contrast-agent 7.0.0 → 7.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/contrast/agent/assess/policy/policy.rb +1 -1
- data/lib/contrast/agent/deadzone/policy/policy.rb +1 -1
- data/lib/contrast/agent/patching/policy/policy.rb +2 -2
- data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb +3 -0
- data/lib/contrast/agent/protect/rule/no_sqli/no_sqli.rb +1 -1
- data/lib/contrast/agent/reporting/reporter.rb +19 -4
- data/lib/contrast/agent/reporting/reporting_events/agent_effective_config.rb +32 -0
- data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb +7 -0
- data/lib/contrast/agent/reporting/reporting_utilities/headers.rb +3 -1
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb +11 -7
- data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb +15 -7
- data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb +2 -1
- data/lib/contrast/agent/reporting/reporting_workers/application_server_worker.rb +3 -0
- data/lib/contrast/agent/reporting/reporting_workers/reporter_heartbeat.rb +3 -0
- data/lib/contrast/agent/reporting/reporting_workers/server_settings_worker.rb +3 -0
- data/lib/contrast/agent/telemetry/base.rb +37 -12
- data/lib/contrast/agent/telemetry/client.rb +1 -3
- data/lib/contrast/agent/telemetry/telemetry.rb +0 -7
- data/lib/contrast/agent/thread/thread_watcher.rb +2 -2
- data/lib/contrast/agent/version.rb +1 -1
- data/lib/contrast/components/agent.rb +1 -1
- data/lib/contrast/components/api.rb +2 -2
- data/lib/contrast/components/app_context.rb +1 -1
- data/lib/contrast/components/assess.rb +1 -1
- data/lib/contrast/components/assess_rules.rb +1 -1
- data/lib/contrast/components/base.rb +3 -3
- data/lib/contrast/components/config/sources.rb +12 -9
- data/lib/contrast/components/config.rb +2 -2
- data/lib/contrast/components/protect.rb +2 -2
- data/lib/contrast/components/sampling.rb +6 -4
- data/lib/contrast/components/settings.rb +1 -1
- data/lib/contrast/config/certification_configuration.rb +1 -1
- data/lib/contrast/config/configuration_files.rb +47 -0
- data/lib/contrast/config/diagnostics/command_line.rb +24 -0
- data/lib/contrast/config/{config.rb → diagnostics/config.rb} +21 -6
- data/lib/contrast/config/diagnostics/contrast_ui.rb +24 -0
- data/lib/contrast/config/diagnostics/effective_config.rb +28 -0
- data/lib/contrast/config/diagnostics/effective_config_value.rb +14 -0
- data/lib/contrast/config/diagnostics/environment_variables.rb +51 -0
- data/lib/contrast/config/{diagnostics.rb → diagnostics/monitor.rb} +10 -10
- data/lib/contrast/config/diagnostics/source_config_value.rb +51 -0
- data/lib/contrast/config/diagnostics/tools.rb +188 -0
- data/lib/contrast/config/diagnostics/user_configuration_file.rb +44 -0
- data/lib/contrast/config/request_audit_configuration.rb +1 -1
- data/lib/contrast/config/server_configuration.rb +1 -1
- data/lib/contrast/configuration.rb +90 -57
- data/lib/contrast/utils/hash_utils.rb +43 -0
- data/lib/contrast/utils/json.rb +46 -0
- data/lib/contrast/utils/net_http_base.rb +75 -26
- metadata +16 -7
- data/lib/contrast/config/diagnostics_tools.rb +0 -99
- data/lib/contrast/config/effective_config.rb +0 -131
- data/lib/contrast/config/effective_config_value.rb +0 -32
@@ -1,99 +0,0 @@
|
|
1
|
-
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/utils/object_share'
|
5
|
-
require 'contrast/config/effective_config_value'
|
6
|
-
|
7
|
-
module Contrast
|
8
|
-
module Agent
|
9
|
-
module DiagnosticsConfig
|
10
|
-
# Diagnostics tools to be included in config components.
|
11
|
-
module DiagnosticsTools
|
12
|
-
CHECK = 'd'
|
13
|
-
|
14
|
-
# Converts current configuration for array of values to effective config values class and appends them to
|
15
|
-
# EffectiveConfig class. Must be used inside Config Components only.
|
16
|
-
#
|
17
|
-
# @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
|
18
|
-
# @param config_values [Array<String>] array of the names of values.
|
19
|
-
# @param canonical_prefix [String] starting of the path to config => api.proxy...
|
20
|
-
# @param name_prefix [String] the name of the config prefix => contrast.api_key, contrast.url
|
21
|
-
def add_effective_config_values effective_config, config_values, canonical_prefix, name_prefix
|
22
|
-
return if config_values.to_s.empty?
