contrast-agent 6.9.0 → 6.11.0

data/lib/contrast/components/config.rb

@@ -30,7 +30,7 @@ module Contrast
       DATE_TIME = '%Y-%m-%dT%H:%M:%S.%L%z'
 
       class Interface # :nodoc: # rubocop:disable Metrics/ClassLength
-        SESSION_VARIABLES = 'Invalid configuration. '\
+        SESSION_VARIABLES = 'Invalid configuration. ' \
                             "Setting both application.session_id and application.session_metadata is not allowed.\n"
         API_URL = "Invalid configuration. Missing a required connection value 'url' is not set."
         API_KEY = "Invalid configuration. Missing a required connection value 'api_key' is not set."

data/lib/contrast/components/polling.rb

@@ -12,6 +12,8 @@ module Contrast
 
         # @return [Integer, nil]
         attr_reader :server_settings_ms
+        # @return [Integer, nil]
+        attr_reader :app_settings_ms
         # @return [String]
         attr_reader :canon_name
         # @return [Array]
@@ -20,7 +22,7 @@ module Contrast
         attr_reader :batch_reporting_interval_ms
 
         CANON_NAME = 'agent.polling'
-        CONFIG_VALUES = %w[server_settings_ms batch_reporting_interval_ms].cs__freeze
+        CONFIG_VALUES = %w[server_settings_ms app_settings_ms batch_reporting_interval_ms].cs__freeze
 
         def initialize hsh = {}
           @config_values = CONFIG_VALUES
@@ -29,6 +31,7 @@ module Contrast
 
           @server_settings_ms = hsh[:server_settings_ms]
           @batch_reporting_interval_ms = hsh[:batch_reporting_interval_ms]
+          @app_settings_ms = hsh[:app_settings_ms]
         end
       end
     end

data/lib/contrast/components/settings.rb

@@ -75,6 +75,11 @@ module Contrast
         # two dates are the same.
         # format: <day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT
         attr_reader :server_settings_last_httpdate
+        # @return [String] The last update but in string format used to build request header.
+        # This value should be sent be TS in the Last-Modified header to sync and save resources if the
+        # two dates are the same.
+        # format: <day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT
+        attr_reader :app_settings_last_httpdate
 
         def initialize
           reset_state
@@ -85,13 +90,15 @@ module Contrast
         end
 
         # @param features_response [Contrast::Agent::Reporting::Response]
-        def update_from_server_features features_response
+        def update_from_server_features features_response # rubocop:disable Metrics/AbcSize
           return unless (server_features = features_response&.server_features)
 
           log_file = server_features.log_file
           log_level = server_features.log_level
           # Update logger:
           Contrast::Logger::Log.instance.update(log_file, log_level) if log_file || log_level
+          # Update AgentLib Logger
+          update_agent_lib_log(log_level.to_s)
           # Update CEFlogger:
           unless server_features.security_logger.settings_blank?
             cef_logger.build_logger(server_features.security_logger.log_level, server_features.security_logger.log_file)
@@ -110,6 +117,25 @@ module Contrast
           # next request's header with the same time will save needless update of settings if there
           # are no new server features updates after the said time.
           @server_settings_last_httpdate = header_last_update
+        rescue StandardError => e
+          logger.warn('The following error occurred from server update: ', e: e)
+        end
+
+        # Update AgentLib log level
+        def update_agent_lib_log new_log_level
+          agent_lib_log_level = Contrast::AgentLib::InterfaceBase::LOG_LEVEL[0] if new_log_level.empty?
+          agent_lib_log_level ||= Contrast::AgentLib::InterfaceBase::LOG_LEVEL.key(new_log_level.upcase)
+
+          # detect if the provided level is invalid and log if it is
+          # by default if we pass invalid log level - it will leave the last active
+          unless Contrast::AgentLib::InterfaceBase::LOG_LEVEL.value?(new_log_level.upcase)
+            cur_active = Contrast::AGENT_LIB.log_level
+            logger.debug('The provided level was invalid, so the logger stays to the last active: ',
+                         active: cur_active,
+                         provided_level: new_log_level)
+          end
+
+          Contrast::AGENT_LIB.change_log_options(true, agent_lib_log_level)
         end
 
