contrast-agent 5.3.0 → 6.0.0

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb

@@ -0,0 +1,36 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require_relative 'telemetry_exception_base'
+require_relative 'telemetry_exception_message'
+
+module Contrast
+  module Agent
+    # This class will hold the basic information for a Parent Telemetry Exception Event
+    class TelemetryExceptionEvent < Contrast::Agent::TelemetryExceptionBase
+      # Array of Telemetry Exclusions
+      # @return [Array<Contrast::Agent::TelemetryExceptionMessage>]
+      attr_reader :exclusions
+
+      # Initialization of the Parent Event requires us to require the exception
+      # to be created
+      #
+      # @param message [Contrast::Agent::TelemetryExceptionMessage]
+      def initialize message
+        super()
+        validate_class message, Contrast::Agent::TelemetryExceptionMessage, 'exception_message'
+        @exclusions = Array.new(1, message)
+      end
+
+      # @param message [Contrast::Agent::TelemetryExceptionMessage]
+      def push message
+        validate_class message, Contrast::Agent::TelemetryExceptionMessage, 'exception_message'
+        @exclusions << message
+      end
+
+      def to_controlled_hash
+        exclusions.map(&:to_controlled_hash)
+      end
+    end
+  end
+end

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb

@@ -0,0 +1,97 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require_relative 'telemetry_exception_base'
+require_relative 'telemetry_exception_message_exception'
+
+module Contrast
+  module Agent
+    # This class will hold the all the information for the specific exceptions
+    # and will be passed in the the event to be sent to TS
+    class TelemetryExceptionMessage < Contrast::Agent::TelemetryExceptionBase
+      VALIDATIONS = {
+          instance: { required: true, range: 12..64 },
+          tags: { required: true, range: 1..512 },
+          logger: { required: false, range: 1..128 },
+          message: { required: false, range: 1..512 },
+          exceptions: { required: true, range: 1..512, class: Contrast::Agent::TelemetryExceptionMessageException }
+      }.cs__freeze
+
+      # Timestamp of creation in ISO8601 format
+      # @return [Integer]
+      attr_reader :timestamp
+
+      # An Instance ID as defined in Unique Identification // Application ID
+      # @return [String]
+      attr_reader :instance
+
+      # Tags are key-value string pairs that annotate either metrics
+      # or errors to help provide context, filtering, grouping, and deduplication.
+      # @return [Hash{String => String}]
+      attr_reader :tags
+
+      # @return [Integer] A number of the occurrences of the exception
+      attr_accessor :occurrences
+
+      # Array of exceptions, but in our case the Array will only include one exception
+      # @return [Array<Contrast::Agent::TelemetryExceptionMessageException>]
+      attr_reader :exceptions
+
+      # @return [String,nil] A string denoting the origin of this error.
+      attr_reader :logger
+
+      # @return [String | nil] A string message to provide additional context to the errors.
+      attr_reader :message
+
+      def initialize instance, tags, exceptions
+        super()
+        @tags = tags
+        @timestamp = Time.now.iso8601
+        @instance = instance
+        @occurrences = 1
+        @exceptions = exceptions
+        validate VALIDATIONS
+      end
+
+      # Optional parameters will be set separately from the required
+      #
+      # @param logger[String]
+      def logger= logger
+        validate_field VALIDATIONS[:logger], 'logger'
+        @logger = logger
+      end
+
+      # Optional parameters will be set separately from the required
+      #
+      # @param message[String]
+      def message= message
+        validate_field VALIDATIONS[:message], 'message'
+        @message = message
+      end
+
+      # Optional parameters will be set separately from the required
+      # This method is different and is regarding the way we proceed
+      # with incrementing occurrences
+      # If we keep track of them in different places and we store that value
+      # in separated variable - we may directly re-assign occurrences=
+      # But if we are not doing that - we may on same message generated
+      # to increment occurrences from here
+      def increment_occurrences
+        @occurrences += 1
+      end
+
+      def to_controlled_hash
+        super()
+        {
+            timestamp: timestamp,
+            instance: instance,
+            occurrences: occurrences,
+            tags: tags,
+            exceptions: exceptions.map(&:to_controlled_hash),
+            logger: logger,
+            message: message
+        }.compact
+      end
+    end
+  end
+end

