RubyGems - contrast-agent - Versions diffs - 6.6.4 → 6.8.0 - Mend

contrast-agent 6.6.4 → 6.8.0

Files changed (340) hide show

data/lib/contrast/agent/reaction_processor.rb DELETED Viewed

@@ -1,47 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-require 'contrast/agent/disable_reaction'
-require 'contrast/components/logger'
-module Contrast
-  module Agent
-    # Because communication between the Agent/Service and TeamServer can only be initiated by outbound connections
-    # from the Agent/Service, we must provide a mechanism for the TeamServer to direct the Agent to take a specific
-    # action. This action is referred to as a Reaction. This class is how we handle those Reaction messages.
-    module ReactionProcessor
-      extend Contrast::Components::Logger::InstanceMethods
-      # Process the given Reactions from the application settings based on what
-      # TeamServer has indicated. Each Reaction will result in a log message
-      # and, optionally, an action.
-      #
-      # @param application_settings [Contrast::Api::Settings::ApplicationSettings]
-      #   those settings which the Service has relayed from TeamServer.
-      def self.process application_settings
-        return unless application_settings&.reactions&.any?
-        application_settings.reactions.each do |reaction|
-          # The enums are all uppercase, we need to downcase them before attempting to log.
-          level = if reaction.log_level.nil?
-                    :error
-                  else
-                    reaction.log_level.name.downcase # rubocop:disable Security/Module/Name -- ruby logger builtin.
-                  end
-          logger.with_level(level, reaction.message) if reaction.message
-          case reaction.operation
-          when Contrast::Api::Settings::Reaction::Operation::DISABLE
-            Contrast::Agent::DisableReaction.run(reaction, level)
-          when Contrast::Api::Settings::Reaction::Operation::NOOP
-            # NOOP
-          else
-            logger.warn('ReactionProcessor received a reaction with an unknown operation',
-                        operation: reaction.operation)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/contrast/agent/reporting/reporting_events/trace_event_source.rb DELETED Viewed

@@ -1,30 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-require 'json'
-require 'contrast/components/logger'
-require 'contrast/utils/object_share'
-module Contrast
-  module Agent
-    module Reporting
-      # This is the new Trace Event Source class which will include all the needed information for the new reporting
-      # system to relay this information in the Route Observation messages.
-      class TraceEventSource
-        attr_accessor :name, :type
-        def initialize
-          @name = Contrast::Utils::ObjectShare::EMPTY_STRING
-          @type = Contrast::Utils::ObjectShare::EMPTY_STRING
-        end
-        def to_controlled_hash
-          {
-              name: @name,
-              type: @type
-          }
-        end
-      end
-    end
-  end
-end

data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb DELETED Viewed

@@ -1,43 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-require 'contrast/agent/reporting/reporting_events/application_activity'
-require 'contrast/api/dtm.pb'
-module Contrast
-  module Agent
-    module Reporting
-      # Util module for checking DTM message type. It temporarily allows for the conversion from a DTM to an
-      # EventReport.
-      # TODO: RUBY-1438 -- remove
-      module DtmMessage
-        class << self
-          # @param dtm [Contrast::Api::Dtm::Finding,Object]
-          # @return [Boolean]
-          def finding? dtm
-            dtm.cs__is_a?(Contrast::Api::Dtm::Finding)
-          end
-          # @param dtm [Contrast::Api::Dtm::Finding,Object]
-          # @return [Boolean]
-          def activity? dtm
-            dtm.cs__is_a?(Contrast::Api::Dtm::Activity)
-          end
-          # Converts DTM message to Reporting Event for those messages that have conversion methods crated. We use this
-          # as we work to move away from requiring the Service.
-          #
-          # @param dtm [Contrast::Api::Dtm]
-          # @return event [Contrast::Agent::Reporting::ReportingEvent, nil]
-          def dtm_to_event dtm
-            # For the others, we convert them.
-            return Contrast::Agent::Reporting::Finding.convert(dtm) if finding?(dtm)
-            return Contrast::Agent::Reporting::ApplicationActivity.convert(dtm) if activity?(dtm)
-            nil
-          end
-        end
-      end
-    end
-  end
-end

