contrast-agent 4.14.1 → 5.0.0

data/lib/contrast/utils/metrics_hash.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/components/logger'
@@ -15,7 +15,7 @@ module Contrast
       ERROR_MESSAGES = [
         'The key is not string or does not meet the requirements.',
         'The key extends the allowed length.',
-        'VThe provided value is not the right data type'
+        'The provided value is not the right data type'
       ].cs__freeze
       KEY_REGEXP = /[a-zA-Z0-9_-]{1,63}/.cs__freeze
 

data/lib/contrast/utils/middleware_utils.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 module Contrast

data/lib/contrast/utils/net_http_base.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'net/http'
@@ -27,7 +27,8 @@ module Contrast
 
         addr = URI(url)
         # the proxy is enabled only if there is provided url even if the enable is set to true
-        return if addr.host.nil? || addr.port.nil? || addr.scheme != 'https'
+        return if addr.host.nil? || addr.port.nil?
+        return if addr.scheme != 'https' && !addr.host.to_s.include?('localhost') # TODO: RUBY-99999 allow http w/ localhost # rubocop:disable Layout/LineLength
 
         proxy_addr = URI(Contrast::API.proxy_url) if proxy_enabled?
         net_http_client = initialize_client addr, proxy_addr, use_proxy, use_custom_cert
@@ -36,12 +37,13 @@ module Contrast
         net_http_client.start
         return unless net_http_client.started?
 
-        logger.warn("Starting #{ service_name } connection test")
+        logger.debug("Starting #{ service_name } connection test")
         return unless connection_verified? net_http_client
 
+        logger.debug('Client verified', service: service_name, url: url)
         net_http_client
-      rescue Net::OpenTimeout, Net::ReadTimeout, SocketError, OpenSSL::SSL::SSLError => e
-        logger.warn("#{ service_name } connection failed", e.message)
+      rescue StandardError => e
+        logger.error('Connection failed', e, service: service_name, url: url)
         nil
       end
 
@@ -67,7 +69,8 @@ module Contrast
                    client.ipaddr
                  end
         response = client.request(Net::HTTP::Get.new(client.address))
-        verify_cert = OpenSSL::SSL.verify_certificate_identity(client.peer_cert, client.address)
+        verify_cert = client.address.to_s.include?('localhost') ||
+            OpenSSL::SSL.verify_certificate_identity(client.peer_cert, client.address)
         resolved = resolved? client.address, ipaddr
         @_connection_verified = if resolved && response && verify_cert
                                   true
@@ -134,6 +137,8 @@ module Contrast
                             else
                               Net::HTTP.new(addr.host, addr.port)
                             end
+        return initialize_client if addr.host.to_s.include?('localhost') # TODO: RUBY-99999 allow http w/ localhost
+
         assign_cert(initialize_client) if use_custom_cert && Contrast::API.certification_enabled?
         initialize_client.use_ssl = true
         initialize_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
@@ -151,7 +156,9 @@ module Contrast
       #
       # @return @_proxy_enabled [Boolean] True if proxy is enabled and url is present else false
       def proxy_enabled?
-        @_proxy_enabled ||= Contrast::API.proxy_enabled? && !Contrast::API.proxy_url.nil? if @_proxy_enabled.nil?
+        return @_proxy_enabled unless @_proxy_enabled.nil?
+
+        @_proxy_enabled = Contrast::API.proxy_enabled? && !Contrast::API.proxy_url.nil?
       end
     end
   end

data/lib/contrast/utils/object_share.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 # rubocop:disable Security/Object/Freeze
@@ -47,8 +47,6 @@ module Contrast
       CACHE = 'cache'
 
       CONTRAST_PATCHED_METHOD_START = 'cs__patched_'
-      CONTRAST_MODULE_START = 'Contrast::'
-      ANONYMOUS_CLASS_MARKER = '#<'
       DOUBLE_COLON = '::'
 
       EMPTY_ARRAY = [].freeze
@@ -66,9 +64,6 @@ module Contrast
       TRUE = 'true'
       FALSE = 'false'
 
