contrast-agent 3.12.2 → 3.13.0

data/lib/contrast/agent/assess/tag.rb

@@ -7,28 +7,42 @@ module Contrast
       # A Tag represents a range in a given piece of data. It is used by the
       # Agent to determine if a vulnerable dataflow has occurred.
       class Tag
-        attr_reader :length,    # length of tagged text within string
+        attr_reader :label,     # the label of this tag
+                    :length,    # length of tagged text within string
                     :start_idx, # start of range
-                    :end_idx    # end of range (calculated from start + length)
+                    :end_idx    # end of range (calculated from start + length), exclusive
 
         # Initialize a new tag
-        # length : the length of the string described with this tag
-        # start_idx : (default: 0) the starting position in the string for this tag
-        def initialize length, start_idx = 0
+        #
+        # @param label [String] the lable of the tag
+        # @param length [Integer] the length of the string described with this
+        #   tag
+        # @param start_idx [Integer] (0) the starting position in the string for
+        #   this tag
+        def initialize label, length, start_idx = 0
+          @label = label
           update_range(start_idx, start_idx + length)
         end
 
         # Return true if the tag covers the given position in the string
+        #
+        # @param idx [Integer] the index to check
+        # @return [Boolean]
         def covers? idx
           idx >= start_idx && idx < end_idx
         end
 
         # Return true if the tag is above the given position in the string
+        # @param idx [Integer] the index to check
+        # @return [Boolean]
         def above? idx
           idx < start_idx
         end
 
-        # Return the range that this tag covers
+        # Return the range that this tag covers, from start (inclusive) to
+        # end (exclusive).
+        #
+        # @return [Range]
         def range
           start_idx...end_idx
         end
@@ -38,10 +52,11 @@ module Contrast
         end
 
         # Return if a given tag overlaps this one
-        def overlaps? other
-          return true if @start_idx <  other.start_idx && @end_idx >= other.start_idx  # we start below other & end in it
-          return true if @start_idx >= other.start_idx && @end_idx <= other.end_idx    # we start and end in other
-          return true if @start_idx <= other.end_idx   && @end_idx >  other.end_idx    # we start in other & end above it
+        def overlaps? start_idx, end_idx
+          return true if @start_idx <  start_idx && @end_idx >= start_idx  # we start below range & end in it
+          return true if @start_idx >= start_idx && @end_idx <= end_idx    # we start and end in range
+
+          @start_idx <= end_idx && @end_idx > end_idx                      # we start in range & end above it
         end
 
         def shift idx
@@ -71,7 +86,7 @@ module Contrast
         # Returns true if the other tag was merged into
         # this tag
         def merge other
-          return unless overlaps?(other)
+          return unless overlaps?(other.start_idx, other.end_idx)
 
           start = other.start_idx < @start_idx ? other.start_idx : @start_idx
           finish = other.end_idx > @end_idx ? other.end_idx : @end_idx
@@ -86,7 +101,7 @@ module Contrast
           new_start_idx = start >= 0 ? start : 0
           # If a tag were to go negative, cut off the negative portion from length
           new_length = start >= 0 ? length : (length + start)
-          Contrast::Agent::Assess::Tag.new(new_length, new_start_idx)
+          Contrast::Agent::Assess::Tag.new(label, new_length, new_start_idx)
         end
 
         def str_val

data/lib/contrast/agent/at_exit_hook.rb

@@ -29,7 +29,9 @@ module Contrast
                      process_pp_id: Process.ppid)
 
         context = Contrast::Agent::REQUEST_TRACKER.current
-        Contrast::Utils::ServiceSenderUtil.send_event_immediately(context.activity) if context
+        return unless context
+
+        Contrast::Agent.messaging_queue.send_event_immediately(context.activity)
       end
     end
   end

data/lib/contrast/agent/exclusion_matcher.rb

@@ -92,7 +92,7 @@ module Contrast
       end
 
       def code?
-        @exclusion.type == :CODE
+        @exclusion.type == Contrast::Api::Settings::Exclusion::ExclusionType::CODE
       end
 
       def name
@@ -100,7 +100,7 @@ module Contrast
       end
 
       def match_all?
-        @exclusion.match_strategy == :ALL
+        @exclusion.urls.nil? || @exclusion.urls.empty?
       end
 
