contrast-agent 7.3.1 → 7.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4223bb2218df4bdf98b2600c77c4fa148e71b830575e938a968d41e89138fb81
-  data.tar.gz: cc559a6b364c5019d9c50d8ee6b8237486ac1596ec8ade76d8e6ae4e51e1b906
+  metadata.gz: 1266effb11fb78123e8461ce7295f9b4a67a88b7dda632bc57da5d70cb39f87d
+  data.tar.gz: e553aa33bd73ab712585b774578c10ff6f19ae925fdea8adb89c3b6ac253e399
 SHA512:
-  metadata.gz: 6b88f94ad140a8dd0e8099e2d4f3a396f2221de6ba9a3cbdfaa7e9327644703b7dc275c369ffe4efa29109619bf9eb182f2a0f7b85103c67e2a83246c49c137a
-  data.tar.gz: eaf65ba9546f37ace248a29657e690966deaf02aa26426b169f1f3e9639aa3f7b355ea858afd4ef0a5787bd9e2549d7927b3db89894eb6ef4bcd26daf01382e9
+  metadata.gz: 7abce257d4092010babc21cff242307343ea2fc83bdbd040b8cd95e64be9b2e640963a06ae017053989be17e98442bbc528987c2da5b8f7bc8688b776022c783
+  data.tar.gz: f85de50b08e0eaa5f5d8c6a571fe4d04a03cbbcaab1f9c7f2431dac6b4373b00e04f63be94b5f02d56e222248c5fe256b61fb43ba123d041e1ce585b80e63a5f

data/ext/cs__scope/cs__scope.c

@@ -5,6 +5,7 @@
 #include "../cs__common/cs__common.h"
 #include <ruby.h>
 #include <stdlib.h>
+#include <pthread.h>
 
 /*-----------------------------------------
  |  Calls to Contrast modules and classes
@@ -23,6 +24,9 @@ static char truthy_arr[3][5] = {"true", "True", "TRUE"};
  |  Helpers
  -----------*/
 
+/* Declare new c mutex for scope locking: */
+pthread_mutex_t c_mutex;
+
 /**
  * @brief get scope for ec or create new
  *
@@ -153,22 +157,40 @@ VALUE contrast_scope_application_update() {
      * [ Do not touch, do not free. We don't control it! ]
      */
     char *eVar = getenv(c_const_ctr_agent_app_scope);
-    VALUE app_scope = eVar;
+    /* check to see if the ENV variable is set */
+    return INT2FIX(env_var_set(eVar));
+}
 
+/** 
+ * @brief Determines if the Contrast Scope should be set with the Trap Context. 
+ * @return 1 if set, 0 if not set.
+ */
+int contrast_scope_with_trap_context() {
+    char *eVar = getenv(c_const_ctr_agent_scope_trap_context);
+    return env_var_set(eVar);
+}
+
+/**
+ *  @brief Checks to see if the ENV variable is set.
+ *  @param args VALUE [String] ENV variable name.
+ *  @return 1 if set, 0 if not set.
+ */
+int env_var_set(char *eVar) {
+    VALUE env_var = eVar;
     /* check to see if the ENV variable is set */
-    if (RTEST(app_scope)) {
+    if (RTEST(env_var)) {
         /* Application Scope is set*/
         int i;
         for (i = 0; i < sizeof(truthy_arr) / sizeof(truthy_arr[0]); i++) {
             if (strcmp(eVar, truthy_arr[i]) == 0) {
-                return INT2FIX(1);
+                return 1;
             }
         }
         /* this covers all of the false values */
-        return INT2FIX(0);
+        return 0;
     } else {
         /* Application Scope is not set ( NULL )*/
-        return INT2FIX(0);
+        return 0;
     }
 }
 
