contrast-agent 5.1.0 → 5.2.0

data/lib/contrast/config/protect_rules_configuration.rb

@@ -1,28 +1,131 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/config/protect_rule_configuration'
+
 module Contrast
   module Config
     # Common Configuration settings. Those in this section pertain to the
     # protect rule modes of the Agent.
     class ProtectRulesConfiguration < BaseConfiguration
-      KEYS = {
-          disabled_rules: EMPTY_VALUE,
-          'bot-blocker' => Contrast::Config::ProtectRuleConfiguration,
-          'cmd-injection' => Contrast::Config::ProtectRuleConfiguration,
-          'sql-injection' => Contrast::Config::ProtectRuleConfiguration,
-          'nosql-injection' => Contrast::Config::ProtectRuleConfiguration,
-          'untrusted-deserialization' => Contrast::Config::ProtectRuleConfiguration,
-          'method-tampering' => Contrast::Config::ProtectRuleConfiguration,
-          xxe: Contrast::Config::ProtectRuleConfiguration,
-          'path-traversal' => Contrast::Config::ProtectRuleConfiguration,
-          'reflected-xss' => Contrast::Config::ProtectRuleConfiguration,
-          'unsafe-file-upload' => Contrast::Config::ProtectRuleConfiguration,
-          'Contrast::Agent::Protect::Rule::Base' => Contrast::Config::ProtectRuleConfiguration
-      }.cs__freeze
-
-      def initialize hsh
-        super(hsh, KEYS)
+      attr_reader :disabled_rules
+
+      BASE_RULE = 'Contrast::Agent::Protect::Rule::Base'.cs__freeze
+
+      def initialize hsh = {}
+        @disabled_rules = traverse_config(hsh, :disabled_rules)
+        @bot_blocker = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'bot-blocker'))
+        @cmd_injection = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'cmd-injection'))
+        @sql_injection = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'sql-injection'))
+        @nosql_injection = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'nosql-injection'))
+        @untrusted_deserialization = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(
+                                                                                        hsh,
+                                                                                        'untrusted-deserialization'))
+        @method_tampering = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'method-tampering'))
+        @xxe = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, :xxe))
+        @path_traversal = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'path-traversal'))
+        @reflected_xss = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'reflected-xss'))
+        @unsafe_file_upload = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'unsafe-file-upload'))
+        @rule_base = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, BASE_RULE))
+        @configuration_map = {}
+        build_configuration_map
+      end
+
+      def bot_blocker
+        @bot_blocker ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def cmd_injection
+        @cmd_injection ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def sql_injection
+        @sql_injection ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def nosql_injection
+        @nosql_injection ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def untrusted_deserialization
+        @untrusted_deserialization ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def method_tampering
+        @method_tampering ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def xxe
+        @xxe ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def path_traversal
+        @path_traversal ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def reflected_xss
+        @reflected_xss ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def unsafe_file_upload
+        @unsafe_file_upload ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def rule_base
+        @rule_base ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def [] key
+        send(return_proper_class(key).to_sym)
+      end
+
+      # Traverse the given entity to build out the configuration graph.
+      #
+      # The values will be either a hash, indicating internal nodes to
+      # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
+      # leaf node.
+      #
+      # The spec_key are the Contrast defined keys based on the instance variables of
+      # a given configuration.
+      def traverse_config values, spec_key
+        internal_nodes = values.cs__respond_to?(:has_key?)
+        val = internal_nodes ? value_from_key_config(spec_key, values) : nil
+        val == EMPTY_VALUE ? nil : val
+      end
+
+      def build_configuration_map
+        change_vals = { '@' => '', '-' => '_' }
+        regexp = Regexp.union(change_vals.keys)
+        instance_variables.each do |key|
+          str_key = key.to_s.gsub(regexp, change_vals)
+          next if str_key == 'configuration_map'
+
+          @configuration_map[return_proper_class(str_key)] = send(str_key.to_sym)
+        end
+      end
+
+      # This method is to handle the specific case of
+      # Contrast::Agent::Protect::Rule::Base from protect/base.rb#initialize
+      #
+      # @param str_key [String] the key we want to check form the config
+      # @return String
+      def return_proper_class str_key
+        return BASE_RULE if str_key == 'rule_base'
+        return 'rule_base' if str_key == BASE_RULE
+
+        str_key
+      end
+
+      # if method 'Contrast::Agent::Protect::Rule::Base' is being called from convert_to_hash
+      # handle missing method and call original getter
+      def method_missing name, *_args
+        return unless name.to_s.include?('Base') || name.to_s.start_with?('Contrast')
+
+        @rule_base
+      end
+
+      def respond_to_missing? method_name, include_private = false
+        (method_name.to_s.include?('Base') || method_name.to_s.start_with?('Contrast')) || super
       end
     end
   end

data/lib/contrast/config/request_audit_configuration.rb

@@ -8,10 +8,75 @@ module Contrast
     class RequestAuditConfiguration < BaseConfiguration
       DEFAULT_PATH = './messages'
 
