contrast-agent 4.7.0 → 4.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +6 -1
- data/.rspec +0 -1
- data/.rspec_parallel +6 -0
- data/.simplecov +1 -0
- data/ext/cs__contrast_patch/cs__contrast_patch.c +0 -1
- data/ext/cs__contrast_patch/cs__contrast_patch.h +0 -2
- data/lib/contrast/agent/assess/contrast_event.rb +1 -5
- data/lib/contrast/agent/assess/finalizers/hash.rb +2 -5
- data/lib/contrast/agent/assess/policy/patcher.rb +5 -4
- data/lib/contrast/agent/assess/policy/policy.rb +1 -1
- data/lib/contrast/agent/assess/policy/policy_scanner.rb +2 -6
- data/lib/contrast/agent/assess/policy/preshift.rb +11 -8
- data/lib/contrast/agent/assess/policy/propagation_method.rb +102 -59
- data/lib/contrast/agent/assess/policy/propagator/database_write.rb +2 -7
- data/lib/contrast/agent/assess/policy/propagator/match_data.rb +31 -11
- data/lib/contrast/agent/assess/policy/propagator/rack_protection.rb +73 -0
- data/lib/contrast/agent/assess/policy/propagator/split.rb +10 -6
- data/lib/contrast/agent/assess/policy/propagator/substitution.rb +3 -3
- data/lib/contrast/agent/assess/policy/propagator.rb +1 -0
- data/lib/contrast/agent/assess/policy/rewriter_patch.rb +6 -7
- data/lib/contrast/agent/assess/policy/source_method.rb +18 -22
- data/lib/contrast/agent/assess/policy/trigger/xpath.rb +0 -4
- data/lib/contrast/agent/assess/policy/trigger_method.rb +61 -86
- data/lib/contrast/agent/assess/policy/trigger_node.rb +1 -1
- data/lib/contrast/agent/assess/property/evented.rb +2 -1
- data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +3 -4
- data/lib/contrast/agent/at_exit_hook.rb +3 -3
- data/lib/contrast/agent/class_reopener.rb +6 -5
- data/lib/contrast/agent/disable_reaction.rb +4 -5
- data/lib/contrast/agent/exclusion_matcher.rb +2 -7
- data/lib/contrast/agent/inventory/database_config.rb +117 -0
- data/lib/contrast/agent/inventory/dependency_analysis.rb +2 -6
- data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +8 -9
- data/lib/contrast/agent/inventory/policy/datastores.rb +5 -6
- data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
- data/lib/contrast/agent/middleware.rb +15 -13
- data/lib/contrast/agent/patching/policy/after_load_patch.rb +6 -3
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +21 -16
- data/lib/contrast/agent/patching/policy/module_policy.rb +2 -4
- data/lib/contrast/agent/patching/policy/patch.rb +13 -8
- data/lib/contrast/agent/patching/policy/patch_status.rb +3 -7
- data/lib/contrast/agent/patching/policy/patcher.rb +14 -14
- data/lib/contrast/agent/patching/policy/policy.rb +2 -4
- data/lib/contrast/agent/patching/policy/policy_node.rb +2 -3
- data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +1 -1
- data/lib/contrast/agent/protect/policy/policy.rb +1 -1
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +3 -5
- data/lib/contrast/agent/protect/rule/base.rb +10 -10
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +4 -5
- data/lib/contrast/agent/protect/rule/no_sqli.rb +7 -53
- data/lib/contrast/agent/protect/rule/path_traversal.rb +1 -5
- data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +137 -0
- data/lib/contrast/agent/protect/rule/sqli.rb +7 -70
- data/lib/contrast/agent/reaction_processor.rb +3 -4
- data/lib/contrast/agent/request.rb +9 -5
- data/lib/contrast/agent/request_context.rb +28 -31
- data/lib/contrast/agent/request_handler.rb +5 -3
- data/lib/contrast/agent/response.rb +2 -3
- data/lib/contrast/agent/rewriter.rb +4 -3
- data/lib/contrast/agent/rule_set.rb +5 -4
- data/lib/contrast/agent/service_heartbeat.rb +2 -3
- data/lib/contrast/agent/static_analysis.rb +7 -6