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb

@@ -0,0 +1,65 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require_relative 'telemetry_exception_base'
+require_relative 'telemetry_exception_stack_frame'
+
+module Contrast
+  module Agent
+    # This class will hold the all the information for the specific exception
+    # and will be passed in the Exception message itself
+    class TelemetryExceptionMessageException < Contrast::Agent::TelemetryExceptionBase
+      VALIDATIONS = {
+          type: { required: true, range: 1..256 },
+          module_name: { required: false, range: 1..256 },
+          value: { required: false, range: 1..256 },
+          stack_frames: { required: true, range: 1..128, class: Contrast::Agent::TelemetryExceptionStackFrame }
+      }.cs__freeze
+
+      # @return [String] The type of the exception itself
+      attr_reader :type
+
+      # @return [Array<Contrast::Agent::TelemetryExceptionStackFrame>] stack frames for the message exception
+      attr_reader :stack_frames
+
+      # @return [String]
+      attr_reader :module_name
+
+      # @return [String]
+      attr_reader :value
+
+      def initialize type, stack_frame
+        super()
+        @type = type
+        @stack_frames = Array.new(1, stack_frame)
+        validate VALIDATIONS
+      end
+
+      # @param stack_frame [Contrast::Agent::TelemetryExceptionStackFrame]
+      def push stack_frame
+        validate_class stack_frame, Contrast::Agent::TelemetryExceptionStackFrame, 'stack_frame'
+        @stack_frames << stack_frame
+      end
+
+      def module_name= module_name
+        validate_field VALIDATIONS[:module_name], 'module_name'
+        @module_name = module_name
+      end
+
+      def value= value
+        validate_field VALIDATIONS[:value], 'value'
+        @value = value
+      end
+
+      def to_controlled_hash
+        super
+        {
+            type: type,
+            stack_frames: stack_frames.map(&:to_controlled_hash),
+            module_name: module_name,
+            value: value
+        }.compact
+      end
+    end
+  end
+end

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb

@@ -0,0 +1,47 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require_relative 'telemetry_exception_base'
+
+module Contrast
+  module Agent
+    # This class will hold the all the information for the specific exception
+    # and will be passed in the Exception message itself
+    class TelemetryExceptionStackFrame < Contrast::Agent::TelemetryExceptionBase
+      VALIDATIONS = {
+          function: { required: true, range: 1..256 },
+          type: { required: true, range: 1..256 },
+          module_name: { required: false, range: 1..256 }
+      }.cs__freeze
+
+      # @return [String] The type of the exception itself
+      attr_reader :type
+
+      # @return [String] the function of the stack trace
+      attr_reader :function
+
+      # @return [Boolean] Is it in contrast
+      attr_accessor :in_contrast
+
+      def initialize function, type
+        super()
+        @function = function
+        @type = type
+        @in_contrast = false
+        validate VALIDATIONS
+      end
+
+      attr_reader :module_name
+
+      def module_name= module_name
+        validate_field VALIDATIONS[:module_name], 'module_name'
+        @module_name = module_name
+      end
+
+      def to_controlled_hash
+        super
+        { function: function, type: type, inContrast: in_contrast, module_name: module_name }.compact
+      end
+    end
+  end
+end

data/lib/contrast/agent/{metric_telemetry_event.rb → telemetry/events/metric_telemetry_event.rb}

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/utils/metrics_hash'
-require 'contrast/agent/telemetry_event'
+require 'contrast/agent/telemetry/events/telemetry_event'
 
 module Contrast
   module Agent

data/lib/contrast/agent/{startup_metrics_telemetry_event.rb → telemetry/events/startup_metrics_telemetry_event.rb}

