RubyGems - contrast-agent - Versions diffs - 4.6.0 → 4.9.1 - Mend

contrast-agent 4.6.0 → 4.9.1

Files changed (190) hide show

checksums.yaml +4 -4
data/.gitignore +6 -1
data/.gitmodules +1 -1
data/.simplecov +1 -0
data/Rakefile +1 -2
data/ext/build_funchook.rb +3 -3
data/ext/extconf_common.rb +1 -5
data/lib/contrast.rb +24 -14
data/lib/contrast/agent/assess.rb +1 -1
data/lib/contrast/agent/assess/contrast_event.rb +1 -4
data/lib/contrast/agent/assess/contrast_object.rb +2 -2
data/lib/contrast/agent/assess/events/event_factory.rb +2 -1
data/lib/contrast/agent/assess/finalizers/hash.rb +2 -4
data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +6 -3
data/lib/contrast/agent/assess/policy/patcher.rb +16 -21
data/lib/contrast/agent/assess/policy/policy.rb +1 -1
data/lib/contrast/agent/assess/policy/policy_node.rb +25 -33
data/lib/contrast/agent/assess/policy/policy_scanner.rb +3 -5
data/lib/contrast/agent/assess/policy/preshift.rb +7 -5
data/lib/contrast/agent/assess/policy/propagation_method.rb +10 -19
data/lib/contrast/agent/assess/policy/propagation_node.rb +19 -8
data/lib/contrast/agent/assess/policy/propagator.rb +1 -0
data/lib/contrast/agent/assess/policy/propagator/center.rb +2 -1
data/lib/contrast/agent/assess/policy/propagator/database_write.rb +3 -6
data/lib/contrast/agent/assess/policy/propagator/insert.rb +3 -1
data/lib/contrast/agent/assess/policy/propagator/match_data.rb +2 -1
data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +73 -0
data/lib/contrast/agent/assess/policy/propagator/select.rb +2 -12
data/lib/contrast/agent/assess/policy/propagator/split.rb +12 -13
data/lib/contrast/agent/assess/policy/propagator/substitution.rb +3 -10
data/lib/contrast/agent/assess/policy/propagator/trim.rb +3 -15
data/lib/contrast/agent/assess/policy/rewriter_patch.rb +13 -10
data/lib/contrast/agent/assess/policy/source_method.rb +12 -12
data/lib/contrast/agent/assess/policy/source_validation/source_validation.rb +1 -3
data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb +5 -1
data/lib/contrast/agent/assess/policy/trigger/xpath.rb +0 -3
data/lib/contrast/agent/assess/policy/trigger_method.rb +8 -18
data/lib/contrast/agent/assess/policy/trigger_node.rb +3 -2
data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +4 -3
data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -2
data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +1 -8
data/lib/contrast/agent/assess/property/evented.rb +8 -5
data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +11 -5
data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +4 -1
data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +7 -9
data/lib/contrast/agent/at_exit_hook.rb +3 -3
data/lib/contrast/agent/class_reopener.rb +9 -6
data/lib/contrast/agent/disable_reaction.rb +4 -7
data/lib/contrast/agent/exclusion_matcher.rb +7 -14
data/lib/contrast/agent/inventory/dependencies.rb +2 -0
data/lib/contrast/agent/inventory/dependency_analysis.rb +2 -6
data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +3 -5
data/lib/contrast/agent/inventory/policy/datastores.rb +3 -4
data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
data/lib/contrast/agent/middleware.rb +17 -18
data/lib/contrast/agent/module_data.rb +3 -3
data/lib/contrast/agent/patching/policy/after_load_patch.rb +3 -3
data/lib/contrast/agent/patching/policy/after_load_patcher.rb +9 -9
data/lib/contrast/agent/patching/policy/method_policy.rb +6 -2
data/lib/contrast/agent/patching/policy/module_policy.rb +14 -7
