contrast-agent 4.2.0 → 4.4.1

data/lib/contrast/agent/assess/finalizers/hash.rb

@@ -12,9 +12,14 @@ module Contrast
         # finalizer on the object to remove its entry from the Hash immediately
         # after it's GC'd.
         class Hash < Hash
+          include Contrast::Components::Interface
+          access_component :agent, :analysis
+
           FROZEN_FINALIZED_IDS = Set.new
 
           def []= key, obj
+            return unless AGENT.enabled? && ASSESS.enabled?
+
             # We can't finalize frozen things, so only act on those that went
             # through .pre_freeze
             if key.cs__frozen?
@@ -35,6 +40,7 @@ module Contrast
           # @param key [Object] the thing to determine if trackable
           # @return [Boolean]
           def trackable? key
+            return false unless key
             # Track things in these, not them themselves.
             return false if Contrast::Utils::DuckUtils.iterable_hash?(key)
             return false if Contrast::Utils::DuckUtils.iterable_enumerable?(key)
@@ -81,6 +87,7 @@ module Contrast
           # @param key [Object] the Object on which we need to pre-define
           #   finalizers
           def pre_freeze key
+            return unless AGENT.enabled? && ASSESS.enabled?
             return if key.cs__frozen?
             return if FROZEN_FINALIZED_IDS.include?(key.__id__)
 

data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb

@@ -110,16 +110,30 @@ module Contrast
               dynamic_source.method_name = Contrast::Utils::StringUtils.force_utf8(field)
               dynamic_source.instance_method = source_node.instance_method?
               dynamic_source.target = Contrast::Utils::StringUtils.force_utf8(source_node.target_string)
+              append_properties!(dynamic_source, current_context, source_node, field)
+              append_events!(dynamic_source, properties.event)
+              dynamic_source
+            end
+
+            # Append the properties needed to reconstruct the given DynamicSource in other dataflows and for rendering
+            # in TeamServer
+            #
+            # @param dynamic_source [Contrast::Api::Dtm::DynamicSource] the message to send to the Service to allow it
+            #   to report the events leading up to the creation of the Dynamic Source
+            # @param current_context [Contrast::Agent::RequestContext] the context of the request in which this source
+            #   is to be created.
+            # @param source_node [Contrast::Agent::Assess::Policy::SourceNode] the SourceNode that applies to this
+            #   method
+            # @param field [String] the name of the method to which this source applies
+            def append_properties! dynamic_source, current_context, source_node, field
               dynamic_source.properties[READ_TABLE] = Contrast::Utils::StringUtils.force_utf8(source_node.class_name)
               dynamic_source.properties[READ_COLUMN] = Contrast::Utils::StringUtils.force_utf8(field)
               dynamic_source.properties[WRITE_QUERY_TIME] = Contrast::Utils::StringUtils.force_utf8(Contrast::Utils::Timer.now_ms)
               url = current_context.request.normalized_uri
               dynamic_source.properties[WRITE_QUERY_URL] = Contrast::Utils::StringUtils.force_utf8(url)
-              append_events(dynamic_source, properties.event)
-              dynamic_source
             end
 
-            def append_events dynamic_source, event
+            def append_events! dynamic_source, event
               return unless event
 
               event.parent_events&.each do |parent_event|

data/lib/contrast/agent/assess/policy/patcher.rb

@@ -52,12 +52,13 @@ module Contrast
               Contrast::Utils::ObjectShare::CLASS,
               Contrast::Utils::ObjectShare::MODULE
             ].cs__freeze
-            def patch_assess_method clazz, method_name
+            def patch_assess_method mod, method_name
               # Module.define_method is called a lot in Class and Module. We
               # currently do not expect these define_methods to result in methods
               # that require patching, so for the sake of performance, we're going
               # to skip evaluating them
-              class_name = clazz.cs__name
+              mod = mod.cs__class unless mod.cs__is_a?(Module)
+              class_name = mod.cs__class
               return if CLASS_TYPES.include?(class_name)
               return unless ASSESS.enabled?
 
