contrast-agent 5.3.0 → 6.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (161) hide show
  1. checksums.yaml +4 -4
  2. data/ext/cs__assess_array/cs__assess_array.c +7 -0
  3. data/ext/cs__assess_basic_object/cs__assess_basic_object.c +19 -5
  4. data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +1 -1
  5. data/ext/cs__assess_hash/cs__assess_hash.c +3 -4
  6. data/ext/cs__assess_kernel/cs__assess_kernel.c +1 -2
  7. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +26 -12
  8. data/ext/cs__assess_module/cs__assess_module.c +1 -1
  9. data/ext/cs__assess_string/cs__assess_string.c +13 -1
  10. data/ext/cs__common/cs__common.c +12 -11
  11. data/ext/cs__contrast_patch/cs__contrast_patch.c +54 -43
  12. data/ext/cs__os_information/cs__os_information.c +13 -10
  13. data/ext/cs__scope/cs__scope.c +146 -97
  14. data/lib/contrast/agent/assess/finalizers/hash.rb +2 -0
  15. data/lib/contrast/agent/assess/policy/policy_node.rb +50 -27
  16. data/lib/contrast/agent/assess/policy/policy_node_utils.rb +51 -0
  17. data/lib/contrast/agent/assess/policy/preshift.rb +8 -2
  18. data/lib/contrast/agent/assess/policy/propagation_method.rb +47 -13
  19. data/lib/contrast/agent/assess/policy/propagator/buffer.rb +118 -0
  20. data/lib/contrast/agent/assess/policy/propagator/keep.rb +19 -4
  21. data/lib/contrast/agent/assess/policy/propagator/remove.rb +18 -2
  22. data/lib/contrast/agent/assess/policy/propagator/splat.rb +17 -3
  23. data/lib/contrast/agent/assess/policy/propagator/substitution.rb +1 -1
  24. data/lib/contrast/agent/assess/policy/propagator/substitution_utils.rb +1 -1
  25. data/lib/contrast/agent/assess/policy/propagator/trim.rb +1 -1
  26. data/lib/contrast/agent/assess/policy/propagator.rb +1 -0
  27. data/lib/contrast/agent/assess/policy/source_method.rb +7 -7
  28. data/lib/contrast/agent/assess/policy/trigger_method.rb +3 -1
  29. data/lib/contrast/agent/assess/property/tagged.rb +1 -1
  30. data/lib/contrast/agent/assess/rule/response/auto_complete_rule.rb +1 -1
  31. data/lib/contrast/agent/assess/rule/response/body_rule.rb +3 -3
  32. data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb +1 -1
  33. data/lib/contrast/agent/assess/rule/response/parameters_pollution_rule.rb +1 -1
  34. data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +0 -7
  35. data/lib/contrast/agent/deadzone/policy/policy.rb +0 -6
  36. data/lib/contrast/agent/exclusion_matcher.rb +3 -3
  37. data/lib/contrast/agent/middleware.rb +3 -1
  38. data/lib/contrast/agent/patching/policy/patcher.rb +3 -3
  39. data/lib/contrast/agent/patching/policy/policy_node.rb +15 -2
  40. data/lib/contrast/agent/protect/exploitable_collection.rb +38 -0
  41. data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +61 -8
  42. data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb +2 -1
  43. data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +2 -2
  44. data/lib/contrast/agent/protect/rule/base.rb +37 -5
  45. data/lib/contrast/agent/protect/rule/base_service.rb +3 -1
  46. data/lib/contrast/agent/protect/rule/cmd_injection.rb +13 -0
  47. data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +83 -0
  48. data/lib/contrast/agent/protect/rule/cmdi/cmdi_worth_watching.rb +64 -0
  49. data/lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb +96 -0
  50. data/lib/contrast/agent/protect/rule/http_method_tampering.rb +8 -0
  51. data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +231 -0
  52. data/lib/contrast/agent/protect/rule/no_sqli.rb +27 -0
  53. data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +18 -54
  54. data/lib/contrast/agent/protect/rule/sqli/sqli_worth_watching.rb +1 -4
  55. data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +82 -0
  56. data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_matcher.rb +45 -0
  57. data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +42 -0
  58. data/lib/contrast/agent/reporting/attack_result/attack_result.rb +63 -0
  59. data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +52 -0
  60. data/lib/contrast/agent/reporting/attack_result/response_type.rb +29 -0
  61. data/lib/contrast/agent/reporting/attack_result/user_input.rb +87 -0
  62. data/lib/contrast/agent/reporting/masker/masker.rb +246 -0
  63. data/lib/contrast/agent/reporting/masker/masker_utils.rb +58 -0
  64. data/lib/contrast/agent/reporting/report.rb +2 -0
  65. data/lib/contrast/agent/reporting/reporter.rb +23 -11
  66. data/lib/contrast/agent/reporting/reporting_events/agent_startup.rb +30 -0
  67. data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb +7 -3
  68. data/lib/contrast/agent/reporting/reporting_events/application_startup.rb +40 -0
  69. data/lib/contrast/agent/reporting/reporting_events/application_startup_instrumentation.rb +27 -0
  70. data/lib/contrast/agent/reporting/reporting_events/finding.rb +1 -1
  71. data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +5 -5
  72. data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +9 -9
  73. data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +2 -1
  74. data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +2 -1
  75. data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb +8 -6
  76. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +16 -5
  77. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +27 -26