       # Determine if the given rule is excluded by this exclusion.

data/lib/contrast/agent/inventory/policy/datastores.rb

@@ -40,7 +40,6 @@ module Contrast
               context = Contrast::Agent::REQUEST_TRACKER.current
               return unless context&.activity
 
-              context.activity.technologies[data_store] = true
               context.activity.query_count += 1
               return unless context.activity.query_count == 1
 

data/lib/contrast/agent/middleware.rb

@@ -7,7 +7,6 @@ cs__scoped_require 'rack'
 
 cs__scoped_require 'contrast/security_exception'
 cs__scoped_require 'contrast/utils/object_share'
-cs__scoped_require 'contrast/agent/service_heartbeat'
 cs__scoped_require 'contrast/components/interface'
 cs__scoped_require 'contrast/utils/heap_dump_util'
 cs__scoped_require 'contrast/agent/request_handler'
@@ -15,8 +14,6 @@ cs__scoped_require 'contrast/agent/static_analysis'
 
 cs__scoped_require 'contrast/utils/timer'
 cs__scoped_require 'contrast/utils/freeze_util'
-cs__scoped_require 'contrast/utils/service_sender_util'
-cs__scoped_require 'contrast/utils/service_response_util'
 
 module Contrast
   module Agent
@@ -60,7 +57,7 @@ module Contrast
       #   instrumentation going forward
       def agent_startup_routine
         logger.debug_with_time('middleware: starting service') do
-          run_service_threads
+          Contrast::Agent.thread_watcher.ensure_running?
         end
 
         logger.debug_with_time('middleware: instrument shared libraries and patch') do
@@ -110,6 +107,7 @@ module Contrast
       # available globally so that it can be accessed from anywhere. A RequestHandler object is made
       # for each request, which handles prefilter and postfilter operations.
       def call_with_agent env
+        Contrast::Agent.thread_watcher.ensure_running?
         return unless AGENT.enabled?
 
         framework_request = Contrast::Agent.framework_manager.retrieve_request(env)
@@ -176,16 +174,6 @@ module Contrast
           raise exception
         end
       end
-
-      # TODO: RUBY-920
-      # Move this somewhere that controls our threads, ensuring they're
-      # recreated on Fork
-      #
-      # Rspec stubs over these methods for simplicity's sake in testing
-      def run_service_threads
-        Contrast::Utils::ServiceSenderUtil.start
-        Contrast::Agent::ServiceHeartbeat.new.start
-      end
     end
   end
 end

data/lib/contrast/agent/patching/policy/patch.rb

@@ -353,7 +353,7 @@ module Contrast
                            elsif target_module.public_instance_methods(false).include?(method_name)
                              :public
                            else
-                             raise NotImplementedError,
+                             raise NoMethodError,
                                    <<~ERR
                                      Tried to register a C-defined #{ impl } patch for \
                                      #{ target_module_name }##{ method_name }, but can't find :#{ method_name }.

data/lib/contrast/agent/patching/policy/policy.rb

@@ -22,17 +22,17 @@ module Contrast
 
           # Indicates the folder in `resources` where this policy lives.
           def self.policy_folder
-            raise(NotImplementedError, 'specify policy_folder for patching')
+            raise(NoMethodError, 'specify policy_folder for patching')
           end
 
           # Indicates is this feature has been disabled by the configuration,
           # read at startup, and therefore can never be enabled.
           def disabled_globally?
-            raise(NotImplementedError, 'specify disabled_globally? conditions for patching')
+            raise(NoMethodError, 'specify disabled_globally? conditions for patching')
           end
 
           def node_type
-            raise(NotImplementedError, 'specify the concrete node type for this poilcy')
+            raise(NoMethodError, 'specify the concrete node type for this poilcy')
           end
 
           access_component :analysis, :logging

data/lib/contrast/agent/patching/policy/policy_node.rb

@@ -19,11 +19,11 @@ module Contrast
           attr_reader :properties, :method_scope
 
           def node_class
-            raise NotImplementedError, 'specify the type of the feature for which this node patches'
+            raise NoMethodError, 'specify the type of the feature for which this node patches'
           end
 
