contrast-agent 4.11.0 → 4.14.0

data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb

@@ -18,7 +18,7 @@ module Contrast
             # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/rules/dataflow/reflected_xss.md
             def self.valid? _patcher, _object, _ret, _args
               content_type = Contrast::Agent::REQUEST_TRACKER.current&.response&.content_type
-              return true unless content_type
+              return false unless content_type
 
               content_type = content_type.downcase
               SAFE_CONTENT_TYPES.none? { |safe_type| content_type.index(safe_type) }

data/lib/contrast/agent/assess/property/tagged.rb

@@ -5,6 +5,7 @@ require 'contrast/agent/assess/tag'
 require 'contrast/utils/object_share'
 require 'contrast/utils/string_utils'
 require 'contrast/utils/tag_util'
+require 'contrast/utils/assess/property/tagged_utils'
 
 module Contrast
   module Agent
@@ -13,6 +14,7 @@ module Contrast
         # This module serves to hold the functionality required for the
         # management of our dataflow tags.
         module Tagged
+          include Contrast::Utils::Assess::TaggedUtils
           # Is any tag present?
           # Creating Tags is expensive and we check for Tags all the time on
           # untracked things. ALWAYS!!! call this method before checking if an
@@ -22,148 +24,6 @@ module Contrast
             instance_variable_defined?(:@_tags) && tags.any?
           end
 
-          # Is the given tag present?
-          # Used in testing, so found by `be_tagged`, if you're grepping for it
-          #
-          # @param label [Symbol] the tag to check for
-          # @return [Boolean]
-          def tagged? label
-            tracked? && tags.key?(label)
-          end
-
-          # Similar to #tracked?, but limited to a given range.
-          #
-          # @param start [Integer] the inclusive start index to check.
-          # @param finish [Integer] the exclusive end index to check.
-          # @return [Boolean]
-          def any_tags_between? start, finish
-            return false unless tracked?
-
-            tags.each_value do |tag_array|
-              return true if tag_array.any? { |tag| tag.overlaps?(start, finish) }
-            end
-            false
-          end
-
-          # Find all of the ranges that span a given index. This is used
-          # in propagation when we need to shift tags about. For instance, in
-          # the append method when we need to see if any tag at the end needs
-          # to be expanded out to the size of the new String.
-          #
-          # Note: Tags do not know their key, so this is only the range covered
-          #
-          # @param idx [Integer] the index to check for tags
-          # @return [Array<Contrast::Agent::Assess::Tag>] a set of all the Tags
-          #   covering the given index. This is only the ranges, not the names.
-          def tags_at idx
-            return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless tracked?
-
-            at = []
-            tags.each_value do |tag_array|
-              tag_array.each do |tag|
-                if tag.covers?(idx)
-                  at << tag
-                elsif tag.above?(idx)
-                  break
-                end
-              end
-            end
-            at
-          end
-
-          # given a range, select all tags in that range the selected tags are
-          # shifted such that the start index of the new tag (0) aligns with
-          # the given start index in the range
-          #
-          # current tags: 5-15
-          # range       : 5-10
-          # result      : 0-05
-          #
-          # Note that we disable Lint/DuplicateBranch in this branch in order
-          # list out all tag range cases in the proper order to make this
-          # easier to understand
-          #
-          # @param range [Range] the span to check, inclusive to exclusive
-          # @return [Hash{String => Contrast::Agent::Assess::Tag}] the hash of
-          #   key to tags
-          def tags_at_range range
-            return Contrast::Utils::ObjectShare::EMPTY_HASH unless tracked?
-
-            at = Hash.new { |h, k| h[k] = [] }
-            tags.each_pair do |key, value|
-              add = nil
-              value.each do |tag|
-                within_range = resize_to_range(tag, range)
-                if within_range
-                  add ||= []
-                  add << within_range
-                end
-              end
-              next unless add&.any?
-
-              at[key] = add
-            end
-            at
-          end
-
-          # Given a tag name and range object, add a new tag to this
-          # collection. If the given range touches an existing tag,
-          # we'll combine the two, adjusting the existing one and
-          # dropping this new one.
-          #
-          # @param label [String] the name of the tag
-          # @param range [Range] the Range that the tag covers, inclusive to
-          #   exclusive
-          def add_tag label, range
-            length = range.end - range.begin
-            tag = Contrast::Agent::Assess::Tag.new(label, length, range.begin)
-            existing = fetch_tag(label)
-            tags[label] = Contrast::Utils::TagUtil.ordered_merge(existing, tag)
-          end
-
-          def set_tags label, tag_ranges
-            tags[label] = tag_ranges
-          end
-
-          # Remove all tags with a given label
-          def delete_tags label
-            tags.delete(label) if tracked?
-          end
-
-          # Reset the tag hash
-          def clear_tags
-            tags.clear if tracked?
-          end
-
-          # Returns a list of all current tag labels, most likely to be used for
-          # a splat operation
-          def tag_keys
-            return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless tracked?
-
-            tags.keys
-          end
-
-          # Calls merge to combine touching or overlapping tags
-          # Deletes empty tags
-          def cleanup_tags
-            return unless tracked?
-
-            Contrast::Utils::TagUtil.merge_tags(tags)
-            tags.delete_if { |_, value| value.empty? }
-          end
-
-          # We'll use this as a helper method to retrieve tags from the hash.
-          # Because the hash auto-populates an empty array when we try to
-          # access a tag in it, we cannot use the [] method without side
-          # effect. To get around this, we'll use a fetch work around.
-          #
-          # @param label [Symbol] the label to look up
-          # @return [Array<Contrast::Agent::Assess::Tag>] all the tags with
-          #   that label
-          def fetch_tag label
-            tags.fetch(label, nil) if tracked?
-          end
-
           # Remove all tags within the given ranges.
           # This does not delete an entire tag if part of that tag is
           # outside this range, meaning we may reduce sizes of tags
@@ -218,20 +78,9 @@ module Contrast
             end
           end
 
