contrast-agent 4.8.0 → 4.9.0

data/lib/contrast/utils/assess/tracking_util.rb

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/assess/tracker'
-require 'contrast/components/interface'
+require 'contrast/components/logger'
 require 'contrast/utils/duck_utils'
 
 module Contrast
@@ -10,9 +10,7 @@ module Contrast
     module Assess
       # TrackingUtil has methods for determining if a object is being tracked
       class TrackingUtil
-        include Contrast::Components::Interface
-
-        access_component :logging
+        extend Contrast::Components::Logger::InstanceMethods
 
         class << self
           # Public interface to our tracking check, isolating the internals

data/lib/contrast/utils/heap_dump_util.rb

@@ -3,14 +3,16 @@
 
 require 'objspace'
 require 'singleton'
-require 'contrast/components/interface'
+require 'contrast/components/heap_dump'
+require 'contrast/components/logger'
 
 module Contrast
   module Utils
     # Implementation of a heap dump util to automate generation
     class HeapDumpUtil < Contrast::Agent::WorkerThread
-      include Contrast::Components::Interface
-      access_component :heap_dump, :logging
+      extend Contrast::Components::Logger::InstanceMethods
+      include Contrast::Components::Logger::InstanceMethods
+      extend Contrast::Components::HeapDump::InstanceMethods
 
       LOG_ERROR_DUMPS = 'Unable to generate heap dumps'
       FILE_WRITE_FLAGS = 'w'

data/lib/contrast/utils/invalid_configuration_util.rb

@@ -2,15 +2,16 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/assess/policy/trigger_method'
-require 'contrast/components/interface'
+require 'contrast/components/logger'
+require 'contrast/components/scope'
 
 module Contrast
   module Utils
     # This utility allows us to report invalid configurations detected in
     # customer applications, as determined by Configuration Rules at runtime.
     module InvalidConfigurationUtil
-      include Contrast::Components::Interface
-      access_component :analysis, :app_context, :logging, :scope
+      include Contrast::Components::Logger::InstanceMethods
+      include Contrast::Components::Scope::InstanceMethods
 
       CS__PATH = 'path'
       CS__SESSION_ID = 'sessionId'

data/lib/contrast/utils/inventory_util.rb

@@ -3,14 +3,13 @@
 
 require 'contrast/utils/timer'
 require 'contrast/utils/object_share'
-require 'contrast/components/interface'
+require 'contrast/components/logger'
 
 module Contrast
   module Utils
     # Utilities for getting inventory information from the application
     class InventoryUtil
-      include Contrast::Components::Interface
-      access_component :logging
+      extend Contrast::Components::Logger::InstanceMethods
 
       # TeamServer only accepts certain values for ArchitectureComponents.
       # DO NOT CHANGE THIS!

data/lib/contrast/utils/io_util.rb

@@ -1,15 +1,13 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/components/interface'
+require 'contrast/components/logger'
 
 module Contrast
   module Utils
     # Util for information about an IO
     class IOUtil
-      include Contrast::Components::Interface
-
-      access_component :logging
+      extend Contrast::Components::Logger::InstanceMethods
 
       # We're only going to call rewind on things that we believe are safe to
       # call it on. This method white lists those cases and returns false in

data/lib/contrast/utils/job_servers_running.rb

@@ -1,13 +1,14 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/components/logger'
+
 module Contrast
   module Utils
     # A module that detects whether any job servers attached to
     # the application are running
     module JobServersRunning
-      include Contrast::Components::Interface
-      access_component :app_context, :logging
+      extend Contrast::Components::Logger::InstanceMethods
 
       class << self
         def job_servers_running?
@@ -31,7 +32,7 @@ module Contrast
             return
           end
 
