contrast-agent 6.4.0 → 6.5.0

data/lib/contrast/components/agent.rb

@@ -3,6 +3,8 @@
 
 require 'rubygems/version'
 require 'contrast/agent/rule_set'
+require 'contrast/components/logger'
+require 'contrast/components/heap_dump'
 
 module Contrast
   module Components
@@ -13,9 +15,50 @@ module Contrast
       class Interface
         include Contrast::Components::ComponentBase
 
+        def initialize hsh = {}
+          return unless hsh
+
+          @_enable = hsh[:enable]
+          @_start_bundled_service = hsh[:start_bundled_service]
+          @_omit_body = hsh[:omit_body]
+          @_service = Contrast::Config::ServiceConfiguration.new(hsh[:service])
+          @_logger = Contrast::Components::Logger::Interface.new(hsh[:logger])
+          @_ruby = Contrast::Config::RubyConfiguration.new(hsh[:ruby])
+          @_heap_dump = Contrast::Components::HeapDump::Interface.new(hsh[:heap_dump])
+        end
+
+        # @return [Boolean, true]
+        def start_bundled_service?
+          @_start_bundled_service.nil? ? true : @_start_bundled_service
+        end
+
+        def service
+          return @_service unless @_service.nil?
+
+          @_service = Contrast::Config::ServiceConfiguration.new
+        end
+
+        def logger
+          return @_logger unless @_logger.nil?
+
+          @_logger = Contrast::Components::Logger::Interface.new
+        end
+
+        def ruby
+          return @_ruby unless @_ruby.nil?
+
+          @_ruby = Contrast::Config::RubyConfiguration.new
+        end
+
+        def heap_dump
+          return @_heap_dump unless @_heap_dump.nil?
+
+          @_heap_dump = Contrast::Components::HeapDump::Interface.new
+        end
+
         def enabled?
-          @_enabled = !false?(::Contrast::CONFIG.root.enable) if @_enabled.nil?
-          @_enabled
+          @_enable = !false?(::Contrast::CONFIG.root.enable) if @_enable.nil?
+          @_enable
         end
 
         def disabled?
@@ -23,11 +66,11 @@ module Contrast
         end
 
         def enable!
-          @_enabled = true
+          @_enable = true
         end
 
         def disable!
-          @_enabled = false
+          @_enable = false
           Contrast::Agent::TracePointHook.disable
           Contrast::Agent.thread_watcher&.shutdown!
         end
@@ -41,8 +84,7 @@ module Contrast
         end
 
         def patch_yield?
-          @_patch_yield = !false?(::Contrast::CONFIG.root.agent.ruby.propagate_yield) if @_patch_yield.nil?
-          @_patch_yield
+          !false?(ruby.propagate_yield)
         end
 
         def interpolation_enabled?
@@ -52,18 +94,14 @@ module Contrast
         end
 
         def omit_body?
-          @_omit_body = true?(::Contrast::CONFIG.root.agent.omit_body) if @_omit_body.nil?
           @_omit_body
         end
 
         def exception_control
           @_exception_control ||= {
-              enable: true?(::Contrast::CONFIG.root.agent.ruby.exceptions.capture),
-              status:
-                ::Contrast::CONFIG.root.agent.ruby.exceptions.override_status || 403,
-              message:
-                ::Contrast::CONFIG.root.agent.ruby.exceptions.override_message ||
-                    Contrast::Utils::ObjectShare::OVERRIDE_MESSAGE
+              enable: true?(ruby.exceptions.capture),
+              status: ruby.exceptions.override_status || 403,
+              message: ruby.exceptions.override_message || Contrast::Utils::ObjectShare::OVERRIDE_MESSAGE
           }
         end
 

data/lib/contrast/components/assess.rb

@@ -118,6 +118,22 @@ module Contrast
           ::Contrast::SETTINGS.assess_state.session_id
         end
 
+        def max_source_events
+          ::Contrast::CONFIG.root.assess.max_context_source_events
+        end
+
+        def max_propagation_events
+          ::Contrast::CONFIG.root.assess.max_propagation_events
+        end
+
+        def time_limit_threshold
+          ::Contrast::CONFIG.root.assess.time_limit_threshold
+        end
+
+        def max_rule_reported
+          ::Contrast::CONFIG.root.assess.max_rule_reported
+        end
+
         private
 
         def forcibly_enabled?

