contrast-agent 6.1.2 → 6.2.0

data/lib/contrast/logger/aliased_logging.rb

@@ -17,7 +17,7 @@ module Contrast
       # @param data [Object] Any structured data
       def warn message = nil, exception = nil, data = nil, &block
         # build Telemetry Exclusion
-        build_exclusion(ALIASED_WARN, message, exception, data)
+        build_exception(ALIASED_WARN, message, exception, data)
         super(message, exception, data, &block)
       end
 
@@ -26,7 +26,7 @@ module Contrast
       # @param data [Object] Any structured data
       def error message = nil, exception = nil, data = nil, &block
         # build Telemetry Exclusion
-        build_exclusion(ALIASED_ERROR, message, exception, data)
+        build_exception(ALIASED_ERROR, message, exception, data)
         super(message, exception, data, &block)
       end
 
@@ -35,35 +35,35 @@ module Contrast
       # @param data [Object] Any structured data
       def fatal message = nil, exception = nil, data = nil, &block
         # build Telemetry Exclusion
-        build_exclusion(ALIASED_FATAL, message, exception, data)
+        build_exception(ALIASED_FATAL, message, exception, data)
         super(message, exception, data, &block)
       end
 
       private
 
-      def build_exclusion _type, _message = nil, _exception = nil, _data = nil
-        # TODO: RUBY-1698
-        nil
-        #   start = caller_locations&.find_index { |stack| stack.to_s.include?(type) }
-        #   stack_trace = start ? caller_locations(start + 1, 20) : caller_locations(20, 20)
-        #   stack_frame_type = Contrast::Agent::Telemetry::TelemetryException::Obfuscate.obfuscate_type(
-        #       stack_trace[1].path.delete_prefix(Dir.pwd))
-        #   message_exception_type = Contrast::Agent::Telemetry::TelemetryException::Obfuscate.obfuscate_exception_type(
-        #       exception ? exception.cs__class.to_s : stack_frame_type.split('/').last)
-        #   stack_frame_function = stack_trace[1].label
-        #   key = "#{ stack_frame_type }|#{ stack_frame_function }|#{ message }"
-        #   if TELEMETRY_EXCEPTIONS[key]
-        #     TELEMETRY_EXCEPTIONS.increment(key)
-        #     return
-        #   end
-        #
-        #   event_message = create_message(stack_frame_function,
-        #                                  stack_frame_type, message_exception_type,
-        #                                  data, exception,
-        #                                  message)
-        #   TELEMETRY_EXCEPTIONS[key] = event_message
-        # rescue StandardError => e
-        #   debug('Unable to report exception to telemetry', e)
+      def build_exception type, message = nil, exception = nil, data = nil
+        stack_trace = get_stack_trace(type)
+        stack_frame_type = Contrast::Agent::Telemetry::TelemetryException::Obfuscate.obfuscate_type(
+            stack_trace[1].path.delete_prefix(Dir.pwd))
+        stack_frame_function = stack_trace[1].label
+        key = "#{ stack_frame_type }|#{ stack_frame_function }|#{ message }"
+        if TELEMETRY_EXCEPTIONS[key]
+          TELEMETRY_EXCEPTIONS.increment(key)
+          return
+        end
+
+        return if TELEMETRY_EXCEPTIONS.exception_limit?
+
+        message_exception_type = Contrast::Agent::Telemetry::TelemetryException::Obfuscate.obfuscate_exception_type(
+            exception ? exception.cs__class.to_s : stack_frame_type.split('/').last)
+
+        event_message = create_message(stack_frame_function,
+                                       stack_frame_type, message_exception_type,
+                                       data, exception,
+                                       message)
+        TELEMETRY_EXCEPTIONS[key] = event_message
+      rescue StandardError => e
+        debug('Unable to report exception to telemetry', e)
       end
 
       def create_message stack_frame_function, stack_frame_type, message_exception_type, data, exception, message
@@ -89,6 +89,11 @@ module Contrast
         message = Contrast::Agent::Telemetry::TelemetryException::Message.build(tags, [message_exception])
         Contrast::Agent::Telemetry::TelemetryException::Event.new(message)
       end
+
+      def get_stack_trace type
+        start = caller_locations&.find_index { |stack| stack.to_s.include?(type) }
+        start ? caller_locations(start + 1, 20) : caller_locations(20, 20)
+      end
     end
   end
 end

