RubyGems - contrast-agent - Versions diffs - 4.3.2 → 4.7.0 - Mend

contrast-agent 4.3.2 → 4.7.0

Files changed (317) hide show

checksums.yaml +4 -4
data/.gitmodules +1 -1
data/.simplecov +1 -1
data/Gemfile +1 -1
data/LICENSE.txt +1 -1
data/Rakefile +2 -3
data/exe/contrast_service +1 -1
data/ext/build_funchook.rb +4 -4
data/ext/cs__assess_active_record_named/cs__active_record_named.c +1 -1
data/ext/cs__assess_active_record_named/extconf.rb +1 -1
data/ext/cs__assess_array/cs__assess_array.c +1 -1
data/ext/cs__assess_array/extconf.rb +1 -1
data/ext/cs__assess_basic_object/cs__assess_basic_object.c +1 -1
data/ext/cs__assess_basic_object/extconf.rb +1 -1
data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
data/ext/cs__assess_fiber_track/extconf.rb +1 -1
data/ext/cs__assess_hash/cs__assess_hash.c +4 -2
data/ext/cs__assess_hash/extconf.rb +1 -1
data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -1
data/ext/cs__assess_kernel/extconf.rb +1 -1
data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +1 -1
data/ext/cs__assess_marshal_module/extconf.rb +1 -1
data/ext/cs__assess_module/cs__assess_module.c +1 -1
data/ext/cs__assess_module/extconf.rb +1 -1
data/ext/cs__assess_regexp/cs__assess_regexp.c +1 -1
data/ext/cs__assess_regexp/extconf.rb +1 -1
data/ext/cs__assess_string/cs__assess_string.c +1 -1
data/ext/cs__assess_string/extconf.rb +1 -1
data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +1 -1
data/ext/cs__assess_string_interpolation26/extconf.rb +1 -1
data/ext/cs__assess_yield_track/cs__assess_yield_track.c +1 -1
data/ext/cs__assess_yield_track/extconf.rb +1 -1
data/ext/cs__common/cs__common.c +5 -5
data/ext/cs__common/cs__common.h +4 -4
data/ext/cs__common/extconf.rb +1 -1
data/ext/cs__contrast_patch/cs__contrast_patch.c +22 -25
data/ext/cs__contrast_patch/extconf.rb +1 -1
data/ext/cs__protect_kernel/cs__protect_kernel.c +1 -1
data/ext/cs__protect_kernel/extconf.rb +1 -1
data/ext/extconf_common.rb +2 -6
data/lib/contrast-agent.rb +1 -1
data/lib/contrast.rb +20 -1
data/lib/contrast/agent.rb +6 -4
data/lib/contrast/agent/assess.rb +2 -11
data/lib/contrast/agent/assess/contrast_event.rb +54 -71
data/lib/contrast/agent/assess/contrast_object.rb +7 -4
data/lib/contrast/agent/assess/events/event_factory.rb +3 -2
data/lib/contrast/agent/assess/events/source_event.rb +7 -2
data/lib/contrast/agent/assess/finalizers/freeze.rb +1 -1
data/lib/contrast/agent/assess/finalizers/hash.rb +33 -34
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +34 -16
data/lib/contrast/agent/assess/policy/patcher.rb +11 -18
data/lib/contrast/agent/assess/policy/policy.rb +1 -1
data/lib/contrast/agent/assess/policy/policy_node.rb +26 -34
data/lib/contrast/agent/assess/policy/policy_scanner.rb +1 -1
data/lib/contrast/agent/assess/policy/preshift.rb +4 -2
data/lib/contrast/agent/assess/policy/propagation_method.rb +32 -30
data/lib/contrast/agent/assess/policy/propagation_node.rb +20 -9
data/lib/contrast/agent/assess/policy/propagator.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/append.rb +29 -14
data/lib/contrast/agent/assess/policy/propagator/base.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/center.rb +3 -2
data/lib/contrast/agent/assess/policy/propagator/custom.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +22 -17
data/lib/contrast/agent/assess/policy/propagator/insert.rb +4 -2
data/lib/contrast/agent/assess/policy/propagator/keep.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/match_data.rb +3 -2
data/lib/contrast/agent/assess/policy/propagator/next.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/prepend.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/remove.rb +23 -19
data/lib/contrast/agent/assess/policy/propagator/replace.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/reverse.rb +1 -1
data/lib/contrast/agent/assess/policy/propagator/select.rb +3 -13
data/lib/contrast/agent/assess/policy/propagator/splat.rb +24 -14
data/lib/contrast/agent/assess/policy/propagator/split.rb +18 -15
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +32 -22
data/lib/contrast/agent/assess/policy/propagator/trim.rb +64 -45
