contrast-agent 3.15.0 → 3.16.0

data/lib/contrast/agent/static_analysis.rb

@@ -17,12 +17,12 @@ module Contrast
         # report the already-loaded gems.
         def catchup
           @_catchup ||= begin
-                          with_contrast_scope do
-                            Contrast::Utils::GemfileReader.instance.map_loaded_classes
-                            send_inventory_message
-                            true
-                          end
-                        end
+            with_contrast_scope do
+              Contrast::Utils::GemfileReader.instance.map_loaded_classes
+              send_inventory_message
+              true
+            end
+          end
         rescue StandardError => e
           logger.warn('Unable to run post-initialization static analysis', e)
         end

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '3.15.0'
+    VERSION = '3.16.0'
   end
 end

data/lib/contrast/api/communication/socket_client.rb

@@ -15,7 +15,7 @@ module Contrast
       # service proxy and tracks the state of that proxy.
       class SocketClient
         include Contrast::Components::Interface
-        access_component :contrast_service, :logging
+        access_component :config, :contrast_service, :logging
 
         def initialize
           @socket = init_connection
@@ -34,6 +34,7 @@ module Contrast
         private
 
         def init_connection
+          log_connection
           if CONTRAST_SERVICE.use_tcp?
             Contrast::Api::Communication::TcpSocket.new(CONTRAST_SERVICE.host, CONTRAST_SERVICE.port)
           else
@@ -41,6 +42,40 @@ module Contrast
           end
         end
 
+        def log_connection
+          # The socket is set,
+          if CONFIG.root.agent.service.socket
+            logger.info('Connecting to the Contrast Service using a UnixSocket socket',
+                        socket: CONTRAST_SERVICE.socket_path)
+            return
+          end
+          # The host & port are set,
+          if CONFIG.root.agent.service.host && CONFIG.root.agent.service.port
+            logger.info('Connecting to the Contrast Service using a TCP socket',
+                        host: CONTRAST_SERVICE.host,
+                        port: CONTRAST_SERVICE.port)
+            return
+          end
+
+          # Or something is not set.
+          msg = if CONFIG.root.agent.service.host
+                  'Missing a required connection value to the Contrast Service. ' \
+                  '`agent.service.port` is not set. ' \
+                  'Falling back to default TCP socket port.'
+                elsif CONFIG.root.agent.service.port
+                  'Missing a required connection value to the Contrast Service. ' \
+                  '`agent.service.host` is not set. ' \
+                  'Falling back to default TCP socket host.'
+                else
+                  'Missing a required connection value to the Contrast Service. ' \
+                  'Neither `agent.service.socket` nor the pair of `agent.service.host` and `agent.service.port` are set. '\
+                  'Falling back to default TCP socket.'
+                end
+          logger.warn(msg,
+                      host: CONTRAST_SERVICE.host,
+                      port: CONTRAST_SERVICE.port)
+        end
+
         def send_message msg
           return unless msg
 

data/lib/contrast/api/decorators/address.rb

@@ -28,19 +28,19 @@ module Contrast
           # @return [Contrast::Api::Dtm::Address] the address of this server
           def build_receiver
             @_build_receiver ||= begin
-                             address = new
-                             address.host = 'localhost'
-                             address.ip = '127.0.0.1'
-                             begin
-                               Timeout.timeout(1) do
-                                 address.host = Contrast::Utils::StringUtils.force_utf8(Socket.gethostname)
-                                 address.ip = Contrast::Utils::StringUtils.force_utf8(Resolv.getaddress(address.host))
-                               end
-                             rescue StandardError => e
-                               logger.warn('Unable to resolve host or ip', e, address: address)
-                             end
-                             address
-                           end
+              address = new
+              address.host = 'localhost'
+              address.ip = '127.0.0.1'
+              begin
+                Timeout.timeout(1) do
+                  address.host = Contrast::Utils::StringUtils.force_utf8(Socket.gethostname)
+                  address.ip = Contrast::Utils::StringUtils.force_utf8(Resolv.getaddress(address.host))
+                end
+              rescue StandardError => e
+                logger.warn('Unable to resolve host or ip', e, address: address)
+              end
+              address
+            end
           end
 
           # Parse out the sender of the Request and return it as an Address

data/lib/contrast/api/decorators/message.rb

@@ -1,6 +1,7 @@
 # Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/utils/object_share'
 require 'contrast/utils/string_utils'
 
 module Contrast

data/lib/contrast/api/decorators/trace_event.rb

@@ -47,10 +47,25 @@ module Contrast
                            Contrast::Agent::Assess::Tracker.properties(target)
                          end
                        end
+          return unless properties.tracked?
 
