RubyGems - contrast-agent - Versions diffs - 3.11.0 → 3.12.0 - Mend

contrast-agent 3.11.0 → 3.12.0

Files changed (217) hide show

checksums.yaml +4 -4
data/.flayignore +1 -0
data/ext/cs__assess_active_record_named/cs__active_record_named.c +7 -2
data/ext/cs__assess_active_record_named/cs__active_record_named.h +1 -0
data/ext/cs__assess_array/cs__assess_array.c +2 -1
data/ext/cs__assess_array/cs__assess_array.h +1 -0
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +3 -7
data/ext/cs__assess_basic_object/cs__assess_basic_object.h +2 -1
data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -1
data/ext/cs__assess_module/cs__assess_module.c +5 -7
data/ext/cs__assess_module/cs__assess_module.h +3 -0
data/ext/cs__common/cs__common.c +1 -1
data/ext/cs__protect_kernel/cs__protect_kernel.c +4 -2
data/ext/cs__protect_kernel/cs__protect_kernel.h +1 -0
data/funchook/autom4te.cache/output.0 +13 -1
data/funchook/autom4te.cache/requests +49 -48
data/funchook/autom4te.cache/traces.0 +3 -0
data/funchook/config.log +217 -378
data/funchook/config.status +24 -23
data/funchook/configure +13 -1
data/funchook/src/Makefile +7 -7
data/funchook/src/config.h +2 -2
data/funchook/src/decoder.o +0 -0
data/funchook/src/distorm.o +0 -0
data/funchook/src/funchook.o +0 -0
data/funchook/src/funchook_io.o +0 -0
data/funchook/src/funchook_syscall.o +0 -0
data/funchook/src/funchook_unix.o +0 -0
data/funchook/src/funchook_x86.o +0 -0
data/funchook/src/instructions.o +0 -0
data/funchook/src/insts.o +0 -0
data/funchook/src/libfunchook.so +0 -0
data/funchook/src/mnemonics.o +0 -0
data/funchook/src/operands.o +0 -0
data/funchook/src/os_func.o +0 -0
data/funchook/src/os_func_unix.o +0 -0
data/funchook/src/prefix.o +0 -0
data/funchook/src/printf_base.o +0 -0
data/funchook/src/textdefs.o +0 -0
data/funchook/src/wstring.o +0 -0
data/funchook/test/Makefile +2 -2
data/funchook/test/funchook_test +0 -0
data/funchook/test/libfunchook_test.so +0 -0
data/funchook/test/test_main.o +0 -0
data/funchook/test/x86_64_test.o +0 -0
data/lib/contrast.rb +0 -1
data/lib/contrast/agent.rb +19 -22
data/lib/contrast/agent/assess.rb +0 -9
data/lib/contrast/agent/assess/policy/patcher.rb +1 -0
data/lib/contrast/agent/assess/policy/policy_node.rb +1 -1
data/lib/contrast/agent/assess/policy/policy_scanner.rb +1 -1
data/lib/contrast/agent/assess/policy/propagation_method.rb +3 -0
data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +1 -3
data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +90 -0
data/lib/contrast/agent/assess/policy/trigger/xpath.rb +57 -0
data/lib/contrast/agent/assess/policy/trigger_method.rb +3 -7
data/lib/contrast/agent/assess/policy/trigger_node.rb +4 -1
data/lib/contrast/agent/assess/rule/base.rb +0 -15
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +22 -5
data/lib/contrast/agent/assess/rule/redos.rb +0 -1
data/lib/contrast/agent/at_exit_hook.rb +2 -2
data/lib/contrast/agent/class_reopener.rb +9 -4
data/lib/contrast/agent/exclusion_matcher.rb +0 -1
data/lib/contrast/agent/inventory/policy/datastores.rb +54 -0
data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
data/lib/contrast/agent/middleware.rb +38 -34
data/lib/contrast/agent/patching/policy/after_load_patch.rb +11 -2
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +51 -56
data/lib/contrast/agent/patching/policy/patch.rb +2 -1
data/lib/contrast/agent/patching/policy/patcher.rb +10 -12
data/lib/contrast/agent/patching/policy/policy_node.rb +1 -1
data/lib/contrast/agent/patching/policy/trigger_node.rb +1 -1
data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +63 -0
data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +52 -0
data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +68 -0
data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +117 -0
data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +54 -0
data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +129 -0
data/lib/contrast/agent/protect/policy/policy.rb +6 -6
data/lib/contrast/agent/protect/policy/rule_applicator.rb +51 -0
