contrast-agent 7.0.0 → 7.2.0

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb

@@ -8,16 +8,20 @@ require 'contrast/components/scope'
 require 'contrast/agent/reporting/reporting_events/application_startup'
 require 'contrast/agent/reporting/reporting_utilities/reporter_client'
 require 'contrast/agent/reporting/reporting_utilities/endpoints'
+require 'contrast/agent/reporting/reporting_utilities/resend'
 
 module Contrast
   module Agent
     module Reporting
       # This module holds utilities required by the reporting service client
       module ReporterClientUtils
+        include Contrast::Agent::Reporting::Resend
         include Contrast::Components::Logger::InstanceMethods
         include Contrast::Components::Scope::InstanceMethods
         include Contrast::Agent::Reporting::Endpoints
 
+        STRING_ENCODING = 'BINARY'
+
         # List the events that need to be sent when agent starts up.
         # The order here matters -- DO NOT CHANGE IT!!! >_< - HM
         #
@@ -33,19 +37,37 @@ module Contrast
 
         private
 
-        # Send Agent Startup event
+        # Send Agent Startup event. If error occurs, it will try to resend the message.
         #
         # @param connection [Net::HTTP] open connection
         def send_agent_startup connection
-          logger.debug('Preparing to send startup messages')
+          logger.debug('[Reporter] Preparing to send startup messages')
+          STARTUP_EVENTS.each { |event| send_event(event.new, connection) }
+          logger.debug('[Reporter] Startup messages sent.') if status.startup_messages_sent?
+        end
 
-          STARTUP_EVENTS.each do |event|
-            startup_event = event.new
-            send_event(startup_event, connection)
-          rescue StandardError => e
-            handle_error(startup_event, e)
-          end
-          logger.debug('Startup messages sent')
+        # Disable reporting and log the error
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent]
+        # @param error [StandardError]
+        def disable_reporting event, error
+          status.failure!
+          mode.resend.reset_rescue_attempts
+          mode.status = mode.disabled
+          message = '[Reporter] Unable to send message.'
+          response_handler.stop_reporting(message,
+                                          application: Contrast::APP_CONTEXT.name, # rubocop:disable Security/Module/Name
+                                          connection_error: error,
+                                          client: Contrast::Agent::Reporting::ReporterClient::SERVICE_NAME,
+                                          event_id: event&.__id__,
+                                          event_type: event&.cs__class&.cs__name)
+          nil
+        end
+
+        def response_success!
+          status.success!
+          mode.enter_run_mode
+          mode.resend.reset_rescue_attempts
         end
 
         # This method will build headers of the request required for TS communication
@@ -53,45 +75,30 @@ module Contrast
         # @param request [Net::HTTPRequest]
         # @return [Net::HTTPRequest]
         def build_headers request
-          app_version = @headers.app_version
-          request['API-Key'] = @headers.api_key
-          request['Application-Language'] = @headers.app_language
-          request['Application-Name'] = @headers.app_name
-          request['Application-Path'] = @headers.app_path
-          request['Application-Version'] = app_version if app_version
+          build_application_headers(request)
+          build_encode_and_compress_headers(request)
           request['Authorization'] = @headers.authorization
           request['Server-Name'] = @headers.server_name
           request['Server-Path'] = @headers.server_path
           request['Server-Type'] = @headers.server_type
           request['X-Contrast-Agent'] = @headers.agent_version
           request['X-Contrast-Header-Encoding'] = @headers.encoding
-          build_encode_and_compress_headers(request)
+          request['Session-ID'] = @headers.session_id
           request
         end
 
-        # Handles standard error case, logs and set status for failure
-        #
-        # @param event [Contrast::Agent::Reporting::ReportingEvent]
-        #   One of the DTMs valid for the event field of Contrast::Api::Dtm::Message
-        # @param error_msg [StandardError]
-        # @return nil [NilClass] to be passed as response
-        def handle_error event, error_msg
-          status.failure!
-          logger.error('Unable to send message.',
-                       error_msg,
-                       client: Contrast::Agent::Reporting::ReporterClient::SERVICE_NAME,
-                       event_id: event&.__id__,
-                       event_type: event&.cs__class&.cs__name)
-          nil
-        end
-
         # Handles response processing and sets status
         #
         # @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer.
         # @param response [Net::HTTP::Response]
         def process_settings_response response, event
           res = response_handler.process(response, event)
-          status.success! if res
+          if res
+            status.success!
+            mode.resend.reset_rescue_attempts
+          else
+            status.failure!
+          end
           res
         end
 
