RubyGems - contrast-agent - Versions diffs - 4.6.0 → 4.9.1 - Mend

contrast-agent 4.6.0 → 4.9.1

Files changed (190) hide show

checksums.yaml +4 -4
data/.gitignore +6 -1
data/.gitmodules +1 -1
data/.simplecov +1 -0
data/Rakefile +1 -2
data/ext/build_funchook.rb +3 -3
data/ext/extconf_common.rb +1 -5
data/lib/contrast.rb +24 -14
data/lib/contrast/agent/assess.rb +1 -1
data/lib/contrast/agent/assess/contrast_event.rb +1 -4
data/lib/contrast/agent/assess/contrast_object.rb +2 -2
data/lib/contrast/agent/assess/events/event_factory.rb +2 -1
data/lib/contrast/agent/assess/finalizers/hash.rb +2 -4
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +6 -3
data/lib/contrast/agent/assess/policy/patcher.rb +16 -21
data/lib/contrast/agent/assess/policy/policy.rb +1 -1
data/lib/contrast/agent/assess/policy/policy_node.rb +25 -33
data/lib/contrast/agent/assess/policy/policy_scanner.rb +3 -5
data/lib/contrast/agent/assess/policy/preshift.rb +7 -5
data/lib/contrast/agent/assess/policy/propagation_method.rb +10 -19
data/lib/contrast/agent/assess/policy/propagation_node.rb +19 -8
data/lib/contrast/agent/assess/policy/propagator.rb +1 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +2 -1
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +3 -6
data/lib/contrast/agent/assess/policy/propagator/insert.rb +3 -1
data/lib/contrast/agent/assess/policy/propagator/match_data.rb +2 -1
data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/select.rb +2 -12
data/lib/contrast/agent/assess/policy/propagator/split.rb +12 -13
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +3 -10
data/lib/contrast/agent/assess/policy/propagator/trim.rb +3 -15
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +13 -10
data/lib/contrast/agent/assess/policy/source_method.rb +12 -12
data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +1 -3
data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +5 -1
data/lib/contrast/agent/assess/policy/trigger/xpath.rb +0 -3
data/lib/contrast/agent/assess/policy/trigger_method.rb +8 -18
data/lib/contrast/agent/assess/policy/trigger_node.rb +3 -2
data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +4 -3
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -2
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +1 -8
data/lib/contrast/agent/assess/property/evented.rb +8 -5
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +11 -5
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +4 -1
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +7 -9
data/lib/contrast/agent/at_exit_hook.rb +3 -3
data/lib/contrast/agent/class_reopener.rb +9 -6
data/lib/contrast/agent/disable_reaction.rb +4 -7
data/lib/contrast/agent/exclusion_matcher.rb +7 -14
data/lib/contrast/agent/inventory/dependencies.rb +2 -0
data/lib/contrast/agent/inventory/dependency_analysis.rb +2 -6
data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +3 -5
data/lib/contrast/agent/inventory/policy/datastores.rb +3 -4
data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
data/lib/contrast/agent/middleware.rb +17 -18
data/lib/contrast/agent/module_data.rb +3 -3
data/lib/contrast/agent/patching/policy/after_load_patch.rb +3 -3
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +9 -9
data/lib/contrast/agent/patching/policy/method_policy.rb +6 -2
data/lib/contrast/agent/patching/policy/module_policy.rb +14 -7
data/lib/contrast/agent/patching/policy/patch.rb +20 -25
data/lib/contrast/agent/patching/policy/patch_status.rb +6 -7
data/lib/contrast/agent/patching/policy/patcher.rb +21 -18
data/lib/contrast/agent/patching/policy/policy.rb +2 -4
data/lib/contrast/agent/patching/policy/policy_node.rb +16 -7
data/lib/contrast/agent/patching/policy/trigger_node.rb +21 -8
data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +1 -1
data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +1 -1
data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +1 -1
data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +2 -3
data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +1 -1
data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +5 -9
data/lib/contrast/agent/protect/policy/policy.rb +1 -1
data/lib/contrast/agent/protect/policy/rule_applicator.rb +7 -9
data/lib/contrast/agent/protect/rule/base.rb +20 -23
data/lib/contrast/agent/protect/rule/base_service.rb +9 -5
data/lib/contrast/agent/protect/rule/cmd_injection.rb +18 -23
data/lib/contrast/agent/protect/rule/deserialization.rb +6 -13
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +3 -14
data/lib/contrast/agent/protect/rule/no_sqli.rb +6 -2
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +1 -3
data/lib/contrast/agent/protect/rule/path_traversal.rb +6 -10
data/lib/contrast/agent/protect/rule/sqli.rb +1 -1
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +1 -1
data/lib/contrast/agent/protect/rule/xss.rb +1 -1
data/lib/contrast/agent/protect/rule/xxe.rb +5 -12
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +1 -2
data/lib/contrast/agent/reaction_processor.rb +13 -13
data/lib/contrast/agent/request.rb +27 -26
