contrast-agent 4.1.0 → 4.4.0

data/lib/contrast/components/settings.rb

@@ -28,8 +28,8 @@ module Contrast
 
         def assess_state
           @assess_state ||= { # rubocop:disable Naming/MemoizedInstanceVariableName
-              enabled: false,
-              sampling_features: nil
+              enabled: false,        # Boolean
+              sampling_features: nil # Contrast::Api::Settings::Sampling
           }
         end
 
@@ -57,19 +57,22 @@ module Contrast
         # Meta-define an accessor for each state attribute.
 
         PROTECT_STATE_ATTRS.each do |attr|
-          define_method(attr) do
+          # TODO: RUBY-1052
+          define_method(attr) do # rubocop:disable Performance/Kernel/DefineMethod
             protect_state[attr]
           end
         end
 
         ASSESS_STATE_ATTRS.each do |attr|
-          define_method(attr) do
+          # TODO: RUBY-1052
+          define_method(attr) do # rubocop:disable Performance/Kernel/DefineMethod
             assess_state[attr]
           end
         end
 
         APPLICATION_STATE_ATTRS.each do |attr|
-          define_method(attr) do
+          # TODO: RUBY-1052
+          define_method(attr) do # rubocop:disable Performance/Kernel/DefineMethod
             application_state[attr]
           end
         end
@@ -92,6 +95,7 @@ module Contrast
           exclusion_matchers.select(&:code?)
         end
 
+        # @param server_features [Contrast::Api::Settings::ServerFeatures]
         def update_from_server_features server_features
           # protect
 
@@ -106,6 +110,7 @@ module Contrast
           Contrast::Utils::Assess::SamplingUtil.instance.update
         end
 
+        # @param application_settings [Contrast::Api::Settings::ApplicationSettings]
         def update_from_application_settings application_settings
           application_state.merge!(application_settings.application_state_translation)
         end
@@ -123,9 +128,8 @@ module Contrast
         end
 
         def build_assess_rules
+          # TODO: RUBY-1120 actually build assess_rules.
           @assess_rules = {}
-
-          Contrast::Agent::Assess::Rule::Redos.new
         end
 
         def build_protect_rules

data/lib/contrast/config/assess_configuration.rb

@@ -11,7 +11,8 @@ module Contrast
           enable: EMPTY_VALUE,
           enable_scan_response: Contrast::Config::DefaultValue.new('true'),
           sampling: Contrast::Config::SamplingConfiguration,
-          rules: Contrast::Config::AssessRulesConfiguration
+          rules: Contrast::Config::AssessRulesConfiguration,
+          stacktraces: Contrast::Config::DefaultValue.new('ALL')
       }.cs__freeze
 
       def initialize hsh

data/lib/contrast/extension/assess/array.rb

@@ -35,12 +35,11 @@ module Contrast
           # operation happens in C, we have to do it here rather than rely on the
           # patch of our String append or concat methods.
           def cs__track_join ary, separator, ret
-            return ret unless ary
+            return ret unless ary&.any? { |element| Contrast::Agent::Assess::Tracker.tracked?(element) }
             return ret if Contrast::Agent::Patching::Policy::Patch.skip_assess_analysis?
 
             with_contrast_scope do
-              properties = Contrast::Agent::Assess::Tracker.properties(ret)
-              return ret unless properties
+              return ret unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
 
               shift = 0
               separator_length = separator.nil? ? 0 : separator.to_s.length

data/lib/contrast/extension/assess/erb.rb

@@ -6,9 +6,7 @@ module ERBPropagator
   class << self
     def result_tagger patcher, preshift, ret, _block
       return unless preshift.args.length >= 1
-
-      properties = Contrast::Agent::Assess::Tracker.properties(ret)
-      return unless properties
+      return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
 
       used_binding = preshift.args[0]
       binding_variable_set = used_binding.local_variables

data/lib/contrast/extension/assess/exec_trigger.rb

@@ -27,10 +27,7 @@ module Contrast
               source,
               Kernel,
               nil,
-              [source])
-          # Exec replaces the current process, if we occur in a forked process
-          # our appendage of this finding will not make it to TS
-          Contrast::Agent::AtExitHook.on_exit
+              source)
         end
 
