RubyGems - contrast-agent - Versions diffs - 6.6.4 → 6.8.0 - Mend

contrast-agent 6.6.4 → 6.8.0

Files changed (340) hide show

data/lib/contrast/config/protect_rules_configuration.rb CHANGED Viewed

@@ -10,72 +10,48 @@ module Contrast
       include Contrast::Config::BaseConfiguration
       attr_accessor :disabled_rules
-      attr_writer :bot_blocker, :cmd_injection, :sql_injection, :nosql_injection, :untrusted_deserialization,
-                  :xxe, :path_traversal, :reflected_xss, :unsafe_file_upload, :rule_base
+      attr_reader :bot_blocker,
+                  :cmd_injection, :cmdi_command_backdoors,
+                  :cmd_injection_semantic_chained_commands, :cmd_injection_semantic_dangerous_paths,
+                  :method_tampering,
+                  :nosql_injection,
+                  :path_traversal, :path_traversal_semantic_file_security_bypass,
+                  :reflected_xss,
+                  :sql_injection, :sqli_dangerous_function,
+                  :unsafe_file_upload,
+                  :untrusted_deserialization,
+                  :xxe,
+                  :rule_base
       BASE_RULE = 'Contrast::Agent::Protect::Rule::Base'.cs__freeze
-      def initialize hsh = {}
+      def initialize hsh = {} # rubocop:disable Metrics/AbcSize
         return unless hsh
         @disabled_rules = hsh[:disabled_rules]
         @rule_base = Contrast::Config::ProtectRuleConfiguration.new(hsh[BASE_RULE.to_sym])
         @bot_blocker = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'bot-blocker'])
         @cmd_injection = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'cmd-injection'])
+        @cmdi_command_backdoors =
+          Contrast::Config::ProtectRuleConfiguration.new(hsh[:'cmd-injection-command-backdoors'])
+        @cmdi_chained_command =
+          Contrast::Config::ProtectRuleConfiguration.new(hsh[:'cmd-injection-semantic-chained-commands'])
+        @cmdi_dangerous_path =
+          Contrast::Config::ProtectRuleConfiguration.new(hsh[:'cmd-injection-semantic-dangerous-paths'])
         @method_tampering = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'method-tampering'])
         @nosql_injection = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'nosql-injection'])
         @path_traversal = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'path-traversal'])
+        @path_traversal_semantic_file_security_bypass =
+          Contrast::Config::ProtectRuleConfiguration.new(hsh[:'path-traversal-semantic-file-security-bypass'])
         @reflected_xss = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'reflected-xss'])
         @sql_injection = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'sql-injection'])
+        @sqli_dangerous_function =
+          Contrast::Config::ProtectRuleConfiguration.new(hsh[:'sql-injection-semantic-dangerous-functions'])
         @unsafe_file_upload = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'unsafe-file-upload'])
         @untrusted_deserialization = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'untrusted-deserialization'])
         @xxe = Contrast::Config::ProtectRuleConfiguration.new(hsh[:xxe])
       end
-      def bot_blocker
-        @bot_blocker ||= Contrast::Config::ProtectRuleConfiguration.new
-      end
-      def cmd_injection
-        @cmd_injection ||= Contrast::Config::ProtectRuleConfiguration.new
-      end
-      def sql_injection
-        @sql_injection ||= Contrast::Config::ProtectRuleConfiguration.new
-      end
-      def nosql_injection
-        @nosql_injection ||= Contrast::Config::ProtectRuleConfiguration.new
-      end
-      def untrusted_deserialization
-        @untrusted_deserialization ||= Contrast::Config::ProtectRuleConfiguration.new
-      end
-      def method_tampering
-        @method_tampering ||= Contrast::Config::ProtectRuleConfiguration.new
-      end
-      def xxe
-        @xxe ||= Contrast::Config::ProtectRuleConfiguration.new
-      end
-      def path_traversal
-        @path_traversal ||= Contrast::Config::ProtectRuleConfiguration.new
-      end
-      def reflected_xss
-        @reflected_xss ||= Contrast::Config::ProtectRuleConfiguration.new
-      end
-      def unsafe_file_upload
-        @unsafe_file_upload ||= Contrast::Config::ProtectRuleConfiguration.new
-      end
-      def rule_base
-        @rule_base ||= Contrast::Config::ProtectRuleConfiguration.new
-      end
       def []= key, value
         instance_variable_set("@#{ convert_key(key) }".to_sym, value)
       end
@@ -90,7 +66,7 @@ module Contrast
       # Convert instance variable names to format expected by TS
       # for adding to the hash
-      def to_hash
+      def to_contrast_hash
         hsh = {}
         instance_variables.each do |iv|
           # strip the '@' to get the key

