contrast-agent 6.6.5 → 6.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (150) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +3 -0
  3. data/.gitmodules +0 -3
  4. data/ext/cs__scope/cs__scope.c +1 -1
  5. data/lib/contrast/agent/assess/contrast_event.rb +2 -24
  6. data/lib/contrast/agent/assess/events/source_event.rb +7 -61
  7. data/lib/contrast/agent/assess/finalizers/hash.rb +11 -0
  8. data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +0 -55
  9. data/lib/contrast/agent/assess/policy/policy_node.rb +3 -3
  10. data/lib/contrast/agent/assess/policy/policy_node_utils.rb +0 -1
  11. data/lib/contrast/agent/assess/policy/propagation_node.rb +4 -4
  12. data/lib/contrast/agent/assess/policy/source_method.rb +24 -1
  13. data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +7 -5
  14. data/lib/contrast/agent/assess/policy/trigger/xpath.rb +6 -1
  15. data/lib/contrast/agent/assess/policy/trigger_method.rb +36 -132
  16. data/lib/contrast/agent/assess/policy/trigger_node.rb +3 -3
  17. data/lib/contrast/agent/assess/property/evented.rb +2 -12
  18. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +42 -84
  19. data/lib/contrast/agent/assess/rule/response/base_rule.rb +11 -27
  20. data/lib/contrast/agent/assess/rule/response/body_rule.rb +1 -3
  21. data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +77 -62
  22. data/lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb +1 -1
  23. data/lib/contrast/agent/assess/rule/response/framework/rails_support.rb +6 -1
  24. data/lib/contrast/agent/assess/rule/response/header_rule.rb +5 -5
  25. data/lib/contrast/agent/assess/rule/response/hsts_header_rule.rb +1 -1
  26. data/lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb +1 -1
  27. data/lib/contrast/agent/assess/tracker.rb +1 -7
  28. data/lib/contrast/agent/excluder.rb +206 -0
  29. data/lib/contrast/agent/exclusion_matcher.rb +6 -0
  30. data/lib/contrast/agent/inventory/database_config.rb +6 -10
  31. data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +4 -0
  32. data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +1 -0
  33. data/lib/contrast/agent/protect/rule/base.rb +49 -5
  34. data/lib/contrast/agent/protect/rule/base_service.rb +1 -0
  35. data/lib/contrast/agent/protect/rule/cmd_injection.rb +18 -105
  36. data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb +129 -0
  37. data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb +169 -0
  38. data/lib/contrast/agent/protect/rule/deserialization.rb +2 -1
  39. data/lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb +51 -0
  40. data/lib/contrast/agent/protect/rule/sqli/sqli_semantic/sqli_dangerous_functions.rb +67 -0
  41. data/lib/contrast/agent/protect/rule/sqli.rb +6 -31
  42. data/lib/contrast/agent/protect/rule/xxe.rb +2 -0
  43. data/lib/contrast/agent/protect/rule.rb +3 -1
  44. data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +6 -0
  45. data/lib/contrast/agent/reporting/details/sqli_dangerous_functions.rb +22 -0
  46. data/lib/contrast/agent/reporting/reporter.rb +1 -2
  47. data/lib/contrast/agent/reporting/reporting_events/agent_startup.rb +2 -2
  48. data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +1 -4
  49. data/lib/contrast/agent/reporting/reporting_events/application_startup.rb +1 -1
  50. data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +0 -23
  51. data/lib/contrast/agent/reporting/reporting_events/finding.rb +19 -49
  52. data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +12 -9
  53. data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +1 -1
  54. data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +23 -21
  55. data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +5 -18
  56. data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +1 -0
  57. data/lib/contrast/{api/decorators/trace_taint_range_tags.rb → agent/reporting/reporting_events/finding_event_taint_range_tags.rb} +7 -6
  58. data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +1 -1
  59. data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +1 -1
  60. data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +2 -2
  61. data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +10 -14
  62. data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +11 -0
  63. data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +3 -1
  64. data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +11 -23
  65. data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +8 -26
  66. data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +1 -1
  67. data/lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb +4 -7
  68. data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +1 -1
  69. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +3 -3
  70. data/lib/contrast/agent/request.rb +2 -2
  71. data/lib/contrast/agent/request_context.rb +8 -20