         # Update Assess server features
@@ -135,23 +161,41 @@ module Contrast
 
           @application_state.modes_by_id = app_settings.protect.protection_rules_to_settings_hash
           update_exclusion_matchers(app_settings.exclusions)
+          app_settings.protect.virtual_patches = app_settings.protect.virtual_patches unless
+            settings_empty?(app_settings.protect.virtual_patches)
           update_sensitive_data_policy(app_settings.sensitive_data_masking)
           @assess_state.disabled_assess_rules = app_settings.assess.disabled_rules
           new_session_id = app_settings.assess.session_id
           @assess_state.session_id = new_session_id if new_session_id && !new_session_id.blank?
           @last_app_update_ms = Contrast::Utils::Timer.now_ms
+          @app_settings_last_httpdate = header_last_update
         end
 
         # Wipe state to zero.
         def reset_state
           @protect_state = PROTECT_STATE_BASE.dup
-          @assess_state = ASSESS_STATE_BASE.dup
+          update_assess_state
           @application_state = APPLICATION_STATE_BASE.dup
           @tainted_columns = {}
           @sensitive_data_masking = SENSITIVE_DATA_MASKING_BASE.dup
           @excluder = Contrast::Agent::Excluder.new
         end
 
+        # We save the session_id, reset and set it again if available.
+        # This done so that reporting between updates won't trigger argument error
+        # for missing session_id given one is already set and used with the first application
+        # create response received from TS.
+        #
+        # @return [Struct]
+        def update_assess_state
+          current_session_id = @assess_state&.session_id
+          @assess_state = ASSESS_STATE_BASE.dup
+          # There is application settings update for the session id if new is received.
+          # Here we make sure not to delete the already set one.
+          @assess_state&.session_id = current_session_id unless current_session_id&.empty?
+          @assess_state
+        end
+
         def build_protect_rules
           @protect_state.rules = {}
 
@@ -160,7 +204,6 @@ module Contrast
           cmdi = Contrast::Agent::Protect::Rule::CmdInjection.new
           cmdi.sub_rules
           Contrast::Agent::Protect::Rule::Deserialization.new
-          Contrast::Agent::Protect::Rule::HttpMethodTampering.new
           Contrast::Agent::Protect::Rule::NoSqli.new
           path = Contrast::Agent::Protect::Rule::PathTraversal.new
           path.sub_rules

data/lib/contrast/config/config.rb

@@ -25,10 +25,10 @@ module Contrast
         def determine_config_status response
           return unless response
           # If we encounter for some of the startup events failure - always return failure
-          return if @config_status == MESSAGE_FAIL || CONN_STATUS_MSG_FAILURE
+          return if [MESSAGE_FAIL, CONN_STATUS_MSG_FAILURE].include?(@config_status)
 
           response_code = response.code.to_s
-          @config_status = response_code.starts_with?('2') ? MESSAGE_SUCCESSFUL : MESSAGE_FAIL
+          @config_status = response_code.start_with?('2') ? MESSAGE_SUCCESSFUL : MESSAGE_FAIL
           nil
         end
 

data/lib/contrast/config/protect_rule_configuration.rb

@@ -36,7 +36,7 @@ module Contrast
       # String to its recognized symbol equivalent. If a nonsense value is provided, it'll
       # be treated the same as disabling the rule.
       #
-      # @return [Symbol]
+      # @return [Symbol, nil]
       def applicable_mode
         return unless mode
 

data/lib/contrast/config/protect_rules_configuration.rb

@@ -50,7 +50,7 @@ module Contrast
           Contrast::Config::ProtectRuleConfiguration.new(hsh[:'sql-injection-semantic-dangerous-functions'])
         @unsafe_file_upload = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'unsafe-file-upload'])
         @untrusted_deserialization = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'untrusted-deserialization'])
-        @xxe = Contrast::Config::ProtectRuleConfiguration.new(hsh['xxe'])
+        @xxe = Contrast::Config::ProtectRuleConfiguration.new(hsh[:xxe])
       end
 
       def []= key, value

data/lib/contrast/extension/assess/array.rb

@@ -13,10 +13,10 @@ module Contrast
       # This is our patch of the Array class required to handle propagation
       # Disclaimer: there may be a better way, but we're in a 'get it work' state.
       # Hopefully, we'll be in a 'get it right' state soon.
-      class ArrayPropagator # rubocop:disable Style/StaticClass
+      class ArrayPropagator
         extend Contrast::Components::Scope::InstanceMethods
 
