contrast-agent 4.7.0 → 4.10.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (145) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +6 -1
  3. data/.rspec +0 -1
  4. data/.rspec_parallel +6 -0
  5. data/.simplecov +1 -0
  6. data/ext/cs__contrast_patch/cs__contrast_patch.c +0 -1
  7. data/ext/cs__contrast_patch/cs__contrast_patch.h +0 -2
  8. data/lib/contrast/agent/assess/contrast_event.rb +1 -5
  9. data/lib/contrast/agent/assess/finalizers/hash.rb +2 -5
  10. data/lib/contrast/agent/assess/policy/patcher.rb +5 -4
  11. data/lib/contrast/agent/assess/policy/policy.rb +1 -1
  12. data/lib/contrast/agent/assess/policy/policy_scanner.rb +2 -6
  13. data/lib/contrast/agent/assess/policy/preshift.rb +11 -8
  14. data/lib/contrast/agent/assess/policy/propagation_method.rb +102 -59
  15. data/lib/contrast/agent/assess/policy/propagator/database_write.rb +2 -7
  16. data/lib/contrast/agent/assess/policy/propagator/match_data.rb +31 -11
  17. data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +73 -0
  18. data/lib/contrast/agent/assess/policy/propagator/split.rb +10 -6
  19. data/lib/contrast/agent/assess/policy/propagator/substitution.rb +3 -3
  20. data/lib/contrast/agent/assess/policy/propagator.rb +1 -0
  21. data/lib/contrast/agent/assess/policy/rewriter_patch.rb +6 -7
  22. data/lib/contrast/agent/assess/policy/source_method.rb +18 -22
  23. data/lib/contrast/agent/assess/policy/trigger/xpath.rb +0 -4
  24. data/lib/contrast/agent/assess/policy/trigger_method.rb +61 -86
  25. data/lib/contrast/agent/assess/policy/trigger_node.rb +1 -1
  26. data/lib/contrast/agent/assess/property/evented.rb +2 -1
  27. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +3 -4
  28. data/lib/contrast/agent/at_exit_hook.rb +3 -3
  29. data/lib/contrast/agent/class_reopener.rb +6 -5
  30. data/lib/contrast/agent/disable_reaction.rb +4 -5
  31. data/lib/contrast/agent/exclusion_matcher.rb +2 -7
  32. data/lib/contrast/agent/inventory/database_config.rb +117 -0
  33. data/lib/contrast/agent/inventory/dependency_analysis.rb +2 -6
  34. data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +8 -9
  35. data/lib/contrast/agent/inventory/policy/datastores.rb +5 -6
  36. data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
  37. data/lib/contrast/agent/middleware.rb +15 -13
  38. data/lib/contrast/agent/patching/policy/after_load_patch.rb +6 -3
  39. data/lib/contrast/agent/patching/policy/after_load_patcher.rb +21 -16
  40. data/lib/contrast/agent/patching/policy/module_policy.rb +2 -4
  41. data/lib/contrast/agent/patching/policy/patch.rb +13 -8
  42. data/lib/contrast/agent/patching/policy/patch_status.rb +3 -7
  43. data/lib/contrast/agent/patching/policy/patcher.rb +14 -14
  44. data/lib/contrast/agent/patching/policy/policy.rb +2 -4
  45. data/lib/contrast/agent/patching/policy/policy_node.rb +2 -3
  46. data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +1 -1
  47. data/lib/contrast/agent/protect/policy/policy.rb +1 -1
  48. data/lib/contrast/agent/protect/policy/rule_applicator.rb +3 -5
  49. data/lib/contrast/agent/protect/rule/base.rb +10 -10
  50. data/lib/contrast/agent/protect/rule/cmd_injection.rb +4 -5
  51. data/lib/contrast/agent/protect/rule/no_sqli.rb +7 -53
  52. data/lib/contrast/agent/protect/rule/path_traversal.rb +1 -5
  53. data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +137 -0
  54. data/lib/contrast/agent/protect/rule/sqli.rb +7 -70
  55. data/lib/contrast/agent/reaction_processor.rb +3 -4
  56. data/lib/contrast/agent/request.rb +9 -5
  57. data/lib/contrast/agent/request_context.rb +28 -31
  58. data/lib/contrast/agent/request_handler.rb +5 -3
  59. data/lib/contrast/agent/response.rb +2 -3
  60. data/lib/contrast/agent/rewriter.rb +4 -3
  61. data/lib/contrast/agent/rule_set.rb +5 -4
  62. data/lib/contrast/agent/service_heartbeat.rb +2 -3
  63. data/lib/contrast/agent/static_analysis.rb +7 -6
  64. data/lib/contrast/agent/thread.rb +2 -4
  65. data/lib/contrast/agent/thread_watcher.rb +3 -4
  66. data/lib/contrast/agent/tracepoint_hook.rb +10 -5
  67. data/lib/contrast/agent/version.rb +1 -1
  68. data/lib/contrast/api/communication/messaging_queue.rb +16 -11
  69. data/lib/contrast/api/communication/response_processor.rb +11 -11
  70. data/lib/contrast/api/communication/service_lifecycle.rb +9 -5
  71. data/lib/contrast/api/communication/socket_client.rb +18 -14
