contrast-agent 6.7.0 → 6.9.0

data/lib/contrast/components/agent.rb

@@ -2,12 +2,13 @@
 # frozen_string_literal: true
 
 require 'rubygems/version'
+require 'contrast/components/base'
 require 'contrast/agent/rule_set'
 require 'contrast/components/logger'
 require 'contrast/components/security_logger'
 require 'contrast/components/heap_dump'
-require 'contrast/components/service'
 require 'contrast/components/ruby_component'
+require 'contrast/components/polling'
 
 module Contrast
   module Components
@@ -18,36 +19,38 @@ module Contrast
       class Interface
         include Contrast::Components::ComponentBase
 
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
+
+        CANON_NAME = 'agent'
+        CONFIG_VALUES = %w[enabled? omit_body?].cs__freeze
+
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @_enable = hsh[:enable]
-          @_start_bundled_service = hsh[:start_bundled_service]
           @_omit_body = hsh[:omit_body]
-          @_service = Contrast::Components::Service::Interface.new(hsh[:service])
+          @_polling = Contrast::Components::Polling::Interface.new(hsh[:polling])
           @_logger = Contrast::Components::Logger::Interface.new(hsh[:logger])
           @_security_logger = Contrast::Components::SecurityLogger::Interface.new(hsh[:security_logger])
           @_ruby = Contrast::Components::Ruby::Interface.new(hsh[:ruby])
           @_heap_dump = Contrast::Components::HeapDump::Interface.new(hsh[:heap_dump])
         end
 
-        # @return [Boolean, true]
-        def start_bundled_service?
-          @_start_bundled_service.nil? ? true : @_start_bundled_service
-        end
-
-        def service
-          return @_service unless @_service.nil?
-
-          @_service = Contrast::Components::Service::Interface.new
-        end
-
         def logger
           return @_logger unless @_logger.nil?
 
           @_logger = Contrast::Components::Logger::Interface.new
         end
 
+        def polling
+          @_polling ||= Contrast::Components::Polling::Interface.new
+        end
+
         def security_logger
           return @_security_logger unless @_security_logger.nil?
 
@@ -101,6 +104,10 @@ module Contrast
           @_omit_body
         end
 
+        def disable_agent!
+          @_enable = false
+        end
+
         def exception_control
           @_exception_control ||= {
               enable: true?(ruby.exceptions.capture),
@@ -124,6 +131,19 @@ module Contrast
           Contrast::Agent::TracePointHook.enable!
         end
 
+        # Converts current configuration to effective config values class and appends them to
+        # EffectiveConfig class.
+        #
+        # @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
+        def to_effective_config effective_config
+          super
+          logger&.to_effective_config(effective_config)
+          security_logger&.to_effective_config(effective_config)
+          ruby&.to_effective_config(effective_config)
+          heap_dump&.to_effective_config(effective_config)
+          polling&.to_effective_config(effective_config)
+        end
+
         protected
 
         def retrieve_protect_ruleset

data/lib/contrast/components/api.rb

@@ -17,6 +17,10 @@ module Contrast
         include Contrast::Components::ComponentBase
         include Contrast::Config::BaseConfiguration
 
+        CANON_NAME = 'api'
+        PROXY_NAME = "#{ CANON_NAME }.proxy"
+        CONFIG_VALUES = %w[api_key user_name service_key url].cs__freeze
+
         # @return [String]
         attr_accessor :api_key
         # @return [String]
@@ -120,8 +124,27 @@ module Contrast
           @_certification_key_file ||= ::Contrast::CONFIG.api.certificate.key_file
         end
 
+        # Converts current configuration to effective config values class and appends them to
+        # EffectiveConfig class.
+        #
+        # @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
+        def to_effective_config effective_config
+          add_effective_config_values(effective_config, CONFIG_VALUES, CANON_NAME, CONTRAST)
+          effective_proxy(effective_config)
+          request_audit&.to_effective_config(effective_config)
+          certificate&.to_effective_config(effective_config)
+        end
+
         private
 
