contrast-agent 5.1.0 → 6.0.0

data/lib/contrast/config/assess_rules_configuration.rb

@@ -6,10 +6,22 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # disabled assess rule functionality of the Agent.
     class AssessRulesConfiguration < BaseConfiguration
-      KEYS = { disabled_rules: EMPTY_VALUE }.cs__freeze
+      SPEC_KEY = :disabled_rules.cs__freeze
+      # @return [Array, nil] list of disabled assess rules
+      attr_accessor :disabled_rules
 
-      def initialize hsh
-        super(hsh, KEYS)
+      def initialize hsh = {}
+        @disabled_rules = cast_disabled_rules hsh
+      end
+
+      private
+
+      def cast_disabled_rules hsh
+        return unless hsh
+        return unless hsh.key?(SPEC_KEY)
+        return hsh[SPEC_KEY] if hsh[SPEC_KEY].cs__is_a?(Array)
+
+        hsh[SPEC_KEY].split(',').map(&:strip) if hsh[SPEC_KEY].cs__is_a?(String)
       end
     end
   end

data/lib/contrast/config/base_configuration.rb

@@ -12,24 +12,28 @@ module Contrast
     class BaseConfiguration
       extend Forwardable
 
-      attr_reader :configuration_map
-
-      alias_method :to_hash, :configuration_map
-      def_delegators :@configuration_map, :empty?, :key?, :delete, :fetch,
-                     :[], :[]=, :each, :each_pair, :each_key, :each_value
-
       EMPTY_VALUE = :EMPTY_VALUE
 
       def initialize hsh = {}, keys = {}
         # holds configuration key value pairs
         # each configuration class can contain nested BaseConfigurations
-        @configuration_map = {}
         traverse_config(hsh, keys)
       end
 
+      def to_hash
+        hsh = {}
+        instance_variables.each do |iv|
+          # strip the '@' to get the key
+          key = iv.to_s[1..]
+          hsh[key] = send(key.to_sym)
+        end
+        hsh
+      end
+
       def assign_value_to_path_array dot_path_array, value
         current_level = self
         dot_path_array[0...-1].each do |segment|
+          segment = segment.tr('-', '_')
           current_level = current_level.send(segment) if current_level.cs__respond_to?(segment)
         end
         last_entry = dot_path_array[-1]
@@ -39,10 +43,6 @@ module Contrast
         nil
       end
 
-      def nil?
-        @configuration_map.empty?
-      end
-
       private
 
       # Traverse the given entity to build out the configuration graph.
@@ -51,51 +51,19 @@ module Contrast
       # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
       # leaf node.
       #
-      # The spec_keys are the Contrast defined keys used to access a given
-      # configuration. Each child of this class maintains its own set of keys,
-      # as well as Objects to which those keys map.
-      def traverse_config values, spec_keys
+      # The spec_key are the Contrast defined keys based on the instance variables of
+      # a given configuration.
+      def traverse_config values, spec_key
         internal_nodes = values.cs__respond_to?(:has_key?)
-        spec_keys.each_pair do |spec_key, spec_value|
-          user_provided_value = internal_nodes ? value_from_key_config(spec_key, values) : EMPTY_VALUE
-          define_methods(spec_key, spec_value, user_provided_value)
-        end
-      end
-
-      def define_methods spec_key, spec_value, user_provided_value
-        str_key = spec_key.to_s
-        assign_config_value(str_key, spec_value, user_provided_value)
-        define_getter(str_key)
-        define_setter(str_key)
-      end
-
-      def assign_config_value str_key, spec_value, user_provided_value
-        @configuration_map[str_key] = if spec_value.is_a?(Class) && spec_value <= Contrast::Config::BaseConfiguration
-                                        spec_value.new(user_provided_value)
-                                      elsif user_provided_value == EMPTY_VALUE
-                                        spec_value
-                                      else
-                                        user_provided_value
-                                      end
+        val = internal_nodes ? value_from_key_config(spec_key, values) : nil
+        val == EMPTY_VALUE ? nil : val
       end
 
       def value_from_key_config key, config_hash
         return config_hash[key] if config_hash.key?(key)
-        return config_hash.fetch(key.to_sym, EMPTY_VALUE) if key.is_a?(String)
-
-        config_hash.fetch(key.to_s, EMPTY_VALUE)
-      end
+        return config_hash.fetch(key.to_sym, nil) if key.is_a?(String)
 
