contrast-agent 6.1.0 → 6.2.0

data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb

@@ -17,13 +17,6 @@ module Contrast
           class CacheControl < HeaderRule
             include BodyRule
             include Framework::RailsSupport
-
-            def rule_id
-              'cache-controls-missing'
-            end
-
-            protected
-
             HEADER_KEYS = %w[Cache-Control].cs__freeze
             ACCEPTED_VALUES = [/no-store/, /no-cache/].cs__freeze
             DEFAULT_SAFE = false
@@ -31,6 +24,12 @@ module Contrast
             HEAD_TAG = /<head>/i.cs__freeze
             NAME = 'cache-control'
 
+            def rule_id
+              'cache-controls-missing'
+            end
+
+            protected
+
             # Determine if the Response violates the Rule or not. If it does, return the evidence that proves it so.
             #
             # @param response [Contrast::Agent::Response] the response of the application
@@ -62,7 +61,7 @@ module Contrast
               return false if meta_tags(response).empty?
 
               meta_tags(response).each do |tag|
-                return true if meta_cache_tag? tag[HTML_PROP]
+                return true if meta_cache_tag?(tag[HTML_PROP])
               end
 
               false
@@ -92,7 +91,7 @@ module Contrast
             # @return [Hash, nil] the evidence hash or nil
             def tag_evidence response
               meta_tags(response).each do |tag|
-                return evidence(META_TYPE, PRAGMA, tag[HTML_PROP]) if meta_cache_tag? tag[HTML_PROP]
+                return evidence(META_TYPE, PRAGMA, tag[HTML_PROP]) if meta_cache_tag?(tag[HTML_PROP])
               end
             end
 

data/lib/contrast/agent/assess/rule/response/click_jacking_header_rule.rb

@@ -11,13 +11,13 @@ module Contrast
         module Response
           # These rules check the content of the HTTP Response to determine if the headers contains the required header
           class ClickJacking < HeaderRule
-            def rule_id
-              'clickjacking-control-missing'
-            end
-
             HEADER_KEYS = %w[X-Frame-Options].cs__freeze
             ACCEPTED_VALUES = [/^deny/i, /^sameorigin/i].cs__freeze
             DEFAULT_SAFE = false
+
+            def rule_id
+              'clickjacking-control-missing'
+            end
           end
         end
       end

data/lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb

@@ -12,12 +12,6 @@ module Contrast
         module Response
           # These rules check that the HTTP Headers include CSP header types
           class CspHeaderInsecure < HeaderRule
-            def rule_id
-              'csp-header-insecure'
-            end
-
-            protected
-
             HEADER_KEYS = %w[Content-Security-Policy X-Content-Security-Policy X-Webkit-CSP].cs__freeze
             DEFAULT_SAFE = false
             SETTINGS = %w[
@@ -28,6 +22,12 @@ module Contrast
             ASTERISK_REGEXP = /[*]/.cs__freeze
             SAFE_REFLECTED_XSS = /1/.cs__freeze
 
+            def rule_id
+              'csp-header-insecure'
+            end
+
+            protected
+
             # Determine if the Response violates the Rule or not. If it does, return the evidence that proves it so.
             #
             # @param response [Contrast::Agent::Response] the response of the application

data/lib/contrast/agent/assess/rule/response/csp_header_missing_rule.rb

@@ -11,13 +11,13 @@ module Contrast
         module Response
           # These rules check that the HTTP Headers include CSP header types
           class CspHeaderMissing < HeaderRule
-            def rule_id
-              'csp-header-missing'
-            end
-
             HEADER_KEYS = %w[Content-Security-Policy X-Content-Security-Policy X-Webkit-CSP].cs__freeze
             ACCEPTED_VALUES = [/(.)/].cs__freeze
             DEFAULT_SAFE = false
+
+            def rule_id
+              'csp-header-missing'
+            end
           end
         end
       end

data/lib/contrast/agent/assess/rule/response/hsts_header_rule.rb

@@ -12,16 +12,16 @@ module Contrast
           # This rule checks if the HTTP Headers include HSTS header and ensures that the max-age value
           # is set to a value greater than 0.
           class HSTSHeader < HeaderRule
+            HEADER_KEYS = %w[Strict-Transport-Security].cs__freeze
+            ACCEPTED_VALUES = [/max-age=(\.)?\d+(\.\d*)?/].cs__freeze
+            DEFAULT_SAFE = true
+
             def rule_id
               'hsts-header-missing'
             end
 
