contrast-agent 3.15.0 → 4.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (158) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +1 -0
  3. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +22 -10
  4. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +4 -3
  5. data/lib/contrast/agent.rb +4 -12
  6. data/lib/contrast/agent/assess/contrast_event.rb +121 -130
  7. data/lib/contrast/agent/assess/contrast_object.rb +51 -0
  8. data/lib/contrast/agent/assess/events/source_event.rb +5 -10
  9. data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +10 -3
  10. data/lib/contrast/agent/assess/policy/patcher.rb +4 -3
  11. data/lib/contrast/agent/assess/policy/policy_node.rb +46 -69
  12. data/lib/contrast/agent/assess/policy/policy_scanner.rb +19 -2
  13. data/lib/contrast/agent/assess/policy/preshift.rb +3 -3
  14. data/lib/contrast/agent/assess/policy/propagation_method.rb +13 -19
  15. data/lib/contrast/agent/assess/policy/propagation_node.rb +12 -24
  16. data/lib/contrast/agent/assess/policy/propagator/append.rb +1 -2
  17. data/lib/contrast/agent/assess/policy/propagator/center.rb +1 -2
  18. data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
  19. data/lib/contrast/agent/assess/policy/propagator/database_write.rb +1 -3
  20. data/lib/contrast/agent/assess/policy/propagator/insert.rb +2 -3
  21. data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -2
  22. data/lib/contrast/agent/assess/policy/propagator/match_data.rb +3 -5
  23. data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -2
  24. data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -2
  25. data/lib/contrast/agent/assess/policy/propagator/remove.rb +2 -4
  26. data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -2
  27. data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -2
  28. data/lib/contrast/agent/assess/policy/propagator/select.rb +4 -7
  29. data/lib/contrast/agent/assess/policy/propagator/splat.rb +2 -9
  30. data/lib/contrast/agent/assess/policy/propagator/split.rb +77 -122
  31. data/lib/contrast/agent/assess/policy/propagator/substitution.rb +32 -25
  32. data/lib/contrast/agent/assess/policy/propagator/trim.rb +3 -7
  33. data/lib/contrast/agent/assess/policy/source_method.rb +2 -14
  34. data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +9 -13
  35. data/lib/contrast/agent/assess/policy/trigger/xpath.rb +1 -1
  36. data/lib/contrast/agent/assess/policy/trigger_method.rb +39 -14
  37. data/lib/contrast/agent/assess/policy/trigger_node.rb +31 -37
  38. data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
  39. data/lib/contrast/agent/assess/property/evented.rb +5 -18
  40. data/lib/contrast/agent/assess/property/tagged.rb +28 -16
  41. data/lib/contrast/agent/assess/property/updated.rb +0 -5
  42. data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +58 -5
  43. data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +23 -8
  44. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +83 -14
  45. data/lib/contrast/agent/assess/rule/redos.rb +1 -1
  46. data/lib/contrast/agent/assess/tag.rb +1 -1
  47. data/lib/contrast/agent/assess/tracker.rb +16 -18
  48. data/lib/contrast/agent/at_exit_hook.rb +5 -5
  49. data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +7 -0
  50. data/lib/contrast/agent/inventory.rb +15 -0
  51. data/lib/contrast/agent/inventory/dependencies.rb +50 -0
  52. data/lib/contrast/agent/inventory/dependency_analysis.rb +37 -0
  53. data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +104 -0
  54. data/lib/contrast/agent/inventory/gemfile_digest_cache.rb +38 -0
  55. data/lib/contrast/agent/middleware.rb +51 -3
  56. data/lib/contrast/agent/patching/policy/after_load_patch.rb +5 -5
  57. data/lib/contrast/agent/patching/policy/after_load_patcher.rb +20 -20
  58. data/lib/contrast/agent/patching/policy/method_policy.rb +1 -1
  59. data/lib/contrast/agent/patching/policy/module_policy.rb +10 -10
  60. data/lib/contrast/agent/patching/policy/patch.rb +6 -0
  61. data/lib/contrast/agent/patching/policy/policy.rb +16 -2
  62. data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +3 -5
  63. data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +47 -1
  64. data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +4 -3
  65. data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +1 -1
  66. data/lib/contrast/agent/protect/policy/rule_applicator.rb +53 -0
  67. data/lib/contrast/agent/protect/rule/base.rb +63 -14
  68. data/lib/contrast/agent/protect/rule/cmd_injection.rb +12 -28
  69. data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -4
  70. data/lib/contrast/agent/protect/rule/deserialization.rb +4 -1
  71. data/lib/contrast/agent/protect/rule/no_sqli.rb +3 -3
  72. data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +1 -0
  73. data/lib/contrast/agent/protect/rule/sqli.rb +3 -3
  74. data/lib/contrast/agent/protect/rule/xxe.rb +32 -11
  75. data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +10 -6
  76. data/lib/contrast/agent/reaction_processor.rb +1 -1
  77. data/lib/contrast/agent/request.rb +34 -34
  78. data/lib/contrast/agent/request_handler.rb +1 -1
  79. data/lib/contrast/agent/response.rb +5 -5
  80. data/lib/contrast/agent/rewriter.rb +3 -3