           def feature
-            raise NotImplementedError, 'specify the name of the feature for which this node patches'
+            raise NoMethodError, 'specify the name of the feature for which this node patches'
           end
 
           def initialize policy_hash = {}

data/lib/contrast/agent/protect/policy/rule_applicator.rb

@@ -26,11 +26,11 @@ module Contrast
           protected
 
           def invoke _method, _exception, _properties, _object, _args
-            raise NotImplementedError, 'This is abstract, override it.'
+            raise NoMethodError, 'This is abstract, override it.'
           end
 
           def name
-            raise NotImplementedError, 'This is abstract, override it.'
+            raise NoMethodError, 'This is abstract, override it.'
           end
 
           def rule

data/lib/contrast/agent/protect/rule/base.rb

@@ -18,15 +18,19 @@ module Contrast
 
           UNKNOWN_USER_INPUT = Contrast::Api::Dtm::UserInput.new.tap do |user_input|
             user_input.input_type = :UNKNOWN
-          end.cs__freeze
+          end
 
-          BLOCKING_MODES = Set.new(%i[BLOCK BLOCK_AT_PERIMETER]).cs__freeze
-          POSTFILTER_MODES = Set.new(%i[BLOCK PERMIT MONITOR]).cs__freeze
-          STACK_COLLECTION_RESULTS = Set.new(%i[BLOCKED MONITORED]).cs__freeze
+          BLOCKING_MODES = Set.new([Contrast::Api::Settings::ProtectionRule::Mode::BLOCK,
+                                    Contrast::Api::Settings::ProtectionRule::Mode::BLOCK_AT_PERIMETER]).cs__freeze
+          POSTFILTER_MODES = Set.new([Contrast::Api::Settings::ProtectionRule::Mode::BLOCK,
+                                      Contrast::Api::Settings::ProtectionRule::Mode::PERMIT,
+                                      Contrast::Api::Settings::ProtectionRule::Mode::MONITOR]).cs__freeze
+          STACK_COLLECTION_RESULTS = Set.new([Contrast::Api::Dtm::AttackResult::ResponseType::BLOCKED,
+                                              Contrast::Api::Dtm::AttackResult::ResponseType::MONITORED]).cs__freeze
 
           attr_reader :mode
 
-          def initialize default_mode = :NO_ACTION
+          def initialize default_mode = Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION
             PROTECT.rules[name] = self
             @mode = mode_from_settings || default_mode
           end
@@ -135,7 +139,7 @@ module Contrast
           protected
 
           def build_details _input_string, _ia_result
-            raise Contrast::InternalException, "Rule #{ name } did not implement build_details"
+            raise NoMethodError, "Rule #{ name } did not implement build_details"
           end
 
           def mode_from_settings
@@ -176,14 +180,14 @@ module Contrast
           # @param _kwargs [Hash] key-value pairs used by the rule to build a
           #   report.
           def find_attacker _context, _potential_attack_string, **_kwargs
-            raise Contrast::InternalException, "Rule #{ name } did not implement find_attack"
+            raise NoMethodError, "Rule #{ name } did not implement find_attack"
           end
 
           def update_successful_attack_response context, ia_result, result, attack_string = nil
-            if mode == :MONITOR
-              result.response = :MONITORED
-            elsif mode == :BLOCK
-              result.response = :BLOCKED
+            if mode == Contrast::Api::Settings::ProtectionRule::Mode::MONITOR
+              result.response = Contrast::Api::Dtm::AttackResult::ResponseType::MONITORED
+            elsif mode == Contrast::Api::Settings::ProtectionRule::Mode::BLOCK
+              result.response = Contrast::Api::Dtm::AttackResult::ResponseType::BLOCKED
             end
 
             ia_result.attack_count = ia_result.attack_count + 1 if ia_result
@@ -193,11 +197,11 @@ module Contrast
           end
 
           def update_perimeter_attack_response context, ia_result, result
-            if mode == :BLOCK_AT_PERIMETER
-              result.response = :BLOCKED_AT_PERIMETER
+            if mode == Contrast::Api::Settings::ProtectionRule::Mode::BLOCK_AT_PERIMETER
+              result.response = Contrast::Api::Dtm::AttackResult::ResponseType::BLOCKED_AT_PERIMETER
               log_rule_matched(context, ia_result, result.response)
             elsif ia_result.nil? || ia_result.attack_count.zero?
-              result.response = :PROBED
+              result.response = Contrast::Api::Dtm::AttackResult::ResponseType::PROBED
               log_rule_probed(context, ia_result)
             end
 
