RubyGems - contrast-agent - Versions diffs - 3.13.1 → 4.0.0 - Mend

contrast-agent 3.13.1 → 4.0.0

Files changed (251) hide show

checksums.yaml +4 -4
data/exe/contrast_service +1 -7
data/ext/cs__assess_active_record_named/cs__active_record_named.c +8 -7
data/ext/cs__assess_array/cs__assess_array.c +6 -5
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +5 -5
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +2 -1
data/ext/cs__assess_hash/cs__assess_hash.c +18 -17
data/ext/cs__assess_hash/cs__assess_hash.h +2 -1
data/ext/cs__assess_kernel/cs__assess_kernel.c +7 -8
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +18 -16
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +1 -0
data/ext/cs__assess_module/cs__assess_module.c +6 -6
data/ext/cs__assess_regexp/cs__assess_regexp.c +4 -4
data/ext/cs__assess_string/cs__assess_string.c +31 -16
data/ext/cs__assess_string/cs__assess_string.h +6 -1
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +4 -2
data/ext/cs__assess_yield_track/cs__assess_yield_track.c +2 -2
data/ext/cs__common/cs__common.c +48 -39
data/ext/cs__common/cs__common.h +16 -21
data/ext/cs__contrast_patch/cs__contrast_patch.c +27 -25
data/ext/cs__contrast_patch/cs__contrast_patch.h +5 -7
data/ext/cs__protect_kernel/cs__protect_kernel.c +11 -12
data/ext/cs__protect_kernel/cs__protect_kernel.h +2 -2
data/lib/contrast-agent.rb +1 -1
data/lib/contrast.rb +13 -23
data/lib/contrast/agent.rb +39 -47
data/lib/contrast/agent/assess.rb +12 -12
data/lib/contrast/agent/assess/contrast_event.rb +151 -85
data/lib/contrast/agent/assess/events/event_factory.rb +2 -2
data/lib/contrast/agent/assess/events/source_event.rb +3 -3
data/lib/contrast/agent/assess/finalizers/freeze.rb +15 -0
data/lib/contrast/agent/assess/finalizers/hash.rb +97 -0
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +11 -4
data/lib/contrast/agent/assess/policy/patcher.rb +6 -6
data/lib/contrast/agent/assess/policy/policy.rb +9 -11
data/lib/contrast/agent/assess/policy/policy_node.rb +17 -12
data/lib/contrast/agent/assess/policy/policy_scanner.rb +21 -5
data/lib/contrast/agent/assess/policy/preshift.rb +13 -7
data/lib/contrast/agent/assess/policy/propagation_method.rb +64 -44
data/lib/contrast/agent/assess/policy/propagation_node.rb +2 -2
data/lib/contrast/agent/assess/policy/propagator.rb +18 -18
data/lib/contrast/agent/assess/policy/propagator/append.rb +8 -5
data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/center.rb +9 -5
data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +6 -4
data/lib/contrast/agent/assess/policy/propagator/insert.rb +7 -4
data/lib/contrast/agent/assess/policy/propagator/keep.rb +4 -1
data/lib/contrast/agent/assess/policy/propagator/match_data.rb +7 -9
data/lib/contrast/agent/assess/policy/propagator/next.rb +7 -5
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +13 -5
data/lib/contrast/agent/assess/policy/propagator/remove.rb +8 -4
data/lib/contrast/agent/assess/policy/propagator/replace.rb +5 -2
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +7 -5
data/lib/contrast/agent/assess/policy/propagator/select.rb +13 -7
data/lib/contrast/agent/assess/policy/propagator/splat.rb +10 -9
data/lib/contrast/agent/assess/policy/propagator/split.rb +27 -22
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +52 -35
data/lib/contrast/agent/assess/policy/propagator/trim.rb +11 -5
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +5 -5
data/lib/contrast/agent/assess/policy/source_method.rb +90 -72
data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +1 -1
data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +1 -1
data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +16 -12
data/lib/contrast/agent/assess/policy/trigger/xpath.rb +2 -2
data/lib/contrast/agent/assess/policy/trigger_method.rb +81 -33
data/lib/contrast/agent/assess/policy/trigger_node.rb +41 -46
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +2 -1
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +2 -2
data/lib/contrast/agent/assess/properties.rb +15 -5
data/lib/contrast/agent/assess/property/evented.rb +7 -20
data/lib/contrast/agent/assess/property/tagged.rb +13 -7
data/lib/contrast/agent/assess/property/updated.rb +131 -0
data/lib/contrast/agent/assess/rule.rb +2 -2
data/lib/contrast/agent/assess/rule/base.rb +3 -4
data/lib/contrast/agent/assess/rule/provider.rb +3 -3
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +58 -5
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +24 -9
