contrast-agent 6.7.0 → 6.9.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (280) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +0 -2
  3. data/.simplecov +0 -1
  4. data/Rakefile +0 -1
  5. data/ext/cs__assess_array/cs__assess_array.c +41 -10
  6. data/ext/cs__assess_array/cs__assess_array.h +4 -1
  7. data/lib/contrast/agent/assess/policy/trigger_method.rb +3 -3
  8. data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +1 -1
  9. data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
  10. data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +1 -1
  11. data/lib/contrast/agent/assess/property/evented.rb +11 -11
  12. data/lib/contrast/agent/assess.rb +0 -1
  13. data/lib/contrast/agent/excluder.rb +53 -35
  14. data/lib/contrast/agent/exclusion_matcher.rb +21 -9
  15. data/lib/contrast/agent/middleware.rb +12 -6
  16. data/lib/contrast/agent/patching/policy/after_load_patcher.rb +6 -0
  17. data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +146 -127
  18. data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb +116 -0
  19. data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +20 -0
  20. data/lib/contrast/agent/protect/policy/rule_applicator.rb +1 -1
  21. data/lib/contrast/agent/protect/rule/base.rb +47 -55
  22. data/lib/contrast/agent/protect/rule/base_service.rb +48 -24
  23. data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb +98 -0
  24. data/lib/contrast/agent/protect/rule/bot_blocker.rb +81 -0
  25. data/lib/contrast/agent/protect/rule/cmd_injection.rb +20 -2
  26. data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb +8 -5
  27. data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb +22 -22
  28. data/lib/contrast/agent/protect/rule/cmdi/cmdi_chained_command.rb +64 -0
  29. data/lib/contrast/agent/protect/rule/cmdi/cmdi_dangerous_path.rb +63 -0
  30. data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +2 -58
  31. data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
  32. data/lib/contrast/agent/protect/rule/deserialization.rb +3 -14
  33. data/lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb +2 -2
  34. data/lib/contrast/agent/protect/rule/http_method_tampering.rb +0 -11
  35. data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +29 -34
  36. data/lib/contrast/agent/protect/rule/no_sqli.rb +25 -18
  37. data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_input_classification.rb +61 -0
  38. data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb +114 -0
  39. data/lib/contrast/agent/protect/rule/path_traversal.rb +40 -13
  40. data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +33 -15
  41. data/lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb +0 -14
  42. data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +2 -62
  43. data/lib/contrast/agent/protect/rule/sqli.rb +74 -3
  44. data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +39 -63
  45. data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +6 -33
  46. data/lib/contrast/agent/protect/rule/xss/reflected_xss_input_classification.rb +58 -0
  47. data/lib/contrast/agent/protect/rule/xss.rb +15 -20
  48. data/lib/contrast/agent/protect/rule/xxe.rb +4 -24
  49. data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +19 -40
  50. data/lib/contrast/agent/reporting/attack_result/response_type.rb +9 -9
  51. data/lib/contrast/agent/reporting/details/ip_denylist_details.rb +10 -2
  52. data/lib/contrast/agent/reporting/details/virtual_patch_details.rb +8 -2
  53. data/lib/contrast/agent/reporting/input_analysis/details/bot_blocker_details.rb +27 -0
  54. data/lib/contrast/agent/reporting/input_analysis/details/protect_rule_details.rb +15 -0
  55. data/lib/contrast/agent/reporting/input_analysis/input_analysis.rb +1 -2
  56. data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb +16 -2
  57. data/lib/contrast/agent/reporting/masker/masker.rb +2 -0
  58. data/lib/contrast/agent/reporting/report.rb +1 -0
  59. data/lib/contrast/agent/reporting/reporter.rb +35 -14
  60. data/lib/contrast/agent/reporting/reporter_heartbeat.rb +3 -9
  61. data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +16 -13
  62. data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +12 -7
  63. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +3 -3
  64. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +1 -2
  65. data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +6 -1
  66. data/lib/contrast/agent/reporting/reporting_events/application_update.rb +0 -2