data/lib/contrast/components/contrast_service.rb

@@ -29,7 +29,7 @@ module Contrast
 
           # Requirement says "must be true" but that
           # should be "must not be false" -- oops.
-          @_use_bundled_service ||= !false?(::Contrast::CONFIG.root.agent.start_bundled_service) &&
+          @_use_bundled_service ||= !false?(::Contrast::CONFIG.root.agent.start_bundled_service?) &&
               # Either a valid host or a valid socket
               # Path validity is the service's problem
               (LOCALHOST.match?(host) || !!socket_path)

data/lib/contrast/components/heap_dump.rb

@@ -2,11 +2,61 @@
 # frozen_string_literal: true
 
 require 'contrast/components/base'
-require 'contrast/components/heap_dump'
+require 'contrast/config/base_configuration'
 
 module Contrast
   module Components
     module HeapDump
+      # Interface used to build the HeapDump settings and component.
+      class Interface
+        include Contrast::Config::BaseConfiguration
+
+        DEFAULT_PATH = 'contrast_heap_dumps' # saved
+        DEFAULT_MS = 10_000
+        DEFAULT_COUNT = 5
+
+        def initialize hsh = {}
+          return unless hsh
+
+          @_enable = hsh[:enable]
+          @_path = hsh[:path]
+          @_delay_ms = hsh[:delay_ms]
+          @_window_ms = hsh[:window_ms]
+          @_count = hsh[:count]
+          @_clean = hsh[:clean]
+        end
+
+        # @return [Boolean, String] should dumps be taken
+        def enable
+          @_enable.nil? ? Contrast::Utils::ObjectShare::FALSE : @_enable
+        end
+
+        # @return [String, DEFAULT_PATH] dir to which dumps should be
+        def path
+          @_path ||= DEFAULT_PATH
+        end
+
+        # @return [Integer, DEFAULT_MS] time, in ms, after initialization
+        def delay_ms
+          @_delay_ms ||= DEFAULT_MS
+        end
+
+        # @return [Integer, DEFAULT_MS] ms between each dump
+        def window_ms
+          @_window_ms ||= DEFAULT_MS
+        end
+
+        # @return [Integer, DEFAULT_COUNT] number of dumps to take
+        def count
+          @_count ||= DEFAULT_COUNT
+        end
+
+        # @return [Boolean, String] remove temporary objects or not
+        def clean
+          @_clean.nil? ? Contrast::Utils::ObjectShare::FALSE : @_clean
+        end
+      end
+
       # A wrapper build around the Common Agent Configuration project to allow
       # for access of the values contained in its
       # parent_configuration_spec.yaml.

data/lib/contrast/components/inventory.rb

@@ -1,29 +1,35 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/components/base'
+
 module Contrast
   module Components
     module Inventory
-      # A wrapper build around the Common Agent Configuration project to allow
-      # for access of the values contained in its
-      # parent_configuration_spec.yaml.
-      # Specifically, this allows for querying the state of the Inventory
-      # product.
+      # Interface component for Inventory settings used to store the values from
+      # settings file and assert state with check methods.
       class Interface
         include Contrast::Components::ComponentBase
 
-        def enabled?
-          @_enabled = !false?(::Contrast::CONFIG.root.inventory.enable) if @_enabled.nil?
-          @_enabled
+        # @return [Array, nil] tags
+        attr_accessor :tags
+
+        def initialize hsh = {}
+          return unless hsh
+
+          @enable = !false?(hsh[:enable])
+          @analyze_libraries = !false?(hsh[:analyze_libraries])
+          @tags = hsh[:tags]
         end
 
-        def analyze_libraries?
-          @_analyze_libraries = !false?(::Contrast::CONFIG.root.inventory.analyze_libraries) if @_analyze_libraries.nil?
-          @_analyze_libraries
+        # return [Boolean]
+        def enable
+          @enable.nil? ? true : @enable
         end
 
