contrast-agent 4.10.0 → 4.13.1

data/lib/contrast/utils/lru_cache.rb

@@ -0,0 +1,45 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Utils
+    # A LRU(Least Recently Used) Cache store.
+    class LRUCache
+      def initialize capacity = 500
+        raise StandardError 'Capacity must be bigger than 0' if capacity <= 0
+
+        @capacity = capacity
+        @cache = {}
+      end
+
+      def [] key
+        val = @cache.delete(key)
+        @cache[key] = val if val
+        val
+      end
+
+      def []= key, value
+        @cache.delete(key)
+        @cache[key] = value
+        @cache.shift if @cache.size > @capacity
+        value # rubocop:disable Lint/Void
+      end
+
+      def keys
+        @cache.keys
+      end
+
+      def key? key
+        @cache.key?(key)
+      end
+
+      def values
+        @cache.values
+      end
+
+      def clear
+        @cache.clear
+      end
+    end
+  end
+end

data/lib/contrast/utils/metrics_hash.rb

@@ -0,0 +1,59 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+
+module Contrast
+  module Utils
+    # This is the MetricsHash, which will take data type, so we now what is introduced/included
+    # in the TelemetryEvent
+    class MetricsHash < Hash
+      include Contrast::Components::Logger::InstanceMethods
+
+      attr_reader :data_type
+
+      ERROR_MESSAGES = [
+        'The key is not string or does not meet the requirements.',
+        'The key extends the allowed length.',
+        'VThe provided value is not the right data type'
+      ].cs__freeze
+      KEY_REGEXP = /[a-zA-Z0-9_-]{1,63}/.cs__freeze
+
+      def initialize data_type, *several_variants
+        super
+        @data_type = data_type
+      end
+
+      def []= key, value
+        key_val = key.dup
+        value_val = value.dup
+        key_val.strip! if key_val.cs__is_a?(String)
+        value_val.strip! if value_val.cs__is_a?(String)
+        return unless valid_pair? key_val, value_val
+
+        key_val.downcase!
+        key_val.strip!
+        super(key_val, value_val)
+      end
+
+      def valid_pair? key, value
+        if !key.cs__is_a?(String) || (KEY_REGEXP =~ key).nil?
+          logger.warn('The following key will be omitted', key: key, error: ERROR_MESSAGES[0])
+          return false
+        end
+        unless key.length <= 28
+          logger.warn('The following key will be omitted', key: key, error: ERROR_MESSAGES[1])
+          return false
+        end
+        unless value.cs__is_a?(data_type)
+          logger.warn('The following key will be omitted', value: value, error: ERROR_MESSAGES[2])
+          return false
+        end
+        return false if value.cs__is_a?(String) && value.empty?
+        return false if value.cs__is_a?(String) && value.length > 200
+
+        true
+      end
+    end
+  end
+end

data/lib/contrast/utils/os.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/components/scope'
+require 'cs__os_information/cs__os_information'
 
 module Contrast
   module Utils
@@ -31,6 +32,28 @@ module Contrast
             zombie_pid_list.split("\n")
           end
         end
+
+        # Check current OS type
+        # returns true if check is correct or false if not
+        def windows?
+          (/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM) != nil
+        end
+
+        def mac?
+          RUBY_PLATFORM.include? 'darwin'
+        end
+
+        def unix?
+          !windows?
+        end
+
+        def linux?
+          unix? and !mac?
+        end
+
+        def jruby?
+          RUBY_ENGINE == 'jruby'
+        end
       end
     end
   end