-      CLASS = 'Class'
-      MODULE = 'Module'
-
       OBJECT_KEY = 'O'
       RETURN_KEY = 'R'
       UNKNOWN = 'unknown'

data/lib/contrast/utils/os.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/components/scope'
@@ -36,11 +36,14 @@ module Contrast
         # Check current OS type
         # returns true if check is correct or false if not
         def windows?
-          (/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM) != nil
+          return @_windows unless @_windows.nil?
+
+          @_windows = !(/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM).nil?
         end
 
         def mac?
-          RUBY_PLATFORM.include? 'darwin'
+          @_mac = RUBY_PLATFORM.include? 'darwin' if @_mac.nil?
+          @_mac
         end
 
         def unix?
@@ -48,11 +51,12 @@ module Contrast
         end
 
         def linux?
-          unix? and !mac?
+          (unix? and !mac?)
         end
 
         def jruby?
-          RUBY_ENGINE == 'jruby'
+          @_jruby = RUBY_ENGINE == 'jruby' if @_jruby.nil?
+          @_jruby
         end
       end
     end

data/lib/contrast/utils/patching/policy/patch_utils.rb

@@ -1,21 +1,17 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 module Contrast
   module Utils
     module Patching
-      # This module will include all methods for different patch applies from Patch module
-      # and some other module methods from the same place, so we can ease the main module
+      # This module will include all methods for different patch applies from Patch module and some other module
+      # methods from the same place, so we can ease the main module
       module PatchUtils
-        # Method to choose which replaced return from the post_patch to
-        # actually return
+        # Method to choose which replaced return from the post_patch to actually return.
         #
-        # @param propagated_ret [Object, nil] The replaced return from the
-        #   propagation patch.
-        # @param source_ret [Object, nil] The replaced return from the
-        #   source patch.
-        # @param ret [Object, nil] The original return of the patched
-        #   method.
+        # @param propagated_ret [Object, nil] The replaced return from the propagation patch.
+        # @param source_ret [Object, nil] The replaced return from the source patch.
+        # @param ret [Object, nil] The original return of the patched method.
         # @return [Object, nil] The thing to return from the post patch.
         def handle_return propagated_ret, source_ret, ret
           safe_return = propagated_ret || source_ret || ret
@@ -23,8 +19,8 @@ module Contrast
           safe_return
         end
 
-        # Given a module and method, construct an expected name for the
-        # alias by which Contrast will reference the original.
+        # Given a module and method, construct an expected name for the alias by which Contrast will reference the
+        # original.
         #
         # @param patched_class [Module] the module being patched
         # @param patched_method [Symbol] the method being patched
@@ -48,56 +44,44 @@ module Contrast
         # ===== PATCH APPLIERS =====
         # THIS IS CALLED FROM C. Do not change the signature lightly.
         #
-        # This method functions to call the infilter methods from our
-        # patches, allowing for analysis and reporting at the point just
-        # before the patched code is invoked.
+        # This method functions to call the infilter methods from our patches, allowing for analysis and reporting at
+        # the point just before the patched code is invoked.
         #
-        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-        #   Mapping of the triggers on the given method.
+        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
+        #   method.
         # @param method [Symbol] The method into which we're patching
-        # @param exception [StandardError] Any exception raised during the
-        #   call of the patched method.
-        # @param object [Object] The object on which the method is invoked,
-        #   typically what would be returned by self.
-        # @param args [Array<Object>] The arguments passed to the method
-        #   being invoked.
+        # @param exception [StandardError] Any exception raised during the call of the patched method.
+        # @param object [Object] The object on which the method is invoked, typically what would be returned by self.
+        # @param args [Array<Object>] The arguments passed to the method being invoked.
         def apply_pre_patch method_policy, method, exception, object, args
           apply_protect(method_policy, method, exception, object, args)
           apply_inventory(method_policy, method, exception, object, args)
         rescue Contrast::SecurityException => e
-          # We were told to block something, so we gotta. Don't catch this
-          # one, let it get back to our Middleware or even all the way out to
-          # the framework
+          # We were told to block something, so we gotta. Don't catch this one, let it get back to our Middleware or
+          # even all the way out to the framework
           raise e
         rescue StandardError => e
-          # Anything else was our bad and we gotta catch that to allow for
-          # normal application flow
+          # Anything else was our bad and we gotta catch that to allow for normal application flow
           logger.error('Unable to apply pre patch to method.', e)
         rescue Exception => e # rubocop:disable Lint/RescueException
-          # This is something like NoMemoryError that we can't
-          # hope to handle.  Nonetheless, shouldn't leak scope.
+          # This is something like NoMemoryError that we can't hope to handle.  Nonetheless, shouldn't leak scope.
           exit_contrast_scope!
           raise e
         end
 
