contrast-agent 4.2.0 → 4.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 713e0f9cd16184d4b5da094f0d05b006870f557edfa0fc0ac199bf1035acfe45
-  data.tar.gz: f37a1ab7901a7c42bf5dce897c6dd0218f4df40d057c8719e3027f802ecd3c52
+  metadata.gz: 772706612c29bc99cb9861c736056218e830881daba5ea2f9a4a2e86ecaf83ab
+  data.tar.gz: 85d07cd9104e2b6f0c1e04e5ee4d1562ad8de62a7155dd761cdcaa554f4e68fd
 SHA512:
-  metadata.gz: f1bcf5495957815fbe1acc801e9cdc9567a1a25f657b425a335cfa1412054ecdf4f92662d0eef0b19bdc2a1c5295b758d19ed4adf4cb7f37ef67bfaf4b67262f
-  data.tar.gz: bd3e6f02d68c7eaa9385f6626e52b3fe16cecbac10d53f8c82dd01b733c9f39666183afd21df601318ed95c482338b786e13cb8f087c8076872cd5fb3f4cfad8
+  metadata.gz: 2e80a24fd38c3f88377abc59e146c755ec6e0272a64fd3af6d840888e33672513fc62539d9d9eae6de49d5c46bcce34ce656a8f8afe3fa71c0e80a3215b58753
+  data.tar.gz: 8bf6282052071f42dba4e40b0cd3abf9f15531a4e0fdff208d047d5a679c5268a903be5d93ec178d2ace254b5784548753c795088fdd6edac56bcd38ac1d2997

data/Rakefile

@@ -18,6 +18,7 @@ Dir['ext/cs__*'].each do |extension|
   end
 end
 
+desc 'compile the protobuf files for the agent, translating them to .rb classes'
 task :contrast_pb_compile do
   # do some stuff before compile
 

data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c

@@ -5,28 +5,39 @@
 #include "../cs__common/cs__common.h"
 #include <ruby.h>
 
-static VALUE contrast_assess_marshal_module_load(const int argc,
+static VALUE contrast_marshal_module_load(const int argc,
                                                  const VALUE *argv) {
     VALUE result;
     VALUE source_string;
-    result = rb_call_super(argc, argv);
 
+    // Our patches only need only apply in the case where there was valid input.
     if (argc >= 1) {
         source_string = argv[0];
+    } else {
+        source_string = Qnil;
+    }
+
+    // Run our protect code ahead of the original method
+    if (source_string != Qnil) {
+        rb_funcall(marshal_propagator, rb_sym_protect_marshal_load, 1, source_string);
+    }
 
+    // Invoke the original method
+    result = rb_call_super(argc, argv);
+
+    // Run our assess code after the original method
+    if (source_string != Qnil) {
         VALUE tracked =
             rb_funcall(properties_hash, rb_sym_hash_tracked, 1, source_string);
 
+        // Assuming the source is tracked and needs assess checks
         if (tracked == Qtrue) {
             VALUE skip =
                 rb_funcall(contrast_patcher(), rb_sym_skip_assess_analysis, 0);
-
+            // And Assess is enabled and applies to this request
             if (skip == Qfalse) {
-                VALUE scope =
-                    rb_funcall(contrast_patcher(), rb_sym_enter_scope, 0);
-                rb_funcall(marshal_module, rb_sym_assess_load_trigger_check, 2,
+                rb_funcall(marshal_propagator, rb_sym_assess_marshal_load, 2,
                            source_string, result);
-                rb_funcall(contrast_patcher(), rb_sym_exit_scope, 0);
             }
         }
     }
@@ -37,10 +48,11 @@ void Init_cs__assess_marshal_module(void) {
     // Contrast::Agent::Assess::Tracker::PROPERTIES_HASH
     VALUE tracker = rb_define_class_under(assess, "Tracker", rb_cObject);
     properties_hash = rb_const_get(tracker, rb_intern("PROPERTIES_HASH"));
-    marshal_module =
+    marshal_propagator =
         rb_define_class_under(core_assess, "MarshalPropagator", rb_cObject);
-    rb_sym_assess_load_trigger_check = rb_intern("cs__load_trigger_check");
+    rb_sym_assess_marshal_load = rb_intern("cs__load_assess");
+    rb_sym_protect_marshal_load = rb_intern("cs__load_protect");
 
     contrast_register_singleton_prepend_patch(
-        "Marshal", "load", &contrast_assess_marshal_module_load);
+        "Marshal", "load", &contrast_marshal_module_load);
 }

data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h

@@ -1,8 +1,9 @@
 #include <ruby.h>
 
-static VALUE marshal_module;
+static VALUE marshal_propagator;
 
