contrast-agent 6.7.0 → 6.8.0

data/lib/contrast/api/settings.pb.rb

@@ -1,500 +0,0 @@
-# encoding: utf-8
-
-##
-# This file is auto-generated. DO NOT EDIT!
-#
-require 'protobuf'
-
-module Contrast
-  module Api
-    module Settings
-      ::Protobuf::Optionable.inject(self) { ::CSGoogle::Protobuf::FileOptions }
-
-      ##
-      # Enum Classes
-      #
-      class LogLevel < ::Protobuf::Enum
-        define :TRACE, 0
-        define :DEBUG, 1
-        define :INFO, 2
-        define :WARN, 3
-        define :ERROR, 4
-      end
-
-
-      ##
-      # Message Classes
-      #
-      class ApplicationState < ::Protobuf::Message; end
-      class AgentSettings < ::Protobuf::Message; end
-      class ProtectState < ::Protobuf::Message; end
-      class ServerFeatures < ::Protobuf::Message
-        class InstrumentationMode < ::Protobuf::Enum
-          define :UNDEFINED, 0
-          define :AGENT_CONFIG, 1
-          define :DUPLEX, 2
-          define :PROFILER, 3
-        end
-
-      end
-
-      class ContrastServiceData < ::Protobuf::Message; end
-      class ApplicationSettings < ::Protobuf::Message; end
-      class SqlInjectionSettings < ::Protobuf::Message; end
-      class Reaction < ::Protobuf::Message
-        class Operation < ::Protobuf::Enum
-          define :NOOP, 0
-          define :DISABLE, 1
-          define :INVENTORY, 2
-        end
-
-      end
-
-      class AccumulatorSettings < ::Protobuf::Message
-      end
-
-      class InventoryFeatures < ::Protobuf::Message; end
-      class AssessFeatures < ::Protobuf::Message
-        class SaveStacktrace < ::Protobuf::Enum
-          define :UNDEFINED, 0
-          define :ALL, 1
-          define :SOME, 2
-          define :NONE, 3
-        end
-
-      end
-
-      class CustomRuleFeature < ::Protobuf::Message; end
-      class Sampling < ::Protobuf::Message; end
-      class DynamicSource < ::Protobuf::Message
-      end
-
-      class DefendFeatures < ::Protobuf::Message; end
-      class Syslog < ::Protobuf::Message
-        class ConnectionType < ::Protobuf::Enum
-          define :UNENCRYPTED, 0
-          define :ENCRYOTED, 1
-          define :ENCRYPTED, 2
-        end
-
-        class Severity < ::Protobuf::Enum
-          define :UNDEFINED, 0
-          define :ALERT, 1
-          define :CRITICAL, 2
-          define :ERROR, 3
-          define :WARNING, 4
-          define :NOTICE, 5
-          define :INFO, 6
-          define :DEBUG, 7
-        end
-
-      end
-
-      class BotBlocker < ::Protobuf::Message; end
-      class IpFilter < ::Protobuf::Message; end
-      class LogEnhancer < ::Protobuf::Message
-        class LogLevel < ::Protobuf::Enum
-          define :TRACE, 0
-          define :DEBUG, 1
-          define :INFO, 2
-          define :WARN, 3
-          define :ERROR, 4
-        end
-
-        class LogType < ::Protobuf::Enum
-          define :LOG_AUDIT, 0
-          define :LOG_ERROR, 1
-          define :LOG_SECURITY, 2
-        end
-
-      end
-
-      class RuleDefinition < ::Protobuf::Message; end
-      class StringDefinition < ::Protobuf::Message
-        class Type < ::Protobuf::Enum
-          define :KEYWORD, 0
-          define :PATTERN, 1
-        end
-
-      end
-
-      class Exclusion < ::Protobuf::Message
-        class ExclusionType < ::Protobuf::Enum
-          define :URL, 0
-          define :INPUT, 1
-          define :CODE, 2
-        end
-
-        class InputType < ::Protobuf::Enum
-          define :UNDEFINED, 0
-          define :COOKIE, 1
-          define :PARAMETER, 2
-          define :HEADER, 3
-          define :BODY, 4
-          define :QUERYSTRING, 5
-        end
-
-        class MatchStrategy < ::Protobuf::Enum
-          define :ALL, 0