- data/lib/contrast/agent/thread.rb +2 -4
- data/lib/contrast/agent/thread_watcher.rb +3 -4
- data/lib/contrast/agent/tracepoint_hook.rb +10 -5
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/api/communication/messaging_queue.rb +16 -11
- data/lib/contrast/api/communication/response_processor.rb +11 -11
- data/lib/contrast/api/communication/service_lifecycle.rb +9 -5
- data/lib/contrast/api/communication/socket_client.rb +18 -14
- data/lib/contrast/api/communication/speedracer.rb +5 -6
- data/lib/contrast/api/decorators/address.rb +2 -3
- data/lib/contrast/api/decorators/agent_startup.rb +7 -9
- data/lib/contrast/api/decorators/application_startup.rb +9 -10
- data/lib/contrast/api/decorators/application_update.rb +0 -4
- data/lib/contrast/api/decorators/http_request.rb +3 -7
- data/lib/contrast/api/decorators/instrumentation_mode.rb +3 -5
- data/lib/contrast/api/decorators/message.rb +7 -7
- data/lib/contrast/api/decorators/route_coverage.rb +24 -1
- data/lib/contrast/api/decorators/trace_event_object.rb +2 -3
- data/lib/contrast/components/agent.rb +13 -15
- data/lib/contrast/components/app_context.rb +7 -11
- data/lib/contrast/components/assess.rb +19 -16
- data/lib/contrast/components/base.rb +40 -0
- data/lib/contrast/components/config.rb +1 -2
- data/lib/contrast/components/contrast_service.rb +8 -11
- data/lib/contrast/components/heap_dump.rb +5 -4
- data/lib/contrast/components/inventory.rb +2 -7
- data/lib/contrast/components/logger.rb +14 -10
- data/lib/contrast/components/protect.rb +10 -13
- data/lib/contrast/components/sampling.rb +5 -5
- data/lib/contrast/components/scope.rb +9 -32
- data/lib/contrast/components/settings.rb +1 -5
- data/lib/contrast/config/base_configuration.rb +14 -6
- data/lib/contrast/configuration.rb +22 -19
- data/lib/contrast/extension/assess/array.rb +3 -15
- data/lib/contrast/extension/assess/eval_trigger.rb +2 -23
- data/lib/contrast/extension/assess/fiber.rb +6 -16
- data/lib/contrast/extension/assess/hash.rb +3 -13
- data/lib/contrast/extension/assess/kernel.rb +3 -14
- data/lib/contrast/extension/assess/marshal.rb +6 -14
- data/lib/contrast/extension/assess/regexp.rb +5 -15
- data/lib/contrast/extension/assess/string.rb +6 -31
- data/lib/contrast/extension/extension.rb +61 -0
- data/lib/contrast/extension/kernel.rb +2 -4
- data/lib/contrast/extension/protect/kernel.rb +0 -15
- data/lib/contrast/framework/grape/support.rb +174 -0
- data/lib/contrast/framework/manager.rb +44 -9
- data/lib/contrast/framework/rack/patch/session_cookie.rb +6 -6
- data/lib/contrast/framework/rack/support.rb +1 -1
- data/lib/contrast/framework/rails/patch/assess_configuration.rb +5 -8
- data/lib/contrast/framework/rails/patch/support.rb +44 -37
- data/lib/contrast/framework/rails/railtie.rb +34 -0
- data/lib/contrast/framework/rails/rewrite/active_record_named.rb +4 -4
- data/lib/contrast/framework/rails/support.rb +60 -13
- data/lib/contrast/framework/sinatra/support.rb +1 -1
- data/lib/contrast/funchook/funchook.rb +4 -3
- data/lib/contrast/logger/application.rb +1 -6
- data/lib/contrast/logger/log.rb +103 -13
- data/lib/contrast/logger/request.rb +0 -4
- data/lib/contrast/tasks/config.rb +0 -1
- data/lib/contrast/tasks/service.rb +1 -6
- data/lib/contrast/utils/assess/sampling_util.rb +2 -3
- data/lib/contrast/utils/assess/tracking_util.rb +2 -4
- data/lib/contrast/utils/heap_dump_util.rb +5 -3
- data/lib/contrast/utils/invalid_configuration_util.rb +4 -3
- data/lib/contrast/utils/io_util.rb +3 -5
- data/lib/contrast/utils/job_servers_running.rb +4 -3
- data/lib/contrast/utils/os.rb +2 -3
- data/lib/contrast/utils/ruby_ast_rewriter.rb +16 -13