-          # Because of the auto-fill thing, we should not allow direct access to
-          # the tags hash. Instead, the methods above should be used to do
-          # operations like add, delete, and fetch.
-          #
-          # CONTRAST-22914
-          # please do NOT expose this w/ an attr_reader / accessor. there are
-          # helper methods in this class that safely access the hash. the tags
-          # method is private to avoid the side effect of a direct lookup with
-          # `[]` adding an empty array to the hash.
-          def tags
-            @_tags ||= Hash.new { |h, k| h[k] = [] }
-          end
-
           # Remove the tag ranges covering the given range
+          # and appends any trailing value that might
+          # exist after removal of range
           def remove_tags range
             return unless tracked?
 
@@ -242,19 +91,7 @@ module Contrast
               value.each do |tag|
                 comparison = tag.compare_range(range.begin, range.end)
                 # ABOVE and BELOW are not affected by this check
-                case comparison
-                when Contrast::Agent::Assess::Tag::LOW_SPAN
-                  tag.update_end(range.begin)
-                when Contrast::Agent::Assess::Tag::WITHIN
-                  remove << tag
-                when Contrast::Agent::Assess::Tag::WITHOUT
-                  new_tag = tag.clone
-                  new_tag.update_start(range.end)
-                  add << new_tag
-                  tag.update_end(range.begin)
-                when Contrast::Agent::Assess::Tag::HIGH_SPAN
-                  tag.update_start(range.end)
-                end
+                tags_remove_comparison comparison, tag, remove, add, range
               end
               value.delete_if { |tag| remove.include?(tag) }
               Contrast::Utils::TagUtil.ordered_merge(value, add)
@@ -263,6 +100,29 @@ module Contrast
             full_delete.each { |key| tags.delete(key) }
           end
 
