Skip to content

Commit eb2e9a9

Browse files
nebhalenebhale
committed
Merge branch '3.x'
2 parents 5932516 + 3a80823 commit eb2e9a9

11 files changed

Lines changed: 285 additions & 2 deletions

File tree

.idea/dictionaries/bhale.xml

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.idea/runConfigurations/versions__JSON_.xml renamed to .idea/runConfigurations/versions__Markdown_.xml

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.idea/runConfigurations/versions__Pivotal_Network_.xml

Lines changed: 25 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,7 @@ To learn how to configure various properties of the buildpack, follow the "Confi
7575
* [AppDynamics Agent](docs/framework-app_dynamics_agent.md) ([Configuration](docs/framework-app_dynamics_agent.md#configuration))
7676
* [Container Customizer](docs/framework-container_customizer.md) ([Configuration](docs/framework-container_customizer.md#configuration))
7777
* [Container Security Provider](docs/framework-container_security_provider.md) ([Configuration](docs/framework-container_security_provider.md#configuration))
78+
* [Contrast Security Agent](docs/framework-contrast_security_agent.md) ([Configuration](docs/framework-contrast_security_agent.md#configuration))
7879
* [Debug](docs/framework-debug.md) ([Configuration](docs/framework-debug.md#configuration))
7980
* [Dyadic EKM Security Provider](docs/framework-dyadic_ekm_security_provider.md) ([Configuration](docs/framework-dyadic_ekm_security_provider.md#configuration))
8081
* [Dynatrace Appmon Agent](docs/framework-dynatrace_appmon_agent.md) ([Configuration](docs/framework-dynatrace_appmon_agent.md#configuration))

config/components.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@ frameworks:
3939
- "JavaBuildpack::Framework::AppDynamicsAgent"
4040
- "JavaBuildpack::Framework::ContainerCustomizer"
4141
- "JavaBuildpack::Framework::ContainerSecurityProvider"
42+
- "JavaBuildpack::Framework::ContrastSecurityAgent"
4243
- "JavaBuildpack::Framework::Debug"
4344
- "JavaBuildpack::Framework::DyadicEkmSecurityProvider"
4445
- "JavaBuildpack::Framework::DynatraceAppmonAgent"

config/contrast_security_agent.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
# Cloud Foundry Java Buildpack
2+
# Copyright 2013-2017 the original author or authors.
3+
#
4+
# Licensed under the Apache License, Version 2.0 (the "License");
5+
# you may not use this file except in compliance with the License.
6+
# You may obtain a copy of the License at
7+
#
8+
# http://www.apache.org/licenses/LICENSE-2.0
9+
#
10+
# Unless required by applicable law or agreed to in writing, software
11+
# distributed under the License is distributed on an "AS IS" BASIS,
12+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
# See the License for the specific language governing permissions and
14+
# limitations under the License.
15+
16+
# Configuration for the ContrastSecurity framework
17+
---
18+
version: 3.+
19+
repository_root: "https://artifacts.contrastsecurity.com/agents/java/"

docs/framework-contrast_security_agent.md

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
# Contrast Security Agent Framework
2+
The Contrast Security Agent Framework causes an application to be automatically configured to work with a bound [Contrast Security Service][].
3+
4+
<table>
5+
<tr>
6+
<td><strong>Detection Criterion</strong></td><td>Existence of a single bound Contrast Security service. The existence of an Contrast Security service defined by the <a href="http://docs.cloudfoundry.org/devguide/deploy-apps/environment-variable.html#VCAP-SERVICES"><code>VCAP_SERVICES</code></a> payload containing a service name, label or tag with <code>contrast-security</code> as a substring.
7+
</td>
8+
</tr>
9+
</table>
10+
Tags are printed to standard output by the buildpack detect script
11+
12+
## User-Provided Service
13+
When binding ContrastSecurity using a user-provided service, it must have name or tag with `contrast-security` in it. The credential payload can contain the following entries:
14+
15+
| Name | Description
16+
| ---- | -----------
17+
| `api_key` | Your user's api key
18+
| `service_key` | Your user's service key
19+
| `teamserver_url` | The base URL in which your user has access to and the URL to which the Agent will report. ex: https://app.contrastsecurity.com
20+
| `username` | The account name to use when downloading the agent
21+
22+
## Configuration
23+
For general information on configuring the buildpack, including how to specify configuration values through environment variables, refer to [Configuration and Extension][].
24+
25+
The framework can be configured by modifying the [`config/contrast_security_agent.yml`][] file in the buildpack fork. The framework uses the [`Repository` utility support][repositories] and so it supports the [version syntax][] defined there.
26+
27+
| Name | Description
28+
| ---- | -----------
29+
| `repository_root` | The URL of the Contrast Security repository index ([details][repositories]).
30+
| `version` | The version of Contrast Security to use. Candidate versions can be found in [this listing][].
31+
32+
[Contrast Security]: https://www.contrastsecurity.com
33+
[Configuration and Extension]: ../README.md#configuration-and-extension
34+
[Contrast Security Service]: https://www.contrastsecurity.com
35+
[`config/contrast_security_agent.yml`]: ../config/contrast_security_agent.yml
36+
[Configuration and Extension]: ../README.md#configuration-and-extension
37+
[repositories]: extending-repositories.md
38+
[this listing]: https://artifacts.contrastsecurity.com/agents/java/index.yml
39+
[version syntax]: extending-repositories.md#version-syntax-and-ordering

