contrast-agent 6.7.0 → 6.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +0 -2
- data/.simplecov +0 -1
- data/Rakefile +0 -1
- data/ext/cs__assess_array/cs__assess_array.c +41 -10
- data/ext/cs__assess_array/cs__assess_array.h +4 -1
- data/lib/contrast/agent/assess/policy/trigger_method.rb +3 -3
- data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +1 -1
- data/lib/contrast/agent/assess/property/evented.rb +11 -11
- data/lib/contrast/agent/assess.rb +0 -1
- data/lib/contrast/agent/excluder.rb +53 -35
- data/lib/contrast/agent/exclusion_matcher.rb +21 -9
- data/lib/contrast/agent/middleware.rb +12 -6
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +6 -0
- data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +146 -127
- data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb +116 -0
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +20 -0
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +1 -1
- data/lib/contrast/agent/protect/rule/base.rb +47 -55
- data/lib/contrast/agent/protect/rule/base_service.rb +48 -24
- data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb +98 -0
- data/lib/contrast/agent/protect/rule/bot_blocker.rb +81 -0
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +20 -2
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb +8 -5
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb +22 -22
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_chained_command.rb +64 -0
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_dangerous_path.rb +63 -0
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +2 -58
- data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/deserialization.rb +3 -14
- data/lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb +2 -2
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +0 -11
- data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +29 -34
- data/lib/contrast/agent/protect/rule/no_sqli.rb +25 -18
- data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_input_classification.rb +61 -0
- data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb +114 -0
- data/lib/contrast/agent/protect/rule/path_traversal.rb +40 -13
- data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +33 -15
- data/lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb +0 -14
- data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +2 -62
- data/lib/contrast/agent/protect/rule/sqli.rb +74 -3
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +39 -63
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +6 -33
- data/lib/contrast/agent/protect/rule/xss/reflected_xss_input_classification.rb +58 -0
- data/lib/contrast/agent/protect/rule/xss.rb +15 -20
- data/lib/contrast/agent/protect/rule/xxe.rb +4 -24
- data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +19 -40
- data/lib/contrast/agent/reporting/attack_result/response_type.rb +9 -9
- data/lib/contrast/agent/reporting/details/ip_denylist_details.rb +10 -2
- data/lib/contrast/agent/reporting/details/virtual_patch_details.rb +8 -2
- data/lib/contrast/agent/reporting/input_analysis/details/bot_blocker_details.rb +27 -0
- data/lib/contrast/agent/reporting/input_analysis/details/protect_rule_details.rb +15 -0
- data/lib/contrast/agent/reporting/input_analysis/input_analysis.rb +1 -2
- data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb +16 -2
- data/lib/contrast/agent/reporting/masker/masker.rb +2 -0
- data/lib/contrast/agent/reporting/report.rb +1 -0
- data/lib/contrast/agent/reporting/reporter.rb +35 -14
- data/lib/contrast/agent/reporting/reporter_heartbeat.rb +3 -9
- data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +16 -13
- data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +12 -7
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +3 -3
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +1 -2
- data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +6 -1
- data/lib/contrast/agent/reporting/reporting_events/application_update.rb +0 -2
- data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +6 -6
- data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +239 -93
- data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +10 -23
- data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +10 -9
- data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +0 -5
- data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +12 -0
- data/lib/contrast/agent/reporting/reporting_events/poll.rb +1 -11
- data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_events/server_reporting_event.rb +8 -0
- data/lib/contrast/agent/reporting/reporting_events/server_settings.rb +40 -0
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +2 -2
- data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +6 -0
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +43 -1
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +8 -4
- data/lib/contrast/agent/reporting/reporting_utilities/response.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +58 -4
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +4 -6
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +77 -16
- data/lib/contrast/agent/reporting/server_settings_worker.rb +44 -0
- data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +14 -2