         # THIS IS CALLED FROM C. Do not change the signature lightly.
         #
-        # This method functions to call the infilter methods from our
-        # patches, allowing for analysis and reporting at the point just
-        # after the patched code is invoked
+        # This method functions to call the infilter methods from our patches, allowing for analysis and reporting at
+        # the point just after the patched code is invoked
         #
-        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-        #   Mapping of the triggers on the given method.
-        # @param preshift [Contrast::Agent::Assess::PreShift] The capture
-        #   of the state of the code just prior to the invocation of the
-        #   patched method.
-        # @param object [Object] The object on which the method was
-        #   invoked, typically what would be returned by self.
+        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
+        #   method.
+        # @param preshift [Contrast::Agent::Assess::PreShift] The capture of the state of the code just prior to the
+        #   invocation of the patched method.
+        # @param object [Object] The object on which the method was invoked, typically what would be returned by self.
         # @param ret [Object] The return of the method that was invoked.
-        # @param args [Array<Object>] The arguments passed to the method
-        #   being invoked.
-        # @param block [Proc] The block passed to the method that was
-        #   invoked.
+        # @param args [Array<Object>] The arguments passed to the method being invoked.
+        # @param block [Proc] The block passed to the method that was invoked.
         def apply_post_patch method_policy, preshift, object, ret, args, block
           apply_assess(method_policy, preshift, object, ret, args, block)
         rescue StandardError => e
@@ -106,15 +90,12 @@ module Contrast
 
         # Apply the Protect patch which applies to the given method.
         #
-        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-        #   Mapping of the triggers on the given method.
+        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
+        #   method.
         # @param method [Symbol] The method into which we're patching
-        # @param exception [StandardError] Any exception raised during the
-        #   call of the patched method.
-        # @param object [Object] The object on which the method is invoked,
-        #   typically what would be returned by self.
-        # @param args [Array<Object>] The arguments passed to the method
-        #   being invoked.
+        # @param exception [StandardError] Any exception raised during the call of the patched method.
+        # @param object [Object] The object on which the method is invoked, typically what would be returned by self.
+        # @param args [Array<Object>] The arguments passed to the method being invoked.
         def apply_protect method_policy, method, exception, object, args
           return unless ::Contrast::AGENT.enabled?
           return unless ::Contrast::PROTECT.enabled?
@@ -124,15 +105,12 @@ module Contrast
 
         # Apply the Inventory patch which applies to the given method.
         #
-        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-        #   Mapping of the triggers on the given method.
+        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
+        #   method.
         # @param method [Symbol] The method into which we're patching
-        # @param exception [StandardError] Any exception raised during the
-        #   call of the patched method.
-        # @param object [Object] The object on which the method is invoked,
-        #   typically what would be returned by self.
-        # @param args [Array<Object>] The arguments passed to the method
-        #   being invoked.
+        # @param exception [StandardError] Any exception raised during the call of the patched method.
+        # @param object [Object] The object on which the method is invoked, typically what would be returned by self.
+        # @param args [Array<Object>] The arguments passed to the method being invoked.
         def apply_inventory method_policy, method, exception, object, args
           return unless ::Contrast::INVENTORY.enabled?
 