         private

data/lib/contrast/extension/assess/fiber.rb

@@ -61,8 +61,7 @@ module Contrast
 
             with_contrast_scope do
               results.each do |result|
-                result_properties = Contrast::Agent::Assess::Tracker.properties(result)
-                next unless result_properties
+                next unless (result_properties = Contrast::Agent::Assess::Tracker.properties!(result))
 
                 result_properties.splat_from(fiber, result)
                 result_properties.build_event(
@@ -82,7 +81,7 @@ module Contrast
             return unless underlying.is_a?(String) && !underlying.empty?
 
             with_contrast_scope do
-              properties = Contrast::Agent::Assess::Tracker.properties(fiber)
+              properties = Contrast::Agent::Assess::Tracker.properties!(fiber)
               return unless properties
 
               properties.splat_from(underlying, fiber)

data/lib/contrast/extension/assess/hash.rb

@@ -17,11 +17,13 @@ module Contrast
             return object unless object.is_a?(String) && !object.cs__frozen?
             return object unless Contrast::Agent::Assess::Tracker.tracked?(object)
 
-            ret = Contrast::Agent::Assess::Tracker.duplicate(object)
-            ret.cs__freeze
+            # Copy the object, then freeze it, so that it looks the same
+            # externally, but will have our finalizer on it.
+            object.dup&.cs__freeze
           rescue StandardError
             # we'll rescue this error, but we can't log it here as that will
             # result in a seg fault
+            object
           end
 
           def instrument_hash_track

data/lib/contrast/extension/assess/kernel.rb

@@ -39,8 +39,7 @@ module Contrast
           # oh, and there's also %<name>type and %{name}... b/c of course there is
           # -HM
           def sprintf_tagger patcher, preshift, ret, _block
-            properties = Contrast::Agent::Assess::Tracker.properties(ret)
-            return unless properties
+            return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
 
             format_string = preshift.args[0]
             args = preshift.args[1]

data/lib/contrast/extension/assess/marshal.rb

@@ -6,42 +6,50 @@ require 'contrast/components/interface'
 module Contrast
   module Extension
     module Assess
-      # This is our patch of the Array class required to handle propagation
+      # This is our patch of the Marshal class
       # Disclaimer: there may be a better way, but we're in a 'get it work' state.
       # Hopefully, we'll be in a 'get it right' state soon.
-      # This module is used for our Marshal#load patches
+      # This module is used for our Marshal.load patches
       class MarshalPropagator
         include Contrast::Components::Interface
 
-        access_component :logging
+        access_component :logging, :scope
 
         class << self
-          def cs__load_trigger_check source, ret
-            current_context = Contrast::Agent::REQUEST_TRACKER.current
-            return unless current_context
+          def cs__load_protect arg
+            return if in_contrast_scope?
 
-            # Since we know this is the source of the trigger, we can do some
-            # optimization here and return when it is not tracked
-            return unless Contrast::Agent::Assess::Tracker.tracked?(source)
+            with_contrast_scope do
+              Contrast::Agent::Protect::Policy::AppliesDeserializationRule.prepended_invoke(arg)
+            end
+            nil
+          end
+
+          def cs__load_assess source, ret
+            with_contrast_scope do
+              current_context = Contrast::Agent::REQUEST_TRACKER.current
+              return unless current_context
 
-            args = [source]
-            # source might not be all the args passed in, but it is the one we care
-            # about. we could pass in all the args in the last param here if it
-            # becomes an issue in rendering on TS
-            Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(
-                current_context,
-                trigger_node('Marshal', :load),
-                source,
-                self,
-                ret,
-                args)
-            properties = Contrast::Agent::Assess::Tracker.properties(ret)
-            properties.copy_from(source, ret)
+              args = [source]
+              # source might not be all the args passed in, but it is the one we care
+              # about. we could pass in all the args in the last param here if it
+              # becomes an issue in rendering on TS
+              Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(
+                  current_context,
+                  trigger_node('Marshal', :load),
+                  source,
+                  self,
+                  ret,
+                  *args)
+              return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
 
