contrast-agent 4.12.0 → 4.14.1

data/lib/contrast/agent/patching/policy/patch.rb

@@ -4,6 +4,7 @@
 require 'monitor'
 require 'contrast/components/logger'
 require 'contrast/components/scope'
+require 'contrast/utils/patching/policy/patch_utils'
 
 require 'contrast/agent'
 require 'contrast/logger/log'
@@ -32,6 +33,8 @@ module Contrast
         # provides a map for which methods our renamed functions need to call
         # and how.
         module Patch
+          extend Contrast::Utils::Patching::PatchUtils
+
           class << self
             include Contrast::Agent::Assess::Policy::SourceMethod
             include Contrast::Agent::Assess::Policy::PropagationMethod
@@ -57,226 +60,6 @@ module Contrast
               end
             end
 
-            # THIS IS CALLED FROM C. Do not change the signature lightly.
-            #
-            # This method functions to call the infilter methods from our
-            # patches, allowing for analysis and reporting at the point just
-            # before the patched code is invoked.
-            #
-            # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-            #   Mapping of the triggers on the given method.
-            # @param method [Symbol] The method into which we're patching
-            # @param exception [StandardError] Any exception raised during the
-            #   call of the patched method.
-            # @param object [Object] The object on which the method is invoked,
-            #   typically what would be returned by self.
-            # @param args [Array<Object>] The arguments passed to the method
-            #   being invoked.
-            def apply_pre_patch method_policy, method, exception, object, args
-              apply_protect(method_policy, method, exception, object, args)
-              apply_inventory(method_policy, method, exception, object, args)
-            rescue Contrast::SecurityException => e
-              # We were told to block something, so we gotta. Don't catch this
-              # one, let it get back to our Middleware or even all the way out to
-              # the framework
-              raise e
-            rescue StandardError => e
-              # Anything else was our bad and we gotta catch that to allow for
-              # normal application flow
-              logger.error('Unable to apply pre patch to method.', e)
-            rescue Exception => e # rubocop:disable Lint/RescueException
-              # This is something like NoMemoryError that we can't
-              # hope to handle.  Nonetheless, shouldn't leak scope.
-              exit_contrast_scope!
-              raise e
-            end
-
-            # THIS IS CALLED FROM C. Do not change the signature lightly.
-            #
-            # This method functions to call the infilter methods from our
-            # patches, allowing for analysis and reporting at the point just
-            # after the patched code is invoked
-            #
-            # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-            #   Mapping of the triggers on the given method.
-            # @param preshift [Contrast::Agent::Assess::PreShift] The capture
-            #   of the state of the code just prior to the invocation of the
-            #   patched method.
-            # @param object [Object] The object on which the method was
-            #   invoked, typically what would be returned by self.
-            # @param ret [Object] The return of the method that was invoked.
-            # @param args [Array<Object>] The arguments passed to the method
-            #   being invoked.
-            # @param block [Proc] The block passed to the method that was
-            #   invoked.
-            def apply_post_patch method_policy, preshift, object, ret, args, block
-              apply_assess(method_policy, preshift, object, ret, args, block)
-            rescue StandardError => e
-              logger.error('Unable to apply post patch to method.', e)
-            end
-
-            # Apply the Protect patch which applies to the given method.
-            #
-            # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-            #   Mapping of the triggers on the given method.
-            # @param method [Symbol] The method into which we're patching
-            # @param exception [StandardError] Any exception raised during the
-            #   call of the patched method.
-            # @param object [Object] The object on which the method is invoked,
-            #   typically what would be returned by self.
-            # @param args [Array<Object>] The arguments passed to the method
-            #   being invoked.
-            def apply_protect method_policy, method, exception, object, args
-              return unless ::Contrast::AGENT.enabled?
-              return unless ::Contrast::PROTECT.enabled?
-
-              apply_trigger_only(method_policy&.protect_node, method, exception, object, args)
-            end
-
-            # Apply the Inventory patch which applies to the given method.
-            #
-            # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-            #   Mapping of the triggers on the given method.
-            # @param method [Symbol] The method into which we're patching
-            # @param exception [StandardError] Any exception raised during the
-            #   call of the patched method.
-            # @param object [Object] The object on which the method is invoked,
-            #   typically what would be returned by self.
-            # @param args [Array<Object>] The arguments passed to the method
-            #   being invoked.
-            def apply_inventory method_policy, method, exception, object, args
-              return unless ::Contrast::INVENTORY.enabled?
-
-              apply_trigger_only(method_policy&.inventory_node, method, exception, object, args)
-            end
-
-            # Apply the Assess patches which apply to the given method.
-            #
-            # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-            #   Mapping of the triggers on the given method.
-            # @param preshift [Contrast::Agent::Assess::PreShift] The capture
-            #   of the state of the code just prior to the invocation of the
-            #   patched method.
-            # @param object [Object] The object on which the method was
-            #   invoked, typically what would be returned by self.
-            # @param ret [Object] The return of the method that was invoked.
-            # @param args [Array<Object>] The arguments passed to the method
-            #   being invoked.
-            # @param block [Proc] The block passed to the method that was
-            #   invoked.
-            def apply_assess method_policy, preshift, object, ret, args, block
-              source_ret = nil
-              propagated_ret = nil
-              return ret unless method_policy && ::Contrast::ASSESS.enabled?