  81. data/lib/contrast/agent/scope.rb +81 -55
  82. data/lib/contrast/agent/static_analysis.rb +15 -9
  83. data/lib/contrast/agent/tracepoint_hook.rb +1 -1
  84. data/lib/contrast/agent/version.rb +1 -1
  85. data/lib/contrast/api/communication/socket_client.rb +36 -1
  86. data/lib/contrast/api/decorators.rb +3 -0
  87. data/lib/contrast/api/decorators/address.rb +13 -14
  88. data/lib/contrast/api/decorators/application_update.rb +1 -1
  89. data/lib/contrast/api/decorators/library.rb +54 -0
  90. data/lib/contrast/api/decorators/library_usage_update.rb +31 -0
  91. data/lib/contrast/api/decorators/message.rb +1 -0
  92. data/lib/contrast/api/decorators/trace_event.rb +31 -41
  93. data/lib/contrast/api/decorators/trace_event_object.rb +11 -3
  94. data/lib/contrast/api/decorators/trace_event_signature.rb +27 -5
  95. data/lib/contrast/api/decorators/user_input.rb +2 -1
  96. data/lib/contrast/common_agent_configuration.rb +2 -1
  97. data/lib/contrast/components/agent.rb +6 -5
  98. data/lib/contrast/components/app_context.rb +39 -30
  99. data/lib/contrast/components/assess.rb +36 -0
  100. data/lib/contrast/components/config.rb +29 -37
  101. data/lib/contrast/components/contrast_service.rb +9 -9
  102. data/lib/contrast/components/interface.rb +30 -6
  103. data/lib/contrast/components/inventory.rb +6 -1
  104. data/lib/contrast/components/scope.rb +72 -6
  105. data/lib/contrast/components/settings.rb +23 -23
  106. data/lib/contrast/config/assess_configuration.rb +2 -1
  107. data/lib/contrast/config/inventory_configuration.rb +2 -2
  108. data/lib/contrast/config/service_configuration.rb +4 -2
  109. data/lib/contrast/configuration.rb +1 -1
  110. data/lib/contrast/extension/assess/array.rb +9 -6
  111. data/lib/contrast/extension/assess/erb.rb +6 -3
  112. data/lib/contrast/extension/assess/eval_trigger.rb +6 -6
  113. data/lib/contrast/extension/assess/exec_trigger.rb +0 -3
  114. data/lib/contrast/extension/assess/fiber.rb +5 -6
  115. data/lib/contrast/extension/assess/hash.rb +7 -5
  116. data/lib/contrast/extension/assess/kernel.rb +19 -22
  117. data/lib/contrast/extension/assess/marshal.rb +40 -28
  118. data/lib/contrast/extension/assess/regexp.rb +6 -11
  119. data/lib/contrast/extension/assess/string.rb +14 -13
  120. data/lib/contrast/extension/protect/kernel.rb +3 -3
  121. data/lib/contrast/framework/base_support.rb +51 -53
  122. data/lib/contrast/framework/manager.rb +6 -5
  123. data/lib/contrast/framework/rack/patch/session_cookie.rb +10 -10
  124. data/lib/contrast/framework/rack/support.rb +2 -1
  125. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +14 -14
  126. data/lib/contrast/framework/rails/patch/assess_configuration.rb +1 -1
  127. data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +11 -11
  128. data/lib/contrast/framework/rails/patch/support.rb +1 -1
  129. data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +12 -12
  130. data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +13 -13
  131. data/lib/contrast/framework/rails/rewrite/active_record_named.rb +3 -3
  132. data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +13 -13
  133. data/lib/contrast/framework/rails/support.rb +5 -1
  134. data/lib/contrast/framework/sinatra/patch/base.rb +11 -11
  135. data/lib/contrast/framework/sinatra/support.rb +7 -6
  136. data/lib/contrast/logger/application.rb +1 -4
  137. data/lib/contrast/logger/log.rb +7 -2
  138. data/lib/contrast/utils/duck_utils.rb +1 -1
  139. data/lib/contrast/utils/heap_dump_util.rb +1 -1
  140. data/lib/contrast/utils/invalid_configuration_util.rb +2 -5
  141. data/lib/contrast/utils/inventory_util.rb +0 -7
  142. data/lib/contrast/utils/object_share.rb +3 -3
  143. data/lib/contrast/utils/preflight_util.rb +1 -1
  144. data/lib/contrast/utils/prevent_serialization.rb +1 -1
  145. data/lib/contrast/utils/resource_loader.rb +1 -1
  146. data/lib/contrast/utils/sha256_builder.rb +2 -14
  147. data/lib/contrast/utils/string_utils.rb +1 -1
  148. data/lib/contrast/utils/tag_util.rb +9 -13
  149. data/resources/assess/policy.json +31 -12
  150. data/resources/deadzone/policy.json +156 -0
  151. data/resources/protect/policy.json +12 -0
  152. data/ruby-agent.gemspec +11 -6
  153. data/service_executables/VERSION +1 -1
  154. data/service_executables/linux/contrast-service +0 -0
  155. data/service_executables/mac/contrast-service +0 -0
  156. metadata +91 -28
  157. data/lib/contrast/utils/boolean_util.rb +0 -30
  158. data/lib/contrast/utils/gemfile_reader.rb +0 -193
@@ -123,10 +123,7 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
123
123
  elsif start_block_comment?(char, index, query)
124
124
  boundaries << index
125
125
  :STATE_INSIDE_BLOCK_COMMENT
126
- elsif operator?(char)
127
- boundaries << index
128
- :STATE_EXPECTING_TOKEN
129
- elsif char.match?(Contrast::Utils::ObjectShare::WHITE_SPACE_REGEXP)
126
+ elsif operator?(char) || char.match?(Contrast::Utils::ObjectShare::WHITE_SPACE_REGEXP)
130
127
  boundaries << index
131
128
  :STATE_EXPECTING_TOKEN
132
129
  else
@@ -17,19 +17,22 @@ module Contrast
17
17
  BLOCK_MESSAGE = 'Untrusted Deserialization rule triggered. Deserialization blocked.'
18
18
 