-static VALUE rb_sym_assess_load_trigger_check;
+static VALUE rb_sym_assess_marshal_load;
+static VALUE rb_sym_protect_marshal_load;
 static VALUE properties_hash;
 
 /*
@@ -13,7 +14,7 @@ static VALUE properties_hash;
  * special case this for now.
  * -HM (shamelessly commenting on DP's work)
  */
-static VALUE contrast_assess_marshal_module_load(const int argc,
+static VALUE contrast_marshal_module_load(const int argc,
                                                  const VALUE *argv);
 
 void Init_cs__assess_marshal_module(void);

data/lib/contrast/agent/assess/contrast_event.rb

@@ -9,6 +9,8 @@ require 'contrast/utils/prevent_serialization'
 require 'contrast/utils/stack_trace_utils'
 require 'contrast/utils/string_utils'
 require 'contrast/utils/timer'
+require 'contrast/components/interface'
+require 'contrast/agent/assess/contrast_object'
 
 module Contrast
   module Agent
@@ -26,63 +28,22 @@ module Contrast
       #   created
       # @attr_reader thread [Integer] the object id of the thread on which this
       #   event was generated
-      # @attr_reader object [String] the safe representation of the Object on
-      #   which the method was invoked
-      # @attr_reader ret [String] the safe representation of the Return of the
-      #   invoked method
-      # @attr_reader args [Array<Object>] the safe representation of the
-      #   Arguments with which the method was invoked
+      # @attr_reader object [Contrast::Agent::Assess::ContrastObject] the safe
+      #   representation of the Object on which the method was invoked
+      # @attr_reader ret [Contrast::Agent::Assess::ContrastObject] the safe
+      #   representation of the Return of the invoked method
+      # @attr_reader args [Array<Contrast::Agent::Assess::ContrastObject>] the
+      #   safe representation of the Arguments with which the method was invoked
       class ContrastEvent
         include Contrast::Utils::PreventSerialization
+        include Contrast::Components::Interface
+        access_component :analysis
 
-        class << self
-          # Given an array of arguments, copy them into a safe, meaning String,
-          # format that we can use to send to SR and TS for rendering.
-          #
-          # @param args [Array<Object>] the arguments to translate
-          # @return [Array<String>] the String forms of those Objects, as
-          #   determined by Contrast::Utils::ClassUtil.to_contrast_string
-          def safe_args_representation args
-            return nil unless args
-            return Contrast::Utils::ObjectShare::EMPTY_ARRAY if args.empty?
-
-            rep = []
-            args.each do |arg|
-              # We have to handle named args
-              rep <<  if arg.is_a?(Hash)
-                        safe_arg_hash_representation(arg)
-                      else
-                        Contrast::Utils::ClassUtil.to_contrast_string(arg)
-                      end
-            end
-            rep
-          end
-
-          # if given an object that can be duped, duplicate it. otherwise just
-          # return the original object. swallow all exceptions from
-          # non-duplicable things.
-          #
-          # we can't just check respond_to? though b/c dup exists on the
-          # base Object class
-          #
-          # @param original [Object, nil] the thing to duplicate
-          # @return [Object, nil] a copy of that thing
-          def safe_dup original
-            return nil unless original
-
-            Contrast::Agent::Assess::Tracker.duplicate(original)
-          end
-
-          private
-
-          def safe_arg_hash_representation hash
-            # since this is the named hash for arguments, only the value is
-            # suspect here
-            hash.transform_values { |v| Contrast::Utils::ClassUtil.to_contrast_string(v) }
-          end
-        end
-
-        attr_reader :event_id, :policy_node, :stack_trace, :time, :thread, :object, :ret, :args
+        attr_reader :event_id, :policy_node, :stack_trace, :time, :thread,
+                    :object,
+                    :ret,
+                    :args,
+                    :tags
 
         # We need this to track the parent id's of events to build up a flow
         # chart of the finding
@@ -106,16 +67,25 @@ module Contrast
         #   was invoked
         def initialize policy_node, tagged, object, ret, args
           @policy_node = policy_node
-          # so long as this event is built in a factory, we know Contrast Code
+
+          # Capture stacktraces only as configured.
+          #
+          # So long as this event is built in a factory, we know Contrast Code
           # will be the first three events
-          @stack_trace = caller(3, 20)
+          @stack_trace = if ASSESS.capture_stacktrace?(policy_node)
+                           caller(3, 20)
+                         else
+                           Contrast::Utils::ObjectShare::EMPTY_ARRAY
+                         end
+
           @time = Contrast::Utils::Timer.now_ms
           @thread = Thread.current.object_id
 
