RubyGems - contrast-agent - Versions diffs - 6.6.4 → 6.8.0 - Mend

contrast-agent 6.6.4 → 6.8.0

Files changed (340) hide show

data/lib/contrast/config/assess_rules_configuration.rb DELETED Viewed

@@ -1,32 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-module Contrast
-  module Config
-    # Common Configuration settings. Those in this section pertain to the
-    # disabled assess rule functionality of the Agent.
-    class AssessRulesConfiguration
-      include Contrast::Config::BaseConfiguration
-      SPEC_KEY = :disabled_rules.cs__freeze
-      # @return [Array, nil] list of disabled assess rules
-      attr_accessor :disabled_rules
-      def initialize hsh = {}
-        return unless hsh
-        @disabled_rules = cast_disabled_rules(hsh)
-      end
-      private
-      def cast_disabled_rules hsh
-        return unless hsh
-        return unless hsh.key?(SPEC_KEY)
-        return hsh[SPEC_KEY] if hsh[SPEC_KEY].cs__is_a?(Array)
-        hsh[SPEC_KEY].split(',').map(&:strip) if hsh[SPEC_KEY].cs__is_a?(String)
-      end
-    end
-  end
-end

data/lib/contrast/config/root_configuration.rb DELETED Viewed

@@ -1,90 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-require 'contrast/components/agent'
-require 'contrast/components/inventory'
-require 'contrast/components/protect'
-require 'contrast/components/app_context'
-module Contrast
-  module Config
-    # The base of the Common Configuration settings.
-    class RootConfiguration
-      include Contrast::Config::BaseConfiguration
-      # @return [Contrast::Components::Api::Interface]
-      attr_writer :api
-      # @return [Contrast::Components::Agent::Interface]
-      attr_writer :agent
-      # @return [Contrast::Components::AppContext::Interface]
-      attr_writer :application
-      # @return [Contrast::Config::ServerConfiguration]
-      attr_writer :server
-      # @return [Contrast::Config::AssessConfiguration]
-      attr_writer :assess
-      # @return [Contrast::Components::Inventory::Interface]
-      attr_writer :inventory
-      # @return [Contrast::Components::Protect::Interface]
-      attr_writer :protect
-      # @return [Contrast::Config::ServiceConfiguration]
-      attr_writer :service
-      # @return [Boolean, nil]
-      attr_accessor :enable
-      # @raise[ArgumentError]
-      def initialize hsh = {}
-        raise(ArgumentError, 'Expected a hash') unless hsh.is_a?(Hash)
-        @api = Contrast::Components::Api::Interface.new(hsh[:api])
-        @enable = hsh[:enable]
-        @agent = Contrast::Components::Agent::Interface.new(hsh[:agent])
-        @application = Contrast::Components::AppContext::Interface.new(hsh[:application])
-        @server = Contrast::Config::ServerConfiguration.new(hsh[:server])
-        @assess = Contrast::Config::AssessConfiguration.new(hsh[:assess])
-        @inventory = Contrast::Components::Inventory::Interface.new(hsh[:inventory])
-        @protect = Contrast::Components::Protect::Interface.new(hsh[:protect])
-        @service = Contrast::Config::ServiceConfiguration.new(hsh[:service])
-      end
-      # @return [Contrast::Components::Api::Interface]
-      def api
-        @api ||= Contrast::Components::Api::Interface.new
-      end
-      # @return [Contrast::Components::Agent::Interface]
-      def agent
-        @agent ||= Contrast::Components::Agent::Interface.new
-      end
-      # @return [Contrast::Components::AppContext::Interface]
-      def application
-        @application ||= Contrast::Components::AppContext::Interface.new
-      end
-      # @return [Contrast::Config::ServerConfiguration]
-      def server
-        @server ||= Contrast::Config::ServerConfiguration.new
-      end
-      # @return [Contrast::Config::AssessConfiguration]
-      def assess
-        @assess ||= Contrast::Config::AssessConfiguration.new
-      end
-      # @return [Contrast::Components::Inventory::Interface]
-      def inventory
-        @inventory ||= Contrast::Components::Inventory::Interface.new
-      end
-      # @return [Contrast::Components::Protect::Interface]
-      def protect
-        @protect ||= Contrast::Components::Protect::Interface.new
-      end
-      # @return [Contrast::Config::ServiceConfiguration]
-      def service
-        @service ||= Contrast::Config::ServiceConfiguration.new
-      end
-    end
-  end
-end

