contrast-agent 6.9.0 → 6.10.0

data/lib/contrast/agent/reporting/settings/virtual_patch_condition.rb

@@ -0,0 +1,47 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/object_share'
+require 'contrast/agent/reporting/settings/protect_rule'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Settings
+        # The settings for each virtual patch condition in the agent.
+        class VirtualPatchCondition
+          # @return [String]
+          attr_reader :name
+          # @return [String]
+          attr_reader :value
+          # @return [String]
+          attr_reader :input_type
+          # @return [String]
+          attr_reader :evaluation
+
+          def initialize hash
+            @name = hash[:name]
+            @value = hash[:value]
+            @input_type = hash[:input_type]
+            @evaluation = hash[:evaluation]
+          end
+
+          # @return [Array<Contrast::Agent::Reporting::Settings::VirtualPatchCondition>]
+          def headers
+            @_headers ||= []
+          end
+
+          # @return [Array<Contrast::Agent::Reporting::Settings::VirtualPatchCondition>]
+          def parameters
+            @_parameters ||= []
+          end
+
+          # @return [Array<Contrast::Agent::Reporting::Settings::VirtualPatchCondition>]
+          def urls
+            @_urls ||= []
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/request_context_extend.rb

@@ -50,6 +50,10 @@ module Contrast
         return false if @do_not_track
 
         if (ia = Contrast::Agent::Protect::InputAnalyzer.analyse(request))
+          # Handle prefilter
+          Contrast::Agent::Protect::InputAnalyzer.input_classification(ia, prefilter: true)
+          # Reflected xss infilter
+          Contrast::Agent::Protect::InputAnalyzer.input_classification_for('reflected-xss', ia)
           @agent_input_analysis = ia
         else
           logger.trace('Analysis from Agent was empty.')
@@ -60,6 +64,22 @@ module Contrast
         logger.warn('Unable to extract protect information from request', e)
       end
 
+      # Builds IA only for postfilter rules. If rules during infilter were not triggered there will be
+      # no IA for them later to use it in postfilter.
+      #
+      # @raise [Contrast::SecurityException]
+      def protect_postfilter_ia
+        return false unless ::Contrast::AGENT.enabled?
+        return false unless ::Contrast::PROTECT.enabled?
+
+        # Handle postfilter
+        Contrast::Agent::Protect::InputAnalyzer.input_classification(@agent_input_analysis, postfilter: true)
+      rescue Contrast::SecurityException => e
+        raise(e)
+      rescue StandardError => e
+        logger.warn('Unable to extract protect information from request - postfilter', e)
+      end
+
       # append anything we've learned to the request seen message this is the sum-total of all inventory information
       # that has been accumulated since the last request
       def extract_after rack_response

data/lib/contrast/agent/telemetry/base.rb

@@ -48,7 +48,8 @@ module Contrast
             @_client = Contrast::Utils::TelemetryClient.new
             ip_opt_out_telemetry = @_client.initialize_connection(URL)
             if ip_opt_out_telemetry.nil?
-              logger.warn("Connection was not established properly!!! \n Telemetry reporting will be disabled!")
+              logger.warn("[Telemetry] Connection was not established properly!!! \n
+                          Telemetry reporting will be disabled!")
               return false
             end
 
@@ -66,30 +67,30 @@ module Contrast
 
         def attempt_to_start?
           unless cs__class.enabled?
-            logger.warn('Telemetry service is disabled!')
+            logger.info('[Telemetry] Telemetry service is disabled!')
             return false
           end
 
-          logger.debug('Attempting to start telemetry thread') unless running?
+          logger.debug('[Telemetry] Attempting to start telemetry thread') unless running?
           true
         end
 
         def start_thread!
           return if running?
 
-          logger.debug('Starting background telemetry thread.')
+          logger.debug('[Telemetry] Starting background telemetry thread.')
           @_thread = create_thread
         end
 
         def send_event event
           if ::Contrast::AGENT.disabled?
-            logger.warn('Attempted to queue event with Agent disabled', caller: caller, event: event)
+            logger.warn('[Telemetry] Attempted to queue event with Agent disabled', caller: caller, event: event)
             return
           end
 
           return unless cs__class.enabled?
 
