contrast-agent 6.0.0 → 6.1.0

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb

@@ -0,0 +1,64 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationDefendAttackActivity class which will include the attacks sent by the source.
+      class ApplicationDefendAttackActivity
+        attr_reader :blocked, :exploited, :ineffective, :suspicious
+
+        class << self
+          def convert attack_result
+            activity = new
+            activity.attach_data attack_result
+            activity
+          end
+        end
+
+        def initialize
+          @start_time = start_time
+          @blocked = []
+          @exploited = []
+          @ineffective = []
+          @suspicious = []
+          super
+        end
+
+        def to_controlled_hash
+          {
+              startTime: @start_time,
+              blocked: blocked.map(&:to_controlled_hash),
+              exploited: exploited.map(&:to_controlled_hash),
+              ineffective: ineffective.map(&:to_controlled_hash),
+              suspicious: suspicious.map(&:to_controlled_hash)
+          }
+        end
+
+        # @param attack_result [Contrast::Agent::Reporting::AttackResult]
+        # @return [Contrast::Agent::Reporting::Defend::AttackSampleActivity]
+        def attach_data attack_result
+          attack_sample_activity =
+            Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.convert(attack_result)
+          case attack_result.response
+          when Contrast::Agent::Reporting::ResponseType::BLOCKED
+            @blocked << attack_sample_activity
+          when Contrast::Agent::Reporting::ResponseType::EXPLOITED
+            @exploited << attack_sample_activity
+          when Contrast::Agent::Reporting::ResponseType::MONITORED
+            @ineffective << attack_sample_activity
+          when Contrast::Agent::Reporting::ResponseType::SUSPICIOUS
+            @suspicious << attack_sample_activity
+          end
+        end
+
+        def start_time
+          Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb

@@ -0,0 +1,70 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationDefendAttackSample class which includes a samples of an attack for the given rule of
+      # the given result observed in the activity period.
+      class ApplicationDefendAttackSample
+        include Contrast::Agent::Reporting::InputType
+
+        class << self
+          def convert attack_result
+            activity = new
+            activity.attach_data attack_result
+            activity
+          end
+        end
+
+        def initialize
+          @blocked = false
+          @event_type = :application_defend_attack_sample
+        end
+
+        def to_controlled_hash
+          {
+              blocked: @blocked,
+              input: @input,
+              request: @request.to_controlled_hash,
+              stack: @stack,
+              timeStamp: @time_stamp
+          }
+        end
+
+        # @param attack_result [Contrast::Api::Dtm::AttackResult]
+        def attach_data attack_result
+          rasp_rule = attack_result.samples[0]
+          @blocked = attack_result.response == Contrast::Agent::Reporting::ResponseType::BLOCKED
+          @input = build_input(rasp_rule)
+          @time_stamp = build_time_stamp(rasp_rule.timestamp_ms)
+          @request = FindingRequest.convert(Contrast::Agent::REQUEST_TRACKER.current&.request)
+          @stack = Contrast::Utils::StackTraceUtils.build_protect_stack_array
+        end
+
+        def build_time_stamp start
+          {
+              start: start,
+              elapsed: Contrast::Utils::Timer.now_ms - start
+          }
+        end
+
+        def build_input rasp_rule
+          user_input = rasp_rule.user_input
+          {
+              details: Contrast::Api::Dtm::RaspRuleSample.to_controlled_hash(rasp_rule),
+              documentPath: user_input.path,
+              documentType: user_input.document_type,
+              filters: user_input.matcher_ids,
+              name: user_input.key,
+              time: rasp_rule.timestamp_ms,
+              type: user_input.input_type,
+              value: user_input.value
+          }
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb

@@ -0,0 +1,57 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/application_defend_attack_sample'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new AttackerSampleActivity class which will include Sample of the given attacks in the activity
+      # period.
+      class ApplicationDefendAttackSampleActivity
+        class << self
+          def convert attack_samples
+            activity = new
+            activity.attach_data attack_samples
+            activity
+          end
+        end
+
+        def initialize
+          @samples = []
+          @start_time = (Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0)
+          @event_type = :application_defend_attack_sample_activity
+          super
+        end
+
+        def to_controlled_hash
+          {
+              attackTimeMap: attack_time_map,
+              samples: @samples.map(&:to_controlled_hash),
+              startTime: @start_time,
+              total: 1 # there will only ever be 1 attack sample, until batching is done
+          }
+        end
+
+        # @param inventory_dtm [Contrast::Api::Dtm::ApplicationUpdate]
+        # @return [Contrast::Agent::Reporting::ApplicationInventory]
+        # TODO: RUBY-9999 update to handle batching
+        def attach_data attack_sample
+          @samples << Contrast::Agent::Reporting::ApplicationDefendAttackSample.convert(attack_sample)
+        end
+
+        def attack_time_map
+          {
+              second: duration,
+              count: 1 # there will only ever be 1 attack sample, until batching is done
+          }
+        end
+
+        def duration
+          Contrast::Utils::Timer.now_ms - @start_time
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb

@@ -0,0 +1,56 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/application_defend_attack_activity'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new AttackerActivity class which will includes the attacker information discovered during this
+      # activity period.
+      class ApplicationDefendAttackerActivity
+        attr_reader :attackers
+
+        class << self
+          def convert attack_result_dtm
+            activity = new
+            activity.attach_data attack_result_dtm
+            activity
+          end
+        end
+
+        def initialize
+          @protection_rules = {}
+          @request = Contrast::Agent::REQUEST_TRACKER.current.activity.http_request
+          @event_type = :application_defend_attacker_activity
+          super
+        end
+
+        def to_controlled_hash
+          {
+              protectionRules: process_protection_rules,
+              source: {
+                  ip: @request.sender.ip,
+                  xForwardedFor: @request.request_headers['X-Forwarded-For']
+              }
+          }
+        end
+
+        # @param attack_result [Contrast::Agent::Reporting::AttackResult]
+        def attach_data attack_result
+          attack_activity = Contrast::Agent::Reporting::ApplicationDefendAttackActivity.convert(attack_result)
+          @protection_rules[attack_result.rule_id] = attack_activity
+        end
+
+        def process_protection_rules
+          arr = []
+          @protection_rules.each_pair do |k, v|
+            arr << { k => v&.to_controlled_hash }
+          end
+          arr
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb

@@ -12,7 +12,7 @@ module Contrast
       # for the new reporting system to report. Reporting those components or details discovered at
       # startup, or as soon as possible, but not necessarily seen used by the application. Each of
       # these messages should only be sent once per application.
-      class ApplicationInventory < Contrast::Agent::Reporting::ReportingEvent
+      class ApplicationInventory < Contrast::Agent::Reporting::ApplicationReportingEvent
         # @param [Array<Contrast::Agent::Reporting::DiscoveredRoute>] the routes registered to this application, as
         #   discovered during first request processing.
         attr_reader :routes
@@ -25,6 +25,10 @@ module Contrast
           end
         end
 
+        def file_name
+          'applications-inventory'
+        end
+
         def initialize
           @routes = []
           @event_type = :application_inventory

data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb

@@ -0,0 +1,58 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/application_reporting_event'
+require 'contrast/agent/reporting/reporting_events/architecture_component'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationInventoryActivity class which will include all the information
+      # about the inventory of the application which was discovered during exercise of the application
+      # during this activity period.
+      class ApplicationInventoryActivity < Contrast::Agent::Reporting::ApplicationReportingEvent
+        # return [Contrast::Agent::Reporting::ArchitectureComponent]
+        attr_reader :components
+        # @ return [String, nil] - User-Agent Header value
+        attr_reader :browser
+
+        class << self
+          # @param activity_dtm [Contrast::Api::Dtm::ApplicationActivity]
+          # @return [Contrast::Agent::Reporting::ApplicationInventoryActivity]
+          def convert activity_dtm
+            inventory = new
+            inventory.attach_data activity_dtm
+            inventory
+          end
+        end
+
+        def initialize
+          @event_type = :application_inventory_activity
+          @components = []
+          super
+        end
+
+        def to_controlled_hash
+          {
+              activityDuration: duration,
+              browser: browser,
+              components: components.map(&:to_controlled_hash)
+          }
+        end
+
+        def attach_data activity
+          activity.architectures.each do |architecture|
+            @components << Contrast::Agent::Reporting::ArchitectureComponent.convert(architecture)
+          end
+          request_headers = activity.http_request&.request_headers
+          @browser = request_headers['USER_AGENT'] if request_headers
+        end
+
+        def duration
+          Contrast::Utils::Timer.now_ms - (Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0)
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_reporting_event.rb

