contrast-agent 7.4.1 → 7.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/cs__common/cs__common.c +5 -5
- data/ext/cs__contrast_patch/cs__contrast_patch.c +2 -1
- data/ext/cs__scope/cs__scope.c +6 -5
- data/lib/contrast/agent/assess/events/event_data.rb +11 -2
- data/lib/contrast/agent/assess/finalizers/freeze.rb +1 -0
- data/lib/contrast/agent/assess/finalizers/hash.rb +7 -0
- data/lib/contrast/agent/assess/policy/patcher.rb +2 -0
- data/lib/contrast/agent/assess/policy/policy.rb +4 -0
- data/lib/contrast/agent/assess/policy/policy_node.rb +29 -7
- data/lib/contrast/agent/assess/policy/preshift.rb +34 -1
- data/lib/contrast/agent/assess/policy/propagation_method.rb +16 -1
- data/lib/contrast/agent/assess/policy/propagation_node.rb +40 -1
- data/lib/contrast/agent/assess/policy/propagator/append.rb +5 -0
- data/lib/contrast/agent/assess/policy/propagator/base.rb +10 -0
- data/lib/contrast/agent/assess/policy/propagator/buffer.rb +6 -0
- data/lib/contrast/agent/assess/policy/propagator/center.rb +14 -0
- data/lib/contrast/agent/assess/policy/propagator/custom.rb +6 -0
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +14 -0
- data/lib/contrast/agent/assess/policy/propagator/insert.rb +6 -0
- data/lib/contrast/agent/assess/policy/propagator/match_data.rb +38 -0
- data/lib/contrast/agent/assess/policy/propagator/next.rb +6 -0
- data/lib/contrast/agent/assess/policy/propagator/prepend.rb +5 -0
- data/lib/contrast/agent/assess/policy/propagator/remove.rb +4 -0
- data/lib/contrast/agent/assess/policy/propagator/replace.rb +5 -0
- data/lib/contrast/agent/assess/policy/propagator/reverse.rb +5 -0
- data/lib/contrast/agent/assess/policy/propagator/select.rb +30 -0
- data/lib/contrast/agent/assess/policy/propagator/splat.rb +10 -0
- data/lib/contrast/agent/assess/policy/source_node.rb +5 -1
- data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +4 -0
- data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +16 -0
- data/lib/contrast/agent/assess/policy/trigger/xpath.rb +19 -0
- data/lib/contrast/agent/assess/policy/trigger_method.rb +8 -1
- data/lib/contrast/agent/assess/policy/trigger_node.rb +11 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +4 -0
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +6 -0
- data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +6 -0
- data/lib/contrast/agent/hooks/at_exit_hook.rb +17 -1
- data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +14 -5
- data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb +0 -26
- data/lib/contrast/agent/protect/rule/cmdi/cmd_injection.rb +5 -0
- data/lib/contrast/agent/protect/rule/input_classification/base.rb +1 -4
- data/lib/contrast/agent/protect/rule/input_classification/encoding.rb +34 -2
- data/lib/contrast/agent/reporting/input_analysis/input_type.rb +4 -34
- data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb +4 -4
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +6 -2
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +3 -3
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +19 -7
- data/lib/contrast/agent/request/request_handler.rb +1 -0
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/configuration.rb +1 -1
- data/lib/contrast/utils/json.rb +1 -1
- data/lib/contrast/utils/middleware_utils.rb +9 -0
- data/lib/contrast/utils/routes_sent.rb +3 -2
- data/lib/contrast.rb +2 -2
- data/resources/assess/policy.json +50 -1
- data/ruby-agent.gemspec +14 -13
- metadata +39 -32
@@ -33,42 +33,12 @@ module Contrast
|
|
33
33
|
# @return
|
34
34
|
def to_a
|
35
35
|
@_to_a ||= [
|
36
|
-
UNDEFINED_TYPE, BODY, COOKIE_NAME, COOKIE_VALUE, HEADER, PARAMETER_NAME,
|
37
|
-
QUERYSTRING, URI, SOCKET, JSON_VALUE, JSON_ARRAYED_VALUE, MULTIPART_CONTENT_TYPE,
|
38
|
-
MULTIPART_FIELD_NAME, MULTIPART_NAME, XML_VALUE, DWR_VALUE, METHOD, REQUEST,
|
36
|
+
UNDEFINED_TYPE, BODY, COOKIE_NAME, COOKIE_VALUE, HEADER, PARAMETER_NAME,
|
37
|
+
PARAMETER_VALUE, QUERYSTRING, URI, SOCKET, JSON_VALUE, JSON_ARRAYED_VALUE, MULTIPART_CONTENT_TYPE,
|
38
|
+
MULTIPART_VALUE, MULTIPART_FIELD_NAME, MULTIPART_NAME, XML_VALUE, DWR_VALUE, METHOD, REQUEST,
|
39
|
+
URL_PARAMETER, UNKNOWN
|
39
40
|
]