data/lib/contrast/config/ruby_configuration.rb DELETED Viewed

@@ -1,81 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-module Contrast
-  module Config
-    # Common Configuration settings. Those in this section pertain to the specific settings that apply to Ruby
-    class RubyConfiguration
-      include Contrast::Config::BaseConfiguration
-      DISABLED_RAKE_TASK_LIST = %w[
-        about assets:clean assets:clobber assets:environment
-        assets:precompile assets:precompile:all db:create db:drop db:fixtures:load db:migrate
-        db:migrate:status db:rollback db:schema:cache:clear db:schema:cache:dump db:schema:dump
-        db:schema:load db:seed db:setup db:structure:dump db:version doc:app graphql:install graphql:object
-        log:clear middleware notes notes:custom rails:template rails:update routes secret spec spec:features
-        spec:requests spec:controllers spec:helpers spec:models spec:views spec:routing spec:rcov stats
-        test test:all test:all:db test:recent test:single test:uncommitted time:zones:all tmp:clear
-        tmp:create webpacker:compile contrast:service:start contrast:service:status contrast:service:stop
-      ].cs__freeze
-      DEFAULT_UNINSTRUMENTED_NAMESPACES = %w[FactoryGirl FactoryBot].cs__freeze
-      attr_writer :disabled_agent_rake_tasks, :exceptions, :interpolate, :propagate_yield, :require_scan,
-                  :non_request_tracking, :uninstrument_namespace
-      def initialize hsh = {}
-        return unless hsh
-        @disabled_agent_rake_tasks = hsh[:disabled_agent_rake_tasks]
-        @exceptions = Contrast::Config::ExceptionConfiguration.new(hsh[:exceptions])
-        @interpolate = hsh[:interpolate]
-        @propagate_yield = hsh[:propagate_yield]
-        @require_scan = hsh[:require_scan]
-        @non_request_tracking = hsh[:non_request_tracking]
-        @uninstrument_namespace = hsh[:uninstrument_namespace]
-      end
-      # These commands being detected will result the agent disabling instrumentation, generally any command
-      # that doesn't result in the application listening on a port can be added here, this normally includes tasks
-      # that are ran pre-startup(like migrations) or to show information about the application(such as routes)
-      # @return [Array, DISABLED_RAKE_TASK_LIST]
-      def disabled_agent_rake_tasks
-        @disabled_agent_rake_tasks.nil? ? DISABLED_RAKE_TASK_LIST : @disabled_agent_rake_tasks
-      end
-      # @return [Contrast::Config::ExceptionConfiguration]
-      def exceptions
-        @exceptions ||= Contrast::Config::ExceptionConfiguration.new
-      end
-      # controls whether or not we patch interpolation, either by rewrite or by funchook
-      # @return [Boolean, Contrast::Utils::ObjectShare::TRUE]
-      def interpolate
-        @interpolate.nil? ? Contrast::Utils::ObjectShare::TRUE : @interpolate
-      end
-      # controls whether or not we patch the rb_yield block to track split propagation
-      # @return [Boolean, Contrast::Utils::ObjectShare::TRUE]
-      def propagate_yield
-        @propagate_yield.nil? ? Contrast::Utils::ObjectShare::TRUE : @propagate_yield
-      end
-      # control whether or not we run file scanning rules on require
-      # @return [Boolean, Contrast::Utils::ObjectShare::TRUE]
-      def require_scan
-        @require_scan.nil? ?  Contrast::Utils::ObjectShare::TRUE  : @require_scan
-      end
-      # controls tracking outside of request
-      # @return [Boolean, Contrast::Utils::ObjectShare::FALSE]
-      def non_request_tracking
-        @non_request_tracking.nil? ? Contrast::Utils::ObjectShare::FALSE : @non_request_tracking
-      end
-      # @return [Array, DEFAULT_UNINSTRUMENTED_NAMESPACES]
-      def uninstrument_namespace
-        @uninstrument_namespace.nil? ? DEFAULT_UNINSTRUMENTED_NAMESPACES : @uninstrument_namespace
-      end
-    end
-  end
-end

