contrast-agent 6.7.0 → 6.9.0

data/lib/contrast/agent/thread_watcher.rb

@@ -2,11 +2,12 @@
 # frozen_string_literal: true
 
 require 'contrast/components/logger'
-require 'contrast/agent/service_heartbeat'
-require 'contrast/api/communication/messaging_queue'
 require 'contrast/agent/reporting/report'
 require 'contrast/agent/reporting/reporter_heartbeat'
+require 'contrast/agent/reporting/server_settings_worker'
 require 'contrast/agent/telemetry/base'
+require 'contrast/agent/protect/input_analyzer/worth_watching_analyzer'
+require 'contrast/config/diagnostics'
 
 module Contrast
   module Agent
@@ -16,25 +17,23 @@ module Contrast
 
       # @return [Contrast::Utils::HeapDumpUtil]
       attr_reader :heapdump_util
-      # @return [Contrast::Agent::ServiceHeartbeat, nil]
-      attr_reader :heartbeat
-      # @return [Contrast::Api::Communication::MessagingQueue, nil]
-      attr_reader :messaging_queue
       # @return [Contrast::Agent::Reporter]
       attr_reader :reporter
       # @return [Contrast::Agent::ReporterHeartbeat]
       attr_reader :reporter_heartbeat
+      # @return [Contrast::Agent::Protect::WorthWatchingInputAnalyzer]
+      attr_reader :worth_watching_analyzer
+      # @return [Contrast::Agent::ServerSettingsWorker]
+      attr_reader :reporter_settings_worker
 
       def initialize
         @pids = {}
         @heapdump_util = Contrast::Utils::HeapDumpUtil.new
-        unless ::Contrast::CONTRAST_SERVICE.unnecessary?
-          @heartbeat = Contrast::Agent::ServiceHeartbeat.new
-          @messaging_queue = Contrast::Api::Communication::MessagingQueue.new
-        end
         @reporter = Contrast::Agent::Reporter.new
         @reporter_heartbeat = Contrast::Agent::ReporterHeartbeat.new
+        @reporter_settings_worker = Contrast::Agent::ServerSettingsWorker.new
         @telemetry = Contrast::Agent::Telemetry::Base.new if Contrast::Agent::Telemetry::Base.enabled?
+        @worth_watching_analyzer = Contrast::Agent::Protect::WorthWatchingInputAnalyzer.new unless protect_disabled?
       end
 
       # @return [Hash, nil] map of process to thread startup status
@@ -42,16 +41,18 @@ module Contrast
         return unless ::Contrast::AGENT.enabled?
 
         logger.debug('ThreadWatcher started threads')
-        heartbeat_status = init_thread(heartbeat)
-        messaging_status = init_thread(messaging_queue)
-        @pids[Process.pid] = messaging_status && heartbeat_status
+        reporter_status = init_thread(reporter)
+        reporter_heartbeat_status = init_thread(reporter_heartbeat)
+        reporter_settings_worker_status = init_thread(reporter_settings_worker)
+        @pids[Process.pid] = reporter_status && reporter_heartbeat_status && reporter_settings_worker_status
         if Contrast::Agent::Telemetry::Base.enabled?
           telemetry_status = init_thread(telemetry_queue)
           @pids[Process.pid] = @pids[Process.pid] && telemetry_status
         end
-        reporter_status = init_thread(reporter)
-        reporter_heartbeat_status = init_thread(reporter_heartbeat)
-        @pids[Process.pid] = @pids[Process.pid] && reporter_status && reporter_heartbeat_status
+        unless protect_disabled?
+          worth_watching_analyzer_status = init_thread(worth_watching_analyzer)
+          @pids[Process.pid] = @pids[Process.pid] && worth_watching_analyzer_status
+        end
         @pids
       end
 