lib/java_buildpack/framework/contrast_security_agent.rb

Lines changed: 124 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,124 @@
1+
# Encoding: utf-8
2+
3+
# Cloud Foundry Java Buildpack
4+
# Copyright 2013-2017 the original author or authors.
5+
#
6+
# Licensed under the Apache License, Version 2.0 (the "License");
7+
# you may not use this file except in compliance with the License.
8+
# You may obtain a copy of the License at
9+
#
10+
# http://www.apache.org/licenses/LICENSE-2.0
11+
#
12+
# Unless required by applicable law or agreed to in writing, software
13+
# distributed under the License is distributed on an "AS IS" BASIS,
14+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15+
# See the License for the specific language governing permissions and
16+
# limitations under the License.
17+
18+
require 'fileutils'
19+
require 'java_buildpack/component/versioned_dependency_component'
20+
require 'java_buildpack/framework'
21+
require 'java_buildpack/util/qualify_path'
22+
require 'rexml/document'
23+
24+
module JavaBuildpack
25+
module Framework
26+
27+
# Encapsulates the functionality for running the Contrast Security Agent support.
28+
class ContrastSecurityAgent < JavaBuildpack::Component::VersionedDependencyComponent
29+
include JavaBuildpack::Util
30+
31+
# (see JavaBuildpack::Component::BaseComponent#compile)
32+
def compile
33+
download_jar
34+
@droplet.copy_resources
35+
36+
write_configuration @application.services.find_service(CONTRAST_FILTER)['credentials']
37+
end
38+
39+
# (see JavaBuildpack::Component::BaseComponent#release)
40+
def release
41+
@droplet.java_opts
42+
.add_system_property('contrast.dir', '$TMPDIR')
43+
.add_system_property('contrast.override.appname', application_name)
44+
.add_preformatted_options("-javaagent:#{qualify_path(@droplet.sandbox + jar_name, @droplet.root)}=" \
45+
"#{qualify_path(contrast_config, @droplet.root)}")
46+
end
47+
48+
protected
49+
50+
# (see JavaBuildpack::Component::VersionedDependencyComponent#jar_name)
51+
def jar_name
52+
"contrast-engine-#{@version.to_s.split('_')[0]}.jar"
53+
end
54+
55+
# (see JavaBuildpack::Component::VersionedDependencyComponent#supports?)
56+
def supports?
57+
@application.services.one_service?(CONTRAST_FILTER, API_KEY, SERVICE_KEY, TEAMSERVER_URL, USERNAME)
58+
end
59+
60+
private
61+
62+
API_KEY = 'api_key'.freeze
63+
64+
CONTRAST_FILTER = 'contrast-security'.freeze
65+
66+
PLUGIN_PACKAGE = 'com.aspectsecurity.contrast.runtime.agent.plugins.'.freeze
67+
68+
SERVICE_KEY = 'service_key'.freeze
69+
70+
TEAMSERVER_URL = 'teamserver_url'.freeze
71+
72+
USERNAME = 'username'.freeze
73+
74+
private_constant :API_KEY, :CONTRAST_FILTER, :PLUGIN_PACKAGE, :SERVICE_KEY, :TEAMSERVER_URL, :USERNAME
75+
76+
def add_contrast(doc, credentials)
77+
contrast = doc.add_element('contrast')
78+
(contrast.add_element 'id').add_text('default')
79+
(contrast.add_element 'global-key').add_text(credentials[API_KEY])
80+
(contrast.add_element 'url').add_text("#{credentials[TEAMSERVER_URL]}/Contrast/s/")
81+
(contrast.add_element 'results-mode').add_text('never')
82+
83+
add_user contrast, credentials
84+
add_plugins contrast
85+
end
86+
87+
def add_plugins(contrast)
88+
plugin_group = contrast.add_element('plugins')
89+
90+
(plugin_group.add_element 'plugin').add_text("#{PLUGIN_PACKAGE}.security.SecurityPlugin")
91+
(plugin_group.add_element 'plugin').add_text("#{PLUGIN_PACKAGE}.architecture.ArchitecturePlugin")
92+
(plugin_group.add_element 'plugin').add_text("#{PLUGIN_PACKAGE}.appupdater.ApplicationUpdatePlugin")
93+
(plugin_group.add_element 'plugin').add_text("#{PLUGIN_PACKAGE}.sitemap.SitemapPlugin")
94+
(plugin_group.add_element 'plugin').add_text("#{PLUGIN_PACKAGE}.frameworks.FrameworkSupportPlugin")
95+
(plugin_group.add_element 'plugin').add_text("#{PLUGIN_PACKAGE}.http.HttpPlugin")
96+
end
97+
98+
def add_user(contrast, credentials)
99+
user = contrast.add_element('user')
100+
(user.add_element 'id').add_text(credentials[USERNAME])
101+
(user.add_element 'key').add_text(credentials[SERVICE_KEY])
102+
end
103+
104+
def application_name
105+
@application.details['application_name'] || 'ROOT'
106+
end
107+
108+
def contrast_config
109+
@droplet.sandbox + 'contrast.config'
110+
end
111+
112+
def write_configuration(credentials)
113+
doc = REXML::Document.new
114+
115+
add_contrast doc, credentials
116+
117+
contrast_config.open(File::CREAT | File::WRONLY) { |f| f.write(doc) }
118+
end
119+
120+
end
121+
122+
end
123+
124+
end

rakelib/versions_task.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,7 @@ def initialize
5252
'app_dynamics_agent' => 'AppDynamics Agent',
5353
'container_customizer' => 'Spring Boot Container Customizer',
5454
'container_security_provider' => 'Container Security Provider',
55+
'contrast_security_agent' => 'Contrast Security Agent',
5556
'dyadic_ekm_security_provider' => 'Dyadic EKM Security Provider',
5657
'dynatrace_appmon_agent' => 'Dynatrace Appmon Agent',
5758
'dynatrace_one_agent' => 'Dynatrace OneAgent',

spec/fixtures/stub-contrast-security-agent.jar

Whitespace-only changes.

0 commit comments

Comments
 (0)