18
 
22
19
  class AgentStartup < ::Protobuf::Message; end
23
20
  class ApplicationCreate < ::Protobuf::Message; end
24
21
  class InstrumentationMode < ::Protobuf::Message; end
25
- class ApplicationUpdate < ::Protobuf::Message
26
- end
27
-
28
- class Activity < ::Protobuf::Message
29
- end
30
-
31
- class Finding < ::Protobuf::Message
32
- end
33
-
34
- class DynamicSource < ::Protobuf::Message
35
- end
36
-
37
- class PossibleSecurityControl < ::Protobuf::Message; end
38
- class View < ::Protobuf::Message; end
39
- class Platform < ::Protobuf::Message; end
40
- class ArchitectureComponent < ::Protobuf::Message; end
41
- class Library < ::Protobuf::Message; end
42
- class LibraryUsageUpdate < ::Protobuf::Message
43
- end
44
22
 
45
23
  class Address < ::Protobuf::Message; end
46
- class RawRequest < ::Protobuf::Message; end
47
- class RawResponse < ::Protobuf::Message; end
48
24
  class HttpRequest < ::Protobuf::Message
49
25
  class Authentication < ::Protobuf::Enum
50
26
  define :UNAUTHENTICATED, 0
@@ -62,27 +38,6 @@ module Contrast
62
38
 
63
39
  end
64
40
 
65
- class RpcStatus < ::Protobuf::Message
66
- class Code < ::Protobuf::Enum
67
- define :OK, 0
68
- define :UNKNOWN, 1
69
- end
70
-
71
- end
72
-
73
- class SqliSinkRequest < ::Protobuf::Message
74
- class Dialect < ::Protobuf::Enum
75
- define :MYSQL, 0
76
- define :POSTGRESQL, 1
77
- define :UNKNOWN, 99
78
- end
79
-
80
- end
81
-
82
- class SqliSinkResponse < ::Protobuf::Message; end
83
- class HttpResponse < ::Protobuf::Message
84
- end
85
-
86
41
  class SimplePair < ::Protobuf::Message; end
87
42
  class Pair < ::Protobuf::Message; end
88
43
  class AttackResult < ::Protobuf::Message
@@ -98,36 +53,13 @@ module Contrast
98
53
  end
99
54
 
100
55
  class RaspRuleSample < ::Protobuf::Message; end
101
- class EndpointBanDetails < ::Protobuf::Message; end
102
- class ModSecurityDetails < ::Protobuf::Message; end
103
- class ModSecurityLog < ::Protobuf::Message
104
- end
105
56
 
106
- class BruteForceDetails < ::Protobuf::Message; end
107
57
  class BotBlockerDetails < ::Protobuf::Message; end
108
58
  class CmdInjectionDetails < ::Protobuf::Message; end
109
- class CmdInjectionSemanticAnalysisDetails < ::Protobuf::Message
110
- class Finding < ::Protobuf::Enum
111
- define :CHAINING, 0
112
- define :BACKDOOR, 1
113
- define :DANGEROUS_PATH, 2
114
- end
115
-
116
- end
117
59
 
118
- class CsrfDetails < ::Protobuf::Message; end
119
- class CveDetails < ::Protobuf::Message; end
120
- class Cve20170898Details < ::Protobuf::Message; end
121
- class Cve201714033Details < ::Protobuf::Message; end
122
- class Cve201714064Details < ::Protobuf::Message; end
123
- class Cve201717405Details < ::Protobuf::Message; end
124
60
  class HttpMethodTamperingDetails < ::Protobuf::Message; end
125
61
  class UntrustedDeserializationDetails < ::Protobuf::Message; end
126
- class ElInjectionDetails < ::Protobuf::Message; end
127
- class IpBlacklistDetails < ::Protobuf::Message; end
128
62
  class IpDenylistDetails < ::Protobuf::Message; end
129
- class MarkOfTheBeastDetails < ::Protobuf::Message; end
130
- class PaddingOracleDetails < ::Protobuf::Message; end
131
63
  class PathTraversalDetails < ::Protobuf::Message; end
132
64
  class PathTraversalSemanticAnalysisDetails < ::Protobuf::Message
133
65
  class Finding < ::Protobuf::Enum
@@ -138,17 +70,7 @@ module Contrast
138
70
  end
139
71
 
