contrast-agent 6.2.0 → 6.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (209) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +0 -3
  3. data/.simplecov +1 -0
  4. data/Rakefile +0 -27
  5. data/ext/cs__assess_basic_object/cs__assess_basic_object.c +7 -5
  6. data/ext/cs__assess_kernel/cs__assess_kernel.c +14 -3
  7. data/ext/cs__assess_kernel/cs__assess_kernel.h +2 -0
  8. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +10 -3
  9. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +2 -1
  10. data/ext/cs__assess_regexp/cs__assess_regexp.c +9 -7
  11. data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.c → cs__assess_string_interpolation/cs__assess_string_interpolation.c} +14 -3
  12. data/ext/{cs__assess_string_interpolation26/cs__assess_string_interpolation26.h → cs__assess_string_interpolation/cs__assess_string_interpolation.h} +1 -1
  13. data/ext/{cs__assess_string_interpolation26 → cs__assess_string_interpolation}/extconf.rb +0 -0
  14. data/ext/cs__common/cs__common.c +5 -4
  15. data/ext/cs__contrast_patch/cs__contrast_patch.c +17 -11
  16. data/lib/contrast/agent/assess/events/source_event.rb +16 -12
  17. data/lib/contrast/agent/assess/finalizers/hash.rb +1 -0
  18. data/lib/contrast/agent/assess/policy/policy_node.rb +6 -0
  19. data/lib/contrast/agent/assess/policy/propagation_method.rb +8 -42
  20. data/lib/contrast/agent/assess/policy/propagation_node.rb +8 -0
  21. data/lib/contrast/agent/assess/policy/propagator/base.rb +2 -0
  22. data/lib/contrast/agent/assess/policy/propagator/custom.rb +4 -0
  23. data/lib/contrast/agent/assess/policy/propagator/database_write.rb +5 -0
  24. data/lib/contrast/agent/assess/policy/propagator/split.rb +3 -0
  25. data/lib/contrast/agent/assess/policy/source_method.rb +7 -47
  26. data/lib/contrast/agent/assess/policy/source_node.rb +1 -0
  27. data/lib/contrast/agent/assess/policy/trigger_method.rb +9 -3
  28. data/lib/contrast/agent/assess/policy/trigger_node.rb +8 -0
  29. data/lib/contrast/agent/assess/property/evented.rb +4 -18
  30. data/lib/contrast/agent/assess/tag.rb +19 -0
  31. data/lib/contrast/agent/assess/tracker.rb +12 -0
  32. data/lib/contrast/agent/at_exit_hook.rb +8 -8
  33. data/lib/contrast/agent/inventory/database_config.rb +6 -3
  34. data/lib/contrast/agent/inventory/dependency_analysis.rb +5 -4
  35. data/lib/contrast/agent/inventory/dependency_usage_analysis.rb +11 -11
  36. data/lib/contrast/agent/inventory/policy/datastores.rb +1 -1
  37. data/lib/contrast/agent/inventory/policy/policy.rb +1 -1
  38. data/lib/contrast/agent/middleware.rb +4 -0
  39. data/lib/contrast/agent/patching/policy/after_load_patcher.rb +27 -2
  40. data/lib/contrast/agent/patching/policy/method_policy.rb +3 -3
  41. data/lib/contrast/agent/patching/policy/policy.rb +5 -0
  42. data/lib/contrast/agent/patching/policy/policy_node.rb +6 -0
  43. data/lib/contrast/agent/patching/policy/trigger_node.rb +3 -0
  44. data/lib/contrast/agent/protect/policy/applies_deserialization_rule.rb +3 -4
  45. data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +1 -0
  46. data/lib/contrast/agent/protect/policy/rule_applicator.rb +2 -2
  47. data/lib/contrast/agent/protect/rule/base.rb +1 -0
  48. data/lib/contrast/agent/protect/rule/no_sqli.rb +2 -0
  49. data/lib/contrast/agent/reporting/reporter.rb +32 -7
  50. data/lib/contrast/agent/reporting/reporter_heartbeat.rb +22 -18
  51. data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +17 -21
  52. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +1 -1
  53. data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb +26 -3
  54. data/lib/contrast/agent/reporting/reporting_events/application_update.rb +5 -24
  55. data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +8 -1
  56. data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb +8 -1
  57. data/lib/contrast/agent/reporting/reporting_events/finding.rb +7 -1
  58. data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +10 -1
  59. data/lib/contrast/agent/reporting/reporting_events/finding_event_object.rb +11 -1
  60. data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb +11 -1
  61. data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb +12 -1
  62. data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +10 -1
  63. data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +11 -1
  64. data/lib/contrast/agent/reporting/reporting_events/finding_event_stack.rb +11 -1
  65. data/lib/contrast/agent/reporting/reporting_events/finding_event_taint_range.rb +11 -1
  66. data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +11 -1
  67. data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +29 -32
  68. data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb +13 -1
  69. data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb +11 -8
  70. data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +12 -5
  71. data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb +8 -1
  72. data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb +9 -1
  73. data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +10 -1
  74. data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +11 -4
  75. data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +0 -8
  76. data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +1 -4
  77. data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb +0 -22
  78. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +1 -3
  79. data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +1 -11
  80. data/lib/contrast/agent/request.rb +5 -7
  81. data/lib/contrast/agent/request_context.rb +16 -17
  82. data/lib/contrast/agent/request_context_extend.rb +8 -9
  83. data/lib/contrast/agent/request_handler.rb +9 -38
  84. data/lib/contrast/agent/rule_set.rb +4 -0
  85. data/lib/contrast/agent/service_heartbeat.rb +3 -4
  86. data/lib/contrast/agent/static_analysis.rb +7 -12
  87. data/lib/contrast/agent/telemetry/base.rb +35 -35
  88. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb +2 -0
  89. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +2 -0
  90. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message.rb +5 -2
  91. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb +3 -0
  92. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb +3 -0
  93. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions.rb +0 -1
  94. data/lib/contrast/agent/thread_watcher.rb +1 -4