-        ARRAY_JOIN_HASH = {
+        ARRAY_JOIN_HASH ||= { # rubocop:disable Lint/OrAssignmentToConstant
             'class_name' => 'Array',
             'instance_method' => true,
             'method_visibility' => 'public',
@@ -27,7 +27,7 @@ module Contrast
             'patch_class' => 'NOOP',
             'patch_method' => 'cs__track_join'
         }.cs__freeze
-        ARRAY_JOIN_NODE = Contrast::Agent::Assess::Policy::PropagationNode.new(ARRAY_JOIN_HASH)
+        ARRAY_JOIN_NODE ||= Contrast::Agent::Assess::Policy::PropagationNode.new(ARRAY_JOIN_HASH) # rubocop:disable Lint/OrAssignmentToConstant
 
         class << self
           # When you call join, they use an internal thing, so there's no good way to get at the thing being returned.

data/lib/contrast/extension/assess/regexp.rb

@@ -17,7 +17,7 @@ module Contrast
         extend Contrast::Components::Logger::InstanceMethods
         extend Contrast::Components::Scope::InstanceMethods
 
-        REGEXP_EQUAL_SQUIGGLE_HASH = {
+        REGEXP_EQUAL_SQUIGGLE_HASH ||= { # rubocop:disable Lint/OrAssignmentToConstant
             'id' => 'regexp_100',
             'class_name' => 'Regexp',
             'instance_method' => true,
@@ -29,7 +29,7 @@ module Contrast
             'patch_class' => 'Contrast::Extension::Assess::RegexpPropagator',
             'patch_method' => 'track_equal_squiggle'
         }.cs__freeze
-        REGEXP_EQUAL_SQUIGGLE_NODE = Contrast::Agent::Assess::Policy::PropagationNode.new(REGEXP_EQUAL_SQUIGGLE_HASH)
+        REGEXP_EQUAL_SQUIGGLE_NODE ||= Contrast::Agent::Assess::Policy::PropagationNode.new(REGEXP_EQUAL_SQUIGGLE_HASH) # rubocop:disable Lint/OrAssignmentToConstant
         private_constant :REGEXP_EQUAL_SQUIGGLE_HASH
         private_constant :REGEXP_EQUAL_SQUIGGLE_NODE
 

data/lib/contrast/framework/rack/patch/session_cookie.rb

@@ -48,7 +48,8 @@ module Contrast
 
             def vulnerable_setting?(setting_key,
                                     safe_settings_value,
-                                    options, safe_default: true,
+                                    options,
+                                    safe_default: true,
                                     comparison_type: nil)
               # In most cases, Rack is pretty nice and the default value is safe
               return !safe_default unless options&.key?(setting_key)

data/lib/contrast/logger/aliased_logging.rb

@@ -41,31 +41,39 @@ module Contrast
 
       private
 
+      # @param type [ALIASED_FATAL, ALIASED_ERROR, ALIASED_WARN] the type of error, used to indicate the function used
+      #   for logging
+      # @param message [String] the exception message
+      # @param exception [Exception] The exception or error
+      # @param data [Object] Any structured data
       def build_exception type, message = nil, exception = nil, data = nil
-        stack_trace = get_stack_trace(type)
-        stack_frame_type = Contrast::Agent::Telemetry::TelemetryException::Obfuscate.obfuscate_type(
-            stack_trace[1].path.delete_prefix(Dir.pwd))
-        stack_frame_function = stack_trace[1].label
+        stack_trace = wrapped_caller_locations
+        caller_idx = stack_trace&.find_index { |stack| stack.to_s.include?(type) } || 0
+        # The caller_stack is the method in which the error occurred, so has to be above this method
+        caller_idx += 1
+        caller_frame = stack_trace[caller_idx]
+        stack_frame_type = caller_frame.path.delete_prefix(Dir.pwd)
+        stack_frame_function = caller_frame.label
         key = "#{ stack_frame_type }|#{ stack_frame_function }|#{ message }"
-        if TELEMETRY_EXCEPTIONS[key]
-          TELEMETRY_EXCEPTIONS.increment(key)
+        if Contrast::TELEMETRY_EXCEPTIONS[key]
+          Contrast::TELEMETRY_EXCEPTIONS.increment(key)
           return
         end
 
-        return if TELEMETRY_EXCEPTIONS.exception_limit?
-
-        message_exception_type = Contrast::Agent::Telemetry::TelemetryException::Obfuscate.obfuscate_exception_type(
-            exception ? exception.cs__class.to_s : stack_frame_type.split('/').last)
+        return if Contrast::TELEMETRY_EXCEPTIONS.exception_limit?
 