-      KEYS = { enable: false, requests: false, responses: false, path: DEFAULT_PATH }.cs__freeze
+      def initialize hsh = {}
+        @enable = traverse_config(hsh, :enable)
+        @requests = traverse_config(hsh, :requests)
+        @responses = traverse_config(hsh, :responses)
+        @path = traverse_config(hsh, :path)
+        @configuration_map = {}
+        build_configuration_map
+      end
+
+      def enable
+        @enable.nil? ? false : @enable
+      end
+
+      def requests
+        @requests.nil? ? false : @requests
+      end
+
+      def responses
+        @responses.nil? ? false : @responses
+      end
+
+      def path
+        @path.nil? ? DEFAULT_PATH : @path
+      end
+
+      def enable= value
+        self['enable'] = value
+      end
+
+      def requests= value
+        self['requests'] = value
+      end
+
+      def responses= value
+        self['responses'] = value
+      end
+
+      def path= value
+        self['path'] = value
+      end
+
+      # TODO: RUBY-1493 MOVE TO BASE CONFIG
+
+      def []= key, value
+        instance_variable_set("@#{ key }".to_sym, value)
+        @configuration_map[key] = value
+      end
+
+      # Traverse the given entity to build out the configuration graph.
+      #
+      # The values will be either a hash, indicating internal nodes to
+      # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
+      # leaf node.
+      #
+      # The spec_key are the Contrast defined keys based on the instance variables of
+      # a given configuration.
+      def traverse_config values, spec_key
+        internal_nodes = values.cs__respond_to?(:has_key?)
+        val = internal_nodes ? value_from_key_config(spec_key, values) : nil
+        val == EMPTY_VALUE ? nil : val
+      end
+
+      def build_configuration_map
+        instance_variables.each do |key|
+          str_key = key.to_s.tr('@', '')
+          next if str_key == 'configuration_map'
 
-      def initialize hsh
-        super(hsh, KEYS)
+          @configuration_map[str_key] = send(str_key.to_sym)
+        end
       end
     end
   end

data/lib/contrast/config/ruby_configuration.rb

@@ -6,9 +6,6 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # specific settings that apply to Ruby
     class RubyConfiguration < BaseConfiguration
-      # These commands being detected will result the agent disabling instrumentation, generally any command
-      # that doesn't result in the application listening on a port can be added here, this normally includes tasks
-      # that are ran pre-startup(like migrations) or to show information about the application(such as routes)
       DISABLED_RAKE_TASK_LIST = %w[
         about assets:clean assets:clobber assets:environment
         assets:precompile assets:precompile:all db:create db:drop db:fixtures:load db:migrate
@@ -22,25 +19,102 @@ module Contrast
 