  95. data/lib/contrast/agent/version.rb +1 -1
  96. data/lib/contrast/agent/worker_thread.rb +10 -0
  97. data/lib/contrast/api/communication/socket.rb +1 -0
  98. data/lib/contrast/api/decorators/message.rb +0 -6
  99. data/lib/contrast/api/decorators.rb +0 -2
  100. data/lib/contrast/api/dtm.pb.rb +1 -1
  101. data/lib/contrast/api/settings.pb.rb +1 -1
  102. data/lib/contrast/components/agent.rb +51 -13
  103. data/lib/contrast/components/assess.rb +16 -6
  104. data/lib/contrast/components/config.rb +18 -2
  105. data/lib/contrast/components/contrast_service.rb +1 -1
  106. data/lib/contrast/components/heap_dump.rb +51 -1
  107. data/lib/contrast/components/inventory.rb +19 -13
  108. data/lib/contrast/components/logger.rb +18 -0
  109. data/lib/contrast/config/assess_configuration.rb +28 -0
  110. data/lib/contrast/config/base_configuration.rb +8 -15
  111. data/lib/contrast/config/root_configuration.rb +12 -8
  112. data/lib/contrast/config/ruby_configuration.rb +2 -9
  113. data/lib/contrast/config/service_configuration.rb +4 -4
  114. data/lib/contrast/config.rb +0 -6
  115. data/lib/contrast/configuration.rb +0 -2
  116. data/lib/contrast/extension/assess/eval_trigger.rb +0 -4
  117. data/lib/contrast/extension/assess/hash.rb +3 -2
  118. data/lib/contrast/extension/assess/kernel.rb +22 -0
  119. data/lib/contrast/extension/assess/marshal.rb +16 -0
  120. data/lib/contrast/extension/assess/string.rb +21 -20
  121. data/lib/contrast/extension/object.rb +19 -0
  122. data/lib/contrast/framework/base_support.rb +8 -0
  123. data/lib/contrast/framework/manager.rb +6 -20
  124. data/lib/contrast/framework/manager_extend.rb +0 -1
  125. data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb +11 -16
  126. data/lib/contrast/framework/rails/support.rb +4 -1
  127. data/lib/contrast/logger/aliased_logging.rb +2 -0
  128. data/lib/contrast/logger/log.rb +2 -1
  129. data/lib/contrast/utils/assess/event_limit_utils.rb +96 -0
  130. data/lib/contrast/utils/assess/propagation_method_utils.rb +27 -7
  131. data/lib/contrast/utils/assess/source_method_utils.rb +0 -9
  132. data/lib/contrast/utils/log_utils.rb +2 -2
  133. data/lib/contrast/utils/lru_cache.rb +3 -0
  134. data/lib/contrast/utils/middleware_utils.rb +2 -0
  135. data/lib/contrast/utils/patching/policy/patch_utils.rb +6 -23
  136. data/lib/contrast/utils/telemetry_client.rb +7 -7
  137. data/lib/contrast.rb +37 -18
  138. data/lib/protobuf/code_generator.rb +129 -0
  139. data/lib/protobuf/decoder.rb +28 -0
  140. data/lib/protobuf/deprecation.rb +117 -0
  141. data/lib/protobuf/descriptors/google/protobuf/compiler/plugin.pb.rb +79 -0
  142. data/lib/protobuf/descriptors/google/protobuf/descriptor.pb.rb +360 -0
  143. data/lib/protobuf/descriptors.rb +3 -0
  144. data/lib/protobuf/encoder.rb +11 -0
  145. data/lib/protobuf/enum.rb +365 -0
  146. data/lib/protobuf/exceptions.rb +9 -0
  147. data/lib/protobuf/field/base_field.rb +380 -0
  148. data/lib/protobuf/field/base_field_object_definitions.rb +504 -0
  149. data/lib/protobuf/field/bool_field.rb +64 -0
  150. data/lib/protobuf/field/bytes_field.rb +67 -0
  151. data/lib/protobuf/field/double_field.rb +25 -0
  152. data/lib/protobuf/field/enum_field.rb +56 -0
  153. data/lib/protobuf/field/field_array.rb +102 -0
  154. data/lib/protobuf/field/field_hash.rb +122 -0
  155. data/lib/protobuf/field/fixed32_field.rb +25 -0
  156. data/lib/protobuf/field/fixed64_field.rb +28 -0
  157. data/lib/protobuf/field/float_field.rb +43 -0
  158. data/lib/protobuf/field/int32_field.rb +21 -0
  159. data/lib/protobuf/field/int64_field.rb +34 -0
  160. data/lib/protobuf/field/integer_field.rb +23 -0
  161. data/lib/protobuf/field/message_field.rb +51 -0
  162. data/lib/protobuf/field/sfixed32_field.rb +27 -0
  163. data/lib/protobuf/field/sfixed64_field.rb +28 -0
  164. data/lib/protobuf/field/signed_integer_field.rb +29 -0
  165. data/lib/protobuf/field/sint32_field.rb +21 -0
  166. data/lib/protobuf/field/sint64_field.rb +21 -0
  167. data/lib/protobuf/field/string_field.rb +51 -0
  168. data/lib/protobuf/field/uint32_field.rb +21 -0
  169. data/lib/protobuf/field/uint64_field.rb +21 -0
  170. data/lib/protobuf/field/varint_field.rb +77 -0
  171. data/lib/protobuf/field.rb +74 -0
  172. data/lib/protobuf/generators/base.rb +85 -0
  173. data/lib/protobuf/generators/enum_generator.rb +39 -0
  174. data/lib/protobuf/generators/extension_generator.rb +27 -0
  175. data/lib/protobuf/generators/field_generator.rb +193 -0
  176. data/lib/protobuf/generators/file_generator.rb +262 -0
  177. data/lib/protobuf/generators/group_generator.rb +122 -0
  178. data/lib/protobuf/generators/message_generator.rb +104 -0
  179. data/lib/protobuf/generators/option_generator.rb +17 -0
  180. data/lib/protobuf/generators/printable.rb +160 -0
  181. data/lib/protobuf/generators/service_generator.rb +50 -0
  182. data/lib/protobuf/lifecycle.rb +33 -0
  183. data/lib/protobuf/logging.rb +39 -0
  184. data/lib/protobuf/message/fields.rb +233 -0
  185. data/lib/protobuf/message/serialization.rb +85 -0
  186. data/lib/protobuf/message.rb +241 -0
  187. data/lib/protobuf/optionable.rb +72 -0
  188. data/lib/protobuf/tasks/compile.rake +80 -0
  189. data/lib/protobuf/tasks.rb +1 -0
  190. data/lib/protobuf/varint.rb +20 -0
  191. data/lib/protobuf/varint_pure.rb +31 -0
  192. data/lib/protobuf/version.rb +3 -0
  193. data/lib/protobuf/wire_type.rb +10 -0
  194. data/lib/protobuf.rb +91 -0
  195. data/proto/dynamic_discovery.proto +46 -0
  196. data/proto/google/protobuf/compiler/plugin.proto +183 -0
  197. data/proto/google/protobuf/descriptor.proto +911 -0
  198. data/proto/rpc.proto +71 -0
  199. data/resources/assess/policy.json +6 -23
  200. data/ruby-agent.gemspec +4 -2
  201. metadata +122 -33
  202. data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb +0 -30
  203. data/lib/contrast/api/decorators/application_update.rb +0 -44
  204. data/lib/contrast/api/decorators/library.rb +0 -56
  205. data/lib/contrast/config/agent_configuration.rb +0 -63
  206. data/lib/contrast/config/heap_dump_configuration.rb +0 -59
  207. data/lib/contrast/config/inventory_configuration.rb +0 -33
  208. data/lib/contrast/config/logger_configuration.rb +0 -26
  209. data/lib/contrast/framework/platform_version.rb +0 -22
@@ -2,6 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/utils/object_share'
5
+ require 'contrast/components/logger'
5
6
 