  67. data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +0 -1
  68. data/lib/contrast/agent/reporting/reporting_events/finding.rb +6 -6
  69. data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +239 -93
  70. data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +10 -23
  71. data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +10 -9
  72. data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +0 -5
  73. data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +0 -1
  74. data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +12 -0
  75. data/lib/contrast/agent/reporting/reporting_events/poll.rb +1 -11
  76. data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +0 -1
  77. data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +0 -1
  78. data/lib/contrast/agent/reporting/reporting_events/server_reporting_event.rb +8 -0
  79. data/lib/contrast/agent/reporting/reporting_events/server_settings.rb +40 -0
  80. data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +2 -2
  81. data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +6 -0
  82. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +43 -1
  83. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +8 -4
  84. data/lib/contrast/agent/reporting/reporting_utilities/response.rb +1 -1
  85. data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +58 -4
  86. data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +4 -6
  87. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +77 -16
  88. data/lib/contrast/agent/reporting/server_settings_worker.rb +44 -0
  89. data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +14 -2
  90. data/lib/contrast/agent/reporting/settings/code_exclusion.rb +6 -1
  91. data/lib/contrast/agent/reporting/settings/exclusion_base.rb +18 -0
  92. data/lib/contrast/agent/reporting/settings/exclusions.rb +2 -1
  93. data/lib/contrast/agent/reporting/settings/helpers.rb +7 -0
  94. data/lib/contrast/agent/reporting/settings/input_exclusion.rb +9 -3
  95. data/lib/contrast/agent/reporting/settings/protect.rb +15 -15
  96. data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +39 -2
  97. data/lib/contrast/agent/reporting/settings/rule_definition.rb +3 -0
  98. data/lib/contrast/agent/reporting/settings/security_logger.rb +77 -0
  99. data/lib/contrast/agent/reporting/settings/server_features.rb +9 -0
  100. data/lib/contrast/agent/reporting/settings/syslog.rb +34 -5
  101. data/lib/contrast/agent/request.rb +3 -14
  102. data/lib/contrast/agent/request_context.rb +6 -9
  103. data/lib/contrast/agent/request_context_extend.rb +9 -148
  104. data/lib/contrast/agent/request_handler.rb +5 -10
  105. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +1 -1
  106. data/lib/contrast/agent/thread_watcher.rb +37 -18
  107. data/lib/contrast/agent/version.rb +1 -1
  108. data/lib/contrast/agent.rb +6 -11
  109. data/lib/contrast/agent_lib/api/command_injection.rb +46 -0
  110. data/lib/contrast/agent_lib/api/init.rb +101 -0
  111. data/lib/contrast/agent_lib/api/input_tracing.rb +267 -0
  112. data/lib/contrast/agent_lib/api/method_tempering.rb +29 -0
  113. data/lib/contrast/agent_lib/api/panic.rb +87 -0
  114. data/lib/contrast/agent_lib/api/path_semantic_file_security_bypass.rb +40 -0
  115. data/lib/contrast/agent_lib/interface.rb +260 -0
  116. data/lib/contrast/agent_lib/interface_base.rb +118 -0
  117. data/lib/contrast/agent_lib/return_types/eval_result.rb +44 -0
  118. data/lib/contrast/agent_lib/test.rb +29 -0
  119. data/lib/contrast/api/communication/connection_status.rb +20 -5
  120. data/lib/contrast/components/agent.rb +34 -14
  121. data/lib/contrast/components/api.rb +23 -0
  122. data/lib/contrast/components/app_context.rb +23 -5
  123. data/lib/contrast/components/app_context_extend.rb +0 -25
  124. data/lib/contrast/components/assess.rb +34 -4
  125. data/lib/contrast/components/assess_rules.rb +18 -0
  126. data/lib/contrast/components/base.rb +40 -0
  127. data/lib/contrast/components/config/sources.rb +95 -0
  128. data/lib/contrast/components/config.rb +19 -19
  129. data/lib/contrast/components/heap_dump.rb +10 -0
  130. data/lib/contrast/components/inventory.rb +15 -2
  131. data/lib/contrast/components/logger.rb +18 -0
  132. data/lib/contrast/components/polling.rb +36 -0
  133. data/lib/contrast/components/protect.rb +52 -2
  134. data/lib/contrast/components/ruby_component.rb +16 -1
  135. data/lib/contrast/components/sampling.rb +70 -13
  136. data/lib/contrast/components/security_logger.rb +13 -0