@@ -505,8 +527,48 @@ VALUE contrast_scope_interface_init(VALUE self, VALUE args) {
 VALUE contrast_scope_for_current_ec(VALUE self, VALUE args) {
     /* synchronize */
     VALUE mutex = rb_const_get(scope_mod, rb_intern(rb_const_mon));
-
-    return rb_mutex_synchronize(mutex, get_ec, 0);
+    if (contrast_scope_with_trap_context()) {
+        /**
+         * trap context safety:
+         *
+         * If  mutex  synchonize is called inside a  trap  context,
+         * it will raise a thread error. To avoid that,  there  are
+         * different  approaches as to  trap all signal  in a loop,
+         * but that is  not a good idea, since the scope is checked
+         * once, and only one signal could be trapped.  Another way
+         * is  to make new thread around the mutex  synchronization
+         * call,  but this will create a new execution context  and
+         * the returned scope will be different.
+         *
+         * Most of the  thread error occur randomly whenever GC  is
+         * started. We  cannot detect, When the  GC  is started, it
+         * will stop all current Ruby code execution while running.
+         *
+         * Instead we call the `get_ec()` directly since  Ruby have
+         * GVL (Global VM Lock) when calling it's C  API  therefore
+         * This should be safe called from Ruby land. Just in  case
+         * this is a feature flag, so that only be used when thread
+         * safety could be traded for signal safety.
+         *
+         * This is still experimental as relies ong the GLV and the
+         * Ruby VM is not thread safe by default. Various  problems
+         * might occur, when the mutex is in  Ruby  and called from
+         * different thread, at once, but since the mutex stays  in
+         * the C API context, this might work fine. Still use  only
+         * when unusual conditions are met.
+         * 
+         * In addition we could use C mutex lock just in case. Ruby
+         * Threads under the hood are C threads (pthread),  so they
+         * should be treated as such. In theory only one thread can
+         * access this code at a time.
+         */
+        pthread_mutex_lock(&c_mutex);
+        VALUE res = get_ec();
+        pthread_mutex_unlock(&c_mutex);
+        return res;
+    } else {
+        return rb_mutex_synchronize(mutex, get_ec, 0);
+    }
 }
 
 /*--------------------------------------------------------
@@ -819,6 +881,9 @@ VALUE scope_mod_sweep_dead_ecs(VALUE self, VALUE args) {
 }
 
 void Init_cs__scope() {
+    /* Init new mutex handle */
+    pthread_mutex_init(&c_mutex, NULL);
+
     /* ivs */
     rb_iv_cntr_scope = "@contrast_scope";
     rb_iv_dslr_scope = "@deserialization_scope";
@@ -829,6 +894,7 @@ void Init_cs__scope() {
     rb_const_ec = "EXECUTION_CONTEXT";
     rb_const_ec_keys = "EC_KEYS";
     c_const_ctr_agent_app_scope = "CONTRAST__AGENT__RUBY__APPLICATION_SCOPE";
+    c_const_ctr_agent_scope_trap_context = "CONTRAST__AGENT__SCOPE__WITH_TRAP_CONTEXT";
 
     /* Symbols */
     rb_sym_scope_mod = rb_intern("Scope");
@@ -977,4 +1043,7 @@ void Init_cs__scope() {
                      inst_methods_enter_method_scope, 1);
     rb_define_method(scope_inst_methods, "contrast_exit_method_scopes!",
                      inst_methods_exit_method_scope, 1);
+
+    /* free the c_mutex */
+    pthread_mutex_destroy(&c_mutex);
 }

data/ext/cs__scope/cs__scope.h

@@ -1,4 +1,5 @@
 #include <ruby.h>
+#include <ruby/thread.h>
 
 /* Calls to Contrast modules and classes */
 VALUE scope_interface;
@@ -14,6 +15,7 @@ static VALUE rb_const_ec;
 static VALUE rb_const_mon;
 static VALUE rb_const_ec_keys;
 static VALUE c_const_ctr_agent_app_scope;
+static VALUE c_const_ctr_agent_scope_trap_context;
 
 /* Symbols */
 static VALUE rb_sym_scope_mod;
@@ -58,6 +60,7 @@ VALUE scope_klass_exit_scope(VALUE self, VALUE method_scope_sym);
 VALUE contrast_scope_interface_init(VALUE self, VALUE args);
 VALUE contrast_scope_for_current_ec(VALUE self, VALUE args);
 VALUE contrast_scope_application_update();
+int contrast_scope_with_trap_context();
 
 /* Scope instance methods */
 VALUE inst_methods_in_cntr_scope(VALUE self, VALUE args);
@@ -83,6 +86,7 @@ VALUE inst_methods_exit_method_scope(VALUE self, VALUE scopes_to_exit);
 VALUE is_in_scope(int scope);
 VALUE get_ec();
 VALUE rb_new_c_scope();
+int env_var_set(char *eVar);
 int scope_increase(int scope);
 int scope_decrease(int scope);
 void rb_raise_scope_no_method_err(const VALUE method_scope_sym);

data/lib/contrast/agent/inventory/policy/datastores.rb

@@ -38,9 +38,6 @@ module Contrast
               context = Contrast::Agent::REQUEST_TRACKER.current
               return unless context&.activity
 
