contrast-agent 7.3.0 → 7.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ext/cs__scope/cs__scope.c +76 -7
- data/ext/cs__scope/cs__scope.h +4 -0
- data/lib/contrast/agent/assess/policy/policy_node.rb +25 -6
- data/lib/contrast/agent/assess/policy/propagator/response.rb +64 -0
- data/lib/contrast/agent/assess/policy/propagator.rb +1 -0
- data/lib/contrast/agent/assess/policy/source_method.rb +5 -0
- data/lib/contrast/agent/assess/rule/response/body_rule.rb +22 -7
- data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +4 -1
- data/lib/contrast/agent/inventory/policy/datastores.rb +0 -3
- data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +4 -10
- data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +11 -12
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +4 -29
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb +1 -2
- data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +2 -2
- data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +2 -2
- data/lib/contrast/agent/reporting/reporting_utilities/ng_response_extractor.rb +15 -2
- data/lib/contrast/agent/reporting/reporting_utilities/response.rb +0 -2
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +5 -2
- data/lib/contrast/agent/reporting/settings/protect.rb +61 -18
- data/lib/contrast/agent/reporting/settings/server_features.rb +2 -0
- data/lib/contrast/agent/telemetry/exception/obfuscate.rb +4 -3
- data/lib/contrast/agent/telemetry/identifier.rb +13 -26
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/components/assess.rb +33 -6
- data/lib/contrast/components/base.rb +4 -2
- data/lib/contrast/components/config.rb +2 -2
- data/lib/contrast/components/protect.rb +14 -1
- data/lib/contrast/components/settings.rb +11 -1
- data/lib/contrast/config/diagnostics/command_line.rb +2 -2
- data/lib/contrast/config/diagnostics/environment_variables.rb +2 -1
- data/lib/contrast/config/diagnostics/tools.rb +15 -5
- data/lib/contrast/configuration.rb +61 -29
- data/lib/contrast/logger/application.rb +3 -3
- data/lib/contrast/utils/assess/propagation_method_utils.rb +2 -0
- data/lib/contrast/utils/os.rb +1 -9
- data/lib/contrast/utils/reporting/application_activity_batch_utils.rb +0 -3
- data/lib/contrast.rb +1 -1
- data/resources/assess/policy.json +80 -3
- metadata +3 -2
|
@@ -18,6 +18,7 @@ module Contrast
|
|
|
18
18
|
REPLACE_ACTION = 'REPLACE'
|
|
19
19
|
REMOVE_ACTION = 'REMOVE'
|
|
20
20
|
REVERSE_ACTION = 'REVERSE'
|
|
21
|
+
RESPONSE_ACTION = 'RESPONSE'
|
|
21
22
|
SPLAT_ACTION = 'SPLAT'
|
|
22
23
|
SPLIT_ACTION = 'SPLIT'
|
|
23
24
|
DB_WRITE_ACTION = 'DB_WRITE'
|
|
@@ -37,6 +38,7 @@ module Contrast
|
|
|
37
38
|
REPLACE_ACTION => Contrast::Agent::Assess::Policy::Propagator::Replace,
|
|
38
39
|
REMOVE_ACTION => Contrast::Agent::Assess::Policy::Propagator::Remove,
|
|
39
40
|
REVERSE_ACTION => Contrast::Agent::Assess::Policy::Propagator::Reverse,
|
|
41
|
+
RESPONSE_ACTION => Contrast::Agent::Assess::Policy::Propagator::Response,
|
|
40
42
|
SPLAT_ACTION => Contrast::Agent::Assess::Policy::Propagator::Splat,
|
|
41
43
|
SPLIT_ACTION => Contrast::Agent::Assess::Policy::Propagator::Split
|
|
42
44
|
}.cs__freeze
|
data/lib/contrast/utils/os.rb
CHANGED
|
@@ -8,7 +8,7 @@ module Contrast
|
|
|
8
8
|
module Utils
|
|
9
9
|
# Simple utility used to make OS calls and determine state. For that state
|
|
10
10
|
# which will not change at runtime, such as the operating system, the
|
|
11
|
-
# Utility
|
|
11
|
+
# Utility memoizes to avoid multiple lookups.
|
|
12
12
|
module OS
|
|
13
13
|
extend Contrast::Components::Scope::InstanceMethods
|
|
14
14
|
|
|
@@ -25,14 +25,6 @@ module Contrast
|
|
|
25
25
|
@_mac = RUBY_PLATFORM.include?('darwin') if @_mac.nil?
|
|
26
26
|
@_mac
|
|
27
27
|
end
|
|
28
|
-
|
|
29
|
-
def unix?
|
|
30
|
-
!windows?
