Sha256: f9d8c7d3b7d23cd3248cc7b03150ff921d1e816962b0211ffcaca82a390415b9
Contents?: true
Size: 1.95 KB
Versions: 2
Compression:
Stored size: 1.95 KB
Contents
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/utils/object_share' module Contrast module Agent module Assess module Policy # This is how we scan our customer's code. It provides a way to analyze # the classes we need to observe to find vulnerabilities in the context # of a file vs data flow, such as the detection of Hardcoded Passwords # or Keys. module PolicyScanner class << self # Use the given trace_point, built from an :end event, to determine # where the loaded code lives and scan that code for policy # violations. # # @param trace_point [TracePoint] the TracePoint generated by an # :end event at the end of a Module definition. def scan trace_point return unless ::Contrast::ASSESS.enabled? return unless ::Contrast::ASSESS.require_scan? provider_values = policy.providers.values return if provider_values.all?(&:disabled?) return unless trace_point.path return if trace_point.path.start_with?(Gem.dir) mod = trace_point.self return if mod.cs__frozen? || mod.singleton_class? # TODO: RUBY-1014 - remove non-AST approach if RUBY_VERSION >= '2.6.0' ast = RubyVM::AbstractSyntaxTree.parse_file(trace_point.path) provider_values.each do |provider| provider.parse(trace_point, ast) end else provider_values.each do |provider| provider.analyze(mod) end end end def policy Contrast::Agent::Assess::Policy::Policy.instance end end end end end end end
Version data entries
2 entries across 2 versions & 1 rubygems
Version | Path |
---|---|
contrast-agent-4.9.1 | lib/contrast/agent/assess/policy/policy_scanner.rb |
contrast-agent-4.9.0 | lib/contrast/agent/assess/policy/policy_scanner.rb |