contrast-agent 4.12.0 → 4.14.1

data/lib/contrast/config/base_configuration.rb

@@ -12,17 +12,18 @@ module Contrast
     class BaseConfiguration
       extend Forwardable
 
-      STRING_BOOLEANS = %w[false true].cs__freeze
+      attr_reader :configuration_map
 
-      attr_reader :map
-
-      alias_method :to_hash, :map
-      def_delegators :@map, :empty?, :key?, :delete, :fetch, :[], :[]=, :each, :each_pair, :each_key, :each_value
+      alias_method :to_hash, :configuration_map
+      def_delegators :@configuration_map, :empty?, :key?, :delete, :fetch,
+                     :[], :[]=, :each, :each_pair, :each_key, :each_value
 
       EMPTY_VALUE = :EMPTY_VALUE
 
       def initialize hsh = {}, keys = {}
-        @map = {}
+        # holds configuration key value pairs
+        # each configuration class can contain nested BaseConfigurations
+        @configuration_map = {}
         traverse_config(hsh, keys)
       end
 
@@ -39,7 +40,7 @@ module Contrast
       end
 
       def nil?
-        @map.empty?
+        @configuration_map.empty?
       end
 
       private
@@ -69,25 +70,13 @@ module Contrast
       end
 
       def assign_config_value str_key, spec_value, user_provided_value
-        @map[str_key] = if spec_value.is_a?(Class) && spec_value <= Contrast::Config::BaseConfiguration
-                          spec_value.new(user_provided_value)
-                        elsif spec_value.is_a?(Contrast::Config::DefaultValue) && user_provided_value == EMPTY_VALUE
-                          spec_value.value
-                        elsif user_provided_value.cs__is_a?(String)
-                          value = user_provided_value.downcase
-                          # converts string values to 'true' => true or 'false' => false
-                          case value
-                          when STRING_BOOLEANS[1]
-                            true
-                          when STRING_BOOLEANS[0]
-                            false
-                          else
-                            # returns non boolean string values
-                            user_provided_value
-                          end
-                        else
-                          user_provided_value
-                        end
+        @configuration_map[str_key] = if spec_value.is_a?(Class) && spec_value <= Contrast::Config::BaseConfiguration
+                                        spec_value.new(user_provided_value)
+                                      elsif user_provided_value == EMPTY_VALUE
+                                        spec_value
+                                      else
+                                        user_provided_value
+                                      end
       end
 
       def value_from_key_config key, config_hash
@@ -99,13 +88,13 @@ module Contrast
 
       def define_getter str_key
         define_singleton_method str_key.to_sym do
-          @map[str_key] == EMPTY_VALUE ? nil : @map[str_key]
+          @configuration_map[str_key] == EMPTY_VALUE ? nil : @configuration_map[str_key]
         end
       end
 
       def define_setter str_key
         define_singleton_method "#{ str_key }=".to_sym do |new_value|
-          @map[str_key] = new_value
+          @configuration_map[str_key] = new_value
         end
       end
     end

data/lib/contrast/config/certification_configuration.rb

@@ -0,0 +1,15 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Config
+    # Certificate Configuration
+    class CertificationConfiguration < BaseConfiguration
+      KEYS = { enable: false, ca_file: EMPTY_VALUE, cert_file: EMPTY_VALUE, key_file: EMPTY_VALUE }.cs__freeze
+
+      def initialize hsh
+        super(hsh, KEYS)
+      end
+    end
+  end
+end

data/lib/contrast/config/env_variables.rb

@@ -0,0 +1,18 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Config
+    # This module is holding all the Env Variables that we could use through the agent lifecycle
+    module EnvVariables
+      ENV_VARIABLES = { telemetry_opt_outs: ENV['CONTRAST_AGENT_TELEMETRY_OPTOUT'].to_s || false }.cs__freeze
+
+      def return_value key
+        return unless ENV_VARIABLES.key?(key.to_sym)
+
+        sym_key = key.downcase.to_sym
+        ENV_VARIABLES[sym_key]
+      end
+    end
+  end
+end

