Java Instrumentation

Java Agent

The Contrast Java agent is a JAR file that will be added to your application using Java’s “javaagent” option. General instructions to configure and run your application with the agent are below. An overview is also available at https://www.contrastsecurity.com/knowledge-hub/video/how-to-instrument-java-application.

You can also run the Contrast Java agent with Gradle, and there are additional agent settings for your consideration.

Please see our Java - Supported Technologies page for additional information on our application stacks supported by our Java agent.

Configuration

  • By default the agent’s connection configuration to TeamServer is included in the JAR file (but can be overridden)
  • Additional config via command line or yaml file:
    • %ProgramData%\Contrast\java\contrast_security.yaml
    • /etc/contrast/java/contrast_security.yaml
  • Recommended minimum configurations: 
    -Dcontrast.dir=<logs folder>
-Dcontrast.standalone.appname=<your app name>
-Dcontrast.env=<”development”, “qa” or “production”>

Running your app with the agent

java -javaagent:target/contrast.jar -Dcontrast.env=qa -Dcontrast.standalone.appname=MyVulnerableApp -Dcontrast.agent.logger.level=DEBUG –Dcontrast.server.name=docker -jar target/myvulnerableapp.jar

Reference: https://docs.contrastsecurity.com/installation-javaconfig.html

Java Agent with Gradle

Running with Gradle

Edit build.gradle:

application {
    applicationDefaultJvmArgs = listOf("-javaagent:contrast.jar", "-Dcontrast.standalone.appname='MyVulnerableApp'")
    }

Testing

Edit build.gradle:

val test by tasks.getting(Test::class) {
    jvmArgs = listOf("-javaagent:contrast.jar", "-Dcontrast.standalone.appname='MyVulnerableApp'")    useJUnitPlatform { }
    }

Additional Java Agent Settings

Setting Description
-Dcontrast.server.name Agent server name
-Dcontrast.env Environment: development, qa or production
-Dcontrast.dir Working directory including log files
-Dcontrast.level Set to Debug to increase logging
-Dcontrast.standalong.appname Set application name
-Dcontrast.override.appversion Set application version
-Dcontrast.external.lib.dir List of directories where external libraries are stored; used during library analysis
-Dcontrast.define.rep Use Contrast’s Runtime Exploit Prevention (REP) technology with Protect. Set to true.
-Dcontrast.defend.parameters.json Set to true if using JSON APIs