RubyGems - contrast-agent - Versions diffs - 6.13.0 → 6.15.0 - Mend

contrast-agent 6.13.0 → 6.15.0

Files changed (84) hide show

data/lib/contrast/config/validate.rb ADDED Viewed

@@ -0,0 +1,140 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'yaml'
+require 'contrast/configuration'
+require 'contrast/agent/reporting/reporter'
+require 'base64'
+module Contrast
+  module Config
+    # Helper module with methods to validate the existing yaml file.
+    module Validate
+      # rubocop:disable Rails/Output
+      SKIP_LOG = %w[service_key api_key].cs__freeze
+      REQUIRED = %i[url api_key service_key user_name].cs__freeze
+      PASS = " \u{2705}  "
+      FAIL = " \u{274C}  "
+      REQUIRED_HEADERS = %i[server_type server_name server_path app_language app_name].cs__freeze
+      def validate_file
+        puts("\u{1F9EA} Validating Agent Configuration...\n")
+        Contrast::Config.validate_config
+        puts('done...')
+        puts("Validating Contrast Reporter Headers...\n")
+        reporter = Contrast::Config.validate_headers
+        puts('done...')
+        puts("Testing Reporter Client Connection...\n")
+        Contrast::Config.test_connection(reporter) if reporter
+        puts('Validation complete')
+      end
+      def validate_config
+        config = Contrast::Configuration.new
+        abort("Unable to Build Config #{ FAIL }") unless config
+        missing = []
+        api_hash = config.api.to_contrast_hash
+        api_hash.each_key do |key|
+          value = mask_keys(api_hash, key)
+          if value.is_a?(Contrast::Config::ApiProxyConfiguration)
+            Contrast::Config.validate_proxy(value)
+          elsif value.is_a?(Contrast::Config::CertificationConfiguration)
+            Contrast::Config.validate_cert(value)
+            next
+          elsif value.is_a?(Contrast::Config::RequestAuditConfiguration)
+            Contrast::Config.validate_audit(value)
+            next
+          elsif value.nil? && REQUIRED.include?(key.to_sym)
+            missing << key
+          end
+        end
+        return if missing.empty?
+        abort("Validation failed: Missing required API configuration values: #{ missing.join(', ') } #{ FAIL }")
+      end
+      def validate_proxy config
+        puts("  Proxy Enabled: #{ config.enable }")
+        return unless config.enable
+        mark = config.url.nil? ? FAIL : PASS
+        puts("  Proxy URL: #{ config.url } #{ mark }")
+        abort('Proxy Enabled but no Proxy URL given') unless config.url
+      end
+      def validate_cert config
+        puts("  Certification Enabled: #{ config.enable }")
+        return unless config.enable
+        mark = config.ca_file.nil? ? FAIL : PASS
+        puts("  CA File: #{ config.ca_file } #{ mark }")
+        abort('CA file path not provided') unless config.ca_file
+        mark = config.cert_file.nil? ? FAIL : PASS
+        puts("  Cert File: #{ config.cert_file } #{ mark }")
+        abort('Cert file path not provided') unless config.cert_file
+        mark = config.key_file.nil? ? FAIL : PASS
+        puts("  Key File: #{ config.key_file } #{ mark }")
+        abort('Key file path not provided') unless config.key_file
+      end
+      def validate_audit config
+        puts("  Request Audit Enabled: #{ config.enable }")
+        return unless config.enable
+        config.cs__class::CONFIG_VALUES.each do |value_name|
+          puts("  #{ value_name }::#{ config.send(value_name.to_sym) }")
+        end
+      end
+      def init_reporter
+        Contrast::Agent::Reporter.new
+      end
+      def validate_headers
+        missing = []
+        reporter = init_reporter
+        reporter_headers = reporter.client.headers.to_contrast_hash
+        REQUIRED_HEADERS.each do |key|
+          value = decode_header(reporter_headers, key)
+          missing << key if value.nil?
+        end
+        unless missing.empty?
+          abort("Validation failed: Missing required header values: #{ missing.join(', ') } #{ FAIL }")
+        end
+        reporter
+      end
+      def test_connection reporter
+        puts("  Connection failed #{ FAIL }") unless reporter
+        connection = reporter.connection
+        abort("Failed to Initialize Connection please check error logs for details #{ FAIL } ") unless connection
+        abort('Failed to Start Client please check error logs for details') unless reporter.client.startup!(connection)
+        last_response = reporter.client.response_handler.last_response_code
+        if last_response.include?('40')
+          puts("  Last response code: #{ last_response  } #{ FAIL }")
+          abort("Failed to Initialize Connection please check error logs for details #{ FAIL } ")
+        elsif connection
+          puts("  Last response code: #{ last_response  } #{ PASS }")
+          puts("  Connection successful #{ PASS }") if connection
+        end
+      end
+      def mask_keys hash, key
+        value = hash[key]
+        redacted_value = Contrast::Configuration::REDACTED if SKIP_LOG.include?(key.to_s)
+        puts("  #{ key }::#{ redacted_value || value }") unless value.is_a?(Contrast::Config::BaseConfiguration)
+        value
+      end
+      def decode_header hash, key
+        value = hash[key]
+        decoded_header = Base64.strict_decode64(value)
+        puts("  #{ key }::#{ key == :app_language ? value : decoded_header }")
+        value
+      end
+      # rubocop:enable Rails/Output
+    end
+  end
+end

