contrast-agent 6.7.0 → 6.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +0 -2
- data/.simplecov +0 -1
- data/Rakefile +0 -1
- data/ext/cs__assess_array/cs__assess_array.c +41 -10
- data/ext/cs__assess_array/cs__assess_array.h +4 -1
- data/lib/contrast/agent/assess/policy/trigger_method.rb +3 -3
- data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +1 -1
- data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +1 -1
- data/lib/contrast/agent/assess/property/evented.rb +11 -11
- data/lib/contrast/agent/assess.rb +0 -1
- data/lib/contrast/agent/excluder.rb +53 -35
- data/lib/contrast/agent/exclusion_matcher.rb +21 -9
- data/lib/contrast/agent/middleware.rb +12 -6
- data/lib/contrast/agent/patching/policy/after_load_patcher.rb +6 -0
- data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb +146 -127
- data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb +116 -0
- data/lib/contrast/agent/protect/policy/applies_path_traversal_rule.rb +20 -0
- data/lib/contrast/agent/protect/policy/rule_applicator.rb +1 -1
- data/lib/contrast/agent/protect/rule/base.rb +47 -55
- data/lib/contrast/agent/protect/rule/base_service.rb +48 -24
- data/lib/contrast/agent/protect/rule/bot_blocker/bot_blocker_input_classification.rb +98 -0
- data/lib/contrast/agent/protect/rule/bot_blocker.rb +81 -0
- data/lib/contrast/agent/protect/rule/cmd_injection.rb +20 -2
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_backdoors.rb +8 -5
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_base_rule.rb +22 -22
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_chained_command.rb +64 -0
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_dangerous_path.rb +63 -0
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_input_classification.rb +2 -58
- data/lib/contrast/agent/protect/rule/default_scanner.rb +1 -1
- data/lib/contrast/agent/protect/rule/deserialization.rb +3 -14
- data/lib/contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification.rb +2 -2
- data/lib/contrast/agent/protect/rule/http_method_tampering.rb +0 -11
- data/lib/contrast/agent/protect/rule/no_sqli/no_sqli_input_classification.rb +29 -34
- data/lib/contrast/agent/protect/rule/no_sqli.rb +25 -18
- data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_input_classification.rb +61 -0
- data/lib/contrast/agent/protect/rule/path_traversal/path_traversal_semantic_security_bypass.rb +114 -0
- data/lib/contrast/agent/protect/rule/path_traversal.rb +40 -13
- data/lib/contrast/agent/protect/rule/sql_sample_builder.rb +33 -15
- data/lib/contrast/agent/protect/rule/sqli/sqli_base_rule.rb +0 -14
- data/lib/contrast/agent/protect/rule/sqli/sqli_input_classification.rb +2 -62
- data/lib/contrast/agent/protect/rule/sqli.rb +74 -3
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification.rb +39 -63
- data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +6 -33
- data/lib/contrast/agent/protect/rule/xss/reflected_xss_input_classification.rb +58 -0
- data/lib/contrast/agent/protect/rule/xss.rb +15 -20
- data/lib/contrast/agent/protect/rule/xxe.rb +4 -24
- data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb +19 -40
- data/lib/contrast/agent/reporting/attack_result/response_type.rb +9 -9
- data/lib/contrast/agent/reporting/details/ip_denylist_details.rb +10 -2
- data/lib/contrast/agent/reporting/details/virtual_patch_details.rb +8 -2
- data/lib/contrast/agent/reporting/input_analysis/details/bot_blocker_details.rb +27 -0
- data/lib/contrast/agent/reporting/input_analysis/details/protect_rule_details.rb +15 -0
- data/lib/contrast/agent/reporting/input_analysis/input_analysis.rb +1 -2
- data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb +16 -2
- data/lib/contrast/agent/reporting/masker/masker.rb +2 -0
- data/lib/contrast/agent/reporting/report.rb +1 -0
- data/lib/contrast/agent/reporting/reporter.rb +35 -14
- data/lib/contrast/agent/reporting/reporter_heartbeat.rb +3 -9
- data/lib/contrast/agent/reporting/reporting_events/application_activity.rb +16 -13
- data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb +12 -7
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb +3 -3
- data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb +1 -2
- data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb +6 -1
- data/lib/contrast/agent/reporting/reporting_events/application_update.rb +0 -2
- data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_events/finding.rb +6 -6
- data/lib/contrast/agent/reporting/reporting_events/finding_event.rb +239 -93
- data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb +10 -23
- data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb +10 -9
- data/lib/contrast/agent/reporting/reporting_events/finding_request.rb +0 -5
- data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_events/observed_route.rb +12 -0
- data/lib/contrast/agent/reporting/reporting_events/poll.rb +1 -11
- data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb +0 -1
- data/lib/contrast/agent/reporting/reporting_events/server_reporting_event.rb +8 -0
- data/lib/contrast/agent/reporting/reporting_events/server_settings.rb +40 -0
- data/lib/contrast/agent/reporting/reporting_utilities/audit.rb +2 -2
- data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +6 -0
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +43 -1
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +8 -4
- data/lib/contrast/agent/reporting/reporting_utilities/response.rb +1 -1