data/lib/contrast/agent/service_heartbeat.rb DELETED Viewed

@@ -1,35 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-require 'contrast/agent/worker_thread'
-require 'contrast/agent/reporting/report'
-module Contrast
-  module Agent
-    # The ServiceHeartbeat functions to keep the Contrast Service alive and ensure that it maintains this Agent's
-    # ApplicationContext.
-    class ServiceHeartbeat < WorkerThread
-      # Spec recommends 30 seconds, we're going with 15.
-      REFRESH_INTERVAL_SEC = 15
-      def start_thread!
-        return if ::Contrast::CONTRAST_SERVICE.unnecessary?
-        return if running?
-        @_thread = Contrast::Agent::Thread.new do
-          logger.info('Starting heartbeat thread.')
-          loop do
-            logger.info("Queue Size: #{ Contrast::Agent.messaging_queue.queue&.length }")
-            Contrast::Agent.messaging_queue&.send_event_eventually(poll_message)
-            clean_properties
-            sleep(REFRESH_INTERVAL_SEC)
-          end
-        end
-      end
-      def poll_message
-        @_poll_message ||= Contrast::Api::Dtm::Poll.new
-      end
-    end
-  end
-end

data/lib/contrast/api/communication/messaging_queue.rb DELETED Viewed

@@ -1,129 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-require 'contrast/components/logger'
-require 'contrast/agent/assess/policy/trigger_method'
-require 'contrast/agent/worker_thread'
-require 'contrast/agent/reporting/reporting_utilities/audit'
-require 'contrast/api/dtm.pb'
-module Contrast
-  module Api
-    module Communication
-      # Top level gateway to messaging with speedracer
-      class MessagingQueue < Contrast::Agent::WorkerThread
-        include Contrast::Components::Logger::InstanceMethods
-        # @return [Contrast::Api::Communication::Speedracer, nil]
-        attr_reader :speedracer
-        def initialize
-          return if ::Contrast::CONTRAST_SERVICE.unnecessary?
-          @speedracer = Contrast::Api::Communication::Speedracer.new
-          super
-        end
-        # Use this to bypass the messaging queue and leave response processing to the caller. We use this method for
-        # those operations which are blocking, meaning they must complete for the Agent to continue operations. These
-        # types of events include initial settings/ setup on startup and analysis required to complete before handing
-        # execution from our pre-filter operations to the application code (i.e. Protect's input analysis).
-        #
-        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of
-        #   Contrast::Api::Dtm::Message|Contrast::Api::Dtm::Activity
-        # @return [Contrast::Api::Settings::AgentSettings,nil]
-        def send_event_immediately event
-          if ::Contrast::AGENT.disabled?
-            logger.warn('Attempted to send event immediately with Agent disabled', caller: caller, event: event)
-            return
-          end
-          return if ::Contrast::CONTRAST_SERVICE.unnecessary?
-          speedracer.return_response(event)
-        end
-        # A simple Queue used to hold messages that are ready to be sent to SpeedRacer but for which we do not need an
-        # immediate response
-        #
-        # @return [Queue, nil]
-        def queue
-          return if ::Contrast::CONTRAST_SERVICE.unnecessary?
-          @_queue ||= Queue.new
-        end
-        # Use this to add a message to the queue and process the response internally. We use this method for those