data/lib/contrast/agent/request_context.rb +17 -22
data/lib/contrast/agent/request_handler.rb +5 -3
data/lib/contrast/agent/response.rb +2 -3
data/lib/contrast/agent/rewriter.rb +9 -6
data/lib/contrast/agent/rule_set.rb +5 -4
data/lib/contrast/agent/service_heartbeat.rb +4 -6
data/lib/contrast/agent/static_analysis.rb +6 -5
data/lib/contrast/agent/thread.rb +2 -4
data/lib/contrast/agent/thread_watcher.rb +3 -4
data/lib/contrast/agent/tracepoint_hook.rb +5 -5
data/lib/contrast/agent/version.rb +1 -1
data/lib/contrast/api/communication/messaging_queue.rb +4 -5
data/lib/contrast/api/communication/response_processor.rb +11 -13
data/lib/contrast/api/communication/service_lifecycle.rb +9 -6
data/lib/contrast/api/communication/socket_client.rb +22 -31
data/lib/contrast/api/communication/speedracer.rb +8 -13
data/lib/contrast/api/decorators/address.rb +2 -3
data/lib/contrast/api/decorators/agent_startup.rb +7 -9
data/lib/contrast/api/decorators/application_startup.rb +12 -10
data/lib/contrast/api/decorators/application_update.rb +0 -4
data/lib/contrast/api/decorators/http_request.rb +3 -7
data/lib/contrast/api/decorators/instrumentation_mode.rb +3 -5
data/lib/contrast/api/decorators/library.rb +8 -6
data/lib/contrast/api/decorators/message.rb +9 -9
data/lib/contrast/api/decorators/trace_event.rb +3 -1
data/lib/contrast/api/decorators/trace_event_object.rb +3 -6
data/lib/contrast/api/decorators/trace_taint_range_tags.rb +1 -6
data/lib/contrast/components/agent.rb +17 -17
data/lib/contrast/components/app_context.rb +11 -15
data/lib/contrast/components/assess.rb +16 -16
data/lib/contrast/components/base.rb +40 -0
data/lib/contrast/components/config.rb +2 -3
data/lib/contrast/components/contrast_service.rb +12 -18
data/lib/contrast/components/heap_dump.rb +5 -4
data/lib/contrast/components/inventory.rb +2 -7
data/lib/contrast/components/logger.rb +1 -2
data/lib/contrast/components/protect.rb +10 -13
data/lib/contrast/components/sampling.rb +13 -7
data/lib/contrast/components/scope.rb +0 -4
data/lib/contrast/components/settings.rb +5 -7
data/lib/contrast/config/assess_rules_configuration.rb +1 -3
data/lib/contrast/config/base_configuration.rb +4 -5
data/lib/contrast/config/exception_configuration.rb +1 -5
data/lib/contrast/config/heap_dump_configuration.rb +12 -6
data/lib/contrast/config/logger_configuration.rb +1 -5
data/lib/contrast/configuration.rb +6 -18
data/lib/contrast/extension/assess/array.rb +3 -10
data/lib/contrast/extension/assess/erb.rb +1 -7
data/lib/contrast/extension/assess/eval_trigger.rb +4 -9
data/lib/contrast/extension/assess/exec_trigger.rb +3 -9
data/lib/contrast/extension/assess/fiber.rb +8 -17
data/lib/contrast/extension/assess/hash.rb +3 -3
data/lib/contrast/extension/assess/kernel.rb +4 -13
data/lib/contrast/extension/assess/marshal.rb +6 -10
data/lib/contrast/extension/assess/regexp.rb +6 -10
data/lib/contrast/extension/assess/string.rb +8 -6
data/lib/contrast/extension/kernel.rb +2 -2
data/lib/contrast/extension/protect/kernel.rb +0 -5
data/lib/contrast/framework/manager.rb +3 -5
data/lib/contrast/framework/rack/patch/session_cookie.rb +11 -24
data/lib/contrast/framework/rack/patch/support.rb +6 -4
data/lib/contrast/framework/rails/patch/assess_configuration.rb +12 -9
data/lib/contrast/framework/rails/patch/support.rb +41 -35
data/lib/contrast/framework/rails/railtie.rb +34 -0
data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +4 -1
data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +2 -0
data/lib/contrast/framework/rails/rewrite/active_record_named.rb +5 -4
data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +2 -0
data/lib/contrast/framework/rails/support.rb +2 -2
data/lib/contrast/framework/sinatra/support.rb +3 -1
data/lib/contrast/funchook/funchook.rb +5 -8
data/lib/contrast/logger/application.rb +13 -15
data/lib/contrast/logger/format.rb +2 -5
data/lib/contrast/logger/log.rb +26 -9
data/lib/contrast/logger/request.rb +1 -6
data/lib/contrast/security_exception.rb +1 -1
data/lib/contrast/tasks/config.rb +0 -1
data/lib/contrast/tasks/service.rb +6 -7
data/lib/contrast/utils/assess/sampling_util.rb +2 -3
data/lib/contrast/utils/assess/tracking_util.rb +3 -6
data/lib/contrast/utils/class_util.rb +0 -8
data/lib/contrast/utils/hash_digest.rb +2 -5
data/lib/contrast/utils/heap_dump_util.rb +5 -3
data/lib/contrast/utils/invalid_configuration_util.rb +4 -3
data/lib/contrast/utils/inventory_util.rb +2 -3
data/lib/contrast/utils/io_util.rb +3 -5
data/lib/contrast/utils/job_servers_running.rb +13 -7
data/lib/contrast/utils/os.rb +4 -4
data/lib/contrast/utils/ruby_ast_rewriter.rb +2 -1
data/lib/contrast/utils/string_utils.rb +2 -3
data/lib/contrast/utils/tag_util.rb +25 -19
data/resources/assess/policy.json +55 -0
data/ruby-agent.gemspec +17 -16
data/service_executables/VERSION +1 -1
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
data/sonar-project.properties +9 -0
metadata +61 -46
data/lib/contrast/agent/railtie.rb +0 -31
data/lib/contrast/components/interface.rb +0 -195
data/lib/contrast/delegators/input_analysis.rb +0 -12

