RubyGems - contrast-agent - Versions diffs - 6.1.2 → 6.4.0 - Mend

contrast-agent 6.1.2 → 6.4.0

Files changed (220) hide show

data/lib/contrast/agent/telemetry/base.rb CHANGED Viewed

@@ -7,7 +7,6 @@ require 'contrast/utils/telemetry_client'
 require 'contrast/agent/worker_thread'
 require 'contrast/utils/telemetry'
 require 'contrast/agent/telemetry/events/exceptions/telemetry_exceptions'
-require 'contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report'
 module Contrast
   module Agent
@@ -15,7 +14,6 @@ module Contrast
       # This class will initialize and hold everything needed for the telemetry
       class Base < WorkerThread
         include Contrast::Components::Logger::InstanceMethods
-        include Contrast::Agent::Telemetry::TelemetryExceptionReport
         # this is where we will send the data from the agents
         URL = 'https://telemetry.ruby.contrastsecurity.com/'
@@ -66,10 +64,6 @@ module Contrast
           @_connection ||= client.initialize_connection(URL)
         end
-        def error_messages
-          @_error_messages ||= []
-        end
         def attempt_to_start?
           unless cs__class.enabled?
             logger.warn('Telemetry service is disabled!')
@@ -83,34 +77,8 @@ module Contrast
         def start_thread!
           return if running?
-          # It is recommended that implementations send a single payload of
-          # general metrics every 3 hours, starting from implementation startup.
-          @_thread = Contrast::Agent::Thread.new do
-            logger.debug('Starting background telemetry thread.')
-            loop do
-              next unless client && connection
-              # Start pushing exceptions to queue for reporting.
-              push_exceptions
-              until queue.empty?
-                event = queue.pop
-                begin
-                  logger.debug('This is the current processed event', event)
-                  sleep_time = request_with_response(event)
-                  if sleep_time
-                    sleep(sleep_time)
-                    logger.debug('Retrying to process event', event)
-                    retry_sleep_time = request_with_response(event)
-                    sleep(retry_sleep_time) unless retry_sleep_time.nil?
-                  end
-                rescue StandardError => e
-                  logger.error('Could not send message to service from telemetry queue.', e)
-                  stop!
-                end
-              end
-              sleep(SUGGESTED_TIMEOUT)
-            end
-          end
+          logger.debug('Starting background telemetry thread.')
+          @_thread = create_thread
         end
         def send_event event
@@ -126,7 +94,6 @@ module Contrast
         end
         def delete_queue!
-          @_queue&.clear
           @_queue&.close
           @_queue = nil
         end
@@ -149,6 +116,39 @@ module Contrast
         def queue
           @_queue ||= Queue.new
         end
+        # It is recommended that implementations send a single payload of general metrics every 3 hours, starting from
+        # implementation startup. This returns a thread configured to do so.
+        #
+        # @return [Contrast::Agent::Thread]
+        def create_thread
+          Contrast::Agent::Thread.new do
+            loop do
+              next unless client && connection
+              # Start pushing exceptions to queue for reporting.
+              Contrast::TELEMETRY_EXCEPTIONS.each_value { |value| queue << value }
+              Contrast::TELEMETRY_EXCEPTIONS.clear
+              until queue.empty?
+                event = queue.pop
+                begin
+                  logger.debug('This is the current processed event', event)
+                  sleep_time = request_with_response(event)
+                  if sleep_time
+                    sleep(sleep_time)
+                    logger.debug('Retrying to process event', event)
+                    retry_sleep_time = request_with_response(event)
+                    sleep(retry_sleep_time) unless retry_sleep_time.nil?
+                  end
+                rescue StandardError => e
+                  logger.error('Could not send message to service from telemetry queue.', e)
+                  stop!
+                end
+              end
+              sleep(SUGGESTED_TIMEOUT)
+            end
+          end
+        end
       end
     end
   end