-          define :ONLY, 1
-        end
-
-      end
-
-      class VirtualPatch < ::Protobuf::Message; end
-      class VirtualPatchCondition < ::Protobuf::Message
-        class InputType < ::Protobuf::Enum
-          define :UNKNOWN_INPUT, 0
-          define :USERAGENT, 1
-          define :REFERER, 2
-          define :URL, 3
-          define :PARAMETER, 4
-          define :HEADER, 5
-          define :CODE, 6
-        end
-
-        class Evaluation < ::Protobuf::Enum
-          define :UNKNOWN_EVALUATION, 0
-          define :MATCHES, 1
-          define :DOESNT_MATCH, 2
-          define :CONTAINS, 3
-          define :DOESNT_CONTAIN, 4
-          define :EQUALS, 5
-          define :DOESNT_EQUAL, 6
-        end
-
-      end
-
-      class ProtectionRule < ::Protobuf::Message
-        class Mode < ::Protobuf::Enum
-          define :NO_ACTION, 0
-          define :MONITOR, 1
-          define :BLOCK, 2
-          define :BLOCK_AT_PERIMETER, 3
-          define :PERMIT, 4
-        end
-
-      end
-
-      class Accumulator < ::Protobuf::Message; end
-      class Auth < ::Protobuf::Message
-        class Mode < ::Protobuf::Enum
-          define :OFF, 0
-          define :MONITOR, 1
-        end
-
-      end
-
-      class InputAnalysis < ::Protobuf::Message; end
-      class InputAnalysisResult < ::Protobuf::Message
-        class InputType < ::Protobuf::Enum
-          define :UNDEFINED_TYPE, 0
-          define :BODY, 1
-          define :COOKIE_NAME, 2
-          define :COOKIE_VALUE, 3
-          define :HEADER, 4
-          define :PARAMETER_NAME, 5
-          define :PARAMETER_VALUE, 6
-          define :QUERYSTRING, 7
-          define :URI, 8
-          define :SOCKET, 9
-          define :JSON_VALUE, 10
-          define :JSON_ARRAYED_VALUE, 11
-          define :MULTIPART_CONTENT_TYPE, 16
-          define :MULTIPART_VALUE, 17
-          define :MULTIPART_FIELD_NAME, 18
-          define :MULTIPART_NAME, 19
-          define :XML_VALUE, 20
-          define :DWR_VALUE, 21
-          define :METHOD, 22
-          define :REQUEST, 23
-          define :URL_PARAMETER, 24
-          define :UNKNOWN, 99
-        end
-
-        class ScoreLevel < ::Protobuf::Enum
-          define :DONTCARE, 0
-          define :WORTHWATCHING, 1
-          define :DEFINITEATTACK, 2
-        end
-
-      end
-
-
-
-      ##
-      # File Options
-      #
-      set_option :go_package, "bitbucket.org/contrastsecurity/go-speedracer-go/from_service"
-
-
-      ##
-      # Message Fields
-      #
-      class ApplicationState
-        optional :int64, :created_ms, 1
-        optional :string, :app_name, 2
-        optional :string, :app_language, 3
-        optional :string, :app_path, 4
-        optional :string, :app_group, 16
-        optional :string, :app_tags, 17
-        optional :string, :app_version, 18
-        optional ::Contrast::Api::Settings::ServerFeatures, :server_features, 6
-        optional ::Contrast::Api::Settings::ApplicationSettings, :application_settings, 7
-        optional ::Contrast::Api::Settings::AccumulatorSettings, :accumulator_settings, 8
-        optional :string, :server_name, 9
-        optional :string, :server_path, 10
-        optional :string, :server_type, 11
-        optional :string, :server_tags, 13
-        optional :string, :server_environment, 14
-        optional :string, :server_version, 15
-        optional :string, :agent_version, 12
-      end
-
-      class AgentSettings
-        optional :int64, :sent_ms, 1
-        optional ::Contrast::Api::Settings::ServerFeatures, :server_features, 2
-        optional ::Contrast::Api::Settings::ApplicationSettings, :application_settings, 3
-        optional ::Contrast::Api::Settings::AccumulatorSettings, :accumulator_settings, 4
