contrast-agent 6.7.0 → 6.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +0 -2
- data/.simplecov +0 -1
- data/Rakefile +0 -1
- data/ext/cs__assess_array/cs__assess_array.c +41 -10
- data/ext/cs__assess_array/cs__assess_array.h +4 -1
- data/lib/contrast/agent/assess/policy/trigger_method.rb +3 -3
- data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +1 -1
- data/lib/contrast/agent/assess/property/evented.rb +11 -11
- data/lib/contrast/agent/assess.rb +0 -1
- data/lib/contrast/agent/excluder.rb +53 -35
- data/lib/contrast/agent/exclusion_matcher.rb +21 -9
- data/lib/contrast/agent/middleware.rb +12 -6
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +6 -0
- data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +146 -127
- data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb +116 -0
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +20 -0
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +1 -1
- data/lib/contrast/agent/protect/rule/base.rb +47 -55
- data/lib/contrast/agent/protect/rule/base_service.rb +48 -24
- data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb +98 -0
- data/lib/contrast/agent/protect/rule/bot_blocker.rb +81 -0
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +20 -2
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb +8 -5
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb +22 -22
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_chained_command.rb +64 -0
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_dangerous_path.rb +63 -0
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +2 -58
- data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/deserialization.rb +3 -14
- data/lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb +2 -2
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +0 -11
- data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +29 -34
- data/lib/contrast/agent/protect/rule/no_sqli.rb +25 -18
- data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_input_classification.rb +61 -0
- data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb +114 -0
- data/lib/contrast/agent/protect/rule/path_traversal.rb +40 -13
- data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +33 -15
- data/lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb +0 -14
- data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +2 -62
- data/lib/contrast/agent/protect/rule/sqli.rb +74 -3
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +39 -63
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +6 -33
- data/lib/contrast/agent/protect/rule/xss/reflected_xss_input_classification.rb +58 -0
- data/lib/contrast/agent/protect/rule/xss.rb +15 -20
- data/lib/contrast/agent/protect/rule/xxe.rb +4 -24
- data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +19 -40
- data/lib/contrast/agent/reporting/attack_result/response_type.rb +9 -9
- data/lib/contrast/agent/reporting/details/ip_denylist_details.rb +10 -2
- data/lib/contrast/agent/reporting/details/virtual_patch_details.rb +8 -2
- data/lib/contrast/agent/reporting/input_analysis/details/bot_blocker_details.rb +27 -0
- data/lib/contrast/agent/reporting/input_analysis/details/protect_rule_details.rb +15 -0
- data/lib/contrast/agent/reporting/input_analysis/input_analysis.rb +1 -2
- data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb +16 -2
- data/lib/contrast/agent/reporting/masker/masker.rb +2 -0
- data/lib/contrast/agent/reporting/report.rb +1 -0
- data/lib/contrast/agent/reporting/reporter.rb +35 -14
- data/lib/contrast/agent/reporting/reporter_heartbeat.rb +3 -9
- data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +16 -13
- data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +12 -7
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +3 -3
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +1 -2
- data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +6 -1
- data/lib/contrast/agent/reporting/reporting_events/application_update.rb +0 -2
- data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +6 -6
- data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +239 -93
- data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +10 -23
- data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +10 -9
- data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +0 -5
- data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +12 -0
- data/lib/contrast/agent/reporting/reporting_events/poll.rb +1 -11
- data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_events/server_reporting_event.rb +8 -0
- data/lib/contrast/agent/reporting/reporting_events/server_settings.rb +40 -0
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +2 -2
- data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +6 -0
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +43 -1
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +8 -4
- data/lib/contrast/agent/reporting/reporting_utilities/response.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +58 -4
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +4 -6
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +77 -16
- data/lib/contrast/agent/reporting/server_settings_worker.rb +44 -0
- data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +14 -2
- data/lib/contrast/agent/reporting/settings/code_exclusion.rb +6 -1
- data/lib/contrast/agent/reporting/settings/exclusion_base.rb +18 -0
- data/lib/contrast/agent/reporting/settings/exclusions.rb +2 -1
- data/lib/contrast/agent/reporting/settings/helpers.rb +7 -0
- data/lib/contrast/agent/reporting/settings/input_exclusion.rb +9 -3