data/lib/contrast/config/server_configuration.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module Contrast
       include Contrast::Config::BaseConfiguration
       # @return [String, nil]
-      attr_accessor :name
+      attr_reader :name
       # @return [String, nil]
       attr_accessor :path
       # @return [String, nil]

data/lib/contrast/config.rb CHANGED Viewed

@@ -11,13 +11,7 @@ module Contrast
 end
 require 'contrast/config/base_configuration'
-require 'contrast/config/service_configuration'
 require 'contrast/config/exception_configuration'
-require 'contrast/config/assess_rules_configuration'
 require 'contrast/config/protect_rule_configuration'
 require 'contrast/config/protect_rules_configuration'
-require 'contrast/config/ruby_configuration'
 require 'contrast/config/server_configuration'
-require 'contrast/config/assess_configuration'
-require 'contrast/config/root_configuration'

data/lib/contrast/configuration.rb CHANGED Viewed

@@ -6,7 +6,14 @@ require 'fileutils'
 require 'contrast/config'
 require 'contrast/utils/object_share'
+require 'contrast/components/agent'
+require 'contrast/components/api'
+require 'contrast/components/app_context'
 require 'contrast/components/scope'
+require 'contrast/components/inventory'
+require 'contrast/components/protect'
+require 'contrast/components/assess'
+require 'contrast/config/server_configuration'
 module Contrast
   # This is how we read in the local settings for the Agent, both ENV/ CMD line
@@ -18,11 +25,30 @@ module Contrast
     include Contrast::Components::Scope::InstanceMethods
     extend Contrast::Components::Scope::InstanceMethods
-    attr_reader :default_name, :root
+    include Contrast::Config::BaseConfiguration
+    attr_reader :default_name
+    # @return [Contrast::Components::Api::Interface]
+    attr_writer :api
+    # @return [Contrast::Components::Agent::Interface]
+    attr_writer :agent
+    # @return [Contrast::Components::AppContext::Interface]
+    attr_writer :application
+    # @return [Contrast::Config::ServerConfiguration]
+    attr_writer :server
+    # @return [Contrast::Components::Assess::Interface]
+    attr_writer :assess
+    # @return [Contrast::Components::Inventory::Interface]
+    attr_writer :inventory
+    # @return [Contrast::Components::Protect::Interface]
+    attr_writer :protect
+    # @return [Boolean, nil]
+    attr_accessor :enable
     DEFAULT_YAML_PATH  = 'contrast_security.yaml'
     MILLISECOND_MARKER = '_ms'
-    CONVERSION = { 'agent.service.enable' => 'agent.start_bundled_service' }.cs__freeze
+    CONVERSION = {}.cs__freeze
     CONFIG_BASE_PATHS = ['', 'config/', '/etc/contrast/ruby/', '/etc/contrast/', '/etc/'].cs__freeze
     KEYS_TO_REDACT = %i[api_key url service_key user_name].cs__freeze
     REDACTED = '**REDACTED**'
@@ -40,20 +66,14 @@ module Contrast
       # Some in-flight rewrites to maintain backwards compatibility
       config_kv = update_prop_keys(config_kv)
-      @root = Contrast::Config::RootConfiguration.new(config_kv)
-    end
-    # Because we call this method to determine the need for scoping, it itself
-    # must be executed inside a Contrast scope. Failure to do so could result
-    # in an infinite loop on the to_sym method used later.
-    def method_missing symbol, *args
-      with_contrast_scope do
-        root.public_send(symbol, *args) if root.cs__respond_to?(symbol)
-      end
-    end
-    def respond_to_missing? method_name, *args
-      root&.cs__respond_to?(method_name) || super
+      @api = Contrast::Components::Api::Interface.new(config_kv[:api])
+      @enable = config_kv[:enable]
+      @agent = Contrast::Components::Agent::Interface.new(config_kv[:agent])
+      @application = Contrast::Components::AppContext::Interface.new(config_kv[:application])
+      @server = Contrast::Config::ServerConfiguration.new(config_kv[:server])
+      @assess = Contrast::Components::Assess::Interface.new(config_kv[:assess])
+      @inventory = Contrast::Components::Inventory::Interface.new(config_kv[:inventory])
+      @protect = Contrast::Components::Protect::Interface.new(config_kv[:protect])
     end
     # Get a loggable YAML format of this configuration
@@ -63,6 +83,41 @@ module Contrast
       convert_to_hash.to_yaml
     end
+    # @return [Contrast::Components::Api::Interface]
+    def api
+      @api ||= Contrast::Components::Api::Interface.new # rubocop:disable Naming/MemoizedInstanceVariableName
+    end
+    # @return [Contrast::Components::Agent::Interface]
+    def agent
+      @agent ||= Contrast::Components::Agent::Interface.new # rubocop:disable Naming/MemoizedInstanceVariableName
+    end
+    # @return [Contrast::Components::AppContext::Interface]
+    def application
+      @application ||= Contrast::Components::AppContext::Interface.new # rubocop:disable Naming/MemoizedInstanceVariableName
+    end
+    # @return [Contrast::Config::ServerConfiguration]
+    def server
+      @server ||= Contrast::Config::ServerConfiguration.new # rubocop:disable Naming/MemoizedInstanceVariableName
+    end
+    # @return [Contrast::Components::Assess::Interface]
+    def assess
+      @assess ||= Contrast::Components::Assess::Interface.new # rubocop:disable Naming/MemoizedInstanceVariableName
+    end
+    # @return [Contrast::Components::Inventory::Interface]
+    def inventory
+      @inventory ||= Contrast::Components::Inventory::Interface.new # rubocop:disable Naming/MemoizedInstanceVariableName
+    end
+    # @return [Contrast::Components::Protect::Interface]
+    def protect
+      @protect ||= Contrast::Components::Protect::Interface.new # rubocop:disable Naming/MemoizedInstanceVariableName
+    end
     protected
     # TODO: RUBY-546 move utility methods to auxiliary classes
@@ -213,11 +268,11 @@ module Contrast
     # @return [Hash, Object] the leaf of each
     #   Contrast::Config::BaseConfiguration will be returned in the N > 0 steps
     #   the Hash will be returned at the end of the 0 level
-    def convert_to_hash convert = root, hash = {}
+    def convert_to_hash convert = self, hash = {}
       case convert
       when Contrast::Config::BaseConfiguration
         # to_hash returns @configuration_map
-        convert.to_hash.each_key do |key|
+        convert.to_contrast_hash.each_key do |key|
           # change '-' to '_' for ProtectRulesConfiguration
           hash[key] = convert_to_hash(convert.send(key.tr('-', '_').to_sym), {})
           hash[key] = REDACTED if redactable?(key)

