contrast-agent 7.3.0 → 7.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. checksums.yaml +4 -4
  2. data/ext/cs__scope/cs__scope.c +76 -7
  3. data/ext/cs__scope/cs__scope.h +4 -0
  4. data/lib/contrast/agent/assess/policy/policy_node.rb +25 -6
  5. data/lib/contrast/agent/assess/policy/propagator/response.rb +64 -0
  6. data/lib/contrast/agent/assess/policy/propagator.rb +1 -0
  7. data/lib/contrast/agent/assess/policy/source_method.rb +5 -0
  8. data/lib/contrast/agent/assess/rule/response/body_rule.rb +22 -7
  9. data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +4 -1
  10. data/lib/contrast/agent/inventory/policy/datastores.rb +0 -3
  11. data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +4 -10
  12. data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +11 -12
  13. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +4 -29
  14. data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +1 -2
  15. data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +2 -2
  16. data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +2 -2
  17. data/lib/contrast/agent/reporting/reporting_utilities/ng_response_extractor.rb +15 -2
  18. data/lib/contrast/agent/reporting/reporting_utilities/response.rb +0 -2
  19. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +5 -2
  20. data/lib/contrast/agent/reporting/settings/protect.rb +61 -18
  21. data/lib/contrast/agent/reporting/settings/server_features.rb +2 -0
  22. data/lib/contrast/agent/telemetry/exception/obfuscate.rb +4 -3
  23. data/lib/contrast/agent/telemetry/identifier.rb +13 -26
  24. data/lib/contrast/agent/version.rb +1 -1
  25. data/lib/contrast/components/assess.rb +33 -6
  26. data/lib/contrast/components/base.rb +4 -2
  27. data/lib/contrast/components/config.rb +2 -2
  28. data/lib/contrast/components/protect.rb +14 -1
  29. data/lib/contrast/components/settings.rb +11 -1
  30. data/lib/contrast/config/diagnostics/command_line.rb +2 -2
  31. data/lib/contrast/config/diagnostics/environment_variables.rb +2 -1
  32. data/lib/contrast/config/diagnostics/tools.rb +15 -5
  33. data/lib/contrast/configuration.rb +61 -29
  34. data/lib/contrast/logger/application.rb +3 -3
  35. data/lib/contrast/utils/assess/propagation_method_utils.rb +2 -0
  36. data/lib/contrast/utils/os.rb +1 -9
  37. data/lib/contrast/utils/reporting/application_activity_batch_utils.rb +0 -3
  38. data/lib/contrast.rb +1 -1
  39. data/resources/assess/policy.json +80 -3
  40. metadata +3 -2
@@ -18,6 +18,7 @@ module Contrast
18
18
  REPLACE_ACTION = 'REPLACE'
19
19
  REMOVE_ACTION = 'REMOVE'
20
20
  REVERSE_ACTION = 'REVERSE'
21
+ RESPONSE_ACTION = 'RESPONSE'
21
22
  SPLAT_ACTION = 'SPLAT'
22
23
  SPLIT_ACTION = 'SPLIT'
23
24
  DB_WRITE_ACTION = 'DB_WRITE'
@@ -37,6 +38,7 @@ module Contrast
37
38
  REPLACE_ACTION => Contrast::Agent::Assess::Policy::Propagator::Replace,
38
39
  REMOVE_ACTION => Contrast::Agent::Assess::Policy::Propagator::Remove,
39
40
  REVERSE_ACTION => Contrast::Agent::Assess::Policy::Propagator::Reverse,
41
+ RESPONSE_ACTION => Contrast::Agent::Assess::Policy::Propagator::Response,
40
42
  SPLAT_ACTION => Contrast::Agent::Assess::Policy::Propagator::Splat,
41
43
  SPLIT_ACTION => Contrast::Agent::Assess::Policy::Propagator::Split
42
44
  }.cs__freeze
@@ -8,7 +8,7 @@ module Contrast
8
8
  module Utils
9
9
  # Simple utility used to make OS calls and determine state. For that state
10
10
  # which will not change at runtime, such as the operating system, the
11
- # Utility memozies to avoid multiple lookups.
11
+ # Utility memoizes to avoid multiple lookups.
12
12
  module OS
13
13
  extend Contrast::Components::Scope::InstanceMethods
14
14
 
@@ -25,14 +25,6 @@ module Contrast
25
25
  @_mac = RUBY_PLATFORM.include?('darwin') if @_mac.nil?
26
26
  @_mac
27
27
  end
28
-
29
- def unix?
30
- !windows?
31
- end
32
-
33
- def linux?
34
- (unix? and !mac?)
35
- end
36
28
  end
37
29
  end
38
30
  end
@@ -23,9 +23,6 @@ module Contrast
23
23
  return unless activity
24
24
  return if activity.defend.attackers.empty?
25
25
 
26
- activity_batch.query_count += activity.query_count
27
- activity_batch.routes << activity.routes
28
- activity_batch.routes.flatten!
29
26
  merge_attackers(activity)
30
27
  activity_batch.attach_inventory(activity.inventory) unless activity.inventory.empty?
