contrast-agent 4.13.1 → 4.14.0

data/lib/contrast/components/app_context.rb

@@ -5,6 +5,7 @@ require 'rubygems/version'
 require 'contrast/api/decorators/agent_startup'
 require 'contrast/api/decorators/application_startup'
 require 'contrast/utils/object_share'
+require 'contrast/components/app_context_extend'
 
 module Contrast
   module Components
@@ -15,6 +16,7 @@ module Contrast
       # Specifically, this allows for querying the state of the Application,
       # including the Client, Process, and Server information.
       class Interface
+        include Contrast::Components::AppContextExtend
         include Contrast::Components::ComponentBase
         include Contrast::Components::Logger::InstanceMethods
 
@@ -23,10 +25,6 @@ module Contrast
         DEFAULT_SERVER_NAME = 'localhost'
         DEFAULT_SERVER_PATH = '/'
 
-        SUPPORTED_FRAMEWORKS = %w[rails sinatra grape rack].cs__freeze
-
-        SUPPORTED_SERVERS = %w[passenger puma thin unicorn].cs__freeze
-
         def initialize
           original_pid
         end
@@ -50,6 +48,14 @@ module Contrast
           end
         end
 
+        def session_id
+          @_session_id ||= build_app_startup_message.session_id
+        end
+
+        def app_version
+          @_app_version ||= Contrast::CONFIG.root.application.version
+        end
+
         def path
           @_path ||= begin
             tmp = ::Contrast::CONFIG.root.application.path
@@ -80,67 +86,6 @@ module Contrast
           end
         end
 
-        def build_app_startup_message
-          Contrast::Api::Dtm::ApplicationCreate.build
-        end
-
-        def build_agent_startup_message
-          msg = Contrast::Api::Dtm::AgentStartup.build(server_name, server_path, server_type)
-          logger.info('Application context',
-                      server_name: msg.server_name,
-                      server_path: msg.server_path,
-                      server_type: msg.server_type,
-                      application_name: app_name,
-                      application_path: path,
-                      application_language: Contrast::Utils::ObjectShare::RUBY)
-
-          msg
-        end
-
-        def pid
-          Process.pid
-        end
-
-        def ppid
-          Process.ppid
-        end
-
-        def pgid
-          Process.getpgid(pid)
-        end
-
-        def client_id
-          @_client_id ||= [app_name, pgid].join('-')
-        end
-
-        def app_and_server_information
-          {
-              application_info: find_gem_information(SUPPORTED_FRAMEWORKS),
-              server_info: find_gem_information(SUPPORTED_SERVERS)
-          }
-        end
-
-        def find_gem_information arr
-          arr.each do |framework|
-            next unless Gem.loaded_specs.key?(framework)
-
-            loaded = Gem.loaded_specs[framework]
-            next unless loaded
-
-            name = loaded.instance_variable_get(:@name)
-            version = loaded.instance_variable_get(:@version).to_s
-            return [name, version].join(' ')
-          end
-        end
-
-        def instrument_middleware_stack?
-          !Contrast::Utils::JobServersRunning.job_servers_running?
-        end
-
-        def disabled_agent_rake_tasks
-          ::Contrast::CONFIG.root.agent.ruby.disabled_agent_rake_tasks
-        end
-
         # Determines if the Process we're currently in matches that of the
         # Process in which the App Context instance was created.
         # If it doesn't, that indicates the running context is in a new

