contrast-agent 4.12.0 → 4.13.0

data/lib/contrast/agent/assess/property/tagged.rb

@@ -5,6 +5,7 @@ require 'contrast/agent/assess/tag'
 require 'contrast/utils/object_share'
 require 'contrast/utils/string_utils'
 require 'contrast/utils/tag_util'
+require 'contrast/utils/assess/property/tagged_utils'
 
 module Contrast
   module Agent
@@ -13,6 +14,7 @@ module Contrast
         # This module serves to hold the functionality required for the
         # management of our dataflow tags.
         module Tagged
+          include Contrast::Utils::Assess::TaggedUtils
           # Is any tag present?
           # Creating Tags is expensive and we check for Tags all the time on
           # untracked things. ALWAYS!!! call this method before checking if an
@@ -45,134 +47,6 @@ module Contrast
             false
           end
 
-          # Find all of the ranges that span a given index. This is used
-          # in propagation when we need to shift tags about. For instance, in
-          # the append method when we need to see if any tag at the end needs
-          # to be expanded out to the size of the new String.
-          #
-          # Note: Tags do not know their key, so this is only the range covered
-          #
-          # @param idx [Integer] the index to check for tags
-          # @return [Array<Contrast::Agent::Assess::Tag>] a set of all the Tags
-          #   covering the given index. This is only the ranges, not the names.
-          def tags_at idx
-            return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless tracked?
-
-            at = []
-            tags.each_value do |tag_array|
-              tag_array.each do |tag|
-                if tag.covers?(idx)
-                  at << tag
-                elsif tag.above?(idx)
-                  break
-                end
-              end
-            end
-            at
-          end
-
-          # given a range, select all tags in that range the selected tags are
-          # shifted such that the start index of the new tag (0) aligns with
-          # the given start index in the range
-          #
-          # current tags: 5-15
-          # range       : 5-10
-          # result      : 0-05
-          #
-          # Note that we disable Lint/DuplicateBranch in this branch in order
-          # list out all tag range cases in the proper order to make this
-          # easier to understand
-          #
-          # @param range [Range] the span to check, inclusive to exclusive
-          # @return [Hash{String => Contrast::Agent::Assess::Tag}] the hash of
-          #   key to tags
-          def tags_at_range range
-            return Contrast::Utils::ObjectShare::EMPTY_HASH unless tracked?
-
-            at = Hash.new { |h, k| h[k] = [] }
-            tags.each_pair do |key, value|
-              add = nil
-              value.each do |tag|
-                within_range = resize_to_range(tag, range)
-                if within_range
-                  add ||= []
-                  add << within_range
-                end
-              end
-              next unless add&.any?
-
-              at[key] = add
-            end
-            at
-          end
-
-          # Given a tag name and range object, add a new tag to this
-          # collection. If the given range touches an existing tag,
-          # we'll combine the two, adjusting the existing one and
-          # dropping this new one.
-          #
-          # @param label [String] the name of the tag
-          # @param range [Range] the Range that the tag covers, inclusive to
-          #   exclusive
-          def add_tag label, range
-            length = range.end - range.begin
-            tag = Contrast::Agent::Assess::Tag.new(label, length, range.begin)
-            existing = fetch_tag(label)
-            tags[label] = Contrast::Utils::TagUtil.ordered_merge(existing, tag)
-          end
-
-          def set_tags label, tag_ranges
-            tags[label] = tag_ranges
-          end
-
-          # Returns a list of all current tags.
-          #
-          # @return [Hash<Contrast::Agent::Assess::Tag>]
-          def get_tags # rubocop:disable Naming/AccessorMethodName
-            return Contrast::Utils::ObjectShare::EMPTY_HASH unless tracked?
-
-            tags
-          end
-
-          # We'll use this as a helper method to retrieve tags from the hash.
-          # Because the hash auto-populates an empty array when we try to
-          # access a tag in it, we cannot use the [] method without side
-          # effect. To get around this, we'll use a fetch work around.
-          #
-          # @param label [Symbol] the label to look up
-          # @return [Array<Contrast::Agent::Assess::Tag>] all the tags with
-          #   that label
-          def fetch_tag label
-            get_tags.fetch(label, nil) if tracked?
-          end
-
-          # Remove all tags with a given label
-          def delete_tags label
-            tags.delete(label) if tracked?
-          end
-
-          # Reset the tag hash
-          def clear_tags
-            tags.clear if tracked?
-          end
-
-          # Returns a list of all current tag labels, most likely to be used for
-          # a splat operation
-          def tag_keys
-            return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless tracked?
-
-            tags.keys
-          end
-
-          # Calls merge to combine touching or overlapping tags
-          # Deletes empty tags
-          def cleanup_tags
-            return unless tracked?
-
-            Contrast::Utils::TagUtil.merge_tags(tags)
-            tags.delete_if { |_, value| value.empty? }
-          end
-
           # Remove all tags within the given ranges.
           # This does not delete an entire tag if part of that tag is
           # outside this range, meaning we may reduce sizes of tags