  78. data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb +1 -1
  79. data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +97 -0
  80. data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +68 -6
  81. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_mode.rb +63 -0
  82. data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +122 -96
  83. data/lib/contrast/agent/reporting/settings/application_settings.rb +9 -0
  84. data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +5 -33
  85. data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +1 -1
  86. data/lib/contrast/agent/reporting/settings/sampling.rb +36 -0
  87. data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb +110 -0
  88. data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb +58 -0
  89. data/lib/contrast/agent/request_context.rb +1 -1
  90. data/lib/contrast/agent/request_context_extend.rb +1 -1
  91. data/lib/contrast/agent/request_handler.rb +4 -0
  92. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +51 -0
  93. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +36 -0
  94. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +97 -0
  95. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +65 -0
  96. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +47 -0
  97. data/lib/contrast/agent/{metric_telemetry_event.rb → telemetry/events/metric_telemetry_event.rb} +1 -1
  98. data/lib/contrast/agent/{startup_metrics_telemetry_event.rb → telemetry/events/startup_metrics_telemetry_event.rb} +3 -3
  99. data/lib/contrast/agent/{telemetry_event.rb → telemetry/events/telemetry_event.rb} +1 -1
  100. data/lib/contrast/agent/{telemetry.rb → telemetry/telemetry.rb} +32 -19
  101. data/lib/contrast/agent/thread_watcher.rb +1 -1
  102. data/lib/contrast/agent/version.rb +1 -1
  103. data/lib/contrast/agent.rb +3 -0
  104. data/lib/contrast/api/communication/speedracer.rb +1 -1
  105. data/lib/contrast/api/decorators/address.rb +1 -1
  106. data/lib/contrast/api/decorators/response_type.rb +30 -0
  107. data/lib/contrast/api/decorators.rb +1 -0
  108. data/lib/contrast/components/app_context.rb +0 -4
  109. data/lib/contrast/components/assess.rb +14 -0
  110. data/lib/contrast/components/protect.rb +2 -2
  111. data/lib/contrast/components/sampling.rb +7 -11
  112. data/lib/contrast/components/settings.rb +106 -8
  113. data/lib/contrast/config/agent_configuration.rb +13 -30
  114. data/lib/contrast/config/api_configuration.rb +4 -67
  115. data/lib/contrast/config/api_proxy_configuration.rb +2 -45
  116. data/lib/contrast/config/application_configuration.rb +9 -84
  117. data/lib/contrast/config/assess_configuration.rb +10 -69
  118. data/lib/contrast/config/assess_rules_configuration.rb +9 -38
  119. data/lib/contrast/config/base_configuration.rb +17 -50
  120. data/lib/contrast/config/certification_configuration.rb +6 -63
  121. data/lib/contrast/config/exception_configuration.rb +5 -52
  122. data/lib/contrast/config/heap_dump_configuration.rb +6 -64
  123. data/lib/contrast/config/inventory_configuration.rb +2 -49
  124. data/lib/contrast/config/logger_configuration.rb +0 -36
  125. data/lib/contrast/config/protect_configuration.rb +17 -7
  126. data/lib/contrast/config/protect_rule_configuration.rb +12 -30
  127. data/lib/contrast/config/protect_rules_configuration.rb +21 -26
  128. data/lib/contrast/config/request_audit_configuration.rb +6 -48
  129. data/lib/contrast/config/root_configuration.rb +52 -12
  130. data/lib/contrast/config/ruby_configuration.rb +0 -36
  131. data/lib/contrast/config/sampling_configuration.rb +1 -57
  132. data/lib/contrast/config/server_configuration.rb +0 -36
  133. data/lib/contrast/config/service_configuration.rb +5 -44
  134. data/lib/contrast/configuration.rb +2 -3
  135. data/lib/contrast/extension/assess/string.rb +20 -1
  136. data/lib/contrast/extension/module.rb +0 -1
  137. data/lib/contrast/framework/manager.rb +2 -2
  138. data/lib/contrast/logger/application.rb +1 -1
  139. data/lib/contrast/logger/cef_log.rb +1 -1
  140. data/lib/contrast/tasks/config.rb +90 -3
  141. data/lib/contrast/utils/assess/object_store.rb +36 -0
  142. data/lib/contrast/utils/assess/propagation_method_utils.rb +6 -0
  143. data/lib/contrast/utils/class_util.rb +3 -12
  144. data/lib/contrast/utils/input_classification.rb +73 -0
  145. data/lib/contrast/utils/log_utils.rb +1 -1
  146. data/lib/contrast/utils/middleware_utils.rb +9 -8
  147. data/lib/contrast/utils/net_http_base.rb +1 -1
  148. data/lib/contrast/utils/object_share.rb +2 -1
  149. data/lib/contrast/utils/os.rb +0 -5
  150. data/lib/contrast/utils/patching/policy/patch_utils.rb +4 -5
  151. data/lib/contrast/utils/response_utils.rb +18 -33
  152. data/lib/contrast/utils/telemetry.rb +1 -1
  153. data/lib/contrast/utils/telemetry_client.rb +1 -1
  154. data/lib/contrast/utils/telemetry_identifier.rb +1 -1
  155. data/resources/assess/policy.json +98 -0
  156. data/resources/deadzone/policy.json +0 -86
  157. data/ruby-agent.gemspec +9 -8
  158. data/service_executables/VERSION +1 -1
  159. data/service_executables/linux/contrast-service +0 -0
  160. data/service_executables/mac/contrast-service +0 -0
  161. metadata +73 -28
@@ -2,6 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/api/settings.pb'
5
+ require 'contrast/agent/reporting/settings/sensitive_data_masking'
5
6
 