- data/lib/contrast/utils/string_utils.rb +2 -3
- data/lib/contrast/utils/tag_util.rb +26 -19
- data/lib/contrast.rb +24 -14
- data/resources/assess/policy.json +252 -2
- data/resources/deadzone/policy.json +10 -0
- data/ruby-agent.gemspec +14 -3
- data/service_executables/VERSION +1 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
- metadata +104 -24
- data/lib/contrast/agent/railtie.rb +0 -31
- data/lib/contrast/components/interface.rb +0 -196
- data/lib/contrast/delegators/input_analysis.rb +0 -12
- data/lib/contrast/utils/inventory_util.rb +0 -114
@@ -1,7 +1,7 @@
|
|
1
1
|
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
-
require 'contrast/components/
|
4
|
+
require 'contrast/components/logger'
|
5
5
|
|
6
6
|
module Contrast
|
7
7
|
module Api
|
@@ -9,8 +9,7 @@ module Contrast
|
|
9
9
|
# Wraps all connection data to speedracer
|
10
10
|
class Speedracer
|
11
11
|
include Contrast::Api::Communication::ServiceLifecycle
|
12
|
-
include Contrast::Components::
|
13
|
-
access_component :contrast_service, :logging, :app_context
|
12
|
+
include Contrast::Components::Logger::InstanceMethods
|
14
13
|
|
15
14
|
attr_reader :status, :response_processor, :socket_client, :ensure_running
|
16
15
|
|
@@ -25,7 +24,7 @@ module Contrast
|
|
25
24
|
return if status.connected?
|
26
25
|
|
27
26
|
ensure_running.synchronize do
|
28
|
-
if CONTRAST_SERVICE.use_bundled_service?
|
27
|
+
if ::Contrast::CONTRAST_SERVICE.use_bundled_service?
|
29
28
|
logger.info('Attempting to start local service')
|
30
29
|
unless attempt_local_service_startup
|
31
30
|
logger.error('Failed to start local service')
|
@@ -70,7 +69,7 @@ module Contrast
|
|
70
69
|
end
|
71
70
|
|
72
71
|
def send_initialization_messages
|
73
|
-
agent_startup_msg = APP_CONTEXT.build_agent_startup_message
|
72
|
+
agent_startup_msg = ::Contrast::APP_CONTEXT.build_agent_startup_message
|
74
73
|
|
75
74
|
logger.debug('Preparing to send startup messages')
|
76
75
|
# 1 initial attempt, + 3 potential retries.
|
@@ -80,7 +79,7 @@ module Contrast
|
|
80
79
|
next unless (agent_response = socket_client.send_one(agent_startup_msg))
|
81
80
|
|
82
81
|
# Connection was successful; send app create with the resolved features.
|
83
|
-
app_startup_msg = APP_CONTEXT.build_app_startup_message
|
82
|
+
app_startup_msg = ::Contrast::APP_CONTEXT.build_app_startup_message
|
84
83
|
log_send_event(app_startup_msg)
|
85
84
|
app_response = socket_client.send_one(app_startup_msg)
|
86
85
|
|
@@ -2,7 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/api/dtm.pb'
|
5
|
-
require 'contrast/components/
|
5
|
+
require 'contrast/components/logger'
|
6
6
|
require 'contrast/utils/string_utils'
|
7
7
|
require 'contrast/utils/timer'
|
8
8
|
|
@@ -19,8 +19,7 @@ module Contrast
|
|
19
19
|
|
20
20
|
# Used to add class methods to the ApplicationUpdate class on inclusion of the decorator
|
21
21
|
module ClassMethods
|
22
|
-
include Contrast::Components::
|
23
|
-
access_component :logging
|
22
|
+
include Contrast::Components::Logger::InstanceMethods
|
24
23
|
# receiver is memoized because it is the address/host/port of the server, once we
|
25
24
|
# resolve this for the first time, it shouldn't change
|
26
25
|
#
|
@@ -2,8 +2,8 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/api/dtm.pb'
|
5
|
-
require 'contrast/components/interface'
|
6
5
|
require 'contrast/utils/string_utils'
|
6
|
+
require 'contrast/components/base'
|
7
7
|
|
8
8
|
module Contrast
|
9
9
|
module Api
|
@@ -11,8 +11,6 @@ module Contrast
|
|
11
11
|
# Used to decorate the AgentStartup protobuf model to handle reporting Agent process start
|