-              context.activity.query_count += 1
-              return unless context.activity.query_count == 1
-
               Contrast::Agent::Inventory::DatabaseConfig.append_db_config(context.activity)
             end
           end

data/lib/contrast/agent/protect/rule/base.rb

@@ -45,7 +45,6 @@ module Contrast
           #
           # @return mode [Symbol]
           def initialize
-            ::Contrast::PROTECT.defend_rules[rule_name] = self
             @mode = mode_from_settings
           end
 
@@ -63,6 +62,11 @@ module Contrast
             RULE_NAME
           end
 
+          # Update state form Settings or Configuration.
+          def update
+            @mode = mode_from_settings
+          end
+
           # Should return the short name.
           #
           # @return [String]

data/lib/contrast/agent/protect/rule/cmdi/cmd_injection.rb

@@ -31,15 +31,27 @@ module Contrast
             NAME
           end
 
+          # Sub-rules forwarders:
+
+          # @return [Contrast::Agent::Protect::Rule::CmdiBackdoors]
+          def command_backdoors
+            @_command_backdoors ||= Contrast::Agent::Protect::Rule::CmdiBackdoors.new
+          end
+
+          # @return [Contrast::Agent::Protect::Rule::CmdiChainedCommand]
+          def semantic_chained_commands
+            @_semantic_chained_commands ||= Contrast::Agent::Protect::Rule::CmdiChainedCommand.new
+          end
+
+          def semantic_dangerous_paths
+            @_semantic_dangerous_paths ||= Contrast::Agent::Protect::Rule::CmdiDangerousPath.new
+          end
+
           # Array of sub_rules:
           #
           # @return [Array]
           def sub_rules
-            @_sub_rules ||= [
-              Contrast::Agent::Protect::Rule::CmdiBackdoors.new,
-              Contrast::Agent::Protect::Rule::CmdiChainedCommand.new,
-              Contrast::Agent::Protect::Rule::CmdiDangerousPath.new
-            ].cs__freeze
+            @_sub_rules ||= [command_backdoors, semantic_chained_commands, semantic_dangerous_paths].cs__freeze
           end
 
           def applicable_user_inputs

data/lib/contrast/agent/protect/rule/input_classification/base.rb

@@ -24,7 +24,7 @@ module Contrast
               COOKIE_VALUE, PARAMETER_VALUE, HEADER, JSON_VALUE, MULTIPART_VALUE, XML_VALUE, DWR_VALUE
             ].cs__freeze
 
-            BASE64_INPUT_TYPES = [BODY, COOKIE_VALUE, HEADER, PARAMETER_VALUE, MULTIPART_VALUE, XML_VALUE].cs__freeze
+            BASE64_INPUT_TYPES = [BODY, COOKIE_VALUE, PARAMETER_VALUE, MULTIPART_VALUE, XML_VALUE].cs__freeze
 
             class << self
               include Contrast::Components::Logger::InstanceMethods
@@ -172,7 +172,9 @@ module Contrast
             end
 
             # Decodes the value for the given input type.
-            # Applies to BODY, COOKIE_VALUE, HEADER, PARAMETER_VALUE, MULTIPART_VALUE, XML_VALUE
+            #
+            # This applies to Values sources only:
+            # BODY, COOKIE_VALUE, HEADER, PARAMETER_VALUE, MULTIPART_VALUE, XML_VALUE
             #
             # @param value [String]
             # @param input_type [Symbol]
@@ -181,6 +183,9 @@ module Contrast
               return value unless Contrast::PROTECT.normalize_base64?
               return value unless BASE64_INPUT_TYPES.include?(input_type)
 
+              # TODO: RUBY-2110 Update the HEADER handling if possible.
+              # We need only the Header values.
+
               cs__decode64(value, input_type)
             end
           end

data/lib/contrast/agent/protect/rule/input_classification/encoding.rb

@@ -16,7 +16,7 @@ module Contrast
 
             # Still a list is needed for this one, as it is not possible to determine if the value is encoded or not.
             # As long as the list is short the method has a good percentage of success.
-            KNOWN_DECODING_EXCEPTIONS = %w[cmd].cs__freeze
+            KNOWN_DECODING_EXCEPTIONS = %w[cmd version if_modified_since].cs__freeze
 