6
7
  module Contrast
7
8
  module Components
@@ -13,12 +14,14 @@ module Contrast
13
14
  APPLICATION_STATE_BASE = Struct.new(:modes_by_id, :exclusion_matchers).
14
15
  new(Hash.new(Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION), [])
15
16
  PROTECT_STATE_BASE = Struct.new(:enabled, :rules).new(false, {})
16
- ASSESS_STATE_BASE = Struct.new(:enabled, :sampling_settings, :disabled_assess_rules).new(false, nil, []) do
17
+ ASSESS_STATE_BASE = Struct.new(:enabled, :sampling_settings, :disabled_assess_rules, :session_id).new(false, nil,
18
+ [], nil) do
17
19
  def sampling_settings= new_val
18
20
  @sampling_settings = new_val
19
21
  Contrast::Utils::Assess::SamplingUtil.instance.update
20
22
  end
21
23
  end
24
+ SENSITIVE_DATA_MASKING_BASE = Contrast::Agent::Reporting::Settings::SensitiveDataMasking.new
22
25
 
23
26
  # This is a class.
24
27
  class Interface
@@ -26,7 +29,63 @@ module Contrast
26
29
 
27
30
  # tainted_columns are database columns that receive unsanitized input.
28
31
  attr_reader :tainted_columns # This can probably go into assess_state?
29
- attr_reader :assess_state, :protect_state, :application_state
32
+ # Current state for Assess.
33
+ # enabled [Boolean] Indicate if the assess feature set is enabled for this server or not.
34
+ #
35
+ # sampling [Hash<AssessSampling>] Hash of AssessSampling Used to control the sampling feature in the agent: {
36
+ # baseline [Integer] The number of baseline requests to take before switching to sampling
37
+ # for the window.
38
+ # enabled [Boolean] If the sampling feature should be used or not.
39
+ # frequency [Integer] The number of requests to skip before observing during the sampling
40
+ # window after the baseline.
41
+ # responseFrequency [Integer]
42
+ # window [Integer]
43
+ # }
44
+ #
45
+ # disabled_assess_rules [array<AssessRuleID(String)>] Assess rules to disable for this application.
46
+ attr_reader :assess_state
47
+ # Current State for Protect.
48
+ # enabled [Boolean] Indicate if the protect feature set is enabled for this server or not.
49
+ #
50
+ # Protection rules are returned as:
51
+ # rules [Hash<RULE_ID => MODE>, nil] Hash with rule_id as key and mode as value
52
+ attr_reader :protect_state
53
+ # Current Application State.
54
+ #
55
+ # modes_by_id [Hash<Rule_id => Mode] Returns Hash with rules and their current mode.
56
+ # exclusion_matchers [Array] Array of all the exclusions.
57
+ # code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
58
+ # name [String] The name of the exclusion as defined by the user in TS.
59
+ # modes [String] If this exclusion applies to assess or protect. [assess, defend]
60
+ # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
61
+ # denylist [String] The call, if in the stack, should result in the agent not taking action.
62
+ # input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
63
+ # name [String] The name of the input.
64
+ # modes [String] If this exclusion applies to assess or protect. [assess, defend]
65
+ # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
66
+ # protect_rules [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
67
+ # urls [Array] Array of URLs to which the exclusions apply. URL [String]
68
+ # match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
69
+ # type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
70
+ # }
71
+ # url_exclusions [Array<UrlExclusions>] Array of UrlExclusions: {
72
+ # name [String] The name of the input.
73
+ # modes [String] If this exclusion applies to assess or protect. [assess, defend]
74
+ # assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
75
+ # protect_rules [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
76
+ # urls [Array] Array of URLs to which the exclusions apply. URL [String]
77
+ # match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
78
+ # type [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
79
+ # }
80
+ attr_reader :application_state
81
+ # This the structure that will hold the masking rules send from TS.
82
+ #
83
+ # @return [Contrast::Agent::Reporting::Settings::SensitiveDataMasking]:
84
+ # mask_http_body [Boolean] Policy flag to enable the use of masking on request body.
85
+ # rules [Array<Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule>]
86
+ # Rules to follow when using the masking. Each rules contains Id [String]
87
+ # and Keywords [Array<String>].
88
+ attr_reader :sensitive_data_masking
30
89
 
