contrast-agent 7.6.0 → 7.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '089a689fce3dfbc204455c12d29788d316553aa3ff6738fcf515e9f90730a7ae'
-  data.tar.gz: 5fc2d10ffc084070fc3c268a9cb05d1f479b48cb16974b2501887cb1b762d6f6
+  metadata.gz: 8363c48e9a12500ea45f3d40389d6bf29d7931e01599a577dfb4026c9cedc260
+  data.tar.gz: 1c21202db2612d8715f1658fa9818442e16a5a51f613143a3c3c6b69c0a0fabf
 SHA512:
-  metadata.gz: d13b3205d1e0cb67c8974fdf6d12f78e5a95f2886c59a14439ddc59b9dd8a3b0d0ebd23c5ebfe687d02cf1a12c9b17b127d821ea8131f0876ab284dac62c8b1b
-  data.tar.gz: 73932d309fafe50ab5bc962655b58306cd5fae6a64729be1a4159274fe39c55c2138027c30525d07f773966476991685ba9b36cd0820527557d417324225af0d
+  metadata.gz: 4f5fe5203e78e7ea7c6e996c32367c340704f3d1544890b64ed856d3554ef53f3006cc948fab0f3d36108e1577d19196249c10ee8f0fcee95c8677115b7a4a64
+  data.tar.gz: 7a1d876e9c49940daf97589adaaf5d2550fdbd51bd2216f44a28bf4f97ab9431a5b5db200035089a76bfbe66bf8849aed58f382ee99e7e681e555b8da5097af5

data/lib/contrast/agent/assess/rule/response/base_rule.rb

@@ -73,7 +73,8 @@ module Contrast
               finding.routes << context.discovered_route if context&.discovered_route
               build_evidence(evidence, finding)
               finding.request = Contrast::Agent::Reporting::FindingRequest.convert(context.request) if context&.request
-              hash = Contrast::Utils::HashDigest.generate_config_hash(finding)
+              # Hash must be built last so that finding has full context.
+              hash = Contrast::Utils::HashDigest.generate_response_hash(finding, context&.request)
               finding.hash_code = Contrast::Utils::StringUtils.force_utf8(hash)
               finding
             end

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb

@@ -69,21 +69,46 @@ module Contrast
         # @param event [Contrast::Agent::Reporting::ReportingEvent] The event to send to TeamServer. Really a
         #   child of the ReportingEvent rather than a literal one.
         # @param connection [Net::HTTP] open connection
-        # @return response [Net::HTTPResponse, nil] response from TS if no response
         def send_event event, connection
           return unless connection
           return unless event.valid?
 
           logger.debug('[Reporter] Preparing to send reporting event', event_class: event.cs__class)
           request = build_request(event)
-          response = connection.request(request)
+          begin
+            response = connection.request(request)
+          rescue StandardError => e
+            handle_response_error(event, connection, e)
+            return
+          end
           audit.audit_event(event, response) if ::Contrast::API.request_audit_enable
-          process_settings_response(response, event)
-          process_preflight_response(event, response, connection)
-          report_configuration(response, event)
+          process_event_response(event, response, connection)
           response
         rescue StandardError => e
-          handle_response_error(event, connection, e)
+          logger.error('[Reporter] Error while processing event sent to TeamServer',
+                       error: e,
+                       event_type: event&.cs__class)
+        end
+
+        # Only two types of events require processing when returned from TeamServer; preflight and settings.
+        # For Settings, we want to update internally and then report the resulting configuration.
+        # For preflight, we want to process the response and send findings if requested.
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer
+        # @param response [Net::HTTPResponse] the response from TeamServer
+        # @param connection [Net::HTTP] open connection
+        def process_event_response event, response, connection
+          case event
+          when Contrast::Agent::Reporting::Preflight
+            process_preflight_response(event, response, connection)
+          when Contrast::Agent::Reporting::AgentStartup,
+            Contrast::Agent::Reporting::ApplicationStartup,
+            Contrast::Agent::Reporting::ApplicationSettings,
+            Contrast::Agent::Reporting::ServerSettings
+
+            process_settings_response(response, event)
+            report_configuration(response, event)
+          end
         end
 
         # Write effective config to file:
@@ -91,7 +116,7 @@ module Contrast
         # 200 or 304. In case of 304 there will be no new settings and we can write current ones.
         # This is done on every settings request.
         #
-        # @param response [Contrast::Agent::Reporting::Response, nil]
+        # @param response [Net::HTTPResponse, nil]
         # @param event [Contrast::Agent::Reporting::ReportingEvent]
         def report_configuration response, event
           return unless response
@@ -109,14 +134,17 @@ module Contrast
           logger.error('[Reporter] Error while reporting configuration', error: e, event_type: event&.cs__class)
         end
 
+        # @return [Contrast::Agent::Reporting::ConnectionStatus]
         def status
           @_status ||= Contrast::Agent::Reporting::ConnectionStatus.new
         end
 