  137. data/lib/contrast/components/settings.rb +105 -90
  138. data/lib/contrast/config/certification_configuration.rb +14 -0
  139. data/lib/contrast/config/config.rb +46 -0
  140. data/lib/contrast/config/diagnostics.rb +114 -0
  141. data/lib/contrast/config/diagnostics_tools.rb +98 -0
  142. data/lib/contrast/config/effective_config.rb +65 -0
  143. data/lib/contrast/config/effective_config_value.rb +32 -0
  144. data/lib/contrast/config/exception_configuration.rb +12 -0
  145. data/lib/contrast/config/protect_rule_configuration.rb +8 -8
  146. data/lib/contrast/config/protect_rules_configuration.rb +23 -60
  147. data/lib/contrast/config/request_audit_configuration.rb +13 -0
  148. data/lib/contrast/config/server_configuration.rb +41 -2
  149. data/lib/contrast/configuration.rb +29 -12
  150. data/lib/contrast/extension/assess/array.rb +9 -0
  151. data/lib/contrast/extension/assess/erb.rb +1 -1
  152. data/lib/contrast/extension/delegator.rb +2 -0
  153. data/lib/contrast/framework/manager.rb +3 -1
  154. data/lib/contrast/framework/rails/railtie.rb +0 -1
  155. data/lib/contrast/framework/rails/support.rb +0 -1
  156. data/lib/contrast/tasks/config.rb +1 -8
  157. data/lib/contrast/utils/assess/event_limit_utils.rb +31 -9
  158. data/lib/contrast/utils/assess/trigger_method_utils.rb +5 -4
  159. data/lib/contrast/utils/duck_utils.rb +1 -0
  160. data/lib/contrast/utils/hash_digest.rb +2 -2
  161. data/lib/contrast/utils/input_classification_base.rb +155 -0
  162. data/lib/contrast/utils/os.rb +0 -20
  163. data/lib/contrast/utils/reporting/application_activity_batch_utils.rb +81 -0
  164. data/lib/contrast/utils/response_utils.rb +0 -16
  165. data/lib/contrast/utils/routes_sent.rb +60 -0
  166. data/lib/contrast/utils/stack_trace_utils.rb +3 -15
  167. data/lib/contrast/utils/string_utils.rb +10 -7
  168. data/lib/contrast/utils/telemetry_client.rb +1 -2
  169. data/lib/contrast/utils/timer.rb +16 -0
  170. data/lib/contrast.rb +5 -4
  171. data/resources/protect/policy.json +1 -2
  172. data/ruby-agent.gemspec +7 -6
  173. metadata +69 -130
  174. data/exe/contrast_service +0 -23
  175. data/lib/contrast/agent/assess/contrast_event.rb +0 -157
  176. data/lib/contrast/agent/assess/events/event_factory.rb +0 -34
  177. data/lib/contrast/agent/assess/events/source_event.rb +0 -46
  178. data/lib/contrast/agent/protect/rule/cmdi/cmdi_worth_watching.rb +0 -64
  179. data/lib/contrast/agent/protect/rule/sqli/sqli_worth_watching.rb +0 -118
  180. data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_matcher.rb +0 -45
  181. data/lib/contrast/agent/reaction_processor.rb +0 -47
  182. data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +0 -36
  183. data/lib/contrast/agent/service_heartbeat.rb +0 -35
  184. data/lib/contrast/api/communication/messaging_queue.rb +0 -128
  185. data/lib/contrast/api/communication/response_processor.rb +0 -90
  186. data/lib/contrast/api/communication/service_lifecycle.rb +0 -77
  187. data/lib/contrast/api/communication/socket.rb +0 -44
  188. data/lib/contrast/api/communication/socket_client.rb +0 -130
  189. data/lib/contrast/api/communication/speedracer.rb +0 -138
  190. data/lib/contrast/api/communication/tcp_socket.rb +0 -32
  191. data/lib/contrast/api/communication/unix_socket.rb +0 -28
  192. data/lib/contrast/api/communication.rb +0 -20
  193. data/lib/contrast/api/decorators/address.rb +0 -59
  194. data/lib/contrast/api/decorators/agent_startup.rb +0 -56
  195. data/lib/contrast/api/decorators/application_settings.rb +0 -43
  196. data/lib/contrast/api/decorators/application_startup.rb +0 -56
  197. data/lib/contrast/api/decorators/bot_blocker.rb +0 -37
  198. data/lib/contrast/api/decorators/http_request.rb +0 -137
  199. data/lib/contrast/api/decorators/input_analysis.rb +0 -18
  200. data/lib/contrast/api/decorators/instrumentation_mode.rb +0 -35
  201. data/lib/contrast/api/decorators/ip_denylist.rb +0 -37
  202. data/lib/contrast/api/decorators/message.rb +0 -67
  203. data/lib/contrast/api/decorators/rasp_rule_sample.rb +0 -52
  204. data/lib/contrast/api/decorators/response_type.rb +0 -17
  205. data/lib/contrast/api/decorators/server_features.rb +0 -25
  206. data/lib/contrast/api/decorators/user_input.rb +0 -51
  207. data/lib/contrast/api/decorators/virtual_patch.rb +0 -34
  208. data/lib/contrast/api/decorators.rb +0 -22
  209. data/lib/contrast/api/dtm.pb.rb +0 -363
  210. data/lib/contrast/api/settings.pb.rb +0 -500
  211. data/lib/contrast/api.rb +0 -16
  212. data/lib/contrast/components/contrast_service.rb +0 -88