19
19
  # Gadgets that map to ERB modules
20
- ERB_GADGETS = %w[
20
+ ERB_GADGETS = %W[
21
21
  object:ERB
22
+ o:\bERB
22
23
  ].cs__freeze
23
24
 
24
25
  # Gadgets that map to ActionDispatch modules
25
26
  ACTION_DISPATCH_GADGETS = %w[
26
27
  object:ActionDispatch::Routing::RouteSet::NamedRouteCollection
28
+ o:\bActionDispatch::Routing::RouteSet::NamedRouteCollection
27
29
  ].cs__freeze
28
30
 
29
31
  # Gadgets that map to Arel Modules
30
32
  AREL_GADGETS = %w[
31
33
  string:Arel::Nodes::SqlLiteral
32
34
  object:Arel::Nodes
35
+ o:\bArel::Nodes
33
36
  ].cs__freeze
34
37
 
35
38
  # Used to indicate to TeamServer the gadget is an ERB module
@@ -21,10 +21,10 @@ module Contrast
21
21
  end
22
22
 
23
23
  def infilter context, database, query_string
24
- return nil unless infilter?(context)
24
+ return unless infilter?(context)
25
25
 
26
26
  result = find_attacker(context, query_string, database: database)
27
- return nil unless result
27
+ return unless result
28
28
 
29
29
  append_to_activity(context, result)
30
30
 
@@ -36,7 +36,7 @@ module Contrast
36
36
 
37
37
  attack_string = input_analysis_result.value
38
38
  regexp = Regexp.new(Regexp.escape(attack_string), Regexp::IGNORECASE)
39
- return nil unless query_string.match?(regexp)
39
+ return unless query_string.match?(regexp)
40
40
 