       DEFAULT_UNINSTRUMENTED_NAMESPACES = %w[FactoryGirl FactoryBot].cs__freeze
 
-      KEYS = {
-          disabled_agent_rake_tasks: DISABLED_RAKE_TASK_LIST,
-          exceptions: Contrast::Config::ExceptionConfiguration,
-          # controls whether or not we patch interpolation, either by rewrite or by funchook
-          interpolate: Contrast::Utils::ObjectShare::TRUE,
-          # controls whether or not we patch the rb_yield block to track split propagation
-          propagate_yield: Contrast::Utils::ObjectShare::TRUE,
-          # control whether or not we run file scanning rules on require
-          require_scan: Contrast::Utils::ObjectShare::TRUE,
-          # controls whether or not we track frozen Strings by replacing them
-          track_frozen_sources: Contrast::Utils::ObjectShare::TRUE,
-          # controls tracking outside of request
-          non_request_tracking: Contrast::Utils::ObjectShare::FALSE,
-          uninstrument_namespace: DEFAULT_UNINSTRUMENTED_NAMESPACES
-
-      }.cs__freeze
-
-      def initialize hsh
-        super(hsh, KEYS)
+      attr_writer :disabled_agent_rake_tasks, :exceptions, :interpolate, :propagate_yield, :require_scan,
+                  :track_frozen_sources, :non_request_tracking, :uninstrument_namespace
+
+      def initialize hsh = {}
+        @disabled_agent_rake_tasks = traverse_config(hsh, :disabled_agent_rake_tasks)
+        @exceptions = Contrast::Config::ExceptionConfiguration.new(traverse_config(hsh, :exceptions))
+        @interpolate = traverse_config(hsh, :interpolate)
+        @propagate_yield = traverse_config(hsh, :propagate_yield)
+        @require_scan = traverse_config(hsh, :require_scan)
+        @track_frozen_sources = traverse_config(hsh, :track_frozen_sources)
+        @non_request_tracking = traverse_config(hsh, :non_request_tracking)
+        @uninstrument_namespace = traverse_config(hsh, :uninstrument_namespace)
+        @configuration_map = {}
+        build_configuration_map
+      end
+
+      # These commands being detected will result the agent disabling instrumentation, generally any command
+      # that doesn't result in the application listening on a port can be added here, this normally includes tasks
+      # that are ran pre-startup(like migrations) or to show information about the application(such as routes)
+      # @return [Array, DISABLED_RAKE_TASK_LIST]
+      def disabled_agent_rake_tasks
+        @disabled_agent_rake_tasks.nil? ? DISABLED_RAKE_TASK_LIST : @disabled_agent_rake_tasks
+      end
+
+      # @return [Contrast::Config::ExceptionConfiguration]
+      def exceptions
+        @exceptions ||= Contrast::Config::ExceptionConfiguration.new
+      end
+
+      # controls whether or not we patch interpolation, either by rewrite or by funchook
+      # @return [Boolean, Contrast::Utils::ObjectShare::TRUE]
+      def interpolate
+        @interpolate.nil? ? Contrast::Utils::ObjectShare::TRUE : @interpolate
+      end
+
+      # controls whether or not we patch the rb_yield block to track split propagation
+      # @return [Boolean, Contrast::Utils::ObjectShare::TRUE]
+      def propagate_yield
+        @propagate_yield.nil? ? Contrast::Utils::ObjectShare::TRUE : @propagate_yield
+      end
+
+      # control whether or not we run file scanning rules on require
+      # @return [Boolean, Contrast::Utils::ObjectShare::TRUE]
+      def require_scan
+        @require_scan.nil? ?  Contrast::Utils::ObjectShare::TRUE  : @require_scan
+      end
+
+      # controls whether or not we track frozen Strings by replacing them
+      # @return [Boolean, Contrast::Utils::ObjectShare::TRUE]
+      def track_frozen_sources
+        @track_frozen_sources.nil? ?  Contrast::Utils::ObjectShare::TRUE : @track_frozen_sources
+      end
+
+      # controls tracking outside of request
+      # @return [Boolean, Contrast::Utils::ObjectShare::FALSE]
+      def non_request_tracking
+        @non_request_tracking.nil? ?  Contrast::Utils::ObjectShare::FALSE : @non_request_tracking
+      end
+
+      # @return [Array, DEFAULT_UNINSTRUMENTED_NAMESPACES]
+      def uninstrument_namespace
+        @uninstrument_namespace.nil? ? DEFAULT_UNINSTRUMENTED_NAMESPACES : @uninstrument_namespace
+      end
+
+      # TODO: RUBY-1493 MOVE TO BASE CONFIG
+
+      def []= key, value
+        instance_variable_set("@#{ key }".to_sym, value)
+        @configuration_map[key] = value
+      end
+
+      def [] key
+        send(key.to_sym)
+      end
+
+      # Traverse the given entity to build out the configuration graph.
+      #
+      # The values will be either a hash, indicating internal nodes to
+      # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
+      # leaf node.
+      #
+      # The spec_key are the Contrast defined keys based on the instance variables of
+      # a given configuration.
+      def traverse_config values, spec_key
+        internal_nodes = values.cs__respond_to?(:has_key?)
+        val = internal_nodes ? value_from_key_config(spec_key, values) : nil
+        val == EMPTY_VALUE ? nil : val
+      end
+
+      def build_configuration_map
+        instance_variables.each do |key|
+          str_key = key.to_s.tr('@', '')
+          next if str_key == 'configuration_map'
+
+          @configuration_map[str_key] = send(str_key.to_sym)
+        end
       end
     end
   end