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +85 -16
data/lib/contrast/agent/assess/tag.rb +1 -1
data/lib/contrast/agent/assess/tracker.rb +66 -0
data/lib/contrast/agent/at_exit_hook.rb +6 -6
data/lib/contrast/agent/class_reopener.rb +14 -11
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +1 -1
data/lib/contrast/agent/deadzone/policy/policy.rb +2 -2
data/lib/contrast/agent/disable_reaction.rb +1 -1
data/lib/contrast/agent/exclusion_matcher.rb +1 -1
data/lib/contrast/agent/inventory.rb +15 -0
data/lib/contrast/agent/inventory/dependencies.rb +50 -0
data/lib/contrast/agent/inventory/dependency_analysis.rb +37 -0
data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +104 -0
data/lib/contrast/agent/inventory/gemfile_digest_cache.rb +38 -0
data/lib/contrast/agent/inventory/policy/datastores.rb +2 -2
data/lib/contrast/agent/inventory/policy/policy.rb +3 -3
data/lib/contrast/agent/inventory/policy/trigger_node.rb +1 -1
data/lib/contrast/agent/middleware.rb +33 -34
data/lib/contrast/agent/patching/policy/after_load_patch.rb +9 -9
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +23 -22
data/lib/contrast/agent/patching/policy/module_policy.rb +11 -11
data/lib/contrast/agent/patching/policy/patch.rb +15 -15
data/lib/contrast/agent/patching/policy/patcher.rb +43 -44
data/lib/contrast/agent/patching/policy/policy.rb +23 -12
data/lib/contrast/agent/patching/policy/policy_node.rb +1 -1
data/lib/contrast/agent/patching/policy/trigger_node.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +6 -8
data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +7 -6
data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +4 -4
data/lib/contrast/agent/protect/policy/policy.rb +8 -8
data/lib/contrast/agent/protect/policy/rule_applicator.rb +1 -1
data/lib/contrast/agent/protect/policy/trigger_node.rb +1 -1
data/lib/contrast/agent/protect/rule.rb +18 -18
data/lib/contrast/agent/protect/rule/base.rb +4 -3
data/lib/contrast/agent/protect/rule/base_service.rb +1 -1
data/lib/contrast/agent/protect/rule/cmd_injection.rb +5 -5
data/lib/contrast/agent/protect/rule/deserialization.rb +1 -1
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +1 -1
data/lib/contrast/agent/protect/rule/no_sqli.rb +1 -1
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +1 -0
data/lib/contrast/agent/protect/rule/path_traversal.rb +4 -5
data/lib/contrast/agent/protect/rule/sqli.rb +2 -2
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +1 -1
data/lib/contrast/agent/protect/rule/xss.rb +1 -1
data/lib/contrast/agent/protect/rule/xxe.rb +3 -5
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +2 -2
data/lib/contrast/agent/railtie.rb +1 -1
data/lib/contrast/agent/reaction_processor.rb +2 -2
data/lib/contrast/agent/request.rb +45 -43
data/lib/contrast/agent/request_context.rb +10 -6
data/lib/contrast/agent/request_handler.rb +1 -1
data/lib/contrast/agent/response.rb +23 -12
data/lib/contrast/agent/rewriter.rb +6 -9
data/lib/contrast/agent/service_heartbeat.rb +2 -2
data/lib/contrast/agent/static_analysis.rb +9 -9
data/lib/contrast/agent/thread.rb +1 -1
data/lib/contrast/agent/thread_watcher.rb +2 -2
data/lib/contrast/agent/tracepoint_hook.rb +2 -2
data/lib/contrast/agent/version.rb +1 -1
data/lib/contrast/api.rb +4 -4
data/lib/contrast/api/communication.rb +9 -9
data/lib/contrast/api/communication/messaging_queue.rb +3 -6
data/lib/contrast/api/communication/response_processor.rb +1 -1
data/lib/contrast/api/communication/socket_client.rb +41 -6
data/lib/contrast/api/communication/speedracer.rb +1 -1
data/lib/contrast/api/communication/tcp_socket.rb +1 -1
data/lib/contrast/api/communication/unix_socket.rb +1 -1
data/lib/contrast/api/decorators.rb +17 -14
data/lib/contrast/api/decorators/address.rb +20 -20
data/lib/contrast/api/decorators/application_settings.rb +3 -2
data/lib/contrast/api/decorators/application_update.rb +7 -8
data/lib/contrast/api/decorators/http_request.rb +13 -12
data/lib/contrast/api/decorators/input_analysis.rb +3 -2
data/lib/contrast/api/decorators/library.rb +53 -0
data/lib/contrast/api/decorators/library_usage_update.rb +30 -0
data/lib/contrast/api/decorators/message.rb +4 -2
data/lib/contrast/api/decorators/rasp_rule_sample.rb +2 -1
data/lib/contrast/api/decorators/route_coverage.rb +3 -2
data/lib/contrast/api/decorators/server_features.rb +3 -2
data/lib/contrast/api/decorators/trace_event.rb +28 -25
data/lib/contrast/api/decorators/trace_event_object.rb +6 -5