+        # @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
+        def effective_proxy effective_config
+          add_single_effective_value(effective_config, ENABLE, proxy_enable.to_s, PROXY_NAME, "#{ CONTRAST }.proxy")
+          return unless proxy_url && proxy_enable
+
+          add_single_effective_value(effective_config, 'url', proxy_url, PROXY_NAME, "#{ CONTRAST }.proxy")
+        end
+
         def certification_truly_enabled? config_path
           return false unless true?(config_path.enable)
           return true if file_exists?(certification_ca_file) && valid_cert?(certification_ca_file)

data/lib/contrast/components/app_context.rb

@@ -2,8 +2,6 @@
 # frozen_string_literal: true
 
 require 'rubygems/version'
-require 'contrast/api/decorators/agent_startup'
-require 'contrast/api/decorators/application_startup'
 require 'contrast/utils/object_share'
 require 'contrast/components/app_context_extend'
 require 'contrast/config/base_configuration'
@@ -16,7 +14,7 @@ module Contrast
       # parent_configuration_spec.yaml.
       # Specifically, this allows for querying the state of the Application,
       # including the Client, Process, and Server information.
-      class Interface
+      class Interface # rubocop:disable Metrics/ClassLength
         include Contrast::Components::AppContextExtend
         include Contrast::Components::ComponentBase
         include Contrast::Config::BaseConfiguration
@@ -25,6 +23,8 @@ module Contrast
         DEFAULT_APP_PATH    = '/'
         DEFAULT_SERVER_NAME = 'localhost'
         DEFAULT_SERVER_PATH = '/'
+        CANON_NAME = 'application'
+        CONFIG_VALUES = %w[name version language path group tags code metadata session_id session_metadata].cs__freeze
 
         # @return [String]
         attr_accessor :version
@@ -32,15 +32,20 @@ module Contrast
         attr_accessor :language
         # @return [String]
         attr_accessor :group
-        # @return [String]
-        attr_accessor :tags
+        attr_writer :tags
         # @return [String]
         attr_accessor :code
         # @return [String]
         attr_accessor :metadata
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
 
         def initialize hsh = {}
           original_pid
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @_name = hsh[:name]
@@ -137,6 +142,10 @@ module Contrast
           end
         end
 
+        def tags
+          stringify_array(@tags)
+        end
+
         # Determines if the Process we're currently in matches that of the
         # Process in which the App Context instance was created.
         # If it doesn't, that indicates the running context is in a new
@@ -149,6 +158,15 @@ module Contrast
           current_pid != original_pid
         end
 
+        # Converts current configuration to effective config values class and appends them to
+        # EffectiveConfig class.
+        #
+        # @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
+        def to_effective_config effective_config
+          super
+          Contrast::CONFIG.server.to_effective_config(effective_config)
+        end
+
         private
 
         def original_pid

data/lib/contrast/components/app_context_extend.rb

@@ -12,23 +12,6 @@ module Contrast
       SUPPORTED_FRAMEWORKS = %w[rails sinatra grape rack].cs__freeze
       SUPPORTED_SERVERS = %w[passenger puma thin unicorn].cs__freeze
 
-      def build_app_startup_message
-        @_build_app_startup_message ||= Contrast::Api::Dtm::ApplicationCreate.build
-      end
-
-      def build_agent_startup_message
-        msg = Contrast::Api::Dtm::AgentStartup.build(server_name, server_path, server_type)
-        Contrast::CONFIG.proto_logger.info('Application context',
-                                           server_name: msg.server_name,
-                                           server_path: msg.server_path,
-                                           server_type: msg.server_type,
-                                           application_name: name, # rubocop:disable Security/Module/Name
-                                           application_path: path,
-                                           application_language: Contrast::Utils::ObjectShare::RUBY)
-
-        msg
-      end
-
       def pid
         Process.pid
       end
@@ -37,14 +20,6 @@ module Contrast
         Process.ppid
       end
 
-      def pgid
-        Process.getpgid(pid)
-      end
-
-      def client_id
-        @_client_id ||= [name, pgid].join('-') # rubocop:disable Security/Module/Name
-      end
-
       def app_and_server_information
         {
             application_info: find_gem_information(SUPPORTED_FRAMEWORKS),

data/lib/contrast/components/assess.rb

@@ -15,21 +15,36 @@ module Contrast
       class Interface # rubocop:disable Metrics/ClassLength
         include Contrast::Components::ComponentBase
 
-        # @return [String, nil]
-        attr_accessor :tags
         # @return [Boolean, nil]
         attr_accessor :enable
         # @return [Array, nil]
-        attr_writer :enable_scan_response, :enable_dynamic_sources, :sampling, :rules, :stacktraces
+        attr_writer :enable_scan_response, :enable_dynamic_sources, :sampling, :rules, :stacktraces, :tags
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
 
