RubyGems - contrast-agent - Versions diffs - 3.14.0 → 4.2.0 - Mend

contrast-agent 3.14.0 → 4.2.0

Files changed (148) hide show

checksums.yaml +4 -4
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +18 -15
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +1 -0
data/ext/cs__assess_string/cs__assess_string.c +24 -25
data/ext/cs__assess_string/cs__assess_string.h +3 -1
data/ext/cs__common/cs__common.c +4 -2
data/ext/cs__common/cs__common.h +1 -1
data/lib/contrast.rb +1 -1
data/lib/contrast/agent.rb +4 -12
data/lib/contrast/agent/assess.rb +1 -0
data/lib/contrast/agent/assess/contrast_event.rb +143 -79
data/lib/contrast/agent/assess/events/source_event.rb +1 -1
data/lib/contrast/agent/assess/finalizers/freeze.rb +3 -1
data/lib/contrast/agent/assess/finalizers/hash.rb +45 -1
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +10 -3
data/lib/contrast/agent/assess/policy/patcher.rb +1 -1
data/lib/contrast/agent/assess/policy/policy.rb +0 -2
data/lib/contrast/agent/assess/policy/policy_node.rb +15 -10
data/lib/contrast/agent/assess/policy/policy_scanner.rb +19 -3
data/lib/contrast/agent/assess/policy/preshift.rb +7 -11
data/lib/contrast/agent/assess/policy/propagation_method.rb +50 -33
data/lib/contrast/agent/assess/policy/propagator/append.rb +8 -5
data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/center.rb +9 -5
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +5 -3
data/lib/contrast/agent/assess/policy/propagator/insert.rb +7 -4
data/lib/contrast/agent/assess/policy/propagator/keep.rb +4 -1
data/lib/contrast/agent/assess/policy/propagator/match_data.rb +4 -7
data/lib/contrast/agent/assess/policy/propagator/next.rb +7 -5
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +8 -5
data/lib/contrast/agent/assess/policy/propagator/remove.rb +8 -4
data/lib/contrast/agent/assess/policy/propagator/replace.rb +5 -2
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +7 -5
data/lib/contrast/agent/assess/policy/propagator/select.rb +13 -7
data/lib/contrast/agent/assess/policy/propagator/splat.rb +10 -9
data/lib/contrast/agent/assess/policy/propagator/split.rb +24 -19
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +47 -31
data/lib/contrast/agent/assess/policy/propagator/trim.rb +11 -5
data/lib/contrast/agent/assess/policy/source_method.rb +85 -58
data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +16 -12
data/lib/contrast/agent/assess/policy/trigger/xpath.rb +1 -1
data/lib/contrast/agent/assess/policy/trigger_method.rb +76 -28
data/lib/contrast/agent/assess/policy/trigger_node.rb +38 -43
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +2 -1
data/lib/contrast/agent/assess/properties.rb +2 -0
data/lib/contrast/agent/assess/property/evented.rb +5 -18
data/lib/contrast/agent/assess/property/tagged.rb +9 -3
data/lib/contrast/agent/assess/property/updated.rb +131 -0
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +58 -5
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +23 -8
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +83 -14
data/lib/contrast/agent/assess/tag.rb +1 -1
data/lib/contrast/agent/assess/tracker.rb +66 -0
data/lib/contrast/agent/at_exit_hook.rb +5 -5
data/lib/contrast/agent/class_reopener.rb +7 -5
data/lib/contrast/agent/inventory.rb +15 -0
data/lib/contrast/agent/inventory/dependencies.rb +50 -0
data/lib/contrast/agent/inventory/dependency_analysis.rb +37 -0
data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +104 -0
data/lib/contrast/agent/inventory/gemfile_digest_cache.rb +38 -0
data/lib/contrast/agent/middleware.rb +1 -3
data/lib/contrast/agent/patching/policy/after_load_patch.rb +5 -5
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +20 -20
data/lib/contrast/agent/patching/policy/module_policy.rb +10 -10
data/lib/contrast/agent/patching/policy/patch.rb +6 -0
data/lib/contrast/agent/patching/policy/patcher.rb +13 -22
data/lib/contrast/agent/patching/policy/policy.rb +17 -6
data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +3 -5
data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +4 -3