data/lib/contrast/agent/patching/policy/patch.rb +20 -25
data/lib/contrast/agent/patching/policy/patch_status.rb +6 -7
data/lib/contrast/agent/patching/policy/patcher.rb +21 -18
data/lib/contrast/agent/patching/policy/policy.rb +2 -4
data/lib/contrast/agent/patching/policy/policy_node.rb +16 -7
data/lib/contrast/agent/patching/policy/trigger_node.rb +21 -8
data/lib/contrast/agent/protect/policy/applies_command_injection_rule.rb +1 -1
data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +1 -1
data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +1 -1
data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +2 -3
data/lib/contrast/agent/protect/policy/applies_sqli_rule.rb +1 -1
data/lib/contrast/agent/protect/policy/applies_xxe_rule.rb +5 -9
data/lib/contrast/agent/protect/policy/policy.rb +1 -1
data/lib/contrast/agent/protect/policy/rule_applicator.rb +7 -9
data/lib/contrast/agent/protect/rule/base.rb +20 -23
data/lib/contrast/agent/protect/rule/base_service.rb +9 -5
data/lib/contrast/agent/protect/rule/cmd_injection.rb +18 -23
data/lib/contrast/agent/protect/rule/deserialization.rb +6 -13
data/lib/contrast/agent/protect/rule/http_method_tampering.rb +3 -14
data/lib/contrast/agent/protect/rule/no_sqli.rb +6 -2
data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +1 -3
data/lib/contrast/agent/protect/rule/path_traversal.rb +6 -10
data/lib/contrast/agent/protect/rule/sqli.rb +1 -1
data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +1 -1
data/lib/contrast/agent/protect/rule/xss.rb +1 -1
data/lib/contrast/agent/protect/rule/xxe.rb +5 -12
data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +1 -2
data/lib/contrast/agent/reaction_processor.rb +13 -13
data/lib/contrast/agent/request.rb +27 -26
data/lib/contrast/agent/request_context.rb +17 -22
data/lib/contrast/agent/request_handler.rb +5 -3
data/lib/contrast/agent/response.rb +2 -3
data/lib/contrast/agent/rewriter.rb +9 -6
data/lib/contrast/agent/rule_set.rb +5 -4
data/lib/contrast/agent/service_heartbeat.rb +4 -6
data/lib/contrast/agent/static_analysis.rb +6 -5
data/lib/contrast/agent/thread.rb +2 -4
data/lib/contrast/agent/thread_watcher.rb +3 -4
data/lib/contrast/agent/tracepoint_hook.rb +5 -5
data/lib/contrast/agent/version.rb +1 -1
data/lib/contrast/api/communication/messaging_queue.rb +4 -5
data/lib/contrast/api/communication/response_processor.rb +11 -13
data/lib/contrast/api/communication/service_lifecycle.rb +9 -6
data/lib/contrast/api/communication/socket_client.rb +22 -31
data/lib/contrast/api/communication/speedracer.rb +8 -13
data/lib/contrast/api/decorators/address.rb +2 -3
data/lib/contrast/api/decorators/agent_startup.rb +7 -9
data/lib/contrast/api/decorators/application_startup.rb +12 -10
data/lib/contrast/api/decorators/application_update.rb +0 -4
data/lib/contrast/api/decorators/http_request.rb +3 -7
data/lib/contrast/api/decorators/instrumentation_mode.rb +3 -5
data/lib/contrast/api/decorators/library.rb +8 -6
data/lib/contrast/api/decorators/message.rb +9 -9
data/lib/contrast/api/decorators/trace_event.rb +3 -1
data/lib/contrast/api/decorators/trace_event_object.rb +3 -6
data/lib/contrast/api/decorators/trace_taint_range_tags.rb +1 -6
data/lib/contrast/components/agent.rb +17 -17
data/lib/contrast/components/app_context.rb +11 -15
data/lib/contrast/components/assess.rb +16 -16
data/lib/contrast/components/base.rb +40 -0
data/lib/contrast/components/config.rb +2 -3
data/lib/contrast/components/contrast_service.rb +12 -18