+          # This method is for the tags comparison
+          # the idea is to move the whole case here
+          # @param comparison [String] indicates type of removal is to occur
+          # @param tag Contrast::Agent::Assess::Tag
+          # @param remove [String] holds removed Tag if exists
+          # @param add [String] holds trailing Tag if exists
+          # @param range [Range] start and stop for idx for removal
+          def tags_remove_comparison comparison, tag, remove, add, range
+            case comparison
+            when Contrast::Agent::Assess::Tag::LOW_SPAN
+              tag.update_end(range.begin)
+            when Contrast::Agent::Assess::Tag::WITHIN
+              remove << tag
+            when Contrast::Agent::Assess::Tag::WITHOUT
+              new_tag = tag.clone
+              new_tag.update_start(range.end)
+              add << new_tag
+              tag.update_end(range.begin)
+            when Contrast::Agent::Assess::Tag::HIGH_SPAN
+              tag.update_start(range.end)
+            end
+          end
+
           # Shift the tag ranges covering the given range
           # We assume this is for a deletion, meaning we
           # have to move tags to the left
@@ -306,34 +166,51 @@ module Contrast
                 comparison = tag.compare_range(range.begin, range.end)
                 length = range.end - range.begin
                 # BELOW is not affected by this check
-                case comparison
-                  # part of the tag is being inserted on
-                when Contrast::Agent::Assess::Tag::LOW_SPAN
-                  new_tag = tag.clone
-                  new_tag.update_start(range.begin)
-                  new_tag.shift(length)
-                  add << new_tag
-                  tag.update_end(range.begin)
-                  # the tag exists in the inserted range. it is partially shifted
-                when Contrast::Agent::Assess::Tag::WITHIN
-                  tag.shift(length)
-                  # the tag spans the range. leave the part below alone
-                when Contrast::Agent::Assess::Tag::WITHOUT # rubocop:disable Lint/DuplicateBranch
-                  new_tag = tag.clone
-                  new_tag.update_start(range.begin)
-                  new_tag.shift(length)
-                  add << new_tag
-                  tag.update_end(range.begin)
-                when Contrast::Agent::Assess::Tag::HIGH_SPAN, Contrast::Agent::Assess::Tag::ABOVE # rubocop:disable Lint/DuplicateBranch
-                  tag.shift(length)
-                end
+                shift_tags_comparison comparison, add, tag, length, range
               end
               Contrast::Utils::TagUtil.ordered_merge(value, add)
             end
           end
 
+          def shift_tags_comparison comparison, add, tag, length, range
+            case comparison
+              # part of the tag is being inserted on
+            when Contrast::Agent::Assess::Tag::LOW_SPAN
+              new_tag = tag.clone
+              new_tag.update_start(range.begin)
+              new_tag.shift(length)
+              add << new_tag
+              tag.update_end(range.begin)
+              # the tag exists in the inserted range. it is partially shifted
+            when Contrast::Agent::Assess::Tag::WITHIN
+              tag.shift(length)
+              # the tag spans the range. leave the part below alone
+            when Contrast::Agent::Assess::Tag::WITHOUT # rubocop:disable Lint/DuplicateBranch
+              new_tag = tag.clone
+              new_tag.update_start(range.begin)
+              new_tag.shift(length)
+              add << new_tag
+              tag.update_end(range.begin)
+            when Contrast::Agent::Assess::Tag::HIGH_SPAN, Contrast::Agent::Assess::Tag::ABOVE # rubocop:disable Lint/DuplicateBranch
+              tag.shift(length)
+            end
+          end
+
           private
 
+          # Because of the auto-fill thing, we should not allow direct access to
+          # the tags hash. Instead, the methods above should be used to do
+          # operations like add, delete, and fetch.
+          #
+          # CONTRAST-22914
+          # please do NOT expose this w/ an attr_reader / accessor. there are
+          # helper methods in this class that safely access the hash. the tags
+          # method is private to avoid the side effect of a direct lookup with
+          # `[]` adding an empty array to the hash.
+          def tags
+            @_tags ||= Hash.new { |h, k| h[k] = [] }
+          end
+
           # Given a tag, compare it to a given range and, if any part of that tag is within the range, return a new tag
           # covering the union of the original tag and the range. This new tag will start at the
           # max(tag.start, range.start) and end at min(tag.end, range.end)

data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb

@@ -4,6 +4,7 @@
 require 'contrast/agent/assess/policy/trigger_method'
 require 'contrast/components/logger'
 require 'contrast/extension/module'
+require 'contrast/agent/reporting/report'
 
 module Contrast
   module Agent
@@ -66,7 +67,8 @@ module Contrast
                 # if it looks like a placeholder / pointer to a config, skip it
                 next unless value_passes?(value)
 