31
90
  def initialize
32
91
  reset_state
@@ -38,10 +97,14 @@ module Contrast
38
97
 
39
98
  # @param features [Contrast::Api::Settings::ServerFeatures, Contrast::Agent::Reporting::Response]
40
99
  def update_from_server_features features
41
- if features&.class == Contrast::Agent::Reporting::Response
42
- @protect_state.enabled = features.server_features.protect.enabled?
43
- @assess_state.enabled = features.server_features.assess.enabled?
44
- @assess_state.sampling_settings = features.server_features.assess.sampling
100
+ if features.cs__is_a?(Contrast::Agent::Reporting::Response)
101
+ server_features = features.server_features
102
+ log_file = server_features.log_file
103
+ log_level = server_features.log_level
104
+ Contrast::Logger::Log.instance.update(log_file, log_level) if log_file || log_level
105
+ @protect_state.enabled = server_features.protect.enabled?
106
+ @assess_state.enabled = server_features.assess.enabled?
107
+ @assess_state.sampling_settings = server_features.assess.sampling
45
108
  else
46
109
  @protect_state.enabled = features.protect_enabled?
47
110
  @assess_state.enabled = features.assess_enabled?
@@ -52,10 +115,13 @@ module Contrast
52
115
  # @param features [Contrast::Api::Settings::ApplicationSettings, Contrast::Agent::Reporting::Response]
53
116
  def update_from_application_settings features
54
117
  if features&.class == Contrast::Agent::Reporting::Response
55
- @application_state.modes_by_id = features.application_settings.protect.protection_rules_to_settings_hash
118
+ settings = features.application_settings
119
+ @application_state.modes_by_id = settings.protect.protection_rules_to_settings_hash
56
120
  # TODO: RUBY-1438 this needs to be translated
57
121
  # @application_state.exclusion_matchers = new_vals[:exclusion_matchers]
58
- @assess_state.disabled_assess_rules = features.application_settings.assess.disabled_rules
122
+ update_sensitive_data_policy(settings.sensitive_data_masking)
123
+ @assess_state.disabled_assess_rules = settings.assess.disabled_rules
124
+ @assess_state.session_id = settings.assess.session_id if settings.assess.session_id
59
125
  else
60
126
  new_vals = features.application_state_translation
61
127
  @application_state.modes_by_id = new_vals[:modes_by_id]
@@ -70,6 +136,7 @@ module Contrast
70
136
  @assess_state = ASSESS_STATE_BASE.dup
71
137
  @application_state = APPLICATION_STATE_BASE.dup
72
138
  @tainted_columns = {}
139
+ @sensitive_data_masking = SENSITIVE_DATA_MASKING_BASE.dup
73
140
  end
74
141
 