@@ -0,0 +1,27 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/reporting_events/reporting_event'
+require 'contrast/utils/timer'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationReportingEvent class which will include all the needed and mutual information for
+      # those events which correspond to Applications, such as Application Activity or Application Update
+      #
+      # @abstract
+      class ApplicationReportingEvent < Contrast::Agent::Reporting::ReportingEvent
+        protected
+
+        # The timestamp field is a bit of a misnomer. It's really the time, in ms, since the settings for this
+        # application have been updated. If I've never updated, then it's been 0ms since then.
+        #
+        # @return [Integer]
+        def since_last_update
+          (update_time = Contrast::SETTINGS.last_app_update_ms) ? Contrast::Utils::Timer.now_ms - update_time : 0
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_startup.rb

@@ -1,8 +1,8 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/agent/reporting/reporting_events/application_reporting_event'
 require 'contrast/agent/reporting/reporting_events/application_startup_instrumentation'
-require 'contrast/agent/reporting/reporting_events/reporting_event'
 require 'contrast/config'
 
 module Contrast
@@ -11,28 +11,38 @@ module Contrast
       # This is the new ApplicationStartup class which will include all the needed information for the new reporting
       # system to report an Application has started; creating a new one or marking an existing one as online in the
       # Contrast UI
-      class ApplicationStartup < Contrast::Agent::Reporting::ReportingEvent
+      class ApplicationStartup < Contrast::Agent::Reporting::ApplicationReportingEvent
         def initialize
-          @event_method = :POST
+          @event_method = :PUT
           @event_endpoint = Contrast::Agent::Reporting::Endpoints::NG_ENDPOINTS[:application_create]
           super
         end
 
+        def file_name
+          'applications-create'
+        end
+
         # Convert the instance variables on the class, and other information, into the identifiers required for
         # TeamServer to process the JSON form of this message.
         #
         # @return [Hash]
         # @raise [ArgumentError]
         def to_controlled_hash
-          {
-              code: ::Contrast::CONFIG.root.application.code,
-              group: ::Contrast::CONFIG.root.application.group,
+          app_config = ::Contrast::CONFIG.root.application
+          hsh = {
+              code: app_config.code,
+              group: app_config.group,
               instrumentation: Contrast::Agent::Reporting::ApplicationStartupInstrumentation.new.to_controlled_hash,
-              metadata: ::Contrast::CONFIG.root.application.metadata,
-              session_id: ::Contrast::CONFIG.root.application.session_id,
-              session_metadata: ::Contrast::CONFIG.root.application.session_metadata,
-              tags: ::Contrast::CONFIG.root.application.tags
+              metadata: app_config.metadata,
+              tags: app_config.tags
           }
+          if (session_id = ::Contrast::CONFIG.session_id)
+            hsh[:session_id] = session_id
+          end
+          if (session_metadata = ::Contrast::CONFIG.session_metadata)
+            hsh[:session_metadata] = session_metadata
+          end
+          hsh
         end
       end
     end

data/lib/contrast/agent/reporting/reporting_events/application_update.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/reporting/reporting_events/architecture_component'
+require 'contrast/agent/reporting/reporting_events/application_reporting_event'
 require 'contrast/agent/reporting/reporting_events/library_discovery'
 require 'contrast/agent/reporting/reporting_events/reporting_event'
 require 'contrast/agent/reporting/reporting_events/route_discovery'
@@ -17,7 +18,7 @@ module Contrast
       #
       # @attr_reader components [Array<Contrast::Agent::Reporting::ArchitectureComponent>]
       # @attr_reader libraries [Array<Contrast::Agent::Reporting::LibraryDiscovery>]
-      class ApplicationUpdate < Contrast::Agent::Reporting::ReportingEvent
+      class ApplicationUpdate < Contrast::Agent::Reporting::ApplicationReportingEvent
         attr_reader :components, :libraries
 