-
-              current_context = Contrast::Agent::REQUEST_TRACKER.current
-              return ret if current_context && !current_context.analyze_request?
-
-              trigger_node = method_policy.trigger_node
-              if trigger_node
-                Contrast::Agent::Assess::Policy::TriggerMethod.apply_trigger_rule(trigger_node, object, ret, args)
-              end
-              if method_policy.source_node
-                # If we were given a frozen return, and it was the target of a
-                # source, and we have frozen sources enabled, we'll need to
-                # replace the return. Note, this is not the default case.
-                source_ret = Contrast::Agent::Assess::Policy::SourceMethod.source_patchers(method_policy, object, ret,
-                                                                                           args)
-              end
-              if method_policy.propagation_node
-                propagated_ret = Contrast::Agent::Assess::Policy::PropagationMethod.apply_propagation(
-                    method_policy,
-                    preshift,
-                    object,
-                    source_ret || ret,
-                    args,
-                    block)
-              end
-              handle_return(propagated_ret, source_ret, ret)
-            rescue StandardError => e
-              logger.error('Unable to assess method call.', e)
-              handle_return(propagated_ret, source_ret, ret)
-            rescue Exception => e # rubocop:disable Lint/RescueException
-              logger.error('Unable to assess method call.', e)
-              handle_return(propagated_ret, source_ret, ret)
-              raise e
-            end
-
-            # Generic invocation of the Inventory or Protect patch which apply
-            # to the given method.
-            #
-            # @param trigger_node [Contrast::Agent::Inventory::Policy::TriggerNode]
-            #   Mapping of the specific trigger on the given method.
-            # @param method [Symbol] The method into which we're patching
-            # @param exception [StandardError] Any exception raised during the
-            #   call of the patched method.
-            # @param object [Object] The object on which the method is invoked,
-            #   typically what would be returned by self.
-            # @param args [Array<Object>] The arguments passed to the method
-            #   being invoked.
-            def apply_trigger_only trigger_node, method, exception, object, args
-              return unless trigger_node
-
-              # If that rule only applies in the case of an exception being
-              # thrown and there's no exception here, move along, or vice versa
-              return if trigger_node.on_exception && !exception
-              return if !trigger_node.on_exception && exception
-
-              # Each patch has an applicator that handles logic for it. Think
-              # of this as being similar to propagator actions, most closely
-              # resembling CUSTOM - they all have a common interface but their
-              # own logic based on what's in the method(s) they've been patched
-              # into.
-              # Each patch also knows the method of its applicator. Some
-              # things, like AppliesXxeRule, have different methods depending
-              # on the library patched. This lets us handle the boilerplate of
-              # patching while still allowing for custom handling of the
-              # methods.
-              applicator_method = trigger_node.applicator_method
-              # By calling send like this, we can reuse all the patching.
-              # We `send` to the given method of the given class
-              # (applicator) since they all accept the same inputs
-              trigger_node.applicator.send(applicator_method, method, exception, trigger_node.properties, object, args)
-            end
-
-            # Method to choose which replaced return from the post_patch to
-            # actually return
-            #
-            # @param propagated_ret [Object, nil] The replaced return from the
-            #   propagation patch.
-            # @param source_ret [Object, nil] The replaced return from the
-            #   source patch.
-            # @param ret [Object, nil] The original return of the patched
-            #   method.
-            # @return [Object, nil] The thing to return from the post patch.
-            def handle_return propagated_ret, source_ret, ret
-              safe_return = propagated_ret || source_ret || ret
-              safe_return.rewind if Contrast::Utils::IOUtil.should_rewind?(safe_return)
-              safe_return
-            end
-
-            # Given a module and method, construct an expected name for the
-            # alias by which Contrast will reference the original.
-            #
-            # @param patched_class [Module] the module being patched
-            # @param patched_method [Symbol] the method being patched
-            # @return [Symbol]
-            def build_method_name patched_class, patched_method
-              (Contrast::Utils::ObjectShare::CONTRAST_PATCHED_METHOD_START +
-                  patched_class.cs__name.gsub('::', '_').downcase +
-                  Contrast::Utils::ObjectShare::UNDERSCORE +
-                  patched_method.to_s).to_sym
-            end
-
-            # Given a method, return a symbol in the format
-            # <method_start>_unbound_<method_name>
-            def build_unbound_method_name patcher_method
-              (Contrast::Utils::ObjectShare::CONTRAST_PATCHED_METHOD_START +
-                'unbound' +
-                Contrast::Utils::ObjectShare::UNDERSCORE +
-                patcher_method.to_s).to_sym
-            end
-
             # @param mod [Module] the module in which the patch should be
             #   placed.
             # @param methods [Array(Symbol)] all the instance or singleton
@@ -337,7 +120,7 @@ module Contrast
             #   :prepend            -> prepend instance method of module
             #   [prepending singleton is easily supported too, just not implemented yet.]
             # @return [Symbol] new alias for the underlying method (presumably, so the patched method can call it)
-            def register_c_patch target_module_name, unbound_method, impl = :alias_instance # rubocop:disable  Metrics/AbcSize
+            def register_c_patch target_module_name, unbound_method, impl = :alias_instance
               # These could be set as AfterLoadPatches.
               method_name = unbound_method.name.to_sym # rubocop:disable Security/Module/Name -- ruby built in attribute.
               underlying_method_name = build_unbound_method_name(method_name).to_sym
@@ -360,6 +143,30 @@ module Contrast
                                    ERR
                            end
 