  72. data/lib/contrast/api/communication/speedracer.rb +5 -6
  73. data/lib/contrast/api/decorators/address.rb +2 -3
  74. data/lib/contrast/api/decorators/agent_startup.rb +7 -9
  75. data/lib/contrast/api/decorators/application_startup.rb +9 -10
  76. data/lib/contrast/api/decorators/application_update.rb +0 -4
  77. data/lib/contrast/api/decorators/http_request.rb +3 -7
  78. data/lib/contrast/api/decorators/instrumentation_mode.rb +3 -5
  79. data/lib/contrast/api/decorators/message.rb +7 -7
  80. data/lib/contrast/api/decorators/route_coverage.rb +24 -1
  81. data/lib/contrast/api/decorators/trace_event_object.rb +2 -3
  82. data/lib/contrast/components/agent.rb +13 -15
  83. data/lib/contrast/components/app_context.rb +7 -11
  84. data/lib/contrast/components/assess.rb +19 -16
  85. data/lib/contrast/components/base.rb +40 -0
  86. data/lib/contrast/components/config.rb +1 -2
  87. data/lib/contrast/components/contrast_service.rb +8 -11
  88. data/lib/contrast/components/heap_dump.rb +5 -4
  89. data/lib/contrast/components/inventory.rb +2 -7
  90. data/lib/contrast/components/logger.rb +14 -10
  91. data/lib/contrast/components/protect.rb +10 -13
  92. data/lib/contrast/components/sampling.rb +5 -5
  93. data/lib/contrast/components/scope.rb +9 -32
  94. data/lib/contrast/components/settings.rb +1 -5
  95. data/lib/contrast/config/base_configuration.rb +14 -6
  96. data/lib/contrast/configuration.rb +22 -19
  97. data/lib/contrast/extension/assess/array.rb +3 -15
  98. data/lib/contrast/extension/assess/eval_trigger.rb +2 -23
  99. data/lib/contrast/extension/assess/fiber.rb +6 -16
  100. data/lib/contrast/extension/assess/hash.rb +3 -13
  101. data/lib/contrast/extension/assess/kernel.rb +3 -14
  102. data/lib/contrast/extension/assess/marshal.rb +6 -14
  103. data/lib/contrast/extension/assess/regexp.rb +5 -15
  104. data/lib/contrast/extension/assess/string.rb +6 -31
  105. data/lib/contrast/extension/extension.rb +61 -0
  106. data/lib/contrast/extension/kernel.rb +2 -4
  107. data/lib/contrast/extension/protect/kernel.rb +0 -15
  108. data/lib/contrast/framework/grape/support.rb +174 -0
  109. data/lib/contrast/framework/manager.rb +44 -9
  110. data/lib/contrast/framework/rack/patch/session_cookie.rb +6 -6
  111. data/lib/contrast/framework/rack/support.rb +1 -1
  112. data/lib/contrast/framework/rails/patch/assess_configuration.rb +5 -8
  113. data/lib/contrast/framework/rails/patch/support.rb +44 -37
  114. data/lib/contrast/framework/rails/railtie.rb +34 -0
  115. data/lib/contrast/framework/rails/rewrite/active_record_named.rb +4 -4
  116. data/lib/contrast/framework/rails/support.rb +60 -13
  117. data/lib/contrast/framework/sinatra/support.rb +1 -1
  118. data/lib/contrast/funchook/funchook.rb +4 -3
  119. data/lib/contrast/logger/application.rb +1 -6
  120. data/lib/contrast/logger/log.rb +103 -13
  121. data/lib/contrast/logger/request.rb +0 -4
  122. data/lib/contrast/tasks/config.rb +0 -1
  123. data/lib/contrast/tasks/service.rb +1 -6
  124. data/lib/contrast/utils/assess/sampling_util.rb +2 -3
  125. data/lib/contrast/utils/assess/tracking_util.rb +2 -4
  126. data/lib/contrast/utils/heap_dump_util.rb +5 -3
  127. data/lib/contrast/utils/invalid_configuration_util.rb +4 -3
  128. data/lib/contrast/utils/io_util.rb +3 -5
  129. data/lib/contrast/utils/job_servers_running.rb +4 -3
  130. data/lib/contrast/utils/os.rb +2 -3
  131. data/lib/contrast/utils/ruby_ast_rewriter.rb +16 -13
  132. data/lib/contrast/utils/string_utils.rb +2 -3
  133. data/lib/contrast/utils/tag_util.rb +26 -19
  134. data/lib/contrast.rb +24 -14
  135. data/resources/assess/policy.json +252 -2
  136. data/resources/deadzone/policy.json +10 -0
  137. data/ruby-agent.gemspec +14 -3
  138. data/service_executables/VERSION +1 -1
  139. data/service_executables/linux/contrast-service +0 -0
  140. data/service_executables/mac/contrast-service +0 -0
  141. metadata +104 -24
  142. data/lib/contrast/agent/railtie.rb +0 -31
  143. data/lib/contrast/components/interface.rb +0 -196
  144. data/lib/contrast/delegators/input_analysis.rb +0 -12
  145. data/lib/contrast/utils/inventory_util.rb +0 -114
@@ -1,7 +1,7 @@
1
1
  # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- require 'contrast/components/interface'
4
+ require 'contrast/components/logger'
5
5
 