data/lib/contrast/components/heap_dump.rb +5 -4
data/lib/contrast/components/inventory.rb +2 -7
data/lib/contrast/components/logger.rb +1 -2
data/lib/contrast/components/protect.rb +10 -13
data/lib/contrast/components/sampling.rb +13 -7
data/lib/contrast/components/scope.rb +0 -4
data/lib/contrast/components/settings.rb +5 -7
data/lib/contrast/config/assess_rules_configuration.rb +1 -3
data/lib/contrast/config/base_configuration.rb +4 -5
data/lib/contrast/config/exception_configuration.rb +1 -5
data/lib/contrast/config/heap_dump_configuration.rb +12 -6
data/lib/contrast/config/logger_configuration.rb +1 -5
data/lib/contrast/configuration.rb +6 -18
data/lib/contrast/extension/assess/array.rb +3 -10
data/lib/contrast/extension/assess/erb.rb +1 -7
data/lib/contrast/extension/assess/eval_trigger.rb +4 -9
data/lib/contrast/extension/assess/exec_trigger.rb +3 -9
data/lib/contrast/extension/assess/fiber.rb +8 -17
data/lib/contrast/extension/assess/hash.rb +3 -3
data/lib/contrast/extension/assess/kernel.rb +4 -13
data/lib/contrast/extension/assess/marshal.rb +6 -10
data/lib/contrast/extension/assess/regexp.rb +6 -10
data/lib/contrast/extension/assess/string.rb +8 -6
data/lib/contrast/extension/kernel.rb +2 -2
data/lib/contrast/extension/protect/kernel.rb +0 -5
data/lib/contrast/framework/manager.rb +3 -5
data/lib/contrast/framework/rack/patch/session_cookie.rb +11 -24
data/lib/contrast/framework/rack/patch/support.rb +6 -4
data/lib/contrast/framework/rails/patch/assess_configuration.rb +12 -9
data/lib/contrast/framework/rails/patch/support.rb +41 -35
data/lib/contrast/framework/rails/railtie.rb +34 -0
data/lib/contrast/framework/rails/rewrite/action_controller_railties_helper_inherited.rb +4 -1
data/lib/contrast/framework/rails/rewrite/active_record_attribute_methods_read.rb +2 -0
data/lib/contrast/framework/rails/rewrite/active_record_named.rb +5 -4
data/lib/contrast/framework/rails/rewrite/active_record_time_zone_inherited.rb +2 -0
data/lib/contrast/framework/rails/support.rb +2 -2
data/lib/contrast/framework/sinatra/support.rb +3 -1
data/lib/contrast/funchook/funchook.rb +5 -8
data/lib/contrast/logger/application.rb +13 -15
data/lib/contrast/logger/format.rb +2 -5
data/lib/contrast/logger/log.rb +26 -9
data/lib/contrast/logger/request.rb +1 -6
data/lib/contrast/security_exception.rb +1 -1
data/lib/contrast/tasks/config.rb +0 -1
data/lib/contrast/tasks/service.rb +6 -7
data/lib/contrast/utils/assess/sampling_util.rb +2 -3
data/lib/contrast/utils/assess/tracking_util.rb +3 -6
data/lib/contrast/utils/class_util.rb +0 -8
data/lib/contrast/utils/hash_digest.rb +2 -5
data/lib/contrast/utils/heap_dump_util.rb +5 -3
data/lib/contrast/utils/invalid_configuration_util.rb +4 -3
data/lib/contrast/utils/inventory_util.rb +2 -3
data/lib/contrast/utils/io_util.rb +3 -5
data/lib/contrast/utils/job_servers_running.rb +13 -7
data/lib/contrast/utils/os.rb +4 -4
data/lib/contrast/utils/ruby_ast_rewriter.rb +2 -1
data/lib/contrast/utils/string_utils.rb +2 -3
data/lib/contrast/utils/tag_util.rb +25 -19
data/resources/assess/policy.json +55 -0
data/ruby-agent.gemspec +17 -16
data/service_executables/VERSION +1 -1
data/service_executables/linux/contrast-service +0 -0
data/service_executables/mac/contrast-service +0 -0
data/sonar-project.properties +9 -0
metadata +61 -46
data/lib/contrast/agent/railtie.rb +0 -31
data/lib/contrast/components/interface.rb +0 -195
data/lib/contrast/delegators/input_analysis.rb +0 -12

