contrast-agent 4.2.0 → 4.3.0

data/lib/contrast/components/settings.rb

@@ -58,21 +58,21 @@ module Contrast
 
         PROTECT_STATE_ATTRS.each do |attr|
           # TODO: RUBY-1052
-          define_method(attr) do # rubocop:disable Kernel/DefineMethod
+          define_method(attr) do # rubocop:disable Performance/Kernel/DefineMethod
             protect_state[attr]
           end
         end
 
         ASSESS_STATE_ATTRS.each do |attr|
           # TODO: RUBY-1052
-          define_method(attr) do # rubocop:disable Kernel/DefineMethod
+          define_method(attr) do # rubocop:disable Performance/Kernel/DefineMethod
             assess_state[attr]
           end
         end
 
         APPLICATION_STATE_ATTRS.each do |attr|
           # TODO: RUBY-1052
-          define_method(attr) do # rubocop:disable Kernel/DefineMethod
+          define_method(attr) do # rubocop:disable Performance/Kernel/DefineMethod
             application_state[attr]
           end
         end

data/lib/contrast/config/assess_configuration.rb

@@ -11,7 +11,8 @@ module Contrast
           enable: EMPTY_VALUE,
           enable_scan_response: Contrast::Config::DefaultValue.new('true'),
           sampling: Contrast::Config::SamplingConfiguration,
-          rules: Contrast::Config::AssessRulesConfiguration
+          rules: Contrast::Config::AssessRulesConfiguration,
+          stacktraces: Contrast::Config::DefaultValue.new('ALL')
       }.cs__freeze
 
       def initialize hsh

data/lib/contrast/extension/assess/array.rb

@@ -39,8 +39,7 @@ module Contrast
             return ret if Contrast::Agent::Patching::Policy::Patch.skip_assess_analysis?
 
             with_contrast_scope do
-              properties = Contrast::Agent::Assess::Tracker.properties(ret)
-              return ret unless properties
+              return ret unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
 
               shift = 0
               separator_length = separator.nil? ? 0 : separator.to_s.length

data/lib/contrast/extension/assess/erb.rb

@@ -6,9 +6,7 @@ module ERBPropagator
   class << self
     def result_tagger patcher, preshift, ret, _block
       return unless preshift.args.length >= 1
-
-      properties = Contrast::Agent::Assess::Tracker.properties(ret)
-      return unless properties
+      return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
 
       used_binding = preshift.args[0]
       binding_variable_set = used_binding.local_variables

data/lib/contrast/extension/assess/exec_trigger.rb

@@ -27,7 +27,7 @@ module Contrast
               source,
               Kernel,
               nil,
-              [source])
+              source)
         end
 
         private

data/lib/contrast/extension/assess/fiber.rb

@@ -61,8 +61,7 @@ module Contrast
 
             with_contrast_scope do
               results.each do |result|
-                result_properties = Contrast::Agent::Assess::Tracker.properties(result)
-                next unless result_properties
+                next unless (result_properties = Contrast::Agent::Assess::Tracker.properties!(result))
 
                 result_properties.splat_from(fiber, result)
                 result_properties.build_event(
@@ -82,7 +81,7 @@ module Contrast
             return unless underlying.is_a?(String) && !underlying.empty?
 
             with_contrast_scope do
-              properties = Contrast::Agent::Assess::Tracker.properties(fiber)
+              properties = Contrast::Agent::Assess::Tracker.properties!(fiber)
               return unless properties
 
               properties.splat_from(underlying, fiber)

data/lib/contrast/extension/assess/hash.rb

@@ -17,11 +17,13 @@ module Contrast
             return object unless object.is_a?(String) && !object.cs__frozen?
             return object unless Contrast::Agent::Assess::Tracker.tracked?(object)
 