- data/lib/contrast/agent/reporting/settings/code_exclusion.rb +6 -1
- data/lib/contrast/agent/reporting/settings/exclusion_base.rb +18 -0
- data/lib/contrast/agent/reporting/settings/exclusions.rb +2 -1
- data/lib/contrast/agent/reporting/settings/helpers.rb +7 -0
- data/lib/contrast/agent/reporting/settings/input_exclusion.rb +9 -3
- data/lib/contrast/agent/reporting/settings/protect.rb +15 -15
- data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +39 -2
- data/lib/contrast/agent/reporting/settings/rule_definition.rb +3 -0
- data/lib/contrast/agent/reporting/settings/security_logger.rb +77 -0
- data/lib/contrast/agent/reporting/settings/server_features.rb +9 -0
- data/lib/contrast/agent/reporting/settings/syslog.rb +34 -5
- data/lib/contrast/agent/request.rb +3 -14
- data/lib/contrast/agent/request_context.rb +6 -9
- data/lib/contrast/agent/request_context_extend.rb +9 -148
- data/lib/contrast/agent/request_handler.rb +5 -10
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +1 -1
- data/lib/contrast/agent/thread_watcher.rb +37 -18
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent.rb +6 -11
- data/lib/contrast/agent_lib/api/command_injection.rb +46 -0
- data/lib/contrast/agent_lib/api/init.rb +101 -0
- data/lib/contrast/agent_lib/api/input_tracing.rb +267 -0
- data/lib/contrast/agent_lib/api/method_tempering.rb +29 -0
- data/lib/contrast/agent_lib/api/panic.rb +87 -0
- data/lib/contrast/agent_lib/api/path_semantic_file_security_bypass.rb +40 -0
- data/lib/contrast/agent_lib/interface.rb +260 -0
- data/lib/contrast/agent_lib/interface_base.rb +118 -0
- data/lib/contrast/agent_lib/return_types/eval_result.rb +44 -0
- data/lib/contrast/agent_lib/test.rb +29 -0
- data/lib/contrast/api/communication/connection_status.rb +20 -5
- data/lib/contrast/components/agent.rb +34 -14
- data/lib/contrast/components/api.rb +23 -0
- data/lib/contrast/components/app_context.rb +23 -5
- data/lib/contrast/components/app_context_extend.rb +0 -25
- data/lib/contrast/components/assess.rb +34 -4
- data/lib/contrast/components/assess_rules.rb +18 -0
- data/lib/contrast/components/base.rb +40 -0
- data/lib/contrast/components/config/sources.rb +95 -0
- data/lib/contrast/components/config.rb +19 -19
- data/lib/contrast/components/heap_dump.rb +10 -0
- data/lib/contrast/components/inventory.rb +15 -2
- data/lib/contrast/components/logger.rb +18 -0
- data/lib/contrast/components/polling.rb +36 -0
- data/lib/contrast/components/protect.rb +52 -2
- data/lib/contrast/components/ruby_component.rb +16 -1
- data/lib/contrast/components/sampling.rb +70 -13
- data/lib/contrast/components/security_logger.rb +13 -0
- data/lib/contrast/components/settings.rb +105 -90
- data/lib/contrast/config/certification_configuration.rb +14 -0
- data/lib/contrast/config/config.rb +46 -0
- data/lib/contrast/config/diagnostics.rb +114 -0
- data/lib/contrast/config/diagnostics_tools.rb +98 -0
- data/lib/contrast/config/effective_config.rb +65 -0
- data/lib/contrast/config/effective_config_value.rb +32 -0
- data/lib/contrast/config/exception_configuration.rb +12 -0
- data/lib/contrast/config/protect_rule_configuration.rb +8 -8
- data/lib/contrast/config/protect_rules_configuration.rb +23 -60
- data/lib/contrast/config/request_audit_configuration.rb +13 -0
- data/lib/contrast/config/server_configuration.rb +41 -2
- data/lib/contrast/configuration.rb +29 -12
- data/lib/contrast/extension/assess/array.rb +9 -0
- data/lib/contrast/extension/assess/erb.rb +1 -1
- data/lib/contrast/extension/delegator.rb +2 -0
- data/lib/contrast/framework/manager.rb +3 -1
- data/lib/contrast/framework/rails/railtie.rb +0 -1
- data/lib/contrast/framework/rails/support.rb +0 -1
- data/lib/contrast/tasks/config.rb +1 -8
- data/lib/contrast/utils/assess/event_limit_utils.rb +31 -9
- data/lib/contrast/utils/assess/trigger_method_utils.rb +5 -4
- data/lib/contrast/utils/duck_utils.rb +1 -0
- data/lib/contrast/utils/hash_digest.rb +2 -2
- data/lib/contrast/utils/input_classification_base.rb +155 -0
- data/lib/contrast/utils/os.rb +0 -20
- data/lib/contrast/utils/reporting/application_activity_batch_utils.rb +81 -0
- data/lib/contrast/utils/response_utils.rb +0 -16
- data/lib/contrast/utils/routes_sent.rb +60 -0
- data/lib/contrast/utils/stack_trace_utils.rb +3 -15
- data/lib/contrast/utils/string_utils.rb +10 -7
- data/lib/contrast/utils/telemetry_client.rb +1 -2
- data/lib/contrast/utils/timer.rb +16 -0
- data/lib/contrast.rb +5 -4
- data/resources/protect/policy.json +1 -2
- data/ruby-agent.gemspec +7 -6
- metadata +69 -130
- data/exe/contrast_service +0 -23
- data/lib/contrast/agent/assess/contrast_event.rb +0 -157
- data/lib/contrast/agent/assess/events/event_factory.rb +0 -34
- data/lib/contrast/agent/assess/events/source_event.rb +0 -46
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_worth_watching.rb +0 -64
- data/lib/contrast/agent/protect/rule/sqli/sqli_worth_watching.rb +0 -118
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_matcher.rb +0 -45
- data/lib/contrast/agent/reaction_processor.rb +0 -47
- data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +0 -36
- data/lib/contrast/agent/service_heartbeat.rb +0 -35