data/lib/contrast/agent/deadzone/policy/policy.rb

@@ -38,7 +38,7 @@ module Contrast
           def validate
             return if class_name
 
-            raise(ArgumentError, "#{ @node_class } #{ id } did not have a proper class name. Unable to create.")
+            raise(ArgumentError, "#{ node_class } #{ id } did not have a proper class name. Unable to create.")
           end
 
           def module_names

data/lib/contrast/agent/inventory/dependency_usage_analysis.rb

@@ -71,6 +71,7 @@ module Contrast
 
         # Populate the library_usages field of the Activity message using the data stored in the @gemdigest_cache.
         #
+        # TODO: RUBY-1355
         # @param activity [Contrast::Api::Dtm::Activity] the message to which to append the usage data
         def generate_library_usage activity
           return unless enabled?

data/lib/contrast/agent/metric_telemetry_event.rb

@@ -0,0 +1,26 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/metrics_hash'
+require 'contrast/agent/telemetry_event'
+
+module Contrast
+  module Agent
+    # This class will hold the basic information for a Telemetry Event
+    class MetricTelemetryEvent < Contrast::Agent::TelemetryEvent
+      include Contrast::Utils
+
+      attr_reader :fields
+
+      def initialize
+        super
+        @fields = MetricsHash.new(Numeric)
+        @fields['_filter'] = 0
+      end
+
+      def to_json **_args
+        super.merge!({ fields: @fields })
+      end
+    end
+  end
+end

data/lib/contrast/agent/middleware.rb

@@ -10,8 +10,10 @@ require 'contrast/utils/object_share'
 require 'contrast/components/logger'
 require 'contrast/components/scope'
 require 'contrast/utils/heap_dump_util'
+require 'contrast/utils/telemetry'
 require 'contrast/agent/request_handler'
 require 'contrast/agent/static_analysis'
+require 'contrast/agent/startup_metrics_telemetry_event'
 
 require 'contrast/utils/timer'
 
@@ -68,6 +70,7 @@ module Contrast
         ::Contrast::SETTINGS.reset_state
 
         inform_deprecations
+        telemetry_disclaimer
 
         if ::Contrast::CONFIG.invalid?
           ::Contrast::AGENT.disable!
@@ -89,6 +92,13 @@ module Contrast
           Contrast::Agent.thread_watcher.ensure_running?
         end
 
+        if Contrast::Agent::Telemetry.enabled?
+          logger.debug_with_time('middleware: sending startup metrics telemetry event') do
+            event = Contrast::Agent::StartupMetricsTelemetryEvent.new
+            Contrast::Agent.thread_watcher.telemetry_queue.send_event(event)
+          end
+        end
+
         logger.debug_with_time('middleware: instrument shared libraries and patch') do
           Contrast::Agent::Patching::Policy::Patcher.patch
         end
@@ -225,6 +235,18 @@ module Contrast
         Kernel.warn('[Contrast Security] [DEPRECATION] Support for Ruby 2.5 will be removed in April 2021. '\
                     'Please contact Customer Support prior if you require continued support.')
       end
+
+      # Displays Telemetry disclaimer if Telemetry is enabled.
+      # if .telemetry file doesn't exist we create one and then show the disclaimer.
+      # if the file already exists we do nothing.
+      def telemetry_disclaimer
+        return unless Contrast::Agent::Telemetry.enabled?
+        return unless Contrast::Utils::Telemetry.create_telemetry_file
+
+        logger.info Contrast::Utils::Telemetry.disclaimer
+        $stdout.print Contrast::Utils::Telemetry.disclaimer
+        true
+      end
     end
   end
 end