-            ret = Contrast::Agent::Assess::Tracker.duplicate(object)
-            ret.cs__freeze
+            # Copy the object, then freeze it, so that it looks the same
+            # externally, but will have our finalizer on it.
+            object.dup&.cs__freeze
           rescue StandardError
             # we'll rescue this error, but we can't log it here as that will
             # result in a seg fault
+            object
           end
 
           def instrument_hash_track

data/lib/contrast/extension/assess/kernel.rb

@@ -39,8 +39,7 @@ module Contrast
           # oh, and there's also %<name>type and %{name}... b/c of course there is
           # -HM
           def sprintf_tagger patcher, preshift, ret, _block
-            properties = Contrast::Agent::Assess::Tracker.properties(ret)
-            return unless properties
+            return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
 
             format_string = preshift.args[0]
             args = preshift.args[1]

data/lib/contrast/extension/assess/marshal.rb

@@ -6,42 +6,50 @@ require 'contrast/components/interface'
 module Contrast
   module Extension
     module Assess
-      # This is our patch of the Array class required to handle propagation
+      # This is our patch of the Marshal class
       # Disclaimer: there may be a better way, but we're in a 'get it work' state.
       # Hopefully, we'll be in a 'get it right' state soon.
-      # This module is used for our Marshal#load patches
+      # This module is used for our Marshal.load patches
       class MarshalPropagator
         include Contrast::Components::Interface
 
-        access_component :logging
+        access_component :logging, :scope
 
         class << self
-          def cs__load_trigger_check source, ret
-            current_context = Contrast::Agent::REQUEST_TRACKER.current
-            return unless current_context
+          def cs__load_protect arg
+            return if in_contrast_scope?
 
-            # Since we know this is the source of the trigger, we can do some
-            # optimization here and return when it is not tracked
-            return unless Contrast::Agent::Assess::Tracker.tracked?(source)
+            with_contrast_scope do
+              Contrast::Agent::Protect::Policy::AppliesDeserializationRule.prepended_invoke(arg)
+            end
+            nil
+          end
+
+          def cs__load_assess source, ret
+            with_contrast_scope do
+              current_context = Contrast::Agent::REQUEST_TRACKER.current
+              return unless current_context
 
-            args = [source]
-            # source might not be all the args passed in, but it is the one we care
-            # about. we could pass in all the args in the last param here if it
-            # becomes an issue in rendering on TS
-            Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(
-                current_context,
-                trigger_node('Marshal', :load),
-                source,
-                self,
-                ret,
-                args)
-            properties = Contrast::Agent::Assess::Tracker.properties(ret)
-            properties.copy_from(source, ret)
+              args = [source]
+              # source might not be all the args passed in, but it is the one we care
+              # about. we could pass in all the args in the last param here if it
+              # becomes an issue in rendering on TS
+              Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(
+                  current_context,
+                  trigger_node('Marshal', :load),
+                  source,
+                  self,
+                  ret,
+                  *args)
+              return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
 
-            node = Contrast::Agent::Assess::Policy::Policy.instance.find_propagator_node('Marshal', :load, false)
-            properties.build_event(node, ret, self, ret, args)
-          rescue StandardError => e
-            logger.error('Unable to determine if a trigger occurred in Marshal.load', e)
+              properties.copy_from(source, ret)
+
+              node = Contrast::Agent::Assess::Policy::Policy.instance.find_propagator_node('Marshal', :load, false)
+              properties.build_event(node, ret, self, ret, args)
+            rescue StandardError => e
+              logger.error('Unable to run Assess for Marshal.load', e)
+            end
           end
 
           def instrument_marshal_load

data/lib/contrast/extension/assess/regexp.rb

@@ -48,14 +48,9 @@ module Contrast
 
             target = info_hash[:back_ref]
             with_contrast_scope do
-              result = info_hash[:result]
-              return unless result
-
-              string = info_hash[:string]
-              return unless string
-
-              properties = Contrast::Agent::Assess::Tracker.properties(target)
-              return unless properties
+              return unless (result = info_hash[:result])
+              return unless (string = info_hash[:string])
+              return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))
 
               properties.splat_from(string, target)
               properties.build_event(

data/lib/contrast/extension/assess/string.rb

@@ -36,8 +36,7 @@ module Contrast
             return unless inputs.any? { |input| Contrast::Agent::Assess::Tracker.tracked?(input) }
 
             with_contrast_scope do
-              properties = Contrast::Agent::Assess::Tracker.properties(result)
-              return unless properties
+              return unless (properties = Contrast::Agent::Assess::Tracker.properties!(result))
 
               parent_events = []
               offset = 0

data/lib/contrast/framework/base_support.rb

@@ -4,68 +4,66 @@
 module Contrast
   module Framework
     # The API for all subclasses to implement to correctly support a given framework
-    class BaseSupport
-      class << self
-        # The top level module name used by the framework
-        def detection_class
-          raise NoMethodError('Subclasses of BaseSupport should implement this method')
-        end
+    module BaseSupport
+      # The top level module name used by the framework
+      def detection_class
+        raise NoMethodError('Subclasses of BaseSupport should implement this method')
+      end
 
