contrast-agent 7.1.0 → 7.3.0

data/lib/contrast/agent/reporting/reporter.rb

@@ -6,6 +6,7 @@ require 'contrast/agent/reporting/report'
 require 'contrast/components/logger'
 require 'contrast/agent/reporting/reporting_events/agent_startup'
 require 'contrast/agent/telemetry/exception'
+require 'contrast/agent/reporting/client/interface'
 
 module Contrast
   module Agent
@@ -29,11 +30,7 @@ module Contrast
       end
 
       def client
-        @_client ||= Contrast::Agent::Reporting::ReporterClient.new
-      end
-
-      def connection
-        @_connection ||= client.initialize_connection
+        @_client ||= Contrast::Agent::Reporting::Client::Interface.new
       end
 
       def start_thread!
@@ -41,13 +38,12 @@ module Contrast
         return if running?
 
         @connection_attempts = 0
-
-        client.startup!(connection)
         @_thread = Contrast::Agent::Thread.new do
           logger.debug('[Reporter] Starting background Reporter thread.')
+          client.startup
           loop do
-            next unless connected?
             break unless attempt_to_start?
+            next unless connected?
 
             process_event(queue.pop)
           rescue StandardError => e
@@ -61,12 +57,7 @@ module Contrast
       #
       # @param event [Contrast::Agent::Reporting::ReportingEvent] Freshly pop-ed event.
       def handle_resend event
-        sleep(client.timeout) if client.sleep?
-        # Retry once than discard the event. This is trigger on too many events of
-        # same kind error.
-        client.send_event(event, connection) if client.mode.status == client.mode.resending
-        client.mode.reset_mode
-        client.wake_up
+        client.handle_resend(event)
       end
 
       # @param event [Contrast::Agent::Reporting::ReportingEvent]
@@ -99,8 +90,9 @@ module Contrast
           return
         end
         return unless event
+        return unless connected?
 
-        client.send_event(event, connection)
+        client.send_event(event)
       rescue StandardError => e
         logger.error('[Reporter] Could not send message to TeamServer from reporting queue.', e)
       end
@@ -124,17 +116,9 @@ module Contrast
         @_queue ||= Queue.new
       end
 
-      # TODO: RUBY-99999
-      # The client and connection are being used in multiple threads/ concurrently, and that's not okay. We need
-      # to figure out why that is and lock it so that it isn't.
-      #
       # @return [Boolean]
       def connected?
-        if client && connection
-          # Try to resend startup messages now with connection:
-          client.startup!(connection) unless client.status.startup_messages_sent?
-          return true
-        end
+        return true if client.connected?
 
         logger.debug('[Reporter] No client/connection; sleeping...')
         @connection_attempts += 1
@@ -148,8 +132,8 @@ module Contrast
 
       # @param event [Contrast::Agent::Reporting::ReportingEvent]
       def process_event event
-        client.send_event(event, connection)
-        handle_resend(event) if client.mode.status == client.mode.resending
+        client.send_event(event)
+        handle_resend(event) if client.resending?
       rescue StandardError => e
         logger.error('[Reporter] Could not send message to TeamServer from reporting queue.', e)
       end
@@ -171,6 +155,7 @@ module Contrast
                              stack_trace[1].path.delete_prefix(Dir.pwd)
                            end
         stack_frame_function = stack_trace.nil? || stack_trace[1].nil? ? 'none' : stack_trace[1].label
+        stack_frame_type = Contrast::Agent::Telemetry::Exception::Obfuscate.obfuscate_path(stack_frame_type)
         Contrast::Agent::Telemetry::Exception::StackFrame.build(stack_frame_function, stack_frame_type, nil)
       end
     end

data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb

@@ -40,6 +40,7 @@ module Contrast
         # @param attack_result [Contrast::Agent::Reporting::AttackResult]
         def attach_data attack_result
           return unless attack_result&.cs__is_a?(Contrast::Agent::Reporting::AttackResult)
+          return if attack_result&.empty?
 