data/lib/contrast/components/app_context_extend.rb

@@ -0,0 +1,78 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Components
+    # A wrapper build around the Common Agent Configuration project to allow
+    # for access of the values contained in its
+    # parent_configuration_spec.yaml.
+    # Specifically, this allows for querying the state of the Application,
+    # including the Client, Process, and Server information.
+    module AppContextExtend
+      SUPPORTED_FRAMEWORKS = %w[rails sinatra grape rack].cs__freeze
+      SUPPORTED_SERVERS = %w[passenger puma thin unicorn].cs__freeze
+
+      def build_app_startup_message
+        @_build_app_startup_message ||= Contrast::Api::Dtm::ApplicationCreate.build
+      end
+
+      def build_agent_startup_message
+        msg = Contrast::Api::Dtm::AgentStartup.build(server_name, server_path, server_type)
+        logger.info('Application context',
+                    server_name: msg.server_name,
+                    server_path: msg.server_path,
+                    server_type: msg.server_type,
+                    application_name: app_name,
+                    application_path: path,
+                    application_language: Contrast::Utils::ObjectShare::RUBY)
+
+        msg
+      end
+
+      def pid
+        Process.pid
+      end
+
+      def ppid
+        Process.ppid
+      end
+
+      def pgid
+        Process.getpgid(pid)
+      end
+
+      def client_id
+        @_client_id ||= [app_name, pgid].join('-')
+      end
+
+      def app_and_server_information
+        {
+            application_info: find_gem_information(SUPPORTED_FRAMEWORKS),
+            server_info: find_gem_information(SUPPORTED_SERVERS)
+        }
+      end
+
+      def find_gem_information arr
+        arr.each do |framework|
+          next unless Gem.loaded_specs.key?(framework)
+
+          loaded = Gem.loaded_specs[framework]
+          next unless loaded
+
+          name = loaded.instance_variable_get(:@name)
+          version = loaded.instance_variable_get(:@version).to_s
+          return [name, version].join(' ')
+        end
+        nil
+      end
+
+      def instrument_middleware_stack?
+        !Contrast::Utils::JobServersRunning.job_servers_running?
+      end
+
+      def disabled_agent_rake_tasks
+        ::Contrast::CONFIG.root.agent.ruby.disabled_agent_rake_tasks
+      end
+    end
+  end
+end

data/lib/contrast/components/base.rb

@@ -35,6 +35,29 @@ module Contrast
 
         config_param.downcase == Contrast::Utils::ObjectShare::TRUE
       end
+
+      # this method will check if a path could be possibly used
+      # So for example if we pass a path to a file - we'll check
+      # if there is actually that file and if it's with certain extension
+      #
+      # @param config_path [String,nil]
+      # @return [Boolean]
+      def valid_cert? config_path
+        return false if config_path.nil?
+
+        exts = %w[.pem .crt .cer].cs__freeze
+        return false unless exts.include?(File.extname(config_path))
+
+        true
+      end
+
+      # check if file exists at all
+      # @param path [String,nil]
+      def file_exists? path
+        return false unless path
+
+        File.exist? path
+      end
     end
   end
 end

data/lib/contrast/components/config.rb

@@ -120,7 +120,7 @@ module Contrast
         # @return [String,nil] the value of the session id set in the
         #   configuration, or nil if unset
         def session_id
-          @config.application.session_id
+          root.application.session_id
         end
 
         # Typically, this would be accessed through
@@ -131,7 +131,7 @@ module Contrast
         # @return [String,nil] the value of the session metadata set in the
         #   configuration, or nil if unset
         def session_metadata
-          @config.application.session_metadata
+          root.application.session_metadata
         end
 
         # Typically, the following values would be accessed through Contrast::Components::AppContext
@@ -140,7 +140,7 @@ module Contrast
         #
         # @return [String, nil]
         def api_url
-          @config.api.url
+          root.api.url
         end
 
         # Typically, the following values would be accessed through Contrast::Components::AppContext
@@ -149,7 +149,7 @@ module Contrast
         #
         # @return [String, nil]
         def api_key
-          @config.api.api_key
+          root.api.api_key
         end
 
         # Typically, the following values would be accessed through Contrast::Components::AppContext
@@ -158,7 +158,7 @@ module Contrast
         #
         # @return [String, nil]
         def api_service_key
-          @config.api.service_key
+          root.api.service_key
         end
 
         # Typically, the following values would be accessed through Contrast::Components::AppContext
@@ -167,7 +167,7 @@ module Contrast
         #
         # @return [String, nil]
         def api_username
-          @config.api.user_name
+          root.api.user_name
         end
 
         # Typically, the following values would be accessed through Contrast::Components::AppContext
@@ -176,7 +176,7 @@ module Contrast
         #
         # @return [String, nil]
         def bypass
-          @config.root.agent.service.bypass
+          root.agent.service.bypass
         end
 
         # Typically, the following values would be accessed through Contrast::Components::AppContext
@@ -185,7 +185,7 @@ module Contrast
         #
         # @return [String, nil]
         def logger_path
-          @config.root.agent.logger.path
+          root.agent.logger.path
         end
       end
     end

data/lib/contrast/components/contrast_service.rb

@@ -15,6 +15,7 @@ module Contrast
         include Contrast::Components::ComponentBase
 
         DEFAULT_SERVICE_LOG = 'contrast_service.log'
+        DEFAULT_SERVICE_LEVEL = :TRACE
         # The Rails ActionDispatch regexp for localhost IP + literal localhost
         # https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/http/request.rb#L32
         LOCALHOST = Regexp.union [/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/, /^localhost$/]
@@ -59,6 +60,10 @@ module Contrast
           @_logger_path ||= ::Contrast::CONFIG.root.agent.service.logger.path || DEFAULT_SERVICE_LOG
         end
 