|
40
41
|
end
|
41
|
-
|
42
|
-
# This is a hash of the input types and their corresponding values.
|
43
|
-
#
|
44
|
-
# @return [Hash]
|
45
|
-
|
46
|
-
def to_hash
|
47
|
-
{
|
48
|
-
UNDEFINED_TYPE: '1',
|
49
|
-
BODY: '2',
|
50
|
-
COOKIE_NAME: '3',
|
51
|
-
COOKIE_VALUE: '4',
|
52
|
-
HEADER: '5',
|
53
|
-
PARAMETER_NAME: '6',
|
54
|
-
PARAMETER_VALUE: '7',
|
55
|
-
QUERYSTRING: '8',
|
56
|
-
URI: '9',
|
57
|
-
SOCKET: '10',
|
58
|
-
JSON_VALUE: '11',
|
59
|
-
JSON_ARRAYED_VALUE: '12',
|
60
|
-
MULTIPART_CONTENT_TYPE: '13',
|
61
|
-
MULTIPART_VALUE: '14',
|
62
|
-
MULTIPART_FIELD_NAME: '15',
|
63
|
-
MULTIPART_NAME: '16',
|
64
|
-
XML_VALUE: '17',
|
65
|
-
DWR_VALUE: '18',
|
66
|
-
METHOD: '19',
|
67
|
-
REQUEST: '20',
|
68
|
-
URL_PARAMETER: '21',
|
69
|
-
UNKNOWN: '22'
|
70
|
-
}
|
71
|
-
end
|
72
42
|
end
|
73
43
|
end
|
74
44
|
end
|
@@ -43,7 +43,7 @@ module Contrast
|
|
43
43
|
appPath: ::Contrast::APP_CONTEXT.name, # rubocop:disable Security/Module/Name
|
44
44
|
appVersion: ::Contrast::APP_CONTEXT.version,
|
45
45
|
code: CODE,
|
46
|
-
data: '',
|
46
|
+
data: @data || '',
|
47
47
|
key: 0,
|
48
48
|
session_id: ::Contrast::ASSESS.session_id,
|
49
49
|
routes: @routes.map(&:to_controlled_hash)
|
@@ -24,7 +24,7 @@ module Contrast
|
|
24
24
|
#
|
25
25
|
# @param event [Contrast::Agent::Reporting::ReportingEvent] One of the DTMs valid for the
|
26
26
|
# event field of Contrast::Agent::Reporting::ReportingEvent
|
27
|
-
# @param response_data [Net::
|
27
|
+
# @param response_data [Net::HTTPResponse]
|
28
28
|
def audit_event event, response_data = nil
|
29
29
|
return unless ::Contrast::API.request_audit_requests || ::Contrast::API.request_audit_responses
|
30
30
|
|
@@ -17,14 +17,14 @@ module Contrast
|
|
17
17
|
# @param finding [Contrast::Agent::Reporting::Finding]
|
18
18
|
# @return [Contrast::Agent::Reporting::Preflight, nil]
|
19
19
|
def generate finding
|
20
|
-
return unless finding
|
20
|
+
return unless finding&.cs__is_a?(Contrast::Agent::Reporting::Finding)
|
21
21
|
|
22
22
|
new_preflight = Contrast::Agent::Reporting::Preflight.new
|
23
23
|
new_preflight_message = Contrast::Agent::Reporting::PreflightMessage.new
|
24
|
-
finding.routes
|
25
|
-
|
24
|
+
routes = finding.routes
|
25
|
+
unless Contrast::Utils::DuckUtils.empty_duck?(routes)
|
26
|
+
routes.each { |route| new_preflight_message.routes << route }
|
26
27
|
end
|
27
|
-
new_preflight_message.hash_code = finding.hash_code
|
28
28
|
new_preflight_message.data = "#{ finding.rule_id },#{ finding.hash_code }"
|
29
29
|
new_preflight.messages << new_preflight_message
|
30
30
|
return new_preflight unless Contrast::Utils::DuckUtils.empty_duck?(new_preflight.messages)
