# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/components/base' require 'contrast/components/config' require 'contrast/components/settings' module Contrast module Components module Assess # A wrapper build around the Common Agent Configuration project to allow # for access of the values contained in its # parent_configuration_spec.yaml. # Specifically, this allows for querying the state of the Assess product. class Interface include Contrast::Components::ComponentBase def enabled? # config overrides if forcibly set return false if forcibly_disabled? return true if forcibly_enabled? ::Contrast::SETTINGS.assess_state.enabled == true end def tainted_columns ::Contrast::SETTINGS.tainted_columns end def forcibly_disabled? @_forcibly_disabled = false?(::Contrast::CONFIG.root.assess.enable) if @_forcibly_disabled.nil? @_forcibly_disabled end def rule_disabled? name disabled_rules.include?(name) end # The value of the stacktrace should be treated as an ENUM. We upcase it for # faster comparisons when we use it. Anything not one of the known values of # 'NONE', 'SOME', or 'ALL' is treated as 'ALL' # # @return [Symbol] the normalized value of ::Contrast::CONFIG.root.assess.stacktraces def capture_stacktrace_value @_capture_stacktrace_value ||= case ::Contrast::CONFIG.root.assess.stacktraces.upcase when 'NONE' :NONE when 'SOME' :SOME else :ALL end end # Consider capture_stacktrace_value along with the node type # to dertmine whether stacktraces should be captured. # # capture_stacktrace_value -> (:ALL, :NONE, :SOME) # node types (SourceNode, PolicyNode, TriggerNode, PropagationNode) # # @param policy_node [Contrast::Agent::Assess::Policy::PolicyNode] The node in question. # @return [Boolean] to capture or not to capture, that is the question. def capture_stacktrace? policy_node return true if capture_stacktrace_value == :ALL return false if capture_stacktrace_value == :NONE # Below here capture_stacktrace_value must be :SOME. return true if policy_node.cs__is_a?(Contrast::Agent::Assess::Policy::SourceNode) return true if policy_node.cs__is_a?(Contrast::Agent::Assess::Policy::TriggerNode) false end def scan_response? @_scan_response = !false?(::Contrast::CONFIG.root.assess.enable_scan_response) if @_scan_response.nil? @_scan_response end def require_scan? @_require_scan = !false?(::Contrast::CONFIG.root.agent.ruby.require_scan) if @_require_scan.nil? @_require_scan end def require_dynamic_sources? return @_require_dynamic_sources unless @_require_dynamic_sources.nil? @_require_dynamic_sources = !false?(::Contrast::CONFIG.root.assess.enable_dynamic_sources) end def non_request_tracking? @_non_request_tracking = true?(::Contrast::CONFIG.root.agent.ruby.non_request_tracking) if @_non_request_tracking.nil? @_non_request_tracking end def tags ::Contrast::CONFIG.root.assess&.tags end def disabled_rules # TODO: RUBY-903 ::Contrast::CONFIG.root.assess&.rules&.disabled_rules || ::Contrast::SETTINGS.assess_state.disabled_assess_rules || [] end def track_original_object? if @_track_original_object.nil? @_track_original_object = !false?(::Contrast::CONFIG.root.assess.enable_original_object) end @_track_original_object end # The id for this process, based on the session metadata or id provided by the user, as indicated in # application startup. def session_id ::Contrast::SETTINGS.assess_state.session_id end private def forcibly_enabled? @_forcibly_enabled = true?(::Contrast::CONFIG.root.assess.enable) if @_forcibly_enabled.nil? @_forcibly_enabled end end end end end