data/lib/contrast/extension/assess/array.rb CHANGED Viewed

@@ -5,6 +5,7 @@ require 'contrast/agent/patching/policy/patch'
 require 'contrast/agent/patching/policy/patcher'
 require 'contrast/components/scope'
 require 'contrast/agent/assess/events/event_data'
+require 'cs__assess_array/cs__assess_array'
 module Contrast
   module Extension
@@ -61,6 +62,14 @@ module Contrast
           end
         end
       end
+      # Helper module to call cs__join
+      module ContrastArray
+        def join *args
+          cs__join(*args)
+          super(*args)
+        end
+      end
     end
   end
 end

data/lib/contrast/extension/assess/exec_trigger.rb CHANGED Viewed

@@ -19,7 +19,9 @@ module Contrast
           # source might not be all the args passed in, but it is the one we care
           # about. we could pass in all the args in the last param here if it
           # becomes an issue in rendering on TS
-          Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(trigger_node, source, Kernel, nil, source)
+          finding = Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(trigger_node,
+                                                                                 source, Kernel, nil, source)
+          Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding) if finding
         end
         private

data/lib/contrast/extension/assess/marshal.rb CHANGED Viewed

@@ -36,8 +36,9 @@ module Contrast
               # source might not be all the args passed in, but it is the one we care
               # about. we could pass in all the args in the last param here if it
               # becomes an issue in rendering on TS
-              Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(trigger_node('Marshal', :load), source,
-                                                                           self, ret, *args)
+              finding = Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(trigger_node('Marshal', :load),
+                                                                                     source, self, ret, *args)
+              Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding) if finding
               return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
               properties.copy_from(source, ret)

data/lib/contrast/extension/assess/string.rb CHANGED Viewed

@@ -37,7 +37,6 @@ module Contrast
           # @param inputs [Array<String>] Inputs for interpolation.
           # @param result [String] The result from the interpolation.
           def track_interpolation inputs, result
-            return unless ::Contrast::AGENT.interpolation_enabled?
             return unless inputs.any? { |input| Contrast::Agent::Assess::Tracker.tracked?(input) }
             return unless (properties = Contrast::Agent::Assess::Tracker.properties!(result))