|
@@ -69,7 +69,7 @@ module Contrast
|
|
69
69
|
# @param event [Contrast::Agent::Reporting::ReportingEvent] The event to send to TeamServer. Really a
|
70
70
|
# child of the ReportingEvent rather than a literal one.
|
71
71
|
# @param connection [Net::HTTP] open connection
|
72
|
-
# @return response [Net::
|
72
|
+
# @return response [Net::HTTPResponse, nil] response from TS if no response
|
73
73
|
def send_event event, connection
|
74
74
|
return unless connection
|
75
75
|
return unless event.valid?
|
@@ -90,7 +90,7 @@ module Contrast
|
|
90
90
|
# Handles response processing and sets status
|
91
91
|
#
|
92
92
|
# @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer.
|
93
|
-
# @param response [Net::
|
93
|
+
# @param response [Net::HTTPResponse]
|
94
94
|
def process_settings_response response, event
|
95
95
|
res = response_handler.process(response, event)
|
96
96
|
if res
|
@@ -118,7 +118,11 @@ module Contrast
|
|
118
118
|
mode.resend.reset_rescue_attempts
|
119
119
|
findings_to_return.each do |index|
|
120
120
|
preflight_message = event.messages[index.to_i]
|
121
|
-
|
121
|
+
preflight_data = preflight_message&.data
|
122
|
+
corresponding_finding = Contrast::Agent::Reporting::ReportingStorage.delete(preflight_data)
|
123
|
+
if Contrast::Agent::REQUEST_TRACKER.current
|
124
|
+
Contrast::Agent::REQUEST_TRACKER.current.reported_findings << preflight_data
|
125
|
+
end
|
122
126
|
next unless corresponding_finding
|
123
127
|
|
124
128
|
send_event(corresponding_finding, connection)
|
@@ -20,9 +20,9 @@ module Contrast
|
|
20
20
|
|
21
21
|
# Process the response from TS
|
22
22
|
#
|
23
|
-
# @param response [Net::
|
23
|
+
# @param response [Net::HTTPResponse, nil]
|
24
24
|
# @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer.
|
25
|
-
# @return response [Net::
|
25
|
+
# @return response [Net::HTTPResponse, nil]
|
26
26
|
def process response, event
|
27
27
|
logger.debug('[Reporter] Received a response')
|
28
28
|
return unless analyze_response?(response)
|
@@ -107,7 +107,7 @@ module Contrast
|
|
107
107
|
# Handles the errors code received from TS and takes appropriate action.
|
108
108
|
# If we are here the response.code is an error that needs handling [4XX]
|
109
109
|
#
|
110
|
-
# @param response [Net::
|
110
|
+
# @param response [Net::HTTPResponse]
|
111
111
|
def handle_error response
|
112
112
|
case response&.code
|
113
113
|
when ERROR_CODES[:message_not_sent]
|
@@ -68,7 +68,7 @@ module Contrast
|
|
68
68
|
|
69
69
|
# check if response code is valid before analyze it
|
70
70
|
#
|
71
|
-
# @param response [Net::
|
71
|
+
# @param response [Net::HTTPResponse, nil]
|
72
72
|
# @return [Boolean]
|
73
73
|
def analyze_response? response
|
74
74
|
# Code descriptions:
|
@@ -118,7 +118,7 @@ module Contrast
|
|
118
118
|
@_last_response_code = response_code
|
119
119
|
return true if ANALYZE_WHEN.include?(response_code)
|
120
120
|
|
121
|
-
handle_error(response) if ERROR_CODES.value?(response_code)