12
12
|
module AgentStartup
|
13
13
|
include Contrast::Components::ComponentBase
|
14
|
-
include Contrast::Components::Interface
|
15
|
-
access_component :analysis, :config
|
16
14
|
|
17
15
|
def self.included klass
|
18
16
|
klass.extend(ClassMethods)
|
@@ -33,7 +31,7 @@ module Contrast
|
|
33
31
|
msg.server_path = Contrast::Utils::StringUtils.protobuf_format path
|
34
32
|
msg.server_type = Contrast::Utils::StringUtils.protobuf_format type
|
35
33
|
config!(msg)
|
36
|
-
msg.finding_tags = Contrast::Utils::StringUtils.protobuf_format ASSESS.tags
|
34
|
+
msg.finding_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::ASSESS.tags
|
37
35
|
msg
|
38
36
|
end
|
39
37
|
|
@@ -43,11 +41,11 @@ module Contrast
|
|
43
41
|
#
|
44
42
|
# @param msg [Contrast::Api::Dtm::AgentStartup]
|
45
43
|
def config! msg
|
46
|
-
msg.version
|
47
|
-
msg.
|
48
|
-
msg.
|
49
|
-
msg.
|
50
|
-
msg.
|
44
|
+
msg.version = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.version
|
45
|
+
msg.server_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.tags
|
46
|
+
msg.library_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.inventory.tags
|
47
|
+
msg.environment = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.environment
|
48
|
+
msg.application_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.tags
|
51
49
|
end
|
52
50
|
end
|
53
51
|
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
|
4
4
|
require 'contrast/api/dtm.pb'
|
5
5
|
require 'contrast/api/decorators/instrumentation_mode'
|
6
|
-
require 'contrast/components/
|
6
|
+
require 'contrast/components/base'
|
7
7
|
require 'contrast/utils/string_utils'
|
8
8
|
|
9
9
|
module Contrast
|
@@ -12,8 +12,6 @@ module Contrast
|
|
12
12
|
# Used to decorate the ApplicationCreate protobuf model to handle reporting Agent process start
|
13
13
|
module ApplicationStartup
|
14
14
|
include Contrast::Components::ComponentBase
|
15
|
-
include Contrast::Components::Interface
|
16
|
-
access_component :config
|
17
15
|
|
18
16
|
def self.included klass
|
19
17
|
klass.extend(ClassMethods)
|
@@ -26,11 +24,12 @@ module Contrast
|
|
26
24
|
# @return [Contrast::Api::Dtm::ApplicationCreate]
|
27
25
|
def build
|
28
26
|
msg = new
|
29
|
-
msg.
|
30
|
-
msg.
|
31
|
-
msg.
|
32
|
-
msg.
|
33
|
-
msg.
|
27
|
+
msg.code = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.code
|
28
|
+
msg.group = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.group
|
29
|
+
msg.metadata = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.metadata
|
30
|
+
msg.mode = Contrast::Api::Dtm::InstrumentationMode.build
|
31
|
+
msg.app_version =
|
32
|
+
Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.version.to_s # rubocop:disable Layout/AssignmentIndentation Layout/FirstArgumentIndentation:
|
34
33
|
session!(msg)
|
35
34
|
msg
|
36
35
|
end
|
@@ -42,10 +41,10 @@ module Contrast
|
|
42
41
|
# @param msg [Contrast::Api::Dtm::ApplicationCreate]
|
43
42
|
def session! msg
|
44
43
|
msg.session_id = Contrast::Utils::StringUtils.protobuf_format(
|
45
|
-
CONFIG.root.application.session_id,
|
44
|
+
::Contrast::CONFIG.root.application.session_id,
|
46
45
|
truncate: false)
|
47
46
|
msg.session_metadata = Contrast::Utils::StringUtils.protobuf_format(
|
48
|
-
CONFIG.root.application.session_metadata,
|
47
|
+
::Contrast::CONFIG.root.application.session_metadata,
|
49
48
|
truncate: false)
|
50
49
|
end
|
51
50
|
end
|
@@ -1,7 +1,6 @@
|
|
1
1
|
# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
-
require 'contrast/components/interface'
|
5
4
|
require 'contrast/utils/string_utils'