@@ -73,7 +74,7 @@ module Contrast
                                                                                     method_name: source_node.method_name,
                                                                                     method_visibility: source_node.method_visibility,
                                                                                     instance_method: true)
-                patcher.patch_method(clazz, method_array, method_policy)
+                patcher.patch_method(mod, method_array, method_policy)
               end
             rescue StandardError => e
               logger.warn(

data/lib/contrast/agent/assess/policy/policy_node.rb

@@ -19,8 +19,8 @@ module Contrast
             @source_string = policy_hash[JSON_SOURCE]
             @target_string = policy_hash[JSON_TARGET]
             @tags = Set.new(policy_hash[JSON_TAGS])
-            generate_sources
-            generate_targets
+            @sources = convert_policy_markers(source_string)
+            @targets = convert_policy_markers(target_string)
           end
 
           def feature
@@ -47,7 +47,7 @@ module Contrast
 
           def target_string= value
             @target_string = value
-            generate_targets
+            @targets = convert_policy_markers(value)
           end
 
           # Sometimes we need to tie information to an event. We'll add a
@@ -66,62 +66,6 @@ module Contrast
             @properties[name]
           end
 
-          # Given a source in the format A,B,C, populate the sources of this node
-          # 1) Split on ','
-          # 2) If 'O', add the source, else it's P (we don't have R sources) and
-          #    needs to be converted. P type will either be P:name or P# where #
-          #    is the index of the parameter. Drop the P and store the int as int
-          #    or name as symbol
-          def generate_sources
-            if source_string
-              @sources = []
-              source_string.split(Contrast::Utils::ObjectShare::COMMA).each do |s|
-                is_object = (s == Contrast::Utils::ObjectShare::OBJECT_KEY)
-                if is_object
-                  @sources << s
-                else
-                  parameter_source = s[1..-1]
-                  @sources << if parameter_source.start_with?(Contrast::Utils::ObjectShare::COLON)
-                                parameter_source[1..-1].to_sym
-                              else
-                                parameter_source.to_i
-                              end
-                end
-              end
-            else
-              @sources = Contrast::Utils::ObjectShare::EMPTY_ARRAY
-            end
-          end
-
-          # Given a target in the format A,B,C, populate the targets of this node
-          # 1) Split on ','
-          # 2) If 'O' or 'R', add the target, else it's P and needs to be
-          #    converted. P type will either be P:name or P# where # is the index
-          #    of the paramter. Drop the P and store the int as int or name as
-          #    symbol
-          def generate_targets
-            if target_string
-              @targets = []
-              target_string.split(Contrast::Utils::ObjectShare::COMMA).each do |t|
-                case t
-                when Contrast::Utils::ObjectShare::OBJECT_KEY
-                  @targets << t
-                when Contrast::Utils::ObjectShare::RETURN_KEY
-                  @targets << t
-                else
-                  parameter_target = t[1..-1]
-                  @targets << if parameter_target.start_with?(Contrast::Utils::ObjectShare::COLON)
-                                parameter_target[1..-1].to_sym
-                              else
-                                parameter_target.to_i
-                              end
-                end
-              end
-            else
-              @targets = Contrast::Utils::ObjectShare::EMPTY_ARRAY
-            end
-          end
-
           # Don't let nodes be created that will be missing things we need
           # later on. Really, if they don't have these things, they couldn't have
           # done their jobs anyway.
@@ -186,6 +130,34 @@ module Contrast
           JSON_TARGET = 'target'
           JSON_TAGS = 'tags'
           JSON_DATAFLOW = 'dataflow'
+
+          private
+
+          # Given a policy string in the format A,B,C, populate the given array
+          # 1) Split on ','
+          # 2) If 'O' or 'R', add the array, else it's P and needs to be
+          #    converted. P type will either be P# where # is the index
+          #    of the parameter. Drop the P and store the # as an int.
+          #
+          # @param markers [String] the String from the policy to parse
+          # @return [Array] the array generated by converting the marker string
+          def convert_policy_markers markers
+            return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless markers
+            return Contrast::Utils::ObjectShare::EMPTY_ARRAY if markers.empty?
+
+            converted = []
+            markers.split(Contrast::Utils::ObjectShare::COMMA).each do |t|
+              case t
+              when Contrast::Utils::ObjectShare::OBJECT_KEY,
+                   Contrast::Utils::ObjectShare::RETURN_KEY
+
+                converted << t
+              else
+                converted << Integer(t[1..-1])
+              end
+            end
+            converted
+          end
         end
       end
     end

data/lib/contrast/agent/assess/policy/preshift.rb

@@ -36,11 +36,11 @@ module Contrast
           #   the state of the object and arguments just prior to the method
           #   being called or nil if one is not required.
           def build_preshift propagation_node, object, args
-            return nil unless propagation_node
-            return nil unless ASSESS.enabled?
+            return unless propagation_node
+            return unless ASSESS.enabled?
 
             initializing = propagation_node.method_name == :initialize
-            return nil if unsafe_io_object?(object, initializing)
+            return if unsafe_io_object?(object, initializing)
 
             needs_object = propagation_node.needs_object?
             needs_args = propagation_node.needs_args?