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
def linux?
|
|
34
|
-
(unix? and !mac?)
|
|
35
|
-
end
|
|
36
28
|
end
|
|
37
29
|
end
|
|
38
30
|
end
|
|
@@ -23,9 +23,6 @@ module Contrast
|
|
|
23
23
|
return unless activity
|
|
24
24
|
return if activity.defend.attackers.empty?
|
|
25
25
|
|
|
26
|
-
activity_batch.query_count += activity.query_count
|
|
27
|
-
activity_batch.routes << activity.routes
|
|
28
|
-
activity_batch.routes.flatten!
|
|
29
26
|
merge_attackers(activity)
|
|
30
27
|
activity_batch.attach_inventory(activity.inventory) unless activity.inventory.empty?
|
|
31
28
|
end
|
data/lib/contrast.rb
CHANGED
|
@@ -75,7 +75,7 @@ module Contrast # :nodoc:
|
|
|
75
75
|
API = CONFIG.api
|
|
76
76
|
SETTINGS = Contrast::Components::Settings::Interface.new
|
|
77
77
|
ASSESS = CONFIG.assess
|
|
78
|
-
PROTECT =
|
|
78
|
+
PROTECT = CONFIG.protect
|
|
79
79
|
INVENTORY = CONFIG.inventory
|
|
80
80
|
AGENT = CONFIG.agent
|
|
81
81
|
RUBY_INTERFACE = AGENT.ruby
|
|
@@ -8,7 +8,35 @@
|
|
|
8
8
|
"target":"R",
|
|
9
9
|
"type":"PARAMETER",
|
|
10
10
|
"tags":["CROSS_SITE"]
|
|
11
|
-
},
|
|
11
|
+
},
|
|
12
|
+
{
|
|
13
|
+
"class_name":"Net::HTTPResponse",
|
|
14
|
+
"instance_method": true,
|
|
15
|
+
"method_visibility": "public",
|
|
16
|
+
"method_name":"body",
|
|
17
|
+
"target":"R",
|
|
18
|
+
"type":"BODY",
|
|
19
|
+
"tags":["CROSS_SITE"]
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
"class_name":"Rack::Response",
|
|
23
|
+
"instance_method": true,
|
|
24
|
+
"method_visibility": "public",
|
|
25
|
+
"method_name":"body",
|
|
26
|
+
"target":"R",
|
|
27
|
+
"type":"BODY",
|
|
28
|
+
"tags":["CROSS_SITE"]
|
|
29
|
+
},
|
|
30
|
+
{
|
|
31
|
+
"class_name":"Sinatra::Response",
|
|
32
|
+
"instance_method": true,
|
|
33
|
+
"method_visibility": "public",
|
|
34
|
+
"method_name":"body",
|
|
35
|
+
"target":"R",
|
|
36
|
+
"type":"BODY",
|
|
37
|
+
"tags":["CROSS_SITE"]
|
|
38
|
+
},
|
|
39
|
+
{
|
|
12
40
|
"class_name":"Rack::Request::Helpers",
|
|
13
41
|
"instance_method": true,
|
|
14
42
|
"method_visibility": "public",
|
|
@@ -990,7 +1018,35 @@
|
|
|
990
1018
|
"source": "P0",
|
|
991
1019
|
"target": "R",
|
|
992
1020
|
"action": "SPLAT"
|
|
993
|
-
},
|
|
1021
|
+
},
|
|
1022
|
+
{
|
|
1023
|
+
"class_name": "ActiveSupport::JSON",
|
|
1024
|
+
"method_name": "encode",
|
|
1025
|
+
"instance_method": false,
|
|
1026
|
+
"method_visibility": "public",
|
|
1027
|
+
"source": "P0",
|
|
1028
|
+
"target": "R",
|
|
1029
|
+
"action": "SPLAT"
|
|
1030
|
+
},
|
|
1031
|
+
{
|
|
1032
|
+
"class_name": "JSON",
|
|
1033
|
+
"method_name": "generate",
|
|
1034
|
+
"instance_method": false,