data/lib/contrast/utils/patching/policy/patch_utils.rb

@@ -0,0 +1,232 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Utils
+    module Patching
+      # This module will include all methods for different patch applies from Patch module
+      # and some other module methods from the same place, so we can ease the main module
+      module PatchUtils
+        # Method to choose which replaced return from the post_patch to
+        # actually return
+        #
+        # @param propagated_ret [Object, nil] The replaced return from the
+        #   propagation patch.
+        # @param source_ret [Object, nil] The replaced return from the
+        #   source patch.
+        # @param ret [Object, nil] The original return of the patched
+        #   method.
+        # @return [Object, nil] The thing to return from the post patch.
+        def handle_return propagated_ret, source_ret, ret
+          safe_return = propagated_ret || source_ret || ret
+          safe_return.rewind if Contrast::Utils::IOUtil.should_rewind?(safe_return)
+          safe_return
+        end
+
+        # Given a module and method, construct an expected name for the
+        # alias by which Contrast will reference the original.
+        #
+        # @param patched_class [Module] the module being patched
+        # @param patched_method [Symbol] the method being patched
+        # @return [Symbol]
+        def build_method_name patched_class, patched_method
+          (Contrast::Utils::ObjectShare::CONTRAST_PATCHED_METHOD_START +
+            patched_class.cs__name.gsub('::', '_').downcase +
+            Contrast::Utils::ObjectShare::UNDERSCORE +
+            patched_method.to_s).to_sym
+        end
+
+        # Given a method, return a symbol in the format
+        # <method_start>_unbound_<method_name>
+        def build_unbound_method_name patcher_method
+          (Contrast::Utils::ObjectShare::CONTRAST_PATCHED_METHOD_START +
+            'unbound' +
+            Contrast::Utils::ObjectShare::UNDERSCORE +
+            patcher_method.to_s).to_sym
+        end
+
+        # ===== PATCH APPLIERS =====
+        # THIS IS CALLED FROM C. Do not change the signature lightly.
+        #
+        # This method functions to call the infilter methods from our
+        # patches, allowing for analysis and reporting at the point just
+        # before the patched code is invoked.
+        #
+        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
+        #   Mapping of the triggers on the given method.
+        # @param method [Symbol] The method into which we're patching
+        # @param exception [StandardError] Any exception raised during the
+        #   call of the patched method.
+        # @param object [Object] The object on which the method is invoked,
+        #   typically what would be returned by self.
+        # @param args [Array<Object>] The arguments passed to the method
+        #   being invoked.
+        def apply_pre_patch method_policy, method, exception, object, args
+          apply_protect(method_policy, method, exception, object, args)
+          apply_inventory(method_policy, method, exception, object, args)
+        rescue Contrast::SecurityException => e
+          # We were told to block something, so we gotta. Don't catch this
+          # one, let it get back to our Middleware or even all the way out to
+          # the framework
+          raise e
+        rescue StandardError => e
+          # Anything else was our bad and we gotta catch that to allow for
+          # normal application flow
+          logger.error('Unable to apply pre patch to method.', e)
+        rescue Exception => e # rubocop:disable Lint/RescueException
+          # This is something like NoMemoryError that we can't
+          # hope to handle.  Nonetheless, shouldn't leak scope.
+          exit_contrast_scope!
+          raise e
+        end
+
+        # THIS IS CALLED FROM C. Do not change the signature lightly.
+        #
+        # This method functions to call the infilter methods from our
+        # patches, allowing for analysis and reporting at the point just
+        # after the patched code is invoked
+        #
+        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
+        #   Mapping of the triggers on the given method.
+        # @param preshift [Contrast::Agent::Assess::PreShift] The capture
+        #   of the state of the code just prior to the invocation of the
+        #   patched method.
+        # @param object [Object] The object on which the method was
+        #   invoked, typically what would be returned by self.
+        # @param ret [Object] The return of the method that was invoked.
+        # @param args [Array<Object>] The arguments passed to the method
+        #   being invoked.
+        # @param block [Proc] The block passed to the method that was
+        #   invoked.
+        def apply_post_patch method_policy, preshift, object, ret, args, block
+          apply_assess(method_policy, preshift, object, ret, args, block)
+        rescue StandardError => e
+          logger.error('Unable to apply post patch to method.', e)
+        end
+
+        # Apply the Protect patch which applies to the given method.
+        #
+        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
+        #   Mapping of the triggers on the given method.
+        # @param method [Symbol] The method into which we're patching
+        # @param exception [StandardError] Any exception raised during the
+        #   call of the patched method.
+        # @param object [Object] The object on which the method is invoked,
+        #   typically what would be returned by self.
+        # @param args [Array<Object>] The arguments passed to the method
+        #   being invoked.