|
23
|
-
|
24
|
-
config_values.each do |config|
|
25
|
-
Contrast::Agent::DiagnosticsConfig::EffectiveConfigValue.new.tap do |value|
|
26
|
-
next if (config_val = send(config.to_sym)).to_s.empty?
|
27
|
-
|
28
|
-
config_name = assign_name(config)
|
29
|
-
value.canonical_name = "#{ canonical_prefix }.#{ config_name }"
|
30
|
-
value.name = "#{ name_prefix }.#{ config_name }"
|
31
|
-
value.value = config_val
|
32
|
-
value.source = Contrast::CONFIG.sources.get(value.canonical_name)
|
33
|
-
if value.source == Contrast::Components::Config::Sources::YAML
|
34
|
-
value.filename = Contrast::CONFIG.config_file_path
|
35
|
-
end
|
36
|
-
effective_config.values << value
|
37
|
-
rescue StandardError => e
|
38
|
-
log_error(e)
|
39
|
-
next
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
|
44
|
-
# Converts current configuration for single value to effective config values class and appends them to
|
45
|
-
# EffectiveConfig class. Must be used inside Config Components only.
|
46
|
-
#
|
47
|
-
# @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
|
48
|
-
# @param config_name [String] name of the config.
|
49
|
-
# @param config_value [String, Boolean] value of the config.
|
50
|
-
# @param canonical_prefix [String] starting of the path to config => api.proxy...
|
51
|
-
# @param name_prefix [String] the name of the config prefix => contrast.api_key, contrast.url
|
52
|
-
def add_single_effective_value effective_config, config_name, config_value, canonical_prefix, name_prefix
|
53
|
-
Contrast::Agent::DiagnosticsConfig::EffectiveConfigValue.new.tap do |value|
|
54
|
-
break if config_value.to_s.empty?
|
55
|
-
|
56
|
-
value.value = config_value
|
57
|
-
value.canonical_name = "#{ canonical_prefix }.#{ config_name }"
|
58
|
-
value.name = "#{ name_prefix }.#{ config_name }"
|
59
|
-
value.source = Contrast::CONFIG.sources.get(value.canonical_name)
|
60
|
-
if value.source == Contrast::Components::Config::Sources::YAML
|
61
|
-
value.filename = Contrast::CONFIG.config_file_path
|
62
|
-
end
|
63
|
-
effective_config.values << value
|
64
|
-
rescue StandardError => e
|
65
|
-
log_error(e)
|
66
|
-
next
|
67
|
-
end
|
68
|
-
end
|
69
|
-
|
70
|
-
private
|
71
|
-
|
72
|
-
# Assigns a proper name for the config removing '?' out of method names.
|
73
|
-
#
|
74
|
-
# @param config [String] name of the configuration
|
75
|
-
# @return [String]
|
76
|
-
def assign_name config
|
77
|
-
return Contrast::Utils::ObjectShare::EMPTY_STRING unless config
|
78
|
-
|
79
|
-
name = config.dup
|
80
|
-
if name.end_with?(Contrast::Utils::ObjectShare::QUESTION_MARK)
|
81
|
-
# check and remove '?' : start_bundled_service? => start_bundled_service
|
82
|
-
name.delete!(Contrast::Utils::ObjectShare::QUESTION_MARK)
|
83
|
-
name.chop! if name.end_with?(CHECK)