data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +1 -1
data/lib/contrast/agent/protect/rule/cmd_injection.rb +9 -25
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +1 -0
data/lib/contrast/agent/request.rb +34 -34
data/lib/contrast/agent/request_handler.rb +1 -1
data/lib/contrast/agent/response.rb +17 -6
data/lib/contrast/agent/rewriter.rb +1 -3
data/lib/contrast/agent/scope.rb +59 -53
data/lib/contrast/agent/static_analysis.rb +7 -7
data/lib/contrast/agent/tracepoint_hook.rb +1 -1
data/lib/contrast/agent/version.rb +1 -1
data/lib/contrast/api/communication/messaging_queue.rb +1 -4
data/lib/contrast/api/communication/socket_client.rb +36 -1
data/lib/contrast/api/decorators.rb +3 -0
data/lib/contrast/api/decorators/address.rb +13 -14
data/lib/contrast/api/decorators/application_update.rb +2 -4
data/lib/contrast/api/decorators/library.rb +53 -0
data/lib/contrast/api/decorators/library_usage_update.rb +30 -0
data/lib/contrast/api/decorators/message.rb +1 -0
data/lib/contrast/api/decorators/trace_event.rb +25 -23
data/lib/contrast/common_agent_configuration.rb +2 -1
data/lib/contrast/components/agent.rb +6 -5
data/lib/contrast/components/app_context.rb +49 -38
data/lib/contrast/components/config.rb +30 -48
data/lib/contrast/components/contrast_service.rb +9 -9
data/lib/contrast/components/interface.rb +25 -3
data/lib/contrast/components/inventory.rb +6 -1
data/lib/contrast/components/scope.rb +49 -6
data/lib/contrast/components/settings.rb +23 -23
data/lib/contrast/config/application_configuration.rb +5 -2
data/lib/contrast/config/inventory_configuration.rb +2 -2
data/lib/contrast/config/service_configuration.rb +8 -0
data/lib/contrast/configuration.rb +88 -47
data/lib/contrast/extension/assess.rb +0 -2
data/lib/contrast/extension/assess/array.rb +15 -8
data/lib/contrast/extension/assess/erb.rb +11 -3
data/lib/contrast/extension/assess/eval_trigger.rb +6 -6
data/lib/contrast/extension/assess/exec_trigger.rb +1 -4
data/lib/contrast/extension/assess/fiber.rb +12 -12
data/lib/contrast/extension/assess/hash.rb +5 -6
data/lib/contrast/extension/assess/kernel.rb +28 -23
data/lib/contrast/extension/assess/marshal.rb +11 -6
data/lib/contrast/extension/assess/regexp.rb +8 -7
data/lib/contrast/extension/assess/string.rb +21 -21
data/lib/contrast/extension/protect/kernel.rb +3 -3
data/lib/contrast/framework/base_support.rb +1 -1
data/lib/contrast/framework/manager.rb +3 -3
data/lib/contrast/framework/rack/patch/session_cookie.rb +22 -28
data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +13 -13
data/lib/contrast/framework/rails/patch/assess_configuration.rb +5 -11
data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +10 -10
data/lib/contrast/framework/rails/patch/support.rb +1 -1
data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +11 -11
data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +12 -12
data/lib/contrast/framework/rails/rewrite/active_record_named.rb +3 -3
data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +12 -12
data/lib/contrast/framework/rails/support.rb +5 -0
data/lib/contrast/framework/sinatra/patch/base.rb +11 -11
data/lib/contrast/framework/sinatra/support.rb +4 -4
data/lib/contrast/logger/application.rb +11 -3
data/lib/contrast/logger/log.rb +7 -2
data/lib/contrast/utils/assess/tracking_util.rb +48 -3
data/lib/contrast/utils/duck_utils.rb +0 -10
data/lib/contrast/utils/env_configuration_item.rb +2 -1
data/lib/contrast/utils/invalid_configuration_util.rb +20 -21
data/lib/contrast/utils/inventory_util.rb +0 -7
data/lib/contrast/utils/sha256_builder.rb +0 -12
data/lib/contrast/utils/string_utils.rb +10 -5
data/resources/assess/policy.json +31 -22
data/ruby-agent.gemspec +21 -18
data/service_executables/VERSION +1 -1
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
metadata +71 -30
data/lib/contrast/agent/assess/finalizers/finalize.rb +0 -21
data/lib/contrast/extension/assess/assess_extension.rb +0 -145
data/lib/contrast/utils/boolean_util.rb +0 -30
data/lib/contrast/utils/freeze_util.rb +0 -32
data/lib/contrast/utils/gemfile_reader.rb +0 -193