-                build_finding(clazz, constant_string)
+                new_finding_and_reporting clazz, constant_string
+                build_finding clazz, constant_string
               end
             end
 
@@ -138,7 +140,8 @@ module Contrast
               # sort. We leave it to each rule to properly handle these nodes.
               return unless value_node_passes?(value)
 
-              build_finding(mod, name)
+              new_finding_and_reporting mod, name
+              build_finding mod, name
             end
 
             # Constants can be set as frozen directly. We need to account for
@@ -161,6 +164,14 @@ module Contrast
             def build_finding clazz, constant_string
               class_name = clazz.cs__name
 
+              finding = assign_finding class_name, constant_string
+              Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding)
+            rescue StandardError => e
+              logger.error('Unable to build a finding for Hardcoded Rule', e)
+              nil
+            end
+
+            def assign_finding class_name, constant_string
               finding = Contrast::Api::Dtm::Finding.new
               finding.rule_id = Contrast::Utils::StringUtils.protobuf_safe_string(rule_id)
               finding.version = Contrast::Agent::Assess::Policy::TriggerMethod::CURRENT_FINDING_VERSION
@@ -173,10 +184,33 @@ module Contrast
               hash = Contrast::Utils::HashDigest.generate_class_scanning_hash(finding)
               finding.hash_code = Contrast::Utils::StringUtils.protobuf_safe_string(hash)
               finding.preflight = Contrast::Utils::PreflightUtil.create_preflight(finding)
-              Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding)
-            rescue StandardError => e
-              logger.error('Unable to build a finding for Hardcoded Rule', e)
-              nil
+              finding
+            end
+
+            def new_finding_and_reporting clazz, constant_string
+              return unless Contrast::Agent::Reporter.enabled?
+
+              # sent to reporter
+              # and add logger message for the report of the preflight
+              new_preflight = Contrast::Agent::Reporting::Preflight.new
+              new_preflight_message = Contrast::Agent::Reporting::PreflightMessage.new
+              new_preflight_message.hash_code = hash
+              new_preflight_message.data = "#{ rule_id },#{ hash }"
+              new_preflight.messages << new_preflight_message
+
+              # extract to new method
+              # here we will generate new type of finding
+              ruby_finding = Contrast::Agent::Reporting::Finding.new rule_id
+              ruby_finding.hash_code = hash
+              ruby_finding.properties[SOURCE_KEY] = clazz.cs__name
+              ruby_finding.properties[CONSTANT_NAME_KEY] = constant_string
+              ruby_finding.properties[CODE_SOURCE_KEY] = constant_string + redacted_marker
+              save_and_report_finding ruby_finding, new_preflight
+            end
+
+            def save_and_report_finding ruby_finding, new_preflight
+              Contrast::Agent::Reporting::ReportingStorage[hash] = ruby_finding
+              Contrast::Agent.reporter_queue.send_event_immediately(new_preflight)
             end
           end
         end

data/lib/contrast/agent/deadzone/policy/policy.rb

@@ -35,6 +35,12 @@ module Contrast
             end
           end
 
+          def validate
+            return if class_name
+
+            raise(ArgumentError, "#{ node_class } #{ id } did not have a proper class name. Unable to create.")
+          end
+
           def module_names
             @_module_names ||= Set.new(deadzones.map(&:class_name))
           end

data/lib/contrast/agent/inventory/dependency_usage_analysis.rb

@@ -71,6 +71,7 @@ module Contrast
 
         # Populate the library_usages field of the Activity message using the data stored in the @gemdigest_cache.
         #
+        # TODO: RUBY-1355
         # @param activity [Contrast::Api::Dtm::Activity] the message to which to append the usage data
         def generate_library_usage activity
           return unless enabled?

