contrast-agent 4.13.1 → 4.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.simplecov +1 -0
- data/lib/contrast/agent/assess/policy/policy_node.rb +6 -6
- data/lib/contrast/agent/assess/policy/policy_scanner.rb +5 -0
- data/lib/contrast/agent/assess/policy/propagator/center.rb +1 -1
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +2 -154
- data/lib/contrast/agent/assess/policy/trigger_method.rb +44 -7
- data/lib/contrast/agent/assess/policy/trigger_node.rb +14 -6
- data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +1 -1
- data/lib/contrast/agent/assess/property/tagged.rb +51 -57
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +40 -6
- data/lib/contrast/agent/metric_telemetry_event.rb +2 -2
- data/lib/contrast/agent/middleware.rb +5 -75
- data/lib/contrast/agent/patching/policy/method_policy.rb +3 -89
- data/lib/contrast/agent/patching/policy/method_policy_extend.rb +111 -0
- data/lib/contrast/agent/patching/policy/patcher.rb +12 -8
- data/lib/contrast/agent/reporting/report.rb +21 -0
- data/lib/contrast/agent/reporting/reporter.rb +142 -0
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +90 -0
- data/lib/contrast/agent/reporting/reporting_events/preflight.rb +25 -0
- data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +56 -0
- data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +37 -0
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +127 -0
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +168 -0
- data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +66 -0
- data/lib/contrast/agent/request.rb +2 -81
- data/lib/contrast/agent/request_context.rb +4 -128
- data/lib/contrast/agent/request_context_extend.rb +138 -0
- data/lib/contrast/agent/response.rb +2 -73
- data/lib/contrast/agent/startup_metrics_telemetry_event.rb +39 -16
- data/lib/contrast/agent/static_analysis.rb +1 -1
- data/lib/contrast/agent/telemetry.rb +15 -7
- data/lib/contrast/agent/telemetry_event.rb +8 -9
- data/lib/contrast/agent/thread_watcher.rb +31 -5
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent.rb +15 -0
- data/lib/contrast/api/communication/connection_status.rb +10 -7
- data/lib/contrast/api/communication/messaging_queue.rb +37 -3
- data/lib/contrast/api/communication/response_processor.rb +15 -8
- data/lib/contrast/api/communication/service_lifecycle.rb +13 -3
- data/lib/contrast/api/communication/socket.rb +6 -8
- data/lib/contrast/api/communication/socket_client.rb +29 -12
- data/lib/contrast/api/communication/speedracer.rb +37 -1
- data/lib/contrast/api/communication/tcp_socket.rb +4 -3
- data/lib/contrast/api/communication/unix_socket.rb +1 -0
- data/lib/contrast/api/decorators/finding.rb +45 -0
- data/lib/contrast/components/api.rb +56 -0
- data/lib/contrast/components/app_context.rb +10 -65
- data/lib/contrast/components/app_context_extend.rb +78 -0
- data/lib/contrast/components/base.rb +23 -0
- data/lib/contrast/components/config.rb +8 -8
- data/lib/contrast/components/contrast_service.rb +5 -0
- data/lib/contrast/components/sampling.rb +2 -2
- data/lib/contrast/config/agent_configuration.rb +1 -1
- data/lib/contrast/config/api_configuration.rb +9 -4
- data/lib/contrast/config/api_proxy_configuration.rb +14 -0
- data/lib/contrast/config/application_configuration.rb +2 -3
- data/lib/contrast/config/assess_configuration.rb +3 -3
- data/lib/contrast/config/base_configuration.rb +17 -28
- data/lib/contrast/config/certification_configuration.rb +15 -0
- data/lib/contrast/config/env_variables.rb +2 -9
- data/lib/contrast/config/heap_dump_configuration.rb +6 -6
- data/lib/contrast/config/inventory_configuration.rb +1 -5
- data/lib/contrast/config/protect_rule_configuration.rb +1 -1
- data/lib/contrast/config/request_audit_configuration.rb +18 -0
- data/lib/contrast/config/ruby_configuration.rb +6 -6
- data/lib/contrast/config/service_configuration.rb +1 -2
- data/lib/contrast/config.rb +0 -1
- data/lib/contrast/configuration.rb +1 -2