-          logger.debug('Enqueued event for sending', event_type: event.cs__class)
+          logger.debug('[Telemetry] Enqueued event for sending', event_type: event.cs__class)
           queue << event if event
         end
 
@@ -120,7 +121,7 @@ module Contrast
         # It is recommended that implementations send a single payload of general metrics every 3 hours, starting from
         # implementation startup. This returns a thread configured to do so.
         #
-        # @return [Contrast::Agent::Thread]
+        # @return [::Thread] Contrast::Agent::Thread
         def create_thread
           Contrast::Agent::Thread.new do
             loop do
@@ -132,16 +133,16 @@ module Contrast
               until queue.empty?
                 event = queue.pop
                 begin
-                  logger.debug('This is the current processed event', event)
+                  logger.debug('[Telemetry] This is the current processed event', event)
                   sleep_time = request_with_response(event)
                   if sleep_time
                     sleep(sleep_time)
-                    logger.debug('Retrying to process event', event)
+                    logger.debug('[Telemetry] Retrying to process event', event)
                     retry_sleep_time = request_with_response(event)
                     sleep(retry_sleep_time) unless retry_sleep_time.nil?
                   end
                 rescue StandardError => e
-                  logger.error('Could not send message to service from telemetry queue.', e)
+                  logger.error('[Telemetry] Could not send message to service from telemetry queue.', e)
                   stop!
                 end
               end