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +7 -4
data/lib/contrast/agent/assess/policy/source_method.rb +92 -81
data/lib/contrast/agent/assess/policy/source_node.rb +1 -1
data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb +8 -6
data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +2 -4
data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +7 -3
data/lib/contrast/agent/assess/policy/trigger/xpath.rb +7 -8
data/lib/contrast/agent/assess/policy/trigger_method.rb +109 -76
data/lib/contrast/agent/assess/policy/trigger_node.rb +33 -11
data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +60 -0
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +3 -5
data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +7 -5
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +4 -13
data/lib/contrast/agent/assess/properties.rb +1 -3
data/lib/contrast/agent/assess/property/evented.rb +9 -6
data/lib/contrast/agent/assess/property/tagged.rb +38 -20
data/lib/contrast/agent/assess/property/updated.rb +1 -1
data/lib/contrast/agent/assess/rule/provider.rb +1 -1
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +12 -6
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +5 -2
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +4 -6
data/lib/contrast/agent/assess/tag.rb +1 -1
data/lib/contrast/agent/assess/tracker.rb +2 -2
data/lib/contrast/agent/at_exit_hook.rb +1 -1
data/lib/contrast/agent/class_reopener.rb +4 -2
data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +1 -1
data/lib/contrast/agent/deadzone/policy/policy.rb +7 -3
data/lib/contrast/agent/disable_reaction.rb +2 -4
data/lib/contrast/agent/exclusion_matcher.rb +6 -12
data/lib/contrast/agent/inventory.rb +1 -2
data/lib/contrast/agent/inventory/dependencies.rb +3 -1
data/lib/contrast/agent/inventory/dependency_analysis.rb +1 -1
data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +35 -23
data/lib/contrast/agent/inventory/policy/datastores.rb +1 -1
data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
data/lib/contrast/agent/inventory/policy/trigger_node.rb +1 -1
data/lib/contrast/agent/middleware.rb +111 -110
data/lib/contrast/agent/module_data.rb +4 -4
data/lib/contrast/agent/patching/policy/after_load_patch.rb +1 -1
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +9 -4
data/lib/contrast/agent/patching/policy/method_policy.rb +7 -3
data/lib/contrast/agent/patching/policy/module_policy.rb +15 -8
data/lib/contrast/agent/patching/policy/patch.rb +23 -29
data/lib/contrast/agent/patching/policy/patch_status.rb +8 -9
data/lib/contrast/agent/patching/policy/patcher.rb +72 -64
data/lib/contrast/agent/patching/policy/policy.rb +14 -21
data/lib/contrast/agent/patching/policy/policy_node.rb +15 -5
data/lib/contrast/agent/patching/policy/trigger_node.rb +26 -10
data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +3 -4
data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +2 -2
data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +6 -10
data/lib/contrast/agent/protect/policy/policy.rb +1 -1
data/lib/contrast/agent/protect/policy/rule_applicator.rb +6 -6
data/lib/contrast/agent/protect/policy/trigger_node.rb +1 -1
data/lib/contrast/agent/protect/rule.rb +1 -1
data/lib/contrast/agent/protect/rule/base.rb +19 -33
data/lib/contrast/agent/protect/rule/base_service.rb +10 -6
data/lib/contrast/agent/protect/rule/cmd_injection.rb +15 -19
data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/deserialization.rb +7 -14
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +4 -15
data/lib/contrast/agent/protect/rule/no_sqli.rb +7 -3
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +2 -4
data/lib/contrast/agent/protect/rule/path_traversal.rb +6 -6
data/lib/contrast/agent/protect/rule/sqli.rb +19 -13
data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +2 -2
data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +1 -1
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +2 -2
data/lib/contrast/agent/protect/rule/xss.rb +2 -2
data/lib/contrast/agent/protect/rule/xxe.rb +6 -13
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +2 -3
data/lib/contrast/agent/railtie.rb +1 -1
data/lib/contrast/agent/reaction_processor.rb +12 -11