|
121
|
+
handle_error(response) if ERROR_CODES.value?(response_code) && response&.body
|
122
122
|
# There was error, so analyze the Error and nothing more.
|
123
123
|
false
|
124
124
|
end
|
@@ -126,7 +126,7 @@ module Contrast
|
|
126
126
|
# Analyze the headers of the response code. They have information about the
|
127
127
|
# retry timeout and some response bodies contains error messages.
|
128
128
|
#
|
129
|
-
# @param response [
|
129
|
+
# @param response [Net::HTTPResponse]
|
130
130
|
# Integer
|
131
131
|
# @param message [String] Message to log.
|
132
132
|
# @param mode [Symbol, nil]
|
@@ -142,6 +142,8 @@ module Contrast
|
|
142
142
|
error_message: error_message || 'none',
|
143
143
|
auth_error: auth_error || 'none')
|
144
144
|
end
|
145
|
+
return unless rejected_by_ts?(response)
|
146
|
+
|
145
147
|
suspend_reporting(message, ready_after, error_message) if mode == @_mode.resending
|
146
148
|
return unless mode == @_mode.disabled
|
147
149
|
|
@@ -152,7 +154,7 @@ module Contrast
|
|
152
154
|
|
153
155
|
# Extract what we've received.
|
154
156
|
#
|
155
|
-
# @param response [Net::
|
157
|
+
# @param response [Net::HTTPResponse, nil]
|
156
158
|
# @return [Array<String, Integer>] all collected error info.
|
157
159
|
def extract_response_info response
|
158
160
|
# Extract what we got from the response:
|
@@ -164,11 +166,21 @@ module Contrast
|
|
164
166
|
[ready_after.to_i, error_message, auth_error]
|
165
167
|
end
|
166
168
|
|
169
|
+
# We only want to shut down the agent if TeamServer actually told us to, not because of a network error
|
170
|
+
#
|
171
|
+
# @param [Net::HTTPResponse]
|
172
|
+
# @return Boolean
|
173
|
+
def rejected_by_ts? response
|
174
|
+
response_body = response&.body || Contrast::Utils::ObjectShare::EMPTY_STRING
|
175
|
+
response_data = Contrast::Utils::Json.parse(response_body, deep_symbolize: true)
|
176
|
+
response_data.key?(:success) && response_data[:success] == false
|
177
|
+
end
|
178
|
+
|
167
179
|
# Extract Last-Modified header from ServerSettings response.
|
168
180
|
# The new GET server settings endpoint have different payload.
|
169
181
|
# Extract the last modify headers with last update form TS.
|
170
182
|
#
|
171
|
-
# @param response [Net::
|
183
|
+
# @param response [Net::HTTPResponse, nil]
|
172
184
|
# @param event [Contrast::Agent::Reporting::ServerSettings,
|
173
185
|
# Contrast::Agent::Reporting::ApplicationSettings, nil]
|
174
186
|
# @return last_modified[integer, nil] Time since last server update
|
@@ -250,7 +262,7 @@ module Contrast
|
|
250
262
|
#
|
251
263
|
# This method works to extract away these differences.
|
252
264
|
#
|
253
|
-
# @param response [Net::
|
265
|
+
# @param response [Net::HTTPResponse, nil]
|
254
266
|
# @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer.
|
255
267
|
# @return response [Contrast::Agent::Reporting::Response]
|
256
268
|
def convert_response response, event
|
@@ -263,7 +275,7 @@ module Contrast
|
|
263
275
|
extract_response_last_modified(response, event)
|
264
276
|
populate_response(response_data, event)
|
265
277
|
rescue StandardError => e
|
266
|
-
logger.error('Unable to convert response', e)
|
278
|
+
logger.error('Unable to convert response', error: e)
|
267
279
|
nil
|
268
280
|
end
|
269
281
|
|
@@ -26,6 +26,7 @@ module Contrast
|
|
26
26
|
#
|
27
27
|
def report_observed_route
|
28
28
|
return unless (reporter = Contrast::Agent.reporter)
|
29
|
+
return if Contrast::Agent::REQUEST_TRACKER.current&.response&.response_code == 404
|
29
30
|
|
30
31
|
reporter.send_event(context.observed_route) if Contrast::ROUTES_SENT.sendable?(context.observed_route)
|
31
32
|
end
|
@@ -124,7 +124,7 @@ module Contrast
|
|
124
124
|
|
125
125
|
# @return [Contrast::Components::Assess::Interface]
|
126
126
|
def assess
|
127
|
-
@assess ||= Contrast::Components::
|
127
|
+
@assess ||= Contrast::Components::Settings::Interface.new # rubocop:disable Naming/MemoizedInstanceVariableName
|
128
128
|
end
|
129
129
|
|
130
130
|
# @return [Contrast::Components::Inventory::Interface]
|
data/lib/contrast/utils/json.rb
CHANGED
@@ -14,7 +14,7 @@ module Contrast
|
|
14
14
|
|
15
15
|
# Add any known cases where parsing error might arise from older json parser:
|
16
16
|
# @return [Array<String>]
|
17
|
-
SPECIAL_CASES = ["\"\""].cs__freeze # rubocop:disable Style/StringLiterals
|
17
|
+
SPECIAL_CASES = ["\"\"", "\"0\""].cs__freeze # rubocop:disable Style/StringLiterals
|
18
18
|
|
19
19
|
# Parses a string using JSON.parser. This method is used instead of standard JSON.parse to
|
20
20
|
# support older versions of json gem => not supporting key-value second parameter, which is
|
@@ -91,6 +91,15 @@ module Contrast
|
|
91
91
|
rescue Contrast::SecurityException => e
|
92
92
|
logger.trace('Security Exception raised during application lifecycle to prevent an attack', e)
|
93
93
|
raise(e)
