contrast-agent 6.4.0 → 6.5.0

data/lib/contrast/utils/log_utils.rb

@@ -19,7 +19,7 @@ module Contrast
 
       private
 
-      def build path: STDOUT_STR, level_const: DEFAULT_LEVEL
+      def build path: STDOUT_STR, level_const: DEFAULT_LEVEL, progname: PROGNAME
         logger = case path
                  when STDOUT_STR, STDERR_STR
                    ::Ougai::Logger.new(Object.cs__const_get(path))
@@ -27,7 +27,7 @@ module Contrast
                    ::Ougai::Logger.new(path)
                  end
         add_contrast_loggers(logger)
-        logger.progname = PROGNAME
+        logger.progname = progname
         logger.level = level_const
         logger.formatter = Contrast::Logger::Format.new
         logger.formatter.datetime_format = DATE_TIME_FORMAT

data/lib/contrast/utils/patching/policy/patch_utils.rb

@@ -95,7 +95,7 @@ module Contrast
         # @param object [Object] The object on which the method is invoked, typically what would be returned by self.
         # @param args [Array<Object>] The arguments passed to the method being invoked.
         def apply_inventory method_policy, method, exception, object, args
-          return unless ::Contrast::INVENTORY.enabled?
+          return unless ::Contrast::INVENTORY.enable
 
           apply_trigger_only(method_policy&.inventory_node, method, exception, object, args)
         end

data/lib/contrast.rb

@@ -4,22 +4,7 @@
 # Used to prevent deprecation warnings from flooding stdout
 ENV['PB_IGNORE_DEPRECATIONS'] = 'true'
 
-# Some developers override various methods on Object, which can often involve
-# changing expected method parity/behavior which in turn prevents us from being
-# able to reliably use affected methods.
-# We alias these method so that we always have access to them.
-#
-# Because we use these methods in constructing classes (e.g., calling #freeze
-# on constants within class definitions) we do this aliasing ASAP.
-class Object
-  alias_method :cs__class, :class
-  alias_method :cs__freeze, :freeze
-  alias_method :cs__frozen?, :frozen?
-  alias_method :cs__is_a?, :is_a?
-  alias_method :cs__method, :method
-  alias_method :cs__respond_to?, :respond_to?
-  alias_method :cs__singleton_class, :singleton_class
-end
+require 'contrast/extension/object'
 
 # ActiveRecord gives access to the `String#blank?` method, which we've started using. We need to make sure that method
 # actually exists.
@@ -92,9 +77,9 @@ module Contrast
   SETTINGS = Contrast::Components::Settings::Interface.new
   ASSESS = Contrast::Components::Assess::Interface.new
   PROTECT = Contrast::Components::Protect::Interface.new
-  INVENTORY = Contrast::Components::Inventory::Interface.new
-  LOGGER = Contrast::Components::Logger::Interface.new
-  AGENT = Contrast::Components::Agent::Interface.new
+  INVENTORY = CONFIG.root.inventory
+  AGENT = CONFIG.root.agent
+  LOGGER = AGENT.logger
   CONTRAST_SERVICE = Contrast::Components::ContrastService::Interface.new
   APP_CONTEXT = Contrast::Components::AppContext::Interface.new
 end

data/resources/assess/policy.json

@@ -692,15 +692,7 @@
       "action":"CUSTOM",
       "patch_class": "Contrast::Agent::Assess::Policy::Propagator::MatchData",
       "patch_method": "values_at_tagger"
-    }, {
-      "class_name":"String",
-      "instance_method": true,
-      "method_visibility": "public",
-      "method_name":"to_sym",
-      "source":"O",
-      "target":"R",
-      "action":"KEEP"
-    }, {
+    },{
       "class_name": "String",
       "instance_method": true,
       "method_visibility": "public",
@@ -1860,9 +1852,9 @@
           "source": "P0"
         },{
           "class_name": "Excon",
-          "instance_method": true,
-          "method_visibility": "private",
-          "method_name": "initialize",
+          "instance_method": false,
+          "method_visibility": "public",
+          "method_name": "new",
           "source": "P0"
         },
         {

data/ruby-agent.gemspec

@@ -82,6 +82,8 @@ def self.add_specs spec
   spec.add_development_dependency 'rspec-rails', '5.0'
   spec.add_development_dependency 'tzinfo-data' # Alpine rspec-rails requirement.
   spec.add_development_dependency 'warning'
+  spec.add_development_dependency 'typhoeus', '~> 1.4'
+  spec.add_development_dependency 'excon', '~> 0.92.3'
 end
 