data/lib/contrast/agent/request.rb +25 -24
data/lib/contrast/agent/request_context.rb +25 -23
data/lib/contrast/agent/request_handler.rb +1 -1
data/lib/contrast/agent/response.rb +1 -1
data/lib/contrast/agent/rewriter.rb +6 -4
data/lib/contrast/agent/rule_set.rb +3 -3
data/lib/contrast/agent/scope.rb +1 -1
data/lib/contrast/agent/service_heartbeat.rb +3 -4
data/lib/contrast/agent/static_analysis.rb +1 -1
data/lib/contrast/agent/thread.rb +2 -2
data/lib/contrast/agent/thread_watcher.rb +21 -6
data/lib/contrast/agent/tracepoint_hook.rb +2 -2
data/lib/contrast/agent/version.rb +2 -2
data/lib/contrast/agent/worker_thread.rb +1 -1
data/lib/contrast/api.rb +1 -1
data/lib/contrast/api/communication.rb +1 -1
data/lib/contrast/api/communication/connection_status.rb +1 -1
data/lib/contrast/api/communication/messaging_queue.rb +19 -22
data/lib/contrast/api/communication/response_processor.rb +13 -8
data/lib/contrast/api/communication/service_lifecycle.rb +5 -3
data/lib/contrast/api/communication/socket.rb +1 -1
data/lib/contrast/api/communication/socket_client.rb +30 -35
data/lib/contrast/api/communication/speedracer.rb +6 -10
data/lib/contrast/api/communication/tcp_socket.rb +1 -1
data/lib/contrast/api/communication/unix_socket.rb +1 -1
data/lib/contrast/api/decorators.rb +3 -1
data/lib/contrast/api/decorators/address.rb +1 -1
data/lib/contrast/api/decorators/agent_startup.rb +58 -0
data/lib/contrast/api/decorators/application_settings.rb +1 -1
data/lib/contrast/api/decorators/application_startup.rb +57 -0
data/lib/contrast/api/decorators/application_update.rb +1 -1
data/lib/contrast/api/decorators/http_request.rb +1 -1
data/lib/contrast/api/decorators/input_analysis.rb +1 -1
data/lib/contrast/api/decorators/instrumentation_mode.rb +37 -0
data/lib/contrast/api/decorators/library.rb +9 -7
data/lib/contrast/api/decorators/library_usage_update.rb +1 -1
data/lib/contrast/api/decorators/message.rb +4 -4
data/lib/contrast/api/decorators/rasp_rule_sample.rb +1 -1
data/lib/contrast/api/decorators/route_coverage.rb +16 -6
data/lib/contrast/api/decorators/server_features.rb +1 -1
data/lib/contrast/api/decorators/trace_event.rb +46 -16
data/lib/contrast/api/decorators/trace_event_object.rb +2 -4
data/lib/contrast/api/decorators/trace_event_signature.rb +1 -1
data/lib/contrast/api/decorators/trace_taint_range.rb +1 -1
data/lib/contrast/api/decorators/trace_taint_range_tags.rb +2 -7
data/lib/contrast/api/decorators/user_input.rb +1 -1
data/lib/contrast/components/agent.rb +16 -15
data/lib/contrast/components/app_context.rb +11 -29
data/lib/contrast/components/assess.rb +6 -11
data/lib/contrast/components/config.rb +3 -2
data/lib/contrast/components/contrast_service.rb +8 -9
data/lib/contrast/components/heap_dump.rb +1 -1
data/lib/contrast/components/interface.rb +4 -3
data/lib/contrast/components/inventory.rb +1 -1
data/lib/contrast/components/logger.rb +1 -1
data/lib/contrast/components/protect.rb +11 -14
data/lib/contrast/components/sampling.rb +55 -7
data/lib/contrast/components/scope.rb +2 -1
data/lib/contrast/components/settings.rb +29 -99
data/lib/contrast/config.rb +1 -1
data/lib/contrast/config/agent_configuration.rb +1 -1
data/lib/contrast/config/application_configuration.rb +1 -1
data/lib/contrast/config/assess_configuration.rb +1 -1
data/lib/contrast/config/assess_rules_configuration.rb +2 -4
data/lib/contrast/config/base_configuration.rb +5 -6
data/lib/contrast/config/default_value.rb +1 -1
data/lib/contrast/config/exception_configuration.rb +2 -6
data/lib/contrast/config/heap_dump_configuration.rb +13 -7
data/lib/contrast/config/inventory_configuration.rb +1 -1
data/lib/contrast/config/logger_configuration.rb +2 -6
data/lib/contrast/config/protect_configuration.rb +1 -1
data/lib/contrast/config/protect_rule_configuration.rb +23 -1
data/lib/contrast/config/protect_rules_configuration.rb +1 -1
data/lib/contrast/config/root_configuration.rb +1 -1
data/lib/contrast/config/ruby_configuration.rb +1 -1
data/lib/contrast/config/sampling_configuration.rb +1 -1
data/lib/contrast/config/server_configuration.rb +1 -1
data/lib/contrast/config/service_configuration.rb +1 -1