+        def apply_protect method_policy, method, exception, object, args
+          return unless ::Contrast::AGENT.enabled?
+          return unless ::Contrast::PROTECT.enabled?
+
+          apply_trigger_only(method_policy&.protect_node, method, exception, object, args)
+        end
+
+        # Apply the Inventory patch which applies to the given method.
+        #
+        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
+        #   Mapping of the triggers on the given method.
+        # @param method [Symbol] The method into which we're patching
+        # @param exception [StandardError] Any exception raised during the
+        #   call of the patched method.
+        # @param object [Object] The object on which the method is invoked,
+        #   typically what would be returned by self.
+        # @param args [Array<Object>] The arguments passed to the method
+        #   being invoked.
+        def apply_inventory method_policy, method, exception, object, args
+          return unless ::Contrast::INVENTORY.enabled?
+
+          apply_trigger_only(method_policy&.inventory_node, method, exception, object, args)
+        end
+
+        # Apply the Assess patches which apply to the given method.
+        #
+        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
+        #   Mapping of the triggers on the given method.
+        # @param preshift [Contrast::Agent::Assess::PreShift] The capture
+        #   of the state of the code just prior to the invocation of the
+        #   patched method.
+        # @param object [Object] The object on which the method was
+        #   invoked, typically what would be returned by self.
+        # @param ret [Object] The return of the method that was invoked.
+        # @param args [Array<Object>] The arguments passed to the method
+        #   being invoked.
+        # @param block [Proc] The block passed to the method that was
+        #   invoked.
+        def apply_assess method_policy, preshift, object, ret, args, block
+          source_ret = nil
+          propagated_ret = nil
+          return ret unless method_policy && ::Contrast::ASSESS.enabled?
+
+          current_context = Contrast::Agent::REQUEST_TRACKER.current
+          return ret if current_context && !current_context.analyze_request?
+
+          trigger_node = method_policy.trigger_node
+          if trigger_node
+            Contrast::Agent::Assess::Policy::TriggerMethod.apply_trigger_rule(trigger_node, object, ret, args)
+          end
+          if method_policy.source_node
+            # If we were given a frozen return, and it was the target of a
+            # source, and we have frozen sources enabled, we'll need to
+            # replace the return. Note, this is not the default case.
+            source_ret = Contrast::Agent::Assess::Policy::SourceMethod.source_patchers(method_policy, object, ret, args)
+          end
+          if method_policy.propagation_node
+            propagated_ret = Contrast::Agent::Assess::Policy::PropagationMethod.apply_propagation(
+                method_policy,
+                preshift,
+                object,
+                source_ret || ret,
+                args,
+                block)
+          end
+          handle_return(propagated_ret, source_ret, ret)
+        rescue StandardError => e
+          logger.error('Unable to assess method call.', e)
+          handle_return(propagated_ret, source_ret, ret)
+        rescue Exception => e # rubocop:disable Lint/RescueException
+          logger.error('Unable to assess method call.', e)
+          handle_return(propagated_ret, source_ret, ret)
+          raise e
+        end
+
+        # Generic invocation of the Inventory or Protect patch which apply
+        # to the given method.
+        #
+        # @param trigger_node [Contrast::Agent::Inventory::Policy::TriggerNode]
+        #   Mapping of the specific trigger on the given method.
+        # @param method [Symbol] The method into which we're patching
+        # @param exception [StandardError] Any exception raised during the
+        #   call of the patched method.
+        # @param object [Object] The object on which the method is invoked,
+        #   typically what would be returned by self.
+        # @param args [Array<Object>] The arguments passed to the method
+        #   being invoked.
+        def apply_trigger_only trigger_node, method, exception, object, args
+          return unless trigger_node
+
+          # If that rule only applies in the case of an exception being
+          # thrown and there's no exception here, move along, or vice versa
+          return if trigger_node.on_exception && !exception
+          return if !trigger_node.on_exception && exception
+
+          # Each patch has an applicator that handles logic for it. Think
+          # of this as being similar to propagator actions, most closely
+          # resembling CUSTOM - they all have a common interface but their
+          # own logic based on what's in the method(s) they've been patched
+          # into.
+          # Each patch also knows the method of its applicator. Some
+          # things, like AppliesXxeRule, have different methods depending
+          # on the library patched. This lets us handle the boilerplate of
+          # patching while still allowing for custom handling of the
+          # methods.
+          applicator_method = trigger_node.applicator_method
+          # By calling send like this, we can reuse all the patching.
+          # We `send` to the given method of the given class
+          # (applicator) since they all accept the same inputs
+          trigger_node.applicator.send(applicator_method, method, exception, trigger_node.properties, object, args)
+        end
+      end
+    end
+  end
+end