- data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb +58 -4
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb +4 -6
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +77 -16
- data/lib/contrast/agent/reporting/server_settings_worker.rb +44 -0
- data/lib/contrast/agent/reporting/settings/assess_server_feature.rb +14 -2
- data/lib/contrast/agent/reporting/settings/code_exclusion.rb +6 -1
- data/lib/contrast/agent/reporting/settings/exclusion_base.rb +18 -0
- data/lib/contrast/agent/reporting/settings/exclusions.rb +2 -1
- data/lib/contrast/agent/reporting/settings/helpers.rb +7 -0
- data/lib/contrast/agent/reporting/settings/input_exclusion.rb +9 -3
- data/lib/contrast/agent/reporting/settings/protect.rb +15 -15
- data/lib/contrast/agent/reporting/settings/protect_server_feature.rb +39 -2
- data/lib/contrast/agent/reporting/settings/rule_definition.rb +3 -0
- data/lib/contrast/agent/reporting/settings/security_logger.rb +77 -0
- data/lib/contrast/agent/reporting/settings/server_features.rb +9 -0
- data/lib/contrast/agent/reporting/settings/syslog.rb +34 -5
- data/lib/contrast/agent/request.rb +3 -14
- data/lib/contrast/agent/request_context.rb +6 -9
- data/lib/contrast/agent/request_context_extend.rb +9 -148
- data/lib/contrast/agent/request_handler.rb +5 -10
- data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb +1 -1
- data/lib/contrast/agent/thread_watcher.rb +37 -18
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/agent.rb +6 -11
- data/lib/contrast/agent_lib/api/command_injection.rb +46 -0
- data/lib/contrast/agent_lib/api/init.rb +101 -0
- data/lib/contrast/agent_lib/api/input_tracing.rb +267 -0
- data/lib/contrast/agent_lib/api/method_tempering.rb +29 -0
- data/lib/contrast/agent_lib/api/panic.rb +87 -0
- data/lib/contrast/agent_lib/api/path_semantic_file_security_bypass.rb +40 -0
- data/lib/contrast/agent_lib/interface.rb +260 -0
- data/lib/contrast/agent_lib/interface_base.rb +118 -0
- data/lib/contrast/agent_lib/return_types/eval_result.rb +44 -0
- data/lib/contrast/agent_lib/test.rb +29 -0
- data/lib/contrast/api/communication/connection_status.rb +20 -5
- data/lib/contrast/components/agent.rb +34 -14
- data/lib/contrast/components/api.rb +23 -0
- data/lib/contrast/components/app_context.rb +23 -5
- data/lib/contrast/components/app_context_extend.rb +0 -25
- data/lib/contrast/components/assess.rb +34 -4
- data/lib/contrast/components/assess_rules.rb +18 -0
- data/lib/contrast/components/base.rb +40 -0
- data/lib/contrast/components/config/sources.rb +95 -0
- data/lib/contrast/components/config.rb +19 -19
- data/lib/contrast/components/heap_dump.rb +10 -0
- data/lib/contrast/components/inventory.rb +15 -2
- data/lib/contrast/components/logger.rb +18 -0
- data/lib/contrast/components/polling.rb +36 -0
- data/lib/contrast/components/protect.rb +52 -2
- data/lib/contrast/components/ruby_component.rb +16 -1
- data/lib/contrast/components/sampling.rb +70 -13
- data/lib/contrast/components/security_logger.rb +13 -0
- data/lib/contrast/components/settings.rb +105 -90
- data/lib/contrast/config/certification_configuration.rb +14 -0
- data/lib/contrast/config/config.rb +46 -0
- data/lib/contrast/config/diagnostics.rb +114 -0
- data/lib/contrast/config/diagnostics_tools.rb +98 -0
- data/lib/contrast/config/effective_config.rb +65 -0
- data/lib/contrast/config/effective_config_value.rb +32 -0
- data/lib/contrast/config/exception_configuration.rb +12 -0
- data/lib/contrast/config/protect_rule_configuration.rb +8 -8
- data/lib/contrast/config/protect_rules_configuration.rb +23 -60
- data/lib/contrast/config/request_audit_configuration.rb +13 -0
- data/lib/contrast/config/server_configuration.rb +41 -2
- data/lib/contrast/configuration.rb +29 -12
- data/lib/contrast/extension/assess/array.rb +9 -0
- data/lib/contrast/extension/assess/erb.rb +1 -1
- data/lib/contrast/extension/delegator.rb +2 -0
- data/lib/contrast/framework/manager.rb +3 -1
- data/lib/contrast/framework/rails/railtie.rb +0 -1
- data/lib/contrast/framework/rails/support.rb +0 -1
- data/lib/contrast/tasks/config.rb +1 -8
- data/lib/contrast/utils/assess/event_limit_utils.rb +31 -9
- data/lib/contrast/utils/assess/trigger_method_utils.rb +5 -4
- data/lib/contrast/utils/duck_utils.rb +1 -0
- data/lib/contrast/utils/hash_digest.rb +2 -2
- data/lib/contrast/utils/input_classification_base.rb +155 -0
- data/lib/contrast/utils/os.rb +0 -20
- data/lib/contrast/utils/reporting/application_activity_batch_utils.rb +81 -0
- data/lib/contrast/utils/response_utils.rb +0 -16
- data/lib/contrast/utils/routes_sent.rb +60 -0
- data/lib/contrast/utils/stack_trace_utils.rb +3 -15
- data/lib/contrast/utils/string_utils.rb +10 -7
- data/lib/contrast/utils/telemetry_client.rb +1 -2
- data/lib/contrast/utils/timer.rb +16 -0
- data/lib/contrast.rb +5 -4
- data/resources/protect/policy.json +1 -2
- data/ruby-agent.gemspec +7 -6
- metadata +69 -130
- data/exe/contrast_service +0 -23
- data/lib/contrast/agent/assess/contrast_event.rb +0 -157
- data/lib/contrast/agent/assess/events/event_factory.rb +0 -34
- data/lib/contrast/agent/assess/events/source_event.rb +0 -46
- data/lib/contrast/agent/protect/rule/cmdi/cmdi_worth_watching.rb +0 -64
- data/lib/contrast/agent/protect/rule/sqli/sqli_worth_watching.rb +0 -118
- data/lib/contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_matcher.rb +0 -45
- data/lib/contrast/agent/reaction_processor.rb +0 -47