data/lib/contrast/configuration.rb +4 -15
data/lib/contrast/delegators/input_analysis.rb +12 -0
data/lib/contrast/extension/assess.rb +1 -1
data/lib/contrast/extension/assess/array.rb +2 -7
data/lib/contrast/extension/assess/erb.rb +2 -8
data/lib/contrast/extension/assess/eval_trigger.rb +3 -11
data/lib/contrast/extension/assess/exec_trigger.rb +4 -14
data/lib/contrast/extension/assess/fiber.rb +3 -13
data/lib/contrast/extension/assess/hash.rb +1 -1
data/lib/contrast/extension/assess/kernel.rb +3 -10
data/lib/contrast/extension/assess/marshal.rb +3 -11
data/lib/contrast/extension/assess/regexp.rb +2 -7
data/lib/contrast/extension/assess/string.rb +4 -2
data/lib/contrast/extension/delegator.rb +1 -1
data/lib/contrast/extension/inventory.rb +1 -1
data/lib/contrast/extension/kernel.rb +5 -3
data/lib/contrast/extension/module.rb +1 -1
data/lib/contrast/extension/protect.rb +1 -1
data/lib/contrast/extension/protect/kernel.rb +1 -1
data/lib/contrast/extension/protect/psych.rb +1 -1
data/lib/contrast/extension/thread.rb +1 -1
data/lib/contrast/framework/base_support.rb +1 -1
data/lib/contrast/framework/manager.rb +14 -17
data/lib/contrast/framework/platform_version.rb +1 -1
data/lib/contrast/framework/rack/patch/session_cookie.rb +6 -19
data/lib/contrast/framework/rack/patch/support.rb +7 -5
data/lib/contrast/framework/rack/support.rb +1 -1
data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +1 -1
data/lib/contrast/framework/rails/patch/assess_configuration.rb +8 -3
data/lib/contrast/framework/rails/patch/rails_application_configuration.rb +4 -4
data/lib/contrast/framework/rails/patch/support.rb +5 -3
data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +5 -2
data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +3 -1
data/lib/contrast/framework/rails/rewrite/active_record_named.rb +3 -1
data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +3 -1
data/lib/contrast/framework/rails/support.rb +45 -46
data/lib/contrast/framework/sinatra/support.rb +103 -42
data/lib/contrast/funchook/funchook.rb +2 -6
data/lib/contrast/logger/application.rb +13 -10
data/lib/contrast/logger/format.rb +3 -6
data/lib/contrast/logger/log.rb +36 -19
data/lib/contrast/logger/request.rb +2 -3
data/lib/contrast/logger/time.rb +1 -1
data/lib/contrast/security_exception.rb +2 -2
data/lib/contrast/tasks/config.rb +1 -1
data/lib/contrast/tasks/service.rb +6 -2
data/lib/contrast/utils/assess/sampling_util.rb +1 -1
data/lib/contrast/utils/assess/tracking_util.rb +2 -3
data/lib/contrast/utils/class_util.rb +18 -12
data/lib/contrast/utils/duck_utils.rb +1 -1
data/lib/contrast/utils/env_configuration_item.rb +1 -1
data/lib/contrast/utils/hash_digest.rb +16 -24
data/lib/contrast/utils/heap_dump_util.rb +104 -88
data/lib/contrast/utils/invalid_configuration_util.rb +22 -13
data/lib/contrast/utils/inventory_util.rb +1 -1
data/lib/contrast/utils/io_util.rb +2 -2
data/lib/contrast/utils/job_servers_running.rb +10 -5
data/lib/contrast/utils/object_share.rb +1 -1
data/lib/contrast/utils/os.rb +3 -2
data/lib/contrast/utils/preflight_util.rb +1 -1
data/lib/contrast/utils/resource_loader.rb +1 -1
data/lib/contrast/utils/ruby_ast_rewriter.rb +3 -2
data/lib/contrast/utils/sha256_builder.rb +1 -1
data/lib/contrast/utils/stack_trace_utils.rb +1 -1
data/lib/contrast/utils/string_utils.rb +1 -1
data/lib/contrast/utils/tag_util.rb +1 -1
data/lib/contrast/utils/thread_tracker.rb +1 -1
data/lib/contrast/utils/timer.rb +1 -1
data/resources/assess/policy.json +8 -11
data/resources/deadzone/policy.json +7 -17
data/ruby-agent.gemspec +66 -27
data/service_executables/VERSION +1 -1
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
data/sonar-project.properties +9 -0
metadata +154 -156
data/lib/contrast/agent/assess/rule.rb +0 -18
data/lib/contrast/agent/assess/rule/base.rb +0 -52
data/lib/contrast/agent/assess/rule/redos.rb +0 -67
data/lib/contrast/agent/inventory/gemfile_digest_cache.rb +0 -38
data/lib/contrast/common_agent_configuration.rb +0 -87
data/lib/contrast/framework/sinatra/patch/base.rb +0 -83
data/lib/contrast/framework/sinatra/patch/support.rb +0 -27
data/lib/contrast/utils/prevent_serialization.rb +0 -52