140
72
  class ReDosDetails < ::Protobuf::Message; end
141
- class SsjsInjectionDetails < ::Protobuf::Message; end
142
73
  class SqlInjectionDetails < ::Protobuf::Message; end
143
- class SqlInjectionSemanticAnalysisDetails < ::Protobuf::Message
144
- class Finding < ::Protobuf::Enum
145
- define :CHAINING, 0
146
- define :SUSPICIOUS_UNION, 1
147
- define :DANGEROUS_FUNCTION, 2
148
- define :TAUTOLOGY, 3
149
- end
150
-
151
- end
152
74
 
153
75
  class NoSqlInjectionDetails < ::Protobuf::Message; end
154
76
  class SsrfDetails < ::Protobuf::Message; end
@@ -187,47 +109,6 @@ module Contrast
187
109
  end
188
110
 
189
111
  class StackTraceElement < ::Protobuf::Message; end
190
- class TraceEvent < ::Protobuf::Message
191
- class Action < ::Protobuf::Enum
192
- define :CREATION, 0
193
- define :PROPAGATION, 1
194
- define :TRIGGER, 2
195
- define :TAG, 3
196
- define :A2A, 4
197
- define :A2P, 5
198
- define :A2O, 6
199
- define :A2R, 7
200
- define :O2A, 8
201
- define :O2P, 9
202
- define :O2O, 10
203
- define :O2R, 11
204
- define :P2A, 12
205
- define :P2P, 13
206
- define :P2O, 14
207
- define :P2R, 15
208
- end
209
-
210
- class EventType < ::Protobuf::Enum
211
- define :TYPE_METHOD, 0
212
- define :TYPE_PROPAGATION, 1
213
- define :TYPE_TAG, 2
214
- end
215
-
216
- end
217
-
218
- class TraceEventSignature < ::Protobuf::Message; end
219
- class TraceEventSource < ::Protobuf::Message; end
220
- class TraceEventObject < ::Protobuf::Message; end
221
- class TraceTaintRange < ::Protobuf::Message; end
222
- class ParentObjectId < ::Protobuf::Message; end
223
- class TraceStack < ::Protobuf::Message; end
224
- class RouteCoverage < ::Protobuf::Message; end
225
- class ObservedRoute < ::Protobuf::Message; end
226
- class CmdiSinkRequest < ::Protobuf::Message; end
227
- class CmdiSinkResponse < ::Protobuf::Message; end
228
- class PtSinkRequest < ::Protobuf::Message; end
229
- class PtSinkResponse < ::Protobuf::Message; end
230
-
231
112
 
232
113
  ##
233
114
  # File Options
@@ -251,30 +132,8 @@ module Contrast
251
132
  optional :string, :app_path, 28
252
133
  optional ::Contrast::Api::Dtm::AgentStartup, :agent_startup, 11
253
134
  optional ::Contrast::Api::Dtm::ApplicationCreate, :application_create, 12
254
- optional ::Contrast::Api::Dtm::ServerActivity, :server_activity, 10
255
- optional ::Contrast::Api::Dtm::ApplicationUpdate, :application_update, 13
256
- optional ::Contrast::Api::Dtm::Activity, :activity, 14
257
- optional ::Contrast::Api::Dtm::ObservedRoute, :observed_route, 26
258
- optional ::Contrast::Api::Dtm::RawRequest, :request, 19
259
135
  optional ::Contrast::Api::Dtm::HttpRequest, :prefilter, 20
260
- optional ::Contrast::Api::Dtm::HttpResponse, :postfilter, 22
261
- optional ::Contrast::Api::Dtm::RawResponse, :response, 23
262
- optional ::Contrast::Api::Dtm::SqliSinkRequest, :sqli_sink, 25
263
136
  optional ::Contrast::Api::Dtm::Poll, :poll, 27
264
- optional ::Contrast::Api::Dtm::Noop, :noop, 24, :deprecated => true
265
- end
266
-
267
- class Noop
268
- # Message Options
269
- set_option :deprecated, true
270
-
271
- optional :int32, :flag, 1
272
- end
273
-
274
- class ServerActivity
275
- map :string, :int32, :log_enhancers, 16
276
- map :string, :int32, :ip_blacklists, 17, :deprecated => true
277
- map :string, :int32, :ip_denylists, 18
278
137
  end
279
138
 
