contrast-agent 4.12.0 → 4.14.1

data/lib/contrast/agent/request_context.rb

@@ -7,6 +7,8 @@ require 'contrast/agent/response'
 require 'contrast/agent/inventory/database_config'
 require 'contrast/components/logger'
 require 'contrast/components/scope'
+require 'contrast/utils/request_utils'
+require 'contrast/agent/request_context_extend'
 
 module Contrast
   module Agent
@@ -27,6 +29,8 @@ module Contrast
     class RequestContext
       include Contrast::Components::Logger::InstanceMethods
       include Contrast::Components::Scope::InstanceMethods
+      include Contrast::Utils::RequestUtils
+      include Contrast::Agent::RequestContextExtend
 
       EMPTY_INPUT_ANALYSIS_PB = Contrast::Api::Settings::InputAnalysis.new
 
@@ -100,98 +104,6 @@ module Contrast
         ::Contrast::ASSESS.enabled?
       end
 
-      # Convert the discovered route for this request to appropriate forms and disseminate it to those locations
-      # where it is necessary for our route coverage and finding vulnerability discovery features to function.
-      #
-      # @param route [Contrast::Api::Dtm::RouteCoverage, nil] the route of the current request, as determined from the
-      #   framework
-      def append_route_coverage route
-        return unless route
-
-        # For our findings
-        @route = route
-
-        # For SR findings
-        @activity.routes << route
-
-        # For TS routes
-        @observed_route.signature  = route.route
-        @observed_route.verb       = route.verb
-        @observed_route.url        = route.url if route.url
-        @request.route = route
-        @request.observed_route = @observed_route
-      end
-
-      # Collect the results for the given rule with the given action
-      #
-      # @param rule [String] the id of the rule to which the results apply
-      # @param response_type [Symbol] the result of the response, matching a value of
-      #   Contrast::Api::Dtm::AttackResult::ResponseType
-      # @return [Array<Contrast::Api::Dtm::AttackResult>]
-      def results_for rule, response_type = nil
-        if response_type.nil?
-          activity.results.select { |r| r.rule_id == rule }
-        else
-          activity.results.select { |r| r.rule_id == rule && r.response == response_type }
-        end
-      end
-
-      def service_extract_request
-        return false unless ::Contrast::AGENT.enabled?
-        return false unless ::Contrast::PROTECT.enabled?
-        return false if @do_not_track
-
-        service_response = Contrast::Agent.messaging_queue.send_event_immediately(@activity.http_request)
-        return false unless service_response
-
-        handle_protect_state(service_response)
-        ia = service_response.input_analysis
-        if ia
-          if logger.trace?
-            logger.trace('Analysis from Contrast Service', evaluations: ia.results.length)
-            logger.trace('Results', input_analysis: ia.inspect)
-          end
-          @speedracer_input_analysis = ia
-          speedracer_input_analysis.request = request
-        else
-          logger.trace('Analysis from Contrast Service was empty.')
-          false
-        end
-      rescue Contrast::SecurityException => e
-        raise e
-      rescue StandardError => e
-        logger.warn('Unable to extract Contrast Service information from request', e)
-        false
-      end
-
-      # NOTE: this method is only used as a backstop if Speedracer sends Input Evaluations when the protect state
-      # indicates a security exception should be thrown. This method ensures that the attack reports are generated.
-      # Normally these should be generated on Speedracer for any attacks detected during prefilter.
-      #
-      # @param agent_settings [Contrast::Api::Settings::AgentSettings]
-      def handle_protect_state agent_settings
-        return unless agent_settings&.protect_state
-
-        state = agent_settings.protect_state
-        @uuid = state.uuid
-        @do_not_track = true unless state.track_request
-        return unless state.security_exception
-
-        # If Contrast Service has NOT handled the input analysis, handle them here
-        build_attack_results(agent_settings)
-        logger.debug('Contrast Service said to block this request')
-        raise Contrast::SecurityException.new(nil, (state.security_message || 'Blocking suspicious behavior'))
-      end
-
-      # append anything we've learned to the request seen message this is the sum-total of all inventory information
-      # that has been accumulated since the last request
-      def extract_after rack_response
-        @response = Contrast::Agent::Response.new(rack_response)
-        activity.http_response = @response.dtm if @sample_res
-      rescue StandardError => e
-        logger.error('Unable to extract information after request', e)
-      end
-
       def add_property key, value
         @_properties[key] = value
       end
@@ -205,42 +117,6 @@ module Contrast
         @server_activity = Contrast::Api::Dtm::ServerActivity.new
         @observed_route = Contrast::Api::Dtm::ObservedRoute.new
       end
-
-      private
-
-      # Generate attack results directly from any evaluations on the agent settings object.
-      #
-      # @param agent_settings [Contrast::Api::Settings::AgentSettings]
-      def build_attack_results agent_settings
-        return unless agent_settings&.input_analysis&.results&.any?
-
-        attack_results_by_rule = {}
-        agent_settings.input_analysis.results.each do |ia_result|
-          rule_id = ia_result.rule_id
-          rule = ::Contrast::PROTECT.rule(rule_id)
-          next unless rule
-
-          if logger.debug?
-            logger.debug('Building attack result from Contrast Service input analysis result',
-                         result: ia_result.inspect)
-          end
-
-          attack_result = if rule.mode == :BLOCK
-                            # special case for rules (like reflected xss) that used to have an infilter / block mode
-                            # but now are just block at perimeter
-                            rule.build_attack_with_match(self, ia_result, attack_results_by_rule[rule_id],
-                                                         ia_result.value)
-                          else
-                            rule.build_attack_without_match(self, ia_result, attack_results_by_rule[rule_id])
-                          end
-          attack_results_by_rule[rule_id] = attack_result
-        end
-
-        attack_results_by_rule.each_pair do |_, attack_result|
-          logger.info('Blocking attack result', rule: attack_result.rule_id)
-          activity.results << attack_result
-        end
-      end
     end
   end
 end