- data/lib/contrast/agent/reporting/reporting_events/server_activity.rb +0 -36
- data/lib/contrast/agent/service_heartbeat.rb +0 -35
- data/lib/contrast/api/communication/messaging_queue.rb +0 -128
- data/lib/contrast/api/communication/response_processor.rb +0 -90
- data/lib/contrast/api/communication/service_lifecycle.rb +0 -77
- data/lib/contrast/api/communication/socket.rb +0 -44
- data/lib/contrast/api/communication/socket_client.rb +0 -130
- data/lib/contrast/api/communication/speedracer.rb +0 -138
- data/lib/contrast/api/communication/tcp_socket.rb +0 -32
- data/lib/contrast/api/communication/unix_socket.rb +0 -28
- data/lib/contrast/api/communication.rb +0 -20
- data/lib/contrast/api/decorators/address.rb +0 -59
- data/lib/contrast/api/decorators/agent_startup.rb +0 -56
- data/lib/contrast/api/decorators/application_settings.rb +0 -43
- data/lib/contrast/api/decorators/application_startup.rb +0 -56
- data/lib/contrast/api/decorators/bot_blocker.rb +0 -37
- data/lib/contrast/api/decorators/http_request.rb +0 -137
- data/lib/contrast/api/decorators/input_analysis.rb +0 -18
- data/lib/contrast/api/decorators/instrumentation_mode.rb +0 -35
- data/lib/contrast/api/decorators/ip_denylist.rb +0 -37
- data/lib/contrast/api/decorators/message.rb +0 -67
- data/lib/contrast/api/decorators/rasp_rule_sample.rb +0 -52
- data/lib/contrast/api/decorators/response_type.rb +0 -17
- data/lib/contrast/api/decorators/server_features.rb +0 -25
- data/lib/contrast/api/decorators/user_input.rb +0 -51
- data/lib/contrast/api/decorators/virtual_patch.rb +0 -34
- data/lib/contrast/api/decorators.rb +0 -22
- data/lib/contrast/api/dtm.pb.rb +0 -363
- data/lib/contrast/api/settings.pb.rb +0 -500
- data/lib/contrast/api.rb +0 -16
- data/lib/contrast/components/contrast_service.rb +0 -88
- data/lib/contrast/components/service.rb +0 -55
- data/lib/contrast/tasks/service.rb +0 -84
- data/lib/contrast/utils/input_classification.rb +0 -73
- data/lib/protobuf/code_generator.rb +0 -129
- data/lib/protobuf/decoder.rb +0 -28
- data/lib/protobuf/deprecation.rb +0 -117
- data/lib/protobuf/descriptors/google/protobuf/compiler/plugin.pb.rb +0 -79
- data/lib/protobuf/descriptors/google/protobuf/descriptor.pb.rb +0 -360
- data/lib/protobuf/descriptors.rb +0 -3
- data/lib/protobuf/encoder.rb +0 -11
- data/lib/protobuf/enum.rb +0 -365
- data/lib/protobuf/exceptions.rb +0 -9
- data/lib/protobuf/field/base_field.rb +0 -380
- data/lib/protobuf/field/base_field_object_definitions.rb +0 -504
- data/lib/protobuf/field/bool_field.rb +0 -64
- data/lib/protobuf/field/bytes_field.rb +0 -67
- data/lib/protobuf/field/double_field.rb +0 -25
- data/lib/protobuf/field/enum_field.rb +0 -56
- data/lib/protobuf/field/field_array.rb +0 -102
- data/lib/protobuf/field/field_hash.rb +0 -122
- data/lib/protobuf/field/fixed32_field.rb +0 -25
- data/lib/protobuf/field/fixed64_field.rb +0 -28
- data/lib/protobuf/field/float_field.rb +0 -43
- data/lib/protobuf/field/int32_field.rb +0 -21
- data/lib/protobuf/field/int64_field.rb +0 -34
- data/lib/protobuf/field/integer_field.rb +0 -23
- data/lib/protobuf/field/message_field.rb +0 -51
- data/lib/protobuf/field/sfixed32_field.rb +0 -27
- data/lib/protobuf/field/sfixed64_field.rb +0 -28
- data/lib/protobuf/field/signed_integer_field.rb +0 -29
- data/lib/protobuf/field/sint32_field.rb +0 -21
- data/lib/protobuf/field/sint64_field.rb +0 -21
- data/lib/protobuf/field/string_field.rb +0 -51
- data/lib/protobuf/field/uint32_field.rb +0 -21
- data/lib/protobuf/field/uint64_field.rb +0 -21
- data/lib/protobuf/field/varint_field.rb +0 -77
- data/lib/protobuf/field.rb +0 -74
- data/lib/protobuf/generators/base.rb +0 -85
- data/lib/protobuf/generators/enum_generator.rb +0 -39
- data/lib/protobuf/generators/extension_generator.rb +0 -27
- data/lib/protobuf/generators/field_generator.rb +0 -193
- data/lib/protobuf/generators/file_generator.rb +0 -262
- data/lib/protobuf/generators/group_generator.rb +0 -122
- data/lib/protobuf/generators/message_generator.rb +0 -104
- data/lib/protobuf/generators/option_generator.rb +0 -17
- data/lib/protobuf/generators/printable.rb +0 -160
- data/lib/protobuf/generators/service_generator.rb +0 -50
- data/lib/protobuf/lifecycle.rb +0 -33
- data/lib/protobuf/logging.rb +0 -39
- data/lib/protobuf/message/fields.rb +0 -233
- data/lib/protobuf/message/serialization.rb +0 -85
- data/lib/protobuf/message.rb +0 -241
- data/lib/protobuf/optionable.rb +0 -72
- data/lib/protobuf/tasks/compile.rake +0 -80
- data/lib/protobuf/tasks.rb +0 -1
- data/lib/protobuf/varint.rb +0 -20
- data/lib/protobuf/varint_pure.rb +0 -31
- data/lib/protobuf/version.rb +0 -3
- data/lib/protobuf/wire_type.rb +0 -10
- data/lib/protobuf.rb +0 -91
- data/proto/dynamic_discovery.proto +0 -46
- data/proto/google/protobuf/compiler/plugin.proto +0 -183
- data/proto/google/protobuf/descriptor.proto +0 -911
- data/proto/rpc.proto +0 -71
- data/service_executables/.gitkeep +0 -0
- data/service_executables/VERSION +0 -1
- data/service_executables/linux/contrast-service +0 -0
- data/service_executables/mac/contrast-service +0 -0
@@ -1,11 +1,17 @@
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require 'contrast/components/base'
|
5
|
+
|
4
6
|
module Contrast
|
5
7
|
module Config
|
6
8
|
# Certificate Configuration
|
7
9
|
class CertificationConfiguration
|
8
10
|
include Contrast::Config::BaseConfiguration
|
11
|
+
include Contrast::Components::ComponentBase
|
12
|
+
|
13
|
+
CANON_NAME = 'api.certification'