  72. data/lib/contrast/agent/request_context_extend.rb +15 -36
  73. data/lib/contrast/agent/request_handler.rb +0 -8
  74. data/lib/contrast/agent/response.rb +0 -18
  75. data/lib/contrast/agent/telemetry/events/event.rb +1 -1
  76. data/lib/contrast/agent/telemetry/events/metric_event.rb +1 -1
  77. data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb +3 -3
  78. data/lib/contrast/agent/version.rb +1 -1
  79. data/lib/contrast/api/communication/messaging_queue.rb +2 -3
  80. data/lib/contrast/api/communication/socket_client.rb +4 -4
  81. data/lib/contrast/api/communication/speedracer.rb +4 -8
  82. data/lib/contrast/api/decorators/agent_startup.rb +5 -6
  83. data/lib/contrast/api/decorators/application_settings.rb +2 -1
  84. data/lib/contrast/api/decorators/application_startup.rb +6 -6
  85. data/lib/contrast/api/decorators/message.rb +0 -4
  86. data/lib/contrast/api/decorators/rasp_rule_sample.rb +0 -6
  87. data/lib/contrast/api/decorators.rb +0 -6
  88. data/lib/contrast/api/dtm.pb.rb +0 -489
  89. data/lib/contrast/components/agent.rb +16 -12
  90. data/lib/contrast/components/api.rb +10 -10
  91. data/lib/contrast/components/app_context.rb +3 -3
  92. data/lib/contrast/components/app_context_extend.rb +1 -1
  93. data/lib/contrast/components/assess.rb +92 -38
  94. data/lib/contrast/components/assess_rules.rb +36 -0
  95. data/lib/contrast/components/config.rb +54 -12
  96. data/lib/contrast/components/contrast_service.rb +8 -8
  97. data/lib/contrast/components/heap_dump.rb +1 -1
  98. data/lib/contrast/components/protect.rb +5 -5
  99. data/lib/contrast/components/ruby_component.rb +81 -0
  100. data/lib/contrast/components/sampling.rb +1 -1
  101. data/lib/contrast/components/security_logger.rb +23 -0
  102. data/lib/contrast/components/service.rb +55 -0
  103. data/lib/contrast/components/settings.rb +12 -4
  104. data/lib/contrast/config/base_configuration.rb +1 -1
  105. data/lib/contrast/config/protect_rules_configuration.rb +17 -3
  106. data/lib/contrast/config/server_configuration.rb +1 -1
  107. data/lib/contrast/config.rb +0 -6
  108. data/lib/contrast/configuration.rb +81 -17
  109. data/lib/contrast/extension/assess/exec_trigger.rb +3 -1
  110. data/lib/contrast/extension/assess/marshal.rb +3 -2
  111. data/lib/contrast/extension/assess/string.rb +0 -1
  112. data/lib/contrast/extension/extension.rb +1 -1
  113. data/lib/contrast/framework/base_support.rb +0 -5
  114. data/lib/contrast/framework/grape/support.rb +1 -23
  115. data/lib/contrast/framework/manager.rb +0 -10
  116. data/lib/contrast/framework/rails/support.rb +5 -58
  117. data/lib/contrast/framework/sinatra/support.rb +2 -21
  118. data/lib/contrast/logger/cef_log.rb +21 -3
  119. data/lib/contrast/logger/log.rb +1 -11
  120. data/lib/contrast/tasks/config.rb +4 -2
  121. data/lib/contrast/utils/assess/event_limit_utils.rb +5 -8
  122. data/lib/contrast/utils/assess/trigger_method_utils.rb +10 -18
  123. data/lib/contrast/utils/findings.rb +6 -5
  124. data/lib/contrast/utils/hash_digest.rb +9 -24
  125. data/lib/contrast/utils/hash_digest_extend.rb +6 -6
  126. data/lib/contrast/utils/invalid_configuration_util.rb +21 -58
  127. data/lib/contrast/utils/log_utils.rb +32 -8
  128. data/lib/contrast/utils/net_http_base.rb +2 -2
  129. data/lib/contrast/utils/patching/policy/patch_utils.rb +3 -2
  130. data/lib/contrast/utils/stack_trace_utils.rb +0 -25
  131. data/lib/contrast/utils/string_utils.rb +9 -0
  132. data/lib/contrast/utils/telemetry_client.rb +13 -7
  133. data/lib/contrast.rb +5 -10
  134. metadata +22 -28
  135. data/lib/contrast/agent/reporting/reporting_events/trace_event_source.rb +0 -30
  136. data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +0 -36
  137. data/lib/contrast/api/decorators/activity.rb +0 -33
  138. data/lib/contrast/api/decorators/architecture_component.rb +0 -36
  139. data/lib/contrast/api/decorators/finding.rb +0 -29
  140. data/lib/contrast/api/decorators/route_coverage.rb +0 -91
  141. data/lib/contrast/api/decorators/trace_event.rb +0 -120
  142. data/lib/contrast/api/decorators/trace_event_object.rb +0 -63
  143. data/lib/contrast/api/decorators/trace_event_signature.rb +0 -69
  144. data/lib/contrast/api/decorators/trace_taint_range.rb +0 -52
  145. data/lib/contrast/config/assess_configuration.rb +0 -93
  146. data/lib/contrast/config/assess_rules_configuration.rb +0 -32
  147. data/lib/contrast/config/root_configuration.rb +0 -90
  148. data/lib/contrast/config/ruby_configuration.rb +0 -81
  149. data/lib/contrast/config/service_configuration.rb +0 -49
  150. data/lib/contrast/utils/preflight_util.rb +0 -13
@@ -5,6 +5,7 @@ require 'socket'
5
5
  require 'contrast/agent/version'
6
6
  require 'contrast/utils/object_share'
7
7
  require 'contrast/logger/aliased_logging'
8
+ require 'fileutils'
8
9
 
