# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/components/logger' require 'contrast/components/scope' require 'contrast/agent/reporting/reporting_events/application_update' module Contrast module Agent # this module handles one time static analysis tasks class StaticAnalysis include Singleton include Contrast::Components::Scope::InstanceMethods extend Contrast::Components::Logger::InstanceMethods class << self # After the first request is complete, we do a one-time manual catchup to review and report the already-loaded # gems. def catchup @_catchup ||= begin threaded_analysis! true end end def send_inventory_message return unless ::Contrast::INVENTORY.enable report = Contrast::Agent::Reporting::ApplicationUpdate.new # This convert here is left as it'll be easier to be replaced when the Library is being changed report.libraries = Contrast::Agent::Inventory::DependencyAnalysis.instance.library_pb_list Contrast::Agent::Inventory::DatabaseConfig.append_db_config(report) [report, Contrast::Agent::Reporting::ApplicationInventory.new].each do |e| Contrast::Agent.reporter.send_event(e) end end private def threaded_analysis! Contrast::Agent::Thread.new do Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.catchup send_inventory_message rescue StandardError => e logger.warn('Unable to run post-initialization static analysis', e) end end end end end end