data/lib/contrast/agent/telemetry/events/exceptions/obfuscate.rb

@@ -7,111 +7,116 @@ module Contrast
       module TelemetryException
         # Here will be all known gems to obfuscate during the building of TelemetryExceptions
         module Obfuscate
+          # TODO: RUBY-1984 Re-enable/Remove Telemetry Obfuscation.
+          #
           # List of known gems to be third parties not containing any
           # user sensitive data.
-          KNOWN_GEMS = %w[
-            activesupport redis-activesupport redis builder dry-types rails rails-html-sanitizer rails-observers sinatra
-            benchmark-ips bundler climate_control execjs factory_bot debride fake_ftp fasterer flay openssl
-            parallel_tests contrast contrast-agent ruby pry-byebug byebug pry resolv ougai protobuf async nokogiri
-            benchmark grape-order grape-activerecord newrelic newrelic-grape grape-rails-cache grape-msgpack
-            grape-batch rspec rake rubocop grape-jbuilder rack-test rack-protection minitest grape-instrumentation
-            minitest-global_expectations rack-proxy rack-attack rack-ssl grape-cancan grape-attack grape-rake-tasks
-            grape-route-helpers benchmark-memory grape-rabl grape-kaminari grape-path-helpers grape-swagger-entity
-            grape-swagger-rails grape-roar newrelic-rake grapes-wagger-representative grape-forgery_protection
-            grape-papertrail grape-app grape-middleware-logger rack-protection rake-compile rhino rspec-benchmark
-            rspec_junit_formatter rspec-rails rake-performance rubocop-rails rubocop-rake rubocop-rspec
-            ruby-debug-ide simplecov sqlite steep tilt tzinfo-data warning xpath sinatra-activerecord sinatra-param
-            sinatra-partial sinatra-flash sinatra-reloader sinatra-sinatra rake_fly rack rack-accept grape grape-entity
-            sinatra-advanced-routes sinatra-warden grape_logging grape-swagger sinatra-namespace sinatra-resource
-            sinatra-hashfix sinatra-instrumentation sinatra-helpers redis-rack sinatra-support sinatra-assetpack
-            sinatra-router sinatra-cross_origin sinatra_more sinatra-jsonp faraday-rack zlib mustermann mustermann-grape
-            rspec-expectations rspec-core rspec-mocks rspec-sidekiq
-          ].cs__freeze
-          KNOWN_ERRORS = %w[
-            ActiveModel Error Errors Resolv Rspec ActiveRecord nil NilClass NoMemoryError ScriptError
-            LoadError NotImplementedError SyntaxError SecurityError SignalException Interrupt
-            StandardError ArgumentError UncaughtThrowError FiberError IOError EOFError IndexError KeyError
-            StopIteration LocalJumpError NameError NoMethodError RangeError FloatDomainError RegexpError
-            RuntimeError FrozenError SystemCallError ThreadError TypeError ZeroDivisionError SystemExit
-            SystemStackError fatal Warning buffer OpenSSL SSL SSLError Errno Timeout Exception EOFError
-            ECONNRESET ECONNREFUSED ETIMEDOUT EINVAL ESHUTDOWN EHOSTDOWN EHOSTUNREACH EISCONN
-            ECONNABORTED ENETRESET ENETUNREACH Net HTTPBadResponse HTTPHeaderSyntaxError ProtocolError
-            Faraday BadRequestError UnauthorizedError ForbiddenError ResourceNotFound ProxyAuthError
-            ConflictError UnprocessableEntityError ClientError
-          ].cs__freeze
-          CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'.cs__freeze
-          # This will generate different chars for each agent startup but will be constant
-          # for current run and will make identical obfuscation to be compared if given type
-          # is the same.
-          CYPHER = CHARS.chars.shuffle.join
-
-          class << self
-            # Returns paths for known gems.
-            #
-            # @return [Array<Regexp>] known paths
-            def known_gem_paths
-              @_known_gem_paths ||= KNOWN_GEMS.map do |gem_name|
-                to_regexp(File.join(
-                              'gems', gem_name.tr('-', ''), 'lib'))
-              end
-            end
-
-            # Returns known modules names.
-            #
-            # @return [Array<Regexp>] known modules
-            def known_modules
-              @_known_modules ||= KNOWN_ERRORS.map { |module_name| to_regexp(module_name) }
-            end
-
-            # Obfuscate a type and replace it with random characters.
-            #
-            # @param type [String] the StackFrame type to obfuscate
-            # @return [String] obfuscated type
-            def obfuscate_type type
-              return unless type
-
-              check = type.tr('[^0-9].-', '')
-              type = cypher(type) unless match_known(known_gem_paths, check)
-              type
-            end
-
-            # Obfuscate a type and replace it with random characters.
-            #
-            # @param exception_type [String] the exception type to obfuscate
-            # @return [String] obfuscated exception type
-            def obfuscate_exception_type exception_type
-              return unless exception_type
-
-              exceptions = exception_type.split('::').each do |exception|
-                cypher(exception) unless match_known(known_modules, exception)
-              end
-              exceptions.join('::')
-            end
-
-            private
-
-            # Transforms string to regexp
-            #
-            # @param string [String]
-            def to_regexp string
-              /#{ string }/
-            end
-
-            # Add cypher to path to make it obscure, but unique enough for
-            # comparisons. Mutates original or duplicate if frozen string.
-            #
-            # @param string [String] string to be transformed.
-            def cypher string
-              string = string.dup if string.cs__frozen?
-              string.to_s.tr!(CHARS, CYPHER)
-            end
-
-            # @param known [Array<Regexp>] Array of regexp to match againts
-            # @param type [String] type to check
-            def match_known known, type
-              known.any? { |regexp| type =~ regexp }
