contrast-agent 6.15.2 → 6.15.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a2f94b8a7a87febf8c10b58cf5133081a6dc3183c158ad59c202921efc23753e
-  data.tar.gz: 2e3fff601596655f725a4bea7a8b6f309a5f702557cfb009ad82b1d424da8d40
+  metadata.gz: bb55239bd37c7b0d2c3adc47d2e47ff25e331694b9be68522a29f8e4ce8c1220
+  data.tar.gz: 41a5a677403dd10c0dcd67673b32e32aa8f8ad04a82d963891f95ceaa25b46a1
 SHA512:
-  metadata.gz: cd0a28ee1a7331401a4709e1aec63a44b272d9d93ba9e6dcebd47270078165b42e3955fe8d938311b10cae4ec60cfaa92d9bee088b3a6056a2461fb00c6a4ab8
-  data.tar.gz: ba7ab7bebd769fd3057533da348a260e208bb622fe50aab3d0e68f8709413579bac258588680f04a65aa68ff4f5dbf0a2038d56fde7fd2ef2892a095e0e8e388
+  metadata.gz: 94aaa0a8ed0b9fb08fb5c206bee3695cd1cc1f3a8b7752fa8c52abfb563a4e58fac60162ab13c4f06ceb785532ae1a76b93dcc8f348e99d29b112b265a88051b
+  data.tar.gz: 658421a2a8558bac001eb707340f0bc763012d06b9fdcfe1137fb3ceff6f53966d7cc9af9bced07f08411b5e44af1ad5c4f5805b54abaae0ad71dcc81011fbb9

data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb

@@ -33,8 +33,8 @@ module Contrast
         # Parse the given controller and route from a Rack based application framework in order to create an instance
         # of this class
         #
-        # @param final_controller [Grape::API, Sinatra::Base] the controller responsible for the definition of the
-        #   entrypoint of the route actively being executed
+        # @param final_controller [Class<Grape::API>, Class<Sinatra::Base>] the controller responsible for the
+        #   definition of the entrypoint of the route actively being executed
         # @param method [String] the HTTP request method of the route actively being executed
         # @param route_pattern [Grape::Router::Route, Mustermann::Sinatra] the pattern to which the url maps
         # @param url [String] the literal url of the route actively being executed

data/lib/contrast/agent/request/request_context.rb

@@ -135,6 +135,8 @@ module Contrast
         @observed_route = Contrast::Agent::Reporting::ObservedRoute.new
         reporting_route = Contrast::Agent.framework_manager.get_route_information(@request)
         append_to_observed_route(reporting_route)
+      rescue StandardError => e
+        logger.error('Unable to determine current route', e)
       end
     end
   end

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '6.15.2'
+    VERSION = '6.15.3'
   end
 end

data/lib/contrast/framework/sinatra/support.rb

@@ -67,30 +67,39 @@ module Contrast
           # Given the current request - return a RouteCoverage object
 
           # @param request [Contrast::Agent::Request] a contrast tracked request.
-          # @param controller [::Sinatra::Base] optionally use this controller instead of global ::Sinatra::Base.
+          # @param _controller [::Sinatra::Base] optionally use this controller instead of global ::Sinatra::Base.
           # @return [Contrast::Agent::Reporting::RouteCoverage, nil] a Dtm describing the route
           # matched to the request if a match was found.
-          def current_route_coverage request, controller = ::Sinatra::Base, full_route = nil
-            return unless sinatra_controller?(controller)
-
+          def current_route_coverage request, _controller = ::Sinatra::Base, full_route = nil
             method = request.env[::Rack::REQUEST_METHOD] # GET, PUT, POST, etc...
-
+            route = _cleaned_route(request)
             # Find route match--checking superclasses if necessary.
-            final_controller, route_pattern = _route_recurse(controller, method, _cleaned_route(request))
-            return unless final_controller && route_pattern
+            sinatra_controllers.each do |potential_controller|
+              next unless sinatra_controller?(potential_controller)
+
+              next if potential_controller.nil? || potential_controller.cs__class == NilClass
 
-            full_route ||= request.env[::Rack::PATH_INFO]
+              route_patterns = potential_controller.routes.fetch(method) { [] }.
+                  map(&:first)
+              route_pattern = route_patterns.find do |matcher|
+                matcher.params(route) # ::Mustermann::Sinatra match.
+              end
+              next unless route_pattern
 
-            new_route_coverage = Contrast::Agent::Reporting::RouteCoverage.new
-            new_route_coverage.attach_rack_based_data(final_controller, method, route_pattern, full_route)
-            new_route_coverage
+              full_route ||= request.env[::Rack::PATH_INFO]
+              new_route_coverage = Contrast::Agent::Reporting::RouteCoverage.new
+              new_route_coverage.attach_rack_based_data(potential_controller, method, route_pattern, full_route)
+              return new_route_coverage
+            end
+            nil
           end
 
           # Search object space for sinatra controllers--any class that subclasses ::Sinatra::Base.
           #
-          # @return [Array<::Sinatra::Base>] sinatra controlelrs
+          # @return [Array<Class<::Sinatra::Base>>] sinatra controlelrs
           def sinatra_controllers
-            [::Sinatra::Base] + ObjectSpace.each_object(Class).select { |clazz| sinatra_controller?(clazz) }
+            @_sinatra_controllers ||=
+              [::Sinatra::Base] + ObjectSpace.each_object(Class).select { |clazz| sinatra_controller?(clazz) }
           end
 
           def retrieve_request env
@@ -112,31 +121,6 @@ module Contrast
 
           private
 
-          # Given a controller and a route to match against, find the route_pattern and class that will serve the
-          # route. This is recursive as Sinatra's routing is recursive from subclass to super.
-          #
-          # @param controller [Sinatra::Base, #routes] a Sinatra application.
-          # @param method [::Rack::REQUEST_METHOD] GET, POST, PUT, etc...
-          # @param route [String] the relative route passed from Rack.
-          # @return [Array[Sinatra::Base, Mustermann::Sinatra], nil] Either the controller that
-          # will handle the route along with the route pattern or nil if no match.
-          def _route_recurse controller, method, route
-            return if controller.nil? || controller.cs__class == NilClass
-
-            route_patterns = controller.routes.fetch(method) { [] }.
-                map(&:first)
-            route_pattern = route_patterns&.find do |matcher|
-              matcher.params(route) # ::Mustermann::Sinatra match.
-            end
-
-            return controller, route_pattern if route_pattern
-
-            # Check routes defined in superclass if present.
-            return unless controller.superclass&.instance_variable_get(:@routes)
-
-            _route_recurse(controller.superclass, method, route)
-          end
-
           # Get route and do some cleanup matching that of Sinatra::Base#process_route.
           #
           # @param request [Contrast::Agent::Request] a contrast tracked request.

data/lib/contrast/utils/hash_digest.rb

@@ -44,14 +44,15 @@ module Contrast
           update(route.signature)
           if (observation = route.observations[0])
             update(observation.verb)
+          else
+            update(request.request_method)
           end
-          return
-        end
-
-        return unless request ||= context&.request
+        else
+          return unless request ||= context&.request
 
-        update(request.normalized_uri) # the normalized URL used to access the method in the route.
-        update(request.request_method) # The HTTP method used in the request
+          update(request.normalized_uri) # the normalized URL used to access the method in the route.
+          update(request.request_method)
+        end
       end
 
       # Update to CRC checksum the event source name and source type.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 6.15.2
+  version: 6.15.3
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-02-22 00:00:00.000000000 Z
+date: 2023-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler