Sha256: ef323f1401f80b9b8dbc9a77de75b23b39518c68080d3bd2f3bdcaa33e92703c

Contents?: true

Size: 1.67 KB

Versions: 18

Compression:

Stored size: 1.67 KB

Contents

# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

require 'contrast/utils/object_share'

module Contrast
  module Agent
    module Assess
      module Policy
        # This is how we scan our customer's code. It provides a way to analyze
        # the classes we need to observe to find vulnerabilities in the context
        # of a file vs data flow, such as the detection of Hardcoded Passwords
        # or Keys.
        module PolicyScanner
          class << self
            # Use the given trace_point, built from an :end event, to determine
            # where the loaded code lives and scan that code for policy
            # violations.
            #
            # @param trace_point [TracePoint] the TracePoint generated by an
            #   :end event at the end of a Module definition.
            def scan trace_point
              return unless ::Contrast::ASSESS.enabled?
              return unless ::Contrast::ASSESS.require_scan?

              provider_values = policy.providers.values
              return if provider_values.all?(&:disabled?)

              return unless trace_point.path
              return if trace_point.path.start_with?(Gem.dir)

              mod = trace_point.self
              return if mod.cs__frozen? || mod.singleton_class?

              ast = RubyVM::AbstractSyntaxTree.parse_file(trace_point.path)
              provider_values.each { |provider| provider.parse(trace_point, ast) }
            end

            def policy
              Contrast::Agent::Assess::Policy::Policy.instance
            end
          end
        end
      end
    end
  end
end

Version data entries

18 entries across 18 versions & 1 rubygems

Version Path
contrast-agent-7.6.1 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-7.6.0 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-7.5.0 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-7.4.1 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-7.4.0 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-7.3.2 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-7.3.1 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-7.3.0 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-7.2.0 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-7.1.0 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-7.0.0 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-6.15.3 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-6.15.2 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-6.15.1 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-6.15.0 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-6.14.0 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-6.13.0 lib/contrast/agent/assess/policy/policy_scanner.rb
contrast-agent-6.12.0 lib/contrast/agent/assess/policy/policy_scanner.rb