data/lib/contrast/agent/patching/policy/patch.rb

@@ -4,6 +4,7 @@
 require 'monitor'
 require 'contrast/components/logger'
 require 'contrast/components/scope'
+require 'contrast/utils/patching/policy/patch_utils'
 
 require 'contrast/agent'
 require 'contrast/logger/log'
@@ -32,6 +33,8 @@ module Contrast
         # provides a map for which methods our renamed functions need to call
         # and how.
         module Patch
+          extend Contrast::Utils::Patching::PatchUtils
+
           class << self
             include Contrast::Agent::Assess::Policy::SourceMethod
             include Contrast::Agent::Assess::Policy::PropagationMethod
@@ -57,226 +60,6 @@ module Contrast
               end
             end
 
-            # THIS IS CALLED FROM C. Do not change the signature lightly.
-            #
-            # This method functions to call the infilter methods from our
-            # patches, allowing for analysis and reporting at the point just
-            # before the patched code is invoked.
-            #
-            # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-            #   Mapping of the triggers on the given method.
-            # @param method [Symbol] The method into which we're patching
-            # @param exception [StandardError] Any exception raised during the
-            #   call of the patched method.
-            # @param object [Object] The object on which the method is invoked,
-            #   typically what would be returned by self.
-            # @param args [Array<Object>] The arguments passed to the method
-            #   being invoked.
-            def apply_pre_patch method_policy, method, exception, object, args
-              apply_protect(method_policy, method, exception, object, args)
-              apply_inventory(method_policy, method, exception, object, args)
-            rescue Contrast::SecurityException => e
-              # We were told to block something, so we gotta. Don't catch this
-              # one, let it get back to our Middleware or even all the way out to
-              # the framework
-              raise e
-            rescue StandardError => e
-              # Anything else was our bad and we gotta catch that to allow for
-              # normal application flow
-              logger.error('Unable to apply pre patch to method.', e)
-            rescue Exception => e # rubocop:disable Lint/RescueException
-              # This is something like NoMemoryError that we can't
-              # hope to handle.  Nonetheless, shouldn't leak scope.
-              exit_contrast_scope!
-              raise e
-            end
-
-            # THIS IS CALLED FROM C. Do not change the signature lightly.
-            #
-            # This method functions to call the infilter methods from our
-            # patches, allowing for analysis and reporting at the point just
-            # after the patched code is invoked
-            #
-            # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-            #   Mapping of the triggers on the given method.
-            # @param preshift [Contrast::Agent::Assess::PreShift] The capture
-            #   of the state of the code just prior to the invocation of the
-            #   patched method.
-            # @param object [Object] The object on which the method was
-            #   invoked, typically what would be returned by self.
-            # @param ret [Object] The return of the method that was invoked.
-            # @param args [Array<Object>] The arguments passed to the method
-            #   being invoked.
-            # @param block [Proc] The block passed to the method that was
-            #   invoked.
-            def apply_post_patch method_policy, preshift, object, ret, args, block
-              apply_assess(method_policy, preshift, object, ret, args, block)
-            rescue StandardError => e
-              logger.error('Unable to apply post patch to method.', e)
-            end
-
-            # Apply the Protect patch which applies to the given method.
-            #
-            # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-            #   Mapping of the triggers on the given method.
-            # @param method [Symbol] The method into which we're patching
-            # @param exception [StandardError] Any exception raised during the
-            #   call of the patched method.
-            # @param object [Object] The object on which the method is invoked,
-            #   typically what would be returned by self.
-            # @param args [Array<Object>] The arguments passed to the method
-            #   being invoked.
-            def apply_protect method_policy, method, exception, object, args
-              return unless ::Contrast::AGENT.enabled?
-              return unless ::Contrast::PROTECT.enabled?
-
-              apply_trigger_only(method_policy&.protect_node, method, exception, object, args)
-            end
-
-            # Apply the Inventory patch which applies to the given method.
-            #
-            # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-            #   Mapping of the triggers on the given method.
-            # @param method [Symbol] The method into which we're patching
-            # @param exception [StandardError] Any exception raised during the
-            #   call of the patched method.
-            # @param object [Object] The object on which the method is invoked,
-            #   typically what would be returned by self.
-            # @param args [Array<Object>] The arguments passed to the method
-            #   being invoked.
-            def apply_inventory method_policy, method, exception, object, args
-              return unless ::Contrast::INVENTORY.enabled?
-
-              apply_trigger_only(method_policy&.inventory_node, method, exception, object, args)
-            end
-
-            # Apply the Assess patches which apply to the given method.
-            #
-            # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-            #   Mapping of the triggers on the given method.
-            # @param preshift [Contrast::Agent::Assess::PreShift] The capture
-            #   of the state of the code just prior to the invocation of the
-            #   patched method.
-            # @param object [Object] The object on which the method was
-            #   invoked, typically what would be returned by self.
-            # @param ret [Object] The return of the method that was invoked.
-            # @param args [Array<Object>] The arguments passed to the method
-            #   being invoked.
-            # @param block [Proc] The block passed to the method that was
-            #   invoked.
-            def apply_assess method_policy, preshift, object, ret, args, block
-              source_ret = nil
-              propagated_ret = nil
-              return ret unless method_policy && ::Contrast::ASSESS.enabled?
