contrast-agent 4.13.1 → 4.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. checksums.yaml +4 -4
  2. data/.simplecov +1 -0
  3. data/lib/contrast/agent/assess/policy/policy_node.rb +6 -6
  4. data/lib/contrast/agent/assess/policy/policy_scanner.rb +5 -0
  5. data/lib/contrast/agent/assess/policy/propagator/center.rb +1 -1
  6. data/lib/contrast/agent/assess/policy/propagator/substitution.rb +2 -154
  7. data/lib/contrast/agent/assess/policy/trigger_method.rb +44 -7
  8. data/lib/contrast/agent/assess/policy/trigger_node.rb +14 -6
  9. data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +1 -1
  10. data/lib/contrast/agent/assess/property/tagged.rb +51 -57
  11. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +40 -6
  12. data/lib/contrast/agent/metric_telemetry_event.rb +2 -2
  13. data/lib/contrast/agent/middleware.rb +5 -75
  14. data/lib/contrast/agent/patching/policy/method_policy.rb +3 -89
  15. data/lib/contrast/agent/patching/policy/method_policy_extend.rb +111 -0
  16. data/lib/contrast/agent/patching/policy/patcher.rb +12 -8
  17. data/lib/contrast/agent/reporting/report.rb +21 -0
  18. data/lib/contrast/agent/reporting/reporter.rb +142 -0
  19. data/lib/contrast/agent/reporting/reporting_events/finding.rb +90 -0
  20. data/lib/contrast/agent/reporting/reporting_events/preflight.rb +25 -0
  21. data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +56 -0
  22. data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +37 -0
  23. data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +127 -0
  24. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +168 -0
  25. data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +66 -0
  26. data/lib/contrast/agent/request.rb +2 -81
  27. data/lib/contrast/agent/request_context.rb +4 -128
  28. data/lib/contrast/agent/request_context_extend.rb +138 -0
  29. data/lib/contrast/agent/response.rb +2 -73
  30. data/lib/contrast/agent/startup_metrics_telemetry_event.rb +39 -16
  31. data/lib/contrast/agent/static_analysis.rb +1 -1
  32. data/lib/contrast/agent/telemetry.rb +15 -7
  33. data/lib/contrast/agent/telemetry_event.rb +8 -9
  34. data/lib/contrast/agent/thread_watcher.rb +31 -5
  35. data/lib/contrast/agent/version.rb +1 -1
  36. data/lib/contrast/agent.rb +15 -0
  37. data/lib/contrast/api/communication/connection_status.rb +10 -7
  38. data/lib/contrast/api/communication/messaging_queue.rb +37 -3
  39. data/lib/contrast/api/communication/response_processor.rb +15 -8
  40. data/lib/contrast/api/communication/service_lifecycle.rb +13 -3
  41. data/lib/contrast/api/communication/socket.rb +6 -8
  42. data/lib/contrast/api/communication/socket_client.rb +29 -12
  43. data/lib/contrast/api/communication/speedracer.rb +37 -1
  44. data/lib/contrast/api/communication/tcp_socket.rb +4 -3
  45. data/lib/contrast/api/communication/unix_socket.rb +1 -0
  46. data/lib/contrast/api/decorators/finding.rb +45 -0
  47. data/lib/contrast/components/api.rb +56 -0
  48. data/lib/contrast/components/app_context.rb +10 -65
  49. data/lib/contrast/components/app_context_extend.rb +78 -0
  50. data/lib/contrast/components/base.rb +23 -0
  51. data/lib/contrast/components/config.rb +8 -8
  52. data/lib/contrast/components/contrast_service.rb +5 -0
  53. data/lib/contrast/components/sampling.rb +2 -2
  54. data/lib/contrast/config/agent_configuration.rb +1 -1
  55. data/lib/contrast/config/api_configuration.rb +9 -4
  56. data/lib/contrast/config/api_proxy_configuration.rb +14 -0
  57. data/lib/contrast/config/application_configuration.rb +2 -3
