contrast-agent 4.8.0 → 4.11.0

data/lib/contrast/components/assess.rb

@@ -1,6 +1,10 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/components/base'
+require 'contrast/components/config'
+require 'contrast/components/settings'
+
 module Contrast
   module Components
     module Assess
@@ -10,24 +14,21 @@ module Contrast
       # Specifically, this allows for querying the state of the Assess product.
       class Interface
         include Contrast::Components::ComponentBase
-        include Contrast::Components::Interface
-
-        access_component :config, :settings
 
         def enabled?
           # config overrides if forcibly set
           return false if forcibly_disabled?
           return true  if forcibly_enabled?
 
-          SETTINGS.assess_state.enabled == true
+          ::Contrast::SETTINGS.assess_state.enabled == true
         end
 
         def tainted_columns
-          SETTINGS.tainted_columns
+          ::Contrast::SETTINGS.tainted_columns
         end
 
         def forcibly_disabled?
-          @_forcibly_disabled = false?(CONFIG.root.assess.enable) if @_forcibly_disabled.nil?
+          @_forcibly_disabled = false?(::Contrast::CONFIG.root.assess.enable) if @_forcibly_disabled.nil?
           @_forcibly_disabled
         end
 
@@ -39,9 +40,9 @@ module Contrast
         # faster comparisons when we use it. Anything not one of the known values of
         # 'NONE',  'SOME', or 'ALL' is treated as 'ALL'
         #
-        # @return [Symbol] the normalized value of CONFIG.root.assess.stacktraces
+        # @return [Symbol] the normalized value of ::Contrast::CONFIG.root.assess.stacktraces
         def capture_stacktrace_value
-          @_capture_stacktrace_value ||= case CONFIG.root.assess.stacktraces.upcase
+          @_capture_stacktrace_value ||= case ::Contrast::CONFIG.root.assess.stacktraces.upcase
                                          when 'NONE'
                                            :NONE
                                          when 'SOME'
@@ -71,38 +72,40 @@ module Contrast
         end
 
         def scan_response?
-          @_scan_response = !false?(CONFIG.root.assess.enable_scan_response) if @_scan_response.nil?
+          @_scan_response = !false?(::Contrast::CONFIG.root.assess.enable_scan_response) if @_scan_response.nil?
           @_scan_response
         end
 
         def track_frozen_sources?
-          @_track_frozen_sources = !false?(CONFIG.root.agent.ruby.track_frozen_sources) if @_track_frozen_sources.nil?
+          if @_track_frozen_sources.nil?
+            @_track_frozen_sources = !false?(::Contrast::CONFIG.root.agent.ruby.track_frozen_sources)
+          end
           @_track_frozen_sources
         end
 
         def require_scan?
-          @_require_scan = !false?(CONFIG.root.agent.ruby.require_scan) if @_require_scan.nil?
+          @_require_scan = !false?(::Contrast::CONFIG.root.agent.ruby.require_scan) if @_require_scan.nil?
           @_require_scan
         end
 
         def tags
-          CONFIG.root.assess&.tags
+          ::Contrast::CONFIG.root.assess&.tags
         end
 
         def disabled_rules
           # TODO: RUBY-903
-          CONFIG.root.assess&.rules&.disabled_rules || SETTINGS.assess_state.disabled_assess_rules || []
+          ::Contrast::CONFIG.root.assess&.rules&.disabled_rules ||
+              ::Contrast::SETTINGS.assess_state.disabled_assess_rules ||
+              []
         end
 
         private
 
         def forcibly_enabled?
-          @_forcibly_enabled = true?(CONFIG.root.assess.enable) if @_forcibly_enabled.nil?
+          @_forcibly_enabled = true?(::Contrast::CONFIG.root.assess.enable) if @_forcibly_enabled.nil?
           @_forcibly_enabled
         end
       end
-
-      COMPONENT_INTERFACE = Interface.new
     end
   end
 end

data/lib/contrast/components/base.rb

@@ -0,0 +1,40 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Components
+    # All components should inherit from this,
+    # whether Interfaces, InstanceMethods or ClassMethods.
+    module ComponentBase
+      # use this to determine if the configuration value is literally boolean
+      # false or some form of the word `false`, regardless of case. It should
+      # be used for those values which default to `true` as they should only
+      # treat a value explicitly set to `false` as such.
+      #
+      # @param config_param [Boolean,String] the value to check
+      # @return [Boolean] should the value be treated as `false`
+      def false? config_param
+        return false if config_param == true
+        return true if config_param == false
+        return false unless config_param.cs__is_a?(String)
+
+        config_param.downcase == Contrast::Utils::ObjectShare::FALSE
+      end
+
+      # use this to determine if the configuration value is literally boolean
+      # true or some form of the word `true`, regardless of case. It should
+      # be used for those values which default to `false` as they should only
+      # treat a value explicitly set to `true` as such.
+      #
+      # @param config_param [Boolean,String] the value to check
+      # @return [Boolean] should the value be treated as `true`
+      def true? config_param
+        return false if config_param == false
+        return true if config_param == true
+        return false unless config_param.cs__is_a?(String)
+
+        config_param.downcase == Contrast::Utils::ObjectShare::TRUE
+      end
+    end
+  end
+end

