RubyGems - contrast-agent - Versions diffs - 3.13.2 → 3.14.0 - Mend

contrast-agent 3.13.2 → 3.14.0

Files changed (211) hide show

@@ -1,15 +1,16 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'logger'
-cs__scoped_require 'ougai'
-cs__scoped_require 'singleton'
+require 'logger'
+require 'ougai'
+require 'singleton'
-cs__scoped_require 'contrast/components/interface'
-cs__scoped_require 'contrast/extension/module'
-cs__scoped_require 'contrast/logger/application'
-cs__scoped_require 'contrast/logger/format'
-cs__scoped_require 'contrast/logger/time'
+require 'contrast/components/interface'
+require 'contrast/extension/module'
+require 'contrast/logger/application'
+require 'contrast/logger/format'
+require 'contrast/logger/request'
+require 'contrast/logger/time'
 module Contrast
   module Logger
@@ -98,6 +99,7 @@ module Contrast
       def add_contrast_loggers logger
         logger.extend(Contrast::Logger::Application)
+        logger.extend(Contrast::Logger::Request)
         logger.extend(Contrast::Logger::Time)
       end

data/lib/contrast/logger/request.rb ADDED

@@ -0,0 +1,30 @@
+# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/components/interface'
+require 'contrast/utils/timer'
+module Contrast
+  module Logger
+    # Our decorator for the Ougai logger allowing for the logging of the
+    # request lifecycle, used to provide context during troubleshooting.
+    module Request
+      include Contrast::Components::Interface
+      access_component :config
+      # Utility method to log the start of a request
+      def request_start
+        debug('Beginning request analysis')
+      end
+      # Utility method to log the end of a request, including the time it took
+      # for that request to be processed.
+      def request_end
+        context = Contrast::Agent::REQUEST_TRACKER.current
+        elapsed_time = context ? (Contrast::Utils::Timer.now_ms - context.timer.start_ms) : -1
+        debug('Ending request analysis',
+              elapsed_time_ms: elapsed_time)
+      end
+    end
+  end
+end

data/lib/contrast/tasks/config.rb CHANGED

@@ -1,7 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'yaml'
+require 'yaml'
 module Contrast
   # A Rake task to generate a contrast_security.yaml file with some basic settings

data/lib/contrast/tasks/service.rb CHANGED

@@ -1,8 +1,8 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/components/interface'
-cs__scoped_require 'contrast/utils/os'
+require 'contrast/components/interface'
+require 'contrast/utils/os'
 module Contrast
   # A Rake task designed to allow control of the Contrast Service as a stand

data/lib/contrast/utils/assess/sampling_util.rb CHANGED

@@ -1,8 +1,8 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'singleton'
-cs__scoped_require 'contrast/components/interface'
+require 'singleton'
+require 'contrast/components/interface'
 module Contrast
   module Utils

data/lib/contrast/utils/assess/tracking_util.rb CHANGED

@@ -1,7 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/components/interface'
+require 'contrast/components/interface'
 module Contrast
   module Utils

data/lib/contrast/utils/boolean_util.rb CHANGED

@@ -1,7 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/utils/object_share'
+require 'contrast/utils/object_share'
 module Contrast
   module Utils

data/lib/contrast/utils/class_util.rb CHANGED

@@ -1,8 +1,8 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/extension/module'
-cs__scoped_require 'contrast/utils/object_share'
+require 'contrast/extension/module'
+require 'contrast/utils/object_share'
 module Contrast
   module Utils

data/lib/contrast/utils/freeze_util.rb CHANGED

@@ -1,7 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/utils/duck_utils'
+require 'contrast/utils/duck_utils'
 module Contrast
   module Utils

data/lib/contrast/utils/gemfile_reader.rb CHANGED

@@ -1,11 +1,11 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'set'
-cs__scoped_require 'contrast/utils/sha256_builder'
-cs__scoped_require 'contrast/utils/string_utils'
-cs__scoped_require 'contrast/components/interface'
-cs__scoped_require 'contrast/api'
+require 'set'
+require 'contrast/utils/sha256_builder'
+require 'contrast/utils/string_utils'
+require 'contrast/components/interface'
+require 'contrast/api'
 module Contrast
   module Utils

data/lib/contrast/utils/hash_digest.rb CHANGED

@@ -1,7 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'digest'
+require 'digest'
 module Contrast
   module Utils
@@ -131,6 +131,7 @@ module Contrast
       end
       def initialize
+        super
         @crc32 = 0
       end

