contrast-agent 6.7.0 → 6.9.0

data/lib/contrast/tasks/service.rb

@@ -1,84 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'contrast/utils/os'
-
-module Contrast
-  # A Rake task designed to allow control of the Contrast Service as a stand
-  # alone executable rather than one managed by the Agent running in a process
-  # forked from the application
-  module Service
-    extend Rake::DSL
-    # Start the service if it is not already running
-    def self.start_service
-      puts('Starting Contrast Service')
-      service_log = ::Contrast::CONTRAST_SERVICE.logger_path
-      if File.writable?(service_log)
-        spawn('contrast_service', out: File::NULL, err: service_log)
-      else
-        spawn('contrast_service', %i[out err] => File::NULL)
-      end
-
-      watcher = Contrast::Agent::Thread.new do
-        sleep(0.05) until Contrast::Utils::OS.running?
-      end
-      watcher.join(1)
-      puts(Contrast::Utils::OS.running? ? 'Contrast Service started successfully.' : 'Contrast Service did not start.')
-    end
-
-    # Stop the service if it is running
-    def self.stop_service
-      pid = `ps aux | grep contrast-servic[e] | awk '{print $2}'`
-      `kill #{ pid }` if pid
-    end
-
-    namespace :contrast do
-      namespace :service do
-        desc 'Starts the Contrast Service'
-        task :start do
-          if Contrast::Utils::OS.running?
-            puts 'Contrast Service already running. No need to start'
-          else
-            start_service
-          end
-        end
-      end
-    end
-
-    namespace :contrast do
-      namespace :service do
-        desc 'Prints the status of the Contrast Service'
-        task :status do
-          if Contrast::Utils::OS.running?
-            puts 'online'
-          else
-            puts 'offline'
-          end
-        end
-      end
-    end
-
-    namespace :contrast do
-      namespace :service do
-        desc 'Stops the Contrast Service'
-        task :stop do
-          if Contrast::Utils::OS.running?
-            puts 'Stopping Contrast Service'
-            stop_service
-            watcher = Contrast::Agent::Thread.new do
-              sleep(0.05) while Contrast::Utils::OS.running?
-            end
-            watcher.join(1)
-            if Contrast::Utils::OS.running?
-              puts 'Contrast Service did not stop.'
-            else
-              puts 'Contrast Service stopped successfully.'
-            end
-          else
-            puts 'Contrast Service is not already running. No need to stop.'
-          end
-        end
-      end
-    end
-  end
-end

data/lib/contrast/utils/input_classification.rb

@@ -1,73 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'contrast/utils/object_share'
-require 'contrast/agent/reporting/input_analysis/input_type'
-require 'contrast/agent/reporting/input_analysis/score_level'
-require 'contrast/agent/protect/input_analyzer/input_analyzer'
-
-module Contrast
-  module Agent
-    module Protect
-      module Rule
-        # This module will include all the similar information for all input classifications
-        # between different rules
-        module InputClassificationBase
-          include Contrast::Agent::Reporting::InputType
-          include Contrast::Agent::Reporting::ScoreLevel
-
-          # Input Classification stage is done to determine if an user input is
-          # WORTHWATCHING or to be ignored.
-          #
-          # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
-          # @param value [String, Array<String>] the value of the input.
-          # @param input_analysis [Contrast::Agent::Reporting::InputAnalysis] Holds all the results from the
-          #                                                       agent analysis from the current
-          #                                                       Request.
-          # @return ia [Contrast::Agent::Reporting::InputAnalysis] with updated results.
-          def classify input_type, value, input_analysis # rubocop:disable Lint/UnusedMethodArgument
-            return false unless input_analysis.request
-
-            true
-          end
-
-          # Creates new isntance of InputAnalysisResult with basic info.
-          #
-          # @param rule_id [String] The name of the Protect Rule.
-          # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
-          # @param value [String, Array<String>] the value of the input.
-          # @param path [String] the path of the current request context.
-          #
-          # @return res [Contrast::Agent::Reporting::InputAnalysisResult]
-          def new_ia_result rule_id, input_type, path, value = nil
-            res = Contrast::Agent::Reporting::InputAnalysisResult.new
-            res.rule_id = rule_id
-            res.input_type = input_type
-            res.path = path
-            res.value = value
-            res
-          end
-
-          # This methods checks if input is value that matches a key in the input.
-          #
-          # @param request [Contrast::Agent::Request] the current request context.
-          # @param result [Contrast::Agent::Reporting::InputAnalysisResult] result to be updated.
-          # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
-          # @param value [String, Array<String>] the value of the input.
-          #
-          # @return result [Contrast::Agent::Reporting::InputAnalysisResult] updated with key result.
-          def add_needed_key request, result, input_type, value
-            case input_type
-            when COOKIE_VALUE
-              result.key = request.cookies.key(value)
-            when PARAMETER_VALUE
-              result.key = request.parameters.key(value)
-            else
-              result.key
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/protobuf/code_generator.rb

