contrast-agent 3.14.0 → 3.15.0

data/lib/contrast/agent/rewriter.rb

@@ -61,9 +61,7 @@ module Contrast
           status ||= Contrast::Agent::Patching::Policy::PatchStatus.get_status(mod)
           status.failed_rewrite!
         ensure
-          with_contrast_scope do
-            opener&.commit_patches
-          end
+          opener&.commit_patches
           logger.trace('Rewriting complete',
                        module: module_data.name,
                        result: Contrast::Agent::Patching::Policy::PatchStatus.get_status(

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '3.14.0'
+    VERSION = '3.15.0'
   end
 end

data/lib/contrast/api/communication/messaging_queue.rb

@@ -67,10 +67,7 @@ module Contrast
         def preprocess_event event
           return unless event.is_a?(Contrast::Api::Dtm::Activity)
 
-          # So set their tags
-          event.finding_tags = Contrast::Utils::StringUtils.force_utf8(ASSESS.tags)
-
-          # and see if they're even enabled
+          # See if they're even enabled
           event.findings.delete_if { |finding| ASSESS.rule_disabled?(finding.rule_id) }
         end
       end

data/lib/contrast/api/decorators/application_update.rb

@@ -18,10 +18,8 @@ module Contrast
           klass.extend(ClassMethods)
         end
 
-        def append_library_update library_dtm_list, library_tags
-          lib_tags = Contrast::Utils::StringUtils.protobuf_format(library_tags)
+        def append_library_update library_dtm_list
           library_dtm_list.each do |library_dtm|
-            library_dtm.tags = lib_tags
             libraries[library_dtm.hash_code] = library_dtm
           end
         end
@@ -46,7 +44,7 @@ module Contrast
             msg = new
             msg.append_route_coverage_data(Contrast::Agent.framework_manager.find_route_discovery_data)
             msg.append_platform_version(Contrast::Agent.framework_manager.platform_version)
-            msg.append_library_update(Contrast::Utils::GemfileReader.instance.library_pb_list, CONFIG.root.inventory.tags)
+            msg.append_library_update(Contrast::Utils::GemfileReader.instance.library_pb_list)
             msg
           end
         end

data/lib/contrast/api/decorators/trace_event.rb

@@ -32,19 +32,19 @@ module Contrast
 
           properties = case taint_target
                        when Contrast::Utils::ObjectShare::OBJECT_KEY
-                         contrast_event.object.cs__properties
+                         Contrast::Agent::Assess::Tracker.properties(contrast_event.object)
                        when Contrast::Utils::ObjectShare::RETURN_KEY
-                         contrast_event.ret.cs__properties
+                         Contrast::Agent::Assess::Tracker.properties(contrast_event.ret)
                        else
                          target = contrast_event.args[taint_target]
                          if target.is_a?(Hash)
                            if contrast_event.policy_node&.targets&.any?
-                             target[contrast_event.policy_node.targets[0]].cs__properties
+                             Contrast::Agent::Assess::Tracker.properties(target[contrast_event.policy_node.targets[0]])
                            else
-                             target[contrast_event.policy_node.sources[0]].cs__properties
+                             Contrast::Agent::Assess::Tracker.properties(target[contrast_event.policy_node.sources[0]])
                            end
                          else
-                           target.cs__properties
+                           Contrast::Agent::Assess::Tracker.properties(target)
                          end
                        end
 

data/lib/contrast/components/app_context.rb

@@ -15,7 +15,7 @@ module Contrast
         include Contrast::Components::ComponentBase
         include Contrast::Components::Interface
 
-        access_component :agent, :config
+        access_component :agent, :analysis, :config
 
         DEFAULT_APP_NAME    = 'rails'
         DEFAULT_APP_PATH    = '/'
@@ -79,7 +79,6 @@ module Contrast
           msg = Contrast::Api::Dtm::ApplicationCreate.new
 
           msg.group            = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.group
-          msg.tags             = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.tags
           msg.app_version      = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.version.to_s
           msg.code             = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.code
           msg.metadata         = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.metadata
@@ -92,13 +91,16 @@ module Contrast
 