|
14
|
+
CONFIG_VALUES = %w[ca_file cert_file key_file enable].cs__freeze
|
9
15
|
|
10
16
|
# @return [String] path to CA Cert file
|
11
17
|
attr_accessor :ca_file
|
@@ -28,6 +34,14 @@ module Contrast
|
|
28
34
|
def enable
|
29
35
|
@enable.nil? ? false : @enable
|
30
36
|
end
|
37
|
+
|
38
|
+
# Converts current configuration to effective config values class and appends them to
|
39
|
+
# EffectiveConfig class.
|
40
|
+
#
|
41
|
+
# @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
|
42
|
+
def to_effective_config effective_config
|
43
|
+
add_effective_config_values(effective_config, CONFIG_VALUES, CANON_NAME, CONTRAST)
|
44
|
+
end
|
31
45
|
end
|
32
46
|
end
|
33
47
|
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/config/effective_config'
|
5
|
+
|
6
|
+
module Contrast
|
7
|
+
module Agent
|
8
|
+
module DiagnosticsConfig
|
9
|
+
# This class is responsible for logging to file the effective Agent configurations after startup.
|
10
|
+
class Config
|
11
|
+
attr_reader :effective_config
|
12
|
+
|
13
|
+
MESSAGE_FAIL = 'Unable to connect to Contrast, configuration details from the Contrast UI will not be included.'
|
14
|
+
MESSAGE_SUCCESSFUL = 'Connected to Contrast.'
|
15
|
+
CONN_STATUS_MSG_FAILURE = 'Unable to connect to Contrast, insufficient connection properties provided.'
|
16
|
+
|
17
|
+
def initialize
|
18
|
+
@effective_config = Contrast::Agent::DiagnosticsConfig::EffectiveConfig.new
|
19
|
+
@config_status = Contrast::Utils::ObjectShare::EMPTY_STRING
|
20
|
+
end
|
21
|
+
|
22
|
+
# This method will set the status from the request/response cycles
|
23
|
+
#
|
24
|
+
# @param response [Contrast::Agent::Reporting::Response]
|
25
|
+
def determine_config_status response
|
26
|
+
return unless response
|
27
|
+
# If we encounter for some of the startup events failure - always return failure
|
28
|
+
return if @config_status == MESSAGE_FAIL || CONN_STATUS_MSG_FAILURE
|
29
|
+
|
30
|
+
response_code = response.code.to_s
|
31
|
+
@config_status = response_code.starts_with?('2') ? MESSAGE_SUCCESSFUL : MESSAGE_FAIL
|
32
|
+
nil
|
33
|
+
end
|
34
|
+
|
35
|
+
# This method will set the status message from the config validation
|
36
|
+
def populate_fail_connection
|
37
|
+
@config_status = CONN_STATUS_MSG_FAILURE
|
38
|
+
end
|
39
|
+
|
40
|
+
def to_controlled_hash
|
41
|
+
@effective_config.to_controlled_hash.merge({ Status: @config_status })
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,114 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'json'
|
5
|
+
require 'fileutils'
|
6
|
+
require 'contrast/utils/timer'
|
7
|
+
require 'contrast/utils/log_utils'
|
8
|
+
require 'contrast/components/logger'
|
9
|
+
require 'contrast/utils/object_share'
|
10
|
+
require 'contrast/config/config'
|
11
|
+
require 'contrast/config/effective_config'
|
12
|
+
require 'contrast/config/effective_config_value'
|
13
|
+
|
14
|
+
module Contrast
|
15
|
+
module Agent
|
16
|
+
module DiagnosticsConfig
|
17
|
+
# This class is responsible for logging to file the effective Agent configurations after startup.
|
18
|
+
class Diagnostics
|
19
|
+
include Contrast::Components::Logger::InstanceMethods
|
20
|
+
include Contrast::Utils::LogUtils
|
21
|
+
|
22
|
+
# @return [String] path to write the file.
|
23
|
+
attr_reader :path
|
24
|
+
|
25
|
+
DEFAULT_PATH = File.join(Dir.pwd).cs__freeze
|
26
|
+
ERROR_MESSAGE = '[Configuration Diagnostics] Could not write effective Agent configuration to file'
|
27
|
+
FILE_NAME = 'contrast_connection.json'
|
28
|
+
WRITE = 'w+'
|
29
|
+
|
30
|
+
# @param path [String] path to write to file.
|
31
|
+
def initialize path
|
32
|
+
@path = path if path && !path.empty?
|
33
|
+
end
|
34
|
+
|
35
|
+
# Write current settings to file.
|
36
|
+
#
|
37
|
+
# @param reset [Boolean] should we reset the config we have
|
38
|
+
# @return [Boolean]
|
39
|
+
def write_to_file reset: true
|
40
|
+
logger&.info('[Configuration Diagnostics] Writing Effective Configurations to file', path: dir_name)
|
41
|
+
status = false
|
42
|
+
write_to_file_logic(status, reset: reset)
|
43
|
+
rescue IOError => e
|
44
|
+
logger&.warn(ERROR_MESSAGE, e)
|
45
|
+
false
|
46
|
+
end
|
47
|
+
|
48
|
+
def extract_settings
|
49
|
+
Contrast::AGENT.to_effective_config(config.effective_config)
|
50
|
+
Contrast::API.to_effective_config(config.effective_config)
|
51
|
+
Contrast::APP_CONTEXT.to_effective_config(config.effective_config)
|
52
|
+
Contrast::ASSESS.to_effective_config(config.effective_config)
|
53
|
+
Contrast::INVENTORY.to_effective_config(config.effective_config)
|
54
|
+
Contrast::PROTECT.to_effective_config(config.effective_config)