  58. data/lib/contrast/config/assess_configuration.rb +3 -3
  59. data/lib/contrast/config/base_configuration.rb +17 -28
  60. data/lib/contrast/config/certification_configuration.rb +15 -0
  61. data/lib/contrast/config/env_variables.rb +2 -9
  62. data/lib/contrast/config/heap_dump_configuration.rb +6 -6
  63. data/lib/contrast/config/inventory_configuration.rb +1 -5
  64. data/lib/contrast/config/protect_rule_configuration.rb +1 -1
  65. data/lib/contrast/config/request_audit_configuration.rb +18 -0
  66. data/lib/contrast/config/ruby_configuration.rb +6 -6
  67. data/lib/contrast/config/service_configuration.rb +1 -2
  68. data/lib/contrast/config.rb +0 -1
  69. data/lib/contrast/configuration.rb +1 -2
  70. data/lib/contrast/extension/assess/array.rb +5 -7
  71. data/lib/contrast/framework/manager.rb +8 -32
  72. data/lib/contrast/framework/manager_extend.rb +50 -0
  73. data/lib/contrast/framework/rails/railtie.rb +1 -1
  74. data/lib/contrast/framework/sinatra/support.rb +2 -1
  75. data/lib/contrast/logger/log.rb +8 -103
  76. data/lib/contrast/utils/assess/property/tagged_utils.rb +23 -0
  77. data/lib/contrast/utils/assess/tracking_util.rb +20 -15
  78. data/lib/contrast/utils/assess/trigger_method_utils.rb +1 -1
  79. data/lib/contrast/utils/class_util.rb +18 -14
  80. data/lib/contrast/utils/findings.rb +62 -0
  81. data/lib/contrast/utils/hash_digest.rb +10 -73
  82. data/lib/contrast/utils/hash_digest_extend.rb +86 -0
  83. data/lib/contrast/utils/head_dump_utils_extend.rb +74 -0
  84. data/lib/contrast/utils/heap_dump_util.rb +2 -65
  85. data/lib/contrast/utils/invalid_configuration_util.rb +29 -0
  86. data/lib/contrast/utils/io_util.rb +1 -1
  87. data/lib/contrast/utils/log_utils.rb +108 -0
  88. data/lib/contrast/utils/middleware_utils.rb +87 -0
  89. data/lib/contrast/utils/net_http_base.rb +158 -0
  90. data/lib/contrast/utils/object_share.rb +1 -0
  91. data/lib/contrast/utils/request_utils.rb +88 -0
  92. data/lib/contrast/utils/response_utils.rb +97 -0
  93. data/lib/contrast/utils/substitution_utils.rb +167 -0
  94. data/lib/contrast/utils/tag_util.rb +9 -9
  95. data/lib/contrast/utils/telemetry.rb +4 -2
  96. data/lib/contrast/utils/telemetry_client.rb +90 -0
  97. data/lib/contrast/utils/telemetry_identifier.rb +17 -24
  98. data/ruby-agent.gemspec +5 -5
  99. metadata +48 -23
  100. data/lib/contrast/config/default_value.rb +0 -17
  101. data/lib/contrast/utils/requests_client.rb +0 -150
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: contrast-agent
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.13.1
4
+ version: 4.14.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
13
13
  autorequire:
14
14
  bindir: exe
15
15
  cert_chain: []
16
- date: 2021-11-19 00:00:00.000000000 Z
16
+ date: 2021-12-07 00:00:00.000000000 Z
17
17
  dependencies:
18
18
  - !ruby/object:Gem::Dependency
19
19
  name: bundler
@@ -147,70 +147,70 @@ dependencies:
147
147
  requirements:
148
148
  - - '='
149
149
  - !ruby/object:Gem::Version
150
- version: 1.13.0
150
+ version: 1.22.3
151
151
  type: :development
152
152
  prerelease: false
153
153
  version_requirements: !ruby/object:Gem::Requirement
154
154
  requirements:
155
155
  - - '='
156
156
  - !ruby/object:Gem::Version
157
- version: 1.13.0
157
+ version: 1.22.3
158
158
  - !ruby/object:Gem::Dependency
159
159
  name: rubocop-performance
160
160
  requirement: !ruby/object:Gem::Requirement
161
161
  requirements:
162
162
  - - '='
163
163
  - !ruby/object:Gem::Version