6
7
  module Contrast
7
8
  module Agent
@@ -11,6 +12,8 @@ module Contrast
11
12
  # TeamServer to construct the method signature for the assess feature. They represent the method invoked when the
12
13
  # FindingEvent was generated.
13
14
  class FindingEventSignature
15
+ include Contrast::Components::Logger::InstanceMethods
16
+
14
17
  # @return [String] the types of the arguments in this event; may be different for each invocation of the
15
18
  # method.
16
19
  attr_reader :arg_types
@@ -73,7 +76,13 @@ module Contrast
73
76
  # @return [Hash]
74
77
  # @raise [ArgumentError]
75
78
  def to_controlled_hash
76
- validate
79
+ begin
80
+ validate
81
+ rescue ArgumentError => e
82
+ logger.error('FindingEventSignature validation failed with: ', e)
83
+ return
84
+ end
85
+
77
86
  {
78
87
  argTypes: arg_types,
79
88
  className: class_name,
@@ -4,6 +4,7 @@
4
4
  require 'base64'
5
5
  require 'contrast/agent/assess/contrast_event'
6
6
  require 'contrast/agent/assess/events/source_event'
7
+ require 'contrast/components/logger'
7
8
 
8
9
  module Contrast
9
10
  module Agent
@@ -13,6 +14,8 @@ module Contrast
13
14
  # to construct the vulnerability information for the assess feature. They indicate the type of data that the
14
15
  # event represents.
15
16
  class FindingEventSource
17
+ include Contrast::Components::Logger::InstanceMethods
18
+
16
19
  # @return [String] the name of the source
17
20
  attr_reader :name
18
21
  # @return [String] the type of the source
@@ -45,13 +48,20 @@ module Contrast
45
48
  # @return [Hash]
46
49
  # @raise [ArgumentError]
47
50
  def to_controlled_hash
48
- validate
51
+ begin
52
+ validate
53
+ rescue ArgumentError => e
54
+ logger.error('FindingEventSource validation failed with: ', e)
55
+ return
56
+ end
57
+
49
58
  {
50
59
  sourceName: name, # rubocop:disable Security/Module/Name
51
60
  sourceType: type
52
61
  }
53
62
  end
54
63
 