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb CHANGED Viewed

@@ -28,6 +28,7 @@ module Contrast
           #
           # @param validation_pair [Hash] Validation hash to use
           # @param key[String] The key to check in VALIDATIONS
+          # @raise [ArgumentError]
           def validate_field validation_pair, key
             value_to_validate = send(key.to_sym)
             validate_class(value_to_validate, validation_pair[:class], key) if validation_pair.key?(:class)
@@ -48,6 +49,7 @@ module Contrast
           # @param message [Object] The message we want to check the class of
           # @param klass [Class] The klass we want to check the message with
           # @param field [Object] The field with the error
+          # @raise [ArgumentError]
           def validate_class message, klass, field
             message = message[0] if message.cs__is_a?(Array)
             raise(ArgumentError, "The provided value for #{ field } is of wrong class") unless message.cs__is_a?(klass)

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb CHANGED Viewed

@@ -18,6 +18,7 @@ module Contrast
           # to be created
           #
           # @param message [Contrast::Agent::Telemetry::TelemetryException::Message]
+          # @raise[ArgumentError]
           def initialize message
             super()
             validate_class(message, Contrast::Agent::Telemetry::TelemetryException::Message, 'exception_message')
@@ -25,6 +26,7 @@ module Contrast
           end
           # @param message [Contrast::Agent::Telemetry::TelemetryException::Message]
+          # @raise[ArgumentError]
           def push message
             validate_class(message, Contrast::Agent::Telemetry::TelemetryException::Message, 'exception_message')
             @exceptions << message

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb CHANGED Viewed

@@ -50,6 +50,7 @@ module Contrast
           # @return [String | nil] A string message to provide additional context to the errors.
           attr_reader :message
+          # @raise[ArgumentError]
           def initialize instance, tags, exceptions
             super()
             @tags = tags
@@ -63,17 +64,19 @@ module Contrast
           # Optional parameters will be set separately from the required
           #
           # @param logger[String]
+          # @raise[ArgumentError]
           def logger= logger
-            validate_field(VALIDATIONS[:logger], 'logger')
             @logger = logger
+            validate_field(VALIDATIONS[:logger], 'logger')
           end
           # Optional parameters will be set separately from the required
           #
           # @param message[String]
+          # @raise[ArgumentError]
           def message= message
-            validate_field(VALIDATIONS[:message], 'message')
             @message = message
+            validate_field(VALIDATIONS[:message], 'message')
           end
           # Optional parameters will be set separately from the required

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb CHANGED Viewed

@@ -43,16 +43,19 @@ module Contrast
           end
           # @param stack_frame [Contrast::Agent::Telemetry::TelemetryException::StackFrame]
+          # @raise[ArgumentError]
           def push stack_frame
             validate_class(stack_frame, Contrast::Agent::Telemetry::TelemetryException::StackFrame, 'stack_frame')
             @stack_frames << stack_frame
           end
+          # @raise[ArgumentError]
           def module_name= module_name
             @module_name = module_name
             validate_field(VALIDATIONS[:module_name], 'module_name')
           end
+          # @raise[ArgumentError]
           def value= value
             @value = value
             validate_field(VALIDATIONS[:value], 'value')

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb CHANGED Viewed

@@ -28,6 +28,7 @@ module Contrast
           # @return [String]
           attr_reader :module_name
+          # @raise [ArgumentError]
           def initialize function, type
             super()
             @function = function
@@ -36,11 +37,13 @@ module Contrast
             validate(VALIDATIONS)
           end
+          # @raise [ArgumentError]
           def module_name= module_name
             @module_name = module_name
             validate_field(VALIDATIONS[:module_name], 'module_name')
           end
+          # @raise [ArgumentError]
           def to_controlled_hash
             super
             { function: function, type: type, module: module_name, inContrast: in_contrast }.compact