-        def version
-          raise NoMethodError('Subclasses of BaseSupport should implement this method')
-        end
+      def version
+        raise NoMethodError('Subclasses of BaseSupport should implement this method')
+      end
 
-        def application_name
-          raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
-        end
+      def application_name
+        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+      end
 
-        def server_type
-          raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
-        end
+      def server_type
+        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+      end
 
-        # Find all the predefined routes for this application and append them to the
-        # provided inventory message
-        # msg should be a Contrast::Api::Dtm::ApplicationUpdate or some other msg
-        # that has a routes array consisting of Contrast::Api::Dtm::RouteCoverage
-        def collect_routes
-          raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
-        end
+      # Find all the predefined routes for this application and append them to the
+      # provided inventory message
+      # msg should be a Contrast::Api::Dtm::ApplicationUpdate or some other msg
+      # that has a routes array consisting of Contrast::Api::Dtm::RouteCoverage
+      def collect_routes
+        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+      end
 
-        def current_route
-          raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
-        end
+      def current_route
+        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+      end
 
-        def retrieve_request _env
-          raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
-        end
+      def retrieve_request _env
+        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+      end
 
-        # Some Frameworks require specific patching for their classes to handle
-        # functionality like configuration scanning. To accommodate this, this
-        # method provides a place to register those patches for invocation on
-        # Agent load.
-        #
-        # By default, and hopefully in all cases, we won't need these patches,
-        # so we're allowing nil here rather than raising an exception.
-        def before_load_patches!; end
+      # Some Frameworks require specific patching for their classes to handle
+      # functionality like configuration scanning. To accommodate this, this
+      # method provides a place to register those patches for invocation on
+      # Agent load.
+      #
+      # By default, and hopefully in all cases, we won't need these patches,
+      # so we're allowing nil here rather than raising an exception.
+      def before_load_patches!; end
 
-        # Some Frameworks require specific patching for their classes to handle
-        # functionality like routing. To accommodate this, this method provides
-        # a place to register those patches for invocation in our
-        # AfterLoadPatcher flow.
-        #
-        # By default, and hopefully in all cases, we won't need these patches,
-        # so we're allowing nil here rather than raising an exception.
-        #
-        # @return [Set<Contrast::Agent::Patching::Policy::AfterLoadPatch>,nil]
-        #   those patches required for a Framework which can only be installed
-        #   once a specific module has been loaded.
-        def after_load_patches; end
+      # Some Frameworks require specific patching for their classes to handle
+      # functionality like routing. To accommodate this, this method provides
+      # a place to register those patches for invocation in our
+      # AfterLoadPatcher flow.
+      #
+      # By default, and hopefully in all cases, we won't need these patches,
+      # so we're allowing nil here rather than raising an exception.
+      #
+      # @return [Set<Contrast::Agent::Patching::Policy::AfterLoadPatch>,nil]
+      #   those patches required for a Framework which can only be installed
+      #   once a specific module has been loaded.
+      def after_load_patches; end
 
-        # We only support websockets in rails right now, so we won't detect streaming in
-        # any other framework
-        def streaming? _env
-          false
-        end
+      # We only support websockets in rails right now, so we won't detect streaming in
+      # any other framework
+      def streaming? _env
+        false
       end
     end
   end

data/lib/contrast/framework/manager.rb

@@ -128,9 +128,10 @@ module Contrast
       # @param method_name [Symbol] the method to call on each FrameworkSupport class
       # @return [Array]
       def data_for_all_frameworks method_name
-        @_frameworks.flat_map do |framework|
+        data = @_frameworks.flat_map do |framework|
           framework.send(method_name)
-        end.compact
+        end
+        data.compact
       end
 