-        def tags
-          ::Contrast::CONFIG.root.inventory&.tags
+        # return [Boolean]
+        def analyze_libraries
+          @analyze_libraries.nil? ? true : @analyze_libraries
         end
       end
     end

data/lib/contrast/components/logger.rb

@@ -28,8 +28,26 @@ module Contrast
         end
       end
 
+      # So This class here follows the update for the configuration
+      # and from know on ( if it's as we planned it to be) it will hold the
+      # instance methods and will initialize new instances for where they're needed
       class Interface
         include InstanceMethods
+
+        # @return [String, nil]
+        attr_accessor :path
+        # @return [String, nil]
+        attr_accessor :level
+        # @return [String, nil]
+        attr_accessor :progname
+
+        def initialize hsh = {}
+          return unless hsh
+
+          @path = hsh[:path]
+          @level = hsh[:level]
+          @progname = hsh[:progname]
+        end
       end
     end
   end

data/lib/contrast/config/assess_configuration.rb

@@ -15,6 +15,10 @@ module Contrast
       attr_writer :enable_scan_response, :enable_dynamic_sources, :sampling, :rules, :stacktraces
 
       DEFAULT_STACKTRACES = 'ALL'
+      DEFAULT_MAX_SOURCE_EVENTS = 50_000
+      DEFAULT_MAX_PROPAGATION_EVENTS = 50_000
+      DEFAULT_MAX_RULE_REPORTED = 50_000
+      DEFAULT_MAX_RULE_TIME_THRESHOLD = 300_000
 
       def initialize hsh = {}
         return unless hsh
@@ -27,6 +31,10 @@ module Contrast
         @sampling = Contrast::Config::SamplingConfiguration.new(hsh[:sampling])
         @rules = Contrast::Config::AssessRulesConfiguration.new(hsh[:rules])
         @stacktraces = hsh[:stacktraces]
+        @max_context_source_events = hsh[:max_context_source_events]
+        @max_propagation_events = hsh[:max_propagation_events]
+        @max_rule_reported = hsh[:max_rule_reported]
+        @time_limit_threshold = hsh[:time_limit_threshold]
       end
 
       # @return [Boolean, true]
@@ -58,6 +66,26 @@ module Contrast
       def stacktraces
         @stacktraces ||= DEFAULT_STACKTRACES
       end
+
+      # @return [int] max number of context source events in single request
+      def max_context_source_events
+        @max_context_source_events ||= DEFAULT_MAX_SOURCE_EVENTS
+      end
+
+      # @return [int] max number of propagation events in single request
+      def max_propagation_events
+        @max_propagation_events ||= DEFAULT_MAX_PROPAGATION_EVENTS
+      end
+
+      # @return [int] max number of rules reported within time_limit_threshold
+      def max_rule_reported
+        @max_rule_reported ||= DEFAULT_MAX_RULE_REPORTED
+      end
+
+      # @return [int] max ms threshold for reporting rules
+      def time_limit_threshold
+        @time_limit_threshold ||= DEFAULT_MAX_RULE_TIME_THRESHOLD
+      end
     end
   end
 end

data/lib/contrast/config/base_configuration.rb

@@ -10,12 +10,18 @@ module Contrast
     # Configuration settings to usable Ruby classes.
     module BaseConfiguration
       extend Forwardable
+      AT_UNDERSCORE = '@_'
 
       def to_hash
         hsh = {}
         instance_variables.each do |iv|
-          # strip the '@' to get the key
-          key = iv.to_s[1..]
+          # strip the '@' of '@_' to get the key
+          string_iv = iv.to_s
+          key = if string_iv.include?(AT_UNDERSCORE)
+                  string_iv[2..]
+                else
+                  string_iv[1..]
+                end
           hsh[key] = send(key.to_sym)
         end
         hsh

data/lib/contrast/config/root_configuration.rb

@@ -1,6 +1,9 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/components/agent'
+require 'contrast/components/inventory'
+
 module Contrast
   module Config
     # The base of the Common Configuration settings.
@@ -9,7 +12,7 @@ module Contrast
 