           attacker_activity = Contrast::Agent::Reporting::ApplicationDefendAttackerActivity.new(ia_request: @request)
           attacker_activity.attach_data(attack_result)

data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb

@@ -5,6 +5,7 @@ require 'contrast/components/logger'
 require 'contrast/utils/object_share'
 require 'contrast/utils/duck_utils'
 require 'contrast/agent/reporting/reporting_events/reportable_hash'
+require 'contrast/agent/reporting/attack_result/response_type'
 require 'contrast/agent/reporting/reporting_events/application_defend_attack_activity'
 
 module Contrast

data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb

@@ -81,7 +81,7 @@ module Contrast
             safe_url = source_or_string(url || pattern)
 
             msg = new
-            msg.signature = "#{ controller }##{ method } #{ safe_pattern }"
+            msg.signature = "#{ controller }##{ method } #{ safe_pattern }" # rubocop:disable [Security/Object/Method]
             msg.verb = Contrast::Utils::StringUtils.force_utf8(method)
             msg.url = Contrast::Utils::StringUtils.force_utf8(safe_url)
             msg

data/lib/contrast/agent/reporting/reporting_utilities/audit.rb

@@ -55,17 +55,24 @@ module Contrast
         # @param event_name [String] the type portion of the file to which to write
         # @param data [any] The data to be written to the file
         def write_to_file type, event_name, data = nil
-          time = Time.now.to_i
+          time = Contrast::Utils::Timer.now_ms
           destination = type == :request ? path_for_requests : path_for_responses
           # If the feature is disabled or we have yet to create the directory structure, then we could have a nil
           # destination. In that case, take no action
           return unless destination
 
-          filename = "#{ time }_#{ Thread.current.object_id }_#{ event_name.gsub('::', '-') }_teamserver_#{ type }.json"
+          # Get process id and thread id to make sure we don't overwrite files
+          process_id = Process.pid
+          thread_id = Thread.current.object_id
+          event_title = event_name.gsub('::', '-')
+          filename = "#{ time }_#{ thread_id }_#{ process_id }_#{ event_title }_teamserver_#{ type }.json"
           filepath = File.join(destination, filename)
           logger.debug('Writing to file', eventname: event_name, filename: filename, filepath: filepath)
           # Here is use append mode, because of a slightly possibility of overwriting an existing file
-          File.open(filepath, 'a') { |f| f.write(Contrast::Utils::StringUtils.force_utf8(data)) }
+          File.open(filepath, 'a') do |f|
+            f.write(Contrast::Utils::StringUtils.force_utf8(data))
+            f.close
+          end
         rescue StandardError => e
           logger.warn('Saving audit failed', e: e)
         end

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb

@@ -14,6 +14,7 @@ require 'contrast/agent/reporting/reporting_utilities/response_handler'
 require 'contrast/agent/reporting/reporting_events/application_settings'
 require 'contrast/agent/reporting/reporting_events/agent_effective_config'
 require 'contrast/agent/reporting/reporting_utilities/reporter_client_utils'
+require 'contrast/agent/reporting/reporting_utilities/resend'
 
 module Contrast
   module Agent
@@ -72,17 +73,17 @@ module Contrast
         def send_event event, connection
           return unless connection
 
+          response = nil
           logger.debug('[Reporter] Preparing to send reporting event', event_class: event.cs__class)
-
           request = build_request(event)
           response = connection.request(request)
-          audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable
+          audit.audit_event(event, response) if ::Contrast::API.request_audit_enable
           process_settings_response(response, event)
-          report_configuration(response, event)
           process_preflight_response(event, response, connection)
+          report_configuration(response, event)
           response
         rescue StandardError => e
-          handle_error(event, e)
+          handle_response_error(event, connection, e)
         end
 