+              reflect_implementation impl, target_module, unbound_method, visibility
+              # Ougai::Logger.create_item_with_2args calls Hash#[]=, so we
+              # can't invoke this logging method or we'll seg fault as we'd
+              # change the method definition mid-call
+              # if method_name != :[]= &&
+              #   Contrast::Agent::Logger.defined!
+              #   logger.trace(
+              #       'Registered C-defined patch',
+              #       implementation: impl,
+              #       module: target_mod,
+              #       method: method_name,
+              #       visibility: visibility)
+              # end
+              underlying_method_name
+            end
+
+            # @param impl [Symbol] Strategy for applying the patch: { :alias_instance, :alias_singleton, or :prepend }:
+            # @param target_module [Module] The targeted module
+            # @param unbound_method [UnboundMethod] An unbound method, to be patched into target_module.
+            # @param visibility [Symbol] method visibility
+            def reflect_implementation impl, target_module, unbound_method, visibility
+              method_name = unbound_method.name.to_sym # rubocop:disable Security/Module/Name -- ruby built in attribute.
+              underlying_method_name = build_unbound_method_name(method_name).to_sym
+
               case impl
               when :alias_instance, :alias_singleton
                 # Core to patching. Ignore define method usage cop.
@@ -383,20 +190,6 @@ module Contrast
                 target_module.prepend prepending_module
                 # rubocop:enable Performance/Kernel/DefineMethod
               end
-
-              # Ougai::Logger.create_item_with_2args calls Hash#[]=, so we
-              # can't invoke this logging method or we'll seg fault as we'd
-              # change the method definition mid-call
-              # if method_name != :[]= &&
-              #   Contrast::Agent::Logger.defined!
-              #   logger.trace(
-              #       'Registered C-defined patch',
-              #       implementation: impl,
-              #       module: target_module_name,
-              #       method: method_name,
-              #       visibility: visibility)
-              # end
-              underlying_method_name
             end
 