       # @return [Contrast::Config::ApiConfiguration]
       attr_writer :api
-      # @return [Contrast::Config::AgentConfiguration]
+      # @return [Contrast::Components::Agent::Interface]
       attr_writer :agent
       # @return [Contrast::Config::ApplicationConfiguration]
       attr_writer :application
@@ -17,7 +20,7 @@ module Contrast
       attr_writer :server
       # @return [Contrast::Config::AssessConfiguration]
       attr_writer :assess
-      # @return [Contrast::Config::InventoryConfiguration]
+      # @return [Contrast::Components::Inventory::Interface]
       attr_writer :inventory
       # @return [Contrast::Config::ProtectConfiguration]
       attr_writer :protect
@@ -32,11 +35,11 @@ module Contrast
 
         @api = Contrast::Config::ApiConfiguration.new(hsh[:api])
         @enable = hsh[:enable]
-        @agent = Contrast::Config::AgentConfiguration.new(hsh[:agent])
+        @agent = Contrast::Components::Agent::Interface.new(hsh[:agent])
         @application = Contrast::Config::ApplicationConfiguration.new(hsh[:application])
         @server = Contrast::Config::ServerConfiguration.new(hsh[:server])
         @assess = Contrast::Config::AssessConfiguration.new(hsh[:assess])
-        @inventory = Contrast::Config::InventoryConfiguration.new(hsh[:inventory])
+        @inventory = Contrast::Components::Inventory::Interface.new(hsh[:inventory])
         @protect = Contrast::Config::ProtectConfiguration.new(hsh[:protect])
         @service = Contrast::Config::ServiceConfiguration.new(hsh[:service])
       end
@@ -46,9 +49,9 @@ module Contrast
         @api ||= Contrast::Config::ApiConfiguration.new
       end
 
-      # @return [Contrast::Config::AgentConfiguration]
+      # @return [Contrast::Components::Agent::Interface]
       def agent
-        @agent ||= Contrast::Config::AgentConfiguration.new
+        @agent ||= Contrast::Components::Agent::Interface.new
       end
 
       # @return [Contrast::Config::ApplicationConfiguration]
@@ -66,9 +69,9 @@ module Contrast
         @assess ||= Contrast::Config::AssessConfiguration.new
       end
 
-      # @return [Contrast::Config::InventoryConfiguration]
+      # @return [Contrast::Components::Inventory::Interface]
       def inventory
-        @inventory ||= Contrast::Config::InventoryConfiguration.new
+        @inventory ||= Contrast::Components::Inventory::Interface.new
       end
 
       # @return [Contrast::Config::ProtectConfiguration]

data/lib/contrast/config/service_configuration.rb

@@ -1,7 +1,7 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/config/logger_configuration'
+require 'contrast/components/logger'
 
 module Contrast
   module Config
@@ -31,13 +31,13 @@ module Contrast
         @host = hsh[:host]
         @port = hsh[:port]
         @socket = hsh[:socket]
-        @logger = Contrast::Config::LoggerConfiguration.new(hsh[:logger])
+        @logger = Contrast::Components::Logger::Interface.new(hsh[:logger])
         @bypass = hsh[:bypass]
       end
 
-      # @return [Contrast::Config::LoggerConfiguration]
+      # @return [Contrast::Components::Logger::Interface]
       def logger
-        @logger ||= Contrast::Config::LoggerConfiguration.new
+        @logger ||= Contrast::Components::Logger::Interface.new
       end
 
       # @return [Boolean, false]

data/lib/contrast/config.rb

@@ -11,10 +11,6 @@ module Contrast
 end
 
 require 'contrast/config/base_configuration'
-
-require 'contrast/config/logger_configuration'
-
-require 'contrast/config/heap_dump_configuration'
 require 'contrast/config/service_configuration'
 require 'contrast/config/exception_configuration'
 require 'contrast/config/assess_rules_configuration'
@@ -24,10 +20,8 @@ require 'contrast/config/sampling_configuration'
 