data/lib/contrast/api/decorators/trace_event_signature.rb +5 -4
data/lib/contrast/api/decorators/trace_taint_range.rb +4 -3
data/lib/contrast/api/decorators/user_input.rb +4 -4
data/lib/contrast/common_agent_configuration.rb +2 -2
data/lib/contrast/components/agent.rb +8 -7
data/lib/contrast/components/app_context.rb +50 -39
data/lib/contrast/components/config.rb +32 -50
data/lib/contrast/components/contrast_service.rb +10 -10
data/lib/contrast/components/interface.rb +39 -17
data/lib/contrast/components/inventory.rb +6 -1
data/lib/contrast/components/logger.rb +1 -1
data/lib/contrast/components/scope.rb +3 -3
data/lib/contrast/components/settings.rb +20 -23
data/lib/contrast/config.rb +18 -18
data/lib/contrast/config/application_configuration.rb +5 -2
data/lib/contrast/config/base_configuration.rb +2 -2
data/lib/contrast/config/inventory_configuration.rb +2 -2
data/lib/contrast/config/protect_rule_configuration.rb +1 -1
data/lib/contrast/config/service_configuration.rb +8 -0
data/lib/contrast/configuration.rb +93 -52
data/lib/contrast/extension/assess.rb +21 -22
data/lib/contrast/extension/assess/array.rb +18 -11
data/lib/contrast/extension/assess/erb.rb +11 -3
data/lib/contrast/extension/assess/eval_trigger.rb +7 -7
data/lib/contrast/extension/assess/exec_trigger.rb +2 -2
data/lib/contrast/extension/assess/fiber.rb +14 -14
data/lib/contrast/extension/assess/hash.rb +7 -6
data/lib/contrast/extension/assess/kernel.rb +34 -28
data/lib/contrast/extension/assess/marshal.rb +67 -0
data/lib/contrast/extension/assess/regexp.rb +10 -9
data/lib/contrast/extension/assess/string.rb +23 -23
data/lib/contrast/extension/inventory.rb +4 -4
data/lib/contrast/extension/kernel.rb +1 -1
data/lib/contrast/extension/module.rb +1 -1
data/lib/contrast/extension/protect.rb +3 -3
data/lib/contrast/extension/protect/kernel.rb +4 -4
data/lib/contrast/extension/protect/psych.rb +2 -2
data/lib/contrast/framework/base_support.rb +1 -1
data/lib/contrast/framework/manager.rb +10 -11
data/lib/contrast/framework/rack/patch/session_cookie.rb +22 -28
data/lib/contrast/framework/rack/patch/support.rb +1 -1
data/lib/contrast/framework/rack/support.rb +2 -2
data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +13 -13
data/lib/contrast/framework/rails/patch/assess_configuration.rb +6 -12
data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +11 -11
data/lib/contrast/framework/rails/patch/support.rb +4 -4
data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +11 -11
data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +12 -12
data/lib/contrast/framework/rails/rewrite/active_record_named.rb +4 -4
data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +12 -12
data/lib/contrast/framework/rails/support.rb +67 -14
data/lib/contrast/framework/sinatra/patch/base.rb +12 -12
data/lib/contrast/framework/sinatra/patch/support.rb +1 -1
data/lib/contrast/framework/sinatra/support.rb +6 -6
data/lib/contrast/funchook/funchook.rb +1 -1
data/lib/contrast/logger/application.rb +13 -5
data/lib/contrast/logger/format.rb +22 -9
data/lib/contrast/logger/log.rb +17 -10
data/lib/contrast/logger/request.rb +30 -0
data/lib/contrast/tasks/config.rb +1 -1
data/lib/contrast/tasks/service.rb +2 -2
data/lib/contrast/utils/assess/sampling_util.rb +2 -2
data/lib/contrast/utils/assess/tracking_util.rb +49 -4
data/lib/contrast/utils/class_util.rb +2 -2
data/lib/contrast/utils/duck_utils.rb +0 -10
data/lib/contrast/utils/env_configuration_item.rb +2 -1
data/lib/contrast/utils/hash_digest.rb +2 -1
data/lib/contrast/utils/heap_dump_util.rb +2 -2
data/lib/contrast/utils/invalid_configuration_util.rb +21 -22
data/lib/contrast/utils/inventory_util.rb +3 -10
data/lib/contrast/utils/io_util.rb +1 -1
data/lib/contrast/utils/os.rb +1 -1
data/lib/contrast/utils/ruby_ast_rewriter.rb +1 -1
data/lib/contrast/utils/sha256_builder.rb +2 -14
data/lib/contrast/utils/stack_trace_utils.rb +2 -2
data/lib/contrast/utils/string_utils.rb +11 -6
data/resources/assess/policy.json +31 -22
data/resources/deadzone/policy.json +5 -0
data/ruby-agent.gemspec +21 -19
data/service_executables/VERSION +1 -1
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +73 -30
data/lib/contrast/agent/assess/insulator.rb +0 -49
data/lib/contrast/agent/require_state.rb +0 -61
data/lib/contrast/extension/assess/assess_extension.rb +0 -147
data/lib/contrast/utils/boolean_util.rb +0 -30
data/lib/contrast/utils/freeze_util.rb +0 -32
data/lib/contrast/utils/gemfile_reader.rb +0 -193