-          return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless properties.tracked?
+          self.taint_ranges += properties.tags_to_dtm
+        end
+
+        def build_parent_ids contrast_event
+          contrast_event&.parent_events&.each do |event|
+            next unless event
+
+            parent = Contrast::Api::Dtm::ParentObjectId.new
+            parent.id = event.event_id.to_i
+            parent_object_ids << parent
+          end
+        end
 
-          properties.tags_to_dtm
+        def build_stack contrast_event
+          # We delayed doing this as long as possible b/c it's expensive
+          stack_dtms = Contrast::Utils::StackTraceUtils.build_assess_stack_array(contrast_event.stack_trace)
+          self.stack += stack_dtms
         end
 
         # Class methods for TraceEvent
@@ -71,23 +86,10 @@ module Contrast
             truncate_ret = Contrast::Utils::ObjectShare::RETURN_KEY != taint_target
             event_dtm.ret = Contrast::Api::Dtm::TraceEventObject.build(contrast_event.ret, truncate_ret)
             event_dtm.build_event_args(contrast_event, taint_target)
-
-            taint_ranges = event_dtm.build_taint_ranges(contrast_event, taint_target)
-            taint_ranges.each do |range|
-              event_dtm.taint_ranges << range
-            end
-
-            # We delayed doing this as long as possible b/c it's expensive
-            stack = Contrast::Utils::StackTraceUtils.build_assess_stack_array(contrast_event.stack_trace)
-            event_dtm.stack += stack
-
+            event_dtm.build_parent_ids(contrast_event)
+            event_dtm.build_taint_ranges(contrast_event, taint_target)
+            event_dtm.build_stack(contrast_event)
             event_dtm.object_id = contrast_event.event_id.to_i
-            contrast_event.parent_ids&.each do |id|
-              parent = Contrast::Api::Dtm::ParentObjectId.new
-              parent.id = id.to_i
-              event_dtm.parent_object_ids << parent
-            end
-
             event_dtm.signature = Contrast::Api::Dtm::TraceEventSignature.build(contrast_event.ret, contrast_event.policy_node, contrast_event.args)
             event_dtm
           end

data/lib/contrast/components/app_context.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'rubygems/version'
+require 'contrast/utils/object_share'
 
 module Contrast
   module Components
@@ -15,7 +16,7 @@ module Contrast
         include Contrast::Components::ComponentBase
         include Contrast::Components::Interface
 
-        access_component :agent, :analysis, :config
+        access_component :agent, :analysis, :config, :logging
 
         DEFAULT_APP_NAME    = 'rails'
         DEFAULT_APP_PATH    = '/'
@@ -28,51 +29,51 @@ module Contrast
 
         def server_type
           @_server_type ||= begin
-                              tmp = CONFIG.root.server.type
-                              tmp = Contrast::Agent.framework_manager.server_type unless Contrast::Utils::StringUtils.present?(tmp)
-                              tmp
-                            end
+            tmp = CONFIG.root.server.type
+            tmp = Contrast::Agent.framework_manager.server_type unless Contrast::Utils::StringUtils.present?(tmp)
+            tmp
+          end
         end
 
         def name
           @_name ||= begin
-                       tmp = CONFIG.root.application.name
-                       tmp = Contrast::Agent.framework_manager.app_name unless Contrast::Utils::StringUtils.present?(tmp)
-                       tmp = File.basename(Dir.pwd) unless Contrast::Utils::StringUtils.present?(tmp)
-                       Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_NAME)
-                     rescue StandardError
-                       DEFAULT_APP_NAME
-                     end
+            tmp = CONFIG.root.application.name
+            tmp = Contrast::Agent.framework_manager.app_name unless Contrast::Utils::StringUtils.present?(tmp)
+            tmp = File.basename(Dir.pwd) unless Contrast::Utils::StringUtils.present?(tmp)
+            Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_NAME)
+          rescue StandardError
+            DEFAULT_APP_NAME
+          end
         end
 