             protected
 
-            HEADER_KEYS = %w[Strict-Transport-Security].cs__freeze
-            ACCEPTED_VALUES = [/max-age=(\.)?\d+(\.\d*)?/].cs__freeze
-            DEFAULT_SAFE = true
-
             def evidence data
               # get only the value of the max-age property
               val = data&.split('=')&.last

data/lib/contrast/agent/assess/rule/response/x_content_type_header_rule.rb

@@ -11,13 +11,13 @@ module Contrast
         module Response
           # These rules check the content of the HTTP Response to determine if the response contains the needed header
           class XContentType < HeaderRule
-            def rule_id
-              'xcontenttype-header-missing'
-            end
-
             HEADER_KEYS = %w[X-Content-Type-Options].cs__freeze
             ACCEPTED_VALUES = [/^nosniff/i].cs__freeze
             DEFAULT_SAFE = false
+
+            def rule_id
+              'xcontenttype-header-missing'
+            end
           end
         end
       end

data/lib/contrast/agent/assess/rule/response/x_xss_protection_header_rule.rb

@@ -13,15 +13,14 @@ module Contrast
           # These rules check the content of the HTTP Response to determine if the response contains the needed header
           class XXssProtection < HeaderRule
             include Framework::RailsSupport
+            HEADER_KEYS = %w[X-XSS-Protection].cs__freeze
+            ACCEPTED_VALUES = [/^1/].cs__freeze
+            DEFAULT_SAFE = true
 
             def rule_id
               'xxssprotection-header-disabled'
             end
 
-            HEADER_KEYS = %w[X-XSS-Protection].cs__freeze
-            ACCEPTED_VALUES = [/^1/].cs__freeze
-            DEFAULT_SAFE = true
-
             protected
 
             def analyze_response? response

data/lib/contrast/agent/assess/tag.rb

@@ -12,6 +12,19 @@ module Contrast
                     :start_idx, # start of range
                     :end_idx    # end of range (calculated from start + length), exclusive
 
+        # Update range should be how start and end index of tags are changed,
+        # as it includes validation
+        #
+        # Note that we allow start_idx == end_idx b/c this is how we determine
+        # if a tag range is 'covered' in trigger detection
+        ERROR_NEGATIVE_START = 'Unable to set start idx negative'
+        BELOW = 'BELOW'
+        ERROR_END_BEFORE_START = 'Unable to set start idx after end idx'
+        LOW_SPAN = 'LOW_SPAN'
+        WITHIN = 'WITHIN'
+        WITHOUT = 'WITHOUT'
+        HIGH_SPAN = 'HIGH_SPAN'
+        ABOVE = 'ABOVE'
         # Initialize a new tag
         #
         # @param label [String] the label of the tag
@@ -109,13 +122,6 @@ module Contrast
         end
         alias_method :to_s, :str_val
 
-        BELOW = 'BELOW'
-        LOW_SPAN = 'LOW_SPAN'
-        WITHIN = 'WITHIN'
-        WITHOUT = 'WITHOUT'
-        HIGH_SPAN = 'HIGH_SPAN'
-        ABOVE = 'ABOVE'
-
         # The tag is ______ the range
         # rrrrrrr == self.range, the range of the tag
         def compare_range start, stop
@@ -154,13 +160,6 @@ module Contrast
 
         private
 
-        # Update range should be how start and end index of tags are changed,
-        # as it includes validation
-        #
-        # Note that we allow start_idx == end_idx b/c this is how we determine
-        # if a tag range is 'covered' in trigger detection
-        ERROR_NEGATIVE_START = 'Unable to set start idx negative'
-        ERROR_END_BEFORE_START = 'Unable to set start idx after end idx'
         def update_range start_idx, end_idx
           raise(ArgumentError, ERROR_NEGATIVE_START) if start_idx.negative?
           raise(ArgumentError, ERROR_END_BEFORE_START) if end_idx < start_idx

data/lib/contrast/agent/at_exit_hook.rb

@@ -31,7 +31,19 @@ module Contrast
         context = Contrast::Agent::REQUEST_TRACKER.current
         return unless context
 