9
10
  module Contrast
10
11
  module Utils
@@ -18,6 +19,17 @@ module Contrast
18
19
  PROGNAME = 'Contrast Agent'
19
20
  DATE_TIME_FORMAT = '%Y-%m-%dT%H:%M:%S.%L%z'
20
21
 
22
+ # StringIO is a valid path because it logs directly to a string buffer
23
+ def write_permission? path
24
+ return false if path.nil?
25
+ return true if path.is_a?(StringIO)
26
+ return File.writable?(path) if File.exist?(path)
27
+
28
+ dir_name = File.dirname(File.absolute_path(path))
29
+ FileUtils.mkdir_p(dir_name) unless Dir.exist?(dir_name)
30
+ File.writable?(dir_name)
31
+ end
32
+
21
33
  private
22
34
 
23
35
  def build path: STDOUT_STR, level_const: DEFAULT_LEVEL, progname: PROGNAME
@@ -48,26 +60,26 @@ module Contrast
48
60
  # TeamServer.
49
61
  # @return [String] the path to which to log or STDOUT / STDERR if one of those values provided.
50
62
  def find_valid_path log_file
51
- config = ::Contrast::CONFIG.root.agent.logger
63
+ config = ::Contrast::CONFIG.agent.logger
52
64
  config_path = config&.path&.length.to_i.positive? ? config.path : nil
53
65
  valid_path(config_path || log_file)
54
66
  end
55
67
 
56
- def valid_path path
68
+ def valid_path path, default_name: DEFAULT_NAME
57
69
  path = path.nil? ? Contrast::Utils::ObjectShare::EMPTY_STRING : path
58
70
  return path if path == STDOUT_STR
59
71
  return path if path == STDERR_STR
60
72
 
61
- path = DEFAULT_NAME if path.empty?
73
+ path = default_name if path.empty?
62
74
  if write_permission?(path)
63
75
  path
64
- elsif write_permission?(DEFAULT_NAME)
76
+ elsif write_permission?(default_name)
65
77
  # Log once when the path is invalid. We'll change to this path, so no
66
78
  # need to log again.
67
- if previous_path != DEFAULT_NAME
68
- $stdout.puts("[!] Unable to write to '#{ path }'. Writing to default log '#{ DEFAULT_NAME }' instead.")
79
+ if previous_path != default_name
80
+ $stdout.puts("[!] Unable to write to '#{ path }'. Writing to default log '#{ default_name }' instead.")
69
81
  end
70
- DEFAULT_NAME
82
+ default_name
71
83
  else
72
84
  # Log once when the path is invalid. We'll change to this path, so no
73
85
  # need to log again.
@@ -82,7 +94,7 @@ module Contrast
82
94
  # TeamServer.
83
95
  # @return [::Ougai::Logging::Severity] the level at which to log
84
96
  def find_valid_level log_level
85
- config = ::Contrast::CONFIG.root.agent.logger
97
+ config = ::Contrast::CONFIG.agent.logger
86
98
  config_level = config&.level&.length&.positive? ? config.level : nil
87
99
 
88
100
  valid_level(config_level || log_level)
@@ -167,6 +179,18 @@ module Contrast
167
179
  end
168
180
  end
169
181
 
182
+ def valid_level level
183
+ level ||= DEFAULT_LEVEL
184
+ level = level.upcase
185
+ if VALID_LEVELS.include?(level)
186
+ Object.cs__const_get("::Logger::Severity::#{ level }")
187
+ else
188
+ DEFAULT_LEVEL
189
+ end
190
+ rescue StandardError
191
+ DEFAULT_LEVEL
192
+ end
193
+
170
194
  # This method will extract the metadata information from context and other places
171
195
  #
172
196
  # initial structure of the data:
@@ -26,10 +26,10 @@ module Contrast
26
26
  return unless url
27
27
 