-            node = Contrast::Agent::Assess::Policy::Policy.instance.find_propagator_node('Marshal', :load, false)
-            properties.build_event(node, ret, self, ret, args)
-          rescue StandardError => e
-            logger.error('Unable to determine if a trigger occurred in Marshal.load', e)
+              properties.copy_from(source, ret)
+
+              node = Contrast::Agent::Assess::Policy::Policy.instance.find_propagator_node('Marshal', :load, false)
+              properties.build_event(node, ret, self, ret, args)
+            rescue StandardError => e
+              logger.error('Unable to run Assess for Marshal.load', e)
+            end
           end
 
           def instrument_marshal_load

data/lib/contrast/extension/assess/regexp.rb

@@ -48,14 +48,9 @@ module Contrast
 
             target = info_hash[:back_ref]
             with_contrast_scope do
-              result = info_hash[:result]
-              return unless result
-
-              string = info_hash[:string]
-              return unless string
-
-              properties = Contrast::Agent::Assess::Tracker.properties(target)
-              return unless properties
+              return unless (result = info_hash[:result])
+              return unless (string = info_hash[:string])
+              return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))
 
               properties.splat_from(string, target)
               properties.build_event(

data/lib/contrast/extension/assess/string.rb

@@ -36,8 +36,7 @@ module Contrast
             return unless inputs.any? { |input| Contrast::Agent::Assess::Tracker.tracked?(input) }
 
             with_contrast_scope do
-              properties = Contrast::Agent::Assess::Tracker.properties(result)
-              return unless properties
+              return unless (properties = Contrast::Agent::Assess::Tracker.properties!(result))
 
               parent_events = []
               offset = 0

data/lib/contrast/framework/base_support.rb

@@ -4,68 +4,66 @@
 module Contrast
   module Framework
     # The API for all subclasses to implement to correctly support a given framework
-    class BaseSupport
-      class << self
-        # The top level module name used by the framework
-        def detection_class
-          raise NoMethodError('Subclasses of BaseSupport should implement this method')
-        end
+    module BaseSupport
+      # The top level module name used by the framework
+      def detection_class
+        raise NoMethodError('Subclasses of BaseSupport should implement this method')
+      end
 
-        def version
-          raise NoMethodError('Subclasses of BaseSupport should implement this method')
-        end
+      def version
+        raise NoMethodError('Subclasses of BaseSupport should implement this method')
+      end
 
-        def application_name
-          raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
-        end
+      def application_name
+        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+      end
 
-        def server_type
-          raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
-        end
+      def server_type
+        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+      end
 
-        # Find all the predefined routes for this application and append them to the
-        # provided inventory message
-        # msg should be a Contrast::Api::Dtm::ApplicationUpdate or some other msg
-        # that has a routes array consisting of Contrast::Api::Dtm::RouteCoverage
-        def collect_routes
-          raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
-        end
+      # Find all the predefined routes for this application and append them to the
+      # provided inventory message
+      # msg should be a Contrast::Api::Dtm::ApplicationUpdate or some other msg
+      # that has a routes array consisting of Contrast::Api::Dtm::RouteCoverage
+      def collect_routes
+        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+      end
 
-        def current_route
-          raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
-        end
+      def current_route
+        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+      end
 
-        def retrieve_request _env
-          raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
-        end
+      def retrieve_request _env
+        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+      end
 
-        # Some Frameworks require specific patching for their classes to handle
-        # functionality like configuration scanning. To accommodate this, this
-        # method provides a place to register those patches for invocation on
-        # Agent load.
-        #
-        # By default, and hopefully in all cases, we won't need these patches,
-        # so we're allowing nil here rather than raising an exception.
-        def before_load_patches!; end
+      # Some Frameworks require specific patching for their classes to handle
+      # functionality like configuration scanning. To accommodate this, this
+      # method provides a place to register those patches for invocation on
+      # Agent load.
+      #
+      # By default, and hopefully in all cases, we won't need these patches,
+      # so we're allowing nil here rather than raising an exception.
+      def before_load_patches!; end
 
