contrast-agent 7.1.0 → 7.2.0

data/lib/contrast/agent/reporting/client/interface.rb

@@ -0,0 +1,132 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/client/interface_base'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Client
+        # Interface to safely manage connections across threads.
+        class Interface < Contrast::Agent::Reporting::Client::InterfaceBase
+          # Execute startup routine and
+          def startup
+            with_monitor { reporter_client.startup!(reporting_connection) }
+          end
+
+          # @param event [Contrast::Agent::Reporting::ReportingEvent]
+          # @return [Net::HTTPResponse]
+          def send_event event
+            with_monitor { reporter_client.send_event(event, reporting_connection) }
+          end
+
+          # return [Boolean]
+          def sleep?
+            with_monitor { reporter_client.sleep? }
+          end
+
+          # Retry once than discard the event. This is trigger on too many events of
+          # same kind error.
+          #
+          # @param event [Contrast::Agent::Reporting::ReportingEvent]
+          def handle_resend event
+            with_monitor do
+              reporter_client.handle_resend(event, reporting_connection)
+            end
+          end
+
+          # Check to see if client exists and there is connection
+          #
+          # @return [Boolean
+          def connected?
+            with_monitor do
+              return true if reporter_client && reporting_connection
+
+              false
+            end
+          end
+
+          # Check to see if statup connections are sent or not
+          def startup_messages_sent?
+            with_monitor { reporter_client.status.startup_messages_sent? }
+          end
+
+          # Check to see if event need to be resend
+          #
+          # @return [Boolean, nil]
+          def resending?
+            with_monitor { reporter_client.mode.status == reporter_client.mode.resending }
+          end
+
+          # Return timeout in ms
+          def timeout
+            with_monitor { reporter_client.timeout } || Contrast::Agent::Reporting::ResponseHandler::TIMEOUT
+          end
+
+          # @return headers [Contrast::Agent::Reporting::Headers]
+          def headers
+            with_monitor { reporter_client.headers }
+          end
+
+          # Response_handler
+          #
+          # @return [Contrast::Agent::Reporting::ResponseHandler]
+          def response_handler
+            with_monitor { reporter_client.response_handler }
+          end
+
+          def status
+            with_monitor { reporter_client.status }
+          end
+
+          private
+
+          # @return [Contrast::Agent::Reporting::ReporterClient]
+          def reporter_client
+            @_reporter_client ||= Contrast::Agent::Reporting::ReporterClient.new
+          end
+
+          # @return [Net::HTTP, nil] Return open connection or nil
+          def reporting_connection
+            @_reporting_connection ||= reporter_client.initialize_connection
+          end
+        end
+      end
+
+      module Telemetry
+        # Interface to safely manage connections across threads.
+        class Interface < Contrast::Agent::Reporting::Client::InterfaceBase
+          URL = 'https://telemetry.ruby.contrastsecurity.com/'
+
+          # Check to see if client exists and there is connection
+          #
+          # @return [Boolean
+          def connected?
+            with_monitor do
+              return true if telemetry_client && telemetry_connection
+
+              false
+            end
+          end
+
+          # Starts telemetry request.
+          def request_with_response event
+            with_monitor do
+              telemetry_client.handle_response(telemetry_client.send_request(event, telemetry_connection))
+            end
+          end
+
+          private
+
+          def telemetry_client
+            @_telemetry_client ||= Contrast::Agent::Telemetry::Client.new
+          end
+
+          def telemetry_connection
+            @_telemetry_connection ||= telemetry_client.initialize_connection(URL)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/client/interface_base.rb

@@ -0,0 +1,27 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'monitor'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Client
+        # Common methods for Client interface.
+        class InterfaceBase
+          # Execute calls to connection with thread safety.
+          def with_monitor &block
+            monitor.synchronize(&block)
+          end
+
+          private
+
+          # @return [Monitor]
+          def monitor
+            @_monitor ||= Monitor.new
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/connection_status.rb

@@ -10,7 +10,6 @@ module Contrast
           @last_success = nil
           @last_failure = nil
           @startup_messages_sent = false
-          @_startup_server_message_sent = false
         end
 
         # Whether we have sent startup message to TeamServer. True after successfully sending startup messages to

data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb

@@ -4,7 +4,7 @@
 require 'contrast/utils/object_share'
 require 'contrast/agent/reporting/input_analysis/input_type'
 require 'contrast/agent/reporting/input_analysis/score_level'
-require 'contrast/agent/reporting/input_analysis/details/protect_rule_details'
+require 'contrast/agent/reporting/details/protect_rule_details'
 
 module Contrast
   module Agent
@@ -112,14 +112,16 @@ module Contrast
 
         # Additional per rule details containing more specific info.
         #
-        # @param protect_rule_details [Contrast::Agent::Reporting::ProtectRuleDetails]
+        # @param protect_rule_details [Contrast::Agent::Reporting::Details::ProtectRuleDetails]
         def details= protect_rule_details
-          @_details = protect_rule_details if protect_rule_details.is_a?(Contrast::Agent::Reporting::ProtectRuleDetails)
+          return unless protect_rule_details.is_a?(Contrast::Agent::Reporting::Details::ProtectRuleDetails)
+
+          @_details = protect_rule_details
         end
 