41
41
  scanner = select_scanner
42
42
  ss = StringScanner.new(query_string)
@@ -16,6 +16,7 @@ module Contrast
16
16
  def start_line_comment? char, index, query
17
17
  if char == Contrast::Utils::ObjectShare::SLASH &&
18
18
  query[index + 1] == Contrast::Utils::ObjectShare::SLASH
19
+
19
20
  return true
20
21
  end
21
22
 
@@ -22,10 +22,10 @@ module Contrast
22
22
  end
23
23
 
24
24
  def infilter context, database, query_string
25
- return nil unless infilter?(context)
25
+ return unless infilter?(context)
26
26
 
27
27
  result = find_attacker(context, query_string, database: database)
28
- return nil unless result
28
+ return unless result
29
29
 
30
30
  append_to_activity(context, result)
31
31
 
@@ -36,7 +36,7 @@ module Contrast
36
36
  attack_string = input_analysis_result.value
37
37
  regexp = Regexp.new(Regexp.escape(attack_string), Regexp::IGNORECASE)
38
38
 
39
- return nil unless query_string.match?(regexp)
39
+ return unless query_string.match?(regexp)
40
40
 
41
41
  database = kwargs[:database]
42
42
  scanner = select_scanner(database)
@@ -19,7 +19,9 @@ module Contrast
19
19
  NAME
20
20
  end
21
21
 
22
- # Given an xml, evaluate it for an XXE attack.
22
+ # Given an xml, evaluate it for an XXE attack. There's no return here
23
+ # as this method handles appending the evaluation to the request
24
+ # context, connecting it to the reporting mechanism at request end.
23
25
  #
24
26
  # @param context [Contrast::Agent::RequestContext] the context of the
25
27
  # request in which this input is evaluated.
@@ -29,7 +31,7 @@ module Contrast
29
31
  # attack is found and the rule is in block mode.
30
32
  def infilter context, framework, xml
31
33
  result = find_attacker(context, xml, framework: framework)
32
- return nil unless result
34
+ return unless result
33
35
 
34
36
  append_to_activity(context, result)
35
37
  return unless blocked?
@@ -39,16 +41,23 @@ module Contrast
39
41
 
40
42
  protected
41
43
 
44
+ # Given an XML, find any externally resolved entities and create an
45
+ # Attack Result for them
46
+ #
47
+ # @param context [Contrast::Agent::RequestContext] the context of the
48
+ # request in which this input is evaluated.
49
+ # @param xml [String] the literal value of the XML being checked for
50
+ # external entity resolution
51
+ # @param _kwargs [Hash]
52
+ # @return [Contrast::Api::Dtm::AttackResult, nil] the determination
53
+ # as to whether or not this XML has an XXE attack in it.
42
54
  def find_attacker context, xml, **_kwargs
43
- return nil unless xml
44
- return nil if protect_excluded_by_code?
55
+ return unless xml
56
+ return if protect_excluded_by_code?
45
57
 
46
- xxe_details, last_idx = build_details(xml)
47
- return nil unless xxe_details
58
+ xxe_details = build_details(xml)
59
+ return unless xxe_details
48
60
 
49
- # For our definition, the prolog goes from the start of the XML
50
- # string to the end of the last entity declaration.
51
- xxe_details.xml = Contrast::Utils::StringUtils.protobuf_safe_string(xml[0, last_idx])
52
61
  ia_result = build_evaluation(xxe_details.xml)
53
62
  build_attack_with_match(
54
63
  context,
@@ -58,7 +67,15 @@ module Contrast
58
67
  details: xxe_details)
59
68
  end
60
69
 
61
- def build_details xml, _evaluation = nil
70
+ # Given an XML determined to be unsafe, build out the details of the
71
+ # attack. The details will include a substring of the given XML up to
72
+ # the end of the prolog, where the external entities are declared.
73
+ #
74
+ # @param xml [String] the literal value of the XML being checked for
75
+ # external entity resolution
76
+ # @return [Contrast::Api::Dtm::XxeDetails] The details of
77
+ # the XXE attack and the index of the last entity discovered
78
+ def build_details xml
62
79
  last_idx = 0
63
80
  ss = StringScanner.new(xml)
64
81
  while ss.scan_until(EXTERNAL_ENTITY_PATTERN)
@@ -70,7 +87,11 @@ module Contrast
70
87
  xxe_details.declared_entities << build_match(ss)
71
88
  xxe_details.entities_resolved << build_wrapper(entity_wrapper)
72
89
  end
73
- [xxe_details, last_idx]
90
+ # For our definition, the prolog goes from the start of the XML
91
+ # string to the end of the last entity declaration.
92
+ xxe_details.xml = Contrast::Utils::StringUtils.protobuf_safe_string(xml[0, last_idx]) if xxe_details
93
+
94
+ xxe_details
74
95
  end
75
96
 