data/lib/contrast/config/sampling_configuration.rb

@@ -6,16 +6,82 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # sampling functionality of the Agent.
     class SamplingConfiguration < BaseConfiguration
-      KEYS = {
-          enable: EMPTY_VALUE,
-          baseline: EMPTY_VALUE,
-          request_frequency: EMPTY_VALUE,
-          response_frequency: EMPTY_VALUE,
-          window_ms: EMPTY_VALUE
-      }.cs__freeze
-
-      def initialize hsh
-        super(hsh, KEYS)
+      # @return [Integer, nil]
+      attr_reader :baseline
+      # @return [Integer, nil]
+      attr_reader :request_frequency
+      # @return [Integer, nil]
+      attr_reader :response_frequency
+      # @return [Integer, nil]
+      attr_reader :window_ms
+
+      def initialize hsh = {}
+        @enable = traverse_config(hsh, :enable)
+        @baseline = traverse_config(hsh, :baseline)
+        @request_frequency = traverse_config(hsh, :request_frequency)
+        @response_frequency = traverse_config(hsh, :response_frequency)
+        @window_ms = traverse_config(hsh, :window_ms)
+        @configuration_map = {}
+        build_configuration_map
+      end
+
+      # @return [Boolean, false]
+      def enable
+        @enable.nil? ? false : @enable
+      end
+
+      def enable= value
+        self['enable'] = value
+      end
+
+      def baseline= value
+        self['baseline'] = value
+      end
+
+      def request_frequency= value
+        self['request_frequency'] = value
+      end
+
+      def response_frequency= value
+        self['response_frequency'] = value
+      end
+
+      def window_ms= value
+        self['window_ms'] = value
+      end
+
+      # TODO: RUBY-1493 MOVE TO BASE CONFIG
+
+      def []= key, value
+        instance_variable_set("@#{ key }".to_sym, value)
+        @configuration_map[key] = value
+      end
+
+      def [] key
+        send(key.to_sym)
+      end
+
+      # Traverse the given entity to build out the configuration graph.
+      #
+      # The values will be either a hash, indicating internal nodes to
+      # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
+      # leaf node.
+      #
+      # The spec_key are the Contrast defined keys based on the instance variables of
+      # a given configuration.
+      def traverse_config values, spec_key
+        internal_nodes = values.cs__respond_to?(:has_key?)
+        val = internal_nodes ? value_from_key_config(spec_key, values) : nil
+        val == EMPTY_VALUE ? nil : val
+      end
+
+      def build_configuration_map
+        instance_variables.each do |key|
+          str_key = key.to_s.tr('@', '')
+          next if str_key == 'configuration_map'
+
+          @configuration_map[str_key] = send(str_key.to_sym)
+        end
       end
     end
   end

data/lib/contrast/config/server_configuration.rb

@@ -6,17 +6,62 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # server identification functionality of the Agent.
     class ServerConfiguration < BaseConfiguration
-      KEYS = {
-          name: EMPTY_VALUE,
-          path: EMPTY_VALUE,
-          type: EMPTY_VALUE,
-          tags: EMPTY_VALUE,
-          environment: EMPTY_VALUE,
-          version: EMPTY_VALUE
-      }.cs__freeze
-
-      def initialize hsh
-        super(hsh, KEYS)
+      # @return [String, nil]
+      attr_accessor :name
+      # @return [String, nil]
+      attr_accessor :path
+      # @return [String, nil]
+      attr_accessor :type
+      # @return [Array, nil]
+      attr_accessor :tags
+      # @return [String, nil]
+      attr_accessor :environment
+      # @return [String, nil]
+      attr_accessor :version
+
+      def initialize hsh = {}
+        @path = traverse_config(hsh, :path)
+        @name = traverse_config(hsh, :name)
+        @type = traverse_config(hsh, :type)
+        @tags = traverse_config(hsh, :tags)
+        @environment = traverse_config(hsh, :environment)
+        @version = traverse_config(hsh, :version)
+        @configuration_map = {}
+        build_configuration_map
+      end
+
+      # TODO: RUBY-1493 MOVE TO BASE CONFIG
+
+      def []= key, value
+        instance_variable_set("@#{ key }".to_sym, value)
+        @configuration_map[key] = value
+      end
+
+      def [] key
+        send(key.to_sym)
+      end
+
+      # Traverse the given entity to build out the configuration graph.
+      #
+      # The values will be either a hash, indicating internal nodes to
+      # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
+      # leaf node.
+      #
+      # The spec_key are the Contrast defined keys based on the instance variables of
+      # a given configuration.
+      def traverse_config values, spec_key
+        internal_nodes = values.cs__respond_to?(:has_key?)
+        val = internal_nodes ? value_from_key_config(spec_key, values) : nil
+        val == EMPTY_VALUE ? nil : val
+      end
+
+      def build_configuration_map
+        instance_variables.each do |key|
+          str_key = key.to_s.tr('@', '')
+          next if str_key == 'configuration_map'
+
+          @configuration_map[str_key] = send(str_key.to_sym)
+        end
       end
     end
   end

data/lib/contrast/configuration.rb

@@ -217,10 +217,13 @@ module Contrast
     def convert_to_hash convert = root, hash = {}
       case convert
       when Contrast::Config::BaseConfiguration
-        convert.cs__class::KEYS.each_key do |key|
-          next if Contrast::Utils::ExcludeKey.excludable? key.to_s
+        # to_hash returns @configuration_map
+        convert.to_hash.each_key do |key|
+          next if Contrast::Utils::ExcludeKey.excludable?(key.to_s)
 
-          hash[key] = convert_to_hash(convert.send(key), {})
+          # keys can contain '-' but methods getters cannot
+          # clean_key = key.to_s.tr('-', '_')
+          hash[key] = convert_to_hash(convert.send(key.to_sym), {})
         end
         hash
       else