164
- version: 1.11.0
164
+ version: 1.12.0
165
165
  type: :development
166
166
  prerelease: false
167
167
  version_requirements: !ruby/object:Gem::Requirement
168
168
  requirements:
169
169
  - - '='
170
170
  - !ruby/object:Gem::Version
171
- version: 1.11.0
171
+ version: 1.12.0
172
172
  - !ruby/object:Gem::Dependency
173
173
  name: rubocop-rails
174
174
  requirement: !ruby/object:Gem::Requirement
175
175
  requirements:
176
176
  - - '='
177
177
  - !ruby/object:Gem::Version
178
- version: 2.9.1
178
+ version: 2.12.4
179
179
  type: :development
180
180
  prerelease: false
181
181
  version_requirements: !ruby/object:Gem::Requirement
182
182
  requirements:
183
183
  - - '='
184
184
  - !ruby/object:Gem::Version
185
- version: 2.9.1
185
+ version: 2.12.4
186
186
  - !ruby/object:Gem::Dependency
187
187
  name: rubocop-rake
188
188
  requirement: !ruby/object:Gem::Requirement
189
189
  requirements:
190
190
  - - '='
191
191
  - !ruby/object:Gem::Version
192
- version: 0.5.1
192
+ version: 0.6.0
193
193
  type: :development
194
194
  prerelease: false
195
195
  version_requirements: !ruby/object:Gem::Requirement
196
196
  requirements:
197
197
  - - '='
198
198
  - !ruby/object:Gem::Version
199
- version: 0.5.1
199
+ version: 0.6.0
200
200
  - !ruby/object:Gem::Dependency
201
201
  name: rubocop-rspec
202
202
  requirement: !ruby/object:Gem::Requirement
203
203
  requirements:
204
204
  - - '='
205
205
  - !ruby/object:Gem::Version
206
- version: 2.2.0
206
+ version: 2.6.0
207
207
  type: :development
208
208
  prerelease: false
209
209
  version_requirements: !ruby/object:Gem::Requirement
210
210
  requirements:
211
211
  - - '='
212
212
  - !ruby/object:Gem::Version
213
- version: 2.2.0
213
+ version: 2.6.0
214
214
  - !ruby/object:Gem::Dependency
215
215
  name: simplecov
216
216
  requirement: !ruby/object:Gem::Requirement
@@ -617,20 +617,20 @@ executables:
617
617
  - contrast_service
618
618
  extensions:
619
619
  - ext/cs__common/extconf.rb
620
- - ext/cs__assess_fiber_track/extconf.rb
621
- - ext/cs__os_information/extconf.rb
620
+ - ext/cs__assess_basic_object/extconf.rb
621
+ - ext/cs__assess_string/extconf.rb
622
+ - ext/cs__assess_hash/extconf.rb
623
+ - ext/cs__assess_module/extconf.rb
624
+ - ext/cs__assess_kernel/extconf.rb
622
625
  - ext/cs__assess_array/extconf.rb
623
626
  - ext/cs__contrast_patch/extconf.rb
624
- - ext/cs__assess_kernel/extconf.rb
625
- - ext/cs__assess_regexp/extconf.rb
627
+ - ext/cs__os_information/extconf.rb
626
628
  - ext/cs__assess_marshal_module/extconf.rb
627
- - ext/cs__assess_module/extconf.rb
628
- - ext/cs__assess_hash/extconf.rb
629
+ - ext/cs__assess_fiber_track/extconf.rb
630
+ - ext/cs__assess_string_interpolation26/extconf.rb
629
631
  - ext/cs__assess_active_record_named/extconf.rb
632
+ - ext/cs__assess_regexp/extconf.rb
630
633
  - ext/cs__assess_yield_track/extconf.rb
631
- - ext/cs__assess_string/extconf.rb
632
- - ext/cs__assess_basic_object/extconf.rb
633
- - ext/cs__assess_string_interpolation26/extconf.rb
634
634
  extra_rdoc_files: []
635
635
  files:
636
636
  - ".clang-format"
@@ -904,6 +904,7 @@ files:
904
904
  - lib/contrast/agent/patching/policy/after_load_patch.rb
905
905
  - lib/contrast/agent/patching/policy/after_load_patcher.rb
906
906
  - lib/contrast/agent/patching/policy/method_policy.rb
907
+ - lib/contrast/agent/patching/policy/method_policy_extend.rb
907
908
  - lib/contrast/agent/patching/policy/module_policy.rb
908
909
  - lib/contrast/agent/patching/policy/patch.rb