data/lib/contrast/components/sampling.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+require 'contrast/components/base'
 module Contrast
   module Components
     module Sampling
@@ -15,9 +17,6 @@ module Contrast
       module ClassMethods #:nodoc:
         include Contrast::Components::ComponentBase
         include Constants
-        include Contrast::Components::Interface
-        access_component :config, :settings
         def sampling_enabled?
           sampling_control[:enabled]
@@ -25,8 +24,8 @@ module Contrast
         def sampling_control
           @_sampling_control ||= begin
-            config_settings = CONFIG.root.assess&.sampling
-            settings = SETTINGS&.assess_state&.[](:sampling_settings)
+            config_settings = ::Contrast::CONFIG.root.assess&.sampling
+            settings = ::Contrast::SETTINGS&.assess_state&.[](:sampling_settings)
             {
                 enabled: enabled?(config_settings, settings),
                 baseline: baseline(config_settings, settings),
@@ -65,7 +64,10 @@ module Contrast
         # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
         def request_frequency config_settings, settings
-          [config_settings&.request_frequency, settings&.request_frequency, DEFAULT_SAMPLING_REQUEST_FREQUENCY].map(&:to_i).find(&:positive?)
+          [
+            config_settings&.request_frequency, settings&.request_frequency,
+            DEFAULT_SAMPLING_REQUEST_FREQUENCY
+          ].map(&:to_i).find(&:positive?)
         end
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
@@ -73,7 +75,10 @@ module Contrast
         # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
         def response_frequency config_settings, settings
-          [config_settings&.response_frequency, settings&.response_frequency, DEFAULT_SAMPLING_RESPONSE_FREQUENCY].map(&:to_i).find(&:positive?)
+          [
+            config_settings&.response_frequency, settings&.response_frequency,
+            DEFAULT_SAMPLING_RESPONSE_FREQUENCY
+          ].map(&:to_i).find(&:positive?)
         end
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
@@ -88,6 +93,7 @@ module Contrast
       module InstanceMethods #:nodoc:
         include Contrast::Components::ComponentBase
         include Constants
+        include ClassMethods
       end
     end
   end