+        def logger_level
+          @_logger_level ||= ::Contrast::CONFIG.root.agent.service.logger.level || DEFAULT_SERVICE_LEVEL
+        end
+
         private
 
         def disabled?

data/lib/contrast/components/sampling.rb

@@ -14,7 +14,7 @@ module Contrast
         DEFAULT_SAMPLING_WINDOW_MS          = 180_000
       end
 
-      module ClassMethods #:nodoc:
+      module ClassMethods # :nodoc:
         include Contrast::Components::ComponentBase
         include Constants
 
@@ -90,7 +90,7 @@ module Contrast
         end
       end
 
-      module InstanceMethods #:nodoc:
+      module InstanceMethods # :nodoc:
         include Contrast::Components::ComponentBase
         include Constants
         include ClassMethods

data/lib/contrast/config/agent_configuration.rb

@@ -8,7 +8,7 @@ module Contrast
     class AgentConfiguration < BaseConfiguration
       KEYS = {
           enable: EMPTY_VALUE,
-          start_bundled_service: Contrast::Config::DefaultValue.new(true),
+          start_bundled_service: true,
           omit_body: EMPTY_VALUE,
           service: Contrast::Config::ServiceConfiguration,
           logger: Contrast::Config::LoggerConfiguration,

data/lib/contrast/config/api_configuration.rb

@@ -1,18 +1,23 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/config/default_value'
+require 'contrast/config/api_proxy_configuration'
+require 'contrast/config/certification_configuration'
+require 'contrast/config/request_audit_configuration'
 
 module Contrast
   module Config
     # Api keys configuration
     class ApiConfiguration < BaseConfiguration
-      URL = 'https://app.contrastsecurity.com/Contrast'
+      URL = 'https://app.contrastsecurity.com/contrast'
       KEYS = {
           api_key: EMPTY_VALUE,
-          url: Contrast::Config::DefaultValue.new(URL),
+          url: URL,
           user_name: EMPTY_VALUE,
-          service_key: EMPTY_VALUE
+          service_key: EMPTY_VALUE,
+          proxy: Contrast::Config::ApiProxyConfiguration,
+          request_audit: Contrast::Config::RequestAuditConfiguration,
+          certificate: Contrast::Config::CertificationConfiguration
       }.cs__freeze
       def initialize hsh
         super(hsh, KEYS)

data/lib/contrast/config/api_proxy_configuration.rb

@@ -0,0 +1,14 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Config
+    # Api Proxy keys configuration
+    class ApiProxyConfiguration < BaseConfiguration
+      KEYS = { enable: false, url: EMPTY_VALUE }.cs__freeze
+      def initialize hsh
+        super(hsh, KEYS)
+      end
+    end
+  end
+end

data/lib/contrast/config/application_configuration.rb

@@ -1,7 +1,6 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/config/default_value'
 require 'contrast/utils/object_share'
 
 module Contrast
@@ -18,8 +17,8 @@ module Contrast
           tags: EMPTY_VALUE,
           code: EMPTY_VALUE,
           metadata: EMPTY_VALUE,
-          session_id: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::EMPTY_STRING),
-          session_metadata: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::EMPTY_STRING)
+          session_id: Contrast::Utils::ObjectShare::EMPTY_STRING,
+          session_metadata: Contrast::Utils::ObjectShare::EMPTY_STRING
       }.cs__freeze
 
       def initialize hsh

data/lib/contrast/config/assess_configuration.rb

@@ -9,11 +9,11 @@ module Contrast
       KEYS = {
           tags: EMPTY_VALUE,
           enable: EMPTY_VALUE,
-          enable_scan_response: Contrast::Config::DefaultValue.new('true'),
-          enable_dynamic_sources: Contrast::Config::DefaultValue.new('true'),
+          enable_scan_response: true,
+          enable_dynamic_sources: true,
           sampling: Contrast::Config::SamplingConfiguration,
           rules: Contrast::Config::AssessRulesConfiguration,
-          stacktraces: Contrast::Config::DefaultValue.new('ALL')
+          stacktraces: 'ALL'
       }.cs__freeze
 
       def initialize hsh

data/lib/contrast/config/base_configuration.rb

@@ -12,17 +12,18 @@ module Contrast
     class BaseConfiguration
       extend Forwardable
 
-      STRING_BOOLEANS = %w[false true].cs__freeze
+      attr_reader :configuration_map
 