data/lib/contrast/agent/protect/rule.rb +0 -5
data/lib/contrast/agent/protect/rule/base.rb +6 -5
data/lib/contrast/agent/protect/rule/cmd_injection.rb +3 -3
data/lib/contrast/agent/protect/rule/path_traversal.rb +2 -7
data/lib/contrast/agent/protect/rule/sqli.rb +4 -4
data/lib/contrast/agent/railtie.rb +1 -0
data/lib/contrast/agent/request.rb +2 -6
data/lib/contrast/agent/request_context.rb +5 -6
data/lib/contrast/agent/request_handler.rb +2 -2
data/lib/contrast/agent/response.rb +0 -69
data/lib/contrast/agent/service_heartbeat.rb +2 -2
data/lib/contrast/agent/socket_client.rb +8 -8
data/lib/contrast/agent/static_analysis.rb +2 -3
data/lib/contrast/agent/version.rb +1 -1
data/lib/contrast/api/decorators/application_settings.rb +1 -1
data/lib/contrast/api/speedracer.rb +1 -1
data/lib/contrast/components/agent.rb +17 -12
data/lib/contrast/components/app_context.rb +33 -1
data/lib/contrast/components/assess.rb +25 -15
data/lib/contrast/components/contrast_service.rb +23 -67
data/lib/contrast/components/interface.rb +4 -12
data/lib/contrast/components/inventory.rb +5 -1
data/lib/contrast/components/logger.rb +2 -2
data/lib/contrast/components/protect.rb +40 -4
data/lib/contrast/components/scope.rb +2 -52
data/lib/contrast/components/settings.rb +24 -18
data/lib/contrast/config/protect_rules_configuration.rb +0 -1
data/lib/contrast/{extensions/ruby_core → extension}/assess.rb +12 -14
data/lib/contrast/extension/assess/array.rb +77 -0
data/lib/contrast/{extensions/ruby_core → extension}/assess/assess_extension.rb +2 -2
data/lib/contrast/{extensions/ruby_core → extension}/assess/erb.rb +0 -0
data/lib/contrast/extension/assess/eval_trigger.rb +78 -0
data/lib/contrast/{extensions/ruby_core → extension}/assess/exec_trigger.rb +1 -1
data/lib/contrast/{extensions/ruby_core → extension}/assess/fiber.rb +6 -5
data/lib/contrast/{extensions/ruby_core → extension}/assess/hash.rb +2 -2
data/lib/contrast/extension/assess/kernel.rb +110 -0
data/lib/contrast/{extensions/ruby_core → extension}/assess/regexp.rb +4 -4
data/lib/contrast/{extensions/ruby_core → extension}/assess/string.rb +5 -5
data/lib/contrast/{extensions/ruby_core → extension}/delegator.rb +0 -0
data/lib/contrast/{extensions/ruby_core → extension}/inventory.rb +2 -2
data/lib/contrast/extension/kernel.rb +54 -0
data/lib/contrast/{extensions/ruby_core → extension}/module.rb +0 -0
data/lib/contrast/{extensions/ruby_core → extension}/protect.rb +2 -2
data/lib/contrast/extension/protect/kernel.rb +44 -0
data/lib/contrast/{extensions/ruby_core → extension}/protect/psych.rb +1 -1
data/lib/contrast/{extensions/ruby_core → extension}/thread.rb +0 -0
data/lib/contrast/framework/base_support.rb +22 -0
data/lib/contrast/framework/manager.rb +33 -8
data/lib/contrast/framework/rack/patch/session_cookie.rb +126 -0
data/lib/contrast/framework/rack/patch/support.rb +24 -0
data/lib/contrast/framework/rack/support.rb +22 -0
data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +43 -0
data/lib/contrast/framework/rails/patch/assess_configuration.rb +103 -0
data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +31 -0
data/lib/contrast/framework/rails/patch/support.rb +67 -0
data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +34 -0
data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +39 -0
data/lib/contrast/framework/rails/rewrite/active_record_named.rb +73 -0
data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +33 -0
data/lib/contrast/framework/rails/support.rb +115 -0
data/lib/contrast/framework/sinatra/application_helper.rb +51 -0
data/lib/contrast/framework/sinatra/patch/base.rb +83 -0
data/lib/contrast/framework/sinatra/patch/support.rb +27 -0
data/lib/contrast/framework/sinatra/support.rb +109 -0
data/lib/contrast/logger/application.rb +80 -0
data/lib/contrast/{agent/logger.rb → logger/log.rb} +23 -54
data/lib/contrast/logger/time.rb +50 -0
data/lib/contrast/tasks/config.rb +54 -0
data/lib/contrast/tasks/service.rb +1 -5
data/lib/contrast/utils/class_util.rb +1 -1