         class << self
@@ -36,6 +37,10 @@ module Contrast
           super
         end
 
+        def file_name
+          'update-application'
+        end
+
         # Attach the data from the protobuf models to this reporter so that it can be sent to TeamServer directly.
         #
         # @param app_update_dtm [Contrast::Api::Dtm::ApplicationUpdate]
@@ -58,7 +63,7 @@ module Contrast
           {
               components: components.map(&:to_controlled_hash),
               libraries: libraries.map(&:to_controlled_hash),
-              timestamp: timestamp
+              timestamp: since_last_update
           }
         end
 
@@ -66,16 +71,6 @@ module Contrast
         #
         # @raise [ArgumentError]
         def validate; end
-
-        private
-
-        # The timestamp field is a bit of a misnomer. It's really the time, in ms, since the settings for this
-        # application have been updated.
-        #
-        # @return [Integer]
-        def timestamp
-          Contrast::Utils::Timer.now_ms - (Contrast::Agent.reporter&.client&.response_handler&.last_app_update_ms || 0)
-        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/finding.rb

@@ -3,9 +3,9 @@
 
 require 'json'
 require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/application_reporting_event'
 require 'contrast/agent/reporting/reporting_events/finding_event'
 require 'contrast/agent/reporting/reporting_events/finding_request'
-require 'contrast/agent/reporting/reporting_events/reporting_event'
 require 'contrast/agent/assess/events/event_data'
 require 'contrast/utils/timer'
 
@@ -16,7 +16,7 @@ module Contrast
       # relay this information in the Finding/Trace messages. These findings are used by TeamServer to construct the
       # vulnerability information for the assess feature. They represent those parts of the application, either through
       # configuration, method invocation, or dataflow, which are determined to be insecure.
-      class Finding < Contrast::Agent::Reporting::ReportingEvent
+      class Finding < Contrast::Agent::Reporting::ApplicationReportingEvent
         include Contrast::Components::Logger::InstanceMethods
 
         # @return [Integer] the time, in ms, that this object was initialized
@@ -75,6 +75,10 @@ module Contrast
           super()
         end
 
+        def file_name
+          'traces'
+        end
+
         # Some reports require specific additional headers to be used. To that end, we'll attach them here, letting
         # each handle their own.
         #
@@ -148,7 +152,9 @@ module Contrast
         # @raise [ArgumentError]
         def validate
           raise(ArgumentError, "#{ self } did not have a proper rule. Unable to continue.") unless @rule_id
-
+          unless @agent_session_id_value
+            raise(ArgumentError, "#{ self } did not have a proper session id. Unable to continue.")
+          end
           if event_based? && events.empty?
             raise(ArgumentError, "#{ self } did not have proper events for #{ @rule_id }. Unable to continue.")
           end

data/lib/contrast/agent/reporting/reporting_events/finding_event.rb

@@ -278,14 +278,12 @@ module Contrast
           unless parent_object_ids
             raise(ArgumentError, "#{ self } did not have a proper parentObjectIds. Unable to continue.")
           end
-          unless taint_ranges && !taint_ranges.empty?
-            raise(ArgumentError, "#{ self } did not have a proper taintRanges. Unable to continue.")
-          end
+          raise(ArgumentError, "#{ self } did not have a proper taintRanges. Unable to continue.") unless taint_ranges
           raise(ArgumentError, "#{ self } did not have a proper args. Unable to continue.") unless args
           raise(ArgumentError, "#{ self } did not have a proper object. Unable to continue.") unless object
           raise(ArgumentError, "#{ self } did not have a proper signature. Unable to continue.") unless signature
           raise(ArgumentError, "#{ self } did not have a proper stack. Unable to continue.") unless stack
-          raise(ArgumentError, "#{ self } did not have a proper tags. Unable to continue.") unless tags && !tags.empty?
+          raise(ArgumentError, "#{ self } did not have a proper tags. Unable to continue.") unless tags
         end
       end
     end