data/lib/contrast/config/yaml_file.rb ADDED Viewed

@@ -0,0 +1,129 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+require 'fileutils'
+require 'yaml'
+module Contrast
+  module Config
+    # Helper module with methods to find active configuration file used by the agent or create it.\
+    # This file is used before the agent start so methods added here must not be dependent on Agent
+    # instrumentation.
+    module YamlFile
+      CONFIG_FILE_NAME = 'contrast_security'
+      EXT = { yml: 'yml', yaml: 'yaml' }.freeze # rubocop:disable Security/Object/Freeze
+      POSSIBLE_TARGET_PATHS = %w[
+        ./
+        ./config/
+        /etc/contrast/ruby/
+        /etc/contrast/
+        /etc/
+      ].freeze # rubocop:disable Security/Object/Freeze
+      HEADER = "# +-------------------------------------------------------------------------+\n" \
+               "#    This Contrast Security configuration is Auto-generated by rake task.\n" \
+               "#    To List all available rake task use 'rake -T'. \n" \
+               "#\n" \
+               "#    Please enter valid api information, for the Ruby Agent to be able to\n" \
+               "#    connect to Contrast UI. You can validate your config file by running: \n" \
+               "#    'bundle exec rake contrast:config:validate' \n" \
+               "#\n" \
+               "#    To find your organization keys please follow this documentation:\n" \
+               "#    https://docs.contrastsecurity.com/en/find-the-agent-keys.html\n" \
+               "# +-------------------------------------------------------------------------+\n"
+      FOOTER = "\n# For more information visit the full Ruby agent configuration guide:\n" \
+               '# https://docs.contrastsecurity.com/en/ruby-configuration.html'
+      COMMENT = "#agent:\n" \
+                "#  logger:\n" \
+                "#    level: WARN\n" \
+                "#    path: contrast_agent.log\n" \
+                "#server:\n" \
+                "#  name: Server name\n" \
+                "#application:\n" \
+                "#  name: Application name\n" \
+                "#  code: Application name\n" \
+                "#  group: Application group\n" \
+                "#  session_metadata: Application metadata used for creation of Session ID\n" \
+                "#  version: Application version\n"
+      DEFAULT_CONFIG = {
+          'api' => {
+              'url' => 'https://app.contrastsecurity.com',
+              'api_key' => 'contrast_user',
+              'service_key' => 'demo',
+              'user_name' => 'demo'
+          }
+      }.freeze # rubocop:disable Security/Object/Freeze
+      class << self
+        # Checks all accessible by the agent path for active configuration created.
+        #
+        # @return [Boolean]
+        def created?
+          return true if File.exist?(Contrast::Config::YamlFile.target_path)
+          return true unless find!.empty?
+          false
+        end
+        # Finds active configuration used.
+        #
+        # @return [String] path of the config file.
+        def find!
+          found = ''
+          paths = POSSIBLE_TARGET_PATHS.dup
+          paths << ENV['CONTRAST_CONFIG_PATH'] if ENV['CONTRAST_CONFIG_PATH']
+          paths.each do |path|
+            EXT.each_value do |extension|