|
84
|
-
name
|
85
|
-
end
|
86
|
-
name
|
87
|
-
end
|
88
|
-
|
89
|
-
# Logs any caught error.
|
90
|
-
#
|
91
|
-
# @param error [StandardError]
|
92
|
-
def log_error error
|
93
|
-
Contrast::CONFIG.proto_logger.warn('Could not write effective config to file: ',
|
94
|
-
error: error, backtrace: error.backtrace)
|
95
|
-
end
|
96
|
-
end
|
97
|
-
end
|
98
|
-
end
|
99
|
-
end
|
@@ -1,131 +0,0 @@
|
|
1
|
-
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'contrast/config/effective_config_value'
|
5
|
-
require 'contrast/config/diagnostics_tools'
|
6
|
-
require 'contrast/utils/object_share'
|
7
|
-
|
8
|
-
module Contrast
|
9
|
-
module Agent
|
10
|
-
module DiagnosticsConfig
|
11
|
-
# The current effective config received from all authorized configuration channels.
|
12
|
-
class EffectiveConfig
|
13
|
-
NON_COMMON_ENV = %w[CONTRAST_CONFIG_PATH CONTRAST_AGENT_TELEMETRY_OPTOUT].cs__freeze
|
14
|
-
|
15
|
-
# Value of effective agent configurations
|
16
|
-
#
|
17
|
-
# @return [Array]
|
18
|
-
attr_reader :values
|
19
|
-
|
20
|
-
def initialize
|
21
|
-
@values = []
|
22
|
-
end
|
23
|
-
|
24
|
-
def to_controlled_hash
|
25
|
-
{
|
26
|
-
effective_config: { values: @values&.map(&:to_controlled_hash) },
|
27
|
-
user_configuration_file: yaml_config_settings,
|
28
|
-
environment_variable: environment_settings(ENV).map(&:to_controlled_hash),
|
29
|
-
command_line: command_line_settings.map(&:to_controlled_hash),
|
30
|
-
contrast_ui: contrast_ui_settings.map(&:to_controlled_hash)
|
31
|
-
}
|
32
|
-
end
|
33
|
-
|
34
|
-
private
|
35
|
-
|
36
|
-
def yaml_config_settings
|
37
|
-
{
|
38
|
-
path: Contrast::CONFIG.config_file_path,
|
39
|
-
values: value_to_s(Contrast::CONFIG.sources.for(Contrast::Components::Config::Sources::YAML))
|
40
|
-
}
|
41
|
-
end
|
42
|
-
|
43
|
-
def command_line_settings
|
44
|
-
cli = flatten_settings(Contrast::CONFIG.sources.for(Contrast::Components::Config::Sources::CLI))
|
45
|
-
flat_settings(cli)
|
46
|
-
end
|
47
|
-
|
48
|
-
def contrast_ui_settings
|
49
|
-
ui = flatten_settings(Contrast::CONFIG.sources.for(Contrast::Components::Config::Sources::CONTRASTUI))
|
50
|
-
flat_settings(ui)
|
51
|
-
end
|
52
|
-
|
53
|
-
# @param flats [Array] of flatten configs produced by #flatten_settings
|
54
|
-
# @return [Array]
|
55
|
-
def flat_settings flats
|
56
|
-
ui_settings = []
|
57
|
-
flats.each do |entry|
|
58
|
-
entry.each do |key, value|
|
59
|
-
efc_value = Contrast::Agent::DiagnosticsConfig::EffectiveConfigValue.new.tap do |effective_value|
|
60
|
-
effective_value.canonical_name = Contrast::Utils::ObjectShare::CONTRAST_DOT + key
|
61
|
-
effective_value.name = key
|
62
|
-
effective_value.value = value_to_s(value)
|
63
|
-
end
|
64
|
-
ui_settings << efc_value if efc_value
|
65
|
-
end
|
66
|
-
end
|
67
|
-
ui_settings
|
68
|
-
end
|
69
|
-
|
70
|
-
def flatten_settings data, path = []
|
71
|
-
data.each_with_object([]) do |(k, v), entries|
|
72
|
-
if v.cs__is_a?(Hash)
|
73
|
-
entries.concat(flatten_settings(v, path.dup.append(k.to_sym)))
|
74
|
-
else
|
75
|
-
entries << { "#{ path.join('.') }.#{ k }" => Contrast::CONFIG.config.loaded_config.dig(*path, k).to_s }