|
94
|
+
rescue StandardError => e
|
95
|
+
# If there is a routing error of this type, then we cannot find a method explicitly mapped to this route.
|
96
|
+
# In this case, we should report nothing.
|
97
|
+
if Contrast::Utils::ClassUtil.truly_defined?('ActionController::RoutingError') &&
|
98
|
+
e.is_a?(ActionController::RoutingError)
|
99
|
+
|
100
|
+
Contrast::Agent::REQUEST_TRACKER.current&.observed_route = nil
|
101
|
+
end
|
102
|
+
raise(e)
|
94
103
|
end
|
95
104
|
end
|
96
105
|
end
|
@@ -25,8 +25,9 @@ module Contrast
|
|
25
25
|
# @param route [Contrast::Agent::Reporting::ObservedRoute] the route
|
26
26
|
# @return [boolean]
|
27
27
|
def sendable? route
|
28
|
-
return false
|
29
|
-
return false
|
28
|
+
return false unless route
|
29
|
+
return false unless route.signature && !route.signature.blank?
|
30
|
+
return false unless route.url && !route.url.blank?
|
30
31
|
|
31
32
|
route_hash = route.hash_id
|
32
33
|
|
data/lib/contrast.rb
CHANGED
@@ -95,15 +95,15 @@ end
|
|
95
95
|
|
96
96
|
# This needs to be required very early, after component interfaces, and before instrumentation attempts
|
97
97
|
require 'contrast/funchook/funchook'
|
98
|
-
|
99
98
|
require 'contrast/agent/version'
|
100
99
|
|
101
100
|
# shared utils
|
102
101
|
require 'contrast/utils/timer'
|
103
|
-
|
104
102
|
require 'contrast/utils/assess/sampling_util'
|
105
103
|
require 'contrast/agent'
|
106
104
|
|
105
|
+
# Prepend fix for Ruby 3.0
|
106
|
+
# TODO: RUBY-99999 remove once obsolete.
|
107
107
|
if RUBY_VERSION >= '3.0.0' && RUBY_VERSION < '3.1.0'