data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb

@@ -41,7 +41,7 @@ module Contrast
         #
         # @param object [Contrast::Agent::Assess::ContrastObject, nil]
         def attach_data object, truncate
-          @hash = object&.object.__id__
+          @hash = object ? object.tracked_object_id : nil.__id__
           @tracked = !!object&.tracked?
           @value = reportable_value(object&.object, truncate)
         end
@@ -75,9 +75,9 @@ module Contrast
         #
         # @param value [String, nil] the contrast_string of the object this represents.
         # @param truncate [Boolean] if the string should be truncated or not.
-        # @return [String]
+        # @return [String] The strict_encode64 value of the String sent to TeamServer to represent this object.
         def reportable_value value, truncate
-          return Contrast::Utils::ObjectShare::NIL_STRING unless value
+          return Contrast::Utils::ObjectShare::NIL_64_STRING unless value
 
           if truncate && value.length > TRUNCATION_LENGTH
             tmp = []

data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb

@@ -1,7 +1,7 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/reporting/reporting_events/reporting_event'
+require 'contrast/agent/reporting/reporting_events/application_reporting_event'
 require 'contrast/agent/reporting/reporting_events/library_usage_observation'
 
 module Contrast
@@ -11,7 +11,7 @@ module Contrast
       #
       # @attr_reader observations - Array[Contrast::Agent::Reporting::LibraryUsageObservation]
       #                            - Hash of LibraryUsageObservations
-      class ObservedLibraryUsage < Contrast::Agent::Reporting::ReportingEvent
+      class ObservedLibraryUsage < Contrast::Agent::Reporting::ApplicationReportingEvent
         attr_reader :observations
 
         class << self
@@ -32,6 +32,10 @@ module Contrast
           super
         end
 
+        def file_name
+          'library-observation'
+        end
+
         def to_controlled_hash
           validate
           { observations: @observations.map(&:to_controlled_hash) }

data/lib/contrast/agent/reporting/reporting_events/observed_route.rb

@@ -3,7 +3,7 @@
 
 require 'json'
 require 'contrast/components/logger'
-require 'contrast/agent/reporting/reporting_events/reporting_event'
+require 'contrast/agent/reporting/reporting_events/application_reporting_event'
 require 'contrast/utils/object_share'
 
 module Contrast
@@ -15,7 +15,7 @@ module Contrast
       # externally accessible endpoints within the application, as registered to the application framework. This also
       # includes the literal URL and HTTP Verb used to invoke them, as they must have been called at this point to be
       # recorded.
-      class ObservedRoute < Contrast::Agent::Reporting::ReportingEvent
+      class ObservedRoute < Contrast::Agent::Reporting::ApplicationReportingEvent
         # @param [String] the method signature used to uniquely identify the coverage report.
         attr_accessor :signature
         # @param [String] the normalized URL used to access the method in the route.
@@ -35,6 +35,10 @@ module Contrast
           super()
         end
 
+        def file_name
+          'routes-observed'
+        end
+
         # Convert the instance variables on the class, and other information, into the identifiers required for
         # TeamServer to process the JSON form of this message.
         #
@@ -44,7 +48,7 @@ module Contrast
           validate
           rc_hash = {
               session_id: @agent_session_id_value,
-              sources: @sources,
+              sources: @sources.map(&:to_controlled_hash),
               signature: @signature,
               verb: @verb,
               url: @url

data/lib/contrast/agent/reporting/reporting_events/poll.rb

@@ -1,19 +1,23 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/reporting/reporting_events/reporting_event'
+require 'contrast/agent/reporting/reporting_events/application_reporting_event'
 
 module Contrast
   module Agent
     module Reporting
       # This is the new Poll class for the Heartbeat Service.
-      class Poll < Contrast::Agent::Reporting::ReportingEvent
+      class Poll < Contrast::Agent::Reporting::ApplicationReportingEvent
         def initialize
           @event_type = :heartbeat
           @event_endpoint = Contrast::Agent::Reporting::Endpoints.heartbeat
           super
         end
 
+        def file_name
+          'applications-heartbeat'
+        end
+
         # This is commented out as I am not aware if we're supposed to send some information and/or parse it to hash
         # In https://github.com/Contrast-Security-Inc/contrast-service/blob/next/reporting/tsreporter.go
         #