-        optional ::Contrast::Api::Settings::ProtectState, :protect_state, 5
-        optional ::Contrast::Api::Settings::InputAnalysis, :input_analysis, 6
-      end
-
-      class ProtectState
-        optional :string, :uuid, 1
-        optional :bool, :track_request, 4
-        optional :bool, :security_exception, 2
-        optional :string, :security_message, 3
-      end
-
-      class ServerFeatures
-        optional :bool, :cache, 1
-        optional :string, :log_file, 2
-        optional :string, :log_level, 3
-        optional ::Contrast::Api::Settings::InventoryFeatures, :inventory, 4
-        optional ::Contrast::Api::Settings::AssessFeatures, :assess, 5
-        optional ::Contrast::Api::Settings::DefendFeatures, :defend, 6
-        optional ::Contrast::Api::Settings::ServerFeatures::InstrumentationMode, :instrumentation_mode, 7
-        optional ::Contrast::Api::Settings::ContrastServiceData, :contrast_service, 8
-      end
-
-      class ContrastServiceData
-        optional :string, :version, 1
-      end
-
-      class ApplicationSettings
-        repeated ::Contrast::Api::Settings::VirtualPatch, :virtual_patches, 2
-        repeated ::Contrast::Api::Settings::ProtectionRule, :protection_rules, 3
-        repeated ::Contrast::Api::Settings::Exclusion, :exclusions, 5
-        repeated :string, :disabled_assess_rules, 6
-        repeated ::Contrast::Api::Settings::Reaction, :reactions, 7
-        optional :string, :session_id, 8, :deprecated => true
-        optional ::Contrast::Api::Settings::SqlInjectionSettings, :sqli_settings, 9
-      end
-
-      class SqlInjectionSettings
-        optional :bool, :detect_tautologies, 1
-        optional :bool, :detect_chained_queries, 2
-        optional :bool, :detect_suspicious_unions, 3
-        optional :bool, :detect_dangerous_functions, 4
-      end
-
-      class Reaction
-        optional :string, :message, 1
-        optional ::Contrast::Api::Settings::LogLevel, :log_level, 2
-        optional ::Contrast::Api::Settings::Reaction::Operation, :operation, 3
-      end
-
-      class AccumulatorSettings
-        map :string, ::Contrast::Api::Settings::Accumulator, :accumulators, 1
-      end
-
-      class InventoryFeatures
-        optional :bool, :libraries, 1
-        optional :bool, :activity, 2
-        optional :bool, :monitor_db, 3
-        optional :bool, :monitor_ldap, 4
-        optional :bool, :monitor_web_calls, 5
-      end
-
-      class AssessFeatures
-        optional :bool, :enabled, 1
-        optional :bool, :dynamic_sources, 2
-        optional :bool, :sources, 3
-        optional :bool, :rules, 4
-        optional :bool, :propagators, 5
-        optional :bool, :taggers, 6
-        optional :bool, :response_scanning, 7
-        optional ::Contrast::Api::Settings::AssessFeatures::SaveStacktrace, :stacktraces, 8
-        optional :bool, :validator_scopes, 9
-        optional :bool, :identity_tagging, 10
-        repeated ::Contrast::Api::Settings::CustomRuleFeature, :sanitizers, 11
-        repeated ::Contrast::Api::Settings::CustomRuleFeature, :validators, 12
-        repeated :string, :disabled_rules, 13, :deprecated => true
-        optional ::Contrast::Api::Settings::Sampling, :sampling, 14
-        map :string, ::Contrast::Api::Settings::DynamicSource, :dynamic_sources_map, 19
-      end
-
-      class CustomRuleFeature
-        optional :string, :api, 1
-        repeated :string, :tags, 2
-        repeated :string, :rules, 3
-      end
-
-      class Sampling
-        optional :bool, :enabled, 1
-        optional :int32, :baseline, 2
-        optional :int32, :window_ms, 3
-        optional :int32, :request_frequency, 4
-        optional :int32, :response_frequency, 5
