contrast-agent 3.8.4

data/lib/contrast/api/tcp_socket.rb

@@ -0,0 +1,31 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+cs__scoped_require 'contrast/api/socket'
+
+module Contrast
+  module Api
+    # This class allows us to create a TCP Socket to communicate to the Service
+    # (Speed Racer). Either it or the Unix Socket will be used, as determined
+    # by the configuration options set for Service communication.
+    class TcpSocket
+      include Contrast::Api::Socket
+
+      LOCAL_HOSTS = %w[localhost 127.0.0.1 0.0.0.0 ::1].cs__freeze
+
+      attr_reader :host, :port
+
+      # Create the socket
+      # @param host [String] socket target hostname or IP address
+      # @param port [String,Integer] socket target port
+      def initialize host, port
+        @host = host.to_s
+        @port = port.to_i
+      end
+
+      def new_socket
+        ::TCPSocket.new(host, port)
+      end
+    end
+  end
+end

data/lib/contrast/api/unix_socket.rb

@@ -0,0 +1,25 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+cs__scoped_require 'contrast/api/socket'
+
+module Contrast
+  module Api
+    # Implements a UNIX domain socket to connect to the Contrast Service.
+    class UnixSocket
+      include Contrast::Api::Socket
+
+      attr_reader :path
+
+      # Create the socket
+      # @param path [String] file path to a UNIX domain socket
+      def initialize path
+        @path = path
+      end
+
+      def new_socket
+        ::UNIXSocket.new(path)
+      end
+    end
+  end
+end

data/lib/contrast/common_agent_configuration.rb

@@ -0,0 +1,86 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+# rubocop:disable Style/MethodMissingSuper, Style/MissingRespondToMissing
+module Contrast
+  # A wrapper build around the Common Agent Configuration project to allow for
+  # access of the values contained in its parent_configuration_spec.yaml
+  class CommonAgentConfiguration
+    # The CAC spec, deserialized to a hash.
+
+    SPEC       = 'spec'
+    NODES      = 'nodes'
+    PROPERTIES = 'properties'
+
+    def initialize hsh
+      @hsh = hsh[SPEC]
+    end
+
+    # Used to indicate those sections of the configuration which have
+    # references to other nodes or properties, allowing for the parsing of and
+    # access to the nested configuration structure.
+    module IsANode
+      def children
+        hsh[NODES]&.map { |raw_node| Node.new(raw_node) } || []
+      end
+
+      def properties
+        hsh[PROPERTIES].map { |raw_property| Property.new(raw_property) }
+      end
+
+      def lookup *path
+        # Path will be N args, representing a path of nodes.
+        path.reduce(self) do |node, next_arg|
+          # If we can travel to a node by that name, do that.
+          candidate_node = node.children.find { |n| n.name == next_arg }
+          next candidate_node if candidate_node
+
+          # If there's a property, dereference that.
+          candidate_property = node.properties.find { |n| n.name == next_arg }
+          next candidate_property if candidate_property
+
+          raise IndexError, "couldn't traverse path:\t#{ path.join(Contrast::Utils::ObjectShare::PERIOD) }"
+        end
+      end
+
+      def method_missing method, *args, &block
+        if args.any?
+          lookup(method.to_s).public_send(args, block)
+        else
+          lookup(method.to_s)
+        end
+      rescue IndexError
+        super(method, args, block)
+      end
+    end
+
+    # Used to indicate those sections of the configuration which are for a
+    # single property, allowing for the parsing of and access to the
+    # information describing the property.
+    module IsAProperty
+      attr_reader :hsh
+
+      def initialize hsh
+        @hsh = hsh
+      end
+
+      %w[name default description required_languages display].each do |field|
+        define_method(field) { hsh[field].dup }
+      end
+    end
+
+    include IsANode
+    include IsAProperty
+
+    # A Property in the Common Agent Configuration
+    class Property
+      include IsAProperty
+    end
+
+    # A Node in the Common Agent Configuration
+    class Node < Property
+      include IsANode
+    end
+  end
+end
+# rubocop:enable Style/MethodMissingSuper, Style/MissingRespondToMissing