         # Write effective config to file:
@@ -103,6 +104,9 @@ module Contrast
           diagnostics.write_to_file
           config_event = Contrast::Agent::Reporting::AgentEffectiveConfig.new(diagnostics)
           Contrast::Agent.reporter.send_event(config_event)
+        rescue StandardError => e
+          #  Don't let this error bubble up and stop the agent reporting, with resending triggered.
+          logger.error('[Reporter] Error while reporting configuration', error: e, event_type: event&.cs__class)
         end
 
         def status
@@ -117,10 +121,47 @@ module Contrast
           @_diagnostics ||= Contrast::Config::Diagnostics::Monitor.new(Contrast::LOGGER.path)
         end
 
+        # Compress data with Zlib
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent]
+        # @param level [Integer] compression level
+        # @param strategy [Integer] compression strategy
+        # @return [String] compressed data
+        def compress_event event, level = Zlib::DEFAULT_COMPRESSION, strategy = Zlib::DEFAULT_STRATEGY
+          compressed_data = StringIO.new.set_encoding(STRING_ENCODING)
+          gzip = Zlib::GzipWriter.new(compressed_data, level, strategy)
+          gzip.write(event.event_json)
+          gzip.close
+          gzip = nil
+          compressed_event = compressed_data.string.dup
+          compressed_data.close
+          compressed_data = nil
+          compressed_event
+        ensure
+          gzip&.close
+          compressed_data&.close
+          compressed_event
+        end
+
+        # Reads compressed data
+        #
+        # @param compresed_data [String]
+        def decompress compresed_data
+          Zlib::GzipReader.wrap(StringIO.new(compresed_data), &:read)
+        end
+
+        ##############
+        # Forwarders #
+        ##############
+
         def sleep?
           response_handler.sleep?
         end
 
+        def put_to_sleep
+          response_handler.put_to_sleep
+        end
+
         def timeout
           response_handler.timeout
         end
@@ -129,8 +170,8 @@ module Contrast
           response_handler.mode
         end
 
-        def reset_mode
-          response_handler.reset_mode
+        def enter_run_mode
+          response_handler.enter_run_mode
         end
 
         def wake_up

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb

@@ -8,16 +8,20 @@ require 'contrast/components/scope'
 require 'contrast/agent/reporting/reporting_events/application_startup'
 require 'contrast/agent/reporting/reporting_utilities/reporter_client'
 require 'contrast/agent/reporting/reporting_utilities/endpoints'
+require 'contrast/agent/reporting/reporting_utilities/resend'
 
 module Contrast
   module Agent
     module Reporting
       # This module holds utilities required by the reporting service client
       module ReporterClientUtils
+        include Contrast::Agent::Reporting::Resend
         include Contrast::Components::Logger::InstanceMethods
         include Contrast::Components::Scope::InstanceMethods
         include Contrast::Agent::Reporting::Endpoints
 
+        STRING_ENCODING = 'BINARY'
+
         # List the events that need to be sent when agent starts up.
         # The order here matters -- DO NOT CHANGE IT!!! >_< - HM
         #
@@ -33,19 +37,37 @@ module Contrast
 
         private
 
-        # Send Agent Startup event
+        # Send Agent Startup event. If error occurs, it will try to resend the message.
         #
         # @param connection [Net::HTTP] open connection
         def send_agent_startup connection
-          logger.debug('Preparing to send startup messages')
+          logger.debug('[Reporter] Preparing to send startup messages')
+          STARTUP_EVENTS.each { |event| send_event(event.new, connection) }
+          logger.debug('[Reporter] Startup messages sent.') if status.startup_messages_sent?
+        end
 