@@ -62,13 +63,27 @@ module Contrast
         startup!
       end
 
+      # This method will check the config and if the config is invalid - it will kill the agent
+      def self.check_before_start
+        return if Contrast::CONFIG.send(:validate)
+
+        @_diagnostics = Contrast::Agent::DiagnosticsConfig::Diagnostics.new(Contrast::AGENT.logger.path ||
+                                                                            Contrast::Components::Config::CONTRAST_LOG)
+        @_diagnostics.config.populate_fail_connection
+        @_diagnostics.write_to_file_logic(false, reset: false)
+        # kill agent
+        Contrast::AGENT.disable_agent!
+        # TODO: RUBY-1822
+        # set the in_application_scope to 1 so we short circuit it
+      end
+
       def shutdown!
-        heartbeat&.stop!
-        messaging_queue&.stop!
         heapdump_util&.stop!
         telemetry_queue&.stop!
         reporter&.stop!
         reporter_heartbeat&.stop!
+        worth_watching_analyzer&.stop!
+        reporter_settings_worker&.stop!
       end
 
       # @return [Contrast::Agent::Telemetry::Base]
@@ -93,6 +108,10 @@ module Contrast
         logger.debug('Thread status', type: watcher.to_s, alive: result)
         result
       end
+
+      def protect_disabled?
+        ::Contrast::PROTECT.forcibly_disabled?
+      end
     end
   end
 end

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '6.7.0'
+    VERSION = '6.9.0'
   end
 end

data/lib/contrast/agent.rb

@@ -42,9 +42,6 @@ require 'contrast/utils/thread_tracker'
 # Framework support
 require 'contrast/framework/manager'
 
-# Communication to SR
-require 'contrast/api/communication'
-
 require 'contrast/agent/thread_watcher'
 
 module Contrast
@@ -66,11 +63,6 @@ module Contrast
       thread_watcher.heapdump_util
     end
 
-    # @return [nil, Contrast::Api::Communication::MessagingQueue]
-    def self.messaging_queue
-      thread_watcher.messaging_queue
-    end
-
     # @return [nil, Contrast::Agent::Telemetry::Base]
     def self.telemetry_queue
       thread_watcher.telemetry_queue
@@ -81,20 +73,23 @@ module Contrast
       thread_watcher.reporter
     end
 
+    # @return [Contrast::Agent::Protect::WorthWatchingAnalyzer]
+    def self.worth_watching_analyzer
+      thread_watcher.worth_watching_analyzer
+    end
+
+    # @return [Contrast::Agent::ThreadWatcher]
     def self.thread_watcher
       @_thread_watcher ||= Contrast::Agent::ThreadWatcher.new
     end
   end
 end
 
-require 'contrast/api'
-
 require 'contrast/utils/resource_loader'
 require 'contrast/utils/duck_utils'
 require 'contrast/agent/tracepoint_hook'
 require 'contrast/agent/at_exit_hook'
 
-# communication with contrast service
 require 'contrast/agent/exclusion_matcher'
 
 # threads that handle contrast scope

data/lib/contrast/agent_lib/api/command_injection.rb

@@ -0,0 +1,46 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: false
+
+require 'ffi'
+# require the gem
+require 'contrast-agent-lib'
+
+module Contrast
+  module AgentLib
+    # This module is defined in Rust as external, we used it here.
+    # Initializes the AgentLib. Here will be all methods from
+    # the C bindings  contrast_c::cmdi_semantic_chained_command module.
+    module CommandInjection
+      extend FFI::Library
+      ffi_lib ContrastAgentLib::CONTRAST_C
+
+      attach_function :get_index_of_chained_command, [:string], :long_long
+      attach_function :does_command_contain_dangerous_path, [:string], :int
+
+      private
+
+      # Checks that a given shell command contained a chained command.
+      # This is used for the cmd-injection-semantic-chained-commands rule.
+      #
+      # @param cmd [String] command to check.
+      # @return index[Integer] Returns the index of the command chaining if found.
+      # If the chaining index is >= 0, an injection is detected. Returns -1 when
+      # no command chaining is found.
+      def dl__index_of_chained_command cmd
+        get_index_of_chained_command(cmd)
+      end
+
+      # Checks if a given shell command is trying to access a dangerous path.
+      # This is used for the cmd-injection-semantic-dangerous-paths rule.
+      #
+      # @param path [String] path to check.
+      # @return index[Boolean] Returns 1 if a dangerous path is found.
+      # Returns 0 if no dangerous paths are found.
+      def dl__dangerous_path? path
+        return false if does_command_contain_dangerous_path(path).zero?
+
+        true
+      end
+    end
+  end
+end

