Contrast Security Agent || Plugins Package

[csseifms]

Hello,

Plugin PKG Code Please elaborate to clarify adding aspectsecurity because I could not see anything about this from doc.

I am implementing same logic from Ruby to Java. Excuse my lack of knowledge in Ruby and please correct me if one of the above links is not correct.

Do I really need this Plugins to be added in my java implementation? Any hints for the correct mapping in java if the answer is "Yes, I have to add it"? Can you advise how those plugins are used and sourced?

Thanks in advance! BR, Seif

[csseifms]

@pivotal-david-osullivan do you have any info here to support me?

[dmikusa]

I'm not sure that I understand the question you're asking here.

The section of code that you're referencing is building up the contract security configuration file and writing it out. I'm not familiar with Contrast so I don't know what those settings are doing, but the code is writing out the XML config file with those options set. If you need to know more about what the options do, you'd want to ask someone at Contrast Security.

If that does not answer your question, apologizes, please try to clarify what you're asking. Thanksl

[csseifms]

Hello @dmikusa,

Thanks for your answer, Could you please provide me with example for this XML config file that should be the input for Contrast Security please?

Do you know how aspectsecurity is sourced? I could not find any explanations for that in the documentation and I think I would need it to generate XML config file as input for Contrast Security.

BR, Seif

[dmikusa]

Sorry, I don't know anything about the content of that file. The buildpack writes it but it's not buildpack-specific. It's something read by the agent when the agent runs. I would suggest looking at Contract Security documentation for information about the file. We pass the config file path to the agent through the -javaagent argument, so you might have a look at the agent docs and start there.

Hope that helps!