RubyGems - contrast-agent - Versions diffs - 4.13.1 → 4.14.0 - Mend

contrast-agent 4.13.1 → 4.14.0

Files changed (101) hide show

checksums.yaml +4 -4
data/.simplecov +1 -0
data/lib/contrast/agent/assess/policy/policy_node.rb +6 -6
data/lib/contrast/agent/assess/policy/policy_scanner.rb +5 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +2 -154
data/lib/contrast/agent/assess/policy/trigger_method.rb +44 -7
data/lib/contrast/agent/assess/policy/trigger_node.rb +14 -6
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +1 -1
data/lib/contrast/agent/assess/property/tagged.rb +51 -57
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +40 -6
data/lib/contrast/agent/metric_telemetry_event.rb +2 -2
data/lib/contrast/agent/middleware.rb +5 -75
data/lib/contrast/agent/patching/policy/method_policy.rb +3 -89
data/lib/contrast/agent/patching/policy/method_policy_extend.rb +111 -0
data/lib/contrast/agent/patching/policy/patcher.rb +12 -8
data/lib/contrast/agent/reporting/report.rb +21 -0
data/lib/contrast/agent/reporting/reporter.rb +142 -0
data/lib/contrast/agent/reporting/reporting_events/finding.rb +90 -0
data/lib/contrast/agent/reporting/reporting_events/preflight.rb +25 -0
data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +56 -0
data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +37 -0
data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +127 -0
data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +168 -0
data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +66 -0
data/lib/contrast/agent/request.rb +2 -81
data/lib/contrast/agent/request_context.rb +4 -128
data/lib/contrast/agent/request_context_extend.rb +138 -0
data/lib/contrast/agent/response.rb +2 -73
data/lib/contrast/agent/startup_metrics_telemetry_event.rb +39 -16
data/lib/contrast/agent/static_analysis.rb +1 -1
data/lib/contrast/agent/telemetry.rb +15 -7
data/lib/contrast/agent/telemetry_event.rb +8 -9
data/lib/contrast/agent/thread_watcher.rb +31 -5
data/lib/contrast/agent/version.rb +1 -1
data/lib/contrast/agent.rb +15 -0
data/lib/contrast/api/communication/connection_status.rb +10 -7
data/lib/contrast/api/communication/messaging_queue.rb +37 -3
data/lib/contrast/api/communication/response_processor.rb +15 -8
data/lib/contrast/api/communication/service_lifecycle.rb +13 -3
data/lib/contrast/api/communication/socket.rb +6 -8
data/lib/contrast/api/communication/socket_client.rb +29 -12
data/lib/contrast/api/communication/speedracer.rb +37 -1
data/lib/contrast/api/communication/tcp_socket.rb +4 -3
data/lib/contrast/api/communication/unix_socket.rb +1 -0
data/lib/contrast/api/decorators/finding.rb +45 -0
data/lib/contrast/components/api.rb +56 -0