data/lib/contrast/agent_lib/api/init.rb

@@ -0,0 +1,101 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: false
+
+require 'ffi'
+# require the gem
+require 'contrast-agent-lib'
+
+module Contrast
+  module AgentLib
+    # This module is defined in Rust as external, we used it here.
+    # Initializes the AgentLib. Here will be all methods from
+    # the C bindings agent_init mod.
+    module Init
+      extend FFI::Library
+      ffi_lib ContrastAgentLib::CONTRAST_C
+
+      # Init
+      #
+      # 0 => OK, -1 => Err
+      # The attach function could be called also like this:
+      # attach_function :ruby_name, :c_name, [ :params ], :returns, { :options => values }
+      # an that way we define a ruby_name for the C method, but we alias to make a documentation
+      # for the method.
+      #
+      # Also we extend the FFI::Library inside this module so we could also redefine the
+      # attach_function to our taste, not worry about it leaking outside of this module.
+      #
+      # @param [Symbol] Name of required function.
+      # @param [Array] An array of argument types.
+      # @return [Integer] Return type of the function.
+      attach_function :init, [], :int
+
+      # TODO: RUBY-1693
+      #  Initialize agent lib without any optional settings. To set optional settings consider using
+      # `init_with_options` instead If you want to enable logging, it must be set using environment variables
+      # `CONTRAST_AGENTLIB_LOG_LEVEL` - set to log level.  Must of one of ERROR, WARN, INFO, DEBUG or TRACE
+      # `CONTRAST_AGENTLIB_LOG_DIR` - must point to an accessible directory where logs will be written.
+      #  The name of the log file
+      # is auto-generated and cannot be set. The format is 'libcontrast_<date>_<process_id>.log'
+      #
+      # If these environment variables are not present during `init`, agent-lib will be initialized with
+      # logging disabled and you will not be able to re-enable it using `change_log_settings`
+      # @param [Symbol] Name of required function.
+      # @param [Array] An array of argument types.
+      # @return [Integer] Return type of the function.
+      attach_function :init_with_options, %i[bool string string], :int
+
+      # TODO: RUBY-1693
+      # Change log settings for agent lib after it's been initialized.  This api must be used after init
+      #
+      # Safety
+      # The `log_level` parameter must point to must point to an UTF-8 encoded string C-string
+      # @param enable_logging [Boolean] flag to enable or disable logging.
+      # @param log_level [String] UTF-8 encoded string indicating the maximum log level
+      # if logging is enabled
+      attach_function :change_log_settings, %i[bool string], :int
+
+      # TODO: RUBY-1693
+      # Initialize AgentLib with options.
+      # If init returns 0 = successful setup with options
+      # if init returns 1 = unsuccessful setup with options
+      #
+      # @param enable_logging [Boolean] flag to enable or disable logging.
+      # @param log_dir [String] path to existing log directory.
+      # @param log_level [String] OFF, ERROR, WARN, INFO, DEBUG or TRACE.
+      # @return [Boolean] true if initialized false if not.
+      def dl__init_with_options enable_logging, log_dir, log_level
+        # This is useful for scope sensitive string pointers, if function ends and
+        # you need them to be picked up after the C function.
+        init_with_options(enable_logging, log_dir, log_level).zero?
+      end
+
+      private
+
+      # Initialize AgentLib without options. Log level could not be set after.
+      # If you want to set the log levels you can do it be ENV variables:
+      # EVN [CONTRAST_AGENTLIB_LOG_LEVEL] - set to log level.  Must of one of ERROR, WARN, INFO, DEBUG or TRACE
+      # ENV['CONTRAST_AGENTLIB_LOG_DIR'] - must point to an accessible directory where logs will be written.
+      # The name of the log file.
+      #
+      # @return [Boolean] true if initialized, false if not.
+      def dl__init
+        init.zero?
+      end
+
+      # TODO: RUBY-1693
+      # Change the log settings. This api must be called after the dl__init_with_options.
+      #
+      # @param enable_log [Boolean] flag to enable or disable logging this sets the inner flag.
+      # @param log_level [String] OFF, ERROR, WARN, INFO, DEBUG or TRACE.
+      # @return [Boolean] true if initialized false if not.
+      def dl__change_log_settings enable_log, log_level
+        # transform to C strings pointers here and pass to function.
+        log_dir_pointer = FFI::MemoryPointer.from_string(log_level.dup.force_encoding('UTF-8'))
+        return true if change_log_settings(enable_log, log_dir_pointer).zero?
+
+        false
+      end
+    end
+  end
+end