@@ -237,24 +241,8 @@ module Contrast
             build_base_sample(context, ia_result)
           end
 
-          def build_user_input ia_result
-            return UNKNOWN_USER_INPUT unless ia_result
-
-            input = Contrast::Api::Dtm::UserInput.new
-            input.input_type = ia_result.input_type.to_sym
-            input.matcher_ids = ia_result.ids
-            input.path = ia_result.path.to_s
-            input.key = ia_result.key.to_s
-            input.value = ia_result.value.to_s
-            input
-          end
-
           def build_base_sample context, ia_result
-            sample = Contrast::Api::Dtm::RaspRuleSample.new
-            sample.timestamp_ms = context.timer.start_ms
-            sample.user_input = build_user_input(ia_result)
-            sample.user_input.document_type = context.request.dtm.document_type unless sample.user_input.cs__frozen?
-            sample
+            Contrast::Api::Dtm::RaspRuleSample.build(context, ia_result)
           end
 
           def log_rule_matched _context, ia_result, response, _matched_string = nil

data/lib/contrast/agent/protect/rule/base_service.rb

@@ -79,7 +79,7 @@ module Contrast
           def find_postfilter_attacker context, potential_attack_string, **kwargs
             ia_results = gather_ia_results(context)
             ia_results.select! do |ia_result|
-              ia_result.score_level == :DEFINITEATTACK
+              ia_result.score_level == Contrast::Api::Settings::InputAnalysisResult::ScoreLevel::DEFINITEATTACK
             end
             find_attacker_with_results(context, potential_attack_string, ia_results, **kwargs)
           end

data/lib/contrast/agent/protect/rule/http_method_tampering.rb

@@ -53,6 +53,7 @@ module Contrast
           def build_sample context, evaluation, _candidate_string, **kwargs
             sample = build_base_sample(context, evaluation)
             sample.user_input.value = kwargs[:method]
+            sample.user_input.input_type = :METHOD
 
             sample.method_tampering = Contrast::Api::Dtm::HttpMethodTamperingDetails.new
             sample.method_tampering.method = Contrast::Utils::StringUtils.protobuf_safe_string(kwargs[:method])
@@ -61,17 +62,11 @@ module Contrast
             sample
           end
 
-          def build_user_input _evaluation
-            input = Contrast::Api::Dtm::UserInput.new
-            input.input_type = :METHOD
-            input
-          end
-
           private
 
           def normal_request? context
             method = context.request.request_method
-            context.request.static_request? || method.nil? || STANDARD_METHODS.include?(method.upcase)
+            context.request.static? || method.nil? || STANDARD_METHODS.include?(method.upcase)
           end
         end
       end

data/lib/contrast/agent/protect/rule/xxe.rb

@@ -77,6 +77,7 @@ module Contrast
 
           def build_sample context, ia_result, _url, **kwargs
             sample = build_base_sample(context, ia_result)
+            sample.user_input = build_user_input(ia_result)
             sample.xxe = kwargs[:details]
             sample
           end

data/lib/contrast/agent/reaction_processor.rb

@@ -26,14 +26,14 @@ module Contrast
 
         application_settings.reactions.each do |reaction|
           # the enums are all uppercase, we need to downcase them before attempting to log
-          level = reaction.log_level.nil? ? :error : reaction.log_level.downcase
+          level = reaction.log_level.nil? ? :error : reaction.log_level.name.downcase
 
           logger.with_level(level, reaction.message) if reaction.message
 
           case reaction.operation
-          when :DISABLE
+          when Contrast::Api::Settings::Reaction::Operation::DISABLE
             Contrast::Agent::DisableReaction.run reaction, level
-          when :NOOP
+          when Contrast::Api::Settings::Reaction::Operation::NOOP
             # NOOP
           else
             logger.warn(

