contrast-agent 6.6.0 → 6.6.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b9901918f58625ea7f9366f73110afcdd5f05e119261ba9a08f24f36903fe897
-  data.tar.gz: c618ebc74b006529e2317cd62ba59fabbba9d0c8fbf24c7988dfd98ec627b04e
+  metadata.gz: 38657595e182ad9ef1a26180b273061522dcea43e441e1750d9883d2d1d2d9f6
+  data.tar.gz: 37fe627c2fec00f17c6a2cd6b42aa96149bc4b01871fddd6bb929c5a2baabb63
 SHA512:
-  metadata.gz: d2f584a6658ab0e316b41021575888d9ecc1eaacf79d971492fd2e6317609bfd0cb3a762a64d620b08fc18c76e2434d05cc3d82f8d587c86cdae5116df6cae61
-  data.tar.gz: df8f941fe730188be0bc3b69bd9a9d6d60f9695be8ee8e8eb0b6e35ab1207d97debba28220ff796bec702ad3b158f53f00f87a58f1c14939092ed843bef66715
+  metadata.gz: 1a2a85843ec7ba80d84a84f21defd2333a1b1130165113777c324176597231ca17b6c861f1f44ff6024f71e01e7d3508f0d57e767381e3d7580e82c7e10bee4a
+  data.tar.gz: b7b98e93f5b8e3bfd826f730e3981bb6006aa69a71dbd24ecec6eeef373b0b147ce542f0e0416f42d9da33dbbe4a76945bb1341bde91ea9b7134a4ddee80b2fb

data/lib/contrast/agent/assess/policy/source_method.rb

@@ -38,19 +38,20 @@ module Contrast
             # @param ret [Object] the Return of the invoked method
             # @param args [Array<Object>] the Arguments with which the method was invoked
             def apply_source method_policy, object, ret, args
-              return unless analyze?(method_policy, object, ret, args)
-              return if event_limit?(method_policy)
-              return unless (source_node = method_policy.source_node)
+              logger.trace_with_time('Elapsed time for Contrast::Agent::Assess::Policy::SourceMethod#apply_source') do
+                return unless analyze?(method_policy, object, ret, args)
+                return if event_limit?(method_policy)
+                return unless (source_node = method_policy.source_node)
 
-              # used to hold the object and ret
-              source_data = Contrast::Agent::Assess::Events::EventData.new(nil, nil, object, ret, nil)
+                # used to hold the object and ret
+                source_data = Contrast::Agent::Assess::Events::EventData.new(nil, nil, object, ret, nil)
 
-              return unless (target = determine_target(source_node, source_data, args))
-              return if target.cs__frozen? && !Contrast::Agent::Assess::Tracker.trackable?(target)
+                return unless (target = determine_target(source_node, source_data, args))
+                return if target.cs__frozen? && !Contrast::Agent::Assess::Tracker.trackable?(target)
 
-              process_source(source_node, target, source_data, source_node.type, nil, *args)
+                process_source(source_node, target, source_data, source_node.type, nil, *args)
+              end
             end
-            Contrast::Components::Logger.add_trace_log_timing_for(SourceMethod, :apply_source)
 
             private
 

data/lib/contrast/agent/inventory/database_config.rb

@@ -31,7 +31,7 @@ module Contrast
           # Contrast::Api::Dtm::ArchitectureComponent, but have different names for their fields.
           #
           # @param activity_or_update [Contrast::Api::Dtm::Activity, Contrast::Agent::Reporting::ApplicationUpdate]
-          # @param hash_or_str [Hash, String] the database connection information
+          # @param hash_or_str [Hash, String, #configuration_hash] the database connection information
           def append_db_config activity_or_update, hash_or_str = active_record_config
             arr = build_from_db_config(hash_or_str)
             return unless arr&.any?
@@ -82,6 +82,11 @@ module Contrast
           def build_from_db_config hash_or_str
             return unless hash_or_str
 
+            # we need to handle types of HashConfig, which != Hash
+            # for example ActiveRecord::DatabaseConfigurations::HashConfig is type of active_record config
+            # but the method is not handling it properly
+            # so we need to handle it here and extract the hash
+            hash_or_str = hash_or_str.configuration_hash if hash_or_str.cs__respond_to?(:configuration_hash)
             if hash_or_str.is_a?(Hash)
               build_from_db_hash(hash_or_str)
             else

data/lib/contrast/agent/inventory/policy/datastores.rb

@@ -13,9 +13,8 @@ module Contrast
         # in which database operations occur. It is responsible for deciding if
         # the given invocation is worth reporting or not.
         module DataStores
+          extend Contrast::Components::Logger::InstanceMethods
           class << self
-            extend Contrast::Components::Logger::InstanceMethods
-
             # The key used in policy.json to indicate the database type to
             # report.
             DATA_STORE_MARKER = 'data_store'

data/lib/contrast/agent/middleware.rb

@@ -61,13 +61,14 @@ module Contrast
       # @return [Array,Rack::Response] the Response of this and subsequent Middlewares to be passed back to the user up
       #   the Rack framework.
       def call env
-        return app.call(env) unless ::Contrast::AGENT.enabled?
+        logger.trace_with_time('Elapsed time for Contrast::Agent::Middleware#call') do
+          return app.call(env) unless ::Contrast::AGENT.enabled?
 