-        Contrast::Agent.messaging_queue&.send_event_immediately(context.activity)
+        Contrast::Agent.reporter.send_event_immediately(context.observed_library_usage)
+
+        if Contrast::Agent::Reporter.enabled?
+          [
+            context.new_observed_route,
+            Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.server_activity),
+            Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity)
+          ].each do |event|
+            Contrast::Agent.reporter&.send_event_immediately(event)
+          end
+        else
+          Contrast::Agent.messaging_queue&.send_event_immediately(context.activity)
+        end
       end
     end
   end

data/lib/contrast/agent/inventory/database_config.rb

@@ -74,7 +74,7 @@ module Contrast
           # reporting.
           #
           # @param hash_or_str [Hash, String]
-          # @return [Contrast::Api::Dtm::ArchitectureComponent]
+          # @return [Array<Contrast::Api::Dtm::ArchitectureComponent>, nil]
           def build_from_db_config hash_or_str
             return unless hash_or_str
 
@@ -89,7 +89,7 @@ module Contrast
           # understandable by TeamServer.
           #
           # @param hash [Hash] the information used to open a database connection
-          # @return [Contrast::Api::Dtm::ArchitectureComponent]
+          # @return [Array<Contrast::Api::Dtm::ArchitectureComponent>]
           def build_from_db_hash hash
             ac = Contrast::Api::Dtm::ArchitectureComponent.build_database
             ac.vendor = hash[:adapter] || hash[ADAPTER] || Contrast::Utils::ObjectShare::EMPTY_STRING
@@ -122,9 +122,11 @@ module Contrast
           # mysql+mysqlconnector://scott:tiger@localhost/foo # pragma: allowlist secret
           #
           # @param str [String] the DB connection string
-          # @return [Contrast::Api::Dtm::ArchitectureComponent]
+          # @return [Array<Contrast::Api::Dtm::ArchitectureComponent>, nil]
           def build_from_db_string str
             adapter, hosts, database = split_connection_str(str)
+            return unless adapter && hosts && database
+
             acs = []
             hosts.split(Contrast::Utils::ObjectShare::COMMA).map do |s|
               host, port = s.split(Contrast::Utils::ObjectShare::COLON)
@@ -143,13 +145,19 @@ module Contrast
           # generation of a Contrast::Api::Dtm::ArchitectureComponent
           #
           # @param str [String] the DB connection string
-          # @return [Array<String>] the adapter, hosts, and database
+          # @return [Array<String>, nil] the adapter, hosts, and database
           def split_connection_str str
             adapter, str = str.split(Contrast::Utils::ObjectShare::COLON_SLASH_SLASH)
+            return unless str
+
             _auth, str = str.split(Contrast::Utils::ObjectShare::AT)
+            return unless str
+
             # Not currently used
             # user, pass = auth.split(Contrast::Utils::ObjectShare::COLON)
             hosts, db_and_options = str.split(Contrast::Utils::ObjectShare::SLASH)
+            return unless db_and_options
+
             hosts << LOCALHOST if hosts.empty?
             database, _options = db_and_options.split(Contrast::Utils::ObjectShare::QUESTION_MARK)
 

data/lib/contrast/agent/inventory/dependency_usage_analysis.rb

@@ -1,6 +1,7 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/agent/reporting/reporting_events/library_usage_observation'
 require 'contrast/agent/inventory/dependencies'
 require 'contrast/components/logger'
 require 'contrast/utils/object_share'
@@ -73,10 +74,11 @@ module Contrast
         #
         # TODO: RUBY-1355
         # TODO: RUBY-1438 -- change to just use EventMessage
-        # @param activity [Contrast::Api::Dtm::Activity] the message to which to append the usage data
-        def generate_library_usage activity
+        # @param observed_library_usage [Contrast::Agent::Reporting::ObservedLibraryUsage] the message to
+        #   which to append the usage data
+        def generate_library_usage observed_library_usage
           return unless enabled?
-          return unless activity
+          return unless observed_library_usage
 
           # Disconnect gemdigest_cache and replace it with an empty one; synch so new libs cannot be added between the
           # assignment and the replace
@@ -86,8 +88,10 @@ module Contrast
             hold
           end
           gem_spec_digest_to_files.each_pair do |digest, files|
-            usage = Contrast::Api::Dtm::LibraryUsageUpdate.build(digest, files)
-            activity.library_usages[usage.hash_code] = usage
+            usage = Contrast::Agent::Reporting::LibraryUsageObservation.new(digest, files)
+            next if usage.names.empty?
+
+            observed_library_usage.observations << usage
           end
         rescue StandardError => e
           logger.error('Unable to generate library usage.', e)

data/lib/contrast/agent/middleware.rb

@@ -48,6 +48,9 @@ module Contrast
           return
         end
         agent_startup_routine
+      rescue StandardError => e
+        logger.error('Unable to initialize the agent. Disabling permanently.', e)
+        ::Contrast::AGENT.disable! # ensure the agent is disabled (probably redundant)
       end
 