76
97
  def build_sample context, ia_result, _url, **kwargs
@@ -18,12 +18,16 @@ module Contrast
18
18
  end
19
19
 
20
20
  def external_entity?
21
- @_external_entity ||= begin
22
- return external_id?(@system_id) if @system_id
23
- return external_id?(@public_id) if @public_id
24
-
25
- false
21
+ if @_external_entity.nil?
22
+ @_external_entity ||= if @system_id
23
+ external_id?(@system_id)
24
+ elsif @public_id
25
+ external_id?(@public_id)
26
+ else
27
+ false
28
+ end
26
29
  end
30
+ @_external_entity
27
31
  end
28
32
 
29
33
  # <!ENTITY name SYSTEM "URI">
@@ -48,7 +52,7 @@ module Contrast
48
52
  UP_DIR_LINUX = '../'
49
53
  UP_DIR_WIN = '..\\'
50
54
  # we only use this against lowercase strings, removed A-Z for speed
51
- FILE_PATTERN_WINDOWS = /^[\\\\]*[a-z]{1,3}:.*/.cs__freeze
55
+ FILE_PATTERN_WINDOWS = /^\\*[a-z]{1,3}:.*/.cs__freeze
52
56
  def external_id? entity_id
53
57
  return false unless entity_id
54
58
 
@@ -22,7 +22,7 @@ module Contrast
22
22
  # @param application_settings [Contrast::Api::Settings::ApplicationSettings]
23
23
  # those settings which the Service has relayed from TeamServer.
24
24
  def self.process application_settings
25
- return nil unless application_settings&.reactions&.any?
25
+ return unless application_settings&.reactions&.any?
26
26
 
27
27
  application_settings.reactions.each do |reaction|
28
28
  # the enums are all uppercase, we need to downcase them before attempting to log
@@ -46,42 +46,42 @@ module Contrast
46
46
  # Should also handle the ;jsessionid.
47
47
  def normalized_uri
48
48
  @_normalized_uri ||= begin
49
- path = rack_request.path
50
- uri = path.split(Contrast::Utils::ObjectShare::SEMICOLON)[0] # remove ;jsessionid
51
- uri = uri.split(Contrast::Utils::ObjectShare::QUESTION_MARK)[0] # remove ?query_string=
52
- uri.gsub(INNER_REST_TOKEN, INNER_NUMBER_MARKER) # replace interior tokens
53
- uri.gsub(LAST_REST_TOKEN, LAST_NUMBER_MARKER) # replace last token
54
- end
49
+ path = rack_request.path
50
+ uri = path.split(Contrast::Utils::ObjectShare::SEMICOLON)[0] # remove ;jsessionid
51
+ uri = uri.split(Contrast::Utils::ObjectShare::QUESTION_MARK)[0] # remove ?query_string=
52
+ uri.gsub(INNER_REST_TOKEN, INNER_NUMBER_MARKER) # replace interior tokens
53
+ uri.gsub(LAST_REST_TOKEN, LAST_NUMBER_MARKER) # replace last token
54
+ end
55
55
  end
56
56
 
57
57
  def document_type
58
58
  @_document_type ||= begin
59
- if /xml/i.match?(content_type) || body&.start_with?('<?xml')
60
- :XML
61
- elsif /json/i.match?(content_type) || body&.match?(/\s*[{\[]/)
62
- :JSON
63
- else
64
- :NORMAL
65
- end
66
- end
59
+ if /xml/i.match?(content_type) || body&.start_with?('<?xml')
60
+ :XML
61
+ elsif /json/i.match?(content_type) || body&.match?(/\s*[{\[]/)
62
+ :JSON
63
+ else
64
+ :NORMAL
65
+ end
66
+ end
67
67
  end
68
68
 