-      end
-
-      class DynamicSource
-        optional :string, :class_name, 1
-        optional :string, :method_name, 2
-        optional :bool, :instance_method, 3
-        optional :string, :target, 4
-        map :string, :string, :properties, 6
-      end
-
-      class DefendFeatures
-        optional :bool, :enabled, 1
-        optional :bool, :bot_blocker, 2
-        repeated ::Contrast::Api::Settings::BotBlocker, :bot_blockers, 3
-        repeated ::Contrast::Api::Settings::IpFilter, :ip_blacklists, 4, :deprecated => true
-        repeated ::Contrast::Api::Settings::IpFilter, :ip_denylists, 10
-        repeated ::Contrast::Api::Settings::IpFilter, :ip_whitelists, 5, :deprecated => true
-        repeated ::Contrast::Api::Settings::IpFilter, :ip_allowlists, 11
-        repeated ::Contrast::Api::Settings::LogEnhancer, :log_enhancers, 6
-        repeated ::Contrast::Api::Settings::RuleDefinition, :rule_definitions, 7
-        optional ::Contrast::Api::Settings::Syslog, :syslog, 8
-        optional ::Contrast::Api::Settings::Auth, :auth, 9
-      end
-
-      class Syslog
-        optional :bool, :enabled, 1
-        optional :string, :ip_address, 2
-        optional :int32, :port, 3
-        optional :int32, :facility_code, 4
-        optional ::Contrast::Api::Settings::Syslog::ConnectionType, :connection_type, 5
-        optional ::Contrast::Api::Settings::Syslog::Severity, :severity_exploited, 6
-        optional ::Contrast::Api::Settings::Syslog::Severity, :severity_blocked, 7
-        optional ::Contrast::Api::Settings::Syslog::Severity, :severity_probed, 8
-        optional ::Contrast::Api::Settings::Syslog::Severity, :severity_blocked_perimeter, 11
-        optional ::Contrast::Api::Settings::Syslog::Severity, :severity_probed_perimeter, 12
-        optional :string, :protocol, 9
-        optional :string, :host, 10
-      end
-
-      class BotBlocker
-        optional :string, :bot, 1
-        optional :bool, :case_sensitive, 2
-        optional :bool, :start_anchor, 3
-      end
-
-      class IpFilter
-        optional :bool, :expires, 1
-        optional :int64, :expires_at_ms, 2
-        optional :string, :ip, 3
-        optional :string, :name, 4
-        optional :string, :uuid, 5
-      end
-
-      class LogEnhancer
-        optional :int64, :id, 1
-        optional :string, :name, 2
-        optional :string, :api, 3
-        optional :string, :format, 4
-        optional ::Contrast::Api::Settings::LogEnhancer::LogLevel, :log_level, 5
-        optional ::Contrast::Api::Settings::LogEnhancer::LogType, :log_type, 6
-      end
-
-      class RuleDefinition
-        optional :string, :name, 1
-        repeated ::Contrast::Api::Settings::StringDefinition, :keywords, 2
-        repeated ::Contrast::Api::Settings::StringDefinition, :patterns, 3
-      end
-
-      class StringDefinition
-        optional ::Contrast::Api::Settings::StringDefinition::Type, :type, 1
-        optional :string, :rule, 2
-        optional :string, :id, 3
-        optional :string, :value, 4
-        optional :string, :downcase, 7
-        optional :bool, :case_sensitive, 5
-        optional :int32, :score, 6
-      end
-
-      class Exclusion
-        optional ::Contrast::Api::Settings::Exclusion::ExclusionType, :type, 1
-        optional :string, :name, 2
-        optional ::Contrast::Api::Settings::Exclusion::MatchStrategy, :match_strategy, 3, :deprecated => true
-        repeated :string, :modes, 4, :deprecated => true
-        repeated :string, :protection_rules, 5
-        repeated :string, :assessment_rules, 6
-        repeated :string, :urls, 7
-        repeated :string, :blacklist, 8, :deprecated => true
-        repeated :string, :denylist, 13