64
+ # @raise [ArgumentError]
55
65
  def validate
56
66
  raise(ArgumentError, "#{ self } did not have a proper type. Unable to continue.") unless type && !type.empty?
57
67
  end
@@ -1,6 +1,8 @@
1
1
  # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
+ require 'contrast/components/logger'
5
+
4
6
  module Contrast
5
7
  module Agent
6
8
  module Reporting
@@ -9,6 +11,8 @@ module Contrast
9
11
  # to construct the vulnerability information for the assess feature. They represent the callstack at the time
10
12
  # that each FindingEvent was generated.
11
13
  class FindingEventStack
14
+ include Contrast::Components::Logger::InstanceMethods
15
+
12
16
  # @return [String] unused
13
17
  attr_reader :eval
14
18
  # @return [String] the stack frame to show in TeamServer; the value of an entry in #caller
@@ -51,7 +55,13 @@ module Contrast
51
55
  # @return [Hash]
52
56
  # @raise [ArgumentError]
53
57
  def to_controlled_hash
54
- validate
58
+ begin
59
+ validate
60
+ rescue ArgumentError => e
61
+ logger.error('FindingEventStack validation failed with: ', e)
62
+ return
63
+ end
64
+
55
65
  {
56
66
  file: file
57
67
  # eval: eval, # This is unused by the Ruby agent
@@ -2,6 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/agent/assess/tag'
5
+ require 'contrast/components/logger'
5
6
 
6
7
  module Contrast
7
8
  module Agent
@@ -11,6 +12,8 @@ module Contrast
11
12
  # TeamServer to construct the vulnerability information for the assess feature. They represent those parts of the
12
13
  # objects that are tracked because of a security relevant operation acting on them.
13
14
  class FindingEventTaintRange
15
+ include Contrast::Components::Logger::InstanceMethods
16
+
14
17
  # @return [String] the range (inclusive:exclusive), that this tag covers.
15
18
  attr_reader :range
16
19
  # @return [String] the type of action this tag represents.
@@ -41,13 +44,20 @@ module Contrast
41
44
  # @return [Hash]
42
45
  # @raise [ArgumentError]
43
46
  def to_controlled_hash
44
- validate
47
+ begin
48
+ validate
49
+ rescue ArgumentError => e
50
+ logger.error('FindingEventTaintRange validation failed with: ', e)
51
+ return
52
+ end
53
+
45
54
  {
46
55
  range: range,
47
56
  tag: tag
48
57
  }
49
58
  end
50
59
 
60
+ # @raise [ArgumentError]
51
61
  def validate
52
62
  unless range && !range.empty?
53
63
  raise(ArgumentError, "#{ self } did not have a proper range. Unable to continue.")
@@ -1,6 +1,8 @@
1
1
  # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
+ require 'contrast/components/logger'
5
+
4
6
  module Contrast
5
7
  module Agent
6
8
  module Reporting
@@ -9,6 +11,8 @@ module Contrast
9
11
  # HTTP information for the assess feature. They represent the literal request made that resulted in the
10
12
  # vulnerability being triggered.
11
13
  class FindingRequest
14
+ include Contrast::Components::Logger::InstanceMethods
15
+
12
16
  # @return [String] the body of this request
13
17
  attr_reader :body
14
18
  # @return [Hash<String,Array<String>>] the headers of this request
@@ -68,7 +72,13 @@ module Contrast
68
72
  # @return [Hash]
69
73
  # @raise [ArgumentError]
70
74
  def to_controlled_hash
71
- validate
75
+ begin
76
+ validate
77
+ rescue ArgumentError => e
78
+ logger.error('FindingRequest validation failed with: ', e)
79
+ return
80
+ end
81
+
72
82
  {
73
83
  body: body,
74
84
  headers: headers,
@@ -2,6 +2,8 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require 'contrast/api/dtm.pb'
5
+ require 'contrast/utils/string_utils'
6
+ require 'contrast/components/logger'
5
7
 