data/lib/contrast/components/config.rb CHANGED

@@ -1,10 +1,8 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/utils/boolean_util'
-cs__scoped_require 'contrast/utils/env_configuration_item'
-cs__scoped_require 'contrast/utils/object_share'
-cs__scoped_require 'contrast/configuration'
+require 'contrast/utils/env_configuration_item'
+require 'contrast/configuration'
 module Contrast
   module Components
@@ -34,47 +32,14 @@ module Contrast
         def build log: true
           @_valid = nil
           @config = Contrast::Configuration.new
-          defaults
-          overrides
+          env_overrides
           validate(log: log)
         end
         alias_method :rebuild, :build
-        # Prefer abstraction, but use #raw if you need.
-        # grep 'CONFIG.raw' for opportunities to refactor.
-        def raw
-          @config
-        end
+        # @return [Contrast::Config::RootConfiguration]
         def root
-          raw.root
-        end
-        def enabled?
-          @_enabled = !Contrast::Utils::BooleanUtil.false?(raw.enable) if @_enabled.nil?
-          @_enabled
-        end
-        def disabled?
-          !enabled?
-        end
-        def protect?
-          @_protect = Contrast::Utils::BooleanUtil.true?(raw.protect.enable) if @_protect.nil?
-          @_protect
-        end
-        def assess?
-          @_assess = Contrast::Utils::BooleanUtil.true?(raw.assess.enable) if @_assess.nil?
-          @_assess
-        end
-        def session_id
-          @_session_id ||= raw.application.session_id || Contrast::Utils::ObjectShare::EMPTY_STRING
-        end
-        def session_metadata
-          @_session_metadata ||= raw.application.session_metadata || Contrast::Utils::ObjectShare::EMPTY_STRING
+          @config.root
         end
         def valid?
@@ -85,6 +50,10 @@ module Contrast
           !valid?
         end
+        def loggable
+          @config.loggable
+        end
         private
         SESSION_VARIABLES = "Invalid configuration. Setting both application.session_id and application.session_metadata is not allowed.\n"
@@ -105,15 +74,6 @@ module Contrast
           true
         end
-        def defaults
-          raw.agent.service.host ||= Contrast::Configuration::DEFAULT_HOST
-          raw.agent.service.port ||= Contrast::Configuration::DEFAULT_PORT
-        end
-        def overrides
-          env_overrides
-        end
         def env_overrides
           # For env variables resembling CONTRAST__WHATEVER__NESTED_VALUE
           # override raw.whatever.nested_value
@@ -121,9 +81,31 @@ module Contrast
             next unless env_key.to_s.start_with?(CONTRAST_ENV_MARKER)
             config_item = Contrast::Utils::EnvConfigurationItem.new(env_key, env_value)
-            raw.assign_value_to_path_array(config_item.dot_path_array, config_item.value)
+            @config.assign_value_to_path_array(config_item.dot_path_array, config_item.value)
           end
         end
+        # Typically, this would be accessed through
+        # Contrast::Components::AppContext, but we're too early in the
+        # initialization of the Agent to use that mechanism, so we look it up
+        # directly for ourselves
+        #
+        # @return [String,nil] the value of the session id set in the
+        #   configuration, or nil if unset
+        def session_id
+          @config.application.session_id
+        end
+        # Typically, this would be accessed through
+        # Contrast::Components::AppContext, but we're too early in the
+        # initialization of the Agent to use that mechanism, so we look it up
+        # directly for ourselves
+        #
+        # @return [String,nil] the value of the session metadata set in the
+        #   configuration, or nil if unset
+        def session_metadata
+          @config.application.session_metadata
+        end
       end
       COMPONENT_INTERFACE = Interface.new