-          STARTUP_EVENTS.each do |event|
-            startup_event = event.new
-            send_event(startup_event, connection)
-          rescue StandardError => e
-            handle_error(startup_event, e)
-          end
-          logger.debug('Startup messages sent')
+        # Disable reporting and log the error
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent]
+        # @param error [StandardError]
+        def disable_reporting event, error
+          status.failure!
+          mode.resend.reset_rescue_attempts
+          mode.status = mode.disabled
+          message = '[Reporter] Unable to send message.'
+          response_handler.stop_reporting(message,
+                                          application: Contrast::APP_CONTEXT.name, # rubocop:disable Security/Module/Name
+                                          connection_error: error,
+                                          client: Contrast::Agent::Reporting::ReporterClient::SERVICE_NAME,
+                                          event_id: event&.__id__,
+                                          event_type: event&.cs__class&.cs__name)
+          nil
+        end
+
+        def response_success!
+          status.success!
+          mode.enter_run_mode
+          mode.resend.reset_rescue_attempts
         end
 
         # This method will build headers of the request required for TS communication
@@ -65,29 +87,18 @@ module Contrast
           request
         end
 
-        # Handles standard error case, logs and set status for failure
-        #
-        # @param event [Contrast::Agent::Reporting::ReportingEvent]
-        #   One of the DTMs valid for the event field of Contrast::Api::Dtm::Message
-        # @param error_msg [StandardError]
-        # @return nil [NilClass] to be passed as response
-        def handle_error event, error_msg
-          status.failure!
-          logger.error('Unable to send message.',
-                       error_msg,
-                       client: Contrast::Agent::Reporting::ReporterClient::SERVICE_NAME,
-                       event_id: event&.__id__,
-                       event_type: event&.cs__class&.cs__name)
-          nil
-        end
-
         # Handles response processing and sets status
         #
         # @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer.
         # @param response [Net::HTTP::Response]
         def process_settings_response response, event
           res = response_handler.process(response, event)
-          status.success! if res
+          if res
+            status.success!
+            mode.resend.reset_rescue_attempts
+          else
+            status.failure!
+          end
           res
         end
 
@@ -104,15 +115,16 @@ module Contrast
           return unless response&.body && connection
 
           findings_to_return = response.body.split(',').delete_if { |el| el.include?('*') }
+          mode.resend.reset_rescue_attempts
           findings_to_return.each do |index|
             preflight_message = event.messages[index.to_i]
-            corresponding_finding = Contrast::Agent::Reporting::ReportingStorage.delete(preflight_message.data)
+            corresponding_finding = Contrast::Agent::Reporting::ReportingStorage.delete(preflight_message&.data)
             next unless corresponding_finding
 
             send_event(corresponding_finding, connection)
           end
         rescue StandardError => e
-          logger.error('Unable to handle response', e)
+          logger.error('[Reporter] Unable to handle preflight response', e)
         end
 
         # Convert the given event into an appropriate Net::HTTPRequest object, setting the request headers and
@@ -133,10 +145,7 @@ module Contrast
                       end
             build_headers(request)
             event.attach_headers(request)
-            # compress:
-            gzip = Zlib::GzipWriter.new(StringIO.new)
-            gzip << event.event_json
-            request.body = gzip.close.string
+            request.body = compress_event(event)
             request
           end
         end

