contrast-agent 6.8.0 → 6.9.0

data/lib/contrast/components/config/sources.rb

@@ -0,0 +1,95 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/env_configuration_item'
+require 'ougai'
+require 'contrast/configuration'
+
+module Contrast
+  module Components
+    module Config
+      # This component encapsulates storing the source for each entry in the config,
+      # so that we can report on where the value was set from.
+      class Sources
+        ENVIRONMENT = 'ENV'
+        CLI = 'CLI'
+        CONTRASTUI = 'ContrastUI'
+        DEFAULT = 'Default'
+        YAML = 'YAML'
+
+        # @return [Hash]
+        attr_reader :data
+
+        def initialize data = {}
+          @data = data
+        end
+
+        # Retrieves the current config source for the specified config path. If no source is
+        # set then returns the Default value.
+        #
+        # @param path [String] the canonical name for the config entry (such as api.proxy.enable)
+        # @return [String] the source for the entry
+        def get path
+          data.dig(*parts_for(path)) || DEFAULT
+        rescue TypeError
+          DEFAULT
+        end
+
+        # Assigns the config source for a specified config path.
+        #
+        # @param path [String] the canonical name for the config entry (such as api.proxy.enable)
+        # @param [String] the source for the entry
+        # @return [String] the source type for the entry
+        def set path, source
+          assign_value(data, parts_for(path), source)
+        end
+
+        # Finds entries within config source data for the specified type, and returns
+        # them along with the current values for each.
+        #
+        # @param type [String] a source type (ENV, CLI, ContrastUI, YAML)
+        # @return [Hash] the entries for the provided source, along with the associated values
+        def for type
+          deep_select(data.dup, type, [])
+        end
+
+        private
+
+        # @param path [String] the canonical name for a config entry (such as api.proxy.enable)
+        # @return [Array] the path split on periods, and converted to symbols
+        def parts_for path
+          path.split('.').map(&:to_sym)
+        end
+
+        # @param current_level [Hash] all, or some of, the config source information
+        # @param parts [Array] the parts for canonical name of the config entry
+        # @param source [String] the source to be set for the specified entry
+        # @return [Array] the path split on periods, and converted to symbols
+        def assign_value current_level, parts, source
+          parts[0...-1].each do |segment|
+            current_level[segment] ||= {}
+            current_level = current_level[segment]
+          end
+          return unless current_level.cs__is_a?(Hash)
+
+          current_level[parts[-1]] = source
+        end
+
+        # @param sources [Hash] all, or some of, the config source information
+        # @param type [Array] the source type to look for entries of
+        # @param path [String] the entries followed to get to this part of the config
+        # @return [Hash] the entries for the provided source, along with the associated values
+        def deep_select sources, type, path
+          sources.each_with_object({}) do |(k, v), grouping|
+            if v.cs__is_a?(Hash)
+              nested_data = deep_select(v, type, path.dup.append(k.to_sym))
+              grouping[k] = nested_data unless nested_data.empty?
+            elsif v == type
+              grouping[k] = Contrast::CONFIG.config.loaded_config.dig(*path, k)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/components/config.rb

@@ -4,6 +4,7 @@
 require 'contrast/utils/env_configuration_item'
 require 'ougai'
 require 'contrast/configuration'
+require 'contrast/config/diagnostics'
 
 module Contrast
   module Components
@@ -26,6 +27,7 @@ module Contrast
       CONTRAST_ENV_MARKER = 'CONTRAST__'
       CONTRAST_LOG = 'contrast_agent.log'
       CONTRAST_NAME = 'Contrast Agent'
+      DATE_TIME = '%Y-%m-%dT%H:%M:%S.%L%z'
 
       class Interface # :nodoc: # rubocop:disable Metrics/ClassLength
         SESSION_VARIABLES = 'Invalid configuration. '\
@@ -50,7 +52,7 @@ module Contrast
             @_proto_logger.progname = CONTRAST_NAME
             @_proto_logger.level = ::Ougai::Logging::Severity::WARN
             @_proto_logger.formatter = Contrast::Logger::Format.new
-            @_proto_logger.formatter.datetime_format = '%Y-%m-%dT%H:%M:%S.%L%z'
+            @_proto_logger.formatter.datetime_format = DATE_TIME
             @_proto_logger
           end
         end
@@ -109,6 +111,10 @@ module Contrast
           @config.enable
         end
 
+        def sources
+          @config.sources
+        end
+
         def invalid?
           !valid?
         end
@@ -130,6 +136,11 @@ module Contrast
           application.session_metadata
         end
 
+        # @return [String, nil] the path to the YAML config file, if any.
+        def config_file_path
+          config.config_file
+        end
+
         private
 