data/lib/contrast/api/communication/speedracer.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/components/interface'
+require 'contrast/components/logger'
 module Contrast
   module Api
@@ -9,8 +9,7 @@ module Contrast
       # Wraps all connection data to speedracer
       class Speedracer
         include Contrast::Api::Communication::ServiceLifecycle
-        include Contrast::Components::Interface
-        access_component :contrast_service, :logging, :app_context
+        include Contrast::Components::Logger::InstanceMethods
         attr_reader :status, :response_processor, :socket_client, :ensure_running
@@ -25,7 +24,7 @@ module Contrast
           return if status.connected?
           ensure_running.synchronize do
-            if CONTRAST_SERVICE.use_bundled_service?
+            if ::Contrast::CONTRAST_SERVICE.use_bundled_service?
               logger.info('Attempting to start local service')
               unless attempt_local_service_startup
                 logger.error('Failed to start local service')
@@ -58,21 +57,19 @@ module Contrast
         def send_to_speedracer event
           ensure_startup!
-          logger.debug_with_time(event.cs__class.name) do
+          logger.debug_with_time(event.cs__class.cs__name) do
             response = socket_client.send_one event
             status.success!
             yield response
           end
         rescue StandardError => e
           status.failure!
-          logger.error('Unable to send message.', e,
-                       event_id: event.__id__,
-                       event_type: event.cs__class.name)
+          logger.error('Unable to send message.', e, event_id: event.__id__, event_type: event.cs__class.cs__name)
           nil
         end
         def send_initialization_messages
-          agent_startup_msg = APP_CONTEXT.build_agent_startup_message
+          agent_startup_msg = ::Contrast::APP_CONTEXT.build_agent_startup_message
           logger.debug('Preparing to send startup messages')
           # 1 initial attempt, + 3 potential retries.
@@ -82,7 +79,7 @@ module Contrast
             next unless (agent_response = socket_client.send_one(agent_startup_msg))
             # Connection was successful; send app create with the resolved features.
-            app_startup_msg = APP_CONTEXT.build_app_startup_message
+            app_startup_msg = ::Contrast::APP_CONTEXT.build_app_startup_message
             log_send_event(app_startup_msg)
             app_response = socket_client.send_one(app_startup_msg)
@@ -101,9 +98,7 @@ module Contrast
         end
         def log_send_event event
-          logger.debug('Immediately sending event.',
-                       event_id: event.__id__,
-                       event_type: event.cs__class.name)
+          logger.debug('Immediately sending event.', event_id: event.__id__, event_type: event.cs__class.cs__name)
         end
       end
     end