data/lib/contrast/utils/gemfile_reader.rb +2 -2
data/lib/contrast/utils/hash_digest.rb +2 -7
data/lib/contrast/utils/invalid_configuration_util.rb +3 -3
data/lib/contrast/utils/job_servers_running.rb +4 -2
data/lib/contrast/utils/object_share.rb +0 -1
data/lib/contrast/utils/service_response_util.rb +14 -12
data/lib/contrast/utils/service_sender_util.rb +78 -21
data/resources/assess/policy.json +9 -50
data/resources/inventory/policy.json +2 -2
data/resources/protect/policy.json +6 -6
data/ruby-agent.gemspec +5 -1
data/service_executables/VERSION +1 -1
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +69 -83
data/funchook/src/libfunchook.dylib +0 -0
data/funchook/test/libfunchook_test.so.dSYM/Contents/Info.plist +0 -20
data/funchook/test/libfunchook_test.so.dSYM/Contents/Resources/DWARF/libfunchook_test.so +0 -0
data/lib/contrast/agent/assess/rule/csrf.rb +0 -66
data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +0 -28
data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +0 -53
data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +0 -136
data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +0 -47
data/lib/contrast/agent/assess/rule/response_watcher.rb +0 -36
data/lib/contrast/agent/assess/rule/watcher.rb +0 -36
data/lib/contrast/agent/feature_state.rb +0 -346
data/lib/contrast/agent/protect/rule/csrf.rb +0 -119
data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +0 -100
data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +0 -85
data/lib/contrast/agent/settings_state.rb +0 -88
data/lib/contrast/api/decorators/exclusion.rb +0 -20
data/lib/contrast/extensions/framework/rack/cookie.rb +0 -24
data/lib/contrast/extensions/framework/rack/request.rb +0 -24
data/lib/contrast/extensions/framework/rack/response.rb +0 -23
data/lib/contrast/extensions/framework/rails/action_controller_inheritance.rb +0 -39
data/lib/contrast/extensions/framework/rails/action_controller_railties_helper_inherited.rb +0 -20
data/lib/contrast/extensions/framework/rails/active_record.rb +0 -26
data/lib/contrast/extensions/framework/rails/active_record_named.rb +0 -58
data/lib/contrast/extensions/framework/rails/active_record_time_zone_inherited.rb +0 -21
data/lib/contrast/extensions/framework/rails/buffer.rb +0 -28
data/lib/contrast/extensions/framework/rails/configuration.rb +0 -27
data/lib/contrast/extensions/framework/sinatra/base.rb +0 -59
data/lib/contrast/extensions/ruby_core/assess/array.rb +0 -59
data/lib/contrast/extensions/ruby_core/assess/basic_object.rb +0 -15
data/lib/contrast/extensions/ruby_core/assess/kernel.rb +0 -96
data/lib/contrast/extensions/ruby_core/assess/module.rb +0 -14
data/lib/contrast/extensions/ruby_core/assess/tilt_template_trigger.rb +0 -78
data/lib/contrast/extensions/ruby_core/assess/xpath_library_trigger.rb +0 -40
data/lib/contrast/extensions/ruby_core/eval_trigger.rb +0 -51
data/lib/contrast/extensions/ruby_core/inventory/datastores.rb +0 -37
data/lib/contrast/extensions/ruby_core/protect/applies_command_injection_rule.rb +0 -61
data/lib/contrast/extensions/ruby_core/protect/applies_deserialization_rule.rb +0 -50
data/lib/contrast/extensions/ruby_core/protect/applies_no_sqli_rule.rb +0 -66
data/lib/contrast/extensions/ruby_core/protect/applies_path_traversal_rule.rb +0 -115
data/lib/contrast/extensions/ruby_core/protect/applies_sqli_rule.rb +0 -53
data/lib/contrast/extensions/ruby_core/protect/applies_xxe_rule.rb +0 -127
data/lib/contrast/extensions/ruby_core/protect/kernel.rb +0 -30
data/lib/contrast/extensions/ruby_core/protect/rule_applicator.rb +0 -50
data/lib/contrast/framework/rails_support.rb +0 -104
data/lib/contrast/framework/sinatra_application_helper.rb +0 -49
data/lib/contrast/framework/sinatra_support.rb +0 -104
data/lib/contrast/utils/data_store_util.rb +0 -23
data/lib/contrast/utils/rack_assess_session_cookie.rb +0 -104
data/lib/contrast/utils/rails_assess_configuration.rb +0 -95
data/lib/contrast/utils/random_util.rb +0 -22
data/resources/csrf/inject.js +0 -44

data/lib/contrast/agent/protect/rule/path_traversal.rb CHANGED

@@ -13,7 +13,7 @@ module Contrast
         # Protect rule.
         class PathTraversal < Contrast::Agent::Protect::Rule::BaseService
           include Contrast::Components::Interface
-          access_component :agent
+          access_component :agent, :analysis
           NAME = 'path-traversal'
           SYSTEM_PATHS = %w[
@@ -69,11 +69,6 @@ module Contrast
           private
           # Build a subclass of the RaspRuleSample if the sample matches
-          # TODO: SPEED-? delete me when implemented in Speedracer.
-          #   this implementation duplicates logic that is moving to Speedracer
-          #   the reason it is still here is Speedracer doesn't yet have a method to correlate
-          #   and (update) attack results that are generated because the evaluation results
-          #   from REP, it can only forward the attack results are generated by the agent.
           def build_rep_sample context, path
             sample = build_base_sample(context, nil)
             sample.path_traversal_semantic = Contrast::Api::Dtm::PathTraversalSemanticAnalysisDetails.new
@@ -103,7 +98,7 @@ module Contrast
           end
           def custom_code_access_sysfile_enabled?
-            AGENT.report_custom_code_sysfile_access?
+            PROTECT.report_custom_code_sysfile_access?
           end
           def custom_code_accessing_system_file? input

data/lib/contrast/agent/protect/rule/sqli.rb CHANGED

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 cs__scoped_require 'contrast/agent/protect/rule/base_service'
-cs__scoped_require 'contrast/extensions/ruby_core/protect/applies_sqli_rule'
+cs__scoped_require 'contrast/agent/protect/policy/applies_sqli_rule'
 module Contrast
   module Agent
@@ -84,11 +84,11 @@ module Contrast
           def select_scanner database
             @sql_scanners ||= {
-                Contrast::CoreExtensions::Protect::AppliesSqliRule::DATABASE_MYSQL =>
+                Contrast::Agent::Protect::Policy::AppliesSqliRule::DATABASE_MYSQL =>
                     Contrast::Agent::Protect::Rule::Sqli::MysqlSqlScanner.new,
-                Contrast::CoreExtensions::Protect::AppliesSqliRule::DATABASE_PG =>
+                Contrast::Agent::Protect::Policy::AppliesSqliRule::DATABASE_PG =>
                     Contrast::Agent::Protect::Rule::Sqli::PostgresSqlScanner.new,
-                Contrast::CoreExtensions::Protect::AppliesSqliRule::DATABASE_SQLITE =>
+                Contrast::Agent::Protect::Policy::AppliesSqliRule::DATABASE_SQLITE =>
                     Contrast::Agent::Protect::Rule::Sqli::SqliteSqlScanner.new
             }.cs__freeze

data/lib/contrast/agent/railtie.rb CHANGED

@@ -24,6 +24,7 @@ module Contrast
       rake_tasks do
         load 'contrast/tasks/service.rb'
+        load 'contrast/tasks/config.rb'
       end
     end
   end

data/lib/contrast/agent/request.rb CHANGED

@@ -17,7 +17,7 @@ module Contrast
     # order to avoid repeatedly creating Strings & thrashing GC.
     class Request
       include Contrast::Components::Interface
-      access_component :logging, :scope
+      access_component :agent, :logging, :scope
       extend Forwardable
@@ -159,10 +159,6 @@ module Contrast
         end
       end
-      def header_value key
-        normalized_request_headers[Contrast::Utils::StringUtils.normalized_key(key)]
-      end
       # Return a flattened hash of params with realized paths for keys, in
       # addition to a separate, valueless, entry for each nest key.
       # See RUBY-621 for more details.
@@ -335,7 +331,7 @@ module Contrast
       end
       def omit_body?
-        return true if Contrast::Agent::FeatureState.instance.omit_body?
+        return true if AGENT.omit_body?
         return false if document_type == :XML
         return false if document_type == :JSON

data/lib/contrast/agent/request_context.rb CHANGED

@@ -14,7 +14,7 @@ module Contrast
     # in a standardized and normalized format which the Agent understands.
     class RequestContext
       include Contrast::Components::Interface
-      access_component :analysis, :contrast_service, :logging, :scope
+      access_component :agent, :analysis, :logging, :settings, :scope
       EMPTY_INPUT_ANALYSIS_PB = Contrast::Api::Settings::InputAnalysis.new
@@ -90,10 +90,8 @@ module Contrast
         # For TS routes
         @observed_route.signature  = route.route
         @observed_route.verb       = route.verb
-        @observed_route.session_id = Contrast::Agent::FeatureState.instance.current_session_id
-        # TODO: SPEED-273: deprecate when SR handles this. ContrastUI API currently does not allow empty url, so we have to provide a default
-        @observed_route.url        = route.url.empty? ? Contrast::Utils::ObjectShare::SLASH : route.url
+        @observed_route.session_id = SETTINGS.session_id
+        @observed_route.url        = route.url if route.url
       end
       # Collect the results for the given rule with the given action
@@ -111,10 +109,11 @@ module Contrast
       end
       def service_extract_request
+        return false unless AGENT.enabled?
         return false unless PROTECT.enabled?
         return false if @do_not_track
-        service_response = CONTRAST_SERVICE.send_message(@activity.http_request)
+        service_response = Contrast::Utils::ServiceSenderUtil.send_event_immediately(@activity.http_request)
         return false unless service_response
         handle_protect_state(service_response)

data/lib/contrast/agent/request_handler.rb CHANGED

@@ -8,7 +8,7 @@ module Contrast
     # prefilter and postfilter).
     class RequestHandler
       include Contrast::Components::Interface
-      access_component :agent, :contrast_service, :logging, :scope
+      access_component :agent, :logging, :scope
       attr_reader :ruleset, :context
@@ -20,7 +20,7 @@ module Contrast
       def send_activity_messages
         Contrast::Utils::GemfileReader.instance.generate_library_usage(context.activity)
         [context.server_activity, context.activity, context.observed_route].each do |message|
-          CONTRAST_SERVICE.send_message message
+          Contrast::Utils::ServiceSenderUtil.push_to_ready_queue(message)
         end
       end

data/lib/contrast/agent/response.rb CHANGED

@@ -97,26 +97,6 @@ module Contrast
         end
       end
-      def header key
-        return unless rack_response
-        if @is_array
-          normalized_headers[Contrast::Utils::StringUtils.normalized_key(key)]
-        else
-          rack_response.get_header(key)
-        end
-      end
-      def set_header key, value
-        return unless rack_response
-        if @is_array
-          Rack::Utils.set_cookie_header!(rack_response[1], key, value)
-        elsif rack_response.is_a?(Rack::Response)
-          rack_response.set_header(key, value)
-        end
-      end
       # The response body can change during the request lifecycle
       # We should not extract it out as a variable here, or we'll miss those
       # changes.
@@ -127,59 +107,10 @@ module Contrast
         extract_body(body_content)
       end
-      def update_body body_string
-        return unless rack_response
-        successfully_updated_body = true
-        if @is_array
-          if rack_response[2].is_a?(Rack::BodyProxy)
-            successfully_updated_body = update_rack_body_proxy(body_string, true)
-          else
-            rack_response[2] = [body_string]
-          end
-        elsif rack_response.body.is_a?(Rack::BodyProxy)
-          successfully_updated_body = update_rack_body_proxy(body_string)
-        else
-          rack_response.body = body_string
-        end
-        update_content_length(body_string.bytesize) if successfully_updated_body
-      end
-      # Set the length header for this response. This value should be set ot the
-      # bytesize, NOT THE LENGTH, of the response body. Otherwise, we may get
-      # got by the Lint thing.
-      CONTENT_LENGTH_HEADER = 'Content-Length'.cs__freeze
-      def update_content_length length
-        headers[CONTENT_LENGTH_HEADER] = length.to_s
-      end
       private
       HTTP_PREFIX = /^[Hh][Tt][Tt][Pp][_-]/i.cs__freeze
-      def update_rack_body_proxy body_string, is_array = false
-        top_body_proxy = is_array ? rack_response[2] : rack_response
-        parent_body_proxy = top_body_proxy
-        until (next_body = parent_body_proxy.instance_variable_get(:@body)).cs__class != Rack::BodyProxy
-          parent_body_proxy = next_body
-        end
-        if next_body.cs__class.to_s == 'ActionDispatch::Response::RackBody'
-          modified_response = next_body.instance_variable_defined?(:@response) ? next_body.instance_variable_get(:@response) : nil
-          if modified_response
-            modified_response.body = body_string
-            next_body.instance_variable_set(:@response, modified_response)
-          end
-        elsif next_body.is_a?(Array) && next_body[0].cs__class.to_s == 'ActionView::OutputBuffer'
-          new_body = ActionView::OutputBuffer.new(body_string)
-          next_body[0] = new_body
-        else
-          logger.warn('Detected unsupported Rack::BodyProxy internal response class', module: next_body.cs__class)
-          return false
-        end
-        true
-      end
       # Given some holder of the content of the response's body, extract that
       # content and return it as a String
       #

data/lib/contrast/agent/service_heartbeat.rb CHANGED

@@ -9,7 +9,7 @@ module Contrast
     # ensure that it maintains this Agent's ApplicationContext.
     class ServiceHeartbeat
       include Contrast::Components::Interface
-      access_component :contrast_service, :logging
+      access_component :logging
       # Spec recommends 30 seconds, we're going with 15.
       REFRESH_INTERVAL_SEC = 15
@@ -19,7 +19,7 @@ module Contrast
           logger.info('Starting heartbeat thread.')
           loop do
             begin
-              CONTRAST_SERVICE.queue_message(poll_message)
+              Contrast::Utils::ServiceSenderUtil.push_to_ready_queue(poll_message)
             end
             sleep REFRESH_INTERVAL_SEC
           end

data/lib/contrast/agent/socket_client.rb CHANGED

@@ -27,14 +27,6 @@ module Contrast
         @ensure_running = Mutex.new
       end
-      def init_connection
-        if CONTRAST_SERVICE.use_tcp?
-          Contrast::Api::TcpSocket.new(CONTRAST_SERVICE.host, CONTRAST_SERVICE.port)
-        else
-          Contrast::Api::UnixSocket.new(CONTRAST_SERVICE.socket_path)
-        end
-      end
       def service_unavailable?
         speedracer.nil?
       end
@@ -76,6 +68,14 @@ module Contrast
       private
+      def init_connection
+        if CONTRAST_SERVICE.use_tcp?
+          Contrast::Api::TcpSocket.new(CONTRAST_SERVICE.host, CONTRAST_SERVICE.port)
+        else
+          Contrast::Api::UnixSocket.new(CONTRAST_SERVICE.socket_path)
+        end
+      end
       def restart?
         status.was_connected? && status.failed?
       end