data/lib/contrast/components/app_context.rb +10 -65
data/lib/contrast/components/app_context_extend.rb +78 -0
data/lib/contrast/components/base.rb +23 -0
data/lib/contrast/components/config.rb +8 -8
data/lib/contrast/components/contrast_service.rb +5 -0
data/lib/contrast/components/sampling.rb +2 -2
data/lib/contrast/config/agent_configuration.rb +1 -1
data/lib/contrast/config/api_configuration.rb +9 -4
data/lib/contrast/config/api_proxy_configuration.rb +14 -0
data/lib/contrast/config/application_configuration.rb +2 -3
data/lib/contrast/config/assess_configuration.rb +3 -3
data/lib/contrast/config/base_configuration.rb +17 -28
data/lib/contrast/config/certification_configuration.rb +15 -0
data/lib/contrast/config/env_variables.rb +2 -9
data/lib/contrast/config/heap_dump_configuration.rb +6 -6
data/lib/contrast/config/inventory_configuration.rb +1 -5
data/lib/contrast/config/protect_rule_configuration.rb +1 -1
data/lib/contrast/config/request_audit_configuration.rb +18 -0
data/lib/contrast/config/ruby_configuration.rb +6 -6
data/lib/contrast/config/service_configuration.rb +1 -2
data/lib/contrast/config.rb +0 -1
data/lib/contrast/configuration.rb +1 -2
data/lib/contrast/extension/assess/array.rb +5 -7
data/lib/contrast/framework/manager.rb +8 -32
data/lib/contrast/framework/manager_extend.rb +50 -0
data/lib/contrast/framework/rails/railtie.rb +1 -1
data/lib/contrast/framework/sinatra/support.rb +2 -1
data/lib/contrast/logger/log.rb +8 -103
data/lib/contrast/utils/assess/property/tagged_utils.rb +23 -0
data/lib/contrast/utils/assess/tracking_util.rb +20 -15
data/lib/contrast/utils/assess/trigger_method_utils.rb +1 -1
data/lib/contrast/utils/class_util.rb +18 -14
data/lib/contrast/utils/findings.rb +62 -0
data/lib/contrast/utils/hash_digest.rb +10 -73
data/lib/contrast/utils/hash_digest_extend.rb +86 -0
data/lib/contrast/utils/head_dump_utils_extend.rb +74 -0
data/lib/contrast/utils/heap_dump_util.rb +2 -65
data/lib/contrast/utils/invalid_configuration_util.rb +29 -0
data/lib/contrast/utils/io_util.rb +1 -1
data/lib/contrast/utils/log_utils.rb +108 -0
data/lib/contrast/utils/middleware_utils.rb +87 -0
data/lib/contrast/utils/net_http_base.rb +158 -0
data/lib/contrast/utils/object_share.rb +1 -0
data/lib/contrast/utils/request_utils.rb +88 -0
data/lib/contrast/utils/response_utils.rb +97 -0
data/lib/contrast/utils/substitution_utils.rb +167 -0
data/lib/contrast/utils/tag_util.rb +9 -9
data/lib/contrast/utils/telemetry.rb +4 -2
data/lib/contrast/utils/telemetry_client.rb +90 -0
data/lib/contrast/utils/telemetry_identifier.rb +17 -24
data/ruby-agent.gemspec +5 -5
metadata +48 -23
data/lib/contrast/config/default_value.rb +0 -17
data/lib/contrast/utils/requests_client.rb +0 -150