         def build_agent_startup_message
           msg = Contrast::Api::Dtm::AgentStartup.new
-          msg.server_name    = Contrast::Utils::StringUtils.protobuf_format server_name
-          msg.server_path    = Contrast::Utils::StringUtils.protobuf_format server_path
-          msg.server_type    = Contrast::Utils::StringUtils.protobuf_format server_type
-          msg.server_version = Contrast::Agent::VERSION
-          msg.version        = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.version
-          msg.environment    = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.environment
-          msg.tags           = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.tags
+          msg.server_name      = Contrast::Utils::StringUtils.protobuf_format server_name
+          msg.server_path      = Contrast::Utils::StringUtils.protobuf_format server_path
+          msg.server_type      = Contrast::Utils::StringUtils.protobuf_format server_type
+          msg.server_version   = Contrast::Agent::VERSION
+          msg.version          = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.version
+          msg.environment      = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.environment
+          msg.server_tags      = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.tags
+          msg.application_tags = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.tags
+          msg.library_tags     = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.inventory.tags
+          msg.finding_tags     = Contrast::Utils::StringUtils.protobuf_format ASSESS.tags
           msg
         end
 

data/lib/contrast/components/config.rb

@@ -34,8 +34,7 @@ module Contrast
         def build log: true
           @_valid = nil
           @config = Contrast::Configuration.new
-          defaults
-          overrides
+          env_overrides
           validate(log: log)
         end
         alias_method :rebuild, :build
@@ -70,11 +69,11 @@ module Contrast
         end
 
         def session_id
-          @_session_id ||= raw.application.session_id || Contrast::Utils::ObjectShare::EMPTY_STRING
+          @_session_id ||= raw.application.session_id
         end
 
         def session_metadata
-          @_session_metadata ||= raw.application.session_metadata || Contrast::Utils::ObjectShare::EMPTY_STRING
+          @_session_metadata ||= raw.application.session_metadata
         end
 
         def valid?
@@ -105,15 +104,6 @@ module Contrast
           true
         end
 
-        def defaults
-          raw.agent.service.host ||= Contrast::Configuration::DEFAULT_HOST
-          raw.agent.service.port ||= Contrast::Configuration::DEFAULT_PORT
-        end
-
-        def overrides
-          env_overrides
-        end
-
         def env_overrides
           # For env variables resembling CONTRAST__WHATEVER__NESTED_VALUE
           # override raw.whatever.nested_value

data/lib/contrast/components/contrast_service.rb

@@ -36,11 +36,11 @@ module Contrast
         end
 
         def host
-          @_host ||= (CONFIG.root.agent.service.host || Contrast::Configuration::DEFAULT_HOST).to_s
+          @_host ||= CONFIG.root.agent.service.host.to_s
         end
 
         def port
-          @_port ||= (CONFIG.root.agent.service.port || DEFAULT_PORT).to_i
+          @_port ||= CONFIG.root.agent.service.port.to_i
         end
 
         def socket_path

data/lib/contrast/config/application_configuration.rb

@@ -1,6 +1,9 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/config/default_value'
+require 'contrast/utils/object_share'
+
 module Contrast
   module Config
     # Common Configuration settings. Those in this section pertain to the
@@ -15,8 +18,8 @@ module Contrast
           tags: EMPTY_VALUE,
           code: EMPTY_VALUE,
           metadata: EMPTY_VALUE,
-          session_id: EMPTY_VALUE,
-          session_metadata: EMPTY_VALUE
+          session_id: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::EMPTY_STRING),
+          session_metadata: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::EMPTY_STRING)
       }.cs__freeze
 
       def initialize hsh

data/lib/contrast/config/service_configuration.rb

@@ -1,15 +1,21 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/config/default_value'
+require 'contrast/config/logger_configuration'
+
 module Contrast
   module Config
     # Common Configuration settings. Those in this section pertain to the
     # communication between the Agent & the Service.
     class ServiceConfiguration < BaseConfiguration
+      DEFAULT_HOST       = '127.0.0.1'
+      DEFAULT_PORT       = '30555'
+
       KEYS = {
           enable: EMPTY_VALUE,
-          host: EMPTY_VALUE,
-          port: EMPTY_VALUE,
+          host: Contrast::Config::DefaultValue.new(DEFAULT_HOST),
+          port: Contrast::Config::DefaultValue.new(DEFAULT_PORT),
           socket: EMPTY_VALUE,
           logger: Contrast::Config::LoggerConfiguration
       }.cs__freeze

data/lib/contrast/configuration.rb

@@ -24,8 +24,6 @@ module Contrast
     attr_reader :default_name, :root
 
     DEFAULT_YAML_PATH  = 'contrast_security.yaml'
-    DEFAULT_HOST       = '127.0.0.1'
-    DEFAULT_PORT       = '30555'
     MILLISECOND_MARKER = '_ms'
     CONVERSION = {
         'agent.service.enable' => 'agent.start_bundled_service'
@@ -37,9 +35,6 @@ module Contrast
       '/etc/contrast/',
       '/etc/'
     ].cs__freeze
-    REMOVE_FIELDS = [
-      'contrast'
-    ].cs__freeze
 
     def initialize cli_options = nil, default_name = DEFAULT_YAML_PATH
       @default_name = default_name
@@ -53,7 +48,6 @@ module Contrast
 