- data/lib/contrast/extension/assess/array.rb +5 -7
- data/lib/contrast/framework/manager.rb +8 -32
- data/lib/contrast/framework/manager_extend.rb +50 -0
- data/lib/contrast/framework/rails/railtie.rb +1 -1
- data/lib/contrast/framework/sinatra/support.rb +2 -1
- data/lib/contrast/logger/log.rb +8 -103
- data/lib/contrast/utils/assess/property/tagged_utils.rb +23 -0
- data/lib/contrast/utils/assess/tracking_util.rb +20 -15
- data/lib/contrast/utils/assess/trigger_method_utils.rb +1 -1
- data/lib/contrast/utils/class_util.rb +18 -14
- data/lib/contrast/utils/findings.rb +62 -0
- data/lib/contrast/utils/hash_digest.rb +10 -73
- data/lib/contrast/utils/hash_digest_extend.rb +86 -0
- data/lib/contrast/utils/head_dump_utils_extend.rb +74 -0
- data/lib/contrast/utils/heap_dump_util.rb +2 -65
- data/lib/contrast/utils/invalid_configuration_util.rb +29 -0
- data/lib/contrast/utils/io_util.rb +1 -1
- data/lib/contrast/utils/log_utils.rb +108 -0
- data/lib/contrast/utils/middleware_utils.rb +87 -0
- data/lib/contrast/utils/net_http_base.rb +158 -0
- data/lib/contrast/utils/object_share.rb +1 -0
- data/lib/contrast/utils/request_utils.rb +88 -0
- data/lib/contrast/utils/response_utils.rb +97 -0
- data/lib/contrast/utils/substitution_utils.rb +167 -0
- data/lib/contrast/utils/tag_util.rb +9 -9
- data/lib/contrast/utils/telemetry.rb +4 -2
- data/lib/contrast/utils/telemetry_client.rb +90 -0
- data/lib/contrast/utils/telemetry_identifier.rb +17 -24
- data/ruby-agent.gemspec +5 -5
- metadata +48 -23
- data/lib/contrast/config/default_value.rb +0 -17
- data/lib/contrast/utils/requests_client.rb +0 -150
|
@@ -5,6 +5,7 @@ require 'rubygems/version'
|
|
|
5
5
|
require 'contrast/api/decorators/agent_startup'
|
|
6
6
|
require 'contrast/api/decorators/application_startup'
|
|
7
7
|
require 'contrast/utils/object_share'
|
|
8
|
+
require 'contrast/components/app_context_extend'
|
|
8
9
|
|
|
9
10
|
module Contrast
|
|
10
11
|
module Components
|
|
@@ -15,6 +16,7 @@ module Contrast
|
|
|
15
16
|
# Specifically, this allows for querying the state of the Application,
|
|
16
17
|
# including the Client, Process, and Server information.
|
|
17
18
|
class Interface
|
|
19
|
+
include Contrast::Components::AppContextExtend
|
|
18
20
|
include Contrast::Components::ComponentBase
|
|
19
21
|
include Contrast::Components::Logger::InstanceMethods
|
|
20
22
|
|
|
@@ -23,10 +25,6 @@ module Contrast
|
|
|
23
25
|
DEFAULT_SERVER_NAME = 'localhost'
|
|
24
26
|
DEFAULT_SERVER_PATH = '/'
|
|
25
27
|
|
|
26
|
-
SUPPORTED_FRAMEWORKS = %w[rails sinatra grape rack].cs__freeze
|
|
27
|
-
|
|
28
|
-
SUPPORTED_SERVERS = %w[passenger puma thin unicorn].cs__freeze
|
|
29
|
-
|
|
30
28
|
def initialize
|
|
31
29
|
original_pid
|
|
32
30
|
end
|
|
@@ -50,6 +48,14 @@ module Contrast
|
|
|
50
48
|
end
|
|
51
49
|
end
|
|
52
50
|
|
|
51
|
+
def session_id
|
|
52
|
+
@_session_id ||= build_app_startup_message.session_id
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def app_version
|
|
56
|
+
@_app_version ||= Contrast::CONFIG.root.application.version
|
|
57
|
+
end
|
|
58
|
+
|
|
53
59
|
def path
|
|
54
60
|
@_path ||= begin
|
|
55
61
|
tmp = ::Contrast::CONFIG.root.application.path
|
|
@@ -80,67 +86,6 @@ module Contrast
|
|
|
80
86
|
end
|
|
81
87
|
end
|
|
82
88
|
|
|
83
|
-
def build_app_startup_message
|
|
84
|
-
Contrast::Api::Dtm::ApplicationCreate.build
|
|
85
|
-
end
|
|
86
|
-
|
|
87
|
-
def build_agent_startup_message
|
|
88
|
-
msg = Contrast::Api::Dtm::AgentStartup.build(server_name, server_path, server_type)
|
|
89
|
-
logger.info('Application context',
|
|
90
|
-
server_name: msg.server_name,
|
|
91
|
-
server_path: msg.server_path,
|
|
92
|
-
server_type: msg.server_type,
|
|
93
|
-
application_name: app_name,
|
|
94
|
-
application_path: path,
|
|
95
|
-
application_language: Contrast::Utils::ObjectShare::RUBY)
|
|
96
|
-
|
|
97
|
-
msg
|
|
98
|
-
end
|
|
99
|
-
|
|
100
|
-
def pid
|
|
101
|
-
Process.pid
|
|