data/lib/contrast/agent/static_analysis.rb CHANGED

@@ -11,7 +11,7 @@ module Contrast
     class StaticAnalysis
       include Singleton
       include Contrast::Components::Interface
-      access_component :logging, :analysis, :contrast_service, :scope
+      access_component :logging, :analysis, :scope
       class << self
         # After the first request is complete, we do a one-time manual catchup to review and
         # report the already-loaded gems.
@@ -33,8 +33,7 @@ module Contrast
           app_update_msg = Contrast::Api::Dtm::ApplicationUpdate.build
           Contrast::Utils::InventoryUtil.append_db_config(app_update_msg)
-          CONTRAST_SERVICE.queue_message app_update_msg
+          Contrast::Utils::ServiceSenderUtil.push_to_ready_queue(app_update_msg)
         end
       end
     end

data/lib/contrast/agent/version.rb CHANGED

@@ -3,6 +3,6 @@
 module Contrast
   module Agent
-    VERSION = '3.11.0'
+    VERSION = '3.12.0'
   end
 end

data/lib/contrast/api/decorators/application_settings.rb CHANGED

@@ -26,7 +26,7 @@ module Contrast
               modes_by_id: translated_protection_mode_by_id,
               exclusion_matchers: translated_exclusions,
               disabled_assess_rules: disabled_assess_rules,
-              session_id: session_id
+              session_id: Contrast::Utils::StringUtils.force_utf8(session_id)
           }
         end
       end

data/lib/contrast/api/speedracer.rb CHANGED

@@ -78,7 +78,7 @@ module Contrast
       end
       def determine_startup_options
-        return { out: :out, err: :err } if Contrast::Agent::FeatureState.instance.service_control[:logger_path] == 'STDOUT'
+        return { out: :out, err: :err } if CONTRAST_SERVICE.logger_path == 'STDOUT'
         { out: File::NULL, err: File::NULL }
       end

data/lib/contrast/components/agent.rb CHANGED

@@ -32,18 +32,12 @@ module Contrast
           @enabled = false
         end
-        def ready?
-          state.agent_ready?
+        def ruleset
+          @_ruleset ||= Contrast::Agent::RuleSet.new(retrieve_ruleset&.values)
         end
-        # TODO: RUBY-797 These rules should be cached by a call from ServiceResponseUtil until we
-        # receive a newly updated rules state from TS. (Also update method description)
-        #
-        # Instead of asking specifically for assess or protect rules, we can ask agent to retrieve
-        # the correct ruleset based on enabled modes. Since these can change on a per request basis,
-        # we shouldn't memoize these.
-        def ruleset
-          Contrast::Agent::RuleSet.new(retrieve_ruleset&.values)
+        def reset_ruleset
+          @_ruleset = nil
         end
         def patch_interpolation?
@@ -64,8 +58,17 @@ module Contrast
           @_interpolation_enabled
         end
-        def report_custom_code_sysfile_access?
-          Contrast::Agent::FeatureState.instance.report_custom_code_sysfile_access?
+        def omit_body?
+          @_omit_body = true?(CONFIG.root.agent.omit_body) if @_omit_body.nil?
+          @_omit_body
+        end
+        def exception_control
+          @_exception_control ||= {
+              enable: true?(CONFIG.root.agent.ruby.exceptions.capture),
+              status: CONFIG.root.agent.ruby.exceptions.override_status || 403,
+              message: CONFIG.root.agent.ruby.exceptions.override_message || Contrast::Utils::ObjectShare::OVERRIDE_MESSAGE
+          }
         end
         def skip_instrumentation? loaded_module_name
@@ -93,6 +96,8 @@ module Contrast
         end
         def retrieve_ruleset
+          return {} unless enabled?
           if ASSESS.enabled? && PROTECT.enabled?
             ASSESS.rules.merge(PROTECT.rules)
           elsif ASSESS.enabled?