6
6
  module Contrast
7
7
  module Api
@@ -9,8 +9,7 @@ module Contrast
9
9
  # Wraps all connection data to speedracer
10
10
  class Speedracer
11
11
  include Contrast::Api::Communication::ServiceLifecycle
12
- include Contrast::Components::Interface
13
- access_component :contrast_service, :logging, :app_context
12
+ include Contrast::Components::Logger::InstanceMethods
14
13
 
15
14
  attr_reader :status, :response_processor, :socket_client, :ensure_running
16
15
 
@@ -25,7 +24,7 @@ module Contrast
25
24
  return if status.connected?
26
25
 
27
26
  ensure_running.synchronize do
28
- if CONTRAST_SERVICE.use_bundled_service?
27
+ if ::Contrast::CONTRAST_SERVICE.use_bundled_service?
29
28
  logger.info('Attempting to start local service')
30
29
  unless attempt_local_service_startup
31
30
  logger.error('Failed to start local service')
@@ -70,7 +69,7 @@ module Contrast
70
69
  end
71
70
 
72
71
  def send_initialization_messages
73
- agent_startup_msg = APP_CONTEXT.build_agent_startup_message
72
+ agent_startup_msg = ::Contrast::APP_CONTEXT.build_agent_startup_message
74
73
 
75
74
  logger.debug('Preparing to send startup messages')
76
75
  # 1 initial attempt, + 3 potential retries.
@@ -80,7 +79,7 @@ module Contrast
80
79
  next unless (agent_response = socket_client.send_one(agent_startup_msg))
81
80
 