data/lib/contrast/config/service_configuration.rb DELETED Viewed

@@ -1,49 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-require 'contrast/components/logger'
-module Contrast
-  module Config
-    # Common Configuration settings. Those in this section pertain to the communication between the Agent & the Service
-    class ServiceConfiguration
-      include Contrast::Config::BaseConfiguration
-      # We don't set these b/c we've been asked to handle the default values of these settings differently, logging
-      # when we have to use them.
-      DEFAULT_HOST       = '127.0.0.1' # rubocop:disable Style/IpAddresses
-      DEFAULT_PORT       = '30555'
-      attr_writer :logger, :bypass
-      # @return [String, nil]
-      attr_accessor :socket
-      # @return [String, nil]
-      attr_accessor :port
-      # @return [String, nil]
-      attr_accessor :host
-      # @return [Boolean, nil]
-      attr_accessor :enable
-      def initialize hsh = {}
-        return unless hsh
-        @enable = hsh[:enable]
-        @host = hsh[:host]
-        @port = hsh[:port]
-        @socket = hsh[:socket]
-        @logger = Contrast::Components::Logger::Interface.new(hsh[:logger])
-        @bypass = hsh[:bypass]
-      end
-      # @return [Contrast::Components::Logger::Interface]
-      def logger
-        @logger ||= Contrast::Components::Logger::Interface.new
-      end
-      # @return [Boolean, false]
-      def bypass
-        @bypass.nil? ? false : @bypass
-      end
-    end
-  end
-end

data/lib/contrast/tasks/service.rb DELETED Viewed

@@ -1,84 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-require 'contrast/utils/os'
-module Contrast
-  # A Rake task designed to allow control of the Contrast Service as a stand
-  # alone executable rather than one managed by the Agent running in a process
-  # forked from the application
-  module Service
-    extend Rake::DSL
-    # Start the service if it is not already running
-    def self.start_service
-      puts('Starting Contrast Service')
-      service_log = ::Contrast::CONTRAST_SERVICE.logger_path
-      if File.writable?(service_log)
-        spawn('contrast_service', out: File::NULL, err: service_log)
-      else
-        spawn('contrast_service', %i[out err] => File::NULL)
-      end
-      watcher = Contrast::Agent::Thread.new do
-        sleep(0.05) until Contrast::Utils::OS.running?
-      end
-      watcher.join(1)
-      puts(Contrast::Utils::OS.running? ? 'Contrast Service started successfully.' : 'Contrast Service did not start.')
-    end
-    # Stop the service if it is running
-    def self.stop_service
-      pid = `ps aux | grep contrast-servic[e] | awk '{print $2}'`
-      `kill #{ pid }` if pid
-    end
-    namespace :contrast do
-      namespace :service do
-        desc 'Starts the Contrast Service'
-        task :start do
-          if Contrast::Utils::OS.running?
-            puts 'Contrast Service already running. No need to start'
-          else
-            start_service
-          end
-        end
-      end
-    end
-    namespace :contrast do
-      namespace :service do
-        desc 'Prints the status of the Contrast Service'
-        task :status do
-          if Contrast::Utils::OS.running?
-            puts 'online'
-          else
-            puts 'offline'
-          end
-        end
-      end
-    end
-    namespace :contrast do
-      namespace :service do
-        desc 'Stops the Contrast Service'
-        task :stop do
-          if Contrast::Utils::OS.running?
-            puts 'Stopping Contrast Service'
-            stop_service
-            watcher = Contrast::Agent::Thread.new do
-              sleep(0.05) while Contrast::Utils::OS.running?
-            end
-            watcher.join(1)
-            if Contrast::Utils::OS.running?
-              puts 'Contrast Service did not stop.'
-            else
-              puts 'Contrast Service stopped successfully.'
-            end
-          else
-            puts 'Contrast Service is not already running. No need to stop.'
-          end
-        end
-      end
-    end
-  end
-end