data/lib/contrast/agent/middleware.rb CHANGED Viewed

@@ -14,6 +14,7 @@ require 'contrast/utils/telemetry'
 require 'contrast/agent/request_handler'
 require 'contrast/agent/static_analysis'
 require 'contrast/agent/startup_metrics_telemetry_event'
+require 'contrast/utils/middleware_utils'
 require 'contrast/utils/timer'
@@ -25,6 +26,7 @@ module Contrast
     class Middleware
       include Contrast::Components::Logger::InstanceMethods
       include Contrast::Components::Scope::InstanceMethods
+      include Contrast::Utils::MiddlewareUtils
       attr_reader :app
@@ -66,22 +68,6 @@ module Contrast
       private
-      def setup_agent
-        ::Contrast::SETTINGS.reset_state
-        inform_deprecations
-        telemetry_disclaimer
-        if ::Contrast::CONFIG.invalid?
-          ::Contrast::AGENT.disable!
-          logger.error('!!! CONFIG FILE IS INVALID - DISABLING CONTRAST AGENT !!!')
-        elsif ::Contrast::AGENT.disabled?
-          logger.warn('Contrast disabled by configuration. Continuing without instrumentation.')
-        else
-          ::Contrast::AGENT.enable!
-        end
-      end
       # Startup the Agent as part of the initialization process:
       # - start the service sending thread, responsible for sending and processing messages
       # - start the heartbeat thread, which triggers service startup
@@ -175,6 +161,9 @@ module Contrast
         with_contrast_scope do
           context.extract_after(response) # update context with final response information
+          # Build and report all collected findings prior response
+          Contrast::Agent::FINDINGS.report_collected_findings unless Contrast::Agent::FINDINGS.collection.empty?
           if Contrast::Agent.framework_manager.streaming?(env)
             context.reset_activity
             request_handler.stream_safe_postfilter
@@ -188,65 +177,6 @@ module Contrast
         logger.error('Unable to execute agent post_call', e)
       end
-      def application_code env
-        logger.trace_with_time('application') do
-          app.call(env)
-        end
-      rescue Contrast::SecurityException => e
-        logger.trace('Security Exception raised during application lifecycle to prevent an attack', e)
-        raise e
-      end
-      SECURITY_EXCEPTION_MARKER = 'Contrast::SecurityException'
-      # We're only going to suppress SecurityExceptions indicating a blocked attack. And, only if the
-      # config.agent.ruby.exceptions.capture? is set
-      def handle_exception exception
-        if security_exception?(exception)
-          exception_control = ::Contrast::AGENT.exception_control
-          raise exception unless exception_control[:enable]
-          [exception_control[:status], {}, [exception_control[:message]]]
-        else
-          logger.debug('Re-throwing original error', exception)
-          raise exception
-        end
-      end
-      # Is the given exception one raised by our Protect code?
-      #
-      # @param exception [Exception]
-      # @return [Boolean]
-      def security_exception? exception
-        exception.is_a?(Contrast::SecurityException) || exception.message&.include?(SECURITY_EXCEPTION_MARKER)
-      end
-      # As we deprecate support to prepare to remove dead code, we need to inform our users still relying on the now
-      # deprecated and soon to be removed functionality. This method handles doing that by leveraging the standard
-      # Kernel#warn approach
-      def inform_deprecations
-        # Ruby 2.5 is currently in security maintenance, meaning int is only receiving updates for security issues. It
-        # will move to eol on 31 March 2021. As such, we can remove support for it in Q3. We'll begin the deprecation
-        # warnings now so that customers have time to reach out if they'll be impacted.
-        # TODO: RUBY-715 remove this part of the method, leaving it empty if there are no other deprecations, when we
-        #   drop 2.5 support.
-        return unless RUBY_VERSION < '2.6.0'
-        Kernel.warn('[Contrast Security] [DEPRECATION] Support for Ruby 2.5 will be removed in April 2021. '\
-                    'Please contact Customer Support prior if you require continued support.')
-      end
-      # Displays Telemetry disclaimer if Telemetry is enabled.
-      # if .telemetry file doesn't exist we create one and then show the disclaimer.
-      # if the file already exists we do nothing.
-      def telemetry_disclaimer
-        return unless Contrast::Agent::Telemetry.enabled?
-        return unless Contrast::Utils::Telemetry.create_telemetry_file
-        logger.info Contrast::Utils::Telemetry.disclaimer
-        $stdout.print Contrast::Utils::Telemetry.disclaimer
-        true
-      end
     end
   end
 end