data/lib/contrast/agent/request.rb

@@ -25,66 +25,16 @@ module Contrast
       LAST_REST_TOKEN = %r{/[\d]+$}.cs__freeze
       INNER_NUMBER_MARKER = '/{n}/'
       LAST_NUMBER_MARKER = '/{n}'
-      OMITTED_BODY = '{{body-omitted-by-contrast}}'
 
       attr_reader :rack_request
 
-      def_delegators :@rack_request,
-                     :env,
-                     :query_string,
-                     :user_agent,
-                     :path,
-                     :base_url
-
-      # receiver is memoized because it is the address/host/port of the server, once we
-      # resolve this for the first time, it shouldn't change
-      def self.receiver
-        @_receiver ||= build_receiver
-      end
+      # Delegate calls to the following methods to the attribute @rack_request
+      def_delegators :@rack_request, :base_url, :content_type, :cookies, :env, :ip, :path, :port, :query_string, :request_method, :scheme, :url, :user_agent
 
       def initialize rack_request
         @rack_request = rack_request
       end
 
-      ACCEPT = 'ACCEPT'
-      def accept_headers
-        accepts = Array(normalized_request_headers[ACCEPT])
-        accepts.any? ? accepts : nil
-      end
-
-      STATIC_SUFFIXES = /\.(?:js|css|jpeg|jpg|gif|png|ico|woff|svg|pdf|eot|ttf|jar)$/i.cs__freeze
-      WILDCARD = '*/*'
-      # Utility method for checking if a request is for a static resource.
-      # @return [Boolean] true, if the request is for a well-known static
-      #  type, like the following, and false otherwise: .js, .css, .jpg,
-      # .gif, .png, .ico
-      def static_request?
-        return true if trimmed_uri&.match?(STATIC_SUFFIXES)
-
-        accepts = accept_headers
-        if accepts
-          return false if accepts[0].to_s.start_with?(WILDCARD)
-          return true if media_content_type?(accepts[0])
-        end
-
-        false
-      end
-
-      MEDIA_TYPE_MARKERS = %w[image/ text/css text/javascript].cs__freeze
-      def media_content_type? str
-        str = str.to_s
-        str.start_with?(*MEDIA_TYPE_MARKERS)
-      end
-
-      def trimmed_uri
-        @_trimmed_uri ||= begin
-          raise ArgumentError, 'url was nil when attempting to trim' unless uri
-
-          trimmed = uri.split(Contrast::Utils::ObjectShare::SEMICOLON).first # remove ;jsessionid
-          trimmed.split(Contrast::Utils::ObjectShare::QUESTION_MARK).first # remove ?query_string=
-        end
-      end
-
       # Returns a normalized form of the URI. In "normal" URIs
       # this will return an unchanged String, but in REST-y
       # URIs this will normalize the digit path tokens, e.g.:
@@ -96,69 +46,111 @@ module Contrast
       # Should also handle the ;jsessionid.
       def normalized_uri
         @_normalized_uri ||= begin
-          uri = trimmed_uri
-          uri = uri.gsub(INNER_REST_TOKEN, INNER_NUMBER_MARKER) # replace interior tokens
-          uri.gsub(LAST_REST_TOKEN, LAST_NUMBER_MARKER) # replace last token
-        end
+                               path = rack_request.path
+                               uri = path.split(Contrast::Utils::ObjectShare::SEMICOLON)[0]    # remove ;jsessionid
+                               uri = uri.split(Contrast::Utils::ObjectShare::QUESTION_MARK)[0] # remove ?query_string=
+                               uri.gsub(INNER_REST_TOKEN, INNER_NUMBER_MARKER)                 # replace interior tokens
+                               uri.gsub(LAST_REST_TOKEN, LAST_NUMBER_MARKER)                   # replace last token
+                             end
       end
 
-      UNKNOWN_REQUEST_METHOD = 'UNKNOWN'
-
-      def request_method
-        rack_request.get_header(Rack::REQUEST_METHOD)
-      rescue StandardError => e
-        logger.warn('Unable to extract request method', e)
-        UNKNOWN_REQUEST_METHOD
+      def document_type
+        @_document_type ||= begin
+                              if /xml/i.match?(content_type) || body&.start_with?('<?xml')
+                                :XML
+                              elsif /json/i.match?(content_type) || body&.match?(/\s*[{\[]/)
+                                :JSON
+                              else
+                                :NORMAL
+                              end
+                            end
       end
 