-            end
-          end
+          # KNOWN_GEMS = %w[
+          #   activesupport redis-activesupport redis builder dry-types rails rails-html-sanitizer rails-observers
+          #   sinatra
+          #   benchmark-ips bundler climate_control execjs factory_bot debride fake_ftp fasterer flay openssl
+          #   parallel_tests contrast contrast-agent ruby pry-byebug byebug pry resolv ougai protobuf async nokogiri
+          #   benchmark grape-order grape-activerecord newrelic newrelic-grape grape-rails-cache grape-msgpack
+          #   grape-batch rspec rake rubocop grape-jbuilder rack-test rack-protection minitest grape-instrumentation
+          #   minitest-global_expectations rack-proxy rack-attack rack-ssl grape-cancan grape-attack grape-rake-tasks
+          #   grape-route-helpers benchmark-memory grape-rabl grape-kaminari grape-path-helpers grape-swagger-entity
+          #   grape-swagger-rails grape-roar newrelic-rake grapes-wagger-representative grape-forgery_protection
+          #   grape-papertrail grape-app grape-middleware-logger rack-protection rake-compile rhino rspec-benchmark
+          #   rspec_junit_formatter rspec-rails rake-performance rubocop-rails rubocop-rake rubocop-rspec
+          #   ruby-debug-ide simplecov sqlite steep tilt tzinfo-data warning xpath sinatra-activerecord sinatra-param
+          #   sinatra-partial sinatra-flash sinatra-reloader sinatra-sinatra rake_fly rack rack-accept grape
+          #   grape-entity
+          #   sinatra-advanced-routes sinatra-warden grape_logging grape-swagger sinatra-namespace sinatra-resource
+          #   sinatra-hashfix sinatra-instrumentation sinatra-helpers redis-rack sinatra-support sinatra-assetpack
+          #   sinatra-router sinatra-cross_origin sinatra_more sinatra-jsonp faraday-rack zlib mustermann
+          #   mustermann-grape
+          #   rspec-expectations rspec-core rspec-mocks rspec-sidekiq
+          # ].cs__freeze
+          # KNOWN_ERRORS = %w[
+          #   ActiveModel Error Errors Resolv Rspec ActiveRecord nil NilClass NoMemoryError ScriptError
+          #   LoadError NotImplementedError SyntaxError SecurityError SignalException Interrupt
+          #   StandardError ArgumentError UncaughtThrowError FiberError IOError EOFError IndexError KeyError
+          #   StopIteration LocalJumpError NameError NoMethodError RangeError FloatDomainError RegexpError
+          #   RuntimeError FrozenError SystemCallError ThreadError TypeError ZeroDivisionError SystemExit
+          #   SystemStackError fatal Warning buffer OpenSSL SSL SSLError Errno Timeout Exception EOFError
+          #   ECONNRESET ECONNREFUSED ETIMEDOUT EINVAL ESHUTDOWN EHOSTDOWN EHOSTUNREACH EISCONN
+          #   ECONNABORTED ENETRESET ENETUNREACH Net HTTPBadResponse HTTPHeaderSyntaxError ProtocolError
+          #   Faraday BadRequestError UnauthorizedError ForbiddenError ResourceNotFound ProxyAuthError
+          #   ConflictError UnprocessableEntityError ClientError
+          # ].cs__freeze
+          # CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'.cs__freeze
+          # # This will generate different chars for each agent startup but will be constant
+          # # for current run and will make identical obfuscation to be compared if given type
+          # # is the same.
+          # CYPHER = CHARS.chars.shuffle.join
+          #
+          # class << self
+          #   # Returns paths for known gems.
+          #   #
+          #   # @return [Array<Regexp>] known paths
+          #   def known_gem_paths
+          #     @_known_gem_paths ||= KNOWN_GEMS.map do |gem_name|
+          #       to_regexp(File.join(
+          #                     'gems', gem_name.tr('-', ''), 'lib'))
+          #     end
+          #   end
+          #
+          #   # Returns known modules names.
+          #   #
+          #   # @return [Array<Regexp>] known modules
+          #   def known_modules
+          #     @_known_modules ||= KNOWN_ERRORS.map { |module_name| to_regexp(module_name) }
+          #   end
+          #
+          #   # Obfuscate a type and replace it with random characters.
+          #   #
+          #   # @param type [String] the StackFrame type to obfuscate
+          #   # @return [String] obfuscated type
+          #   def obfuscate_type type
+          #     return unless type
+          #
+          #     check = type.tr('[^0-9].-', '')
+          #     type = cypher(type) unless match_known(known_gem_paths, check)
+          #     type
+          #   end
+          #
+          #   # Obfuscate a type and replace it with random characters.
+          #   #
+          #   # @param exception_type [String] the exception type to obfuscate
+          #   # @return [String] obfuscated exception type
+          #   def obfuscate_exception_type exception_type
+          #     return unless exception_type
+          #
+          #     exceptions = exception_type.split('::').each do |exception|
+          #       cypher(exception) unless match_known(known_modules, exception)
+          #     end
+          #     exceptions.join('::')
+          #   end
+          #
+          #   private
+          #
+          #   # Transforms string to regexp
+          #   #
+          #   # @param string [String]
+          #   def to_regexp string
+          #     /#{ string }/
+          #   end
+          #
+          #   # Add cypher to path to make it obscure, but unique enough for
+          #   # comparisons. Mutates original or duplicate if frozen string.
+          #   #
+          #   # @param string [String] string to be transformed.
+          #   def cypher string
+          #     string = string.dup if string.cs__frozen?
+          #     string.to_s.tr!(CHARS, CYPHER)
+          #   end
+          #
+          #   # @param known [Array<Regexp>] Array of regexp to match against
+          #   # @param type [String] type to check
+          #   def match_known known, type
+          #     known.any? { |regexp| type =~ regexp }
+          #   end
+          # end
         end
       end
     end