102
|
-
end
|
|
103
|
-
|
|
104
|
-
def ppid
|
|
105
|
-
Process.ppid
|
|
106
|
-
end
|
|
107
|
-
|
|
108
|
-
def pgid
|
|
109
|
-
Process.getpgid(pid)
|
|
110
|
-
end
|
|
111
|
-
|
|
112
|
-
def client_id
|
|
113
|
-
@_client_id ||= [app_name, pgid].join('-')
|
|
114
|
-
end
|
|
115
|
-
|
|
116
|
-
def app_and_server_information
|
|
117
|
-
{
|
|
118
|
-
application_info: find_gem_information(SUPPORTED_FRAMEWORKS),
|
|
119
|
-
server_info: find_gem_information(SUPPORTED_SERVERS)
|
|
120
|
-
}
|
|
121
|
-
end
|
|
122
|
-
|
|
123
|
-
def find_gem_information arr
|
|
124
|
-
arr.each do |framework|
|
|
125
|
-
next unless Gem.loaded_specs.key?(framework)
|
|
126
|
-
|
|
127
|
-
loaded = Gem.loaded_specs[framework]
|
|
128
|
-
next unless loaded
|
|
129
|
-
|
|
130
|
-
name = loaded.instance_variable_get(:@name)
|
|
131
|
-
version = loaded.instance_variable_get(:@version).to_s
|
|
132
|
-
return [name, version].join(' ')
|
|
133
|
-
end
|
|
134
|
-
end
|
|
135
|
-
|
|
136
|
-
def instrument_middleware_stack?
|
|
137
|
-
!Contrast::Utils::JobServersRunning.job_servers_running?
|
|
138
|
-
end
|
|
139
|
-
|
|
140
|
-
def disabled_agent_rake_tasks
|
|
141
|
-
::Contrast::CONFIG.root.agent.ruby.disabled_agent_rake_tasks
|
|
142
|
-
end
|
|
143
|
-
|
|
144
89
|
# Determines if the Process we're currently in matches that of the
|
|
145
90
|
# Process in which the App Context instance was created.
|
|
146
91
|
# If it doesn't, that indicates the running context is in a new
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
module Contrast
|
|
5
|
+
module Components
|
|
6
|
+
# A wrapper build around the Common Agent Configuration project to allow
|
|
7
|
+
# for access of the values contained in its
|
|
8
|
+
# parent_configuration_spec.yaml.
|
|
9
|
+
# Specifically, this allows for querying the state of the Application,
|
|
10
|
+
# including the Client, Process, and Server information.
|
|
11
|
+
module AppContextExtend
|
|
12
|
+
SUPPORTED_FRAMEWORKS = %w[rails sinatra grape rack].cs__freeze
|
|
13
|
+
SUPPORTED_SERVERS = %w[passenger puma thin unicorn].cs__freeze
|
|
14
|
+
|
|
15
|
+
def build_app_startup_message
|
|
16
|
+
@_build_app_startup_message ||= Contrast::Api::Dtm::ApplicationCreate.build
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def build_agent_startup_message
|
|
20
|
+
msg = Contrast::Api::Dtm::AgentStartup.build(server_name, server_path, server_type)
|
|
21
|
+
logger.info('Application context',
|
|
22
|
+
server_name: msg.server_name,
|
|
23
|
+
server_path: msg.server_path,
|
|
24
|
+
server_type: msg.server_type,
|
|
25
|
+
application_name: app_name,
|
|
26
|
+
application_path: path,
|
|
27
|
+
application_language: Contrast::Utils::ObjectShare::RUBY)
|
|
28
|
+
|
|
29
|
+
msg
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def pid
|
|
33
|
+
Process.pid
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def ppid
|
|
37
|
+
Process.ppid
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def pgid
|
|
41
|
+
Process.getpgid(pid)
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def client_id
|
|
45
|
+
@_client_id ||= [app_name, pgid].join('-')
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def app_and_server_information
|
|
49
|
+
{
|
|
50
|
+
application_info: find_gem_information(SUPPORTED_FRAMEWORKS),
|
|
51
|
+
server_info: find_gem_information(SUPPORTED_SERVERS)
|
|
52
|
+
}
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def find_gem_information arr
|
|
56
|
+
arr.each do |framework|
|
|
57
|
+
next unless Gem.loaded_specs.key?(framework)
|
|
58
|
+
|
|
59
|
+
loaded = Gem.loaded_specs[framework]
|
|
60
|
+
next unless loaded
|
|
61
|
+
|
|
62
|
+
name = loaded.instance_variable_get(:@name)
|
|
63
|
+
version = loaded.instance_variable_get(:@version).to_s
|
|
64
|
+
return [name, version].join(' ')
|
|
65
|
+
end
|
|
66
|
+
nil
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def instrument_middleware_stack?