data/lib/contrast/extension/protect/kernel.rb CHANGED

@@ -30,9 +30,9 @@ module Contrast
           def instrument
             @_instrument ||= begin
-                                               require 'cs__protect_kernel/cs__protect_kernel'
-                                               true
-                                             end
+              require 'cs__protect_kernel/cs__protect_kernel'
+              true
+            end
           rescue StandardError, LoadError => e
             logger.error('Error loading kernel protect patch', e)
             false

data/lib/contrast/framework/base_support.rb CHANGED

@@ -46,7 +46,7 @@ module Contrast
         #
         # By default, and hopefully in all cases, we won't need these patches,
         # so we're allowing nil here rather than raising an exception.
-        def before_load_patches; end
+        def before_load_patches!; end
         # Some Frameworks require specific patching for their classes to handle
         # functionality like routing. To accommodate this, this method provides

data/lib/contrast/framework/manager.rb CHANGED

@@ -39,9 +39,9 @@ module Contrast
       # configuration.
       def before_load_patches!
         @_before_load_patches ||= begin
-                                    SUPPORTED_FRAMEWORKS.each(&:before_load_patches)
-                                    true
-                                  end
+          SUPPORTED_FRAMEWORKS.each(&:before_load_patches!)
+          true
+        end
       end
       # Return all the After Load Patches for all the Frameworks we know, even

data/lib/contrast/framework/rack/patch/session_cookie.rb CHANGED

@@ -24,20 +24,20 @@ module Contrast
             def instrument
               @_instrument ||= begin
-                                 ::Rack::Session::Cookie.class_eval do
-                                   alias_method :cs__patched_initialize, :initialize
-                                   def initialize app, options = {}
-                                     Contrast::Framework::Rack::Patch::SessionCookie.analyze(options)
-                                     cs__patched_initialize(app, options)
-                                   end
-                                 end
-                                 true
-                               end
+                ::Rack::Session::Cookie.class_eval do
+                  alias_method :cs__patched_initialize, :initialize
+                  def initialize app, options = {}
+                    Contrast::Framework::Rack::Patch::SessionCookie.analyze(options)
+                    cs__patched_initialize(app, options)
+                  end
+                end
+                true
+              end
             end
             def analyze options
               return unless AGENT.enabled?
-              return if PROTECT.enabled?
+              return if ASSESS.forcibly_disabled?
               apply_session_timeout(options)
               apply_httponly(options)
@@ -67,12 +67,10 @@ module Contrast
                   options,
                   safe_default: false)
-              with_contrast_scope do
-                cs__report_finding(
-                    CS__SECURE_RULE_NAME,
-                    options,
-                    caller_locations(10, 9)[0])
-              end
+              cs__report_finding(
+                  CS__SECURE_RULE_NAME,
+                  options,
+                  caller_locations(10, 9)[0])
             rescue StandardError => e
               begin
                 logger.error('Unable to track call to secure session', e)
@@ -88,12 +86,10 @@ module Contrast
                                                 safe_default: false,
                                                 comparison_type: :greater_than)
-              with_contrast_scope do
-                cs__report_finding(
-                    CS__SESSION_TIMEOUT_NAME,
-                    options,
-                    caller_locations(10, 9)[0])
-              end
+              cs__report_finding(
+                  CS__SESSION_TIMEOUT_NAME,
+                  options,
+                  caller_locations(10, 9)[0])
             rescue StandardError => e
               begin
                 logger.error('Unable to track call to set session timeout', e)
@@ -105,12 +101,10 @@ module Contrast
             def apply_httponly options
               return unless vulnerable_setting?(:httponly, true, options)
-              with_contrast_scope do
-                cs__report_finding(
-                    CS__HTTPONLY_NAME,
-                    options,
-                    caller_locations(10, 9)[0])
-              end
+              cs__report_finding(
+                  CS__HTTPONLY_NAME,
+                  options,
+                  caller_locations(10, 9)[0])
             rescue StandardError => e
               begin
                 logger.error('Unable to track call to httponly', e)