       # Some in-flight rewrites to maintain backwards compatibility
       config_kv = update_prop_keys(config_kv)
-      config_kv = deprecate_fields(config_kv)
 
       @root = Contrast::Config::RootConfiguration.new(config_kv)
     end
@@ -73,6 +67,13 @@ module Contrast
       root&.cs__respond_to?(method_name) || super
     end
 
+    # Get a loggable YAML format of this configuration
+    # @return [String] the current active configuration of the Agent,
+    #   represented as a YAML string
+    def loggable
+      convert_to_hash.to_yaml
+    end
+
     protected
 
     # TODO: RUBY-546 move utility methods to auxiliary classes
@@ -80,26 +81,16 @@ module Contrast
     def load_config
       config = {}
       configuration_paths.find do |path|
-        found = File.exist?(path)
-        next unless found
+        next unless File.exist?(path)
 
-        readable = File.readable?(path)
-        unless readable
-          puts "!!! Contrast - Configuration file at #{ path } is not readable by current user"
+        unless File.readable?(path)
+          log_file_read_error(path)
           next
         end
         config = yaml_to_hash(path) || {}
         break
       end
 
-      if config.empty?
-        puts "!!! Contrast - working directory: #{ Dir.pwd }"
-        puts '!!! Contrast - valid configuration file could not be found at any of the search paths'
-        puts 'Valid configuration paths are: '
-        configuration_paths.each do |path|
-          puts(path)
-        end
-      end
       config
     end
 
@@ -109,9 +100,10 @@ module Contrast
           yaml = IO.read(path)
           yaml = ERB.new(yaml).result if defined?(ERB)
           return YAML.safe_load(yaml)
+        rescue Psych::Exception => e
+          log_yaml_parse_error(path, e)
         rescue RuntimeError => e
-          puts "ERROR: unable to load configuration from path due to #{ e }"
-          puts "ERROR: path=#{ path } pwd=#{ Dir.pwd }"
+          puts "WARN: Unable to load configuration. #{ e }; path: #{ path }, pwd: #{ Dir.pwd }"
         end
       end
 
@@ -122,29 +114,20 @@ module Contrast
     # files to match the new agreed upon standard configuration
     # names, so that one file works for all agents
     def update_prop_keys config
-      converted = false
       CONVERSION.each_pair do |old_method, new_method|
         # See if the old value was set and needs to be translated
         deprecated_keys = old_method.split('.')
-
         old_value = config
         deprecated_keys.each do |key|
           old_value = old_value[key]
           break if old_value.nil?
         end
+        next if old_value.nil? # have to account for literal false
 
-        next if old_value.nil?
-
-        converted = true
-
-        puts "The deprecated property #{ old_method } is being set."
-        puts "Please update your config to use the property #{ new_method } instead."
-
+        log_deprecated_property(old_method, new_method)
         new_keys = new_method.split('.')
-
         # We changed the seconds values into ms values. Multiply them accordingly
         old_value = old_value.to_i * 1000 if new_method.end_with?(MILLISECOND_MARKER)
-
         new_value = config
         end_idx = new_keys.length - 1
         new_keys.each_with_index do |new_key, index|
@@ -161,21 +144,6 @@ module Contrast
       config
     end
 