data/lib/contrast/config/heap_dump_configuration.rb

@@ -8,17 +8,17 @@ module Contrast
     class HeapDumpConfiguration < BaseConfiguration
       KEYS = {
           enable:                                                                   # should dumps be taken
-            Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::FALSE),
+            Contrast::Utils::ObjectShare::FALSE,
           path:                                                                     # dir to which dumps should be
-            Contrast::Config::DefaultValue.new('contrast_heap_dumps'), #   saved
+            'contrast_heap_dumps', # saved
           delay_ms:                                                                 # time, in ms, after initialization
-            Contrast::Config::DefaultValue.new(10_000), #   to delay before taking dump
+            10_000, # to delay before taking dump
           window_ms:                                                                # ms between each dump
-            Contrast::Config::DefaultValue.new(10_000), #
+            10_000, #
           count:                                                                    # number of dumps to take
-            Contrast::Config::DefaultValue.new(5), #
+            5, #
           clean:                                                                    # remove temporary objects or not
-            Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::FALSE)  #
+            Contrast::Utils::ObjectShare::FALSE #
       }.cs__freeze
 
       def initialize hsh

data/lib/contrast/config/inventory_configuration.rb

@@ -6,11 +6,7 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # inventory functionality of the Agent.
     class InventoryConfiguration < BaseConfiguration
-      KEYS = {
-          enable: Contrast::Config::DefaultValue.new(true),
-          analyze_libraries: Contrast::Config::DefaultValue.new(true),
-          tags: EMPTY_VALUE
-      }.cs__freeze
+      KEYS = { enable: true, analyze_libraries: true, tags: EMPTY_VALUE }.cs__freeze
 
       def initialize hsh
         super(hsh, KEYS)

data/lib/contrast/config/protect_rule_configuration.rb

@@ -12,7 +12,7 @@ module Contrast
           enable: EMPTY_VALUE,
           mode: EMPTY_VALUE,
           disable_system_commands: EMPTY_VALUE,
-          detect_custom_code_accessing_system_files: Contrast::Config::DefaultValue.new('true')
+          detect_custom_code_accessing_system_files: true
       }.cs__freeze
 
       def initialize hsh

data/lib/contrast/config/request_audit_configuration.rb

@@ -0,0 +1,18 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Config
+    # This class holds the Common Settings for the
+    # hidden functionality of the TS
+    class RequestAuditConfiguration < BaseConfiguration
+      DEFAULT_PATH = './messages'
+
+      KEYS = { enable: false, requests: false, responses: false, path: DEFAULT_PATH }.cs__freeze
+
+      def initialize hsh
+        super(hsh, KEYS)
+      end
+    end
+  end
+end

data/lib/contrast/config/root_configuration.rb

@@ -6,6 +6,7 @@ module Contrast
     # The base of the Common Configuration settings.
     class RootConfiguration < BaseConfiguration
       KEYS = {
+          api: Contrast::Config::ApiConfiguration,
           enable: BaseConfiguration::EMPTY_VALUE,
           agent: Contrast::Config::AgentConfiguration,
           application: Contrast::Config::ApplicationConfiguration,

data/lib/contrast/config/ruby_configuration.rb

@@ -23,17 +23,17 @@ module Contrast
       DEFAULT_UNINSTRUMENTED_NAMESPACES = %w[FactoryGirl FactoryBot].cs__freeze
 
       KEYS = {
-          disabled_agent_rake_tasks: Contrast::Config::DefaultValue.new(DISABLED_RAKE_TASK_LIST),
+          disabled_agent_rake_tasks: DISABLED_RAKE_TASK_LIST,
           exceptions: Contrast::Config::ExceptionConfiguration,
           # controls whether or not we patch interpolation, either by rewrite or by funchook
-          interpolate: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::TRUE),
+          interpolate: Contrast::Utils::ObjectShare::TRUE,
           # controls whether or not we patch the rb_yield block to track split propagation
-          propagate_yield: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::TRUE),
+          propagate_yield: Contrast::Utils::ObjectShare::TRUE,
           # control whether or not we run file scanning rules on require
-          require_scan: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::TRUE),
+          require_scan: Contrast::Utils::ObjectShare::TRUE,
           # controls whether or not we track frozen Strings by replacing them
-          track_frozen_sources: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::TRUE),
-          uninstrument_namespace: Contrast::Config::DefaultValue.new(DEFAULT_UNINSTRUMENTED_NAMESPACES)
+          track_frozen_sources: Contrast::Utils::ObjectShare::TRUE,
+          uninstrument_namespace: DEFAULT_UNINSTRUMENTED_NAMESPACES
       }.cs__freeze
 