-        # operations which are non-blocking, meaning they don't need to complete for the Agent to continue operations.
-        # These types of events include any post-request messaging that occurs after execution is returned from the
-        # application to our post-filter operations as well as those that don't alter the application's execution (i.e.
-        # Assess' vulnerability reporting).
-        #
-        # @param event [Contrast::Api::Dtm, Contrast::Api::Dtm::Poll] One of the DTMs valid for the event field of
-        #   Contrast::Api::Dtm::Message|Contrast::Api::Dtm::Activity
-        # @param force [Boolean] if we should always queue this event, even if the service isn't running, in case the
-        #   message may be ready before the service has initiated. usually for those events which happen in a separate
-        #   thread or which may occur during initialization.
-        def send_event_eventually event, force: false
-          if ::Contrast::AGENT.disabled?
-            logger.warn('Attempted to queue event with Agent disabled', caller: caller, event: event)
-            return
-          end
-          return if ::Contrast::CONTRAST_SERVICE.unnecessary?
-          # If we're unable to start the Service, then we cannot afford to queue messages as this creates the potential
-          # for a memory leak, especially if the thread responsible for de-queueing the messages is dead.
-          return if !force && !(speedracer.status.connected? && running?)
-          # If we're in direct communication mode, the only message we should queue is the heartbeat to keep the
-          # service alive during Protect activities. All other messages should go through direct reporting.
-          if ::Contrast::CONTRAST_SERVICE.use_agent_communication?
-            return unless ::Contrast::PROTECT.enabled?
-            return unless event.cs__is_a?(Contrast::Api::Dtm::Poll)
-          end
-          logger.debug('Enqueued event for sending', event_type: event.cs__class)
-          queue << event if event
-        end
-        # Create the reporting thread, which will pull from the queue in order to send messages to SpeedRacer. If
-        # SpeedRacer is not running and should be, meaning the Agent is configured to control it, then we will also
-        # try to start that process.
-        def start_thread!
-          return if ::Contrast::CONTRAST_SERVICE.unnecessary?
-          speedracer.ensure_startup!
-          return if running?
-          @_thread = Contrast::Agent::Thread.new do
-            loop do
-              event = queue.pop
-              begin
-                logger.debug('Dequeued event for sending', event_type: event.cs__class)
-                speedracer.process_internally(event)
-              rescue StandardError => e
-                logger.error('Could not send message to service from messaging queue thread.', e)
-              end
-            end
-          end
-          logger.debug('Started background sending thread.')
-        end
-        # When the Agent shuts down, we terminate the message sending operations. This method clears, closes, and
-        # destroys the queue.
-        def delete_queue!
-          @_queue&.clear
-          @_queue&.close
-          @_queue = nil
-        end
-        # When the Agent shuts down, we terminate the thread responsible for reporting. This method destroys that
-        # thread and any data we would have sent with it.
-        def stop!
-          return unless running?
-          super
-          delete_queue!
-        end
-      end
-    end
-  end
-end