data/lib/contrast/components/contrast_service.rb CHANGED

@@ -1,7 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'monitor'
+require 'monitor'
 module Contrast
   module Components
@@ -26,21 +26,21 @@ module Contrast
           # Validates the config to decide if it's suitable for starting
           # the bundled service
           @_use_bundled_service ||= begin
-                                      # Requirement says "must be true" but that
-                                      # should be "must not be false" -- oops.
-                                      !false?(CONFIG.root.agent.start_bundled_service) &&
-                                          # Either a valid host or a valid socket
-                                          # Path validity is the service's problem
-                                          (LOCALHOST.match?(host) || !!socket_path)
-                                    end
+            # Requirement says "must be true" but that
+            # should be "must not be false" -- oops.
+            !false?(CONFIG.root.agent.start_bundled_service) &&
+                # Either a valid host or a valid socket
+                # Path validity is the service's problem
+                (LOCALHOST.match?(host) || !!socket_path)
+          end
         end
         def host
-          @_host ||= (CONFIG.root.agent.service.host || Contrast::Configuration::DEFAULT_HOST).to_s
+          @_host ||= (CONFIG.root.agent.service.host || Contrast::Config::ServiceConfiguration::DEFAULT_HOST).to_s
         end
         def port
-          @_port ||= (CONFIG.root.agent.service.port || DEFAULT_PORT).to_i
+          @_port ||= (CONFIG.root.agent.service.port || Contrast::Config::ServiceConfiguration::DEFAULT_PORT).to_i
         end
         def socket_path