           # These methods rely on the above being set. Don't move them!
           @event_id = Contrast::Agent::Assess::ContrastEvent.next_atomic_id
+          @tags = Contrast::Agent::Assess::Tracker.properties(tagged)&.tags
           find_parent_events!(policy_node, object, ret, args)
-          snapshot!(tagged, object, ret, args)
+          snapshot!(object, ret, args)
         end
 
         def parent_events
@@ -128,22 +98,17 @@ module Contrast
         #    Per TS law, each policy_node must have at least a source or a target.
         #    The only type of policy_node w/o targets is a Trigger, but that may
         #    change.
-        # 2) If I have a highlight, it means that I have a P target that is
-        #    not in integer form (it was a named / keyword type for which I had
-        #    to find the index). I need to address this so that TS can process
-        #    it.
-        # 3) I'll set the event's source and target to TS values.
-        # 4) Return the highlight or the first source/target as the taint
-        #    target.
+        # 2) I'll set the event's source and target to TS values.
+        # 3) Return the first source/target as the taint target.
         def determine_taint_target event_dtm
           if @policy_node&.targets&.any?
             event_dtm.source = @policy_node.source_string if @policy_node.source_string
-            event_dtm.target = @highlight ? "P#{ @highlight }" : @policy_node.target_string
-            @highlight || @policy_node.targets[0]
+            event_dtm.target = @policy_node.target_string
+            @policy_node.targets[0]
           elsif policy_node&.sources&.any?
-            event_dtm.source = @highlight ? "P#{ @highlight }" : @policy_node.source_string
+            event_dtm.source = @policy_node.source_string
             event_dtm.target = @policy_node.target_string if @policy_node.target_string
-            @highlight || @policy_node.sources[0]
+            @policy_node.sources[0]
           end
         end
 
@@ -193,16 +158,7 @@ module Contrast
           when Contrast::Utils::ObjectShare::RETURN_KEY
             ret
           else
-            if source.is_a?(Integer)
-              args[source]
-            else
-              args.each do |search|
-                next unless search.is_a?(Hash)
-
-                s = search[source]
-                return s if s
-              end
-            end
+            args[source]
           end
         end
 
@@ -212,65 +168,28 @@ module Contrast
         # them for our later use. We set those safe values to this event's
         # instance variables.
         #
-        # @param tagged [Object] the Target to which this event pertains.
         # @param object [Object] the Object on which the method was invoked
         # @param ret [Object] the Return of the invoked method
         # @param args [Array<Object>] the Arguments with which the method
         #   was invoked
-        def snapshot! tagged, object, ret, args
-          target = @policy_node.target
-          case target
-            # If the target is nil, this rule was violated simply by a method
-            # being called. We'll save all the information, but nothing will be
-            # marked up, as nothing need be tracked
-          when nil
-            @object = Contrast::Utils::ClassUtil.to_contrast_string(object)
-            @args = cs__class.safe_args_representation(args)
-            @ret = Contrast::Utils::ClassUtil.to_contrast_string(ret)
-            # If the target is O, then we dup the O and safely represent the rest
-          when Contrast::Utils::ObjectShare::OBJECT_KEY
-            @object = cs__class.safe_dup(tagged)
-            @args = cs__class.safe_args_representation(args)
-            @ret = Contrast::Utils::ClassUtil.to_contrast_string(ret)
-            # If the target is R, then we dup the R and safely represent the rest
-          when Contrast::Utils::ObjectShare::RETURN_KEY
-            @object = Contrast::Utils::ClassUtil.to_contrast_string(object)
-            @args = cs__class.safe_args_representation(args)
-            @ret = cs__class.safe_dup(tagged)
-            # If the target is P*, then we need to dup things a differently. We
-            # need to find the true target inside so that we can mark it up
-            # later, but the other args should be represented as their safe form.
-          else
-            @object = Contrast::Utils::ClassUtil.to_contrast_string(object)
-            @args = cs__class.safe_args_representation(args)
-            @ret = Contrast::Utils::ClassUtil.to_contrast_string(ret)
-            save_target_arg(target, tagged)
-          end
+        def snapshot! object, ret, args
+          @object = Contrast::Agent::Assess::ContrastObject.new(object) if object
+          @ret = Contrast::Agent::Assess::ContrastObject.new(ret) if ret
+          @args = safe_args_representation(args)
+          self
         end
 