         DEFAULT_STACKTRACES = 'ALL'
         DEFAULT_MAX_SOURCE_EVENTS = 50_000
         DEFAULT_MAX_PROPAGATION_EVENTS = 50_000
         DEFAULT_MAX_RULE_REPORTED = 100
         DEFAULT_MAX_RULE_TIME_THRESHOLD = 300_000
-
+        CANON_NAME = 'assess'
+        CONFIG_VALUES = %w[
+          enabled?
+          tags
+          enable_scan_response
+          enable_original_object
+          stacktraces
+          max_context_source_events
+          max_propagation_events
+          max_rule_reported
+          time_limit_threshold
+        ].cs__freeze
         # rubocop:disable Naming/MemoizedInstanceVariableName
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @enable = hsh[:enable]
@@ -91,6 +106,11 @@ module Contrast
           @max_context_source_events ||= DEFAULT_MAX_SOURCE_EVENTS
         end
 
+        # @return [String, nil]
+        def tags
+          stringify_array(@tags)
+        end
+
         def enabled?
           # config overrides if forcibly set
           return false if forcibly_disabled?
@@ -187,6 +207,16 @@ module Contrast
           ::Contrast::SETTINGS.assess_state.session_id
         end
 
+        # Converts current configuration to effective config values class and appends them to
+        # EffectiveConfig class.
+        #
+        # @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
+        def to_effective_config effective_config
+          super
+          sampling&.to_effective_config(effective_config)
+          rules&.to_effective_config(effective_config)
+        end
+
         # rubocop:enable Naming/MemoizedInstanceVariableName
         private
 

data/lib/contrast/components/assess_rules.rb

@@ -2,6 +2,8 @@
 # frozen_string_literal: true
 
 require 'contrast/config/base_configuration'
+require 'contrast/utils/object_share'
+require 'contrast/components/base'
 
 module Contrast
   module Components
@@ -10,17 +12,33 @@ module Contrast
     module AssessRules
       class Interface # :nodoc:
         include Contrast::Config::BaseConfiguration
+        include Contrast::Components::ComponentBase
 
         SPEC_KEY = :disabled_rules.cs__freeze
+        CANON_NAME = 'assess.rules'
+        NAME_PREFIX = "#{ CONTRAST }.#{ CANON_NAME }"
+
         # @return [Array, nil] list of disabled assess rules
         attr_accessor :disabled_rules
+        # @return [String]
+        attr_reader :canon_name
 
         def initialize hsh = {}
+          @canon_name = CANON_NAME
+          @disabled_rules = []
           return unless hsh
 
           @disabled_rules = cast_disabled_rules(hsh)
         end
 
+        # Converts current configuration to effective config values class and appends them to
+        # EffectiveConfig class.
+        #
+        # @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
+        def to_effective_config effective_config
+          add_single_effective_value(effective_config, SPEC_KEY.to_s, disabled_rules, canon_name, NAME_PREFIX)
+        end
+
         private
 
         def cast_disabled_rules hsh

data/lib/contrast/components/base.rb

@@ -1,11 +1,33 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/config/diagnostics_tools'
+require 'contrast/utils/object_share'
+
 module Contrast
   module Components
     # All components should inherit from this,
     # whether Interfaces, InstanceMethods or ClassMethods.
     module ComponentBase
+      include Contrast::Agent::DiagnosticsConfig::DiagnosticsTools
+
+      CONTRAST = 'contrast'
+      ENABLE = 'enable'
+
+      # Used for config diagnostics. Override per rule.
+      #
+      # @return [String]
+      def canon_name
+        Contrast::Utils::ObjectShare::EMPTY_STRING
+      end
+
+      # Used for config diagnostics. Override per rule.
+      #
+      # @return [Array]
+      def config_values
+        Contrast::Utils::ObjectShare::EMPTY_ARRAY
+      end
+
       # use this to determine if the configuration value is literally boolean
       # false or some form of the word `false`, regardless of case. It should
       # be used for those values which default to `true` as they should only
@@ -58,6 +80,24 @@ module Contrast
 