         # The config has information about how to construct the logger. If the config is invalid, and you want to know
@@ -221,6 +232,11 @@ module Contrast
           agent.logger.path
         end
 
+        # This methods is here to add the proper forward towards @config
+        def enable= value
+          @config.enable = value
+        end
+
         # Assign the value from an ENV variable to the Contrast::Config::RootConfiguration object, when
         # appropriate.
         #
@@ -233,6 +249,7 @@ module Contrast
           return unless current_level.nil? == false && current_level.cs__respond_to?(dot_path_array[-1])
 
           current_level.send("#{ dot_path_array[-1] }=", value)
+          sources.set(dot_path_array.join('.'), Contrast::Components::Config::Sources::ENVIRONMENT)
         end
       end
     end

data/lib/contrast/components/heap_dump.rb

@@ -10,12 +10,22 @@ module Contrast
       # Interface used to build the HeapDump settings and component.
       class Interface
         include Contrast::Config::BaseConfiguration
+        include Contrast::Components::ComponentBase
+
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
 
         DEFAULT_PATH = 'contrast_heap_dumps' # saved
         DEFAULT_MS = 10_000
         DEFAULT_COUNT = 5
+        CANON_NAME = 'agent.heap_dump'
+        CONFIG_VALUES = %w[enable path delay_ms window_ms count clean].cs__freeze
 
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @_enable = hsh[:enable]

data/lib/contrast/components/inventory.rb

@@ -11,10 +11,18 @@ module Contrast
       class Interface
         include Contrast::Components::ComponentBase
 
-        # @return [Array, nil] tags
-        attr_accessor :tags
+        CANON_NAME = 'inventory'
+        CONFIG_VALUES = %w[enable analyze_libraries tags].cs__freeze
+
+        attr_writer :tags
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
 
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @enable = !false?(hsh[:enable])
@@ -31,6 +39,11 @@ module Contrast
         def analyze_libraries
           @analyze_libraries.nil? ? true : @analyze_libraries
         end
+
+        # @return [String, nil] tags
+        def tags
+          stringify_array(@tags)
+        end
       end
     end
   end

data/lib/contrast/components/logger.rb

@@ -13,6 +13,14 @@ module Contrast
           Contrast::Logger::Log.instance.logger
         end
 
+        # When calling this method from any instance
+        # The CEF logger will be initialized and it's
+        # path and level will be set. Since we don't
+        # call this method unless protect is started,
+        # on Agent Startup no file is created before is
+        # needed.
+        #
+        # @return [Logger]
         def cef_logger
           @_cef_logger ||= Contrast::Logger::CEFLog.instance.tap(&:build_logger)
         end
@@ -23,6 +31,10 @@ module Contrast
       # instance methods and will initialize new instances for where they're needed
       class Interface
         include InstanceMethods
+        include Contrast::Components::ComponentBase
+
+        CANON_NAME = 'agent.logger'
+        CONFIG_VALUES = %w[path level progname].cs__freeze
 
         # @return [String, nil]
         attr_accessor :path
@@ -30,8 +42,14 @@ module Contrast
         attr_accessor :level
         # @return [String, nil]
         attr_accessor :progname
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
 
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @path = hsh[:path]

data/lib/contrast/components/polling.rb

@@ -0,0 +1,36 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/base'
+
+module Contrast
+  module Components
+    module Polling
+      # A wrapper build around the agent.polling config
+      class Interface
+        include Contrast::Components::ComponentBase
+
+        # @return [Integer, nil]
+        attr_reader :server_settings_ms
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
+        # @return [Integer, nil]
+        attr_reader :batch_reporting_interval_ms
+
+        CANON_NAME = 'agent.polling'
+        CONFIG_VALUES = %w[server_settings_ms batch_reporting_interval_ms].cs__freeze
+
+        def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
+          return unless hsh
+
+          @server_settings_ms = hsh[:server_settings_ms]
+          @batch_reporting_interval_ms = hsh[:batch_reporting_interval_ms]
+        end
+      end
+    end
+  end
+end

data/lib/contrast/components/protect.rb

@@ -14,12 +14,23 @@ module Contrast
         include Contrast::Components::ComponentBase
         include Contrast::Config::BaseConfiguration
 
+        CANON_NAME = 'protect'
+        CONFIG_VALUES = %w[enabled?].cs__freeze
+        RULES = 'rules'
+        MODE = 'mode'
+
         # @return [Boolean, nil]
         attr_accessor :enable
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
         # @return [Boolean, nil]
         attr_accessor :agent_lib
 
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @_exceptions = Contrast::Config::ExceptionConfiguration.new(hsh[:exceptions])
@@ -57,6 +68,9 @@ module Contrast
           ::Contrast::SETTINGS.protect_state.enabled == true
         end
 