data/lib/contrast/components/agent.rb

@@ -0,0 +1,85 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Components
+    module Agent
+      # A wrapper build around the Common Agent Configuration project to allow
+      # for access of the values contained in its
+      # parent_configuration_spec.yaml.
+      # Specifically, this allows for querying the state of the Agent.
+      class Interface
+        include Contrast::Components::ComponentBase
+        include Contrast::Components::Interface
+
+        access_component :config
+
+        def enabled?
+          !!@enabled
+        end
+
+        def disabled?
+          !enabled?
+        end
+
+        def enable!
+          @enabled = true
+        end
+
+        def disable!
+          @enabled = false
+        end
+
+        def unavailable?
+          !enabled?
+        end
+
+        def ready?
+          state.agent_ready?
+        end
+
+        def patch_interpolation?
+          interpolation_patch_possible?
+        end
+
+        def rewrite_interpolation?
+          !interpolation_patch_possible?
+        end
+
+        def interpolation_enabled?
+          !Contrast::Utils::BooleanUtil.false?(CONFIG.root.agent.ruby.interpolate)
+        end
+
+        def report_custom_code_sysfile_access?
+          Contrast::Agent::FeatureState.instance.report_custom_code_sysfile_access?
+        end
+
+        # TODO: RUBY-564 Move instrumentation to a new component that handles
+        # one-time agent initialization procedures.
+        SHARED_LIBRARIES = %w[contrast/core_extensions/thread
+                              contrast/rails_extensions/rack
+                              contrast/rails_extensions/buffer
+                              contrast/sinatra_extensions/assess/cookie].cs__freeze
+        def run_instrumentation
+          Contrast::Agent::FeatureState.instance.tap do |settings|
+            SHARED_LIBRARIES.each { |lib| settings.instrument lib }
+          end
+          Contrast::Agent::Patching::Policy::Patcher.patch # This acts as a catch up for everything we didn't see get loaded
+          enable_tracepoint # This handles all class loads & required instrumentation going forward
+        end
+
+        def enable_tracepoint
+          Contrast::Agent::TracePointHook.enable!
+        end
+
+        protected
+
+        def interpolation_patch_possible?
+          Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.6.0')
+        end
+      end
+
+      COMPONENT_INTERFACE = Interface.new
+    end
+  end
+end