data/lib/contrast/components/app_context.rb CHANGED Viewed

@@ -1,7 +1,9 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'rubygems/version'
+require 'contrast/api/decorators/agent_startup'
+require 'contrast/api/decorators/application_startup'
 require 'contrast/utils/object_share'
 module Contrast
@@ -35,9 +37,9 @@ module Contrast
           end
         end
-        def name
-          @_name ||= begin
-            tmp = CONFIG.root.application.name
+        def app_name
+          @_app_name ||= begin
+            tmp = CONFIG.root.application.name # rubocop:disable Security/Module/Name
             tmp = Contrast::Agent.framework_manager.app_name unless Contrast::Utils::StringUtils.present?(tmp)
             tmp = File.basename(Dir.pwd) unless Contrast::Utils::StringUtils.present?(tmp)
             Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_NAME)
@@ -57,7 +59,7 @@ module Contrast
         def server_name
           @_server_name ||= begin
-            tmp = CONFIG.root.server.name
+            tmp = CONFIG.root.server.name # rubocop:disable Security/Module/Name
             tmp = Socket.gethostname unless Contrast::Utils::StringUtils.present?(tmp)
             tmp = Contrast::Utils::StringUtils.force_utf8(tmp)
             Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_NAME)
@@ -77,36 +79,16 @@ module Contrast
         end
         def build_app_startup_message
-          msg = Contrast::Api::Dtm::ApplicationCreate.new
-          msg.group            = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.group
-          msg.app_version      = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.version.to_s
-          msg.code             = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.code
-          msg.metadata         = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.metadata
-          # Other fields have limits in TeamServer, the rest don't.
-          msg.session_id       = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.session_id,        truncate: false
-          msg.session_metadata = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.session_metadata,  truncate: false
-          msg
+          Contrast::Api::Dtm::ApplicationCreate.build
         end
         def build_agent_startup_message
-          msg = Contrast::Api::Dtm::AgentStartup.new
-          msg.server_name      = Contrast::Utils::StringUtils.protobuf_format server_name
-          msg.server_path      = Contrast::Utils::StringUtils.protobuf_format server_path
-          msg.server_type      = Contrast::Utils::StringUtils.protobuf_format server_type
-          msg.server_version   = Contrast::Agent::VERSION
-          msg.version          = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.version
-          msg.environment      = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.environment
-          msg.server_tags      = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.tags
-          msg.application_tags = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.tags
-          msg.library_tags     = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.inventory.tags
-          msg.finding_tags     = Contrast::Utils::StringUtils.protobuf_format ASSESS.tags
+          msg = Contrast::Api::Dtm::AgentStartup.build(server_name, server_path, server_type)
           logger.info('Application context',
                       server_name: msg.server_name,
                       server_path: msg.server_path,
                       server_type: msg.server_type,
-                      application_name: name,
+                      application_name: app_name,
                       application_path: path,
                       application_language: Contrast::Utils::ObjectShare::RUBY)
@@ -126,7 +108,7 @@ module Contrast
         end
         def client_id
-          @_client_id ||= [name, pgid].join('-')
+          @_client_id ||= [app_name, pgid].join('-')
         end
         def instrument_middleware_stack?

data/lib/contrast/components/assess.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 module Contrast
@@ -19,7 +19,7 @@ module Contrast
           return false if forcibly_disabled?
           return true  if forcibly_enabled?
-          SETTINGS.assess_enabled?
+          SETTINGS.assess_state.enabled == true
         end
         def tainted_columns
@@ -58,10 +58,9 @@ module Contrast
         # node types (SourceNode, PolicyNode, TriggerNode, PropagationNode)
         #
         # @param policy_node [Contrast::Agent::Assess::Policy::PolicyNode] The node in question.
-        # @param return [Boolean] to capture or not to capture, that is the question.
+        # @return [Boolean] to capture or not to capture, that is the question.
         def capture_stacktrace? policy_node
           return true if capture_stacktrace_value == :ALL
           return false if capture_stacktrace_value == :NONE
           # Below here capture_stacktrace_value must be :SOME.
@@ -90,8 +89,9 @@ module Contrast
           CONFIG.root.assess&.tags
         end
-        def rules
-          SETTINGS.assess_rules
+        def disabled_rules
+          # TODO: RUBY-903
+          CONFIG.root.assess&.rules&.disabled_rules || SETTINGS.assess_state.disabled_assess_rules || []
         end
         private
@@ -100,11 +100,6 @@ module Contrast
           @_forcibly_enabled = true?(CONFIG.root.assess.enable) if @_forcibly_enabled.nil?
           @_forcibly_enabled
         end
-        def disabled_rules
-          # TODO: RUBY-903
-          CONFIG.root.assess&.rules&.disabled_rules || SETTINGS.disabled_assess_rules || []
-        end
       end
       COMPONENT_INTERFACE = Interface.new