data/lib/contrast/components/interface.rb CHANGED

@@ -1,9 +1,9 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'delegate'
-cs__scoped_require 'contrast/extension/module'
-cs__scoped_require 'contrast/utils/boolean_util'
+require 'delegate'
+require 'contrast/extension/module'
+require 'contrast/utils/object_share'
 module Contrast
   # This is the base module for our components classes. It is intended to
@@ -49,12 +49,34 @@ module Contrast
       end
       module Methods # :nodoc:
+        # use this to determine if the configuration value is literally boolean
+        # false or some form of the word `false`, regardless of case. It should
+        # be used for those values which default to `true` as they should only
+        # treat a value explicitly set to `false` as such.
+        #
+        # @param config_param [Boolean,String] the value to check
+        # @return [Boolean] should the value be treated as `false`
         def false? config_param
-          Contrast::Utils::BooleanUtil.false?(config_param)
+          return false if config_param == true
+          return true if config_param == false
+          return false unless config_param.cs__is_a?(String)
+          Contrast::Utils::ObjectShare::FALSE.casecmp?(config_param)
         end
+        # use this to determine if the configuration value is literally boolean
+        # true or some form of the word `true`, regardless of case. It should
+        # be used for those values which default to `false` as they should only
+        # treat a value explicitly set to `true` as such.
+        #
+        # @param config_param [Boolean,String] the value to check
+        # @return [Boolean] should the value be treated as `true`
         def true? config_param
-          Contrast::Utils::BooleanUtil.true?(config_param)
+          return false if config_param == false
+          return true if config_param == true
+          return false unless config_param.cs__is_a?(String)
+          Contrast::Utils::ObjectShare::TRUE.casecmp?(config_param)
         end
       end
     end
@@ -132,40 +154,40 @@ end
 # directed acyclic graph.
 # Scope shouldn't depend on anything.
-cs__scoped_require 'contrast/components/scope'
+require 'contrast/components/scope'
 Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:scope] = [Contrast::Components::Scope]
 # Config depends on Scope.
-cs__scoped_require 'contrast/components/config'
+require 'contrast/components/config'
 Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:config] = [Contrast::Components::Config]
 # Settings should not depend on anything but Config.
-cs__scoped_require 'contrast/components/settings'
+require 'contrast/components/settings'
 Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:settings] = [Contrast::Components::Settings]
-cs__scoped_require 'contrast/components/assess'
-cs__scoped_require 'contrast/components/protect'
-cs__scoped_require 'contrast/components/inventory'
+require 'contrast/components/assess'
+require 'contrast/components/protect'
+require 'contrast/components/inventory'
 Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:analysis] = [Contrast::Components::Protect,
                                                                                    Contrast::Components::Assess,
                                                                                    Contrast::Components::Inventory]
-cs__scoped_require 'contrast/components/logger'
+require 'contrast/components/logger'
 Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:logging] = [Contrast::Components::Logger]
-cs__scoped_require 'contrast/components/agent'
+require 'contrast/components/agent'
 Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:agent] = [Contrast::Components::Agent]
-cs__scoped_require 'contrast/components/contrast_service'
+require 'contrast/components/contrast_service'
 Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:contrast_service] = [Contrast::Components::ContrastService]
-cs__scoped_require 'contrast/components/app_context'
+require 'contrast/components/app_context'
 Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:app_context] = [Contrast::Components::AppContext]
-cs__scoped_require 'contrast/components/heap_dump'
+require 'contrast/components/heap_dump'
 Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:heap_dump] = [Contrast::Components::HeapDump]
-cs__scoped_require 'contrast/components/sampling'
+require 'contrast/components/sampling'
 Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:sampling] = [Contrast::Components::Sampling]
 Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP.cs__freeze

data/lib/contrast/components/inventory.rb CHANGED

@@ -13,12 +13,17 @@ module Contrast
         include Contrast::Components::ComponentBase
         include Contrast::Components::Interface
-        access_component :config
+        access_component :config, :settings
         def enabled?
           @_enabled = !false?(CONFIG.root.inventory.enable) if @_enabled.nil?
           @_enabled
         end
+        def analyze_libraries?
+          @_analyze_libraries = !false?(CONFIG.root.inventory.analyze_libraries) if @_analyze_libraries.nil?
+          @_analyze_libraries
+        end
       end
       COMPONENT_INTERFACE = Interface.new

data/lib/contrast/components/logger.rb CHANGED

@@ -1,7 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/logger/log'
+require 'contrast/logger/log'
 module Contrast
   module Components

data/lib/contrast/components/scope.rb CHANGED

@@ -1,9 +1,9 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'fiber'
-cs__scoped_require 'monitor'
-cs__scoped_require 'contrast/agent/scope'
+require 'fiber'
+require 'monitor'
+require 'contrast/agent/scope'
 # This is the Scope component.
 #

data/lib/contrast/components/settings.rb CHANGED

@@ -55,23 +55,22 @@ module Contrast
         APPLICATION_STATE_ATTRS   = %i[modes_by_id exclusion_matchers disabled_assess_rules].cs__freeze
         # Meta-define an accessor for each state attribute.
-        begin
-          PROTECT_STATE_ATTRS.each do |attr|
-            define_method(attr) do
-              protect_state[attr]
-            end
+        PROTECT_STATE_ATTRS.each do |attr|
+          define_method(attr) do
+            protect_state[attr]
           end
+        end
-          ASSESS_STATE_ATTRS.each do |attr|
-            define_method(attr) do
-              assess_state[attr]
-            end
+        ASSESS_STATE_ATTRS.each do |attr|
+          define_method(attr) do
+            assess_state[attr]
           end
+        end
-          APPLICATION_STATE_ATTRS.each do |attr|
-            define_method(attr) do
-              application_state[attr]
-            end
+        APPLICATION_STATE_ATTRS.each do |attr|
+          define_method(attr) do
+            application_state[attr]
           end
         end
@@ -95,18 +94,16 @@ module Contrast
         def update_from_server_features server_features
           # protect
-          begin
-            @_protect_enabled = nil
-            protect_state[:enabled] = server_features.protect_enabled?
-          end
+          @_protect_enabled = nil
+          protect_state[:enabled] = server_features.protect_enabled?
           # assess
-          begin
-            @_assess_enabled = nil
-            assess_state[:enabled] = server_features.assess_enabled?
-            assess_state[:sampling_settings] = server_features.assess.sampling
-            Contrast::Utils::Assess::SamplingUtil.instance.update
-          end
+          @_assess_enabled = nil
+          assess_state[:enabled] = server_features.assess_enabled?
+          assess_state[:sampling_settings] = server_features.assess.sampling
+          Contrast::Utils::Assess::SamplingUtil.instance.update
         end
         def update_from_application_settings application_settings