|
55
|
+
end
|
56
|
+
|
57
|
+
# Determine the path of the current logger and permissions required for
|
58
|
+
# writing to path.
|
59
|
+
#
|
60
|
+
# @return [String] Path
|
61
|
+
def dir_name
|
62
|
+
@_dir_name ||= if write_permission?(@path)
|
63
|
+
File.dirname(File.absolute_path(@path))
|
64
|
+
else
|
65
|
+
DEFAULT_PATH
|
66
|
+
end
|
67
|
+
rescue Errno::EROFS => e
|
68
|
+
logger.warn(ERROR_MESSAGE, e)
|
69
|
+
end
|
70
|
+
|
71
|
+
# Returns effective configurations of the agent.
|
72
|
+
#
|
73
|
+
# @return [Contrast::Agent::DiagnosticsConfig::Config]
|
74
|
+
def config
|
75
|
+
@_config ||= Contrast::Agent::DiagnosticsConfig::Config.new
|
76
|
+
end
|
77
|
+
|
78
|
+
# Reset the state of the current effective config.
|
79
|
+
def reset_config
|
80
|
+
@_config = Contrast::Agent::DiagnosticsConfig::Config.new
|
81
|
+
end
|
82
|
+
|
83
|
+
def to_controlled_hash
|
84
|
+
{
|
85
|
+
ReportCreate: report_create_time,
|
86
|
+
Config: config.to_controlled_hash
|
87
|
+
}
|
88
|
+
end
|
89
|
+
|
90
|
+
def write_to_file_logic status, reset: true
|
91
|
+
# We need to reset the config before updating it's values
|
92
|
+
reset_config if reset
|
93
|
+
extract_settings
|
94
|
+
File.open(File.join(dir_name, FILE_NAME), WRITE) do |file|
|
95
|
+
file.truncate(0)
|
96
|
+
file.write(JSON.pretty_generate(to_controlled_hash, { space: Contrast::Utils::ObjectShare::EMPTY_STRING }))
|
97
|
+
status = true if file
|
98
|
+
file.close
|
99
|
+
end
|
100
|
+
status
|
101
|
+
end
|
102
|
+
|
103
|
+
private
|
104
|
+
|
105
|
+
# Return current time in iso8601 format.
|
106
|
+
#
|
107
|
+
# @return [String] Time of creation
|
108
|
+
def report_create_time
|
109
|
+
Contrast::Utils::Timer.time_now
|
110
|
+
end
|
111
|
+
end
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
@@ -0,0 +1,98 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/utils/object_share'
|
5
|
+
|
6
|
+
module Contrast
|
7
|
+
module Agent
|
8
|
+
module DiagnosticsConfig
|
9
|
+
# Diagnostics tools to be included in config components.
|
10
|
+
module DiagnosticsTools
|
11
|
+
CHECK = 'd'
|
12
|
+
|
13
|
+
# Converts current configuration for array of values to effective config values class and appends them to
|
14
|
+
# EffectiveConfig class. Must be used inside Config Components only.
|
15
|
+
#
|
16
|
+
# @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
|
17
|
+
# @param config_values [Array<String>] array of the names of values.
|
18
|
+
# @param canonical_prefix [String] starting of the path to config => api.proxy...
|
19
|
+
# @param name_prefix [String] the name of the config prefix => contrast.api_key, contrast.url
|
20
|
+
def add_effective_config_values effective_config, config_values, canonical_prefix, name_prefix
|
21
|
+
return if config_values.to_s.empty?
|
22
|
+
|
23
|
+
config_values.each do |config|
|
24
|
+
Contrast::Agent::DiagnosticsConfig::EffectiveConfigValue.new.tap do |value|
|
25
|
+
next if (config_val = send(config.to_sym)).to_s.empty?
|
26
|
+
|
27
|
+
config_name = assign_name(config)
|
28
|
+
value.canonical_name = "#{ canonical_prefix }.#{ config_name }"
|
29
|
+
value.name = "#{ name_prefix }.#{ config_name }"
|
30
|
+
value.value = config_val
|
31
|
+
value.source = Contrast::CONFIG.sources.get(value.canonical_name)
|
32
|
+
if value.source == Contrast::Components::Config::Sources::YAML
|
33
|
+
value.filename = Contrast::CONFIG.config_file_path
|
34
|
+
end
|
35
|
+
effective_config.values << value
|
36
|
+
rescue StandardError => e
|
37
|
+
log_error(e)
|
38
|
+
next
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
# Converts current configuration for single value to effective config values class and appends them to
|
44
|
+
# EffectiveConfig class. Must be used inside Config Components only.
|
45
|
+
#
|
46
|
+
# @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
|
47
|
+
# @param config_name [String] name of the config.
|
48
|
+
# @param config_value [String, Boolean] value of the config.
|
49
|
+
# @param canonical_prefix [String] starting of the path to config => api.proxy...
|
50
|
+
# @param name_prefix [String] the name of the config prefix => contrast.api_key, contrast.url
|
51
|
+
def add_single_effective_value effective_config, config_name, config_value, canonical_prefix, name_prefix
|
52
|
+
Contrast::Agent::DiagnosticsConfig::EffectiveConfigValue.new.tap do |value|
|
53
|
+
break if config_value.to_s.empty?
|
54
|
+
|
55
|
+
value.value = config_value
|
56
|
+
value.canonical_name = "#{ canonical_prefix }.#{ config_name }"
|
57
|
+
value.name = "#{ name_prefix }.#{ config_name }"
|
58
|
+
value.source = Contrast::CONFIG.sources.get(value.canonical_name)
|
59
|
+
if value.source == Contrast::Components::Config::Sources::YAML
|
60
|
+
value.filename = Contrast::CONFIG.config_file_path
|
61
|
+
end
|
62
|
+
effective_config.values << value
|
63
|
+
rescue StandardError => e
|
64
|
+
log_error(e)