data/lib/contrast/components/config.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/utils/env_configuration_item'
@@ -56,7 +56,8 @@ module Contrast
         private
-        SESSION_VARIABLES = "Invalid configuration. Setting both application.session_id and application.session_metadata is not allowed.\n"
+        SESSION_VARIABLES = 'Invalid configuration. '\
+                            "Setting both application.session_id and application.session_metadata is not allowed.\n"
         def validate log: false
           # The config has information about how to construct the logger.
           # If the config is invalid, and you want to know about it, then

data/lib/contrast/components/contrast_service.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'monitor'
@@ -25,14 +25,13 @@ module Contrast
         def use_bundled_service?
           # Validates the config to decide if it's suitable for starting
           # the bundled service
-          @_use_bundled_service ||= begin
-            # Requirement says "must be true" but that
-            # should be "must not be false" -- oops.
-            !false?(CONFIG.root.agent.start_bundled_service) &&
-                # Either a valid host or a valid socket
-                # Path validity is the service's problem
-                (LOCALHOST.match?(host) || !!socket_path)
-          end
+          # Requirement says "must be true" but that
+          # should be "must not be false" -- oops.
+          @_use_bundled_service ||= !false?(CONFIG.root.agent.start_bundled_service) &&
+              # Either a valid host or a valid socket
+              # Path validity is the service's problem
+              (LOCALHOST.match?(host) || !!socket_path)
         end
         def host

data/lib/contrast/components/heap_dump.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 module Contrast

data/lib/contrast/components/interface.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'delegate'
@@ -134,7 +134,7 @@ module Contrast
           if (mods = component_map[sym]) # rubocop:disable Style/GuardClause
             # We may support multiple components via one access request.
             mods.each do |m|
-              name = Contrast::Components.component_const_name(m.name)
+              name = Contrast::Components.component_const_name(m.cs__name)
               cs__const_set(name, m::COMPONENT_INTERFACE) if m.cs__const_defined?(:COMPONENT_INTERFACE)
               include m::InstanceMethods               if m.cs__const_defined?(:InstanceMethods, false)
               extend  m::ClassMethods                  if m.cs__const_defined?(:ClassMethods, false)
@@ -181,7 +181,8 @@ require 'contrast/components/agent'
 Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:agent] = [Contrast::Components::Agent]
 require 'contrast/components/contrast_service'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:contrast_service] = [Contrast::Components::ContrastService]
+Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:contrast_service] =
+  [Contrast::Components::ContrastService]
 require 'contrast/components/app_context'
 Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:app_context] = [Contrast::Components::AppContext]

data/lib/contrast/components/inventory.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 module Contrast

data/lib/contrast/components/logger.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'contrast/logger/log'

data/lib/contrast/components/protect.rb CHANGED Viewed

@@ -1,14 +1,11 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 module Contrast
   module Components
     module Protect
-      # A wrapper build around the Common Agent Configuration project to allow
-      # for access of the values contained in its
-      # parent_configuration_spec.yaml.
-      # Specifically, this allows for querying the state of the Protect
-      # product.
+      # A wrapper build around the Common Agent Configuration project to allow for access of the values contained in
+      # its parent_configuration_spec.yaml.  Specifically, this allows for querying the state of the Protect product.
       class Interface
         include Contrast::Components::ComponentBase
         include Contrast::Components::Interface
@@ -20,7 +17,7 @@ module Contrast
           return false if forcibly_disabled?
           return true  if forcibly_enabled?
-          SETTINGS.protect_enabled?
+          SETTINGS.protect_state.enabled == true
         end
         def rule_config
@@ -28,15 +25,17 @@ module Contrast
         end
         def rules
-          SETTINGS.protect_rules
+          SETTINGS.protect_state.rules
         end
         def rule_mode rule_id
-          CONFIG.root.protect.rules[rule_id]&.mode || SETTINGS.modes_by_id[rule_id] || :NO_ACTION
+          CONFIG.root.protect.rules[rule_id]&.applicable_mode ||
+              SETTINGS.application_state.modes_by_id[rule_id] ||
+              Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION
         end
         def rule name
-          SETTINGS.protect_rules[name]
+          SETTINGS.protect_state.rules[name]
         end
         def report_any_command_execution?
@@ -56,15 +55,13 @@ module Contrast
         end
         def forcibly_disabled?
-          @_forcibly_disabled = false?(CONFIG.root.protect.enable) if @_forcibly_disabled.nil?
-          @_forcibly_disabled
+          @_forcibly_disabled ||= false?(CONFIG.root.protect.enable)
         end
         private
         def forcibly_enabled?
-          @_forcibly_enabled = true?(CONFIG.root.protect.enable) if @_forcibly_enabled.nil?
-          @_forcibly_enabled
+          @_forcibly_enabled ||= true?(CONFIG.root.protect.enable)
         end
       end