|
|
70
|
+
!Contrast::Utils::JobServersRunning.job_servers_running?
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def disabled_agent_rake_tasks
|
|
74
|
+
::Contrast::CONFIG.root.agent.ruby.disabled_agent_rake_tasks
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
end
|
|
@@ -35,6 +35,29 @@ module Contrast
|
|
|
35
35
|
|
|
36
36
|
config_param.downcase == Contrast::Utils::ObjectShare::TRUE
|
|
37
37
|
end
|
|
38
|
+
|
|
39
|
+
# this method will check if a path could be possibly used
|
|
40
|
+
# So for example if we pass a path to a file - we'll check
|
|
41
|
+
# if there is actually that file and if it's with certain extension
|
|
42
|
+
#
|
|
43
|
+
# @param config_path [String,nil]
|
|
44
|
+
# @return [Boolean]
|
|
45
|
+
def valid_cert? config_path
|
|
46
|
+
return false if config_path.nil?
|
|
47
|
+
|
|
48
|
+
exts = %w[.pem .crt .cer].cs__freeze
|
|
49
|
+
return false unless exts.include?(File.extname(config_path))
|
|
50
|
+
|
|
51
|
+
true
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
# check if file exists at all
|
|
55
|
+
# @param path [String,nil]
|
|
56
|
+
def file_exists? path
|
|
57
|
+
return false unless path
|
|
58
|
+
|
|
59
|
+
File.exist? path
|
|
60
|
+
end
|
|
38
61
|
end
|
|
39
62
|
end
|
|
40
63
|
end
|
|
@@ -120,7 +120,7 @@ module Contrast
|
|
|
120
120
|
# @return [String,nil] the value of the session id set in the
|
|
121
121
|
# configuration, or nil if unset
|
|
122
122
|
def session_id
|
|
123
|
-
|
|
123
|
+
root.application.session_id
|
|
124
124
|
end
|
|
125
125
|
|
|
126
126
|
# Typically, this would be accessed through
|
|
@@ -131,7 +131,7 @@ module Contrast
|
|
|
131
131
|
# @return [String,nil] the value of the session metadata set in the
|
|
132
132
|
# configuration, or nil if unset
|
|
133
133
|
def session_metadata
|
|
134
|
-
|
|
134
|
+
root.application.session_metadata
|
|
135
135
|
end
|
|
136
136
|
|
|
137
137
|
# Typically, the following values would be accessed through Contrast::Components::AppContext
|
|
@@ -140,7 +140,7 @@ module Contrast
|
|
|
140
140
|
#
|
|
141
141
|
# @return [String, nil]
|
|
142
142
|
def api_url
|
|
143
|
-
|
|
143
|
+
root.api.url
|
|
144
144
|
end
|
|
145
145
|
|
|
146
146
|
# Typically, the following values would be accessed through Contrast::Components::AppContext
|
|
@@ -149,7 +149,7 @@ module Contrast
|
|
|
149
149
|
#
|
|
150
150
|
# @return [String, nil]
|
|
151
151
|
def api_key
|
|
152
|
-
|
|
152
|
+
root.api.api_key
|
|
153
153
|
end
|
|
154
154
|
|
|
155
155
|
# Typically, the following values would be accessed through Contrast::Components::AppContext
|
|
@@ -158,7 +158,7 @@ module Contrast
|
|
|
158
158
|
#
|
|
159
159
|
# @return [String, nil]
|
|
160
160
|
def api_service_key
|
|
161
|
-
|
|
161
|
+
root.api.service_key
|
|
162
162
|
end
|
|
163
163
|
|
|
164
164
|
# Typically, the following values would be accessed through Contrast::Components::AppContext
|
|
@@ -167,7 +167,7 @@ module Contrast
|
|
|
167
167
|
#
|
|
168
168
|
# @return [String, nil]
|
|
169
169
|
