contrast-agent 6.9.0 → 6.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -1
- data/lib/contrast/agent/assess/rule/response/body_rule.rb +1 -1
- data/lib/contrast/agent/middleware.rb +4 -2
- data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +76 -83
- data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb +40 -35
- data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +2 -0
- data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +6 -3
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +3 -0
- data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +3 -0
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +12 -0
- data/lib/contrast/agent/protect/rule/base.rb +19 -5
- data/lib/contrast/agent/protect/rule/base_service.rb +6 -0
- data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb +1 -1
- data/lib/contrast/agent/protect/rule/bot_blocker.rb +8 -0
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb +8 -0
- data/lib/contrast/agent/protect/rule/deserialization.rb +2 -2
- data/lib/contrast/agent/protect/rule/no_sqli.rb +24 -2
- data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_input_classification.rb +1 -1
- data/lib/contrast/agent/protect/rule/path_traversal.rb +8 -0
- data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +0 -1
- data/lib/contrast/agent/protect/rule/sqli.rb +6 -10
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +6 -2
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +20 -0
- data/lib/contrast/agent/protect/rule/xss/reflected_xss_input_classification.rb +1 -1
- data/lib/contrast/agent/protect/rule/xss.rb +8 -0
- data/lib/contrast/agent/protect/rule/xxe.rb +2 -2
- data/lib/contrast/agent/protect/rule.rb +0 -3
- data/lib/contrast/agent/reporting/attack_result/user_input.rb +0 -1
- data/lib/contrast/agent/reporting/details/details.rb +0 -1
- data/lib/contrast/agent/reporting/input_analysis/input_analysis.rb +12 -0
- data/lib/contrast/agent/reporting/report.rb +1 -0
- data/lib/contrast/agent/reporting/reporter.rb +11 -10
- data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +4 -5
- data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +13 -1
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +20 -5
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +5 -0
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +10 -1
- data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +2 -1
- data/lib/contrast/agent/reporting/reporting_events/application_reporting_event.rb +10 -0
- data/lib/contrast/agent/reporting/reporting_events/application_settings.rb +40 -0
- data/lib/contrast/agent/reporting/reporting_utilities/ng_response_extractor.rb +137 -0
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +12 -4
- data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +100 -107
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +5 -4
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +97 -63
- data/lib/contrast/agent/reporting/reporting_workers/application_server_worker.rb +46 -0
- data/lib/contrast/agent/reporting/reporting_workers/reporter_heartbeat.rb +51 -0
- data/lib/contrast/agent/reporting/reporting_workers/reporting_workers.rb +14 -0
- data/lib/contrast/agent/reporting/reporting_workers/server_settings_worker.rb +46 -0
- data/lib/contrast/agent/reporting/settings/assess.rb +14 -1
- data/lib/contrast/agent/reporting/settings/assess_rule.rb +18 -0
- data/lib/contrast/agent/reporting/settings/helpers.rb +4 -2
- data/lib/contrast/agent/reporting/settings/protect.rb +17 -12