data/lib/contrast/agent/assess/policy/propagation_method.rb

@@ -37,20 +37,15 @@ module Contrast
 
           class << self
             def determine_target propagation_node, ret, object, args
-              target_key = propagation_node.targets[0]
-              return ret if target_key == Contrast::Utils::ObjectShare::RETURN_KEY
-              return object if target_key == Contrast::Utils::ObjectShare::OBJECT_KEY
-
-              return args[target_key] if target_key.is_a?(Integer)
-
-              arg = nil
-              args.each do |search|
-                next unless search.is_a?(Hash)
-
-                arg = search[target_key]
-                break if arg
+              target = propagation_node.targets[0]
+              case target
+              when Contrast::Utils::ObjectShare::OBJECT_KEY
+                object
+              when Contrast::Utils::ObjectShare::RETURN_KEY
+                ret
+              else
+                args[target]
               end
-              arg
             end
 
             # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
@@ -208,8 +203,8 @@ module Contrast
             # If this patcher has tags, apply them to the entire target
             def apply_tags propagation_node, target
               return unless propagation_node.tags
+              return unless (properties = Contrast::Agent::Assess::Tracker.properties(target))
 
-              properties = Contrast::Agent::Assess::Tracker.properties(target)
               length = Contrast::Utils::StringUtils.ret_length(target)
               propagation_node.tags.each do |tag|
                 properties.add_tag(tag, 0...length)
@@ -219,9 +214,7 @@ module Contrast
             # If this patcher has tags, remove them from the entire target
             def apply_untags propagation_node, target
               return unless propagation_node.untags
-
-              properties = Contrast::Agent::Assess::Tracker.properties(target)
-              return unless properties
+              return unless (properties = Contrast::Agent::Assess::Tracker.properties(target))
 
               propagation_node.untags.each do |tag|
                 properties.delete_tags(tag)
@@ -256,7 +249,7 @@ module Contrast
 
             def handle_enumerable_propagation propagation_node, preshift, target, object, ret, args, block
               target.each do |value|
-                next if target == value # Some Enumerable#each are overriden to return self the first time which leads to infinite propagation
+                next if target == value # Some Enumerable#each are overridden to return self the first time which leads to infinite propagation
 
                 apply_propagator(propagation_node, preshift, value, object, ret, args, block)
               end
@@ -265,22 +258,12 @@ module Contrast
             def handle_cs_properties_propagation propagation_node, preshift, target, object, ret, args, _block
               return if propagation_node.action == NOOP_ACTION
               return unless can_propagate?(propagation_node, preshift, target)
+              return unless (propagation_class = find_propagation_class(propagation_node))
 
-              propagation_class = PROPAGATION_ACTIONS.fetch(propagation_node.action, nil)
-              unless propagation_class
-                logger.warn(
-                    'Unknown propagation action received. Unable to propagate.',
-                    node_id: propagation_node.id,
-                    action: propagation_node.action)
-                return
-              end
               restore_frozen_state = false
               if target.cs__frozen? && !Contrast::Agent::Assess::Tracker.trackable?(target)
-                return unless ASSESS.track_frozen_sources?
-                return unless propagation_node.targets[0] == Contrast::Utils::ObjectShare::RETURN_KEY
-
-                dup = safe_dup(ret)
-                return unless dup
+                return unless can_handle_frozen?(propagation_node)
+                return unless (dup = safe_dup(ret))
 
                 restore_frozen_state = true
                 ret = dup
@@ -300,7 +283,8 @@ module Contrast
               # both and there should never be a propagator that has a tag in
               # its untag.
               apply_untags(propagation_node, target)
-              properties = Contrast::Agent::Assess::Tracker.properties(target)
+              return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))
+
               properties.add_properties(propagation_node.properties)
               properties.build_event(propagation_node, target, object, ret, args)
               logger.trace('Propagation detected',
@@ -308,6 +292,31 @@ module Contrast
                            target_id: target.__id__)
               restore_frozen_state ? ret : nil
             end
+
+            # Find the propagation class from the given node, if one exists.
+            #
+            # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node that governs a
+            #   propagation event.
+            # @return [Contrast::Agent::Assess::Policy::Propagator, nil]
+            def find_propagation_class propagation_node
+              unless (propagation_class = PROPAGATION_ACTIONS.fetch(propagation_node.action, nil))
+                logger.warn(
+                    'Unknown propagation action received. Unable to propagate.',
+                    node_id: propagation_node.id,
+                    action: propagation_node.action)
+              end
+              propagation_class
+            end
+
+            # We can handle frozen propagation iff we're allowed to, as determined by configuration, and the target of
+            # the propagation is a return, as that's a replaceable value.
+            #
+            # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node that governs a
+            #   propagation event.
+            # @return [Boolean]
+            def can_handle_frozen? propagation_node
+              ASSESS.track_frozen_sources? && propagation_node.targets[0] == Contrast::Utils::ObjectShare::RETURN_KEY
+            end
           end
         end
       end