-          disabled_rake_tasks = APP_CONTEXT.disabled_agent_rake_tasks
+          disabled_rake_tasks = ::Contrast::APP_CONTEXT.disabled_agent_rake_tasks
           has_disabled_task = Rake.application.top_level_tasks.any? do |top_level_task|
             disabled_rake_tasks.include?(top_level_task)
           end

data/lib/contrast/utils/os.rb

@@ -1,7 +1,7 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/components/interface'
+require 'contrast/components/scope'
 
 module Contrast
   module Utils
@@ -9,8 +9,7 @@ module Contrast
     # which will not change at runtime, such as the operating system, the
     # Utility memozies to avoid multiple lookups.
     module OS
-      include Contrast::Components::Interface
-      access_component :scope
+      extend Contrast::Components::Scope::InstanceMethods
 
       class << self
         def running?

data/lib/contrast/utils/string_utils.rb

@@ -1,14 +1,13 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/components/interface'
+require 'contrast/components/logger'
 
 module Contrast
   module Utils
     # Utilities for encoding and normalizing strings
     class StringUtils
-      include Contrast::Components::Interface
-      access_component :logging
+      include Contrast::Components::Logger::InstanceMethods
 
       UTF8 = 'utf-8'
       HTTP_PREFIX = 'HTTP_'

data/lib/contrast/utils/tag_util.rb

@@ -7,8 +7,9 @@ module Contrast
     class TagUtil
       class << self
         # Determine if the given array of tags is covered by the other
-        # remaining_ranges: the tags left that haven't been covered by those given
-        # ranges: the tags that are covering the first
+        #
+        # @param remaining_ranges [Array<Contrast::Agent::Assess::Tag>] the tags left that haven't been covered by those given
+        # @param ranges Array<Contrast::Agent::Assess::Tag> the tags that are covering the first
         def covered? remaining_ranges, ranges
           return true unless remaining_ranges&.any?
 
@@ -74,14 +75,14 @@ module Contrast
 
         # Given a collection of tags, merge any tags that are continuous
         #
-        # If tags is a hash, it should be in the format label => [tags]
-        # The array of tags will each be merged
+        # If tags is a hash, it should be in the format label => [tags]. The array of tags will each be merged
+        # If tags is an array in the format [tags], the array will be merged
         #
-        # If tags is an array in the format [tags], the array will be
-        # merged
+        # The original object is returned, although setters should not be necessary since tags is a collection in
+        # either case
         #
-        # The original object is returned, although setters should not be
-        # necessary since tags is a collection in either case
+        # @param tags [Hash{String => Array<Contrast::Agent::Assess::Tag>}, Array<Contrast::Agent::Assess::Tag>]
+        # @return [Hash{String => Array<Contrast::Agent::Assess::Tag>}, Array<Contrast::Agent::Assess::Tag>]
         def merge_tags tags
           if tags.is_a?(Hash)
             tags.each_value { |value| smallerize(value) }
@@ -90,6 +91,12 @@ module Contrast
           end
         end
 
+        # Merge the given set of tags such that any overlap combines. For any tag which extends beyond the size of the
+        # target_object, the end will be updated to the target_object's length.
+        #
+        # @param target_object [Object] the thing to which the tags apply
+        # @param tags [Hash{String => Array<Contrast::Agent::Assess::Tag>}, Array<Contrast::Agent::Assess::Tag>]
+        # @return [Hash{String => Array<Contrast::Agent::Assess::Tag>}, Array<Contrast::Agent::Assess::Tag>]
         def size_aware_merge target_object, tags
           max_size = target_object.to_s.length
           tags = merge_tags(tags)
@@ -100,14 +107,12 @@ module Contrast
 
         private
 
-        # Add one new element to the given array
+        # Add one new element to the given array. The addition is done such that the new entry is inserted so that the
+        # range they cover is in order. Any overlapping ranges are merged before returning.
         #
-        # The addition is done such that the new entry(ies)
-        # are inserted so that the range they cover is in order
-        # Any overlapping ranges are merged before returning
-        #
-        # arr: the array to which the element is added
-        # new_element: the element to be added to the array
+        # @param arr [Array<Contrast::Agent::Assess::Tag>]
+        # @param new_element []Contrast::Agent::Assess::Tag]
+        # @return [Array<Contrast::Agent::Assess::Tag>]
         def single_ordered_merge arr, new_element
           idx = 0
           arr.each do |existing|
@@ -122,10 +127,11 @@ module Contrast
           arr.insert(idx, new_element)
         end
 