       # This is where we're hooked into the middleware stack. If the agent is enabled, we're ready to do some
@@ -145,7 +148,7 @@ module Contrast
           request_handler.ruleset.prefilter
         end
       rescue StandardError => e
-        raise e if security_exception?(e)
+        raise(e) if security_exception?(e)
 
         logger.error('Unable to execute agent pre_call', e)
       end
@@ -164,7 +167,7 @@ module Contrast
           # Build and report all collected findings prior response
           Contrast::Agent::FINDINGS.report_collected_findings unless Contrast::Agent::FINDINGS.collection.empty?
           # All protect rules, which are trigger but require response to be reported
-          Contrast::Agent::EXPLOITS.report_recorded_exploits context unless Contrast::Agent::EXPLOITS.collection.empty?
+          Contrast::Agent::EXPLOITS.report_recorded_exploits(context) unless Contrast::Agent::EXPLOITS.collection.empty?
 
           if Contrast::Agent.framework_manager.streaming?(env)
             context.reset_activity
@@ -177,7 +180,7 @@ module Contrast
         end
       # unsuccessful attack
       rescue StandardError => e
-        raise e if security_exception?(e)
+        raise(e) if security_exception?(e)
 
         logger.error('Unable to execute agent post_call', e)
       end

data/lib/contrast/agent/patching/policy/after_load_patch.rb

@@ -47,7 +47,7 @@ module Contrast
             return true  unless target_defined? # bc no methods are loaded
             return false unless method_to_instrument
 
-            !module_lookup.instance_methods.include? method_to_instrument
+            !module_lookup.instance_methods.include?(method_to_instrument)
           end
 
           def applies? loaded_module_name
@@ -59,7 +59,7 @@ module Contrast
           end
 
           def instrument!
-            require instrumentation_file_path
+            require(instrumentation_file_path)
 
             if instrumenting_module
               mod = Module.cs__const_get(instrumenting_module)
@@ -72,7 +72,7 @@ module Contrast
 
           def module_lookup
             @_module_lookup ||= begin
-              Module.cs__const_get module_name
+              Module.cs__const_get(module_name)
             rescue StandardError => _e
               nil
             end

data/lib/contrast/agent/patching/policy/after_load_patcher.rb

@@ -43,7 +43,7 @@ module Contrast
               ].cs__freeze
               paths.each do |p|
                 path_part = "cs__assess_#{ p }"
-                Contrast::Extension::Assess::InstrumentHelper.instrument "#{ path_part }/#{ path_part }"
+                Contrast::Extension::Assess::InstrumentHelper.instrument("#{ path_part }/#{ path_part }")
               end
               true
             end
@@ -73,7 +73,7 @@ module Contrast
           # handling
           def apply_require_patches!
             @_apply_require_patches ||= begin
-              require 'contrast/extension/thread'
+              require('contrast/extension/thread')
               true
             rescue LoadError, StandardError => e
               logger.error('failed instrumenting apply_require_patches!', e)

data/lib/contrast/agent/patching/policy/method_policy_extend.rb

@@ -38,8 +38,8 @@ module Contrast
                                                  deadzone_node: deadzone_node
                                              })
 
-            return method_policy unless check_method_policy_nodes_empty? source_node, propagation_node, trigger_node,
-                                                                         protect_node, inventory_node, deadzone_node
+            return method_policy unless check_method_policy_nodes_empty?(source_node, propagation_node, trigger_node,
+                                                                         protect_node, inventory_node, deadzone_node)
 
             create_new_node(module_policy, method_policy) if module_policy.deadzone_nodes&.any?
             method_policy
@@ -74,9 +74,9 @@ module Contrast
               next unless node.method_name.nil?
 
               klass = Module.cs__const_get(node.class_name)
-              next unless it_defined? klass, method_policy.method_name
+              next unless it_defined?(klass, method_policy.method_name)
 
-              new_node = set_new_node method_policy, klass, node
+              new_node = set_new_node(method_policy, klass, node)
               method_policy.instance_variable_set(:@method_visibility, new_node.method_visibility)
               method_policy.instance_variable_set(:@deadzone_node, node)
               module_policy.deadzone_nodes << new_node

data/lib/contrast/agent/patching/policy/patch.rb

@@ -49,11 +49,11 @@ module Contrast
             ].cs__freeze
 
             def enter_method_scope! method_policy
-              contrast_enter_method_scopes! method_policy.scopes_to_enter
+              contrast_enter_method_scopes!(method_policy.scopes_to_enter)
             end
 
             def exit_method_scope! method_policy
-              contrast_exit_method_scopes! method_policy.scopes_to_exit
+              contrast_exit_method_scopes!(method_policy.scopes_to_exit)
             end
 