- data/lib/contrast/api/communication/messaging_queue.rb +0 -128
- data/lib/contrast/api/communication/response_processor.rb +0 -90
- data/lib/contrast/api/communication/service_lifecycle.rb +0 -77
- data/lib/contrast/api/communication/socket.rb +0 -44
- data/lib/contrast/api/communication/socket_client.rb +0 -130
- data/lib/contrast/api/communication/speedracer.rb +0 -138
- data/lib/contrast/api/communication/tcp_socket.rb +0 -32
- data/lib/contrast/api/communication/unix_socket.rb +0 -28
- data/lib/contrast/api/communication.rb +0 -20
- data/lib/contrast/api/decorators/address.rb +0 -59
- data/lib/contrast/api/decorators/agent_startup.rb +0 -56
- data/lib/contrast/api/decorators/application_settings.rb +0 -43
- data/lib/contrast/api/decorators/application_startup.rb +0 -56
- data/lib/contrast/api/decorators/bot_blocker.rb +0 -37
- data/lib/contrast/api/decorators/http_request.rb +0 -137
- data/lib/contrast/api/decorators/input_analysis.rb +0 -18
- data/lib/contrast/api/decorators/instrumentation_mode.rb +0 -35
- data/lib/contrast/api/decorators/ip_denylist.rb +0 -37
- data/lib/contrast/api/decorators/message.rb +0 -67
- data/lib/contrast/api/decorators/rasp_rule_sample.rb +0 -52
- data/lib/contrast/api/decorators/response_type.rb +0 -17
- data/lib/contrast/api/decorators/server_features.rb +0 -25
- data/lib/contrast/api/decorators/user_input.rb +0 -51
- data/lib/contrast/api/decorators/virtual_patch.rb +0 -34
- data/lib/contrast/api/decorators.rb +0 -22
- data/lib/contrast/api/dtm.pb.rb +0 -363
- data/lib/contrast/api/settings.pb.rb +0 -500
- data/lib/contrast/api.rb +0 -16
- data/lib/contrast/components/contrast_service.rb +0 -88
- data/lib/contrast/components/service.rb +0 -55
- data/lib/contrast/tasks/service.rb +0 -84
- data/lib/contrast/utils/input_classification.rb +0 -73
- data/lib/protobuf/code_generator.rb +0 -129
- data/lib/protobuf/decoder.rb +0 -28
- data/lib/protobuf/deprecation.rb +0 -117
- data/lib/protobuf/descriptors/google/protobuf/compiler/plugin.pb.rb +0 -79
- data/lib/protobuf/descriptors/google/protobuf/descriptor.pb.rb +0 -360
- data/lib/protobuf/descriptors.rb +0 -3
- data/lib/protobuf/encoder.rb +0 -11
- data/lib/protobuf/enum.rb +0 -365
- data/lib/protobuf/exceptions.rb +0 -9
- data/lib/protobuf/field/base_field.rb +0 -380
- data/lib/protobuf/field/base_field_object_definitions.rb +0 -504
- data/lib/protobuf/field/bool_field.rb +0 -64
- data/lib/protobuf/field/bytes_field.rb +0 -67
- data/lib/protobuf/field/double_field.rb +0 -25
- data/lib/protobuf/field/enum_field.rb +0 -56
- data/lib/protobuf/field/field_array.rb +0 -102
- data/lib/protobuf/field/field_hash.rb +0 -122
- data/lib/protobuf/field/fixed32_field.rb +0 -25
- data/lib/protobuf/field/fixed64_field.rb +0 -28
- data/lib/protobuf/field/float_field.rb +0 -43
- data/lib/protobuf/field/int32_field.rb +0 -21
- data/lib/protobuf/field/int64_field.rb +0 -34
- data/lib/protobuf/field/integer_field.rb +0 -23
- data/lib/protobuf/field/message_field.rb +0 -51
- data/lib/protobuf/field/sfixed32_field.rb +0 -27
- data/lib/protobuf/field/sfixed64_field.rb +0 -28
- data/lib/protobuf/field/signed_integer_field.rb +0 -29
- data/lib/protobuf/field/sint32_field.rb +0 -21
- data/lib/protobuf/field/sint64_field.rb +0 -21
- data/lib/protobuf/field/string_field.rb +0 -51
- data/lib/protobuf/field/uint32_field.rb +0 -21
- data/lib/protobuf/field/uint64_field.rb +0 -21
- data/lib/protobuf/field/varint_field.rb +0 -77
- data/lib/protobuf/field.rb +0 -74
- data/lib/protobuf/generators/base.rb +0 -85
- data/lib/protobuf/generators/enum_generator.rb +0 -39
- data/lib/protobuf/generators/extension_generator.rb +0 -27
- data/lib/protobuf/generators/field_generator.rb +0 -193
- data/lib/protobuf/generators/file_generator.rb +0 -262
- data/lib/protobuf/generators/group_generator.rb +0 -122
- data/lib/protobuf/generators/message_generator.rb +0 -104
- data/lib/protobuf/generators/option_generator.rb +0 -17
- data/lib/protobuf/generators/printable.rb +0 -160
- data/lib/protobuf/generators/service_generator.rb +0 -50
- data/lib/protobuf/lifecycle.rb +0 -33
- data/lib/protobuf/logging.rb +0 -39
- data/lib/protobuf/message/fields.rb +0 -233
- data/lib/protobuf/message/serialization.rb +0 -85
- data/lib/protobuf/message.rb +0 -241
- data/lib/protobuf/optionable.rb +0 -72
- data/lib/protobuf/tasks/compile.rake +0 -80
- data/lib/protobuf/tasks.rb +0 -1
- data/lib/protobuf/varint.rb +0 -20
- data/lib/protobuf/varint_pure.rb +0 -31
- data/lib/protobuf/version.rb +0 -3
- data/lib/protobuf/wire_type.rb +0 -10
- data/lib/protobuf.rb +0 -91
- data/proto/dynamic_discovery.proto +0 -46
- data/proto/google/protobuf/compiler/plugin.proto +0 -183
- data/proto/google/protobuf/descriptor.proto +0 -911
- data/proto/rpc.proto +0 -71
- data/service_executables/.gitkeep +0 -0
- data/service_executables/VERSION +0 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
data/exe/contrast_service
DELETED
@@ -1,23 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
3
|
-
# frozen_string_literal: true
|
4
|
-
|
5
|
-
def mac?
|
6
|
-
RUBY_PLATFORM.include?('darwin')
|
7
|
-
end
|
8
|
-
|
9
|
-
def path
|
10
|
-
base_path = "#{ File.dirname(__FILE__) }/.."
|
11
|
-
if mac?
