contrast-agent 7.3.0 → 7.3.2

data/lib/contrast/utils/assess/propagation_method_utils.rb

@@ -18,6 +18,7 @@ module Contrast
         REPLACE_ACTION = 'REPLACE'
         REMOVE_ACTION = 'REMOVE'
         REVERSE_ACTION = 'REVERSE'
+        RESPONSE_ACTION = 'RESPONSE'
         SPLAT_ACTION = 'SPLAT'
         SPLIT_ACTION = 'SPLIT'
         DB_WRITE_ACTION = 'DB_WRITE'
@@ -37,6 +38,7 @@ module Contrast
             REPLACE_ACTION => Contrast::Agent::Assess::Policy::Propagator::Replace,
             REMOVE_ACTION => Contrast::Agent::Assess::Policy::Propagator::Remove,
             REVERSE_ACTION => Contrast::Agent::Assess::Policy::Propagator::Reverse,
+            RESPONSE_ACTION => Contrast::Agent::Assess::Policy::Propagator::Response,
             SPLAT_ACTION => Contrast::Agent::Assess::Policy::Propagator::Splat,
             SPLIT_ACTION => Contrast::Agent::Assess::Policy::Propagator::Split
         }.cs__freeze

data/lib/contrast/utils/os.rb

@@ -8,7 +8,7 @@ module Contrast
   module Utils
     # Simple utility used to make OS calls and determine state. For that state
     # which will not change at runtime, such as the operating system, the
-    # Utility memozies to avoid multiple lookups.
+    # Utility memoizes to avoid multiple lookups.
     module OS
       extend Contrast::Components::Scope::InstanceMethods
 
@@ -25,14 +25,6 @@ module Contrast
           @_mac = RUBY_PLATFORM.include?('darwin') if @_mac.nil?
           @_mac
         end
-
-        def unix?
-          !windows?
-        end
-
-        def linux?
-          (unix? and !mac?)
-        end
       end
     end
   end

data/lib/contrast/utils/reporting/application_activity_batch_utils.rb

@@ -23,9 +23,6 @@ module Contrast
           return unless activity
           return if activity.defend.attackers.empty?
 
-          activity_batch.query_count += activity.query_count
-          activity_batch.routes << activity.routes
-          activity_batch.routes.flatten!
           merge_attackers(activity)
           activity_batch.attach_inventory(activity.inventory) unless activity.inventory.empty?
         end

data/lib/contrast.rb

@@ -75,7 +75,7 @@ module Contrast # :nodoc:
   API = CONFIG.api
   SETTINGS = Contrast::Components::Settings::Interface.new
   ASSESS = CONFIG.assess
-  PROTECT = Contrast::Components::Protect::Interface.new
+  PROTECT = CONFIG.protect
   INVENTORY = CONFIG.inventory
   AGENT = CONFIG.agent
   RUBY_INTERFACE = AGENT.ruby

data/resources/assess/policy.json

@@ -8,7 +8,35 @@
       "target":"R",
       "type":"PARAMETER",
       "tags":["CROSS_SITE"]
-    }, {
+    },
+    {
+     "class_name":"Net::HTTPResponse",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"body",
+      "target":"R",
+      "type":"BODY",
+      "tags":["CROSS_SITE"]
+    },
+    {
+     "class_name":"Rack::Response",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"body",
+      "target":"R",
+      "type":"BODY",
+      "tags":["CROSS_SITE"]
+    },
+    {
+     "class_name":"Sinatra::Response",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"body",
+      "target":"R",
+      "type":"BODY",
+      "tags":["CROSS_SITE"]
+    },
+    {
       "class_name":"Rack::Request::Helpers",
       "instance_method": true,
       "method_visibility": "public",
@@ -990,7 +1018,35 @@
       "source": "P0",
       "target": "R",
       "action": "SPLAT"
-    }, {
+    },
+    {
+      "class_name": "ActiveSupport::JSON",
+      "method_name": "encode",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT"
+    },
+    {
+      "class_name": "JSON",
+      "method_name": "generate",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT"
+    },
+    {
+      "class_name": "JSON",
+      "method_name": "pretty_generate",
+      "instance_method": false,
+      "method_visibility": "public",
+      "source": "P0",
+      "target": "R",
+      "action": "SPLAT"
+    },
+    {
       "class_name": "Zlib::Deflate",
       "method_name": "deflate",
       "instance_method": false,
@@ -1082,7 +1138,28 @@
       "source": "P0",
       "target": "R",
       "action": "SPLAT"
-    }, {
+    },
+    {
+      "class_name":"Net::HTTPRequest",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"body=",
+      "source":"P0",
+      "target":"O",
+      "action":"KEEP"
+    },
+    {
+      "class_name":"Net::HTTP",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"request",
+      "action": "CUSTOM",
+      "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Response",
+      "patch_method": "net_response_keep",
+      "source": "O,P1",
+      "target": "R"
+    },
+    {
       "class_name": "URI::Generic",
       "method_name": "initialize",
       "instance_method": true,

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 7.3.0
+  version: 7.3.2
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-07-26 00:00:00.000000000 Z
+date: 2023-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -930,6 +930,7 @@ files:
 - lib/contrast/agent/assess/policy/propagator/rack_protection.rb
 - lib/contrast/agent/assess/policy/propagator/remove.rb
 - lib/contrast/agent/assess/policy/propagator/replace.rb
+- lib/contrast/agent/assess/policy/propagator/response.rb
 - lib/contrast/agent/assess/policy/propagator/reverse.rb
 - lib/contrast/agent/assess/policy/propagator/select.rb
 - lib/contrast/agent/assess/policy/propagator/splat.rb