 require 'contrast/config/ruby_configuration'
 require 'contrast/config/api_configuration'
-require 'contrast/config/agent_configuration'
 require 'contrast/config/application_configuration'
 require 'contrast/config/server_configuration'
 require 'contrast/config/assess_configuration'
-require 'contrast/config/inventory_configuration'
 require 'contrast/config/protect_configuration'
 require 'contrast/config/root_configuration'

data/lib/contrast/extension/object.rb

@@ -0,0 +1,19 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+# Some developers override various methods on Object, which can often involve
+# changing expected method parity/behavior which in turn prevents us from being
+# able to reliably use affected methods.
+# We alias these method so that we always have access to them.
+#
+# Because we use these methods in constructing classes (e.g., calling #freeze
+# on constants within class definitions) we do this aliasing ASAP.
+class Object
+  alias_method :cs__class, :class
+  alias_method :cs__freeze, :freeze
+  alias_method :cs__frozen?, :frozen?
+  alias_method :cs__is_a?, :is_a?
+  alias_method :cs__method, :method
+  alias_method :cs__respond_to?, :respond_to?
+  alias_method :cs__singleton_class, :singleton_class
+end

data/lib/contrast/framework/rails/support.rb

@@ -135,8 +135,11 @@ module Contrast
           # @return [bool] whether the router is an engine or not.
           def engine_route? route
             return false unless route&.app&.app
+            return false unless route.app.is_a?(::ActionDispatch::Routing::Mapper::Constraints) ||
+                route.app.is_a?(::ActionDispatch::Routing::RouteSet::Dispatcher)
 
-            route.app.is_a?(::ActionDispatch::Routing::Mapper::Constraints) && route.app.app < ::Rails::Engine
+            clazz = route.app.app.is_a?(Class) ? route.app.app : route.app.app.cs__class
+            clazz < ::Rails::Engine
           end
 
           # Recursively get final route traversing engines as required. Because this can only be called once, we store

data/lib/contrast/logger/log.rb

@@ -134,7 +134,8 @@ module Contrast
 
         enable_trace_timing if current_level_const == ::Ougai::Logging::TRACE
 
-        @_logger = build(path: current_path, level_const: current_level_const)
+        progname = Contrast::CONFIG.root.agent.logger.progname
+        @_logger = build(path: current_path, level_const: current_level_const, progname: progname)
         # If we're logging to a new path, then let's start it w/ our helpful
         # data gathering messages
         log_update if path_change

data/lib/contrast/utils/assess/event_limit_utils.rb

@@ -0,0 +1,96 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+
+module Contrast
+  module Utils
+    module Assess
+      # EventLimitUtils is used to check and validate the number of source, propagation, or trigger events collected
+      # during the reporting time frame
+      module EventLimitUtils
+        include Contrast::Components::Logger::InstanceMethods
+        # Checks to see if the event limit for the policy type has been met or exceeded
+        # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy] method to check for event limit
+        def event_limit? method_policy
+          return false unless (context = Contrast::Agent::REQUEST_TRACKER.current)
+
+          if method_policy.source_node
+            max =  (::Contrast::ASSESS.max_source_events ||
+              Contrast::Config::AssessConfiguration::DEFAULT_MAX_SOURCE_EVENTS)
+            return at_limit?(method_policy, context.source_event_count, max)
+
+          end
+          if method_policy.propagation_node
+            max = (::Contrast::ASSESS.max_propagation_events ||
+              Contrast::Config::AssessConfiguration::DEFAULT_MAX_PROPAGATION_EVENTS)
+            return at_limit?(method_policy, context.propagation_event_count, max)
+          end
+
+          false # policy does not have limit
+        end
+
+        def event_limit_for_rule? rule_id
+          if Contrast::Utils::Timer.now_ms > threshold_time_limit
+            @_rule_counts = nil
+            @_threshold_time_limit = nil
+            threshold_time_limit
+          end
+          rule_counts[rule_id] += 1
+          # TODO: RUBY-1680 remove default
+          rule_counts[rule_id] >=
+              (::Contrast::ASSESS.max_rule_reported || Contrast::Config::AssessConfiguration::DEFAULT_MAX_RULE_REPORTED)
+        end
+
+        # Increments the event count for the type of event that is being tracked
+        #
+        # @param node [Contrast::Agent::Assess::Policy::PolicyNode] policy to increment
+        def increment_event_count node
+          return unless (context = Contrast::Agent::REQUEST_TRACKER.current)
+
+          context.source_event_count += 1 if node.cs__is_a?(Contrast::Agent::Assess::Policy::SourceNode)
+          context.propagation_event_count += 1 if node.cs__is_a?(Contrast::Agent::Assess::Policy::PropagationNode)
+        end
+
+        private
+
+        # helper method to check limit and log when necessary
+        def at_limit? method_policy, current_count, event_max
+          if current_count == event_max
+            logger.warn('Event Limit Reached:',
+                        {
+                            count: current_count,
+                            max: event_max,
+                            policy: method_policy.method_name,
+                            node: method_policy
+                        })
+            # increment to be over count for logging purposes
+            increment_event_count(method_policy)
+            return true
+          elsif current_count > event_max
+            # increment to be over count for logging purposes
+            increment_event_count(method_policy)
+            logger.warn('Event Limit Exceeded:',
+                        {
+                            count: current_count,
+                            policy: method_policy.method_name,
+                            node: method_policy
+                        })
+            return true
+          end
+          false
+        end
+
+        def rule_counts
+          @_rule_counts ||= Hash.new { |h, k| h[k] = 0 }
+        end
+
+        # the time threshold for which to track rule counts resets when now >= threshold_time_limit
+        # @return [Integer]
+        def threshold_time_limit
+          @_threshold_time_limit ||= Contrast::Utils::Timer.now_ms + (::Contrast::ASSESS.time_limit_threshold || 0)
+        end
+      end
+    end
+  end
+end