data/lib/contrast/utils/heap_dump_util.rb CHANGED

@@ -1,8 +1,8 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'objspace'
-cs__scoped_require 'contrast/components/interface'
+require 'objspace'
+require 'contrast/components/interface'
 module Contrast
   module Utils

data/lib/contrast/utils/invalid_configuration_util.rb CHANGED

@@ -1,7 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/components/interface'
+require 'contrast/components/interface'
 module Contrast
   module Utils

data/lib/contrast/utils/inventory_util.rb CHANGED

@@ -1,10 +1,10 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/utils/timer'
-cs__scoped_require 'contrast/utils/object_share'
-cs__scoped_require 'contrast/utils/gemfile_reader'
-cs__scoped_require 'contrast/components/interface'
+require 'contrast/utils/timer'
+require 'contrast/utils/object_share'
+require 'contrast/utils/gemfile_reader'
+require 'contrast/components/interface'
 module Contrast
   module Utils

data/lib/contrast/utils/io_util.rb CHANGED

@@ -1,7 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/components/interface'
+require 'contrast/components/interface'
 module Contrast
   module Utils

data/lib/contrast/utils/os.rb CHANGED

@@ -1,7 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/components/interface'
+require 'contrast/components/interface'
 module Contrast
   module Utils

data/lib/contrast/utils/ruby_ast_rewriter.rb CHANGED

@@ -1,7 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'parser/current'
+require 'parser/current'
 module Contrast
   module Utils

data/lib/contrast/utils/sha256_builder.rb CHANGED

@@ -1,8 +1,8 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'singleton'
-cs__scoped_require 'contrast/utils/object_share'
+require 'singleton'
+require 'contrast/utils/object_share'
 module Contrast
   module Utils

data/lib/contrast/utils/stack_trace_utils.rb CHANGED

@@ -1,8 +1,8 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/utils/object_share'
-cs__scoped_require 'contrast/api'
+require 'contrast/utils/object_share'
+require 'contrast/api'
 module Contrast
   module Utils

data/lib/contrast/utils/string_utils.rb CHANGED

@@ -1,7 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-cs__scoped_require 'contrast/components/interface'
+require 'contrast/components/interface'
 module Contrast
   module Utils

data/ruby-agent.gemspec CHANGED

@@ -1,8 +1,8 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require_relative './lib/contrast/agent/version' # rubocop:disable  Kernel/RequireRelative
-require 'bundler' # rubocop:disable  Kernel/Require
+require_relative './lib/contrast/agent/version'
+require 'bundler'
 # https://github.com/grpc/grpc/issues/21514#issuecomment-581417788
 module BundlerHack
   def __materialize__
@@ -50,9 +50,9 @@ def self.add_dev_dependencies spec
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec-benchmark'
   spec.add_development_dependency 'rspec_junit_formatter', '0.3.0'
-  spec.add_development_dependency 'rubocop', '0.83.0'
-  spec.add_development_dependency 'rubocop-performance', '1.5.2'
-  spec.add_development_dependency 'rubocop-rspec', '1.39.0'
+  spec.add_development_dependency 'rubocop', '0.89.1'
+  spec.add_development_dependency 'rubocop-performance', '1.7.1'
+  spec.add_development_dependency 'rubocop-rspec', '1.42.0'
   spec.add_development_dependency 'simplecov', '~> 0.18'
   spec.add_development_dependency 'sinatra', '>= 2'
   spec.add_development_dependency 'sqlite3', '1.3.9'