|
12
|
-
"#{ base_path }/service_executables/mac/contrast-service"
|
13
|
-
else
|
14
|
-
"#{ base_path }/service_executables/linux/contrast-service"
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
executable_path = path
|
19
|
-
if File.exist?(executable_path)
|
20
|
-
Kernel.exec(executable_path)
|
21
|
-
else
|
22
|
-
puts "Service executable not found at: #{ executable_path }"
|
23
|
-
end
|
@@ -1,157 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/utils/assess/tracking_util'
|
5
|
-
require 'contrast/utils/class_util'
|
6
|
-
require 'contrast/utils/duck_utils'
|
7
|
-
require 'contrast/utils/object_share'
|
8
|
-
require 'contrast/utils/stack_trace_utils'
|
9
|
-
require 'contrast/utils/string_utils'
|
10
|
-
require 'contrast/utils/timer'
|
11
|
-
require 'contrast/agent/assess/contrast_object'
|
12
|
-
require 'contrast/agent/reporting/reporting_events/finding_event'
|
13
|
-
|
14
|
-
module Contrast
|
15
|
-
module Agent
|
16
|
-
module Assess
|
17
|
-
# This class holds the data about an event in the application We'll use it to build an event that TeamServer can
|
18
|
-
# consume if the object to which this event belongs ends in a trigger.
|
19
|
-
class ContrastEvent
|
20
|
-
# @return [Integer] the atomic id of this event
|
21
|
-
attr_reader :event_id
|
22
|
-
# @return [Contrast::Agent::Assess::Policy::PolicyNode] the node that governs this event.
|
23
|
-
attr_reader :policy_node
|
24
|
-
# @return [Array<String>] the execution stack at the time the method for this event was invoked
|
25
|
-
attr_reader :stack_trace
|
26
|
-
# @return [Integer] the time, in epoch ms, when this event was created
|
27
|
-
attr_reader :time
|
28
|
-
# @return [Integer] the object id of the thread on which this event was generated
|
29
|
-
attr_reader :thread
|
30
|
-
# @return [Contrast::Agent::Assess::ContrastObject] the safe representation of the Object on which the method
|
31
|
-
# was invoked
|
32
|
-
attr_reader :object
|
33
|
-
# @return [Contrast::Agent::Assess::ContrastObject] the safe representation of the Return of the invoked method
|
34
|
-
attr_reader :ret
|
35
|
-
# @return [Array<Contrast::Agent::Assess::ContrastObject, nil>] the safe representation of the Arguments with
|
36
|
-
# which the method was invoked
|
37
|
-
attr_reader :args
|
38
|
-
# @return [Hash<Contrast::Agent::Assess::Tag>]
|
39
|
-
attr_reader :tags
|
40
|
-
|
41
|
-
# We need this to track the parent id's of events to build up a flow chart of the finding
|
42
|
-
@atomic_id = 0
|
43
|
-
@atomic_mutex = Mutex.new
|
44
|
-
def self.next_atomic_id
|
45
|
-
@atomic_mutex.synchronize do
|
46
|
-
@atomic_id += 1
|
47
|
-
# Rollover things
|
48
|
-
rescue StandardError
|
49
|
-
@atomic_id = 1
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
# @param event_data [Contrast::Agent::Assess::Events::EventData]
|
54
|
-
def initialize event_data
|
55
|
-
@policy_node = event_data.policy_node
|
56
|
-
@time = Contrast::Utils::Timer.now_ms
|
57
|
-
@thread = Thread.current.object_id
|
58
|
-
|
59
|
-
# These methods rely on the above being set. Don't move them!
|
60
|
-
@event_id = Contrast::Agent::Assess::ContrastEvent.next_atomic_id
|
61
|
-
@tags = Contrast::Agent::Assess::Tracker.properties(event_data.tagged)&.get_tags
|
62
|
-
find_parent_events!(event_data.policy_node, event_data.object, event_data.ret, event_data.args)
|
63
|
-
snapshot!(event_data.object, event_data.ret, event_data.args)
|
64
|
-
capture_stacktrace!
|
65
|
-
end
|
66
|
-
|
67
|
-
# @return [Array<Contrast::Agent::Assess::ContrastEvent>]
|
68
|
-
def parent_events
|
69
|
-
@_parent_events ||= []
|
70
|
-
end
|
71
|
-
|
72
|
-
private
|
73
|
-
|
74
|
-
# Parent events are the events of all the sources of this event which were tracked prior to this event
|
75
|
-
# occurring. Depending on which, if any of the sources were tracked, there may be more than one parent.
|
76
|
-
#
|
77
|
-
# All events except for [Contrast::Agent::Assess::Events::SourceEvent] will have at least one parent.
|
78
|
-
#
|
79
|
-
# We set those events to this event's instance variables.
|
80
|
-
#
|
81
|
-
# @param policy_node [Contrast::Agent::Assess::Policy::PolicyNode] the node that governs this event.
|
82
|
-
# @param object [Object] the Object on which the method was invoked
|
83
|
-
# @param ret [Object] the Return of the invoked method
|
84
|
-
# @param args [Array<Object>] the Arguments with which the method was invoked
|
85
|
-
def find_parent_events! policy_node, object, ret, args
|
86
|
-
policy_node.sources.each do |source_marker|
|
87
|
-
source = value_of_source(source_marker, object, ret, args)
|
88
|
-
next unless source
|
89
|
-
|
90
|
-
event = Contrast::Agent::Assess::Tracker.properties(source)&.event
|
91
|
-
parent_events << event if event
|
92
|
-
end
|
93
|
-
end
|
94
|
-
|
95
|
-
# @param source [String] the marker for the source type
|
96
|
-
# @param object [Object] the Object on which the method was invoked
|
97
|
-
# @param ret [Object] the Return of the invoked method
|
98
|
-
# @param args [Array<Object>] the Arguments with which the method was invoked
|
99
|
-
# @return [Object,nil] the literal value of the source indicated by the given marker
|
100
|
-
def value_of_source source, object, ret, args
|
101
|
-
case source
|
102
|
-
when Contrast::Utils::ObjectShare::OBJECT_KEY
|
103
|
-
object
|
104
|
-
when Contrast::Utils::ObjectShare::RETURN_KEY
|
105
|
-
ret
|
106
|
-
else
|
107
|
-
args[source]