data/lib/contrast/agent_lib/api/input_tracing.rb

@@ -0,0 +1,267 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: false
+
+require 'ffi'
+# require the gem
+require 'contrast-agent-lib'
+require 'contrast/components/logger'
+
+module Contrast
+  module AgentLib
+    # This module is defined in Rust as external, we used it here.
+    # Initializes the AgentLib. Here will be all methods from
+    # the C bindings  contrast_c::input_tracing module.
+    module InputTracing
+      # Struct could be used as parameter to C functions,
+      # and also to save the return data. This is like
+      # specifying a type for pointer.
+      #
+      # Expected struct:
+      # pub struct CCheckQuerySinkResult {
+      #     pub start_index: u64,
+      #     pub end_index: u64,
+      #     pub boundary_overrun_index: u64,
+      #     pub input_boundary_index: u64,
+      # }
+      #
+      class QuerySinkResult < FFI::ManagedStruct
+        layout :start_index,            :ulong_long,
+               :end_index,              :ulong_long,
+               :boundary_overrun_index, :ulong_long,
+               :input_boundary_index,   :ulong_long
+
+        # when QuerySinkResult object gets out of scope it will be GCed.
+        def self.release ptr
+          Contrast::AgentLib::InputTracing.dl__free_check(ptr)
+        end
+      end
+
+      # This class will be used to hold the return type from input tracings
+      # done with the AgentLib. Using the ManagedStruct will automatically
+      # call the release function, and since the memory is allocated by the
+      # AgentLib is should be GC also there.
+      class CEvalResult < FFI::ManagedStruct
+        layout :rule_id, :ulong_long, :input_type, :ulong_long, :score, :double
+
+        def self.release ptr
+          Contrast::AgentLib::InputTracing.dl__free_eval(ptr)
+        end
+      end
+
+      extend FFI::Library
+      include Contrast::Components::Logger::InstanceMethods
+      ffi_lib ContrastAgentLib::CONTRAST_C
+      ffi_convention :stdcall
+
+      DbType = enum(:DB2, :MySQL, :Oracle, :Postgres, :Sqlite, :SqlServer, :Unknown)
+
+      # Returns 0 if evaluation was successful, -1 if there was an unexpected error.
+      attach_function :check_cmd_injection_query, %i[int int string pointer], :int
+      # Return 0 if evaluation was successful, -1 iif there was an unexpected error.
+      attach_function :check_sql_injection_query, [:int, :int, DbType, :string, :pointer], :int
+      # Free function for all input tracing results pass to check functions.
+      attach_function :free_check_query_sink_result, [:pointer], :int
+      # Evaluate header input:
+      attach_function :evaluate_header_input, %i[string string uint64 uint64 pointer pointer], :int
+      # Evaluate input:
+      attach_function :evaluate_input, %i[string uint64 uint64 uint64 pointer pointer], :int
+      # Free input evaluation:
+      attach_function :free_eval_result, [:pointer], :int
+      # function init
+      attach_function :init, [], :int
+
+      # Once we have pointer or returned data the lib
+      # expect us to free it, so it could GCd.
+      # Most of the time we would receive result pointer.
+      # Used with dl__check_cmdi_query and dl__check_sqli_query.
+      #
+      # @param result [Pointer]
+      def self.dl__free_check result
+        free_check_query_sink_result(result)
+      end
+
+      # Free the input evaluation result received from
+      # dl__eval_input, and dl__eval_header_input
+      #
+      # @param result [Pointer]
+      def self.dl__free_eval result
+        free_eval_result(result)
+      end
+
+      private
+
+      # Evaluate a subset of executing shell command for token boundaries being crossed.
+      # This is used by the cmd-injection rule during sink time. If a previously
+      # worth-watching input is contained in the shell command it crosses token
+      # boundaries then an injection should be raised.
+      #
+      # @param input_index [Integer] index in the cmdText string where user input was found.
+      # @param input_length [Integer] length of the user input.
+      # @return result [Hash, nil] output parameter which will contain the result of the evaluation.