data/service_executables/VERSION CHANGED

	@@ -1 +1 @@
1	- 2.9.5
1	+ 2.11.1

data/service_executables/linux/contrast-service CHANGED

Binary file

data/service_executables/mac/contrast-service CHANGED

Binary file

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 3.13.2
+  version: 3.14.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -12,7 +12,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-07-29 00:00:00.000000000 Z
+date: 2020-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: amazing_print
@@ -258,42 +258,42 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.83.0
+        version: 0.89.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.83.0
+        version: 0.89.1
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.5.2
+        version: 1.7.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.5.2
+        version: 1.7.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.39.0
+        version: 1.42.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.39.0
+        version: 1.42.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -462,20 +462,20 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_marshal_module/extconf.rb
+- ext/cs__assess_string/extconf.rb
 - ext/cs__assess_active_record_named/extconf.rb
-- ext/cs__assess_string_interpolation26/extconf.rb
+- ext/cs__assess_hash/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
+- ext/cs__assess_basic_object/extconf.rb
 - ext/cs__assess_module/extconf.rb
+- ext/cs__assess_regexp/extconf.rb
 - ext/cs__protect_kernel/extconf.rb
-- ext/cs__assess_hash/extconf.rb
-- ext/cs__assess_fiber_track/extconf.rb
+- ext/cs__assess_string_interpolation26/extconf.rb
 - ext/cs__assess_kernel/extconf.rb
-- ext/cs__assess_string/extconf.rb
-- ext/cs__assess_basic_object/extconf.rb
-- ext/cs__assess_array/extconf.rb
+- ext/cs__assess_marshal_module/extconf.rb
+- ext/cs__assess_fiber_track/extconf.rb
 - ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
-- ext/cs__assess_regexp/extconf.rb
+- ext/cs__assess_array/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -674,7 +674,9 @@ files:
 - lib/contrast/agent/assess/contrast_event.rb
 - lib/contrast/agent/assess/events/event_factory.rb
 - lib/contrast/agent/assess/events/source_event.rb
-- lib/contrast/agent/assess/insulator.rb
+- lib/contrast/agent/assess/finalizers/finalize.rb
+- lib/contrast/agent/assess/finalizers/freeze.rb
+- lib/contrast/agent/assess/finalizers/hash.rb
 - lib/contrast/agent/assess/policy/dynamic_source_factory.rb
 - lib/contrast/agent/assess/policy/patcher.rb
 - lib/contrast/agent/assess/policy/policy.rb
@@ -779,7 +781,6 @@ files:
 - lib/contrast/agent/request.rb
 - lib/contrast/agent/request_context.rb
 - lib/contrast/agent/request_handler.rb
-- lib/contrast/agent/require_state.rb
 - lib/contrast/agent/response.rb
 - lib/contrast/agent/rewriter.rb
 - lib/contrast/agent/rule_set.rb
@@ -864,6 +865,7 @@ files:
 - lib/contrast/extension/assess/fiber.rb
 - lib/contrast/extension/assess/hash.rb
 - lib/contrast/extension/assess/kernel.rb
+- lib/contrast/extension/assess/marshal.rb
 - lib/contrast/extension/assess/regexp.rb
 - lib/contrast/extension/assess/string.rb
 - lib/contrast/extension/delegator.rb
@@ -896,6 +898,7 @@ files:
 - lib/contrast/logger/application.rb
 - lib/contrast/logger/format.rb
 - lib/contrast/logger/log.rb
+- lib/contrast/logger/request.rb
 - lib/contrast/logger/time.rb
 - lib/contrast/security_exception.rb
 - lib/contrast/tasks/config.rb

data/lib/contrast/agent/assess/insulator.rb DELETED

@@ -1,49 +0,0 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-cs__scoped_require 'contrast/utils/prevent_serialization'
-cs__scoped_require 'contrast/agent/assess/properties'
-module Contrast
-  module Agent
-    module Assess
-      # This is just a wrapper around Properties so that if they are on a frozen
-      # object, they are left mutable for us.
-      class Insulator
-        # Return a new delegator with a properties method, used to track
-        # properties in a manner that won't be serialized.
-        #
-        # @return [SimpleDelegator<Object>]
-        def self.generate
-          delegator = SimpleDelegator.new(nil)
-          delegator.extend(Contrast::Utils::PreventPsychSerialization)
-          delegator
-        end
-        # Return the frozen properties delegator, which is a
-        #
-        # @return [SimpleDelegator<Object>]
-        def self.generate_frozen
-          @_generate_frozen ||= begin
-                                  delegator = SimpleDelegator.new(nil)
-                                  delegator.extend(Contrast::Utils::PreventPsychSerialization)
-                                  delegator
-                                end
-        end
-      end
-    end
-  end
-end
-# Our patch of the SimpleDelegator class, allowing us to leverage its
-# marshal_dump and marshal_load methods to hide our properties on an object so
-# that they will not be dumped or loaded.
-# We do this to prevent polluting data that may run on applications that are no
-# longer instrumented with Contrast
-class SimpleDelegator
-  # rubocop:disable Naming/MemoizedInstanceVariableName
-  def properties
-    @delegate_properties ||= Contrast::Agent::Assess::Properties.new
-  end
-  # rubocop:enable Naming/MemoizedInstanceVariableName
-end