data/lib/contrast/agent/patching/policy/method_policy.rb CHANGED Viewed

@@ -1,12 +1,15 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+require 'contrast/agent/patching/policy/method_policy_extend'
 module Contrast
   module Agent
     module Patching
       module Policy
         # This class is used to map each method to the trigger node that applies to it
         class MethodPolicy
+          extend Contrast::Agent::Patching::Policy::MethodPolicyExtend
           attr_reader   :deadzone_node, :inventory_node, :propagation_node, :protect_node, :trigger_node
           attr_accessor :source_node, :method_name, :method_visibility, :instance_method
@@ -60,95 +63,6 @@ module Contrast
             # defined by #nodes.
             @_method_scopes ||= nodes.flat_map(&:method_scope).tap(&:compact!).tap(&:uniq!)
           end
-          class << self
-            # Given a Contrast::Agent::Patching::Policy::ModulePolicy, parse
-            # out its information for the given method in order to construct a
-            # Contrast::Agent::Patching::Policy::MethodPolicy
-            #
-            # @param method_name [Symbol] the name of the method for this policy
-            # @param module_policy [Contrast::Agent::Patching::Policy::ModulePolicy]
-            #   the entire policy for this module
-            # @param instance_method [Boolean] true if this method is an
-            #   instance method
-            # @return [Contrast::Agent::Patching::Policy::MethodPolicy]
-            def build_method_policy method_name, module_policy, instance_method
-              source_node =      find_method_node(module_policy.source_nodes, method_name, instance_method)
-              propagation_node = find_method_node(module_policy.propagator_nodes, method_name, instance_method)
-              trigger_node =     find_method_node(module_policy.trigger_nodes, method_name, instance_method)
-              protect_node =     find_method_node(module_policy.protect_nodes, method_name, instance_method)
-              inventory_node =   find_method_node(module_policy.inventory_nodes, method_name, instance_method)
-              deadzone_node =    find_method_node(module_policy.deadzone_nodes, method_name, instance_method)
-              method_visibility = find_visibility(source_node, propagation_node, trigger_node, protect_node,
-                                                  inventory_node, deadzone_node)
-              method_policy = MethodPolicy.new(method_name: method_name,
-                                               method_visibility: method_visibility,
-                                               instance_method: instance_method,
-                                               source_node: source_node,
-                                               propagation_node: propagation_node,
-                                               trigger_node: trigger_node,
-                                               protect_node: protect_node,
-                                               inventory_node: inventory_node,
-                                               deadzone_node: deadzone_node)
-              return method_policy unless check_method_policy_nodes_empty? source_node, propagation_node, trigger_node,
-                                                                           protect_node, inventory_node, deadzone_node
-              create_new_node(module_policy, method_policy) if module_policy.deadzone_nodes&.any?
-              method_policy
-            end
-            def find_method_node nodes, method_name, is_instance_method
-              return unless nodes
-              nodes.find do |node|
-                node.instance_method? == is_instance_method && node.method_name == method_name
-              end
-            end
-            def find_visibility *nodes
-              nodes.find { |node| node }&.method_visibility
-            end
-            def check_method_policy_nodes_empty?(source_node, propagation_node, trigger_node, protect_node,
-                                                 inventory_node, deadzone_node)
-              return false unless source_node.nil? && propagation_node.nil? && trigger_node.nil? && protect_node.nil? &&
-                  inventory_node.nil? && deadzone_node.nil?
-              true
-            end
-            private
-            def create_new_node module_policy, method_policy
-              return if module_policy.deadzone_nodes.empty?
-              module_policy.deadzone_nodes.map do |node|
-                next unless node.method_name.nil?
-                klass = Module.cs__const_get(node.class_name)
-                next unless it_defined? klass, method_policy.method_name
-                new_node = {}
-                new_node['instance_method'] = method_policy.instance_method
-                new_node['method_visibility'] =
-                  klass.private_method_defined?(method_policy.method_name) ? 'private' : 'public'
-                new_node['method_name'] = method_policy.method_name
-                new_node['class_name'] = node.class_name
-                new_node = Contrast::Agent::Deadzone::Policy::DeadzoneNode.new(new_node)
-                method_policy.instance_variable_set(:@method_visibility, new_node.method_visibility)
-                method_policy.instance_variable_set(:@deadzone_node, new_node)
-                module_policy.deadzone_nodes << new_node
-                break unless method_policy.deadzone_node.nil?
-              end
-            end
-            def it_defined? klass, method_name
-              klass.instance_methods(false).include?(method_name) ||
-                  klass.private_instance_methods(false).include?(method_name) ||
-                  klass.singleton_methods(false).include?(method_name)
-            end
-          end
         end
       end
     end