data/lib/contrast/utils/patching/policy/patcher_utils.rb

@@ -0,0 +1,54 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Utils
+    module Patching
+      # This module will include patch methods from Patcher module
+      # in case of need to add new logic to the Patcher
+      # please do it here
+      module PatcherUtils
+        # This method is called by TracePointHook to instrument a specific class during a require
+        # or eval of dynamic class definition
+        def patch_specific_module mod
+          with_contrast_scope do
+            mod_name = mod.cs__name
+            return unless Contrast::Utils::ClassUtil.truly_defined?(mod_name)
+            return if ::Contrast::AGENT.skip_instrumentation?(mod_name)
+
+            load_patches_for_module(mod_name)
+
+            return if all_module_names.none?(mod_name)
+
+            module_data = Contrast::Agent::ModuleData.new(mod, mod_name)
+            patch_into_module(module_data)
+            all_module_names.delete(mod_name) if status_type.get_status(mod).patched?
+          rescue StandardError => e
+            logger.error('Unable to patch module', e, module: mod_name)
+          end
+        end
+
+        # We did it, team. We found a patcher(s) that applies to the given
+        # class (or module) and the given method. Time to do some tracking.
+        #
+        # @param mod [Module] the module in which the patch should be
+        #   placed.
+        # @param methods [Array(Symbol)] all the instance or singleton
+        #   methods in this mod.
+        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
+        #   the policy that applies to the given method_name.
+        # @return [Boolean] if patched, either by this invocation or a
+        #   previous, or not
+        def patch_method mod, methods, method_policy
+          return false unless methods&.any? # don't even build the name if there are no methods
+
+          if Contrast::Utils::ClassUtil.prepended_method?(mod, method_policy)
+            Contrast::Agent::Patching::Policy::Patch.instrument_with_prepend(mod, method_policy)
+          else
+            Contrast::Agent::Patching::Policy::Patch.instrument_with_alias(mod, methods, method_policy)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/utils/requests_client.rb