data/lib/contrast/api/decorators/address.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 require 'contrast/api/dtm.pb'
-require 'contrast/components/interface'
+require 'contrast/components/logger'
 require 'contrast/utils/string_utils'
 require 'contrast/utils/timer'
@@ -19,8 +19,7 @@ module Contrast
         # Used to add class methods to the ApplicationUpdate class on inclusion of the decorator
         module ClassMethods
-          include Contrast::Components::Interface
-          access_component :logging
+          include Contrast::Components::Logger::InstanceMethods
           # receiver is memoized because it is the address/host/port of the server, once we
           # resolve this for the first time, it shouldn't change
           #

data/lib/contrast/api/decorators/agent_startup.rb CHANGED Viewed

@@ -2,8 +2,8 @@
 # frozen_string_literal: true
 require 'contrast/api/dtm.pb'
-require 'contrast/components/interface'
 require 'contrast/utils/string_utils'
+require 'contrast/components/base'
 module Contrast
   module Api
@@ -11,8 +11,6 @@ module Contrast
       # Used to decorate the AgentStartup protobuf model to handle reporting Agent process start
       module AgentStartup
         include Contrast::Components::ComponentBase
-        include Contrast::Components::Interface
-        access_component :analysis, :config
         def self.included klass
           klass.extend(ClassMethods)
@@ -33,7 +31,7 @@ module Contrast
             msg.server_path      = Contrast::Utils::StringUtils.protobuf_format path
             msg.server_type      = Contrast::Utils::StringUtils.protobuf_format type
             config!(msg)
-            msg.finding_tags = Contrast::Utils::StringUtils.protobuf_format ASSESS.tags
+            msg.finding_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::ASSESS.tags
             msg
           end
@@ -43,11 +41,11 @@ module Contrast
           #
           # @param msg [Contrast::Api::Dtm::AgentStartup]
           def config! msg
-            msg.version          = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.version
-            msg.environment      = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.environment
-            msg.server_tags      = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.tags
-            msg.application_tags = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.tags
-            msg.library_tags     = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.inventory.tags
+            msg.version          = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.version
+            msg.environment      = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.environment
+            msg.server_tags      = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.tags
+            msg.application_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.tags
+            msg.library_tags     = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.inventory.tags
           end
         end
       end

data/lib/contrast/api/decorators/application_startup.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 require 'contrast/api/dtm.pb'
 require 'contrast/api/decorators/instrumentation_mode'
-require 'contrast/components/interface'
+require 'contrast/components/base'
 require 'contrast/utils/string_utils'
 module Contrast
@@ -12,8 +12,6 @@ module Contrast
       # Used to decorate the ApplicationCreate protobuf model to handle reporting Agent process start
       module ApplicationStartup
         include Contrast::Components::ComponentBase
-        include Contrast::Components::Interface
-        access_component :config
         def self.included klass
           klass.extend(ClassMethods)
@@ -26,11 +24,11 @@ module Contrast
           # @return [Contrast::Api::Dtm::ApplicationCreate]
           def build
             msg = new
-            msg.app_version      = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.version.to_s
-            msg.code             = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.code
-            msg.group            = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.group
-            msg.metadata         = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.metadata
-            msg.mode             = Contrast::Api::Dtm::InstrumentationMode.build
+            msg.app_version = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.version.to_s
+            msg.code        = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.code
+            msg.group       = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.group
+            msg.metadata    = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.metadata
+            msg.mode        = Contrast::Api::Dtm::InstrumentationMode.build
             session!(msg)
             msg
           end
@@ -41,8 +39,12 @@ module Contrast
           #
           # @param msg [Contrast::Api::Dtm::ApplicationCreate]
           def session! msg
-            msg.session_id       = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.session_id,        truncate: false
-            msg.session_metadata = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.session_metadata,  truncate: false
+            msg.session_id = Contrast::Utils::StringUtils.protobuf_format(
+                ::Contrast::CONFIG.root.application.session_id,
+                truncate: false)
+            msg.session_metadata = Contrast::Utils::StringUtils.protobuf_format(
+                ::Contrast::CONFIG.root.application.session_metadata,
+                truncate: false)
           end
         end
       end

data/lib/contrast/api/decorators/application_update.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/components/interface'
 require 'contrast/utils/string_utils'
 module Contrast
@@ -11,9 +10,6 @@ module Contrast
       # model so it can own some of the data massaging required for AppUpdate
       # dtm.
       module ApplicationUpdate
-        include Contrast::Components::Interface
-        access_component :config
         def self.included klass
           klass.extend(ClassMethods)
         end

data/lib/contrast/api/decorators/http_request.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 require 'contrast/api/dtm.pb'
 require 'contrast/api/decorators/address'
-require 'contrast/components/interface'
+require 'contrast/components/scope'
 require 'contrast/utils/string_utils'
 require 'contrast/utils/timer'
@@ -14,9 +14,6 @@ module Contrast
       # so it can own some of the data massaging required for Request dtm. Only
       # works as an extension of that class.
       module HttpRequest
-        include Contrast::Components::Interface
-        access_component :agent
         OMITTED_BODY = '{{body-omitted-by-contrast}}'
         def self.included klass
@@ -93,7 +90,7 @@ module Contrast
         end
         def omit_body? request
-          return true if AGENT.omit_body?
+          return true if ::Contrast::AGENT.omit_body?
           return false if request.document_type != :NORMAL
           request.content_type&.include?('multipart/form-data')
@@ -111,8 +108,7 @@ module Contrast
         # Used to add class methods to the ApplicationUpdate class on inclusion of the decorator
         module ClassMethods
-          include Contrast::Components::Interface
-          access_component :scope
+          include Contrast::Components::Scope::InstanceMethods
           # Convert our Request into a DTM
           # @param request [Contrast::Agent::Request]