- data/lib/contrast/agent/reporting/settings/protect_rule.rb +18 -0
- data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +1 -1
- data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +1 -1
- data/lib/contrast/agent/reporting/settings/virtual_patch.rb +56 -0
- data/lib/contrast/agent/reporting/settings/virtual_patch_condition.rb +47 -0
- data/lib/contrast/agent/request_context_extend.rb +20 -0
- data/lib/contrast/agent/telemetry/base.rb +11 -10
- data/lib/contrast/agent/telemetry/events/exceptions/obfuscate.rb +108 -103
- data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb +1 -1
- data/lib/contrast/agent/thread_watcher.rb +16 -10
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent.rb +12 -0
- data/lib/contrast/agent_lib/api/init.rb +1 -7
- data/lib/contrast/agent_lib/api/input_tracing.rb +2 -4
- data/lib/contrast/agent_lib/interface.rb +1 -16
- data/lib/contrast/agent_lib/interface_base.rb +52 -39
- data/lib/contrast/agent_lib/return_types/eval_result.rb +2 -2
- data/lib/contrast/components/assess.rb +26 -4
- data/lib/contrast/components/polling.rb +4 -1
- data/lib/contrast/components/settings.rb +46 -3
- data/lib/contrast/config/config.rb +2 -2
- data/lib/contrast/config/protect_rule_configuration.rb +1 -1
- data/lib/contrast/config/protect_rules_configuration.rb +1 -1
- data/lib/contrast/extension/assess/array.rb +3 -3
- data/lib/contrast/extension/assess/regexp.rb +2 -2
- data/lib/contrast/logger/aliased_logging.rb +48 -15
- data/lib/contrast/utils/input_classification_base.rb +21 -4
- data/lib/contrast/utils/routes_sent.rb +2 -2
- data/lib/contrast/utils/telemetry.rb +1 -1
- data/lib/contrast/utils/telemetry_client.rb +1 -1
- data/resources/protect/policy.json +8 -0
- data/ruby-agent.gemspec +1 -1
- metadata +28 -18
- data/lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb +0 -96
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +0 -83
- data/lib/contrast/agent/reporting/details/http_method_tempering_details.rb +0 -27
- data/lib/contrast/agent/reporting/reporter_heartbeat.rb +0 -47
- data/lib/contrast/agent/reporting/server_settings_worker.rb +0 -44
- data/lib/contrast/agent_lib/api/method_tempering.rb +0 -29
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: contrast-agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.10.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- galen.palmer@contrastsecurity.com
|
@@ -13,7 +13,7 @@ authors:
|
|
13
13
|
autorequire:
|
14
14
|
bindir: exe
|
15
15
|
cert_chain: []
|
16
|
-
date: 2022-
|
16
|
+
date: 2022-11-02 00:00:00.000000000 Z
|
17
17
|
dependencies:
|
18
18
|
- !ruby/object:Gem::Dependency
|
19
19
|
name: bundler
|
@@ -650,6 +650,9 @@ dependencies:
|
|
650
650
|
- - "~>"
|
651
651
|
- !ruby/object:Gem::Version
|
652
652
|
version: 0.1.0
|
653
|
+
- - ">="
|
654
|
+
- !ruby/object:Gem::Version
|
655
|
+
version: 0.1.3
|
653
656
|
type: :runtime
|
654
657
|
prerelease: false
|
655
658
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -657,6 +660,9 @@ dependencies:
|
|
657
660
|
- - "~>"
|
658
661
|
- !ruby/object:Gem::Version
|
659
662
|
version: 0.1.0
|
663
|
+
- - ">="
|
664
|
+
- !ruby/object:Gem::Version
|
665
|
+
version: 0.1.3
|
660
666
|
- !ruby/object:Gem::Dependency
|
661
667
|
name: ffi
|
662
668
|
requirement: !ruby/object:Gem::Requirement
|
@@ -678,22 +684,22 @@ email:
|
|
678
684
|
executables: []
|
679
685
|
extensions:
|
680
686
|
- ext/cs__common/extconf.rb
|
687
|
+
- ext/cs__assess_yield_track/extconf.rb
|
688