@@ -108,6 +115,7 @@ module Contrast
           return unless response&.body && connection
 
           findings_to_return = response.body.split(',').delete_if { |el| el.include?('*') }
+          mode.resend.reset_rescue_attempts
           findings_to_return.each do |index|
             preflight_message = event.messages[index.to_i]
             corresponding_finding = Contrast::Agent::Reporting::ReportingStorage.delete(preflight_message.data)
@@ -116,7 +124,7 @@ module Contrast
             send_event(corresponding_finding, connection)
           end
         rescue StandardError => e
-          logger.error('Unable to handle response', e)
+          logger.error('[Reporter] Unable to handle preflight response', e)
         end
 
         # Convert the given event into an appropriate Net::HTTPRequest object, setting the request headers and
@@ -137,10 +145,7 @@ module Contrast
                       end
             build_headers(request)
             event.attach_headers(request)
-            # compress:
-            gzip = Zlib::GzipWriter.new(StringIO.new)
-            gzip << event.event_json
-            request.body = gzip.close.string
+            request.body = compress_event(event)
             request
           end
         end
@@ -155,6 +160,18 @@ module Contrast
           request['X-Contrast-Encoding'] = @headers.compression
           request['Content-Encoding'] = @headers.compression
         end
+
+        # Adds corresponding application headers to request.
+        #
+        # @param request [Net::HTTPRequest]
+        def build_application_headers request
+          app_version = @headers.app_version
+          request['API-Key'] = @headers.api_key
+          request['Application-Language'] = @headers.app_language
+          request['Application-Name'] = @headers.app_name
+          request['Application-Path'] = @headers.app_path
+          request['Application-Version'] = app_version if app_version
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_utilities/resend.rb

@@ -0,0 +1,144 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      # Module to house the Resend logic, when there is no response from TS.
+      module Resend
+        # How manny times the client will try to rescue from above error before raising an
+        # error to reflect the events.
+        #
+        RESCUE_ATTEMPTS = 3
+        TIMEOUT = 5
+        RETRY_ERRORS = [
+          Net::OpenTimeout, Net::ReadTimeout, ArgumentError, EOFError, OpenSSL::SSL::SSLError, Resolv::ResolvError,
+          Errno::ECONNRESET, Errno::ECONNREFUSED, Errno::ETIMEDOUT, Errno::ESHUTDOWN, Errno::EHOSTDOWN, NameError,
+          Errno::EHOSTUNREACH, Errno::EISCONN, Errno::ECONNABORTED, Errno::ENETRESET, Errno::ENETUNREACH, SocketError,
+          NameError, NoMethodError, Timeout::Error, RuntimeError
+        ].cs__freeze
+        RESENDING_MESSAGE = '[Reporter] Resending message...'
+        END_RESENDING_MESSAGE = '[Reporter] Reporter tried to resend event and received error:'
+
+        # This method is mainly used in inside error handling and startup mesasges sending.
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent] event to resend
+        # @param connection [Net::HTTP] open connection
+        # @param error [StandardError] error that was raised
+        # @return [Net::HTTPResponse, nil] response from TS
+        def try_resend event, connection, error
+          # The timeout for agent to sleep is set here, we don't need to raise an error,
+          # but also 15 min is a long time to wait for example if event is startup message.
+          # Override timeout
+          if Contrast::Agent::Reporting::ReporterClientUtils::STARTUP_EVENTS.include?(event.cs__class)
+            response_handler.suspend_reporting(RESENDING_MESSAGE,
+                                               TIMEOUT,
+                                               error,
+                                               event: event,
+                                               log_error: false,
+                                               startup: true)
+          end
+          mode.enter_resend_mode
+          handle_resend(event, connection)
+        end
+
+        # This method will handle the error and will decide if we need to resend the event
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent]
+        # @param connection [Net::HTTP] open connection
+        # @return [Net::HTTPResponse, nil] response from TS
+        def handle_resend event, connection
+          if sleep?
+            logger.debug("[Reporter] sleeping for #{ TIMEOUT } seconds before resending...")
+            Thread.current.send(:sleep, timeout)
+            wake_up
+          end
+          response = mode.status == mode.resending ? send_event(event, connection) : nil
+          response_success! if response
+          response
+        end
+
+        # Handles errors that occurs before the ResponseHandler do not have a response, or response
+        # code to hande. This Errors requires different handling, because most of errors here
+        # occurs when the response cannot be read, there is open ssl error, or a certain Timeout
+        # is reached.
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent]
+        #   One of the DTMs valid for the event field of Contrast::Api::Dtm::Message
+        # @param error [StandardError]
+        # @param connection [Net::HTTP] open connection
+        # @return nil [NilClass] to be passed as response
+        def handle_response_error event, connection, error
+          return end_of_rescue(event, error) if mode.resend.rescue_attempts >= RESCUE_ATTEMPTS
+
+          if RETRY_ERRORS.include?(error.cs__class)
+            mode.resend.increase_rescue_attempts
+            try_resend(event, connection, error)
+          else
+            end_of_rescue(event, error)
+          end
+        end
+
+        # End of rescue attempts.
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent]
+        # @param error [StandardError]
+        # @return [NilClass]
+        def end_of_rescue event, error
+          if Contrast::Agent::Reporting::ReporterClientUtils::STARTUP_EVENTS.include?(event.cs__class)
+            # Agent didn't send it's startup events, There will be reporting errors, disable reporting.
+            disable_reporting(event, error)
+          else
+            # There is an error in one of the reported messages, log that error and continue.
+            logger.error(END_RESENDING_MESSAGE,
+                         resend_attempts: Contrast::Agent::Reporting::Resend::RESCUE_ATTEMPTS,
+                         connection_error: error,
+                         client: Contrast::Agent::Reporting::ReporterClient::SERVICE_NAME,
+                         event_id: event&.__id__,
+                         event_type: event&.cs__class&.cs__name)
+          end
+        end
+
+        # Disable reporting when there is an error that cannot be handled.
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent]
+        # @param error [StandardError]
+        # @return [NilClass]
+        def disable_reporting event, error
+          logger.error('[Agent] Disabling Reporting...', error: error.message, event_type: event.cs__class&.cs__name)
+          Contrast::AGENT.disable!
+        end
+
+        # Methods that will initialize the resending state.
+        class Status
+          # RESEND_STARTUP_EVENTS = 4
+
+          def initialize
+            @_rescue_attempts = 0
+          end
+
+          # return how many times the client has tried to rescue from error.
+          #
+          # @return [Integer]
+          def rescue_attempts
+            @_rescue_attempts ||= 0
+          end
+
+          # Reset Error rescues attempts.
+          #
+          # @return [Integer]
+          def reset_rescue_attempts
+            @_rescue_attempts = 0
+          end
+
+          # Increase the Error rescues attempts.
+          #
+          # @return [Integer]
+          def increase_rescue_attempts
+            @_rescue_attempts += 1
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb

@@ -40,7 +40,7 @@ module Contrast
                                                                            assess_on: ::Contrast::ASSESS.enabled?)
           response
         rescue StandardError => e
-          logger.error('Unable to process response from TeamServer', e)
+          logger.error('[Reporter] Unable to process response from TeamServer', e)
           nil
         end
 
@@ -63,11 +63,45 @@ module Contrast
           @_mode ||= Contrast::Agent::Reporting::ResponseHandlerMode.new
         end
 
+        # Puts the reporting service to sleep
+        def put_to_sleep
+          @_sleep = true
+        end
+
         # Wakes the reporting service
         def wake_up
           @_sleep = false
         end
 
+        # Suspend the reporter and try again in time. If not set
+        # the timeout is set to 15 min As default:
+        #
+        # @param message [String] Message to log.
+        # @param timeout [Integer,nil] The timeout to wait and retry after.
+        # @param error_message [String, nil] Error message if any received.
+        # @param event [Contrast::Agent::Reporting::ReportingEvent, nil] The event sent to TeamServer if set
+        # @param log_error [Boolean] Whether to log the error or not.
+        # @param startup [Boolean] Whether this is a startup error or not.
+        def suspend_reporting message, timeout, error_message, event: nil, log_error: true, startup: false
+          @_timeout = timeout || Contrast::Agent::Reporting::ResponseHandler::TIMEOUT
+          if log_error
+            log_error_msg(message,
+                          timeout: @_timeout,
+                          error_message: error_message || 'none',
+                          event_id: event.nil? ? 'none' : event&.__id__,
+                          event_type: event.nil? ? 'none' : event&.cs__class&.cs__name)
+          end
+          if startup
+            logger.info(message,
+                        connection_error: error_message,
+                        client: Contrast::Agent::Reporting::ReporterClient::SERVICE_NAME,
+                        event_id: event&.__id__,
+                        timeout: timeout,
+                        event_type: event&.cs__class&.cs__name)
+          end
+          put_to_sleep
+        end
+
         private
 