  213. data/lib/contrast/components/service.rb +0 -55
  214. data/lib/contrast/tasks/service.rb +0 -84
  215. data/lib/contrast/utils/input_classification.rb +0 -73
  216. data/lib/protobuf/code_generator.rb +0 -129
  217. data/lib/protobuf/decoder.rb +0 -28
  218. data/lib/protobuf/deprecation.rb +0 -117
  219. data/lib/protobuf/descriptors/google/protobuf/compiler/plugin.pb.rb +0 -79
  220. data/lib/protobuf/descriptors/google/protobuf/descriptor.pb.rb +0 -360
  221. data/lib/protobuf/descriptors.rb +0 -3
  222. data/lib/protobuf/encoder.rb +0 -11
  223. data/lib/protobuf/enum.rb +0 -365
  224. data/lib/protobuf/exceptions.rb +0 -9
  225. data/lib/protobuf/field/base_field.rb +0 -380
  226. data/lib/protobuf/field/base_field_object_definitions.rb +0 -504
  227. data/lib/protobuf/field/bool_field.rb +0 -64
  228. data/lib/protobuf/field/bytes_field.rb +0 -67
  229. data/lib/protobuf/field/double_field.rb +0 -25
  230. data/lib/protobuf/field/enum_field.rb +0 -56
  231. data/lib/protobuf/field/field_array.rb +0 -102
  232. data/lib/protobuf/field/field_hash.rb +0 -122
  233. data/lib/protobuf/field/fixed32_field.rb +0 -25
  234. data/lib/protobuf/field/fixed64_field.rb +0 -28
  235. data/lib/protobuf/field/float_field.rb +0 -43
  236. data/lib/protobuf/field/int32_field.rb +0 -21
  237. data/lib/protobuf/field/int64_field.rb +0 -34
  238. data/lib/protobuf/field/integer_field.rb +0 -23
  239. data/lib/protobuf/field/message_field.rb +0 -51
  240. data/lib/protobuf/field/sfixed32_field.rb +0 -27
  241. data/lib/protobuf/field/sfixed64_field.rb +0 -28
  242. data/lib/protobuf/field/signed_integer_field.rb +0 -29
  243. data/lib/protobuf/field/sint32_field.rb +0 -21
  244. data/lib/protobuf/field/sint64_field.rb +0 -21
  245. data/lib/protobuf/field/string_field.rb +0 -51
  246. data/lib/protobuf/field/uint32_field.rb +0 -21
  247. data/lib/protobuf/field/uint64_field.rb +0 -21
  248. data/lib/protobuf/field/varint_field.rb +0 -77
  249. data/lib/protobuf/field.rb +0 -74
  250. data/lib/protobuf/generators/base.rb +0 -85
  251. data/lib/protobuf/generators/enum_generator.rb +0 -39
  252. data/lib/protobuf/generators/extension_generator.rb +0 -27
  253. data/lib/protobuf/generators/field_generator.rb +0 -193
  254. data/lib/protobuf/generators/file_generator.rb +0 -262
  255. data/lib/protobuf/generators/group_generator.rb +0 -122
  256. data/lib/protobuf/generators/message_generator.rb +0 -104
  257. data/lib/protobuf/generators/option_generator.rb +0 -17
  258. data/lib/protobuf/generators/printable.rb +0 -160
  259. data/lib/protobuf/generators/service_generator.rb +0 -50
  260. data/lib/protobuf/lifecycle.rb +0 -33
  261. data/lib/protobuf/logging.rb +0 -39
  262. data/lib/protobuf/message/fields.rb +0 -233
  263. data/lib/protobuf/message/serialization.rb +0 -85
  264. data/lib/protobuf/message.rb +0 -241
  265. data/lib/protobuf/optionable.rb +0 -72
  266. data/lib/protobuf/tasks/compile.rake +0 -80
  267. data/lib/protobuf/tasks.rb +0 -1
  268. data/lib/protobuf/varint.rb +0 -20
  269. data/lib/protobuf/varint_pure.rb +0 -31
  270. data/lib/protobuf/version.rb +0 -3
  271. data/lib/protobuf/wire_type.rb +0 -10
  272. data/lib/protobuf.rb +0 -91
  273. data/proto/dynamic_discovery.proto +0 -46
  274. data/proto/google/protobuf/compiler/plugin.proto +0 -183
  275. data/proto/google/protobuf/descriptor.proto +0 -911
  276. data/proto/rpc.proto +0 -71
  277. data/service_executables/.gitkeep +0 -0
  278. data/service_executables/VERSION +0 -1
  279. data/service_executables/linux/contrast-service +0 -0
  280. data/service_executables/mac/contrast-service +0 -0
@@ -1,84 +0,0 @@
1
- # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
- # frozen_string_literal: true
3
-
4
- require 'contrast/utils/os'
5
-
6
- module Contrast
7
- # A Rake task designed to allow control of the Contrast Service as a stand
8
- # alone executable rather than one managed by the Agent running in a process
9
- # forked from the application
10
- module Service
11
- extend Rake::DSL
12
- # Start the service if it is not already running
13
- def self.start_service
14
- puts('Starting Contrast Service')
15
- service_log = ::Contrast::CONTRAST_SERVICE.logger_path
16
- if File.writable?(service_log)
17
- spawn('contrast_service', out: File::NULL, err: service_log)
18
- else
19
- spawn('contrast_service', %i[out err] => File::NULL)
20
- end
21
-
22
- watcher = Contrast::Agent::Thread.new do
23
- sleep(0.05) until Contrast::Utils::OS.running?