data/lib/contrast/components/app_context.rb

@@ -0,0 +1,188 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+cs__scoped_require 'contrast/core_extensions/object'
+cs__scoped_require 'contrast/utils/sinatra_helper'
+
+module Contrast
+  module Components
+    module AppContext
+      # A wrapper build around the Common Agent Configuration project to allow
+      # for access of the values contained in its
+      # parent_configuration_spec.yaml.
+      # Specifically, this allows for querying the state of the Application,
+      # including the Client, Process, and Server information.
+      class Interface
+        include Contrast::Components::ComponentBase
+        include Contrast::Components::Interface
+
+        access_component :config
+
+        DEFAULT_APP_NAME    = 'rails'
+        DEFAULT_APP_PATH    = '/'
+        DEFAULT_SERVER_NAME = 'localhost'
+        DEFAULT_SERVER_PATH = '/'
+
+        RAILS_TYPE   = 'rails'
+        SINATRA_TYPE = 'sinatra'
+        RACK_TYPE    = 'rack'
+
+        RAILS_MODULE_NAME_VERSION = Gem::Version.new('6.0.0')
+
+        def present? str
+          Contrast::Utils::EnvironmentUtil.present?(str)
+        end
+
+        def server_type
+          @_server_type ||= begin
+                              tmp = CONFIG.root.server.type
+                              tmp = framework_server_name unless present?(tmp)
+                              tmp
+                            rescue StandardError
+                              RACK_TYPE
+                            end
+        end
+
+        def framework_server_name
+          @_framework_server_name ||= begin
+                                        if defined?(Rails)
+                                          RAILS_TYPE
+                                        elsif defined?(Sinatra)
+                                          SINATRA_TYPE
+                                        else
+                                          RACK_TYPE
+                                        end
+                                      end
+        end
+
+        def name
+          @_name ||= begin
+                       tmp = CONFIG.root.application.name
+                       tmp = framework_app_name unless present?(tmp)
+                       tmp = File.basename(Dir.pwd) unless present?(tmp)
+                       Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_NAME)
+                     rescue StandardError
+                       DEFAULT_APP_NAME
+                     end
+        end
+
+        def framework_app_name
+          @_framework_app_name ||= begin
+                                     name = find_rails_app_name
+                                     name ||= find_sinatra_app_name
+                                     name
+                                   end
+        end
+
+        def path
+          @_path ||= begin
+                       tmp = CONFIG.root.application.path
+                       Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_PATH)
+                     rescue StandardError
+                       DEFAULT_APP_PATH
+                     end
+        end
+
+        def server_name
+          @_server_name ||= begin
+                              tmp = CONFIG.root.server.name
+                              tmp = Socket.gethostname unless present?(tmp)
+                              tmp = Contrast::Utils::StringUtils.force_utf8(tmp)
+                              Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_NAME)
+                            rescue StandardError
+                              DEFAULT_SERVER_NAME
+                            end
+        end
+
+        def server_path
+          @_server_path ||= begin
+                              tmp = CONFIG.root.server.path
+                              tmp = Dir.pwd unless present?(tmp)
+                              Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_PATH)
+                            rescue StandardError
+                              DEFAULT_SERVER_PATH
+                            end
+        end
+
+        def build_app_startup_message
+          msg = Contrast::Api::Dtm::ApplicationCreate.new
+
+          app_ver = if CONFIG.root.application.version.to_s.empty?
+                      Contrast::Utils::EnvironmentUtil.determine_application_version
+                    else
+                      CONFIG.root.application.version
+                    end
+
+          msg.group            = protobuf_format CONFIG.root.application.group
+          msg.tags             = protobuf_format CONFIG.root.application.tags
+          msg.app_version      = protobuf_format app_ver
+          msg.code             = protobuf_format CONFIG.root.application.code
+          msg.metadata         = protobuf_format CONFIG.root.application.metadata
+          # Other fields have limits in TeamServer, the rest don't.
+          msg.session_id       = protobuf_format CONFIG.root.application.session_id,        truncate: false
+          msg.session_metadata = protobuf_format CONFIG.root.application.session_metadata,  truncate: false
+
+          msg
+        end
+
+        LOG_BUILD_STARTUP = 'build startup message'
+        def build_agent_startup_message
+          msg = Contrast::Api::Dtm::AgentStartup.new
+          msg.server_name    = protobuf_format server_name
+          msg.server_path    = protobuf_format server_path
+          msg.server_type    = protobuf_format server_type
+          msg.server_version = Contrast::Agent::VERSION
+          msg.version        = protobuf_format CONFIG.root.server.version
+          msg.environment    = protobuf_format CONFIG.root.server.environment
+          msg.tags           = protobuf_format CONFIG.root.server.tags
+          msg
+        end
+
+        def pid
+          Process.pid
+        end
+
+        def ppid
+          Process.ppid
+        end
+
+        def pgid
+          Process.getpgid(pid)
+        end
+
+        def client_id
+          @_client_id ||= [name, pgid].join('-')
+        end
+
+        private
+
+        def find_sinatra_app_name
+          sinatra_app = Contrast::Utils::SinatraHelper.app_class
+          return unless sinatra_app
+
+          sinatra_app.cs__class.cs__name
+        end
+
+        def find_rails_app_name
+          return nil unless defined?(Rails)
+
+          # Rails version 6.0.0 deprecated Rails::Application#parent_name, in Rails 6.1.0 that method will be removed entirely
+          # and instead we need to use parent_module_name
+          return Rails.application.cs__class.parent_module_name if Gem::Version.new(Rails.version) >= RAILS_MODULE_NAME_VERSION
+
+          Rails.application.cs__class.parent_name
+        end
+
+        # TODO: RUBY-120, move this responsibility toward the protobuf object
+        def protobuf_format param, truncate: true
+          param = param&.to_s
+          param = Contrast::Utils::StringUtils.force_utf8(param)
+          param = Contrast::Utils::StringUtils.truncate(param) if truncate
+          param
+        end
+      end
+
+      COMPONENT_INTERFACE = Interface.new
+    end
+  end
+end

data/lib/contrast/components/assess.rb

@@ -0,0 +1,67 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Components
+    module Assess
+      # A wrapper build around the Common Agent Configuration project to allow
+      # for access of the values contained in its
+      # parent_configuration_spec.yaml.
+      # Specifically, this allows for querying the state of the Assess product.
+      class Interface
+        include Contrast::Components::ComponentBase
+        include Contrast::Components::Interface
+
+        access_component :settings
+
+        def enabled?
+          return false unless defined?(Contrast::Agent::FeatureState)
+
+          state.assess_enabled?
+        end
+
+        def tainted_columns
+          SETTINGS.tainted_columns
+        end
+
+        def forcibly_disabled?
+          state.assess_forcibly_disabled?
+        end
+
+        def rule_disabled? name
+          state.assess_rule_disabled? name
+        end
+
+        def disabled_rules
+          state.assess_disabled_rules
+        end
+
+        def scan_response?
+          state.scan_response?
+        end
+
+        def track_frozen_sources?
+          state.assess_track_frozen_sources?
+        end
+
+        def require_scan?
+          state.require_scanning_enabled?
+        end
+
+        def tags
+          state.assess_tags
+        end
+
+        def rules
+          SETTINGS.assess_rules
+        end
+
+        def rule name
+          SETTINGS.assess_rules[name]
+        end
+      end
+
+      COMPONENT_INTERFACE = Interface.new
+    end
+  end
+end