contrast-agent 7.5.0 → 7.6.0

data/lib/contrast.rb

@@ -95,15 +95,15 @@ end
 
 # This needs to be required very early, after component interfaces, and before instrumentation attempts
 require 'contrast/funchook/funchook'
-
 require 'contrast/agent/version'
 
 # shared utils
 require 'contrast/utils/timer'
-
 require 'contrast/utils/assess/sampling_util'
 require 'contrast/agent'
 
+# Prepend fix for Ruby 3.0
+# TODO: RUBY-99999 remove once obsolete.
 if RUBY_VERSION >= '3.0.0' && RUBY_VERSION < '3.1.0'
   # Put prepend back as it was.
   Class.alias_method(:prepend, :cs__orig_prepend)

data/resources/assess/policy.json

@@ -304,7 +304,15 @@
       "class_name":"String",
       "instance_method": true,
       "method_visibility": "public",
-      "method_name":"capitalize!",
+      "method_name":"capitalize",
+      "source":"O",
+      "target":"R",
+      "action":"KEEP"
+    }, {
+      "class_name":"String",
+      "instance_method": true,
+      "method_visibility": "public",
+      "method_name":"html_safe",
       "source":"O",
       "target":"R",
       "action":"KEEP"
@@ -908,6 +916,36 @@
       "action":"SPLAT",
       "tags":["HTML_ENCODED"],
       "untags":["HTML_DECODED"]
+    }, {
+       "class_name": "ActiveSupport::CoreExt::ERBUtil",
+       "method_name": "html_escape",
+       "method_visibility": "public",
+       "instance_method": true,
+       "source": "P0",
+       "target": "R",
+       "action": "SPLAT",
+       "tags":["HTML_ENCODED"],
+       "untags":["HTML_DECODED"]
+    }, {
+       "class_name": "ActiveSupport::CoreExt::ERBUtil",
+       "method_name": "h",
+       "method_visibility": "public",
+       "instance_method": true,
+       "source": "P0",
+       "target": "R",
+       "action": "SPLAT",
+       "tags":["HTML_ENCODED"],
+       "untags":["HTML_DECODED"]
+    }, {
+       "class_name": "ActiveSupport::CoreExt::ERBUtil",
+       "method_name": "unwrapped_html_escape",
+       "method_visibility": "public",
+       "instance_method": true,
+       "source": "P0",
+       "target": "R",
+       "action": "SPLAT",
+       "tags":["HTML_ENCODED"],
+       "untags":["HTML_DECODED"]
     }, {
       "class_name":"ERB::Util",
       "method_name":"h",
@@ -1028,6 +1066,17 @@
       "target": "R",
       "action": "SPLAT"
     },
+    {
+       "class_name": "ActiveSupport::Multibyte::Unicode",
+       "instance_method": true,
+       "method_visibility": "public",
+       "method_name":"tidy_bytes",
+       "source":"P0",
+       "target":"R",
+       "action": "KEEP",
+       "tags":["HTML_ENCODED"],
+       "untags":["HTML_DECODED"]
+    },
     {
       "class_name": "JSON",
       "method_name": "generate",

data/ruby-agent.gemspec

@@ -9,14 +9,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 # Add the team as authors of the Agent
 def self.add_authors spec
-  spec.authors = %w[
-    galen.palmer@contrastsecurity.com
-    harold.mcginnis@contrastsecurity.com
-    donald.propst@contrastsecurity.com
-    alex.macdonald@contrastsecurity.com
-    mark.petersen@contrastsecurity.com
-    joshua.reed@contrastsecurity.com
-  ]
+  spec.authors = %w[ruby@contrastsecurity.com]
 end
 
 # Add those dependencies required to develop or test the Agent
@@ -44,7 +37,6 @@ end
 def self.add_debuggers spec
   spec.add_development_dependency 'pry'
   spec.add_development_dependency 'pry-byebug', '>= 3.9'
-  spec.add_development_dependency 'ruby-debug-ide'
 end
 
 # Dependencies used for framework testing.
@@ -52,7 +44,7 @@ def self.add_frameworks spec
   spec.add_development_dependency 'grape', '~> 1.5', '>= 1.5.2'
   spec.add_development_dependency 'rack-protection', '>= 2'
   spec.add_development_dependency 'rails', '>= 6', '~> 7'
-  spec.add_development_dependency 'sinatra', '>= 2'
+  spec.add_development_dependency 'sinatra', '>= 2', '<4.0.0'
 end
 
 # Dependencies used for linting prior to commit.
@@ -105,9 +97,14 @@ def self.add_tested_gems spec
   spec.add_development_dependency 'async'
   spec.add_development_dependency 'execjs'
   spec.add_development_dependency 'rhino'
-  spec.add_development_dependency 'sqlite3'
+  if ENV.fetch('CONTRAST__PIPELINE__RUN', nil) == 'true'
+    spec.add_development_dependency 'sqlite3', '1.6.6'
+  else
+    spec.add_development_dependency 'sqlite3'
+  end
   spec.add_development_dependency 'tilt'
   spec.add_development_dependency 'xpath'
+  spec.add_development_dependency 'ruby'
 end
 
 # Add those dependencies required to run the Agent in customer applications.
@@ -116,8 +113,11 @@ end
 # dependencies.csv in this directory to indicate that and create a
 # corresponding update to the fake gem server data in TeamServer.
 def self.add_dependencies spec
-  # TODO: RUBY-99999 investigate init_with_options segmentation fault
-  spec.add_dependency 'ffi'
+  if ENV.fetch('CONTRAST__PIPELINE__RUN', nil) == 'true'
+    spec.add_dependency 'ffi', '1.15.5'
+  else
+    spec.add_dependency 'ffi'
+  end
   spec.add_dependency 'ougai', '>= 1.8', '< 3.0.0'
   spec.add_dependency 'rack', '>= 2.0', '< 4.0.0'
 

metadata

@@ -1,19 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 7.5.0
+  version: 7.6.0
 platform: ruby
 authors:
-- galen.palmer@contrastsecurity.com
-- harold.mcginnis@contrastsecurity.com
-- donald.propst@contrastsecurity.com
-- alex.macdonald@contrastsecurity.com
-- mark.petersen@contrastsecurity.com
-- joshua.reed@contrastsecurity.com
+- ruby@contrastsecurity.com
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-10-06 00:00:00.000000000 Z
+date: 2024-04-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -85,20 +80,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '3.9'
-- !ruby/object:Gem::Dependency
-  name: ruby-debug-ide
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: debride
   requirement: !ruby/object:Gem::Requirement
@@ -300,6 +281,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -307,6 +291,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: async
   requirement: !ruby/object:Gem::Requirement
@@ -391,6 +378,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: benchmark-ips
   requirement: !ruby/object:Gem::Requirement