|
6
5
|
|
7
6
|
module Contrast
|
@@ -11,9 +10,6 @@ module Contrast
|
|
11
10
|
# model so it can own some of the data massaging required for AppUpdate
|
12
11
|
# dtm.
|
13
12
|
module ApplicationUpdate
|
14
|
-
include Contrast::Components::Interface
|
15
|
-
access_component :config
|
16
|
-
|
17
13
|
def self.included klass
|
18
14
|
klass.extend(ClassMethods)
|
19
15
|
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
|
4
4
|
require 'contrast/api/dtm.pb'
|
5
5
|
require 'contrast/api/decorators/address'
|
6
|
-
require 'contrast/components/
|
6
|
+
require 'contrast/components/scope'
|
7
7
|
require 'contrast/utils/string_utils'
|
8
8
|
require 'contrast/utils/timer'
|
9
9
|
|
@@ -14,9 +14,6 @@ module Contrast
|
|
14
14
|
# so it can own some of the data massaging required for Request dtm. Only
|
15
15
|
# works as an extension of that class.
|
16
16
|
module HttpRequest
|
17
|
-
include Contrast::Components::Interface
|
18
|
-
access_component :agent
|
19
|
-
|
20
17
|
OMITTED_BODY = '{{body-omitted-by-contrast}}'
|
21
18
|
|
22
19
|
def self.included klass
|
@@ -93,7 +90,7 @@ module Contrast
|
|
93
90
|
end
|
94
91
|
|
95
92
|
def omit_body? request
|
96
|
-
return true if AGENT.omit_body?
|
93
|
+
return true if ::Contrast::AGENT.omit_body?
|
97
94
|
return false if request.document_type != :NORMAL
|
98
95
|
|
99
96
|
request.content_type&.include?('multipart/form-data')
|
@@ -111,8 +108,7 @@ module Contrast
|
|
111
108
|
|
112
109
|
# Used to add class methods to the ApplicationUpdate class on inclusion of the decorator
|
113
110
|
module ClassMethods
|
114
|
-
include Contrast::Components::
|
115
|
-
access_component :scope
|
111
|
+
include Contrast::Components::Scope::InstanceMethods
|
116
112
|
|
117
113
|
# Convert our Request into a DTM
|
118
114
|
# @param request [Contrast::Agent::Request]
|
@@ -2,7 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require 'contrast/api/dtm.pb'
|
5
|
-
require 'contrast/components/
|
5
|
+
require 'contrast/components/base'
|
6
6
|
|
7
7
|
module Contrast
|
8
8
|
module Api
|
@@ -10,8 +10,6 @@ module Contrast
|
|
10
10
|
# Used to decorate the InstrumentationMode protobuf model to handle reporting Agent process start
|
11
11
|
module InstrumentationMode
|
12
12
|
include Contrast::Components::ComponentBase
|
13
|
-
include Contrast::Components::Interface
|
14
|
-
access_component :analysis
|
15
13
|
|
16
14
|
def self.included klass
|
17
15
|
klass.extend(ClassMethods)
|
@@ -24,8 +22,8 @@ module Contrast
|
|
24
22
|
# @return [Contrast::Api::Dtm::InstrumentationMode]
|
25
23
|
def build
|
26
24
|
msg = new
|
27
|
-
msg.assess = ASSESS.enabled?
|
28
|
-
msg.protect = PROTECT.enabled?
|
25
|
+
msg.assess = ::Contrast::ASSESS.enabled?
|
26
|
+
msg.protect = ::Contrast::PROTECT.enabled?