data/lib/contrast/api/communication/response_processor.rb DELETED Viewed

@@ -1,90 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-require 'contrast/agent/reaction_processor'
-require 'contrast/components/logger'
-module Contrast
-  module Api
-    module Communication
-      # Handles processing deferred messages sent to SpeedRacer.
-      class ResponseProcessor
-        include Contrast::Components::Logger::InstanceMethods
-        # Use the given response to update the Agent's server features and application settings, allowing it to reflect
-        # the latest options configured by the user in TeamServer
-        #
-        # @param response [Contrast::Api::Settings::AgentSettings]
-        def process response
-          logger.debug('Received a response', sent_ms: response&.sent_ms)
-          server_features = process_server_response(response)
-          app_settings = process_application_response(response)
-          # ReactionProcessor is a design pattern from TeamServer. Right now, there's one potential reaction, which is
-          # disabling the agent
-          Contrast::Agent::ReactionProcessor.process(response&.application_settings)
-          Contrast::Logger::Log.instance.update(server_features&.log_file, server_features&.log_level)
-          update_features(server_features, app_settings)
-          logger.trace('Agent settings updated in response to Service', protect_on: ::Contrast::PROTECT.enabled?,
-                                                                        assess_on: ::Contrast::ASSESS.enabled?)
-        end
-        private
-        # Given some protobuf messages, update server features. This is the bridge between SpeedRacer <-> Settings.
-        #
-        # @param response [Contrast::Api::Settings::AgentSettings]
-        # @return [Contrast::Api::Settings::ServerFeatures]
-        def process_server_response response
-          server_features = response&.server_features
-          return unless server_features
-          logger.trace('Agent: Received updated server features')
-          ::Contrast::SETTINGS.update_from_server_features(server_features)
-          server_features
-        end
-        # Given some protobuf messages, update application settings. This is the bridge between SpeedRacer <->
-        # Settings.
-        #
-        # @param response [Contrast::Api::Settings::AgentSettings]
-        # @return [Contrast::Api::Settings::ApplicationSettings]
-        def process_application_response response
-          logger.debug('[!] process_application_response', response: response)
-          app_settings = response&.application_settings
-          return unless app_settings
-          logger.debug('[!] Agent: Received updated application settings', settings: app_settings)
-          ::Contrast::SETTINGS.update_from_application_settings(app_settings)
-          app_settings
-        end
-        # This can't go in the Settings component because protect and assess depend on settings
-        # I don't think it should go into contrast_service because that only handles connection specific data.
-        #
-        # @param server_features
-        #   [Contrast::Api::Settings::AgentSettings, Contrast::Agent::Reporting::Settings::FeatureSettings]
-        # @param app_settings
-        #   [Contrast::Api::Settings::ApplicationSettings, Contrast::Agent::Reporting::Settings::ApplicationSettings]
-        def update_features server_features, app_settings
-          logger.info('Updating features')
-          return unless !!(server_features || app_settings)
-          return unless ::Contrast::AGENT.enabled?
-          logger.trace_with_time('Rebuilding rule modes') do
-            ::Contrast::SETTINGS.build_protect_rules if ::Contrast::PROTECT.enabled?
-            ::Contrast::AGENT.reset_ruleset
-            logger.info('Current rule settings:')
-            ::Contrast::PROTECT.defend_rules.each { |k, v| logger.info('Protect Rule mode set', rule: k, mode: v.mode) }
-            logger.info('Disabled Assess Rules', rules: ::Contrast::ASSESS.disabled_rules)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/contrast/api/communication/service_lifecycle.rb DELETED Viewed

@@ -1,77 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-require 'contrast/components/logger'
-module Contrast
-  module Api
-    module Communication
-      # Handles local service startup. As this should only ever be invoked by the Speedracer class, which includes
-      # this, all methods here are private.
-      module ServiceLifecycle
-        include Contrast::Components::Logger::InstanceMethods
-        private
-        # Attempt to start up a local process with SpeedRacer. This will ensure the process isn't just a zombie and is
-        # a real functioning process.
-        #
-        # @return [Boolean] Did the SpeedRacer process start?
-        def attempt_local_service_startup
-          zombie_check
-          service_starter_thread.join(5)
-          is_service_started = Contrast::Utils::OS.running?
-          if is_service_started
-            logger.info('The bundled service was successfully started.')
-          else
-            logger.error('The bundled service could not be started. The agent will not function properly.')
-          end
-          is_service_started
-        end
-        # Check if there's a zombie service that exists, and wait on it if so. Currently, this only happens when trying
-        # to initialize SpeedRacer. If there is a zombie, we'll wait until the zombie completes.
-        def zombie_check
-          zombie_pid_list = Contrast::Utils::OS.zombie_pids
-          zombie_pid_list.each do |pid|
-            Process.wait(pid.to_i)
-          rescue Errno::ECHILD => _e
-            # Sometimes the zombie process dies between us finding it and killing it
-          end
-        end
-        # Determine the options used to set up the SpeedRacer process. Specifically, this handles if we need to adjust
-        # where the process needs to log.
-        #
-        # @return [Hash] options used to spawn the SpeedRacer process
-        def determine_startup_options
-          return { out: :out, err: :out } if ::Contrast::CONTRAST_SERVICE.logger_path == 'STDOUT'
-          return { out: :err, err: :err } if ::Contrast::CONTRAST_SERVICE.logger_path == 'STDERR'
-          { out: File::NULL, err: File::NULL }
-        end
-        # Create a new process for the SpeedRacer. This is a separate method so we can overwrite it globally in specs.
-        def spawn_service
-          options = determine_startup_options
-          logger.debug('Spawning service')
-          spawn('contrast_service', options)
-        end
-        # Create a thread to start the SpeedRacer, making calls to spawn until one starts successfully. As soon as the
-        # SpeedRacer process starts, this thread terminates.
-        def service_starter_thread
-          Contrast::Agent::Thread.new do
-            # Always check to see if it already started
-            unless Contrast::Utils::OS.running?
-              # Spawn the service process
-              spawn_service
-              # Block until service is running
-              sleep(0.1) until Contrast::Utils::OS.running?
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/contrast/api/communication/socket.rb DELETED Viewed