75
142
  def build_protect_rules
@@ -86,6 +153,37 @@ module Contrast
86
153
  Contrast::Agent::Protect::Rule::Xss.new
87
154
  Contrast::Agent::Protect::Rule::Xxe.new
88
155
  end
156
+
157
+ # Update the sensitive data masking policy from settings,
158
+ # received from TS. In case the settings are empty,
159
+ # keep current ones.
160
+ #
161
+ # @param sensitive_data_masking [Contrast::Agent::Reporting::Settings::SensitiveDataMasking]
162
+ # Ts Response settings for sensitive data masking policy
163
+ def update_sensitive_data_policy sensitive_data_masking
164
+ @sensitive_data_masking.mask_http_body = sensitive_data_masking.mask_http_body? unless
165
+ settings_empty?(sensitive_data_masking.mask_http_body?)
166
+ @sensitive_data_masking.mask_attack_vector = sensitive_data_masking.mask_attack_vector? unless
167
+ settings_empty?(sensitive_data_masking.mask_attack_vector?)
168
+ return if settings_empty?(sensitive_data_masking.rules)
169
+
170
+ @sensitive_data_masking.rules = sensitive_data_masking.rules
171
+ # update with the newly received rules.
172
+ Contrast::Agent::Reporting::Masker.send(:update_dictionary)
173
+ end
174
+
175
+ private
176
+
177
+ # check if settings are empty and return true if so.
178
+ #
179
+ # @param settings [String, Boolean, Array, Hash]
180
+ # @return true | false
181
+ def settings_empty? settings
182
+ return false if !!settings == settings
183
+ return true if settings.nil? || settings.empty?
184
+
185
+ false
186
+ end
89
187
  end
90
188
  end
91
189
  end
@@ -12,7 +12,10 @@ module Contrast
12
12
  # Common Configuration settings. Those in this section pertain to the
13
13
  # core functionality of the Agent.
14
14
  class AgentConfiguration < BaseConfiguration
15
- attr_accessor :enable, :omit_body, :start_bundled_service, :api
15
+ # @return [Boolean, nil]
16
+ attr_accessor :enable
17
+ # @return [Boolean, nil]
18
+ attr_accessor :omit_body
16
19
  attr_writer :ruby, :service, :logger, :heap_dump
17
20
 
18
21
  def initialize hsh = {}
@@ -23,47 +26,27 @@ module Contrast
23
26
  @logger = Contrast::Config::LoggerConfiguration.new(traverse_config(hsh, :logger))
24
27
  @ruby = Contrast::Config::RubyConfiguration.new(traverse_config(hsh, :ruby))
25
28
  @heap_dump = Contrast::Config::HeapDumpConfiguration.new(traverse_config(hsh, :heap_dump))
26
- @configuration_map = {}
27
- build_configuration_map
29
+ end
30
+
31
+ # @return [Boolean, true]
32
+ def start_bundled_service
33
+ @start_bundled_service.nil? ? true : @start_bundled_service
28
34
  end
29
35
 
30
36
  def service
31
- @service ||= Contrast::Config::ServiceConfiguration.new({})
37
+ @service ||= Contrast::Config::ServiceConfiguration.new
32
38
  end
33
39
 
34
40
  def logger
35
- @logger ||= Contrast::Config::LoggerConfiguration.new({})
41
+ @logger ||= Contrast::Config::LoggerConfiguration.new
36
42
  end
37
43
 
38
44
  def ruby
39
- @ruby ||= Contrast::Config::RubyConfiguration.new({})
45
+ @ruby ||= Contrast::Config::RubyConfiguration.new
40
46
  end
41
47
 
42
48
  def heap_dump
43
- @heap_dump ||= Contrast::Config::HeapDumpConfiguration.new({})
44
- end
45
-
46
- # Traverse the given entity to build out the configuration graph.
47
- #
48
- # The values will be either a hash, indicating internal nodes to
49
- # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
50
- # leaf node.
51
- #
52
- # The spec_key are the Contrast defined keys based on the instance variables of
53
- # a given configuration.
54
- def traverse_config values, spec_key
55
- internal_nodes = values.cs__respond_to?(:has_key?)
56
- val = internal_nodes ? value_from_key_config(spec_key, values) : nil
57
- val == EMPTY_VALUE ? nil : val
58
- end
59
-
60
- def build_configuration_map
61
- instance_variables.each do |key|
62
- str_key = key.to_s.tr('@', '')
63
- next if str_key == 'configuration_map'
64
-
65
- @configuration_map[str_key] = send(str_key.to_sym)
66
- end
49
+ @heap_dump ||= Contrast::Config::HeapDumpConfiguration.new
67
50
  end
68
51
  end
69
52
  end
@@ -10,11 +10,12 @@ module Contrast
10
10
  # Api keys configuration
11
11
  class ApiConfiguration < BaseConfiguration
12
12
  # @return [String]
13
- attr_reader :api_key
13
+ attr_accessor :api_key
14
14
  # @return [String]
15
- attr_reader :user_name
15
+ attr_accessor :user_name
16
16
  # @return [String]
17
- attr_reader :service_key
17
+ attr_accessor :service_key
18
+ attr_writer :url, :proxy, :request_audit, :certificate
18
19
 
19
20
  DEFAULT_URL = 'https://app.contrastsecurity.com/Contrast'
20
21
 
@@ -26,8 +27,6 @@ module Contrast
26
27
  @proxy = Contrast::Config::ApiProxyConfiguration.new(traverse_config(hsh, :proxy))
27
28
  @request_audit = Contrast::Config::RequestAuditConfiguration.new(traverse_config(hsh, :request_audit))
28
29
  @certificate = Contrast::Config::CertificationConfiguration.new(traverse_config(hsh, :certificate))
29
- @configuration_map = {}
30
- build_configuration_map
31
30
  end
32
31
 