-        optional ::Contrast::Api::Settings::Exclusion::InputType, :input_type, 9
-        optional :string, :input_name, 10
-        optional :bool, :assess, 11
-        optional :bool, :protect, 12
-      end
-
-      class VirtualPatch
-        optional :string, :name, 1
-        optional :string, :uuid, 2
-        optional :string, :key, 3
-        repeated ::Contrast::Api::Settings::VirtualPatchCondition, :headers, 4
-        repeated ::Contrast::Api::Settings::VirtualPatchCondition, :parameters, 5
-        repeated ::Contrast::Api::Settings::VirtualPatchCondition, :urls, 6
-        repeated ::Contrast::Api::Settings::VirtualPatchCondition, :conditions, 7
-      end
-
-      class VirtualPatchCondition
-        optional :string, :name, 2
-        optional :string, :value, 3
-        optional ::Contrast::Api::Settings::VirtualPatchCondition::InputType, :input_type, 4
-        optional ::Contrast::Api::Settings::VirtualPatchCondition::Evaluation, :evaluation, 5
-      end
-
-      class ProtectionRule
-        optional :string, :id, 1
-        optional :string, :name, 2
-        optional ::Contrast::Api::Settings::ProtectionRule::Mode, :mode, 3
-      end
-
-      class Accumulator
-        optional :string, :name, 1
-        optional :int32, :limit, 2
-        optional :int32, :count, 3
-        optional :int64, :window_ms, 4
-        optional :int64, :created_ms, 5
-        optional :int64, :last_update_ms, 6
-      end
-
-      class Auth
-        optional ::Contrast::Api::Settings::Auth::Mode, :mode, 1
-      end
-
-      class InputAnalysis
-        repeated ::Contrast::Api::Settings::InputAnalysisResult, :results, 1
-      end
-
-      class InputAnalysisResult
-        optional :string, :rule_id, 1
-        optional ::Contrast::Api::Settings::InputAnalysisResult::InputType, :input_type, 3
-        optional :string, :path, 4
-        optional :string, :key, 5
-        optional :string, :value, 6
-        optional ::Contrast::Api::Settings::InputAnalysisResult::ScoreLevel, :score_level, 9
-        repeated :string, :ids, 7
-        optional :int32, :attack_count, 8
-      end
-
-    end
-
-  end
-
-end
-

data/lib/contrast/api.rb

@@ -1,16 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-module Contrast
-  # Builds out the Contrast::Api namespace and requires the classes in the api
-  # directory, making available those classes required to communicate with the
-  # Contrast Service, including those generated from Protobuf
-  module Api
-    ENCODING_STRING = 'I>'
-  end
-end
-
-require 'contrast/api/dtm.pb'
-require 'contrast/api/settings.pb'
-require 'contrast/api/decorators'
-require 'contrast/api/communication'

data/lib/contrast/components/contrast_service.rb

@@ -1,88 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'monitor'
-
-module Contrast
-  module Components
-    module ContrastService
-      # A wrapper build around the Common Agent Configuration project to allow
-      # for access of the values contained in its
-      # parent_configuration_spec.yaml.
-      # Specifically, this allows for querying the state of the connection to
-      # the Service, as well as sending a message to the Service.
-      class Interface
-        include Contrast::Components::ComponentBase
-
-        DEFAULT_SERVICE_LOG = 'contrast_service.log'
-        DEFAULT_SERVICE_LEVEL = :TRACE
-        # The Rails ActionDispatch regexp for localhost IP + literal localhost
-        # https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/http/request.rb#L32
-        LOCALHOST = Regexp.union([
-                                   /^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/,
-                                   /^localhost$/
-                                 ])
-
-        def use_bundled_service?