@@ -141,18 +119,14 @@ module Contrast
 
         # Apply the Assess patches which apply to the given method.
         #
-        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-        #   Mapping of the triggers on the given method.
-        # @param preshift [Contrast::Agent::Assess::PreShift] The capture
-        #   of the state of the code just prior to the invocation of the
-        #   patched method.
-        # @param object [Object] The object on which the method was
-        #   invoked, typically what would be returned by self.
+        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] Mapping of the triggers on the given
+        #   method.
+        # @param preshift [Contrast::Agent::Assess::PreShift] The capture of the state of the code just prior to the
+        #   invocation of the patched method.
+        # @param object [Object] The object on which the method was invoked, typically what would be returned by self.
         # @param ret [Object] The return of the method that was invoked.
-        # @param args [Array<Object>] The arguments passed to the method
-        #   being invoked.
-        # @param block [Proc] The block passed to the method that was
-        #   invoked.
+        # @param args [Array<Object>] The arguments passed to the method being invoked.
+        # @param block [Proc] The block passed to the method that was invoked.
         def apply_assess method_policy, preshift, object, ret, args, block
           source_ret = nil
           propagated_ret = nil
@@ -166,9 +140,8 @@ module Contrast
             Contrast::Agent::Assess::Policy::TriggerMethod.apply_trigger_rule(trigger_node, object, ret, args)
           end
           if method_policy.source_node
-            # If we were given a frozen return, and it was the target of a
-            # source, and we have frozen sources enabled, we'll need to
-            # replace the return. Note, this is not the default case.
+            # If we were given a frozen return, and it was the target of a source, and we have frozen sources enabled,
+            # we'll need to replace the return. Note, this is not the default case.
             source_ret = Contrast::Agent::Assess::Policy::SourceMethod.source_patchers(method_policy, object, ret, args)
           end
           if method_policy.propagation_node
@@ -190,39 +163,30 @@ module Contrast
           raise e
         end
 
-        # Generic invocation of the Inventory or Protect patch which apply
-        # to the given method.
+        # Generic invocation of the Inventory or Protect patch which apply to the given method.
         #
-        # @param trigger_node [Contrast::Agent::Inventory::Policy::TriggerNode]
-        #   Mapping of the specific trigger on the given method.
+        # @param trigger_node [Contrast::Agent::Inventory::Policy::TriggerNode] Mapping of the specific trigger on the
+        #   given method.
         # @param method [Symbol] The method into which we're patching
-        # @param exception [StandardError] Any exception raised during the
-        #   call of the patched method.
-        # @param object [Object] The object on which the method is invoked,
-        #   typically what would be returned by self.
-        # @param args [Array<Object>] The arguments passed to the method
-        #   being invoked.
+        # @param exception [StandardError] Any exception raised during the call of the patched method.
+        # @param object [Object] The object on which the method is invoked, typically what would be returned by self.
+        # @param args [Array<Object>] The arguments passed to the method being invoked.
         def apply_trigger_only trigger_node, method, exception, object, args
           return unless trigger_node
 
-          # If that rule only applies in the case of an exception being
-          # thrown and there's no exception here, move along, or vice versa
+          # If that rule only applies in the case of an exception being thrown and there's no exception here, move
+          # along, or vice versa
           return if trigger_node.on_exception && !exception
           return if !trigger_node.on_exception && exception
 
-          # Each patch has an applicator that handles logic for it. Think
-          # of this as being similar to propagator actions, most closely
-          # resembling CUSTOM - they all have a common interface but their
-          # own logic based on what's in the method(s) they've been patched
-          # into.
-          # Each patch also knows the method of its applicator. Some
-          # things, like AppliesXxeRule, have different methods depending
-          # on the library patched. This lets us handle the boilerplate of
-          # patching while still allowing for custom handling of the
-          # methods.
+          # Each patch has an applicator that handles logic for it. Think of this as being similar to propagator
+          # actions, most closely resembling CUSTOM - they all have a common interface but their own logic based on
+          # what's in the method(s) they've been patched into.
+          # Each patch also knows the method of its applicator. Some things, like AppliesXxeRule, have different
+          # methods depending on the library patched. This lets us handle the boilerplate of patching while still
+          # allowing for custom handling of the methods.
           applicator_method = trigger_node.applicator_method
-          # By calling send like this, we can reuse all the patching.
-          # We `send` to the given method of the given class
+          # By calling send like this, we can reuse all the patching. We `send` to the given method of the given class
           # (applicator) since they all accept the same inputs
           trigger_node.applicator.send(applicator_method, method, exception, trigger_node.properties, object, args)
         end