+              effective_config = "#{ path }#{ file_name }.#{ extension }"
+              found = effective_config if File.exist?(effective_config)
+            end
+          end
+          found
+        end
+        # Create new config file to the default destination.
+        #
+        def create
+          # rubocop:disable Rails/Output
+          puts("\u{1F48E} Generating: Contrast Configuration file.")
+          if Contrast::Config::YamlFile.created?
+            puts("\u{2705}  Configuration file already exists: #{ Contrast::Config::YamlFile.find! }")
+          else
+            File.open(Contrast::Config::YamlFile.target_path, 'w') do |file|
+              file.write(HEADER)
+              file.write(YAML.dump(DEFAULT_CONFIG).gsub('---', ' '))
+              file.write(COMMENT)
+              file.write(FOOTER)
+              file.close
+            end
+            puts("\u{2728}  Created! path #{ Contrast::Config::YamlFile.target_path }\n")
+            puts("\nOpen the file and enter your Contrast Security api keys or set them via environment variables.\n")
+            puts('Visit our documentation for more details: ' \
+                 'https://docs.contrastsecurity.com/en/ruby-configuration.html')
+          end
+        rescue StandardError => e
+          puts("\u{2757} WARNING configuration could not be created due to error: '#{ e }'. " \
+               "Try created in manually by running 'bundle exec rake contrast:config:create'.")
+          # rubocop:enable Rails/Output
+        end
+        def target_path
+          File.join(execution_directory, "#{ file_name }.#{ EXT[:yml] }")
+        end
+        def execution_directory
+          Dir.pwd
+        end
+        def file_name
+          ENV['CONTRAST_YAML_FILE_TEST_CREATE_CONFIG_FILE_NAME_VALUE'] || CONFIG_FILE_NAME
+        end
+      end
+    end
+  end
+end

data/lib/contrast/extension/assess/exec_trigger.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/agent/at_exit_hook'
+require 'contrast/agent/hooks/at_exit_hook'
 module Contrast
   module Extension

data/lib/contrast/extension/assess/string.rb CHANGED Viewed

@@ -14,9 +14,6 @@ module Contrast
       # Contrast::Agent::Assess::Policy::Propagator molds without cluttering up the
       # String Class or exposing our methods there.
       class StringPropagator
-        extend Contrast::Components::Logger::InstanceMethods
-        extend Contrast::Components::Scope::InstanceMethods
         NODE_HASH = {
             'class_name' => 'String',
             'instance_method' => true,
@@ -31,6 +28,8 @@ module Contrast
         INTERPOLATION_NODE = Contrast::Agent::Assess::Policy::PropagationNode.new(NODE_HASH)
         class << self
+          include Contrast::Components::Logger::InstanceMethods
+          include Contrast::Components::Scope::InstanceMethods
           # We call this method from C, and the Scope check is happening there. If we are in
           # Contrast Scope the method won't be invoked.
           #
@@ -76,6 +75,8 @@ module Contrast
             return unless (dynamic_props = Contrast::Agent::Assess::Tracker.properties(source)&.properties)
             Contrast::Agent::Assess::Tracker.properties(target)&.add_properties(dynamic_props)
+          rescue StandardError => e
+            logger.error('Unable to copy Dynamic track interpolation', e)
           end
         end
       end

