Sha256: 89a8d4a97d283c8755b11915993b7f471743f2adb4c60bacfce74ace129b6706

Contents?: true

Size: 1.38 KB

Versions: 1

Compression:

Stored size: 1.38 KB

Contents

# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

cs__scoped_require 'contrast/utils/object_share'
cs__scoped_require 'contrast/components/interface'
cs__scoped_require 'contrast/extensions/ruby_core/assess/assess_extension'

module Contrast
  module Agent
    module Assess
      module Policy
        # This is how we scan our customer's code. It provides a way to analyze
        # the classes we need to observe to find vulnerabilities in the context
        # of a file vs data flow, such as the detection of Hardcoded Passwords
        # or Keys.
        module PolicyScanner
          include Contrast::Components::Interface
          access_component :analysis

          class << self
            def scan trace_point
              return unless ASSESS.enabled?
              return unless ASSESS.require_scan?

              return unless trace_point.path
              return if trace_point.path.start_with?(Gem.dir)

              mod = trace_point.self
              return if mod.cs__frozen? || mod.singleton_class?

              policy.providers.each_value do |provider|
                provider.analyze mod
              end
            end

            def policy
              Contrast::Agent::Assess::Policy::Policy.instance
            end
          end
        end
      end
    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version Path
contrast-agent-3.11.0 lib/contrast/agent/assess/policy/policy_scanner.rb