data/lib/contrast/agent/patching/policy/method_policy_extend.rb ADDED Viewed

@@ -0,0 +1,111 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+module Contrast
+  module Agent
+    module Patching
+      module Policy
+        # This class is used to map each method to the trigger node that applies to it
+        module MethodPolicyExtend
+          # Given a Contrast::Agent::Patching::Policy::ModulePolicy, parse
+          # out its information for the given method in order to construct a
+          # Contrast::Agent::Patching::Policy::MethodPolicy
+          #
+          # @param method_name [Symbol] the name of the method for this policy
+          # @param module_policy [Contrast::Agent::Patching::Policy::ModulePolicy]
+          #   the entire policy for this module
+          # @param instance_method [Boolean] true if this method is an
+          #   instance method
+          # @return [Contrast::Agent::Patching::Policy::MethodPolicy]
+          def build_method_policy method_name, module_policy, instance_method
+            source_node =      find_method_node(module_policy.source_nodes, method_name, instance_method)
+            propagation_node = find_method_node(module_policy.propagator_nodes, method_name, instance_method)
+            trigger_node =     find_method_node(module_policy.trigger_nodes, method_name, instance_method)
+            protect_node =     find_method_node(module_policy.protect_nodes, method_name, instance_method)
+            inventory_node =   find_method_node(module_policy.inventory_nodes, method_name, instance_method)
+            deadzone_node =    find_method_node(module_policy.deadzone_nodes, method_name, instance_method)
+            method_visibility = find_visibility(source_node, propagation_node, trigger_node, protect_node,
+                                                inventory_node, deadzone_node)
+            method_policy = MethodPolicy.new(method_name: method_name,
+                                             method_visibility: method_visibility,
+                                             instance_method: instance_method,
+                                             source_node: source_node,
+                                             propagation_node: propagation_node,
+                                             trigger_node: trigger_node,
+                                             protect_node: protect_node,
+                                             inventory_node: inventory_node,
+                                             deadzone_node: deadzone_node)
+            return method_policy unless check_method_policy_nodes_empty? source_node, propagation_node, trigger_node,
+                                                                         protect_node, inventory_node, deadzone_node
+            create_new_node(module_policy, method_policy) if module_policy.deadzone_nodes&.any?
+            method_policy
+          end
+          def find_method_node nodes, method_name, is_instance_method
+            return unless nodes
+            nodes.find do |node|
+              node.instance_method? == is_instance_method && node.method_name == method_name
+            end
+          end
+          def find_visibility *nodes
+            nodes.find { |node| node }&.method_visibility
+          end
+          def check_method_policy_nodes_empty?(source_node, propagation_node, trigger_node, protect_node,
+                                               inventory_node, deadzone_node)
+            return false unless source_node.nil? && propagation_node.nil? && trigger_node.nil? && protect_node.nil? &&
+                inventory_node.nil? && deadzone_node.nil?
+            true
+          end
+          private
+          def create_new_node module_policy, method_policy
+            return if module_policy.deadzone_nodes.empty?
+            module_policy.deadzone_nodes.map do |node|
+              next unless node.method_name.nil?
+              klass = Module.cs__const_get(node.class_name)
+              next unless it_defined? klass, method_policy.method_name
+              new_node = set_new_node method_policy, klass, node
+              method_policy.instance_variable_set(:@method_visibility, new_node.method_visibility)
+              method_policy.instance_variable_set(:@deadzone_node, node)
+              module_policy.deadzone_nodes << new_node
+              break unless method_policy.deadzone_node.nil?
+            end
+          end
+          # Helper method for creating new node
+          #
+          # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
+          #   used to map each method to the trigger node that applies to it
+          # @param klass [String] classname
+          # @param node [Contrast::Agent::Patching::Policy::PolicyNode]
+          # @return @_set_new_node [Contrast::Agent::Deadzone::Policy::DeadzoneNode]
+          def set_new_node method_policy, klass, node
+            new_node = {}
+            new_node['instance_method'] = method_policy.instance_method
+            new_node['method_visibility'] =
+              klass.private_method_defined?(method_policy.method_name) ? 'private' : 'public'
+            new_node['method_name'] = method_policy.method_name
+            new_node['class_name'] = node.class_name
+            @_set_new_node = Contrast::Agent::Deadzone::Policy::DeadzoneNode.new(new_node)
+          end
+          def it_defined? klass, method_name
+            klass.instance_methods(false).include?(method_name) ||
+                klass.private_instance_methods(false).include?(method_name) ||
+                klass.singleton_methods(false).include?(method_name)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/patching/policy/patcher.rb CHANGED Viewed

@@ -151,6 +151,18 @@ module Contrast
                 return
               end
+              patch_methods status, module_data, module_policy
+            rescue StandardError => e
+              status&.failed_patch!
+              logger.warn('Patching failed', e, module: module_data.mod_name)
+            ensure
+              logger.trace('Patching complete',
+                           module: module_data.mod_name,
+                           result:
+                             Contrast::Agent::Patching::Policy::PatchStatus.get_status(module_data.mod).patch_status)
+            end
+            def patch_methods status, module_data, module_policy
               status.patching!
               num_applied_patches = patch_into_instance_methods(module_data, module_policy)
               num_applied_patches += patch_into_singleton_methods(module_data, module_policy)
@@ -160,14 +172,6 @@ module Contrast
               else
                 status.partial_patch!
               end
-            rescue StandardError => e
-              status&.failed_patch!
-              logger.warn('Patching failed', e, module: module_data.mod_name)
-            ensure
-              logger.trace('Patching complete',
-                           module: module_data.mod_name,
-                           result:
-                             Contrast::Agent::Patching::Policy::PatchStatus.get_status(module_data.mod).patch_status)
             end
             # Get all of the instance methods on the given module, excluding