6
8
  module Contrast
7
9
  module Agent
@@ -16,41 +18,31 @@ module Contrast
16
18
  # @attr_reader file [String] the name of the Gem. Required for reporting.
17
19
  # @attr_reader hash [String] the Sha256 of the Gem, matching its hash in RubyGems. Required for reporting.
18
20
  # @attr_reader internal_date [Integer] the time, in ms, when the Gem was published. Required for reporting.
19
- # @attr_reader manifest [String] the YAML form of the Gem's specification.
21
+ # @attr_accessor manifest [String] the YAML form of the Gem's specification.
20
22
  # @attr_reader tags [String] Inventory tags set by the user via configuration.
21
23
  # @attr_reader url [String] The homepage of the Gem.
22
24
  # @attr_reader version [String] The version of the Gem.
23
25
  class LibraryDiscovery
26
+ include Contrast::Components::Logger::InstanceMethods
27
+
28
+ StringUtils = Contrast::Utils::StringUtils
29
+
24
30
  # required attributes
25
31
  attr_reader :external_date, :file, :hash, :internal_date
26
32
  # optional attributes
27
- attr_reader :class_count, :manifest, :tags, :url, :version
28
-
29
- class << self
30
- # Convert a DTM for SpeedRacer to an Event for TeamServer.
31
- #
32
- # @param library_dtm [Contrast::Api::Dtm::Library]
33
- # @return [Contrast::Agent::Reporting::LibraryDiscovery]
34
- def convert library_dtm
35
- report = new
36
- report.attach_data(library_dtm)
37
- report
38
- end
39
- end
33
+ attr_reader :class_count, :tags, :url, :version
34
+ attr_accessor :manifest
40
35
 
41
- # Attach the data from the protobuf models to this reporter so that it can be sent to TeamServer directly
42
- #
43
- # @param library_dtm [Contrast::Api::Dtm::Library]
44
- def attach_data library_dtm
45
- @class_count = library_dtm.class_count
46
- @external_date = library_dtm.external_ms
47
- @file = library_dtm.file_path
48
- @hash = library_dtm.hash_code
49
- @internal_date = library_dtm.internal_ms
50
- @manifest = library_dtm.manifest
36
+ def initialize digest, spec
37
+ @file = StringUtils.force_utf8(spec.name) # rubocop:disable Security/Module/Name
38
+ @hash = StringUtils.force_utf8(digest)
39
+ @version = StringUtils.force_utf8(spec.version)
40
+ @manifest = StringUtils.force_utf8(StringUtils.force_utf8(spec.to_yaml.to_s))
41
+ @external_date = (spec.date.to_f * 1000.0).to_i
42
+ @internal_date = @external_date
43
+ @url = StringUtils.force_utf8(spec.homepage)
44
+ @class_count = Contrast::Utils::Sha256Builder.instance.files(spec.full_gem_path.to_s).length
51
45
  @tags = Contrast::INVENTORY.tags
52
- @url = library_dtm.url
53
- @version = library_dtm.version
54
46
  end
55
47
 
56
48
  # Convert the instance variables on the class, and other information, into the identifiers required for
@@ -59,8 +51,14 @@ module Contrast
59
51
  # @return [Hash]
60
52
  # @raise [ArgumentError]
61
53
  def to_controlled_hash
62
- validate
63
- msg = {
54
+ begin
55
+ validate
56
+ rescue ArgumentError => e
57
+ logger.error('LibraryDiscovery validation failed with: ', e)
58
+ return
59
+ end
60
+
61
+ {
64
62
  classCount: class_count,
65
63
  externalDate: external_date,
66
64
  file: file,
@@ -68,10 +66,9 @@ module Contrast
68
66
  internalDate: internal_date,
69
67
  manifest: manifest,
70
68
  url: url,
71
- version: version
72
- }
73
- msg[:tags] = tags if tags
74
- msg
69
+ version: version,
70
+ tags: tags
71
+ }.compact
75
72
  end
76
73
 
77
74
  # Ensure the required fields are present.
@@ -1,11 +1,15 @@
1
1
  # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
+ require 'contrast/components/logger'
5
+
4
6
  module Contrast
5
7
  module Agent
6
8
  module Reporting
7
9
  # The usage, meaning loaded files, of a library seen during this request
8
10
  class LibraryUsageObservation
11
+ include Contrast::Components::Logger::InstanceMethods
12
+
9
13
  # @param [String] Sha256Sum of library as identified by the agent
10
14
  attr_accessor :id
11
15
  # @param [Array<String>] List of file paths that have been loaded out of or executed by the library
@@ -18,14 +22,22 @@ module Contrast
18
22
  @names = class_names
19
23
  end
20
24
 
25
+ # @raise [ArgumentError]
21
26
  def to_controlled_hash
22
- validate
27
+ begin
28
+ validate
29
+ rescue ArgumentError => e
30
+ logger.error('LibraryUsageObservation validation failed with: ', e)
31
+ return
32
+ end
33
+
23
34
  {
24
35
  id: @id,
25
36
  names: @names
26
37
  }
27
38
  end
28
39
 