data/lib/contrast/config.rb CHANGED

@@ -10,24 +10,24 @@ module Contrast
   end
 end
-cs__scoped_require 'contrast/config/base_configuration'
-cs__scoped_require 'contrast/config/default_value'
+require 'contrast/config/base_configuration'
+require 'contrast/config/default_value'
-cs__scoped_require 'contrast/config/logger_configuration'
+require 'contrast/config/logger_configuration'
-cs__scoped_require 'contrast/config/heap_dump_configuration'
-cs__scoped_require 'contrast/config/service_configuration'
-cs__scoped_require 'contrast/config/exception_configuration'
-cs__scoped_require 'contrast/config/assess_rules_configuration'
-cs__scoped_require 'contrast/config/protect_rule_configuration'
-cs__scoped_require 'contrast/config/protect_rules_configuration'
-cs__scoped_require 'contrast/config/sampling_configuration'
+require 'contrast/config/heap_dump_configuration'
+require 'contrast/config/service_configuration'
+require 'contrast/config/exception_configuration'
+require 'contrast/config/assess_rules_configuration'
+require 'contrast/config/protect_rule_configuration'
+require 'contrast/config/protect_rules_configuration'
+require 'contrast/config/sampling_configuration'
-cs__scoped_require 'contrast/config/ruby_configuration'
-cs__scoped_require 'contrast/config/agent_configuration'
-cs__scoped_require 'contrast/config/application_configuration'
-cs__scoped_require 'contrast/config/server_configuration'
-cs__scoped_require 'contrast/config/assess_configuration'
-cs__scoped_require 'contrast/config/inventory_configuration'
-cs__scoped_require 'contrast/config/protect_configuration'
-cs__scoped_require 'contrast/config/root_configuration'
+require 'contrast/config/ruby_configuration'
+require 'contrast/config/agent_configuration'
+require 'contrast/config/application_configuration'
+require 'contrast/config/server_configuration'
+require 'contrast/config/assess_configuration'
+require 'contrast/config/inventory_configuration'
+require 'contrast/config/protect_configuration'
+require 'contrast/config/root_configuration'

data/lib/contrast/config/application_configuration.rb CHANGED

@@ -1,6 +1,9 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+require 'contrast/config/default_value'
+require 'contrast/utils/object_share'
 module Contrast
   module Config
     # Common Configuration settings. Those in this section pertain to the
@@ -15,8 +18,8 @@ module Contrast
           tags: EMPTY_VALUE,
           code: EMPTY_VALUE,
           metadata: EMPTY_VALUE,
-          session_id: EMPTY_VALUE,
-          session_metadata: EMPTY_VALUE
+          session_id: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::EMPTY_STRING),
+          session_metadata: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::EMPTY_STRING)
       }.cs__freeze
       def initialize hsh

data/lib/contrast/config/base_configuration.rb CHANGED

@@ -1,8 +1,8 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'forwardable'
-cs__scoped_require 'contrast/utils/object_share'
+require 'forwardable'
+require 'contrast/utils/object_share'
 module Contrast
   module Config

data/lib/contrast/config/inventory_configuration.rb CHANGED

@@ -7,8 +7,8 @@ module Contrast
     # inventory functionality of the Agent.
     class InventoryConfiguration < BaseConfiguration
       KEYS = {
-          enable: EMPTY_VALUE,
-          record_used_classes: EMPTY_VALUE,
+          enable: Contrast::Config::DefaultValue.new(true),
+          analyze_libraries: Contrast::Config::DefaultValue.new(true),
           tags: EMPTY_VALUE
       }.cs__freeze