-      def document_type_from_header
-        case content_type
-        when /xml/i
-          :XML
-        when /json/i
-          :JSON
-        when /html/i
-          :NORMAL
-        end
+      # Header keys upcased and any underscores replaced with dashes
+      def headers
+        @_headers ||= begin
+                        with_contrast_scope do
+                          hash = {}
+                          env.each do |key, value|
+                            next unless key
+
+                            name = key.to_s
+                            next unless name.start_with?(Contrast::Utils::ObjectShare::HTTP_SCORE)
+
+                            hash[Contrast::Utils::StringUtils.normalized_key(name)] = value
+                          end
+                          hash
+                        end
+                      end
       end
 
-      def document_type
-        @_document_type ||= begin
-          type = document_type_from_header
-          if type
-            type
-          elsif request_body_str.start_with?('<?xml')
-            :XML
-          elsif request_body_str.match?(/\s*[{\[]/)
-            :JSON
+      def body
+        # Memoize a flag indicating whether we've tried to read the body or not
+        # (can't use body because it might be nil)
+        @_body_read ||= begin
+          body = rack_request.body
+          if defined?(Rack::Multipart) && defined?(Rack::Multipart::UploadedFile) && body.is_a?(Rack::Multipart::UploadedFile)
+            logger.trace("not parsing uploaded file body :: #{ body.original_filename }::#{ body.content_type }")
+            @_body = nil
           else
-            :NORMAL
+            logger.trace("parsing body from request :: #{ body.cs__class.cs__name }")
+            @_body = Contrast::Utils::StringUtils.force_utf8(read_body(body))
           end
+
+          true
         end
+
+        # Return memoized body (which might be nil)
+        @_body
       end
 
-      def request_headers
-        @_request_headers ||= begin
-          with_contrast_scope do
-            headers = header_pairs(env).each_with_object({}) do |pair, h|
-              h[pair[0]] = pair[1]
-            end
-            headers
-          end
-        end
+      # Unlike most of our translation, which is called where needed for each
+      # message and forgotten, we'll leave this method to call the build as we
+      # don't want to pay to reconstruct the DTM for this Request multiple
+      # times.
+      #
+      # @return [Contrast::Api::Dtm::HttpRequest] the SpeedRacer compatible
+      #   form of this Request
+      def dtm
+        @_dtm ||= Contrast::Api::Dtm::HttpRequest.build(self)
       end
 
-      # Header keys upcased and any underscores replaced with dashes
-      def normalized_request_headers
-        @_normalized_request_headers ||= begin
-          hash = {}
-          request_headers.each_pair do |header_name, header_value|
-            hash[Contrast::Utils::StringUtils.normalized_key(header_name)] = header_value
-          end
-          hash
-        end
+      def parameters
+        @_parameters ||= with_contrast_scope { normalize_params(rack_request.params) }
+      end
+
+      def file_names
+        @_file_names ||= begin
+                           names = {}
+                           parsed_data = Rack::Multipart.parse_multipart(rack_request.env)
+                           traverse_parsed_multipart(parsed_data, names)
+                         rescue StandardError => _e
+                           logger.warn('Unable to parse multipart request!')
+                           {}
+                         end
+      end
+
+      def hash_id
+        @_hash_id ||= Contrast::Utils::HashDigest.generate_request_hash(self)
+      end
+
+      STATIC_SUFFIXES = /\.(?:js|css|jpeg|jpg|gif|png|ico|woff|svg|pdf|eot|ttf|jar)$/i.cs__freeze
+      MEDIA_TYPE_MARKERS = %w[image/ text/css text/javascript].cs__freeze
+      # Utility method for checking if a request is for a static resource.
+      # @return [Boolean] true, if the request is for a well-known static
+      #  type as determined by the request suffix or the accept header.
+      def static?
+        return true if normalized_uri&.match?(STATIC_SUFFIXES)
+
+        accepts = Array(headers['ACCEPT'])&.first&.to_s
+        return false unless accepts
+        return false if accepts.start_with?('*/*')
+
+        accepts.start_with?(*MEDIA_TYPE_MARKERS)
       end
 