       def initialize hsh

data/lib/contrast/config/service_configuration.rb

@@ -1,7 +1,6 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/config/default_value'
 require 'contrast/config/logger_configuration'
 
 module Contrast
@@ -19,7 +18,8 @@ module Contrast
           host: EMPTY_VALUE,
           port: EMPTY_VALUE,
           socket: EMPTY_VALUE,
-          logger: Contrast::Config::LoggerConfiguration
+          logger: Contrast::Config::LoggerConfiguration,
+          bypass: false
       }.cs__freeze
 
       def initialize hsh

data/lib/contrast/config.rb

@@ -11,7 +11,6 @@ module Contrast
 end
 
 require 'contrast/config/base_configuration'
-require 'contrast/config/default_value'
 
 require 'contrast/config/logger_configuration'
 
@@ -24,6 +23,7 @@ require 'contrast/config/protect_rules_configuration'
 require 'contrast/config/sampling_configuration'
 
 require 'contrast/config/ruby_configuration'
+require 'contrast/config/api_configuration'
 require 'contrast/config/agent_configuration'
 require 'contrast/config/application_configuration'
 require 'contrast/config/server_configuration'

data/lib/contrast/configuration.rb

@@ -7,6 +7,7 @@ require 'fileutils'
 require 'contrast/config'
 require 'contrast/utils/object_share'
 require 'contrast/components/scope'
+require 'contrast/utils/exclude_key'
 
 module Contrast
   # This is how we read in the local settings for the Agent, both ENV/ CMD line
@@ -86,7 +87,7 @@ module Contrast
     def yaml_to_hash path
       if path && File.readable?(path)
         begin
-          yaml = IO.read(path)
+          yaml = File.read(path)
           yaml = ERB.new(yaml).result if defined?(ERB)
           return YAML.safe_load(yaml)
         rescue Psych::Exception => e
@@ -204,7 +205,6 @@ module Contrast
     # in the thing to convert and setting them in the given hash. For now, this
     # logs every possible key, whether set or not. If we want to change that
     # behavior, we can skip adding keys to the hash if the value is nil, blank,
-    # or Contrast::Config::DefaultValue depending on desired behavior
     #
     # @param hash [Hash] the hash to populate
     # @param convert [Contrast::Config::BaseConfiguration, Object] the level of
@@ -218,6 +218,8 @@ module Contrast
       case convert
       when Contrast::Config::BaseConfiguration
         convert.cs__class::KEYS.each_key do |key|
+          next if Contrast::Utils::ExcludeKey.excludable? key.to_s
+
           hash[key] = convert_to_hash(convert.send(key), {})
         end
         hash

data/lib/contrast/extension/assess/array.rb

@@ -42,13 +42,11 @@ module Contrast
               shift = 0
               separator_length = separator.nil? ? 0 : separator.to_s.length
               parent_events = []
-              ary.each do |obj|
-                if obj # skip nil here
-                  properties.copy_from(obj, ret, shift)
-                  shift += obj.to_s.length
-                  parent_event = Contrast::Agent::Assess::Tracker.properties(obj)&.event
-                  parent_events << parent_event if parent_event
-                end
+              ary.compact.each do |obj|
+                properties.copy_from(obj, ret, shift)
+                shift += obj.to_s.length
+                parent_event = Contrast::Agent::Assess::Tracker.properties(obj)&.event
+                parent_events << parent_event if parent_event
                 shift += separator_length
               end
               return ret unless Contrast::Agent::Assess::Tracker.tracked?(ret)

data/lib/contrast/extension/thread.rb

@@ -10,22 +10,41 @@
 # exists mostly for reference.
 #
 # Scope HAS to exist per-fiber.
+# Check to see if Thread#initialize has been prepended. If it hasn't, then we should use the alias approach, so that
+# others can continue to alias it. If it has been, then we must use prepend ourselves.
+if Thread.instance_method(:initialize).owner == Thread
+  # Alias-chaining Thread#initialize.
+  class Thread
+    alias_method :cs__initialize, :initialize
 
-# Monkey-patching Thread#initialize.
-class Thread
-  alias_method :cs__initialize, :initialize
+    def initialize *args, &block
+      # Thread.current still references the original(callee) thread that is instantiating this new fiber during
+      # initialization.
+      Contrast::Components::Scope::MONITOR.synchronize do
+        if (current_context = Thread.current[:current_context])
+          self[:current_context] = current_context.dup
+        end
 