         # Additional per rule details containing more specific info.
         #
-        # @return [Contrast::Agent::Reporting::ProtectRuleDetails, nil]
+        # @return [Contrast::Agent::Reporting::Details::ProtectRuleDetails, nil]
         def details
           @_details
         end

data/lib/contrast/agent/reporting/reporter.rb

@@ -6,6 +6,7 @@ require 'contrast/agent/reporting/report'
 require 'contrast/components/logger'
 require 'contrast/agent/reporting/reporting_events/agent_startup'
 require 'contrast/agent/telemetry/exception'
+require 'contrast/agent/reporting/client/interface'
 
 module Contrast
   module Agent
@@ -29,11 +30,7 @@ module Contrast
       end
 
       def client
-        @_client ||= Contrast::Agent::Reporting::ReporterClient.new
-      end
-
-      def connection
-        @_connection ||= client.initialize_connection
+        @_client ||= Contrast::Agent::Reporting::Client::Interface.new
       end
 
       def start_thread!
@@ -41,13 +38,12 @@ module Contrast
         return if running?
 
         @connection_attempts = 0
-
-        client.startup!(connection)
         @_thread = Contrast::Agent::Thread.new do
           logger.debug('[Reporter] Starting background Reporter thread.')
+          client.startup
           loop do
-            next unless connected?
             break unless attempt_to_start?
+            next unless connected?
 
             process_event(queue.pop)
           rescue StandardError => e
@@ -61,12 +57,7 @@ module Contrast
       #
       # @param event [Contrast::Agent::Reporting::ReportingEvent] Freshly pop-ed event.
       def handle_resend event
-        sleep(client.timeout) if client.sleep?
-        # Retry once than discard the event. This is trigger on too many events of
-        # same kind error.
-        client.send_event(event, connection) if client.mode.status == client.mode.resending
-        client.mode.reset_mode
-        client.wake_up
+        client.handle_resend(event)
       end
 
       # @param event [Contrast::Agent::Reporting::ReportingEvent]
@@ -99,8 +90,9 @@ module Contrast
           return
         end
         return unless event
+        return unless connected?
 
-        client.send_event(event, connection)
+        client.send_event(event)
       rescue StandardError => e
         logger.error('[Reporter] Could not send message to TeamServer from reporting queue.', e)
       end
@@ -124,17 +116,9 @@ module Contrast
         @_queue ||= Queue.new
       end
 
-      # TODO: RUBY-99999
-      # The client and connection are being used in multiple threads/ concurrently, and that's not okay. We need
-      # to figure out why that is and lock it so that it isn't.
-      #
       # @return [Boolean]
       def connected?
-        if client && connection
-          # Try to resend startup messages now with connection:
-          client.startup!(connection) unless client.status.startup_messages_sent?
-          return true
-        end
+        return true if client.connected?
 
         logger.debug('[Reporter] No client/connection; sleeping...')
         @connection_attempts += 1
@@ -148,8 +132,8 @@ module Contrast
 
       # @param event [Contrast::Agent::Reporting::ReportingEvent]
       def process_event event
-        client.send_event(event, connection)
-        handle_resend(event) if client.mode.status == client.mode.resending
+        client.send_event(event)
+        handle_resend(event) if client.resending?
       rescue StandardError => e
         logger.error('[Reporter] Could not send message to TeamServer from reporting queue.', e)
       end
@@ -171,6 +155,7 @@ module Contrast
                              stack_trace[1].path.delete_prefix(Dir.pwd)
                            end
         stack_frame_function = stack_trace.nil? || stack_trace[1].nil? ? 'none' : stack_trace[1].label
+        stack_frame_type = Contrast::Agent::Telemetry::Exception::Obfuscate.obfuscate_path(stack_frame_type)
         Contrast::Agent::Telemetry::Exception::StackFrame.build(stack_frame_function, stack_frame_type, nil)
       end
     end

data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb

@@ -81,7 +81,7 @@ module Contrast
             safe_url = source_or_string(url || pattern)
 
             msg = new
-            msg.signature = "#{ controller }##{ method } #{ safe_pattern }"
+            msg.signature = "#{ controller }##{ method } #{ safe_pattern }" # rubocop:disable [Security/Object/Method]
             msg.verb = Contrast::Utils::StringUtils.force_utf8(method)
             msg.url = Contrast::Utils::StringUtils.force_utf8(safe_url)
             msg

data/lib/contrast/agent/reporting/reporting_utilities/audit.rb

@@ -55,17 +55,24 @@ module Contrast
         # @param event_name [String] the type portion of the file to which to write
         # @param data [any] The data to be written to the file
         def write_to_file type, event_name, data = nil
-          time = Time.now.to_i
+          time = Contrast::Utils::Timer.now_ms
           destination = type == :request ? path_for_requests : path_for_responses
           # If the feature is disabled or we have yet to create the directory structure, then we could have a nil
           # destination. In that case, take no action
           return unless destination
 