-        Contrast::Agent.heapdump_util.start_thread!
-        handle_first_request
-        call_with_agent(env)
+          Contrast::Agent.heapdump_util.start_thread!
+          handle_first_request
+          call_with_agent(env)
+        end
       end
-      ::Contrast::Components::Logger.add_trace_log_timing_for(::Contrast::Agent::Middleware, :call)
 
       private
 

data/lib/contrast/agent/protect/rule/default_scanner.rb

@@ -20,11 +20,16 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
   # :STATE_INSIDE_BLOCK_COMMENT # inside a commend that will end with a closing tag
   # :STATE_SKIP_NEXT_CHARACTER
 
+  # @param query [String] the query being executed
+  # @param index [Integer] the index of the input in the query
+  # @param input [String] the input value provided by the user
+  # @return [Array<Integer>, nil] the boundary overrun by the input or nil if no overrun
   def crosses_boundary query, index, input
     last_boundary = 0
-    token_boundaries(query).each do |boundary|
+    scan_token_boundaries(query).each do |boundary|
       if boundary > index
-        return last_boundary, boundary if boundary < index + input.length
+        # We should report the previous and overrun boundary if the input crosses one.
+        return last_boundary, boundary if boundary < (index + input.length)
 
         break
       end
@@ -33,10 +38,10 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
     nil
   end
 
-  def token_boundaries query
-    @_token_boundaries ||= scan_token_boundaries(query)
-  end
+  private
 
+  # @param query [String] the query being executed
+  # @return [Array<Integer>] the boundaries of the query
   def scan_token_boundaries query
     boundaries = []
     return boundaries unless query && !query.empty?
@@ -73,6 +78,11 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
     boundaries
   end
 
+  # @param boundaries [Array<Integer>] the indexes of the state changes in the query
+  # @param current_state [Symbol] the state of the query
+  # @param char [String] the character being evaluated
+  # @param index [Integer] the location of the character in the query
+  # @param query [String] the query being executed
   def process_state boundaries, current_state, char, index, query
     case current_state
     when :STATE_EXPECTING_TOKEN
@@ -88,6 +98,10 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
     end
   end
 
+  # @param boundaries [Array<Integer>] the indexes of the state changes in the query
+  # @param char [String] the character being evaluated
+  # @param index [Integer] the location of the character in the query
+  # @param query [String] the query being executed
   def process_expecting_token boundaries, char, index, query
     if char == Contrast::Utils::ObjectShare::SINGLE_QUOTE
       boundaries << index
@@ -112,6 +126,10 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
     end
   end
 
+  # @param boundaries [Array<Integer>] the indexes of the state changes in the query
+  # @param char [String] the character being evaluated
+  # @param index [Integer] the location of the character in the query
+  # @param query [String] the query being executed
   def process_inside_token boundaries, char, index, query
     if char == Contrast::Utils::ObjectShare::SINGLE_QUOTE
       boundaries << index
@@ -133,6 +151,10 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
     end
   end
 
+  # @param boundaries [Array<Integer>] the indexes of the state changes in the query
+  # @param char [String] the character being evaluated
+  # @param index [Integer] the location of the character in the query
+  # @param _query [String] the query being executed
   def process_number boundaries, char, index, _query
     if char.match?(Contrast::Utils::ObjectShare::DIGIT_REGEXP) || char == Contrast::Utils::ObjectShare::PERIOD
       :STATE_INSIDE_NUMBER
@@ -142,6 +164,10 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
     end
   end
 
+  # @param boundaries [Array<Integer>] the indexes of the state changes in the query
+  # @param char [String] the character being evaluated
+  # @param index [Integer] the location of the character in the query
+  # @param query [String] the query being executed
   def process_double_quote boundaries, char, index, query
     if escape_char?(char)
       :STATE_SKIP_NEXT_CHARACTER
@@ -159,6 +185,10 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
     end
   end
 