data/lib/contrast/extension/delegator.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+require 'delegate'
 # Some developers override various methods on Delegator, which can often
 # involve changing expected method parity/behavior which in turn prevents us
 # from being able to reliably use affected methods. Let's alias these methods

data/lib/contrast/extension/extension.rb CHANGED Viewed

@@ -36,7 +36,7 @@ module Contrast
           # conditions
           def assign_value path
             case path
-            when /fiber/, /interpolation26/
+            when /fiber/, /interpolation/
               require(path) if Funchook.available?
             else
               require(path)

data/lib/contrast/framework/base_support.rb CHANGED Viewed

@@ -41,11 +41,6 @@ module Contrast
         raise(NoMethodError, 'Subclasses of BaseSupport should implement this method')
       end
-      # @raise [NoMethodError] raises error if subclass does not implement this method
-      def current_route
-        raise(NoMethodError, 'Subclasses of BaseSupport should implement this method')
-      end
       # @raise [NoMethodError] raises error if subclass does not implement this method
       def retrieve_request _env
         raise(NoMethodError, 'Subclasses of BaseSupport should implement this method')

data/lib/contrast/framework/grape/support.rb CHANGED Viewed

@@ -68,29 +68,6 @@ module Contrast
             routes
           end
-          # Given the current request return a RouteCoverage dtm.
-          #
-          # @param request [Contrast::Agent::Request] a contrast tracked request.
-          # @param controller [::Grape::API] optionally use this controller instead of global ::Grape::API.
-          # @return [Contrast::Api::Dtm::RouteCoverage, nil] a Dtm describing the route
-          # matched to the request if a match was found.
-          def current_route request, controller = ::Grape::API, full_route = nil
-            return unless grape_controller?(controller)
-            method = request.env[::Rack::REQUEST_METHOD] # GET, PUT, POST, etc...
-            # Find final controller - actually we gotta match the route to the scanned application
-            # Initially Grape compiles all routes on startup, so we can use the url from the request
-            # and create the observed route
-            # Class < Grape::API, Grape::Router::Route
-            final_controller, route_pattern = _route_recurse(method, _cleaned_route(request), grape_controllers)
-            return unless final_controller
-            full_route ||= request.env[::Rack::PATH_INFO]
-            Contrast::Api::Dtm::RouteCoverage.from_grape_controller(final_controller, method, route_pattern, full_route)
-          end
           # Given the current request - return a RouteCoverage object
           # @param request [Contrast::Agent::Request] a contrast tracked request.
@@ -113,6 +90,7 @@ module Contrast
             new_route_coverage = Contrast::Agent::Reporting::RouteCoverage.new
             new_route_coverage.attach_rack_based_data(final_controller, method, route_pattern, full_route)
+            new_route_coverage
           end
           # Search object space for grape controllers--any class that subclasses ::Grape::API.

data/lib/contrast/framework/manager.rb CHANGED Viewed

@@ -71,9 +71,11 @@ module Contrast
         first_framework_result(:application_name, 'root')
       end
+      # @return app_root [String] path
       def app_root
         found = first_framework_result(:application_root, nil)
-        found || ::Rack::Directory.new('').root
+        found ||= ::Rack::Directory.new('').root
+        found.to_s
       end
       # Build a request from the provided env, based on the framework(s) we're currently supporting.
@@ -108,16 +110,6 @@ module Contrast
         result
       end
-      # Iterate through current frameworks and return the current request's route. This will be the first non-nil
-      # result.
-      #
-      # @param request [Contrast::Agent::Request] the current request.
-      # @return [Contrast::Api::Dtm::RouteCoverage] the current route as a Dtm.
-      def get_route_dtm request
-        @_frameworks.lazy.map { |framework_support| framework_support.current_route(request) }.
-            reject(&:nil?).first # rubocop:disable Style/CollectionCompact
-      end
       # Iterate through current frameworks and return the current request's route. This will be the first non-nil
       # result.
       #

data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb CHANGED Viewed

@@ -20,12 +20,7 @@ module Contrast
                 Contrast::Agent.reporter&.send_event_immediately(event)
               end
-              if Contrast::Agent::Reporter.enabled?
-                event = Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity)
-                Contrast::Agent.reporter&.send_event_immediately(event)
-              else
-                Contrast::Agent.messaging_queue&.send_event_immediately(context.activity)
-              end
+              Contrast::Agent.reporter&.send_event_immediately(context.activity)
             end
             def instrument