-  def initialize *args, &block
-    # Thread.current still references the original(callee) thread that is
-    # instantiating this new fiber during initialization
-    Contrast::Components::Scope::MONITOR.synchronize do
-      if (current_context = Thread.current[:current_context])
-        self[:current_context] = current_context.dup
+        Contrast::Components::Scope.sweep_dead_ecs
       end
 
-      Contrast::Components::Scope.sweep_dead_ecs
+      cs__initialize(*args, &block)
+    end
+  end
+else
+  # Prepending Thread#initialize.
+  module ContrastThread
+    def initialize *args, &block
+      # Thread.current still references the original(callee) thread that is instantiating this new fiber during
+      # initialization.
+      Contrast::Components::Scope::MONITOR.synchronize do
+        if (current_context = Thread.current[:current_context])
+          self[:current_context] = current_context.dup
+        end
+        Contrast::Components::Scope.sweep_dead_ecs
+      end
+      super
     end
-
-    cs__initialize(*args, &block)
   end
+  Thread.prepend(ContrastThread)
 end

data/lib/contrast/framework/manager.rb

@@ -9,16 +9,18 @@ require 'contrast/framework/rails/support'
 require 'contrast/framework/grape/support'
 require 'contrast/framework/sinatra/support'
 require 'contrast/utils/class_util'
+require 'contrast/framework/manager_extend'
 
 module Contrast
   module Framework
     # Allows access to framework specific information
     class Manager
       include Contrast::Components::Logger::InstanceMethods
+      include Contrast::Framework::ManagerExtend
 
-      # Order here does matter as the first framework listed will be the first one we pull information from
-      # Rack will be a special case that may involve updating some logic to handle only applying Rack if Rails/Sinatra
-      # do not exist
+      # Order here does matter as the first framework listed will be the first one we pull information from Rack will
+      # be a special case that may involve updating some logic to handle only applying Rack if Rails/Sinatra do not
+      # exist
       SUPPORTED_FRAMEWORKS = [
         Contrast::Framework::Rails::Support, Contrast::Framework::Sinatra::Support,
         Contrast::Framework::Grape::Support, Contrast::Framework::Rack::Support
@@ -34,9 +36,8 @@ module Contrast
         @_frameworks.compact!
       end
 
-      # Patches that have to be applied as early as possible to catch calls
-      # that happen prior to the first Request, typically those around
-      # configuration.
+      # Patches that have to be applied as early as possible to catch calls that happen prior to the first Request,
+      # typically those around configuration.
       def before_load_patches!
         @_before_load_patches ||= begin
           SUPPORTED_FRAMEWORKS.each(&:before_load_patches!)
@@ -66,6 +67,10 @@ module Contrast
         Contrast::Framework::PlatformVersion.from_string(framework_version)
       end
 
+      def platform_version_string
+        first_framework_result :version, ''
+      end
+
       def server_type
         first_framework_result :server_type, 'rack'
       end
@@ -81,8 +86,8 @@ module Contrast
 
       # Build a request from the provided env, based on the framework(s) we're currently supporting.
       #
-      # @param env [Hash] the various variables stored by this and other Middlewares to know the state and values
-      # of this particular Request
+      # @param env [Hash] the various variables stored by this and other Middlewares to know the state and values of
+      #   this particular Request
       # @return [::Rack::Request] either a rack request or subclass thereof.
       def retrieve_request env
         # If we're mounted on Rails, use Rails.
@@ -99,8 +104,8 @@ module Contrast
         logger.warn('Unable to retrieve_request', e)
       end
 
-      # @param env [Hash] the various variables stored by this and other Middlewares to know the state
-      #   and values of this particular Request
+      # @param env [Hash] the various variables stored by this and other Middlewares to know the state and values of
+      #   this particular Request
       # @return [Boolean] true if at least one framework is streaming the response; false if none are streaming
       def streaming? env
         result = false
@@ -111,13 +116,14 @@ module Contrast
         result
       end
 
-      # Iterate through current frameworks and return the current request's route. This will be the first
-      # non-nil result.
+      # Iterate through current frameworks and return the current request's route. This will be the first non-nil
+      # result.
       #
       # @param request [Contrast::Agent::Request] the current request.
       # @return [Contrast::Api::Dtm::RouteCoverage] the current route as a Dtm.
       def get_route_dtm request
-        @_frameworks.lazy.map { |framework_support| framework_support.current_route(request) }.reject(&:nil?).first
+        @_frameworks.lazy.map { |framework_support| framework_support.current_route(request) }.
+            reject(&:nil?).first
       end
 