data/lib/contrast/components/sampling.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 module Contrast
@@ -25,14 +25,14 @@ module Contrast
         def sampling_control
           @_sampling_control ||= begin
-            cas = CONFIG.root.assess&.sampling
+            config_settings = CONFIG.root.assess&.sampling
             settings = SETTINGS&.assess_state&.[](:sampling_settings)
             {
-                enabled: true?([cas&.enable, settings&.enabled, DEFAULT_SAMPLING_ENABLED].reject(&:nil?)[0]),
-                baseline: [cas&.baseline, settings&.baseline, DEFAULT_SAMPLING_BASELINE].map(&:to_i).find(&:positive?),
-                request_frequency: [cas&.request_frequency, settings&.request_frequency, DEFAULT_SAMPLING_REQUEST_FREQUENCY].map(&:to_i).find(&:positive?),
-                response_frequency: [cas&.response_frequency, settings&.response_frequency, DEFAULT_SAMPLING_RESPONSE_FREQUENCY].map(&:to_i).find(&:positive?),
-                window: [cas&.window_ms, settings&.window_ms, DEFAULT_SAMPLING_WINDOW_MS].map(&:to_i).find(&:positive?)
+                enabled: enabled?(config_settings, settings),
+                baseline: baseline(config_settings, settings),
+                request_frequency: request_frequency(config_settings, settings),
+                response_frequency: response_frequency(config_settings, settings),
+                window: window(config_settings, settings)
             }
           end
         end
@@ -41,6 +41,54 @@ module Contrast
         def reset_sampling_control
           @_sampling_control = nil
         end
+        private
+        # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
+        #   local user input
+        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @return [Boolean] the resolution of the config_settings, settings, and default value
+        def enabled? config_settings, settings
+          true?([config_settings&.enable, settings&.enabled, DEFAULT_SAMPLING_ENABLED].reject(&:nil?)[0])
+        end
+        # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
+        #   local user input
+        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @return [Integer] the resolution of the config_settings, settings, and default value
+        def baseline config_settings, settings
+          [config_settings&.baseline, settings&.baseline, DEFAULT_SAMPLING_BASELINE].map(&:to_i).find(&:positive?)
+        end
+        # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
+        #   local user input
+        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @return [Integer] the resolution of the config_settings, settings, and default value
+        def request_frequency config_settings, settings
+          [
+            config_settings&.request_frequency, settings&.request_frequency,
+            DEFAULT_SAMPLING_REQUEST_FREQUENCY
+          ].map(&:to_i).find(&:positive?)
+        end
+        # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
+        #   local user input
+        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @return [Integer] the resolution of the config_settings, settings, and default value
+        def response_frequency config_settings, settings
+          [
+            config_settings&.response_frequency, settings&.response_frequency,
+            DEFAULT_SAMPLING_RESPONSE_FREQUENCY
+          ].map(&:to_i).find(&:positive?)
+        end
+        # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
+        #   local user input
+        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @return [Integer] the resolution of the config_settings, settings, and default value
+        def window config_settings, settings
+          [config_settings&.window_ms, settings&.window_ms, DEFAULT_SAMPLING_WINDOW_MS].map(&:to_i).find(&:positive?)
+        end
       end
       module InstanceMethods #:nodoc:

data/lib/contrast/components/scope.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 require 'fiber'
@@ -109,6 +109,7 @@ module Contrast
         def with_deserialization_scope
           scope_for_current_ec.enter_deserialization_scope!
+          yield
         ensure
           scope_for_current_ec.exit_deserialization_scope!
         end