         File.exist?(path)
       end
+
+      # Converts current configuration to effective config values class and appends them to
+      # EffectiveConfig class.
+      #
+      # @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
+      def to_effective_config effective_config
+        add_effective_config_values(effective_config, config_values, canon_name, "#{ CONTRAST }.#{ canon_name }")
+      end
+
+      # attempts to stringifys the config value if it is an array with the join char
+      # @param val[Object] val to stringify
+      # @param join_char[String, ','] join character defaults to ','
+      # @return [String, Object] the stringified val or the object as is
+      def stringify_array val, join_char = ','
+        return val.join(join_char) if val.cs__is_a?(Array)
+
+        val
+      end
     end
   end
 end

data/lib/contrast/components/config/sources.rb

@@ -0,0 +1,95 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/env_configuration_item'
+require 'ougai'
+require 'contrast/configuration'
+
+module Contrast
+  module Components
+    module Config
+      # This component encapsulates storing the source for each entry in the config,
+      # so that we can report on where the value was set from.
+      class Sources
+        ENVIRONMENT = 'ENV'
+        CLI = 'CLI'
+        CONTRASTUI = 'ContrastUI'
+        DEFAULT = 'Default'
+        YAML = 'YAML'
+
+        # @return [Hash]
+        attr_reader :data
+
+        def initialize data = {}
+          @data = data
+        end
+
+        # Retrieves the current config source for the specified config path. If no source is
+        # set then returns the Default value.
+        #
+        # @param path [String] the canonical name for the config entry (such as api.proxy.enable)
+        # @return [String] the source for the entry
+        def get path
+          data.dig(*parts_for(path)) || DEFAULT
+        rescue TypeError
+          DEFAULT
+        end
+
+        # Assigns the config source for a specified config path.
+        #
+        # @param path [String] the canonical name for the config entry (such as api.proxy.enable)
+        # @param [String] the source for the entry
+        # @return [String] the source type for the entry
+        def set path, source
+          assign_value(data, parts_for(path), source)
+        end
+
+        # Finds entries within config source data for the specified type, and returns
+        # them along with the current values for each.
+        #
+        # @param type [String] a source type (ENV, CLI, ContrastUI, YAML)
+        # @return [Hash] the entries for the provided source, along with the associated values
+        def for type
+          deep_select(data.dup, type, [])
+        end
+
+        private
+
+        # @param path [String] the canonical name for a config entry (such as api.proxy.enable)
+        # @return [Array] the path split on periods, and converted to symbols
+        def parts_for path
+          path.split('.').map(&:to_sym)
+        end
+
+        # @param current_level [Hash] all, or some of, the config source information
+        # @param parts [Array] the parts for canonical name of the config entry
+        # @param source [String] the source to be set for the specified entry
+        # @return [Array] the path split on periods, and converted to symbols
+        def assign_value current_level, parts, source
+          parts[0...-1].each do |segment|
+            current_level[segment] ||= {}
+            current_level = current_level[segment]
+          end
+          return unless current_level.cs__is_a?(Hash)
+
+          current_level[parts[-1]] = source
+        end
+
+        # @param sources [Hash] all, or some of, the config source information
+        # @param type [Array] the source type to look for entries of
+        # @param path [String] the entries followed to get to this part of the config
+        # @return [Hash] the entries for the provided source, along with the associated values
+        def deep_select sources, type, path
+          sources.each_with_object({}) do |(k, v), grouping|
+            if v.cs__is_a?(Hash)
+              nested_data = deep_select(v, type, path.dup.append(k.to_sym))
+              grouping[k] = nested_data unless nested_data.empty?
+            elsif v == type
+              grouping[k] = Contrast::CONFIG.config.loaded_config.dig(*path, k)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/components/config.rb

@@ -4,6 +4,7 @@
 require 'contrast/utils/env_configuration_item'
 require 'ougai'
 require 'contrast/configuration'
+require 'contrast/config/diagnostics'
 
 module Contrast
   module Components
@@ -26,6 +27,7 @@ module Contrast
       CONTRAST_ENV_MARKER = 'CONTRAST__'
       CONTRAST_LOG = 'contrast_agent.log'
       CONTRAST_NAME = 'Contrast Agent'
+      DATE_TIME = '%Y-%m-%dT%H:%M:%S.%L%z'
 
       class Interface # :nodoc: # rubocop:disable Metrics/ClassLength
         SESSION_VARIABLES = 'Invalid configuration. '\
@@ -50,7 +52,7 @@ module Contrast
             @_proto_logger.progname = CONTRAST_NAME
             @_proto_logger.level = ::Ougai::Logging::Severity::WARN
             @_proto_logger.formatter = Contrast::Logger::Format.new
-            @_proto_logger.formatter.datetime_format = '%Y-%m-%dT%H:%M:%S.%L%z'
+            @_proto_logger.formatter.datetime_format = DATE_TIME
             @_proto_logger
           end
         end
@@ -100,11 +102,6 @@ module Contrast
           @config.protect
         end
 