data/lib/contrast/framework/rails/railtie.rb CHANGED Viewed

@@ -25,7 +25,6 @@ module Contrast
         end
         rake_tasks do
-          load 'contrast/tasks/service.rb'
           load 'contrast/tasks/config.rb'
         end
       end

data/lib/contrast/framework/rails/support.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/api/dtm.pb'
 require 'contrast/framework/base_support'
 require 'contrast/framework/rails/patch/support'
 require 'contrast/utils/string_utils'
@@ -49,36 +48,6 @@ module Contrast
             find_all_routes(::Rails.application, [])
           end
-          # Find the current route, based on the provided Request wrapper
-          #
-          # @param request[Contrast::Agent::Request]
-          # @return [Contrast::Api::Dtm::RouteCoverage, nil]
-          def current_route request
-            return unless ::Rails.cs__respond_to?(:application)
-            # ActionDispatch::Journey::Path::Pattern::MatchData, Hash, ActionDispatch::Journey::Route, Array<String>
-            match, _params, route, path = get_full_route(request.rack_request)
-            unless route
-              logger.warn("Unable to determine the current route of this request: #{ request.rack_request }")
-              return
-            end
-            original_url = request.rack_request.path_info
-            mounted_app = route&.app&.app
-            # Route is either the final rails route, or a router that points to a Sinatra controller.
-            if mounted_app && Contrast::Framework::Sinatra::Support.sinatra_controller?(mounted_app)
-              return mounted_sinatra_route(request, match, path, route, original_url)
-            end
-            if mounted_app && Contrast::Framework::Grape::Support.grape_controller?(mounted_app)
-              return mounted_grape_route(request, match, path, route, original_url)
-            end
-            Contrast::Api::Dtm::RouteCoverage.from_action_dispatch_journey(route, original_url)
-          rescue StandardError => e
-            logger.warn('Unable to determine the current route of this request', e)
-            nil
-          end
           # Find the current route, based on the provided Request wrapper
           #
           # @param request[Contrast::Agent::Request]
@@ -105,9 +74,10 @@ module Contrast
             end
             new_route_coverage = Contrast::Agent::Reporting::RouteCoverage.new
-            new_route_coverage.attach_rails_data(route, original_url)
+            new_route_coverage&.attach_rails_data(route, original_url)
+            new_route_coverage
           rescue StandardError => e
-            logger.warn('Unable to determine the current route of this request', e)
+            logger.warn('Unable to determine the current route of this request due to exception: ', e)
             nil
           end
@@ -132,7 +102,7 @@ module Contrast
           # Determine if route is a Rails engine route.
           #
           # @param route [Object] app or route that points to a ::Rails::Engine
-          # @return [bool] whether the router is an engine or not.
+          # @return [Boolean, nil] whether the router is an engine or not.
           def engine_route? route
             return false unless route&.app&.app
             return false unless route.app.is_a?(::ActionDispatch::Routing::Mapper::Constraints) ||
@@ -155,7 +125,7 @@ module Contrast
             match, params, route = route_matches.first
-            # If the current routing node points to a sub-app (::Rais::Engine), dive deeper.
+            # If the current routing node points to a sub-app (::Rails::Engine), dive deeper.
             # Have sub-app route the remainder of the url.
             if engine_route?(route)
               new_req = retrieve_request(request.env)
@@ -186,36 +156,12 @@ module Contrast
             route_list
           end
-          # @param request[Contrast::Agent::Request]
-          # @param match [ActionDispatch::Journey::Path::Pattern::MatchData]
-          # @param path [Array<String>] the path of this request, built out from each nested
-          #   ActionDispatch::Journey::Path::Pattern::MatchData
-          # @param route [::ActionDispatch::Journey::Route]
-          # @param original_url [String] the full url of this request, including the mount
-          # @return [Contrast::Api::Dtm::RouteCoverage, nil]
-          def mounted_sinatra_route request, match, path, route, original_url
-            new_req = unmounted_route(request, match, path)
-            Contrast::Framework::Sinatra::Support.current_route(new_req, route.app.app, original_url)
-          end
           # @return [Contrast::Agent::Reporting::RouteCoverage, nil]
           def mounted_new_sinatra_route request, match, path, route, original_url
             new_req = unmounted_route(request, match, path)
             Contrast::Framework::Sinatra::Support.current_route_coverage(new_req, route.app.app, original_url)
           end
-          # @param request[Contrast::Agent::Request]
-          # @param match [ActionDispatch::Journey::Path::Pattern::MatchData]
-          # @param path [Array<String>] the path of this request, built out from each nested
-          #   ActionDispatch::Journey::Path::Pattern::MatchData
-          # @param route [::ActionDispatch::Journey::Route]
-          # @param original_url [String] the full url of this request, including the mount
-          # @return [Contrast::Api::Dtm::RouteCoverage, nil]
-          def mounted_grape_route request, match, path, route, original_url
-            new_req = unmounted_route(request, match, path)
-            Contrast::Framework::Grape::Support.current_route(new_req, route.app.app, original_url)
-          end
           # @return [Contrast::Agent::Reporting::RouteCoverage, nil]
           def mounted_new_grape_route request, match, path, route, original_url
             new_req = unmounted_route(request, match, path)