69
69
  # Header keys upcased and any underscores replaced with dashes
70
70
  def headers
71
71
  @_headers ||= begin
72
- with_contrast_scope do
73
- hash = {}
74
- env.each do |key, value|
75
- next unless key
76
-
77
- name = key.to_s
78
- next unless name.start_with?(Contrast::Utils::ObjectShare::HTTP_SCORE)
79
-
80
- hash[Contrast::Utils::StringUtils.normalized_key(name)] = value
81
- end
82
- hash
83
- end
84
- end
72
+ with_contrast_scope do
73
+ hash = {}
74
+ env.each do |key, value|
75
+ next unless key
76
+
77
+ name = key.to_s
78
+ next unless name.start_with?(Contrast::Utils::ObjectShare::HTTP_SCORE)
79
+
80
+ hash[Contrast::Utils::StringUtils.normalized_key(name)] = value
81
+ end
82
+ hash
83
+ end
84
+ end
85
85
  end
86
86
 
87
87
  def body
@@ -121,13 +121,13 @@ module Contrast
121
121
 
122
122
  def file_names
123
123
  @_file_names ||= begin
124
- names = {}
125
- parsed_data = Rack::Multipart.parse_multipart(rack_request.env)
126
- traverse_parsed_multipart(parsed_data, names)
127
- rescue StandardError => _e
128
- logger.warn('Unable to parse multipart request!')
129
- {}
130
- end
124
+ names = {}
125
+ parsed_data = Rack::Multipart.parse_multipart(rack_request.env)
126
+ traverse_parsed_multipart(parsed_data, names)
127
+ rescue StandardError => _e
128
+ logger.warn('Unable to parse multipart request!')
129
+ {}
130
+ end
131
131
  end
132
132
 
133
133
  def hash_id
@@ -18,7 +18,7 @@ module Contrast
18
18
  end
19
19
 
20
20
  def send_activity_messages
21
- Contrast::Utils::GemfileReader.instance.generate_library_usage(context.activity)
21
+ Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.generate_library_usage(context.activity)
22
22
  [context.server_activity, context.activity, context.observed_route].each do |message|
23
23
  Contrast::Agent.messaging_queue.send_event_eventually(message)
24
24
  end
@@ -118,16 +118,16 @@ module Contrast
118
118
  # holds, wraps, or is the body of the Response
119
119
  # @return [nil, String] the content of the body
120
120
  def extract_body body
121
- return nil unless body
121
+ return unless body
122
122
 
123
123
  if defined?(Rack::File) && body.is_a?(Rack::File)
124
124
  # not sure what to do in this situation, so don't do anything.
125
125
  nil
126
126
  elsif body.is_a?(Rack::BodyProxy)
127
127
  handle_rack_body_proxy(body)
128
- elsif defined?(ActionDispatch::Response::RackBody) && body.is_a?(ActionDispatch::Response::RackBody)
129
- extract_body(body.body)
130
- elsif body.is_a?(Rack::Response)
128
+ elsif (defined?(ActionDispatch::Response::RackBody) && body.is_a?(ActionDispatch::Response::RackBody)) ||
129
+ body.is_a?(Rack::Response)
130
+
131
131
  extract_body(body.body)
132
132
  elsif Contrast::Utils::DuckUtils.quacks_to?(body, :each)
133
133
  acc = []
@@ -152,7 +152,7 @@ module Contrast
152
152
  end
153
153
 
154
154
  def read_or_string obj
155
- return nil unless obj
155
+ return unless obj
156
156
 
157
157
  if Contrast::Utils::DuckUtils.quacks_to?(obj, :read)
158
158
  tmp = obj.read
@@ -96,11 +96,11 @@ module Contrast
96
96
  return unless method_exists?(clazz, method_name, type)
97
97
 
98
98
  method_instance = method_instance(clazz, method_name, type)
99
- return nil if method_instance.nil?
99
+ return if method_instance.nil?
100
100
 
101
101
  location = method_instance.source_location
102
- return nil unless location_available?(location)
103
- return nil if opener.written_from_location?(location)
102
+ return unless location_available?(location)
103
+ return if opener.written_from_location?(location)
104
104
 