@@ -1,129 +0,0 @@
-require 'active_support/core_ext/module/aliasing'
-require 'protobuf/generators/file_generator'
-
-module Protobuf
-  class CodeGenerator
-
-    CodeGeneratorFatalError = Class.new(RuntimeError)
-
-    def self.fatal(message)
-      fail CodeGeneratorFatalError, message
-    end
-
-    def self.print_tag_warning_suppress
-      STDERR.puts "Suppress tag warning output with PB_NO_TAG_WARNINGS=1."
-      def self.print_tag_warning_suppress; end # rubocop:disable Lint/DuplicateMethods, Lint/NestedMethodDefinition
-    end
-
-    def self.warn(message)
-      STDERR.puts("[WARN] #{message}")
-    end
-
-    private
-
-    attr_accessor :request
-
-    public
-
-    def initialize(request_bytes)
-      @request_bytes = request_bytes
-      self.request = ::CSGoogle::Protobuf::Compiler::CodeGeneratorRequest.decode(request_bytes)
-    end
-
-    def eval_unknown_extensions!
-      request.proto_file.each do |file_descriptor|
-        ::Protobuf::Generators::FileGenerator.new(file_descriptor).eval_unknown_extensions!
-      end
-      self.request = ::CSGoogle::Protobuf::Compiler::CodeGeneratorRequest.decode(@request_bytes)
-    end
-
-    def generate_file(file_descriptor)
-      ::Protobuf::Generators::FileGenerator.new(file_descriptor).generate_output_file
-    end
-
-    def response_bytes
-      generated_files = request.proto_file.map do |file_descriptor|
-        generate_file(file_descriptor)
-      end
-
-      ::CSGoogle::Protobuf::Compiler::CodeGeneratorResponse.encode(
-        :file => generated_files,
-        :supported_features => supported_features,
-      )
-    end
-
-    def supported_features
-      # The only available feature is proto3 with optional fields.
-      # This is backwards compatible with proto2 optional fields.
-      ::CSGoogle::Protobuf::Compiler::CodeGeneratorResponse::Feature::FEATURE_PROTO3_OPTIONAL.to_i
-    end
-
-    Protobuf::Field::BaseField.module_eval do
-      def define_set_method!
-      end
-
-      def set_without_options(message_instance, bytes)
-        return message_instance[name] = decode(bytes) unless repeated?
-
-        if map?
-          hash = message_instance[name]
-          entry = decode(bytes)
-          # decoded value could be nil for an
-          # enum value that is not recognized
-          hash[entry.key] = entry.value unless entry.value.nil?
-          return hash[entry.key]
-        end
-
-        return message_instance[name] << decode(bytes) unless packed?
-
-        array = message_instance[name]
-        stream = StringIO.new(bytes)
-
-        if wire_type == ::Protobuf::WireType::VARINT
-          array << decode(Varint.decode(stream)) until stream.eof?
-        elsif wire_type == ::Protobuf::WireType::FIXED64
-          array << decode(stream.read(8)) until stream.eof?
-        elsif wire_type == ::Protobuf::WireType::FIXED32
-          array << decode(stream.read(4)) until stream.eof?
-        end
-      end
-
-      # Sets a MessageField that is known to be an option.
-      # We must allow fields to be set one at a time, as option syntax allows us to
-      # set each field within the option using a separate "option" line.
-      def set_with_options(message_instance, bytes)
-        if message_instance[name].is_a?(::Protobuf::Message)
-          gp = CSGoogle::Protobuf
-          if message_instance.is_a?(gp::EnumOptions) || message_instance.is_a?(gp::EnumValueOptions) ||
-             message_instance.is_a?(gp::FieldOptions) || message_instance.is_a?(gp::FileOptions) ||
-             message_instance.is_a?(gp::MethodOptions) || message_instance.is_a?(gp::ServiceOptions) ||
-             message_instance.is_a?(gp::MessageOptions)
-
-            original_field = message_instance[name]
-            decoded_field = decode(bytes)
-            decoded_field.each_field do |subfield, subvalue|
-              option_set(original_field, subfield, subvalue) { decoded_field.field?(subfield.tag) }
-            end
-            return
-          end
-        end
-
-        set_without_options(message_instance, bytes)
-      end
-      alias_method :set, :set_with_options
-
-      def option_set(message_field, subfield, subvalue)
-        return unless yield
-        if subfield.repeated?
-          message_field[subfield.tag].concat(subvalue)
-        elsif message_field[subfield.tag] && subvalue.is_a?(::Protobuf::Message)
-          subvalue.each_field do |f, v|
-            option_set(message_field[subfield.tag], f, v) { subvalue.field?(f.tag) }
-          end
-        else
-          message_field[subfield.tag] = subvalue
-        end
-      end
-    end
-  end
-end

