Contents

# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/components/interface'
require 'contrast/utils/object_share'

module Contrast
  module Agent
    module Assess
      module Policy
        # This is how we scan our customer's code. It provides a way to analyze
        # the classes we need to observe to find vulnerabilities in the context
        # of a file vs data flow, such as the detection of Hardcoded Passwords
        # or Keys.
        module PolicyScanner
          include Contrast::Components::Interface
          access_component :analysis

          class << self
            def scan trace_point
              return unless ASSESS.enabled?
              return unless ASSESS.require_scan?

              return unless trace_point.path
              return if trace_point.path.start_with?(Gem.dir)

              mod = trace_point.self
              return if mod.cs__frozen? || mod.singleton_class?

              # TODO: RUBY-1013 - get AST here instead of TP, so we only need
              #   to make one per provider, instead of one per rule
              policy.providers.each_value do |provider|
                if RUBY_VERSION >= '2.6.0'
                  provider.parse(trace_point)
                else # TODO: RUBY-1014 - remove alternative
                  provider.analyze(mod)
                end
              end
            end

            def policy
              Contrast::Agent::Assess::Policy::Policy.instance
            end
          end
        end
      end
    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
contrast-agent-3.16.0	lib/contrast/agent/assess/policy/policy_scanner.rb