|
+
- ext/cs__assess_kernel/extconf.rb
|
681
689
|
- ext/cs__assess_module/extconf.rb
|
690
|
+
- ext/cs__assess_test/extconf.rb
|
691
|
+
- ext/cs__assess_string/extconf.rb
|
692
|
+
- ext/cs__tests/extconf.rb
|
682
693
|
- ext/cs__assess_marshal_module/extconf.rb
|
683
|
-
- ext/cs__assess_array/extconf.rb
|
684
|
-
- ext/cs__os_information/extconf.rb
|
685
|
-
- ext/cs__assess_string_interpolation/extconf.rb
|
686
694
|
- ext/cs__assess_regexp/extconf.rb
|
687
|
-
- ext/
|
688
|
-
- ext/cs__assess_hash/extconf.rb
|
689
|
-
- ext/cs__assess_yield_track/extconf.rb
|
695
|
+
- ext/cs__assess_string_interpolation/extconf.rb
|
690
696
|
- ext/cs__contrast_patch/extconf.rb
|
691
|
-
- ext/
|
692
|
-
- ext/
|
697
|
+
- ext/cs__assess_basic_object/extconf.rb
|
698
|
+
- ext/cs__os_information/extconf.rb
|
699
|
+
- ext/cs__assess_hash/extconf.rb
|
693
700
|
- ext/cs__scope/extconf.rb
|
701
|
+
- ext/cs__assess_array/extconf.rb
|
694
702
|
- ext/cs__assess_fiber_track/extconf.rb
|
695
|
-
- ext/cs__tests/extconf.rb
|
696
|
-
- ext/cs__assess_basic_object/extconf.rb
|
697
703
|
extra_rdoc_files: []
|
698
704
|
files:
|
699
705
|
- ".clang-format"
|
@@ -1017,8 +1023,6 @@ files:
|
|
1017
1023
|
- lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb
|
1018
1024
|
- lib/contrast/agent/protect/rule/default_scanner.rb
|
1019
1025
|
- lib/contrast/agent/protect/rule/deserialization.rb
|
1020
|
-
- lib/contrast/agent/protect/rule/http_method_tampering.rb
|
1021
|
-
- lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb
|
1022
1026
|
- lib/contrast/agent/protect/rule/no_sqli.rb
|
1023
1027
|
- lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb
|
1024
1028
|
- lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb
|
@@ -1047,7 +1051,6 @@ files:
|
|
1047
1051
|
- lib/contrast/agent/reporting/details/bot_blocker_details.rb
|
1048
1052
|
- lib/contrast/agent/reporting/details/cmd_injection_details.rb
|
1049
1053
|
- lib/contrast/agent/reporting/details/details.rb
|
1050
|
-
- lib/contrast/agent/reporting/details/http_method_tempering_details.rb
|
1051
1054
|
- lib/contrast/agent/reporting/details/ip_denylist_details.rb
|
1052
1055
|
- lib/contrast/agent/reporting/details/no_sqli_details.rb
|
1053
1056
|
- lib/contrast/agent/reporting/details/path_traversal_details.rb
|
@@ -1072,7 +1075,6 @@ files:
|
|
1072
1075
|
- lib/contrast/agent/reporting/masker/masker_utils.rb
|
1073
1076
|
- lib/contrast/agent/reporting/report.rb
|
1074
1077
|
- lib/contrast/agent/reporting/reporter.rb
|
1075
|
-
- lib/contrast/agent/reporting/reporter_heartbeat.rb
|
1076
1078
|
- lib/contrast/agent/reporting/reporting_events/agent_startup.rb
|
1077
1079
|
- lib/contrast/agent/reporting/reporting_events/application_activity.rb
|
1078
1080
|
- lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb
|
@@ -1084,6 +1086,7 @@ files:
|
|
1084
1086
|
- lib/contrast/agent/reporting/reporting_events/application_inventory.rb
|
1085
1087
|
- lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb
|
1086
1088
|
- lib/contrast/agent/reporting/reporting_events/application_reporting_event.rb
|
1089
|
+
- lib/contrast/agent/reporting/reporting_events/application_settings.rb
|
1087
1090
|
- lib/contrast/agent/reporting/reporting_events/application_startup.rb
|
1088
1091
|
- lib/contrast/agent/reporting/reporting_events/application_startup_instrumentation.rb
|
1089
1092
|
- lib/contrast/agent/reporting/reporting_events/application_update.rb
|
@@ -1117,6 +1120,7 @@ files:
|
|