data/lib/contrast/components/scope.rb CHANGED Viewed

@@ -20,8 +20,6 @@ module Contrast
       EXECUTION_CONTEXT = {} # rubocop:disable Style/MutableConstant
       class Interface # :nodoc:
-        include Contrast::Components::ComponentBase
         def initialize
           # This is probably redundant with #scope_for_current_ec's nil check.
           EXECUTION_CONTEXT[Fiber.current] = Contrast::Agent::Scope.new
@@ -146,8 +144,6 @@ module Contrast
       end
       ClassMethods = InstanceMethods
-      COMPONENT_INTERFACE = Interface.new
     end
   end
 end

data/lib/contrast/components/settings.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+require 'contrast/api/settings.pb'
 module Contrast
   module Components
     # This component encapsulates the statefulness of settings.
@@ -8,8 +10,8 @@ module Contrast
     # directives (likely provided by TeamServer) about product operation.
     # 'Settings' is not a generic term for 'configurable stuff'.
     module Settings
-      APPLICATION_STATE_BASE = Struct.new(:modes_by_id, :exclusion_matchers).new(
-          Hash.new { Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION }, [])
+      APPLICATION_STATE_BASE = Struct.new(:modes_by_id, :exclusion_matchers).
+          new(Hash.new(Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION), [])
       PROTECT_STATE_BASE = Struct.new(:enabled, :rules).new(false, {})
       ASSESS_STATE_BASE = Struct.new(:enabled, :sampling_settings, :disabled_assess_rules).new(false, nil, []) do
         def sampling_settings= new_val
@@ -20,9 +22,7 @@ module Contrast
       # This is a class.
       class Interface
-        include Contrast::Components::ComponentBase
-        include Contrast::Components::Interface
-        access_component :config
+        extend Contrast::Components::Config
         # tainted_columns are database columns that receive unsanitized input.
         attr_reader :tainted_columns # This can probably go into assess_state?
@@ -74,8 +74,6 @@ module Contrast
           Contrast::Agent::Protect::Rule::Xxe.new
         end
       end
-      COMPONENT_INTERFACE = Interface.new
     end
   end
 end

data/lib/contrast/config/assess_rules_configuration.rb CHANGED Viewed

@@ -6,9 +6,7 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # disabled assess rule functionality of the Agent.
     class AssessRulesConfiguration < BaseConfiguration
-      KEYS = {
-          disabled_rules: EMPTY_VALUE
-      }.cs__freeze
+      KEYS = { disabled_rules: EMPTY_VALUE }.cs__freeze
       def initialize hsh
         super(hsh, KEYS)