-        # Some Frameworks require specific patching for their classes to handle
-        # functionality like routing. To accommodate this, this method provides
-        # a place to register those patches for invocation in our
-        # AfterLoadPatcher flow.
-        #
-        # By default, and hopefully in all cases, we won't need these patches,
-        # so we're allowing nil here rather than raising an exception.
-        #
-        # @return [Set<Contrast::Agent::Patching::Policy::AfterLoadPatch>,nil]
-        #   those patches required for a Framework which can only be installed
-        #   once a specific module has been loaded.
-        def after_load_patches; end
+      # Some Frameworks require specific patching for their classes to handle
+      # functionality like routing. To accommodate this, this method provides
+      # a place to register those patches for invocation in our
+      # AfterLoadPatcher flow.
+      #
+      # By default, and hopefully in all cases, we won't need these patches,
+      # so we're allowing nil here rather than raising an exception.
+      #
+      # @return [Set<Contrast::Agent::Patching::Policy::AfterLoadPatch>,nil]
+      #   those patches required for a Framework which can only be installed
+      #   once a specific module has been loaded.
+      def after_load_patches; end
 
-        # We only support websockets in rails right now, so we won't detect streaming in
-        # any other framework
-        def streaming? _env
-          false
-        end
+      # We only support websockets in rails right now, so we won't detect streaming in
+      # any other framework
+      def streaming? _env
+        false
       end
     end
   end

data/lib/contrast/framework/manager.rb

@@ -44,11 +44,9 @@ module Contrast
         end
       end
 
-      # Return all the After Load Patches for all the Frameworks we know, even
-      # if that Framework hasn't been detected.
+      # Return all the After Load Patches for all the Frameworks we know, even if that Framework hasn't been detected.
       #
-      # @return [Set<Contrast::Agent::Patching::Policy::AfterLoadPatch>] the
-      #   AfterLoadPatches of each framework
+      # @return [Set<Contrast::Agent::Patching::Policy::AfterLoadPatch>] the AfterLoadPatches of each framework
       def find_after_load_patches
         patches = Set.new
         SUPPORTED_FRAMEWORKS.each do |framework|
@@ -82,8 +80,10 @@ module Contrast
       end
 
       # If we have 0 or n > 1 frameworks, we need to use the default rack request
-      # @param env [Hash] the various variables stored by this and other Middlewares to know the state
-      #   and values of this particular Request
+      #
+      # @param env [Hash] the various variables stored by this and other Middlewares to know the state and values 
+      # of this particular Request
+      # @return [::Rack::Request] either a rack request or subclass thereof.
       def retrieve_request env
         return @_frameworks[0].retrieve_request(env) if @_frameworks.length == 1
 
@@ -102,14 +102,15 @@ module Contrast
         result
       end
 
+      # Iterate through current frameworks and return the current request's route. This will be the first 
+      # non-nil result.
+      #
+      # @param request [Contrast::Agent::Request] the current request.
+      # @return [Contrast::Api::Dtm::RouteCoverage] the current route as a Dtm.
+      # TODO: RUBY-1075 add unit test.
       def get_route_dtm request
         result = nil
-        @_frameworks.find do |framework_klass|
-          # TODO: RUBY-763 Sinatra::Base#call patch adds the Route report
-          next if framework_klass == Contrast::Framework::Sinatra::Support
-
-          result = framework_klass.current_route(request)
-        end
+        @_frameworks.find { |framework_klass| result = framework_klass.current_route(request) }
         result
       end
 
@@ -128,9 +129,10 @@ module Contrast
       # @param method_name [Symbol] the method to call on each FrameworkSupport class
       # @return [Array]
       def data_for_all_frameworks method_name
-        @_frameworks.flat_map do |framework|
+        data = @_frameworks.flat_map do |framework|
           framework.send(method_name)
-        end.compact
+        end
+        data.compact
       end
 
       # This returns a single object from the first framework to successfully respond