       # This returns a single object from the first framework to successfully respond

data/lib/contrast/framework/rack/patch/session_cookie.rb

@@ -26,7 +26,7 @@ module Contrast
               @_instrument ||= begin
                 ::Rack::Session::Cookie.class_eval do
                   alias_method :cs__patched_initialize, :initialize
-                  def initialize app, options = {}
+                  def initialize app, options = {} # rubocop:disable Style/OptionHash
                     Contrast::Framework::Rack::Patch::SessionCookie.analyze(options)
                     cs__patched_initialize(app, options)
                   end

data/lib/contrast/framework/rack/support.rb

@@ -9,7 +9,8 @@ module Contrast
     module Rack
       # Used when Rack is present to define framework specific behavior. For
       # now, the only part of this implemented is the Patch Support.
-      class Support < BaseSupport
+      module Support
+        extend Contrast::Framework::BaseSupport
         extend Contrast::Framework::Rack::Patch::Support
         class << self
           def detection_class

data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb

@@ -7,7 +7,7 @@ module Contrast
       module Patch
         # This class acts as our patch into the ActionController::Live::Buffer
         # class, allowing us to track the close event on streamed responses.
-        class ActionControllerLiveBuffer
+        module ActionControllerLiveBuffer
           class << self
             def send_messages
               return unless (context = Contrast::Agent::REQUEST_TRACKER.current)

data/lib/contrast/framework/rails/patch/rails_application_configuration.rb

@@ -10,7 +10,7 @@ module Contrast
         # for the runtime detection of insecure configurations on individual
         # ActionDispatch::Session::AbstractStore instances within the
         # application.
-        class RailsApplicationConfiguration
+        module RailsApplicationConfiguration
           def self.instrument
             @_instrument ||= begin
               ::Rails::Application::Configuration.class_eval do

data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb

@@ -12,7 +12,7 @@ module Contrast
         # TODO: RUBY-714 remove w/ EOL of 2.5
         # @deprecated Changes to this class are discouraged as this approach is
         #   being phased out with support for those language versions.
-        class ActionControllerRailtiesHelperInherited
+        module ActionControllerRailtiesHelperInherited
           def self.instrument
             @_instrument ||= begin
               ::ActionController::Railties::Helpers.class_eval do

data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb

@@ -14,7 +14,7 @@ module Contrast
         # TODO: RUBY-714 remove w/ EOL of 2.5
         # @deprecated Changes to this class are discouraged as this approach is
         #   being phased out with support for those language versions.
-        class ActiveRecordAttributeMethodsRead
+        module ActiveRecordAttributeMethodsRead
           def self.instrument
             @_instrument ||= begin
               ::ActiveRecord::AttributeMethods::Read::ClassMethods.class_eval do

data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb

@@ -9,7 +9,7 @@ module Contrast
         # TODO: RUBY-714 remove w/ EOL of 2.5
         # @deprecated Changes to this class are discouraged as this approach is
         #   being phased out with support for those language versions.
-        class ActiveRecordTimeZoneInherited
+        module ActiveRecordTimeZoneInherited
           def self.instrument
             @_instrument ||= begin
               ::ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods.class_eval do

data/lib/contrast/framework/rails/support.rb

@@ -10,7 +10,8 @@ module Contrast
   module Framework
     module Rails
       # Used when Rails is present to define framework specific behavior
-      class Support < BaseSupport
+      class Support
+        extend Contrast::Framework::BaseSupport
         extend Contrast::Framework::Rails::Patch::Support
 
         class << self

data/lib/contrast/framework/sinatra/support.rb

@@ -8,7 +8,8 @@ module Contrast
   module Framework
     module Sinatra
       # Used when Sinatra is present to define framework specific behavior
-      class Support < BaseSupport
+      class Support
+        extend Contrast::Framework::BaseSupport
         extend Contrast::Framework::Sinatra::Patch::Support
         class << self
           def detection_class
@@ -67,7 +68,7 @@ module Contrast
           private
 
           def app_class
-            return nil unless defined?(::Sinatra) && defined?(::Sinatra::Base)
+            return unless defined?(::Sinatra) && defined?(::Sinatra::Base)
 
             @_app_class ||= begin
               sinatra_layers = ObjectSpace.each_object(::Sinatra::Base).to_a