data/lib/contrast/config/base_configuration.rb CHANGED Viewed

@@ -17,10 +17,7 @@ module Contrast
       attr_reader :map
       alias_method :to_hash, :map
-      def_delegators :@map, :empty?, :key?,
-                     :delete,
-                     :fetch, :[], :[]=,
-                     :each, :each_pair, :each_key, :each_value
+      def_delegators :@map, :empty?, :key?, :delete, :fetch, :[], :[]=, :each, :each_pair, :each_key, :each_value
       EMPTY_VALUE = :EMPTY_VALUE
@@ -35,7 +32,9 @@ module Contrast
           current_level = current_level.send(segment) if current_level.cs__respond_to?(segment)
         end
         last_entry = dot_path_array[-1]
-        current_level.send("#{ last_entry }=", value) if current_level.nil? == false && current_level.cs__respond_to?(last_entry)
+        if current_level.nil? == false && current_level.cs__respond_to?(last_entry)
+          current_level.send("#{ last_entry }=", value)
+        end
         nil
       end

data/lib/contrast/config/exception_configuration.rb CHANGED Viewed

@@ -7,11 +7,7 @@ module Contrast
     # exception handling in Ruby, allowing for the override of Response Code
     # and Message when Security Exceptions are raised.
     class ExceptionConfiguration < BaseConfiguration
-      KEYS = {
-          capture: EMPTY_VALUE,
-          override_status: EMPTY_VALUE,
-          override_message: EMPTY_VALUE
-      }.cs__freeze
+      KEYS = { capture: EMPTY_VALUE, override_status: EMPTY_VALUE, override_message: EMPTY_VALUE }.cs__freeze
       def initialize hsh
         super(hsh, KEYS)

data/lib/contrast/config/heap_dump_configuration.rb CHANGED Viewed

@@ -7,12 +7,18 @@ module Contrast
     # Heap Dump collection functionality of the Agent.
     class HeapDumpConfiguration < BaseConfiguration
       KEYS = {
-          enable: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::FALSE), # should dumps be taken
-          path: Contrast::Config::DefaultValue.new('contrast_heap_dumps'),                 # dir to which dumps should be saved
-          delay_ms: Contrast::Config::DefaultValue.new(10_000),                            # time, in ms, after initialization to delay before taking dump
-          window_ms: Contrast::Config::DefaultValue.new(10_000),                           # ms between each dump
-          count: Contrast::Config::DefaultValue.new(5),                                    # number of dumps to take
-          clean: Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::FALSE)   # remove temporary objects
+          enable:                                                                   # should dumps be taken
+            Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::FALSE),
+          path:                                                                     # dir to which dumps should be
+            Contrast::Config::DefaultValue.new('contrast_heap_dumps'), #   saved
+          delay_ms:                                                                 # time, in ms, after initialization
+            Contrast::Config::DefaultValue.new(10_000), #   to delay before taking dump
+          window_ms:                                                                # ms between each dump
+            Contrast::Config::DefaultValue.new(10_000), #
+          count:                                                                    # number of dumps to take
+            Contrast::Config::DefaultValue.new(5), #
+          clean:                                                                    # remove temporary objects or not
+            Contrast::Config::DefaultValue.new(Contrast::Utils::ObjectShare::FALSE)  #
       }.cs__freeze
       def initialize hsh

data/lib/contrast/config/logger_configuration.rb CHANGED Viewed

@@ -6,11 +6,7 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # logging in the Agent.
     class LoggerConfiguration < BaseConfiguration
-      KEYS = {
-          path: EMPTY_VALUE,
-          level: EMPTY_VALUE,
-          progname: EMPTY_VALUE
-      }.cs__freeze
+      KEYS = { path: EMPTY_VALUE, level: EMPTY_VALUE, progname: EMPTY_VALUE }.cs__freeze
       def initialize hsh
         super(hsh, KEYS)