82
81
  # Connection was successful; send app create with the resolved features.
83
- app_startup_msg = APP_CONTEXT.build_app_startup_message
82
+ app_startup_msg = ::Contrast::APP_CONTEXT.build_app_startup_message
84
83
  log_send_event(app_startup_msg)
85
84
  app_response = socket_client.send_one(app_startup_msg)
86
85
 
@@ -2,7 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/api/dtm.pb'
5
- require 'contrast/components/interface'
5
+ require 'contrast/components/logger'
6
6
  require 'contrast/utils/string_utils'
7
7
  require 'contrast/utils/timer'
8
8
 
@@ -19,8 +19,7 @@ module Contrast
19
19
 
20
20
  # Used to add class methods to the ApplicationUpdate class on inclusion of the decorator
21
21
  module ClassMethods
22
- include Contrast::Components::Interface
23
- access_component :logging
22
+ include Contrast::Components::Logger::InstanceMethods
24
23
  # receiver is memoized because it is the address/host/port of the server, once we
25
24
  # resolve this for the first time, it shouldn't change
26
25
  #
@@ -2,8 +2,8 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/api/dtm.pb'
5
- require 'contrast/components/interface'
6
5
  require 'contrast/utils/string_utils'
6
+ require 'contrast/components/base'
7
7
 
8
8
  module Contrast
9
9
  module Api
@@ -11,8 +11,6 @@ module Contrast
11
11
  # Used to decorate the AgentStartup protobuf model to handle reporting Agent process start
12
12
  module AgentStartup
13
13
  include Contrast::Components::ComponentBase
14
- include Contrast::Components::Interface
15
- access_component :analysis, :config
16
14
 
17
15
  def self.included klass
18
16
  klass.extend(ClassMethods)
@@ -33,7 +31,7 @@ module Contrast
33
31
  msg.server_path = Contrast::Utils::StringUtils.protobuf_format path
34
32
  msg.server_type = Contrast::Utils::StringUtils.protobuf_format type
35
33
  config!(msg)
36
- msg.finding_tags = Contrast::Utils::StringUtils.protobuf_format ASSESS.tags
34
+ msg.finding_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::ASSESS.tags
37
35
  msg
38
36
  end
39
37
 
@@ -43,11 +41,11 @@ module Contrast
43
41
  #
44
42
  # @param msg [Contrast::Api::Dtm::AgentStartup]
45
43
  def config! msg
46
- msg.version = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.version
47
- msg.environment = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.environment
48
- msg.server_tags = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.server.tags
49
- msg.application_tags = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.tags
50
- msg.library_tags = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.inventory.tags
44
+ msg.version = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.version
45
+ msg.server_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.tags
46
+ msg.library_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.inventory.tags
47
+ msg.environment = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.environment
48
+ msg.application_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.tags
51
49
  end
52
50
  end
53
51
  end
@@ -3,7 +3,7 @@
3
3
 
4
4
  require 'contrast/api/dtm.pb'
5
5
  require 'contrast/api/decorators/instrumentation_mode'
6
- require 'contrast/components/interface'
6
+ require 'contrast/components/base'
7
7
  require 'contrast/utils/string_utils'
8
8
 
9
9
  module Contrast
@@ -12,8 +12,6 @@ module Contrast
12
12
  # Used to decorate the ApplicationCreate protobuf model to handle reporting Agent process start
13
13
  module ApplicationStartup
14
14
  include Contrast::Components::ComponentBase
15
- include Contrast::Components::Interface
16
- access_component :config
17
15
 