data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb

@@ -51,7 +51,7 @@ module Contrast
           super
           @settings = []
           add_config_keys(::Contrast::CONFIG.config, 'root')
-          @settings << ENV.keys.select { |v| v.starts_with?('CONTRAST') }
+          @settings << ENV.keys.select { |v| v.start_with?('CONTRAST') }
           @settings.flatten
           add_tags
         end

data/lib/contrast/agent/thread_watcher.rb

@@ -3,8 +3,7 @@
 
 require 'contrast/components/logger'
 require 'contrast/agent/reporting/report'
-require 'contrast/agent/reporting/reporter_heartbeat'
-require 'contrast/agent/reporting/server_settings_worker'
+require 'contrast/agent/reporting/reporting_workers/reporting_workers'
 require 'contrast/agent/telemetry/base'
 require 'contrast/agent/protect/input_analyzer/worth_watching_analyzer'
 require 'contrast/config/diagnostics'
@@ -19,19 +18,22 @@ module Contrast
       attr_reader :heapdump_util
       # @return [Contrast::Agent::Reporter]
       attr_reader :reporter
-      # @return [Contrast::Agent::ReporterHeartbeat]
+      # @return [Contrast::Agent::ReportingWorkers::ReporterHeartbeat]
       attr_reader :reporter_heartbeat
       # @return [Contrast::Agent::Protect::WorthWatchingInputAnalyzer]
       attr_reader :worth_watching_analyzer
-      # @return [Contrast::Agent::ServerSettingsWorker]
+      # @return [Contrast::Agent::ReportingWorkers::ServerSettingsWorker]
       attr_reader :reporter_settings_worker
+      # @return [Contrast::Agent::ReportingWorkers::ApplicationServerWorker]
+      attr_reader :reporter_app_settings_worker
 
       def initialize
         @pids = {}
         @heapdump_util = Contrast::Utils::HeapDumpUtil.new
         @reporter = Contrast::Agent::Reporter.new
-        @reporter_heartbeat = Contrast::Agent::ReporterHeartbeat.new
-        @reporter_settings_worker = Contrast::Agent::ServerSettingsWorker.new
+        @reporter_heartbeat = Contrast::Agent::ReportingWorkers::ReporterHeartbeat.new
+        @reporter_settings_worker = Contrast::Agent::ReportingWorkers::ServerSettingsWorker.new
+        @reporter_app_settings_worker = Contrast::Agent::ReportingWorkers::ApplicationServerWorker.new
         @telemetry = Contrast::Agent::Telemetry::Base.new if Contrast::Agent::Telemetry::Base.enabled?
         @worth_watching_analyzer = Contrast::Agent::Protect::WorthWatchingInputAnalyzer.new unless protect_disabled?
       end
@@ -41,10 +43,8 @@ module Contrast
         return unless ::Contrast::AGENT.enabled?
 