-          # Validates the config to decide if it's suitable for starting
-          # the bundled service
-
-          # Requirement says "must be true" but that
-          # should be "must not be false" -- oops.
-          @_use_bundled_service ||= !false?(::Contrast::CONFIG.agent.start_bundled_service?) &&
-              # Either a valid host or a valid socket
-              # Path validity is the service's problem
-              (LOCALHOST.match?(host) || !!socket_path)
-        end
-
-        def use_agent_communication?
-          return @_use_agent_communication unless @_use_agent_communication.nil?
-
-          @_use_agent_communication = true?(::Contrast::CONFIG.agent.service.bypass)
-        end
-
-        # If we're using the agent directly and not using protect, then there is no need to start the service. Because
-        # we only know this at startup when hardcoded as such (b/c TS could turn protect on otherwise), we can only do
-        # so when bypass is on and protect is off in local config
-        #
-        # @return [Boolean]
-        def unnecessary?
-          ::Contrast::CONTRAST_SERVICE.use_agent_communication? && ::Contrast::PROTECT.forcibly_disabled?
-        end
-
-        def host
-          @_host ||=
-            (::Contrast::CONFIG.agent.service.host || Contrast::Components::Service::Interface::DEFAULT_HOST).to_s
-        end
-
-        def port
-          @_port ||=
-            (::Contrast::CONFIG.agent.service.port || Contrast::Components::Service::Interface::DEFAULT_PORT).to_i
-        end
-
-        def socket_path
-          @_socket_path ||= ::Contrast::CONFIG.agent.service.socket
-        end
-
-        def use_tcp?
-          socket_path.nil?
-        end
-
-        def logger_path
-          @_logger_path ||= ::Contrast::CONFIG.agent.service.logger.path || DEFAULT_SERVICE_LOG
-        end
-
-        def logger_level
-          @_logger_level ||= ::Contrast::CONFIG.agent.service.logger.level || DEFAULT_SERVICE_LEVEL
-        end
-
-        private
-
-        def disabled?
-          @_disabled = false?(::Contrast::CONFIG.agent.start_bundled_service) if @_disabled.nil?
-          @_disabled
-        end
-      end
-    end
-  end
-end

data/lib/contrast/components/service.rb

@@ -1,55 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'contrast/components/base'
-require 'contrast/components/logger'
-
-module Contrast
-  module Components
-    module Service
-      # A wrapper build around the Common Agent Configuration project to allow
-      # for access of the values contained in its
-      # parent_configuration_spec.yaml.
-      # Those in this section pertain to the communication between the Agent & the Service
-      class Interface
-        include Contrast::Components::ComponentBase
-
-        # We don't set these b/c we've been asked to handle the default values of these settings differently, logging
-        # when we have to use them.
-        DEFAULT_HOST       = '127.0.0.1' # rubocop:disable Style/IpAddresses
-        DEFAULT_PORT       = '30555'
-
-        attr_writer :logger, :bypass
-        # @return [String, nil]
-        attr_accessor :socket
-        # @return [String, nil]
-        attr_accessor :port
-        # @return [String, nil]
-        attr_accessor :host
-        # @return [Boolean, nil]
-        attr_accessor :enable
-
-        def initialize hsh = {}
-          return unless hsh
-
-          @enable = hsh[:enable]
-          @host = hsh[:host]
-          @port = hsh[:port]
-          @socket = hsh[:socket]
-          @logger = Contrast::Components::Logger::Interface.new(hsh[:logger])
-          @bypass = hsh[:bypass]
-        end
-
-        # @return [Contrast::Components::Logger::Interface]
-        def logger
-          @logger ||= Contrast::Components::Logger::Interface.new # rubocop:disable Naming/MemoizedInstanceVariableName
-        end
-
-        # @return [Boolean, false]
-        def bypass
-          @bypass.nil? ? false : @bypass
-        end
-      end
-    end
-  end
-end