+        # Current Configuration for the protect rules
+        #
+        # @return [Contrast::Config::ProtectRulesConfiguration]
         def rule_config
           ::Contrast::CONFIG.protect.rules
         end
@@ -65,11 +79,17 @@ module Contrast
         # protect rules.
         #
         # @return defend_rules[Hash<Contrast::SETTINGS.protect_state.rules>]
-        #
         def defend_rules
           ::Contrast::SETTINGS.protect_state.rules
         end
 
+        # The Contrast::CONFIG.protect.rules is object so we need to check it's
+        # corresponding method call for each rule of interest. If there is no
+        # status available we search for any Settings available received form
+        # TS response.
+        #
+        # @param rule_id [String]
+        # @return mode [Symbol]
         def rule_mode rule_id
           str = rule_id.tr('-', '_')
           ::Contrast::CONFIG.protect.rules[str]&.applicable_mode ||
@@ -77,6 +97,9 @@ module Contrast
               :NO_ACTION
         end
 
+        # Name of the protect rule
+        #
+        # @return [String]
         def rule name
           ::Contrast::SETTINGS.protect_state.rules[name]
         end
@@ -104,8 +127,32 @@ module Contrast
           @_forcibly_disabled = false?(::Contrast::CONFIG.protect.enable)
         end
 
+        # Converts current configuration to effective config values class and appends them to
+        # EffectiveConfig class.
+        #
+        # @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
+        def to_effective_config effective_config
+          super
+          protect_rules_to_effective_config(effective_config)
+        end
+
         private
 
+        # @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
+        def protect_rules_to_effective_config effective_config
+          return unless defend_rules
+
+          defend_rules.each do |key, value|
+            next unless key && value
+
+            config_prefix = "#{ CANON_NAME }.#{ RULES }.#{ key }"
+            name_prefix = "#{ CONTRAST }.#{ CANON_NAME }.#{ RULES }.#{ key }"
+            add_single_effective_value(effective_config, ENABLE, value.enabled?, config_prefix, name_prefix)
+            # Get the mode by checking Current Configs or Settings received:
+            add_single_effective_value(effective_config, MODE, rule_mode(key), config_prefix, name_prefix)
+          end
+        end
+
         def forcibly_enabled?
           return @_forcibly_enabled unless @_forcibly_enabled.nil?
 

data/lib/contrast/components/ruby_component.rb

@@ -1,6 +1,8 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/components/base'
+
 module Contrast
   module Components
     module Ruby
@@ -23,11 +25,24 @@ module Contrast
         ].cs__freeze
 
         DEFAULT_UNINSTRUMENTED_NAMESPACES = %w[FactoryGirl FactoryBot].cs__freeze
+        CANON_NAME = 'agent.ruby'
+        CONFIG_VALUES = %w[
+          disabled_agent_rake_tasks
+          propagate_yield require_scan
+          non_request_tracking
+          uninstrument_namespace
+        ].cs__freeze
 
         attr_writer :disabled_agent_rake_tasks, :exceptions, :propagate_yield, :require_scan,
                     :non_request_tracking, :uninstrument_namespace
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
 
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @disabled_agent_rake_tasks = hsh[:disabled_agent_rake_tasks]

data/lib/contrast/components/sampling.rb

@@ -28,10 +28,10 @@ module Contrast
             settings = ::Contrast::SETTINGS&.assess_state&.sampling_settings
             {
                 enabled: enabled?(config_settings, settings),
-                baseline: baseline(config_settings, settings),
-                request_frequency: request_frequency(config_settings, settings),
-                response_frequency: response_frequency(config_settings, settings),
-                window: window(config_settings, settings)
+                baseline: check_baseline(config_settings, settings),
+                request_frequency: check_request_frequency(config_settings, settings),
+                response_frequency: check_response_frequency(config_settings, settings),
+                window: check_window(config_settings, settings)
             }
           end
         end
@@ -45,7 +45,8 @@ module Contrast
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
         #   local user input
-        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @param settings [Contrast::Agent::Reporting::Settings::Sampling, nil] the Sampling settings as provided by
+        # TeamServer
         # @return [Boolean] the resolution of the config_settings, settings, and default value
         def enabled? config_settings, settings
           true?([config_settings&.enable, settings&.enabled, DEFAULT_SAMPLING_ENABLED].compact[0])
@@ -53,35 +54,39 @@ module Contrast
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
         #   local user input
-        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @param settings [Contrast::Agent::Reporting::Settings::Sampling] the Sampling settings as provided by
+        # TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
-        def baseline config_settings, settings
+        def check_baseline config_settings, settings
           [config_settings&.baseline, settings&.baseline].map(&:to_i).find(&:positive?) || DEFAULT_SAMPLING_BASELINE
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
         #   local user input
-        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @param settings [Contrast::Agent::Reporting::Settings::Sampling] the Sampling settings as provided by
+        # TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
-        def request_frequency config_settings, settings
+        def check_request_frequency config_settings, settings
           [config_settings&.request_frequency, settings&.request_frequency].map(&:to_i).find(&:positive?) ||
               DEFAULT_SAMPLING_REQUEST_FREQUENCY
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
         #   local user input
-        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @param settings [Contrast::Agent::Reporting::Settings::Sampling] the Sampling settings as provided by
+        # TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
-        def response_frequency config_settings, settings
+        def check_response_frequency config_settings, settings
           [config_settings&.response_frequency, settings&.response_frequency].map(&:to_i).find(&:positive?) ||
               DEFAULT_SAMPLING_RESPONSE_FREQUENCY
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
         #   local user input
-        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @param settings [Contrast::Agent::Reporting::Settings::Sampling] the Sampling settings as provided by
+        # TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
-        def window config_settings, settings
+        def check_window config_settings, settings
           [config_settings&.window_ms, settings&.window_ms].map(&:to_i).find(&:positive?) || DEFAULT_SAMPLING_WINDOW_MS
         end
       end
@@ -94,8 +99,13 @@ module Contrast
 