|
|
1035
|
+
"method_visibility": "public",
|
|
1036
|
+
"source": "P0",
|
|
1037
|
+
"target": "R",
|
|
1038
|
+
"action": "SPLAT"
|
|
1039
|
+
},
|
|
1040
|
+
{
|
|
1041
|
+
"class_name": "JSON",
|
|
1042
|
+
"method_name": "pretty_generate",
|
|
1043
|
+
"instance_method": false,
|
|
1044
|
+
"method_visibility": "public",
|
|
1045
|
+
"source": "P0",
|
|
1046
|
+
"target": "R",
|
|
1047
|
+
"action": "SPLAT"
|
|
1048
|
+
},
|
|
1049
|
+
{
|
|
994
1050
|
"class_name": "Zlib::Deflate",
|
|
995
1051
|
"method_name": "deflate",
|
|
996
1052
|
"instance_method": false,
|
|
@@ -1082,7 +1138,28 @@
|
|
|
1082
1138
|
"source": "P0",
|
|
1083
1139
|
"target": "R",
|
|
1084
1140
|
"action": "SPLAT"
|
|
1085
|
-
},
|
|
1141
|
+
},
|
|
1142
|
+
{
|
|
1143
|
+
"class_name":"Net::HTTPRequest",
|
|
1144
|
+
"instance_method": true,
|
|
1145
|
+
"method_visibility": "public",
|
|
1146
|
+
"method_name":"body=",
|
|
1147
|
+
"source":"P0",
|
|
1148
|
+
"target":"O",
|
|
1149
|
+
"action":"KEEP"
|
|
1150
|
+
},
|
|
1151
|
+
{
|
|
1152
|
+
"class_name":"Net::HTTP",
|
|
1153
|
+
"instance_method": true,
|
|
1154
|
+
"method_visibility": "public",
|
|
1155
|
+
"method_name":"request",
|
|
1156
|
+
"action": "CUSTOM",
|
|
1157
|
+
"patch_class": "Contrast::Agent::Assess::Policy::Propagator::Response",
|
|
1158
|
+
"patch_method": "net_response_keep",
|
|
1159
|
+
"source": "O,P1",
|
|
1160
|
+
"target": "R"
|
|
1161
|
+
},
|
|
1162
|
+
{
|
|
1086
1163
|
"class_name": "URI::Generic",
|
|
1087
1164
|
"method_name": "initialize",
|
|
1088
1165
|
"instance_method": true,
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: contrast-agent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.3.
|
|
4
|
+
version: 7.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- galen.palmer@contrastsecurity.com
|
|
@@ -13,7 +13,7 @@ authors:
|
|
|
13
13
|
autorequire:
|
|
14
14
|
bindir: exe
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date: 2023-
|
|
16
|
+
date: 2023-08-09 00:00:00.000000000 Z
|
|
17
17
|
dependencies:
|
|
18
18
|
- !ruby/object:Gem::Dependency
|
|
19
19
|
name: bundler
|
|
@@ -930,6 +930,7 @@ files:
|
|
|
930
930
|
- lib/contrast/agent/assess/policy/propagator/rack_protection.rb
|
|
931
931
|
- lib/contrast/agent/assess/policy/propagator/remove.rb
|
|
932
932
|
- lib/contrast/agent/assess/policy/propagator/replace.rb
|
|
933
|
+
- lib/contrast/agent/assess/policy/propagator/response.rb
|
|
933
934
|
- lib/contrast/agent/assess/policy/propagator/reverse.rb
|
|
934
935
|
- lib/contrast/agent/assess/policy/propagator/select.rb
|
|
935
936
|
- lib/contrast/agent/assess/policy/propagator/splat.rb
|