|
65
|
+
next
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
private
|
70
|
+
|
71
|
+
# Assigns a proper name for the config removing '?' out of method names.
|
72
|
+
#
|
73
|
+
# @param config [String] name of the configuration
|
74
|
+
# @return [String]
|
75
|
+
def assign_name config
|
76
|
+
return Contrast::Utils::ObjectShare::EMPTY_STRING unless config
|
77
|
+
|
78
|
+
name = config.dup
|
79
|
+
if name.end_with?(Contrast::Utils::ObjectShare::QUESTION_MARK)
|
80
|
+
# check and remove '?' : start_bundled_service? => start_bundled_service
|
81
|
+
name.delete!(Contrast::Utils::ObjectShare::QUESTION_MARK)
|
82
|
+
name.chop! if name.end_with?(CHECK)
|
83
|
+
name
|
84
|
+
end
|
85
|
+
name
|
86
|
+
end
|
87
|
+
|
88
|
+
# Logs any caught error.
|
89
|
+
#
|
90
|
+
# @param error [StandardError]
|
91
|
+
def log_error error
|
92
|
+
Contrast::CONFIG.proto_logger.warn('Could not write effective config to file: ',
|
93
|
+
error: error, backtrace: error.backtrace)
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'contrast/config/effective_config_value'
|
5
|
+
|
6
|
+
module Contrast
|
7
|
+
module Agent
|
8
|
+
module DiagnosticsConfig
|
9
|
+
# The current effective config received from all authorized configuration channels.
|
10
|
+
class EffectiveConfig
|
11
|
+
# Value of effective agent configurations
|
12
|
+
#
|
13
|
+
# @return [Array]
|
14
|
+
attr_reader :values
|
15
|
+
|
16
|
+
def initialize
|
17
|
+
@values = []
|
18
|
+
end
|
19
|
+
|
20
|
+
def to_controlled_hash
|
21
|
+
{
|
22
|
+
EffectiveConfig: { values: @values&.map(&:to_controlled_hash) },
|
23
|
+
File: yaml_config_settings,
|
24
|
+
Environment: environment_settings,
|
25
|
+
CommandLine: command_line_settings,
|
26
|
+
ContrastUI: contrast_ui_settings
|
27
|
+
}
|
28
|
+
end
|
29
|
+
|
30
|
+
private
|
31
|
+
|
32
|
+
def yaml_config_settings
|
33
|
+
{
|
34
|
+
Path: Contrast::CONFIG.config_file_path,
|
35
|
+
Values: Contrast::CONFIG.sources.for(Contrast::Components::Config::Sources::YAML)
|
36
|
+
}
|
37
|
+
end
|
38
|
+
|
39
|
+
def command_line_settings
|
40
|
+
flatten_settings(Contrast::CONFIG.sources.for(Contrast::Components::Config::Sources::CLI))
|
41
|
+
end
|
42
|
+
|
43
|
+
def contrast_ui_settings
|
44
|
+
flatten_settings(Contrast::CONFIG.sources.for(Contrast::Components::Config::Sources::CONTRASTUI))
|
45
|
+
end
|
46
|
+
|
47
|
+
def flatten_settings data, path = []
|
48
|
+
data.each_with_object([]) do |(k, v), entries|
|
49
|
+
if v.cs__is_a?(Hash)
|
50
|
+
entries.concat(flatten_settings(v, path.dup.append(k.to_sym)))
|
51
|
+
else
|
52
|
+
entries << { "#{ path.join('.') }.#{ k }" => Contrast::CONFIG.config.loaded_config.dig(*path, k) }
|
53
|
+
end
|
54
|
+
end.flatten # rubocop:disable Style/MethodCalledOnDoEndBlock
|
55
|
+
end
|
56
|
+
|
57
|
+
def environment_settings
|
58
|
+
ENV.select { |e| e.to_s.start_with?(Contrast::Components::Config::CONTRAST_ENV_MARKER) }.
|
59
|
+
to_a.
|
60
|
+
map { |e| Hash[*e] }
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
module Contrast
|
5
|
+
module Agent
|
6
|
+
module DiagnosticsConfig
|
7
|
+
# All In effect config values stored in a easy to write representation.
|
8
|
+
class EffectiveConfigValue
|
9
|
+
# @return [String] Name of the config starting form root of yaml config.
|
10
|
+
attr_accessor :canonical_name
|
11
|
+
# @return [String] Name of the config.
|
12
|
+
attr_accessor :name
|
13
|
+
# @return [String] Value set for the config.
|
14
|
+
attr_accessor :value
|
15
|
+
# @return [String] The source for the entry in the config.
|
16
|
+
attr_accessor :source
|
17
|
+
# @return [String,nil] The filename for the source of the config, if the source was "yaml".
|
18
|
+
attr_accessor :filename
|
19
|
+
|
20
|
+
def to_controlled_hash
|
21
|
+
{
|
22
|
+
canonical_name: canonical_name,
|
23
|
+
name: name, # rubocop:disable Security/Module/Name
|
24
|
+
value: value,
|
25
|
+
Source: source,
|
26
|
+
Filename: filename
|
27
|
+
}.compact
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -1,20 +1,32 @@
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require 'contrast/components/base'
|
5
|
+
|
4
6
|
module Contrast
|
5
7
|
module Config
|
6
8
|
# Common Configuration settings. Those in this section pertain to the exception handling in Ruby, allowing for the
|
7
9
|
# override of Response Code and Message when Security Exceptions are raised.
|
8
10
|
class ExceptionConfiguration
|
9
11
|
include Contrast::Config::BaseConfiguration
|
12
|
+
include Contrast::Components::ComponentBase
|
13
|
+
|
14
|
+
CANON_NAME = 'agent.ruby.exception'
|
15
|
+
CONFIG_VALUES = %w[capture override_status override_message].cs__freeze
|
10
16
|
|
11
17
|
# @return [Integer] the HTTP status code override
|
12
18
|
attr_accessor :override_status
|
13
19
|
# @return [String] the message text override
|
14
20
|
attr_accessor :override_message
|
15
21
|
attr_writer :capture
|
22
|
+
# @return [String]
|
23
|
+
attr_reader :canon_name
|
24
|
+
# @return [Array]
|
25
|
+
attr_reader :config_values
|
16
26
|
|
17
27
|
def initialize hsh = {}
|
28
|
+
@config_values = CONFIG_VALUES
|
29
|
+
@canon_name = CANON_NAME
|
18
30
|
return unless hsh
|
19
31
|
|
20
32
|
@capture = hsh[:capture]