18
16
  def self.included klass
19
17
  klass.extend(ClassMethods)
@@ -26,11 +24,12 @@ module Contrast
26
24
  # @return [Contrast::Api::Dtm::ApplicationCreate]
27
25
  def build
28
26
  msg = new
29
- msg.app_version = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.version.to_s
30
- msg.code = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.code
31
- msg.group = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.group
32
- msg.metadata = Contrast::Utils::StringUtils.protobuf_format CONFIG.root.application.metadata
33
- msg.mode = Contrast::Api::Dtm::InstrumentationMode.build
27
+ msg.code = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.code
28
+ msg.group = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.group
29
+ msg.metadata = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.metadata
30
+ msg.mode = Contrast::Api::Dtm::InstrumentationMode.build
31
+ msg.app_version =
32
+ Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.version.to_s # rubocop:disable Layout/AssignmentIndentation Layout/FirstArgumentIndentation:
34
33
  session!(msg)
35
34
  msg
36
35
  end
@@ -42,10 +41,10 @@ module Contrast
42
41
  # @param msg [Contrast::Api::Dtm::ApplicationCreate]
43
42
  def session! msg
44
43
  msg.session_id = Contrast::Utils::StringUtils.protobuf_format(
45
- CONFIG.root.application.session_id,
44
+ ::Contrast::CONFIG.root.application.session_id,
46
45
  truncate: false)
47
46
  msg.session_metadata = Contrast::Utils::StringUtils.protobuf_format(
48
- CONFIG.root.application.session_metadata,
47
+ ::Contrast::CONFIG.root.application.session_metadata,
49
48
  truncate: false)
50
49
  end
51
50
  end
@@ -1,7 +1,6 @@
1
1
  # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- require 'contrast/components/interface'
5
4
  require 'contrast/utils/string_utils'
6
5
 
7
6
  module Contrast
@@ -11,9 +10,6 @@ module Contrast
11
10
  # model so it can own some of the data massaging required for AppUpdate
12
11
  # dtm.
13
12
  module ApplicationUpdate
14
- include Contrast::Components::Interface
15
- access_component :config
16
-
17
13
  def self.included klass
18
14
  klass.extend(ClassMethods)
19
15
  end
@@ -3,7 +3,7 @@
3
3
 
4
4
  require 'contrast/api/dtm.pb'
5
5
  require 'contrast/api/decorators/address'
6
- require 'contrast/components/interface'
6
+ require 'contrast/components/scope'
7
7
  require 'contrast/utils/string_utils'
8
8
  require 'contrast/utils/timer'
9
9
 
@@ -14,9 +14,6 @@ module Contrast
14
14
  # so it can own some of the data massaging required for Request dtm. Only
15
15
  # works as an extension of that class.
16
16
  module HttpRequest
17
- include Contrast::Components::Interface
18
- access_component :agent
19
-
20
17
  OMITTED_BODY = '{{body-omitted-by-contrast}}'
21
18
 
22
19
  def self.included klass
@@ -93,7 +90,7 @@ module Contrast
93
90
  end
94
91
 
95
92
  def omit_body? request
96
- return true if AGENT.omit_body?
93
+ return true if ::Contrast::AGENT.omit_body?
97
94
  return false if request.document_type != :NORMAL
98
95
 
99
96
  request.content_type&.include?('multipart/form-data')
@@ -111,8 +108,7 @@ module Contrast
111
108
 
112
109
  # Used to add class methods to the ApplicationUpdate class on inclusion of the decorator
113
110
  module ClassMethods
114
- include Contrast::Components::Interface
115
- access_component :scope
111
+ include Contrast::Components::Scope::InstanceMethods
116
112
 
117
113
  # Convert our Request into a DTM
118
114
  # @param request [Contrast::Agent::Request]
@@ -2,7 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/api/dtm.pb'
5
- require 'contrast/components/interface'
5
+ require 'contrast/components/base'
6
6
 
7
7
  module Contrast
8
8
  module Api
@@ -10,8 +10,6 @@ module Contrast
10
10
  # Used to decorate the InstrumentationMode protobuf model to handle reporting Agent process start
11
11
  module InstrumentationMode
12
12
  include Contrast::Components::ComponentBase
13
- include Contrast::Components::Interface
14
- access_component :analysis
15
13
 