+      private
+
       # Return a flattened hash of params with realized paths for keys, in
       # addition to a separate, valueless, entry for each nest key.
       # See RUBY-621 for more details.
@@ -197,237 +189,6 @@ module Contrast
         end
       end
 
-      def request_body
-        # Memoize a flag indicating whether we've tried to read the body or not
-        # (can't use body because it might be nil)
-        @_request_body_read ||= begin
-          body = @rack_request.body
-          if defined?(Rack::Multipart)
-            if defined?(Rack::Multipart::UploadedFile) && body.is_a?(Rack::Multipart::UploadedFile)
-              logger.trace("not parsing uploaded file body :: #{ body.original_filename }::#{ body.content_type }")
-              @_request_body = nil
-            else
-              logger.trace("parsing body from request :: #{ body.cs__class.cs__name }")
-              @_request_body = Contrast::Utils::StringUtils.force_utf8(read_body(body))
-            end
-          else
-            logger.trace('Rack before 1.3.x does not support Rack::Multipart')
-            @_request_body = Contrast::Utils::StringUtils.force_utf8(read_body(body))
-          end
-
-          true
-        end
-
-        # Return memoized body (which might be nil)
-        @_request_body
-      end
-
-      def request_body_str
-        request_body.to_s || Contrast::Utils::ObjectShare::EMPTY_STRING
-      end
-
-      # This will become to_protobuf
-      # Expectation is that all data from a previous phase will be populated
-      # before the subsequent one begins
-      def dtm
-        @_dtm ||= begin
-          with_contrast_scope do
-            http_request = Contrast::Api::Dtm::HttpRequest.new
-            http_request.uuid = Contrast::Utils::StringUtils.force_utf8(__id__)
-            http_request.timestamp_ms = Contrast::Utils::Timer.now_ms.to_i
-
-            append_receiver(http_request)
-            append_connection(http_request)
-            append_params(http_request)
-            append_headers(http_request)
-            append_body(http_request)
-
-            http_request
-          end
-        end
-      end
-
-      def append_receiver http_request
-        r = cs__class.receiver
-        r.port = port.to_i if port
-        http_request.receiver = r unless r.nil?
-      end
-
-      def append_connection http_request
-        http_request.sender = Contrast::Api::Dtm::Address.new
-        http_request.sender.ip = Contrast::Utils::StringUtils.force_utf8(ip)
-        http_request.protocol = Contrast::Utils::StringUtils.force_utf8(scheme)
-        http_request.version = '1.1' # currently not in rack request; hard-coding
-        http_request.method = Contrast::Utils::StringUtils.force_utf8(request_method)
-        http_request.raw = Contrast::Utils::StringUtils.force_utf8(@rack_request.path_info)
-        http_request.parsed_connection = false
-      end
-
-      def append_params http_request
-        parameters.each do |k, v|
-          next unless k && v
-          next if v.is_a?(Hash)
-
-          key = Contrast::Utils::StringUtils.force_utf8(k)
-          val = Contrast::Utils::StringUtils.force_utf8(v)
-          params = http_request.normalized_request_params
-          params[key] = Contrast::Api::Dtm::Pair.new unless params[key].is_a?(Contrast::Api::Dtm::Pair)
-          params[key].key = key
-          params[key].values << val
-        end
-      end
-
-      def append_headers http_request
-        request_headers.each do |k, v|
-          next unless k && v
-          next if v.is_a?(Hash)
-
-          key = Contrast::Utils::StringUtils.force_utf8(k)
-          val = Contrast::Utils::StringUtils.force_utf8(v)
-          http_request.request_headers[key] = val
-        end
-
-        http_request.parsed_request_headers = true
-
-        normalized_request_headers.each do |k, v|
-          next unless k && v
-          next if v.is_a?(Hash)
-
-          key = Contrast::Utils::StringUtils.force_utf8(k)
-          val = Contrast::Utils::StringUtils.force_utf8(v)
-          http_request.normalized_request_headers[key] ||= Contrast::Api::Dtm::Pair.new
-          http_request.normalized_request_headers[key].key = key