+      def dl__check_cmdi_query input_index, input_length, input_cmd
+        # The memory for the result is allocated by AgentLib/Rust.  So we need to create just an empty pointer
+        # This pointer will be populated by the output parameter of check_cmd_injection_query#
+        result_ptr = FFI::MemoryPointer.new(:pointer)
+        result_code = check_cmd_injection_query(input_index, input_length, input_cmd, result_ptr)
+
+        unless result_code == -1
+          struct = QuerySinkResult.new(result_ptr.read_pointer)
+          result_hash = dl__struct_to_result(struct)
+
+          return result_hash
+        end
+
+        nil
+      end
+
+      # This function will call the check sql injection query
+      # SAFETY DISCLAIMER
+      # The sql_query parameter must point to an allocated C-string in UTF-8 encoding
+      # The result MUST be free'd using free_check_query_sink_result as soon as result has been processed.
+      #
+      # @param input_index[Integer] index in the sqlQuery string where user input was found
+      # @param input_length[Integer] length of the user input
+      # @param sql_query[String] full SQL query being evaluated
+      # @param db_type[Integer] database engine being evaluated. Must be one of the DbType enum values
+      # @return [Hash, nil] Returns 0 if evaluation was successful, -1 if there was an unexpected error.
+      def dl__check_sql_injection_query input_index, input_length, db_type, sql_query
+        db_type = :Sqlite if db_type.to_s.casecmp('sqlite3').zero?
+        dbtype = DbType[db_type]
+        pointer = FFI::MemoryPointer.new(:pointer)
+        check = check_sql_injection_query(input_index, input_length, dbtype, sql_query, pointer)
+
+        return if check == -1
+
+        struct = QuerySinkResult.new(pointer.read_pointer)
+        dl__struct_to_result(struct)
+      rescue RuntimeError => e
+        # silence the runtime error from the agent lib
+        logger.debug('Following RuntimeError was recording during input tracing: ', e: e)
+        nil
+      ensure
+        pointer.free unless pointer.nil? && pointer.address
+      end
+
+      # Evaluates a header for input tracing rules.
+      #
+      # @param header_name [String] key/name of the header to be evaluated.
+      # NOTE: the only header names used are "custom", "accept", and "user-agent".
+      # Header-name-used is part of the output because the accept and user-agent
+      # headers get special handling by agent-lib, so they are evaluated twice -
+      # once exactly like all other headers and once with the specific header that
+      # gets special handling.
+      # @param header_value [String] header value
+      # @param rule_set [Integer] one or more bit flag of input tracing rules to be evaluated.
+      # The bit flags must match the RuleType enum. Currently supported types:
+      # [RuleType::CmdInjection, RuleType::PathTraversal, RuleType::SqlInjection,
+      # RuleType::UnsafeFileUpload, RuleType::ReflectedXss, RuleType::BotBlocker]
+      #     public enum RuleType : ulong
+      #     {
+      #         UnsafeFileUpload = 1 << 0,
+      #         PathTraversal = 1 << 1,
+      #         ReflectedXss = 1 << 2,
+      #         SqlInjection = 1 << 3,
+      #         CmdInjection = 1 << 4,
+      #         NosqlInjectionMongo = 1 << 5,
+      #         BotBlocker = 1 << 6
+      #     }
+      # @param eval_options [Integer] u64 representation of the EvalOptions enum.
+      #     public enum EvalOptions : ulong
+      #     {
+      #         None = 0,
+      #         PreferWorthWatching = 1 << 0,
+      #     }
+      def dl__eval_header_input header_name, header_value, rule_set, eval_options
+        # The memory for the result is allocated by AgentLib/Rust.  So we need to create just an empty pointer
+        # This pointer will be populated by the output parameter of check_cmd_injection_query#
+        result_ptr = FFI::MemoryPointer.new(:pointer)
+        result_size = FFI::MemoryPointer.new(:uint32)
+        # @param result_size [Integer] output parameter which will contain the number of Results after evaluation:
+        # 0 if no result.
+        evaluate_header_input(header_name, header_value, rule_set, eval_options, result_size, result_ptr)