- data/lib/contrast/agent/reporting/settings/protect.rb +15 -15
- data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +39 -2
- data/lib/contrast/agent/reporting/settings/rule_definition.rb +3 -0
- data/lib/contrast/agent/reporting/settings/security_logger.rb +77 -0
- data/lib/contrast/agent/reporting/settings/server_features.rb +9 -0
- data/lib/contrast/agent/reporting/settings/syslog.rb +34 -5
- data/lib/contrast/agent/request.rb +3 -14
- data/lib/contrast/agent/request_context.rb +6 -9
- data/lib/contrast/agent/request_context_extend.rb +9 -148
- data/lib/contrast/agent/request_handler.rb +5 -10
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +1 -1
- data/lib/contrast/agent/thread_watcher.rb +37 -18
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent.rb +6 -11
- data/lib/contrast/agent_lib/api/command_injection.rb +46 -0
- data/lib/contrast/agent_lib/api/init.rb +101 -0
- data/lib/contrast/agent_lib/api/input_tracing.rb +267 -0
- data/lib/contrast/agent_lib/api/method_tempering.rb +29 -0
- data/lib/contrast/agent_lib/api/panic.rb +87 -0
- data/lib/contrast/agent_lib/api/path_semantic_file_security_bypass.rb +40 -0
- data/lib/contrast/agent_lib/interface.rb +260 -0
- data/lib/contrast/agent_lib/interface_base.rb +118 -0
- data/lib/contrast/agent_lib/return_types/eval_result.rb +44 -0
- data/lib/contrast/agent_lib/test.rb +29 -0
- data/lib/contrast/api/communication/connection_status.rb +20 -5
- data/lib/contrast/components/agent.rb +34 -14
- data/lib/contrast/components/api.rb +23 -0
- data/lib/contrast/components/app_context.rb +23 -5
- data/lib/contrast/components/app_context_extend.rb +0 -25
- data/lib/contrast/components/assess.rb +34 -4
- data/lib/contrast/components/assess_rules.rb +18 -0
- data/lib/contrast/components/base.rb +40 -0
- data/lib/contrast/components/config/sources.rb +95 -0
- data/lib/contrast/components/config.rb +19 -19
- data/lib/contrast/components/heap_dump.rb +10 -0
- data/lib/contrast/components/inventory.rb +15 -2
- data/lib/contrast/components/logger.rb +18 -0
- data/lib/contrast/components/polling.rb +36 -0
- data/lib/contrast/components/protect.rb +52 -2
- data/lib/contrast/components/ruby_component.rb +16 -1
- data/lib/contrast/components/sampling.rb +70 -13
- data/lib/contrast/components/security_logger.rb +13 -0
- data/lib/contrast/components/settings.rb +105 -90
- data/lib/contrast/config/certification_configuration.rb +14 -0
- data/lib/contrast/config/config.rb +46 -0
- data/lib/contrast/config/diagnostics.rb +114 -0
- data/lib/contrast/config/diagnostics_tools.rb +98 -0
- data/lib/contrast/config/effective_config.rb +65 -0
- data/lib/contrast/config/effective_config_value.rb +32 -0
- data/lib/contrast/config/exception_configuration.rb +12 -0
- data/lib/contrast/config/protect_rule_configuration.rb +8 -8
- data/lib/contrast/config/protect_rules_configuration.rb +23 -60
- data/lib/contrast/config/request_audit_configuration.rb +13 -0
- data/lib/contrast/config/server_configuration.rb +41 -2
- data/lib/contrast/configuration.rb +29 -12
- data/lib/contrast/extension/assess/array.rb +9 -0
- data/lib/contrast/extension/assess/erb.rb +1 -1
- data/lib/contrast/extension/delegator.rb +2 -0
- data/lib/contrast/framework/manager.rb +3 -1
- data/lib/contrast/framework/rails/railtie.rb +0 -1
- data/lib/contrast/framework/rails/support.rb +0 -1
- data/lib/contrast/tasks/config.rb +1 -8
- data/lib/contrast/utils/assess/event_limit_utils.rb +31 -9
- data/lib/contrast/utils/assess/trigger_method_utils.rb +5 -4
- data/lib/contrast/utils/duck_utils.rb +1 -0
- data/lib/contrast/utils/hash_digest.rb +2 -2
- data/lib/contrast/utils/input_classification_base.rb +155 -0
- data/lib/contrast/utils/os.rb +0 -20
- data/lib/contrast/utils/reporting/application_activity_batch_utils.rb +81 -0
- data/lib/contrast/utils/response_utils.rb +0 -16
- data/lib/contrast/utils/routes_sent.rb +60 -0
- data/lib/contrast/utils/stack_trace_utils.rb +3 -15
- data/lib/contrast/utils/string_utils.rb +10 -7
- data/lib/contrast/utils/telemetry_client.rb +1 -2
- data/lib/contrast/utils/timer.rb +16 -0
- data/lib/contrast.rb +5 -4
- data/resources/protect/policy.json +1 -2
- data/ruby-agent.gemspec +7 -6
- metadata +69 -130
- data/exe/contrast_service +0 -23
- data/lib/contrast/agent/assess/contrast_event.rb +0 -157
- data/lib/contrast/agent/assess/events/event_factory.rb +0 -34
- data/lib/contrast/agent/assess/events/source_event.rb +0 -46
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_worth_watching.rb +0 -64
- data/lib/contrast/agent/protect/rule/sqli/sqli_worth_watching.rb +0 -118
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_matcher.rb +0 -45
- data/lib/contrast/agent/reaction_processor.rb +0 -47
- data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +0 -36
- data/lib/contrast/agent/service_heartbeat.rb +0 -35
- data/lib/contrast/api/communication/messaging_queue.rb +0 -128
- data/lib/contrast/api/communication/response_processor.rb +0 -90
- data/lib/contrast/api/communication/service_lifecycle.rb +0 -77
- data/lib/contrast/api/communication/socket.rb +0 -44
- data/lib/contrast/api/communication/socket_client.rb +0 -130
- data/lib/contrast/api/communication/speedracer.rb +0 -138
- data/lib/contrast/api/communication/tcp_socket.rb +0 -32
- data/lib/contrast/api/communication/unix_socket.rb +0 -28
- data/lib/contrast/api/communication.rb +0 -20
- data/lib/contrast/api/decorators/address.rb +0 -59
- data/lib/contrast/api/decorators/agent_startup.rb +0 -56
- data/lib/contrast/api/decorators/application_settings.rb +0 -43
- data/lib/contrast/api/decorators/application_startup.rb +0 -56