909
910
  - lib/contrast/agent/patching/policy/patch_status.rb
@@ -941,8 +942,18 @@ files:
941
942
  - lib/contrast/agent/protect/rule/xxe.rb
942
943
  - lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb
943
944
  - lib/contrast/agent/reaction_processor.rb
945
+ - lib/contrast/agent/reporting/report.rb
946
+ - lib/contrast/agent/reporting/reporter.rb
947
+ - lib/contrast/agent/reporting/reporting_events/finding.rb
948
+ - lib/contrast/agent/reporting/reporting_events/preflight.rb
949
+ - lib/contrast/agent/reporting/reporting_events/preflight_message.rb
950
+ - lib/contrast/agent/reporting/reporting_events/reporting_event.rb
951
+ - lib/contrast/agent/reporting/reporting_utilities/audit.rb
952
+ - lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb
953
+ - lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb
944
954
  - lib/contrast/agent/request.rb
945
955
  - lib/contrast/agent/request_context.rb
956
+ - lib/contrast/agent/request_context_extend.rb
946
957
  - lib/contrast/agent/request_handler.rb
947
958
  - lib/contrast/agent/response.rb
948
959
  - lib/contrast/agent/rewriter.rb
@@ -976,6 +987,7 @@ files:
976
987
  - lib/contrast/api/decorators/application_settings.rb
977
988
  - lib/contrast/api/decorators/application_startup.rb
978
989
  - lib/contrast/api/decorators/application_update.rb
990
+ - lib/contrast/api/decorators/finding.rb
979
991
  - lib/contrast/api/decorators/http_request.rb
980
992
  - lib/contrast/api/decorators/input_analysis.rb
981
993
  - lib/contrast/api/decorators/instrumentation_mode.rb
@@ -996,6 +1008,7 @@ files:
996
1008
  - lib/contrast/components/agent.rb
997
1009
  - lib/contrast/components/api.rb
998
1010
  - lib/contrast/components/app_context.rb
1011
+ - lib/contrast/components/app_context_extend.rb
999
1012
  - lib/contrast/components/assess.rb
1000
1013
  - lib/contrast/components/base.rb
1001
1014
  - lib/contrast/components/config.rb
@@ -1010,11 +1023,12 @@ files:
1010
1023
  - lib/contrast/config.rb
1011
1024
  - lib/contrast/config/agent_configuration.rb
1012
1025
  - lib/contrast/config/api_configuration.rb
1026
+ - lib/contrast/config/api_proxy_configuration.rb
1013
1027
  - lib/contrast/config/application_configuration.rb
1014
1028
  - lib/contrast/config/assess_configuration.rb
1015
1029
  - lib/contrast/config/assess_rules_configuration.rb
1016
1030
  - lib/contrast/config/base_configuration.rb
1017
- - lib/contrast/config/default_value.rb
1031
+ - lib/contrast/config/certification_configuration.rb
1018
1032
  - lib/contrast/config/env_variables.rb
1019
1033
  - lib/contrast/config/exception_configuration.rb
1020
1034
  - lib/contrast/config/heap_dump_configuration.rb
@@ -1023,6 +1037,7 @@ files:
1023
1037
  - lib/contrast/config/protect_configuration.rb
1024
1038
  - lib/contrast/config/protect_rule_configuration.rb
1025
1039
  - lib/contrast/config/protect_rules_configuration.rb
1040
+ - lib/contrast/config/request_audit_configuration.rb
1026
1041
  - lib/contrast/config/root_configuration.rb
1027
1042
  - lib/contrast/config/ruby_configuration.rb
1028
1043
  - lib/contrast/config/sampling_configuration.rb
@@ -1051,6 +1066,7 @@ files:
1051
1066
  - lib/contrast/framework/base_support.rb
1052
1067
  - lib/contrast/framework/grape/support.rb
1053
1068
  - lib/contrast/framework/manager.rb
1069
+ - lib/contrast/framework/manager_extend.rb
1054
1070
  - lib/contrast/framework/platform_version.rb
1055
1071
  - lib/contrast/framework/rack/patch/session_cookie.rb
1056
1072
  - lib/contrast/framework/rack/patch/support.rb