280
139
  class AgentStartup
@@ -309,133 +168,12 @@ module Contrast
309
168
  optional :bool, :assess, 2
310
169
  end
311
170
 
312
- class ApplicationUpdate
313
- optional :int32, :coverage_loc, 2
314
- optional ::Contrast::Api::Dtm::Platform, :platform, 4
315
- optional ::Contrast::Api::Dtm::View, :view, 5
316
- map :string, :bool, :technologies, 6
317
- repeated ::Contrast::Api::Dtm::ArchitectureComponent, :components, 7
318
- map :string, ::Contrast::Api::Dtm::Library, :libraries, 8
319
- repeated ::Contrast::Api::Dtm::RouteCoverage, :routes, 9
320
- end
321
-
322
- class Activity
323
- optional ::Contrast::Api::Dtm::HttpRequest, :http_request, 1
324
- optional ::Contrast::Api::Dtm::HttpResponse, :http_response, 2
325
- optional :int64, :duration_ms, 3
326
- optional :int32, :query_count, 5
327
- map :string, :bool, :technologies, 7
328
- map :string, ::Contrast::Api::Dtm::LibraryUsageUpdate, :library_usages, 8
329
- repeated ::Contrast::Api::Dtm::ArchitectureComponent, :architectures, 9
330
- repeated ::Contrast::Api::Dtm::RouteCoverage, :routes, 19
331
- repeated ::Contrast::Api::Dtm::AttackResult, :results, 12
332
- repeated ::Contrast::Api::Dtm::Finding, :findings, 15
333
- repeated ::Contrast::Api::Dtm::PossibleSecurityControl, :controls, 16
334
- optional :string, :finding_tags, 17, :deprecated => true
335
- map :string, ::Contrast::Api::Dtm::DynamicSource, :dynamic_sources, 18
336
- end
337
-
338
- class Finding
339
- optional :string, :hash_code, 1
340
- optional :string, :platform, 2
341
- optional :string, :rule_id, 3
342
- optional :string, :evidence, 4
343
- map :string, :string, :properties, 6
344
- repeated ::Contrast::Api::Dtm::TraceEvent, :events, 7
345
- optional :string, :preflight, 8
346
- optional :string, :tags, 9, :deprecated => true
347
- optional :int64, :version, 10
348
- repeated ::Contrast::Api::Dtm::RouteCoverage, :routes, 11
349
- optional :string, :session_id, 12, :deprecated => true
350
- end
351
-
352
- class DynamicSource
353
- optional :string, :class_name, 1
354
- optional :string, :method_name, 2
355
- optional :bool, :instance_method, 3
356
- optional :string, :target, 4
357
- repeated ::Contrast::Api::Dtm::TraceEvent, :events, 5
358
- map :string, :string, :properties, 6
359
- end
360
-
361
- class PossibleSecurityControl
362
- optional :string, :api, 1
363
- optional :string, :type, 2
364
- optional :int64, :traits, 3
365
- end
366
-
367
- class View
368
- optional :int32, :accessible, 1
369
- optional :int32, :total_view_fields, 2
370
- optional :int32, :line_count, 3
371
- end
372
-
373
- class Platform
374
- optional :string, :major, 1
375
- optional :string, :minor, 2
376
- optional :string, :build, 3
377
- optional :string, :service_pack, 4
378
- repeated :string, :updates, 5
379
- end
380
-
381
- class ArchitectureComponent
382
- optional :string, :type, 1
383
- optional :string, :vendor, 2
384
- optional :string, :url, 3
385
- optional :string, :remote_host, 4
386
- optional :int32, :remote_port, 5
387
- end
388
-
389
- class Library
390
- optional :string, :hash_code, 1
391
- optional :string, :file_path, 2
392
- optional :string, :url, 3
393
- optional :string, :version, 4
394
- optional :int32, :tloc, 5
395
- optional :int32, :class_count, 6
396
- optional :int32, :used_class_count, 7
397
- optional :int64, :internal_ms, 8
398
- optional :int64, :external_ms, 9
399
- optional :string, :manifest, 10
400
- optional :string, :tags, 11, :deprecated => true
401
- end
402
-
403
- class LibraryUsageUpdate
404
- optional :int32, :count, 1
405
- optional :string, :hash_code, 2
406
- map :string, :bool, :class_names, 3
407
- end
408
-
409
171
  class Address
410
172
  optional :string, :ip, 1
411
173
  optional :string, :host, 2
412
174
  optional :int32, :port, 3
413
175
  end
414
176
 