data/lib/contrast/components/app_context.rb CHANGED

@@ -16,13 +16,23 @@ module Contrast
         include Contrast::Components::ComponentBase
         include Contrast::Components::Interface
-        access_component :config
+        access_component :agent, :config
         DEFAULT_APP_NAME    = 'rails'
         DEFAULT_APP_PATH    = '/'
         DEFAULT_SERVER_NAME = 'localhost'
         DEFAULT_SERVER_PATH = '/'
+        def ready?
+          @_ready ||= AGENT.enabled? &&
+              Contrast::Utils::ServiceSenderUtil.connection_established? &&
+              Contrast::Utils::ServiceResponseUtil.update_received?
+        end
+        def initialize
+          original_pid
+        end
         def server_type
           @_server_type ||= begin
                               tmp = CONFIG.root.server.type
@@ -118,6 +128,28 @@ module Contrast
         def instrument_middleware_stack?
           !Contrast::Utils::JobServersRunning.job_servers_running?
         end
+        def disabled_agent_rake_tasks
+          CONFIG.root.agent.ruby.disabled_agent_rake_tasks
+        end
+        # Determines if the Process we're currently in matches that of the
+        # Process in which the App Context instance was created.
+        # If it doesn't, that indicates the running context is in a new
+        # Process.
+        # @return [Boolean] if we're in the original Process in which the
+        #   App Context instance was initialized.
+        def in_new_process?
+          current_pid = Process.pid
+          original_pid = pid
+          current_pid != original_pid
+        end
+        private
+        def original_pid
+          @_original_pid ||= Process.pid
+        end
       end
       COMPONENT_INTERFACE = Interface.new

data/lib/contrast/components/assess.rb CHANGED

@@ -12,12 +12,14 @@ module Contrast
         include Contrast::Components::ComponentBase
         include Contrast::Components::Interface
-        access_component :settings
+        access_component :config, :settings
         def enabled?
-          return false unless defined?(Contrast::Agent::FeatureState)
+          # config overrides if forcibly set
+          return false if forcibly_disabled?
+          return true  if forcibly_enabled?
-          state.assess_enabled?
+          SETTINGS.assess_enabled?
         end
         def tainted_columns
@@ -25,39 +27,47 @@ module Contrast
         end
         def forcibly_disabled?
-          state.assess_forcibly_disabled?
+          @_forcibly_disabled = false?(CONFIG.root.assess.enable) if @_forcibly_disabled.nil?
+          @_forcibly_disabled
         end
         def rule_disabled? name
-          state.assess_rule_disabled? name
-        end
-        def disabled_rules
-          state.assess_disabled_rules
+          disabled_rules.include?(name)
         end
         def scan_response?
-          state.scan_response?
+          @_scan_response = !false?(CONFIG.root.assess.enable_scan_response) if @_scan_response.nil?
+          @_scan_response
         end
         def track_frozen_sources?
-          state.assess_track_frozen_sources?
+          @_track_frozen_sources = !false?(CONFIG.root.agent.ruby.track_frozen_sources) if @_track_frozen_sources.nil?
+          @_track_frozen_sources
         end
         def require_scan?
-          state.require_scanning_enabled?
+          @_require_scan = !false?(CONFIG.root.agent.ruby.require_scan) if @_require_scan.nil?
+          @_require_scan
         end
         def tags
-          state.assess_tags
+          CONFIG.root.assess&.tags
         end
         def rules
           SETTINGS.assess_rules
         end
-        def rule name
-          SETTINGS.assess_rules[name]
+        private
+        def forcibly_enabled?
+          @_forcibly_enabled = true?(CONFIG.root.assess.enable) if @_forcibly_enabled.nil?
+          @_forcibly_enabled
+        end
+        def disabled_rules
+          # TODO: RUBY-903
+          CONFIG.root.assess&.rules&.disabled_rules || SETTINGS.disabled_assess_rules || []
         end
       end