- data/lib/contrast/api/decorators/bot_blocker.rb +0 -37
- data/lib/contrast/api/decorators/http_request.rb +0 -137
- data/lib/contrast/api/decorators/input_analysis.rb +0 -18
- data/lib/contrast/api/decorators/instrumentation_mode.rb +0 -35
- data/lib/contrast/api/decorators/ip_denylist.rb +0 -37
- data/lib/contrast/api/decorators/message.rb +0 -67
- data/lib/contrast/api/decorators/rasp_rule_sample.rb +0 -52
- data/lib/contrast/api/decorators/response_type.rb +0 -17
- data/lib/contrast/api/decorators/server_features.rb +0 -25
- data/lib/contrast/api/decorators/user_input.rb +0 -51
- data/lib/contrast/api/decorators/virtual_patch.rb +0 -34
- data/lib/contrast/api/decorators.rb +0 -22
- data/lib/contrast/api/dtm.pb.rb +0 -363
- data/lib/contrast/api/settings.pb.rb +0 -500
- data/lib/contrast/api.rb +0 -16
- data/lib/contrast/components/contrast_service.rb +0 -88
- data/lib/contrast/components/service.rb +0 -55
- data/lib/contrast/tasks/service.rb +0 -84
- data/lib/contrast/utils/input_classification.rb +0 -73
- data/lib/protobuf/code_generator.rb +0 -129
- data/lib/protobuf/decoder.rb +0 -28
- data/lib/protobuf/deprecation.rb +0 -117
- data/lib/protobuf/descriptors/google/protobuf/compiler/plugin.pb.rb +0 -79
- data/lib/protobuf/descriptors/google/protobuf/descriptor.pb.rb +0 -360
- data/lib/protobuf/descriptors.rb +0 -3
- data/lib/protobuf/encoder.rb +0 -11
- data/lib/protobuf/enum.rb +0 -365
- data/lib/protobuf/exceptions.rb +0 -9
- data/lib/protobuf/field/base_field.rb +0 -380
- data/lib/protobuf/field/base_field_object_definitions.rb +0 -504
- data/lib/protobuf/field/bool_field.rb +0 -64
- data/lib/protobuf/field/bytes_field.rb +0 -67
- data/lib/protobuf/field/double_field.rb +0 -25
- data/lib/protobuf/field/enum_field.rb +0 -56
- data/lib/protobuf/field/field_array.rb +0 -102
- data/lib/protobuf/field/field_hash.rb +0 -122
- data/lib/protobuf/field/fixed32_field.rb +0 -25
- data/lib/protobuf/field/fixed64_field.rb +0 -28
- data/lib/protobuf/field/float_field.rb +0 -43
- data/lib/protobuf/field/int32_field.rb +0 -21
- data/lib/protobuf/field/int64_field.rb +0 -34
- data/lib/protobuf/field/integer_field.rb +0 -23
- data/lib/protobuf/field/message_field.rb +0 -51
- data/lib/protobuf/field/sfixed32_field.rb +0 -27
- data/lib/protobuf/field/sfixed64_field.rb +0 -28
- data/lib/protobuf/field/signed_integer_field.rb +0 -29
- data/lib/protobuf/field/sint32_field.rb +0 -21
- data/lib/protobuf/field/sint64_field.rb +0 -21
- data/lib/protobuf/field/string_field.rb +0 -51
- data/lib/protobuf/field/uint32_field.rb +0 -21
- data/lib/protobuf/field/uint64_field.rb +0 -21
- data/lib/protobuf/field/varint_field.rb +0 -77
- data/lib/protobuf/field.rb +0 -74
- data/lib/protobuf/generators/base.rb +0 -85
- data/lib/protobuf/generators/enum_generator.rb +0 -39
- data/lib/protobuf/generators/extension_generator.rb +0 -27
- data/lib/protobuf/generators/field_generator.rb +0 -193
- data/lib/protobuf/generators/file_generator.rb +0 -262
- data/lib/protobuf/generators/group_generator.rb +0 -122
- data/lib/protobuf/generators/message_generator.rb +0 -104
- data/lib/protobuf/generators/option_generator.rb +0 -17
- data/lib/protobuf/generators/printable.rb +0 -160
- data/lib/protobuf/generators/service_generator.rb +0 -50
- data/lib/protobuf/lifecycle.rb +0 -33
- data/lib/protobuf/logging.rb +0 -39
- data/lib/protobuf/message/fields.rb +0 -233
- data/lib/protobuf/message/serialization.rb +0 -85
- data/lib/protobuf/message.rb +0 -241
- data/lib/protobuf/optionable.rb +0 -72
- data/lib/protobuf/tasks/compile.rake +0 -80
- data/lib/protobuf/tasks.rb +0 -1
- data/lib/protobuf/varint.rb +0 -20
- data/lib/protobuf/varint_pure.rb +0 -31
- data/lib/protobuf/version.rb +0 -3
- data/lib/protobuf/wire_type.rb +0 -10
- data/lib/protobuf.rb +0 -91
- data/proto/dynamic_discovery.proto +0 -46
- data/proto/google/protobuf/compiler/plugin.proto +0 -183
- data/proto/google/protobuf/descriptor.proto +0 -911
- data/proto/rpc.proto +0 -71
- data/service_executables/.gitkeep +0 -0
- data/service_executables/VERSION +0 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
@@ -0,0 +1,87 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: false
|
3
|
+
|
4
|
+
require 'ffi'
|
5
|
+
# require the gem
|
6
|
+
require 'contrast-agent-lib'
|
7
|
+
require 'contrast/utils/object_share'
|
8
|
+
|
9
|
+
module Contrast
|
10
|
+
module AgentLib
|
11
|
+
# This module is defined in Rust as external, we used it here.
|
12
|
+
# Initializes the AgentLib. Here will be all methods from
|
13
|
+
# the C bindings contrast_c::panic_error module.
|
14
|
+
module Panic
|
15
|
+
extend FFI::Library
|
16
|
+
ffi_lib ContrastAgentLib::CONTRAST_C
|
17
|
+
|
18
|
+
attach_function :last_error_message, %i[pointer int32 pointer int32], :int32
|
19
|
+
attach_function :last_error_message_length, [], :int32
|
20
|
+
attach_function :last_error_stack_length, [], :int32
|
21
|
+
|
22
|
+
private
|
23
|
+
|
24
|
+
# Returns the last Error message saved for the thread.
|
25
|
+
# If there is no message it will return empty string.
|
26
|
+
#
|
27
|
+
# @return [String] Empty string if no errors, or a
|
28
|
+
# message + stack trace concat String.
|
29
|
+
def dl__get_error
|
30
|
+
message_length = last_error_message_length
|
31
|
+
stack_length = last_error_stack_length
|
32
|
+
return Contrast::Utils::ObjectShare::EMPTY_STRING if message_length.zero?
|
33
|
+
|
34
|
+
# If the buffer size is retrieved as 0 we need to add 1 byte for it
|
35
|
+
# else the Agent-Lib check for allocated memory would fail.
|
36
|
+
stack_length += 1 if stack_length.zero?