415
- class RawRequest
416
- optional :string, :uuid, 1
417
- optional :int64, :timestamp_ms, 2
418
- optional :string, :request_line, 4
419
- optional :string, :normalized_uri, 5
420
- optional :string, :client_ip, 6
421
- optional :int32, :client_ip_version, 7
422
- optional :int32, :client_port, 8
423
- optional :string, :server_ip, 10
424
- optional :int32, :server_ip_version, 11
425
- optional :int32, :server_port, 12
426
- repeated ::Contrast::Api::Dtm::SimplePair, :request_headers, 14
427
- repeated ::Contrast::Api::Dtm::SimplePair, :multipart_headers, 17
428
- optional :bytes, :request_body, 16
429
- end
430
-
431
- class RawResponse
432
- optional :string, :uuid, 1
433
- optional :int64, :timestamp_ms, 2
434
- optional :int32, :response_code, 3
435
- repeated ::Contrast::Api::Dtm::SimplePair, :response_headers, 14
436
- optional :bytes, :response_body, 16
437
- end
438
-
439
177
  class HttpRequest
440
178
  optional :string, :uuid, 1
441
179
  optional :int64, :timestamp_ms, 2
@@ -466,37 +204,6 @@ module Contrast
466
204
  optional :string, :server_info, 50
467
205
  end
468
206
 