+        # @return [Contrast::Agent::Reporting::ResponseHandler]
         def response_handler
           @_response_handler ||= Contrast::Agent::Reporting::ResponseHandler.new
         end
 
+        # @return [Contrast::Config::Diagnostics::Monitor]
         def diagnostics
           @_diagnostics ||= Contrast::Config::Diagnostics::Monitor.new(Contrast::LOGGER.path)
         end

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb

@@ -91,6 +91,7 @@ module Contrast
         #
         # @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer.
         # @param response [Net::HTTPResponse]
+        # @return [Contrast::Agent::Reporting::Response]
         def process_settings_response response, event
           res = response_handler.process(response, event)
           if res
@@ -115,7 +116,6 @@ module Contrast
           return unless response&.body && connection
 
           findings_to_return = response.body.split(',').delete_if { |el| el.include?('*') }
-          mode.resend.reset_rescue_attempts
           findings_to_return.each do |index|
             preflight_message = event.messages[index.to_i]
             preflight_data = preflight_message&.data
@@ -127,6 +127,12 @@ module Contrast
 
             send_event(corresponding_finding, connection)
           end
+
+          # Event rejected traces should be removed from the set.
+          # We could clean this up to know if the message was already deleted by the loop above.
+          event.messages&.each do |preflight_message|
+            Contrast::Agent::Reporting::ReportingStorage.delete(preflight_message&.data)
+          end
         rescue StandardError => e
           logger.error('[Reporter] Unable to handle preflight response', e)
         end

data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb

@@ -44,12 +44,7 @@ module Contrast
           def delete key
             return unless key
 
-            logger.debug('Starting deleting value for', key: key)
-
-            deleted_value = collection.delete(key)
-            logger.debug('Key wasn\'t found') unless deleted_value
-
-            deleted_value
+            collection.delete(key)
           end
 
           # @param rule_id [String] the rule_id

data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb

@@ -25,6 +25,7 @@ module Contrast
         # @return response [Net::HTTPResponse, nil]
         def process response, event
           logger.debug('[Reporter] Received a response')
+          return if event&.cs__is_a?(Contrast::Agent::Reporting::Finding)
           return unless analyze_response?(response)
 
           # Handle the response body and obtain server_features or app_settings

data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb

@@ -14,7 +14,6 @@ module Contrast
         include Contrast::Agent::Reporting::NgResponseExtractor
         include Contrast::Agent::Reporting::ResponseExtractor
 
-        ANALYZE_WHEN = %w[200 204].cs__freeze
         ERROR_CODES = {
             message_not_sent: '400',
             access_forbidden: '401',
@@ -112,11 +111,10 @@ module Contrast
           # used for in observed routes message.
           return false unless response && (response_code = response&.code)
 
-          # We still need to check the response code even if we are not analyzing it, since the 304 code does not
-          # contain settings to be extracted but we still need to know for the diagnostics. Do not move this bellow
-          # the ANALYZE_WHEN check.
           @_last_response_code = response_code
-          return true if ANALYZE_WHEN.include?(response_code)
+          return true if response_code == '200'
+          return false if response_code == '204'
+          return false if response_code == '304'
 
           handle_error(response) if ERROR_CODES.value?(response_code) && response&.body
           # There was error, so analyze the Error and nothing more.
@@ -267,7 +265,7 @@ module Contrast
         # @return response [Contrast::Agent::Reporting::Response]
         def convert_response response, event
           response_body = response&.body
-          return unless response_body
+          return unless response_body && !response_body.blank?
 
           response_data = Contrast::Utils::Json.parse(response_body, deep_symbolize: true)
           return unless response_data.cs__is_a?(Hash)

data/lib/contrast/agent/request/request.rb

@@ -180,7 +180,7 @@ module Contrast
         end
       end
 
-      # returns or fenerates the hash checksum for the request
+      # returns or generates the hash checksum for the request
       #
       # @return @_hash_id [String] Contrast::Utils::HashDigest generated string checksum
       def hash_id

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '7.6.0'
+    VERSION = '7.6.1'
   end
 end

data/lib/contrast/utils/hash_digest.rb

@@ -15,7 +15,6 @@ module Contrast
     class HashDigest < Digest::Class
       include Digest::Instance
       extend Contrast::Utils::HashDigestExtend
-      CONTENT_LENGTH_HEADER = 'Content-Length'
       CHARS = %w[a b c d e f g].cs__freeze
       CRYPTO_RULES = %w[crypto-bad-ciphers crypto-bad-mac].cs__freeze
       CONFIG_PATH_KEY = 'path'
@@ -34,8 +33,6 @@ module Contrast
       #
       # @param finding [Contrast::Agent::Reporting::Finding] finding to be reported
       # @param request [Contrast::Agent::Request] our wrapper around the Rack::Request.
-      # @return checksum [Integer, nil] returns nil if there is no request context or tracking
-      # is disabled.
       def update_on_request finding, request
         context = Contrast::Agent::REQUEST_TRACKER.current
         return unless context || ::Contrast::ASSESS.non_request_tracking?
@@ -58,7 +55,6 @@ module Contrast
       # Update to CRC checksum the event source name and source type.
       #
       # @param events [Array<Contrast::Agent::Reporting::FindingEvent>]
-      # @return checksum [Integer, nil] returns nil if there is no events
       def update_on_sources events
         events.each do |event|
           event.event_sources.each do |source|
@@ -68,22 +64,12 @@ module Contrast
         end
       end
 