         # Handles the errors code received from TS and takes appropriate action.
@@ -93,18 +127,6 @@ module Contrast
           end
         end
 
-        # Suspend the reporter and try again in time. If not set
-        # the timeout is set to 15 min As default:
-        #
-        # @param message [String] Message to log.
-        # @param timeout [Integer,nil] The timeout to wait and retry after.
-        # @param error_message [String, nil] Error message if any received.
-        def suspend_reporting message, timeout, error_message
-          @_timeout = timeout || Contrast::Agent::Reporting::ResponseHandler::TIMEOUT
-          log_error_msg(message, timeout: @_timeout, error_message: error_message || 'none')
-          @_sleep = true
-        end
-
         # Log what we've received.
         #
         # @param message [String] Message to log

data/lib/contrast/agent/reporting/reporting_utilities/response_handler_mode.rb

@@ -1,6 +1,8 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/agent/reporting/reporting_utilities/resend'
+
 module Contrast
   module Agent
     module Reporting
@@ -44,6 +46,17 @@ module Contrast
           @_status ||= running
         end
 
+        # Resend Status tracker
+        #
+        # @return [Contrast::Agent::Reporting::Resend::Status]
+        def resend
+          @_resend ||= Contrast::Agent::Reporting::Resend::Status.new
+        end
+
+        def enter_resend_mode
+          @_status = resending
+        end
+
         # Set current mode.
         #
         # @return [Symbol] Reporter's client and Response Handler
@@ -54,7 +67,7 @@ module Contrast
 
         # Reset mode
         #
-        def reset_mode
+        def enter_run_mode
           @_status = running
         end
       end

data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb

@@ -4,6 +4,7 @@
 require 'contrast/agent/reporting/reporting_utilities/ng_response_extractor'
 require 'contrast/agent/reporting/reporting_utilities/response_extractor'
 require 'contrast/agent/reactions/disable_reaction'
+require 'contrast/utils/json'
 
 module Contrast
   module Agent
@@ -53,6 +54,16 @@ module Contrast
           @_last_application_modified
         end
 
+        # Cease reporting about this application
+        #
+        # @param message [String] Message to log
+        # @param info_hash [Hash] information about the context to log.
+        def stop_reporting message, info_hash
+          Contrast::Agent.reporter&.stop!
+          log_error_msg(message, info_hash)
+          ::Contrast::AGENT.disable!
+        end
+
         private
 
         # check if response code is valid before analyze it
@@ -126,7 +137,7 @@ module Contrast
           # log, suspend, disable:
           if mode == @_mode.running
             log_error_msg(message,
-                          response: response.__id__,
+                          response_id: response.__id__,
                           request: Contrast::Agent::REQUEST_TRACKER.current&.request&.type,
                           error_message: error_message || 'none',
                           auth_error: auth_error || 'none')
@@ -175,16 +186,6 @@ module Contrast
           end
         end
 
-        # Cease reporting about this application
-        #
-        # @param message [String] Message to log
-        # @param info_hash [Hash] information about the context to log.
-        def stop_reporting message, info_hash
-          Contrast::Agent.reporter&.stop!
-          log_error_msg(message, info_hash)
-          ::Contrast::AGENT.disable!
-        end
-
         # Applies the settings from the TS response
         #
         # @param response [Contrast::Agent::Reporting::Response]
@@ -257,7 +258,7 @@ module Contrast
           response_body = response&.body
           return unless response_body
 
-          response_data = JSON.parse(response_body, symbolize_names: true)
+          response_data = Contrast::Utils::Json.parse(response_body, deep_symbolize: true)
           return unless response_data.cs__is_a?(Hash)
 
           extract_response_last_modified(response, event)

data/lib/contrast/agent/reporting/reporting_workers/application_server_worker.rb

@@ -13,11 +13,14 @@ module Contrast
         RESEND_INTERVAL_MS = 30_000.cs__freeze
 
         def start_thread!
+          return unless attempt_to_start?
           return if running?
 
           @_thread = Contrast::Agent::Thread.new do
             logger.info('[ApplicationSettingsWorker] Starting thread.', sending_interval: application_server_ms)
             loop do
+              break unless attempt_to_start?
+
               logger.info('[ApplicationSettingsWorker] Fetching Settings', sending_interval: application_server_ms)
               Contrast::Agent.reporter&.send_event(application_settings_message)
               sleep(application_server_ms / 1000)

data/lib/contrast/agent/reporting/reporting_workers/reporter_heartbeat.rb

@@ -19,11 +19,14 @@ module Contrast
         REFRESH_INTERVAL_SEC = 60
 
         def start_thread!
+          return unless attempt_to_start?
           return if running?
 