+        message_exception_type = exception ? exception.cs__class.to_s : stack_frame_type.split('/').last
         event_message = create_message(stack_frame_function,
                                        stack_frame_type, message_exception_type,
                                        data, exception,
                                        message)
+        build_stack(event_message, stack_trace, caller_idx)
         TELEMETRY_EXCEPTIONS[key] = event_message
       rescue StandardError => e
-        debug('Unable to report exception to telemetry', e)
+        debug('[Telemetry] Unable to report exception', e)
       end
 
+      # @return [Contrast::Agent::Telemetry::TelemetryException::Event]
       def create_message stack_frame_function, stack_frame_type, message_exception_type, data, exception, message
         message_for_exception = if exception
                                   exception.cs__respond_to?(:message) ? exception.message : exception
@@ -89,12 +97,37 @@ module Contrast
         message = Contrast::Agent::Telemetry::TelemetryException::Message.build(tags, [message_exception])
         Contrast::Agent::Telemetry::TelemetryException::Event.new(message)
       rescue ArgumentError => e
-        debug('TelemetryException failed from aliased logging with: ', e)
+        debug('[Telemetry] TelemetryException failed from aliased logging with: ', e)
+      end
+
+      # Convert the given caller_stack from the event into the exception StackFrame format for reporting, appending it
+      # to the Exception wrapped in the Event.
+      #
+      # @param event_message [Contrast::Agent::Telemetry::TelemetryException::Event]
+      # @param caller_stack [(Array<Thread::Backtrace::Location>, nil]
+      # @param caller_idx [Integer] the starting location for the exception, which allows filtering out the logger code
+      #   from the stack
+      def build_stack event_message, caller_stack, caller_idx = 0
+        return unless caller_stack
+
+        event_exception = event_message.exceptions[0]
+        event_exception_message = event_exception.exceptions[0]
+
+        caller_stack.each_with_index do |caller, idx|
+          next unless idx > caller_idx
+
+          stack_frame =
+            Contrast::Agent::Telemetry::TelemetryException::StackFrame.build(caller.label,
+                                                                             caller.path.delete_prefix(Dir.pwd))
+          event_exception_message.push(stack_frame)
+        end
       end
 
-      def get_stack_trace type
-        start = caller_locations&.find_index { |stack| stack.to_s.include?(type) }
-        start ? caller_locations(start + 1, 20) : caller_locations(20, 20)
+      # This is purely a wrapper around caller_locations used for testing
+      #
+      # @return [Array<Thread::Backtrace::Location>, nil]
+      def wrapped_caller_locations
+        caller_locations
       end
     end
   end

data/lib/contrast/utils/duck_utils.rb

@@ -63,6 +63,24 @@ module Contrast
           # otherwise, don't risk it
           false
         end
+
+        # Every duck quacks to nil, we need to check if it is empty?
+        # Utils method to check for blank ( nil or empty object ).
+        #
+        # @param [Object] object to test.
+        # @return [Boolean]
+        def empty_duck? object
+          # If not quacking to empty it is True/False class, Integer, Regexp or Time instance.
+          return false if object.instance_of?(TrueClass) || object.instance_of?(FalseClass)
+
+          if object.cs__respond_to?(:empty?)
+            return true if object.empty?
+          elsif object.nil?
+            return true
+          end
+
+          false
+        end
       end
     end
   end

data/lib/contrast/utils/heap_dump_util.rb

@@ -35,7 +35,7 @@ module Contrast
         control = Contrast::Utils::HeapDumpUtil.control
         log_enabled_warning
         dir = control[:path]
-        Dir.mkdir(dir) unless Dir.exist?(dir)
+        FileUtils.mkdir_p(dir)
         return unless File.writable?(dir)
 
         delay = control[:delay]

data/lib/contrast/utils/input_classification_base.rb

@@ -43,7 +43,7 @@ module Contrast
                 next unless v
 
                 result = create_new_input_result(input_analysis.request, rule.rule_name, input_type, v)
-                input_analysis.results << result unless result.nil?
+                append_result(input_analysis, result)
               end
             end
 
@@ -51,6 +51,7 @@ module Contrast
           rescue StandardError => e
             logger.debug("An Error was recorded in the input classification of the #{ rule_id }")
             logger.debug(e)
+            nil
           end
 