data/lib/contrast/utils/patching/policy/patcher_utils.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 module Contrast

data/lib/contrast/utils/preflight_util.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 module Contrast

data/lib/contrast/utils/request_utils.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 module Contrast
@@ -17,6 +17,7 @@ module Contrast
       #   key :                ''
       #   nested_key :         ''
       # }
+      # @return params_hash [Hash]
       def normalize_params val, prefix: nil
         # In non-recursive invocations, val should always be a Hash
         # (rather than breaking this out into two methods)
@@ -48,6 +49,10 @@ module Contrast
         end
       end
 
+      # Read the response body and rewind.
+      # A well behaved middleware would read the IO object and then rewind.
+      #
+      # @return body [String]
       def read_body body
         return body if body.is_a?(String)
 
@@ -66,6 +71,9 @@ module Contrast
         end
       end
 
+      # @param multipart_data [Object<Hash>]
+      # @param current_names [Hash]
+      # @return current_names [Hash<Name =>file_name]
       def traverse_parsed_multipart multipart_data, current_names
         return current_names unless multipart_data
 

data/lib/contrast/utils/resource_loader.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 module Contrast

data/lib/contrast/utils/response_utils.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 module Contrast

data/lib/contrast/utils/sha256_builder.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'singleton'

data/lib/contrast/utils/stack_trace_utils.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/utils/object_share'

data/lib/contrast/utils/string_utils.rb

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
 require 'contrast/components/logger'
@@ -7,84 +7,86 @@ module Contrast
   module Utils
     # Utilities for encoding and normalizing strings
     class StringUtils
-      include Contrast::Components::Logger::InstanceMethods
+      class << self
+        include Contrast::Components::Logger::InstanceMethods
 
-      UTF8 = 'utf-8'
-      HTTP_PREFIX = 'HTTP_'
+        UTF8 = 'utf-8'
+        HTTP_PREFIX = 'HTTP_'
 
-      # Convenience method. We assume that we're working on Strings or tags
-      # String representations of things. To that end, we'll to_s anything
-      # that comes in before returning its length.
-      #
-      # But don't worry though, String.to_s just returns self. teehee
-      def self.ret_length string
-        string.nil? ? 0 : string.to_s.length
-      end
+        # Convenience method. We assume that we're working on Strings or tags
+        # String representations of things. To that end, we'll to_s anything
+        # that comes in before returning its length.
+        #
+        # But don't worry though, String.to_s just returns self. teehee
+        def ret_length string
+          string.nil? ? 0 : string.to_s.length
+        end
 
-      def self.present? str
-        !str.nil? && !str.to_s.empty?
-      end
+        def present? str
+          !str.nil? && !str.to_s.empty?
+        end
 
-      def self.protobuf_format data, truncate: true
-        data = data&.to_s
-        data = Contrast::Utils::StringUtils.force_utf8(data)
-        data = Contrast::Utils::StringUtils.truncate(data) if truncate
-        data
-      end
+        def protobuf_format data, truncate: true
+          data = data&.to_s
+          data = Contrast::Utils::StringUtils.force_utf8(data)
+          data = Contrast::Utils::StringUtils.truncate(data) if truncate
+          data
+        end
 