           @_thread = Contrast::Agent::Thread.new do
             logger.info('[Heartbeat] Starting thread.')
             loop do
+              break unless attempt_to_start?
+
               polling_events.each do |event|
                 Contrast::Agent.reporter&.send_event(event)
               end

data/lib/contrast/agent/reporting/reporting_workers/server_settings_worker.rb

@@ -13,11 +13,14 @@ module Contrast
         RESEND_INTERVAL_MS = 60_000.cs__freeze
 
         def start_thread!
+          return unless attempt_to_start?
           return if running?
 
           @_thread = Contrast::Agent::Thread.new do
             logger.info('[ServerSettingsWorker] Starting thread.', sending_interval: server_settings_resend_ms)
             loop do
+              break unless attempt_to_start?
+
               logger.info('[ServerSettingsWorker] Fetching Settings', sending_interval: server_settings_resend_ms)
               Contrast::Agent.reporter&.send_event(settings_message)
               sleep(server_settings_resend_ms / 1000)

data/lib/contrast/agent/request/request.rb

@@ -10,6 +10,7 @@ require 'contrast/utils/hash_digest'
 require 'contrast/components/logger'
 require 'contrast/components/scope'
 require 'contrast/utils/request_utils'
+require 'contrast/utils/duck_utils'
 
 module Contrast
   module Agent
@@ -24,12 +25,7 @@ module Contrast
 
       extend Forwardable
 
-      INNER_REST_TOKEN = %r{/\d+/}.cs__freeze
-      LAST_REST_TOKEN = %r{/\d+$}.cs__freeze
-      INNER_NUMBER_MARKER = '/{n}/'
-      LAST_NUMBER_MARKER = '/{n}'
-      STATIC_SUFFIXES = /\.(?:js|css|jpeg|jpg|gif|png|ico|woff|svg|pdf|eot|ttf|jar)$/i.cs__freeze
-      MEDIA_TYPE_MARKERS = %w[image/ text/css text/javascript].cs__freeze
+      EMPTY_PATH = '/'
 
       # @return [Rack::Request] The passed to the Agent RackRequest to be wrapped.
       attr_reader :rack_request
@@ -75,12 +71,31 @@ module Contrast
       def normalized_uri
         @_normalized_uri ||= begin
           path = rack_request.path_info || rack_request.path.to_s
-          path = '/' if path.empty?
-
-          uri = path.split(Contrast::Utils::ObjectShare::SEMICOLON)[0]    # remove ;jsessionid
-          uri = uri.split(Contrast::Utils::ObjectShare::QUESTION_MARK)[0] # remove ?query_string=
-          uri.gsub(INNER_REST_TOKEN, INNER_NUMBER_MARKER)                 # replace interior tokens
-          uri.gsub(LAST_REST_TOKEN, LAST_NUMBER_MARKER)                   # replace last token
+          path = EMPTY_PATH if Contrast::Utils::DuckUtils.empty_duck?(path)
+
+          # /foo/bar;jsessionid=123 => /foo/bar
+          uri = path.split(Contrast::Utils::ObjectShare::SEMICOLON)[0]
+          # /foo/bar?query_string=123 => /foo/bar
+          uri = uri.split(Contrast::Utils::ObjectShare::QUESTION_MARK)[0]
+
+          # Replace with tokens:
+          # NUM_ => '/{n}/'
+          # ID_ =>  '{ID}'
+          #
+          # replace UUIDs: /123e4567-e89b-42d3-a456-556642440000/ => /{ID}/
+          uri.gsub!(UUID_PATTERN, ID_)
+          # replace hash patterns: /6f1ed002ab5595859014ebf0951522d9/ => /{ID}/
+          uri.gsub!(HASH_PATTERN, ID_)
+          # replace windows SID: /S-1-5-21-1843332746-572796286-2118856591-1000/ => /{ID}/
+          uri.gsub!(WIN_PATTERN, ID_)
+          # replace interior number tokens: /123/ => /{n}/
+          uri.gsub!(NUM_PATTERN, NUM_)
+          # replace last number tokens: /123 => /{n}
+          uri.gsub!(END_PATTERN, NUM_[0..-2])
+          uri
+        rescue StandardError => e
+          logger.error('error normalizing uri', error: e, backtrace: e.backtrace)
+          EMPTY_PATH
         end
       end