           # Creates new isntance of InputAnalysisResult with basic info.
@@ -103,16 +104,24 @@ module Contrast
           # @return [Integer<Contrast::AgentLib::Interface::INPUT_SET>]
           def convert_input_type input_type
             case input_type
-            when BODY, DWR_VALUE
+            when URI, URL_PARAMETER
+              Contrast::AGENT_LIB.input_set[:URI_PATH]
+            when BODY, DWR_VALUE, SOCKET, UNDEFINED_TYPE, UNKNOWN, REQUEST, QUERYSTRING
               Contrast::AGENT_LIB.input_set[:PARAMETER_VALUE]
             when HEADER
               Contrast::AGENT_LIB.input_set[:HEADER_VALUE]
             when MULTIPART_VALUE, MULTIPART_FIELD_NAME
               Contrast::AGENT_LIB.input_set[:MULTIPART_NAME]
+            when JSON_ARRAYED_VALUE
+              Contrast::AGENT_LIB.input_set[:JSON_KEY]
+            when PARAMETER_NAME
+              Contrast::AGENT_LIB.input_set[:PARAMETER_KEY]
             else
               Contrast::AGENT_LIB.input_set[input_type]
             end
-          rescue StandardError
+          rescue StandardError => e
+            logger.debug('Protect Input classification could not determine input type, falling back to default',
+                         error: e)
             Contrast::AGENT_LIB.input_set[:PARAMETER_VALUE]
           end
 
@@ -133,7 +142,7 @@ module Contrast
             input_eval = Contrast::AGENT_LIB.eval_input(value,
                                                         convert_input_type(input_type),
                                                         Contrast::AGENT_LIB.rule_set[rule_id],
-                                                        Contrast::AGENT_LIB.eval_option[:WORTHWATCHING])
+                                                        Contrast::AGENT_LIB.eval_option[:PREFER_WORTH_WATCHING])
 
             ia_result = new_ia_result(rule_id, input_type, request.path, value)
             score = input_eval&.score || 0
@@ -148,6 +157,14 @@ module Contrast
             add_needed_key(request, ia_result, input_type, value) if KEYS_NEEDED.include?(input_type)
             ia_result
           end
+
+          def append_result ia_analysis, result
+            unless result.nil?
+              ia_analysis.results << result
+              ia_analysis.triggered_rules << result.rule_id unless ia_analysis.triggered_rules.include?(result.rule_id)
+            end
+            ia_analysis
+          end
         end
       end
     end

data/lib/contrast/utils/log_utils.rb

@@ -26,7 +26,7 @@ module Contrast
         return File.writable?(path) if File.exist?(path)
 
         dir_name = File.dirname(File.absolute_path(path))
-        FileUtils.mkdir_p(dir_name) unless Dir.exist?(dir_name)
+        FileUtils.mkdir_p(dir_name)
         File.writable?(dir_name)
       end
 

data/lib/contrast/utils/middleware_utils.rb

@@ -12,7 +12,7 @@ module Contrast
       LANGUAGE_DEPRECATION_VERSION = '2.7'
       LANGUAGE_DEPRECATION_YEAR = '2023'
       LANGUAGE_DEPRECATION_WARNING =
-        "[Contrast Security] [DEPRECATION] Support for Ruby #{ LANGUAGE_DEPRECATION_VERSION } will be removed in "\
+        "[Contrast Security] [DEPRECATION] Support for Ruby #{ LANGUAGE_DEPRECATION_VERSION } will be removed in " \
         "April #{ LANGUAGE_DEPRECATION_YEAR }. Please contact Customer Support prior if you require continued support."
 
       def setup_agent

data/lib/contrast/utils/patching/policy/patch_utils.rb

@@ -23,8 +23,8 @@ module Contrast
         # Given a method, return a symbol in the format
         # <method_start>_unbound_<method_name>
         def build_unbound_method_name patcher_method
-          "#{ Contrast::Utils::ObjectShare::CONTRAST_PATCHED_METHOD_START }unbound"\
-          "#{ Contrast::Utils::ObjectShare::UNDERSCORE }"\
+          "#{ Contrast::Utils::ObjectShare::CONTRAST_PATCHED_METHOD_START }unbound" \
+          "#{ Contrast::Utils::ObjectShare::UNDERSCORE }" \
           "#{ patcher_method }".to_sym
         end
 

data/lib/contrast/utils/routes_sent.rb

@@ -3,6 +3,7 @@
 
 # require 'contrast/components/logger'
 # require 'contrast/agent/telemetry/events/exceptions/telemetry_exception_event'
+require 'contrast/utils/duck_utils'
 