|
37
|
+
message_buffer = FFI::MemoryPointer.new(:char, message_length)
|
38
|
+
stack_buffer = FFI::MemoryPointer.new(:char, stack_length)
|
39
|
+
return dl__parse_error(message_buffer, stack_buffer) if last_error_message(message_buffer,
|
40
|
+
message_length,
|
41
|
+
stack_buffer,
|
42
|
+
stack_length).positive?
|
43
|
+
|
44
|
+
Contrast::Utils::ObjectShare::EMPTY_STRING
|
45
|
+
ensure
|
46
|
+
# The free methods are auto called form the FFI::MemoryPointer
|
47
|
+
# when the variable is out of scope. Making sure it's all free,
|
48
|
+
# and call with safe navigation if is been already cleaned.
|
49
|
+
message_buffer&.free
|
50
|
+
stack_buffer&.free
|
51
|
+
end
|
52
|
+
|
53
|
+
# Retrieves the buffer bytecode and transforms it into String.
|
54
|
+
#
|
55
|
+
# @param buffer [FFI::MemoryPointer, nil] of type char (String)
|
56
|
+
# @return [String] the received message.
|
57
|
+
def dl__read_buffer buffer
|
58
|
+
return Contrast::Utils::ObjectShare::EMPTY_STRING unless buffer
|
59
|
+
|
60
|
+
string = buffer.read_string
|
61
|
+
return string unless string.empty?
|
62
|
+
|
63
|
+
# If there is a incorrect buffer size or the message can't be read
|
64
|
+
# from the FFI::MemoryPointer#read_string method we can still try
|
65
|
+
# and get the partial message:
|
66
|
+
bytes = buffer.get_array_of_int8(0, buffer.size)&.map { |byte| byte.zero? ? nil : byte }
|
67
|
+
bytes.compact.pack('C*').force_encoding('UTF-8') if bytes&.cs__is_a?(Array)
|
68
|
+
end
|
69
|
+
|
70
|
+
# The stack_message is still not integrated in the AgentLib.
|
71
|
+
# It always returns "". For now we are returning the message,
|
72
|
+
# but keeping the functionality for feature use.
|
73
|
+
#
|
74
|
+
# @param message_buffer [FFI::MemoryPointer, nil] of type char (String)
|
75
|
+
# @param stack_buffer [FFI::MemoryPointer, nil] of type char (String)
|
76
|
+
# @return [String] the received error message with stack.
|
77
|
+
def dl__parse_error message_buffer, stack_buffer
|
78
|
+
message = dl__read_buffer(message_buffer)
|
79
|
+
stack = dl__read_buffer(stack_buffer)
|
80
|
+
|
81
|
+
error_message = "Message: #{ message }"
|
82
|
+
error_message + " Stack Trace: #{ stack }" unless stack.empty?
|
83
|
+
error_message
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: false
|
3
|
+
|
4
|
+
require 'ffi'
|
5
|
+
require 'contrast-agent-lib'
|
6
|
+
require 'contrast/utils/object_share'
|
7
|
+
|
8
|
+
module Contrast
|
9
|
+
module AgentLib
|
10
|
+
# This module is defined in Rust as external, we used it here.
|
11
|
+
# Initializes the AgentLib. Here will be all methods from
|
12
|
+
# the C bindings contrast_c::path_semantic_file_security_bypass module.
|
13
|
+
module PathSemanticFileSecurityBypass
|
14
|
+
extend FFI::Library
|
15
|
+
ffi_lib ContrastAgentLib::CONTRAST_C
|
16
|
+
|
17
|
+
# Attach all the needed functions
|
18
|
+
# @param file_path[String] This is the full path of the file, being accessed
|
19
|
+
# @param is_custom_code[Integer] whether the file is being accessed by custom (user) code,
|
20
|
+
# rather than framework code.
|
21
|
+
attach_function :does_file_path_bypass_security, %i[string int], :int
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
# do we need to get the full path before we invoke it or here I need to extract the full path?
|
26
|
+
|
27
|
+
# This is the function from the agent lib, that checks if
|
28
|
+
# a given file_path is attempting to access system files
|
29
|
+
# or bypass file security
|
30
|
+
# This is used for the `path-traversal-semantic-file-security-bypass` rule.
|
31
|
+
#
|
32
|
+
# @param file_path[String] This is the full path of the file, being accessed
|
33
|
+
# @param is_custom_code[Integer] whether the file is being accessed by custom (user) code,
|
34
|
+
# rather than framework code.
|
35
|
+
def dl__does_file_bypass_security file_path, is_custom_code
|
36
|
+
does_file_path_bypass_security(file_path, is_custom_code)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
@@ -0,0 +1,260 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/agent_lib/api/init'
|
5
|
+
require 'contrast/agent_lib/api/command_injection'
|
6
|
+
require 'contrast/agent_lib/api/input_tracing'
|
7
|
+
require 'contrast/agent_lib/api/panic'
|
8
|
+
require 'contrast/agent_lib/api/method_tempering'
|
9
|
+
require 'contrast/agent_lib/api/path_semantic_file_security_bypass'
|
10
|
+
require 'contrast/components/logger'
|
11
|
+
require 'contrast/utils/object_share'
|
12
|
+
require 'fileutils'
|
13
|
+
require 'ffi'
|
14
|
+
require 'contrast/agent_lib/return_types/eval_result'
|
15
|
+
require 'contrast/agent_lib/interface_base'