-          filename = "#{ time }_#{ Thread.current.object_id }_#{ event_name.gsub('::', '-') }_teamserver_#{ type }.json"
+          # Get process id and thread id to make sure we don't overwrite files
+          process_id = Process.pid
+          thread_id = Thread.current.object_id
+          event_title = event_name.gsub('::', '-')
+          filename = "#{ time }_#{ thread_id }_#{ process_id }_#{ event_title }_teamserver_#{ type }.json"
           filepath = File.join(destination, filename)
           logger.debug('Writing to file', eventname: event_name, filename: filename, filepath: filepath)
           # Here is use append mode, because of a slightly possibility of overwriting an existing file
-          File.open(filepath, 'a') { |f| f.write(Contrast::Utils::StringUtils.force_utf8(data)) }
+          File.open(filepath, 'a') do |f|
+            f.write(Contrast::Utils::StringUtils.force_utf8(data))
+            f.close
+          end
         rescue StandardError => e
           logger.warn('Saving audit failed', e: e)
         end

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb

@@ -14,6 +14,7 @@ require 'contrast/agent/reporting/reporting_utilities/response_handler'
 require 'contrast/agent/reporting/reporting_events/application_settings'
 require 'contrast/agent/reporting/reporting_events/agent_effective_config'
 require 'contrast/agent/reporting/reporting_utilities/reporter_client_utils'
+require 'contrast/agent/reporting/reporting_utilities/resend'
 
 module Contrast
   module Agent
@@ -72,17 +73,17 @@ module Contrast
         def send_event event, connection
           return unless connection
 
+          response = nil
           logger.debug('[Reporter] Preparing to send reporting event', event_class: event.cs__class)
-
           request = build_request(event)
           response = connection.request(request)
-          audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable
+          audit.audit_event(event, response) if ::Contrast::API.request_audit_enable
           process_settings_response(response, event)
-          report_configuration(response, event)
           process_preflight_response(event, response, connection)
+          report_configuration(response, event)
           response
         rescue StandardError => e
-          handle_error(event, e)
+          handle_response_error(event, connection, e)
         end
 
         # Write effective config to file:
@@ -103,6 +104,9 @@ module Contrast
           diagnostics.write_to_file
           config_event = Contrast::Agent::Reporting::AgentEffectiveConfig.new(diagnostics)
           Contrast::Agent.reporter.send_event(config_event)
+        rescue StandardError => e
+          #  Don't let this error bubble up and stop the agent reporting, with resending triggered.
+          logger.error('[Reporter] Error while reporting configuration', error: e, event_type: event&.cs__class)
         end
 
         def status
@@ -117,10 +121,47 @@ module Contrast
           @_diagnostics ||= Contrast::Config::Diagnostics::Monitor.new(Contrast::LOGGER.path)
         end
 
+        # Compress data with Zlib
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent]
+        # @param level [Integer] compression level
+        # @param strategy [Integer] compression strategy
+        # @return [String] compressed data
+        def compress_event event, level = Zlib::DEFAULT_COMPRESSION, strategy = Zlib::DEFAULT_STRATEGY
+          compressed_data = StringIO.new.set_encoding(STRING_ENCODING)
+          gzip = Zlib::GzipWriter.new(compressed_data, level, strategy)
+          gzip.write(event.event_json)
+          gzip.close
+          gzip = nil
+          compressed_event = compressed_data.string.dup
+          compressed_data.close
+          compressed_data = nil
+          compressed_event
+        ensure
+          gzip&.close
+          compressed_data&.close
+          compressed_event
+        end
+
+        # Reads compressed data
+        #
+        # @param compresed_data [String]
+        def decompress compresed_data
+          Zlib::GzipReader.wrap(StringIO.new(compresed_data), &:read)
+        end
+
+        ##############
+        # Forwarders #
+        ##############
+
         def sleep?
           response_handler.sleep?
         end
 
+        def put_to_sleep
+          response_handler.put_to_sleep
+        end
+
         def timeout
           response_handler.timeout
         end
@@ -129,8 +170,8 @@ module Contrast
           response_handler.mode
         end
 