-
-              current_context = Contrast::Agent::REQUEST_TRACKER.current
-              return ret if current_context && !current_context.analyze_request?
-
-              trigger_node = method_policy.trigger_node
-              if trigger_node
-                Contrast::Agent::Assess::Policy::TriggerMethod.apply_trigger_rule(trigger_node, object, ret, args)
-              end
-              if method_policy.source_node
-                # If we were given a frozen return, and it was the target of a
-                # source, and we have frozen sources enabled, we'll need to
-                # replace the return. Note, this is not the default case.
-                source_ret = Contrast::Agent::Assess::Policy::SourceMethod.source_patchers(method_policy, object, ret,
-                                                                                           args)
-              end
-              if method_policy.propagation_node
-                propagated_ret = Contrast::Agent::Assess::Policy::PropagationMethod.apply_propagation(
-                    method_policy,
-                    preshift,
-                    object,
-                    source_ret || ret,
-                    args,
-                    block)
-              end
-              handle_return(propagated_ret, source_ret, ret)
-            rescue StandardError => e
-              logger.error('Unable to assess method call.', e)
-              handle_return(propagated_ret, source_ret, ret)
-            rescue Exception => e # rubocop:disable Lint/RescueException
-              logger.error('Unable to assess method call.', e)
-              handle_return(propagated_ret, source_ret, ret)
-              raise e
-            end
-
-            # Generic invocation of the Inventory or Protect patch which apply
-            # to the given method.
-            #
-            # @param trigger_node [Contrast::Agent::Inventory::Policy::TriggerNode]
-            #   Mapping of the specific trigger on the given method.
-            # @param method [Symbol] The method into which we're patching
-            # @param exception [StandardError] Any exception raised during the
-            #   call of the patched method.
-            # @param object [Object] The object on which the method is invoked,
-            #   typically what would be returned by self.
-            # @param args [Array<Object>] The arguments passed to the method
-            #   being invoked.
-            def apply_trigger_only trigger_node, method, exception, object, args
-              return unless trigger_node
-
-              # If that rule only applies in the case of an exception being
-              # thrown and there's no exception here, move along, or vice versa
-              return if trigger_node.on_exception && !exception
-              return if !trigger_node.on_exception && exception
-
-              # Each patch has an applicator that handles logic for it. Think
-              # of this as being similar to propagator actions, most closely
-              # resembling CUSTOM - they all have a common interface but their
-              # own logic based on what's in the method(s) they've been patched
-              # into.
-              # Each patch also knows the method of its applicator. Some
-              # things, like AppliesXxeRule, have different methods depending
-              # on the library patched. This lets us handle the boilerplate of
-              # patching while still allowing for custom handling of the
-              # methods.
-              applicator_method = trigger_node.applicator_method
-              # By calling send like this, we can reuse all the patching.
-              # We `send` to the given method of the given class
-              # (applicator) since they all accept the same inputs
-              trigger_node.applicator.send(applicator_method, method, exception, trigger_node.properties, object, args)
-            end
-
-            # Method to choose which replaced return from the post_patch to
-            # actually return
-            #
-            # @param propagated_ret [Object, nil] The replaced return from the
-            #   propagation patch.
-            # @param source_ret [Object, nil] The replaced return from the
-            #   source patch.
-            # @param ret [Object, nil] The original return of the patched
-            #   method.
-            # @return [Object, nil] The thing to return from the post patch.
-            def handle_return propagated_ret, source_ret, ret
-              safe_return = propagated_ret || source_ret || ret
-              safe_return.rewind if Contrast::Utils::IOUtil.should_rewind?(safe_return)
-              safe_return
-            end
-
-            # Given a module and method, construct an expected name for the
-            # alias by which Contrast will reference the original.
-            #
-            # @param patched_class [Module] the module being patched
-            # @param patched_method [Symbol] the method being patched
-            # @return [Symbol]
-            def build_method_name patched_class, patched_method
-              (Contrast::Utils::ObjectShare::CONTRAST_PATCHED_METHOD_START +
-                  patched_class.cs__name.gsub('::', '_').downcase +
-                  Contrast::Utils::ObjectShare::UNDERSCORE +
-                  patched_method.to_s).to_sym
-            end
-
-            # Given a method, return a symbol in the format
-            # <method_start>_unbound_<method_name>
-            def build_unbound_method_name patcher_method
-              (Contrast::Utils::ObjectShare::CONTRAST_PATCHED_METHOD_START +
-                'unbound' +
-                Contrast::Utils::ObjectShare::UNDERSCORE +
-                patcher_method.to_s).to_sym
-            end
-
             # @param mod [Module] the module in which the patch should be
             #   placed.
             # @param methods [Array(Symbol)] all the instance or singleton
@@ -337,7 +120,7 @@ module Contrast
             #   :prepend            -> prepend instance method of module
             #   [prepending singleton is easily supported too, just not implemented yet.]
             # @return [Symbol] new alias for the underlying method (presumably, so the patched method can call it)
-            def register_c_patch target_module_name, unbound_method, impl = :alias_instance # rubocop:disable  Metrics/AbcSize
+            def register_c_patch target_module_name, unbound_method, impl = :alias_instance
               # These could be set as AfterLoadPatches.
               method_name = unbound_method.name.to_sym # rubocop:disable Security/Module/Name -- ruby built in attribute.
               underlying_method_name = build_unbound_method_name(method_name).to_sym
@@ -360,6 +143,30 @@ module Contrast
                                    ERR
                            end
 