16
14
  def self.included klass
17
15
  klass.extend(ClassMethods)
@@ -24,8 +22,8 @@ module Contrast
24
22
  # @return [Contrast::Api::Dtm::InstrumentationMode]
25
23
  def build
26
24
  msg = new
27
- msg.assess = ASSESS.enabled?
28
- msg.protect = PROTECT.enabled?
25
+ msg.assess = ::Contrast::ASSESS.enabled?
26
+ msg.protect = ::Contrast::PROTECT.enabled?
29
27
  msg
30
28
  end
31
29
  end
@@ -3,6 +3,7 @@
3
3
 
4
4
  require 'contrast/utils/object_share'
5
5
  require 'contrast/utils/string_utils'
6
+ require 'contrast/components/logger'
6
7
 
7
8
  module Contrast
8
9
  module Api
@@ -10,8 +11,7 @@ module Contrast
10
11
  # Used to decorate the {Contrast::Api::Dtm::Message} protobuf model so it
11
12
  # can handle instance data massaging.
12
13
  module Message
13
- include Contrast::Components::Interface
14
- access_component :app_context, :logging
14
+ include Contrast::Components::Logger::InstanceMethods
15
15
 
16
16
  def self.included klass
17
17
  klass.extend(ClassMethods)
@@ -58,13 +58,13 @@ module Contrast
58
58
 
59
59
  def build event
60
60
  msg = new
61
- msg.app_name = APP_CONTEXT.app_name
62
- msg.app_path = APP_CONTEXT.path
61
+ msg.app_name = ::Contrast::APP_CONTEXT.app_name
62
+ msg.app_path = ::Contrast::APP_CONTEXT.path
63
63
  msg.app_language = Contrast::Utils::ObjectShare::RUBY
64
- msg.client_id = APP_CONTEXT.client_id
64
+ msg.client_id = ::Contrast::APP_CONTEXT.client_id
65
65
  msg.message_count = message_count
66
- msg.pid = APP_CONTEXT.pid
67
- msg.ppid = APP_CONTEXT.ppid
66
+ msg.pid = ::Contrast::APP_CONTEXT.pid
67
+ msg.ppid = ::Contrast::APP_CONTEXT.ppid
68
68
  msg.append_event(event)
69
69
  msg
70
70
  end
@@ -46,7 +46,7 @@ module Contrast
46
46
  #
47
47
  # @param controller [::Sinatra::Base] the route's final controller.
48
48
  # @param method [String] GET, PUT, POST, etc...
49
- # @param method [::Mustermann::Sinatra] the pattern that was matched in routing.
49
+ # @param pattern [::Mustermann::Sinatra] the pattern that was matched in routing.
50
50
  # @param url [String, nil] use url from string instead matched pattern.
51
51
  # @return [Contrast::Api::Dtm::RouteCoverage]
52
52
  def from_sinatra_route controller, method, pattern, url = nil
@@ -59,6 +59,29 @@ module Contrast
59
59
  msg.url = Contrast::Utils::StringUtils.force_utf8(safe_url)
60
60
  msg
61
61
  end
62
+
63
+ # Convert Grape route data to dtm message.
64
+ #
65
+ # @param controller [::Grape::API] the route's final controller.
66
+ # @param method [String] GET, PUT, POST, etc...
67
+ # @param url [String, nil] use url from string instead matched pattern.
68
+ # @param pattern [String, Grape::Router::Route] the pattern that was matched in routing.
69
+ # @return [Contrast::Api::Dtm::RouteCoverage]
70
+ def from_grape_controller controller, method, pattern, url = nil
71
+ if pattern.cs__is_a?(Grape::Router::Route)
72
+ safe_pattern = pattern.pattern&.path&.to_s
73
+ safe_url = source_or_string(url || safe_pattern)
74
+ else
75
+ safe_pattern = source_or_string(pattern)
76
+ safe_url = source_or_string(url || pattern)
77
+ end
78
+
79
+ msg = new
80
+ msg.route = "#{ controller }##{ method } #{ safe_pattern }"
81
+ msg.verb = Contrast::Utils::StringUtils.force_utf8(method)
82
+ msg.url = Contrast::Utils::StringUtils.force_utf8(safe_url)
83
+ msg
84
+ end
62
85
  end
63
86
  end
64
87
  end
@@ -4,7 +4,7 @@
4
4
  require 'contrast/utils/string_utils'
5
5
  require 'contrast/utils/assess/tracking_util'
6
6
  require 'base64'
7
- require 'contrast/components/interface'
7
+ require 'contrast/components/scope'
8
8
 