-        def reset_mode
-          response_handler.reset_mode
+        def enter_run_mode
+          response_handler.enter_run_mode
         end
 
         def wake_up

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb

@@ -8,16 +8,20 @@ require 'contrast/components/scope'
 require 'contrast/agent/reporting/reporting_events/application_startup'
 require 'contrast/agent/reporting/reporting_utilities/reporter_client'
 require 'contrast/agent/reporting/reporting_utilities/endpoints'
+require 'contrast/agent/reporting/reporting_utilities/resend'
 
 module Contrast
   module Agent
     module Reporting
       # This module holds utilities required by the reporting service client
       module ReporterClientUtils
+        include Contrast::Agent::Reporting::Resend
         include Contrast::Components::Logger::InstanceMethods
         include Contrast::Components::Scope::InstanceMethods
         include Contrast::Agent::Reporting::Endpoints
 
+        STRING_ENCODING = 'BINARY'
+
         # List the events that need to be sent when agent starts up.
         # The order here matters -- DO NOT CHANGE IT!!! >_< - HM
         #
@@ -33,19 +37,37 @@ module Contrast
 
         private
 
-        # Send Agent Startup event
+        # Send Agent Startup event. If error occurs, it will try to resend the message.
         #
         # @param connection [Net::HTTP] open connection
         def send_agent_startup connection
-          logger.debug('Preparing to send startup messages')
+          logger.debug('[Reporter] Preparing to send startup messages')
+          STARTUP_EVENTS.each { |event| send_event(event.new, connection) }
+          logger.debug('[Reporter] Startup messages sent.') if status.startup_messages_sent?
+        end
 
-          STARTUP_EVENTS.each do |event|
-            startup_event = event.new
-            send_event(startup_event, connection)
-          rescue StandardError => e
-            handle_error(startup_event, e)
-          end
-          logger.debug('Startup messages sent')
+        # Disable reporting and log the error
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent]
+        # @param error [StandardError]
+        def disable_reporting event, error
+          status.failure!
+          mode.resend.reset_rescue_attempts
+          mode.status = mode.disabled
+          message = '[Reporter] Unable to send message.'
+          response_handler.stop_reporting(message,
+                                          application: Contrast::APP_CONTEXT.name, # rubocop:disable Security/Module/Name
+                                          connection_error: error,
+                                          client: Contrast::Agent::Reporting::ReporterClient::SERVICE_NAME,
+                                          event_id: event&.__id__,
+                                          event_type: event&.cs__class&.cs__name)
+          nil
+        end
+
+        def response_success!
+          status.success!
+          mode.enter_run_mode
+          mode.resend.reset_rescue_attempts
         end
 
         # This method will build headers of the request required for TS communication
@@ -65,29 +87,18 @@ module Contrast
           request
         end
 
-        # Handles standard error case, logs and set status for failure
-        #
-        # @param event [Contrast::Agent::Reporting::ReportingEvent]
-        #   One of the DTMs valid for the event field of Contrast::Api::Dtm::Message
-        # @param error_msg [StandardError]
-        # @return nil [NilClass] to be passed as response
-        def handle_error event, error_msg
-          status.failure!
-          logger.error('Unable to send message.',
-                       error_msg,
-                       client: Contrast::Agent::Reporting::ReporterClient::SERVICE_NAME,
-                       event_id: event&.__id__,
-                       event_type: event&.cs__class&.cs__name)
-          nil
-        end
-
         # Handles response processing and sets status
         #
         # @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer.
         # @param response [Net::HTTP::Response]
         def process_settings_response response, event
           res = response_handler.process(response, event)
-          status.success! if res
+          if res
+            status.success!
+            mode.resend.reset_rescue_attempts
+          else
+            status.failure!
+          end
           res
         end
 
@@ -104,6 +115,7 @@ module Contrast
           return unless response&.body && connection
 
           findings_to_return = response.body.split(',').delete_if { |el| el.include?('*') }
+          mode.resend.reset_rescue_attempts
           findings_to_return.each do |index|
             preflight_message = event.messages[index.to_i]
             corresponding_finding = Contrast::Agent::Reporting::ReportingStorage.delete(preflight_message.data)
@@ -112,7 +124,7 @@ module Contrast
             send_event(corresponding_finding, connection)
           end
         rescue StandardError => e
-          logger.error('Unable to handle response', e)
+          logger.error('[Reporter] Unable to handle preflight response', e)
         end
 
         # Convert the given event into an appropriate Net::HTTPRequest object, setting the request headers and
@@ -133,10 +145,7 @@ module Contrast
                       end
             build_headers(request)
             event.attach_headers(request)
-            # compress:
-            gzip = Zlib::GzipWriter.new(StringIO.new)
-            gzip << event.event_json
-            request.body = gzip.close.string
+            request.body = compress_event(event)
             request
           end
         end