33
32
  def url
@@ -48,68 +47,6 @@ module Contrast
48
47
  def certificate
49
48
  @certificate ||= Contrast::Config::CertificationConfiguration.new
50
49
  end
51
-
52
- def api_key= value
53
- self['api_key'] = value
54
- end
55
-
56
- def url= value
57
- self['url'] = value
58
- end
59
-
60
- def user_name= value
61
- self['user_name'] = value
62
- end
63
-
64
- def service_key= value
65
- self['service_key'] = value
66
- end
67
-
68
- def proxy= value
69
- self['proxy'] = value
70
- end
71
-
72
- def request_audit= value
73
- self['request_audit'] = value
74
- end
75
-
76
- def certificate= value
77
- self['certificate'] = value
78
- end
79
-
80
- # TODO: RUBY-1493 MOVE TO BASE CONFIG
81
-
82
- def []= key, value
83
- instance_variable_set("@#{ key }".to_sym, value)
84
- @configuration_map[key] = value
85
- end
86
-
87
- def [] key
88
- send(key.to_sym)
89
- end
90
-
91
- # Traverse the given entity to build out the configuration graph.
92
- #
93
- # The values will be either a hash, indicating internal nodes to
94
- # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
95
- # leaf node.
96
- #
97
- # The spec_key are the Contrast defined keys based on the instance variables of
98
- # a given configuration.
99
- def traverse_config values, spec_key
100
- internal_nodes = values.cs__respond_to?(:has_key?)
101
- val = internal_nodes ? value_from_key_config(spec_key, values) : nil
102
- val == EMPTY_VALUE ? nil : val
103
- end
104
-
105
- def build_configuration_map
106
- instance_variables.each do |key|
107
- str_key = key.to_s.tr('@', '')
108
- next if str_key == 'configuration_map'
109
-
110
- @configuration_map[str_key] = send(str_key.to_sym)
111
- end
112
- end
113
50
  end
114
51
  end
115
52
  end
@@ -6,61 +6,18 @@ module Contrast
6
6
  # Api Proxy keys configuration
7
7
  class ApiProxyConfiguration < BaseConfiguration
8
8
  # @return [String] proxy url
9
- attr_reader :url
9
+ attr_accessor :url
10
+ attr_writer :enable
10
11
 
11
12
  def initialize hsh = {}
12
13
  @enable = traverse_config(hsh, :enable)
13
14
  @url = traverse_config(hsh, :url)
14
- @configuration_map = {}
15
- build_configuration_map
16
15
  end
17
16
 
18
17
  # @return [Boolean, false]
19
18
  def enable
20
19
  @enable.nil? ? false : @enable
21
20
  end
22
-
23
- def enable= value
24
- self['enable'] = value
25
- end
26
-
27
- def url= value
28
- self['url'] = value
29
- end
30
-
31
- # TODO: RUBY-1493 MOVE TO BASE CONFIG
32
-
33
- def []= key, value
34
- instance_variable_set("@#{ key }".to_sym, value)
35
- @configuration_map[key] = value
36
- end
37
-
38
- def [] key
39
- send(key.to_sym)
40
- end
41
-
42
- # Traverse the given entity to build out the configuration graph.
43
- #
44
- # The values will be either a hash, indicating internal nodes to
45
- # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
46
- # leaf node.
47
- #
48
- # The spec_key are the Contrast defined keys based on the instance variables of
49
- # a given configuration.
50
- def traverse_config values, spec_key
51
- internal_nodes = values.cs__respond_to?(:has_key?)
52
- val = internal_nodes ? value_from_key_config(spec_key, values) : nil
53
- val == EMPTY_VALUE ? nil : val
54
- end
55
-
56
- def build_configuration_map
57
- instance_variables.each do |key|
58
- str_key = key.to_s.tr('@', '')
59
- next if str_key == 'configuration_map'
60
-
61
- @configuration_map[str_key] = send(str_key.to_sym)
62
- end
63
- end
64
21
  end
65
22
  end
66
23
  end
@@ -9,21 +9,22 @@ module Contrast
9
9
  # application identification functionality of the Agent.
10
10
  class ApplicationConfiguration < BaseConfiguration
11
11
  # @return [String]
12
- attr_reader :name
12
+ attr_accessor :name
13
13
  # @return [String]
14
- attr_reader :version
14
+ attr_accessor :version
15
15
  # @return [String]
16
- attr_reader :language
16
+ attr_accessor :language
17
17
  # @return [String]
18
- attr_reader :path
18
+ attr_accessor :path
19
19
  # @return [String]
20
- attr_reader :group
20
+ attr_accessor :group
21
21
  # @return [String]
22
- attr_reader :tags
22
+ attr_accessor :tags
23
23
  # @return [String]
24
- attr_reader :code
24
+ attr_accessor :code
25
25
  # @return [String]
26
- attr_reader :metadata
26
+ attr_accessor :metadata
27
+ attr_writer :session_id, :session_metadata
27
28
 