40
+ # @raise [ArgumentError]
29
41
  def validate
30
42
  raise(ArgumentError, "#{ self } did not have a proper id. Unable to continue.") unless id
31
43
  raise(ArgumentError, "#{ self } did not have a proper names. Unable to continue.") if names.empty?
@@ -3,15 +3,16 @@
3
3
 
4
4
  require 'contrast/agent/reporting/reporting_events/application_reporting_event'
5
5
  require 'contrast/agent/reporting/reporting_events/library_usage_observation'
6
+ require 'contrast/components/logger'
6
7
 
7
8
  module Contrast
8
9
  module Agent
9
10
  module Reporting
10
11
  # List of libraries that have been observed to have something loaded or executed.
11
- #
12
12
  class ObservedLibraryUsage < Contrast::Agent::Reporting::ApplicationReportingEvent
13
- # @attr_reader observations - Array[Contrast::Agent::Reporting::LibraryUsageObservation]
14
- # - Hash of LibraryUsageObservations
13
+ include Contrast::Components::Logger::InstanceMethods
14
+
15
+ # @return Array[Contrast::Agent::Reporting::LibraryUsageObservation]
15
16
  attr_reader :observations
16
17
 
17
18
  def initialize
@@ -25,17 +26,19 @@ module Contrast
25
26
  end
26
27
 
27
28
  def to_controlled_hash
28
- validate
29
+ begin
30
+ validate
31
+ rescue ArgumentError => e
32
+ logger.error('ObservedLibraryUsage validation failed with: ', e)
33
+ return
34
+ end
35
+
29
36
  { observations: @observations.map(&:to_controlled_hash) }
30
37
  end
31
38
 
32
39
  def validate
33
40
  raise(ArgumentError, "#{ self } did not have observations. Unable to continue.") if observations.empty?
34
41
  end
35
-
36
- def clear
37
- @observations = []
38
- end
39
42
  end
40
43
  end
41
44
  end
@@ -16,6 +16,8 @@ module Contrast
16
16
  # includes the literal URL and HTTP Verb used to invoke them, as they must have been called at this point to be
17
17
  # recorded.
18
18
  class ObservedRoute < Contrast::Agent::Reporting::ApplicationReportingEvent
19
+ include Contrast::Components::Logger::InstanceMethods
20
+
19
21
  # @param [String] the method signature used to uniquely identify the coverage report.
20
22
  attr_accessor :signature
21
23
  # @param [String] the normalized URL used to access the method in the route.
@@ -45,18 +47,23 @@ module Contrast
45
47
  # @return [Hash]
46
48
  # @raise [ArgumentError]
47
49
  def to_controlled_hash
48
- validate
49
- rc_hash = {
50
+ begin
51
+ validate
52
+ rescue ArgumentError => e
53
+ logger.error('ObservedRoute validation failed with: ', e)
54
+ return
55
+ end
56
+
57
+ {
50
58
  session_id: ::Contrast::ASSESS.session_id,
51
59
  sources: @sources.map(&:to_controlled_hash),
52
60
  signature: @signature,
53
61
  verb: @verb,
54
62
  url: @url
55
- }
56
- rc_hash.delete(:verb) unless @verb
57
- rc_hash
63
+ }.compact
58
64
  end
59
65
 
66
+ # @raise [ArgumentError]
60
67
  def validate
61
68
  raise(ArgumentError, "#{ self } did not have a proper sources. Unable to continue.") if @sources.nil?
62
69
  raise(ArgumentError, "#{ self } did not have a proper signature. Unable to continue.") unless signature
@@ -38,7 +38,13 @@ module Contrast
38
38
  # @return [Hash]
39
39
  # @raise [ArgumentError]
40
40
  def to_controlled_hash
41
- validate
41
+ begin
42
+ validate
43
+ rescue ArgumentError => e
44
+ logger.error('PreflightMessage validation failed with: ', e)
45
+ return
46
+ end
47
+
42
48
  {
43
49
  code: CODE,
44
50
  app_language: @app_language,
@@ -51,6 +57,7 @@ module Contrast
51
57
  }
52
58
  end
53
59
 
60
+ # @raise [ArgumentError]
54
61
  def validate
55
62
  raise(ArgumentError, "#{ cs__class } did not have a proper data. Unable to continue.") unless data
56
63
  unless @app_name
@@ -14,6 +14,8 @@ module Contrast
14
14
  #
15
15
  # @abstract
16
16
  class ReportingEvent
17
+ include Contrast::Components::Logger::InstanceMethods
18
+
17
19
  # @return [String] the endpoint, with host, to which this event should be sent
18
20
  attr_reader :event_endpoint
19
21
  # @return event_method [Symbol] the HTTP method to use to send this event
@@ -35,7 +37,13 @@ module Contrast
35
37
  # @return [Hash]
36
38
  # @raise [ArgumentError]
37
39
  def to_controlled_hash
38
- validate
40
+ begin
41
+ validate
42
+ rescue ArgumentError => e
43
+ logger.error('ReportingEvent validation failed with: ', e)
44
+ return
45
+ end
46
+
39
47
  {}
40
48
  end
41
49
 