             # This methods is not performant, but is more safe for false positive.
             # Base64 check is no trivial task. For example if one passes a value like 'stringdw' it will return true,

data/lib/contrast/agent/protect/rule/path_traversal/path_traversal.rb

@@ -30,11 +30,18 @@ module Contrast
             NAME
           end
 
+          # Sub-rules forwarders:
+
+          # @return [Contrast::Agent::Protect::Rule::PathTraversalSemanticBypass]
+          def semantic_file_security_bypass
+            @_semantic_file_security_bypass ||= Contrast::Agent::Protect::Rule::PathTraversalSemanticBypass.new
+          end
+
           # Array of sub_rules
           #
           # @return [Array]
           def sub_rules
-            @_sub_rules ||= [Contrast::Agent::Protect::Rule::PathTraversalSemanticBypass.new].cs__freeze
+            @_sub_rules ||= [semantic_file_security_bypass].cs__freeze
           end
 
           def applicable_user_inputs

data/lib/contrast/agent/protect/rule/sqli/sqli.rb

@@ -35,11 +35,18 @@ module Contrast
             BLOCK_MESSAGE
           end
 
+          # Sub-rules forwarders:
+
+          # @return [Contrast::Agent::Protect::Rule::SqliDangerousFunctions]
+          def semantic_dangerous_functions
+            @_semantic_dangerous_functions ||= Contrast::Agent::Protect::Rule::SqliDangerousFunctions.new
+          end
+
           # Array of sub_rules
           #
           # @return [Array]
           def sub_rules
-            @_sub_rules ||= [Contrast::Agent::Protect::Rule::SqliDangerousFunctions.new].cs__freeze
+            @_sub_rules ||= [semantic_dangerous_functions].cs__freeze
           end
 