|
108
|
-
end
|
109
|
-
end
|
110
|
-
|
111
|
-
# Everything* is mutable in Ruby. As such, to ensure we can accurately report the application state at the time
|
112
|
-
# of this method's invocation, we have to snapshot the given values, making safe representations of them for
|
113
|
-
# our later use. We set those safe values to this event's instance variables.
|
114
|
-
#
|
115
|
-
# @param object [Object] the Object on which the method was invoked
|
116
|
-
# @param ret [Object] the Return of the invoked method
|
117
|
-
# @param args [Array<Object>] the Arguments with which the method was invoked
|
118
|
-
def snapshot! object, ret, args
|
119
|
-
@object = Contrast::Agent::Assess::ContrastObject.new(object) if object
|
120
|
-
@ret = Contrast::Agent::Assess::ContrastObject.new(ret) if ret
|
121
|
-
@args = safe_args_representation(args)
|
122
|
-
self
|
123
|
-
end
|
124
|
-
|
125
|
-
# Given an array of arguments, copy them into a safe, meaning String, format that we can use to send to SR and
|
126
|
-
# TS for rendering.
|
127
|
-
#
|
128
|
-
# @param args [Array<Object>] the arguments to translate
|
129
|
-
# @return [Array<Contrast::Agent::Assess::ContrastObject>] the String forms of those Objects, as determined by
|
130
|
-
# Contrast::Utils::ClassUtil.to_contrast_string
|
131
|
-
def safe_args_representation args
|
132
|
-
return unless args
|
133
|
-
return Contrast::Utils::ObjectShare::EMPTY_ARRAY if args.empty?
|
134
|
-
|
135
|
-
args.map { |arg| arg ? Contrast::Agent::Assess::ContrastObject.new(arg) : nil }
|
136
|
-
end
|
137
|
-
|
138
|
-
# Capture stack traces only as configured. We'll use this to grab the start of the call stack as if the
|
139
|
-
# instrumented method were the caller. This means we'll start at the entry just after the first block of
|
140
|
-
# Contrast code.
|
141
|
-
def capture_stacktrace!
|
142
|
-
# If we're configured to not capture the stacktrace, usually for performance reasons, then don't and return an
|
143
|
-
# empty array instead
|
144
|
-
unless ::Contrast::ASSESS.capture_stacktrace?(policy_node)
|
145
|
-
@stack_trace = Contrast::Utils::ObjectShare::EMPTY_ARRAY
|
146
|
-
return
|
147
|
-
end
|
148
|
-
|
149
|
-
# Otherwise, find where in the stack the application / Ruby code starts
|
150
|
-
start = caller(0, 20)&.find_index { |stack| !stack.include?('/lib/contrast') }
|
151
|
-
# And then use that to build out the reported stacktrace, or a fallback if we couldn't find it.
|
152
|
-
@stack_trace = start ? caller(start + 1, 20) : caller(20, 20)
|
153
|
-
end
|
154
|
-
end
|
155
|
-
end
|
156
|
-
end
|
157
|
-
end
|
@@ -1,34 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/agent/assess/contrast_event'
|
5
|
-
require 'contrast/agent/assess/events/source_event'
|
6
|
-
require 'contrast/agent/assess/events/event_data'
|
7
|
-
|
8
|
-
module Contrast
|
9
|
-
module Agent
|
10
|
-
module Assess
|
11
|
-
module Events
|
12
|
-
# This module returns the event type appropriate to the given Node
|
13
|
-
module EventFactory
|
14
|
-
# This method returns the event type appropriate to the given Node
|
15
|
-
#
|
16
|
-
# @param event_data [Contrast::Agent::Assess::Events::EventData]
|
17
|
-
# @param source_type [String] the type of this source, from the
|
18
|
-
# source_node, or a KEY_TYPE if invoked for a map,
|
19
|
-
# @param source_name [String, nil] the name of this source, i.e.
|
20
|
-
# the key used to accessed if from a map or nil if a type like,
|
21
|
-
# @return [Contrast::Agent::Assess::Events::SourceEvent, Contrast::Agent::Assess::ContrastEvent]
|
22
|
-
def self.build event_data, source_type = nil, source_name = nil
|
23
|
-
case event_data.policy_node
|
24
|
-
when Contrast::Agent::Assess::Policy::SourceNode
|
25
|
-
Contrast::Agent::Assess::Events::SourceEvent.new(event_data, source_type, source_name)
|
26
|
-
when Contrast::Agent::Assess::Policy::PolicyNode
|
27
|
-
Contrast::Agent::Assess::ContrastEvent.new(event_data)
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
@@ -1,46 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/agent/assess/contrast_event'
|
5
|
-
require 'contrast/agent/reporting/reporting_events/finding_event'
|
6
|
-
require 'contrast/agent/reporting/reporting_events/finding_event_source'
|
7
|
-
require 'contrast/utils/string_utils'