@@ -1085,26 +1101,35 @@ files:
1085
1101
  - lib/contrast/utils/duck_utils.rb
1086
1102
  - lib/contrast/utils/env_configuration_item.rb
1087
1103
  - lib/contrast/utils/exclude_key.rb
1104
+ - lib/contrast/utils/findings.rb
1088
1105
  - lib/contrast/utils/hash_digest.rb
1106
+ - lib/contrast/utils/hash_digest_extend.rb
1107
+ - lib/contrast/utils/head_dump_utils_extend.rb
1089
1108
  - lib/contrast/utils/heap_dump_util.rb
1090
1109
  - lib/contrast/utils/invalid_configuration_util.rb
1091
1110
  - lib/contrast/utils/io_util.rb
1092
1111
  - lib/contrast/utils/job_servers_running.rb
1112
+ - lib/contrast/utils/log_utils.rb
1093
1113
  - lib/contrast/utils/lru_cache.rb
1094
1114
  - lib/contrast/utils/metrics_hash.rb
1115
+ - lib/contrast/utils/middleware_utils.rb
1116
+ - lib/contrast/utils/net_http_base.rb
1095
1117
  - lib/contrast/utils/object_share.rb
1096
1118
  - lib/contrast/utils/os.rb
1097
1119
  - lib/contrast/utils/patching/policy/patch_utils.rb
1098
1120
  - lib/contrast/utils/patching/policy/patcher_utils.rb
1099
1121
  - lib/contrast/utils/preflight_util.rb
1100
- - lib/contrast/utils/requests_client.rb
1122
+ - lib/contrast/utils/request_utils.rb
1101
1123
  - lib/contrast/utils/resource_loader.rb
1124
+ - lib/contrast/utils/response_utils.rb
1102
1125
  - lib/contrast/utils/ruby_ast_rewriter.rb
1103
1126
  - lib/contrast/utils/sha256_builder.rb
1104
1127
  - lib/contrast/utils/stack_trace_utils.rb
1105
1128
  - lib/contrast/utils/string_utils.rb
1129
+ - lib/contrast/utils/substitution_utils.rb
1106
1130
  - lib/contrast/utils/tag_util.rb
1107
1131
  - lib/contrast/utils/telemetry.rb
1132
+ - lib/contrast/utils/telemetry_client.rb
1108
1133
  - lib/contrast/utils/telemetry_identifier.rb
1109
1134
  - lib/contrast/utils/thread_tracker.rb
1110
1135
  - lib/contrast/utils/timer.rb
@@ -1,17 +0,0 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
- # frozen_string_literal: true
3
-
4
- module Contrast
5
- module Config
6
- # This is the wrapper for the default values in the configurations, used to
7
- # differentiate between nil or false defaults and things being set
8
- # explicitly to false.
9
- class DefaultValue
10
- attr_reader :value
11
-
12
- def initialize value
13
- @value = value
14
- end
15
- end
16
- end
17
- end
@@ -1,150 +0,0 @@
1
- # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
- # frozen_string_literal: true
3
-
4
- require 'net/http'
5
- require 'contrast/components/logger'
6
- require 'contrast/utils/object_share'
7
- require 'contrast/agent/version'
8
- require 'socket'
9
-
10
- module Contrast
11
- module Utils
12
- # This module creates a Net::HTTP client and initiates a connection to the provided result
13
- module RequestsClient
14
- ENDPOINT = 'api/v1/telemetry/metrics' # /TelemetryEvent.path
15
-
16
- class << self
17
- include Contrast::Components::Logger::InstanceMethods
18
- # This method initializes the Net::HTTP client we'll need
19
- # @param url [String]
20
- # @return [Net::HTTP, nil]
21
- def initialize_connection url
22
- addr = URI(url)
23
- return if addr.host.nil? || addr.port.nil?
24
- return if addr.scheme != 'https'
25
-
26
- @_net_http_client = Net::HTTP.new(addr.host, addr.port)
27
- @_net_http_client.open_timeout = 5
28
- @_net_http_client.read_timeout = 5
29
- @_net_http_client.use_ssl = true
30
- @_net_http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
31
- @_net_http_client.verify_depth = 5
32
- @_net_http_client.start
33
- return unless @_net_http_client.started?