24
- end
25
- watcher.join(1)
26
- puts(Contrast::Utils::OS.running? ? 'Contrast Service started successfully.' : 'Contrast Service did not start.')
27
- end
28
-
29
- # Stop the service if it is running
30
- def self.stop_service
31
- pid = `ps aux | grep contrast-servic[e] | awk '{print $2}'`
32
- `kill #{ pid }` if pid
33
- end
34
-
35
- namespace :contrast do
36
- namespace :service do
37
- desc 'Starts the Contrast Service'
38
- task :start do
39
- if Contrast::Utils::OS.running?
40
- puts 'Contrast Service already running. No need to start'
41
- else
42
- start_service
43
- end
44
- end
45
- end
46
- end
47
-
48
- namespace :contrast do
49
- namespace :service do
50
- desc 'Prints the status of the Contrast Service'
51
- task :status do
52
- if Contrast::Utils::OS.running?
53
- puts 'online'
54
- else
55
- puts 'offline'
56
- end
57
- end
58
- end
59
- end
60
-
61
- namespace :contrast do
62
- namespace :service do
63
- desc 'Stops the Contrast Service'
64
- task :stop do
65
- if Contrast::Utils::OS.running?
66
- puts 'Stopping Contrast Service'
67
- stop_service
68
- watcher = Contrast::Agent::Thread.new do
69
- sleep(0.05) while Contrast::Utils::OS.running?
70
- end
71
- watcher.join(1)
72
- if Contrast::Utils::OS.running?
73
- puts 'Contrast Service did not stop.'
74
- else
75
- puts 'Contrast Service stopped successfully.'
76
- end
77
- else
78
- puts 'Contrast Service is not already running. No need to stop.'
79
- end
80
- end
81
- end
82
- end
83
- end
84
- end
@@ -1,73 +0,0 @@
1
- # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
- # frozen_string_literal: true
3
-
4
- require 'contrast/utils/object_share'
5
- require 'contrast/agent/reporting/input_analysis/input_type'
6
- require 'contrast/agent/reporting/input_analysis/score_level'
7
- require 'contrast/agent/protect/input_analyzer/input_analyzer'
8
-
9
- module Contrast
10
- module Agent
11
- module Protect
12
- module Rule
13
- # This module will include all the similar information for all input classifications
14
- # between different rules
15
- module InputClassificationBase
16
- include Contrast::Agent::Reporting::InputType
17
- include Contrast::Agent::Reporting::ScoreLevel
18
-
19
- # Input Classification stage is done to determine if an user input is
20
- # WORTHWATCHING or to be ignored.
21
- #
22
- # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
23
- # @param value [String, Array<String>] the value of the input.
24
- # @param input_analysis [Contrast::Agent::Reporting::InputAnalysis] Holds all the results from the
25
- # agent analysis from the current
26
- # Request.
27
- # @return ia [Contrast::Agent::Reporting::InputAnalysis] with updated results.
28
- def classify input_type, value, input_analysis # rubocop:disable Lint/UnusedMethodArgument
29
- return false unless input_analysis.request
30
-
31
- true
32
- end
33
-
34
- # Creates new isntance of InputAnalysisResult with basic info.
35
- #
36
- # @param rule_id [String] The name of the Protect Rule.
37
- # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
38
- # @param value [String, Array<String>] the value of the input.
39
- # @param path [String] the path of the current request context.