|
108
108
|
# Put prepend back as it was.
|
109
109
|
Class.alias_method(:prepend, :cs__orig_prepend)
|
@@ -304,7 +304,15 @@
|
|
304
304
|
"class_name":"String",
|
305
305
|
"instance_method": true,
|
306
306
|
"method_visibility": "public",
|
307
|
-
"method_name":"capitalize
|
307
|
+
"method_name":"capitalize",
|
308
|
+
"source":"O",
|
309
|
+
"target":"R",
|
310
|
+
"action":"KEEP"
|
311
|
+
}, {
|
312
|
+
"class_name":"String",
|
313
|
+
"instance_method": true,
|
314
|
+
"method_visibility": "public",
|
315
|
+
"method_name":"html_safe",
|
308
316
|
"source":"O",
|
309
317
|
"target":"R",
|
310
318
|
"action":"KEEP"
|
@@ -908,6 +916,36 @@
|
|
908
916
|
"action":"SPLAT",
|
909
917
|
"tags":["HTML_ENCODED"],
|
910
918
|
"untags":["HTML_DECODED"]
|
919
|
+
}, {
|
920
|
+
"class_name": "ActiveSupport::CoreExt::ERBUtil",
|
921
|
+
"method_name": "html_escape",
|
922
|
+
"method_visibility": "public",
|
923
|
+
"instance_method": true,
|
924
|
+
"source": "P0",
|
925
|
+
"target": "R",
|
926
|
+
"action": "SPLAT",
|
927
|
+
"tags":["HTML_ENCODED"],
|
928
|
+
"untags":["HTML_DECODED"]
|
929
|
+
}, {
|
930
|
+
"class_name": "ActiveSupport::CoreExt::ERBUtil",
|
931
|
+
"method_name": "h",
|
932
|
+
"method_visibility": "public",
|
933
|
+
"instance_method": true,
|
934
|
+
"source": "P0",
|
935
|
+
"target": "R",
|
936
|
+
"action": "SPLAT",
|
937
|
+
"tags":["HTML_ENCODED"],
|
938
|
+
"untags":["HTML_DECODED"]
|
939
|
+
}, {
|
940
|
+
"class_name": "ActiveSupport::CoreExt::ERBUtil",
|
941
|
+
"method_name": "unwrapped_html_escape",
|
942
|
+
"method_visibility": "public",
|
943
|
+
"instance_method": true,
|
944
|
+
"source": "P0",
|
945
|
+
"target": "R",
|
946
|
+
"action": "SPLAT",
|
947
|
+
"tags":["HTML_ENCODED"],
|
948
|
+
"untags":["HTML_DECODED"]
|
911
949
|
}, {
|
912
950
|
"class_name":"ERB::Util",
|
913
951
|
"method_name":"h",
|
@@ -1028,6 +1066,17 @@
|
|
1028
1066
|
"target": "R",
|
1029
1067
|
"action": "SPLAT"
|
1030
1068
|
},
|
1069
|
+
{
|
1070
|
+
"class_name": "ActiveSupport::Multibyte::Unicode",
|
1071
|
+
"instance_method": true,
|
1072
|
+
"method_visibility": "public",
|
1073
|
+
"method_name":"tidy_bytes",
|
1074
|
+
"source":"P0",
|
1075
|
+
"target":"R",
|
1076
|
+
"action": "KEEP",
|
1077
|
+
"tags":["HTML_ENCODED"],
|
1078
|
+
"untags":["HTML_DECODED"]
|
1079
|
+
},
|
1031
1080
|
{
|
1032
1081
|
"class_name": "JSON",
|
1033
1082
|
"method_name": "generate",
|
data/ruby-agent.gemspec
CHANGED
@@ -9,14 +9,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
9
9
|
|
10
10
|
# Add the team as authors of the Agent
|
11
11
|
def self.add_authors spec
|
12
|
-
spec.authors = %w[
|
13
|
-
galen.palmer@contrastsecurity.com
|
14
|
-
harold.mcginnis@contrastsecurity.com
|
15
|
-
donald.propst@contrastsecurity.com
|
16
|
-
alex.macdonald@contrastsecurity.com
|
17
|
-
mark.petersen@contrastsecurity.com
|
18
|
-
joshua.reed@contrastsecurity.com
|
19
|
-
]
|
12
|
+
spec.authors = %w[ruby@contrastsecurity.com]
|
20
13
|
end
|
21
14
|
|
22
15
|
# Add those dependencies required to develop or test the Agent
|
@@ -44,7 +37,6 @@ end
|
|
44
37
|
def self.add_debuggers spec
|
45
38
|
spec.add_development_dependency 'pry'
|
46
39
|
spec.add_development_dependency 'pry-byebug', '>= 3.9'
|
47
|
-
spec.add_development_dependency 'ruby-debug-ide'
|
48
40
|
end
|
49
41
|
|
50
42
|
# Dependencies used for framework testing.
|
@@ -52,7 +44,7 @@ def self.add_frameworks spec
|
|
52
44
|
spec.add_development_dependency 'grape', '~> 1.5', '>= 1.5.2'
|
53
45
|
spec.add_development_dependency 'rack-protection', '>= 2'
|
54
46
|
spec.add_development_dependency 'rails', '>= 6', '~> 7'
|
55
|
-
spec.add_development_dependency 'sinatra', '>= 2'
|
47
|
+
spec.add_development_dependency 'sinatra', '>= 2', '<4.0.0'