-      attr_reader :map
-
-      alias_method :to_hash, :map
-      def_delegators :@map, :empty?, :key?, :delete, :fetch, :[], :[]=, :each, :each_pair, :each_key, :each_value
+      alias_method :to_hash, :configuration_map
+      def_delegators :@configuration_map, :empty?, :key?, :delete, :fetch,
+                     :[], :[]=, :each, :each_pair, :each_key, :each_value
 
       EMPTY_VALUE = :EMPTY_VALUE
 
       def initialize hsh = {}, keys = {}
-        @map = {}
+        # holds configuration key value pairs
+        # each configuration class can contain nested BaseConfigurations
+        @configuration_map = {}
         traverse_config(hsh, keys)
       end
 
@@ -39,7 +40,7 @@ module Contrast
       end
 
       def nil?
-        @map.empty?
+        @configuration_map.empty?
       end
 
       private
@@ -69,25 +70,13 @@ module Contrast
       end
 
       def assign_config_value str_key, spec_value, user_provided_value
-        @map[str_key] = if spec_value.is_a?(Class) && spec_value <= Contrast::Config::BaseConfiguration
-                          spec_value.new(user_provided_value)
-                        elsif spec_value.is_a?(Contrast::Config::DefaultValue) && user_provided_value == EMPTY_VALUE
-                          spec_value.value
-                        elsif user_provided_value.cs__is_a?(String)
-                          value = user_provided_value.downcase
-                          # converts string values to 'true' => true or 'false' => false
-                          case value
-                          when STRING_BOOLEANS[1]
-                            true
-                          when STRING_BOOLEANS[0]
-                            false
-                          else
-                            # returns non boolean string values
-                            user_provided_value
-                          end
-                        else
-                          user_provided_value
-                        end
+        @configuration_map[str_key] = if spec_value.is_a?(Class) && spec_value <= Contrast::Config::BaseConfiguration
+                                        spec_value.new(user_provided_value)
+                                      elsif user_provided_value == EMPTY_VALUE
+                                        spec_value
+                                      else
+                                        user_provided_value
+                                      end
       end
 
       def value_from_key_config key, config_hash
@@ -99,13 +88,13 @@ module Contrast
 
       def define_getter str_key
         define_singleton_method str_key.to_sym do
-          @map[str_key] == EMPTY_VALUE ? nil : @map[str_key]
+          @configuration_map[str_key] == EMPTY_VALUE ? nil : @configuration_map[str_key]
         end
       end
 
       def define_setter str_key
         define_singleton_method "#{ str_key }=".to_sym do |new_value|
-          @map[str_key] = new_value
+          @configuration_map[str_key] = new_value
         end
       end
     end

data/lib/contrast/config/certification_configuration.rb

@@ -0,0 +1,15 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Config
+    # Certificate Configuration
+    class CertificationConfiguration < BaseConfiguration
+      KEYS = { enable: false, ca_file: EMPTY_VALUE, cert_file: EMPTY_VALUE, key_file: EMPTY_VALUE }.cs__freeze
+
+      def initialize hsh
+        super(hsh, KEYS)
+      end
+    end
+  end
+end

data/lib/contrast/config/env_variables.rb

@@ -5,20 +5,13 @@ module Contrast
   module Config
     # This module is holding all the Env Variables that we could use through the agent lifecycle
     module EnvVariables
-      ENV_VARIABLES = {
-          telemetry_opt_outs: ENV['CONTRAST_AGENT_TELEMETRY_OPTOUT'].to_s || Contrast::Config::DefaultValue.new('false')
-      }.cs__freeze
+      ENV_VARIABLES = { telemetry_opt_outs: ENV['CONTRAST_AGENT_TELEMETRY_OPTOUT'].to_s || false }.cs__freeze
 
       def return_value key
         return unless ENV_VARIABLES.key?(key.to_sym)
 
         sym_key = key.downcase.to_sym
-        return_val = ENV_VARIABLES[sym_key]
-        if return_val.is_a?(Contrast::Config::DefaultValue)
-          return_val.value
-        else
-          return_val
-        end
+        ENV_VARIABLES[sym_key]
       end
     end
   end