-        # I know we're creating an extra string here since we replace the safe
-        # one w/ a dup, but good enough for now. Trying not to make this too
-        # complicated. - HM 8/8/19
+        # Given an array of arguments, copy them into a safe, meaning String,
+        # format that we can use to send to SR and TS for rendering.
         #
-        # @param target [String,Integer] the marker for the target index
-        # @param tagged [Object] the actual Object that we're acting on which
-        #   has tags
-        def save_target_arg target, tagged
-          return if @args.cs__frozen?
-
-          if target.is_a?(Integer)
-            @args[target] = cs__class.safe_dup(tagged)
-            return
-          end
-
-          @args.each_with_index do |search, index|
-            next unless search.is_a?(Hash)
-            next unless search[target]
-
-            search[target] = cs__class.safe_dup(tagged)
-            @highlight = index
-            break
-          end
+        # @param args [Array<Object>] the arguments to translate
+        # @return [Array<Contrast::Agent::Assess::ContrastObject>] the String forms of those Objects, as
+        #   determined by Contrast::Utils::ClassUtil.to_contrast_string
+        def safe_args_representation args
+          return unless args
+          return Contrast::Utils::ObjectShare::EMPTY_ARRAY if args.empty?
+
+          args.map { |arg| arg ? Contrast::Agent::Assess::ContrastObject.new(arg) : nil }
         end
       end
     end

data/lib/contrast/agent/assess/contrast_object.rb

@@ -0,0 +1,51 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/class_util'
+
+module Contrast
+  module Agent
+    module Assess
+      # This class is a convenient holder of our version of an Object. It
+      # creates a String version of the Object from the original provided
+      # and keeps reference to the original's Tags, letting us determine if it
+      # was tracked when we try to report to TeamServer.
+      #
+      # @attr_reader object [String, nil] the Contrast string representing the
+      #   object.
+      # @attr_reader object_type [String] the name of the object's module.
+      # @attr_reader tags [Hash{String => Contrast::Agent::Assess::Tag}, nil]
+      #   the tags on the object before it was captured.
+      #
+      # TODO: RUBY-1083 determine if this is expensive and/or worth not storing
+      #   these values directly on ContrastEvent and passing them around. Args
+      #   probably make the argument for wrapping them b/c otherwise we'll have
+      #   to keep two arrays in synch or make an array of arrays, at which
+      #   point, we may as well make this.
+      class ContrastObject
+        attr_reader :object, :object_type, :tags
+
+        # Capture the details about the object which we need to render it in
+        # TeamServer.
+        #
+        # @param object [Object] the thing to keep a Contrast String of
+        def initialize object
+          if object
+            @object = Contrast::Utils::ClassUtil.to_contrast_string(object)
+            @object_type = object.cs__class.name
+            # TODO: RUBY-1084 determine if we need to copy these tags to
+            #   restore immutability. For instance, if these tags were on a
+            #   String that was then #reverse!'d, would our tags be wrong?
+            @tags = Contrast::Agent::Assess::Tracker.properties(object)&.tags
+          else
+            @object_type = Contrast::Utils::ObjectShare::NIL_STRING
+          end
+        end
+
+        def tracked?
+          tags&.any?
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/assess/events/source_event.rb

@@ -58,19 +58,14 @@ module Contrast
 
           # We have to do a little work to figure out what our TS appropriate
           # target is. To break this down, the logic is as follows:
-          # 1) If I have a highlight, it means that I have a P target that is
-          #    not in integer form (it was a named / keyword type for which I had
-          #    to find the index). I need to address this so that TS can process
-          #    it.
-          # 2) I'll set the event's source and target to TS values.
-          # 3) Return the highlight or the first source/target as the taint
-          #    target.
+          # 1) I'll set the event's source and target to TS values.
+          # 2) Return the first source/target as the taint target.
           def determine_taint_target event_dtm
             return unless @policy_node&.targets&.any?
 
             event_dtm.source = @policy_node.source_string if @policy_node.source_string
-            event_dtm.target = @highlight ? "P#{ @highlight }" : @policy_node.target_string
-            @highlight || @policy_node.targets[0]
+            event_dtm.target = @policy_node.target_string
+            @policy_node.targets[0]
           end
         end
       end

data/lib/contrast/agent/assess/policy/patcher.rb

@@ -52,12 +52,13 @@ module Contrast
               Contrast::Utils::ObjectShare::CLASS,
               Contrast::Utils::ObjectShare::MODULE
             ].cs__freeze
-            def patch_assess_method clazz, method_name
+            def patch_assess_method mod, method_name
               # Module.define_method is called a lot in Class and Module. We
               # currently do not expect these define_methods to result in methods
               # that require patching, so for the sake of performance, we're going
               # to skip evaluating them
-              class_name = clazz.cs__name
+              mod = mod.cs__class unless mod.cs__is_a?(Module)
+              class_name = mod.cs__class
               return if CLASS_TYPES.include?(class_name)
               return unless ASSESS.enabled?
 