data/lib/contrast/configuration.rb CHANGED Viewed

@@ -6,7 +6,7 @@ require 'fileutils'
 require 'contrast/config'
 require 'contrast/utils/object_share'
-require 'contrast/components/interface'
+require 'contrast/components/scope'
 module Contrast
   # This is how we read in the local settings for the Agent, both ENV/ CMD line
@@ -15,9 +15,8 @@ module Contrast
   class Configuration
     extend Forwardable
-    include Contrast::Components::Interface
-    access_component :scope
+    include Contrast::Components::Scope::InstanceMethods
+    extend Contrast::Components::Scope::InstanceMethods
     def_delegator :root, :assign_value_to_path_array
@@ -25,16 +24,8 @@ module Contrast
     DEFAULT_YAML_PATH  = 'contrast_security.yaml'
     MILLISECOND_MARKER = '_ms'
-    CONVERSION = {
-        'agent.service.enable' => 'agent.start_bundled_service'
-    }.cs__freeze
-    CONFIG_BASE_PATHS = [
-      '',
-      'config/',
-      '/etc/contrast/ruby/',
-      '/etc/contrast/',
-      '/etc/'
-    ].cs__freeze
+    CONVERSION = { 'agent.service.enable' => 'agent.start_bundled_service' }.cs__freeze
+    CONFIG_BASE_PATHS = ['', 'config/', '/etc/contrast/ruby/', '/etc/contrast/', '/etc/'].cs__freeze
     def initialize cli_options = nil, default_name = DEFAULT_YAML_PATH
       @default_name = default_name
@@ -189,10 +180,7 @@ module Contrast
     # When we fail to parse a configuration because it is misformatted, log an
     # appropriate message based on the Agent Onboarding specification
     def log_yaml_parse_error path, exception
-      hash = {
-          path: path,
-          pwd: Dir.pwd
-      }
+      hash = { path: path, pwd: Dir.pwd }
       if exception.is_a?(Psych::SyntaxError)
         hash[:context] = exception.context
         hash[:column] = exception.column

data/lib/contrast/extension/assess/array.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 require 'contrast/agent/patching/policy/patch'
 require 'contrast/agent/patching/policy/patcher'
-require 'contrast/components/interface'
+require 'contrast/components/scope'
 module Contrast
   module Extension
@@ -12,9 +12,7 @@ module Contrast
       # Disclaimer: there may be a better way, but we're in a 'get it work' state.
       # Hopefully, we'll be in a 'get it right' state soon.
       class ArrayPropagator
-        include Contrast::Components::Interface
-        access_component :scope
+        extend Contrast::Components::Scope::InstanceMethods
         ARRAY_JOIN_HASH = {
             'class_name' => 'Array',
@@ -56,12 +54,7 @@ module Contrast
               return ret unless Contrast::Agent::Assess::Tracker.tracked?(ret)
               properties.cleanup_tags
-              properties.build_event(
-                  ARRAY_JOIN_NODE,
-                  ret,
-                  ary,
-                  ret,
-                  [separator])
+              properties.build_event(ARRAY_JOIN_NODE, ret, ary, ret, [separator])
               properties.event.instance_variable_set(:@_parent_events, parent_events)
               ret
             end

data/lib/contrast/extension/assess/erb.rb CHANGED Viewed

@@ -25,13 +25,7 @@ module ERBPropagator
         parent_event = Contrast::Agent::Assess::Tracker.properties(bound_variable_value)&.event
         parent_events << parent_event if parent_event
       end
-      properties.build_event(
-          patcher,
-          ret,
-          preshift.object,
-          ret,
-          preshift.args,
-          1)
+      properties.build_event(patcher, ret, preshift.object, ret, preshift.args, 1)
       properties.event.instance_variable_set(:@_parent_events, parent_events)
       ret

data/lib/contrast/extension/assess/eval_trigger.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/components/interface'
+require 'contrast/components/logger'
 module Contrast
   module Extension
@@ -11,8 +11,7 @@ module Contrast
       # apply the trigger in a custom patch over one of the generic triggers in
       # TriggerMethod.
       class EvalTrigger
-        include Contrast::Components::Interface
-        access_component :logging
+        include Contrast::Components::Logger::InstanceMethods
         class << self
           def instance_eval_trigger_check obj, source, ret
@@ -31,12 +30,8 @@ module Contrast
             # source might not be all the args passed in, but it is the one we care
             # about. we could pass in all the args in the last param here if it
             # becomes an issue in rendering on TS
-            Contrast::Agent::Assess::Policy::TriggerMethod.apply_eval_trigger(
-                trigger_node(clazz, method),
-                source,
-                obj,
-                ret,
-                source)
+            Contrast::Agent::Assess::Policy::TriggerMethod.apply_eval_trigger(trigger_node(clazz, method), source, obj,
+                                                                              ret, source)
           end
           def instrument_basic_object_track