469
- class RpcStatus
470
- optional ::Contrast::Api::Dtm::RpcStatus::Code, :code, 1
471
- optional :string, :msg, 2
472
- end
473
-
474
- class SqliSinkRequest
475
- optional :string, :uuid, 1
476
- optional ::Contrast::Api::Dtm::SqliSinkRequest::Dialect, :dialect, 2
477
- optional :string, :query, 3
478
- end
479
-
480
- class SqliSinkResponse
481
- optional ::Contrast::Api::Dtm::RpcStatus, :status, 1
482
- optional ::Contrast::Api::Dtm::UserInput, :user_input, 3
483
- optional ::Contrast::Api::Dtm::SqlInjectionDetails, :sqli, 10
484
- optional ::Contrast::Api::Dtm::SqlInjectionSemanticAnalysisDetails, :sqli_semantic, 11
485
- end
486
-
487
- class HttpResponse
488
- optional :string, :uuid, 1
489
- optional :int64, :timestamp_ms, 2
490
- optional :int32, :response_code, 3
491
- map :string, :string, :response_headers, 4, :deprecated => true
492
- optional :bool, :parsed_response_headers, 5, :deprecated => true
493
- map :string, ::Contrast::Api::Dtm::Pair, :normalized_response_headers, 6
494
- optional :string, :response_body, 10, :deprecated => true
495
- optional :bool, :parsed_response_body, 11
496
- optional ::Contrast::Api::Dtm::HttpRequest::DocumentType, :document_type, 12
497
- optional :bytes, :response_body_binary, 13
498
- end
499
-
500
207
  class SimplePair
501
208
  optional :string, :key, 1
502
209
  optional :string, :value, 2
@@ -524,17 +231,10 @@ module Contrast
524
231
  optional :int64, :timestamp_ms, 2
525
232
  repeated ::Contrast::Api::Dtm::StackTraceElement, :stack_trace_elements, 4
526
233
  optional ::Contrast::Api::Dtm::UserInput, :user_input, 5
527
- optional ::Contrast::Api::Dtm::BruteForceDetails, :brute_force, 16
528
234
  optional ::Contrast::Api::Dtm::BotBlockerDetails, :bot_blocker, 17
529
235
  optional ::Contrast::Api::Dtm::CmdInjectionDetails, :cmdi, 18
530
- optional ::Contrast::Api::Dtm::CsrfDetails, :csrf, 19
531
- optional ::Contrast::Api::Dtm::CveDetails, :cve, 20, :deprecated => true
532
236
  optional ::Contrast::Api::Dtm::UntrustedDeserializationDetails, :untrusted_deserialization, 21
533
- optional ::Contrast::Api::Dtm::ElInjectionDetails, :el_injection, 22
534
- optional ::Contrast::Api::Dtm::IpBlacklistDetails, :ip_blacklist, 23, :deprecated => true
535
237
  optional ::Contrast::Api::Dtm::IpDenylistDetails, :ip_denylist, 45
536
- optional ::Contrast::Api::Dtm::MarkOfTheBeastDetails, :mark_of_the_beast, 24
537
- optional ::Contrast::Api::Dtm::PaddingOracleDetails, :padding_oracle, 25
538
238
  optional ::Contrast::Api::Dtm::PathTraversalDetails, :path_traversal, 26
539
239
  optional ::Contrast::Api::Dtm::ReDosDetails, :re_dos, 27
540
240
  optional ::Contrast::Api::Dtm::SqlInjectionDetails, :sqli, 28
@@ -544,37 +244,7 @@ module Contrast
544
244
  optional ::Contrast::Api::Dtm::XxeDetails, :xxe, 32
545
245
  optional ::Contrast::Api::Dtm::NoSqlInjectionDetails, :no_sqli, 33
546
246
  optional ::Contrast::Api::Dtm::HttpMethodTamperingDetails, :method_tampering, 34
547
- optional ::Contrast::Api::Dtm::Cve20170898Details, :cve_2017_0898, 35, :deprecated => true
548
- optional ::Contrast::Api::Dtm::Cve201714033Details, :cve_2017_14033, 36, :deprecated => true
549
- optional ::Contrast::Api::Dtm::Cve201714064Details, :cve_2017_14064, 37, :deprecated => true
550
- optional ::Contrast::Api::Dtm::Cve201717405Details, :cve_2017_17405, 38, :deprecated => true
551
- optional ::Contrast::Api::Dtm::ModSecurityDetails, :mod_security, 39
552
- optional ::Contrast::Api::Dtm::EndpointBanDetails, :endpoint, 40
553
- optional ::Contrast::Api::Dtm::SqlInjectionSemanticAnalysisDetails, :sqli_semantic, 41
554
- optional ::Contrast::Api::Dtm::CmdInjectionSemanticAnalysisDetails, :cmdi_semantic, 42
555
247
  optional ::Contrast::Api::Dtm::PathTraversalSemanticAnalysisDetails, :path_traversal_semantic, 43
556
- optional ::Contrast::Api::Dtm::SsjsInjectionDetails, :ssjs, 44
557
- end
558
-
559
- class EndpointBanDetails
560
- optional :string, :ip, 1
561
- optional :string, :request_uri, 2
562
- optional :int32, :response_code, 3
563
- end
564
-
565
- class ModSecurityDetails
566
- optional :string, :transaction_id, 1
567
- optional :int32, :status, 2
568
- repeated ::Contrast::Api::Dtm::ModSecurityLog, :logs, 3
569
- end
570
-
571
- class ModSecurityLog
572
- optional :string, :message, 2
573
- map :string, :string, :params, 3
574
- end
575
-
576
- class BruteForceDetails
577
- optional :int32, :count, 1
578
248
  end
579
249
 