+  # @param boundaries [Array<Integer>] the indexes of the state changes in the query
+  # @param char [String] the character being evaluated
+  # @param index [Integer] the location of the character in the query
+  # @param query [String] the query being executed
   def process_single_quote boundaries, char, index, query
     if escape_char?(char)
       :STATE_SKIP_NEXT_CHARACTER
@@ -176,18 +206,24 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
     end
   end
 
+  # @param query [String] the query being executed
+  # @param index [Integer] the location of the character in the query
   def double_quote? query, index
     return false unless index >= 0 && index < query.length
 
     query[index] == Contrast::Utils::ObjectShare::DOUBLE_QUOTE
   end
 
+  # @param query [String] the query being executed
+  # @param index [Integer] the location of the character in the query
   def single_quote? query, index
     return false unless index >= 0 && index < query.length
 
     query[index] == Contrast::Utils::ObjectShare::SINGLE_QUOTE
   end
 
+  # @param query [String] the query being executed
+  # @param index [Integer] the location of the character in the query
   def find_escape_sequence_boundary query, index
     idx = index
     while idx < query.length
@@ -199,6 +235,8 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
     idx
   end
 
+  # @param query [String] the query being executed
+  # @param index [Integer] the location of the character in the query
   def find_block_comment_boundary query, index
     idx = index
     while idx < query.length
@@ -210,6 +248,8 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
     idx
   end
 
+  # @param query [String] the query being executed
+  # @param index [Integer] the location of the character in the query
   def find_new_line_boundary query, index
     idx = index
     while idx < query.length
@@ -222,12 +262,17 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
     idx
   end
 
+  # @param char [String] the character being evaluated
   def operator? char
     char.match?(OPERATOR_PATTERN)
   end
 
   # @note: Any class extending this module should override these methods as needed
   # Are the current and subsequent characters both '-' ?
+  #
+  # @param char [String] the character being evaluated
+  # @param index [Integer] the location of the character in the query
+  # @param query [String] the query being executed
   def start_line_comment? char, index, query
     return false unless char == Contrast::Utils::ObjectShare::DASH
     return false unless (query.length - 2) >= index
@@ -237,6 +282,10 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
 
   # Is the current character / sequence of characters the start of a block comment
   # We assume '/*' starts the comment by default
+  #
+  # @param char [String] the character being evaluated
+  # @param index [Integer] the location of the character in the query
+  # @param query [String] the query being executed
   def start_block_comment? char, index, query
     return false unless char == Contrast::Utils::ObjectShare::SLASH
     return false unless (query.length - 2) >= index
@@ -246,6 +295,10 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
 
   # Is the current character / sequence of characters the end of a block comment
   # We assume '*/' ends the comment by default
+  #
+  # @param char [String] the character being evaluated
+  # @param index [Integer] the location of the character in the query
+  # @param query [String] the query being executed
   def end_block_comment? char, index, query
     return false unless char == Contrast::Utils::ObjectShare::ASTERISK
     return false unless (query.length - 2) >= index
@@ -267,18 +320,24 @@ class Contrast::Agent::Protect::Rule::DefaultScanner # rubocop:disable Style/Cla
 
   # Is the character provided an escape character?
   # By default, we'll assume
+  #
+  # @param char [String] the character being evaluated
   def escape_char? char
     char == Contrast::Utils::ObjectShare::BACK_SLASH
   end
 
   # Is this the start of a string escape sequence?
   # Since escape sequences aren't supported, the answer is always false
+  #
+  # @param _char [String] the character being evaluated
   def escape_sequence_start? _char
     false
   end
 
   # Is this the end of a string escape sequence?
   # Since escape sequences aren't supported, the answer is always false
+  #
+  # @param _char [String] the character being evaluated
   def escape_sequence_end? _char
     false
   end

data/lib/contrast/agent/protect/rule/sql_sample_builder.rb

@@ -65,8 +65,8 @@ module Contrast
             #   if one exists, in the case of multiple inputs being found to violate the protection criteria
             # @param result [Contrast::Api::Dtm::AttackResult, nil] previous attack result for this rule, if one exists,
             #   in the case of multiple inputs being found to violate the protection criteria
-            # @query_string [string] he value of the input which may be an attack
-            # @kwargs [Hash] key - value pairs of context individual rules need to build out details to send
+            # @param query_string [String] the value of the input which may be an attack
+            # @param kwargs [Hash] key - value pairs of context individual rules need to build out details to send
             #   to the Service to tell the story of the attack
             # @return [Contrast::Api::Dtm::AttackResult] the result from this attack
             def build_attack_with_match context, input_analysis_result, result, query_string, **kwargs
@@ -86,14 +86,12 @@ module Contrast
               ss = StringScanner.new(query_string)
               length = attack_string.length
               while ss.scan_until(regexp)
-                # the pos of StringScanner is at the end of the regexp (input string),
-                # we need the beginning
+                # the pos of StringScanner is at the end of the regexp (input string), we need the beginning
                 idx = ss.pos - attack_string.length
                 last_boundary, boundary = scanner.crosses_boundary(query_string, idx, input_analysis_result.value)
                 next unless last_boundary && boundary
 