-      def define_getter str_key
-        define_singleton_method str_key.to_sym do
-          @configuration_map[str_key] == EMPTY_VALUE ? nil : @configuration_map[str_key]
-        end
-      end
-
-      def define_setter str_key
-        define_singleton_method "#{ str_key }=".to_sym do |new_value|
-          @configuration_map[str_key] = new_value
-        end
+        config_hash.fetch(key.to_s, nil)
       end
     end
   end

data/lib/contrast/config/certification_configuration.rb

@@ -5,10 +5,24 @@ module Contrast
   module Config
     # Certificate Configuration
     class CertificationConfiguration < BaseConfiguration
-      KEYS = { enable: false, ca_file: EMPTY_VALUE, cert_file: EMPTY_VALUE, key_file: EMPTY_VALUE }.cs__freeze
+      # @return [String] path to CA Cert file
+      attr_accessor :ca_file
+      # @return [String] path to Certification file
+      attr_accessor :cert_file
+      # @return [String] path to Certification Key file
+      attr_accessor :key_file
+      attr_writer :enable
 
-      def initialize hsh
-        super(hsh, KEYS)
+      def initialize hsh = {}
+        @enable = traverse_config(hsh, :enable)
+        @ca_file = traverse_config(hsh, :ca_file)
+        @cert_file = traverse_config(hsh, :cert_file)
+        @key_file = traverse_config(hsh, :key_file)
+      end
+
+      # @return [Boolean, false]
+      def enable
+        @enable.nil? ? false : @enable
       end
     end
   end

data/lib/contrast/config/exception_configuration.rb

@@ -7,10 +7,21 @@ module Contrast
     # exception handling in Ruby, allowing for the override of Response Code
     # and Message when Security Exceptions are raised.
     class ExceptionConfiguration < BaseConfiguration
-      KEYS = { capture: EMPTY_VALUE, override_status: EMPTY_VALUE, override_message: EMPTY_VALUE }.cs__freeze
+      # @return [Integer] the HTTP status code override
+      attr_accessor :override_status
+      # @return [String] the message text override
+      attr_accessor :override_message
+      attr_writer :capture
 
-      def initialize hsh
-        super(hsh, KEYS)
+      def initialize hsh = {}
+        @capture = traverse_config(hsh, :capture)
+        @override_status = traverse_config(hsh, :override_status)
+        @override_message = traverse_config(hsh, :override_message)
+      end
+
+      # @return [Boolean, false]
+      def capture
+        !!@capture
       end
     end
   end

data/lib/contrast/config/heap_dump_configuration.rb

@@ -6,23 +6,49 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # Heap Dump collection functionality of the Agent.
     class HeapDumpConfiguration < BaseConfiguration
-      KEYS = {
-          enable:                                                                   # should dumps be taken
-            Contrast::Utils::ObjectShare::FALSE,
-          path:                                                                     # dir to which dumps should be
-            'contrast_heap_dumps', # saved
-          delay_ms:                                                                 # time, in ms, after initialization
-            10_000, # to delay before taking dump
-          window_ms:                                                                # ms between each dump
-            10_000, #
-          count:                                                                    # number of dumps to take
-            5, #
-          clean:                                                                    # remove temporary objects or not
-            Contrast::Utils::ObjectShare::FALSE #
-      }.cs__freeze
-
-      def initialize hsh
-        super(hsh, KEYS)
+      DEFAULT_PATH = 'contrast_heap_dumps' # saved
+      DEFAULT_MS = 10_000
+      DEFAULT_COUNT = 5
+
+      attr_writer :enable, :path, :delay_ms, :window_ms, :count, :clean
+
+      def initialize hsh = {}
+        @enable = traverse_config(hsh, :enable)
+        @path = traverse_config(hsh, :path)
+        @delay_ms = traverse_config(hsh, :delay_ms)
+        @window_ms = traverse_config(hsh, :window_ms)
+        @count = traverse_config(hsh, :count)
+        @clean = traverse_config(hsh, :clean)
+      end
+
+      # @return [Boolean, Contrast::Utils::ObjectShare::FALSE] should dumps be taken
+      def enable
+        @enable.nil? ? Contrast::Utils::ObjectShare::FALSE : @enable
+      end
+
+      # @return [String, DEFAULT_PATH] dir to which dumps should be
+      def path
+        @path ||= DEFAULT_PATH
+      end
+
+      # @return [Integer, DEFAULT_MS] time, in ms, after initialization
+      def delay_ms
+        @delay_ms ||= DEFAULT_MS
+      end
+
+      # @return [Integer, DEFAULT_MS] ms between each dump
+      def window_ms
+        @window_ms ||= DEFAULT_MS
+      end
+
+      # @return [Integer, DEFAULT_MS] number of dumps to take
+      def count
+        @count ||= DEFAULT_COUNT
+      end
+
+      # @return [Boolean, Contrast::Utils::ObjectShare::FALSE] remove temporary objects or not
+      def clean
+        @clean.nil? ? Contrast::Utils::ObjectShare::FALSE : @clean
       end
     end
   end

data/lib/contrast/config/inventory_configuration.rb

@@ -6,10 +6,24 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # inventory functionality of the Agent.
     class InventoryConfiguration < BaseConfiguration
-      KEYS = { enable: true, analyze_libraries: true, tags: EMPTY_VALUE }.cs__freeze
+      # @return [Array, nil] tags
+      attr_accessor :tags
+      attr_writer :enable, :analyze_libraries
 