         def path
           @_path ||= begin
-                       tmp = CONFIG.root.application.path
-                       Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_PATH)
-                     rescue StandardError
-                       DEFAULT_APP_PATH
-                     end
+            tmp = CONFIG.root.application.path
+            Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_PATH)
+          rescue StandardError
+            DEFAULT_APP_PATH
+          end
         end
 
         def server_name
           @_server_name ||= begin
-                              tmp = CONFIG.root.server.name
-                              tmp = Socket.gethostname unless Contrast::Utils::StringUtils.present?(tmp)
-                              tmp = Contrast::Utils::StringUtils.force_utf8(tmp)
-                              Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_NAME)
-                            rescue StandardError
-                              DEFAULT_SERVER_NAME
-                            end
+            tmp = CONFIG.root.server.name
+            tmp = Socket.gethostname unless Contrast::Utils::StringUtils.present?(tmp)
+            tmp = Contrast::Utils::StringUtils.force_utf8(tmp)
+            Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_NAME)
+          rescue StandardError
+            DEFAULT_SERVER_NAME
+          end
         end
 
         def server_path
           @_server_path ||= begin
-                              tmp = CONFIG.root.server.path
-                              tmp = Dir.pwd unless Contrast::Utils::StringUtils.present?(tmp)
-                              Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_PATH)
-                            rescue StandardError
-                              DEFAULT_SERVER_PATH
-                            end
+            tmp = CONFIG.root.server.path
+            tmp = Dir.pwd unless Contrast::Utils::StringUtils.present?(tmp)
+            Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_PATH)
+          rescue StandardError
+            DEFAULT_SERVER_PATH
+          end
         end
 
         def build_app_startup_message
@@ -101,6 +102,14 @@ module Contrast
           msg.application_tags = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.tags
           msg.library_tags     = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.inventory.tags
           msg.finding_tags     = Contrast::Utils::StringUtils.protobuf_format ASSESS.tags
+          logger.info('Application context',
+                      server_name: msg.server_name,
+                      server_path: msg.server_path,
+                      server_type: msg.server_type,
+                      application_name: name,
+                      application_path: path,
+                      application_language: Contrast::Utils::ObjectShare::RUBY)
+
           msg
         end
 

data/lib/contrast/components/contrast_service.rb

@@ -26,21 +26,21 @@ module Contrast
           # Validates the config to decide if it's suitable for starting
           # the bundled service
           @_use_bundled_service ||= begin
-                                      # Requirement says "must be true" but that
-                                      # should be "must not be false" -- oops.
-                                      !false?(CONFIG.root.agent.start_bundled_service) &&
-                                          # Either a valid host or a valid socket
-                                          # Path validity is the service's problem
-                                          (LOCALHOST.match?(host) || !!socket_path)
-                                    end
+            # Requirement says "must be true" but that
+            # should be "must not be false" -- oops.
+            !false?(CONFIG.root.agent.start_bundled_service) &&
+                # Either a valid host or a valid socket
+                # Path validity is the service's problem
+                (LOCALHOST.match?(host) || !!socket_path)
+          end
         end
 
         def host
-          @_host ||= CONFIG.root.agent.service.host.to_s
+          @_host ||= (CONFIG.root.agent.service.host || Contrast::Config::ServiceConfiguration::DEFAULT_HOST).to_s
         end
 
         def port
-          @_port ||= CONFIG.root.agent.service.port.to_i
+          @_port ||= (CONFIG.root.agent.service.port || Contrast::Config::ServiceConfiguration::DEFAULT_PORT).to_i
         end
 
         def socket_path

data/lib/contrast/components/settings.rb

@@ -55,23 +55,22 @@ module Contrast
         APPLICATION_STATE_ATTRS   = %i[modes_by_id exclusion_matchers disabled_assess_rules].cs__freeze
 