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/utils/metrics_hash'
-require 'contrast/agent/metric_telemetry_event'
+require 'contrast/agent/telemetry/events/metric_telemetry_event'
 require 'contrast/agent/version'
 require 'contrast/utils/os'
 
@@ -69,9 +69,9 @@ module Contrast
       end
 
       def add_config_keys config, nested_key
-        config.configuration_map.reject! { |_k, v| REJECTED_VALUES.include?(v) }
+        config.to_hash.reject! { |_k, v| REJECTED_VALUES.include?(v) }
 
-        config.configuration_map.each do |k, v|
+        config.to_hash.each do |k, v|
           unless v.cs__class <= Contrast::Config::BaseConfiguration
             @settings << "#{ nested_key }.#{ k }"
             next

data/lib/contrast/agent/{telemetry_event.rb → telemetry/events/telemetry_event.rb}

@@ -9,7 +9,7 @@ module Contrast
     class TelemetryEvent
       include Contrast::Utils
 
-      attr_reader :timestamp, :tags
+      attr_reader :tags
 
       def initialize
         @tags = MetricsHash.new(String)

data/lib/contrast/agent/{telemetry.rb → telemetry/telemetry.rb}

@@ -27,13 +27,13 @@ module Contrast
             mac = Contrast::Utils::Telemetry::Identifier.mac
             app_name = Contrast::Utils::Telemetry::Identifier.app_name
             id = mac + app_name if mac && app_name
-            Digest::SHA2.new(256).hexdigest(id || ('_' + SecureRandom.uuid))
+            Digest::SHA2.new(256).hexdigest(id || "_#{ SecureRandom.uuid }")
           end
         end
 
         def instance_id
           @_instance_id ||= Digest::SHA2.new(256).hexdigest(Contrast::Utils::Telemetry::Identifier.mac ||
-                                                                  ('_' + SecureRandom.uuid))
+                                                                  "_#{ SecureRandom.uuid }")
         end
 
         def enabled?
@@ -44,17 +44,15 @@ module Contrast
         private
 
         def telemetry_enabled?
-          opt_out_telemetry = return_value(:telemetry_opt_outs)
-          return false if opt_out_telemetry.to_s.casecmp('true').zero?
-          return false if opt_out_telemetry.to_s.casecmp('1').zero?
+          opt_out_telemetry = return_value(:telemetry_opt_outs).to_s
+          return false if opt_out_telemetry.casecmp?('true') || opt_out_telemetry == '1'
 
           # In case of connection error, do not create the background thread or queue,
           # as if the opt-out env var was set
           @_client = Contrast::Utils::TelemetryClient.new
           ip_opt_out_telemetry = @_client.initialize_connection(URL)
           if ip_opt_out_telemetry.nil?
-            logger.warn('Connection was not established properly!!!')
-            logger.warn('THE SERVICE IS GOING TO BE TERMINATED!!')
+            logger.warn("Connection was not established properly!!! \n Telemetry reporting will be disabled!")
             return false
           end
 
@@ -87,17 +85,27 @@ module Contrast
         # general metrics every 3 hours, starting from implementation startup.
         @_thread = Contrast::Agent::Thread.new do
           logger.debug('Starting background telemetry thread.')
-          event = queue.pop
-
-          begin
-            logger.debug('This is the current processed event', event)
-            res = client.send_request event, connection
-            sleep_time = client.handle_response res
-            sleep(sleep_time) unless sleep_time.nil?
-          rescue StandardError => e
-            logger.error('Could not send message to service from telemetry queue.', e)
+          loop do
+            next unless client && connection
+
+            until queue.empty?
+              event = queue.pop
+              begin
+                logger.debug('This is the current processed event', event)
+                sleep_time = request_with_response event
+                if sleep_time
+                  sleep(sleep_time)
+                  logger.debug('Retrying to process event', event)
+                  retry_sleep_time = request_with_response event
+                  sleep(retry_sleep_time) unless retry_sleep_time.nil?
+                end
+              rescue StandardError => e
+                logger.error('Could not send message to service from telemetry queue.', e)
+                stop!
+              end
+            end
+            sleep(SUGGESTED_TIMEOUT)
           end
-          sleep(SUGGESTED_TIMEOUT)
         end
       end
 
@@ -110,7 +118,6 @@ module Contrast
         return unless cs__class.enabled?
 
         logger.debug('Enqueued event for sending', event_type: event.cs__class)
-
         queue << event if event
       end
 
@@ -123,8 +130,14 @@ module Contrast
       def stop!
         return unless running?
 