28
28
  addr = URI(url)
29
- # the proxy is enabled only if there is provided url even if the enable is set to true
30
29
  return if addr.host.nil? || addr.port.nil?
31
- return if addr.scheme != 'https' && !addr.host.to_s.include?('localhost') # TODO: RUBY-99999 allow http w/ localhost # rubocop:disable Layout/LineLength
30
+ return if addr.scheme != 'https' && !addr.host.to_s.include?('localhost')
32
31
 
32
+ # the proxy is enabled only if there is provided url even if the enable is set to true
33
33
  proxy_addr = URI(Contrast::API.proxy_url) if proxy_enabled?
34
34
  net_http_client = initialize_client(addr, proxy_addr, use_proxy, use_custom_cert)
35
35
  return if net_http_client.nil?
@@ -117,7 +117,8 @@ module Contrast
117
117
  return ret if current_context && !current_context.analyze_request?
118
118
 
119
119
  trigger_node = method_policy.trigger_node
120
- if trigger_node
120
+
121
+ if trigger_node && !trigger_node.nil?
121
122
  Contrast::Agent::Assess::Policy::TriggerMethod.apply_trigger_rule(trigger_node, object, ret, args)
122
123
  end
123
124
  if method_policy.source_node
@@ -135,7 +136,7 @@ module Contrast
135
136
  rescue StandardError => e
136
137
  logger.error('Unable to assess method call.', e)
137
138
  rescue Exception => e # rubocop:disable Lint/RescueException
138
- logger.error('Unable to assess method call.', e)
139
+ logger.error('Unable to assess method call due to exception.', e)
139
140
  raise(e)
140
141
  ensure
141
142
  ret.rewind if Contrast::Utils::IOUtil.should_rewind?(ret)
@@ -50,31 +50,6 @@ module Contrast
50
50
  build_protect_stack(Contrast::Agent::Reporting::ApplicationDefendAttackSampleStack)
51
51
  end
52
52
 
53
- # Translate a caller array to an array of TraceStacks for TeamServer to
54
- # display, excluding any Contrast code found.
55
- #
56
- # @param stack [Array<String>] the output of Kernel.caller
57
- # @return [Array<Contrast::Api::Dtm::TraceStack]
58
- def build_assess_stack_array stack
59
- converted = []
60
- return converted unless stack
61
-
62
- i = 0
63
- while i < stack.length
64
- caller_location = stack[i]
65
- i += 1
66
- next if caller_location.include?(AGENT_CLASS_MARKER)
67
-
68
- # To play nice with the way that TeamServer is rendering these
69
- # values, we only populate the file_name field with exactly what we
70
- # want them to display
71
- element = Contrast::Api::Dtm::TraceStack.new
72
- element.file_name = caller_location
73
- converted << element
74
- end
75
- converted
76
- end
77
-
78
53
  private
79
54
 
80
55
  def reject_caller_entries stack
@@ -37,12 +37,21 @@ module Contrast
37
37
  end
38
38
 
39
39
  # Truncate a string to 255 characters max length
40
+ #
41
+ # @param str [String] the string tt truncate
42
+ # @param default [String] what to default to
43
+ # @return [String]
40
44
  def truncate str, default = Contrast::Utils::ObjectShare::EMPTY_STRING
41
45
  return default if str.nil?
42
46
 
43
47
  str.to_s[0..255]
44
48
  end
45
49
 
50
+ # Cast the given object, which should be a String, into a UTF-8 String for reporting. All given objects will be
51
+ # cast to their to_s form, except nil which will become the ObjectShare::EMPTY_STRING, and then cast.
52
+ #
53
+ # @param str [String, Object, nil]
54
+ # @return [String]
46
55
  def force_utf8 str
47
56
  return Contrast::Utils::ObjectShare::EMPTY_STRING unless str
48
57
 
@@ -34,18 +34,12 @@ module Contrast
34
34
  def build_request event
35
35
  return unless valid_event?(event)
36
36
 
37
- string_body = if event.cs__is_a?(Contrast::Agent::Telemetry::TelemetryException::Event)
38
- [event.to_controlled_hash]
39
- else
40
- [event.to_hash]
41
- end
42
-
43
37
  header = {
44
38
  'User-Agent' => "<#{ Contrast::Utils::ObjectShare::RUBY }>-<#{ Contrast::Agent::VERSION }>",
45
39
  'Content-Type' => 'application/json'
46
40
  }
47
41
  request = Net::HTTP::Post.new(build_path(event), header)
48
- request.body = string_body.to_json
42
+ request.body = get_event_json(event)
49
43
  request
50
44
  end
51
45
 