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb CHANGED Viewed

@@ -17,4 +17,3 @@ require 'contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_fr
 require 'contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception'
 require 'contrast/agent/telemetry/events/exceptions/telemetry_exception_message'
 require 'contrast/agent/telemetry/events/exceptions/telemetry_exception_event'
-require 'contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report'

data/lib/contrast/agent/thread_watcher.rb CHANGED Viewed

@@ -32,10 +32,8 @@ module Contrast
           @heartbeat = Contrast::Agent::ServiceHeartbeat.new
           @messaging_queue = Contrast::Api::Communication::MessagingQueue.new
         end
-        if Contrast::Agent::Reporter.enabled?
-          @reporter = Contrast::Agent::Reporter.new
-          @reporter_heartbeat = Contrast::Agent::ReporterHeartbeat.new
-        end
+        @reporter = Contrast::Agent::Reporter.new
+        @reporter_heartbeat = Contrast::Agent::ReporterHeartbeat.new
         @telemetry = Contrast::Agent::Telemetry::Base.new if Contrast::Agent::Telemetry::Base.enabled?
       end
@@ -51,8 +49,6 @@ module Contrast
           telemetry_status = init_thread(telemetry_queue)
           @pids[Process.pid] = @pids[Process.pid] && telemetry_status
         end
-        return @pids unless Contrast::Agent::Reporter.enabled?
         reporter_status = init_thread(reporter)
         reporter_heartbeat_status = init_thread(reporter_heartbeat)
         @pids[Process.pid] = @pids[Process.pid] && reporter_status && reporter_heartbeat_status

data/lib/contrast/agent/version.rb CHANGED Viewed

@@ -3,6 +3,6 @@
 module Contrast
   module Agent
-    VERSION = '6.1.2'
+    VERSION = '6.4.0'
   end
 end

data/lib/contrast/agent.rb CHANGED Viewed

@@ -76,10 +76,8 @@ module Contrast
       thread_watcher.telemetry_queue
     end
-    # @return [nil, Contrast::Agent::Reporter]
+    # @return [Contrast::Agent::Reporter]
     def self.reporter
-      return unless  thread_watcher.reporter
       thread_watcher.reporter
     end

data/lib/contrast/api/communication/socket.rb CHANGED Viewed

@@ -34,6 +34,7 @@ module Contrast
         end
         # Override this method to return a socket. Should be interface compatible with TCPSocket, UNIXSocket, etc.
+        # @raise[NoMethodError] abstract method, needs to be implemented
         def new_socket
           raise(NoMethodError, 'This is abstract, override it.')
         end

data/lib/contrast/api/decorators/message.rb CHANGED Viewed

@@ -19,14 +19,10 @@ module Contrast
         def append_event event
           case event
-          when Contrast::Api::Dtm::ServerActivity
-            self.server_activity = event
           when Contrast::Api::Dtm::AgentStartup
             self.agent_startup = event
           when Contrast::Api::Dtm::ApplicationCreate
             self.application_create = event
-          when Contrast::Api::Dtm::ApplicationUpdate
-            self.application_update = event
           when Contrast::Api::Dtm::Activity
             self.activity = event
           when Contrast::Api::Dtm::HttpRequest
@@ -35,8 +31,6 @@ module Contrast
             self.postfilter = event
           when Contrast::Api::Dtm::Poll
             self.poll = event
-          when Contrast::Api::Dtm::ObservedRoute
-            self.observed_route = event
           else
             logger.error('Unknown event type received. Unsure how to send.', event_type: event.cs__class.cs__name)
             return

data/lib/contrast/api/decorators.rb CHANGED Viewed

@@ -12,13 +12,10 @@ end
 require 'contrast/api/decorators/message'
 require 'contrast/api/decorators/agent_startup'
 require 'contrast/api/decorators/application_startup'
-require 'contrast/api/decorators/application_update'
 require 'contrast/api/decorators/architecture_component'
 require 'contrast/api/decorators/input_analysis'
 require 'contrast/api/decorators/application_settings'
 require 'contrast/api/decorators/server_features'
-require 'contrast/api/decorators/library'
-require 'contrast/api/decorators/library_usage_update'
 require 'contrast/api/decorators/route_coverage'
 require 'contrast/api/decorators/trace_event_object'
 require 'contrast/api/decorators/trace_event_signature'

data/lib/contrast/api/dtm.pb.rb CHANGED Viewed

@@ -8,7 +8,7 @@ require 'protobuf'
 module Contrast
   module Api
     module Dtm
-      ::Protobuf::Optionable.inject(self) { ::Google::Protobuf::FileOptions }
+      ::Protobuf::Optionable.inject(self) { ::CSGoogle::Protobuf::FileOptions }
       ##
       # Message Classes