       class Interface # :nodoc:
         include InstanceMethods
+        extend ClassMethods
         include Contrast::Config::BaseConfiguration
 
+        CANON_NAME = 'assess.sampling'
+        NAME_PREFIX = "#{ CONTRAST }.#{ CANON_NAME }"
+        CONFIG_VALUES = %w[enable baseline request_frequency response_frequency window_ms].cs__freeze
+
         # @return [Integer, nil]
         attr_reader :baseline
         # @return [Integer, nil]
@@ -104,8 +114,11 @@ module Contrast
         attr_reader :response_frequency
         # @return [Integer, nil]
         attr_reader :window_ms
+        # @return [String]
+        attr_reader :canon_name
 
         def initialize hsh = {}
+          @canon_name = CANON_NAME
           return unless hsh
 
           @enable = hsh[:enable]
@@ -119,6 +132,50 @@ module Contrast
         def enable
           !!@enable
         end
+
+        # Converts current configuration to effective config values class and appends them to
+        # EffectiveConfig class.
+        #
+        # @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
+        def to_effective_config effective_config
+          confirm_sources
+
+          add_single_effective_value(effective_config, 'enable', sampling_control[:enabled], canon_name, NAME_PREFIX)
+          add_single_effective_value(effective_config, 'baseline', sampling_control[:baseline], canon_name, NAME_PREFIX)
+          add_single_effective_value(effective_config, 'window_ms', sampling_control[:window], canon_name, NAME_PREFIX)
+          add_single_effective_value(effective_config,
+                                     'request_frequency',
+                                     sampling_control[:request_frequency],
+                                     canon_name,
+                                     NAME_PREFIX)
+          add_single_effective_value(effective_config,
+                                     'response_frequency',
+                                     sampling_control[:response_frequency],
+                                     canon_name,
+                                     NAME_PREFIX)
+        end
+
+        private
+
+        # Confirm the sources for the sample entries to ensure that we use 'Default' if we've fallen
+        # back to the default values.
+        def confirm_sources
+          if sampling_control[:enabled] == DEFAULT_SAMPLING_ENABLED
+            Contrast::CONFIG.sources.set('assess.sampling.enable', Contrast::Components::Config::Sources::DEFAULT)
+          end
+          if sampling_control[:window] == DEFAULT_SAMPLING_WINDOW_MS
+            Contrast::CONFIG.sources.set('assess.sampling.window_ms', Contrast::Components::Config::Sources::DEFAULT)
+          end
+          {
+              'baseline' => :baseline,
+              'request_frequency' => :request_frequency,
+              'response_frequency' => :response_frequency
+          }.each do |k, v|
+            if sampling_control[v] == cs__class.cs__const_get("DEFAULT_SAMPLING_#{ v.upcase }")
+              Contrast::CONFIG.sources.set("assess.sampling.#{ k }", Contrast::Components::Config::Sources::DEFAULT)
+            end
+          end
+        end
       end
     end
   end

data/lib/contrast/components/security_logger.rb

@@ -1,17 +1,30 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/components/base'
+
 module Contrast
   module Components
     module SecurityLogger
       # Here we will read and store the setting for the CEF Logging functionality
       class Interface
+        include Contrast::Components::ComponentBase
+
+        CANON_NAME = 'agent.security_logger'
+        CONFIG_VALUES = %w[path level].cs__freeze
+
         # @return [String, nil]
         attr_accessor :path
         # @return [String, nil]
         attr_accessor :level
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
 
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @path = hsh[:path]