|
@@ -33,24 +33,24 @@ module Contrast
|
|
33
33
|
end
|
34
34
|
|
35
35
|
# To convert the user input mode from config to a standard format used by TS & SR, we need to convert the given
|
36
|
-
# String to its
|
36
|
+
# String to its recognized symbol equivalent. If a nonsense value is provided, it'll
|
37
37
|
# be treated the same as disabling the rule.
|
38
38
|
#
|
39
|
-
# @return [
|
39
|
+
# @return [Symbol]
|
40
40
|
def applicable_mode
|
41
41
|
return unless mode
|
42
42
|
|
43
|
-
case mode
|
43
|
+
case mode.downcase
|
44
44
|
when 'permit'
|
45
|
-
|
45
|
+
:PERMIT
|
46
46
|
when 'block_at_perimeter'
|
47
|
-
|
47
|
+
:BLOCK_AT_PERIMETER
|
48
48
|
when 'block'
|
49
|
-
|
49
|
+
:BLOCK
|
50
50
|
when 'monitor'
|
51
|
-
|
51
|
+
:MONITOR
|
52
52
|
else
|
53
|
-
|
53
|
+
:NO_ACTION
|
54
54
|
end
|
55
55
|
end
|
56
56
|
end
|
@@ -10,84 +10,47 @@ module Contrast
|
|
10
10
|
include Contrast::Config::BaseConfiguration
|
11
11
|
|
12
12
|
attr_accessor :disabled_rules
|
13
|
-
|
14
|
-
:
|
15
|
-
:
|
13
|
+
attr_reader :bot_blocker,
|
14
|
+
:cmd_injection, :cmd_injection_command_backdoors,
|
15
|
+
:cmd_injection_semantic_chained_commands, :cmd_injection_semantic_dangerous_paths,
|
16
|
+
:method_tampering,
|
17
|
+
:nosql_injection,
|
18
|
+
:path_traversal, :path_traversal_semantic_file_security_bypass,
|
19
|
+
:reflected_xss,
|
20
|
+
:sql_injection, :sql_injection_semantic_dangerous_functions,
|
21
|
+
:unsafe_file_upload,
|
22
|
+
:untrusted_deserialization,
|
23
|
+
:xxe,
|
24
|
+
:rule_base
|
16
25
|
|
17
26
|
BASE_RULE = 'Contrast::Agent::Protect::Rule::Base'.cs__freeze
|
18
27
|
|
19
28
|
def initialize hsh = {} # rubocop:disable Metrics/AbcSize
|
20
29
|
return unless hsh
|
21
30
|
|
31
|
+
# IVs must be with the same name as rule_id
|
22
32
|
@disabled_rules = hsh[:disabled_rules]
|
23
33
|
@rule_base = Contrast::Config::ProtectRuleConfiguration.new(hsh[BASE_RULE.to_sym])
|
24
34
|
@bot_blocker = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'bot-blocker'])
|
25
35
|
@cmd_injection = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'cmd-injection'])
|
36
|
+
@cmd_injection_command_backdoors =
|
37
|
+
Contrast::Config::ProtectRuleConfiguration.new(hsh[:'cmd-injection-command-backdoors'])
|
38
|
+
@cmd_injection_semantic_chained_commands =
|
39
|
+
Contrast::Config::ProtectRuleConfiguration.new(hsh[:'cmd-injection-semantic-chained-commands'])
|
40
|
+
@cmd_injection_semantic_dangerous_paths =
|
41
|
+
Contrast::Config::ProtectRuleConfiguration.new(hsh[:'cmd-injection-semantic-dangerous-paths'])
|
26
42
|
@method_tampering = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'method-tampering'])
|
27
43
|
@nosql_injection = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'nosql-injection'])
|
28
44
|
@path_traversal = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'path-traversal'])
|
45
|
+
@path_traversal_semantic_file_security_bypass =
|
46
|
+
Contrast::Config::ProtectRuleConfiguration.new(hsh[:'path-traversal-semantic-file-security-bypass'])
|
29
47
|
@reflected_xss = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'reflected-xss'])
|
30
48
|
@sql_injection = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'sql-injection'])
|
31
|
-
@
|
49
|
+
@sql_injection_semantic_dangerous_functions =
|
32
50
|
Contrast::Config::ProtectRuleConfiguration.new(hsh[:'sql-injection-semantic-dangerous-functions'])
|
33
51
|
@unsafe_file_upload = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'unsafe-file-upload'])
|
34
52
|
@untrusted_deserialization = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'untrusted-deserialization'])
|
35
|
-
@
|
36
|
-
:'cmd-injection-command-backdoors'
|
37
|
-
])
|
38
|
-
@xxe = Contrast::Config::ProtectRuleConfiguration.new(hsh[:xxe])
|
39
|
-
end
|
40
|
-
|
41
|
-
def bot_blocker
|
42
|
-
@bot_blocker ||= Contrast::Config::ProtectRuleConfiguration.new
|
43
|
-
end
|
44
|
-
|
45
|
-
def cmd_injection
|
46
|
-
@cmd_injection ||= Contrast::Config::ProtectRuleConfiguration.new
|
47
|
-
end
|
48
|
-
|
49
|
-
def sql_injection
|
50
|
-
@sql_injection ||= Contrast::Config::ProtectRuleConfiguration.new
|
51
|
-
end
|
52
|
-
|
53
|
-
def nosql_injection
|
54
|
-
@nosql_injection ||= Contrast::Config::ProtectRuleConfiguration.new
|
55
|
-
end
|
56
|
-
|
57
|
-
def untrusted_deserialization
|
58
|
-
@untrusted_deserialization ||= Contrast::Config::ProtectRuleConfiguration.new
|
59
|
-
end
|
60
|
-
|
61
|
-
def method_tampering
|
62
|
-
@method_tampering ||= Contrast::Config::ProtectRuleConfiguration.new
|
63
|
-
end
|
64
|