data/lib/contrast/agent/metric_telemetry_event.rb

@@ -0,0 +1,26 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/metrics_hash'
+require 'contrast/agent/telemetry_event'
+
+module Contrast
+  module Agent
+    # This class will hold the basic information for a Telemetry Event
+    class MetricTelemetryEvent < Contrast::Agent::TelemetryEvent
+      include Contrast::Utils
+
+      attr_reader :fields
+
+      def initialize
+        super
+        @fields = MetricsHash.new(Numeric)
+        @fields['_filler'] = 0
+      end
+
+      def to_hash **_args
+        super.merge!({ fields: @fields })
+      end
+    end
+  end
+end

data/lib/contrast/agent/middleware.rb

@@ -10,8 +10,11 @@ require 'contrast/utils/object_share'
 require 'contrast/components/logger'
 require 'contrast/components/scope'
 require 'contrast/utils/heap_dump_util'
+require 'contrast/utils/telemetry'
 require 'contrast/agent/request_handler'
 require 'contrast/agent/static_analysis'
+require 'contrast/agent/startup_metrics_telemetry_event'
+require 'contrast/utils/middleware_utils'
 
 require 'contrast/utils/timer'
 
@@ -23,6 +26,7 @@ module Contrast
     class Middleware
       include Contrast::Components::Logger::InstanceMethods
       include Contrast::Components::Scope::InstanceMethods
+      include Contrast::Utils::MiddlewareUtils
 
       attr_reader :app
 
@@ -64,21 +68,6 @@ module Contrast
 
       private
 
-      def setup_agent
-        ::Contrast::SETTINGS.reset_state
-
-        inform_deprecations
-
-        if ::Contrast::CONFIG.invalid?
-          ::Contrast::AGENT.disable!
-          logger.error('!!! CONFIG FILE IS INVALID - DISABLING CONTRAST AGENT !!!')
-        elsif ::Contrast::AGENT.disabled?
-          logger.warn('Contrast disabled by configuration. Continuing without instrumentation.')
-        else
-          ::Contrast::AGENT.enable!
-        end
-      end
-
       # Startup the Agent as part of the initialization process:
       # - start the service sending thread, responsible for sending and processing messages
       # - start the heartbeat thread, which triggers service startup
@@ -89,6 +78,13 @@ module Contrast
           Contrast::Agent.thread_watcher.ensure_running?
         end
 
+        if Contrast::Agent::Telemetry.enabled?
+          logger.debug_with_time('middleware: sending startup metrics telemetry event') do
+            event = Contrast::Agent::StartupMetricsTelemetryEvent.new
+            Contrast::Agent.thread_watcher.telemetry_queue.send_event(event)
+          end
+        end
+
         logger.debug_with_time('middleware: instrument shared libraries and patch') do
           Contrast::Agent::Patching::Policy::Patcher.patch
         end
@@ -165,6 +161,9 @@ module Contrast
         with_contrast_scope do
           context.extract_after(response) # update context with final response information
 
+          # Build and report all collected findings prior response
+          Contrast::Agent::FINDINGS.report_collected_findings unless Contrast::Agent::FINDINGS.collection.empty?
+
           if Contrast::Agent.framework_manager.streaming?(env)
             context.reset_activity
             request_handler.stream_safe_postfilter
@@ -178,53 +177,6 @@ module Contrast
 
         logger.error('Unable to execute agent post_call', e)
       end
-
-      def application_code env
-        logger.trace_with_time('application') do
-          app.call(env)
-        end
-      rescue Contrast::SecurityException => e
-        logger.trace('Security Exception raised during application lifecycle to prevent an attack', e)
-        raise e
-      end
-
-      SECURITY_EXCEPTION_MARKER = 'Contrast::SecurityException'
-      # We're only going to suppress SecurityExceptions indicating a blocked attack. And, only if the
-      # config.agent.ruby.exceptions.capture? is set
-      def handle_exception exception
-        if security_exception?(exception)
-          exception_control = ::Contrast::AGENT.exception_control
-          raise exception unless exception_control[:enable]
-
-          [exception_control[:status], {}, [exception_control[:message]]]
-        else
-          logger.debug('Re-throwing original error', exception)
-          raise exception
-        end
-      end
-
-      # Is the given exception one raised by our Protect code?
-      #
-      # @param exception [Exception]
-      # @return [Boolean]
-      def security_exception? exception
-        exception.is_a?(Contrast::SecurityException) || exception.message&.include?(SECURITY_EXCEPTION_MARKER)
-      end
-
-      # As we deprecate support to prepare to remove dead code, we need to inform our users still relying on the now
-      # deprecated and soon to be removed functionality. This method handles doing that by leveraging the standard
-      # Kernel#warn approach
-      def inform_deprecations
-        # Ruby 2.5 is currently in security maintenance, meaning int is only receiving updates for security issues. It
-        # will move to eol on 31 March 2021. As such, we can remove support for it in Q3. We'll begin the deprecation
-        # warnings now so that customers have time to reach out if they'll be impacted.
-        # TODO: RUBY-715 remove this part of the method, leaving it empty if there are no other deprecations, when we
-        #   drop 2.5 support.
-        return unless RUBY_VERSION < '2.6.0'
-
-        Kernel.warn('[Contrast Security] [DEPRECATION] Support for Ruby 2.5 will be removed in April 2021. '\
-                    'Please contact Customer Support prior if you require continued support.')
-      end
     end
   end
 end