data/lib/contrast/utils/input_classification.rb DELETED Viewed

@@ -1,73 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-require 'contrast/utils/object_share'
-require 'contrast/agent/reporting/input_analysis/input_type'
-require 'contrast/agent/reporting/input_analysis/score_level'
-require 'contrast/agent/protect/input_analyzer/input_analyzer'
-module Contrast
-  module Agent
-    module Protect
-      module Rule
-        # This module will include all the similar information for all input classifications
-        # between different rules
-        module InputClassificationBase
-          include Contrast::Agent::Reporting::InputType
-          include Contrast::Agent::Reporting::ScoreLevel
-          # Input Classification stage is done to determine if an user input is
-          # WORTHWATCHING or to be ignored.
-          #
-          # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
-          # @param value [String, Array<String>] the value of the input.
-          # @param input_analysis [Contrast::Agent::Reporting::InputAnalysis] Holds all the results from the
-          #                                                       agent analysis from the current
-          #                                                       Request.
-          # @return ia [Contrast::Agent::Reporting::InputAnalysis] with updated results.
-          def classify input_type, value, input_analysis # rubocop:disable Lint/UnusedMethodArgument
-            return false unless input_analysis.request
-            true
-          end
-          # Creates new isntance of InputAnalysisResult with basic info.
-          #
-          # @param rule_id [String] The name of the Protect Rule.
-          # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
-          # @param value [String, Array<String>] the value of the input.
-          # @param path [String] the path of the current request context.
-          #
-          # @return res [Contrast::Agent::Reporting::InputAnalysisResult]
-          def new_ia_result rule_id, input_type, path, value = nil
-            res = Contrast::Agent::Reporting::InputAnalysisResult.new
-            res.rule_id = rule_id
-            res.input_type = input_type
-            res.path = path
-            res.value = value
-            res
-          end
-          # This methods checks if input is value that matches a key in the input.
-          #
-          # @param request [Contrast::Agent::Request] the current request context.
-          # @param result [Contrast::Agent::Reporting::InputAnalysisResult] result to be updated.
-          # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
-          # @param value [String, Array<String>] the value of the input.
-          #
-          # @return result [Contrast::Agent::Reporting::InputAnalysisResult] updated with key result.
-          def add_needed_key request, result, input_type, value
-            case input_type
-            when COOKIE_VALUE
-              result.key = request.cookies.key(value)
-            when PARAMETER_VALUE
-              result.key = request.parameters.key(value)
-            else
-              result.key
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/contrast/utils/preflight_util.rb DELETED Viewed

@@ -1,13 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-module Contrast
-  module Utils
-    # Utility for generating preflight message token
-    module PreflightUtil
-      def self.create_preflight finding
-        "#{ finding.rule_id },#{ finding.hash_code }"
-      end
-    end
-  end
-end