@@ -1,44 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-module Contrast
-  module Api
-    module Communication
-      # Behavior common to all sockets used to communicate with the Contrast Service.
-      module Socket
-        SOCKET_MONITOR = Monitor.new
-        # Send a message across the socket and read back the response.
-        # @param marshaled [String] some marshaled form of data to be sent across the socket. Typically an encoded form
-        #   of Contrast::Api::Dtm::Message.
-        # @return [String] some marshalled form of data returned by the socket. Typically an encoded form of
-        #   Contrast::Api::Settings::AgentSettings.
-        def send_marshaled marshaled
-          SOCKET_MONITOR.synchronize do
-            socket = new_socket
-            # write message length
-            len = marshaled.length
-            socket.write([len].pack(Contrast::Api::ENCODING_STRING))
-            # write the entire message
-            socket.write(marshaled)
-            socket.close_write
-            # read the response length
-            len = socket.read(4).unpack1(Contrast::Api::ENCODING_STRING)
-            # read expected response to end
-            socket.read(len)
-          end
-        end
-        # Override this method to return a socket. Should be interface compatible with TCPSocket, UNIXSocket, etc.
-        # @raise[NoMethodError] abstract method, needs to be implemented
-        def new_socket
-          raise(NoMethodError, 'This is abstract, override it.')
-        end
-      end
-    end
-  end
-end