data/lib/contrast/agent/patching/policy/after_load_patcher.rb

@@ -46,7 +46,6 @@ module Contrast
                 path_part = "cs__assess_#{ p }"
                 Contrast::Extension::Assess::InstrumentHelper.instrument "#{ path_part }/#{ path_part }"
               end
-              Contrast::Extension::Assess::InstrumentHelper.instrument 'cs__protect_kernel/cs__protect_kernel'
               true
             end
           end

data/lib/contrast/agent/patching/policy/method_policy.rb

@@ -1,12 +1,15 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/agent/patching/policy/method_policy_extend'
+
 module Contrast
   module Agent
     module Patching
       module Policy
         # This class is used to map each method to the trigger node that applies to it
         class MethodPolicy
+          extend Contrast::Agent::Patching::Policy::MethodPolicyExtend
           attr_reader   :deadzone_node, :inventory_node, :propagation_node, :protect_node, :trigger_node
           attr_accessor :source_node, :method_name, :method_visibility, :instance_method
 
@@ -60,50 +63,6 @@ module Contrast
             # defined by #nodes.
             @_method_scopes ||= nodes.flat_map(&:method_scope).tap(&:compact!).tap(&:uniq!)
           end
-
-          class << self
-            # Given a Contrast::Agent::Patching::Policy::ModulePolicy, parse
-            # out its information for the given method in order to construct a
-            # Contrast::Agent::Patching::Policy::MethodPolicy
-            #
-            # @param method_name [Symbol] the name of the method for this policy
-            # @param module_policy [Contrast::Agent::Patching::Policy::ModulePolicy]
-            #   the entire policy for this module
-            # @param instance_method [Boolean] true if this method is an
-            #   instance method
-            # @return [Contrast::Agent::Patching::Policy::MethodPolicy]
-            def build_method_policy method_name, module_policy, instance_method
-              source_node =      find_method_node(module_policy.source_nodes, method_name, instance_method)
-              propagation_node = find_method_node(module_policy.propagator_nodes, method_name, instance_method)
-              trigger_node =     find_method_node(module_policy.trigger_nodes, method_name, instance_method)
-              protect_node =     find_method_node(module_policy.protect_nodes, method_name, instance_method)
-              inventory_node =   find_method_node(module_policy.inventory_nodes, method_name, instance_method)
-              deadzone_node =    find_method_node(module_policy.deadzone_nodes, method_name, instance_method)
-              method_visibility = find_visibility(source_node, propagation_node, trigger_node, protect_node,
-                                                  inventory_node, deadzone_node)
-              MethodPolicy.new(method_name: method_name,
-                               method_visibility: method_visibility,
-                               instance_method: instance_method,
-                               source_node: source_node,
-                               propagation_node: propagation_node,
-                               trigger_node: trigger_node,
-                               protect_node: protect_node,
-                               inventory_node: inventory_node,
-                               deadzone_node: deadzone_node)
-            end
-
-            def find_method_node nodes, method_name, is_instance_method
-              return unless nodes
-
-              nodes.find do |node|
-                node.instance_method? == is_instance_method && node.method_name == method_name
-              end
-            end
-
-            def find_visibility *nodes
-              nodes.find { |node| node }&.method_visibility
-            end
-          end
         end
       end
     end