-        # @return [Contrast::Components::Service::Interface]
-        def service
-          @config.service
-        end
-
         def valid?
           @_valid = validate if @_valid.nil?
           @_valid
@@ -114,6 +111,10 @@ module Contrast
           @config.enable
         end
 
+        def sources
+          @config.sources
+        end
+
         def invalid?
           !valid?
         end
@@ -135,6 +136,11 @@ module Contrast
           application.session_metadata
         end
 
+        # @return [String, nil] the path to the YAML config file, if any.
+        def config_file_path
+          config.config_file
+        end
+
         private
 
         # The config has information about how to construct the logger. If the config is invalid, and you want to know
@@ -157,13 +163,10 @@ module Contrast
           true
         end
 
-        # If the agent is to use the bypass to communicate with TeamServer directly, than it must have the
-        # configuration values required for that connection.
+        # The agent must have the configuration values required for the connection to TeamServer.
         #
         # @return [boolean]
         def valid_api?
-          return true unless bypass
-
           msg = []
           msg << API_URL unless api_url
           msg << API_KEY unless api_key
@@ -220,15 +223,6 @@ module Contrast
           api.user_name
         end
 
-        # Typically, the following values would be accessed through Contrast::Components::AppContext
-        # and Contrast::Components::API, but we're too early in the initialization of the Agent to use
-        # that mechanism, so we look it up directly for ourselves.
-        #
-        # @return [String, nil]
-        def bypass
-          agent.service.bypass
-        end
-
         # Typically, the following values would be accessed through Contrast::Components::AppContext
         # and Contrast::Components::Logger, but we're too early in the initialization of the Agent to use
         # that mechanism, so we look it up directly for ourselves.
@@ -238,6 +232,11 @@ module Contrast
           agent.logger.path
         end
 
+        # This methods is here to add the proper forward towards @config
+        def enable= value
+          @config.enable = value
+        end
+
         # Assign the value from an ENV variable to the Contrast::Config::RootConfiguration object, when
         # appropriate.
         #
@@ -250,6 +249,7 @@ module Contrast
           return unless current_level.nil? == false && current_level.cs__respond_to?(dot_path_array[-1])
 
           current_level.send("#{ dot_path_array[-1] }=", value)
+          sources.set(dot_path_array.join('.'), Contrast::Components::Config::Sources::ENVIRONMENT)
         end
       end
     end

data/lib/contrast/components/heap_dump.rb

@@ -10,12 +10,22 @@ module Contrast
       # Interface used to build the HeapDump settings and component.
       class Interface
         include Contrast::Config::BaseConfiguration
+        include Contrast::Components::ComponentBase
+
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
 
         DEFAULT_PATH = 'contrast_heap_dumps' # saved
         DEFAULT_MS = 10_000
         DEFAULT_COUNT = 5
+        CANON_NAME = 'agent.heap_dump'
+        CONFIG_VALUES = %w[enable path delay_ms window_ms count clean].cs__freeze
 
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @_enable = hsh[:enable]

data/lib/contrast/components/inventory.rb

@@ -11,10 +11,18 @@ module Contrast
       class Interface
         include Contrast::Components::ComponentBase
 
-        # @return [Array, nil] tags
-        attr_accessor :tags
+        CANON_NAME = 'inventory'
+        CONFIG_VALUES = %w[enable analyze_libraries tags].cs__freeze
+
+        attr_writer :tags
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
 
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @enable = !false?(hsh[:enable])
@@ -31,6 +39,11 @@ module Contrast
         def analyze_libraries
           @analyze_libraries.nil? ? true : @analyze_libraries
         end
+
+        # @return [String, nil] tags
+        def tags
+          stringify_array(@tags)
+        end
       end
     end
   end