|
29
27
|
msg
|
30
28
|
end
|
31
29
|
end
|
@@ -3,6 +3,7 @@
|
|
3
3
|
|
4
4
|
require 'contrast/utils/object_share'
|
5
5
|
require 'contrast/utils/string_utils'
|
6
|
+
require 'contrast/components/logger'
|
6
7
|
|
7
8
|
module Contrast
|
8
9
|
module Api
|
@@ -10,8 +11,7 @@ module Contrast
|
|
10
11
|
# Used to decorate the {Contrast::Api::Dtm::Message} protobuf model so it
|
11
12
|
# can handle instance data massaging.
|
12
13
|
module Message
|
13
|
-
include Contrast::Components::
|
14
|
-
access_component :app_context, :logging
|
14
|
+
include Contrast::Components::Logger::InstanceMethods
|
15
15
|
|
16
16
|
def self.included klass
|
17
17
|
klass.extend(ClassMethods)
|
@@ -58,13 +58,13 @@ module Contrast
|
|
58
58
|
|
59
59
|
def build event
|
60
60
|
msg = new
|
61
|
-
msg.app_name = APP_CONTEXT.app_name
|
62
|
-
msg.app_path = APP_CONTEXT.path
|
61
|
+
msg.app_name = ::Contrast::APP_CONTEXT.app_name
|
62
|
+
msg.app_path = ::Contrast::APP_CONTEXT.path
|
63
63
|
msg.app_language = Contrast::Utils::ObjectShare::RUBY
|
64
|
-
msg.client_id = APP_CONTEXT.client_id
|
64
|
+
msg.client_id = ::Contrast::APP_CONTEXT.client_id
|
65
65
|
msg.message_count = message_count
|
66
|
-
msg.pid = APP_CONTEXT.pid
|
67
|
-
msg.ppid = APP_CONTEXT.ppid
|
66
|
+
msg.pid = ::Contrast::APP_CONTEXT.pid
|
67
|
+
msg.ppid = ::Contrast::APP_CONTEXT.ppid
|
68
68
|
msg.append_event(event)
|
69
69
|
msg
|
70
70
|
end
|
@@ -46,7 +46,7 @@ module Contrast
|
|
46
46
|
#
|
47
47
|
# @param controller [::Sinatra::Base] the route's final controller.
|
48
48
|
# @param method [String] GET, PUT, POST, etc...
|
49
|
-
# @param
|
49
|
+
# @param pattern [::Mustermann::Sinatra] the pattern that was matched in routing.
|
50
50
|
# @param url [String, nil] use url from string instead matched pattern.
|
51
51
|
# @return [Contrast::Api::Dtm::RouteCoverage]
|
52
52
|
def from_sinatra_route controller, method, pattern, url = nil
|
@@ -59,6 +59,29 @@ module Contrast
|
|
59
59
|
msg.url = Contrast::Utils::StringUtils.force_utf8(safe_url)
|
60
60
|
msg
|
61
61
|
end
|
62
|
+
|
63
|
+
# Convert Grape route data to dtm message.
|
64
|
+
#
|
65
|
+
# @param controller [::Grape::API] the route's final controller.
|
66
|
+
# @param method [String] GET, PUT, POST, etc...
|
67
|
+
# @param url [String, nil] use url from string instead matched pattern.
|
68
|
+
# @param pattern [String, Grape::Router::Route] the pattern that was matched in routing.
|
69
|
+
# @return [Contrast::Api::Dtm::RouteCoverage]
|
70
|
+
def from_grape_controller controller, method, pattern, url = nil
|
71
|
+
if pattern.cs__is_a?(Grape::Router::Route)
|
72
|
+
safe_pattern = pattern.pattern&.path&.to_s
|
73
|
+
safe_url = source_or_string(url || safe_pattern)
|
74
|
+
else
|
75
|
+
safe_pattern = source_or_string(pattern)
|
76
|
+
safe_url = source_or_string(url || pattern)
|
77
|
+
end
|
78
|
+
|
79
|
+
msg = new
|
80
|
+
msg.route = "#{ controller }##{ method } #{ safe_pattern }"
|
81
|
+
msg.verb = Contrast::Utils::StringUtils.force_utf8(method)
|
82
|
+
msg.url = Contrast::Utils::StringUtils.force_utf8(safe_url)
|
83
|
+
msg
|
84
|
+
end
|
62
85
|
end
|
63
86
|
end
|
64
87
|
end
|
@@ -4,7 +4,7 @@
|
|
4
4
|
require 'contrast/utils/string_utils'
|
5
5
|
require 'contrast/utils/assess/tracking_util'
|
6
6
|
require 'base64'
|
7
|
-
require 'contrast/components/
|
7
|
+
require 'contrast/components/scope'
|
8
8
|
|
9
9
|
module Contrast
|
10
10
|
module Api
|
@@ -18,8 +18,7 @@ module Contrast
|
|
18
18
|
|
19
19
|
# Class methods for TraceEventObject
|
20
20
|
module ClassMethods
|
21
|
-
include Contrast::Components::