|
8
|
-
|
9
|
-
module Contrast
|
10
|
-
module Agent
|
11
|
-
module Assess
|
12
|
-
module Events
|
13
|
-
# This class holds the data about an event in the application. We'll use it to build an event that TeamServer
|
14
|
-
# can consume if the object to which this event belongs ends in a trigger.
|
15
|
-
class SourceEvent < Contrast::Agent::Assess::ContrastEvent
|
16
|
-
# @return [Contrast::Agent::Request] our wrapper around the Rack::Request at the time this source
|
17
|
-
# was created
|
18
|
-
attr_reader :request
|
19
|
-
# @return [String] the name of the source if it comes from a map-like entity
|
20
|
-
attr_reader :source_name
|
21
|
-
# @return [String] the TeamServer understood type of source; i.e. parameter
|
22
|
-
attr_reader :source_type
|
23
|
-
# @return [Contrast::Agent::Reporting::FindingEventSource] the source of this trace
|
24
|
-
attr_reader :event_source
|
25
|
-
|
26
|
-
# @param event_data [Contrast::Agent::Assess::Events::EventData]
|
27
|
-
# @param source_type [String] the type of this source, from the source_node, or a KEY_TYPE if invoked for a
|
28
|
-
# Hash
|
29
|
-
# @param source_name [String, nil] the name of this source, i.e. the key used to accessed if from a Hash or
|
30
|
-
# nil if a type like
|
31
|
-
def initialize event_data, source_type = nil, source_name = nil
|
32
|
-
super(event_data)
|
33
|
-
@source_type = Contrast::Utils::StringUtils.force_utf8(source_type)
|
34
|
-
@source_name = Contrast::Utils::StringUtils.force_utf8(source_name)
|
35
|
-
@event_source = Contrast::Agent::Reporting::FindingEventSource.new(@source_type, @source_name)
|
36
|
-
@request = Contrast::Agent::REQUEST_TRACKER.current&.request
|
37
|
-
end
|
38
|
-
|
39
|
-
def parent_events
|
40
|
-
nil
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end
|
@@ -1,64 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/utils/object_share'
|
5
|
-
|
6
|
-
module Contrast
|
7
|
-
module Agent
|
8
|
-
module Protect
|
9
|
-
module Rule
|
10
|
-
# This module implements the cmdi-worth-watching-v2 check to determine whether input
|
11
|
-
# is IGNORED or WORTH_WATCHING. If WORTH_WATCHING => analyze at sink level.
|
12
|
-
# https://protect-spec.prod.dotnet.contsec.com/rules/cmd-injection.html#input-tracing
|
13
|
-
module CmdiWorthWatching
|
14
|
-
POSSIBLE_CHAINING_ELEMENTS = %w[& ; | $ < > `].cs__freeze
|
15
|
-
UNIX_COMMANDS = %w[
|
16
|
-
uname echo cat ping nestat nc whoami wget curl dir ls ps rm chmod cp kill
|
17
|
-
grep sleep mkdir pwd shutdown system touch timeout fetch bash sh
|
18
|
-
].cs__freeze
|
19
|
-
UNIX_PATHS = %w[tmp opt etc home mnt proc lib bin sbin sys usr var root run].cs__freeze
|
20
|
-
WINDOWS_COMMANDS = %w[
|
21
|
-
sc net reg cmd query cmd.exe powershell powershell.exe hostname ifconfig ipconfig netsh
|
22
|
-
netstat systeminfo sysinfo whoami wscript cscript wmic PowerShell_ISE pskill psexec qprocess
|
23
|
-
regedit regini rename winrm wpeutil ntdsutil taskkill certutil mapisend shellrunas
|
24
|
-
].cs__freeze
|
25
|
-
# This method will determine if a user input is Worth watching and return true if it is.
|
26
|
-
# This is done by running checks, and if the inputs is worth to watch it would be
|
27
|
-
# saved for the later sink cmdi input analysis.
|
28
|
-
#
|
29
|
-
# @param input [String] the user input to be inspected
|
30
|
-
# @return true | false
|
31
|
-
def cmdi_worth_watching? input
|
32
|
-
return false if input.nil? || input.empty? || input.length < 3
|
33
|
-
|
34
|
-
exploitable?(input) && worth_watching?(input)
|
35
|
-
end
|
36
|
-
|
37
|
-
private
|
38
|
-
|
39
|
-
# This method will check if the input is exploitable
|
40
|
-
#
|
41
|
-
# @param input [String] the user input to be inspected
|
42
|
-
def exploitable? input
|
43
|
-
contains_substring?(input, POSSIBLE_CHAINING_ELEMENTS)
|
44
|
-
end
|
45
|
-
|
46
|
-
def worth_watching? input
|
47
|
-
return true if contains_substring?(input, UNIX_COMMANDS)
|
48
|
-
return true if contains_substring?(input, UNIX_PATHS)
|
49
|
-
return true if contains_substring?(input, WINDOWS_COMMANDS)
|
50
|
-
|
51
|
-
false
|
52
|
-
end
|
53
|
-
|
54
|
-
def contains_substring? input, values
|
55
|
-
return true if values.any? { |val| input.include?(val) }
|
56
|
-
return true if values.include?(Contrast::Utils::ObjectShare::SPACE)
|
57
|
-
|
58
|
-
false
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
@@ -1,118 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/utils/object_share'
|
5
|
-
|
6
|
-
module Contrast
|
7
|
-
module Agent
|
8
|
-
module Protect
|
9
|
-
module Rule
|
10
|
-
# This module implements the sqli-worth-watching-v2 check to determine whether input
|
11
|
-
# is IGNORED or WORTH_WATCHING. If WORTH_WATCHING => analyze at sink level.
|
12
|
-
# https://protect-spec.prod.dotnet.contsec.com/rules/sql-injection.html#input-tracing
|
13
|
-
module SqliWorthWatching
|
14
|
-
COLOR_CODE = /^#[0-9A-Fa-f]{6}$/.cs__freeze
|
15
|
-
ALPHA_NUMERIC_AND_SPACES = /^+[a-zA-Z\d\s]+$/.cs__freeze
|
16
|
-
OR_CLAUSE = /[oO][rR]/.cs__freeze
|
17
|
-
EXPLOITABLE_SUBSTRING = %w[# -- // /*].cs__freeze
|
18
|
-
SUSPICIOUS_CHARS = %w[` " \' ; - % , ( ) | { } =].cs__freeze
|
19
|
-
SQL_COMMENTS = %w[# /* */ // -- @@].cs__freeze
|
20
|
-
BLOCK_START = '/*'.cs__freeze
|
21
|
-
BLOCK_END = '*/'.cs__freeze
|
22
|
-
SQL_KEYWORDS = %w[
|
23
|
-
alter begin between create case column_name
|
24
|
-
current_user delete drop exec execute from
|
25
|
-
group insert limit like merge order outfile
|
26
|
-
select session_user syslogins update union
|
27
|
-
UTL_INADDR UTL_HTTP
|
28
|
-
].cs__freeze
|
29
|
-
|
30
|
-
# This method will determine if a user input is Worth watching and return true if it is.
|
31
|
-
# This is done by running checks, and if the inputs is worth to watch it would be
|
32
|
-
# saved for the later sink sqli input analysis.
|
33
|
-
#
|
34
|
-
# @param input [String] the user input to be inspected
|
35
|
-
# @return true | false
|
36
|
-
def sqli_worth_watching? input
|
37
|
-
return false if input.nil? || input.empty?
