# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require_relative './lib/contrast/agent/version' require_relative './lib/contrast/config/yaml_file' lib = File.expand_path('lib', __dir__) $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) # Add the team as authors of the Agent def self.add_authors spec spec.authors = %w[ galen.palmer@contrastsecurity.com harold.mcginnis@contrastsecurity.com donald.propst@contrastsecurity.com alex.macdonald@contrastsecurity.com mark.petersen@contrastsecurity.com joshua.reed@contrastsecurity.com ] end # Add those dependencies required to develop or test the Agent def self.add_dev_dependencies spec add_builders(spec) add_debuggers(spec) add_linters(spec) add_specs(spec) add_custom_dependencies(spec) end # Dependencies used to build the agent during development. def self.add_builders spec spec.add_development_dependency 'bundler' spec.add_development_dependency 'rake', '>= 12.3.3' spec.add_development_dependency 'rake-compiler', '~> 0' end # Dependencies that are required during testing in actual application def self.add_custom_dependencies spec spec.add_development_dependency 'zlib' end # Dependencies used for local debugging during development. def self.add_debuggers spec spec.add_development_dependency 'pry' spec.add_development_dependency 'pry-byebug', '>= 3.9' spec.add_development_dependency 'ruby-debug-ide' end # Dependencies used for framework testing. def self.add_frameworks spec spec.add_development_dependency 'grape', '~> 1.5', '>= 1.5.2' spec.add_development_dependency 'rack-protection', '>= 2' spec.add_development_dependency 'rails', '~> 7' spec.add_development_dependency 'sinatra', '>= 2' end # Dependencies used for linting prior to commit. def self.add_linters spec spec.add_development_dependency 'debride', '1.8.2' spec.add_development_dependency 'fasterer', '0.9.0' spec.add_development_dependency 'flay', '2.12.1' spec.add_development_dependency 'steep', '0.47.0' add_rubocop(spec) end # Dependencies used to run our current RSpec test suite. def self.add_specs spec add_coverage(spec) add_frameworks(spec) add_tested_gems(spec) spec.add_development_dependency 'benchmark-ips' spec.add_development_dependency 'benchmark-memory', '~> 0.1' spec.add_development_dependency 'climate_control' # mock ENV spec.add_development_dependency 'factory_bot' spec.add_development_dependency 'fake_ftp' spec.add_development_dependency 'openssl' spec.add_development_dependency 'parallel_tests', '~> 3.0' spec.add_development_dependency 'rspec', '~> 3.0' spec.add_development_dependency 'rspec-benchmark' spec.add_development_dependency 'rspec_junit_formatter', '0.3.0' spec.add_development_dependency 'rspec-rails', '5.0' spec.add_development_dependency 'tzinfo-data' # Alpine rspec-rails requirement. spec.add_development_dependency 'warning' spec.add_development_dependency 'typhoeus', '~> 1.4' spec.add_development_dependency 'excon', '~> 0.92.3' end def self.add_coverage spec spec.add_development_dependency 'simplecov', '0.21.2' end # Dependencies used to run all of our Rubocop during the linting phase. def self.add_rubocop spec spec.add_development_dependency 'rubocop', '1.37.1' spec.add_development_dependency 'rubocop-performance', '1.15.0' spec.add_development_dependency 'rubocop-rails', '2.17.2' spec.add_development_dependency 'rubocop-rake', '0.6.0' spec.add_development_dependency 'rubocop-rspec', '2.14.2' end # Dependencies not mocked out during RSpec that we test real code of, beyond just frameworks. def self.add_tested_gems spec if RUBY_VERSION < '3.0.0' spec.add_development_dependency 'async', '~> 1.30.3' else spec.add_development_dependency 'async' end spec.add_development_dependency 'execjs' spec.add_development_dependency 'rhino' spec.add_development_dependency 'sqlite3' spec.add_development_dependency 'tilt' spec.add_development_dependency 'xpath' end # Add those dependencies required to run the Agent in customer applications. # # Note: If you add a runtime dependency to the Agent, you'll need to update the # dependencies.csv in this directory to indicate that and create a # corresponding update to the fake gem server data in TeamServer. def self.add_dependencies spec spec.add_dependency 'ougai', '>= 1.8', '< 3.0.0' spec.add_dependency 'rack', '~> 2.0' spec.add_dependency 'contrast-agent-lib', '~> 0.1.0', '>= 0.1.3' spec.add_dependency 'ffi', '~> 1.0' end # Enumerate the files required to build the Agent. def self.add_files spec spec.files = `git ls-files -z`.split("\x0").reject do |f| # Directories used for testing: f.match(%r{^(spec|test)/}) || # Directories used in pipelines f.match(%r{^(\.github|bin|internal_resources|sig|vendor)/}) || # Configuration and other files that don't belong to one directory f.match(/(Dockerfile)/) || f.match(/(.*\.csv)/) || f.match(/(.*\.md)/) || f.match(/(.*\.sh)/) || f.match(/(.*\.xml)/) || f.match(/(.*\.ya?ml)/) end spec.files += Dir['funchook/**/*'] spec.files += Dir['shared_libraries/**/*'] # Clean up compiled funchook files that may have been generated during # testing. Only a concern locally, but better than leaving it to chance. spec.files.delete_if do |file| file.end_with?('ext/libfunchook.dylib', 'ext/libfunchook.so', 'ext/funchook.h', 'shared_libraries/libfunchook.dylib', 'shared_libraries/libfunchook.so', 'shared_libraries/funchook.h', 'funchook/src/libfunchook.dylib', 'funchook/src/libfunchook.so', '.secrets.baseline') end end def self.add_metadata spec spec.metadata['changelog_uri'] = 'https://docs.contrastsecurity.com/en/ruby-agent-release-notes-and-archive.html' spec.metadata['support_uri'] = 'https://support.contrastsecurity.com' spec.metadata['trouble_shooting_uri'] = 'https://support.contrastsecurity.com/hc/en-us/search?utf8=%E2%9C%93&query=Ruby' spec.metadata['wiki_uri'] = 'https://docs.contrastsecurity.com/' end Gem::Specification.new do |spec| spec.name = 'contrast-agent' spec.version = Contrast::Agent::VERSION spec.email = %w[ruby@contrastsecurity.com] spec.summary = 'Contrast Security\'s agent for rack-based applications.' spec.description = 'This gem instantiates a Rack middleware for rack-based ' \ 'web applications in order to provide Interactive Application Security ' \ 'Testing and Protection.' spec.homepage = 'https://www.contrastsecurity.com' spec.license = 'CONTRAST SECURITY (see license file)' spec.required_ruby_version = ['>= 2.7.0', '< 3.3.0'] spec.bindir = 'exe' # Keep cs__common first, it handles funchook.h right now. spec.extensions = Dir['ext/cs__common/extconf.rb', 'ext/**/extconf.rb'] spec.require_paths = ['lib'] unless Contrast::Config::YamlFile.created? spec.post_install_message = 'To generate the required contrast_security.yaml file you can run: '\ 'bundle exec rake contrast:config:create' end add_authors(spec) add_files(spec) add_dev_dependencies(spec) add_dependencies(spec) add_metadata(spec) end