|
22
|
-
access_component :scope
|
21
|
+
include Contrast::Components::Scope::InstanceMethods
|
23
22
|
# Build the event object. We were originally going to include taint on
|
24
23
|
# each one, but TS doesn't accept / use that, so it is a waste of time.
|
25
24
|
#
|
@@ -12,12 +12,9 @@ module Contrast
|
|
12
12
|
# Specifically, this allows for querying the state of the Agent.
|
13
13
|
class Interface
|
14
14
|
include Contrast::Components::ComponentBase
|
15
|
-
include Contrast::Components::Interface
|
16
|
-
|
17
|
-
access_component :analysis, :config, :settings
|
18
15
|
|
19
16
|
def enabled?
|
20
|
-
@_enabled = !false?(CONFIG.root.enable) if @_enabled.nil?
|
17
|
+
@_enabled = !false?(::Contrast::CONFIG.root.enable) if @_enabled.nil?
|
21
18
|
@_enabled
|
22
19
|
end
|
23
20
|
|
@@ -52,34 +49,37 @@ module Contrast
|
|
52
49
|
end
|
53
50
|
|
54
51
|
def patch_yield?
|
55
|
-
@_patch_yield = !false?(CONFIG.root.agent.ruby.propagate_yield) if @_patch_yield.nil?
|
52
|
+
@_patch_yield = !false?(::Contrast::CONFIG.root.agent.ruby.propagate_yield) if @_patch_yield.nil?
|
56
53
|
@_patch_yield
|
57
54
|
end
|
58
55
|
|
59
56
|
def interpolation_enabled?
|
60
|
-
|
57
|
+
if @_interpolation_enabled.nil?
|
58
|
+
@_interpolation_enabled = !false?(::Contrast::CONFIG.root.agent.ruby.interpolate)
|
59
|
+
end
|
61
60
|
@_interpolation_enabled
|
62
61
|
end
|
63
62
|
|
64
63
|
def omit_body?
|
65
|
-
@_omit_body = true?(CONFIG.root.agent.omit_body) if @_omit_body.nil?
|
64
|
+
@_omit_body = true?(::Contrast::CONFIG.root.agent.omit_body) if @_omit_body.nil?
|
66
65
|
@_omit_body
|
67
66
|
end
|
68
67
|
|
69
68
|
def exception_control
|
70
69
|
@_exception_control ||= {
|
71
|
-
enable: true?(CONFIG.root.agent.ruby.exceptions.capture),
|
70
|
+
enable: true?(::Contrast::CONFIG.root.agent.ruby.exceptions.capture),
|
72
71
|
status:
|
73
|
-
CONFIG.root.agent.ruby.exceptions.override_status || 403,
|
72
|
+
::Contrast::CONFIG.root.agent.ruby.exceptions.override_status || 403,
|
74
73
|
message:
|
75
|
-
CONFIG.root.agent.ruby.exceptions.override_message ||
|
74
|
+
::Contrast::CONFIG.root.agent.ruby.exceptions.override_message ||
|
75
|
+
Contrast::Utils::ObjectShare::OVERRIDE_MESSAGE
|
76
76
|
}
|
77
77
|
end
|
78
78
|
|
79
79
|
def skip_instrumentation? loaded_module_name
|
80
80
|
return true unless loaded_module_name
|
81
81
|
|
82
|
-
loaded_module_name.start_with?(
|
82
|
+
loaded_module_name.start_with?(*::Contrast::CONFIG.root.agent.ruby.uninstrument_namespace)
|
83
83
|
end
|
84
84
|
|
85
85
|
# Insert ourselves into the application, keeping our middleware at the outermost layer of the onion
|
@@ -104,13 +104,11 @@ module Contrast
|
|
104
104
|
end
|
105
105
|
|
106
106
|
def retrieve_protect_ruleset
|
107
|
-
return {} unless enabled? && PROTECT.enabled?
|
107
|
+
return {} unless enabled? && ::Contrast::PROTECT.enabled?