@@ -97,6 +91,18 @@ module Contrast
97
91
  path = endpoint == EXCEPTIONS ? Contrast::Agent::Telemetry::TelemetryException::Event.path : event.path
98
92
  "#{ Contrast::Agent::Telemetry::Base::URL }#{ endpoint }#{ path }"
99
93
  end
94
+
95
+ # Helper Method to get json representation of Telemetry Event data, handles error on to_json
96
+ #
97
+ # @param event [Contrast::Agent::Telemetry::Event, Array<Contrast::Agent::Telemetry::TelemetryException::Event>]
98
+ # @return [String] - JSON
99
+ def get_event_json event
100
+ hsh = [event.to_controlled_hash]
101
+ hsh.to_json
102
+ rescue Exception => e # rubocop:disable Lint/RescueException
103
+ logger.error('Unable to convert TelemetryEvent to JSON string', e, hsh)
104
+ raise(e)
105
+ end
100
106
  end
101
107
  end
102
108
  end
data/lib/contrast.rb CHANGED
@@ -53,13 +53,9 @@ if RUBY_VERSION >= '3.0.0' && RUBY_VERSION < '3.1.0'
53
53
  end
54
54
  end
55
55
 
56
- require 'contrast/components/agent'
57
- require 'contrast/components/api'
58
- require 'contrast/components/app_context'
59
56
  require 'contrast/components/assess'
60
57
  require 'contrast/components/config'
61
58
  require 'contrast/components/contrast_service'
62
- require 'contrast/components/inventory'
63
59
  require 'contrast/components/logger'
64
60
  require 'contrast/components/protect'
65
61
  require 'contrast/components/sampling'
@@ -73,15 +69,15 @@ require 'protobuf' # TODO: RUBY-1438
73
69
  module Contrast
74
70
  CONFIG = Contrast::Components::Config::Interface.new
75
71
  SCOPE = Contrast::Components::Scope::Interface.new
76
- API = CONFIG.root.api
72
+ API = CONFIG.api
77
73
  SETTINGS = Contrast::Components::Settings::Interface.new
78
- ASSESS = Contrast::Components::Assess::Interface.new
74
+ ASSESS = CONFIG.assess
79
75
  PROTECT = Contrast::Components::Protect::Interface.new
80
- INVENTORY = CONFIG.root.inventory
81
- AGENT = CONFIG.root.agent
76
+ INVENTORY = CONFIG.inventory
77
+ AGENT = CONFIG.agent
82
78
  LOGGER = AGENT.logger
83
79
  CONTRAST_SERVICE = Contrast::Components::ContrastService::Interface.new
84
- APP_CONTEXT = CONFIG.root.application
80
+ APP_CONTEXT = CONFIG.application
85
81
  end
86
82
 
87
83
  module Contrast
@@ -95,7 +91,6 @@ require 'contrast/agent/version'
95
91
 
96
92
  # shared utils
97
93
  require 'contrast/utils/timer'
98
- require 'contrast/utils/preflight_util'
99
94
 