data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb CHANGED

@@ -19,19 +19,19 @@ module Contrast
             def instrument
               @_instrument ||= begin
-                                 ::ActionController::Live::Buffer.class_eval do
-                                   # normally pre->in->post filters are applied however, in a streamed response
-                                   # we can run into a case where it's pre -> in -> post -> more infilters
-                                   # in order to submit anything found during the infilters after the response has
-                                   # been written we need to explicitly send them
-                                   alias_method :cs__close, :close
-                                   def close
-                                     Contrast::Framework::Rails::Patch::ActionControllerLiveBuffer.send_messages
-                                     cs__close
-                                   end
-                                 end
-                                 true
-                               end
+                ::ActionController::Live::Buffer.class_eval do
+                  # normally pre->in->post filters are applied however, in a streamed response
+                  # we can run into a case where it's pre -> in -> post -> more infilters
+                  # in order to submit anything found during the infilters after the response has
+                  # been written we need to explicitly send them
+                  alias_method :cs__close, :close
+                  def close
+                    Contrast::Framework::Rails::Patch::ActionControllerLiveBuffer.send_messages
+                    cs__close
+                  end
+                end
+                true
+              end
             end
           end
         end

data/lib/contrast/framework/rails/patch/assess_configuration.rb CHANGED

@@ -12,7 +12,7 @@ module Contrast
         module AssessConfiguration
           include Contrast::Components::Interface
-          access_component :agent, :analysis, :logging, :scope
+          access_component :agent, :analysis, :logging
           CS__SESSION_TIMEOUT_NAME = 'session-timeout'
           SAFE_SESSION_TIMEOUT = (30 * 60 * 1000)
@@ -23,7 +23,7 @@ module Contrast
             include Contrast::Utils::InvalidConfigurationUtil
             def analyze_session_store *args
-              return if PROTECT.enabled?
+              return if ASSESS.forcibly_disabled?
               apply_httponly_disabled(*args)
               apply_secure_cookie_disabled(*args)
@@ -52,9 +52,7 @@ module Contrast
               return unless vulnerable_setting?(:expire_after, SAFE_SESSION_TIMEOUT, args, comparison_type: :greater_than, safe_default: false)
               rails_session_settings = args[1]
-              with_contrast_scope do
-                cs__report_finding(CS__SESSION_TIMEOUT_NAME, rails_session_settings, caller_locations(6, 5)[0])
-              end
+              cs__report_finding(CS__SESSION_TIMEOUT_NAME, rails_session_settings, caller_locations(3, 2)[0])
             rescue StandardError => e
               begin
                 logger.error('Unable to track call to set session timeout', e)
@@ -68,9 +66,7 @@ module Contrast
               return unless vulnerable_setting?(:secure, true, args)
               rails_session_settings = args[1]
-              with_contrast_scope do
-                cs__report_finding(CS__SECURE_RULE_NAME, rails_session_settings, caller_locations(6, 5)[0])
-              end
+              cs__report_finding(CS__SECURE_RULE_NAME, rails_session_settings, caller_locations(3, 2)[0])
             rescue StandardError => e
               begin
                 logger.error('Unable to track call to disable secure cookies', e)
@@ -84,9 +80,7 @@ module Contrast
               return unless vulnerable_setting?(:httponly, true, args)
               rails_session_settings = args[1]
-              with_contrast_scope do
-                cs__report_finding(CS__HTTPONLY_RULE_NAME, rails_session_settings, caller_locations(6, 5)[0])
-              end
+              cs__report_finding(CS__HTTPONLY_RULE_NAME, rails_session_settings, caller_locations(3, 2)[0])
             rescue StandardError => e
               begin
                 logger.error('Unable to track call to disable httponly in session cookie', e)

data/lib/contrast/framework/rails/patch/rails_application_configuration.rb CHANGED

@@ -13,16 +13,16 @@ module Contrast
         class RailsApplicationConfiguration
           def self.instrument
             @_instrument ||= begin
-                               ::Rails::Application::Configuration.class_eval do
-                                 alias_method :cs__patched_session_store, :session_store
-                                 def session_store *args
-                                   ret = cs__patched_session_store(*args)
-                                   Contrast::Framework::Rails::Patch::AssessConfiguration.analyze_session_store(*args)
-                                   ret
-                                 end
-                               end
-                               true
-                             end
+              ::Rails::Application::Configuration.class_eval do
+                alias_method :cs__patched_session_store, :session_store
+                def session_store *args
+                  ret = cs__patched_session_store(*args)
+                  Contrast::Framework::Rails::Patch::AssessConfiguration.analyze_session_store(*args)
+                  ret
+                end
+              end
+              true
+            end
           end
         end
       end

data/lib/contrast/framework/rails/patch/support.rb CHANGED

@@ -11,7 +11,7 @@ module Contrast
         # Extension point allowing for the registration of Patches required to
         # support the Rails framework.
         module Support
-          # (See BaseSupport#before_load_patches)
+          # (See BaseSupport#before_load_patches!)
           def before_load_patches!
             return unless defined?(::Rails)