580
250
  class BotBlockerDetails
@@ -588,50 +258,6 @@ module Contrast
588
258
  optional :int32, :end_idx, 3
589
259
  end
590
260
 
591
- class CmdInjectionSemanticAnalysisDetails
592
- optional :string, :command, 1
593
- repeated ::Contrast::Api::Dtm::CmdInjectionSemanticAnalysisDetails::Finding, :findings, 2
594
- end
595
-
596
- class CsrfDetails
597
- optional :string, :name, 1
598
- optional :string, :expected, 2
599
- optional :string, :presented, 3
600
- end
601
-
602
- class CveDetails
603
- optional :string, :name, 1
604
- optional :string, :value, 2
605
- optional :string, :cve, 3
606
- optional :string, :library, 4
607
- end
608
-
609
- class Cve20170898Details
610
- optional :string, :format_string, 1
611
- optional :string, :malicious_format_group, 2
612
- optional :string, :precision_argument, 3
613
- optional :string, :value_argument, 4
614
- optional :string, :arguments, 5
615
- optional :string, :ruby_version, 6
616
- end
617
-
618
- class Cve201714033Details
619
- optional :string, :asn1, 1
620
- optional :string, :ruby_version, 2
621
- end
622
-
623
- class Cve201714064Details
624
- optional :string, :space, 1
625
- optional :string, :ruby_version, 2
626
- optional :string, :json_version, 3
627
- end
628
-
629
- class Cve201717405Details
630
- optional :string, :method, 1
631
- optional :string, :file_name, 2
632
- optional :string, :ruby_version, 3
633
- end
634
-
635
261
  class HttpMethodTamperingDetails
636
262
  optional :string, :method, 1
637
263
  optional :int32, :response_code, 2
@@ -642,37 +268,11 @@ module Contrast
642
268
  optional :string, :deserializer, 2
643
269
  end
644
270
 
645
- class ElInjectionDetails
646
- optional :string, :attr_value, 1
647
- optional :string, :version, 2
648
- optional :string, :library_filename, 3
649
- end
650
-
651
- class IpBlacklistDetails
652
- # Message Options
653
- set_option :deprecated, true
654
-
655
- optional :string, :ip, 1
656
- optional :string, :uuid, 2
657
- end
658
-
659
271
  class IpDenylistDetails
660
272
  optional :string, :ip, 1
661
273
  optional :string, :uuid, 2
662
274
  end
663
275
 
664
- class MarkOfTheBeastDetails
665
- optional :string, :number, 1
666
- optional :string, :vendor, 2
667
- optional :string, :version, 3
668
- end
669
-
670
- class PaddingOracleDetails
671
- optional :string, :message, 1
672
- optional :int32, :period, 2
673
- optional :int32, :hits, 3
674
- end
675
-
676
276
  class PathTraversalDetails
677
277
  optional :string, :path, 1
678
278
  end
@@ -689,13 +289,6 @@ module Contrast
689
289
  optional :string, :offending_string, 4
690
290
  end
691
291
 