+              reflect_implementation impl, target_module, unbound_method, visibility
+              # Ougai::Logger.create_item_with_2args calls Hash#[]=, so we
+              # can't invoke this logging method or we'll seg fault as we'd
+              # change the method definition mid-call
+              # if method_name != :[]= &&
+              #   Contrast::Agent::Logger.defined!
+              #   logger.trace(
+              #       'Registered C-defined patch',
+              #       implementation: impl,
+              #       module: target_mod,
+              #       method: method_name,
+              #       visibility: visibility)
+              # end
+              underlying_method_name
+            end
+
+            # @param impl [Symbol] Strategy for applying the patch: { :alias_instance, :alias_singleton, or :prepend }:
+            # @param target_module [Module] The targeted module
+            # @param unbound_method [UnboundMethod] An unbound method, to be patched into target_module.
+            # @param visibility [Symbol] method visibility
+            def reflect_implementation impl, target_module, unbound_method, visibility
+              method_name = unbound_method.name.to_sym # rubocop:disable Security/Module/Name -- ruby built in attribute.
+              underlying_method_name = build_unbound_method_name(method_name).to_sym
+
               case impl
               when :alias_instance, :alias_singleton
                 # Core to patching. Ignore define method usage cop.
@@ -383,20 +190,6 @@ module Contrast
                 target_module.prepend prepending_module
                 # rubocop:enable Performance/Kernel/DefineMethod
               end
-
-              # Ougai::Logger.create_item_with_2args calls Hash#[]=, so we
-              # can't invoke this logging method or we'll seg fault as we'd
-              # change the method definition mid-call
-              # if method_name != :[]= &&
-              #   Contrast::Agent::Logger.defined!
-              #   logger.trace(
-              #       'Registered C-defined patch',
-              #       implementation: impl,
-              #       module: target_module_name,
-              #       method: method_name,
-              #       visibility: visibility)
-              # end
-              underlying_method_name
             end
 