data/lib/contrast/api/settings.pb.rb CHANGED Viewed

@@ -8,7 +8,7 @@ require 'protobuf'
 module Contrast
   module Api
     module Settings
-      ::Protobuf::Optionable.inject(self) { ::Google::Protobuf::FileOptions }
+      ::Protobuf::Optionable.inject(self) { ::CSGoogle::Protobuf::FileOptions }
       ##
       # Enum Classes

data/lib/contrast/components/assess.rb CHANGED Viewed

@@ -76,12 +76,6 @@ module Contrast
           @_scan_response
         end
-        def track_frozen_sources?
-          @_track_frozen_sources = !false?(::Contrast::CONFIG.root.agent.ruby.track_frozen_sources) if
-            @_track_frozen_sources.nil?
-          @_track_frozen_sources
-        end
         def require_scan?
           @_require_scan = !false?(::Contrast::CONFIG.root.agent.ruby.require_scan) if @_require_scan.nil?
           @_require_scan

data/lib/contrast/components/config.rb CHANGED Viewed

@@ -27,7 +27,7 @@ module Contrast
       CONTRAST_LOG = 'contrast_agent.log'
       CONTRAST_NAME = 'Contrast Agent'
-      class Interface # :nodoc:
+      class Interface # :nodoc: # rubocop:disable Metrics/ClassLength
         SESSION_VARIABLES = 'Invalid configuration. '\
                             "Setting both application.session_id and application.session_metadata is not allowed.\n"
         API_URL = "Invalid configuration. Missing a required connection value 'url' is not set."
@@ -57,6 +57,8 @@ module Contrast
           @config = Contrast::Configuration.new
           env_overrides
           validate
+        rescue ArgumentError => e
+          proto_logger.error('Configuration failed with error: ', e)
         end
         alias_method :rebuild, :build
@@ -136,7 +138,7 @@ module Contrast
             next unless env_key.to_s.start_with?(CONTRAST_ENV_MARKER)
             config_item = Contrast::Utils::EnvConfigurationItem.new(env_key, env_value)
-            @config.assign_value_to_path_array(config_item.dot_path_array, config_item.value)
+            assign_value_to_path_array(root, config_item.dot_path_array, config_item.value)
           end
         end
@@ -193,6 +195,20 @@ module Contrast
         def logger_path
           root.agent.logger.path
         end
+        # Assign the value from an ENV variable to the Contrast::Config::RootConfiguration object, when
+        # appropriate.
+        #
+        # @return nil
+        def assign_value_to_path_array current_level, dot_path_array, value
+          dot_path_array[0...-1].each do |segment|
+            segment = segment.tr('-', '_')
+            current_level = current_level.send(segment) if current_level.cs__respond_to?(segment)
+          end
+          return unless current_level.nil? == false && current_level.cs__respond_to?(dot_path_array[-1])
+          current_level.send("#{ dot_path_array[-1] }=", value)
+        end
       end
     end
   end

data/lib/contrast/config/base_configuration.rb CHANGED Viewed

@@ -20,19 +20,6 @@ module Contrast
         end
         hsh
       end
-      def assign_value_to_path_array dot_path_array, value
-        current_level = self
-        dot_path_array[0...-1].each do |segment|
-          segment = segment.tr('-', '_')
-          current_level = current_level.send(segment) if current_level.cs__respond_to?(segment)
-        end
-        last_entry = dot_path_array[-1]
-        if current_level.nil? == false && current_level.cs__respond_to?(last_entry)
-          current_level.send("#{ last_entry }=", value)
-        end
-        nil
-      end
     end
   end
 end

data/lib/contrast/config/root_configuration.rb CHANGED Viewed

@@ -26,6 +26,7 @@ module Contrast
       # @return [Boolean, nil]
       attr_accessor :enable
+      # @raise[ArgumentError]
       def initialize hsh = {}
         raise(ArgumentError, 'Expected a hash') unless hsh.is_a?(Hash)