-      def initialize hsh
-        super(hsh, KEYS)
+      def initialize hsh = {}
+        @enable = traverse_config(hsh, :enable)
+        @analyze_libraries = traverse_config(hsh, :analyze_libraries)
+        @tags = traverse_config(hsh, :tags)
+      end
+
+      # @return [Boolean, true]
+      def enable
+        @enable.nil? ? true : @enable
+      end
+
+      # @return [Boolean, true]
+      def analyze_libraries
+        @analyze_libraries.nil? ? true : @analyze_libraries
       end
     end
   end

data/lib/contrast/config/logger_configuration.rb

@@ -6,10 +6,17 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # logging in the Agent.
     class LoggerConfiguration < BaseConfiguration
-      KEYS = { path: EMPTY_VALUE, level: EMPTY_VALUE, progname: EMPTY_VALUE }.cs__freeze
+      # @return [String, nil]
+      attr_accessor :path
+      # @return [String, nil]
+      attr_accessor :level
+      # @return [String, nil]
+      attr_accessor :progname
 
-      def initialize hsh
-        super(hsh, KEYS)
+      def initialize hsh = {}
+        @path = traverse_config(hsh, :path)
+        @level = traverse_config(hsh, :level)
+        @progname = traverse_config(hsh, :progname)
       end
     end
   end

data/lib/contrast/config/protect_configuration.rb

@@ -6,14 +6,24 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # protect functionality of the Agent.
     class ProtectConfiguration < BaseConfiguration
-      KEYS = {
-          exceptions: Contrast::Config::ExceptionConfiguration,
-          rules: Contrast::Config::ProtectRulesConfiguration,
-          enable: EMPTY_VALUE
-      }.cs__freeze
+      # @return [Boolean, nil]
+      attr_accessor :enable
+      attr_writer :exceptions, :rules
 
-      def initialize hsh
-        super(hsh, KEYS)
+      def initialize hsh = {}
+        @exceptions = Contrast::Config::ExceptionConfiguration.new(traverse_config(hsh, :exceptions))
+        @rules = Contrast::Config::ProtectRulesConfiguration.new(traverse_config(hsh, :rules))
+        @enable = traverse_config(hsh, :enable)
+      end
+
+      # @return [Contrast::Config::ExceptionConfiguration]
+      def exceptions
+        @exceptions ||= Contrast::Config::ExceptionConfiguration.new
+      end
+
+      # @return [Contrast::Config::ProtectRulesConfiguration]
+      def rules
+        @rules ||= Contrast::Config::ProtectRulesConfiguration.new
       end
     end
   end

data/lib/contrast/config/protect_rule_configuration.rb

@@ -8,15 +8,24 @@ module Contrast
     # Common Configuration settings. Those in this section pertain to the
     # rule mode of a single protect rule in the Agent.
     class ProtectRuleConfiguration < BaseConfiguration
-      KEYS = {
-          enable: EMPTY_VALUE,
-          mode: EMPTY_VALUE,
-          disable_system_commands: EMPTY_VALUE,
-          detect_custom_code_accessing_system_files: true
-      }.cs__freeze
+      # @return [Boolean, nil]
+      attr_accessor :enable
+      # @return [String, nil]
+      attr_accessor :mode
+      # @retrun [Boolean, nil]
+      attr_accessor :disable_system_commands
+      attr_writer :detect_custom_code_accessing_system_files
 
-      def initialize hsh
-        super(hsh, KEYS)
+      def initialize hsh = {}
+        @enable = traverse_config(hsh, :enable)
+        @mode = traverse_config(hsh, :mode)
+        @disable_system_commands = traverse_config(hsh, :disable_system_commands)
+        @detect_custom_code_accessing_system_files = traverse_config(hsh, :detect_custom_code_accessing_system_files)
+      end
+
+      # @return [Boolean, true]
+      def detect_custom_code_accessing_system_files
+        @detect_custom_code_accessing_system_files.nil? ? true : @detect_custom_code_accessing_system_files
       end
 