-          http_request.normalized_request_headers[key].values << val
-        end
-
-        request_cookies.each do |k, v|
-          next unless k && v
-          next if v.is_a?(Hash)
-
-          key = Contrast::Utils::StringUtils.force_utf8(k)
-          val = Contrast::Utils::StringUtils.force_utf8(v)
-          http_request.normalized_cookies[key] ||= Contrast::Api::Dtm::Pair.new
-          http_request.normalized_cookies[key].key = key
-          http_request.normalized_cookies[key].values << val
-        end
-      end
-
-      def append_body http_request
-        http_request.document_type = Contrast::Utils::StringUtils.force_utf8(document_type)
-
-        http_request.request_body = if omit_body?
-                                      OMITTED_BODY
-                                    else
-                                      Contrast::Utils::StringUtils.force_utf8(request_body)
-                                    end
-        return if file_names.empty?
-
-        file_names.each do |name, filename|
-          pair = Contrast::Api::Dtm::SimplePair.new
-          pair.key = Contrast::Utils::StringUtils.force_utf8(name)
-          pair.value = Contrast::Utils::StringUtils.force_utf8(filename)
-          http_request.multipart_headers << pair
-        end
-      end
-
-      def omit_body?
-        return true if AGENT.omit_body?
-        return false if document_type == :XML
-        return false if document_type == :JSON
-
-        content_type&.include?('multipart/form-data')
-      end
-
-      def self.build_receiver
-        address = Contrast::Api::Dtm::Address.new
-        address.host = 'localhost'
-        address.ip = '127.0.0.1'
-        begin
-          Timeout.timeout(1) do
-            address.host = Contrast::Utils::StringUtils.force_utf8(Socket.gethostname)
-            address.ip = Contrast::Utils::StringUtils.force_utf8(Resolv.getaddress(address.host))
-          end
-        rescue StandardError => e
-          logger.warn('Unable to resolve host or ip', e, address: address)
-        end
-        address
-      end
-
-      # Memoized Rack Request Values
-      def ip
-        @_ip ||= @rack_request.ip
-      end
-
-      def scheme
-        @_scheme ||= @rack_request.scheme
-      end
-
-      def port
-        @_port ||= @rack_request.port
-      end
-
-      def uri
-        @_uri ||= @rack_request.path
-      end
-
-      def url
-        @_url ||= @rack_request.url
-      end
-
-      def content_type
-        @_content_type ||= @rack_request.content_type
-      end
-
-      def request_cookies
-        @_request_cookies ||= @rack_request.cookies
-      end
-
-      def parameters
-        @_parameters ||= with_contrast_scope { normalize_params(@rack_request.params) }
-      end
-
-      # End of Rack Request memoized values
-
-      def file_names
-        @_file_names ||= begin
-                           names = {}
-                           parsed_data = Rack::Multipart.parse_multipart(@rack_request.env)
-                           traverse_parsed_multipart(parsed_data, names)
-                         rescue StandardError => _e
-                           logger.warn('Unable to parse multipart request!')
-                           {}
-                         end
-      end
-
-      def hash_id
-        @_hash_id ||= Contrast::Utils::HashDigest.generate_request_hash(self)
-      end
-
-      # we just need to map length to a repeatable value
-      # unlike Java, we hash with strings, so we'll use single character
-      # strings for our purposes.
-      CHARS = %w[a b c d e f g].cs__freeze
-      def normalized_length_header chr
-        chr = chr.to_s
-        tmp = CHARS[Math.log10(chr.length).to_i] if chr
-        tmp ||= CHARS[6]
-        tmp
-      end
-
-      private
-
-      HTTP_PREFIX = /^[Hh][Tt][Tt][Pp][_-]/i.cs__freeze
-
-      def header_pairs env
-        selected = env.select do |k, _v|
-          k.to_s.start_with?(Contrast::Utils::ObjectShare::HTTP_SCORE)
-        end
-        selected.map do |k, v|
-          name = k.to_s.sub(HTTP_PREFIX, Contrast::Utils::ObjectShare::EMPTY_STRING)
-          [name, v]
-        end
-      end
-
       def read_body body
         return body if body.is_a?(String)