9
9
  module Contrast
10
10
  module Api
@@ -18,8 +18,7 @@ module Contrast
18
18
 
19
19
  # Class methods for TraceEventObject
20
20
  module ClassMethods
21
- include Contrast::Components::Interface
22
- access_component :scope
21
+ include Contrast::Components::Scope::InstanceMethods
23
22
  # Build the event object. We were originally going to include taint on
24
23
  # each one, but TS doesn't accept / use that, so it is a waste of time.
25
24
  #
@@ -12,12 +12,9 @@ module Contrast
12
12
  # Specifically, this allows for querying the state of the Agent.
13
13
  class Interface
14
14
  include Contrast::Components::ComponentBase
15
- include Contrast::Components::Interface
16
-
17
- access_component :analysis, :config, :settings
18
15
 
19
16
  def enabled?
20
- @_enabled = !false?(CONFIG.root.enable) if @_enabled.nil?
17
+ @_enabled = !false?(::Contrast::CONFIG.root.enable) if @_enabled.nil?
21
18
  @_enabled
22
19
  end
23
20
 
@@ -52,34 +49,37 @@ module Contrast
52
49
  end
53
50
 
54
51
  def patch_yield?
55
- @_patch_yield = !false?(CONFIG.root.agent.ruby.propagate_yield) if @_patch_yield.nil?
52
+ @_patch_yield = !false?(::Contrast::CONFIG.root.agent.ruby.propagate_yield) if @_patch_yield.nil?
56
53
  @_patch_yield
57
54
  end
58
55
 
59
56
  def interpolation_enabled?
60
- @_interpolation_enabled = !false?(CONFIG.root.agent.ruby.interpolate) if @_interpolation_enabled.nil?
57
+ if @_interpolation_enabled.nil?
58
+ @_interpolation_enabled = !false?(::Contrast::CONFIG.root.agent.ruby.interpolate)
59
+ end
61
60
  @_interpolation_enabled
62
61
  end
63
62
 
64
63
  def omit_body?
65
- @_omit_body = true?(CONFIG.root.agent.omit_body) if @_omit_body.nil?
64
+ @_omit_body = true?(::Contrast::CONFIG.root.agent.omit_body) if @_omit_body.nil?
66
65
  @_omit_body
67
66
  end
68
67
 
69
68
  def exception_control
70
69
  @_exception_control ||= {
71
- enable: true?(CONFIG.root.agent.ruby.exceptions.capture),
70
+ enable: true?(::Contrast::CONFIG.root.agent.ruby.exceptions.capture),
72
71
  status:
73
- CONFIG.root.agent.ruby.exceptions.override_status || 403,
72
+ ::Contrast::CONFIG.root.agent.ruby.exceptions.override_status || 403,
74
73
  message:
75
- CONFIG.root.agent.ruby.exceptions.override_message || Contrast::Utils::ObjectShare::OVERRIDE_MESSAGE
74
+ ::Contrast::CONFIG.root.agent.ruby.exceptions.override_message ||
75
+ Contrast::Utils::ObjectShare::OVERRIDE_MESSAGE
76
76
  }
77
77
  end
78
78
 
79
79
  def skip_instrumentation? loaded_module_name
80
80
  return true unless loaded_module_name
81
81
 
82
- loaded_module_name.start_with?(*CONFIG.root.agent.ruby.uninstrument_namespace)
82
+ loaded_module_name.start_with?(*::Contrast::CONFIG.root.agent.ruby.uninstrument_namespace)
83
83
  end
84
84
 
85
85
  # Insert ourselves into the application, keeping our middleware at the outermost layer of the onion
@@ -104,13 +104,11 @@ module Contrast
104
104
  end
105
105
 