|
108
108
|
|
109
|
-
PROTECT.rules
|
109
|
+
::Contrast::PROTECT.rules
|
110
110
|
end
|
111
111
|
end
|
112
|
-
|
113
|
-
COMPONENT_INTERFACE = Interface.new
|
114
112
|
end
|
115
113
|
end
|
116
114
|
end
|
@@ -16,9 +16,7 @@ module Contrast
|
|
16
16
|
# including the Client, Process, and Server information.
|
17
17
|
class Interface
|
18
18
|
include Contrast::Components::ComponentBase
|
19
|
-
include Contrast::Components::
|
20
|
-
|
21
|
-
access_component :agent, :analysis, :config, :logging
|
19
|
+
include Contrast::Components::Logger::InstanceMethods
|
22
20
|
|
23
21
|
DEFAULT_APP_NAME = 'rails'
|
24
22
|
DEFAULT_APP_PATH = '/'
|
@@ -31,7 +29,7 @@ module Contrast
|
|
31
29
|
|
32
30
|
def server_type
|
33
31
|
@_server_type ||= begin
|
34
|
-
tmp = CONFIG.root.server.type
|
32
|
+
tmp = ::Contrast::CONFIG.root.server.type
|
35
33
|
tmp = Contrast::Agent.framework_manager.server_type unless Contrast::Utils::StringUtils.present?(tmp)
|
36
34
|
tmp
|
37
35
|
end
|
@@ -39,7 +37,7 @@ module Contrast
|
|
39
37
|
|
40
38
|
def app_name
|
41
39
|
@_app_name ||= begin
|
42
|
-
tmp = CONFIG.root.application.name # rubocop:disable Security/Module/Name
|
40
|
+
tmp = ::Contrast::CONFIG.root.application.name # rubocop:disable Security/Module/Name
|
43
41
|
tmp = Contrast::Agent.framework_manager.app_name unless Contrast::Utils::StringUtils.present?(tmp)
|
44
42
|
tmp = File.basename(Dir.pwd) unless Contrast::Utils::StringUtils.present?(tmp)
|
45
43
|
Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_NAME)
|
@@ -50,7 +48,7 @@ module Contrast
|
|
50
48
|
|
51
49
|
def path
|
52
50
|
@_path ||= begin
|
53
|
-
tmp = CONFIG.root.application.path
|
51
|
+
tmp = ::Contrast::CONFIG.root.application.path
|
54
52
|
Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_PATH)
|
55
53
|
rescue StandardError
|
56
54
|
DEFAULT_APP_PATH
|
@@ -59,7 +57,7 @@ module Contrast
|
|
59
57
|
|
60
58
|
def server_name
|
61
59
|
@_server_name ||= begin
|
62
|
-
tmp = CONFIG.root.server.name # rubocop:disable Security/Module/Name
|
60
|
+
tmp = ::Contrast::CONFIG.root.server.name # rubocop:disable Security/Module/Name
|
63
61
|
tmp = Socket.gethostname unless Contrast::Utils::StringUtils.present?(tmp)
|
64
62
|
tmp = Contrast::Utils::StringUtils.force_utf8(tmp)
|
65
63
|
Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_NAME)
|
@@ -70,7 +68,7 @@ module Contrast
|
|
70
68
|
|
71
69
|
def server_path
|
72
70
|
@_server_path ||= begin
|
73
|
-
tmp = CONFIG.root.server.path
|
71
|
+
tmp = ::Contrast::CONFIG.root.server.path
|
74
72
|
tmp = Dir.pwd unless Contrast::Utils::StringUtils.present?(tmp)
|
75
73
|
Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_PATH)
|
76
74
|
rescue StandardError
|
@@ -116,7 +114,7 @@ module Contrast
|
|
116
114
|
end
|
117
115
|
|
118
116
|
def disabled_agent_rake_tasks
|
119
|
-
CONFIG.root.agent.ruby.disabled_agent_rake_tasks
|
117
|
+
::Contrast::CONFIG.root.agent.ruby.disabled_agent_rake_tasks
|
120
118
|
end
|
121
119
|
|
122
120
|
# Determines if the Process we're currently in matches that of the
|
@@ -137,8 +135,6 @@ module Contrast
|
|
137
135
|
@_original_pid ||= Process.pid
|
138
136
|
end
|
139
137
|
end
|
140
|
-
|
141
|
-
COMPONENT_INTERFACE = Interface.new
|
142
138
|
end
|
143
139
|
end
|
144
140
|
end
|