             # @param mod [Module] the module in which the patch should be
@@ -122,7 +122,7 @@ module Contrast
               underlying_method_name = underlying_method_name(method_name, impl)
 
               target_module = Module.cs__const_get(target_module_name)
-              target_module = target_module.cs__singleton_class if %i[prepend_singleton alias_singleton].include? impl
+              target_module = target_module.cs__singleton_class if %i[prepend_singleton alias_singleton].include?(impl)
 
               visibility = if target_module.private_instance_methods(false).include?(method_name)
                              :private
@@ -131,14 +131,14 @@ module Contrast
                            elsif target_module.public_instance_methods(false).include?(method_name)
                              :public
                            else
-                             raise NoMethodError,
-                                   <<~ERR
+                             raise(NoMethodError,
+                                   <<~ERR)
                                      Tried to register a C-defined #{ impl } patch for \
                                      #{ target_module_name }##{ method_name }, but can't find :#{ method_name }.
                                    ERR
                            end
 
-              reflect_implementation impl, target_module, unbound_method, visibility
+              reflect_implementation(impl, target_module, unbound_method, visibility)
               # Ougai::Logger.create_item_with_2args calls Hash#[]=, so we
               # can't invoke this logging method or we'll seg fault as we'd
               # change the method definition mid-call
@@ -166,7 +166,7 @@ module Contrast
               when :alias_instance, :alias_singleton
                 # Core to patching. Ignore define method usage cop.
                 # rubocop:disable Performance/Kernel/DefineMethod
-                unless target_module.instance_methods(false).include? underlying_method_name
+                unless target_module.instance_methods(false).include?(underlying_method_name)
                   # alias_method may be private
                   target_module.send(:alias_method, underlying_method_name, method_name)
                   target_module.send(:define_method, method_name, unbound_method.bind(target_module))
@@ -178,7 +178,7 @@ module Contrast
                 prepending_module.send(visibility, method_name)
 
                 # This prepends to the singleton class (it patches a class method)
-                target_module.prepend prepending_module
+                target_module.prepend(prepending_module)
                 # rubocop:enable Performance/Kernel/DefineMethod
               end
             end
@@ -204,7 +204,7 @@ module Contrast
             end
 
             def underlying_method_name method_name, impl
-              return method_name.to_sym if %i[prepend_instance prepend_singleton].include? impl
+              return method_name.to_sym if %i[prepend_instance prepend_singleton].include?(impl)
 
               build_unbound_method_name(method_name).to_sym
             end

data/lib/contrast/agent/patching/policy/patch_status.rb

@@ -99,10 +99,17 @@ module Contrast
               :CONTRAST_PATCH_POLICY_STATUS
             end
 
+            # @param mod [Module or Class] the entity on which the patch has been placed
+            # @param method [Symbol] the method being patched
+            # @param ret [Contrast::Agent::Patching::Policy::MethodPolicy] the policy of the patched method
             def update_holder mod, method, ret
-              mod.instance_variable_set(method_info_key, {}) unless mod.instance_variable_defined?(method_info_key)
-              holder = mod.instance_variable_get(method_info_key)
-              holder[method] = ret
+              unless mod.instance_variable_defined?(method_info_key) &&
+                    (holder = mod.instance_variable_get(method_info_key))
+
+                holder = {}
+                mod.instance_variable_set(method_info_key, holder)
+              end
+              holder[method] = ret # rubocop:disable Lint/UselessSetterCall
             end
 
             def find_info_for candidates, method

data/lib/contrast/agent/patching/policy/policy.rb

@@ -20,6 +20,19 @@ module Contrast
         class Policy
           include Singleton
           include Contrast::Components::Logger::InstanceMethods
+          SOURCES_KEY = 'sources'
+          PROPAGATION_KEY = 'propagators'
+          RULES_KEY = 'rules'
+          TRIGGERS_KEY = 'triggers'
+          def initialize
+            @sources = []
+            @propagators = []
+            @triggers = []
+            @providers = {}
+
+            json = Contrast::Utils::ResourceLoader.load(cs__class.policy_json)
+            from_hash_string(json)
+          end
 