@@ -3,6 +3,7 @@
3
3
 
4
4
  require 'contrast/agent/reporting/reporting_events/route_discovery_observation'
5
5
  require 'contrast/api/dtm.pb'
6
+ require 'contrast/components/logger'
6
7
 
7
8
  module Contrast
8
9
  module Agent
@@ -17,6 +18,8 @@ module Contrast
17
18
  # @attr_reader signature [String] the unique identifier for this route; typically the method signature. Required
18
19
  # for reporting.
19
20
  class RouteDiscovery
21
+ include Contrast::Components::Logger::InstanceMethods
22
+
20
23
  # required attributes
21
24
  attr_reader :observations, :signature
22
25
 
@@ -47,7 +50,13 @@ module Contrast
47
50
  # @return [Hash]
48
51
  # @raise [ArgumentError]
49
52
  def to_controlled_hash
50
- validate
53
+ begin
54
+ validate
55
+ rescue ArgumentError => e
56
+ logger.error('RouteDiscovery validation failed with: ', e)
57
+ return
58
+ end
59
+
51
60
  {
52
61
  count: 0, # we have this to make TS happy
53
62
  observations: @observations.map(&:to_controlled_hash),
@@ -3,6 +3,7 @@
3
3
 
4
4
  require 'contrast/api/dtm.pb'
5
5
  require 'contrast/utils/string_utils'
6
+ require 'contrast/components/logger'
6
7
 
7
8
  module Contrast
8
9
  module Agent
@@ -16,6 +17,8 @@ module Contrast
16
17
  # @attr_reader verb [String] the HTTP Method requested to his this endpoint. Empty means all, so is allowed.
17
18
  # for reporting.
18
19
  class RouteDiscoveryObservation
20
+ include Contrast::Components::Logger::InstanceMethods
21
+
19
22
  # required attributes
20
23
  attr_reader :url
21
24
  # optional attributes
@@ -47,10 +50,14 @@ module Contrast
47
50
  # @return [Hash]
48
51
  # @raise [ArgumentError]
49
52
  def to_controlled_hash
50
- validate
51
- hash = { url: url }
52
- hash[:verb] = verb if verb
53
- hash
53
+ begin
54
+ validate
55
+ rescue ArgumentError => e
56
+ logger.error('RouteDiscoveryObservation validation failed with: ', e)
57
+ return
58
+ end
59
+
60
+ { url: url, verb: verb }.compact
54
61
  end
55
62
 
56
63
  # Ensure the required fields are present.
@@ -12,14 +12,6 @@ module Contrast
12
12
  # for its response, which contains any updated server feature settings from TeamServer. The new Server Settings
13
13
  # endpoint should let us remove this.
14
14
  class ServerActivity < Contrast::Agent::Reporting::ServerReportingEvent
15
- class << self
16
- # @param _server_activity_dtm [Contrast::Api::Dtm::ServerActivity]
17
- # @return [Contrast::Agent::Reporting::ServerActivity]
18
- def convert _server_activity_dtm
19
- new
20
- end
21
- end
22
-
23
15
  def initialize
24
16
  @event_method = :PUT
25
17
  @event_endpoint = "#{ Contrast::API.api_url }/api/ng/activity/server"
@@ -44,10 +44,7 @@ module Contrast
44
44
  # @param file_name[String] file_name to log
45
45
  # @param data[String] String representation if the logged data
46
46
  def log_data type, file_name, data = nil
47
- return unless enabled?
48
-
49
- logger.debug('logging to file', file_name: file_name) # TODO: RUBY-99999 DO NOT COMMIT THIS
50
- write_to_file(type, file_name, data)
47
+ write_to_file(type, file_name, data) if enabled?
51
48
  end
52
49
 
53
50
  # This method will be actually writing to the file
@@ -1,7 +1,6 @@
1
1
  # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
2
2
  # frozen_string_literal: true
3
3
 
4
- require 'contrast/agent/reporting/reporting_events/server_activity'
5
4
  require 'contrast/agent/reporting/reporting_events/application_activity'
6
5
  require 'contrast/api/dtm.pb'
7
6
 