@@ -73,7 +74,7 @@ module Contrast
                                                                                     method_name: source_node.method_name,
                                                                                     method_visibility: source_node.method_visibility,
                                                                                     instance_method: true)
-                patcher.patch_method(clazz, method_array, method_policy)
+                patcher.patch_method(mod, method_array, method_policy)
               end
             rescue StandardError => e
               logger.warn(

data/lib/contrast/agent/assess/policy/policy_node.rb

@@ -19,8 +19,8 @@ module Contrast
             @source_string = policy_hash[JSON_SOURCE]
             @target_string = policy_hash[JSON_TARGET]
             @tags = Set.new(policy_hash[JSON_TAGS])
-            generate_sources
-            generate_targets
+            @sources = convert_policy_markers(source_string)
+            @targets = convert_policy_markers(target_string)
           end
 
           def feature
@@ -47,7 +47,7 @@ module Contrast
 
           def target_string= value
             @target_string = value
-            generate_targets
+            @targets = convert_policy_markers(value)
           end
 
           # Sometimes we need to tie information to an event. We'll add a
@@ -66,62 +66,6 @@ module Contrast
             @properties[name]
           end
 
-          # Given a source in the format A,B,C, populate the sources of this node
-          # 1) Split on ','
-          # 2) If 'O', add the source, else it's P (we don't have R sources) and
-          #    needs to be converted. P type will either be P:name or P# where #
-          #    is the index of the parameter. Drop the P and store the int as int
-          #    or name as symbol
-          def generate_sources
-            if source_string
-              @sources = []
-              source_string.split(Contrast::Utils::ObjectShare::COMMA).each do |s|
-                is_object = (s == Contrast::Utils::ObjectShare::OBJECT_KEY)
-                if is_object
-                  @sources << s
-                else
-                  parameter_source = s[1..-1]
-                  @sources << if parameter_source.start_with?(Contrast::Utils::ObjectShare::COLON)
-                                parameter_source[1..-1].to_sym
-                              else
-                                parameter_source.to_i
-                              end
-                end
-              end
-            else
-              @sources = Contrast::Utils::ObjectShare::EMPTY_ARRAY
-            end
-          end
-
-          # Given a target in the format A,B,C, populate the targets of this node
-          # 1) Split on ','
-          # 2) If 'O' or 'R', add the target, else it's P and needs to be
-          #    converted. P type will either be P:name or P# where # is the index
-          #    of the paramter. Drop the P and store the int as int or name as
-          #    symbol
-          def generate_targets
-            if target_string
-              @targets = []
-              target_string.split(Contrast::Utils::ObjectShare::COMMA).each do |t|
-                case t
-                when Contrast::Utils::ObjectShare::OBJECT_KEY
-                  @targets << t
-                when Contrast::Utils::ObjectShare::RETURN_KEY
-                  @targets << t
-                else
-                  parameter_target = t[1..-1]
-                  @targets << if parameter_target.start_with?(Contrast::Utils::ObjectShare::COLON)
-                                parameter_target[1..-1].to_sym
-                              else
-                                parameter_target.to_i
-                              end
-                end
-              end
-            else
-              @targets = Contrast::Utils::ObjectShare::EMPTY_ARRAY
-            end
-          end
-
           # Don't let nodes be created that will be missing things we need
           # later on. Really, if they don't have these things, they couldn't have
           # done their jobs anyway.
@@ -186,6 +130,34 @@ module Contrast
           JSON_TARGET = 'target'
           JSON_TAGS = 'tags'
           JSON_DATAFLOW = 'dataflow'
+
+          private
+
+          # Given a policy string in the format A,B,C, populate the given array
+          # 1) Split on ','
+          # 2) If 'O' or 'R', add the array, else it's P and needs to be
+          #    converted. P type will either be P# where # is the index
+          #    of the parameter. Drop the P and store the # as an int.
+          #
+          # @param markers [String] the String from the policy to parse
+          # @return [Array] the array generated by converting the marker string
+          def convert_policy_markers markers
+            return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless markers
+            return Contrast::Utils::ObjectShare::EMPTY_ARRAY if markers.empty?
+
+            converted = []
+            markers.split(Contrast::Utils::ObjectShare::COMMA).each do |t|
+              case t
+              when Contrast::Utils::ObjectShare::OBJECT_KEY,
+                   Contrast::Utils::ObjectShare::RETURN_KEY
+
+                converted << t
+              else
+                converted << Integer(t[1..-1])
+              end
+            end
+            converted
+          end
         end
       end
     end