-      # This method converts and integer value for length into a string value
-      # that we can hash on, based on the logarithmic value of the length, and
-      # updates the current hash with that value.
-      # @param chr [Numeric] the length to translate
-      def update_on_content_length chr
-        update(CHARS[Math.log10(chr.to_s.length).to_i] || CHARS[-1])
-      end
-
       # Converts  given string to CRC checksum. CRC32 checksum ensures that If error
       # of a single bit occurs, the CRC checksum will fail, regardless of any other
       # property of the transmitted data, including its length. Called several times
       # with previous CRC to recalculate the new output.
       #
       # @param str [String]
-      # @return @crc32 [Integer, nil] updated value of crc 32 bit integer checksum or
-      # nil if passed string is nil or empty
       def update str
         return unless str
 

data/lib/contrast/utils/hash_digest_extend.rb

@@ -17,7 +17,7 @@ module Contrast
       # param names and content length to CRC checksum and returns string representation
       #
       # @param request [Contrast::Agent::Request] our wrapper around the Rack::Request.
-      # @return checksum [String] String representation of CRC32 checksum
+      # @return [String] String representation of CRC32 checksum
       def generate_request_hash request
         hash = new
         hash.update(request.request_method)
@@ -25,8 +25,6 @@ module Contrast
         request.parameters.each_key do |name|
           hash.update(name)
         end
-        cl = request.headers[Contrast::Utils::HashDigest::CONTENT_LENGTH_HEADER]
-        hash.update_on_content_length(cl) if cl
         hash.finish
       end
 
@@ -37,7 +35,7 @@ module Contrast
       # @param finding [Contrast::Agent::Reporting::Finding] to be reported
       # @param source [Object] the source of the Trigger Event
       # @param request [Contrast::Agent::Request] our wrapper around the Rack::Request.
-      # @return checksum [String] String representation of CRC32 checksum
+      # @return [String] String representation of CRC32 checksum
       def generate_event_hash finding, source, request
         return generate_dataflow_hash(finding, request) if finding.events.length.to_i > 1
 
@@ -51,7 +49,7 @@ module Contrast
       # to CRC32 checksum and returns string representation to be appended to Contrast::Api::Dtm::Finding
       #
       # @param finding [Contrast::Agent::Reporting::Finding] to be reported
-      # @return checksum [String] String representation of CRC32 checksum.
+      # @return [String] String representation of CRC32 checksum.
       def generate_config_hash finding
         hash = new
         hash.update(finding.rule_id)
@@ -80,6 +78,19 @@ module Contrast
         hash.finish
       end
 
+      # Generates the hash checksum for response scanning. Converts the rule_id and request to CRC32 checksum and
+      # returns string representation.
+      #
+      # @param finding [Contrast::Agent::Reporting::Finding] to be reported
+      # # @param request [Contrast::Agent::Request]
+      # @return [String] String representation of CRC32 checksum.
+      def generate_response_hash finding, request
+        hash = new
+        hash.update(finding.rule_id)
+        hash.update_on_request(finding, request)
+        hash.finish
+      end
+
       private
 
       # Generates the hash checksum for crypto(crypto-bad-ciphers, crypto-bad-mac) rules.

data/lib/contrast/utils/json.rb

@@ -14,7 +14,7 @@ module Contrast
 
         # Add any known cases where parsing error might arise from older json parser:
         # @return [Array<String>]
-        SPECIAL_CASES = ["\"\"", "\"0\""].cs__freeze # rubocop:disable Style/StringLiterals
+        SPECIAL_CASES = [nil, "", "\"\"", "\"0\""].cs__freeze # rubocop:disable Style/StringLiterals
 
         # Parses a string using JSON.parser. This method is used instead of standard JSON.parse to
         # support older versions of json gem => not supporting key-value second parameter, which is

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 7.6.0
+  version: 7.6.1
 platform: ruby
 authors:
 - ruby@contrastsecurity.com
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-04-11 00:00:00.000000000 Z
+date: 2024-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -1395,7 +1395,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.26
+rubygems_version: 3.3.27
 signing_key:
 specification_version: 4
 summary: Contrast Security's agent for rack-based applications.