31
28
  end
data/lib/contrast.rb CHANGED
@@ -75,7 +75,7 @@ module Contrast # :nodoc:
75
75
  API = CONFIG.api
76
76
  SETTINGS = Contrast::Components::Settings::Interface.new
77
77
  ASSESS = CONFIG.assess
78
- PROTECT = Contrast::Components::Protect::Interface.new
78
+ PROTECT = CONFIG.protect
79
79
  INVENTORY = CONFIG.inventory
80
80
  AGENT = CONFIG.agent
81
81
  RUBY_INTERFACE = AGENT.ruby
@@ -8,7 +8,35 @@
8
8
  "target":"R",
9
9
  "type":"PARAMETER",
10
10
  "tags":["CROSS_SITE"]
11
- }, {
11
+ },
12
+ {
13
+ "class_name":"Net::HTTPResponse",
14
+ "instance_method": true,
15
+ "method_visibility": "public",
16
+ "method_name":"body",
17
+ "target":"R",
18
+ "type":"BODY",
19
+ "tags":["CROSS_SITE"]
20
+ },
21
+ {
22
+ "class_name":"Rack::Response",
23
+ "instance_method": true,
24
+ "method_visibility": "public",
25
+ "method_name":"body",
26
+ "target":"R",
27
+ "type":"BODY",
28
+ "tags":["CROSS_SITE"]
29
+ },
30
+ {
31
+ "class_name":"Sinatra::Response",
32
+ "instance_method": true,
33
+ "method_visibility": "public",
34
+ "method_name":"body",
35
+ "target":"R",
36
+ "type":"BODY",
37
+ "tags":["CROSS_SITE"]
38
+ },
39
+ {
12
40
  "class_name":"Rack::Request::Helpers",
13
41
  "instance_method": true,
14
42
  "method_visibility": "public",
@@ -990,7 +1018,35 @@
990
1018
  "source": "P0",
991
1019
  "target": "R",
992
1020
  "action": "SPLAT"
993
- }, {
1021
+ },
1022
+ {
1023
+ "class_name": "ActiveSupport::JSON",
1024
+ "method_name": "encode",
1025
+ "instance_method": false,
1026
+ "method_visibility": "public",
1027
+ "source": "P0",
1028
+ "target": "R",
1029
+ "action": "SPLAT"
1030
+ },
1031
+ {
1032
+ "class_name": "JSON",
1033
+ "method_name": "generate",
1034
+ "instance_method": false,
1035
+ "method_visibility": "public",
1036
+ "source": "P0",
1037
+ "target": "R",
1038
+ "action": "SPLAT"
1039
+ },
1040
+ {
1041
+ "class_name": "JSON",
1042
+ "method_name": "pretty_generate",
1043
+ "instance_method": false,
1044
+ "method_visibility": "public",
1045
+ "source": "P0",
1046
+ "target": "R",
1047
+ "action": "SPLAT"
1048
+ },
1049
+ {
994
1050
  "class_name": "Zlib::Deflate",
995
1051
  "method_name": "deflate",
996
1052
  "instance_method": false,
@@ -1082,7 +1138,28 @@
1082
1138
  "source": "P0",
1083
1139
  "target": "R",
1084
1140
  "action": "SPLAT"
1085
- }, {
1141
+ },
1142
+ {
1143
+ "class_name":"Net::HTTPRequest",
1144
+ "instance_method": true,
1145
+ "method_visibility": "public",
1146
+ "method_name":"body=",
1147
+ "source":"P0",
1148
+ "target":"O",
1149
+ "action":"KEEP"
1150
+ },
1151
+ {
1152
+ "class_name":"Net::HTTP",
1153
+ "instance_method": true,
1154
+ "method_visibility": "public",
1155
+ "method_name":"request",
1156
+ "action": "CUSTOM",
1157
+ "patch_class": "Contrast::Agent::Assess::Policy::Propagator::Response",
1158
+ "patch_method": "net_response_keep",
1159
+ "source": "O,P1",
1160
+ "target": "R"
1161
+ },
1162
+ {
1086
1163
  "class_name": "URI::Generic",
1087
1164
  "method_name": "initialize",
1088
1165
  "instance_method": true,
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: contrast-agent
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.3.0
4
+ version: 7.3.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
13
13
  autorequire:
14
14
  bindir: exe
15
15
  cert_chain: []
16
- date: 2023-07-26 00:00:00.000000000 Z
16
+ date: 2023-08-09 00:00:00.000000000 Z
17
17
  dependencies:
18
18
  - !ruby/object:Gem::Dependency
19
19
  name: bundler
@@ -930,6 +930,7 @@ files:
930
930
  - lib/contrast/agent/assess/policy/propagator/rack_protection.rb
931
931
  - lib/contrast/agent/assess/policy/propagator/remove.rb
932
932
  - lib/contrast/agent/assess/policy/propagator/replace.rb
933
+ - lib/contrast/agent/assess/policy/propagator/response.rb
933
934
  - lib/contrast/agent/assess/policy/propagator/reverse.rb
934
935
  - lib/contrast/agent/assess/policy/propagator/select.rb
935
936
  - lib/contrast/agent/assess/policy/propagator/splat.rb