40
- #
41
- # @return res [Contrast::Agent::Reporting::InputAnalysisResult]
42
- def new_ia_result rule_id, input_type, path, value = nil
43
- res = Contrast::Agent::Reporting::InputAnalysisResult.new
44
- res.rule_id = rule_id
45
- res.input_type = input_type
46
- res.path = path
47
- res.value = value
48
- res
49
- end
50
-
51
- # This methods checks if input is value that matches a key in the input.
52
- #
53
- # @param request [Contrast::Agent::Request] the current request context.
54
- # @param result [Contrast::Agent::Reporting::InputAnalysisResult] result to be updated.
55
- # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
56
- # @param value [String, Array<String>] the value of the input.
57
- #
58
- # @return result [Contrast::Agent::Reporting::InputAnalysisResult] updated with key result.
59
- def add_needed_key request, result, input_type, value
60
- case input_type
61
- when COOKIE_VALUE
62
- result.key = request.cookies.key(value)
63
- when PARAMETER_VALUE
64
- result.key = request.parameters.key(value)
65
- else
66
- result.key
67
- end
68
- end
69
- end
70
- end
71
- end
72
- end
73
- end
@@ -1,129 +0,0 @@
1
- require 'active_support/core_ext/module/aliasing'
2
- require 'protobuf/generators/file_generator'
3
-
4
- module Protobuf
5
- class CodeGenerator
6
-
7
- CodeGeneratorFatalError = Class.new(RuntimeError)
8
-
9
- def self.fatal(message)
10
- fail CodeGeneratorFatalError, message
11
- end
12
-
13
- def self.print_tag_warning_suppress
14
- STDERR.puts "Suppress tag warning output with PB_NO_TAG_WARNINGS=1."
15
- def self.print_tag_warning_suppress; end # rubocop:disable Lint/DuplicateMethods, Lint/NestedMethodDefinition
16
- end
17
-
18
- def self.warn(message)
19
- STDERR.puts("[WARN] #{message}")
20
- end
21
-
22
- private
23
-
24
- attr_accessor :request
25
-
26
- public
27
-
28
- def initialize(request_bytes)
29
- @request_bytes = request_bytes
30
- self.request = ::CSGoogle::Protobuf::Compiler::CodeGeneratorRequest.decode(request_bytes)
31
- end
32
-
33
- def eval_unknown_extensions!
34
- request.proto_file.each do |file_descriptor|
35
- ::Protobuf::Generators::FileGenerator.new(file_descriptor).eval_unknown_extensions!
36
- end
37
- self.request = ::CSGoogle::Protobuf::Compiler::CodeGeneratorRequest.decode(@request_bytes)
38
- end
39
-
40
- def generate_file(file_descriptor)
41
- ::Protobuf::Generators::FileGenerator.new(file_descriptor).generate_output_file
42
- end
43
-
44
- def response_bytes
45
- generated_files = request.proto_file.map do |file_descriptor|
46
- generate_file(file_descriptor)
47
- end
48
-
49
- ::CSGoogle::Protobuf::Compiler::CodeGeneratorResponse.encode(
50
- :file => generated_files,
51
- :supported_features => supported_features,
52
- )
53
- end
54
-
55
- def supported_features
56
- # The only available feature is proto3 with optional fields.
57
- # This is backwards compatible with proto2 optional fields.
58
- ::CSGoogle::Protobuf::Compiler::CodeGeneratorResponse::Feature::FEATURE_PROTO3_OPTIONAL.to_i
59
- end
60
-
61
- Protobuf::Field::BaseField.module_eval do
62
- def define_set_method!
63
- end
64
-
65
- def set_without_options(message_instance, bytes)
66
- return message_instance[name] = decode(bytes) unless repeated?
67
-
68
- if map?
69
- hash = message_instance[name]
70
- entry = decode(bytes)
71
- # decoded value could be nil for an
72
- # enum value that is not recognized
73
- hash[entry.key] = entry.value unless entry.value.nil?
74
- return hash[entry.key]
75
- end
76
-
77
- return message_instance[name] << decode(bytes) unless packed?
78
-
79
- array = message_instance[name]
80
- stream = StringIO.new(bytes)
81
-
82
- if wire_type == ::Protobuf::WireType::VARINT
83
- array << decode(Varint.decode(stream)) until stream.eof?
84
- elsif wire_type == ::Protobuf::WireType::FIXED64
85
- array << decode(stream.read(8)) until stream.eof?
86
- elsif wire_type == ::Protobuf::WireType::FIXED32
87
- array << decode(stream.read(4)) until stream.eof?
88
- end
89
- end
90
-
91
- # Sets a MessageField that is known to be an option.
92
- # We must allow fields to be set one at a time, as option syntax allows us to
93
- # set each field within the option using a separate "option" line.