def api_username
|
|
170
|
-
|
|
170
|
+
root.api.user_name
|
|
171
171
|
end
|
|
172
172
|
|
|
173
173
|
# Typically, the following values would be accessed through Contrast::Components::AppContext
|
|
@@ -176,7 +176,7 @@ module Contrast
|
|
|
176
176
|
#
|
|
177
177
|
# @return [String, nil]
|
|
178
178
|
def bypass
|
|
179
|
-
|
|
179
|
+
root.agent.service.bypass
|
|
180
180
|
end
|
|
181
181
|
|
|
182
182
|
# Typically, the following values would be accessed through Contrast::Components::AppContext
|
|
@@ -185,7 +185,7 @@ module Contrast
|
|
|
185
185
|
#
|
|
186
186
|
# @return [String, nil]
|
|
187
187
|
def logger_path
|
|
188
|
-
|
|
188
|
+
root.agent.logger.path
|
|
189
189
|
end
|
|
190
190
|
end
|
|
191
191
|
end
|
|
@@ -15,6 +15,7 @@ module Contrast
|
|
|
15
15
|
include Contrast::Components::ComponentBase
|
|
16
16
|
|
|
17
17
|
DEFAULT_SERVICE_LOG = 'contrast_service.log'
|
|
18
|
+
DEFAULT_SERVICE_LEVEL = :TRACE
|
|
18
19
|
# The Rails ActionDispatch regexp for localhost IP + literal localhost
|
|
19
20
|
# https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/http/request.rb#L32
|
|
20
21
|
LOCALHOST = Regexp.union [/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/, /^localhost$/]
|
|
@@ -59,6 +60,10 @@ module Contrast
|
|
|
59
60
|
@_logger_path ||= ::Contrast::CONFIG.root.agent.service.logger.path || DEFAULT_SERVICE_LOG
|
|
60
61
|
end
|
|
61
62
|
|
|
63
|
+
def logger_level
|
|
64
|
+
@_logger_level ||= ::Contrast::CONFIG.root.agent.service.logger.level || DEFAULT_SERVICE_LEVEL
|
|
65
|
+
end
|
|
66
|
+
|
|
62
67
|
private
|
|
63
68
|
|
|
64
69
|
def disabled?
|
|
@@ -14,7 +14,7 @@ module Contrast
|
|
|
14
14
|
DEFAULT_SAMPLING_WINDOW_MS = 180_000
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
module ClassMethods
|
|
17
|
+
module ClassMethods # :nodoc:
|
|
18
18
|
include Contrast::Components::ComponentBase
|
|
19
19
|
include Constants
|
|
20
20
|
|
|
@@ -90,7 +90,7 @@ module Contrast
|
|
|
90
90
|
end
|
|
91
91
|
end
|
|
92
92
|
|
|
93
|
-
module InstanceMethods
|
|
93
|
+
module InstanceMethods # :nodoc:
|
|
94
94
|
include Contrast::Components::ComponentBase
|
|
95
95
|
include Constants
|
|
96
96
|
include ClassMethods
|
|
@@ -8,7 +8,7 @@ module Contrast
|
|
|
8
8
|
class AgentConfiguration < BaseConfiguration
|
|
9
9
|
KEYS = {
|
|
10
10
|
enable: EMPTY_VALUE,
|
|
11
|
-
start_bundled_service:
|
|
11
|
+
start_bundled_service: true,
|
|
12
12
|
omit_body: EMPTY_VALUE,
|
|
13
13
|
service: Contrast::Config::ServiceConfiguration,
|
|
14
14
|
logger: Contrast::Config::LoggerConfiguration,
|
|
@@ -1,18 +1,23 @@
|
|
|
1
1
|
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
-
require 'contrast/config/
|
|
4
|
+
require 'contrast/config/api_proxy_configuration'
|
|
5
|
+
require 'contrast/config/certification_configuration'
|
|
6
|
+
require 'contrast/config/request_audit_configuration'
|
|
5
7
|
|
|
6
8
|
module Contrast
|
|
7
9
|
module Config
|
|
8
10
|
# Api keys configuration
|
|
9
11
|
class ApiConfiguration < BaseConfiguration
|
|
10
|