28
29
  def initialize hsh = {}
29
30
  @name = traverse_config(hsh, :name)
@@ -36,8 +37,6 @@ module Contrast
36
37
  @metadata = traverse_config(hsh, :metadata)
37
38
  @session_id = traverse_config(hsh, :session_id)
38
39
  @session_metadata = traverse_config(hsh, :session_metadata)
39
- @configuration_map = {}
40
- build_configuration_map
41
40
  end
42
41
 
43
42
  # @return [String, Contrast::Utils::ObjectShare::EMPTY_STRING]
@@ -49,80 +48,6 @@ module Contrast
49
48
  def session_metadata
50
49
  @session_metadata ||= Contrast::Utils::ObjectShare::EMPTY_STRING
51
50
  end
52
-
53
- def name= value
54
- self['name'] = value
55
- end
56
-
57
- def version= value
58
- self['version'] = value
59
- end
60
-
61
- def language= value
62
- self['language'] = value
63
- end
64
-
65
- def path= value
66
- self['path'] = value
67
- end
68
-
69
- def group= value
70
- self['group'] = value
71
- end
72
-
73
- def tags= value
74
- self['tags'] = value
75
- end
76
-
77
- def code= value
78
- self['code'] = value
79
- end
80
-
81
- def metadata= value
82
- self['metadata'] = value
83
- end
84
-
85
- def session_id= value
86
- self['session_id'] = value
87
- end
88
-
89
- def session_metadata= value
90
- self['session_metadata'] = value
91
- end
92
-
93
- # TODO: RUBY-1493 MOVE TO BASE CONFIG
94
-
95
- def []= key, value
96
- instance_variable_set("@#{ key }".to_sym, value)
97
- @configuration_map[key] = value
98
- end
99
-
100
- def [] key
101
- send(key.to_sym)
102
- end
103
-
104
- # Traverse the given entity to build out the configuration graph.
105
- #
106
- # The values will be either a hash, indicating internal nodes to
107
- # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
108
- # leaf node.
109
- #
110
- # The spec_key are the Contrast defined keys based on the instance variables of
111
- # a given configuration.
112
- def traverse_config values, spec_key
113
- internal_nodes = values.cs__respond_to?(:has_key?)
114
- val = internal_nodes ? value_from_key_config(spec_key, values) : nil
115
- val == EMPTY_VALUE ? nil : val
116
- end
117
-
118
- def build_configuration_map
119
- instance_variables.each do |key|
120
- str_key = key.to_s.tr('@', '')
121
- next if str_key == 'configuration_map'
122
-
123
- @configuration_map[str_key] = send(str_key.to_sym)
124
- end
125
- end
126
51
  end
127
52
  end
128
53
  end
@@ -7,7 +7,10 @@ module Contrast
7
7
  # assess functionality of the Agent.
8
8
  class AssessConfiguration < BaseConfiguration
9
9
  # @return [String, nil]
10
- attr_reader :tags
10
+ attr_accessor :tags
11
+ # @return [Boolean, nil]
12
+ attr_accessor :enable
13
+ attr_writer :enable_scan_response, :enable_dynamic_sources, :sampling, :rules, :stacktraces
11
14
 
12
15
  DEFAULT_STACKTRACES = 'ALL'
13
16
 
@@ -16,16 +19,10 @@ module Contrast
16
19
  @tags = traverse_config(hsh, :tags)
17
20
  @enable_scan_response = traverse_config(hsh, :enable_scan_response)
18
21
  @enable_dynamic_sources = traverse_config(hsh, :enable_dynamic_sources)
22
+ @enable_original_object = traverse_config(hsh, :enable_original_object)
19
23
  @sampling = Contrast::Config::SamplingConfiguration.new(traverse_config(hsh, :sampling))
20
24
  @rules = Contrast::Config::AssessRulesConfiguration.new(traverse_config(hsh, :rules))
21
25
  @stacktraces = traverse_config(hsh, :stacktraces)
22
- @configuration_map = {}
23
- build_configuration_map
24
- end
25
-
26
- # @return [Boolean, true]
27
- def enable
28
- @enable.nil? ? true : @enable
29
26
  end
30
27
 
31
28
  # @return [Boolean, true]
@@ -38,6 +35,11 @@ module Contrast
38
35
  @enable_dynamic_sources.nil? ? true : @enable_dynamic_sources
39
36
  end
40
37
 