@@ -0,0 +1,150 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'net/http'
+require 'contrast/components/logger'
+require 'contrast/utils/object_share'
+require 'contrast/agent/version'
+require 'socket'
+
+module Contrast
+  module Utils
+    # This module creates a Net::HTTP client and initiates a connection to the provided result
+    module RequestsClient
+      ENDPOINT = 'api/v1/telemetry/metrics' # /TelemetryEvent.path
+
+      class << self
+        include Contrast::Components::Logger::InstanceMethods
+        # This method initializes the Net::HTTP client we'll need
+        # @param url [String]
+        # @return [Net::HTTP, nil]
+        def initialize_connection url
+          addr = URI(url)
+          return if addr.host.nil? || addr.port.nil?
+          return if addr.scheme != 'https'
+
+          @_net_http_client = Net::HTTP.new(addr.host, addr.port)
+          @_net_http_client.open_timeout = 5
+          @_net_http_client.read_timeout = 5
+          @_net_http_client.use_ssl = true
+          @_net_http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
+          @_net_http_client.verify_depth = 5
+          @_net_http_client.start
+          return unless @_net_http_client.started?
+
+          logger.warn('Starting Telemetry connection test')
+          return unless connection_verified? @_net_http_client
+
+          @_net_http_client
+        rescue Net::OpenTimeout, Net::ReadTimeout => e
+          logger.warn('Telemetry connection failed', e.message)
+          nil
+        end
+
+        # This method will be responsible for building the request
+        # @param event[Contrast::Agent::TelemetryEvent,Contrast::Agent::StartupMetricsTelemetryEvent]
+        # @return [Net::HTTP::Post]
+        def build_request event
+          return unless valid_event? event
+
+          string_body = event.to_json.to_s
+          header = { 'User-Agent' => "<#{ Contrast::Utils::ObjectShare::RUBY }>-<#{ Contrast::Agent::VERSION }>" }
+          path = ENDPOINT + event.path
+          @_request = Net::HTTP::Post.new(path, header)
+          @_request.body = string_body
+          @_request
+        end
+
+        # This method will create the actual request and send it
+        # @param event[Contrast::Agent::TelemetryEvent]
+        # @param connection[Net::HTTP]
+        def send_request event, connection
+          return if connection.nil? || event.nil?
+          return unless valid_event? event
+
+          req = build_request event
+          connection.request req
+        end
+
+        # This method will handle the response from the tenant
+        # @param res [Net::HTTPResponse]
+        # @return sleep_time [Integer, nil]
+        def handle_response res
+          status_code = res.code.to_i
+          ready_after = if res.to_hash.keys.map(&:downcase).include?('ready-after')
+                          res['Ready-After']
+                        else
+                          60
+                        end
+          ready_after if status_code == 429
+        end
+
+        # This method will be responsible for validating the event
+        # @param event[Contrast::Agent::TelemetryEvent,Contrast::Agent::StartupMetricsTelemetryEvent]
+        def valid_event? event
+          return false unless event.cs__is_a?(Contrast::Agent::TelemetryEvent)
+          return false unless event.cs__is_a?(Contrast::Agent::StartupMetricsTelemetryEvent)
+
+          true
+        end
+
+        # Validates connection with Telemetry assigned domain.
+        # If connection is running, SSL certificate of the endpoint is valid, Ip address is resolvable
+        # and response is received without peer's reset or refuse of connection,
+        # then validation returns true. Error handling is in place so that the work of the agent will continue as
+        # normal without Telemetry.
+        #
+        # @param client [Net::HTTP]
+        # @return [Boolean] true | false
+        def connection_verified? client
+          return @_connection_verified unless @_connection_verified.nil?
+
+          # Before RUBY 2.7 there is no #ipaddr
+          ipaddr = if RUBY_VERSION < '2.7.0'
+                     socket = TCPSocket.open(client.address, client.port)
+                     ipaddr = socket.peeraddr[3]
+                     socket.close
+                     ipaddr
+                   else
+                     client.ipaddr
+                   end
+          response = client.request(Net::HTTP::Get.new(client.address))
+          verify_cert = OpenSSL::SSL.verify_certificate_identity(client.peer_cert, client.address)
+          resolved = resolved? client.address, ipaddr
+          @_connection_verified = if resolved && response && verify_cert
+                                    true
+                                  else
+                                    false
+                                  end
+        rescue OpenSSL::SSL::SSLError, Resolv::ResolvError, Errno::ECONNRESET, Errno::ECONNREFUSED,
+               Errno::ETIMEDOUT, Errno::ESHUTDOWN, Errno::EHOSTDOWN, Errno::EHOSTUNREACH, Errno::EISCONN,
+               Errno::ECONNABORTED, Errno::ENETRESET, Errno::ENETUNREACH => e
+
+          logger.warn('Telemetry connection failed', e.message)
+          false
+        end
+
+        private
+
+        # Resolves the address of the assigned telemetry domain to array of corresponding IPs (if more than one)
+        # and runs a matcher to see if current connection IP is in the list.
+        # This is called within #verify_connection, if called on it's own there will be no
+        # error handling.
+        #
+        # @param address [String] Human friendly address of assigned telemetry domain
+        # @param ipaddr [String] Machine friendly IP address of the assigned telemetry domain
+        # @return[Boolean] true if both addresses are resolved | false if one of the addresses
+        # is non-resolvable
+        def resolved? address, ipaddr
+          return @_resolved unless @_resolved.nil?
+
+          @_resolved = if (addresses = Resolv.getaddresses address)
+                         addresses.any? { |addr| addr.include?(ipaddr) }
+                       else
+                         false
+                       end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/utils/ruby_ast_rewriter.rb