100
95
  require 'contrast/utils/assess/sampling_util'
101
96
  require 'contrast/agent'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: contrast-agent
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.6.5
4
+ version: 6.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
13
13
  autorequire:
14
14
  bindir: exe
15
15
  cert_chain: []
16
- date: 2022-08-04 00:00:00.000000000 Z
16
+ date: 2022-08-31 00:00:00.000000000 Z
17
17
  dependencies:
18
18
  - !ruby/object:Gem::Dependency
19
19
  name: bundler
@@ -665,22 +665,22 @@ executables:
665
665
  - contrast_service
666
666
  extensions:
667
667
  - ext/cs__common/extconf.rb
668
- - ext/cs__tests/extconf.rb
669
- - ext/cs__assess_module/extconf.rb
670
- - ext/cs__assess_array/extconf.rb
671
668
  - ext/cs__assess_hash/extconf.rb
672
669
  - ext/cs__assess_basic_object/extconf.rb
673
- - ext/cs__assess_regexp/extconf.rb
674
- - ext/cs__os_information/extconf.rb
675
- - ext/cs__assess_test/extconf.rb
676
670
  - ext/cs__assess_string/extconf.rb
677
- - ext/cs__contrast_patch/extconf.rb
671
+ - ext/cs__assess_regexp/extconf.rb
672
+ - ext/cs__assess_yield_track/extconf.rb
678
673
  - ext/cs__assess_string_interpolation/extconf.rb
679
674
  - ext/cs__scope/extconf.rb
675
+ - ext/cs__contrast_patch/extconf.rb
676
+ - ext/cs__assess_module/extconf.rb
677
+ - ext/cs__assess_kernel/extconf.rb
680
678
  - ext/cs__assess_marshal_module/extconf.rb
679
+ - ext/cs__assess_test/extconf.rb
680
+ - ext/cs__os_information/extconf.rb
681
+ - ext/cs__assess_array/extconf.rb
682
+ - ext/cs__tests/extconf.rb
681
683
  - ext/cs__assess_fiber_track/extconf.rb
682
- - ext/cs__assess_yield_track/extconf.rb
683
- - ext/cs__assess_kernel/extconf.rb
684
684
  extra_rdoc_files: []
685
685
  files:
686
686
  - ".clang-format"
@@ -960,6 +960,7 @@ files:
960
960
  - lib/contrast/agent/deadzone/policy/deadzone_node.rb
961
961
  - lib/contrast/agent/deadzone/policy/policy.rb
962
962
  - lib/contrast/agent/disable_reaction.rb
963
+ - lib/contrast/agent/excluder.rb
963
964
  - lib/contrast/agent/exclusion_matcher.rb
964
965
  - lib/contrast/agent/inventory.rb
965
966
  - lib/contrast/agent/inventory/database_config.rb
@@ -997,6 +998,8 @@ files:
997
998
  - lib/contrast/agent/protect/rule/base.rb
998
999
  - lib/contrast/agent/protect/rule/base_service.rb
999
1000
  - lib/contrast/agent/protect/rule/cmd_injection.rb
1001
+ - lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb
1002
+ - lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb
1000
1003
  - lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb
1001
1004
  - lib/contrast/agent/protect/rule/cmdi/cmdi_worth_watching.rb
1002
1005
  - lib/contrast/agent/protect/rule/default_scanner.rb
@@ -1012,7 +1015,9 @@ files:
1012
1015
  - lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb
1013
1016
  - lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb
1014
1017
  - lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb
1018
+ - lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb
1015
1019
  - lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb
1020
+ - lib/contrast/agent/protect/rule/sqli/sqli_semantic/sqli_dangerous_functions.rb
1016
1021
  - lib/contrast/agent/protect/rule/sqli/sqli_worth_watching.rb
1017
1022
  - lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb
1018
1023
  - lib/contrast/agent/protect/rule/unsafe_file_upload.rb
@@ -1035,6 +1040,7 @@ files:
1035
1040
  - lib/contrast/agent/reporting/details/path_traversal_details.rb
1036
1041
  - lib/contrast/agent/reporting/details/path_traversal_semantic_analysis_details.rb
1037
1042
  - lib/contrast/agent/reporting/details/protect_rule_details.rb
1043
+ - lib/contrast/agent/reporting/details/sqli_dangerous_functions.rb
1038
1044
  - lib/contrast/agent/reporting/details/sqli_details.rb
1039
1045
  - lib/contrast/agent/reporting/details/untrusted_deserialization_details.rb
1040
1046
  - lib/contrast/agent/reporting/details/virtual_patch_details.rb
@@ -1077,6 +1083,7 @@ files:
1077
1083
  - lib/contrast/agent/reporting/reporting_events/finding_event_source.rb
1078
1084
  - lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb
1079
1085
  - lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb
1086
+ - lib/contrast/agent/reporting/reporting_events/finding_event_taint_range_tags.rb
1080
1087
  - lib/contrast/agent/reporting/reporting_events/finding_request.rb
1081
1088
  - lib/contrast/agent/reporting/reporting_events/library_discovery.rb
1082
1089
  - lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb
@@ -1091,10 +1098,8 @@ files:
1091
1098
  - lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb
1092
1099
  - lib/contrast/agent/reporting/reporting_events/server_activity.rb
1093
1100
  - lib/contrast/agent/reporting/reporting_events/server_reporting_event.rb
1094
- - lib/contrast/agent/reporting/reporting_events/trace_event_source.rb
1095
1101
  - lib/contrast/agent/reporting/reporting_utilities/audit.rb
1096
1102
  - lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb
1097
- - lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb
1098
1103
  - lib/contrast/agent/reporting/reporting_utilities/endpoints.rb
1099
1104
  - lib/contrast/agent/reporting/reporting_utilities/headers.rb
1100
1105
  - lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb
@@ -1167,14 +1172,11 @@ files:
1167
1172
  - lib/contrast/api/communication/tcp_socket.rb
1168
1173
  - lib/contrast/api/communication/unix_socket.rb
1169
1174
  - lib/contrast/api/decorators.rb
1170
- - lib/contrast/api/decorators/activity.rb
1171
1175
  - lib/contrast/api/decorators/address.rb
1172
1176
  - lib/contrast/api/decorators/agent_startup.rb
1173
1177
  - lib/contrast/api/decorators/application_settings.rb
1174
1178
  - lib/contrast/api/decorators/application_startup.rb
1175
- - lib/contrast/api/decorators/architecture_component.rb
1176
1179
  - lib/contrast/api/decorators/bot_blocker.rb
1177
- - lib/contrast/api/decorators/finding.rb
1178
1180
  - lib/contrast/api/decorators/http_request.rb
1179
1181
  - lib/contrast/api/decorators/input_analysis.rb
1180
1182
  - lib/contrast/api/decorators/instrumentation_mode.rb
@@ -1182,13 +1184,7 @@ files:
1182
1184
  - lib/contrast/api/decorators/message.rb
1183
1185
  - lib/contrast/api/decorators/rasp_rule_sample.rb
1184
1186
  - lib/contrast/api/decorators/response_type.rb
1185
- - lib/contrast/api/decorators/route_coverage.rb
1186
1187
  - lib/contrast/api/decorators/server_features.rb
1187
- - lib/contrast/api/decorators/trace_event.rb
1188
- - lib/contrast/api/decorators/trace_event_object.rb
1189
- - lib/contrast/api/decorators/trace_event_signature.rb
1190
- - lib/contrast/api/decorators/trace_taint_range.rb
1191
- - lib/contrast/api/decorators/trace_taint_range_tags.rb
1192
1188
  - lib/contrast/api/decorators/user_input.rb
1193
1189
  - lib/contrast/api/decorators/virtual_patch.rb
1194
1190
  - lib/contrast/api/dtm.pb.rb
@@ -1198,6 +1194,7 @@ files:
1198
1194
  - lib/contrast/components/app_context.rb
1199
1195
  - lib/contrast/components/app_context_extend.rb
1200
1196
  - lib/contrast/components/assess.rb
1197
+ - lib/contrast/components/assess_rules.rb
1201
1198
  - lib/contrast/components/base.rb
1202
1199
  - lib/contrast/components/config.rb
1203
1200
  - lib/contrast/components/contrast_service.rb
@@ -1205,13 +1202,14 @@ files:
1205
1202
  - lib/contrast/components/inventory.rb
1206
1203
  - lib/contrast/components/logger.rb
1207
1204
  - lib/contrast/components/protect.rb
1205
+ - lib/contrast/components/ruby_component.rb
1208
1206
  - lib/contrast/components/sampling.rb
1209
1207
  - lib/contrast/components/scope.rb
1208
+ - lib/contrast/components/security_logger.rb
1209
+ - lib/contrast/components/service.rb
1210
1210
  - lib/contrast/components/settings.rb
1211
1211
  - lib/contrast/config.rb
1212
1212
  - lib/contrast/config/api_proxy_configuration.rb
1213
- - lib/contrast/config/assess_configuration.rb
1214
- - lib/contrast/config/assess_rules_configuration.rb
1215
1213
  - lib/contrast/config/base_configuration.rb
1216
1214
  - lib/contrast/config/certification_configuration.rb
1217
1215
  - lib/contrast/config/env_variables.rb
@@ -1219,10 +1217,7 @@ files:
1219
1217
  - lib/contrast/config/protect_rule_configuration.rb
1220
1218
  - lib/contrast/config/protect_rules_configuration.rb
1221
1219
  - lib/contrast/config/request_audit_configuration.rb
1222
- - lib/contrast/config/root_configuration.rb
1223
- - lib/contrast/config/ruby_configuration.rb
1224
1220
  - lib/contrast/config/server_configuration.rb
1225
- - lib/contrast/config/service_configuration.rb
1226
1221
  - lib/contrast/configuration.rb
1227
1222
  - lib/contrast/extension/assess.rb
1228
1223
  - lib/contrast/extension/assess/array.rb
@@ -1298,7 +1293,6 @@ files:
1298
1293
  - lib/contrast/utils/os.rb
1299
1294
  - lib/contrast/utils/patching/policy/patch_utils.rb
1300
1295
  - lib/contrast/utils/patching/policy/patcher_utils.rb
1301
- - lib/contrast/utils/preflight_util.rb
1302
1296
  - lib/contrast/utils/request_utils.rb
1303
1297
  - lib/contrast/utils/resource_loader.rb
1304
1298
  - lib/contrast/utils/response_utils.rb
@@ -1,30 +0,0 @@
1
- # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
- # frozen_string_literal: true
3
-
4