data/lib/contrast/extension/assess/exec_trigger.rb CHANGED Viewed

@@ -18,20 +18,14 @@ module Contrast
           # source might not be all the args passed in, but it is the one we care
           # about. we could pass in all the args in the last param here if it
           # becomes an issue in rendering on TS
-          Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(
-              trigger_node,
-              source,
-              Kernel,
-              nil,
-              source)
+          Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(trigger_node, source, Kernel, nil, source)
         end
         private
         def trigger_node
-          @_trigger_node ||= begin
-            Contrast::Agent::Assess::Policy::Policy.instance.find_node('cmd-injection', 'Kernel', :exec, false)
-          end
+          @_trigger_node ||= Contrast::Agent::Assess::Policy::Policy.instance.find_node('cmd-injection', 'Kernel',
+                                                                                        :exec, false)
         end
       end
     end

data/lib/contrast/extension/assess/fiber.rb CHANGED Viewed

@@ -2,7 +2,8 @@
 # frozen_string_literal: true
 require 'contrast/agent/assess/policy/propagation_node'
-require 'contrast/components/interface'
+require 'contrast/components/logger'
+require 'contrast/components/scope'
 # In order to instrument some difficult methods like String#gsub, as it
 # returns an enumerator, we need to instrument methods on Fiber.
@@ -16,9 +17,9 @@ module Contrast
       # Contrast::Agent::Assess::Policy::Propagator molds without cluttering up the
       # Fiber Class or exposing our methods there.
       class FiberPropagator
-        include Contrast::Components::Interface
+        extend Contrast::Components::Logger::InstanceMethods
+        extend Contrast::Components::Scope::InstanceMethods
-        access_component :analysis, :logging, :scope
         # we use funchook to patch rb_fiber_new the initialize method is not exposed by Ruby core
         FIBER_NEW_NODE_HASH = {
@@ -53,7 +54,7 @@ module Contrast
         class << self
           def track_rb_fiber_yield fiber, _method, results
-            return unless ASSESS.enabled?
+            return unless ::Contrast::ASSESS.enabled?
             # results will be nil if StopIteration was raised,
             # otherwise an Array of the yielded arguments
@@ -64,12 +65,7 @@ module Contrast
                 next unless (result_properties = Contrast::Agent::Assess::Tracker.properties!(result))
                 result_properties.splat_from(fiber, result)
-                result_properties.build_event(
-                    FIBER_YIELD_NODE,
-                    result,
-                    fiber,
-                    result,
-                    [])
+                result_properties.build_event(FIBER_YIELD_NODE, result, fiber, result, [])
               end
             end
           rescue Exception => e # rubocop:disable Lint/RescueException
@@ -77,7 +73,7 @@ module Contrast
           end
           def track_rb_fiber_new fiber, _enum, _enum_method, underlying, _underlying_method
-            return unless ASSESS.enabled?
+            return unless ::Contrast::ASSESS.enabled?
             return unless underlying.is_a?(String) && !underlying.empty?
             with_contrast_scope do
@@ -85,12 +81,7 @@ module Contrast
               return unless properties
               properties.splat_from(underlying, fiber)
-              properties.build_event(
-                  FIBER_NEW_NODE,
-                  fiber,
-                  underlying,
-                  fiber,
-                  [])
+              properties.build_event(FIBER_NEW_NODE, fiber, underlying, fiber, [])
             end
           rescue Exception => e # rubocop:disable Lint/RescueException
             logger.error('Unable to propagate during Fiber.new', e)

data/lib/contrast/extension/assess/hash.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/components/interface'
+require 'contrast/components/logger'
 module Contrast
   module Extension
@@ -10,8 +10,8 @@ module Contrast
       # methods which are too complex to fit into one of the standard
       # Contrast::Agent::Assess::Policy::Propagator molds.
       class HashPropagator
-        include Contrast::Components::Interface
-        access_component :logging
+        include Contrast::Components::Logger::InstanceMethods
         class << self
           def cs__duplicate_and_freeze object
             return object unless object.is_a?(String) && !object.cs__frozen?