data/lib/contrast/utils/response_utils.rb

@@ -34,7 +34,7 @@ module Contrast
       # @return [nil, String] the content of the body
       def extract_body body
         return unless body
-        return if defined?(Rack::File) && body.is_a?(Rack::File)
+        return if body_is_file?(body)
 
         return handle_rack_body_proxy(body) if body.is_a?(Rack::BodyProxy)
         return extract_body(body.body) if sub_extractable?(body)
@@ -77,6 +77,19 @@ module Contrast
           obj.to_s
         end
       end
+
+      # After Rack 3.1 gets live - line 88 (Rack::File) will be removed.
+      # In 3.1 version, they drop the support for File class and will only support Files class
+      #
+      # @param body [String, Rack::File, Rack::BodyProxy,
+      #   ActionDispatch::Response::RackBody, Rack::Response] Something that
+      #   holds, wraps, or is the body of the Response
+      def body_is_file? body
+        return true if defined?(Rack::File) && (body.is_a?(Rack::File) || body.is_a?(Rack::File::Iterator))
+        return true if defined?(Rack::Files) && (body.is_a?(Rack::Files) || body.is_a?(Rack::Files::Iterator))
+
+        false
+      end
     end
   end
 end

data/lib/contrast/utils/telemetry.rb

@@ -34,10 +34,16 @@ module Contrast
         write_mark_file(DIR, FILE, CONFIG_DIR)
       end
 
+      # The telemetry disclaimer message, set if needed.
+      #
+      # @return [String]
       def self.disclaimer
         @_disclaimer = MESSAGE[:disclaimer]
       end
 
+      # Determine if telemetry has been explicitly disabled by opt out or has been left running.
+      #
+      # @return [Boolean]
       def self.exceptions_enabled?
         @_exceptions_enabled = telemetry_exceptions_enabled? if @_exceptions_enabled.nil?
         @_exceptions_enabled
@@ -82,6 +88,9 @@ module Contrast
           false
         end
 
+        # Determine if telemetry has been explicitly disabled by opt out or has been left running.
+        #
+        # @return [Boolean]
         def telemetry_exceptions_enabled?
           opts_out_telemetry = return_value(:telemetry_opt_outs).to_s
           return false if opts_out_telemetry.casecmp?('true') || opts_out_telemetry == '1'

data/lib/contrast/utils/telemetry_hash.rb

@@ -2,34 +2,58 @@
 # frozen_string_literal: true
 
 require 'contrast/components/logger'
+require 'contrast/agent/telemetry/events/exceptions/telemetry_exception_event'
 
 module Contrast
   module Utils
-    # This is the TelemetryHash, which will take data type, so we can push freely, without worrying about
-    # validating the event before that
+    # This is the TelemetryHash, which will store Contrast::Agent::Telemetry::TelemetryException::Event, so we can push
+    # freely, without worrying about validating the event before that.  TelemetryHash has a max size of events,
+    # default is 10 events
     class TelemetryHash < Hash
       include Contrast::Components::Logger::InstanceMethods
+      HASH_SIZE_LIMIT = 10
 
-      attr_reader :data_type
-
-      def initialize data_type, *_several_variants
-        super()
-        @data_type = data_type
-      end
-
+      # Wrapper to set a value in this TelemetryHash only if the provided value is of the data_type for this
+      # TelemetryHash or the hash has not reached its limit of for unique keys
+      #
+      # @param key [Object] the key to which to associate the value
+      # @param value [Object] the value to store
+      # @return [Object, nil] echo back out the value as the Hash#[]= method does, or nil if not of the expected
+      #   data_type
       def []= key, value
+        return if exception_limit?
         return unless valid_value?(value)
 
         super(key, value)
       end
 
+      # Increment the occurrences for the exception object contained in this TelemetryHash
+      #
+      # @param key [Object] the key to check for the exception stored in this TelemetryHash
       def increment key
-        self[key].exceptions[0].increment_occurrences
-        :incremented!
+        value = self[key]
+        return unless value&.exceptions&.any?
+
+        value.exceptions[0].increment_occurrences
       end
 