data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb CHANGED

@@ -15,17 +15,17 @@ module Contrast
         class ActionControllerRailtiesHelperInherited
           def self.instrument
             @_instrument ||= begin
-                               ::ActionController::Railties::Helpers.class_eval do
-                                 alias_method :cs__patched_helper_inherited, :inherited
-                                 def inherited klass # rubocop:disable Lint/MissingSuper
-                                   klass&.instance_variable_set(:@cs__defining_class, true)
-                                   cs__patched_helper_inherited(klass) # This calls the original inherited, which should handle super as needed.
-                                 ensure
-                                   klass&.instance_variable_set(:@cs__defining_class, false)
-                                 end
-                               end
-                               true
-                             end
+              ::ActionController::Railties::Helpers.class_eval do
+                alias_method :cs__patched_helper_inherited, :inherited
+                def inherited klass # rubocop:disable Lint/MissingSuper
+                  klass&.instance_variable_set(:@cs__defining_class, true)
+                  cs__patched_helper_inherited(klass) # This calls the original inherited, which should handle super as needed.
+                ensure
+                  klass&.instance_variable_set(:@cs__defining_class, false)
+                end
+              end
+              true
+            end
           end
         end
       end

data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb CHANGED

@@ -17,20 +17,20 @@ module Contrast
         class ActiveRecordAttributeMethodsRead
           def self.instrument
             @_instrument ||= begin
-                           ::ActiveRecord::AttributeMethods::Read::ClassMethods.class_eval do
-                             alias_method :cs__patched_define_method_attribute, :define_method_attribute
+              ::ActiveRecord::AttributeMethods::Read::ClassMethods.class_eval do
+                alias_method :cs__patched_define_method_attribute, :define_method_attribute
-                             def define_method_attribute *args, &block
-                               ret = cs__patched_define_method_attribute(*args, &block)
-                               method_name = args[0]
-                               Contrast::Agent::Assess::Policy::Patcher.patch_assess_method(self, method_name)
-                               ret
-                             end
+                def define_method_attribute *args, &block
+                  ret = cs__patched_define_method_attribute(*args, &block)
+                  method_name = args[0]
+                  Contrast::Agent::Assess::Policy::Patcher.patch_assess_method(self, method_name)
+                  ret
+                end
-                             protected :cs__patched_define_method_attribute, :define_method_attribute
-                           end
-                           true
-                         end
+                protected :cs__patched_define_method_attribute, :define_method_attribute
+              end
+              true
+            end
           end
         end
       end

data/lib/contrast/framework/rails/rewrite/active_record_named.rb CHANGED

@@ -58,9 +58,9 @@ module Contrast
             def instrument
               @_instrument_named_track ||= begin
-                                                 require 'cs__assess_active_record_named/cs__assess_active_record_named'
-                                                 true
-                                               end
+                require 'cs__assess_active_record_named/cs__assess_active_record_named'
+                true
+              end
             rescue StandardError, LoadError => e
               logger.error('Error loading active record named track patch', e)
               false

data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb CHANGED

@@ -12,19 +12,19 @@ module Contrast
         class ActiveRecordTimeZoneInherited
           def self.instrument
             @_instrument ||= begin
-                               ::ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods.class_eval do
-                                 private
+              ::ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods.class_eval do
+                private
-                                 alias_method :cs__patched_inherited, :inherited
-                                 def inherited klass # rubocop:disable Lint/MissingSuper
-                                   klass&.instance_variable_set(:@cs__defining_class, true)
-                                   cs__patched_inherited(klass) # This calls the original inherited, which should handle super as needed.
-                                 ensure
-                                   klass&.instance_variable_set(:@cs__defining_class, false)
-                                 end
-                               end
-                               true
-                             end
+                alias_method :cs__patched_inherited, :inherited
+                def inherited klass # rubocop:disable Lint/MissingSuper
+                  klass&.instance_variable_set(:@cs__defining_class, true)
+                  cs__patched_inherited(klass) # This calls the original inherited, which should handle super as needed.
+                ensure
+                  klass&.instance_variable_set(:@cs__defining_class, false)
+                end
+              end
+              true
+            end
           end
         end
       end