692
- class SsjsInjectionDetails
693
- optional :string, :code_string, 1
694
- optional :int32, :start_idx, 2
695
- optional :int32, :end_idx, 3
696
- optional :int32, :boundary_overrun_idx, 4
697
- end
698
-
699
292
  class SqlInjectionDetails
700
293
  optional :int32, :start_idx, 1
701
294
  optional :int32, :end_idx, 2
@@ -704,11 +297,6 @@ module Contrast
704
297
  optional :string, :query, 5
705
298
  end
706
299
 
707
- class SqlInjectionSemanticAnalysisDetails
708
- optional :string, :query, 1
709
- optional ::Contrast::Api::Dtm::SqlInjectionSemanticAnalysisDetails::Finding, :finding, 2
710
- end
711
-
712
300
  class NoSqlInjectionDetails
713
301
  optional :int32, :start_idx, 1
714
302
  optional :int32, :end_idx, 2
@@ -767,83 +355,6 @@ module Contrast
767
355
  optional :string, :file_name, 3
768
356
  optional :int32, :line_number, 4
769
357
  end
770
-
771
- class TraceEvent
772
- optional ::Contrast::Api::Dtm::TraceEvent::Action, :action, 1
773
- optional ::Contrast::Api::Dtm::TraceEvent::EventType, :type, 2
774
- optional :int64, :timestamp_ms, 3
775
- optional :string, :thread, 4
776
- optional ::Contrast::Api::Dtm::TraceEventSignature, :signature, 6
777
- optional :string, :field_name, 7
778
- optional :string, :context, 8
779
- optional :string, :code, 9
780
- optional ::Contrast::Api::Dtm::TraceEventObject, :object, 16
781
- optional ::Contrast::Api::Dtm::TraceEventObject, :ret, 17
782
- repeated ::Contrast::Api::Dtm::TraceEventObject, :args, 18
783
- repeated ::Contrast::Api::Dtm::TraceStack, :stack, 19
784
- repeated ::Contrast::Api::Dtm::TraceEventSource, :event_sources, 20
785
- optional :string, :source, 21
786
- optional :string, :target, 22
787
- repeated ::Contrast::Api::Dtm::TraceTaintRange, :taint_ranges, 23
788
- optional :int64, :object_id, 24
789
- repeated ::Contrast::Api::Dtm::ParentObjectId, :parent_object_ids, 25
790
- end
791
-
792
- class TraceEventSignature
793
- optional :string, :return_type, 1
794
- optional :string, :class_name, 2
795
- optional :string, :method_name, 3
796
- repeated :string, :arg_types, 4
797
- optional :bool, :constructor, 5
798
- optional :bool, :void_method, 6
799
- optional :int32, :flags, 7
800
- end
801
-
802
- class TraceEventSource
803
- optional :string, :type, 1
804
- optional :string, :name, 2
805
- end
806
-
807
- class TraceEventObject
808
- optional :bool, :tracked, 1
809
- optional :string, :value, 2
810
- repeated ::Contrast::Api::Dtm::TraceTaintRange, :ranges, 3
811
- end
812
-
813
- class TraceTaintRange
814
- optional :string, :tag, 1
815
- optional :string, :range, 2
816
- end
817
-
818
- class ParentObjectId
819
- optional :int64, :id, 1
820
- end
821
-
822
- class TraceStack
823
- optional :string, :signature, 1
824
- optional :string, :declaring_class, 2
825
- optional :string, :method_name, 3
826
- optional :string, :file_name, 4
827
- optional :int32, :line_number, 5
828
- optional :string, :type, 6
829
- optional :string, :eval, 7
830
- end
831
-
832
- class RouteCoverage
833
- optional :string, :verb, 1
834
- optional :string, :url, 2
835
- optional :string, :route, 3
836
- optional :int32, :count, 4
837
- end
838
-
839
- class ObservedRoute
840
- optional :string, :signature, 1
841
- optional :string, :url, 2
842
- optional :string, :verb, 3
843
- optional :string, :session_id, 4, :deprecated => true
844
- repeated ::Contrast::Api::Dtm::TraceEventSource, :sources, 5
845
- end
846
-
847
358
  end
848
359
 