       # To convert the user input mode from config to a standard format used by TS & SR, we need to convert the given

data/lib/contrast/config/protect_rules_configuration.rb

@@ -1,28 +1,126 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/config/protect_rule_configuration'
+
 module Contrast
   module Config
     # Common Configuration settings. Those in this section pertain to the
     # protect rule modes of the Agent.
     class ProtectRulesConfiguration < BaseConfiguration
-      KEYS = {
-          disabled_rules: EMPTY_VALUE,
-          'bot-blocker' => Contrast::Config::ProtectRuleConfiguration,
-          'cmd-injection' => Contrast::Config::ProtectRuleConfiguration,
-          'sql-injection' => Contrast::Config::ProtectRuleConfiguration,
-          'nosql-injection' => Contrast::Config::ProtectRuleConfiguration,
-          'untrusted-deserialization' => Contrast::Config::ProtectRuleConfiguration,
-          'method-tampering' => Contrast::Config::ProtectRuleConfiguration,
-          xxe: Contrast::Config::ProtectRuleConfiguration,
-          'path-traversal' => Contrast::Config::ProtectRuleConfiguration,
-          'reflected-xss' => Contrast::Config::ProtectRuleConfiguration,
-          'unsafe-file-upload' => Contrast::Config::ProtectRuleConfiguration,
-          'Contrast::Agent::Protect::Rule::Base' => Contrast::Config::ProtectRuleConfiguration
-      }.cs__freeze
-
-      def initialize hsh
-        super(hsh, KEYS)
+      attr_accessor :disabled_rules
+      attr_writer :bot_blocker, :cmd_injection, :sql_injection, :nosql_injection, :untrusted_deserialization,
+                  :method_tampering, :xxe, :path_traversal, :reflected_xss, :unsafe_file_upload, :rule_base
+
+      BASE_RULE = 'Contrast::Agent::Protect::Rule::Base'.cs__freeze
+
+      def initialize hsh = {}
+        @disabled_rules = traverse_config(hsh, :disabled_rules)
+        @bot_blocker = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'bot-blocker'))
+        @cmd_injection = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'cmd-injection'))
+        @sql_injection = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'sql-injection'))
+        @nosql_injection = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'nosql-injection'))
+        @untrusted_deserialization = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(
+                                                                                        hsh,
+                                                                                        'untrusted-deserialization'))
+        @method_tampering = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'method-tampering'))
+        @xxe = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, :xxe))
+        @path_traversal = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'path-traversal'))
+        @reflected_xss = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'reflected-xss'))
+        @unsafe_file_upload = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, 'unsafe-file-upload'))
+        @rule_base = Contrast::Config::ProtectRuleConfiguration.new(traverse_config(hsh, BASE_RULE))
+      end
+
+      def bot_blocker
+        @bot_blocker ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def cmd_injection
+        @cmd_injection ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def sql_injection
+        @sql_injection ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def nosql_injection
+        @nosql_injection ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def untrusted_deserialization
+        @untrusted_deserialization ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def method_tampering
+        @method_tampering ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def xxe
+        @xxe ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def path_traversal
+        @path_traversal ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def reflected_xss
+        @reflected_xss ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def unsafe_file_upload
+        @unsafe_file_upload ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def rule_base
+        @rule_base ||= Contrast::Config::ProtectRuleConfiguration.new
+      end
+
+      def []= key, value
+        instance_variable_set("@#{ convert_key(key) }".to_sym, value)
+      end
+
+      def [] key
+        send(convert_key(key).to_sym)
+      end
+
+      def convert_key key
+        return_proper_class(key).to_s.tr('-', '_')
+      end
+
+      # Convert instance variable names to format expected by TS
+      # for adding to the hash
+      def to_hash
+        hsh = {}
+        instance_variables.each do |iv|
+          # strip the '@' to get the key
+          key = return_proper_class(iv.to_s.delete('@'))
+          hsh[key.tr('_', '-')] = send(key.to_sym)
+        end
+        hsh
+      end
+
+      # This method is to handle the specific case of
+      # Contrast::Agent::Protect::Rule::Base from protect/base.rb#initialize
+      #
+      # @param str_key [String] the key we want to check form the config
+      # @return String
+      def return_proper_class str_key
+        return BASE_RULE if str_key == 'rule_base'
+        return 'rule_base' if str_key == BASE_RULE
+
+        str_key
+      end
+
+      # if method 'Contrast::Agent::Protect::Rule::Base' is being called from convert_to_hash
+      # handle missing method and call original getter
+      def method_missing name, *_args
+        return unless name.to_s.include?('Base') || name.to_s.start_with?('Contrast')
+
+        @rule_base
+      end
+
+      def respond_to_missing? method_name, include_private = false
+        (method_name.to_s.include?('Base') || method_name.to_s.start_with?('Contrast')) || super
       end
     end
   end

data/lib/contrast/config/request_audit_configuration.rb

@@ -8,10 +8,33 @@ module Contrast
     class RequestAuditConfiguration < BaseConfiguration
       DEFAULT_PATH = './messages'
 