-
URL = 'https://app.contrastsecurity.com/
|
|
12
|
+
URL = 'https://app.contrastsecurity.com/contrast'
|
|
11
13
|
KEYS = {
|
|
12
14
|
api_key: EMPTY_VALUE,
|
|
13
|
-
url:
|
|
15
|
+
url: URL,
|
|
14
16
|
user_name: EMPTY_VALUE,
|
|
15
|
-
service_key: EMPTY_VALUE
|
|
17
|
+
service_key: EMPTY_VALUE,
|
|
18
|
+
proxy: Contrast::Config::ApiProxyConfiguration,
|
|
19
|
+
request_audit: Contrast::Config::RequestAuditConfiguration,
|
|
20
|
+
certificate: Contrast::Config::CertificationConfiguration
|
|
16
21
|
}.cs__freeze
|
|
17
22
|
def initialize hsh
|
|
18
23
|
super(hsh, KEYS)
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
module Contrast
|
|
5
|
+
module Config
|
|
6
|
+
# Api Proxy keys configuration
|
|
7
|
+
class ApiProxyConfiguration < BaseConfiguration
|
|
8
|
+
KEYS = { enable: false, url: EMPTY_VALUE }.cs__freeze
|
|
9
|
+
def initialize hsh
|
|
10
|
+
super(hsh, KEYS)
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
-
require 'contrast/config/default_value'
|
|
5
4
|
require 'contrast/utils/object_share'
|
|
6
5
|
|
|
7
6
|
module Contrast
|
|
@@ -18,8 +17,8 @@ module Contrast
|
|
|
18
17
|
tags: EMPTY_VALUE,
|
|
19
18
|
code: EMPTY_VALUE,
|
|
20
19
|
metadata: EMPTY_VALUE,
|
|
21
|
-
session_id: Contrast::
|
|
22
|
-
session_metadata: Contrast::
|
|
20
|
+
session_id: Contrast::Utils::ObjectShare::EMPTY_STRING,
|
|
21
|
+
session_metadata: Contrast::Utils::ObjectShare::EMPTY_STRING
|
|
23
22
|
}.cs__freeze
|
|
24
23
|
|
|
25
24
|
def initialize hsh
|
|
@@ -9,11 +9,11 @@ module Contrast
|
|
|
9
9
|
KEYS = {
|
|
10
10
|
tags: EMPTY_VALUE,
|
|
11
11
|
enable: EMPTY_VALUE,
|
|
12
|
-
enable_scan_response:
|
|
13
|
-
enable_dynamic_sources:
|
|
12
|
+
enable_scan_response: true,
|
|
13
|
+
enable_dynamic_sources: true,
|
|
14
14
|
sampling: Contrast::Config::SamplingConfiguration,
|
|
15
15
|
rules: Contrast::Config::AssessRulesConfiguration,
|
|
16
|
-
stacktraces:
|
|
16
|
+
stacktraces: 'ALL'
|
|
17
17
|
}.cs__freeze
|
|
18
18
|
|
|
19
19
|
def initialize hsh
|
|
@@ -12,17 +12,18 @@ module Contrast
|
|
|
12
12
|
class BaseConfiguration
|
|
13
13
|
extend Forwardable
|
|
14
14
|
|
|
15
|
-
|
|
15
|
+
attr_reader :configuration_map
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
def_delegators :@map, :empty?, :key?, :delete, :fetch, :[], :[]=, :each, :each_pair, :each_key, :each_value
|
|
17
|
+
alias_method :to_hash, :configuration_map
|
|
18
|
+
def_delegators :@configuration_map, :empty?, :key?, :delete, :fetch,
|
|
19
|
+
:[], :[]=, :each, :each_pair, :each_key, :each_value
|
|
21
20
|
|
|
22
21
|
EMPTY_VALUE = :EMPTY_VALUE
|
|
23
22
|
|
|
24
23
|
def initialize hsh = {}, keys = {}
|
|
25
|
-
|
|
24
|
+
# holds configuration key value pairs
|
|
25
|
+
# each configuration class can contain nested BaseConfigurations
|
|
26
|
+
@configuration_map = {}
|
|
26
27
|
traverse_config(hsh, keys)
|
|
27
28
|
end
|
|
28
29
|
|
|
@@ -39,7 +40,7 @@ module Contrast
|
|
|
39
40
|
end
|
|
40
41
|
|
|
41
42
|
def nil?
|
|
42
|
-
@
|
|
43
|
+
@configuration_map.empty?