-
|
65
|
-
def xxe
|
66
|
-
@xxe ||= Contrast::Config::ProtectRuleConfiguration.new
|
67
|
-
end
|
68
|
-
|
69
|
-
def path_traversal
|
70
|
-
@path_traversal ||= Contrast::Config::ProtectRuleConfiguration.new
|
71
|
-
end
|
72
|
-
|
73
|
-
def reflected_xss
|
74
|
-
@reflected_xss ||= Contrast::Config::ProtectRuleConfiguration.new
|
75
|
-
end
|
76
|
-
|
77
|
-
def unsafe_file_upload
|
78
|
-
@unsafe_file_upload ||= Contrast::Config::ProtectRuleConfiguration.new
|
79
|
-
end
|
80
|
-
|
81
|
-
def cmdi_command_backdoors
|
82
|
-
@cmdi_command_backdoors ||= Contrast::Config::ProtectRuleConfiguration.new
|
83
|
-
end
|
84
|
-
|
85
|
-
def rule_base
|
86
|
-
@rule_base ||= Contrast::Config::ProtectRuleConfiguration.new
|
87
|
-
end
|
88
|
-
|
89
|
-
def sqli_dangerous_function
|
90
|
-
@sqli_dangerous_function = Contrast::Config::ProtectRuleConfiguration.new
|
53
|
+
@xxe = Contrast::Config::ProtectRuleConfiguration.new(hsh['xxe'])
|
91
54
|
end
|
92
55
|
|
93
56
|
def []= key, value
|
@@ -1,13 +1,18 @@
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require 'contrast/components/base'
|
5
|
+
|
4
6
|
module Contrast
|
5
7
|
module Config
|
6
8
|
# This class holds the Common Settings for the hidden functionality of the TS
|
7
9
|
class RequestAuditConfiguration
|
8
10
|
include Contrast::Config::BaseConfiguration
|
11
|
+
include Contrast::Components::ComponentBase
|
9
12
|
|
10
13
|
DEFAULT_PATH = './messages'
|
14
|
+
CANON_NAME = 'api.request_audit'
|
15
|
+
CONFIG_VALUES = %w[enable requests responses path].cs__freeze
|
11
16
|
|
12
17
|
attr_writer :enable, :requests, :responses, :path
|
13
18
|
|
@@ -39,6 +44,14 @@ module Contrast
|
|
39
44
|
def path
|
40
45
|
@path.nil? ? DEFAULT_PATH : @path
|
41
46
|
end
|
47
|
+
|
48
|
+
# Converts current configuration to effective config values class and appends them to
|
49
|
+
# EffectiveConfig class.
|
50
|
+
#
|
51
|
+
# @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
|
52
|
+
def to_effective_config effective_config
|
53
|
+
add_effective_config_values(effective_config, CONFIG_VALUES, CANON_NAME, "#{ CONTRAST }.#{ CANON_NAME }")
|
54
|
+
end
|
42
55
|
end
|
43
56
|
end
|
44
57
|
end
|
@@ -1,12 +1,18 @@
|
|
1
1
|
# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require 'contrast/config/base_configuration'
|
5
|
+
|
4
6
|
module Contrast
|
5
7
|
module Config
|
6
8
|
# Common Configuration settings. Those in this section pertain to the server identification functionality of the
|
7
9
|
# Agent.
|
8
10
|
class ServerConfiguration
|
9
11
|
include Contrast::Config::BaseConfiguration
|
12
|
+
include Contrast::Components::ComponentBase
|
13
|
+
|
14
|
+
CANON_NAME = 'server'
|
15
|
+
CONFIG_VALUES = %w[tags environment version].cs__freeze
|
10
16
|
|
11
17
|
# @return [String, nil]
|
12
18
|
attr_reader :name
|
@@ -14,14 +20,19 @@ module Contrast
|
|
14
20
|
attr_accessor :path
|
15
21
|
# @return [String, nil]
|
16
22
|
attr_accessor :type
|
17
|
-
|
18
|
-
attr_accessor :tags
|
23
|
+
attr_writer :tags
|
19
24
|
# @return [String, nil]
|
20
25
|
attr_accessor :environment
|
21
26
|
# @return [String, nil]
|
22
27
|
attr_accessor :version
|
28
|
+
# @return [String]
|
29
|
+
attr_reader :canon_name
|
30
|
+
# @return [Array]
|
31
|
+
attr_reader :config_values
|
23
32
|
|
24
33
|
def initialize hsh = {}
|
34
|
+
@config_values = CONFIG_VALUES
|
35
|
+
@canon_name = CANON_NAME
|
25
36
|
return unless hsh
|
26
37
|
|
27
38
|
@path = hsh[:path]
|
@@ -31,6 +42,34 @@ module Contrast
|
|
31
42
|
@environment = hsh[:environment]
|
32
43
|
@version = hsh[:version]
|
33
44
|
end
|
45
|
+
|
46
|
+
# @return [String, nil]
|
47
|
+
def tags
|
48
|
+
stringify_array(@tags)
|
49
|
+
end
|
50
|
+
|
51
|
+
# Converts current configuration to effective config values class and appends them to
|
52
|
+
# EffectiveConfig class.
|
53
|
+
#
|
54
|
+
# @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
|
55
|
+
def to_effective_config effective_config
|
56
|
+
super
|
57
|
+
add_single_effective_value(effective_config,
|
58
|
+
'type',
|
59
|
+
Contrast::APP_CONTEXT.server_type,
|
60
|
+
CANON_NAME,
|
61
|
+
"#{ CONTRAST }.#{ CANON_NAME }")
|
62
|
+
add_single_effective_value(effective_config,
|
63
|
+
'name',
|
64
|
+
Contrast::APP_CONTEXT.server_name,
|
65
|
+
CANON_NAME,
|
66
|
+
"#{ CONTRAST }.#{ CANON_NAME }")
|
67
|
+
add_single_effective_value(effective_config,
|
68
|
+
'path',
|
69
|
+
Contrast::APP_CONTEXT.server_path,
|
70
|
+
CANON_NAME,
|
71
|
+
"#{ CONTRAST }.#{ CANON_NAME }")
|
72
|
+
end
|
34
73
|
end
|
35
74
|
end
|
36
75
|
end
|