data/lib/contrast/api/decorators/instrumentation_mode.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 require 'contrast/api/dtm.pb'
-require 'contrast/components/interface'
+require 'contrast/components/base'
 module Contrast
   module Api
@@ -10,8 +10,6 @@ module Contrast
       # Used to decorate the InstrumentationMode protobuf model to handle reporting Agent process start
       module InstrumentationMode
         include Contrast::Components::ComponentBase
-        include Contrast::Components::Interface
-        access_component :analysis
         def self.included klass
           klass.extend(ClassMethods)
@@ -24,8 +22,8 @@ module Contrast
           # @return [Contrast::Api::Dtm::InstrumentationMode]
           def build
             msg = new
-            msg.assess =  ASSESS.enabled?
-            msg.protect = PROTECT.enabled?
+            msg.assess =  ::Contrast::ASSESS.enabled?
+            msg.protect = ::Contrast::PROTECT.enabled?
             msg
           end
         end

data/lib/contrast/api/decorators/library.rb CHANGED Viewed

@@ -10,6 +10,8 @@ module Contrast
     module Decorators
       # Used to decorate the Library protobuf model to handle Gem::Specification translation
       module Library
+        StringUtils = Contrast::Utils::StringUtils
         def self.included klass
           klass.extend(ClassMethods)
         end
@@ -18,13 +20,13 @@ module Contrast
         module ClassMethods
           def build digest, gem_specification
             msg = new
-            msg.file_path = Contrast::Utils::StringUtils.force_utf8(gem_specification.name)
-            msg.hash_code   = Contrast::Utils::StringUtils.force_utf8(digest)
-            msg.version     = Contrast::Utils::StringUtils.force_utf8(gem_specification.version)
-            msg.manifest    = Contrast::Utils::StringUtils.force_utf8(build_manifest(gem_specification))
+            msg.file_path = StringUtils.force_utf8(gem_specification.name) # rubocop:disable Security/Module/Name
+            msg.hash_code   = StringUtils.force_utf8(digest)
+            msg.version     = StringUtils.force_utf8(gem_specification.version)
+            msg.manifest    = StringUtils.force_utf8(build_manifest(gem_specification))
             msg.external_ms = date_to_ms(gem_specification.date)
             msg.internal_ms = msg.external_ms
-            msg.url         = Contrast::Utils::StringUtils.force_utf8(gem_specification.homepage)
+            msg.url         = StringUtils.force_utf8(gem_specification.homepage)
             msg.class_count = file_count(gem_specification.full_gem_path.to_s)
             msg.used_class_count = 0
             msg
@@ -37,7 +39,7 @@ module Contrast
           end
           def build_manifest spec
-            Contrast::Utils::StringUtils.force_utf8(spec.to_yaml.to_s)
+            StringUtils.force_utf8(spec.to_yaml.to_s)
           rescue StandardError
             nil
           end