|
|
43
44
|
end
|
|
44
45
|
|
|
45
46
|
private
|
|
@@ -69,25 +70,13 @@ module Contrast
|
|
|
69
70
|
end
|
|
70
71
|
|
|
71
72
|
def assign_config_value str_key, spec_value, user_provided_value
|
|
72
|
-
@
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
case value
|
|
80
|
-
when STRING_BOOLEANS[1]
|
|
81
|
-
true
|
|
82
|
-
when STRING_BOOLEANS[0]
|
|
83
|
-
false
|
|
84
|
-
else
|
|
85
|
-
# returns non boolean string values
|
|
86
|
-
user_provided_value
|
|
87
|
-
end
|
|
88
|
-
else
|
|
89
|
-
user_provided_value
|
|
90
|
-
end
|
|
73
|
+
@configuration_map[str_key] = if spec_value.is_a?(Class) && spec_value <= Contrast::Config::BaseConfiguration
|
|
74
|
+
spec_value.new(user_provided_value)
|
|
75
|
+
elsif user_provided_value == EMPTY_VALUE
|
|
76
|
+
spec_value
|
|
77
|
+
else
|
|
78
|
+
user_provided_value
|
|
79
|
+
end
|
|
91
80
|
end
|
|
92
81
|
|
|
93
82
|
def value_from_key_config key, config_hash
|
|
@@ -99,13 +88,13 @@ module Contrast
|
|
|
99
88
|
|
|
100
89
|
def define_getter str_key
|
|
101
90
|
define_singleton_method str_key.to_sym do
|
|
102
|
-
@
|
|
91
|
+
@configuration_map[str_key] == EMPTY_VALUE ? nil : @configuration_map[str_key]
|
|
103
92
|
end
|
|
104
93
|
end
|
|
105
94
|
|
|
106
95
|
def define_setter str_key
|
|
107
96
|
define_singleton_method "#{ str_key }=".to_sym do |new_value|
|
|
108
|
-
@
|
|
97
|
+
@configuration_map[str_key] = new_value
|
|
109
98
|
end
|
|
110
99
|
end
|
|
111
100
|
end
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
module Contrast
|
|
5
|
+
module Config
|
|
6
|
+
# Certificate Configuration
|
|
7
|
+
class CertificationConfiguration < BaseConfiguration
|
|
8
|
+
KEYS = { enable: false, ca_file: EMPTY_VALUE, cert_file: EMPTY_VALUE, key_file: EMPTY_VALUE }.cs__freeze
|
|
9
|
+
|
|
10
|
+
def initialize hsh
|
|
11
|
+
super(hsh, KEYS)
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
@@ -5,20 +5,13 @@ module Contrast
|
|
|
5
5
|
module Config
|
|
6
6
|
# This module is holding all the Env Variables that we could use through the agent lifecycle
|
|
7
7
|
module EnvVariables
|
|
8
|
-
ENV_VARIABLES = {
|
|
9
|
-
telemetry_opt_outs: ENV['CONTRAST_AGENT_TELEMETRY_OPTOUT'].to_s || Contrast::Config::DefaultValue.new('false')
|
|
10
|
-
}.cs__freeze
|
|
8
|
+
ENV_VARIABLES = { telemetry_opt_outs: ENV['CONTRAST_AGENT_TELEMETRY_OPTOUT'].to_s || false }.cs__freeze
|
|
11
9
|
|
|
12
10
|
def return_value key
|
|
13
11
|
return unless ENV_VARIABLES.key?(key.to_sym)
|
|
14
12
|
|
|
15
13
|
sym_key = key.downcase.to_sym
|
|
16
|
-
|
|
17
|
-
if return_val.is_a?(Contrast::Config::DefaultValue)
|
|
18
|
-
return_val.value
|
|
19
|
-
else
|
|
20
|
-
return_val
|
|
21
|
-
end
|
|
14
|
+
ENV_VARIABLES[sym_key]
|
|
22
15
|
end
|
|
23
16
|
end
|
|
24
17
|
end
|
|
@@ -8,17 +8,17 @@ module Contrast
|
|
|
8
8
|
class HeapDumpConfiguration < BaseConfiguration
|
|
9
9
|
KEYS = {
|
|
10
10
|
enable: # should dumps be taken
|
|
11
|
-
Contrast::
|
|
11
|
+
Contrast::Utils::ObjectShare::FALSE,
|
|
12
12
|
path: # dir to which dumps should be
|
|
13
|
-
|
|
13
|
+
'contrast_heap_dumps', # saved
|
|
14
14
|
delay_ms: # time, in ms, after initialization
|
|
15
|
-
|
|
15
|
+
10_000, # to delay before taking dump
|
|
16
16
|
window_ms: # ms between each dump
|
|
17
|
-
|
|
17
|
+
10_000, #
|
|
18
18
|
count: # number of dumps to take
|
|
19
|
-
|
|
19
|
+
5, #
|
|
20
20
|
clean: # remove temporary objects or not
|
|
21
|
-
Contrast::