1117
1120
|
- lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb
|
1118
1121
|
- lib/contrast/agent/reporting/reporting_utilities/endpoints.rb
|
1119
1122
|
- lib/contrast/agent/reporting/reporting_utilities/headers.rb
|
1123
|
+
- lib/contrast/agent/reporting/reporting_utilities/ng_response_extractor.rb
|
1120
1124
|
- lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb
|
1121
1125
|
- lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb
|
1122
1126
|
- lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb
|
@@ -1125,9 +1129,13 @@ files:
|
|
1125
1129
|
- lib/contrast/agent/reporting/reporting_utilities/response_handler.rb
|
1126
1130
|
- lib/contrast/agent/reporting/reporting_utilities/response_handler_mode.rb
|
1127
1131
|
- lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb
|
1128
|
-
- lib/contrast/agent/reporting/
|
1132
|
+
- lib/contrast/agent/reporting/reporting_workers/application_server_worker.rb
|
1133
|
+
- lib/contrast/agent/reporting/reporting_workers/reporter_heartbeat.rb
|
1134
|
+
- lib/contrast/agent/reporting/reporting_workers/reporting_workers.rb
|
1135
|
+
- lib/contrast/agent/reporting/reporting_workers/server_settings_worker.rb
|
1129
1136
|
- lib/contrast/agent/reporting/settings/application_settings.rb
|
1130
1137
|
- lib/contrast/agent/reporting/settings/assess.rb
|
1138
|
+
- lib/contrast/agent/reporting/settings/assess_rule.rb
|
1131
1139
|
- lib/contrast/agent/reporting/settings/assess_server_feature.rb
|
1132
1140
|
- lib/contrast/agent/reporting/settings/bot_blocker.rb
|
1133
1141
|
- lib/contrast/agent/reporting/settings/code_exclusion.rb
|
@@ -1139,6 +1147,7 @@ files:
|
|
1139
1147
|
- lib/contrast/agent/reporting/settings/keyword.rb
|
1140
1148
|
- lib/contrast/agent/reporting/settings/log_enhancer.rb
|
1141
1149
|
- lib/contrast/agent/reporting/settings/protect.rb
|
1150
|
+
- lib/contrast/agent/reporting/settings/protect_rule.rb
|
1142
1151
|
- lib/contrast/agent/reporting/settings/protect_server_feature.rb
|
1143
1152
|
- lib/contrast/agent/reporting/settings/reaction.rb
|
1144
1153
|
- lib/contrast/agent/reporting/settings/rule_definition.rb
|
@@ -1151,6 +1160,8 @@ files:
|
|
1151
1160
|
- lib/contrast/agent/reporting/settings/syslog.rb
|
1152
1161
|
- lib/contrast/agent/reporting/settings/url_exclusion.rb
|
1153
1162
|
- lib/contrast/agent/reporting/settings/validator.rb
|
1163
|
+
- lib/contrast/agent/reporting/settings/virtual_patch.rb
|
1164
|
+
- lib/contrast/agent/reporting/settings/virtual_patch_condition.rb
|
1154
1165
|
- lib/contrast/agent/request.rb
|
1155
1166
|
- lib/contrast/agent/request_context.rb
|
1156
1167
|
- lib/contrast/agent/request_context_extend.rb
|
@@ -1178,7 +1189,6 @@ files:
|
|
1178
1189
|
- lib/contrast/agent_lib/api/command_injection.rb
|
1179
1190
|
- lib/contrast/agent_lib/api/init.rb
|
1180
1191
|
- lib/contrast/agent_lib/api/input_tracing.rb
|
1181
|
-
- lib/contrast/agent_lib/api/method_tempering.rb
|
1182
1192
|
- lib/contrast/agent_lib/api/panic.rb
|
1183
1193
|
- lib/contrast/agent_lib/api/path_semantic_file_security_bypass.rb
|
1184
1194
|
- lib/contrast/agent_lib/interface.rb
|
@@ -1,96 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/utils/object_share'
|
5
|
-
require 'contrast/agent/protect/input_analyzer/input_analyzer'
|
6
|
-
require 'contrast/agent/reporting/attack_result/attack_result'
|
7
|
-
require 'contrast/agent/reporting/attack_result/rasp_rule_sample'
|
8
|
-
require 'contrast/utils/input_classification_base'