|
76
|
-
end
|
77
|
-
end.flatten # rubocop:disable Style/MethodCalledOnDoEndBlock
|
78
|
-
end
|
79
|
-
|
80
|
-
# This method will fill the canonical name for each env var and will check for any uncommon ones.
|
81
|
-
#
|
82
|
-
# @param env [Hash]
|
83
|
-
# @return [Array] array of all the values needed to be written.
|
84
|
-
def environment_settings env
|
85
|
-
env_hash = env.select do |e|
|
86
|
-
e.to_s.start_with?(Contrast::Components::Config::CONTRAST_ENV_MARKER) || NON_COMMON_ENV.include?(e.to_s)
|
87
|
-
end
|
88
|
-
environment_settings = []
|
89
|
-
env_hash.each do |key, value|
|
90
|
-
efc_value = Contrast::Agent::DiagnosticsConfig::EffectiveConfigValue.new.tap do |effective_value|
|
91
|
-
next unless value
|
92
|
-
|
93
|
-
effective_value.canonical_name = if NON_COMMON_ENV.include?(key)
|
94
|
-
key.gsub(Contrast::Utils::ObjectShare::UNDERSCORE,
|
95
|
-
Contrast::Utils::ObjectShare::PERIOD).downcase
|
96
|
-
else
|
97
|
-
key.gsub(Contrast::Utils::ObjectShare::DOUBLE_UNDERSCORE,
|
98
|
-
Contrast::Utils::ObjectShare::PERIOD).downcase
|
99
|
-
end
|
100
|
-
if effective_value.canonical_name
|
101
|
-
effective_value.name =
|
102
|
-
effective_value.canonical_name.gsub(Contrast::Utils::ObjectShare::CONTRAST_DOT,
|
103
|
-
Contrast::Utils::ObjectShare::EMPTY_STRING)
|
104
|
-
end
|
105
|
-
effective_value.value = value_to_s(value)
|
106
|
-
end
|
107
|
-
environment_settings << efc_value if efc_value
|
108
|
-
end
|
109
|
-
environment_settings
|
110
|
-
end
|
111
|
-
|
112
|
-
# Recursively converts each value to string.
|
113
|
-
#
|
114
|
-
# @param value [Hash]
|
115
|
-
def value_to_s value
|
116
|
-
return value if value.cs__is_a?(String)
|
117
|
-
|
118
|
-
value.each_with_object({}) do |(k, v), m| # rubocop:disable Style/HashTransformValues
|
119
|
-
m[k] = if v.cs__is_a?(Hash)
|
120
|
-
value_to_s(v)
|
121
|
-
elsif v.cs__is_a?(Array)
|
122
|
-
v.map(&:to_s)
|
123
|
-
else
|
124
|
-
v.to_s
|
125
|
-
end
|
126
|
-
end
|
127
|
-
end
|
128
|
-
end
|
129
|
-
end
|
130
|
-
end
|
131
|
-
end
|
@@ -1,32 +0,0 @@
|
|
1
|
-
# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
module Contrast
|
5
|
-
module Agent
|
6
|
-
module DiagnosticsConfig
|
7
|
-
# All In effect config values stored in a easy to write representation.
|
8
|
-
class EffectiveConfigValue
|
9
|
-
# @return [String] Name of the config starting form root of yaml config.
|
10
|
-
attr_accessor :canonical_name
|
11
|
-
# @return [String] Name of the config.
|
12
|
-
attr_accessor :name
|
13
|
-
# @return [String] Value set for the config.
|
14
|
-
attr_accessor :value
|
15
|
-
# @return [String] The source for the entry in the config.
|
16
|
-
attr_accessor :source
|
17
|
-
# @return [String,nil] The filename for the source of the config, if the source was "yaml".
|
18
|
-
attr_accessor :filename
|
19
|
-
|
20
|
-
def to_controlled_hash
|
21
|
-
{
|
22
|
-
canonical_name: canonical_name,
|
23
|
-
name: name, # rubocop:disable Security/Module/Name
|
24
|
-
value: value&.cs__is_a?(Array) ? value.map(&:to_s) : value.to_s,
|
25
|
-
source: source,
|
26
|
-
filename: filename
|
27
|
-
}.compact
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|