data/lib/contrast/utils/assess/propagation_method_utils.rb

@@ -92,20 +92,24 @@ module Contrast
         # @param preshift [Contrast::Agent::Assess::PreShift] The capture of the state of the code just prior to
         #   the invocation of the patched method.
         # @param target [Object] the thing to which to propagate
+        # @param propagation_data [Contrast::Agent::Assess::Events::EventData] this will hold the
+        #                         object [Object] the Object on which the method was invoked
+        #                         args [Array<Object>] the Arguments with which the method was invoked
         # @return [Boolean]
-        def can_propagate? propagation_node, preshift, target
+        def can_propagate? propagation_node, preshift, target, propagation_data
           return false unless appropriate_target?(propagation_node, target)
           return true if Contrast::Utils::Assess::TrackingUtil.tracked?(target)
-          if propagation_node.use_original_object?
-            # return true since we don't have preshift while using the original object.
-            return true
-          end
-          return false unless preshift
+          return false unless appropriate_source?(propagation_node, propagation_data, preshift)
 
           propagation_node.sources.each do |source|
             case source
             when Contrast::Utils::ObjectShare::OBJECT_KEY
-              return true if Contrast::Utils::Assess::TrackingUtil.tracked?(preshift.object)
+              source_object = if propagation_node.use_original_object?
+                                propagation_data.object
+                              else
+                                preshift.object
+                              end
+              return true if Contrast::Utils::Assess::TrackingUtil.tracked?(source_object)
             else
               # has to be P, there's no ret source type (yet? ever?)
               return true if preshift.args && Contrast::Utils::Assess::TrackingUtil.tracked?(preshift.args[source])
@@ -129,6 +133,22 @@ module Contrast
 
           Contrast::Agent::Assess::Tracker.trackable?(target)
         end
+
+        # A source is appropriate if it is available for propagation
+        #
+        # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node that governs this
+        #   propagation event.
+        # @param propagation_data [Contrast::Agent::Assess::Events::EventData] this will hold the
+        #                         object [Object] the Object on which the method was invoked
+        #                         args [Array<Object>] the Arguments with which the method was invoked
+        # @param preshift [Contrast::Agent::Assess::PreShift] The capture of the state of the code just prior to
+        #   the invocation of the patched method.
+        # @return [Boolean]
+        def appropriate_source? propagation_node, propagation_data, preshift
+          return true if preshift
+
+          propagation_node.use_original_object? && propagation_data&.object
+        end
       end
     end
   end