34
-
35
- logger.warn('Starting Telemetry connection test')
36
- return unless connection_verified? @_net_http_client
37
-
38
- @_net_http_client
39
- rescue Net::OpenTimeout, Net::ReadTimeout => e
40
- logger.warn('Telemetry connection failed', e.message)
41
- nil
42
- end
43
-
44
- # This method will be responsible for building the request
45
- # @param event[Contrast::Agent::TelemetryEvent,Contrast::Agent::StartupMetricsTelemetryEvent]
46
- # @return [Net::HTTP::Post]
47
- def build_request event
48
- return unless valid_event? event
49
-
50
- string_body = event.to_json.to_s
51
- header = { 'User-Agent' => "<#{ Contrast::Utils::ObjectShare::RUBY }>-<#{ Contrast::Agent::VERSION }>" }
52
- path = ENDPOINT + event.path
53
- @_request = Net::HTTP::Post.new(path, header)
54
- @_request.body = string_body
55
- @_request
56
- end
57
-
58
- # This method will create the actual request and send it
59
- # @param event[Contrast::Agent::TelemetryEvent]
60
- # @param connection[Net::HTTP]
61
- def send_request event, connection
62
- return if connection.nil? || event.nil?
63
- return unless valid_event? event
64
-
65
- req = build_request event
66
- connection.request req
67
- end
68
-
69
- # This method will handle the response from the tenant
70
- # @param res [Net::HTTPResponse]
71
- # @return sleep_time [Integer, nil]
72
- def handle_response res
73
- status_code = res.code.to_i
74
- ready_after = if res.to_hash.keys.map(&:downcase).include?('ready-after')
75
- res['Ready-After']
76
- else
77
- 60
78
- end
79
- ready_after if status_code == 429
80
- end
81
-
82
- # This method will be responsible for validating the event
83
- # @param event[Contrast::Agent::TelemetryEvent,Contrast::Agent::StartupMetricsTelemetryEvent]
84
- def valid_event? event
85
- return false unless event.cs__is_a?(Contrast::Agent::TelemetryEvent)
86
- return false unless event.cs__is_a?(Contrast::Agent::StartupMetricsTelemetryEvent)
87
-
88
- true
89
- end
90
-
91
- # Validates connection with Telemetry assigned domain.
92
- # If connection is running, SSL certificate of the endpoint is valid, Ip address is resolvable
93
- # and response is received without peer's reset or refuse of connection,
94
- # then validation returns true. Error handling is in place so that the work of the agent will continue as
95
- # normal without Telemetry.
96
- #
97
- # @param client [Net::HTTP]
98
- # @return [Boolean] true | false
99
- def connection_verified? client
100
- return @_connection_verified unless @_connection_verified.nil?
101
-
102
- # Before RUBY 2.7 there is no #ipaddr
103
- ipaddr = if RUBY_VERSION < '2.7.0'
104
- socket = TCPSocket.open(client.address, client.port)
105
- ipaddr = socket.peeraddr[3]
106
- socket.close
107
- ipaddr
108
- else
109
- client.ipaddr
110
- end
111
- response = client.request(Net::HTTP::Get.new(client.address))
112
- verify_cert = OpenSSL::SSL.verify_certificate_identity(client.peer_cert, client.address)
113
- resolved = resolved? client.address, ipaddr
114
- @_connection_verified = if resolved && response && verify_cert
115
- true
116
- else
117
- false
118
- end
119
- rescue OpenSSL::SSL::SSLError, Resolv::ResolvError, Errno::ECONNRESET, Errno::ECONNREFUSED,
120
- Errno::ETIMEDOUT, Errno::ESHUTDOWN, Errno::EHOSTDOWN, Errno::EHOSTUNREACH, Errno::EISCONN,
121
- Errno::ECONNABORTED, Errno::ENETRESET, Errno::ENETUNREACH => e
122
-
123
- logger.warn('Telemetry connection failed', e.message)
124
- false
125
- end
126
-
127
- private
128
-
129
- # Resolves the address of the assigned telemetry domain to array of corresponding IPs (if more than one)
130
- # and runs a matcher to see if current connection IP is in the list.
131
- # This is called within #verify_connection, if called on it's own there will be no
132
- # error handling.
133
- #
134
- # @param address [String] Human friendly address of assigned telemetry domain
135
- # @param ipaddr [String] Machine friendly IP address of the assigned telemetry domain
136
- # @return[Boolean] true if both addresses are resolved | false if one of the addresses
137
- # is non-resolvable
138
- def resolved? address, ipaddr
139
- return @_resolved unless @_resolved.nil?
140
-
141
- @_resolved = if (addresses = Resolv.getaddresses address)
142
- addresses.any? { |addr| addr.include?(ipaddr) }
143
- else
144
- false
145
- end
146
- end
147
- end
148
- end
149
- end
150
- end