contrast-agent 4.6.0 → 4.7.0

data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb

@@ -65,8 +65,7 @@ module Contrast
               return true if http && !tmp_id.end_with?(DTD_MARKER)
 
               # external if using external protocol
-              return true if tmp_id.start_with?(FTP_START, FILE_START,
-                                                JAR_START, GOPHER_START)
+              return true if tmp_id.start_with?(FTP_START, FILE_START, JAR_START, GOPHER_START)
 
               # external if start with path marker (/ or .)
               return true if tmp_id.start_with?(Contrast::Utils::ObjectShare::SLASH,

data/lib/contrast/agent/reaction_processor.rb

@@ -6,11 +6,9 @@ require 'contrast/components/interface'
 
 module Contrast
   module Agent
-    # Because communication between the Agent/Service and TeamServer can only
-    # be initiated by outbound connections from the Agent/Service, we must
-    # provide a mechanism for the TeamServer to direct the Agent to take a
-    # specific action. This action is referred to as a Reaction. This class is
-    # how we handle those Reaction messages.
+    # Because communication between the Agent/Service and TeamServer can only be initiated by outbound connections
+    # from the Agent/Service, we must provide a mechanism for the TeamServer to direct the Agent to take a specific
+    # action. This action is referred to as a Reaction. This class is how we handle those Reaction messages.
     class ReactionProcessor
       include Contrast::Components::Interface
       access_component :logging
@@ -25,8 +23,12 @@ module Contrast
         return unless application_settings&.reactions&.any?
 
         application_settings.reactions.each do |reaction|
-          # the enums are all uppercase, we need to downcase them before attempting to log
-          level = reaction.log_level.nil? ? :error : reaction.log_level.name.downcase
+          # The enums are all uppercase, we need to downcase them before attempting to log.
+          level = if reaction.log_level.nil?
+                    :error
+                  else
+                    reaction.log_level.name.downcase # rubocop:disable Security/Module/Name -- ruby logger builtin.
+                  end
 
           logger.with_level(level, reaction.message) if reaction.message
 
@@ -36,9 +38,8 @@ module Contrast
           when Contrast::Api::Settings::Reaction::Operation::NOOP
             # NOOP
           else
-            logger.warn(
-                'ReactionProcessor received a reaction with an unknown operation',
-                operation: reaction.operation)
+            logger.warn('ReactionProcessor received a reaction with an unknown operation',
+                        operation: reaction.operation)
           end
         end
       end

data/lib/contrast/agent/request.rb

@@ -30,7 +30,8 @@ module Contrast
       attr_accessor :route, :observed_route
 
       # Delegate calls to the following methods to the attribute @rack_request
-      def_delegators :@rack_request, :base_url, :content_type, :cookies, :env, :ip, :path, :port, :query_string, :request_method, :scheme, :url, :user_agent
+      def_delegators :@rack_request, :base_url, :content_type, :cookies, :env, :ip, :path, :port, :query_string,
+                     :request_method, :scheme, :url, :user_agent
 
       def initialize rack_request
         @rack_request = rack_request
@@ -56,32 +57,28 @@ module Contrast
       end
 
       def document_type
-        @_document_type ||= begin
-          if /xml/i.match?(content_type) || body&.start_with?('<?xml')
-            :XML
-          elsif /json/i.match?(content_type) || body&.match?(/\s*[{\[]/)
-            :JSON
-          else
-            :NORMAL
-          end
-        end
+        @_document_type ||= if /xml/i.match?(content_type) || body&.start_with?('<?xml')
+                              :XML
+                            elsif /json/i.match?(content_type) || body&.match?(/\s*[{\[]/)
+                              :JSON
+                            else
+                              :NORMAL
+                            end
       end
 
       # Header keys upcased and any underscores replaced with dashes
       def headers
-        @_headers ||= begin
-          with_contrast_scope do
-            hash = {}
-            env.each do |key, value|
-              next unless key
-
-              name = key.to_s
-              next unless name.start_with?(Contrast::Utils::ObjectShare::HTTP_SCORE)
-
-              hash[Contrast::Utils::StringUtils.normalized_key(name)] = value
-            end
-            hash
+        @_headers ||= with_contrast_scope do
+          hash = {}
+          env.each do |key, value|
+            next unless key
+
+            name = key.to_s
+            next unless name.start_with?(Contrast::Utils::ObjectShare::HTTP_SCORE)
+
+            hash[Contrast::Utils::StringUtils.normalized_key(name)] = value
           end
+          hash
         end
       end
 