data/lib/contrast/agent/reporting/report.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+module Contrast
+  module Agent
+    # This is the base module for our reporting functionality. It is intended to
+    # facilitate all the needed report generating functionality and eventual
+    # report to RS.
+    # Any class under this namespace should be required here, providing a
+    # single point of require for this functionality.
+    module Reporting
+    end
+  end
+end
+require 'contrast/agent/reporting/reporter'
+require 'contrast/agent/reporting/reporting_utilities/audit'
+require 'contrast/agent/reporting/reporting_utilities/reporter_client'
+require 'contrast/agent/reporting/reporting_events/finding'
+require 'contrast/agent/reporting/reporting_events/preflight_message'
+require 'contrast/agent/reporting/reporting_events/preflight'

data/lib/contrast/agent/reporting/reporter.rb ADDED Viewed

@@ -0,0 +1,142 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/worker_thread'
+require 'contrast/agent/reporting/report'
+require 'contrast/components/logger'
+require 'contrast/utils/object_share'
+require 'contrast/agent/version'
+require 'base64'
+module Contrast
+  module Agent
+    # This module will hold everything essential to reporting to TeamServer
+    class Reporter < WorkerThread
+      include Contrast::Components::Logger::InstanceMethods
+      include Contrast::Utils::ObjectShare
+      class << self
+        include Contrast::Components::Logger::InstanceMethods
+        # check if we can report to TS
+        #
+        # @return[Boolean] true if bypass is enabled, or false if bypass disabled
+        def enabled?
+          @_enabled = Contrast::CONTRAST_SERVICE.use_agent_communication? if @_enabled.nil?
+          @_enabled
+        end
+      end
+      def headers
+        @_headers ||= {
+            app_name: Base64.encode64(Contrast::APP_CONTEXT.app_name).chomp!,
+            api_key: Contrast::API.api_key,
+            agent_version: [RUBY, Contrast::Agent::VERSION].join(SPACE),
+            app_language: RUBY,
+            app_path: Base64.encode64(Contrast::APP_CONTEXT.path).chomp!,
+            app_version: Contrast::APP_CONTEXT.app_version,
+            authorization: Base64.encode64("#{ Contrast::API.username }:#{ Contrast::API.service_key }").chomp!,
+            server_name: Base64.encode64(Contrast::APP_CONTEXT.server_name).chomp!,
+            server_path: Base64.encode64(Contrast::APP_CONTEXT.server_path).chomp!,
+            server_type: Base64.encode64(Contrast::APP_CONTEXT.server_type).chomp!,
+            content_type: 'application/json',
+            encoding: 'base64'
+        }.cs__freeze
+      end
+      def client
+        @_client ||= Contrast::Utils::ReporterClient.new headers
+      end
+      def connection
+        @_connection ||= client.initialize_connection
+      end
+      def audit
+        @_audit ||= Contrast::Agent::Reporting::Audit.new
+      end
+      def attempt_to_start?
+        unless cs__class.enabled?
+          logger.warn('Reporter service is disabled!')
+          return false
+        end
+        logger.debug('Attempting to start Reporter thread') unless running?
+        true
+      end
+      def start_thread!
+        return if running?
+        @_thread = Contrast::Agent::Thread.new do
+          logger.debug('Starting background Reporter thread.')
+          event = queue.pop
+          begin
+            logger.debug('This is the current processed event', event)
+            client.send_event event, connection
+          rescue StandardError => e
+            logger.error('Could not send message to service from Reporter queue.', e)
+          end
+        end
+      end
+      def send_event event
+        if ::Contrast::AGENT.disabled?
+          logger.warn('Attempted to queue event with Agent disabled', caller: caller, event: event)
+          return
+        end
+        return unless cs__class.enabled?
+        logger.debug('Enqueued event for sending', event_type: event.cs__class)
+        result = queue << event if event
+        return result unless ::Contrast::API.request_audit_enable
+        audit&.audit_event(event)
+        result
+      end
+      # Use this to bypass the messaging queue and leave response processing to the caller
+      def send_event_immediately event
+        if ::Contrast::AGENT.disabled?
+          logger.warn('Reporter attempted to send event immediately with Agent disabled', caller: caller, event: event)
+          return
+        end
+        response_data = client.send_event event, connection, true
+        if response_data.status == 200
+          # handle_response
+          client.send(:handle_response, event, response_data, connection)
+        end
+        return unless ::Contrast::API.request_audit_enable
+        audit&.audit_event(event, response_data)
+        response_data
+      rescue StandardError => e
+        logger.error('Could not send message to service from Reporter queue.', e)
+      end
+      def delete_queue!
+        @_queue&.clear
+        @_queue&.close
+        @_queue = nil
+      end
+      def stop!
+        return unless running?
+        super
+        delete_queue!
+      end
+      private
+      def queue
+        @_queue ||= Queue.new
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/finding.rb ADDED Viewed