data/lib/contrast/tasks/config.rb CHANGED Viewed

@@ -1,47 +1,22 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'yaml'
-require 'contrast/configuration'
-require 'contrast/agent/reporting/reporter'
+require 'contrast/config/yaml_file'
+require 'contrast/config/validate'
 module Contrast
   # A Rake task to generate a contrast_security.yaml file with some basic settings
   module Config
     extend Rake::DSL
-    DEFAULT_CONFIG = {
-        'api' => {
-            'url' => 'Enter your Contrast URL ex: https://app.contrastsecurity.com/Contrast',
-            'api_key' => 'Enter your Contrast api key',
-            'service_key' => 'Enter your Contrast service key',
-            'user_name' => 'Enter your Contrast user name'
-        },
-        'agent' => {
-            'logger' => {
-                'level' => 'ERROR',
-                'path' => 'contrast_agent.log'
-            }
-        }
-    }.cs__freeze
-    SKIP_LOG = %w[service_key api_key].cs__freeze
-    REQUIRED = %i[url api_key service_key user_name].cs__freeze
+    # The file create methods are required in the gemspec. Some of the Agent functions are not
+    # available there. To be safe the validate mechanics are extracted in different module.
+    extend Contrast::Config::Validate
     namespace :contrast do
       namespace :config do
         desc 'Create a contrast_security.yaml in the applications root directory'
         task :create do
-          execution_directory = Dir.pwd
-          target_path = File.join(execution_directory, 'contrast_security.yaml')
-          if File.exist?(target_path)
-            puts 'WARNING: contrast_security.yaml already exists'
-          else
-            File.write(target_path, YAML.dump(DEFAULT_CONFIG))
-            puts "Created contrast_security.yaml at #{ target_path }"
-            puts 'Open the file and enter your Contrast Security api keys or set them via environment variables'
-            puts 'Visit our documentation site for more details: https://docs.contrastsecurity.com/installation-rubyconfig.html'
-          end
+          Contrast::Config::YamlFile.create
         end
       end
     end
@@ -50,94 +25,8 @@ module Contrast
       namespace :config do
         desc 'Validate the provided Contrast configuration and confirm connectivity'
         task validate: :environment do
-          puts 'Validating Agent Configuration...'
-          Contrast::Config.validate_config
-          puts '...done!'
-          puts 'Validating Contrast Reporter Headers...'
-          reporter = Contrast::Config.validate_headers
-          puts '...done!'
-          puts 'Testing Reporter Client Connection...'
-          Contrast::Config.test_connection(reporter) if reporter
-          puts '...done!'
-        end
-      end
-      def self.validate_config
-        config = Contrast::Configuration.new
-        abort('Unable to Build Config') unless config
-        missing = []
-        api_hash = config.api.to_contrast_hash
-        api_hash.each_key do |key|
-          value = mask_keys(api_hash, key)
-          if value.is_a?(Contrast::Config::ApiProxyConfiguration)
-            Contrast::Config.validate_proxy(value)
-          elsif value.is_a?(Contrast::Config::CertificationConfiguration)
-            Contrast::Config.validate_cert(value)
-            next
-          elsif value.is_a?(Contrast::Config::RequestAuditConfiguration)
-            Contrast::Config.validate_audit(value)
-            next
-          elsif value.nil? && REQUIRED.includes?(key.to_sym)
-            missing << key
-          end
-        end
-        abort("Missing required API configuration values: #{ missing.join(', ') }") unless missing.empty?
-      end
-      def self.validate_proxy config
-        puts("Proxy Enabled: #{ config.enable }")
-        return unless config.enable
-        puts("Proxy URL: #{ config.url }")
-        abort('Proxy Enabled but no Proxy URL given') unless config.url
-      end
-      def self.validate_cert config
-        puts("Certification Enabled: #{ config.enable }")
-        return unless config.enable
-        puts("CA File: #{ config.ca_file }")
-        abort('CA file path not provided') unless config.ca_file
-        puts("Cert File: #{ config.cert_file }")
-        abort('Cert file path not provided') unless config.cert_file
-        puts("Key File: #{ config.key_file }")
-        abort('Key file path not provided') unless config.key_file
-      end
-      def self.validate_audit config
-        puts("Request Audit Enabled: #{ config.enable }")
-        return unless config.enable
-        config.each do |k, v|
-          puts("#{ k }::#{ v }")
-        end
-      end
-      def self.validate_headers
-        missing = []
-        reporter = Contrast::Agent::Reporter.new
-        reporter_headers = reporter.client.headers.to_contrast_hash
-        reporter_headers.each_key do |key|
-          value = mask_keys(reporter_headers, key)
-          missing << key if value.nil?
+          validate_file
         end
-        abort("Missing required header values: #{ missing.join(', ') }") unless missing.empty?
-        reporter
-      end
-      def self.test_connection reporter
-        connection = reporter.connection
-        abort('Failed to Initialize Connection please check error logs for details') unless connection
-        abort('Failed to Start Client please check error logs for details') unless reporter.client.startup!(connection)
-      end
-      def self.mask_keys hash, key
-        value = hash[key]
-        redacted_value = Contrast::Configuration::REDACTED if SKIP_LOG.include?(key.to_s)
-        puts("#{ key }::#{ redacted_value || value }") unless value.is_a?(Contrast::Config::BaseConfiguration)
-        value
       end
     end
   end