data/lib/contrast/components/config.rb

@@ -44,6 +44,7 @@ module Contrast
 
         def valid?
           @_valid = validate(log: false) if @_valid.nil?
+          @_valid
         end
 
         def invalid?
@@ -108,8 +109,6 @@ module Contrast
           @config.application.session_metadata
         end
       end
-
-      COMPONENT_INTERFACE = Interface.new
     end
   end
 end

data/lib/contrast/components/contrast_service.rb

@@ -13,37 +13,36 @@ module Contrast
       # the Service, as well as sending a message to the Service.
       class Interface
         include Contrast::Components::ComponentBase
-        include Contrast::Components::Interface
 
         DEFAULT_SERVICE_LOG = 'contrast_service.log'
         # The Rails ActionDispatch regexp for localhost IP + literal localhost
         # https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/http/request.rb#L32
         LOCALHOST = Regexp.union [/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/, /^localhost$/]
 
-        access_component :agent, :config
-
         def use_bundled_service?
           # Validates the config to decide if it's suitable for starting
           # the bundled service
 
           # Requirement says "must be true" but that
           # should be "must not be false" -- oops.
-          @_use_bundled_service ||= !false?(CONFIG.root.agent.start_bundled_service) &&
+          @_use_bundled_service ||= !false?(::Contrast::CONFIG.root.agent.start_bundled_service) &&
               # Either a valid host or a valid socket
               # Path validity is the service's problem
               (LOCALHOST.match?(host) || !!socket_path)
         end
 
         def host
-          @_host ||= (CONFIG.root.agent.service.host || Contrast::Config::ServiceConfiguration::DEFAULT_HOST).to_s
+          @_host ||=
+            (::Contrast::CONFIG.root.agent.service.host || Contrast::Config::ServiceConfiguration::DEFAULT_HOST).to_s
         end
 
         def port
-          @_port ||= (CONFIG.root.agent.service.port || Contrast::Config::ServiceConfiguration::DEFAULT_PORT).to_i
+          @_port ||=
+            (::Contrast::CONFIG.root.agent.service.port || Contrast::Config::ServiceConfiguration::DEFAULT_PORT).to_i
         end
 
         def socket_path
-          @_socket_path ||= CONFIG.root.agent.service.socket
+          @_socket_path ||= ::Contrast::CONFIG.root.agent.service.socket
         end
 
         def use_tcp?
@@ -51,18 +50,16 @@ module Contrast
         end
 
         def logger_path
-          @_logger_path ||= CONFIG.root.agent.service.logger.path || DEFAULT_SERVICE_LOG
+          @_logger_path ||= ::Contrast::CONFIG.root.agent.service.logger.path || DEFAULT_SERVICE_LOG
         end
 
         private
 
         def disabled?
-          @_disabled = false?(CONFIG.root.agent.start_bundled_service) if @_disabled.nil?
+          @_disabled = false?(::Contrast::CONFIG.root.agent.start_bundled_service) if @_disabled.nil?
           @_disabled
         end
       end
-
-      COMPONENT_INTERFACE = Interface.new
     end
   end
 end

data/lib/contrast/components/heap_dump.rb

@@ -1,6 +1,9 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/components/base'
+require 'contrast/components/heap_dump'
+
 module Contrast
   module Components
     module HeapDump
@@ -11,9 +14,6 @@ module Contrast
       # utility.
       module ClassMethods
         include Contrast::Components::ComponentBase
-        include Contrast::Components::Interface
-
-        access_component :config
 
         def heap_dump_enabled?
           heap_dump_control[:enabled]
@@ -21,7 +21,7 @@ module Contrast
 
         def heap_dump_control
           @_heap_dump_control ||= begin
-            config = CONFIG.root&.agent&.heap_dump
+            config = ::Contrast::CONFIG.root&.agent&.heap_dump
             {
                 enabled: true?(config&.enable),
                 path: File.absolute_path(config&.path),
@@ -33,6 +33,7 @@ module Contrast
           end
         end
       end
+      InstanceMethods = ClassMethods
     end
   end
 end