             # @return [Boolean]

data/lib/contrast/agent/patching/policy/patcher.rb

@@ -10,6 +10,7 @@ require 'contrast/agent/patching/policy/module_policy'
 require 'contrast/components/logger'
 require 'contrast/components/scope'
 require 'contrast/utils/class_util'
+require 'contrast/utils/patching/policy/patcher_utils'
 
 # assess
 require 'contrast/agent/assess/policy/policy'
@@ -44,6 +45,7 @@ module Contrast
         # and how.
         module Patcher
           extend Contrast::Agent::Patching::Policy::AfterLoadPatcher
+          extend Contrast::Utils::Patching::PatcherUtils
           extend Contrast::Components::Logger::InstanceMethods
           extend Contrast::Components::Scope::InstanceMethods
 
@@ -77,47 +79,6 @@ module Contrast
               end
             end
 
-            # This method is called by TracePointHook to instrument a specific class during a require
-            # or eval of dynamic class definition
-            def patch_specific_module mod
-              with_contrast_scope do
-                mod_name = mod.cs__name
-                return unless Contrast::Utils::ClassUtil.truly_defined?(mod_name)
-                return if ::Contrast::AGENT.skip_instrumentation?(mod_name)
-
-                load_patches_for_module(mod_name)
-
-                return if all_module_names.none?(mod_name)
-
-                module_data = Contrast::Agent::ModuleData.new(mod, mod_name)
-                patch_into_module(module_data)
-                all_module_names.delete(mod_name) if status_type.get_status(mod).patched?
-              rescue StandardError => e
-                logger.error('Unable to patch module', e, module: mod_name)
-              end
-            end
-
-            # We did it, team. We found a patcher(s) that applies to the given
-            # class (or module) and the given method. Time to do some tracking.
-            #
-            # @param mod [Module] the module in which the patch should be
-            #   placed.
-            # @param methods [Array(Symbol)] all the instance or singleton
-            #   methods in this mod.
-            # @param method_policy [Contrast::Agent::Patching::Policy::MethodPolicy]
-            #   the policy that applies to the given method_name.
-            # @return [Boolean] if patched, either by this invocation or a
-            #   previous, or not
-            def patch_method mod, methods, method_policy
-              return false unless methods&.any? # don't even build the name if there are no methods
-
-              if Contrast::Utils::ClassUtil.prepended_method?(mod, method_policy)
-                Contrast::Agent::Patching::Policy::Patch.instrument_with_prepend(mod, method_policy)
-              else
-                Contrast::Agent::Patching::Policy::Patch.instrument_with_alias(mod, methods, method_policy)
-              end
-            end
-
             private
 
             POLICIES = [
@@ -190,6 +151,18 @@ module Contrast
                 return
               end
 
+              patch_methods status, module_data, module_policy
+            rescue StandardError => e
+              status&.failed_patch!
+              logger.warn('Patching failed', e, module: module_data.mod_name)
+            ensure
+              logger.trace('Patching complete',
+                           module: module_data.mod_name,
+                           result:
+                             Contrast::Agent::Patching::Policy::PatchStatus.get_status(module_data.mod).patch_status)
+            end
+
+            def patch_methods status, module_data, module_policy
               status.patching!
               num_applied_patches = patch_into_instance_methods(module_data, module_policy)
               num_applied_patches += patch_into_singleton_methods(module_data, module_policy)
@@ -199,14 +172,6 @@ module Contrast
               else
                 status.partial_patch!
               end
-            rescue StandardError => e
-              status&.failed_patch!
-              logger.warn('Patching failed', e, module: module_data.mod_name)
-            ensure
-              logger.trace('Patching complete',
-                           module: module_data.mod_name,
-                           result:
-                             Contrast::Agent::Patching::Policy::PatchStatus.get_status(module_data.mod).patch_status)
             end
 