-    def deprecate_fields hash
-      REMOVE_FIELDS.each do |field|
-        path = field.split('.')
-        active_path = hash
-        path.each_with_index do |delete_path, index|
-          if index == path.length - 1 && active_path
-            active_path.delete(delete_path)
-          elsif active_path
-            active_path = active_path[delete_path]
-          end
-        end
-      end
-      hash
-    end
-
     # Base paths to check for the contrast configuration file, sorted by
     # reverse order of precedence (first is most important).
     def configuration_paths
@@ -208,5 +176,78 @@ module Contrast
       end
       new_hash
     end
+
+    private
+
+    # We cannot use all access components at this point, unfortunately, as they
+    # may not have been initialized. Instead, we need to access the logger
+    # directly.
+    def logger
+      @_logger ||= (Contrast::Logger::Log.instance.logger if defined?(Contrast::Logger::Log))
+    end
+
+    # When we fail to parse a configuration because it is misformatted, log an
+    # appropriate message based on the Agent Onboarding specification
+    def log_yaml_parse_error path, exception
+      hash = {
+          path: path,
+          pwd: Dir.pwd
+      }
+      if exception.is_a?(Psych::SyntaxError)
+        hash[:context] = exception.context
+        hash[:column] = exception.column
+        hash[:line] = exception.line
+        hash[:offset] = exception.offset
+        hash[:problem] = exception.problem
+      end
+
+      if logger
+        logger.warn('YAML validator found an error', hash)
+      else
+        puts "CONTRAST - WARN: YAML validator found an error. #{ hash.inspect }"
+      end
+    end
+
+    def log_file_read_error path
+      if logger
+        logger.warn('Configuration file is not readable by current user', path: path)
+      else
+        puts "CONTRAST - WARN: Configuration file is not readable by current user; path: #{ path }"
+      end
+    end
+
+    def log_deprecated_property old_method, new_method
+      if logger
+        logger.warn('Deprecated property in use', old_method: old_method, new_method: new_method)
+      else
+        puts "CONTRAST - WARN: Deprecated property in use; old_method: #{ old_method }, new_method: #{ new_method }"
+      end
+    end
+
+    # Convert this entire configuration into a hash, walking down the entries
+    # in the thing to convert and setting them in the given hash. For now, this
+    # logs every possible key, whether set or not. If we want to change that
+    # behavior, we can skip adding keys to the hash if the value is nil, blank,
+    # or Contrast::Config::DefaultValue depending on desired behavior
+    #
+    # @param hash [Hash] the hash to populate
+    # @param convert [Contrast::Config::BaseConfiguration, Object] the level of
+    #   configuration from which to convert. Note that at least one top level
+    #   Contrast::Config::BaseConfiguration is required for anything to be set
+    #   in the hash
+    # @return [Hash, Object] the leaf of each
+    #   Contrast::Config::BaseConfiguration will be returned in the N > 0 steps
+    #   the Hash will be returned at the end of the 0 level
+    def convert_to_hash convert=root, hash={}
+      case convert
+      when Contrast::Config::BaseConfiguration
+        convert.cs__class::KEYS.each_key do |key|
+          hash[key] = convert_to_hash(convert.send(key), {})
+        end
+        hash
+      else
+        convert
+      end
+    end
   end
 end

data/lib/contrast/extension/assess.rb

@@ -30,8 +30,6 @@ module Contrast
       require 'contrast/agent/assess/policy/policy'
       require 'contrast/agent/assess/policy/patcher'
 
-      # classes that don't play nice w/ our standard propagation
-      require 'contrast/extension/assess/assess_extension'
       # this needs to come first b/c array and others work on strings and
       # expect them to be trackable
       require 'contrast/extension/assess/string'

data/lib/contrast/extension/assess/array.rb

@@ -35,23 +35,26 @@ module Contrast
           # operation happens in C, we have to do it here rather than rely on the
           # patch of our String append or concat methods.
           def cs__track_join ary, separator, ret
-            return unless ary
+            return ret unless ary
             return ret if Contrast::Agent::Patching::Policy::Patch.skip_assess_analysis?
 
             with_contrast_scope do
+              properties = Contrast::Agent::Assess::Tracker.properties(ret)
+              return ret unless properties
+
               shift = 0
               separator_length = separator.nil? ? 0 : separator.to_s.length
               ary.each do |obj|
                 if obj # skip nil here
-                  ret.cs__copy_from(obj, shift)
+                  properties.copy_from(obj, ret, shift)
                   shift += obj.to_s.length
                 end
                 shift += separator_length
               end
-              return ret unless ret.cs__tracked?
+              return ret unless Contrast::Agent::Assess::Tracker.tracked?(ret)
 
-              ret.cs__properties.cleanup_tags
-              ret.cs__properties.build_event(
+              properties.cleanup_tags
+              properties.build_event(
                   ARRAY_JOIN_NODE,
                   ret,
                   ary,