data/lib/contrast/components/inventory.rb

@@ -11,22 +11,17 @@ module Contrast
       # product.
       class Interface
         include Contrast::Components::ComponentBase
-        include Contrast::Components::Interface
-
-        access_component :config, :settings
 
         def enabled?
-          @_enabled = !false?(CONFIG.root.inventory.enable) if @_enabled.nil?
+          @_enabled = !false?(::Contrast::CONFIG.root.inventory.enable) if @_enabled.nil?
           @_enabled
         end
 
         def analyze_libraries?
-          @_analyze_libraries = !false?(CONFIG.root.inventory.analyze_libraries) if @_analyze_libraries.nil?
+          @_analyze_libraries = !false?(::Contrast::CONFIG.root.inventory.analyze_libraries) if @_analyze_libraries.nil?
           @_analyze_libraries
         end
       end
-
-      COMPONENT_INTERFACE = Interface.new
     end
   end
 end

data/lib/contrast/components/logger.rb

@@ -2,26 +2,30 @@
 # frozen_string_literal: true
 
 require 'contrast/logger/log'
+require 'contrast/components/base'
 
 module Contrast
   module Components
-    module Logger
-      module InstanceMethods #:nodoc:
+    module Logger # :nodoc:
+      module InstanceMethods # :nodoc:
         def logger
           Contrast::Logger::Log.instance.logger
         end
+
+        def add_trace_perf_logging_for sym, custom_message = nil
+          logger.add_trace_perf_logging(self, sym, custom_message)
+        end
       end
-      ClassMethods = InstanceMethods
 
-      # A wrapper build around the Common Agent Configuration project to allow
-      # for access of the values contained in its
-      # parent_configuration_spec.yaml.
-      # Specifically, this allows for querying the state of the Agent Logger.
-      class Interface
-        include Contrast::Components::ComponentBase
+      class << self
+        def add_trace_log_timing_for clazz, method_name, custom_message = nil
+          Contrast::Logger::Log.instance.add_method_to_trace_timing(clazz, method_name, custom_message)
+        end
       end
 
-      COMPONENT_INTERFACE = Interface.new
+      class Interface
+        include InstanceMethods
+      end
     end
   end
 end

data/lib/contrast/components/protect.rb

@@ -1,6 +1,8 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/components/base'
+
 module Contrast
   module Components
     module Protect
@@ -8,34 +10,31 @@ module Contrast
       # its parent_configuration_spec.yaml.  Specifically, this allows for querying the state of the Protect product.
       class Interface
         include Contrast::Components::ComponentBase
-        include Contrast::Components::Interface
-
-        access_component :config, :settings
 
         def enabled?
           # config overrides if forcibly set
           return false if forcibly_disabled?
           return true  if forcibly_enabled?
 
-          SETTINGS.protect_state.enabled == true
+          ::Contrast::SETTINGS.protect_state.enabled == true
         end
 
         def rule_config
-          CONFIG.root.protect.rules
+          ::Contrast::CONFIG.root.protect.rules
         end
 
         def rules
-          SETTINGS.protect_state.rules
+          ::Contrast::SETTINGS.protect_state.rules
         end
 
         def rule_mode rule_id
-          CONFIG.root.protect.rules[rule_id]&.applicable_mode ||
-              SETTINGS.application_state.modes_by_id[rule_id] ||
+          ::Contrast::CONFIG.root.protect.rules[rule_id]&.applicable_mode ||
+              ::Contrast::SETTINGS.application_state.modes_by_id[rule_id] ||
               Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION
         end
 
         def rule name
-          SETTINGS.protect_state.rules[name]
+          ::Contrast::SETTINGS.protect_state.rules[name]
         end
 
         def report_any_command_execution?
@@ -55,17 +54,15 @@ module Contrast
         end
 
         def forcibly_disabled?
-          @_forcibly_disabled ||= false?(CONFIG.root.protect.enable)
+          @_forcibly_disabled ||= false?(::Contrast::CONFIG.root.protect.enable)
         end
 
         private
 
         def forcibly_enabled?
-          @_forcibly_enabled ||= true?(CONFIG.root.protect.enable)
+          @_forcibly_enabled ||= true?(::Contrast::CONFIG.root.protect.enable)
         end
       end
-
-      COMPONENT_INTERFACE = Interface.new
     end
   end
 end

data/lib/contrast/components/sampling.rb

@@ -1,6 +1,8 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/components/base'
+
 module Contrast
   module Components
     module Sampling
@@ -15,9 +17,6 @@ module Contrast
       module ClassMethods #:nodoc:
         include Contrast::Components::ComponentBase
         include Constants
-        include Contrast::Components::Interface
-
-        access_component :config, :settings
 