@@ -0,0 +1,90 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'json'
+require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/reporting_event'
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new Findings class which will include all the needed information
+      # for the new reporting system
+      class Finding < Contrast::Agent::Reporting::ReportingEvent
+        attr_accessor :events, :properties, :request, :hash_code
+        attr_reader :rule_id
+        def initialize rule_id
+          super
+          @event_type = :report_vulnerability
+          @events = []
+          @platform = Contrast::Utils::ObjectShare::RUBY
+          @rule_id = Contrast::Utils::StringUtils.truncate(rule_id)
+          @properties = {}
+        end
+        def attach_data trigger_node, source, object, ret, request, *args
+          @events << Contrast::Agent::Assess::Events::EventFactory.build(trigger_node, source, object, ret, args)
+          @request = request
+          from_properties source, @events
+          attach_routes request
+        end
+        def to_controlled_hash **_args
+          validate
+          {
+              platform: @platform,
+              ruleId: @rule_id,
+              request: request,
+              properties: properties,
+              events: events,
+              routes: routes
+          }
+        end
+        def validate
+          raise(ArgumentError, "#{ self } did not have a proper platform. Unable to continue.") unless @platform
+          raise(ArgumentError, "#{ self } did not have a proper rule. Unable to continue.") unless @rule_id
+          raise(ArgumentError, "#{ self } did not have proper events. Unable to continue.") if events.empty?
+          raise(ArgumentError, "#{ self } did not have proper properties. Unable to continue.") if properties.empty?
+          raise(ArgumentError, "#{ self } did not have a proper request. Unable to continue.") unless request
+          nil
+        end
+        private
+        def from_properties source, events
+          return unless source
+          return unless Contrast::Agent::Assess::Tracker.trackable?(source)
+          properties = Contrast::Agent::Assess::Tracker.properties(source)
+          build_events events, properties.event if properties.event
+          @properties = properties if properties
+        end
+        def build_events events, event
+          return unless event
+          event.parent_events&.each do |parent_event|
+            build_events(events, parent_event)
+          end
+          events << event
+        end
+        def attach_routes request
+          context = Contrast::Agent::REQUEST_TRACKER.current
+          if context
+            @routes << context.route if context.route
+          elsif request&.route
+            @routes << request.route
+          elsif request&.path
+            @routes << request.path
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/preflight.rb ADDED Viewed

@@ -0,0 +1,25 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'contrast/agent/reporting/reporting_events/reporting_event'
+module Contrast
+  module Agent
+    module Reporting
+      # This class here will hold the needed preflights we will send for certain trace/traces
+      class Preflight < Contrast::Agent::Reporting::ReportingEvent
+        attr_accessor :messages
+        def initialize
+          super
+          @event_type = :preflight
+          @messages = []
+        end
+        def to_controlled_hash **_args
+          { messages: @messages }
+        end
+      end
+    end
+  end
+end