-        # Given an arry of tags, merge any that overlap
-        # The tag that was higher up is removed from the
-        # list of tags.
-        # ranges like [0-3][3-6]-6-9] that should become [0-9]
+        # Given an arry of tags, merge any that overlap. The tag that was higher up is removed from the list of tags.
+        # ranges like [0-3][3-6]-6-9] become [0-9]
+        #
+        # @param tags [Array<Contrast::Agent::Assess::Tag>]
+        # @return [Array<Contrast::Agent::Assess::Tag>]
         def smallerize tags
           smallered = []
           curr = nil

data/ruby-agent.gemspec

@@ -51,6 +51,7 @@ def self.add_linters spec
   spec.add_development_dependency 'debride', '1.8.2'
   spec.add_development_dependency 'fasterer', '0.9.0'
   spec.add_development_dependency 'flay', '2.12.1'
+  # spec.add_development_dependency 'steep', '0.44.1' # TODO: RUBY-714 uncomment w/ EOL of 2.5
   add_rubocop(spec)
 end
 
@@ -69,6 +70,7 @@ def self.add_specs spec
   spec.add_development_dependency 'rspec-benchmark'
   spec.add_development_dependency 'rspec_junit_formatter', '0.3.0'
   spec.add_development_dependency 'rspec-rails', '5.0'
+  spec.add_development_dependency 'warning'
   spec.add_development_dependency 'tzinfo-data' # Alpine rspec-rails requirement.
 end
 
@@ -90,8 +92,8 @@ end
 def self.add_tested_gems spec
   spec.add_development_dependency 'async'
   spec.add_development_dependency 'execjs'
-  spec.add_development_dependency 'sqlite3'
   spec.add_development_dependency 'rhino'
+  spec.add_development_dependency 'sqlite3'
   spec.add_development_dependency 'tilt'
   spec.add_development_dependency 'xpath'
 end
@@ -114,7 +116,7 @@ def self.add_files spec
     # Directories used for testing:
     f.match(%r{^(spec|test)/}) ||
         # Directories used in pipelines
-        f.match(%r{^(\.github|bin|internal_resources|vendor)/}) ||
+        f.match(%r{^(\.github|bin|internal_resources|sig|vendor)/}) ||
         # Configuration and other files that don't belong to one directory
         f.match(/(Dockerfile)/)  ||
         f.match(/(.*\.csv)/)     ||