data/lib/contrast/framework/rails/support.rb CHANGED

@@ -45,6 +45,9 @@ module Contrast
             find_all_routes(::Rails.application, [])
           end
+          # Find the current route, based on the provided Request wrapper
+          # @param request[Contrast::Agent::Request]
+          # @return [Contrast::Api::Dtm::RouteCoverage]
           def current_route request
             return unless ::Rails.cs__respond_to?(:application)
@@ -118,6 +121,8 @@ module Contrast
           # Rails engine routes need to be detected by inspecting Engine class route set
           def find_all_routes app, route_list
+            return route_list unless app.cs__respond_to?(:routes) && app.routes.cs__respond_to?(:routes)
             app.routes.routes.each do |route|
               if route.cs__respond_to?(:app) && route.app.cs__class == ActionDispatch::Routing::RouteSet::Dispatcher
                 route_list << Contrast::Api::Dtm::RouteCoverage.from_action_dispatch_journey(route)

data/lib/contrast/framework/sinatra/patch/base.rb CHANGED

@@ -34,17 +34,17 @@ module Contrast
             def instrument
               @_instrument ||= begin
-                                ::Sinatra::Base.class_eval do
-                                  alias_method :cs__patched_sinatra_base_call!, :call!
-                                  # publicly available method for Sinatra::Base things -- unfortunately,
-                                  # getting the routes appear to require a lookup every time
-                                  def call! *args
-                                    Contrast::Framework::Sinatra::Patch::Base.map_route(cs__class, settings, *args)
-                                    cs__patched_sinatra_base_call!(*args)
-                                  end
-                                end
-                                true
-                              end
+                ::Sinatra::Base.class_eval do
+                  alias_method :cs__patched_sinatra_base_call!, :call!
+                  # publicly available method for Sinatra::Base things -- unfortunately,
+                  # getting the routes appear to require a lookup every time
+                  def call! *args
+                    Contrast::Framework::Sinatra::Patch::Base.map_route(cs__class, settings, *args)
+                    cs__patched_sinatra_base_call!(*args)
+                  end
+                end
+                true
+              end
             end
             private

data/lib/contrast/framework/sinatra/support.rb CHANGED

@@ -70,10 +70,10 @@ module Contrast
             return nil unless defined?(::Sinatra) && defined?(::Sinatra::Base)
             @_app_class ||= begin
-                              sinatra_layers = ObjectSpace.each_object(::Sinatra::Base).to_a
-                              result_layer = sinatra_layers.find { |layer| layer.app.nil? }
-                              result_layer
-                            end
+              sinatra_layers = ObjectSpace.each_object(::Sinatra::Base).to_a
+              result_layer = sinatra_layers.find { |layer| layer.app.nil? }
+              result_layer
+            end
           end
           # Iterate over every class that extends Sinatra::Base, pull out its routes

data/lib/contrast/logger/application.rb CHANGED

@@ -33,9 +33,17 @@ module Contrast
       def application_configuration
         return unless info?
-        loggable = CONFIG.raw.send(:load_config)
-        loggable.delete('api')
-        info('Current configuration', configuration: JSON.pretty_generate(loggable))
+        loggable = CONFIG.loggable
+        info('Current configuration', configuration: loggable)
+        env_keys = ENV.keys.select { |env_key| env_key&.to_s&.start_with?(Contrast::Components::Config::CONTRAST_ENV_MARKER) }
+        env_items = env_keys.map { |env_key| Contrast::Utils::EnvConfigurationItem.new(env_key, nil) }
+        env_translations = env_items.each_with_object({}) do |conversion, hash|
+          hash[conversion.key] = conversion.dot_path_array.join('.')
+        end
+        info('Set by environment', overrides: env_translations)
+      rescue StandardError => e
+        puts e
+        sleep(5)
       end
       def application_libraries

data/lib/contrast/logger/log.rb CHANGED

@@ -49,14 +49,19 @@ module Contrast
         path        = valid_path(config_path   || log_file)
         level_const = valid_level(config_level || log_level)
+        path_change = path != previous_path
+        level_change = level_const != previous_level
         # don't needlessly recreate logger
-        return if @_logger && (path == previous_path) && (level_const == previous_level)
+        return if @_logger && !(path_change || level_change)
         @previous_path  = path
         @previous_level = level_const
         @_logger = build(path: path, level_const: level_const)
-        log_update
+        # If we're logging to a new path, then let's start it w/ our helpful
+        # data gathering messages
+        log_update if path_change
       rescue StandardError => e
         if logger
           logger.error('Unable to process update to LoggerManager.', e)