 def self.add_coverage spec

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 6.4.0
+  version: 6.5.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-06-08 00:00:00.000000000 Z
+date: 2022-06-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -567,6 +567,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: typhoeus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: excon
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.92.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.92.3
 - !ruby/object:Gem::Dependency
   name: zlib
   requirement: !ruby/object:Gem::Requirement
@@ -637,22 +665,22 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_regexp/extconf.rb
-- ext/cs__assess_basic_object/extconf.rb
-- ext/cs__assess_hash/extconf.rb
-- ext/cs__assess_fiber_track/extconf.rb
-- ext/cs__assess_string_interpolation/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
-- ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__contrast_patch/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
 - ext/cs__os_information/extconf.rb
+- ext/cs__contrast_patch/extconf.rb
 - ext/cs__assess_array/extconf.rb
+- ext/cs__assess_test/extconf.rb
+- ext/cs__assess_string_interpolation/extconf.rb
+- ext/cs__assess_fiber_track/extconf.rb
+- ext/cs__assess_marshal_module/extconf.rb
+- ext/cs__assess_basic_object/extconf.rb
+- ext/cs__assess_regexp/extconf.rb
+- ext/cs__assess_string/extconf.rb
 - ext/cs__tests/extconf.rb
 - ext/cs__assess_module/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
-- ext/cs__assess_string/extconf.rb
+- ext/cs__assess_hash/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
 - ext/cs__scope/extconf.rb
-- ext/cs__assess_test/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -1164,7 +1192,6 @@ files:
 - lib/contrast/components/scope.rb
 - lib/contrast/components/settings.rb
 - lib/contrast/config.rb
-- lib/contrast/config/agent_configuration.rb
 - lib/contrast/config/api_configuration.rb
 - lib/contrast/config/api_proxy_configuration.rb
 - lib/contrast/config/application_configuration.rb
@@ -1174,9 +1201,6 @@ files:
 - lib/contrast/config/certification_configuration.rb
 - lib/contrast/config/env_variables.rb
 - lib/contrast/config/exception_configuration.rb
-- lib/contrast/config/heap_dump_configuration.rb
-- lib/contrast/config/inventory_configuration.rb
-- lib/contrast/config/logger_configuration.rb
 - lib/contrast/config/protect_configuration.rb
 - lib/contrast/config/protect_rule_configuration.rb
 - lib/contrast/config/protect_rules_configuration.rb
@@ -1202,6 +1226,7 @@ files:
 - lib/contrast/extension/extension.rb
 - lib/contrast/extension/inventory.rb
 - lib/contrast/extension/module.rb
+- lib/contrast/extension/object.rb
 - lib/contrast/extension/protect.rb
 - lib/contrast/extension/protect/psych.rb
 - lib/contrast/extension/thread.rb
@@ -1230,6 +1255,7 @@ files:
 - lib/contrast/security_exception.rb
 - lib/contrast/tasks/config.rb
 - lib/contrast/tasks/service.rb
+- lib/contrast/utils/assess/event_limit_utils.rb
 - lib/contrast/utils/assess/object_store.rb
 - lib/contrast/utils/assess/propagation_method_utils.rb
 - lib/contrast/utils/assess/property/tagged_utils.rb

data/lib/contrast/config/agent_configuration.rb

@@ -1,63 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'contrast/config/service_configuration'
-require 'contrast/config/logger_configuration'
-require 'contrast/config/ruby_configuration'
-require 'contrast/config/heap_dump_configuration'
-require 'contrast/config/api_configuration'
-
-module Contrast
-  module Config
-    # Common Configuration settings. Those in this section pertain to the core functionality of the Agent.
-    class AgentConfiguration
-      include Contrast::Config::BaseConfiguration
-
-      # @return [Boolean, nil]
-      attr_accessor :enable
-      # @return [Boolean, nil]
-      attr_accessor :omit_body
-      # @return [Contrast::Config::RubyConfiguration]
-      attr_writer :ruby
-      # @return [Contrast::Config::ServiceConfiguration]
-      attr_writer :service
-      # @return [ Contrast::Config::LoggerConfiguration]
-      attr_writer :logger
-      # @return [Contrast::Config::HeapDumpConfiguration]
-      attr_writer :heap_dump
-
-      def initialize hsh = {}
-        return unless hsh
-
-        @enable = hsh[:enable]
-        @start_bundled_service = hsh[:start_bundled_service]
-        @omit_body = hsh[:omit_body]
-        @service = Contrast::Config::ServiceConfiguration.new(hsh[:service])
-        @logger = Contrast::Config::LoggerConfiguration.new(hsh[:logger])
-        @ruby = Contrast::Config::RubyConfiguration.new(hsh[:ruby])
-        @heap_dump = Contrast::Config::HeapDumpConfiguration.new(hsh[:heap_dump])
-      end
-
-      # @return [Boolean, true]
-      def start_bundled_service
-        @start_bundled_service.nil? ? true : @start_bundled_service
-      end
-
-      def service
-        @service ||= Contrast::Config::ServiceConfiguration.new
-      end
-
-      def logger
-        @logger ||= Contrast::Config::LoggerConfiguration.new
-      end
-
-      def ruby
-        @ruby ||= Contrast::Config::RubyConfiguration.new
-      end
-
-      def heap_dump
-        @heap_dump ||= Contrast::Config::HeapDumpConfiguration.new
-      end
-    end
-  end
-end