-      KEYS = { enable: false, requests: false, responses: false, path: DEFAULT_PATH }.cs__freeze
+      attr_writer :enable, :requests, :responses, :path
 
-      def initialize hsh
-        super(hsh, KEYS)
+      def initialize hsh = {}
+        @enable = traverse_config(hsh, :enable)
+        @requests = traverse_config(hsh, :requests)
+        @responses = traverse_config(hsh, :responses)
+        @path = traverse_config(hsh, :path)
+      end
+
+      # @return [Boolean, false]
+      def enable
+        @enable.nil? ? false : @enable
+      end
+
+      # @return [Boolean, false]
+      def requests
+        @requests.nil? ? false : @requests
+      end
+
+      # @return [Boolean, false]
+      def responses
+        @responses.nil? ? false : @responses
+      end
+
+      # @return [String, ::DEFAULT_PATH]
+      def path
+        @path.nil? ? DEFAULT_PATH : @path
       end
     end
   end

data/lib/contrast/config/root_configuration.rb

@@ -5,22 +5,62 @@ module Contrast
   module Config
     # The base of the Common Configuration settings.
     class RootConfiguration < BaseConfiguration
-      KEYS = {
-          api: Contrast::Config::ApiConfiguration,
-          enable: BaseConfiguration::EMPTY_VALUE,
-          agent: Contrast::Config::AgentConfiguration,
-          application: Contrast::Config::ApplicationConfiguration,
-          server: Contrast::Config::ServerConfiguration,
-          assess: Contrast::Config::AssessConfiguration,
-          inventory: Contrast::Config::InventoryConfiguration,
-          protect: Contrast::Config::ProtectConfiguration,
-          service: Contrast::Config::ServiceConfiguration
-      }.cs__freeze
+      attr_writer :api, :agent, :application, :server, :assess, :inventory, :protect, :service
+      # @return [Boolean, nil]
+      attr_accessor :enable
 
       def initialize hsh = {}
         raise ArgumentError, 'Expected a hash' unless hsh.is_a?(Hash)
 
-        super(hsh, KEYS)
+        @api = Contrast::Config::ApiConfiguration.new(traverse_config(hsh, :api))
+        @enable = traverse_config(hsh, :enable)
+        @agent = Contrast::Config::AgentConfiguration.new(traverse_config(hsh, :agent))
+        @application = Contrast::Config::ApplicationConfiguration.new(traverse_config(hsh, :application))
+        @server = Contrast::Config::ServerConfiguration.new(traverse_config(hsh, :server))
+        @assess = Contrast::Config::AssessConfiguration.new(traverse_config(hsh, :assess))
+        @inventory = Contrast::Config::InventoryConfiguration.new(traverse_config(hsh, :inventory))
+        @protect = Contrast::Config::ProtectConfiguration.new(traverse_config(hsh, :protect))
+        @service = Contrast::Config::ServiceConfiguration.new(traverse_config(hsh, :service))
+      end
+
+      # @return [Contrast::Config::ApiConfiguration]
+      def api
+        @api ||= Contrast::Config::ApiConfiguration.new
+      end
+
+      # @return [Contrast::Config::AgentConfiguration]
+      def agent
+        @agent ||= Contrast::Config::AgentConfiguration.new
+      end
+
+      # @return [Contrast::Config::ApplicationConfiguration]
+      def application
+        @application ||= Contrast::Config::ApplicationConfiguration.new
+      end
+
+      # @return [Contrast::Config::ServerConfiguration]
+      def server
+        @server ||= Contrast::Config::ServerConfiguration.new
+      end
+
+      # @return [Contrast::Config::AssessConfiguration]
+      def assess
+        @assess ||= Contrast::Config::AssessConfiguration.new
+      end
+
+      # @return [Contrast::Config::InventoryConfiguration]
+      def inventory
+        @inventory ||= Contrast::Config::InventoryConfiguration.new
+      end
+
+      # @return [Contrast::Config::ProtectConfiguration]
+      def protect
+        @protect ||= Contrast::Config::ProtectConfiguration.new
+      end
+
+      # @return [Contrast::Config::ServiceConfiguration]
+      def service
+        @service ||= Contrast::Config::ServiceConfiguration.new
       end
     end
   end