|
9
|
-
|
10
|
-
module Contrast
|
11
|
-
module Agent
|
12
|
-
module Protect
|
13
|
-
module Rule
|
14
|
-
# This module will do the Input Classification stage of HttpMethodTampering rule
|
15
|
-
# as a result input would be marked as DEFINETEATTACK or IGNORE,
|
16
|
-
# to be analyzed at the sink level.
|
17
|
-
module HttpMethodTamperingInputClassification
|
18
|
-
# class << self
|
19
|
-
# include InputClassificationBase
|
20
|
-
#
|
21
|
-
# # This method will determine actually if the user input is DEFINITEATTACK or IGNORE
|
22
|
-
# #
|
23
|
-
# # @param input_type [Contrast::Agent::Reporting::InputType] the type of the user input
|
24
|
-
# # @param input_analysis [Contrast::Agent::Reporting::InputAnalysis] Holds all the results from the input
|
25
|
-
# # analysis from the current request.
|
26
|
-
# def classify input_type, input_analysis
|
27
|
-
# return unless input_analysis.request
|
28
|
-
# return unless input_type == METHOD
|
29
|
-
#
|
30
|
-
# rule_id = Contrast::Agent::Protect::Rule::HttpMethodTampering::NAME
|
31
|
-
#
|
32
|
-
# ia_result = method_tampering_new_input_analysis(input_analysis.request, rule_id, input_type)
|
33
|
-
# input_analysis.results << ia_result
|
34
|
-
#
|
35
|
-
# return input_analysis if ia_result.score_level == IGNORE
|
36
|
-
#
|
37
|
-
# attack_result = build_attack_result ia_result, rule_id
|
38
|
-
#
|
39
|
-
# if :BLOCK != Contrast::PROTECT.rule_mode(rule_id)
|
40
|
-
# attack_result.response = :EXPLOITED
|
41
|
-
# Contrast::Agent::EXPLOITS.push attack_result
|
42
|
-
# return input_analysis
|
43
|
-
# end
|
44
|
-
#
|
45
|
-
# attack_result.response = :BLOCKED
|
46
|
-
# context.activity.results << attack_result
|
47
|
-
# raise Contrast::SecurityException.new(self,
|
48
|
-
# 'HTTP Method Tampering rule triggered. '\
|
49
|
-
# "Call to #{ input_analysis.request.path } with " \
|
50
|
-
# "#{ input_analysis.request.request_method } blocked.")
|
51
|
-
# end
|
52
|
-
#
|
53
|
-
# private
|
54
|
-
#
|
55
|
-
# # @param request [Contrast::Agent::Request] the current request context.
|
56
|
-
# def method_tampering_exploited? request
|
57
|
-
# !Contrast::Agent::Protect::Rule::HttpMethodTampering::APPLICABLE_METHODS_INPUTS.include?(request.request_method) # rubocop:disable Layout/LineLength
|
58
|
-
# end
|
59
|
-
#
|
60
|
-
# # This methods checks if input is tagged DEFINITEATTACK or IGNORE matches value with it's
|
61
|
-
# # key if needed and Creates new instance of InputAnalysisResult.
|
62
|
-
# #
|
63
|
-
# # @param request [Contrast::Agent::Request] the current request context.
|
64
|
-
# # @param rule_id [String] The name of the Protect Rule.
|
65
|
-
# # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
|
66
|
-
# #
|
67
|
-
# # @return res [Contrast::Agent::Reporting::InputAnalysisResult]
|
68
|
-
# def method_tampering_new_input_analysis request, rule_id, input_type
|
69
|
-
# ia_result = new_ia_result rule_id, input_type, request.path
|
70
|
-
# if method_tampering_exploited? request
|
71
|
-
# ia_result.score_level = DEFINITEATTACK
|
72
|
-
# ia_result.ids << rule_id
|
73
|
-
# else
|
74
|
-
# ia_result.score_level = IGNORE
|
75
|
-
# end
|
76
|
-
#
|
77
|
-
# ia_result
|
78
|
-
# end
|
79
|
-
#
|
80
|
-
# def build_attack_result ia_result, rule_id
|
81
|
-
# rasp_rule_sample = Contrast::Agent::Reporting::RaspRuleSample.new.build context, ia_result
|
82
|
-
# result = Contrast::Agent::Reporting::AttackResult.new
|
83
|
-
# result.rule_id = rule_id
|
84
|
-
# result.samples << rasp_rule_sample
|
85
|
-
# result
|
86
|
-
# end
|
87
|
-
#
|
88
|
-
# def context
|
89
|
-
# Contrast::Agent::REQUEST_TRACKER.current
|
90
|
-
# end
|
91
|
-
# end
|
92
|
-
end
|
93
|
-
end
|
94
|
-
end
|
95
|
-
end
|
96
|
-
end
|
@@ -1,83 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/agent/protect/rule/base_service'
|
5
|
-
|
6
|
-
module Contrast
|
7
|
-
module Agent
|
8
|
-
module Protect
|
9
|
-
module Rule
|
10
|
-
# The Ruby implementation of the Protect HTTP Method Tampering rule.
|
11
|
-
class HttpMethodTampering < Contrast::Agent::Protect::Rule::BaseService
|
12
|
-
NAME = 'method-tampering'