data/lib/contrast/api/communication/socket_client.rb DELETED Viewed

@@ -1,130 +0,0 @@
-# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
-# frozen_string_literal: true
-require 'socket'
-require 'uri'
-require 'contrast/api/communication/tcp_socket'
-require 'contrast/api/communication/unix_socket'
-require 'contrast/components/logger'
-module Contrast
-  module Api
-    module Communication
-      # SocketClient acts as a interface between the agent and the service. It instantiates a service proxy and tracks
-      # the state of that proxy.
-      class SocketClient
-        include Contrast::Components::Logger::InstanceMethods
-        def initialize
-          @socket = init_connection
-        end
-        # Wrap the given DTM in a Contrast::Api::Dtm::Message and send it to the SpeedRacer for processing. The
-        # Message is the top level object required to communicate to SpeedRacer as it encompasses the information
-        # needed to find this process' context.
-        #
-        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of
-        #   Contrast::Api::Dtm::Message
-        # @return [Contrast::Api::Settings::AgentSettings, nil]
-        def send_one event
-          msg = Contrast::Api::Dtm::Message.build(event)
-          send_message(msg)
-        end
-        private
-        # Initialize the connection to the SpeedRacer process based on the configuration provided by the user. This can
-        # be either TCP or UDP. Note that unlike the Go and the Node Agents, we cannot use the GRPC communication
-        # option as we cannot use Google's protobuf gems; they do not compile reliably and result in segmentation
-        # faults in customer environments.
-        #
-        # @return [Contrast::Api::Communication::TcpSocket, Contrast::Api::Communication::UnixSocket]
-        def init_connection
-          log_connection
-          if ::Contrast::CONTRAST_SERVICE.use_tcp?
-            Contrast::Api::Communication::TcpSocket.new(
-                ::Contrast::CONTRAST_SERVICE.host, ::Contrast::CONTRAST_SERVICE.port)
-          else
-            Contrast::Api::Communication::UnixSocket.new(::Contrast::CONTRAST_SERVICE.socket_path)
-          end
-        end
-        # Log information about the connection being used to communicate between the Agent and SpeedRacer.
-        def log_connection
-          # The socket is set,
-          if ::Contrast::CONFIG.root.agent.service.socket
-            logger.info('Connecting to the Contrast Service using a UnixSocket socket',
-                        socket: ::Contrast::CONTRAST_SERVICE.socket_path)
-            return
-          end
-          # The host & port are set,
-          if ::Contrast::CONFIG.root.agent.service.host && ::Contrast::CONFIG.root.agent.service.port
-            logger.info('Connecting to the Contrast Service using a TCP socket',
-                        host: ::Contrast::CONTRAST_SERVICE.host,
-                        port: ::Contrast::CONTRAST_SERVICE.port)
-            return
-          end
-          # Or something is not set.
-          logger.warn(
-              log_connection_error_msg,
-              host: ::Contrast::CONTRAST_SERVICE.host,
-              port: ::Contrast::CONTRAST_SERVICE.port)
-        end
-        # If our connection isn't built properly, we need to warn the user. This builds out the context specific
-        # message to provide that warning
-        #
-        # @return [String]
-        def log_connection_error_msg
-          if ::Contrast::CONFIG.root.agent.service.host
-            'Missing a required connection value to the Contrast Service. ' \
-              '`agent.service.port` is not set. ' \
-              'Falling back to default TCP socket port.'
-          elsif ::Contrast::CONFIG.root.agent.service.port
-            'Missing a required connection value to the Contrast Service. ' \
-              '`agent.service.host` is not set. ' \
-              'Falling back to default TCP socket host.'
-          else
-            'Missing a required connection value to the Contrast Service. ' \
-              'Neither `agent.service.socket` nor the pair of `agent.service.host` and `agent.service.port` are set. '\
-              'Falling back to default TCP socket.'
-          end
-        end
-        # Send the given message to SpeedRacer and return the response from it.
-        #
-        # @param msg [Contrast::Api::Dtm::Message] the packaged message to send to SpeedRacer
-        # @return [Contrast::Api::Settings::AgentSettings, nil]
-        # @raise [StandardError] if unable to send a message to SpeedRacer
-        def send_message msg
-          return unless msg
-          logger.debug('Sending message.', msg_id: msg.__id__, p_id: msg.pid, msg_count: msg.message_count)
-          to_service = Contrast::Api::Dtm::Message.encode(msg)
-          from_service = send_marshaled(to_service)
-          response = Contrast::Api::Settings::AgentSettings.decode(from_service)
-          logger.debug('RESPONSE FROM TS')
-          logger.debug(from_service)
-          logger.debug('RESPONSE FROM TS')
-          logger.debug('Received response.', msg_id: msg.__id__, p_id: msg.pid, msg_count: msg.message_count,
-                                             response_id: response&.__id__)
-          response
-        rescue StandardError => e
-          logger.error('Sending failed for message.', e, msg_id: msg.__id__, p_id: msg.pid,
-                                                         msg_count: msg.message_count, response_id: response&.__id__)
-          raise(e) # reraise to let SpeedRacer manage the connection
-        end
-        # Send the marshaled Contrast::Api::Dtm::Message across the socket used to talk to SpeedRacer
-        #
-        # @param marshaled [String]
-        # @return [String] the marshaled from of Contrast::Api::Settings::AgentSettings
-        def send_marshaled marshaled
-          @socket.send_marshaled(marshaled)
-        end
-      end
-    end
-  end
-end