data/lib/contrast/config/ruby_configuration.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module Contrast
       DEFAULT_UNINSTRUMENTED_NAMESPACES = %w[FactoryGirl FactoryBot].cs__freeze
       attr_writer :disabled_agent_rake_tasks, :exceptions, :interpolate, :propagate_yield, :require_scan,
-                  :track_frozen_sources, :non_request_tracking, :uninstrument_namespace
+                  :non_request_tracking, :uninstrument_namespace
       def initialize hsh = {}
         return unless hsh
@@ -31,7 +31,6 @@ module Contrast
         @interpolate = hsh[:interpolate]
         @propagate_yield = hsh[:propagate_yield]
         @require_scan = hsh[:require_scan]
-        @track_frozen_sources = hsh[:track_frozen_sources]
         @non_request_tracking = hsh[:non_request_tracking]
         @uninstrument_namespace = hsh[:uninstrument_namespace]
       end
@@ -67,16 +66,10 @@ module Contrast
         @require_scan.nil? ?  Contrast::Utils::ObjectShare::TRUE  : @require_scan
       end
-      # controls whether or not we track frozen Strings by replacing them
-      # @return [Boolean, Contrast::Utils::ObjectShare::TRUE]
-      def track_frozen_sources
-        @track_frozen_sources.nil? ?  Contrast::Utils::ObjectShare::TRUE : @track_frozen_sources
-      end
       # controls tracking outside of request
       # @return [Boolean, Contrast::Utils::ObjectShare::FALSE]
       def non_request_tracking
-        @non_request_tracking.nil? ?  Contrast::Utils::ObjectShare::FALSE : @non_request_tracking
+        @non_request_tracking.nil? ? Contrast::Utils::ObjectShare::FALSE : @non_request_tracking
       end
       # @return [Array, DEFAULT_UNINSTRUMENTED_NAMESPACES]

data/lib/contrast/configuration.rb CHANGED Viewed

@@ -18,8 +18,6 @@ module Contrast
     include Contrast::Components::Scope::InstanceMethods
     extend Contrast::Components::Scope::InstanceMethods
-    def_delegator :root, :assign_value_to_path_array
     attr_reader :default_name, :root
     DEFAULT_YAML_PATH  = 'contrast_security.yaml'

data/lib/contrast/extension/assess/eval_trigger.rb CHANGED Viewed

@@ -25,10 +25,6 @@ module Contrast
           def apply_trigger obj, source, ret, clazz, method
             return unless ::Contrast::ASSESS.non_request_tracking? || Contrast::Agent::REQUEST_TRACKER.current
-            # Since we know this is the source of the trigger, we can do some
-            # optimization here and return when it is not tracked
-            return unless Contrast::Utils::Assess::TrackingUtil.tracked?(source)
             # source might not be all the args passed in, but it is the one we care
             # about. we could pass in all the args in the last param here if it
             # becomes an issue in rendering on TS

data/lib/contrast/extension/assess/hash.rb CHANGED Viewed

@@ -15,11 +15,12 @@ module Contrast
         class << self
           def cs__duplicate_and_freeze object
             return object unless object.is_a?(String) && !object.cs__frozen?
-            return object unless Contrast::Agent::Assess::Tracker.tracked?(object)
             # Copy the object, then freeze it, so that it looks the same
             # externally, but will have our finalizer on it.
-            object.dup&.cs__freeze
+            copy = object.dup
+            Contrast::Agent::Assess::Tracker.pre_freeze(copy)
+            copy&.cs__freeze
           rescue StandardError
             # we'll rescue this error, but we can't log it here as that will
             # result in a seg fault