         def sampling_enabled?
           sampling_control[:enabled]
@@ -25,8 +24,8 @@ module Contrast
 
         def sampling_control
           @_sampling_control ||= begin
-            config_settings = CONFIG.root.assess&.sampling
-            settings = SETTINGS&.assess_state&.[](:sampling_settings)
+            config_settings = ::Contrast::CONFIG.root.assess&.sampling
+            settings = ::Contrast::SETTINGS&.assess_state&.[](:sampling_settings)
             {
                 enabled: enabled?(config_settings, settings),
                 baseline: baseline(config_settings, settings),
@@ -94,6 +93,7 @@ module Contrast
       module InstanceMethods #:nodoc:
         include Contrast::Components::ComponentBase
         include Constants
+        include ClassMethods
       end
     end
   end

data/lib/contrast/components/scope.rb

@@ -7,12 +7,9 @@ require 'contrast/agent/scope'
 
 # This is the Scope component.
 #
-# It tracks /Contrast/ scope.  That is, "are we currently doing assess
-# or protect stuff within a patched method?" -- this is how we avoid doing
-# Contrast stuff on Contrast code.
-#
-# Separately from this component, there is also require scope, which is an
-# optimization on how we implement patching to `require`.
+# It tracks /Contrast/ scope.  That is, "are we currently doing assess or protect stuff within a patched method?" --
+# this is how we avoid doing Contrast stuff on Contrast code or creating infinite loops -- or "are we in some other
+# execution context for which we need to special case?".
 module Contrast
   module Components
     module Scope # :nodoc:
@@ -20,17 +17,13 @@ module Contrast
       EXECUTION_CONTEXT = {} # rubocop:disable Style/MutableConstant
 
       class Interface # :nodoc:
-        include Contrast::Components::ComponentBase
-
         def initialize
           # This is probably redundant with #scope_for_current_ec's nil check.
           EXECUTION_CONTEXT[Fiber.current] = Contrast::Agent::Scope.new
         end
 
-        # This returns the scope governing the current execution context.
-        # Use this sparingly, preferring the instance & class methods to
-        # access and query scope, rather than interacting with the scope
-        # object directly.
+        # This returns the scope governing the current execution context. Use this sparingly, preferring the instance
+        # & class methods to access and query scope, rather than interacting with the scope object directly.
         def scope_for_current_ec
           MONITOR.synchronize do
             return EXECUTION_CONTEXT[Fiber.current] ||= Contrast::Agent::Scope.new
@@ -39,9 +32,7 @@ module Contrast
       end
 
       module InstanceMethods # :nodoc:
-        # For each instance method on a scope, define a forwarder
-        # to the scope on the current execution context's scope.
-
+        # For each instance method on a scope, define a forwarder to the scope on the current execution context's scope.
         def scope_for_current_ec
           MONITOR.synchronize do
             return EXECUTION_CONTEXT[Fiber.current] ||= Contrast::Agent::Scope.new
@@ -120,24 +111,12 @@ module Contrast
         ensure
           scope_for_current_ec.exit_split_scope!
         end
-
-        # TODO: RUBY-572
-        #
-        # Current behavior is to no-op if we're not "in a request context".
-        # Our C functions were previously checking to see if we had a scope, because
-        # scope was tacked on to a request context -- so "we have a scope, therefore,
-        # we have a request context."  We've decoupled scopes from request contexts,
-        # so now it checks "do we have a request context."
-        # RUBY-290 should remove all of that, including this method.
-        def in_request_context?
-          !!Contrast::Agent::REQUEST_TRACKER.current
-        end
       end
 
       def self.sweep_dead_ecs
-        # TODO: RUBY-571, #sweep_dead_ecs compensates for a lack of weak tables
-        # 'ec' for execution context.  in this case, it's a Fiber.
-        # Threads rely on Fibers, so two birds, one stone.
+        # TODO: RUBY-534, #sweep_dead_ecs compensates for a lack of weak tables. when we can use WeakRef, we should
+        #   investigate removing this call and instead use the WeakRef for the Execution Context's Keys or using our
+        #   Finalizers Hash for Fibers
         MONITOR.synchronize do
           EXECUTION_CONTEXT.delete_if do |ec, _scope|
             !ec.alive?
@@ -146,8 +125,6 @@ module Contrast
       end
 
       ClassMethods = InstanceMethods
-
-      COMPONENT_INTERFACE = Interface.new
     end
   end
 end

data/lib/contrast/components/settings.rb

@@ -22,9 +22,7 @@ module Contrast
 
       # This is a class.
       class Interface
-        include Contrast::Components::ComponentBase
-        include Contrast::Components::Interface
-        access_component :config
+        extend Contrast::Components::Config
 