                 result ||= build_attack_result(context)
-
                 record_match(idx, length, boundary, last_boundary, kwargs)
                 append_match(context, input_analysis_result, result, query_string, **kwargs)
               end

data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb

@@ -27,8 +27,8 @@ module Contrast
 
         def initialize
           @app_language = Contrast::Utils::ObjectShare::RUBY
-          @app_name = ::Contrast::APP_CONTEXT.app_name
-          @app_version = ::Contrast::APP_CONTEXT.app_version
+          @app_name = ::Contrast::APP_CONTEXT.name # rubocop:disable Security/Module/Name
+          @app_version = ::Contrast::APP_CONTEXT.version
           @routes = []
         end
 

data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb

@@ -153,7 +153,7 @@ module Contrast
           def app_name
             return @_app_name unless @_app_name.nil?
 
-            @_app_name = ::Contrast::APP_CONTEXT.app_name
+            @_app_name = ::Contrast::APP_CONTEXT.name # rubocop:disable Security/Module/Name
           end
 
           # @return [String,nil]

data/lib/contrast/agent/reporting/reporting_utilities/headers.rb

@@ -18,12 +18,12 @@ module Contrast
         CONTENT_TYPE = 'application/json'
 
         def initialize
-          @app_name = Base64.strict_encode64(Contrast::APP_CONTEXT.app_name)
+          @app_name = Base64.strict_encode64(Contrast::APP_CONTEXT.name) # rubocop:disable Security/Module/Name
           @api_key = Contrast::API.api_key
           @agent_version = [RUBY, Contrast::Agent::VERSION].join(SPACE)
           @app_language = RUBY
           @app_path = Base64.strict_encode64(Contrast::APP_CONTEXT.path)
-          @app_version = Contrast::APP_CONTEXT.app_version
+          @app_version = Contrast::APP_CONTEXT.version
           @authorization = Base64.strict_encode64("#{ Contrast::API.user_name }:#{ Contrast::API.service_key }")
           @server_name = Base64.strict_encode64(Contrast::APP_CONTEXT.server_name)
           @server_path = Base64.strict_encode64(Contrast::APP_CONTEXT.server_path)

data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb

@@ -107,7 +107,7 @@ module Contrast
           suspend_reporting(message, ready_after, error_message) if mode == @_mode.resending
           return unless mode == @_mode.disabled
 
-          stop_reporting(message, application: Contrast::APP_CONTEXT.app_name, error_message: error_message)
+          stop_reporting(message, application: Contrast::APP_CONTEXT.name, error_message: error_message) # rubocop:disable Security/Module/Name
         rescue StandardError => e
           logger.debug('Could not handle Response error information', error: e)
         end

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '6.6.0'
+    VERSION = '6.6.3'
   end
 end

data/lib/contrast/api/decorators/message.rb

@@ -52,7 +52,7 @@ module Contrast
 
           def build event
             msg = new
-            msg.app_name      = ::Contrast::APP_CONTEXT.app_name
+            msg.app_name      = ::Contrast::APP_CONTEXT.name # rubocop:disable Security/Module/Name
             msg.app_path      = ::Contrast::APP_CONTEXT.path
             msg.app_language  = Contrast::Utils::ObjectShare::RUBY
             msg.client_id     = ::Contrast::APP_CONTEXT.client_id

data/lib/contrast/components/app_context.rb

@@ -6,6 +6,7 @@ require 'contrast/api/decorators/agent_startup'
 require 'contrast/api/decorators/application_startup'
 require 'contrast/utils/object_share'
 require 'contrast/components/app_context_extend'
+require 'contrast/config/base_configuration'
 
 module Contrast
   module Components
@@ -18,15 +19,66 @@ module Contrast
       class Interface
         include Contrast::Components::AppContextExtend
         include Contrast::Components::ComponentBase
-        include Contrast::Components::Logger::InstanceMethods
+        include Contrast::Config::BaseConfiguration
 
         DEFAULT_APP_NAME    = 'rails'
         DEFAULT_APP_PATH    = '/'
         DEFAULT_SERVER_NAME = 'localhost'
         DEFAULT_SERVER_PATH = '/'
 