@@ -90,7 +87,10 @@ module Contrast
         # (can't use body because it might be nil)
         @_body_read ||= begin
           body = rack_request.body
-          if defined?(Rack::Multipart) && defined?(Rack::Multipart::UploadedFile) && body.is_a?(Rack::Multipart::UploadedFile)
+          if defined?(Rack::Multipart) &&
+                defined?(Rack::Multipart::UploadedFile) &&
+                body.is_a?(Rack::Multipart::UploadedFile)
+
             logger.trace("not parsing uploaded file body :: #{ body.original_filename }::#{ body.content_type }")
             @_body = nil
           else

data/lib/contrast/agent/request_context.rb

@@ -31,15 +31,14 @@ module Contrast
 
       EMPTY_INPUT_ANALYSIS_PB = Contrast::Api::Settings::InputAnalysis.new
 
-      attr_reader :activity, :logging_hash, :observed_route, :request, :response, :route, :speedracer_input_analysis, :server_activity, :timer
+      attr_reader :activity, :logging_hash, :observed_route, :request, :response, :route, :speedracer_input_analysis,
+                  :server_activity, :timer
 
       def initialize rack_request, app_loaded = true
         with_contrast_scope do
           # all requests get a timer and hash
           @timer = Contrast::Utils::Timer.new
-          @logging_hash = {
-              request_id: __id__
-          }
+          @logging_hash = { request_id: __id__ }
 
           # instantiate helper for request and response
           @request = Contrast::Agent::Request.new(rack_request)
@@ -64,7 +63,9 @@ module Contrast
 
           @sample = true
 
-          @sample_request, @sample_response = Contrast::Utils::Assess::SamplingUtil.instance.sample?(@request) if ASSESS.enabled?
+          if ASSESS.enabled?
+            @sample_request, @sample_response = Contrast::Utils::Assess::SamplingUtil.instance.sample?(@request)
+          end
 
           @sample_response &&= ASSESS.scan_response?
 
@@ -209,16 +210,10 @@ module Contrast
                             # special case for rules (like reflected xss)
                             # that used to have an infilter / block
                             # mode but now are just block at perimeter
-                            rule.build_attack_with_match(
-                                self,
-                                ia_result,
-                                attack_results_by_rule[rule_id],
-                                ia_result.value)
+                            rule.build_attack_with_match(self, ia_result, attack_results_by_rule[rule_id],
+                                                         ia_result.value)
                           else
-                            rule.build_attack_without_match(
-                                self,
-                                ia_result,
-                                attack_results_by_rule[rule_id])
+                            rule.build_attack_without_match(self, ia_result, attack_results_by_rule[rule_id])
                           end
           attack_results_by_rule[rule_id] = attack_result
         end

data/lib/contrast/agent/rewriter.rb

@@ -3,6 +3,8 @@
 
 # intentional -- we're using a << operator here
 
+return unless RUBY_VERSION < '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
+
 require 'contrast/agent/class_reopener'
 require 'contrast/agent/patching/policy/patch_status'
 require 'contrast/components/interface'
@@ -57,13 +59,13 @@ module Contrast
         rescue SyntaxError, StandardError => e
           opener = nil
           mod ||= module_data.mod
-          logger.debug('Reopening threw a handled exception - skipping rewriting', e, module: module_data.name)
+          logger.debug('Reopening threw a handled exception - skipping rewriting', e, module: module_data.mod_name)
           status ||= Contrast::Agent::Patching::Policy::PatchStatus.get_status(mod)
           status.failed_rewrite!
         ensure
           opener&.commit_patches
           logger.trace('Rewriting complete',
-                       module: module_data.name,
+                       module: module_data.mod_name,
                        result: Contrast::Agent::Patching::Policy::PatchStatus.get_status(
                            module_data.mod).rewrite_status)
         end
@@ -238,7 +240,7 @@ module Contrast
         ].cs__freeze
         def should_rewrite? module_data
           clazz = module_data.mod
-          name = module_data.name
+          name = module_data.mod_name
           return false unless clazz
 
           # Name can be nil for anonymous modules. We won't work on them.

data/lib/contrast/agent/service_heartbeat.rb

@@ -21,9 +21,8 @@ module Contrast
         @_thread = Contrast::Agent::Thread.new do
           logger.info('Starting heartbeat thread.')
           loop do
-            begin
-              Contrast::Agent.messaging_queue.send_event_eventually(poll_message)
-            end
+            Contrast::Agent.messaging_queue.send_event_eventually(poll_message)
+
             sleep REFRESH_INTERVAL_SEC
           end
         end

data/lib/contrast/agent/tracepoint_hook.rb

@@ -37,7 +37,7 @@ module Contrast
 
             Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.associate_file(path) if path
             Contrast::Agent::Patching::Policy::Patcher.patch_specific_module(loaded_module)
-            Contrast::Agent::Assess::Policy::RewriterPatch.rewrite_interpolation(loaded_module)
+            Contrast::Agent::Assess::Policy::RewriterPatch.rewrite_interpolation(loaded_module) if RUBY_VERSION < '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
             Contrast::Agent::Assess::Policy::PolicyScanner.scan(tracepoint_event)
           end
         end