             # Get all of the instance methods on the given module, excluding

data/lib/contrast/agent/reporting/report.rb

@@ -0,0 +1,21 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    # This is the base module for our reporting functionality. It is intended to
+    # facilitate all the needed report generating functionality and eventual
+    # report to RS.
+    # Any class under this namespace should be required here, providing a
+    # single point of require for this functionality.
+    module Reporting
+    end
+  end
+end
+
+require 'contrast/agent/reporting/reporter'
+require 'contrast/agent/reporting/reporting_utilities/audit'
+require 'contrast/agent/reporting/reporting_utilities/reporter_client'
+require 'contrast/agent/reporting/reporting_events/finding'
+require 'contrast/agent/reporting/reporting_events/preflight_message'
+require 'contrast/agent/reporting/reporting_events/preflight'

data/lib/contrast/agent/reporting/reporter.rb

@@ -0,0 +1,142 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/worker_thread'
+require 'contrast/agent/reporting/report'
+require 'contrast/components/logger'
+require 'contrast/utils/object_share'
+require 'contrast/agent/version'
+require 'base64'
+
+module Contrast
+  module Agent
+    # This module will hold everything essential to reporting to TeamServer
+    class Reporter < WorkerThread
+      include Contrast::Components::Logger::InstanceMethods
+      include Contrast::Utils::ObjectShare
+
+      class << self
+        include Contrast::Components::Logger::InstanceMethods
+
+        # check if we can report to TS
+        #
+        # @return[Boolean] true if bypass is enabled, or false if bypass disabled
+        def enabled?
+          @_enabled = Contrast::CONTRAST_SERVICE.use_agent_communication? if @_enabled.nil?
+          @_enabled
+        end
+      end
+
+      def headers
+        @_headers ||= {
+            app_name: Base64.encode64(Contrast::APP_CONTEXT.app_name).chomp!,
+            api_key: Contrast::API.api_key,
+            agent_version: [RUBY, Contrast::Agent::VERSION].join(SPACE),
+            app_language: RUBY,
+            app_path: Base64.encode64(Contrast::APP_CONTEXT.path).chomp!,
+            app_version: Contrast::APP_CONTEXT.app_version,
+            authorization: Base64.encode64("#{ Contrast::API.username }:#{ Contrast::API.service_key }").chomp!,
+            server_name: Base64.encode64(Contrast::APP_CONTEXT.server_name).chomp!,
+            server_path: Base64.encode64(Contrast::APP_CONTEXT.server_path).chomp!,
+            server_type: Base64.encode64(Contrast::APP_CONTEXT.server_type).chomp!,
+            content_type: 'application/json',
+            encoding: 'base64'
+        }.cs__freeze
+      end
+
+      def client
+        @_client ||= Contrast::Utils::ReporterClient.new headers
+      end
+
+      def connection
+        @_connection ||= client.initialize_connection
+      end
+
+      def audit
+        @_audit ||= Contrast::Agent::Reporting::Audit.new
+      end
+
+      def attempt_to_start?
+        unless cs__class.enabled?
+          logger.warn('Reporter service is disabled!')
+          return false
+        end
+
+        logger.debug('Attempting to start Reporter thread') unless running?
+        true
+      end
+
+      def start_thread!
+        return if running?
+
+        @_thread = Contrast::Agent::Thread.new do
+          logger.debug('Starting background Reporter thread.')
+          event = queue.pop
+
+          begin
+            logger.debug('This is the current processed event', event)
+            client.send_event event, connection
+          rescue StandardError => e
+            logger.error('Could not send message to service from Reporter queue.', e)
+          end
+        end
+      end
+
+      def send_event event
+        if ::Contrast::AGENT.disabled?
+          logger.warn('Attempted to queue event with Agent disabled', caller: caller, event: event)
+          return
+        end
+
+        return unless cs__class.enabled?
+
+        logger.debug('Enqueued event for sending', event_type: event.cs__class)
+
+        result = queue << event if event
+        return result unless ::Contrast::API.request_audit_enable
+
+        audit&.audit_event(event)
+        result
+      end
+
+      # Use this to bypass the messaging queue and leave response processing to the caller
+      def send_event_immediately event
+        if ::Contrast::AGENT.disabled?
+          logger.warn('Reporter attempted to send event immediately with Agent disabled', caller: caller, event: event)
+          return
+        end
+        response_data = client.send_event event, connection, true
+        if response_data.status == 200
+          # handle_response
+          client.send(:handle_response, event, response_data, connection)
+        end
+
+        return unless ::Contrast::API.request_audit_enable
+
+        audit&.audit_event(event, response_data)
+        response_data
+      rescue StandardError => e
+        logger.error('Could not send message to service from Reporter queue.', e)
+      end
+
+      def delete_queue!
+        @_queue&.clear
+        @_queue&.close
+        @_queue = nil
+      end
+
+      def stop!
+        return unless running?
+
+        super
+        delete_queue!
+      end
+
+      private
+
+      def queue
+        @_queue ||= Queue.new
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/finding.rb