-      # Protobuf has a very strict typing. Nil is not a String and will throw
-      # an exception if you try to set it. Use this to be safe.
-      # Uses the object share to avoid creating several new strings per request
-      def self.protobuf_safe_string string
-        string.nil? ? Contrast::Utils::ObjectShare::EMPTY_STRING : string.to_s
-      end
+        # Protobuf has a very strict typing. Nil is not a String and will throw
+        # an exception if you try to set it. Use this to be safe.
+        # Uses the object share to avoid creating several new strings per request
+        def protobuf_safe_string string
+          string.nil? ? Contrast::Utils::ObjectShare::EMPTY_STRING : string.to_s
+        end
 
-      # Truncate a string to 255 characters max length
-      def self.truncate str, default = Contrast::Utils::ObjectShare::EMPTY_STRING
-        return default if str.nil?
+        # Truncate a string to 255 characters max length
+        def truncate str, default = Contrast::Utils::ObjectShare::EMPTY_STRING
+          return default if str.nil?
 
-        str.to_s[0..255]
-      end
+          str.to_s[0..255]
+        end
 
-      def self.force_utf8 str
-        return Contrast::Utils::ObjectShare::EMPTY_STRING unless str
+        def force_utf8 str
+          return Contrast::Utils::ObjectShare::EMPTY_STRING unless str
 
-        str = str.to_s
-        if str.encoding == Encoding::UTF_8
-          str = str.encode(UTF8, invalid: :replace, undef: :replace) unless str.valid_encoding?
-        else
-          str = str.encode(UTF8, str.encoding, invalid: :replace, undef: :replace)
-        end
-        str.to_s
-      rescue StandardError => e
-        # We were unable to switch the String to a UTF-8 format.
-        # Return non-nil so as not to throw an exception later when trying
-        # to do regexp or other compares on the String
-        logger.trace('Unable to cast String to UTF-8 format', e, value: str)
+          str = str.to_s
+          if str.encoding == Encoding::UTF_8
+            str = str.encode(UTF8, invalid: :replace, undef: :replace) unless str.valid_encoding?
+          else
+            str = str.encode(UTF8, str.encoding, invalid: :replace, undef: :replace)
+          end
+          str.to_s
+        rescue StandardError => e
+          # We were unable to switch the String to a UTF-8 format.
+          # Return non-nil so as not to throw an exception later when trying
+          # to do regexp or other compares on the String
+          logger.trace('Unable to cast String to UTF-8 format', e, value: str)
 
-        Contrast::Utils::ObjectShare::EMPTY_STRING
-      end
+          Contrast::Utils::ObjectShare::EMPTY_STRING
+        end
 
-      # Given a string return a normalized version of that string.
-      # Keys are memoized so that the normalization process doesn't need
-      # to happen every time.
-      #
-      # @param str [String] the String to normalize
-      # @return [String] a copy of the given String, upper cased, trimmed,
-      #   dashes replaced with underscore, and HTTP trimmed
-      def self.normalized_key str
-        return unless str
+        # Given a string return a normalized version of that string.
+        # Keys are memoized so that the normalization process doesn't need
+        # to happen every time.
+        #
+        # @param str [String] the String to normalize
+        # @return [String] a copy of the given String, upper cased, trimmed,
+        #   dashes replaced with underscore, and HTTP trimmed
+        def normalized_key str
+          return unless str
 
-        str = str.to_s
-        @_normalized_keys ||= {}
-        if @_normalized_keys.key?(str)
-          @_normalized_keys[str]
-        else
-          upped = str.upcase
-          stripped = upped.strip! || upped
-          trimmed = stripped.tr!('-', '_') || stripped
-          cut = trimmed.start_with?(HTTP_PREFIX) ? trimmed[5..-1] : trimmed
-          @_normalized_keys[str] = cut
+          str = str.to_s
+          @_normalized_keys ||= {}
+          if @_normalized_keys.key?(str)
+            @_normalized_keys[str]
+          else
+            upped = str.upcase
+            stripped = upped.strip! || upped
+            trimmed = stripped.tr!('-', '_') || stripped
+            cut = trimmed.start_with?(HTTP_PREFIX) ? trimmed[5..] : trimmed
+            @_normalized_keys[str] = cut
+          end
         end
       end
     end