94
- def set_with_options(message_instance, bytes)
95
- if message_instance[name].is_a?(::Protobuf::Message)
96
- gp = CSGoogle::Protobuf
97
- if message_instance.is_a?(gp::EnumOptions) || message_instance.is_a?(gp::EnumValueOptions) ||
98
- message_instance.is_a?(gp::FieldOptions) || message_instance.is_a?(gp::FileOptions) ||
99
- message_instance.is_a?(gp::MethodOptions) || message_instance.is_a?(gp::ServiceOptions) ||
100
- message_instance.is_a?(gp::MessageOptions)
101
-
102
- original_field = message_instance[name]
103
- decoded_field = decode(bytes)
104
- decoded_field.each_field do |subfield, subvalue|
105
- option_set(original_field, subfield, subvalue) { decoded_field.field?(subfield.tag) }
106
- end
107
- return
108
- end
109
- end
110
-
111
- set_without_options(message_instance, bytes)
112
- end
113
- alias_method :set, :set_with_options
114
-
115
- def option_set(message_field, subfield, subvalue)
116
- return unless yield
117
- if subfield.repeated?
118
- message_field[subfield.tag].concat(subvalue)
119
- elsif message_field[subfield.tag] && subvalue.is_a?(::Protobuf::Message)
120
- subvalue.each_field do |f, v|
121
- option_set(message_field[subfield.tag], f, v) { subvalue.field?(f.tag) }
122
- end
123
- else
124
- message_field[subfield.tag] = subvalue
125
- end
126
- end
127
- end
128
- end
129
- end
@@ -1,28 +0,0 @@
1
- module Protobuf
2
- class Decoder
3
-
4
- # Read bytes from +stream+ and pass to +message+ object.
5
- def self.decode_each_field(stream)
6
- until stream.eof?
7
- bits = Varint.decode(stream)
8
- wire_type = bits & 0x07
9
- tag = bits >> 3
10
-
11
- bytes = if wire_type == ::Protobuf::WireType::VARINT
12
- Varint.decode(stream)
13
- elsif wire_type == ::Protobuf::WireType::LENGTH_DELIMITED
14
- value_length = Varint.decode(stream)
15
- stream.read(value_length)
16
- elsif wire_type == ::Protobuf::WireType::FIXED64
17
- stream.read(8)
18
- elsif wire_type == ::Protobuf::WireType::FIXED32
19
- stream.read(4)
20
- else
21
- fail InvalidWireType, wire_type
22
- end
23
-
24
- yield(tag, bytes)
25
- end
26
- end
27
- end
28
- end
@@ -1,117 +0,0 @@
1
- require 'active_support/deprecation'
2
-
3
- module Protobuf
4
- if ::ActiveSupport::Deprecation.is_a?(Class)
5
- class DeprecationBase < ::ActiveSupport::Deprecation
6
- def deprecate_methods(*args)
7
- deprecation_options = { :deprecator => self }
8
-
9
- if args.last.is_a?(Hash)
10
- args.last.merge!(deprecation_options)
11
- else
12
- args.push(deprecation_options)
13
- end
14
-
15
- super
16
- end
17
-
18
- def deprecation_warning(deprecated_method_name, message = nil, caller_backtrace = nil)
19
- # This ensures ActiveSupport::Deprecation doesn't look for the caller, which is very costly.