|
38
|
-
|
39
|
-
exploitable?(input) && (
|
40
|
-
input.match?(OR_CLAUSE) || sql_comments?(input) || suspicious_chars?(input) || language_keywords?(input)
|
41
|
-
)
|
42
|
-
end
|
43
|
-
|
44
|
-
private
|
45
|
-
|
46
|
-
# Check if input is exploitable, with min length set to 3 chars
|
47
|
-
#
|
48
|
-
# @param input [String] the user input to be inspected
|
49
|
-
# @return true | false
|
50
|
-
def exploitable? input
|
51
|
-
return false if input.length < 3 && input.match?(ALPHA_NUMERIC_AND_SPACES)
|
52
|
-
return false if input.length == 3 && !contains_substring?(input, EXPLOITABLE_SUBSTRING)
|
53
|
-
return false if input.length == 7 && input.match?(COLOR_CODE)
|
54
|
-
|
55
|
-
true
|
56
|
-
end
|
57
|
-
|
58
|
-
# Check if input contains sqli comments:
|
59
|
-
# '# /* */ // -- @@'
|
60
|
-
#
|
61
|
-
# @param input [String] the user input to be inspected
|
62
|
-
# @return true | false
|
63
|
-
def sql_comments? input
|
64
|
-
input.length >= 3 && contains_substring?(input, SQL_COMMENTS)
|
65
|
-
end
|
66
|
-
|
67
|
-
# Check if input contains block comments starting and
|
68
|
-
# ending with '/*..*/'
|
69
|
-
#
|
70
|
-
# @param input [String] the user input to be inspected
|
71
|
-
# @return true | false
|
72
|
-
def block_comments? input
|
73
|
-
idx1 = input.index(BLOCK_START)
|
74
|
-
idx2 = input.index(BLOCK_END)
|
75
|
-
|
76
|
-
return false if idx1.nil? || idx2.nil?
|
77
|
-
|
78
|
-
(idx1 >= 0 && idx2 >= 2 && (idx1 < idx2))
|
79
|
-
end
|
80
|
-
|
81
|
-
# Runs the input against suspicious chars array.
|
82
|
-
#
|
83
|
-
# @param input [String] the user input to be inspected
|
84
|
-
# @return true | false
|
85
|
-
def suspicious_chars? input
|
86
|
-
input.length >= 7 && (number_of_substrings(input, SUSPICIOUS_CHARS) >= 2 || block_comments?(input))
|
87
|
-
end
|
88
|
-
|
89
|
-
# Runs the input against SQL language preserved words.
|
90
|
-
#
|
91
|
-
# @param input [String] the user input to be inspected
|
92
|
-
# @return true | false
|
93
|
-
def language_keywords? input
|
94
|
-
contains_substring?(input, SQL_KEYWORDS)
|
95
|
-
end
|
96
|
-
|
97
|
-
# Helper method to find a substrings in given input.
|
98
|
-
#
|
99
|
-
# @param substrings [Array] set of substrings to inspect.
|
100
|
-
# @return true | false
|
101
|
-
def contains_substring? input, substrings
|
102
|
-
substrings.any? { |sub| input.include?(sub) }
|
103
|
-
end
|
104
|
-
|
105
|
-
# Helper method to find the number of substrings.
|
106
|
-
#
|
107
|
-
# @param input [String] the user input to be inspected
|
108
|
-
# @return number [Integer] Number of substrings
|
109
|
-
def number_of_substrings input, substring
|
110
|
-
number = 0
|
111
|
-
input.each_char.reduce(0) { |_acc, elem| number += 1 if contains_substring?(elem, substring) }