-        def initialize
+        # @return [String]
+        attr_reader :version
+        # @return [String]
+        attr_reader :language
+        # @return [String]
+        attr_reader :group
+        # @return [String]
+        attr_reader :tags
+        # @return [String]
+        attr_reader :code
+        # @return [String]
+        attr_reader :metadata
+
+        def initialize hsh = {}
           original_pid
+          return unless hsh
+
+          @_name = hsh[:name]
+          @version = hsh[:version]
+          @language = hsh[:language]
+          @_path = hsh[:path]
+          @group = hsh[:group]
+          @tags = hsh[:tags]
+          @code = hsh[:code]
+          @metadata = hsh[:metadata]
+          @_session_id = hsh[:session_id]
+          @_session_metadata = hsh[:session_metadata]
+        end
+
+        # @return [String, Contrast::Utils::ObjectShare::EMPTY_STRING]
+        def session_id
+          @_session_id ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+        end
+
+        # Set session_id
+        #
+        # @param id [String]
+        # @return [String]
+        def session_id= id
+          @_session_id = id
+        end
+
+        # @return [String, Contrast::Utils::ObjectShare::EMPTY_STRING]
+        def session_metadata
+          @_session_metadata ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+        end
+
+        # Set session_metadata
+        #
+        # @param meta [String]
+        # @return [String]
+        def session_metadata= meta
+          @_session_metadata = meta
         end
 
         def server_type
@@ -37,9 +89,8 @@ module Contrast
           end
         end
 
-        def app_name
-          @_app_name ||= begin
-            tmp = ::Contrast::CONFIG.root.application.name # rubocop:disable Security/Module/Name
+        def name
+          @_name ||= begin
             tmp = Contrast::Agent.framework_manager.app_name unless Contrast::Utils::StringUtils.present?(tmp)
             tmp = File.basename(Dir.pwd) unless Contrast::Utils::StringUtils.present?(tmp)
             Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_NAME)
@@ -48,13 +99,16 @@ module Contrast
           end
         end
 
-        def app_version
-          @_app_version ||= Contrast::CONFIG.root.application.version
+        # Set application name
+        #
+        # @param app_name [String] application name
+        # @return [String]
+        def name= app_name
+          @_name = app_name
         end
 
         def path
           @_path ||= begin
-            tmp = ::Contrast::CONFIG.root.application.path
             tmp = Contrast::Agent.framework_manager.application_root unless Contrast::Utils::StringUtils.present?(tmp)
             Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_APP_PATH)
           rescue StandardError

data/lib/contrast/components/app_context_extend.rb

@@ -18,13 +18,13 @@ module Contrast
 
       def build_agent_startup_message
         msg = Contrast::Api::Dtm::AgentStartup.build(server_name, server_path, server_type)
-        logger.info('Application context',
-                    server_name: msg.server_name,
-                    server_path: msg.server_path,
-                    server_type: msg.server_type,
-                    application_name: app_name,
-                    application_path: path,
-                    application_language: Contrast::Utils::ObjectShare::RUBY)
+        Contrast::CONFIG.proto_logger.info('Application context',
+                                           server_name: msg.server_name,
+                                           server_path: msg.server_path,
+                                           server_type: msg.server_type,
+                                           application_name: name, # rubocop:disable Security/Module/Name
+                                           application_path: path,
+                                           application_language: Contrast::Utils::ObjectShare::RUBY)
 
         msg
       end
@@ -42,7 +42,7 @@ module Contrast
       end
 
       def client_id
-        @_client_id ||= [app_name, pgid].join('-')
+        @_client_id ||= [name, pgid].join('-') # rubocop:disable Security/Module/Name
       end
 
       def app_and_server_information

data/lib/contrast/components/logger.rb

@@ -16,16 +16,6 @@ module Contrast
         def cef_logger
           @_cef_logger ||= Contrast::Logger::CEFLog.instance.tap(&:build_logger)
         end
-
-        def add_trace_perf_logging_for sym, custom_message = nil
-          logger.add_trace_perf_logging(self, sym, custom_message)
-        end
-      end
-
-      class << self
-        def add_trace_log_timing_for clazz, method_name, custom_message = nil
-          Contrast::Logger::Log.instance.add_method_to_trace_timing(clazz, method_name, custom_message)
-        end
       end
 