data/lib/contrast/agent/assess/policy/propagation_node.rb

@@ -83,35 +83,23 @@ module Contrast
           end
 
           def needs_object?
-            @_needs_object ||= begin
-              if action == Contrast::Agent::Assess::Policy::PropagationMethod::CUSTOM_ACTION
-                true
-              elsif action == Contrast::Agent::Assess::Policy::PropagationMethod::DB_WRITE_ACTION
-                true
-              elsif sources.any? { |source| source == Contrast::Utils::ObjectShare::OBJECT_KEY }
-                true
-              elsif targets.any? { |target| target == Contrast::Utils::ObjectShare::OBJECT_KEY }
-                true
-              else
-                false
-              end
+            if @_needs_object.nil?
+              @_needs_object = action == Contrast::Agent::Assess::Policy::PropagationMethod::CUSTOM_ACTION ||
+                  action == Contrast::Agent::Assess::Policy::PropagationMethod::DB_WRITE_ACTION ||
+                  sources.any? { |source| source == Contrast::Utils::ObjectShare::OBJECT_KEY } ||
+                  targets.any? { |target| target == Contrast::Utils::ObjectShare::OBJECT_KEY }
             end
+            @_needs_object
           end
 
           def needs_args?
-            @_needs_args ||= begin
-              if action == Contrast::Agent::Assess::Policy::PropagationMethod::CUSTOM_ACTION
-                true
-              elsif action == Contrast::Agent::Assess::Policy::PropagationMethod::DB_WRITE_ACTION
-                true
-              elsif sources.any? { |source| source.is_a?(Integer) || source.is_a?(Symbol) }
-                true
-              elsif targets.any? { |target| target.is_a?(Integer) || target.is_a?(Symbol) }
-                true
-              else
-                false
-              end
+            if @_needs_args.nil?
+              @_needs_args = action == Contrast::Agent::Assess::Policy::PropagationMethod::CUSTOM_ACTION ||
+                  action == Contrast::Agent::Assess::Policy::PropagationMethod::DB_WRITE_ACTION ||
+                  sources.any? { |source| source.is_a?(Integer) || source.is_a?(Symbol) } ||
+                  targets.any? { |target| target.is_a?(Integer) || target.is_a?(Symbol) }
             end
+            @_needs_args
           end
 
           # This is a tagger if it has a tag or an untag.

data/lib/contrast/agent/assess/policy/propagator/append.rb

@@ -16,8 +16,7 @@ module Contrast
               # copy tags from the param to the target in chunks of param size or less
               # if param is appended in space less than param length
               def propagate propagation_node, preshift, target
-                properties = Contrast::Agent::Assess::Tracker.properties(target)
-                return unless properties
+                return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))
 
                 sources = propagation_node.sources
                 source1 = find_source(sources[0], preshift)
@@ -30,23 +29,38 @@ module Contrast
                 if source1.length == target.length
                   properties.copy_from(source1, target, 0, propagation_node.untags)
                 else
-                  # find original in the target, copy tags to the new position in
-                  # target
-                  original_start_index = target.index(source1)
-                  properties.copy_from(source1, target, original_start_index, propagation_node.untags)
+                  handle_append(propagation_node, source1, source2, target, properties)
+                end
+                properties.cleanup_tags
+              end
 
-                  start = original_start_index + source1.length
-                  while start < target.length
-                    properties.copy_from(source2, target, start, propagation_node.untags)
-                    start += source2.length
-                    next unless start > target.length
+              private
 
-                    properties.tags_at(start - source2.length).each do |tag|
-                      tag.update_end(target.length)
-                    end
+              # Given the append operation on source 1 added source 2 to it, changing the target output, modify the
+              # tags on the target to account for the change.
+              #
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              #   propagation action required by this method
+              # @param source1 [Object] the thing being appended to
+              # @param source2 [Object] the thing being appended
+              # @param target [Object] the result of the append operation
+              # @param properties [Contrast::Agent::Assess::Properties] the properties of the target
+              def handle_append propagation_node, source1, source2, target, properties
+                # find original in the target, copy tags to the new position in
+                # target
+                original_start_index = target.index(source1)
+                properties.copy_from(source1, target, original_start_index, propagation_node.untags)
+
+                start = original_start_index + source1.length
+                while start < target.length
+                  properties.copy_from(source2, target, start, propagation_node.untags)
+                  start += source2.length
+                  next unless start > target.length
+
+                  properties.tags_at(start - source2.length).each do |tag|
+                    tag.update_end(target.length)
                   end
                 end
-                properties.cleanup_tags
               end
             end
           end