|
16
|
+
|
17
|
+
module Contrast
|
18
|
+
module AgentLib
|
19
|
+
# The interface to react with the AgentLib. This will be the one place of
|
20
|
+
# contact with the DynamicLib, synchronized and loaded with modules to use.
|
21
|
+
class Interface < InterfaceBase
|
22
|
+
# Include the modules to use from the FFI wrappers of the AgentLib.
|
23
|
+
include Contrast::AgentLib::Init
|
24
|
+
include Contrast::AgentLib::Panic
|
25
|
+
include Contrast::AgentLib::InputTracing
|
26
|
+
include Contrast::AgentLib::CommandInjection
|
27
|
+
# TODO: RUBY-1632
|
28
|
+
# include Contrast::AgentLib::MethodTempering
|
29
|
+
include Contrast::AgentLib::PathSemanticFileSecurityBypass
|
30
|
+
include Contrast::Components::Logger::InstanceMethods
|
31
|
+
|
32
|
+
# Attached methods are always public. We need to make them private
|
33
|
+
# so that this interface is the only mean to call native functions.
|
34
|
+
# The dl__ (dynamic lib) wrapper methods are used to transfer and
|
35
|
+
# convert data to required by the AgentLib types. If native method
|
36
|
+
# is called with wrong arguments a panic is raised. Public instance
|
37
|
+
# methods in this module are used to safe guard and set state by
|
38
|
+
# instance variables. Add any newly attached native functions
|
39
|
+
# included above here:
|
40
|
+
private :init, :init_with_options, :change_log_settings, :check_cmd_injection_query,
|
41
|
+
:free_check_query_sink_result, :get_index_of_chained_command, :last_error_message,
|
42
|
+
:does_command_contain_dangerous_path, :last_error_message_length, :last_error_stack_length,
|
43
|
+
:evaluate_header_input, :evaluate_input, :free_eval_result, :check_sql_injection_query,
|
44
|
+
:free_check_query_sink_result
|
45
|
+
|
46
|
+
# @return enable_log [Boolean] flag to enable or disable logging.
|
47
|
+
attr_reader :enable_log
|
48
|
+
# @return log_dir [String] path to existing log directory.
|
49
|
+
attr_reader :log_dir
|
50
|
+
# @return log_level [String] OFF, ERROR, WARN, INFO, DEBUG or TRACE.
|
51
|
+
attr_reader :log_level
|
52
|
+
# @return enable_log_change [Boolean] flag set during initialization.
|
53
|
+
# If true the log level and enable status could be change during
|
54
|
+
# runtime.
|
55
|
+
attr_reader :enable_log_change
|
56
|
+
# Initialization status
|
57
|
+
# @return [Boolean]
|
58
|
+
attr_reader :init_status
|
59
|
+
# We need to synchronize all calls to the AgentLib vie mutex or monitor.
|
60
|
+
#
|
61
|
+
# @return mutex [Mutex] to synchronize calls, also to prevent situations
|
62
|
+
# such as calling a re_init on not init lib:
|
63
|
+
# This is not the thread you are looking for.
|
64
|
+
attr_reader :mutex
|
65
|
+
# retrieves last error message.
|
66
|
+
# note: last_error_message is the name of the attached function and will
|
67
|
+
# override the agent_lib native method if renamed.
|
68
|
+
#
|
69
|
+
# @return last_error_message [String]
|
70
|
+
attr_reader :last_error
|
71
|
+
|
72
|
+
# Initializes the Agent lib.
|
73
|
+
#
|
74
|
+
# @param enable_logging [Boolean, nil] flag to enable or disable logging.
|
75
|
+
# @param set_log_level [Integer, nil]
|
76
|
+
# @param set_log_dir [String, nil] dir to write log files.
|
77
|
+
# @return [Boolean] true if success.
|
78
|
+
# @raise [StandardError] Any Errors raised in the init process are most
|
79
|
+
# likely to be a C segfaults and termination, probably redundant but safe.
|
80
|
+
def initialize enable_logging = nil, set_log_level = nil, set_log_dir = nil
|
81
|
+
super
|
82
|
+
@mutex = Mutex.new
|
83
|
+
@enable_log = !!enable_logging
|
84
|
+
self.log_level = set_log_level
|
85
|
+
@log_dir = create_log_dir(set_log_dir)
|
86
|
+
@init_status = if enable_log && log_dir && log_level
|
87
|
+
# Preferred as we will be able to to set the log level at run time.
|
88
|
+
@enable_log_change = true
|
89
|
+
with_mutex { dl__init_with_options(enable_log, log_dir, log_level) }
|
90
|
+
else
|
91
|
+
# Initialize the lib without logging.
|
92
|
+
# The log level could not be changed during runtime.
|
93
|
+
@enable_log_change = false
|
94
|
+
with_mutex { dl__init }
|
95
|
+
end
|
96
|
+
rescue StandardError => e
|
97
|
+
logger.error('Could not start АgentLib', error: e, backtrace: e.backtrace)
|
98
|
+
end
|
99
|
+
|
100
|
+
# Changes the logs level in runtime.
|
101
|
+
#
|
102
|
+
# @param new_enable_log [Boolean] flag to enable or disable logging this sets the inner flag.
|
103
|
+
# @param new_log_level [Integer]
|
104
|
+
def change_log_options new_enable_log, new_log_level
|
105
|
+
return unless @enable_log_change
|
106
|
+
|
107
|
+
update_logging(new_log_level, new_enable_log)
|
108
|
+
with_mutex { dl__change_log_settings(enable_log, log_level) }
|
109
|
+
end
|
110
|
+
|
111
|
+
# Set the log_level of the Interface.
|
112
|
+
#
|
113
|
+
# @param level [Integer, nil] one of:
|
114
|
+
# [-1...4]
|
115
|
+
def log_level= level = nil
|
116
|
+
set_level = level.nil? ? 3 : level
|
117
|
+
update_log_level(set_level)
|
118
|
+
end
|
119
|
+
|
120
|
+
# Execute calls to Native methods with mutex.
|
121
|
+
# If Error is raised from the AgentLib it will
|
122
|
+
# be logged. If C error occurs there will be a
|
123
|
+
# segfault and termination.
|
124
|
+
#
|
125
|
+
# @raise [StandardError] Capture any unforeseen errors.
|
126
|
+
# @return [String, Boolean, Integer, nil] Wrapper method's
|
127
|
+
# return types, or nil if something terrible happens.
|
128
|
+
def with_mutex &block
|
129
|
+
return_value = mutex.synchronize(&block)
|
130
|
+
rescue StandardError => e
|
131
|
+
logger.error('AgentLib runtime error', error: e, backtrace: e.backtrace)
|
132
|
+
handle_error
|
133
|
+
ensure
|
134
|
+
# Since every method is called with_mutex this is
|
135
|
+
# the natural candidate for handling any errors
|
136
|
+
# from the AgentLib.
|
137
|
+
handle_error
|
138
|
+
# The return value is used to set some instance
|
139
|
+
# variable state depending on the original return
|
140
|
+
# of the wrapper methods.
|
141
|
+
return_value
|
142
|
+
end
|
143
|
+
|
144
|
+
# Method to extract last error if any and log it.
|
145
|
+
def handle_error
|
146
|
+
@last_error = mutex.synchronize { dl__get_error }
|
147
|
+
logger.error('AgentLib encountered exception: ', error: @last_error) unless @last_error.empty?