+
+        size = result_size.read_int
+        result_size&.free
+
+        unless size.zero?
+          struct = CEvalResult.new(result_ptr.read_pointer)
+          return dl__eval_struct_to_result(struct)
+        end
+        nil
+      end
+
+      # Evaluates an input part for input tracing rules. This should be used for all input parts except headers.
+      #
+      # @param input [String] input value to be evaluated.
+      # @param input_type [Symbol]  type of the input. This needs to be a u64 representation of the
+      # supported InputType enum values:
+      #        {
+      #         CookieName = 1,
+      #         CookieValue = 2,
+      #         HeaderKey = 3,
+      #         HeaderValue = 4,
+      #         JsonKey = 5,
+      #         JsonValue = 6,
+      #         Method = 7,
+      #         ParameterKey = 8,
+      #         ParameterValue = 9,
+      #         UriPath = 10,
+      #         UrlParameter = 11,
+      #         MultipartName = 12,
+      #         XmlValue = 13
+      #        }
+      # @param rule_set [Integer] one or more bit flag of input tracing rules to be evaluated.
+      # The bit flags must match the RuleType enum. Currently supported types:
+      # [RuleType::CmdInjection, RuleType::PathTraversal, RuleType::SqlInjection,
+      # RuleType::UnsafeFileUpload, RuleType::ReflectedXss, RuleType::BotBlocker]
+      # @param eval_options [Integer] u64 representation of the EvalOptions enum.
+      #     public enum EvalOptions : ulong
+      #     {
+      #         None = 0,
+      #         PreferWorthWatching = 1 << 0,
+      #     }
+      def dl__eval_input input, input_type, rule_set, eval_options
+        # The memory for the result is allocated by AgentLib/Rust.  So we need to create just an empty pointer
+        # This pointer will be populated by the output parameter of check_cmd_injection_query#
+        result_ptr = FFI::MemoryPointer.new(:pointer)
+        result_size = FFI::MemoryPointer.new(:uint32)
+        # @param result_size [Integer] output parameter which will contain the number of Results after evaluation:
+        # 0 if no result.
+        evaluate_input(input, input_type, rule_set, eval_options, result_size, result_ptr)
+        size = result_size.read_int
+        result_size&.free
+
+        unless size.zero?
+          struct = CEvalResult.new(result_ptr.read_pointer)
+          return dl__eval_struct_to_result(struct)
+        end
+        nil
+      end
+
+      # Convert c_struct cmdi result to ruby hash
+      #
+      # @param struct [Contrast::AgentLib::QuerySinkResult]
+      # @return hash [Hash]
+      def dl__struct_to_result struct
+        hash = {}
+        hash[:start_index] = struct[:start_index]
+        hash[:end_index] = struct[:end_index]
+        hash[:boundary_overrun_index] = struct[:boundary_overrun_index]
+        hash[:input_boundary_index] = struct[:input_boundary_index]
+        hash
+      end
+
+      # Convert c_struct evaluated input to ruby hash
+      #
+      # @param struct [Contrast::AgentLib::QuerySinkResult]
+      # @return hash [Hash]
+      def dl__eval_struct_to_result struct
+        hash = {}
+        hash[:rule_id] = struct[:rule_id]
+        hash[:input_type] = struct[:input_type]
+        hash[:score] = struct[:score]
+        hash
+      end
+    end
+  end
+end

data/lib/contrast/agent_lib/api/method_tempering.rb

@@ -0,0 +1,29 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: false
+
+require 'ffi'
+# require the gem
+require 'contrast-agent-lib'
+
+module Contrast
+  module AgentLib
+    # This module is for method tempering bindings: contrast_c::method_tampering
+    module MethodTempering
+      # TODO: RUBY-1632
+      # extend FFI::Library
+      # ffi_lib ContrastAgentLib::CONTRAST_C
+      #
+      # # returns 1 => true, 0 => false
+      # attach_function :is_method_tampering, [:string], :int32
+      #
+      # # Check to see if method is being tempered or not.
+      # # Used with Protect method-tampering rule.
+      # #
+      # # @param method [String] method to check
+      # # @return [Boolean]
+      # def dl__method_tempered? method
+      #   is_method_tampering(method).positive?
+      # end
+    end
+  end
+end