data/lib/protobuf/code_generator.rb DELETED Viewed

@@ -1,129 +0,0 @@
-require 'active_support/core_ext/module/aliasing'
-require 'protobuf/generators/file_generator'
-module Protobuf
-  class CodeGenerator
-    CodeGeneratorFatalError = Class.new(RuntimeError)
-    def self.fatal(message)
-      fail CodeGeneratorFatalError, message
-    end
-    def self.print_tag_warning_suppress
-      STDERR.puts "Suppress tag warning output with PB_NO_TAG_WARNINGS=1."
-      def self.print_tag_warning_suppress; end # rubocop:disable Lint/DuplicateMethods, Lint/NestedMethodDefinition
-    end
-    def self.warn(message)
-      STDERR.puts("[WARN] #{message}")
-    end
-    private
-    attr_accessor :request
-    public
-    def initialize(request_bytes)
-      @request_bytes = request_bytes
-      self.request = ::CSGoogle::Protobuf::Compiler::CodeGeneratorRequest.decode(request_bytes)
-    end
-    def eval_unknown_extensions!
-      request.proto_file.each do |file_descriptor|
-        ::Protobuf::Generators::FileGenerator.new(file_descriptor).eval_unknown_extensions!
-      end
-      self.request = ::CSGoogle::Protobuf::Compiler::CodeGeneratorRequest.decode(@request_bytes)
-    end
-    def generate_file(file_descriptor)
-      ::Protobuf::Generators::FileGenerator.new(file_descriptor).generate_output_file
-    end
-    def response_bytes
-      generated_files = request.proto_file.map do |file_descriptor|
-        generate_file(file_descriptor)
-      end
-      ::CSGoogle::Protobuf::Compiler::CodeGeneratorResponse.encode(
-        :file => generated_files,
-        :supported_features => supported_features,
-      )
-    end
-    def supported_features
-      # The only available feature is proto3 with optional fields.
-      # This is backwards compatible with proto2 optional fields.
-      ::CSGoogle::Protobuf::Compiler::CodeGeneratorResponse::Feature::FEATURE_PROTO3_OPTIONAL.to_i
-    end
-    Protobuf::Field::BaseField.module_eval do
-      def define_set_method!
-      end
-      def set_without_options(message_instance, bytes)
-        return message_instance[name] = decode(bytes) unless repeated?
-        if map?
-          hash = message_instance[name]
-          entry = decode(bytes)
-          # decoded value could be nil for an
-          # enum value that is not recognized
-          hash[entry.key] = entry.value unless entry.value.nil?
-          return hash[entry.key]
-        end
-        return message_instance[name] << decode(bytes) unless packed?
-        array = message_instance[name]
-        stream = StringIO.new(bytes)
-        if wire_type == ::Protobuf::WireType::VARINT
-          array << decode(Varint.decode(stream)) until stream.eof?
-        elsif wire_type == ::Protobuf::WireType::FIXED64
-          array << decode(stream.read(8)) until stream.eof?
-        elsif wire_type == ::Protobuf::WireType::FIXED32
-          array << decode(stream.read(4)) until stream.eof?
-        end
-      end
-      # Sets a MessageField that is known to be an option.
-      # We must allow fields to be set one at a time, as option syntax allows us to
-      # set each field within the option using a separate "option" line.
-      def set_with_options(message_instance, bytes)
-        if message_instance[name].is_a?(::Protobuf::Message)
-          gp = CSGoogle::Protobuf
-          if message_instance.is_a?(gp::EnumOptions) || message_instance.is_a?(gp::EnumValueOptions) ||
-             message_instance.is_a?(gp::FieldOptions) || message_instance.is_a?(gp::FileOptions) ||
-             message_instance.is_a?(gp::MethodOptions) || message_instance.is_a?(gp::ServiceOptions) ||
-             message_instance.is_a?(gp::MessageOptions)
-            original_field = message_instance[name]
-            decoded_field = decode(bytes)
-            decoded_field.each_field do |subfield, subvalue|
-              option_set(original_field, subfield, subvalue) { decoded_field.field?(subfield.tag) }
-            end
-            return
-          end
-        end
-        set_without_options(message_instance, bytes)
-      end
-      alias_method :set, :set_with_options
-      def option_set(message_field, subfield, subvalue)
-        return unless yield
-        if subfield.repeated?
-          message_field[subfield.tag].concat(subvalue)
-        elsif message_field[subfield.tag] && subvalue.is_a?(::Protobuf::Message)
-          subvalue.each_field do |f, v|
-            option_set(message_field[subfield.tag], f, v) { subvalue.field?(f.tag) }
-          end
-        else
-          message_field[subfield.tag] = subvalue
-        end
-      end
-    end
-  end
-end

data/lib/protobuf/decoder.rb DELETED Viewed

@@ -1,28 +0,0 @@
-module Protobuf
-  class Decoder
-    # Read bytes from +stream+ and pass to +message+ object.
-    def self.decode_each_field(stream)
-      until stream.eof?
-        bits = Varint.decode(stream)
-        wire_type = bits & 0x07
-        tag = bits >> 3
-        bytes = if wire_type == ::Protobuf::WireType::VARINT
-                  Varint.decode(stream)
-                elsif wire_type == ::Protobuf::WireType::LENGTH_DELIMITED
-                  value_length = Varint.decode(stream)
-                  stream.read(value_length)
-                elsif wire_type == ::Protobuf::WireType::FIXED64
-                  stream.read(8)
-                elsif wire_type == ::Protobuf::WireType::FIXED32
-                  stream.read(4)
-                else
-                  fail InvalidWireType, wire_type
-                end
-        yield(tag, bytes)
-      end
-    end
-  end
-end