|
148
|
+
end
|
149
|
+
|
150
|
+
# Checks that a given shell command contained a chained command.
|
151
|
+
# This is used for the cmd-injection-semantic-chained-commands rule.
|
152
|
+
#
|
153
|
+
# @param cmd [String] command to check.
|
154
|
+
# @return index[Integer, nil] Returns the index of the command chaining if found.
|
155
|
+
# If the chaining index is >= 0, an injection is detected. Returns -1 when no
|
156
|
+
# command chaining is found.
|
157
|
+
def chained_cmdi_index cmd
|
158
|
+
return unless cmd
|
159
|
+
|
160
|
+
with_mutex { dl__index_of_chained_command(cmd) }
|
161
|
+
end
|
162
|
+
|
163
|
+
# Checks if a given shell command is trying to access a dangerous path.
|
164
|
+
# This is used for the cmd-injection-semantic-dangerous-paths rule.
|
165
|
+
#
|
166
|
+
# @param path [String] path to check.
|
167
|
+
# @return index[Boolean] Returns true if a dangerous path is found.
|
168
|
+
# Returns false if no dangerous paths are found.
|
169
|
+
def dangerous_path? path
|
170
|
+
return unless path
|
171
|
+
|
172
|
+
with_mutex { dl__dangerous_path?(path) }
|
173
|
+
end
|
174
|
+
|
175
|
+
# Evaluate a subset of executing shell command for token boundaries being crossed.
|
176
|
+
# This is used by the cmd-injection rule during sink time. If a previously
|
177
|
+
# worth-watching input is contained in the shell command it crosses token
|
178
|
+
# boundaries then an injection should be raised.
|
179
|
+
#
|
180
|
+
# @param input_index [Integer] index in the cmdText string where user input was found.
|
181
|
+
# @param input_length [Integer] length of the user input.
|
182
|
+
# @param input_cmd [String] full text of the command being executed.
|
183
|
+
# @return result [Hash, nil] output parameter which will contain the result of the evaluation.
|
184
|
+
def check_cmdi_query input_index, input_length, input_cmd
|
185
|
+
return unless input_index && input_length && input_cmd
|
186
|
+
|
187
|
+
with_mutex { dl__check_cmdi_query(input_index, input_length, input_cmd) }
|
188
|
+
end
|
189
|
+
|
190
|
+
# Evaluates a header for input tracing rules.
|
191
|
+
#
|
192
|
+
# @param header_name [String] key/name of the header to be evaluated.
|
193
|
+
# NOTE: the only header names used are "custom", "accept", and "user-agent".
|
194
|
+
# Header-name-used is part of the output because the accept and user-agent
|
195
|
+
# headers get special handling by agent-lib, so they are evaluated twice -
|
196
|
+
# once exactly like all other headers and once with the specific header that
|
197
|
+
# gets special handling.
|
198
|
+
# @param header_value [String] header value
|
199
|
+
# @param rule_set [Integer] One of Contrast::AgentLib::Interface::RULE_SET
|
200
|
+
# @param eval_options [Integer] 0 or 1 from Contrast::AgentLib::Interface::EVAL_OPTIONS
|
201
|
+
# @return [Contrast::AgentLib::EvalResult, nil]
|
202
|
+
def eval_header header_name, header_value, rule_set, eval_options
|
203
|
+
return unless header_name && header_value && rule_set && eval_options
|
204
|
+
|
205
|
+
result = with_mutex { dl__eval_header_input(header_name, header_value, rule_set, eval_options) }
|
206
|
+
return EvalResult.new(result) if result
|
207
|
+
|
208
|
+
nil
|
209
|
+
end
|
210
|
+
|
211
|
+
# Evaluates an input part for input tracing rules. This should be used for all input parts except headers.
|
212
|
+
#
|
213
|
+
# @param input [String] input value to be evaluated.
|
214
|
+
# @param input_type [Integer] type of the input one of Contrast::AgentLib::Interface::INPUT_SET
|
215
|
+
# @param rule_set [Integer] One of Contrast::AgentLib::Interface::RULE_SET
|
216
|
+
# @param eval_options [Integer] 0 or 1 from Contrast::AgentLib::Interface::EVAL_OPTIONS
|
217
|
+
# @return [Contrast::AgentLib::EvalResult, nil]
|
218
|
+
def eval_input input, input_type, rule_set, eval_options
|
219
|
+
return unless input && input_type && rule_set && eval_options
|
220
|
+
|
221
|
+
result = with_mutex { dl__eval_input(input, input_type, rule_set, eval_options) }
|
222
|
+
return EvalResult.new(result) if result
|
223
|
+
|
224
|
+
nil
|
225
|
+
end
|
226
|
+
|
227
|
+
def check_sql_query input_index, input_length, db_type, sql_query
|
228
|
+
return unless input_index && input_length && db_type && sql_query
|
229
|
+
|
230
|
+
with_mutex { dl__check_sql_injection_query(input_index, input_length, db_type, sql_query) }