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '4.6.0'
+    VERSION = '4.7.0'
   end
 end

data/lib/contrast/api/communication/response_processor.rb

@@ -24,10 +24,8 @@ module Contrast
 
           Contrast::Logger::Log.instance.update(server_features&.log_file, server_features&.log_level)
           update_features(server_features, app_settings)
-          logger.trace(
-              'Agent settings updated in response to Service',
-              protect_on: PROTECT.enabled?,
-              assess_on: ASSESS.enabled?)
+          logger.trace('Agent settings updated in response to Service', protect_on: PROTECT.enabled?,
+                                                                        assess_on: ASSESS.enabled?)
         end
 
         private

data/lib/contrast/api/communication/service_lifecycle.rb

@@ -21,12 +21,14 @@ module Contrast
           is_service_started
         end
 
-        # check if there's a zombie service that exists, and wait on it if so.
-        # currently, this only happens when trying to initialize speedracer
+        # check if there's a zombie service that exists, and wait on it if so. currently, this only happens when trying
+        # to initialize speedracer
         def zombie_check
           zombie_pid_list = Contrast::Utils::OS.zombie_pids
           zombie_pid_list.each do |pid|
             Process.wait(pid.to_i)
+          rescue Errno::ECHILD => _e
+            # Sometimes the zombie process dies between us finding it and killing it
           end
         end
 

data/lib/contrast/api/communication/socket_client.rb

@@ -52,16 +52,13 @@ module Contrast
           end
           # The host & port are set,
           if CONFIG.root.agent.service.host && CONFIG.root.agent.service.port
-            logger.info('Connecting to the Contrast Service using a TCP socket',
-                        host: CONTRAST_SERVICE.host,
-                        port: CONTRAST_SERVICE.port)
+            logger.info('Connecting to the Contrast Service using a TCP socket', host: CONTRAST_SERVICE.host,
+                                                                                 port: CONTRAST_SERVICE.port)
             return
           end
 
           # Or something is not set.
-          logger.warn(log_connection_error_msg,
-                      host: CONTRAST_SERVICE.host,
-                      port: CONTRAST_SERVICE.port)
+          logger.warn(log_connection_error_msg, host: CONTRAST_SERVICE.host, port: CONTRAST_SERVICE.port)
         end
 
         # If our connection isn't built properly, we need to warn the user. This builds out the context specific
@@ -87,26 +84,16 @@ module Contrast
         def send_message msg
           return unless msg
 
-          logger.debug('Sending message.',
-                       msg_id: msg.__id__,
-                       p_id: msg.pid,
-                       msg_count: msg.message_count)
+          logger.debug('Sending message.', msg_id: msg.__id__, p_id: msg.pid, msg_count: msg.message_count)
           to_service = Contrast::Api::Dtm::Message.encode(msg)
           from_service = send_marshaled(to_service)
           response = Contrast::Api::Settings::AgentSettings.decode(from_service)
-          logger.debug('Received response.',
-                       msg_id: msg.__id__,
-                       p_id: msg.pid,
-                       msg_count: msg.message_count,
-                       response_id: response&.__id__)
+          logger.debug('Received response.', msg_id: msg.__id__, p_id: msg.pid, msg_count: msg.message_count,
+                                             response_id: response&.__id__)
           response
         rescue StandardError => e
-          logger.error('Sending failed for message.',
-                       e,
-                       msg_id: msg.__id__,
-                       p_id: msg.pid,
-                       msg_count: msg.message_count,
-                       response_id: response&.__id__)
+          logger.error('Sending failed for message.', e, msg_id: msg.__id__, p_id: msg.pid,
+                                                         msg_count: msg.message_count, response_id: response&.__id__)
           raise e # reraise to let Speedracer manage the connection
         end
 

data/lib/contrast/api/communication/speedracer.rb

@@ -58,16 +58,14 @@ module Contrast
         def send_to_speedracer event
           ensure_startup!
 