849
360
  end
@@ -4,7 +4,10 @@
4
4
  require 'rubygems/version'
5
5
  require 'contrast/agent/rule_set'
6
6
  require 'contrast/components/logger'
7
+ require 'contrast/components/security_logger'
7
8
  require 'contrast/components/heap_dump'
9
+ require 'contrast/components/service'
10
+ require 'contrast/components/ruby_component'
8
11
 
9
12
  module Contrast
10
13
  module Components
@@ -21,9 +24,10 @@ module Contrast
21
24
  @_enable = hsh[:enable]
22
25
  @_start_bundled_service = hsh[:start_bundled_service]
23
26
  @_omit_body = hsh[:omit_body]
24
- @_service = Contrast::Config::ServiceConfiguration.new(hsh[:service])
27
+ @_service = Contrast::Components::Service::Interface.new(hsh[:service])
25
28
  @_logger = Contrast::Components::Logger::Interface.new(hsh[:logger])
26
- @_ruby = Contrast::Config::RubyConfiguration.new(hsh[:ruby])
29
+ @_security_logger = Contrast::Components::SecurityLogger::Interface.new(hsh[:security_logger])
30
+ @_ruby = Contrast::Components::Ruby::Interface.new(hsh[:ruby])
27
31
  @_heap_dump = Contrast::Components::HeapDump::Interface.new(hsh[:heap_dump])
28
32
  end
29
33
 
@@ -35,7 +39,7 @@ module Contrast
35
39
  def service
36
40
  return @_service unless @_service.nil?
37
41
 
38
- @_service = Contrast::Config::ServiceConfiguration.new
42
+ @_service = Contrast::Components::Service::Interface.new
39
43
  end
40
44
 
41
45
  def logger
@@ -44,10 +48,16 @@ module Contrast
44
48
  @_logger = Contrast::Components::Logger::Interface.new
45
49
  end
46
50
 
51
+ def security_logger
52
+ return @_security_logger unless @_security_logger.nil?
53
+
54
+ @_security_logger = Contrast::Components::SecurityLogger::Interface.new
55
+ end
56
+
47
57
  def ruby
48
58
  return @_ruby unless @_ruby.nil?
49
59
 
50
- @_ruby = Contrast::Config::RubyConfiguration.new
60
+ @_ruby = Contrast::Components::Ruby::Interface.new
51
61
  end
52
62
 
53
63
  def heap_dump
@@ -57,7 +67,7 @@ module Contrast
57
67
  end
58
68
 
59
69
  def enabled?
60
- @_enable = !false?(::Contrast::CONFIG.root.enable) if @_enable.nil?
70
+ @_enable = !false?(::Contrast::CONFIG.enable) if @_enable.nil?
61
71
  @_enable
62
72
  end
63
73
 
@@ -87,12 +97,6 @@ module Contrast
87
97
  !false?(ruby.propagate_yield)
88
98
  end
89
99
 
90
- def interpolation_enabled?
91
- return @_interpolation_enabled unless @_interpolation_enabled.nil?
92
-
93
- @_interpolation_enabled = !false?(::Contrast::CONFIG.root.agent.ruby.interpolate)
94
- end
95
-
96
100
  def omit_body?
97
101
  @_omit_body
98
102
  end
@@ -108,7 +112,7 @@ module Contrast
108
112
  def skip_instrumentation? loaded_module_name
109
113
  return true unless loaded_module_name
110
114
 
111
- loaded_module_name.start_with?(*::Contrast::CONFIG.root.agent.ruby.uninstrument_namespace)
115
+ loaded_module_name.start_with?(*::Contrast::CONFIG.agent.ruby.uninstrument_namespace)
112
116
  end
113
117
 
114
118
  # Insert ourselves into the application, keeping our middleware at the outermost layer of the onion