106
106
  def retrieve_protect_ruleset
107
- return {} unless enabled? && PROTECT.enabled?
107
+ return {} unless enabled? && ::Contrast::PROTECT.enabled?
108
108
 
109
- PROTECT.rules
109
+ ::Contrast::PROTECT.rules
110
110
  end
111
111
  end
112
-
113
- COMPONENT_INTERFACE = Interface.new
114
112
  end
115
113
  end
116
114
  end
@@ -16,9 +16,7 @@ module Contrast
16
16
  # including the Client, Process, and Server information.
17
17
  class Interface
18
18
  include Contrast::Components::ComponentBase
19
- include Contrast::Components::Interface
20
-
21
- access_component :agent, :analysis, :config, :logging
19
+ include Contrast::Components::Logger::InstanceMethods
22
20
 
23
21
  DEFAULT_APP_NAME = 'rails'
24
22
  DEFAULT_APP_PATH = '/'
@@ -31,7 +29,7 @@ module Contrast
31
29
 
32
30
  def server_type
33
31
  @_server_type ||= begin
34
- tmp = CONFIG.root.server.type
32
+ tmp = ::Contrast::CONFIG.root.server.type
35
33
  tmp = Contrast::Agent.framework_manager.server_type unless Contrast::Utils::StringUtils.present?(tmp)
36
34
  tmp
37
35
  end
@@ -39,7 +37,7 @@ module Contrast
39
37
 
40
38
  def app_name
41
39
  @_app_name ||= begin
42
- tmp = CONFIG.root.application.name # rubocop:disable Security/Module/Name
40
+ tmp = ::Contrast::CONFIG.root.application.name # rubocop:disable Security/Module/Name
43
41
  tmp = Contrast::Agent.framework_manager.app_name unless Contrast::Utils::StringUtils.present?(tmp)
44
42
  tmp = File.basename(Dir.pwd) unless Contrast::Utils::StringUtils.present?(tmp)
45
43
  Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_NAME)
@@ -50,7 +48,7 @@ module Contrast
50
48
 
51
49
  def path
52
50
  @_path ||= begin
53
- tmp = CONFIG.root.application.path
51
+ tmp = ::Contrast::CONFIG.root.application.path
54
52
  Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_PATH)
55
53
  rescue StandardError
56
54
  DEFAULT_APP_PATH
@@ -59,7 +57,7 @@ module Contrast
59
57
 
60
58
  def server_name
61
59
  @_server_name ||= begin
62
- tmp = CONFIG.root.server.name # rubocop:disable Security/Module/Name
60
+ tmp = ::Contrast::CONFIG.root.server.name # rubocop:disable Security/Module/Name
63
61
  tmp = Socket.gethostname unless Contrast::Utils::StringUtils.present?(tmp)
64
62
  tmp = Contrast::Utils::StringUtils.force_utf8(tmp)
65
63
  Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_NAME)
@@ -70,7 +68,7 @@ module Contrast
70
68
 
71
69
  def server_path
72
70
  @_server_path ||= begin
73
- tmp = CONFIG.root.server.path
71
+ tmp = ::Contrast::CONFIG.root.server.path
74
72
  tmp = Dir.pwd unless Contrast::Utils::StringUtils.present?(tmp)
75
73
  Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_PATH)
76
74
  rescue StandardError
@@ -116,7 +114,7 @@ module Contrast
116
114
  end
117
115
 
118
116
  def disabled_agent_rake_tasks
119
- CONFIG.root.agent.ruby.disabled_agent_rake_tasks
117
+ ::Contrast::CONFIG.root.agent.ruby.disabled_agent_rake_tasks
120
118
  end
121
119
 
122
120
  # Determines if the Process we're currently in matches that of the
@@ -137,8 +135,6 @@ module Contrast
137
135
  @_original_pid ||= Process.pid
138
136
  end
139
137
  end
140
-
141
- COMPONENT_INTERFACE = Interface.new
142
138
  end
143
139
  end
144
140
  end