           def applicable_user_inputs

data/lib/contrast/agent/protect/state.rb

@@ -0,0 +1,110 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/object_share'
+require 'contrast/components/logger'
+
+module Contrast
+  module Agent
+    module Protect
+      # Master class for each protect rule. This class will hold all the rules references.
+      # Any access to the rules should be done through this class. and new rules should be
+      # added here. Each main rule should require and include and initialize it's sub-rules.
+      class State
+        include Contrast::Components::Logger::InstanceMethods
+
+        # @return [boolean] State dictated by local or server settings
+        attr_accessor :enabled
+        # @return [Contrast::Agent::Protect::Rule::BotBlocker] the bot blocker rule
+        attr_reader :bot_blocker
+        # @return [Contrast::Agent::Protect::Rule::CmdInjection] the command injection rule
+        attr_reader :cmd_injection
+        # @return [Contrast::Agent::Protect::Rule::CmdiBackdoors]
+        attr_reader :cmd_injection_command_backdoors
+        # @return [Contrast::Agent::Protect::Rule::CmdiChainedCommand]
+        attr_reader :cmd_injection_semantic_chained_commands
+        # @return [Contrast::Agent::Protect::Rule::CmdiDangerousPath]
+        attr_reader :cmd_injection_semantic_dangerous_paths
+        # @return [Contrast::Agent::Protect::Rule::Deserialization]
+        attr_reader :untrusted_deserialization
+        # @return [Contrast::Agent::Protect::Rule::NoSqli]
+        attr_reader :nosql_injection
+        # @return [Contrast::Agent::Protect::Rule::PathTraversal]
+        attr_reader :path_traversal
+        # @return [Contrast::Agent::Protect::Rule::PathTraversalSemanticBypass]
+        attr_reader :path_traversal_semantic_file_security_bypass
+        # @return [Contrast::Agent::Protect::Rule::Sqli]
+        attr_reader :sql_injection
+        # @return [Contrast::Agent::Protect::Rule::SqliDangerousFunctions]
+        attr_reader :sql_injection_semantic_dangerous_functions
+        # @return [Contrast::Agent::Protect::Rule::UnsafeFileUpload] the unsafe file upload rule
+        attr_reader :unsafe_file_upload
+        # @return [Contrast::Agent::Protect::Rule::Xss] the reflected xss rule
+        attr_reader :reflected_xss
+        # @return [Contrast::Agent::Protect::Rule::Xxe] the xxe rule
+        attr_reader :xxe
+
+        # Initialize all the protect rules. This should be the one place to access each live
+        # rule reference.
+        def initialize
+          @bot_blocker = Contrast::Agent::Protect::Rule::BotBlocker.new
+          @cmd_injection = Contrast::Agent::Protect::Rule::CmdInjection.new
+          @cmd_injection_command_backdoors = @cmd_injection.command_backdoors
+          @cmd_injection_semantic_chained_commands = @cmd_injection.semantic_chained_commands
+          @cmd_injection_semantic_dangerous_paths = @cmd_injection.semantic_dangerous_paths
+          @untrusted_deserialization = Contrast::Agent::Protect::Rule::Deserialization.new
+          @nosql_injection = Contrast::Agent::Protect::Rule::NoSqli.new
+          @path_traversal = Contrast::Agent::Protect::Rule::PathTraversal.new
+          @path_traversal_semantic_file_security_bypass = @path_traversal.semantic_file_security_bypass
+          @sql_injection = Contrast::Agent::Protect::Rule::Sqli.new
+          @sql_injection_semantic_dangerous_functions = @sql_injection.semantic_dangerous_functions
+          @unsafe_file_upload = Contrast::Agent::Protect::Rule::UnsafeFileUpload.new
+          @reflected_xss = Contrast::Agent::Protect::Rule::Xss.new
+          @xxe = Contrast::Agent::Protect::Rule::Xxe.new
+        end
+
+        # Return the Rules in Hash form {rule_id => rule_class }.
+        # This is used to traverse for each rule and update it's settings.
+        # Also is the way a rule is retrieved given the ID is known.
+        #
+        # @return [Hash<String, Contrast::Agent::Protect::Rule::Base>]
+        def rules
+          @_rules ||= {
+              @bot_blocker.rule_name => @bot_blocker,
+              @cmd_injection.rule_name => @cmd_injection,
+              @cmd_injection_command_backdoors.rule_name => @cmd_injection_command_backdoors,
+              @cmd_injection_semantic_chained_commands.rule_name => @cmd_injection_semantic_chained_commands,
+              @cmd_injection_semantic_dangerous_paths.rule_name => @cmd_injection_semantic_dangerous_paths,
+              @untrusted_deserialization.rule_name => @untrusted_deserialization,
+              @nosql_injection.rule_name => @nosql_injection,
+              @path_traversal.rule_name => @path_traversal,
+              @path_traversal_semantic_file_security_bypass.rule_name => @path_traversal_semantic_file_security_bypass,
+              @sql_injection.rule_name => @sql_injection,
+              @sql_injection_semantic_dangerous_functions.rule_name => @sql_injection_semantic_dangerous_functions,
+              @unsafe_file_upload.rule_name => @unsafe_file_upload,
+              @reflected_xss.rule_name => @reflected_xss,
+              @xxe.rule_name => @xxe
+          }
+        end
+
+        # Update all settings from configuration.
+        def update
+          rules.values.each(&:update)
+          logger.info('Current rule settings:')
+          rules.each { |k, v| logger.info('Protect Rule mode set', rule: k, mode: v.mode) }
+        end
+
+        # Check the local configurations first then the server settings.
+        def enabled?
+          Contrast::PROTECT.enable || Contrast::SETTINGS.protect_state.enabled
+        end
+
+        # @param [String] rule_id
+        # @return [Contrast::Agent::Protect::Rule::Base]
+        def [] rule_id
+          rules[rule_id]
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_activity.rb

@@ -16,16 +16,11 @@ module Contrast
         include Contrast::Agent::Reporting::ResponseType
         include Contrast::Components::Logger::InstanceMethods
 
-        # @return [Integer]
-        attr_accessor :query_count
-        # @return [Array]
-        attr_accessor :routes
         # @return [Contrast::Agent::Response]
         attr_accessor :response
 
+        # @param ia_request [Contrast::Agent::Request]
         def initialize ia_request: nil
-          @routes = []
-          @query_count = 0
           @event_method = :PUT
           @event_type = :application_activity
           @event_endpoint = Contrast::Agent::Reporting::Endpoints.application_activity
@@ -66,7 +61,7 @@ module Contrast
         # searching with rule_id and response_type
         #
         # @param rule_id [String] name of the protect rule
-        # @param response_type[Symbol<Contrast::Agent::Reporting::ResponseType]
+        # @param response_type[Symbol<Contrast::Agent::Reporting::ResponseType>]
         #  filter by response type
         # @return [Array<Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity>, nil]
         # return any matches.
@@ -99,9 +94,8 @@ module Contrast
           defend.attackers.map { |a| a.protection_rules.values }
         end
 