105
105
  opener.written_from_location!(location)
106
106
  opener.source_code(location, method_name)
@@ -15,67 +15,93 @@ module Contrast
15
15
  # Instead, we should say "If I'm already doing Contrast things, don't track
16
16
  # this"
17
17
  class Scope
18
- # The following %i[] list is the authoritative list
19
- # of scopes. If you define a new symbol here, you'll
20
- # get scope methods:
21
- # %i[monkey] ->
22
- # enter_monkey_scope!
23
- # exit_monkey_scope!
24
- # in_monkey_scope?
25
- # with_monkey_scope { special_monkey_function }
26
- SCOPE_LIST = %i[contrast deserialization].cs__freeze
27
-
28
- iv_list = SCOPE_LIST.map { |name| :"@#{ name }_scope" }
29
- define_method 'initialize' do
30
- iv_list.each do |iv_sym|
31
- instance_variable_set(iv_sym, 0)
32
- end
18
+ SCOPE_LIST = %i[contrast deserialization split].cs__freeze
19
+
20
+ def initialize
21
+ @contrast_scope = 0
22
+ @deserialization_scope = 0
23
+ @split_scope = 0
33
24
  end
34
25
 
35
- SCOPE_LIST.each do |name|
36
- iv_sym = :"@#{ name }_scope"
26
+ def in_contrast_scope?
27
+ @contrast_scope.positive?
28
+ end
37
29
 
38
- define_method "in_#{ name }_scope?" do
39
- instance_variable_get(iv_sym).positive?
40
- end
30
+ def in_deserialization_scope?
31
+ @deserialization_scope.positive?
32
+ end
41
33
 
42
- enter_method_sym = :"enter_#{ name }_scope!"
43
- define_method enter_method_sym do
44
- level = instance_variable_get(iv_sym)
45
- instance_variable_set(iv_sym, level + 1)
46
- end
34
+ def in_split_scope?
35
+ @split_scope.positive?
36
+ end
47
37
 
48
- exit_method_sym = :"exit_#{ name }_scope!"
49
- define_method exit_method_sym do
50
- # by design, can go below zero.
51
- # every exit/enter pair (regardless of series)
52
- # should cancel each other out.
53
- #
54
- # so we prefer this sequence:
55
- # scope = 0
56
- # exit = -1
57
- # enter = 0
58
- # enter = 1
59
- # exit = 0
60
- # scope = 0
61
- #
62
- # over this sequence:
63
- # scope = 0
64
- # exit = 0
65
- # enter = 1
66
- # enter = 2
67
- # exit = 1
68
- # scope = 1
69
- level = instance_variable_get(iv_sym)
70
- instance_variable_set(iv_sym, level - 1)
71
- end
38
+ def enter_contrast_scope!
39
+ @contrast_scope += 1
40
+ end
72
41
 
73
- define_method "with_#{ name }_scope" do |*_args, &block|
74
- send enter_method_sym
75
- block.call
76
- ensure
77
- send exit_method_sym
78
- end
42
+ def enter_deserialization_scope!
43
+ @deserialization_scope += 1
44
+ end
45
+
46
+ def enter_split_scope!
47
+ @split_scope += 1
48
+ end
49
+
50
+ def split_scope_depth
51
+ @split_scope
52
+ end
53
+
54
+ # Scope Exits...
55
+ # by design, can go below zero.
56
+ # every exit/enter pair (regardless of series)
57
+ # should cancel each other out.
58
+ #
59
+ # so we prefer this sequence:
60
+ # scope = 0
61
+ # exit = -1
62
+ # enter = 0
63
+ # enter = 1
64
+ # exit = 0
65
+ # scope = 0
66
+ #
67
+ # over this sequence:
68
+ # scope = 0
69
+ # exit = 0
70
+ # enter = 1
71
+ # enter = 2
72
+ # exit = 1
73
+ # scope = 1
74
+ def exit_contrast_scope!
75
+ @contrast_scope -= 1
76
+ end
77
+
78
+ def exit_deserialization_scope!
79
+ @deserialization_scope -= 1
80
+ end
81
+
82
+ def exit_split_scope!
83
+ @split_scope -= 1
84
+ end
85
+
86
+ def with_contrast_scope
87
+ enter_contrast_scope!
88
+ yield
89
+ ensure
90
+ exit_contrast_scope!
91
+ end
92
+
93
+ def with_deserialization_scope
94
+ enter_deserialization_scope!
95
+ yield
96
+ ensure
97
+ exit_deserialization_scope!
98
+ end
99
+
100
+ def with_split_scope
101
+ enter_split_scope!
102
+ yield
103
+ ensure
104
+ exit_split_scope!
79
105
  end
80
106
 
81
107
  # Dynamic versions of the above.