data/lib/contrast/api/decorators/message.rb CHANGED Viewed

@@ -3,6 +3,7 @@
 require 'contrast/utils/object_share'
 require 'contrast/utils/string_utils'
+require 'contrast/components/logger'
 module Contrast
   module Api
@@ -10,8 +11,7 @@ module Contrast
       # Used to decorate the {Contrast::Api::Dtm::Message} protobuf model so it
       # can handle instance data massaging.
       module Message
-        include Contrast::Components::Interface
-        access_component :app_context, :logging
+        include Contrast::Components::Logger::InstanceMethods
         def self.included klass
           klass.extend(ClassMethods)
@@ -38,7 +38,7 @@ module Contrast
           when Contrast::Api::Dtm::ObservedRoute
             self.observed_route = event
           else
-            logger.error('Unknown event type received. Unsure how to send.', event_type: event.cs__class.name)
+            logger.error('Unknown event type received. Unsure how to send.', event_type: event.cs__class.cs__name)
             return
           end
           logger.debug('Wrapping event in message',
@@ -46,7 +46,7 @@ module Contrast
                        p_id: pid,
                        msg_count: message_count,
                        event_id: event.__id__,
-                       event_type: event.cs__class.name)
+                       event_type: event.cs__class.cs__name)
         end
         # Used to add class methods to the ApplicationUpdate class on inclusion of the decorator
@@ -58,13 +58,13 @@ module Contrast
           def build event
             msg = new
-            msg.app_name      = APP_CONTEXT.name
-            msg.app_path      = APP_CONTEXT.path
+            msg.app_name      = ::Contrast::APP_CONTEXT.app_name
+            msg.app_path      = ::Contrast::APP_CONTEXT.path
             msg.app_language  = Contrast::Utils::ObjectShare::RUBY
-            msg.client_id     = APP_CONTEXT.client_id
+            msg.client_id     = ::Contrast::APP_CONTEXT.client_id
             msg.message_count = message_count
-            msg.pid           = APP_CONTEXT.pid
-            msg.ppid          = APP_CONTEXT.ppid
+            msg.pid           = ::Contrast::APP_CONTEXT.pid
+            msg.ppid          = ::Contrast::APP_CONTEXT.ppid
             msg.append_event(event)
             msg
           end

data/lib/contrast/api/decorators/trace_event.rb CHANGED Viewed

@@ -106,7 +106,9 @@ module Contrast
             event_dtm.thread = Contrast::Utils::StringUtils.force_utf8(contrast_event.thread)
             event_dtm.build_parent_ids!(contrast_event)
             event_dtm.object_id = contrast_event.event_id.to_i
-            event_dtm.signature = Contrast::Api::Dtm::TraceEventSignature.build(contrast_event.ret, contrast_event.policy_node, contrast_event.args)
+            event_dtm.signature = Contrast::Api::Dtm::TraceEventSignature.build(contrast_event.ret,
+                                                                                contrast_event.policy_node,
+                                                                                contrast_event.args)
             event_dtm
           end
         end

data/lib/contrast/api/decorators/trace_event_object.rb CHANGED Viewed

@@ -4,7 +4,7 @@
 require 'contrast/utils/string_utils'
 require 'contrast/utils/assess/tracking_util'
 require 'base64'
-require 'contrast/components/interface'
+require 'contrast/components/scope'
 module Contrast
   module Api
@@ -18,8 +18,7 @@ module Contrast
         # Class methods for TraceEventObject
         module ClassMethods
-          include Contrast::Components::Interface
-          access_component :scope
+          include Contrast::Components::Scope::InstanceMethods
           # Build the event object. We were originally going to include taint on
           # each one, but TS doesn't accept / use that, so it is a waste of time.
           #
@@ -52,9 +51,7 @@ module Contrast
             tmp = []
             tmp << obj_string[0, UNTRUNCATED_PORTION_LENGTH]
             tmp << ELLIPSIS
-            tmp << obj_string[
-                obj_string.length - UNTRUNCATED_PORTION_LENGTH,
-                UNTRUNCATED_PORTION_LENGTH]
+            tmp << obj_string[obj_string.length - UNTRUNCATED_PORTION_LENGTH, UNTRUNCATED_PORTION_LENGTH]
             tmp.join
           end
         end

data/lib/contrast/api/decorators/trace_taint_range_tags.rb CHANGED Viewed

@@ -97,12 +97,7 @@ module Contrast
           DATABASE_WRITE
         ].cs__freeze
-        VALID_SOURCE_TAGS = %w[
-          NO_NEWLINES
-          UNTRUSTED
-          CROSS_SITE
-          LIMITED_CHARS
-        ].cs__freeze
+        VALID_SOURCE_TAGS = %w[NO_NEWLINES UNTRUSTED CROSS_SITE LIMITED_CHARS].cs__freeze
       end
     end
   end