-          logger.debug_with_time(event.cs__class.name) do
+          logger.debug_with_time(event.cs__class.cs__name) do
             response = socket_client.send_one event
             status.success!
             yield response
           end
         rescue StandardError => e
           status.failure!
-          logger.error('Unable to send message.', e,
-                       event_id: event.__id__,
-                       event_type: event.cs__class.name)
+          logger.error('Unable to send message.', e, event_id: event.__id__, event_type: event.cs__class.cs__name)
           nil
         end
 
@@ -101,9 +99,7 @@ module Contrast
         end
 
         def log_send_event event
-          logger.debug('Immediately sending event.',
-                       event_id: event.__id__,
-                       event_type: event.cs__class.name)
+          logger.debug('Immediately sending event.', event_id: event.__id__, event_type: event.cs__class.cs__name)
         end
       end
     end

data/lib/contrast/api/decorators/application_startup.rb

@@ -41,8 +41,12 @@ module Contrast
           #
           # @param msg [Contrast::Api::Dtm::ApplicationCreate]
           def session! msg
-            msg.session_id       = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.session_id,        truncate: false
-            msg.session_metadata = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.session_metadata,  truncate: false
+            msg.session_id = Contrast::Utils::StringUtils.protobuf_format(
+                CONFIG.root.application.session_id,
+                truncate: false)
+            msg.session_metadata = Contrast::Utils::StringUtils.protobuf_format(
+                CONFIG.root.application.session_metadata,
+                truncate: false)
           end
         end
       end

data/lib/contrast/api/decorators/library.rb

@@ -10,6 +10,8 @@ module Contrast
     module Decorators
       # Used to decorate the Library protobuf model to handle Gem::Specification translation
       module Library
+        StringUtils = Contrast::Utils::StringUtils
+
         def self.included klass
           klass.extend(ClassMethods)
         end
@@ -18,13 +20,13 @@ module Contrast
         module ClassMethods
           def build digest, gem_specification
             msg = new
-            msg.file_path = Contrast::Utils::StringUtils.force_utf8(gem_specification.name)
-            msg.hash_code   = Contrast::Utils::StringUtils.force_utf8(digest)
-            msg.version     = Contrast::Utils::StringUtils.force_utf8(gem_specification.version)
-            msg.manifest    = Contrast::Utils::StringUtils.force_utf8(build_manifest(gem_specification))
+            msg.file_path = StringUtils.force_utf8(gem_specification.name) # rubocop:disable Security/Module/Name
+            msg.hash_code   = StringUtils.force_utf8(digest)
+            msg.version     = StringUtils.force_utf8(gem_specification.version)
+            msg.manifest    = StringUtils.force_utf8(build_manifest(gem_specification))
             msg.external_ms = date_to_ms(gem_specification.date)
             msg.internal_ms = msg.external_ms
-            msg.url         = Contrast::Utils::StringUtils.force_utf8(gem_specification.homepage)
+            msg.url         = StringUtils.force_utf8(gem_specification.homepage)
             msg.class_count = file_count(gem_specification.full_gem_path.to_s)
             msg.used_class_count = 0
             msg
@@ -37,7 +39,7 @@ module Contrast
           end
 
           def build_manifest spec
-            Contrast::Utils::StringUtils.force_utf8(spec.to_yaml.to_s)
+            StringUtils.force_utf8(spec.to_yaml.to_s)
           rescue StandardError
             nil
           end

data/lib/contrast/api/decorators/message.rb

@@ -38,7 +38,7 @@ module Contrast
           when Contrast::Api::Dtm::ObservedRoute
             self.observed_route = event
           else
-            logger.error('Unknown event type received. Unsure how to send.', event_type: event.cs__class.name)
+            logger.error('Unknown event type received. Unsure how to send.', event_type: event.cs__class.cs__name)
             return
           end
           logger.debug('Wrapping event in message',
@@ -46,7 +46,7 @@ module Contrast
                        p_id: pid,
                        msg_count: message_count,
                        event_id: event.__id__,
-                       event_type: event.cs__class.name)
+                       event_type: event.cs__class.cs__name)
         end
 
         # Used to add class methods to the ApplicationUpdate class on inclusion of the decorator
@@ -58,7 +58,7 @@ module Contrast
 
           def build event
             msg = new
-            msg.app_name      = APP_CONTEXT.name
+            msg.app_name      = APP_CONTEXT.app_name
             msg.app_path      = APP_CONTEXT.path
             msg.app_language  = Contrast::Utils::ObjectShare::RUBY
             msg.client_id     = APP_CONTEXT.client_id

data/lib/contrast/api/decorators/trace_event.rb

@@ -106,7 +106,9 @@ module Contrast
             event_dtm.thread = Contrast::Utils::StringUtils.force_utf8(contrast_event.thread)
             event_dtm.build_parent_ids!(contrast_event)
             event_dtm.object_id = contrast_event.event_id.to_i
-            event_dtm.signature = Contrast::Api::Dtm::TraceEventSignature.build(contrast_event.ret, contrast_event.policy_node, contrast_event.args)
+            event_dtm.signature = Contrast::Api::Dtm::TraceEventSignature.build(contrast_event.ret,
+                                                                                contrast_event.policy_node,
+                                                                                contrast_event.args)
             event_dtm
           end
         end