- require 'json'
5
- require 'contrast/components/logger'
6
- require 'contrast/utils/object_share'
7
-
8
- module Contrast
9
- module Agent
10
- module Reporting
11
- # This is the new Trace Event Source class which will include all the needed information for the new reporting
12
- # system to relay this information in the Route Observation messages.
13
- class TraceEventSource
14
- attr_accessor :name, :type
15
-
16
- def initialize
17
- @name = Contrast::Utils::ObjectShare::EMPTY_STRING
18
- @type = Contrast::Utils::ObjectShare::EMPTY_STRING
19
- end
20
-
21
- def to_controlled_hash
22
- {
23
- name: @name,
24
- type: @type
25
- }
26
- end
27
- end
28
- end
29
- end
30
- end
@@ -1,36 +0,0 @@
1
- # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
- # frozen_string_literal: true
3
-
4
- require 'contrast/agent/reporting/reporting_events/application_activity'
5
- require 'contrast/api/dtm.pb'
6
-
7
- module Contrast
8
- module Agent
9
- module Reporting
10
- # Util module for checking DTM message type. It temporarily allows for the conversion from a DTM to an
11
- # EventReport.
12
- # TODO: RUBY-1438 -- remove
13
- module DtmMessage
14
- class << self
15
- # @param dtm [Contrast::Api::Dtm::Finding,Object]
16
- # @return [Boolean]
17
- def finding? dtm
18
- dtm.cs__is_a?(Contrast::Api::Dtm::Finding)
19
- end
20
-
21
- # Converts DTM message to Reporting Event for those messages that have conversion methods crated. We use this
22
- # as we work to move away from requiring the Service.
23
- #
24
- # @param dtm [Contrast::Api::Dtm]
25
- # @return event [Contrast::Agent::Reporting::ReportingEvent, nil]
26
- def dtm_to_event dtm
27
- # For the others, we convert them.
28
- return Contrast::Agent::Reporting::Finding.convert(dtm) if finding?(dtm)
29
-
30
- nil
31
- end
32
- end
33
- end
34
- end
35
- end
36
- end
@@ -1,33 +0,0 @@
1
- # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
- # frozen_string_literal: true
3
-
4
- require 'contrast/utils/string_utils'
5
-
6
- module Contrast
7
- module Api
8
- module Decorators
9
- # Used to decorate the {Contrast::Api::Dtm::Activity} protobuf model
10
- # to handle conversion between framework route classes and the dtm.
11
- module Activity
12
- def self.included klass
13
- klass.extend(ClassMethods)
14
- end
15
-
16
- # Class methods for Activity
17
- module ClassMethods
18
- def source_or_string obj
19
- if obj.cs__is_a?(Regexp)
20
- obj.source
21
- elsif obj.cs__respond_to?(:safe_string)
22
- obj.safe_string
23
- else
24
- obj.to_s
25
- end
26
- end
27
- end
28
- end
29
- end
30
- end
31
- end
32
-
33
- Contrast::Api::Dtm::Activity.include(Contrast::Api::Decorators::Activity)
@@ -1,36 +0,0 @@
1
- # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
- # frozen_string_literal: true
3
-
4
- require 'contrast/utils/string_utils'
5
-
6
- module Contrast
7
- module Api
8
- module Decorators
9
- # Used to decorate the {Contrast::Api::Dtm::ArchitectureComponent} protobuf model so it can own some of the data
10
- # massaging required for AppUpdate and Activity dtms.
11
- module ArchitectureComponent
12
- def self.included klass
13
- klass.extend(ClassMethods)
14
- end
15
-
16
- # Used to add class methods to the ApplicationUpdate class on inclusion of the decorator
17
- module ClassMethods
18
- # TeamServer only accepts certain values for ArchitectureComponents.
19
- # DO NOT CHANGE THIS!
20
- AC_TYPE_DB = 'db'
21
-
22
- # Create a Contrast::Api::Dtm::ArchitectureComponent of the database type.
23
- #
24
- # @return [Contrast::Api::Dtm::ArchitectureComponent]
25
- def build_database
26
- msg = Contrast::Api::Dtm::ArchitectureComponent.new
27
- msg.type = AC_TYPE_DB
28
- msg
29
- end
30
- end
31
- end
32
- end
33
- end
34
- end
35
-
36
- Contrast::Api::Dtm::ArchitectureComponent.include(Contrast::Api::Decorators::ArchitectureComponent)
@@ -1,29 +0,0 @@
1
- # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
- # frozen_string_literal: true
3
-
4
- require 'contrast/api/dtm.pb'
5
- require 'contrast/utils/string_utils'
6
- require 'contrast/components/base'
7
-
8
- module Contrast
9
- module Api
10
- module Decorators
11
- # Used to decorate the {Contrast::Api::Dtm::Finding} protobuf
12
- # model so it can own the request which its data is for.
13
- module Finding
14
- def self.included klass
15
- klass.extend(ClassMethods)
16
- end
17
-
18
- # Used to add class methods to the AgentStartup class on inclusion of the decorator
19
- module ClassMethods
20
- def build
21
- new
22
- end
23
- end
24
- end
25
- end
26
- end
27
- end
28
-
29
- Contrast::Api::Dtm::Finding.include(Contrast::Api::Decorators::Finding)