|
56
48
|
end
|
57
49
|
|
58
50
|
# Dependencies used for linting prior to commit.
|
@@ -105,9 +97,14 @@ def self.add_tested_gems spec
|
|
105
97
|
spec.add_development_dependency 'async'
|
106
98
|
spec.add_development_dependency 'execjs'
|
107
99
|
spec.add_development_dependency 'rhino'
|
108
|
-
|
100
|
+
if ENV.fetch('CONTRAST__PIPELINE__RUN', nil) == 'true'
|
101
|
+
spec.add_development_dependency 'sqlite3', '1.6.6'
|
102
|
+
else
|
103
|
+
spec.add_development_dependency 'sqlite3'
|
104
|
+
end
|
109
105
|
spec.add_development_dependency 'tilt'
|
110
106
|
spec.add_development_dependency 'xpath'
|
107
|
+
spec.add_development_dependency 'ruby'
|
111
108
|
end
|
112
109
|
|
113
110
|
# Add those dependencies required to run the Agent in customer applications.
|
@@ -116,9 +113,13 @@ end
|
|
116
113
|
# dependencies.csv in this directory to indicate that and create a
|
117
114
|
# corresponding update to the fake gem server data in TeamServer.
|
118
115
|
def self.add_dependencies spec
|
119
|
-
|
116
|
+
if ENV.fetch('CONTRAST__PIPELINE__RUN', nil) == 'true'
|
117
|
+
spec.add_dependency 'ffi', '1.15.5'
|
118
|
+
else
|
119
|
+
spec.add_dependency 'ffi'
|
120
|
+
end
|
120
121
|
spec.add_dependency 'ougai', '>= 1.8', '< 3.0.0'
|
121
|
-
spec.add_dependency 'rack', '
|
122
|
+
spec.add_dependency 'rack', '>= 2.0', '< 4.0.0'
|
122
123
|
|
123
124
|
# bind this directly as we've had issues w/ build changes on bug release
|
124
125
|
spec.add_dependency 'contrast-agent-lib', '1.1.1'
|
metadata
CHANGED
@@ -1,19 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: contrast-agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.
|
4
|
+
version: 7.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
-
|
8
|
-
|
9
|
-
- donald.propst@contrastsecurity.com
|
10
|
-
- alex.macdonald@contrastsecurity.com
|
11
|
-
- mark.petersen@contrastsecurity.com
|
12
|
-
- joshua.reed@contrastsecurity.com
|
13
|
-
autorequire:
|
7
|
+
- ruby@contrastsecurity.com
|
8
|
+
autorequire:
|
14
9
|
bindir: exe
|
15
10
|
cert_chain: []
|
16
|
-
date:
|
11
|
+
date: 2024-04-11 00:00:00.000000000 Z
|
17
12
|
dependencies:
|
18
13
|
- !ruby/object:Gem::Dependency
|
19
14
|
name: bundler
|
@@ -85,20 +80,6 @@ dependencies:
|
|
85
80
|
- - ">="
|
86
81
|
- !ruby/object:Gem::Version
|
87
82
|
version: '3.9'
|
88
|
-
- !ruby/object:Gem::Dependency
|
89
|
-
name: ruby-debug-ide
|
90
|
-
requirement: !ruby/object:Gem::Requirement
|
91
|
-
requirements:
|
92
|
-
- - ">="
|
93
|
-
- !ruby/object:Gem::Version
|
94
|
-
version: '0'
|
95
|
-
type: :development
|
96
|
-
prerelease: false
|
97
|
-
version_requirements: !ruby/object:Gem::Requirement
|
98
|
-
requirements:
|
99
|
-
- - ">="
|
100
|
-
- !ruby/object:Gem::Version
|
101
|
-
version: '0'
|
102
83
|
- !ruby/object:Gem::Dependency
|
103
84
|
name: debride
|
104
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -300,6 +281,9 @@ dependencies:
|
|
300
281
|
- - ">="
|
301
282
|
- !ruby/object:Gem::Version
|
302
283
|
version: '2'
|
284
|
+
- - "<"
|
285
|
+
- !ruby/object:Gem::Version
|
286
|
+
version: 4.0.0
|
303
287
|
type: :development
|
304
288
|
prerelease: false
|
305
289
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -307,6 +291,9 @@ dependencies:
|
|
307
291
|
- - ">="