|
231
|
+
end
|
232
|
+
|
233
|
+
# Invoke Path Semantic File Security Bypass
|
234
|
+
#
|
235
|
+
# @param file_path[String] the absolute file path
|
236
|
+
# @param is_custom_code[Integer] is this is being called from customer (user) code
|
237
|
+
# or the framework
|
238
|
+
# @return result[Integer, nil] returns:
|
239
|
+
# 1 => security bypass is detected.
|
240
|
+
# 0 => no security bypass is detected.
|
241
|
+
def check_path_semantic_security_bypass file_path, is_custom_code
|
242
|
+
return unless file_path || is_custom_code
|
243
|
+
|
244
|
+
with_mutex { dl__does_file_bypass_security(file_path, is_custom_code) }
|
245
|
+
end
|
246
|
+
|
247
|
+
# TODO: RUBY-1632 Test after integration and if method-tempering is covered
|
248
|
+
# # Check to see if method is being tempered or not.
|
249
|
+
# # Used with Protect method-tampering rule.
|
250
|
+
# #
|
251
|
+
# # @param method [String] method to check
|
252
|
+
# # @return [Boolean]
|
253
|
+
# def method_tempered? method
|
254
|
+
# return false unless method
|
255
|
+
#
|
256
|
+
# with_mutex { dl__method_tempered?(method) }
|
257
|
+
# end
|
258
|
+
end
|
259
|
+
end
|
260
|
+
end
|
@@ -0,0 +1,118 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
module Contrast
|
5
|
+
module AgentLib
|
6
|
+
# Base class to set basic rule sets and input list.
|
7
|
+
class InterfaceBase
|
8
|
+
# This could be changed to regular Hash.
|
9
|
+
# This format is used to supports this kind of log_level assignment:
|
10
|
+
# via Contrast::Api::Settings::LogLevel::WARN => 3
|
11
|
+
# ( note -1 is not supported in the protobuf LogLevel)
|
12
|
+
LOG_LEVEL = { -1 => 'OFF', 0 => 'TRACE', 1 => 'DEBUG', 2 => 'INFO', 3 => 'WARN', 4 => 'ERROR' }.cs__freeze
|
13
|
+
LOG_DIR = File.join(Dir.pwd).cs__freeze
|
14
|
+
# Named after Protect rule_id / Names
|
15
|
+
# Corresponding to Rust's ulong enum
|
16
|
+
RULE_SET = {
|
17
|
+
'unsafe-file-upload' => 1 << 0,
|
18
|
+
'path-traversal' => 1 << 1,
|
19
|
+
'reflected-xss' => 1 << 2,
|
20
|
+
'sql-injection' => 1 << 3,
|
21
|
+
'cmd-injection' => 1 << 4,
|
22
|
+
'nosql-injection' => 1 << 5,
|
23
|
+
'bot-blocker' => 1 << 6,
|
24
|
+
'ssjs-injection' => 1 << 7,
|
25
|
+
'method-tampering' => 1 << 8
|
26
|
+
}.cs__freeze
|
27
|
+
# Named same as Contrast::Agent::Reporting::InputTypes
|
28
|
+
INPUT_SET = {
|
29
|
+
COOKIE_NAME: 1,
|
30
|
+
COOKIE_VALUE: 2,
|
31
|
+
HEADER_NAME: 3,
|
32
|
+
HEADER_VALUE: 4,
|
33
|
+
JSON_NAME: 5,
|
34
|
+
JSON_VALUE: 6,
|
35
|
+
METHOD: 7,
|
36
|
+
PARAMETER_NAME: 8,
|
37
|
+
PARAMETER_VALUE: 9,
|
38
|
+
URI: 10,
|
39
|
+
URL_PARAMETER: 11,
|
40
|
+
MULTIPART_NAME: 12,
|
41
|
+
XML_VALUE: 13
|
42
|
+
}.cs__freeze
|
43
|
+
EVAL_OPTIONS = { NONE: 0, WORTHWATCHING: 1 }.cs__freeze
|
44
|
+
|
45
|
+
# Initializes the Agent lib.
|
46
|
+
#
|
47
|
+
# @param enable_logging [Boolean, nil] flag to enable or disable logging.
|
48
|
+
# @param set_log_level [Integer, nil]
|
49
|
+
# @param set_log_dir [String, nil] dir to write log files.
|
50
|
+
# @return [Boolean] true if success.
|
51
|
+
# @raise [StandardError] Any Errors raised in the init process are most
|
52
|
+
# likely to be a C segfaults and termination, probably redundant but safe.
|
53
|
+
def initialize enable_logging = nil, set_log_level = nil, set_log_dir = nil
|
54
|
+
# Override
|
55
|
+
end
|
56
|
+
|
57
|
+
# Return list of available rules
|
58
|
+
#
|
59
|
+
# @return [Hash]
|
60
|
+
def rule_set
|
61
|
+
RULE_SET
|
62
|
+
end
|
63
|
+
|
64
|
+
# Returns list of available input types.
|
65
|
+
#
|
66
|
+
# @return [Hash]
|
67
|
+
def input_set
|
68
|
+
INPUT_SET
|
69
|
+
end
|
70
|
+
|
71
|
+
# Return list of input evaluation options:
|
72
|
+
# WorthWatching or none
|
73
|
+
#
|
74
|
+
# @return [Hash]
|
75
|
+
def eval_option
|
76
|
+
EVAL_OPTIONS
|
77
|
+
end
|
78
|
+
|
79
|
+
private
|
80
|
+
|
81
|
+
# Updates the logging status:
|
82
|
+
# Enabled && Level
|
83
|
+
#
|
84
|
+
# @param level [Integer] one of:
|
85
|
+
# [-1...4]
|
86
|
+
# @param enabled [Boolean] logging status.
|
87
|
+
def update_logging level, enabled
|
88
|
+
update_log_level(level)
|
89
|
+
@enable_log = !!enabled
|
90
|
+
end
|
91
|
+
|
92
|
+
# Updates the log level for the AgentLib.
|
93
|
+
#
|
94
|
+
# @param level [Integer] one of:
|
95
|
+
# [-1...4]
|
96
|
+
def update_log_level level
|
97
|
+
value = LOG_LEVEL[level]