             # @return [Boolean]

data/lib/contrast/agent/patching/policy/patcher.rb

@@ -10,6 +10,7 @@ require 'contrast/agent/patching/policy/module_policy'
 require 'contrast/components/logger'
 require 'contrast/components/scope'
 require 'contrast/utils/class_util'
+require 'contrast/utils/patching/policy/patcher_utils'
 
 # assess
 require 'contrast/agent/assess/policy/policy'
@@ -44,6 +45,7 @@ module Contrast
         # and how.
         module Patcher
           extend Contrast::Agent::Patching::Policy::AfterLoadPatcher
+          extend Contrast::Utils::Patching::PatcherUtils
           extend Contrast::Components::Logger::InstanceMethods
           extend Contrast::Components::Scope::InstanceMethods
 
@@ -77,47 +79,6 @@ module Contrast
               end
             end
 
-            # This method is called by TracePointHook to instrument a specific class during a require
-            # or eval of dynamic class definition
-            def patch_specific_module mod
-              with_contrast_scope do
-                mod_name = mod.cs__name
-                return unless Contrast::Utils::ClassUtil.truly_defined?(mod_name)
-                return if ::Contrast::AGENT.skip_instrumentation?(mod_name)
-
-                load_patches_for_module(mod_name)
-
-                return if all_module_names.none?(mod_name)
-
-                module_data = Contrast::Agent::ModuleData.new(mod, mod_name)
-                patch_into_module(module_data)
-                all_module_names.delete(mod_name) if status_type.get_status(mod).patched?
-              rescue StandardError => e
-                logger.error('Unable to patch module', e, module: mod_name)
-              end
-            end
-
-            # We did it, team. We found a patcher(s) that applies to the given
-            # class (or module) and the given method. Time to do some tracking.
-            #
-            # @param mod [Module] the module in which the patch should be
-            #   placed.
-            # @param methods [Array(Symbol)] all the instance or singleton
-            #   methods in this mod.
-            # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-            #   the policy that applies to the given method_name.
-            # @return [Boolean] if patched, either by this invocation or a
-            #   previous, or not
-            def patch_method mod, methods, method_policy
-              return false unless methods&.any? # don't even build the name if there are no methods
-
-              if Contrast::Utils::ClassUtil.prepended_method?(mod, method_policy)
-                Contrast::Agent::Patching::Policy::Patch.instrument_with_prepend(mod, method_policy)
-              else
-                Contrast::Agent::Patching::Policy::Patch.instrument_with_alias(mod, methods, method_policy)
-              end
-            end
-
             private
 
             POLICIES = [

data/lib/contrast/agent/request_handler.rb

@@ -6,19 +6,23 @@ require 'contrast/components/scope'
 
 module Contrast
   module Agent
-    # This class is instantiated when we receive a request and the agent is enabled to process
-    # that request. It holds the ruleset that we perform filtering operations on (currently
-    # prefilter and postfilter).
+    # This class is instantiated when we receive a request and the agent is enabled to process that request. It holds
+    # the ruleset that we perform filtering operations on (currently prefilter and postfilter).
     class RequestHandler
       include Contrast::Components::Logger::InstanceMethods
 
       attr_reader :ruleset, :context
 
+      # @param context [Contrast::Agent::RequestContext] the context of the request for which this handler applies
       def initialize context
         @context = context
         @ruleset = ::Contrast::AGENT.ruleset
       end
 
+      # TODO: RUBY-1353
+      # TODO: RUBY-1355
+      # TODO: RUBY-1357
+      # TODO: RUBY-1358
       def send_activity_messages
         Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.generate_library_usage(context.activity)
         [context.server_activity, context.activity, context.observed_route].each do |message|