-        # This is primary used for attaching new data and merging existing
-        # samples per rule entry in attackers, and to make sure the attack
-        # time_map is updated correctly.
+        # This is primary used for attaching new data and merging existing samples and counts per rule entry in
+        # attackers.
         #
         # @param attack_result [Contrast::Agent::Reporting::AttackResult]
         def attach_defend attack_result

data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb

@@ -55,6 +55,7 @@ module Contrast
 
         # Find an existing attacker if it matches on source details
         # @param new_attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
+        # @return [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity, nil]
         def find_existing_attacker_activity new_attacker_activity
           attackers.find do |existing|
             existing.source_forwarded_for == new_attacker_activity.source_forwarded_for &&
@@ -67,30 +68,28 @@ module Contrast
         # @param rule [String]
         def attach_existing existing_attacker_activity, attacker_activity, rule
           new_violation = attacker_activity.protection_rules[rule]
+          return unless new_violation
+
           sample_activity = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity
           if (previously_violated = existing_attacker_activity.protection_rules[rule])
-            if (new_blocked = new_violation.blocked)
+            if (new_blocked_samples = new_violation.blocked&.samples)&.any?
               previously_violated.blocked ||= sample_activity.new
-              previously_violated.blocked.samples.concat(new_blocked.samples) if new_blocked.samples
-              previously_violated.blocked.merge_time_maps(new_blocked.time_map)
+              previously_violated.blocked.samples.concat(new_blocked_samples)
             end
 
-            if (new_exploited = new_violation.exploited)
+            if (new_exploited_samples = new_violation.exploited&.samples)&.any?
               previously_violated.exploited ||= sample_activity.new
-              previously_violated.exploited.samples.concat(new_exploited.samples) if new_exploited.samples
-              previously_violated.exploited.merge_time_maps(new_exploited.time_map)
+              previously_violated.exploited.samples.concat(new_exploited_samples)
             end
 
-            if (new_ineffective = new_violation.ineffective)
+            if (new_ineffective_samples = new_violation.ineffective&.samples)&.any?
               previously_violated.ineffective ||= sample_activity.new
-              previously_violated.ineffective.samples.concat(new_ineffective.samples) if new_ineffective.samples
-              previously_violated.ineffective.merge_time_maps(new_ineffective.time_map)
+              previously_violated.ineffective.samples.concat(new_ineffective_samples)
             end
 
-            if (new_suspicious = new_violation.suspicious)
+            if (new_suspicious_samples = new_violation.suspicious&.samples)&.any?
               previously_violated.suspicious ||= sample_activity.new
-              previously_violated.suspicious.samples.concat(new_suspicious.samples) if new_suspicious.samples
-              previously_violated.suspicious.merge_time_maps(new_suspicious.time_map)
+              previously_violated.suspicious.samples.concat(new_suspicious_samples)
             end
           else
             existing_attacker_activity.protection_rules[rule] = new_violation

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb

@@ -13,21 +13,17 @@ module Contrast
       class ApplicationDefendAttackSampleActivity < Contrast::Agent::Reporting::ReportableHash
         # @return [Array<Contrast::Agent::Reporting::ApplicationDefendAttackSample>]
         attr_reader :samples
-        # @return [Hash<Integer,Integer>] map of time from start in seconds to number of attacks in that second
-        attr_reader :time_map
 
         def initialize
           @samples = []
-          @start_time = Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0 # in ms
+          @start_time = Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || Contrast::Utils::Timer.now_ms
           @event_type = :application_defend_attack_sample_activity
-          @time_map = Hash.new { |h, k| h[k] = 0 }
           super()
         end
 
         def to_controlled_hash
           validate
           {
-              attackTimeMap: time_map,
               samples: samples.map(&:to_controlled_hash),
               startTime: @start_time, # Start time in ms.
               total: 1 # there will only ever be 1 attack sample, until batching is done
@@ -36,37 +32,18 @@ module Contrast
 
         def validate
           raise(ArgumentError, 'Start Time is not presented') unless @start_time
+
+          nil
         end
 