|
|
21
|
+
Contrast::Utils::ObjectShare::FALSE #
|
|
22
22
|
}.cs__freeze
|
|
23
23
|
|
|
24
24
|
def initialize hsh
|
|
@@ -6,11 +6,7 @@ module Contrast
|
|
|
6
6
|
# Common Configuration settings. Those in this section pertain to the
|
|
7
7
|
# inventory functionality of the Agent.
|
|
8
8
|
class InventoryConfiguration < BaseConfiguration
|
|
9
|
-
KEYS = {
|
|
10
|
-
enable: Contrast::Config::DefaultValue.new(true),
|
|
11
|
-
analyze_libraries: Contrast::Config::DefaultValue.new(true),
|
|
12
|
-
tags: EMPTY_VALUE
|
|
13
|
-
}.cs__freeze
|
|
9
|
+
KEYS = { enable: true, analyze_libraries: true, tags: EMPTY_VALUE }.cs__freeze
|
|
14
10
|
|
|
15
11
|
def initialize hsh
|
|
16
12
|
super(hsh, KEYS)
|
|
@@ -12,7 +12,7 @@ module Contrast
|
|
|
12
12
|
enable: EMPTY_VALUE,
|
|
13
13
|
mode: EMPTY_VALUE,
|
|
14
14
|
disable_system_commands: EMPTY_VALUE,
|
|
15
|
-
detect_custom_code_accessing_system_files:
|
|
15
|
+
detect_custom_code_accessing_system_files: true
|
|
16
16
|
}.cs__freeze
|
|
17
17
|
|
|
18
18
|
def initialize hsh
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
module Contrast
|
|
5
|
+
module Config
|
|
6
|
+
# This class holds the Common Settings for the
|
|
7
|
+
# hidden functionality of the TS
|
|
8
|
+
class RequestAuditConfiguration < BaseConfiguration
|
|
9
|
+
DEFAULT_PATH = './messages'
|
|
10
|
+
|
|
11
|
+
KEYS = { enable: false, requests: false, responses: false, path: DEFAULT_PATH }.cs__freeze
|
|
12
|
+
|
|
13
|
+
def initialize hsh
|
|
14
|
+
super(hsh, KEYS)
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -23,17 +23,17 @@ module Contrast
|
|
|
23
23
|
DEFAULT_UNINSTRUMENTED_NAMESPACES = %w[FactoryGirl FactoryBot].cs__freeze
|
|
24
24
|
|
|
25
25
|
KEYS = {
|
|
26
|
-
disabled_agent_rake_tasks:
|
|
26
|
+
disabled_agent_rake_tasks: DISABLED_RAKE_TASK_LIST,
|
|
27
27
|
exceptions: Contrast::Config::ExceptionConfiguration,
|
|
28
28
|
# controls whether or not we patch interpolation, either by rewrite or by funchook
|
|
29
|
-
interpolate: Contrast::
|
|
29
|
+
interpolate: Contrast::Utils::ObjectShare::TRUE,
|
|
30
30
|
# controls whether or not we patch the rb_yield block to track split propagation
|
|
31
|
-
propagate_yield: Contrast::
|
|
31
|
+
propagate_yield: Contrast::Utils::ObjectShare::TRUE,
|
|
32
32
|
# control whether or not we run file scanning rules on require
|
|
33
|
-
require_scan: Contrast::
|
|
33
|
+
require_scan: Contrast::Utils::ObjectShare::TRUE,
|
|
34
34
|
# controls whether or not we track frozen Strings by replacing them
|
|
35
|
-
track_frozen_sources: Contrast::
|
|
36
|
-
uninstrument_namespace:
|
|
35
|
+
track_frozen_sources: Contrast::Utils::ObjectShare::TRUE,
|
|
36
|
+
uninstrument_namespace: DEFAULT_UNINSTRUMENTED_NAMESPACES
|
|
37
37
|
}.cs__freeze
|
|
38
38
|
|
|
39
39
|
def initialize hsh
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
-
require 'contrast/config/default_value'
|
|
5
4
|
require 'contrast/config/logger_configuration'
|
|
6
5
|
|
|
7
6
|
module Contrast
|
|
@@ -20,7 +19,7 @@ module Contrast
|
|
|
20
19
|
port: EMPTY_VALUE,
|
|
21
20
|
socket: EMPTY_VALUE,
|
|
22
21
|
logger: Contrast::Config::LoggerConfiguration,
|
|
23
|
-
bypass:
|
|
22
|
+
bypass: false
|
|
24
23
|
}.cs__freeze
|
|
25
24
|
|
|
26
25
|
def initialize hsh
|