20
- super(deprecated_method_name, message, caller_backtrace) unless ENV.key?('PB_IGNORE_DEPRECATIONS')
21
- end
22
- end
23
-
24
- class Deprecation < DeprecationBase
25
- def define_deprecated_methods(target_module, method_hash)
26
- target_module.module_eval do
27
- method_hash.each do |old_method, new_method|
28
- alias_method old_method, new_method
29
- end
30
- end
31
-
32
- deprecate_methods(target_module, method_hash)
33
- end
34
- end
35
-
36
- class FieldDeprecation < DeprecationBase
37
- # this is a convenience deprecator for deprecated proto fields
38
-
39
- def deprecate_method(target_module, method_name)
40
- deprecate_methods(target_module, method_name => target_module)
41
- end
42
-
43
- private
44
-
45
- def deprecated_method_warning(method_name, target_module)
46
- "#{target_module.name}##{method_name} field usage is deprecated"
47
- end
48
- end
49
- else
50
- # TODO: remove this clause when Rails < 4 support is no longer needed
51
- deprecator = ::ActiveSupport::Deprecation.clone
52
- deprecator.instance_eval do
53
- def new(deprecation_horizon = nil, *)
54
- self.deprecation_horizon = deprecation_horizon if deprecation_horizon
55
- self
56
- end
57
- end
58
- Deprecation = deprecator.clone
59
- FieldDeprecation = deprecator.clone
60
-
61
- Deprecation.instance_eval do
62
- def define_deprecated_methods(target_module, method_hash)
63
- target_module.module_eval do
64
- method_hash.each do |old_method, new_method|
65
- alias_method old_method, new_method
66
- end
67
- end
68
-
69
- deprecate_methods(target_module, method_hash)
70
- end
71
- end
72
-
73
- FieldDeprecation.instance_eval do
74
- def deprecate_method(target_module, method_name)
75
- deprecate_methods(target_module, method_name => target_module)
76
- end
77
-
78
- private
79
-
80
- def deprecated_method_warning(method_name, target_module)
81
- "#{target_module.name}##{method_name} field usage is deprecated"
82
- end
83
- end
84
- end
85
-
86
- def self.deprecator
87
- @deprecator ||= Deprecation.new('4.0', to_s).tap do |deprecation|
88
- deprecation.silenced = ENV.key?('PB_IGNORE_DEPRECATIONS')
89
- deprecation.behavior = :stderr
90
- end
91
- end
92
-
93
- def self.field_deprecator
94
- @field_deprecator ||= FieldDeprecation.new.tap do |deprecation|
95
- deprecation.silenced = ENV.key?('PB_IGNORE_DEPRECATIONS')
96
- deprecation.behavior = :stderr
97
- end
98
- end
99
-
100
- # Print Deprecation Warnings
101
- #
102
- # Default: true
103
- #
104
- # Simple boolean to define whether we want field deprecation warnings to
105
- # be printed to stderr or not. The rpc_server has an option to set this value
106
- # explicitly, or you can turn this option off by setting
107
- # ENV['PB_IGNORE_DEPRECATIONS'] to a non-empty value.
108
- #
109
- # The rpc_server option will override the ENV setting.
110
- def self.print_deprecation_warnings?
111
- !field_deprecator.silenced
112
- end
113
-
114
- def self.print_deprecation_warnings=(value)
115
- field_deprecator.silenced = !value
116
- end
117
- end
@@ -1,79 +0,0 @@
1
- # encoding: utf-8
2
-
3
- ##
4
- # This file is auto-generated. DO NOT EDIT!
5
- #
6
- require 'protobuf'
7
-
8
-
9
- ##
10
- # Imports
11
- #
12
- require 'google/protobuf/descriptor.pb'
13
-
14
- module CSGoogle
15
- module Protobuf
16
- module Compiler
17
- ::Protobuf::Optionable.inject(self) { ::CSGoogle::Protobuf::FileOptions }
18
-
19
- ##
20
- # Message Classes
21
- #
22
- class Version < ::Protobuf::Message; end
23
- class CodeGeneratorRequest < ::Protobuf::Message; end
24
- class CodeGeneratorResponse < ::Protobuf::Message
25
- class Feature < ::Protobuf::Enum
26
- define :FEATURE_NONE, 0
27
- define :FEATURE_PROTO3_OPTIONAL, 1
28
- end
29
-
30
- class File < ::Protobuf::Message; end
31
-
32
- end
33
-
34
-
35
-
36
- ##
37
- # File Options
38
- #
39
- set_option :java_package, "com.google.protobuf.compiler"
40
- set_option :java_outer_classname, "PluginProtos"
41
- set_option :go_package, "google.golang.org/protobuf/types/pluginpb"
42
-
43
-
44
- ##
45
- # Message Fields
46
- #
47
- class Version
48
- optional :int32, :major, 1
49
- optional :int32, :minor, 2
50
- optional :int32, :patch, 3
51
- optional :string, :suffix, 4
52
- end
53
-
54
- class CodeGeneratorRequest
55
- repeated :string, :file_to_generate, 1
56
- optional :string, :parameter, 2
57
- repeated ::CSGoogle::Protobuf::FileDescriptorProto, :proto_file, 15
58
- optional ::CSGoogle::Protobuf::Compiler::Version, :compiler_version, 3
59
- end
60
-
61
- class CodeGeneratorResponse
62
- class File
63
- optional :string, :name, 1
64
- optional :string, :insertion_point, 2
65
- optional :string, :content, 15
66
- optional ::CSGoogle::Protobuf::GeneratedCodeInfo, :generated_code_info, 16
67
- end
68
-
69
- optional :string, :error, 1
70
- optional :uint64, :supported_features, 2
71
- repeated ::CSGoogle::Protobuf::Compiler::CodeGeneratorResponse::File, :file, 15
72
- end
73
-
74
- end
75
-
76
- end
77
-
78
- end
79
-