# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/utils/env_configuration_item' require 'contrast/configuration' module Contrast module Components # This component encapsulates reference to the configuration file. # At the time of writing, the configuration file is a yaml file reflecting # the 'common agent configuration' specification. # 'Config' and 'configuration' are to be interpreted as referring # specifically to these files and specifications, they are not generic # terms for other avenues of user configuration. # # This component is responsible for... # - encapsulating file access & concomitant error conditions # - implementing validity checks with respect to the specification # - memoizing/streamline field accesses # # Config fails fast. if it's not valid, the agent should break, and # it should break LOUDLY. Better to waste half an hour of the sysadmin's # time than to silently fail to deliver functionality. module Config CONTRAST_ENV_MARKER = 'CONTRAST__' class Interface # :nodoc: def initialize build end def build log: true @_valid = nil @config = Contrast::Configuration.new env_overrides validate(log: log) end alias_method :rebuild, :build # @return [Contrast::Config::RootConfiguration] def root @config.root end def valid? @_valid = validate(log: false) if @_valid.nil? @_valid end def invalid? !valid? end def loggable @config.loggable end private SESSION_VARIABLES = 'Invalid configuration. '\ "Setting both application.session_id and application.session_metadata is not allowed.\n" def validate log: false # The config has information about how to construct the logger. # If the config is invalid, and you want to know about it, then # you have a circular dependency if you try to log it, # hence `log: false`. if !session_id.empty? && !session_metadata.empty? if log cs__class.log_error(SESSION_VARIABLES) else puts SESSION_VARIABLES end return false end true end def env_overrides # For env variables resembling CONTRAST__WHATEVER__NESTED_VALUE # override raw.whatever.nested_value ENV.each do |env_key, env_value| next unless env_key.to_s.start_with?(CONTRAST_ENV_MARKER) config_item = Contrast::Utils::EnvConfigurationItem.new(env_key, env_value) @config.assign_value_to_path_array(config_item.dot_path_array, config_item.value) end end # Typically, this would be accessed through # Contrast::Components::AppContext, but we're too early in the # initialization of the Agent to use that mechanism, so we look it up # directly for ourselves # # @return [String,nil] the value of the session id set in the # configuration, or nil if unset def session_id @config.application.session_id end # Typically, this would be accessed through # Contrast::Components::AppContext, but we're too early in the # initialization of the Agent to use that mechanism, so we look it up # directly for ourselves # # @return [String,nil] the value of the session metadata set in the # configuration, or nil if unset def session_metadata @config.application.session_metadata end end end end end