         logger.debug('ThreadWatcher started threads')
-        reporter_status = init_thread(reporter)
-        reporter_heartbeat_status = init_thread(reporter_heartbeat)
-        reporter_settings_worker_status = init_thread(reporter_settings_worker)
-        @pids[Process.pid] = reporter_status && reporter_heartbeat_status && reporter_settings_worker_status
+
+        @pids[Process.pid] = reporter_threads
         if Contrast::Agent::Telemetry::Base.enabled?
           telemetry_status = init_thread(telemetry_queue)
           @pids[Process.pid] = @pids[Process.pid] && telemetry_status
@@ -56,6 +56,11 @@ module Contrast
         @pids
       end
 
+      def reporter_threads
+        init_thread(reporter) && init_thread(reporter_heartbeat) &&
+            init_thread(reporter_settings_worker) && init_thread(reporter_app_settings_worker)
+      end
+
       def ensure_running?
         return if @pids[Process.pid] == true
 
@@ -84,6 +89,7 @@ module Contrast
         reporter_heartbeat&.stop!
         worth_watching_analyzer&.stop!
         reporter_settings_worker&.stop!
+        reporter_app_settings_worker&.stop!
       end
 
       # @return [Contrast::Agent::Telemetry::Base]

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '6.9.0'
+    VERSION = '6.10.0'
   end
 end

data/lib/contrast/agent.rb

@@ -55,6 +55,7 @@ module Contrast
 
     # @return [Contrast::Framework::Manager]
     def self.framework_manager
+      reinitialize_with_log
       @_framework_manager ||= Contrast::Framework::Manager.new
     end
 
@@ -82,6 +83,17 @@ module Contrast
     def self.thread_watcher
       @_thread_watcher ||= Contrast::Agent::ThreadWatcher.new
     end
+
+    # Apparently by some unknown reason - if we have already some instance for the AgentLib - we can set the
+    # logger with options. That's why in rspec it started passing - because when we set the const in
+    # protect_spec_helper in the with AgentLib context - we've already set the AGENT_LIB constant.
+    #
+    # So that leads to this methods logic here, which somehow works
+    def self.reinitialize_with_log
+      return if Contrast::AGENT_LIB.enable_log
+
+      Contrast.cs__const_set(:AGENT_LIB, Contrast::AgentLib::Interface.new(true, 2, nil))
+    end
   end
 end
 

data/lib/contrast/agent_lib/api/init.rb

@@ -30,7 +30,6 @@ module Contrast
       # @return [Integer] Return type of the function.
       attach_function :init, [], :int
 
-      # TODO: RUBY-1693
       #  Initialize agent lib without any optional settings. To set optional settings consider using
       # `init_with_options` instead If you want to enable logging, it must be set using environment variables
       # `CONTRAST_AGENTLIB_LOG_LEVEL` - set to log level.  Must of one of ERROR, WARN, INFO, DEBUG or TRACE
@@ -45,7 +44,6 @@ module Contrast
       # @return [Integer] Return type of the function.
       attach_function :init_with_options, %i[bool string string], :int
 
-      # TODO: RUBY-1693
       # Change log settings for agent lib after it's been initialized.  This api must be used after init
       #
       # Safety
@@ -55,7 +53,6 @@ module Contrast
       # if logging is enabled
       attach_function :change_log_settings, %i[bool string], :int
 
-      # TODO: RUBY-1693
       # Initialize AgentLib with options.
       # If init returns 0 = successful setup with options
       # if init returns 1 = unsuccessful setup with options
@@ -83,16 +80,13 @@ module Contrast
         init.zero?
       end
 