 module Contrast
   module Utils
@@ -12,7 +13,7 @@ module Contrast
     class RoutesSent
       # include Contrast::Components::Logger::InstanceMethods
       ROUTES_LIMIT = 500
-      TIME_LIMIT_IN_SECONDS = 3600
+      TIME_LIMIT_IN_SECONDS = 60
 
       attr_accessor :cache
 
@@ -22,9 +23,12 @@ module Contrast
 
       # Determine whether the provided route can be sent to TeamServer.
       #
-      # @param [Contrast::Agent::Reporting::ObservedRoute] the route
+      # @param route [Contrast::Agent::Reporting::ObservedRoute] the route
       # @return [boolean]
       def sendable? route
+        return false if Contrast::Utils::DuckUtils.empty_duck?(route.signature)
+        return false if Contrast::Utils::DuckUtils.empty_duck?(route.url)
+
         route_hash = route.hash_id
 
         # If hash doesn't exist in @cache...

data/lib/contrast/utils/telemetry.rb

@@ -9,7 +9,7 @@ module Contrast
   module Utils
     # Tools for supporting the Telemetry feature
     module Telemetry
-      DIR = '/ect/contrast/ruby-agent/'.cs__freeze
+      DIR = '/etc/contrast/ruby-agent/'.cs__freeze
       FILE = '.telemetry'.cs__freeze
       CURRENT_DIR = Dir.pwd.cs__freeze
       CONFIG_DIR = CURRENT_DIR + '/config/contrast/'.cs__freeze
@@ -81,7 +81,7 @@ module Contrast
         #
         # @return[Boolean] true if success, false if fails
         def touch_marker dir, file
-          FileUtils.mkdir_p(dir) unless Dir.exist?(dir)
+          FileUtils.mkdir_p(dir)
           FileUtils.touch(dir + file)
           File.file?(dir + file)
         rescue StandardError => _e

data/lib/contrast/utils/telemetry_client.rb

@@ -99,7 +99,7 @@ module Contrast
       def get_event_json event
         Array(event.to_controlled_hash).to_json
       rescue Exception => e # rubocop:disable Lint/RescueException
-        logger.error('Unable to convert TelemetryEvent to JSON string', e, hsh)
+        logger.error('[Telemetry] Unable to convert TelemetryEvent to JSON string', e, hsh)
         raise(e)
       end
     end

data/resources/protect/policy.json

@@ -128,6 +128,14 @@
             "database": "MongoDB"
           }
         },{
+          "class_name": "Mongo::Collection",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "find",
+          "properties": {
+            "database": "MongoDB"
+           }
+         },{
           "class_name": "Moped::Node",
           "method_name": "read",
           "instance_method": true,

data/ruby-agent.gemspec

@@ -75,7 +75,7 @@ def self.add_specs spec
   spec.add_development_dependency 'factory_bot'
   spec.add_development_dependency 'fake_ftp'
   spec.add_development_dependency 'openssl'
-  spec.add_development_dependency 'parallel_tests'
+  spec.add_development_dependency 'parallel_tests', '~> 3.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec-benchmark'
   spec.add_development_dependency 'rspec_junit_formatter', '0.3.0'
@@ -92,11 +92,11 @@ end
 
 # Dependencies used to run all of our Rubocop during the linting phase.
 def self.add_rubocop spec
-  spec.add_development_dependency 'rubocop', '1.26.1'
-  spec.add_development_dependency 'rubocop-performance', '1.13.3'
-  spec.add_development_dependency 'rubocop-rails', '2.14.2'
+  spec.add_development_dependency 'rubocop', '1.37.1'
+  spec.add_development_dependency 'rubocop-performance', '1.15.0'
+  spec.add_development_dependency 'rubocop-rails', '2.17.2'
   spec.add_development_dependency 'rubocop-rake', '0.6.0'
-  spec.add_development_dependency 'rubocop-rspec', '2.9.0'
+  spec.add_development_dependency 'rubocop-rspec', '2.14.2'
 end
 
 # Dependencies not mocked out during RSpec that we test real code of, beyond just frameworks.
@@ -121,7 +121,7 @@ end
 def self.add_dependencies spec
   spec.add_dependency 'ougai', '>= 1.8', '< 3.0.0'
   spec.add_dependency 'rack', '~> 2.0'
-  spec.add_dependency 'contrast-agent-lib', '~> 0.1.0'
+  spec.add_dependency 'contrast-agent-lib',  '~> 0.1.0', '>= 0.1.3'
   spec.add_dependency 'ffi', '~> 1.0'
 end