-        super
+        @_enabled = false
         delete_queue!
+        super
+      end
+
+      def request_with_response event
+        res = client.send_request event, connection
+        client.handle_response res
       end
 
       private

data/lib/contrast/agent/thread_watcher.rb

@@ -5,7 +5,7 @@ require 'contrast/components/logger'
 require 'contrast/agent/service_heartbeat'
 require 'contrast/api/communication/messaging_queue'
 require 'contrast/agent/reporting/report'
-require 'contrast/agent/telemetry'
+require 'contrast/agent/telemetry/telemetry'
 
 module Contrast
   module Agent

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '5.3.0'
+    VERSION = '6.0.0'
   end
 end

data/lib/contrast/agent.rb

@@ -32,6 +32,8 @@ require 'contrast/utils/invalid_configuration_util'
 # Collect findings
 require 'contrast/utils/findings'
 
+# Collect Exploites and Attacks
+require 'contrast/agent/protect/exploitable_collection'
 # scoping
 require 'contrast/agent/scope'
 
@@ -52,6 +54,7 @@ module Contrast
     # build a map for tracking the context of the current request
     REQUEST_TRACKER = Contrast::Utils::ThreadTracker.new
     FINDINGS = Contrast::Utils::Findings.new
+    EXPLOITS = Contrast::Agent::Protect::ExploitableCollection.new
 
     # @return [Contrast::Framework::Manager]
     def self.framework_manager

data/lib/contrast/api/communication/speedracer.rb

@@ -42,7 +42,7 @@ module Contrast
                 return
               end
             end
-            unless status.startup_messages_sent?
+            unless status.startup_messages_sent? || Contrast::Agent::Reporter.enabled?
               startup_responses = send_initialization_messages
               return false unless startup_responses
 

data/lib/contrast/api/decorators/address.rb

@@ -28,7 +28,7 @@ module Contrast
             @_build_receiver ||= begin
               address = new
               address.host = 'localhost'
-              address.ip = '127.0.0.1'
+              address.ip = '127.0.0.1' # rubocop:disable Style/IpAddresses
               begin
                 Timeout.timeout(1) do
                   address.host = Contrast::Utils::StringUtils.force_utf8(Socket.gethostname)

data/lib/contrast/api/decorators/response_type.rb

@@ -0,0 +1,30 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/api/dtm.pb'
+require 'protobuf/message'
+
+module Contrast
+  module Api
+    module Decorators
+      # Used to decorate the {Contrast::Api::Dtm::AttackResult::ResponseType} protobuf
+      # model so it can add SUSPICIOUS.
+      module ResponseType
+        ::Protobuf::Enum.define(:SUSPICIOUS, 6)
+
+        def self.included klass
+          klass.extend(ClassMethods)
+        end
+
+        # Used to add class methods to the  class on inclusion of the decorator
+        module ClassMethods
+          def build
+            new
+          end
+        end
+      end
+    end
+  end
+end
+
+Contrast::Api::Dtm::AttackResult::ResponseType.include(Contrast::Api::Decorators::ResponseType)

data/lib/contrast/api/decorators.rb

@@ -28,3 +28,4 @@ require 'contrast/api/decorators/rasp_rule_sample'
 require 'contrast/api/decorators/user_input'
 require 'contrast/api/decorators/address'
 require 'contrast/api/decorators/http_request'
+require 'contrast/api/decorators/response_type'

data/lib/contrast/components/app_context.rb

@@ -48,10 +48,6 @@ module Contrast
           end
         end
 
-        def session_id
-          @_session_id ||= build_app_startup_message.session_id
-        end
-
         def app_version
           @_app_version ||= Contrast::CONFIG.root.application.version
         end