         # @param attack_result [Contrast::Agent::Reporting::AttackResult]
         def attach_data attack_result
           attack_result.samples.each do |attack_sample|
-            base_time = Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0
-            sample_time = attack_sample.time_stamp.to_i
             samples << Contrast::Agent::Reporting::ApplicationDefendAttackSample.convert(attack_result, attack_sample)
-            @start_time = if sample_time.zero?
-                            @start_time
-                          else
-                            sample_time
-                          end
-            attack_second = (@start_time - base_time) / 1000 # in seconds
-            time_map[attack_second] += 1
-          end
-        end
-
-        # This method will merge time_maps of attack samples with same
-        # type.
-        #
-        # @param map [Hash<Integer,Integer>] TimeMap to append to previously_violated rule
-        # samples.
-        # @return time_map [Hash<Integer,Integer>] merged time map with updated occurrences.
-        def merge_time_maps map
-          # If the second is the same (key) if we just merge there won't be a new entry,
-          # so just increase the attack count.
-          map.each_key do |key|
-            @time_map[key] = @time_map.fetch(key, 0) + map[key]
+            # If somehow this sample was found before this container was created, change the time to reflect that
+            sample_time = attack_sample.time_stamp.to_i
+            @start_time = sample_time if sample_time < @start_time
           end
-          @time_map
         end
       end
     end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb

@@ -28,8 +28,7 @@ module Contrast
         # saved request.
         def initialize ia_request: nil
           @protection_rules = {}
-          req = ia_request || Contrast::Agent::REQUEST_TRACKER.current&.request
-          if req
+          if (req = ia_request || Contrast::Agent::REQUEST_TRACKER.current&.request)
             @source_ip = req.ip || Contrast::Utils::ObjectShare::EMPTY_STRING
             @source_forwarded_for = req.headers['X-Forwarded-For']
           end

data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb

@@ -15,7 +15,7 @@ module Contrast
       class ApplicationInventoryActivity < Contrast::Agent::Reporting::ApplicationReportingEvent
         # return [Array<Contrast::Agent::Reporting::ArchitectureComponent>]
         attr_reader :components
-        # @ return [Array<String>, nil] - User-Agent Header value
+        # @ return [Array<String>] - User-Agent Header value
         attr_reader :browsers
 
         def initialize
@@ -34,7 +34,7 @@ module Contrast
         end
 
         # @param architectures [Array<Contrast::Agent::Reporting::ArchitectureComponent>,
-        # Contrast::Agent::Reporting::ArchitectureComponent]
+        #   Contrast::Agent::Reporting::ArchitectureComponent]
         def attach_data architectures
           Array(architectures).each do |architecture|
             @components << architecture

data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb

@@ -59,6 +59,8 @@ module Contrast
             raise(ArgumentError, "#{ self } did not have a proper type - '#{ type }'. Unable to continue.")
           end
           raise(ArgumentError, "#{ self } did not have a proper URL. Unable to continue.") unless url
+
+          nil
         end
       end
     end

data/lib/contrast/agent/reporting/reporting_events/finding.rb

@@ -125,6 +125,7 @@ module Contrast
         # @raise [ArgumentError]
         def validate
           raise(ArgumentError, "#{ self } did not have a proper rule. Unable to continue.") unless @rule_id
+
           unless ::Contrast::ASSESS.session_id
             raise(ArgumentError, "#{ self } did not have a proper session id. Unable to continue.")
           end

data/lib/contrast/agent/reporting/reporting_events/finding_event.rb

@@ -422,6 +422,8 @@ module Contrast
           raise(ArgumentError, "#{ self } did not have a proper thread. Unable to continue.") unless thread
           raise(ArgumentError, "#{ self } did not have a proper time. Unable to continue.") unless time
           raise(ArgumentError, "#{ self } did not have a proper type. Unable to continue.") unless type
+
+          nil
         end
 
         # @raise [ArgumentError]
@@ -435,6 +437,8 @@ module Contrast
           raise(ArgumentError, "#{ self } did not have a proper signature. Unable to continue.") unless signature
           raise(ArgumentError, "#{ self } did not have a proper stack. Unable to continue.") unless stack
           raise(ArgumentError, "#{ self } did not have a proper tags. Unable to continue.") unless reportable_tags
+
+          nil
         end
       end
     end