data/lib/contrast/components/settings.rb CHANGED Viewed

@@ -1,6 +1,8 @@
-# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+require 'contrast/api/settings.pb'
 module Contrast
   module Components
     # This component encapsulates the statefulness of settings.
@@ -8,133 +10,61 @@ module Contrast
     # directives (likely provided by TeamServer) about product operation.
     # 'Settings' is not a generic term for 'configurable stuff'.
     module Settings
+      APPLICATION_STATE_BASE = Struct.new(:modes_by_id, :exclusion_matchers).
+          new(Hash.new(Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION), [])
+      PROTECT_STATE_BASE = Struct.new(:enabled, :rules).new(false, {})
+      ASSESS_STATE_BASE = Struct.new(:enabled, :sampling_settings, :disabled_assess_rules).new(false, nil, []) do
+        def sampling_settings= new_val
+          @sampling_settings = new_val
+          Contrast::Utils::Assess::SamplingUtil.instance.update
+        end
+      end
       # This is a class.
       class Interface
         include Contrast::Components::ComponentBase
         include Contrast::Components::Interface
         access_component :config
-        attr_reader :assess_rules,
-                    :protect_rules
-        # Other stateful information that doesn't yet cleanly fit anywhere:
         # tainted_columns are database columns that receive unsanitized input.
-        # this statefulness
         attr_reader :tainted_columns # This can probably go into assess_state?
-        # These three 'state' variables represent atomic config/setting state,
-        # outside of things like rule defs.
-        def assess_state
-          @assess_state ||= { # rubocop:disable Naming/MemoizedInstanceVariableName
-              enabled: false,
-              sampling_features: nil
-          }
-        end
-        def protect_state
-          @protect_state ||= { # rubocop:disable Naming/MemoizedInstanceVariableName
-              enabled: false
-          }
-        end
-        def application_state
-          @application_state ||= { # rubocop:disable Naming/MemoizedInstanceVariableName
-              modes_by_id: Hash.new(:NO_ACTION),
-              exclusion_matchers: [],
-              disabled_assess_rules: []
-          }
-        end
-        # These are settings that we receive & store.
-        # Rules are settings too, but they're more involved.
-        # So, between this block and rules, that's setting state.
-        PROTECT_STATE_ATTRS       = %i[].cs__freeze
-        ASSESS_STATE_ATTRS        = %i[sampling_features].cs__freeze
-        APPLICATION_STATE_ATTRS   = %i[modes_by_id exclusion_matchers disabled_assess_rules].cs__freeze
-        # Meta-define an accessor for each state attribute.
-        PROTECT_STATE_ATTRS.each do |attr|
-          # TODO: RUBY-1052
-          define_method(attr) do # rubocop:disable Performance/Kernel/DefineMethod
-            protect_state[attr]
-          end
-        end
-        ASSESS_STATE_ATTRS.each do |attr|
-          # TODO: RUBY-1052
-          define_method(attr) do # rubocop:disable Performance/Kernel/DefineMethod
-            assess_state[attr]
-          end
-        end
-        APPLICATION_STATE_ATTRS.each do |attr|
-          # TODO: RUBY-1052
-          define_method(attr) do # rubocop:disable Performance/Kernel/DefineMethod
-            application_state[attr]
-          end
-        end
+        attr_reader :assess_state, :protect_state, :application_state
         def initialize
           reset_state
         end
-        def protect_enabled?
-          @_protect_enabled = !!protect_state[:enabled] if @_protect_enabled.nil?
-          @_protect_enabled
-        end
-        def assess_enabled?
-          @_assess_enabled = !!assess_state[:enabled] if @_assess_enabled.nil?
-          @_assess_enabled
-        end
         def code_exclusions
-          exclusion_matchers.select(&:code?)
+          @application_state.exclusion_matchers.select(&:code?)
         end
+        # @param server_features [Contrast::Api::Settings::ServerFeatures]
         def update_from_server_features server_features
-          # protect
-          @_protect_enabled = nil
-          protect_state[:enabled] = server_features.protect_enabled?
-          # assess
-          @_assess_enabled = nil
-          assess_state[:enabled] = server_features.assess_enabled?
-          assess_state[:sampling_settings] = server_features.assess.sampling
-          Contrast::Utils::Assess::SamplingUtil.instance.update
+          @protect_state.enabled = server_features.protect_enabled?
+          @assess_state.enabled = server_features.assess_enabled?
+          @assess_state.sampling_settings = server_features.assess.sampling
         end
+        # @param application_settings [Contrast::Api::Settings::ApplicationSettings]
         def update_from_application_settings application_settings
-          application_state.merge!(application_settings.application_state_translation)
+          new_vals = application_settings.application_state_translation
+          @application_state.modes_by_id = new_vals[:modes_by_id]
+          @application_state.exclusion_matchers = new_vals[:exclusion_matchers]
+          @assess_state.disabled_assess_rules = new_vals[:disabled_assess_rules]
         end
         # Wipe state to zero.
         def reset_state
-          @assess_rules = {}
-          @protect_rules = {}
+          @protect_state = PROTECT_STATE_BASE.dup
+          @assess_state = ASSESS_STATE_BASE.dup
+          @application_state = APPLICATION_STATE_BASE.dup
           @tainted_columns = {}
-          @assess_state = nil
-          @protect_state = nil
-          @application_state = nil
-        end
-        def build_assess_rules
-          @assess_rules = {}
-          Contrast::Agent::Assess::Rule::Redos.new
         end
         def build_protect_rules
-          @protect_rules = {}
+          @protect_state.rules = {}
-          # rules
+          # Rules. They add themselves on initialize.
           Contrast::Agent::Protect::Rule::CmdInjection.new
           Contrast::Agent::Protect::Rule::Deserialization.new
           Contrast::Agent::Protect::Rule::HttpMethodTampering.new