data/lib/contrast/components/assess.rb

@@ -110,6 +110,20 @@ module Contrast
               []
         end
 
+        def track_original_object?
+          if @_track_original_object.nil?
+            @_track_original_object = !false?(::Contrast::CONFIG.root.assess.enable_original_object)
+          end
+
+          @_track_original_object
+        end
+
+        # The id for this process, based on the session metadata or id provided by the user, as indicated in
+        # application startup.
+        def session_id
+          ::Contrast::SETTINGS.assess_state.session_id
+        end
+
         private
 
         def forcibly_enabled?

data/lib/contrast/components/protect.rb

@@ -41,7 +41,7 @@ module Contrast
         def report_any_command_execution?
           if @_report_any_command_execution.nil?
             ctrl = rule_config[Contrast::Agent::Protect::Rule::CmdInjection::NAME]
-            @_report_any_command_execution = true?(ctrl.disable_system_commands)
+            @_report_any_command_execution = ctrl && true?(ctrl.disable_system_commands)
           end
           @_report_any_command_execution
         end
@@ -50,7 +50,7 @@ module Contrast
           if @_report_custom_code_sysfile_access.nil?
             name_changed = Contrast::Agent::Protect::Rule::PathTraversal::NAME.tr('-', '_')
             ctrl = rule_config[name_changed]
-            @_report_custom_code_sysfile_access = true?(ctrl.detect_custom_code_accessing_system_files)
+            @_report_custom_code_sysfile_access = ctrl && true?(ctrl.detect_custom_code_accessing_system_files)
           end
           @_report_custom_code_sysfile_access
         end

data/lib/contrast/components/sampling.rb

@@ -48,7 +48,7 @@ module Contrast
         # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
         # @return [Boolean] the resolution of the config_settings, settings, and default value
         def enabled? config_settings, settings
-          true?([config_settings&.enable, settings&.enabled, DEFAULT_SAMPLING_ENABLED].reject(&:nil?)[0])
+          true?([config_settings&.enable, settings&.enabled, DEFAULT_SAMPLING_ENABLED].compact[0])
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
@@ -56,7 +56,7 @@ module Contrast
         # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
         def baseline config_settings, settings
-          [config_settings&.baseline, settings&.baseline, DEFAULT_SAMPLING_BASELINE].map(&:to_i).find(&:positive?)
+          [config_settings&.baseline, settings&.baseline].map(&:to_i).find(&:positive?) || DEFAULT_SAMPLING_BASELINE
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
@@ -64,10 +64,8 @@ module Contrast
         # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
         def request_frequency config_settings, settings
-          [
-            config_settings&.request_frequency, settings&.request_frequency,
-            DEFAULT_SAMPLING_REQUEST_FREQUENCY
-          ].map(&:to_i).find(&:positive?)
+          [config_settings&.request_frequency, settings&.request_frequency].map(&:to_i).find(&:positive?) ||
+              DEFAULT_SAMPLING_REQUEST_FREQUENCY
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
@@ -75,10 +73,8 @@ module Contrast
         # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
         def response_frequency config_settings, settings
-          [
-            config_settings&.response_frequency, settings&.response_frequency,
-            DEFAULT_SAMPLING_RESPONSE_FREQUENCY
-          ].map(&:to_i).find(&:positive?)
+          [config_settings&.response_frequency, settings&.response_frequency].map(&:to_i).find(&:positive?) ||
+              DEFAULT_SAMPLING_RESPONSE_FREQUENCY
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
@@ -86,7 +82,7 @@ module Contrast
         # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
         def window config_settings, settings
-          [config_settings&.window_ms, settings&.window_ms, DEFAULT_SAMPLING_WINDOW_MS].map(&:to_i).find(&:positive?)
+          [config_settings&.window_ms, settings&.window_ms].map(&:to_i).find(&:positive?) || DEFAULT_SAMPLING_WINDOW_MS
         end
       end