-      # TODO: RUBY-1693
       # Change the log settings. This api must be called after the dl__init_with_options.
       #
       # @param enable_log [Boolean] flag to enable or disable logging this sets the inner flag.
       # @param log_level [String] OFF, ERROR, WARN, INFO, DEBUG or TRACE.
       # @return [Boolean] true if initialized false if not.
       def dl__change_log_settings enable_log, log_level
-        # transform to C strings pointers here and pass to function.
-        log_dir_pointer = FFI::MemoryPointer.from_string(log_level.dup.force_encoding('UTF-8'))
-        return true if change_log_settings(enable_log, log_dir_pointer).zero?
+        return true if change_log_settings(enable_log, log_level).zero?
 
         false
       end

data/lib/contrast/agent_lib/api/input_tracing.rb

@@ -53,12 +53,10 @@ module Contrast
       ffi_lib ContrastAgentLib::CONTRAST_C
       ffi_convention :stdcall
 
-      DbType = enum(:DB2, :MySQL, :Oracle, :Postgres, :Sqlite, :SqlServer, :Unknown)
-
       # Returns 0 if evaluation was successful, -1 if there was an unexpected error.
       attach_function :check_cmd_injection_query, %i[int int string pointer], :int
       # Return 0 if evaluation was successful, -1 iif there was an unexpected error.
-      attach_function :check_sql_injection_query, [:int, :int, DbType, :string, :pointer], :int
+      attach_function :check_sql_injection_query, %i[int int int string pointer], :int
       # Free function for all input tracing results pass to check functions.
       attach_function :free_check_query_sink_result, [:pointer], :int
       # Evaluate header input:
@@ -126,7 +124,7 @@ module Contrast
       # @return [Hash, nil] Returns 0 if evaluation was successful, -1 if there was an unexpected error.
       def dl__check_sql_injection_query input_index, input_length, db_type, sql_query
         db_type = :Sqlite if db_type.to_s.casecmp('sqlite3').zero?
-        dbtype = DbType[db_type]
+        dbtype = Contrast::AGENT_LIB.db_set[db_type.to_s.upcase.to_sym]
         pointer = FFI::MemoryPointer.new(:pointer)
         check = check_sql_injection_query(input_index, input_length, dbtype, sql_query, pointer)
 

data/lib/contrast/agent_lib/interface.rb

@@ -5,7 +5,6 @@ require 'contrast/agent_lib/api/init'
 require 'contrast/agent_lib/api/command_injection'
 require 'contrast/agent_lib/api/input_tracing'
 require 'contrast/agent_lib/api/panic'
-require 'contrast/agent_lib/api/method_tempering'
 require 'contrast/agent_lib/api/path_semantic_file_security_bypass'
 require 'contrast/components/logger'
 require 'contrast/utils/object_share'
@@ -24,8 +23,6 @@ module Contrast
       include Contrast::AgentLib::Panic
       include Contrast::AgentLib::InputTracing
       include Contrast::AgentLib::CommandInjection
-      # TODO: RUBY-1632
-      # include Contrast::AgentLib::MethodTempering
       include Contrast::AgentLib::PathSemanticFileSecurityBypass
       include Contrast::Components::Logger::InstanceMethods
 
@@ -113,7 +110,7 @@ module Contrast
       # @param level [Integer, nil] one of:
       # [-1...4]
       def log_level= level = nil
-        set_level = level.nil? ? 3 : level
+        set_level = level.nil? ? 4 : level
         update_log_level(set_level)
       end
 
@@ -243,18 +240,6 @@ module Contrast
 
         with_mutex { dl__does_file_bypass_security(file_path, is_custom_code) }
       end
-
-      # TODO: RUBY-1632 Test after integration and if method-tempering is covered
-      # # Check to see if method is being tempered or not.
-      # # Used with Protect method-tampering rule.
-      # #
-      # # @param method [String] method to check
-      # # @return [Boolean]
-      # def method_tempered? method
-      #   return false unless method
-      #
-      #   with_mutex { dl__method_tempered?(method) }
-      # end
     end
   end
 end