       # Sometimes the framework we want to instrument is loaded after our agent code. To catch that case, we'll detect
@@ -125,6 +131,9 @@ module Contrast
       # have support enabled, we'll enable it now. We'll also need to catch up on any other startup actions that we've
       # missed. Most likely, this is only necessary for those applications which have applications mounted on them.
       #
+      # TODO: RUBY-1354
+      # TODO: RUBY-1356
+      #
       # @param mod [Module] the module or class that was just loaded
       def register_late_framework mod
         return unless mod
@@ -147,37 +156,6 @@ module Contrast
       rescue StandardError => e
         logger.warn('Unable to register a late framework', e, module: mod.cs__name)
       end
-
-      private
-
-      def enable_framework_support? klass
-        Contrast::Utils::ClassUtil.truly_defined?(klass)
-      end
-
-      def routes_for_all_frameworks
-        data_for_all_frameworks :collect_routes
-      end
-
-      # This returns an array of all data from each framework in a flat, no-nil values array
-      #
-      # @param method_name [Symbol] the method to call on each FrameworkSupport class
-      # @return [Array]
-      def data_for_all_frameworks method_name
-        @_frameworks.flat_map { |framework| framework.send(method_name) }.compact
-      end
-
-      # This returns a single object from the first framework to successfully respond
-      #
-      # @param method_name [Symbol] the method to call on each FrameworkSupport class
-      # @return [Object] - Determined by method to be invoked
-      def first_framework_result method_name, default_value
-        result = nil
-        @_frameworks.each do |framework|
-          result = framework.send(method_name)
-          break if result
-        end
-        result || default_value
-      end
     end
   end
 end

data/lib/contrast/framework/manager_extend.rb

@@ -0,0 +1,50 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+require 'contrast/extension/module'
+require 'contrast/framework/platform_version'
+require 'contrast/framework/rack/support'
+require 'contrast/framework/rails/support'
+require 'contrast/framework/grape/support'
+require 'contrast/framework/sinatra/support'
+require 'contrast/utils/class_util'
+
+module Contrast
+  module Framework
+    # Allows access to framework specific information
+    module ManagerExtend
+      private
+
+      def enable_framework_support? klass
+        Contrast::Utils::ClassUtil.truly_defined?(klass)
+      end
+
+      def routes_for_all_frameworks
+        data_for_all_frameworks :collect_routes
+      end
+
+      # This returns an array of all data from each framework in a flat, no-nil values array
+      #
+      # @param method_name [Symbol] the method to call on each FrameworkSupport class
+      # @return [Array]
+      def data_for_all_frameworks method_name
+        @_frameworks.flat_map { |framework| framework.send(method_name) }.
+            compact
+      end
+
+      # This returns a single object from the first framework to successfully respond
+      #
+      # @param method_name [Symbol] the method to call on each FrameworkSupport class
+      # @return [Object] - Determined by method to be invoked
+      def first_framework_result method_name, default_value
+        result = nil
+        @_frameworks.each do |framework|
+          result = framework.send(method_name)
+          break if result
+        end
+        result || default_value
+      end
+    end
+  end
+end

data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb

@@ -5,10 +5,14 @@ module Contrast
   module Framework
     module Rails
       module Patch
-        # This class acts as our patch into the ActionController::Live::Buffer
-        # class, allowing us to track the close event on streamed responses.
+        # This class acts as our patch into the ActionController::Live::Buffer class, allowing us to track the close
+        # event on streamed responses.
         module ActionControllerLiveBuffer
           class << self
+            # TODO: RUBY-1353
+            # TODO: RUBY-1355
+            # TODO: RUBY-1357
+            # TODO: RUBY-1357
             def send_messages
               return unless (context = Contrast::Agent::REQUEST_TRACKER.current)
 