data/lib/contrast/utils/middleware_utils.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+require 'contrast/config/yaml_file'
 module Contrast
   module Utils
     # helper methods for Contrast::Agent::Middleware
@@ -16,6 +18,8 @@ module Contrast
         "April #{ LANGUAGE_DEPRECATION_YEAR }. Please contact Customer Support prior if you require continued support."
       def setup_agent
+        # Generate new config file if one is not already created:
+        Contrast::Config::YamlFile.create unless Contrast::Config::YamlFile.created?
         ::Contrast::SETTINGS.reset_state
         inform_deprecations

data/lib/contrast.rb CHANGED Viewed

@@ -62,7 +62,7 @@ require 'contrast/components/scope'
 require 'contrast/components/settings'
 require 'contrast/utils/routes_sent'
 require 'contrast/agent/telemetry/hash'
-require 'contrast/agent/telemetry'
+require 'contrast/agent/telemetry/telemetry'
 require 'contrast/agent/telemetry/exception/event'
 require 'contrast/agent_lib/interface'

data/ruby-agent.gemspec CHANGED Viewed

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 require_relative './lib/contrast/agent/version'
+require_relative './lib/contrast/config/yaml_file'
 lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
@@ -119,10 +120,12 @@ end
 # dependencies.csv in this directory to indicate that and create a
 # corresponding update to the fake gem server data in TeamServer.
 def self.add_dependencies spec
+  spec.add_dependency 'ffi', '~> 1.0'
   spec.add_dependency 'ougai', '>= 1.8', '< 3.0.0'
   spec.add_dependency 'rack', '~> 2.0'
-  spec.add_dependency 'contrast-agent-lib',  '~> 0.1.0', '>= 0.1.3'
-  spec.add_dependency 'ffi', '~> 1.0'
+  # bind this directly as we've had issues w/ build changes on bug release
+  spec.add_dependency 'contrast-agent-lib',  '1.1.0'
 end
 # Enumerate the files required to build the Agent.
@@ -185,7 +188,7 @@ Gem::Specification.new do |spec|
   spec.extensions = Dir['ext/cs__common/extconf.rb', 'ext/**/extconf.rb']
   spec.require_paths = ['lib']
-  unless File.exist?(File.join(Dir.pwd, 'contrast_security.yaml'))
+  unless Contrast::Config::YamlFile.created?
     spec.post_install_message = 'To generate the required contrast_security.yaml file you can run: '\
                                 'bundle exec rake contrast:config:create'
   end