data/lib/contrast/config/heap_dump_configuration.rb

@@ -1,59 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-module Contrast
-  module Config
-    # Common Configuration settings. Those in this section pertain to the Heap Dump collection functionality of the
-    # Agent.
-    class HeapDumpConfiguration
-      include Contrast::Config::BaseConfiguration
-
-      DEFAULT_PATH = 'contrast_heap_dumps' # saved
-      DEFAULT_MS = 10_000
-      DEFAULT_COUNT = 5
-
-      attr_writer :enable, :path, :delay_ms, :window_ms, :count, :clean
-
-      def initialize hsh = {}
-        return unless hsh
-
-        @enable = hsh[:enable]
-        @path = hsh[:path]
-        @delay_ms = hsh[:delay_ms]
-        @window_ms = hsh[:window_ms]
-        @count = hsh[:count]
-        @clean = hsh[:clean]
-      end
-
-      # @return [Boolean, Contrast::Utils::ObjectShare::FALSE] should dumps be taken
-      def enable
-        @enable.nil? ? Contrast::Utils::ObjectShare::FALSE : @enable
-      end
-
-      # @return [String, DEFAULT_PATH] dir to which dumps should be
-      def path
-        @path ||= DEFAULT_PATH
-      end
-
-      # @return [Integer, DEFAULT_MS] time, in ms, after initialization
-      def delay_ms
-        @delay_ms ||= DEFAULT_MS
-      end
-
-      # @return [Integer, DEFAULT_MS] ms between each dump
-      def window_ms
-        @window_ms ||= DEFAULT_MS
-      end
-
-      # @return [Integer, DEFAULT_MS] number of dumps to take
-      def count
-        @count ||= DEFAULT_COUNT
-      end
-
-      # @return [Boolean, Contrast::Utils::ObjectShare::FALSE] remove temporary objects or not
-      def clean
-        @clean.nil? ? Contrast::Utils::ObjectShare::FALSE : @clean
-      end
-    end
-  end
-end

data/lib/contrast/config/inventory_configuration.rb

@@ -1,33 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-module Contrast
-  module Config
-    # Common Configuration settings. Those in this section pertain to the inventory functionality of the Agent.
-    class InventoryConfiguration
-      include Contrast::Config::BaseConfiguration
-
-      # @return [Array, nil] tags
-      attr_accessor :tags
-      attr_writer :enable, :analyze_libraries
-
-      def initialize hsh = {}
-        return unless hsh
-
-        @enable = hsh[:enable]
-        @analyze_libraries = hsh[:analyze_libraries]
-        @tags = hsh[:tags]
-      end
-
-      # @return [Boolean, true]
-      def enable
-        @enable.nil? ? true : @enable
-      end
-
-      # @return [Boolean, true]
-      def analyze_libraries
-        @analyze_libraries.nil? ? true : @analyze_libraries
-      end
-    end
-  end
-end

data/lib/contrast/config/logger_configuration.rb

@@ -1,26 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-module Contrast
-  module Config
-    # Common Configuration settings. Those in this section pertain to the logging in the Agent.
-    class LoggerConfiguration
-      include Contrast::Config::BaseConfiguration
-
-      # @return [String, nil]
-      attr_accessor :path
-      # @return [String, nil]
-      attr_accessor :level
-      # @return [String, nil]
-      attr_accessor :progname
-
-      def initialize hsh = {}
-        return unless hsh
-
-        @path = hsh[:path]
-        @level = hsh[:level]
-        @progname = hsh[:progname]
-      end
-    end
-  end
-end