data/service_executables/VERSION

@@ -1 +1 @@
-2.20.2
+2.21.2

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 4.8.0
+  version: 4.9.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-05-20 00:00:00.000000000 Z
+date: 2021-06-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -296,7 +296,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: rhino
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -310,7 +310,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rhino
+  name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -477,6 +477,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: warning
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: tzinfo-data
   requirement: !ruby/object:Gem::Requirement
@@ -555,20 +569,20 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_string/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
-- ext/cs__protect_kernel/extconf.rb
+- ext/cs__assess_string_interpolation26/extconf.rb
+- ext/cs__contrast_patch/extconf.rb
 - ext/cs__assess_module/extconf.rb
-- ext/cs__assess_active_record_named/extconf.rb
-- ext/cs__assess_fiber_track/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
+- ext/cs__assess_string/extconf.rb
 - ext/cs__assess_array/extconf.rb
-- ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_string_interpolation26/extconf.rb
+- ext/cs__assess_active_record_named/extconf.rb
+- ext/cs__assess_hash/extconf.rb
 - ext/cs__assess_regexp/extconf.rb
+- ext/cs__assess_fiber_track/extconf.rb
 - ext/cs__assess_marshal_module/extconf.rb
+- ext/cs__protect_kernel/extconf.rb
 - ext/cs__assess_basic_object/extconf.rb
-- ext/cs__assess_hash/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -927,10 +941,10 @@ files:
 - lib/contrast/components/agent.rb
 - lib/contrast/components/app_context.rb
 - lib/contrast/components/assess.rb
+- lib/contrast/components/base.rb
 - lib/contrast/components/config.rb
 - lib/contrast/components/contrast_service.rb
 - lib/contrast/components/heap_dump.rb
-- lib/contrast/components/interface.rb
 - lib/contrast/components/inventory.rb
 - lib/contrast/components/logger.rb
 - lib/contrast/components/protect.rb
@@ -957,7 +971,6 @@ files:
 - lib/contrast/config/server_configuration.rb
 - lib/contrast/config/service_configuration.rb
 - lib/contrast/configuration.rb
-- lib/contrast/delegators/input_analysis.rb
 - lib/contrast/extension/assess.rb
 - lib/contrast/extension/assess/array.rb
 - lib/contrast/extension/assess/erb.rb