+      # Determine if hash has reached exception event limit
+      # @return [Boolean]
+      def exception_limit?
+        unless size < HASH_SIZE_LIMIT
+          logger.debug("Number of TelemetryExceptions exceeds limit of #{ HASH_SIZE_LIMIT }")
+          return true
+        end
+        false
+      end
+
+      private
+
+      # Determine if the given value is valid based on the datatype which this TelemetryHash contains
+      # @param value [Object]
+      # @return boolean
       def valid_value? value
-        unless value.cs__is_a?(data_type)
+        unless value.cs__is_a?(Contrast::Agent::Telemetry::TelemetryException::Event)
           logger.debug('The following key will be omitted', value: value)
           return false
         end

data/lib/contrast/utils/telemetry_identifier.rb

@@ -38,6 +38,10 @@ module Contrast
           @_mac = find_mac(primary) || find_mac
         end
 
+        # Set and return a Sha256 hash representing this application, based on the mac identifier of this machine and
+        # the application name or a Secure UUID if one of them cannot be determined.
+        #
+        # @return [String]
         def self.application_id
           @_application_id ||= begin
             id = nil
@@ -48,6 +52,10 @@ module Contrast
           end
         end
 
+        # Set and return a Sha256 hash representing this agent run, based on the mac identifier of this machine or a
+        # Secure UUID if one cannot be determined.
+        #
+        # @return [String]
         def self.instance_id
           @_instance_id ||= Digest::SHA2.new(256).hexdigest(Contrast::Utils::Telemetry::Identifier.mac ||
                                                               "_#{ SecureRandom.uuid }")

data/lib/contrast/utils/thread_tracker.rb

@@ -3,36 +3,53 @@
 
 module Contrast
   module Utils
-    # ThreadTracker allows tracking of singleton objects across threads
+    # ThreadTracker allows tracking of singleton objects across threads. It acts on Thread#[] as that call is
+    # fiber-local where as Thread#thread_variables is not.
     class ThreadTracker
-      def initialize; end
-
-      # Note about Ruby -- thread#[] is fiber-local,
-      # #thread_variables is not.
-
+      # Get the given key to given value in Thread#[] or return default.
+      #
+      # @param key [Object] key used to reference the value
+      # @param default [Object] value to return if not present in Thread#[]
+      # @return [Object]
       def get key, default = nil
         Thread.current[key] || default
       end
 
+      # Set the given key to given value in Thread#[].
+      #
+      # @param key [Object] key used to reference the value
+      # @param value [Object] value to store
       def set key, value
         Thread.current[key] = value
       end
 
+      # Remove the given key from the current Thread#[] by setting it to nil.
+      #
+      # @param key [Object] key of the value to delete
       def delete key
         Thread.current[key] = nil
       end
 
-      def lifespan obj
-        set(:current_context, obj)
-        response = yield(obj)
+      # Wrap the block given with a RequestContext by setting it beforehand and deleting it after.
+      #
+      # @param context [Contrast::Agent::RequestContext]
+      def lifespan context
+        set(:current_context, context)
+        response = yield(context)
         delete(:current_context)
         response
       end
 
+      # Retrieve the Thread#[] RequestContext
+      #
+      # @return [Contrast::Agent::RequestContext]
       def current
         get(:current_context)
       end
 
+      # Set the Thread#[] context to the one provided.
+      #
+      # @param context [Contrast::Agent::RequestContext]
       def update_current_context context
         set(:current_context, context)
       end

data/lib/contrast/utils/timer.rb

@@ -6,14 +6,19 @@ module Contrast
     # Timer is class that can track state about when an event starts and how long it takes
     # Also contains utility methods to get time values in milliseconds
     class Timer
-      attr_reader :start_ms, :events
+      # @return [Integer] the ms of the Time that this instance represents
+      attr_reader :start_ms
 
+      # Create a wrapper for the current time
+      #
+      # @param time [Time]
       def initialize time = Time.now
         @start_at = time
         @start_ms = (@start_at.to_f * 1000).to_i
         @events = {}
       end
 
+      # @return [Integer] time, in ms
       def self.now_ms
         (Time.now.to_f * 1000).to_i
       end

data/lib/contrast.rb

@@ -66,9 +66,7 @@ module Contrast
 end
 
 module Contrast
-  TELEMETRY_EXCEPTIONS = if Contrast::Utils::Telemetry.exceptions_enabled?
-                           Contrast::Utils::TelemetryHash.new(Contrast::Agent::Telemetry::TelemetryException::Event)
-                         end
+  TELEMETRY_EXCEPTIONS = (Contrast::Utils::TelemetryHash.new if Contrast::Utils::Telemetry.exceptions_enabled?)
 end
 