         # tainted_columns are database columns that receive unsanitized input.
         attr_reader :tainted_columns # This can probably go into assess_state?
@@ -76,8 +74,6 @@ module Contrast
           Contrast::Agent::Protect::Rule::Xxe.new
         end
       end
-
-      COMPONENT_INTERFACE = Interface.new
     end
   end
 end

data/lib/contrast/config/base_configuration.rb

@@ -12,7 +12,7 @@ module Contrast
     class BaseConfiguration
       extend Forwardable
 
-      BOOLEANS = [true, false].cs__freeze
+      STRING_BOOLEANS = %w[false true].cs__freeze
 
       attr_reader :map
 
@@ -73,8 +73,18 @@ module Contrast
                           spec_value.new(user_provided_value)
                         elsif spec_value.is_a?(Contrast::Config::DefaultValue) && user_provided_value == EMPTY_VALUE
                           spec_value.value
-                        elsif BOOLEANS.include?(user_provided_value)
-                          user_provided_value.to_s
+                        elsif user_provided_value.cs__is_a?(String)
+                          value = user_provided_value.downcase
+                          # converts string values to 'true' => true or 'false' => false
+                          case value
+                          when STRING_BOOLEANS[1]
+                            true
+                          when STRING_BOOLEANS[0]
+                            false
+                          else
+                            # returns non boolean string values
+                            user_provided_value
+                          end
                         else
                           user_provided_value
                         end
@@ -95,9 +105,7 @@ module Contrast
 
       def define_setter str_key
         define_singleton_method "#{ str_key }=".to_sym do |new_value|
-          boolean_value = new_value == true
-          boolean_value ||= new_value == false
-          @map[str_key] = boolean_value ? new_value.to_s : new_value
+          @map[str_key] = new_value
         end
       end
     end

data/lib/contrast/configuration.rb

@@ -6,7 +6,7 @@ require 'fileutils'
 
 require 'contrast/config'
 require 'contrast/utils/object_share'
-require 'contrast/components/interface'
+require 'contrast/components/scope'
 
 module Contrast
   # This is how we read in the local settings for the Agent, both ENV/ CMD line
@@ -15,9 +15,8 @@ module Contrast
   class Configuration
     extend Forwardable
 
-    include Contrast::Components::Interface
-
-    access_component :scope
+    include Contrast::Components::Scope::InstanceMethods
+    extend Contrast::Components::Scope::InstanceMethods
 
     def_delegator :root, :assign_value_to_path_array
 
@@ -49,9 +48,7 @@ module Contrast
     # in an infinite loop on the to_sym method used later.
     def method_missing symbol, *args
       with_contrast_scope do
-        root.public_send(symbol, *args)
-      rescue NoMethodError => _e
-        super
+        root.public_send(symbol, *args) if root.cs__respond_to?(symbol)
       end
     end
 
@@ -102,8 +99,7 @@ module Contrast
       {}
     end
 
-    # We're updating properties loaded from the configuration
-    # files to match the new agreed upon standard configuration
+    # We're updating properties loaded from the configuration files to match the new agreed upon standard configuration
     # names, so that one file works for all agents
     def update_prop_keys config
       CONVERSION.each_pair do |old_method, new_method|
@@ -121,16 +117,7 @@ module Contrast
         # We changed the seconds values into ms values. Multiply them accordingly
         old_value = old_value.to_i * 1000 if new_method.end_with?(MILLISECOND_MARKER)
         new_value = config
-        end_idx = new_keys.length - 1
-        new_keys.each_with_index do |new_key, index|
-          if index == end_idx
-            new_value[new_key] = old_value if new_value[new_key].nil?
-          else
-            new_value = {} if new_value.nil?
-            new_value[new_key] = {} if new_value[new_key].nil?
-            new_value = new_value[new_key]
-          end
-        end
+        replace_props(new_keys, new_value, old_value)
       end
 
       config
@@ -238,5 +225,21 @@ module Contrast
         convert
       end
     end
+
+    def replace_props new_keys, new_value, old_value
+      idx = 0
+      end_idx = new_keys.length - 1
+      while idx < new_keys.length
+        new_key = new_keys[idx]
+        if idx == end_idx
+          new_value[new_key] = old_value if new_value[new_key].nil?
+        else
+          new_value = {} if new_value.nil?
+          new_value[new_key] = {} if new_value[new_key].nil?
+          new_value = new_value[new_key]
+        end
+        idx += 1
+      end
+    end
   end
 end