data/lib/contrast/config/heap_dump_configuration.rb

@@ -8,17 +8,17 @@ module Contrast
     class HeapDumpConfiguration < BaseConfiguration
       KEYS = {
           enable:                                                                   # should dumps be taken
-            Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::FALSE),
+            Contrast::Utils::ObjectShare::FALSE,
           path:                                                                     # dir to which dumps should be
-            Contrast::Config::DefaultValue.new('contrast_heap_dumps'), #   saved
+            'contrast_heap_dumps', # saved
           delay_ms:                                                                 # time, in ms, after initialization
-            Contrast::Config::DefaultValue.new(10_000), #   to delay before taking dump
+            10_000, # to delay before taking dump
           window_ms:                                                                # ms between each dump
-            Contrast::Config::DefaultValue.new(10_000), #
+            10_000, #
           count:                                                                    # number of dumps to take
-            Contrast::Config::DefaultValue.new(5), #
+            5, #
           clean:                                                                    # remove temporary objects or not
-            Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::FALSE)  #
+            Contrast::Utils::ObjectShare::FALSE #
       }.cs__freeze
 
       def initialize hsh

data/lib/contrast/config/inventory_configuration.rb

@@ -6,11 +6,7 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # inventory functionality of the Agent.
     class InventoryConfiguration < BaseConfiguration
-      KEYS = {
-          enable: Contrast::Config::DefaultValue.new(true),
-          analyze_libraries: Contrast::Config::DefaultValue.new(true),
-          tags: EMPTY_VALUE
-      }.cs__freeze
+      KEYS = { enable: true, analyze_libraries: true, tags: EMPTY_VALUE }.cs__freeze
 
       def initialize hsh
         super(hsh, KEYS)

data/lib/contrast/config/protect_rule_configuration.rb

@@ -12,7 +12,7 @@ module Contrast
           enable: EMPTY_VALUE,
           mode: EMPTY_VALUE,
           disable_system_commands: EMPTY_VALUE,
-          detect_custom_code_accessing_system_files: Contrast::Config::DefaultValue.new('true')
+          detect_custom_code_accessing_system_files: true
       }.cs__freeze
 
       def initialize hsh

data/lib/contrast/config/request_audit_configuration.rb

@@ -0,0 +1,18 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Config
+    # This class holds the Common Settings for the
+    # hidden functionality of the TS
+    class RequestAuditConfiguration < BaseConfiguration
+      DEFAULT_PATH = './messages'
+
+      KEYS = { enable: false, requests: false, responses: false, path: DEFAULT_PATH }.cs__freeze
+
+      def initialize hsh
+        super(hsh, KEYS)
+      end
+    end
+  end
+end

data/lib/contrast/config/ruby_configuration.rb

@@ -23,17 +23,17 @@ module Contrast
       DEFAULT_UNINSTRUMENTED_NAMESPACES = %w[FactoryGirl FactoryBot].cs__freeze
 
       KEYS = {
-          disabled_agent_rake_tasks: Contrast::Config::DefaultValue.new(DISABLED_RAKE_TASK_LIST),
+          disabled_agent_rake_tasks: DISABLED_RAKE_TASK_LIST,
           exceptions: Contrast::Config::ExceptionConfiguration,
           # controls whether or not we patch interpolation, either by rewrite or by funchook
-          interpolate: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::TRUE),
+          interpolate: Contrast::Utils::ObjectShare::TRUE,
           # controls whether or not we patch the rb_yield block to track split propagation
-          propagate_yield: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::TRUE),
+          propagate_yield: Contrast::Utils::ObjectShare::TRUE,
           # control whether or not we run file scanning rules on require
-          require_scan: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::TRUE),
+          require_scan: Contrast::Utils::ObjectShare::TRUE,
           # controls whether or not we track frozen Strings by replacing them
-          track_frozen_sources: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::TRUE),
-          uninstrument_namespace: Contrast::Config::DefaultValue.new(DEFAULT_UNINSTRUMENTED_NAMESPACES)
+          track_frozen_sources: Contrast::Utils::ObjectShare::TRUE,
+          uninstrument_namespace: DEFAULT_UNINSTRUMENTED_NAMESPACES
       }.cs__freeze
 
       def initialize hsh

data/lib/contrast/config/service_configuration.rb

@@ -1,7 +1,6 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/config/default_value'
 require 'contrast/config/logger_configuration'
 
 module Contrast
@@ -20,7 +19,7 @@ module Contrast
           port: EMPTY_VALUE,
           socket: EMPTY_VALUE,
           logger: Contrast::Config::LoggerConfiguration,
-          bypass: Contrast::Config::DefaultValue.new(false)
+          bypass: false
       }.cs__freeze
 
       def initialize hsh

data/lib/contrast/config.rb

@@ -11,7 +11,6 @@ module Contrast
 end
 
 require 'contrast/config/base_configuration'
-require 'contrast/config/default_value'
 
 require 'contrast/config/logger_configuration'