|
308
292
|
- !ruby/object:Gem::Version
|
309
293
|
version: '2'
|
294
|
+
- - "<"
|
295
|
+
- !ruby/object:Gem::Version
|
296
|
+
version: 4.0.0
|
310
297
|
- !ruby/object:Gem::Dependency
|
311
298
|
name: async
|
312
299
|
requirement: !ruby/object:Gem::Requirement
|
@@ -391,6 +378,20 @@ dependencies:
|
|
391
378
|
- - ">="
|
392
379
|
- !ruby/object:Gem::Version
|
393
380
|
version: '0'
|
381
|
+
- !ruby/object:Gem::Dependency
|
382
|
+
name: ruby
|
383
|
+
requirement: !ruby/object:Gem::Requirement
|
384
|
+
requirements:
|
385
|
+
- - ">="
|
386
|
+
- !ruby/object:Gem::Version
|
387
|
+
version: '0'
|
388
|
+
type: :development
|
389
|
+
prerelease: false
|
390
|
+
version_requirements: !ruby/object:Gem::Requirement
|
391
|
+
requirements:
|
392
|
+
- - ">="
|
393
|
+
- !ruby/object:Gem::Version
|
394
|
+
version: '0'
|
394
395
|
- !ruby/object:Gem::Dependency
|
395
396
|
name: benchmark-ips
|
396
397
|
requirement: !ruby/object:Gem::Requirement
|
@@ -619,16 +620,16 @@ dependencies:
|
|
619
620
|
name: ffi
|
620
621
|
requirement: !ruby/object:Gem::Requirement
|
621
622
|
requirements:
|
622
|
-
- - "
|
623
|
+
- - ">="
|
623
624
|
- !ruby/object:Gem::Version
|
624
|
-
version: '
|
625
|
+
version: '0'
|
625
626
|
type: :runtime
|
626
627
|
prerelease: false
|
627
628
|
version_requirements: !ruby/object:Gem::Requirement
|
628
629
|
requirements:
|
629
|
-
- - "
|
630
|
+
- - ">="
|
630
631
|
- !ruby/object:Gem::Version
|
631
|
-
version: '
|
632
|
+
version: '0'
|
632
633
|
- !ruby/object:Gem::Dependency
|
633
634
|
name: ougai
|
634
635
|
requirement: !ruby/object:Gem::Requirement
|
@@ -653,16 +654,22 @@ dependencies:
|
|
653
654
|
name: rack
|
654
655
|
requirement: !ruby/object:Gem::Requirement
|
655
656
|
requirements:
|
656
|
-
- - "
|
657
|
+
- - ">="
|
657
658
|
- !ruby/object:Gem::Version
|
658
659
|
version: '2.0'
|
660
|
+
- - "<"
|
661
|
+
- !ruby/object:Gem::Version
|
662
|
+
version: 4.0.0
|
659
663
|
type: :runtime
|
660
664
|
prerelease: false
|
661
665
|
version_requirements: !ruby/object:Gem::Requirement
|
662
666
|
requirements:
|
663
|
-
- - "
|
667
|
+
- - ">="
|
664
668
|
- !ruby/object:Gem::Version
|
665
669
|
version: '2.0'
|
670
|
+
- - "<"
|
671
|
+
- !ruby/object:Gem::Version
|
672
|
+
version: 4.0.0
|
666
673
|
- !ruby/object:Gem::Dependency
|
667
674
|
name: contrast-agent-lib
|
668
675
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1370,7 +1377,7 @@ metadata:
|
|
1370
1377
|
support_uri: https://support.contrastsecurity.com
|
1371
1378
|
trouble_shooting_uri: https://support.contrastsecurity.com/hc/en-us/search?utf8=%E2%9C%93&query=Ruby
|
1372
1379
|
wiki_uri: https://docs.contrastsecurity.com/
|
1373
|
-
post_install_message:
|
1380
|
+
post_install_message:
|
1374
1381
|
rdoc_options: []
|
1375
1382
|
require_paths:
|
1376
1383
|
- lib
|
@@ -1388,8 +1395,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
1388
1395
|
- !ruby/object:Gem::Version
|
1389
1396
|
version: '0'
|
1390
1397
|
requirements: []
|
1391
|
-
rubygems_version: 3.
|
1392
|
-
signing_key:
|
1398
|
+
rubygems_version: 3.3.26
|
1399
|
+
signing_key:
|
1393
1400
|
specification_version: 4
|
1394
1401
|
summary: Contrast Security's agent for rack-based applications.
|
1395
1402
|
test_files: []
|