|
13
|
-
# STANDARD_METHODS = %w[GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH].cs__freeze
|
14
|
-
#
|
15
|
-
# APPLICABLE_METHODS_INPUTS = %w[
|
16
|
-
# ACL BASELINE-CONTROL CHECKIN CHECKOUT CONNECT COPY
|
17
|
-
# DELETE GET HEAD LABEL LOCK MERGE MKACTIVITY MKCALENDAR
|
18
|
-
# MKCOL MKWORKSPACE MOVE OPTIONS ORDERPATCH PATCH POST
|
19
|
-
# PROPFIND PROPPATCH PUT REPORT SEARCH TRACE UNCHECKOUT
|
20
|
-
# UNLOCK UPDATE VERSION-CONTROL
|
21
|
-
# ].cs__freeze
|
22
|
-
|
23
|
-
def rule_name
|
24
|
-
NAME
|
25
|
-
end
|
26
|
-
|
27
|
-
# This rule is solely based on input analysis, which the Service handles. When we move from the Service to the
|
28
|
-
# agent with protect library, we should re-enable these tests and that rule.
|
29
|
-
# TODO: RUBY-1574
|
30
|
-
# def enabled?
|
31
|
-
# super && false
|
32
|
-
# end
|
33
|
-
#
|
34
|
-
# def postfilter context
|
35
|
-
# return unless enabled? && POSTFILTER_MODES.include?(mode)
|
36
|
-
# return if normal_request?(context)
|
37
|
-
#
|
38
|
-
# # The only way to be here in postfilter with a result is if the rule mode was MONITOR
|
39
|
-
# ia_results = gather_ia_results(context)
|
40
|
-
# return if ia_results.empty?
|
41
|
-
#
|
42
|
-
# # does the status code start with 4 or 5? Rails responds with 404 (but java is checking 501)
|
43
|
-
# response_code = context&.response&.response_code
|
44
|
-
# return unless response_code
|
45
|
-
#
|
46
|
-
# method = ia_results.first.value
|
47
|
-
# result = if response_code.to_s.start_with?('4', '5')
|
48
|
-
# build_attack_without_match(context, nil, nil, method: method, response_code: response_code)
|
49
|
-
# else
|
50
|
-
# build_attack_with_match(context, nil, nil, nil, method: method, response_code: response_code)
|
51
|
-
# end
|
52
|
-
#
|
53
|
-
# return unless result
|
54
|
-
#
|
55
|
-
# append_to_activity(context, result)
|
56
|
-
# cef_logging result, :ineffective_attack
|
57
|
-
# end
|
58
|
-
#
|
59
|
-
# protected
|
60
|
-
#
|
61
|
-
# def build_sample context, evaluation, _candidate_string, **kwargs
|
62
|
-
# sample = build_base_sample(context, evaluation)
|
63
|
-
# sample.user_input.value = kwargs[:method]
|
64
|
-
# sample.user_input.input_type = :METHOD
|
65
|
-
#
|
66
|
-
# sample.method_tampering = Contrast::Api::Dtm::HttpMethodTamperingDetails.new
|
67
|
-
# sample.method_tampering.method = Contrast::Utils::StringUtils.protobuf_safe_string(kwargs[:method])
|
68
|
-
# code = kwargs[:response_code] || -1
|
69
|
-
# sample.method_tampering.response_code = code.to_i
|
70
|
-
# sample
|
71
|
-
# end
|
72
|
-
#
|
73
|
-
# private
|
74
|
-
#
|
75
|
-
# def normal_request? context
|
76
|
-
# method = context.request.request_method
|
77
|
-
# context.request.static? || method.nil? || STANDARD_METHODS.include?(method.upcase)
|
78
|
-
# end
|
79
|
-
end
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
83
|
-
end
|
@@ -1,27 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/agent/reporting/details/protect_rule_details'
|
5
|
-
|
6
|
-
module Contrast
|
7
|
-
module Agent
|
8
|
-
module Reporting
|
9
|
-
module Details
|
10
|
-
# HttpMethodTemperingDetails IA result details info.
|
11
|
-
class HttpMethodTemperingDetails < ProtectRuleDetails
|
12
|
-
# @return [String]
|
13
|
-
attr_accessor :method
|
14
|
-
# @return [Integer]
|
15
|
-
attr_accessor :response_code
|
16
|
-
|
17
|
-
def to_controlled_hash
|
18
|
-
{
|
19
|
-
method: method, # rubocop:disable Security/Object/Method
|
20
|
-
responseCode: response_code
|
21
|
-
}
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
@@ -1,47 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/agent/reporting/reporter'
|
5
|
-
require 'contrast/agent/inventory/dependency_usage_analysis'
|
6
|
-
require 'contrast/agent/reporting/reporting_events/poll'
|
7
|
-
|
8
|
-
module Contrast
|
9
|
-
module Agent
|
10
|
-
# The ReporterHeartbeat will make sure that the process remains marked alive by TeamServer and that we periodically
|
11
|
-
# reach out to get the latest settings for this application. It also sends out those messages which do not need to
|
12
|
-
# be associated directly with a request, such as Server Activity and Library Observation.
|
13
|
-
class ReporterHeartbeat < Reporter
|
14
|
-
# TeamServer will mark an application offline after 5 minutes. Sending this every one should be more than enough
|
15
|
-
# to satisfy our goals.
|
16
|
-
REFRESH_INTERVAL_SEC = 60
|
17
|
-
|
18
|
-
def start_thread!