 # This needs to be required very early, after component interfaces, and before instrumentation attempts

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 6.1.2
+  version: 6.2.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-05-12 00:00:00.000000000 Z
+date: 2022-05-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -631,22 +631,22 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
-- ext/cs__assess_string/extconf.rb
-- ext/cs__assess_test/extconf.rb
 - ext/cs__assess_string_interpolation26/extconf.rb
-- ext/cs__assess_basic_object/extconf.rb
 - ext/cs__assess_array/extconf.rb
-- ext/cs__assess_regexp/extconf.rb
-- ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_hash/extconf.rb
-- ext/cs__scope/extconf.rb
+- ext/cs__assess_basic_object/extconf.rb
 - ext/cs__assess_fiber_track/extconf.rb
-- ext/cs__assess_module/extconf.rb
+- ext/cs__assess_hash/extconf.rb
+- ext/cs__assess_marshal_module/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
+- ext/cs__assess_string/extconf.rb
+- ext/cs__assess_regexp/extconf.rb
 - ext/cs__os_information/extconf.rb
+- ext/cs__scope/extconf.rb
+- ext/cs__assess_test/extconf.rb
 - ext/cs__tests/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
+- ext/cs__assess_module/extconf.rb
+- ext/cs__contrast_patch/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -1057,14 +1057,27 @@ files:
 - lib/contrast/agent/reporting/settings/application_settings.rb
 - lib/contrast/agent/reporting/settings/assess.rb
 - lib/contrast/agent/reporting/settings/assess_server_feature.rb
+- lib/contrast/agent/reporting/settings/bot_blocker.rb
+- lib/contrast/agent/reporting/settings/code_exclusion.rb
+- lib/contrast/agent/reporting/settings/exclusion_base.rb
 - lib/contrast/agent/reporting/settings/exclusions.rb
+- lib/contrast/agent/reporting/settings/helpers.rb
+- lib/contrast/agent/reporting/settings/input_exclusion.rb
+- lib/contrast/agent/reporting/settings/ip_filter.rb
+- lib/contrast/agent/reporting/settings/keyword.rb
+- lib/contrast/agent/reporting/settings/log_enhancer.rb
 - lib/contrast/agent/reporting/settings/protect.rb
 - lib/contrast/agent/reporting/settings/protect_server_feature.rb
 - lib/contrast/agent/reporting/settings/reaction.rb
+- lib/contrast/agent/reporting/settings/rule_definition.rb
 - lib/contrast/agent/reporting/settings/sampling.rb
+- lib/contrast/agent/reporting/settings/sanitizer.rb
 - lib/contrast/agent/reporting/settings/sensitive_data_masking.rb
 - lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb
 - lib/contrast/agent/reporting/settings/server_features.rb
+- lib/contrast/agent/reporting/settings/syslog.rb
+- lib/contrast/agent/reporting/settings/url_exclusion.rb
+- lib/contrast/agent/reporting/settings/validator.rb
 - lib/contrast/agent/request.rb
 - lib/contrast/agent/request_context.rb
 - lib/contrast/agent/request_context_extend.rb
@@ -1118,7 +1131,6 @@ files:
 - lib/contrast/api/decorators/instrumentation_mode.rb
 - lib/contrast/api/decorators/ip_denylist.rb
 - lib/contrast/api/decorators/library.rb
-- lib/contrast/api/decorators/library_usage_update.rb
 - lib/contrast/api/decorators/message.rb
 - lib/contrast/api/decorators/rasp_rule_sample.rb
 - lib/contrast/api/decorators/response_type.rb

data/lib/contrast/api/decorators/library_usage_update.rb

@@ -1,31 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'contrast/utils/string_utils'
-
-module Contrast
-  module Api
-    module Decorators
-      # Used to decorate the LibraryUsageUpdate protobuf
-      module LibraryUsageUpdate
-        def self.included klass
-          klass.extend(ClassMethods)
-        end
-
-        # Used to add class methods to the LibraryUsageUpdate class on inclusion of the decorator
-        module ClassMethods
-          def build digest, files
-            msg = new
-            msg.hash_code = Contrast::Utils::StringUtils.force_utf8(digest)
-            files.each do |required_file|
-              msg.class_names[required_file] = true
-            end
-            msg
-          end
-        end
-      end
-    end
-  end
-end
-
-Contrast::Api::Dtm::LibraryUsageUpdate.include(Contrast::Api::Decorators::LibraryUsageUpdate)