data/lib/contrast/extension/assess/kernel.rb CHANGED Viewed

@@ -4,6 +4,7 @@
 require 'contrast/extension/assess/exec_trigger'
 require 'contrast/components/logger'
 require 'contrast/agent/assess/events/event_data'
+require 'contrast/agent/patching/policy/patch'
 module Contrast
   module Extension
@@ -97,6 +98,27 @@ module Contrast
           end
         end
       end
+      # Used for Kernel exec aliasing since we have no other way of accessing the
+      # Kernel#exec under C if we alias it there.
+      module ContrastKernel
+        # Method to replace the call to Kernel#exec when applying alias patch.
+        # It will invoke  Contrast::Extension::Assess::KernelPropagator before
+        # calling the original method.
+        #
+        # @param source [String, Proc] Potentially untrusted shell command to execute.
+        # @return nil - This method will invoke the Kernel#exec which will
+        def cs__kernel_exec source
+          # Check if in contrast scope and we have source.
+          unless Contrast::Agent::Patching::Policy::Patch.in_contrast_scope? || source.nil?
+            Contrast::Agent::Patching::Policy::Patch.with_contrast_scope do
+              Contrast::Extension::Assess::KernelPropagator.apply_trigger(source)
+            end
+          end
+          # Call this in the end else any code bellow this call won't be executed.
+          Kernel.exec(source)
+        end
+      end
     end
   end
 end

data/lib/contrast/extension/assess/marshal.rb CHANGED Viewed

@@ -58,6 +58,22 @@ module Contrast
           end
         end
       end
+      # Used for aliasing
+      module ContrastMarshal
+        def cs__marshal_load source
+          # Do the protect
+          Contrast::Extension::Assess::MarshalPropagator.cs__load_protect(source) if source
+          # call the original
+          result = Marshal.load(source) # rubocop:disable Security/MarshalLoad
+          # Do the assess
+          tracked = Contrast::Agent::Assess::Tracker::PROPERTIES_HASH.tracked?(source) if source
+          skip = Contrast::Agent::Patching::Policy::Patch.skip_assess_analysis? if tracked
+          Contrast::Extension::Assess::MarshalPropagator.cs__load_assess(source, result) if skip
+          # return original
+          result
+        end
+      end
     end
   end
 end

data/lib/contrast/extension/assess/string.rb CHANGED Viewed

@@ -31,31 +31,32 @@ module Contrast
         INTERPOLATION_NODE = Contrast::Agent::Assess::Policy::PropagationNode.new(NODE_HASH)
         class << self
+          # We call this method from C, and the Scope check is happening there. If we are in
+          # Contrast Scope the method won't be invoked.
+          #
+          # @param inputs [Array<String>] Inputs for interpolation.
+          # @param result [String] The result from the interpolation.
           def track_interpolation inputs, result
             return unless ::Contrast::AGENT.interpolation_enabled?
-            return if in_contrast_scope?
             return unless inputs.any? { |input| Contrast::Agent::Assess::Tracker.tracked?(input) }
+            return unless (properties = Contrast::Agent::Assess::Tracker.properties!(result))
-            with_contrast_scope do
-              return unless (properties = Contrast::Agent::Assess::Tracker.properties!(result))
-              parent_events = []
-              offset = 0
-              inputs.each do |input|
-                properties.copy_from(input, result, offset)
-                add_dynamic_sources_info(input, result)
-                offset += input.length
-                parent_event = Contrast::Agent::Assess::Tracker.properties(input)&.event
-                parent_events << parent_event if parent_event
-              end
-              event_data = Contrast::Agent::Assess::Events::EventData.new(INTERPOLATION_NODE,
-                                                                          result,
-                                                                          inputs,
-                                                                          result,
-                                                                          inputs)
-              properties.build_event(event_data)
-              properties.event.instance_variable_set(:@_parent_events, parent_events)
+            parent_events = []
+            offset = 0
+            inputs.each do |input|
+              properties.copy_from(input, result, offset)
+              add_dynamic_sources_info(input, result)
+              offset += input.length
+              parent_event = Contrast::Agent::Assess::Tracker.properties(input)&.event
+              parent_events << parent_event if parent_event
             end
+            event_data = Contrast::Agent::Assess::Events::EventData.new(INTERPOLATION_NODE,
+                                                                        result,
+                                                                        inputs,
+                                                                        result,
+                                                                        inputs)
+            properties.build_event(event_data)
+            properties.event.instance_variable_set(:@_parent_events, parent_events)
           rescue StandardError => e
             logger.error('Unable to track interpolation', e)
           end