# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/components/logger' require 'contrast/components/scope' require 'contrast/agent/reporting/reporting_events/application_update' require 'contrast/api/decorators/application_update' module Contrast module Agent # this module handles one time static analysis tasks class StaticAnalysis include Singleton include Contrast::Components::Scope::InstanceMethods extend Contrast::Components::Logger::InstanceMethods class << self # After the first request is complete, we do a one-time manual catchup to review and report the already-loaded # gems. def catchup @_catchup ||= begin threaded_analysis! true end end # TODO: RUBY-1356 def send_inventory_message return unless ::Contrast::INVENTORY.enabled? app_update_msg = Contrast::Api::Dtm::ApplicationUpdate.build Contrast::Agent::Inventory::DatabaseConfig.append_db_config(app_update_msg) # TODO: RUBY-1438 -- remove and build ReportingEvent directly if Contrast::Agent.reporter report = Contrast::Agent::Reporting::DtmMessage.dtm_to_event(app_update_msg) Contrast::Agent.reporter.send_event(report) # This is being reported separately because we extract the data from the same message inventory_report = Contrast::Agent::Reporting::ApplicationInventory.convert(app_update_msg) Contrast::Agent.reporter.send_event(inventory_report) else Contrast::Agent.messaging_queue.send_event_eventually(app_update_msg) end end private def threaded_analysis! Contrast::Agent::Thread.new do Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.catchup send_inventory_message rescue StandardError => e logger.warn('Unable to run post-initialization static analysis', e) end end end end end end