data/lib/contrast/framework/sinatra/support.rb CHANGED Viewed

@@ -64,26 +64,6 @@ module Contrast
             routes
           end
-          # Given the current request return a RouteCoverage dtm.
-          #
-          # @param request [Contrast::Agent::Request] a contrast tracked request.
-          # @param controller [::Sinatra::Base] optionally use this controller instead of global ::Sinatra::Base.
-          # @return [Contrast::Api::Dtm::RouteCoverage, nil] a Dtm describing the route
-          # matched to the request if a match was found.
-          def current_route request, controller = ::Sinatra::Base, full_route = nil
-            return unless sinatra_controller?(controller)
-            method = request.env[::Rack::REQUEST_METHOD] # GET, PUT, POST, etc...
-            # Find route match--checking superclasses if necessary.
-            final_controller, route_pattern = _route_recurse(controller, method, _cleaned_route(request))
-            return unless !final_controller.nil? && !route_pattern.nil?
-            full_route ||= request.path_info
-            Contrast::Api::Dtm::RouteCoverage.from_sinatra_route(final_controller, method, route_pattern, full_route)
-          end
           # Given the current request - return a RouteCoverage object
           # @param request [Contrast::Agent::Request] a contrast tracked request.
@@ -97,12 +77,13 @@ module Contrast
             # Find route match--checking superclasses if necessary.
             final_controller, route_pattern = _route_recurse(controller, method, _cleaned_route(request))
-            return unless final_controller
+            return unless final_controller && route_pattern
             full_route ||= request.env[::Rack::PATH_INFO]
             new_route_coverage = Contrast::Agent::Reporting::RouteCoverage.new
             new_route_coverage.attach_rack_based_data(final_controller, method, route_pattern, full_route)
+            new_route_coverage
           end
           # Search object space for sinatra controllers--any class that subclasses ::Sinatra::Base.

data/lib/contrast/logger/cef_log.rb CHANGED Viewed

@@ -51,16 +51,20 @@ module Contrast
       # set by local configuration.
       #
       # @param log_level [String] the level at which to log, as provided by TeamServer settings
-      def build_logger log_level = nil
+      # @param log_file [String] the file to which to log, as provided by TeamServer settings
+      def build_logger log_level = nil, log_file = nil
+        current_path_const = find_valid_path(log_file)
         current_level_const = find_valid_level(log_level)
         level_change = current_level_const != previous_level
+        path_change = current_path_const != previous_path
         # don't needlessly recreate logger
-        return if @cef_logger && !level_change
+        return if @cef_logger && !(level_change || path_change)
         @previous_level = current_level_const
+        @previous_path = current_path_const
-        @_cef_logger = build(path: DEFAULT_CEF_NAME, level_const: current_level_const)
+        @_cef_logger = build(path: current_path_const, level_const: current_level_const)
         # If we're logging to a new path, then let's start it w/ our helpful
         # data gathering messages
         # log_update if path_change
@@ -82,6 +86,20 @@ module Contrast
         @_cef_logger
       end
+      def find_valid_path log_file
+        config = ::Contrast::CONFIG.agent.security_logger
+        config_path = config&.path&.length.to_i.positive? ? config.path : nil
+        valid_path(config_path || log_file, default_name: DEFAULT_CEF_NAME)
+      end
+      # @return [::Ougai::Logging::Severity] the level at which to log
+      def find_valid_level log_level
+        config = ::Contrast::CONFIG.agent.security_logger
+        config_level = config&.level&.length&.positive? ? config.level : nil
+        valid_level(config_level || log_level)
+      end
       def log msg, level = @_cef_logger.level
         case level
         when ::Logger::Severity::INFO