data/lib/contrast/agent/reporting/reporting_utilities/resend.rb

@@ -0,0 +1,144 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      # Module to house the Resend logic, when there is no response from TS.
+      module Resend
+        # How manny times the client will try to rescue from above error before raising an
+        # error to reflect the events.
+        #
+        RESCUE_ATTEMPTS = 3
+        TIMEOUT = 5
+        RETRY_ERRORS = [
+          Net::OpenTimeout, Net::ReadTimeout, ArgumentError, EOFError, OpenSSL::SSL::SSLError, Resolv::ResolvError,
+          Errno::ECONNRESET, Errno::ECONNREFUSED, Errno::ETIMEDOUT, Errno::ESHUTDOWN, Errno::EHOSTDOWN, NameError,
+          Errno::EHOSTUNREACH, Errno::EISCONN, Errno::ECONNABORTED, Errno::ENETRESET, Errno::ENETUNREACH, SocketError,
+          NameError, NoMethodError, Timeout::Error, RuntimeError
+        ].cs__freeze
+        RESENDING_MESSAGE = '[Reporter] Resending message...'
+        END_RESENDING_MESSAGE = '[Reporter] Reporter tried to resend event and received error:'
+
+        # This method is mainly used in inside error handling and startup mesasges sending.
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent] event to resend
+        # @param connection [Net::HTTP] open connection
+        # @param error [StandardError] error that was raised
+        # @return [Net::HTTPResponse, nil] response from TS
+        def try_resend event, connection, error
+          # The timeout for agent to sleep is set here, we don't need to raise an error,
+          # but also 15 min is a long time to wait for example if event is startup message.
+          # Override timeout
+          if Contrast::Agent::Reporting::ReporterClientUtils::STARTUP_EVENTS.include?(event.cs__class)
+            response_handler.suspend_reporting(RESENDING_MESSAGE,
+                                               TIMEOUT,
+                                               error,
+                                               event: event,
+                                               log_error: false,
+                                               startup: true)
+          end
+          mode.enter_resend_mode
+          handle_resend(event, connection)
+        end
+
+        # This method will handle the error and will decide if we need to resend the event
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent]
+        # @param connection [Net::HTTP] open connection
+        # @return [Net::HTTPResponse, nil] response from TS
+        def handle_resend event, connection
+          if sleep?
+            logger.debug("[Reporter] sleeping for #{ TIMEOUT } seconds before resending...")
+            Thread.current.send(:sleep, timeout)
+            wake_up
+          end
+          response = mode.status == mode.resending ? send_event(event, connection) : nil
+          response_success! if response
+          response
+        end
+
+        # Handles errors that occurs before the ResponseHandler do not have a response, or response
+        # code to hande. This Errors requires different handling, because most of errors here
+        # occurs when the response cannot be read, there is open ssl error, or a certain Timeout
+        # is reached.
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent]
+        #   One of the DTMs valid for the event field of Contrast::Api::Dtm::Message
+        # @param error [StandardError]
+        # @param connection [Net::HTTP] open connection
+        # @return nil [NilClass] to be passed as response
+        def handle_response_error event, connection, error
+          return end_of_rescue(event, error) if mode.resend.rescue_attempts >= RESCUE_ATTEMPTS
+
+          if RETRY_ERRORS.include?(error.cs__class)
+            mode.resend.increase_rescue_attempts
+            try_resend(event, connection, error)
+          else
+            end_of_rescue(event, error)
+          end
+        end
+
+        # End of rescue attempts.
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent]
+        # @param error [StandardError]
+        # @return [NilClass]
+        def end_of_rescue event, error
+          if Contrast::Agent::Reporting::ReporterClientUtils::STARTUP_EVENTS.include?(event.cs__class)
+            # Agent didn't send it's startup events, There will be reporting errors, disable reporting.
+            disable_reporting(event, error)
+          else
+            # There is an error in one of the reported messages, log that error and continue.
+            logger.error(END_RESENDING_MESSAGE,
+                         resend_attempts: Contrast::Agent::Reporting::Resend::RESCUE_ATTEMPTS,
+                         connection_error: error,
+                         client: Contrast::Agent::Reporting::ReporterClient::SERVICE_NAME,
+                         event_id: event&.__id__,
+                         event_type: event&.cs__class&.cs__name)
+          end
+        end
+
+        # Disable reporting when there is an error that cannot be handled.
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent]
+        # @param error [StandardError]
+        # @return [NilClass]
+        def disable_reporting event, error
+          logger.error('[Agent] Disabling Reporting...', error: error.message, event_type: event.cs__class&.cs__name)
+          Contrast::AGENT.disable!
+        end
+
+        # Methods that will initialize the resending state.
+        class Status
+          # RESEND_STARTUP_EVENTS = 4
+
+          def initialize
+            @_rescue_attempts = 0
+          end
+
+          # return how many times the client has tried to rescue from error.
+          #
+          # @return [Integer]
+          def rescue_attempts
+            @_rescue_attempts ||= 0
+          end
+
+          # Reset Error rescues attempts.
+          #
+          # @return [Integer]
+          def reset_rescue_attempts
+            @_rescue_attempts = 0
+          end
+
+          # Increase the Error rescues attempts.
+          #
+          # @return [Integer]
+          def increase_rescue_attempts
+            @_rescue_attempts += 1
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb

@@ -40,7 +40,7 @@ module Contrast
                                                                            assess_on: ::Contrast::ASSESS.enabled?)
           response
         rescue StandardError => e
-          logger.error('Unable to process response from TeamServer', e)
+          logger.error('[Reporter] Unable to process response from TeamServer', e)
           nil
         end
 
@@ -63,11 +63,45 @@ module Contrast
           @_mode ||= Contrast::Agent::Reporting::ResponseHandlerMode.new
         end
 
+        # Puts the reporting service to sleep
+        def put_to_sleep
+          @_sleep = true
+        end
+
         # Wakes the reporting service
         def wake_up
           @_sleep = false
         end
 
+        # Suspend the reporter and try again in time. If not set
+        # the timeout is set to 15 min As default:
+        #
+        # @param message [String] Message to log.
+        # @param timeout [Integer,nil] The timeout to wait and retry after.
+        # @param error_message [String, nil] Error message if any received.
+        # @param event [Contrast::Agent::Reporting::ReportingEvent, nil] The event sent to TeamServer if set
+        # @param log_error [Boolean] Whether to log the error or not.
+        # @param startup [Boolean] Whether this is a startup error or not.
+        def suspend_reporting message, timeout, error_message, event: nil, log_error: true, startup: false
+          @_timeout = timeout || Contrast::Agent::Reporting::ResponseHandler::TIMEOUT
+          if log_error
+            log_error_msg(message,
+                          timeout: @_timeout,
+                          error_message: error_message || 'none',
+                          event_id: event.nil? ? 'none' : event&.__id__,
+                          event_type: event.nil? ? 'none' : event&.cs__class&.cs__name)
+          end
+          if startup
+            logger.info(message,
+                        connection_error: error_message,
+                        client: Contrast::Agent::Reporting::ReporterClient::SERVICE_NAME,
+                        event_id: event&.__id__,
+                        timeout: timeout,
+                        event_type: event&.cs__class&.cs__name)
+          end
+          put_to_sleep
+        end
+
         private
 
         # Handles the errors code received from TS and takes appropriate action.
@@ -93,18 +127,6 @@ module Contrast
           end
         end
 
-        # Suspend the reporter and try again in time. If not set
-        # the timeout is set to 15 min As default:
-        #
-        # @param message [String] Message to log.
-        # @param timeout [Integer,nil] The timeout to wait and retry after.
-        # @param error_message [String, nil] Error message if any received.
-        def suspend_reporting message, timeout, error_message
-          @_timeout = timeout || Contrast::Agent::Reporting::ResponseHandler::TIMEOUT
-          log_error_msg(message, timeout: @_timeout, error_message: error_message || 'none')
-          @_sleep = true
-        end
-
         # Log what we've received.
         #
         # @param message [String] Message to log

data/lib/contrast/agent/reporting/reporting_utilities/response_handler_mode.rb

@@ -1,6 +1,8 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/agent/reporting/reporting_utilities/resend'
+
 module Contrast
   module Agent
     module Reporting
@@ -44,6 +46,17 @@ module Contrast
           @_status ||= running
         end
 
+        # Resend Status tracker
+        #
+        # @return [Contrast::Agent::Reporting::Resend::Status]
+        def resend
+          @_resend ||= Contrast::Agent::Reporting::Resend::Status.new
+        end
+
+        def enter_resend_mode
+          @_status = resending
+        end
+
         # Set current mode.
         #
         # @return [Symbol] Reporter's client and Response Handler
@@ -54,7 +67,7 @@ module Contrast
 
         # Reset mode
         #
-        def reset_mode
+        def enter_run_mode
           @_status = running
         end
       end