data/lib/contrast/components/agent.rb CHANGED Viewed

@@ -12,12 +12,9 @@ module Contrast
       # Specifically, this allows for querying the state of the Agent.
       class Interface
         include Contrast::Components::ComponentBase
-        include Contrast::Components::Interface
-        access_component :analysis, :config, :settings
         def enabled?
-          @_enabled = !false?(CONFIG.root.enable) if @_enabled.nil?
+          @_enabled = !false?(::Contrast::CONFIG.root.enable) if @_enabled.nil?
           @_enabled
         end
@@ -52,36 +49,39 @@ module Contrast
         end
         def patch_yield?
-          @_patch_yield = !false?(CONFIG.root.agent.ruby.propagate_yield) if @_patch_yield.nil?
+          @_patch_yield = !false?(::Contrast::CONFIG.root.agent.ruby.propagate_yield) if @_patch_yield.nil?
           @_patch_yield
         end
         def interpolation_enabled?
-          @_interpolation_enabled = !false?(CONFIG.root.agent.ruby.interpolate) if @_interpolation_enabled.nil?
+          @_interpolation_enabled = !false?(::Contrast::CONFIG.root.agent.ruby.interpolate) if @_interpolation_enabled.nil?
           @_interpolation_enabled
         end
         def omit_body?
-          @_omit_body = true?(CONFIG.root.agent.omit_body) if @_omit_body.nil?
+          @_omit_body = true?(::Contrast::CONFIG.root.agent.omit_body) if @_omit_body.nil?
           @_omit_body
         end
         def exception_control
           @_exception_control ||= {
-              enable: true?(CONFIG.root.agent.ruby.exceptions.capture),
-              status: CONFIG.root.agent.ruby.exceptions.override_status || 403,
-              message: CONFIG.root.agent.ruby.exceptions.override_message || Contrast::Utils::ObjectShare::OVERRIDE_MESSAGE
+              enable: true?(::Contrast::CONFIG.root.agent.ruby.exceptions.capture),
+              status:
+                ::Contrast::CONFIG.root.agent.ruby.exceptions.override_status || 403,
+              message:
+                ::Contrast::CONFIG.root.agent.ruby.exceptions.override_message || Contrast::Utils::ObjectShare::OVERRIDE_MESSAGE
           }
         end
         def skip_instrumentation? loaded_module_name
           return true unless loaded_module_name
-          loaded_module_name.start_with?(*CONFIG.root.agent.ruby.uninstrument_namespace)
+          loaded_module_name.start_with?(*::Contrast::CONFIG.root.agent.ruby.uninstrument_namespace)
         end
+        # Insert ourselves into the application, keeping our middleware at the outermost layer of the onion
         def insert_middleware app
-          app.middleware.insert_before 0, Contrast::Agent::Middleware # Keep our middleware at the outermost layer of the onion
+          app.middleware.insert_before 0, Contrast::Agent::Middleware
         end
         def enable_tracepoint
@@ -94,18 +94,18 @@ module Contrast
         # Ruby exposed the C method for interpolation in version 2.6.0, meaning
         # we can attempt to patch using Funchook for that version and later.
         def interpolation_patch_possible?
-          @_interpolation_patch_possible = Gem::Version.new(RUBY_VERSION) >= INTERPOLATION_HOOKABLE_VERSION if @_interpolation_patch_possible.nil?
+          if @_interpolation_patch_possible.nil?
+            @_interpolation_patch_possible = Gem::Version.new(RUBY_VERSION) >= INTERPOLATION_HOOKABLE_VERSION
+          end
           @_interpolation_patch_possible
         end
         def retrieve_protect_ruleset
-          return {} unless enabled? && PROTECT.enabled?
+          return {} unless enabled? && ::Contrast::PROTECT.enabled?
-          PROTECT.rules
+          ::Contrast::PROTECT.rules
         end
       end
-      COMPONENT_INTERFACE = Interface.new
     end
   end
 end