@@ -38,7 +38,7 @@ module Contrast
         return if node.children.all? { |child_node| child_node.type == :str }
         new_content = +'('
         idx = 0
-        while idx < node.children.size
+        while idx < node.children.length
           #node.children.each_with_index do |child_node, index|
           child_node = node.children[idx]
           # A begin node looks like #{some_code} in ruby, we do a substring

data/lib/contrast/utils/telemetry.rb

@@ -0,0 +1,77 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/telemetry'
+require 'contrast/utils/telemetry_identifier'
+
+module Contrast
+  module Utils
+    # Tools for supporting the Telemetry feature
+    module Telemetry
+      DIR = '/ect/contrast/ruby-agent/'.cs__freeze
+      FILE = '.telemetry'.cs__freeze
+      CURRENT_DIR = Dir.pwd.cs__freeze
+      CONFIG_DIR = CURRENT_DIR + '/config/contrast/'.cs__freeze
+      MESSAGE = {
+          disclaimer:
+            "\n===================================================================================================" \
+            "\n\nThe [Contrast Security] [Ruby Agent] " \
+            "collects usage data in order to help us improve compatibility\n" \
+            "and security coverage. The data is anonymous and does not contain application data. It is collected\n" \
+            "by Contrast and is never shared. You can opt-out of telemetry by setting the\n" \
+            "'CONTRAST_AGENT_TELEMETRY_OPTOUT' environment variable to '1' or 'true'.\n\n" \
+          "===================================================================================================\n\n"
+      }.cs__freeze
+
+      # Here we create the .telemetry file. If the file exist we do nothing.
+      #
+      # @return[Boolean, nil] true if file is created, false if file already exist
+      # and nil if Telemetry is disabled or on unsupported OS.
+      def self.create_telemetry_file
+        write_mark_file DIR, FILE, CONFIG_DIR
+      end
+
+      def self.disclaimer
+        @_disclaimer = MESSAGE[:disclaimer]
+      end
+
+      class << self
+        private
+
+        # Create the mark file
+        #
+        # @param dir [String] Directory in which the file is to be created
+        # @param file [String] filename of the mark file
+        # @param config_dir [String] path for the config folder in working directory
+        # @return[Boolean, nil] true if file is created, false if file already exist
+        # and nil if Telemetry is disabled or on unsupported OS.
+        def write_mark_file dir, file, config_dir
+          return unless Contrast::Agent::Telemetry.enabled?
+          return if Contrast::Utils::OS.windows?
+
+          @dir = dir
+          # After macOS Catalina, you can no longer store files or data in the read-only system volume,
+          # nor can we write to the "root" directory ( / ). This results in Errno::EROFS exception.
+          # So for the MacOS we would use the config directory of the instrumented application.
+          @dir = config_dir if Contrast::Utils::OS.mac?
+          return false if File.file? @dir + file
+          return true if touch_marker(@dir, file)
+
+          # If we don't have permission to write to root directory use config instead
+          touch_marker(config_dir, file)
+        end
+
+        # Touches .telemetry file
+        #
+        # @return[Boolean] true if success, false if fails
+        def touch_marker dir, file
+          FileUtils.mkdir_p dir unless Dir.exist? dir
+          FileUtils.touch dir + file
+          File.file? dir + file
+        rescue StandardError => _e
+          false
+        end
+      end
+    end
+  end
+end