       # So This class here follows the update for the configuration

data/lib/contrast/config/root_configuration.rb

@@ -4,6 +4,8 @@
 require 'contrast/components/agent'
 require 'contrast/components/inventory'
 require 'contrast/components/protect'
+require 'contrast/components/app_context'
+
 module Contrast
   module Config
     # The base of the Common Configuration settings.
@@ -14,7 +16,7 @@ module Contrast
       attr_writer :api
       # @return [Contrast::Components::Agent::Interface]
       attr_writer :agent
-      # @return [Contrast::Config::ApplicationConfiguration]
+      # @return [Contrast::Components::AppContext::Interface]
       attr_writer :application
       # @return [Contrast::Config::ServerConfiguration]
       attr_writer :server
@@ -36,7 +38,7 @@ module Contrast
         @api = Contrast::Components::Api::Interface.new(hsh[:api])
         @enable = hsh[:enable]
         @agent = Contrast::Components::Agent::Interface.new(hsh[:agent])
-        @application = Contrast::Config::ApplicationConfiguration.new(hsh[:application])
+        @application = Contrast::Components::AppContext::Interface.new(hsh[:application])
         @server = Contrast::Config::ServerConfiguration.new(hsh[:server])
         @assess = Contrast::Config::AssessConfiguration.new(hsh[:assess])
         @inventory = Contrast::Components::Inventory::Interface.new(hsh[:inventory])
@@ -54,9 +56,9 @@ module Contrast
         @agent ||= Contrast::Components::Agent::Interface.new
       end
 
-      # @return [Contrast::Config::ApplicationConfiguration]
+      # @return [Contrast::Components::AppContext::Interface]
       def application
-        @application ||= Contrast::Config::ApplicationConfiguration.new
+        @application ||= Contrast::Components::AppContext::Interface.new
       end
 
       # @return [Contrast::Config::ServerConfiguration]

data/lib/contrast/config.rb

@@ -18,7 +18,6 @@ require 'contrast/config/protect_rule_configuration'
 require 'contrast/config/protect_rules_configuration'
 
 require 'contrast/config/ruby_configuration'
-require 'contrast/config/application_configuration'
 require 'contrast/config/server_configuration'
 require 'contrast/config/assess_configuration'
 require 'contrast/config/root_configuration'

data/lib/contrast/logger/application.rb

@@ -12,7 +12,8 @@ module Contrast
         return unless info?
 
         info('Process environment information', p_id: Process.pid, pp_id: Process.ppid,
-                                                agent_version: Contrast::Agent::VERSION)
+                                                agent_version: Contrast::Agent::VERSION,
+                                                ruby_version: RUBY_VERSION)
         ENV.each do |env_key, env_value|
           env_key = env_key.to_s
           next unless ENV_KEYS.include?(env_key) ||

data/lib/contrast/logger/log.rb

@@ -13,72 +13,6 @@ require 'contrast/logger/time'
 require 'contrast/components/config'
 require 'contrast/utils/log_utils'
 
-module Contrast
-  # This module allows us to dynamically weave timing into our code, so that only when the time is actually needed do
-  # we pay the penalty for that timing block
-  module TraceTiming
-    def methods_to_time
-      @_methods_to_time ||= []
-    end
-
-    # Store info about methods for later patching.
-    METHOD_INFO = Struct.new(:clazz, :method_name, :custom_msg, :aliased)
-
-    # Add a method to the list of methods to be trace timed if logger set to TRACE. Enables trace timing after if
-    # logger set to TRACE.
-    #
-    # @param: clazz [Class] the class of the method to time.
-    # @param: method [Symbol] the method to time.
-    # @param: method [String] optional custom logging message.
-    def add_method_to_trace_timing clazz, method, msg = nil
-      methods_to_time.append(METHOD_INFO.new(clazz, method, msg, false))
-      enable_trace_timing if logger.level == ::Ougai::Logging::TRACE
-    end
-
-    # Add a method to the list of methods to be trace timed if logger set to TRACE. Enables trace timing after if
-    # logger set to TRACE.
-    #
-    # @param: meth_spec [METHOD_INFO] specs about the method to be timed.
-    # @param: class_method [Boolean] whether this is or isn't a class/module method.
-    def trace_time_class_method meth_spec, class_method # rubocop:disable Metrics/AbcSize
-      untimed_func_symbol = "untimed_#{ meth_spec.method_name }".to_sym
-      send_to = class_method ? meth_spec.clazz.cs__singleton_class : meth_spec.clazz
-      meth_spec.clazz.class_eval do
-        include(Contrast::Components::Logger::InstanceMethods)
-        extend(Contrast::Components::Logger::InstanceMethods)
-
-        send_to.send(:alias_method, untimed_func_symbol, meth_spec.method_name)
-        meth_spec.aliased = true
-
-        log_message = "Elapsed time for #{ meth_spec.method_name }."
-        log_message = meth_spec.custom_message if meth_spec.custom_msg
-
-        send_to.send(:define_method, meth_spec.method_name) do |*args, **kwargs, &block| # rubocop:disable Performance/Kernel/DefineMethod
-          start = Process.clock_gettime(Process::CLOCK_MONOTONIC)
-          rv = if kwargs.empty?
-                 send(untimed_func_symbol, *args, &block)
-               else
-                 send(untimed_func_symbol, *args, **kwargs, &block)
-               end
-          delta = Process.clock_gettime(Process::CLOCK_MONOTONIC) - start
-          logger.trace(log_message, elapsed: delta * 1000)
-          rv
-        end
-      end
-    end
-
-    # Enable trace timing of methods specified in @_methods_to_time via aliasing.
-    def enable_trace_timing
-      methods_to_time.each do |meth_spec|
-        next if meth_spec.aliased
-
-        is_class_method = meth_spec.clazz.singleton_methods(false).include?(meth_spec.method_name)
-        trace_time_class_method(meth_spec, is_class_method)
-      end
-    end
-  end
-end
-
 module Contrast
   # Used as a wrapper around our logging. The module option specifically adds in a new method for error that raises the
   # logged exception, used in testing so that we can see if anything unexpected happens without it being swallowed
@@ -105,7 +39,6 @@ module Contrast
     # level based on updates to TeamServer.
     class Log
       include Singleton
-      include ::Contrast::TraceTiming
       include Contrast::Utils::LogUtils
 