@@ -20,10 +24,9 @@ module Contrast
             def instrument
               @_instrument ||= begin
                 ::ActionController::Live::Buffer.class_eval do
-                  # normally pre->in->post filters are applied however, in a streamed response
-                  # we can run into a case where it's pre -> in -> post -> more infilters
-                  # in order to submit anything found during the infilters after the response has
-                  # been written we need to explicitly send them
+                  # normally pre->in->post filters are applied however, in a streamed response we can run into a case
+                  # where it's pre -> in -> post -> more infilters in order to submit anything found during the
+                  # infilters after the response has been written we need to explicitly send them
                   alias_method :cs__close, :close
                   def close
                     Contrast::Framework::Rails::Patch::ActionControllerLiveBuffer.send_messages

data/lib/contrast/framework/rails/patch/support.rb

@@ -38,37 +38,39 @@ module Contrast
                                     instrumenting_module:
                                       'Contrast::Framework::Rails::Patch::RailsApplicationConfiguration')
                               ])
-            if RUBY_VERSION < '2.6.0'
-              patches.merge([
-                              # TODO: RUBY-714 remove w/ EOL of 2.5
-                              #
-                              # @deprecated  Everything past here is used for Rewriting and can
-                              #   be removed once we no longer support 2.5.
-                              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                                  'ActionController::Railties::Helper::ClassMethods',
-                                  'contrast/framework/rails/rewrite/action_controller_railties_helper_inherited',
-                                  method_to_instrument: :inherited,
-                                  instrumenting_module:
-                                    'Contrast::Framework::Rails::Rewrite::ActionControllerRailtiesHelperInherited'),
-                              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                                  'ActiveRecord::AttributeMethods::Read::ClassMethods',
-                                  'contrast/framework/rails/rewrite/active_record_attribute_methods_read',
-                                  instrumenting_module:
-                                    'Contrast::Framework::Rails::Rewrite::ActiveRecordAttributeMethodsRead'),
-                              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                                  'ActiveRecord::Scoping::Named::ClassMethods',
-                                  'contrast/framework/rails/rewrite/active_record_named',
-                                  instrumenting_module: 'Contrast::Framework::Rails::Rewrite::ActiveRecordNamed'),
-                              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                                  'ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods',
-                                  'contrast/framework/rails/rewrite/active_record_time_zone_inherited',
-                                  method_to_instrument: :inherited,
-                                  instrumenting_module:
-                                    'Contrast::Framework::Rails::Rewrite::ActiveRecordTimeZoneInherited')
-                            ])
-            end
+            patches.merge(special_after_load_patches) if RUBY_VERSION < '2.6.0'
             patches
           end
+
+          def special_after_load_patches
+            [
+              # TODO: RUBY-714 remove w/ EOL of 2.5
+              #
+              # @deprecated  Everything past here is used for Rewriting and can
+              #   be removed once we no longer support 2.5.
+              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
+                  'ActionController::Railties::Helper::ClassMethods',
+                  'contrast/framework/rails/rewrite/action_controller_railties_helper_inherited',
+                  method_to_instrument: :inherited,
+                  instrumenting_module:
+                    'Contrast::Framework::Rails::Rewrite::ActionControllerRailtiesHelperInherited'),
+              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
+                  'ActiveRecord::AttributeMethods::Read::ClassMethods',
+                  'contrast/framework/rails/rewrite/active_record_attribute_methods_read',
+                  instrumenting_module:
+                    'Contrast::Framework::Rails::Rewrite::ActiveRecordAttributeMethodsRead'),
+              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
+                  'ActiveRecord::Scoping::Named::ClassMethods',
+                  'contrast/framework/rails/rewrite/active_record_named',
+                  instrumenting_module: 'Contrast::Framework::Rails::Rewrite::ActiveRecordNamed'),
+              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
+                  'ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods',
+                  'contrast/framework/rails/rewrite/active_record_time_zone_inherited',
+                  method_to_instrument: :inherited,
+                  instrumenting_module:
+                    'Contrast::Framework::Rails::Rewrite::ActiveRecordTimeZoneInherited')
+            ]
+          end
         end
       end
     end

data/lib/contrast/framework/rails/railtie.rb

@@ -14,7 +14,7 @@ module Contrast
         initializer 'Contrast Ruby Agent Initializer' do |app|
           log_rails = defined?(Rails) && defined?(Rails.logger)
 
-          Rails.logger.debug("In railtie ::#{ app.middleware.inspect }") if log_rails
+          Rails.logger.debug { "In railtie ::#{ app.middleware.inspect }" } if log_rails
 
           if ::Contrast::APP_CONTEXT.instrument_middleware_stack?
             ::Contrast::AGENT.insert_middleware(app)