data/lib/protobuf/decoder.rb

@@ -1,28 +0,0 @@
-module Protobuf
-  class Decoder
-
-    # Read bytes from +stream+ and pass to +message+ object.
-    def self.decode_each_field(stream)
-      until stream.eof?
-        bits = Varint.decode(stream)
-        wire_type = bits & 0x07
-        tag = bits >> 3
-
-        bytes = if wire_type == ::Protobuf::WireType::VARINT
-                  Varint.decode(stream)
-                elsif wire_type == ::Protobuf::WireType::LENGTH_DELIMITED
-                  value_length = Varint.decode(stream)
-                  stream.read(value_length)
-                elsif wire_type == ::Protobuf::WireType::FIXED64
-                  stream.read(8)
-                elsif wire_type == ::Protobuf::WireType::FIXED32
-                  stream.read(4)
-                else
-                  fail InvalidWireType, wire_type
-                end
-
-        yield(tag, bytes)
-      end
-    end
-  end
-end

data/lib/protobuf/deprecation.rb

@@ -1,117 +0,0 @@
-require 'active_support/deprecation'
-
-module Protobuf
-  if ::ActiveSupport::Deprecation.is_a?(Class)
-    class DeprecationBase < ::ActiveSupport::Deprecation
-      def deprecate_methods(*args)
-        deprecation_options = { :deprecator => self }
-
-        if args.last.is_a?(Hash)
-          args.last.merge!(deprecation_options)
-        else
-          args.push(deprecation_options)
-        end
-
-        super
-      end
-
-      def deprecation_warning(deprecated_method_name, message = nil, caller_backtrace = nil)
-        # This ensures ActiveSupport::Deprecation doesn't look for the caller, which is very costly.
-        super(deprecated_method_name, message, caller_backtrace) unless ENV.key?('PB_IGNORE_DEPRECATIONS')
-      end
-    end
-
-    class Deprecation < DeprecationBase
-      def define_deprecated_methods(target_module, method_hash)
-        target_module.module_eval do
-          method_hash.each do |old_method, new_method|
-            alias_method old_method, new_method
-          end
-        end
-
-        deprecate_methods(target_module, method_hash)
-      end
-    end
-
-    class FieldDeprecation < DeprecationBase
-      # this is a convenience deprecator for deprecated proto fields
-
-      def deprecate_method(target_module, method_name)
-        deprecate_methods(target_module, method_name => target_module)
-      end
-
-      private
-
-      def deprecated_method_warning(method_name, target_module)
-        "#{target_module.name}##{method_name} field usage is deprecated"
-      end
-    end
-  else
-    # TODO: remove this clause when Rails < 4 support is no longer needed
-    deprecator = ::ActiveSupport::Deprecation.clone
-    deprecator.instance_eval do
-      def new(deprecation_horizon = nil, *)
-        self.deprecation_horizon = deprecation_horizon if deprecation_horizon
-        self
-      end
-    end
-    Deprecation = deprecator.clone
-    FieldDeprecation = deprecator.clone
-
-    Deprecation.instance_eval do
-      def define_deprecated_methods(target_module, method_hash)
-        target_module.module_eval do
-          method_hash.each do |old_method, new_method|
-            alias_method old_method, new_method
-          end
-        end
-
-        deprecate_methods(target_module, method_hash)
-      end
-    end
-
-    FieldDeprecation.instance_eval do
-      def deprecate_method(target_module, method_name)
-        deprecate_methods(target_module, method_name => target_module)
-      end
-
-      private
-
-      def deprecated_method_warning(method_name, target_module)
-        "#{target_module.name}##{method_name} field usage is deprecated"
-      end
-    end
-  end
-
-  def self.deprecator
-    @deprecator ||= Deprecation.new('4.0', to_s).tap do |deprecation|
-      deprecation.silenced = ENV.key?('PB_IGNORE_DEPRECATIONS')
-      deprecation.behavior = :stderr
-    end
-  end
-
-  def self.field_deprecator
-    @field_deprecator ||= FieldDeprecation.new.tap do |deprecation|
-      deprecation.silenced = ENV.key?('PB_IGNORE_DEPRECATIONS')
-      deprecation.behavior = :stderr
-    end
-  end
-
-  # Print Deprecation Warnings
-  #
-  # Default: true
-  #
-  # Simple boolean to define whether we want field deprecation warnings to
-  # be printed to stderr or not. The rpc_server has an option to set this value
-  # explicitly, or you can turn this option off by setting
-  # ENV['PB_IGNORE_DEPRECATIONS'] to a non-empty value.
-  #
-  # The rpc_server option will override the ENV setting.
-  def self.print_deprecation_warnings?
-    !field_deprecator.silenced
-  end
-
-  def self.print_deprecation_warnings=(value)
-    field_deprecator.silenced = !value
-  end
-end