|
112
|
-
number
|
113
|
-
end
|
114
|
-
end
|
115
|
-
end
|
116
|
-
end
|
117
|
-
end
|
118
|
-
end
|
@@ -1,45 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
module Contrast
|
5
|
-
module Agent
|
6
|
-
module Protect
|
7
|
-
module Rule
|
8
|
-
# Here will be made the match of the user input provided by the
|
9
|
-
# Agent InputAnalysis.
|
10
|
-
module UnsafeFileUploadMatcher
|
11
|
-
# EXPLOIT_CHARS = %w[.. ; � < > ~ *].cs__freeze # rubocop:disable Style/AsciiComments
|
12
|
-
# # Extensions that can be executed on the server side or can be dangerous on the client side:
|
13
|
-
# # https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload
|
14
|
-
# EXPLOITABLE_EXTENSIONS = %w[.php .exe .rb .jsp .pht .phtml .shtml .asa .cer .asax .swf .xap].cs__freeze
|
15
|
-
#
|
16
|
-
# # Match the user input to see if the filename
|
17
|
-
# # contains malicious file extension.
|
18
|
-
# #
|
19
|
-
# # @param input [String] The filename
|
20
|
-
# # extracted from the current request
|
21
|
-
# # @return true | false
|
22
|
-
# def unsafe_match? input
|
23
|
-
# suspicious_chars?(input) || suspicious_extensions?(input)
|
24
|
-
# end
|
25
|
-
#
|
26
|
-
# private
|
27
|
-
#
|
28
|
-
# # @param input [String] The filename
|
29
|
-
# # extracted from the current request
|
30
|
-
# # @return true | false
|
31
|
-
# def suspicious_chars? input
|
32
|
-
# input.chars.any? { |c| EXPLOIT_CHARS.include? c }
|
33
|
-
# end
|
34
|
-
#
|
35
|
-
# # @param input [String] The filename
|
36
|
-
# # extracted from the current request
|
37
|
-
# # @return true | false
|
38
|
-
# def suspicious_extensions? input
|
39
|
-
# EXPLOITABLE_EXTENSIONS.include? File.extname(input).downcase
|
40
|
-
# end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
@@ -1,47 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/agent/disable_reaction'
|
5
|
-
require 'contrast/components/logger'
|
6
|
-
|
7
|
-
module Contrast
|
8
|
-
module Agent
|
9
|
-
# Because communication between the Agent/Service and TeamServer can only be initiated by outbound connections
|
10
|
-
# from the Agent/Service, we must provide a mechanism for the TeamServer to direct the Agent to take a specific
|
11
|
-
# action. This action is referred to as a Reaction. This class is how we handle those Reaction messages.
|
12
|
-
module ReactionProcessor
|
13
|
-
extend Contrast::Components::Logger::InstanceMethods
|
14
|
-
|
15
|
-
# Process the given Reactions from the application settings based on what
|
16
|
-
# TeamServer has indicated. Each Reaction will result in a log message
|
17
|
-
# and, optionally, an action.
|
18
|
-
#
|
19
|
-
# @param application_settings [Contrast::Api::Settings::ApplicationSettings]
|
20
|
-
# those settings which the Service has relayed from TeamServer.
|
21
|
-
def self.process application_settings
|
22
|
-
return unless application_settings&.reactions&.any?
|
23
|
-
|
24
|
-
application_settings.reactions.each do |reaction|
|
25
|
-
# The enums are all uppercase, we need to downcase them before attempting to log.
|
26
|
-
level = if reaction.log_level.nil?
|
27
|
-
:error
|
28
|
-
else
|
29
|
-
reaction.log_level.name.downcase # rubocop:disable Security/Module/Name -- ruby logger builtin.
|
30
|
-
end
|
31
|
-
|
32
|
-
logger.with_level(level, reaction.message) if reaction.message
|
33
|
-
|
34
|
-
case reaction.operation
|
35
|
-
when Contrast::Api::Settings::Reaction::Operation::DISABLE
|
36
|
-
Contrast::Agent::DisableReaction.run(reaction, level)
|
37
|
-
when Contrast::Api::Settings::Reaction::Operation::NOOP
|
38
|
-
# NOOP
|
39
|
-
else
|
40
|
-
logger.warn('ReactionProcessor received a reaction with an unknown operation',
|
41
|
-
operation: reaction.operation)
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end
|
47
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/agent/reporting/reporting_events/server_reporting_event'
|
5
|
-
|
6
|
-
module Contrast
|
7
|
-
module Agent
|
8
|
-
module Reporting
|
9
|
-
# This class will initialize empty ServerActivity body to be send to TS. The server activity endpoint records
|
10
|
-
# actions taken on the server or process as a whole. It currently only reports the number of times a defensive
|
11
|
-
# action was taken and is most likely not populated by most agents. The main purpose of sending this message is
|
12
|
-
# for its response, which contains any updated server feature settings from TeamServer. The new Server Settings
|
13
|
-
# endpoint should let us remove this.
|
14
|
-
class ServerActivity < Contrast::Agent::Reporting::ServerReportingEvent
|
15
|
-
def initialize
|
16
|
-
@event_method = :PUT
|
17
|
-
@event_endpoint = "#{ Contrast::API.api_url }/api/ng/activity/server"
|
18
|
-
super
|
19
|
-
end
|
20
|
-
|
21
|
-
def file_name
|
22
|
-
'server-activity'
|
23
|
-
end
|
24
|
-
|
25
|
-
# Convert the instance variables on the class, and other information, into the identifiers required for
|
26
|
-
# TeamServer to process the JSON form of this message.
|
27
|
-
#
|
28
|
-
# @return [Hash]
|
29
|
-
# @raise [ArgumentError]
|
30
|
-
def to_controlled_hash
|
31
|
-
{ lastUpdate: since_last_update }
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
@@ -1,35 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/agent/worker_thread'
|
5
|
-
require 'contrast/agent/reporting/report'
|
6
|
-
|
7
|
-
module Contrast
|
8
|
-
module Agent
|
9
|
-
# The ServiceHeartbeat functions to keep the Contrast Service alive and ensure that it maintains this Agent's
|
10
|
-
# ApplicationContext.
|
11
|
-
class ServiceHeartbeat < WorkerThread
|
12
|
-
# Spec recommends 30 seconds, we're going with 15.
|
13
|
-
REFRESH_INTERVAL_SEC = 15
|
14
|
-
|
15
|
-
def start_thread!
|
16
|
-
return if ::Contrast::CONTRAST_SERVICE.unnecessary?
|
17
|
-
return if running?
|
18
|
-
|
19
|
-
@_thread = Contrast::Agent::Thread.new do
|
20
|
-
logger.info('Starting heartbeat thread.')
|
21
|
-
loop do
|
22
|
-
logger.info("Queue Size: #{ Contrast::Agent.messaging_queue&.queue&.length }")
|
23
|
-
Contrast::Agent.messaging_queue&.send_event_eventually(poll_message)
|
24
|
-
clean_properties
|
25
|
-
sleep(REFRESH_INTERVAL_SEC)
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
def poll_message
|
31
|
-
@_poll_message ||= Contrast::Api::Dtm::Poll.new
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|