This artical applies to all Contrast Ruby agents prior to 6.8.0.
There are two primary components of the Ruby agent: the agent and a service used to communicate to the Contrast Server. For more information on the Ruby agent, see our Open Docs site.
If the Contrast Ruby agent is having trouble connecting with the service verify the following details:
- The service must be running
- The port for the service and the ruby agent must match
- The ruby agent is loading its configuration file
- The connection is actually established, but the logging level is set too high.
Details:
The ruby agent runs within the Ruby on Rails application's thread so all interactions with the Contrast UI require that the Ruby agent to forward information about events to the Contrast Service. In addition, the service is responsible for reading the server features and application settings from Contrast UI and forwarding them to the agent. If the communication between the service and the agent is not established the web application will still run but it will not be protected from attack or report vulnerabilities.
Diagnosing that the Agent cannot connect to the Service:
If the agent is correctly installed but unable to connect to the service, when the application starts there will be an error in the contrast log file.
2017-10-30 15:43:32,892 [Contrast Security] DEBUG - Sending 1 messages (current=Contrast::Api::Dtm::ApplicationCreation)
2017-10-30 15:43:32,892 [Contrast Security] DEBUG - Marshaled data length 186 bytes
2017-10-30 15:43:32,892 [Contrast Security] ERROR - Client threw exception communicating with service :: Connection refused - connect(2) for "127.0.0.1" port 30556
Verifying that the Service is running:
The ruby service should be identifiable as Contrast-Service
in the process list. The Ruby agent is bundled with the service. The Ruby agent attempts to start the service when the application starts up. The agent adds three Rake tasks to the application:
-
rake contrast:service:status
this checks for a process named Contrast-Service running on the local server. -
rake contrast:service:start
if the service is not found, this tasks attempts to start the service that was bundled with the agent. It uses the common config entries that the agent has so it will use the host and port values that the agent expects. -
rake contrast:service:stop
this attempts to kill a running Contrast-Service process. Note that the agent will attempt to restart the service on a subsequent request so this is primarily useful as a restart mechanism.
Verifying Service and Agent port numbers:
Both the agent and the service need the following sections in their configuration file:
agent:
service:
host: 127.0.0.1
port: 30555 # any valid port number is allowed
Verifying the Service Logging level:
The default logging level for the service is ERROR. If you see a log file contrast_service.log
that is empty it may be because the log level is too high. To update the service log level:
agent:
service:
logging:
path: contrast_service.log
level: DEBUG # DEBUG, INFO, WARN, ERROR
Verifying that the Agent is loading the Configuration YAML file:
If the agent can not find a configuration file it will not prevent the application from running but it will output a warning to STDOUT.
~/testing/rails5/app_with_scaffold:rails-5.0.0 [!?]$ rails s
=> Booting Puma
=> Rails 5.0.6 application starting in development on http://localhost:3000
=> Run `rails server -h` for more startup options
No configuration file found in contrast_security.yml, contrast_security.yaml, config/contrast_security.yml, config/contrast_security.yaml, /etc/contrast_security.yml, /etc/contrast_security.yaml
Puma starting in single mode...
* Version 3.10.0 (ruby 2.4.1-p111), codename: Russell's Teapot
* Min threads: 5, max threads: 5
* Environment: development
* Listening on tcp://0.0.0.0:3000
Use Ctrl-C to stop