       attr_reader :previous_path, :previous_level
@@ -132,8 +65,6 @@ module Contrast
         @previous_path  = current_path
         @previous_level = current_level_const
 
-        enable_trace_timing if current_level_const == ::Ougai::Logging::TRACE
-
         progname = Contrast::CONFIG.root.agent.logger.progname
         @_logger = build(path: current_path, level_const: current_level_const, progname: progname)
         # If we're logging to a new path, then let's start it w/ our helpful

data/lib/contrast/logger/time.rb

@@ -8,31 +8,38 @@ module Contrast
     module Time
       # Log the message at the given level.
       #
-      # @param level [String] the name of the method to use. Should be one of
-      #   trace, debug, info, warn, error
+      # @param level [String] the name of the method to use. Should be one of trace, debug, info, warn, error
       # @param message [String] the message to log
       def with_level level, message
         send(level.to_sym, message)
       end
 
-      # Log, at the debug level, the action with a message including the time
-      # it took for the wrapped function to complete.
+      # Log, at the debug level, the action with a message including the time it took for the wrapped function to
+      # complete. If not logging to debug, simply yield the given block.
       #
-      # @param msgs [Array<Object>] the arguments to pass to the logger.
-      #   msgs[0] will be modified to include the elapsed time.
+      # @param msgs [Array<Object>] the arguments to pass to the logger. msgs[0] will be modified to include the elapsed
+      #   time.
       # @param block [Block, Proc] the block to execute
       def debug_with_time *msgs, &block
-        log_with_time(:debug, *msgs, &block)
+        if debug?
+          log_with_time(:debug, *msgs, &block)
+        elsif block
+          yield
+        end
       end
 
-      # Log, at the trace level, the action with a message including the time
-      # it took for the wrapped function to complete.
+      # Log, at the trace level, the action with a message including the time it took for the wrapped function to
+      # complete. If not logging to debug, simply yield the given block.
       #
-      # @param msgs [Array<Object>] the arguments to pass to the logger.
-      #   msgs[0] will be modified to include the elapsed time.
+      # @param msgs [Array<Object>] the arguments to pass to the logger. msgs[0] will be modified to include the elapsed
+      #   time.
       # @param block [Block, Proc] the block to execute
       def trace_with_time *msgs, &block
-        log_with_time(:trace, *msgs, &block)
+        if trace?
+          log_with_time(:trace, *msgs, &block)
+        elsif block
+          yield
+        end
       end
 
       private

data/lib/contrast/utils/log_utils.rb

@@ -182,7 +182,7 @@ module Contrast
                          else
                            DEFAULT_METADATA
                          end
-        app_name = ::Contrast::APP_CONTEXT.app_name
+        app_name = ::Contrast::APP_CONTEXT.name # rubocop:disable Security/Module/Name
         attach_request_and_sender_info(message, sender_info)
         message << "request=#{ context.request.url } "
         message << "requestMethod=#{ request_method } "

data/lib/contrast/utils/string_utils.rb

@@ -1,15 +1,11 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/components/logger'
-
 module Contrast
   module Utils
     # Utilities for encoding and normalizing strings
-    class StringUtils
+    module StringUtils
       class << self
-        include Contrast::Components::Logger::InstanceMethods
-
         UTF8 = 'utf-8'
         HTTP_PREFIX = 'HTTP_'
 