           # Indicates the folder in `resources` where this policy lives.
           def self.policy_folder
@@ -38,25 +51,10 @@ module Contrast
 
           attr_reader :sources, :propagators, :triggers, :providers
 
-          SOURCES_KEY =          'sources'
-          PROPAGATION_KEY =      'propagators'
-          RULES_KEY = 'rules'
-          TRIGGERS_KEY = 'triggers'
-
           def self.policy_json
             File.join(policy_folder, 'policy.json').cs__freeze
           end
 
-          def initialize
-            @sources = []
-            @propagators = []
-            @triggers = []
-            @providers = {}
-
-            json = Contrast::Utils::ResourceLoader.load(cs__class.policy_json)
-            from_hash_string(json)
-          end
-
           # Our policy for patching rules is a 'dope ass' JSON file. Rather than hard code in a bunch of things to
           # monkey patch, we let the JSON file define the conditions in which modifications are applied. This let's us
           # be flexible and extensible.

data/lib/contrast/agent/patching/policy/policy_node.rb

@@ -14,6 +14,23 @@ module Contrast
         # @abstract
         class PolicyNode
           include Contrast::Components::Scope::InstanceMethods
+          JSON_METHOD_VISIBILITY = 'method_visibility'
+          JSON_PROPERTIES = 'properties'
+          JSON_METHOD_NAME = 'method_name'
+          JSON_METHOD_SCOPE = 'scope'
+          # The keys used to read from policy.json to create the individual
+          # policy nodes. These are common across node types
+          JSON_CLASS_NAME = 'class_name'
+          JSON_INSTANCE_METHOD = 'instance_method'
+          def initialize policy_hash = {}
+            @class_name = policy_hash[JSON_CLASS_NAME]
+            @instance_method = policy_hash[JSON_INSTANCE_METHOD]
+            @method_name = policy_hash[JSON_METHOD_NAME]
+            @method_scope = policy_hash[JSON_METHOD_SCOPE]
+            @method_visibility = policy_hash[JSON_METHOD_VISIBILITY]
+            @properties = policy_hash[JSON_PROPERTIES]
+            symbolize
+          end
 
           # Name of the class in which the method is being invoked.
           attr_accessor :class_name
@@ -31,21 +48,11 @@ module Contrast
           attr_reader :method_scope
 
           def node_class
-            raise NoMethodError, 'specify the type of the feature for which this node patches'
+            raise(NoMethodError, 'specify the type of the feature for which this node patches')
           end
 
           def feature
-            raise NoMethodError, 'specify the name of the feature for which this node patches'
-          end
-
-          def initialize policy_hash = {}
-            @class_name = policy_hash[JSON_CLASS_NAME]
-            @instance_method = policy_hash[JSON_INSTANCE_METHOD]
-            @method_name = policy_hash[JSON_METHOD_NAME]
-            @method_scope = policy_hash[JSON_METHOD_SCOPE]
-            @method_visibility = policy_hash[JSON_METHOD_VISIBILITY]
-            @properties = policy_hash[JSON_PROPERTIES]
-            symbolize
+            raise(NoMethodError, 'specify the name of the feature for which this node patches')
           end
 
           def id
@@ -91,15 +98,6 @@ module Contrast
             @method_visibility = @method_visibility.to_sym if @method_visibility
             @method_scope = @method_scope.to_sym if @method_scope
           end
-
-          # The keys used to read from policy.json to create the individual
-          # policy nodes. These are common across node types
-          JSON_CLASS_NAME = 'class_name'
-          JSON_INSTANCE_METHOD = 'instance_method'
-          JSON_METHOD_NAME = 'method_name'
-          JSON_METHOD_SCOPE = 'scope'
-          JSON_METHOD_VISIBILITY = 'method_visibility'
-          JSON_PROPERTIES = 'properties'
         end
       end
     end

data/lib/contrast/agent/patching/policy/trigger_node.rb

@@ -24,6 +24,7 @@ module Contrast
           attr_reader :applicator, :applicator_method, :on_exception, :optional_properties, :required_properties,
                       :rule_id
 
+          NODE = 'Trigger'
           def initialize trigger_hash = {}, rule_hash = {}
             super(trigger_hash)
             @rule_id = rule_hash[JSON_NAME]
@@ -36,7 +37,6 @@ module Contrast
             @applicator_method = (trigger_hash[JSON_APPLICATOR_METHOD] || rule_hash[JSON_APPLICATOR_METHOD]).to_sym
           end
 
-          NODE = 'Trigger'
           def node_class
             NODE
           end