|
98
|
+
@log_level = value if value
|
99
|
+
end
|
100
|
+
|
101
|
+
# Creates the directory for AgentLib log files.
|
102
|
+
# If no path provided use default.
|
103
|
+
#
|
104
|
+
# @param log_dir [String, nil] path to log.
|
105
|
+
# @rescue [StandardError] any error concerning
|
106
|
+
# the directory creation.
|
107
|
+
def create_log_dir log_dir = nil
|
108
|
+
path = log_dir.nil? ? LOG_DIR : log_dir
|
109
|
+
FileUtils.mkdir_p(path)
|
110
|
+
path
|
111
|
+
rescue StandardError => e
|
112
|
+
logger.debug('Could not create log directory', error: e)
|
113
|
+
FileUtils.mkdir_p(LOG_DIR)
|
114
|
+
LOG_DIR
|
115
|
+
end
|
116
|
+
end
|
117
|
+
end
|
118
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/agent_lib/interface'
|
5
|
+
|
6
|
+
module Contrast
|
7
|
+
module AgentLib
|
8
|
+
# This class will hold resulst received form AgentLib structs.
|
9
|
+
class EvalResult
|
10
|
+
# Name of the Protect rule analyzed.
|
11
|
+
# @return [String]
|
12
|
+
attr_accessor :rule_id
|
13
|
+
# Type of the input.
|
14
|
+
# @return [String]
|
15
|
+
attr_accessor :input_type
|
16
|
+
# Score of the input after AgentLib
|
17
|
+
# Analysis
|
18
|
+
#
|
19
|
+
# @return score [Float]
|
20
|
+
attr_accessor :score
|
21
|
+
|
22
|
+
# Init a new EvalResult, and translate results to usable for
|
23
|
+
# reporting values.
|
24
|
+
#
|
25
|
+
# @param hsh [Hash, nil] return from AgentLib populated struct.
|
26
|
+
def initialize hsh
|
27
|
+
return unless hsh&.cs__is_a?(Hash)
|
28
|
+
|
29
|
+
@rule_id = Contrast::AgentLib::Interface::RULE_SET.key(hsh[:rule_id])
|
30
|
+
@input_type = Contrast::AgentLib::Interface::INPUT_SET.key(hsh[:input_type])
|
31
|
+
@score = hsh[:score]
|
32
|
+
end
|
33
|
+
|
34
|
+
# Used in specs.
|
35
|
+
def to_controlled_hash
|
36
|
+
{
|
37
|
+
rule_id: rule_id,
|
38
|
+
input_type: input_type,
|
39
|
+
score: score
|
40
|
+
}
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: false
|
3
|
+
|
4
|
+
require_relative 'api/init'
|
5
|
+
|
6
|
+
module Contrast # :nodoc:
|
7
|
+
module Test # :nodoc:
|
8
|
+
extend Contrast::AgentLib::Init
|
9
|
+
|
10
|
+
LOG_DIR = File.join(File.dirname(__FILE__))
|
11
|
+
|
12
|
+
class << self
|
13
|
+
def test_init_with_options enable_log, log_level
|
14
|
+
dl__init_with_options(enable_log, LOG_DIR, log_level)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
# for the other cases - I tried with loop and everything, but nothing worked
|
21
|
+
# Contrast::Test.test_init_with_options(true, "WARN")
|
22
|
+
# Contrast::Test.test_init_with_options(true, "ERROR")
|
23
|
+
# Contrast::Test.test_init_with_options(true, "DEBUG")
|
24
|
+
# Contrast::Test.test_init_with_options(true, "TRACE")
|
25
|
+
response = Contrast::Test.test_init_with_options(true, 'INFO')
|
26
|
+
puts response # rubocop:disable Rails/Output
|
27
|
+
|
28
|
+
# we cannot check here for the file as it's being created after the execution of the file is done
|
29
|
+
raise(StandardError, 'Not Working') if response == false
|
@@ -4,22 +4,37 @@
|
|
4
4
|
module Contrast
|
5
5
|
module Api
|
6
6
|
module Communication
|
7
|
-
# Keeps track of the state of connections to
|
7
|
+
# Keeps track of the state of connections to TeamServer.
|
8
8
|
class ConnectionStatus
|
9
9
|
def initialize
|
10
10
|
@last_success = nil
|
11
11
|
@last_failure = nil
|
12
12
|
@startup_messages_sent = false
|
13
|
+
@_startup_server_message_sent = false
|
13
14
|
end
|
14
15
|
|
15
|
-
# Whether we have sent startup message to
|
16
|
-
#
|
16
|
+
# Whether we have sent startup message to TeamServer. True after successfully sending startup messages to
|
17
|
+
# TeamServer and reset to false if we lose connection.
|
17
18
|
#
|
18
19
|
# @return [Boolean]
|
19
20
|
def startup_messages_sent?
|
20
21
|
@startup_messages_sent
|
21
22
|
end
|
22
23
|
|
24
|
+
# Check to see if we have sent server message and received settings from TS.
|
25
|
+
#
|
26
|
+
# @return [Boolean]
|
27
|
+
def startup_server_message_sent?
|
28
|
+
@_startup_server_message_sent
|
29
|
+
end
|
30
|
+
|
31
|
+
# Set the server message status state
|
32
|
+
#
|
33
|
+
# @return [Boolean]
|
34
|
+
def server_response_success!
|
35
|
+
@_startup_server_message_sent = true
|
36
|
+
end
|
37
|
+
|
23
38
|
# The last message sent was successful or not
|
24
39
|
#
|
25
40
|
# @return [Boolean]
|
@@ -27,13 +42,13 @@ module Contrast
|
|
27
42
|
@last_success && (@last_failure.nil? || @last_success > @last_failure)
|
28
43
|
end
|
29
44
|
|
30
|
-
# The current state of the
|
45
|
+
# The current state of the TeamServer is active with a successful message sent
|
31
46
|
def success!
|
32
47
|
@startup_messages_sent = true
|
33
48
|
@last_success = Time.now.to_f
|
34
49
|
end
|
35
50
|
|
36
|
-
# The
|
51
|
+
# The TeamServer may be in some sort of error state
|
37
52
|
def failure!
|
38
53
|
@startup_messages_sent = false
|
39
54
|
@last_failure = Time.now.to_f
|