         # Meta-define an accessor for each state attribute.
-        begin
-          PROTECT_STATE_ATTRS.each do |attr|
-            define_method(attr) do
-              protect_state[attr]
-            end
+
+        PROTECT_STATE_ATTRS.each do |attr|
+          define_method(attr) do
+            protect_state[attr]
           end
+        end
 
-          ASSESS_STATE_ATTRS.each do |attr|
-            define_method(attr) do
-              assess_state[attr]
-            end
+        ASSESS_STATE_ATTRS.each do |attr|
+          define_method(attr) do
+            assess_state[attr]
           end
+        end
 
-          APPLICATION_STATE_ATTRS.each do |attr|
-            define_method(attr) do
-              application_state[attr]
-            end
+        APPLICATION_STATE_ATTRS.each do |attr|
+          define_method(attr) do
+            application_state[attr]
           end
         end
 
@@ -95,18 +94,16 @@ module Contrast
 
         def update_from_server_features server_features
           # protect
-          begin
-            @_protect_enabled = nil
-            protect_state[:enabled] = server_features.protect_enabled?
-          end
+
+          @_protect_enabled = nil
+          protect_state[:enabled] = server_features.protect_enabled?
 
           # assess
-          begin
-            @_assess_enabled = nil
-            assess_state[:enabled] = server_features.assess_enabled?
-            assess_state[:sampling_settings] = server_features.assess.sampling
-            Contrast::Utils::Assess::SamplingUtil.instance.update
-          end
+
+          @_assess_enabled = nil
+          assess_state[:enabled] = server_features.assess_enabled?
+          assess_state[:sampling_settings] = server_features.assess.sampling
+          Contrast::Utils::Assess::SamplingUtil.instance.update
         end
 
         def update_from_application_settings application_settings

data/lib/contrast/config/service_configuration.rb

@@ -9,13 +9,15 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # communication between the Agent & the Service.
     class ServiceConfiguration < BaseConfiguration
+      # We don't set these b/c we've been asked to handle the default values of
+      # these settings differently, logging when we have to use them.
       DEFAULT_HOST       = '127.0.0.1'
       DEFAULT_PORT       = '30555'
 
       KEYS = {
           enable: EMPTY_VALUE,
-          host: Contrast::Config::DefaultValue.new(DEFAULT_HOST),
-          port: Contrast::Config::DefaultValue.new(DEFAULT_PORT),
+          host: EMPTY_VALUE,
+          port: EMPTY_VALUE,
           socket: EMPTY_VALUE,
           logger: Contrast::Config::LoggerConfiguration
       }.cs__freeze

data/lib/contrast/configuration.rb

@@ -238,7 +238,7 @@ module Contrast
     # @return [Hash, Object] the leaf of each
     #   Contrast::Config::BaseConfiguration will be returned in the N > 0 steps
     #   the Hash will be returned at the end of the 0 level
-    def convert_to_hash convert=root, hash={}
+    def convert_to_hash convert = root, hash = {}
       case convert
       when Contrast::Config::BaseConfiguration
         convert.cs__class::KEYS.each_key do |key|

data/lib/contrast/extension/assess/array.rb

@@ -44,10 +44,13 @@ module Contrast
 
               shift = 0
               separator_length = separator.nil? ? 0 : separator.to_s.length
+              parent_events = []
               ary.each do |obj|
                 if obj # skip nil here
                   properties.copy_from(obj, ret, shift)
                   shift += obj.to_s.length
+                  parent_event = Contrast::Agent::Assess::Tracker.properties(obj)&.event
+                  parent_events << parent_event if parent_event
                 end
                 shift += separator_length
               end
@@ -60,15 +63,16 @@ module Contrast
                   ary,
                   ret,
                   [separator])
+              properties.event.instance_variable_set(:@_parent_events, parent_events)
               ret
             end
           end
 
           def instrument_array_track
             @_instrument_array_track ||= begin
-                                           require 'cs__assess_array/cs__assess_array'
-                                           true
-                                         end
+              require 'cs__assess_array/cs__assess_array'
+              true
+            end
           rescue StandardError, LoadError => e
             logger.error('Error loading assess track patch', e)
             false