|
19
|
-
return if running?
|
20
|
-
|
21
|
-
@_thread = Contrast::Agent::Thread.new do
|
22
|
-
logger.info('Starting heartbeat thread.')
|
23
|
-
loop do
|
24
|
-
polling_events.each do |event|
|
25
|
-
Contrast::Agent.reporter&.send_event(event)
|
26
|
-
end
|
27
|
-
clean_properties
|
28
|
-
sleep(REFRESH_INTERVAL_SEC)
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
private
|
34
|
-
|
35
|
-
def poll_message
|
36
|
-
@_poll_message ||= Contrast::Agent::Reporting::Poll.new
|
37
|
-
end
|
38
|
-
|
39
|
-
# Those events which should be sent periodically, rather than on event or request.
|
40
|
-
#
|
41
|
-
# @return [Array<Contrast::Agent::Reporting::ReportingEvent>]
|
42
|
-
def polling_events
|
43
|
-
[Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.generate_library_usage, poll_message].compact
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end
|
47
|
-
end
|
@@ -1,44 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/agent/worker_thread'
|
5
|
-
require 'contrast/agent/reporting/report'
|
6
|
-
|
7
|
-
module Contrast
|
8
|
-
module Agent
|
9
|
-
# The ServerSettingsWorker will send request on interval, to make sure the Agent gets the settings it
|
10
|
-
# need to operate, from TS. This Thead should be started after the AgentStartup is complete.
|
11
|
-
class ServerSettingsWorker < WorkerThread
|
12
|
-
RESEND_INTERVAL_MS = 60_000.cs__freeze
|
13
|
-
|
14
|
-
def start_thread!
|
15
|
-
return if running?
|
16
|
-
|
17
|
-
@_thread = Contrast::Agent::Thread.new do
|
18
|
-
logger.info('Starting Server Settings Worker thread.', sending_interval: server_settings_resend_ms)
|
19
|
-
loop do
|
20
|
-
logger.info('Fetching Settings', sending_interval: server_settings_resend_ms)
|
21
|
-
Contrast::Agent.reporter&.send_event(settings_message)
|
22
|
-
sleep(server_settings_resend_ms / 1000)
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
private
|
28
|
-
|
29
|
-
# Polling messages for this thread. Including Server settings:
|
30
|
-
#
|
31
|
-
# @return [Contrast::Agent::Reporting::ReportingEvent]
|
32
|
-
def settings_message
|
33
|
-
@_settings_message ||= Contrast::Agent::Reporting::ServerSettings.new
|
34
|
-
end
|
35
|
-
|
36
|
-
# Get the value from settings or use the default one.
|
37
|
-
#
|
38
|
-
# @return resend_ms [Integer] time to resend the message
|
39
|
-
def server_settings_resend_ms
|
40
|
-
@_server_settings_resend_ms ||= Contrast::AGENT.polling.server_settings_ms&.to_i || RESEND_INTERVAL_MS
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
@@ -1,29 +0,0 @@
|
|
1
|
-
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: false
|
3
|
-
|
4
|
-
require 'ffi'
|
5
|
-
# require the gem
|
6
|
-
require 'contrast-agent-lib'
|
7
|
-
|
8
|
-
module Contrast
|
9
|
-
module AgentLib
|
10
|
-
# This module is for method tempering bindings: contrast_c::method_tampering
|
11
|
-
module MethodTempering
|
12
|
-
# TODO: RUBY-1632
|
13
|
-
# extend FFI::Library
|
14
|
-
# ffi_lib ContrastAgentLib::CONTRAST_C
|
15
|
-
#
|
16
|
-
# # returns 1 => true, 0 => false
|
17
|
-
# attach_function :is_method_tampering, [:string], :int32
|
18
|
-
#
|
19
|
-
# # Check to see if method is being tempered or not.
|
20
|
-
# # Used with Protect method-tampering rule.
|
21
|
-
# #
|
22
|
-
# # @param method [String] method to check
|
23
|
-
# # @return [Boolean]
|
24
|
-
# def dl__method_tempered? method
|
25
|
-
# is_method_tampering(method).positive?
|
26
|
-
# end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|