@@ -0,0 +1,90 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'json'
+require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/reporting_event'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new Findings class which will include all the needed information
+      # for the new reporting system
+      class Finding < Contrast::Agent::Reporting::ReportingEvent
+        attr_accessor :events, :properties, :request, :hash_code
+        attr_reader :rule_id
+
+        def initialize rule_id
+          super
+          @event_type = :report_vulnerability
+          @events = []
+          @platform = Contrast::Utils::ObjectShare::RUBY
+          @rule_id = Contrast::Utils::StringUtils.truncate(rule_id)
+          @properties = {}
+        end
+
+        def attach_data trigger_node, source, object, ret, request, *args
+          @events << Contrast::Agent::Assess::Events::EventFactory.build(trigger_node, source, object, ret, args)
+          @request = request
+          from_properties source, @events
+          attach_routes request
+        end
+
+        def to_controlled_hash **_args
+          validate
+          {
+              platform: @platform,
+              ruleId: @rule_id,
+              request: request,
+              properties: properties,
+              events: events,
+              routes: routes
+          }
+        end
+
+        def validate
+          raise(ArgumentError, "#{ self } did not have a proper platform. Unable to continue.") unless @platform
+          raise(ArgumentError, "#{ self } did not have a proper rule. Unable to continue.") unless @rule_id
+          raise(ArgumentError, "#{ self } did not have proper events. Unable to continue.") if events.empty?
+          raise(ArgumentError, "#{ self } did not have proper properties. Unable to continue.") if properties.empty?
+          raise(ArgumentError, "#{ self } did not have a proper request. Unable to continue.") unless request
+
+          nil
+        end
+
+        private
+
+        def from_properties source, events
+          return unless source
+          return unless Contrast::Agent::Assess::Tracker.trackable?(source)
+
+          properties = Contrast::Agent::Assess::Tracker.properties(source)
+
+          build_events events, properties.event if properties.event
+          @properties = properties if properties
+        end
+
+        def build_events events, event
+          return unless event
+
+          event.parent_events&.each do |parent_event|
+            build_events(events, parent_event)
+          end
+
+          events << event
+        end
+
+        def attach_routes request
+          context = Contrast::Agent::REQUEST_TRACKER.current
+          if context
+            @routes << context.route if context.route
+          elsif request&.route
+            @routes << request.route
+          elsif request&.path
+            @routes << request.path
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/preflight.rb

@@ -0,0 +1,25 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/reporting_events/reporting_event'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This class here will hold the needed preflights we will send for certain trace/traces
+      class Preflight < Contrast::Agent::Reporting::ReportingEvent
+        attr_accessor :messages
+
+        def initialize
+          super
+          @event_type = :preflight
+          @messages = []
+        end
+
+        def to_controlled_hash **_args
+          { messages: @messages }
+        end
+      end
+    end
+  end
+end