@@ -13,22 +12,6 @@ module Contrast
13
12
  # TODO: RUBY-1438 -- remove
14
13
  module DtmMessage
15
14
  class << self
16
- # Checks if the message is of Contrast::Api::Dtm::ServerActivity class
17
- #
18
- # @param dtm [Contrast::Api::Dtm::ServerActivity, Object]
19
- # @return [Boolean]
20
- def server_activity? dtm
21
- dtm.cs__is_a?(Contrast::Api::Dtm::ServerActivity)
22
- end
23
-
24
- # Checks if the message is of Contrast::Api::Dtm::ApplicationUpdate class
25
- #
26
- # @param dtm [Contrast::Api::Dtm::ApplicationUpdate,Object]
27
- # @return [Boolean]
28
- def application_update? dtm
29
- dtm.cs__is_a?(Contrast::Api::Dtm::ApplicationUpdate)
30
- end
31
-
32
15
  # @param dtm [Contrast::Api::Dtm::Finding,Object]
33
16
  # @return [Boolean]
34
17
  def finding? dtm
@@ -47,12 +30,7 @@ module Contrast
47
30
  # @param dtm [Contrast::Api::Dtm]
48
31
  # @return event [Contrast::Agent::Reporting::ReportingEvent, nil]
49
32
  def dtm_to_event dtm
50
- # For the ServerActivity we need to create and send empty body only. This is done because we need the
51
- # response from TS.
52
- return Contrast::Agent::Reporting::ServerActivity.new if server_activity?(dtm)
53
-
54
33
  # For the others, we convert them.
55
- return Contrast::Agent::Reporting::ApplicationUpdate.convert(dtm) if application_update?(dtm)
56
34
  return Contrast::Agent::Reporting::Finding.convert(dtm) if finding?(dtm)
57
35
  return Contrast::Agent::Reporting::ApplicationActivity.convert(dtm) if activity?(dtm)
58
36
 
@@ -53,12 +53,10 @@ module Contrast
53
53
  # @param event [Contrast::Agent::Reporting::ReportingEvent] The event to send to TeamServer. Really a
54
54
  # child of the ReportingEvent rather than a literal one.
55
55
  # @param connection [Net::HTTP] open connection
56
- # @param send_immediately [Boolean] flag for the logger
57
56
  # @return response [Net::HTTP::Response, nil] response from TS if no response
58
- def send_event event, connection, send_immediately: false
57
+ def send_event event, connection
59
58
  return unless connection
60
59
 
61
- log_send_event(event) if send_immediately
62
60
  request = build_request(event)
63
61
  response = connection.request(request)
64
62
  audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable?
@@ -39,7 +39,7 @@ module Contrast
39
39
 
40
40
  STARTUP_EVENTS.each do |event|
41
41
  startup_event = event.new
42
- send_event(startup_event, connection, send_immediately: true)
42
+ send_event(startup_event, connection)
43
43
  rescue StandardError => e
44
44
  handle_error(startup_event, e)
45
45
  end
@@ -66,15 +66,6 @@ module Contrast
66
66
  request
67
67
  end
68
68
 
69
- # log the event sent immediately
70
- #
71
- # @param event [Contrast::Agent::Reporting::ReportingEvent] The event to send to TeamServer. Really a
72
- # child of the ReportingEvent rather than a literal one.
73
- def log_send_event event
74
- logger.debug("#{ Contrast::Agent::Reporting::ReporterClient::SERVICE_NAME } immediately sending event.",
75
- event_id: event.__id__, event_type: event.cs__class.cs__name)
76
- end
77
-
78
69
  # Handles standard error case, logs and set status for failure
79
70
  #
80
71
  # @param event [Contrast::Agent::Reporting::ReportingEvent]
@@ -96,7 +87,6 @@ module Contrast
96
87
  # @param response [Net::HTTP::Response]
97
88
  def process_settings_response response
98
89
  response_handler.process(response)
99
- logger.debug('Successfully sent startup messages to TeamServer.')
100
90
  status.success!
101
91
  end
102
92
 
@@ -17,12 +17,6 @@ module Contrast
17
17
  # provides access to the original Rack::Request object as well as extracts
18
18
  # data in a format that the Agent expects, caching those transformations in
19
19
  # order to avoid repeatedly creating Strings & thrashing GC.
20
- #
21
- # @attr_reader rack_request [Rack::Request] The passed to the Agent RackRequest to be wrapped.
22
- # @attr_accessor route [Contrast::Api::Dtm::RouteCoverage] the route, used for findings, of this request
23
- # @attr_accessor observed_route [Contrast::Api::Dtm::ObservedRoute] the route, used for coverage of this request
24
- # @attr_accessor new_observed_route [Contrast::Agent::Reporting::ObservedRoute] the route, used for coverage, of
25
- # this request
26
20
  class Request
27
21
  include Contrast::Utils::RequestUtils
28
22
  include Contrast::Components::Logger::InstanceMethods
@@ -37,8 +31,12 @@ module Contrast
37
31
  STATIC_SUFFIXES = /\.(?:js|css|jpeg|jpg|gif|png|ico|woff|svg|pdf|eot|ttf|jar)$/i.cs__freeze
38
32
  MEDIA_TYPE_MARKERS = %w[image/ text/css text/javascript].cs__freeze
39
33
 
34
+ # @return [Rack::Request] The passed to the Agent RackRequest to be wrapped.
40
35
  attr_reader :rack_request
41
- attr_accessor :route, :observed_route, :new_observed_route
36
+ # @return [Contrast::Api::Dtm::RouteCoverage] the route, used for findings, of this request
37
+ attr_accessor :route
38
+ # @return [Contrast::Agent::Reporting::ObservedRoute] the route, used for coverage, of this request
39
+ attr_accessor :observed_route
42
40
 
43
41
  # Delegate calls to the following methods to the attribute @rack_request
44
42
  def_delegators :@rack_request, :base_url, :cookies, :env, :ip, :media_type, :path, :port, :query_string,