38
+ # @return [Boolean, true]
39
+ def enable_original_object
40
+ @enable_original_object.nil? ? true : @enable_original_object
41
+ end
42
+
41
43
  # @return [Contrast::Config::SamplingConfiguration]
42
44
  def sampling
43
45
  @sampling ||= Contrast::Config::SamplingConfiguration.new
@@ -52,67 +54,6 @@ module Contrast
52
54
  def stacktraces
53
55
  @stacktraces ||= DEFAULT_STACKTRACES
54
56
  end
55
-
56
- def enable= value
57
- self['enable'] = value
58
- end
59
-
60
- def tags= value
61
- self['tags'] = value
62
- end
63
-
64
- def enable_scan_response= value
65
- self['enable_scan_response'] = value
66
- end
67
-
68
- def enable_dynamic_sources= value
69
- self['enable_dynamic_sources'] = value
70
- end
71
-
72
- def sampling= value
73
- self['sampling'] = value
74
- end
75
-
76
- def rules= value
77
- self['rules'] = value
78
- end
79
-
80
- def stacktraces= value
81
- self['stacktraces'] = value
82
- end
83
- # TODO: RUBY-1493 MOVE TO BASE CONFIG
84
-
85
- def []= key, value
86
- instance_variable_set("@#{ key }".to_sym, value)
87
- @configuration_map[key] = value
88
- end
89
-
90
- def [] key
91
- send(key.to_sym)
92
- end
93
-
94
- # Traverse the given entity to build out the configuration graph.
95
- #
96
- # The values will be either a hash, indicating internal nodes to
97
- # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
98
- # leaf node.
99
- #
100
- # The spec_key are the Contrast defined keys based on the instance variables of
101
- # a given configuration.
102
- def traverse_config values, spec_key
103
- internal_nodes = values.cs__respond_to?(:has_key?)
104
- val = internal_nodes ? value_from_key_config(spec_key, values) : nil
105
- val == EMPTY_VALUE ? nil : val
106
- end
107
-
108
- def build_configuration_map
109
- instance_variables.each do |key|
110
- str_key = key.to_s.tr('@', '')
111
- next if str_key == 'configuration_map'
112
-
113
- @configuration_map[str_key] = send(str_key.to_sym)
114
- end
115
- end
116
57
  end
117
58
  end
118
59
  end
@@ -6,51 +6,22 @@ module Contrast
6
6
  # Common Configuration settings. Those in this section pertain to the
7
7
  # disabled assess rule functionality of the Agent.
8
8
  class AssessRulesConfiguration < BaseConfiguration
9
+ SPEC_KEY = :disabled_rules.cs__freeze
9
10
  # @return [Array, nil] list of disabled assess rules
10
- attr_reader :disabled_rules
11
+ attr_accessor :disabled_rules
11
12
 
12
13
  def initialize hsh = {}
13
- @disabled_rules = traverse_config(hsh, :disabled_rules)
14
- @configuration_map = {}
15
- build_configuration_map
14
+ @disabled_rules = cast_disabled_rules hsh
16
15
  end
17
16
 
18
- def disabled_rules= value
19
- self['disabled_rules'] = value
20
- end
21
-
22
- # TODO: RUBY-1493 MOVE TO BASE CONFIG
23
-
24
- def []= key, value
25
- instance_variable_set("@#{ key }".to_sym, value)
26
- @configuration_map[key] = value
27
- end
28
-
29
- def [] key
30
- send(key.to_sym)
31
- end
32
-
33
- # Traverse the given entity to build out the configuration graph.
34
- #
35
- # The values will be either a hash, indicating internal nodes to
36
- # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
37
- # leaf node.
38
- #
39
- # The spec_key are the Contrast defined keys based on the instance variables of
40
- # a given configuration.
41
- def traverse_config values, spec_key
42
- internal_nodes = values.cs__respond_to?(:has_key?)
43
- val = internal_nodes ? value_from_key_config(spec_key, values) : nil
44
- val == EMPTY_VALUE ? nil : val
45
- end
17
+ private
46
18
 
47
- def build_configuration_map
48
- instance_variables.each do |key|
49
- str_key = key.to_s.tr('@', '')
50
- next if str_key == 'configuration_map'
19
+ def cast_disabled_rules hsh
20
+ return unless hsh
21
+ return unless hsh.key?(SPEC_KEY)
22
+ return hsh[SPEC_KEY] if hsh[SPEC_KEY].cs__is_a?(Array)
51
23
 
52
- @configuration_map[str_key] = send(str_key.to_sym)
53
- end
24
+ hsh[SPEC_KEY].split(',').map(&:strip) if hsh[SPEC_KEY].cs__is_a?(String)
54
25
  end
55
26
  end
56
27
  end