data/lib/protobuf/descriptors/google/protobuf/compiler/plugin.pb.rb

@@ -1,79 +0,0 @@
-# encoding: utf-8
-
-##
-# This file is auto-generated. DO NOT EDIT!
-#
-require 'protobuf'
-
-
-##
-# Imports
-#
-require 'google/protobuf/descriptor.pb'
-
-module CSGoogle
-  module Protobuf
-    module Compiler
-      ::Protobuf::Optionable.inject(self) { ::CSGoogle::Protobuf::FileOptions }
-
-      ##
-      # Message Classes
-      #
-      class Version < ::Protobuf::Message; end
-      class CodeGeneratorRequest < ::Protobuf::Message; end
-      class CodeGeneratorResponse < ::Protobuf::Message
-        class Feature < ::Protobuf::Enum
-          define :FEATURE_NONE, 0
-          define :FEATURE_PROTO3_OPTIONAL, 1
-        end
-
-        class File < ::Protobuf::Message; end
-
-      end
-
-
-
-      ##
-      # File Options
-      #
-      set_option :java_package, "com.google.protobuf.compiler"
-      set_option :java_outer_classname, "PluginProtos"
-      set_option :go_package, "google.golang.org/protobuf/types/pluginpb"
-
-
-      ##
-      # Message Fields
-      #
-      class Version
-        optional :int32, :major, 1
-        optional :int32, :minor, 2
-        optional :int32, :patch, 3
-        optional :string, :suffix, 4
-      end
-
-      class CodeGeneratorRequest
-        repeated :string, :file_to_generate, 1
-        optional :string, :parameter, 2
-        repeated ::CSGoogle::Protobuf::FileDescriptorProto, :proto_file, 15
-        optional ::CSGoogle::Protobuf::Compiler::Version, :compiler_version, 3
-      end
-
-      class CodeGeneratorResponse
-        class File
-          optional :string, :name, 1
-          optional :string, :insertion_point, 2
-          optional :string, :content, 15
-          optional ::CSGoogle::Protobuf::GeneratedCodeInfo, :generated_code_info, 16
-        end
-
-        optional :string, :error, 1
-        optional :uint64, :supported_features, 2
-        repeated ::CSGoogle::Protobuf::Compiler::CodeGeneratorResponse::File, :file, 15
-      end
-
-    end
-
-  end
-
-end
-