@@ -61,7 +57,7 @@ module Contrast
           # We were unable to switch the String to a UTF-8 format.
           # Return non-nil so as not to throw an exception later when trying
           # to do regexp or other compares on the String
-          logger.trace('Unable to cast String to UTF-8 format', e, value: str)
+          Contrast::CONFIG.proto_logger.trace('Unable to cast String to UTF-8 format', e, value: str)
 
           Contrast::Utils::ObjectShare::EMPTY_STRING
         end

data/lib/contrast.rb

@@ -81,7 +81,7 @@ module Contrast
   AGENT = CONFIG.root.agent
   LOGGER = AGENT.logger
   CONTRAST_SERVICE = Contrast::Components::ContrastService::Interface.new
-  APP_CONTEXT = Contrast::Components::AppContext::Interface.new
+  APP_CONTEXT = CONFIG.root.application
 end
 
 module Contrast

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 6.6.0
+  version: 6.6.3
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-07-13 00:00:00.000000000 Z
+date: 2022-07-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -665,22 +665,22 @@ executables:
 - contrast_service
 extensions:
 - ext/cs__common/extconf.rb
-- ext/cs__assess_fiber_track/extconf.rb
-- ext/cs__assess_string/extconf.rb
+- ext/cs__tests/extconf.rb
 - ext/cs__assess_module/extconf.rb
-- ext/cs__assess_test/extconf.rb
-- ext/cs__assess_kernel/extconf.rb
-- ext/cs__assess_yield_track/extconf.rb
+- ext/cs__assess_array/extconf.rb
 - ext/cs__assess_hash/extconf.rb
+- ext/cs__assess_basic_object/extconf.rb
+- ext/cs__assess_regexp/extconf.rb
 - ext/cs__os_information/extconf.rb
+- ext/cs__assess_test/extconf.rb
+- ext/cs__assess_string/extconf.rb
 - ext/cs__contrast_patch/extconf.rb
-- ext/cs__assess_marshal_module/extconf.rb
-- ext/cs__assess_regexp/extconf.rb
-- ext/cs__assess_array/extconf.rb
-- ext/cs__scope/extconf.rb
-- ext/cs__assess_basic_object/extconf.rb
-- ext/cs__tests/extconf.rb
 - ext/cs__assess_string_interpolation/extconf.rb
+- ext/cs__scope/extconf.rb
+- ext/cs__assess_marshal_module/extconf.rb
+- ext/cs__assess_fiber_track/extconf.rb
+- ext/cs__assess_yield_track/extconf.rb
+- ext/cs__assess_kernel/extconf.rb
 extra_rdoc_files: []
 files:
 - ".clang-format"
@@ -1193,7 +1193,6 @@ files:
 - lib/contrast/components/settings.rb
 - lib/contrast/config.rb
 - lib/contrast/config/api_proxy_configuration.rb
-- lib/contrast/config/application_configuration.rb
 - lib/contrast/config/assess_configuration.rb
 - lib/contrast/config/assess_rules_configuration.rb
 - lib/contrast/config/base_configuration.rb

data/lib/contrast/config/application_configuration.rb

@@ -1,57 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-
-require 'contrast/utils/object_share'
-
-module Contrast
-  module Config
-    # Common Configuration settings. Those in this section pertain to the
-    # application identification functionality of the Agent.
-    class ApplicationConfiguration
-      include Contrast::Config::BaseConfiguration
-
-      # @return [String]
-      attr_accessor :name
-      # @return [String]
-      attr_accessor :version
-      # @return [String]
-      attr_accessor :language
-      # @return [String]
-      attr_accessor :path
-      # @return [String]
-      attr_accessor :group
-      # @return [String]
-      attr_accessor :tags
-      # @return [String]
-      attr_accessor :code
-      # @return [String]
-      attr_accessor :metadata
-      attr_writer :session_id, :session_metadata
-
-      def initialize hsh = {}
-        return unless hsh
-
-        @name = hsh[:name]
-        @version = hsh[:version]
-        @language = hsh[:language]
-        @path = hsh[:path]
-        @group = hsh[:group]
-        @tags = hsh[:tags]
-        @code = hsh[:code]
-        @metadata = hsh[:metadata]
-        @session_id = hsh[:session_id]
-        @session_metadata = hsh[:session_metadata]
-      end
-
-      # @return [String, Contrast::Utils::ObjectShare::EMPTY_STRING]
-      def session_id
-        @session_id ||= Contrast::Utils::ObjectShare::EMPTY_STRING
-      end
-
-      # @return [String, Contrast::Utils::ObjectShare::EMPTY_STRING]
-      def session_metadata
-        @session_metadata ||= Contrast::Utils::ObjectShare::EMPTY_STRING
-      end
-    end
-  end
-end