data/lib/contrast/components/interface.rb

@@ -1,196 +0,0 @@
-# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'delegate'
-require 'contrast/extension/module'
-require 'contrast/utils/object_share'
-
-module Contrast
-  # This is the base module for our components classes. It is intended to
-  # facilitate the translation of the Common Configuration settings to usable
-  # Ruby methods. Any class under this namespace should be required here,
-  # providing a single point of require for this functionality.
-  module Components
-    # Include this into your classes and modules,
-    # and use 'access_component' to define constants that will allow
-    # interaction with other components.
-    module Interface
-      def self.included klass
-        # Upon inclusion, ComponentInterfaces extends the including with
-        # these two interfaces.
-        # Interface provides a class-level method 'access_component'
-        # that regulates per-class access to agent state.
-        # (It's a glorified `include MyComponent`).
-        klass.extend Contrast::Components::ComponentReceiverClassInterface
-      end
-    end
-
-    # All component access is gated through delegators.
-    #
-    # One delegator is used by the calling class,
-    # so we can tweak outgoing calls.
-    #
-    # The second delegator is used by the receiving component,
-    # so we can tweak incoming calls.
-    #
-    # We use __setobj__ to decide which component implementation to use.
-    # This is intended to provide flexibility in design and
-    # simplicity in testing.
-    class ComponentDelegator < SimpleDelegator
-      # intentionally left blank
-    end
-
-    # All components should inherit from this,
-    # whether Interfaces, InstanceMethods or ClassMethods.
-    module ComponentBase
-      def self.included klass
-        klass.extend  Methods
-        klass.include Methods
-      end
-
-      module Methods # :nodoc:
-        # use this to determine if the configuration value is literally boolean
-        # false or some form of the word `false`, regardless of case. It should
-        # be used for those values which default to `true` as they should only
-        # treat a value explicitly set to `false` as such.
-        #
-        # @param config_param [Boolean,String] the value to check
-        # @return [Boolean] should the value be treated as `false`
-        def false? config_param
-          return false if config_param == true
-          return true if config_param == false
-          return false unless config_param.cs__is_a?(String)
-
-          Contrast::Utils::ObjectShare::FALSE.casecmp?(config_param)
-        end
-
-        # use this to determine if the configuration value is literally boolean
-        # true or some form of the word `true`, regardless of case. It should
-        # be used for those values which default to `false` as they should only
-        # treat a value explicitly set to `true` as such.
-        #
-        # @param config_param [Boolean,String] the value to check
-        # @return [Boolean] should the value be treated as `true`
-        def true? config_param
-          return false if config_param == false
-          return true if config_param == true
-          return false unless config_param.cs__is_a?(String)
-
-          Contrast::Utils::ObjectShare::TRUE.casecmp?(config_param)
-        end
-      end
-    end
-
-    def self.component_const_name mod_name
-      mod_name = mod_name.split('::').last
-      @cache ||= {}
-      @cache[mod_name] ||= mod_name. # CamelCaseName
-          split(/(?=[A-Z])/)&.          # ['Camel', 'Case', 'Name']
-          map(&:upcase)&.               # ['CAMEL', 'CASE', 'NAME']
-          join('_')                     # 'CAMEL_CASE_NAME'
-    end
-
-    # Interface to allow for iteration over each of the configuration
-    # components
-    module ComponentReceiverClassInterface
-      # Components are manually required at the end of
-      # this file, and this constant is then frozen.
-      # RUBY-535 to handle this better.
-      COMPONENT_MAP = {} # rubocop:disable Style/MutableConstant
-
-      # TODO: RUBY-535
-      # This module is used via `extend`, so it can't access
-      # constants we define here.
-      def component_map
-        COMPONENT_MAP
-      end
-
-      # .access_component
-      #
-      # to be used as:
-      #
-      # class Abc
-      #   include Contrast::Components::Interface
-      #   access_component :logging, :agent
-      #
-      #   def function
-      #     if AGENT.disabled?
-      #       0 / 3
-      #     end
-      #   rescue
-      #     logger.error "this function did error"
-      #   end
-      # end
-      #
-      # `:logger` creates a #logger and .logger method
-      # `:agent` provides an AGENT constant, analogous to a local singleton.
-      #
-      def access_component *component_set_syms
-        @_access_component ||= {}
-
-        component_set_syms.each do |sym|
-          next if @_access_component[sym]
-
-          if (mods = component_map[sym]) # rubocop:disable Style/GuardClause
-            # We may support multiple components via one access request.
-            mods.each do |m|
-              name = Contrast::Components.component_const_name(m.cs__name)
-              cs__const_set(name, m::COMPONENT_INTERFACE) if m.cs__const_defined?(:COMPONENT_INTERFACE)
-              include m::InstanceMethods               if m.cs__const_defined?(:InstanceMethods, false)
-              extend  m::ClassMethods                  if m.cs__const_defined?(:ClassMethods, false)
-            end
-
-            @_access_component[sym] = true
-          else
-            raise NoMethodError, "#{ self } asked to access undefined component '#{ sym }'."
-          end
-        end
-      end
-    end
-  end
-end
-
-# Components can depend on other components, but it should be a
-# directed acyclic graph.
-
-# Scope shouldn't depend on anything.
-require 'contrast/components/scope'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:scope] = [Contrast::Components::Scope]
-
-# Config depends on Scope.
-require 'contrast/components/config'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:config] = [Contrast::Components::Config]
-
-# Settings should not depend on anything but Config.
-require 'contrast/components/settings'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:settings] = [Contrast::Components::Settings]
-
-require 'contrast/components/assess'
-require 'contrast/components/protect'
-require 'contrast/components/inventory'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:analysis] = [
-  Contrast::Components::Protect,
-  Contrast::Components::Assess,
-  Contrast::Components::Inventory
-]
-
-require 'contrast/components/logger'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:logging] = [Contrast::Components::Logger]
-
-require 'contrast/components/agent'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:agent] = [Contrast::Components::Agent]
-
-require 'contrast/components/contrast_service'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:contrast_service] =
-  [Contrast::Components::ContrastService]
-
-require 'contrast/components/app_context'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:app_context] = [Contrast::Components::AppContext]
-
-require 'contrast/components/heap_dump'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:heap_dump] = [Contrast::Components::HeapDump]
-
-require 'contrast/components/sampling'
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP[:sampling] = [Contrast::Components::Sampling]
-
-Contrast::Components::ComponentReceiverClassInterface::COMPONENT_MAP.cs__freeze