data/lib/contrast/agent/request_context_extend.rb

@@ -0,0 +1,138 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    # This class extends RequestContexts: this class acts to encapsulate information about the currently
+    # executed request, making it available to the Agent for the duration of the request in a standardized
+    # and normalized format which the Agent understands.
+    module RequestContextExtend
+      BUILD_ATTACK_LOGGER_MESSAGE = 'Building attack result from Contrast Service input analysis result'
+      # Convert the discovered route for this request to appropriate forms and disseminate it to those locations
+      # where it is necessary for our route coverage and finding vulnerability discovery features to function.
+      #
+      # @param route [Contrast::Api::Dtm::RouteCoverage, nil] the route of the current request, as determined from the
+      #   framework
+      def append_route_coverage route
+        return unless route
+
+        # For our findings
+        @route = route
+
+        # For SR findings
+        @activity.routes << route
+
+        # For TS routes
+        @observed_route.signature  = route.route
+        @observed_route.verb       = route.verb
+        @observed_route.url        = route.url if route.url
+        @request.route = route
+        @request.observed_route = @observed_route
+      end
+
+      # Collect the results for the given rule with the given action
+      #
+      # @param rule [String] the id of the rule to which the results apply
+      # @param response_type [Symbol] the result of the response, matching a value of
+      #   Contrast::Api::Dtm::AttackResult::ResponseType
+      # @return [Array<Contrast::Api::Dtm::AttackResult>]
+      def results_for rule, response_type = nil
+        if response_type.nil?
+          activity.results.select { |r| r.rule_id == rule }
+        else
+          activity.results.select { |r| r.rule_id == rule && r.response == response_type }
+        end
+      end
+
+      def service_extract_request
+        return false unless ::Contrast::AGENT.enabled?
+        return false unless ::Contrast::PROTECT.enabled?
+        return false if @do_not_track
+
+        service_response = Contrast::Agent.messaging_queue.send_event_immediately(@activity.http_request)
+        return false unless service_response
+
+        handle_protect_state(service_response)
+        ia = service_response.input_analysis
+        if ia
+          if logger.trace?
+            logger.trace('Analysis from Contrast Service', evaluations: ia.results.length)
+            logger.trace('Results', input_analysis: ia.inspect)
+          end
+          @speedracer_input_analysis = ia
+          speedracer_input_analysis.request = request
+        else
+          logger.trace('Analysis from Contrast Service was empty.')
+          false
+        end
+      rescue Contrast::SecurityException => e
+        raise e
+      rescue StandardError => e
+        logger.warn('Unable to extract Contrast Service information from request', e)
+        false
+      end
+
+      # NOTE: this method is only used as a backstop if Speedracer sends Input Evaluations when the protect state
+      # indicates a security exception should be thrown. This method ensures that the attack reports are generated.
+      # Normally these should be generated on Speedracer for any attacks detected during prefilter.
+      #
+      # @param agent_settings [Contrast::Api::Settings::AgentSettings]
+      def handle_protect_state agent_settings
+        return unless agent_settings&.protect_state
+
+        state = agent_settings.protect_state
+        @uuid = state.uuid
+        @do_not_track = true unless state.track_request
+        return unless state.security_exception
+
+        # If Contrast Service has NOT handled the input analysis, handle them here
+        build_attack_results(agent_settings)
+        logger.debug('Contrast Service said to block this request')
+        raise Contrast::SecurityException.new(nil, (state.security_message || 'Blocking suspicious behavior'))
+      end
+
+      # append anything we've learned to the request seen message this is the sum-total of all inventory information
+      # that has been accumulated since the last request
+      def extract_after rack_response
+        @response = Contrast::Agent::Response.new(rack_response)
+        activity.http_response = @response.dtm if @sample_res
+      rescue StandardError => e
+        logger.error('Unable to extract information after request', e)
+      end
+
+      private
+
+      # Generate attack results directly from any evaluations on the agent settings object.
+      #
+      # @param agent_settings [Contrast::Api::Settings::AgentSettings]
+      def build_attack_results agent_settings
+        return unless agent_settings&.input_analysis&.results&.any?
+
+        results_by_rule = {}
+        agent_settings.input_analysis.results.each do |ia_result|
+          rule_id = ia_result.rule_id
+          rule = ::Contrast::PROTECT.rule(rule_id)
+          next unless rule
+
+          logger.debug(BUILD_ATTACK_LOGGER_MESSAGE, result: ia_result.inspect) if logger.debug?
+          results_by_rule[rule_id] = attack_result rule, rule_id, ia_result, results_by_rule
+        end
+
+        results_by_rule.each_pair do |_, attack_result|
+          logger.info('Blocking attack result', rule: attack_result.rule_id)
+          activity.results << attack_result
+        end
+      end
+
+      def attack_result rule, rule_id, ia_result, results_by_rule
+        @_attack_result = if rule.mode == :BLOCK
+                            # special case for rules (like reflected xss) that used to have an infilter / block mode
+                            # but now are just block at perimeter
+                            rule.build_attack_with_match(self, ia_result, results_by_rule[rule_id], ia_result.value)
+                          else
+                            rule.build_attack_without_match(self, ia_result, results_by_rule[rule_id])
+                          end
+      end
+    end
+  end
+end

data/lib/contrast/agent/request_handler.rb

@@ -6,19 +6,23 @@ require 'contrast/components/scope'
 
 module Contrast
   module Agent
-    # This class is instantiated when we receive a request and the agent is enabled to process
-    # that request. It holds the ruleset that we perform filtering operations on (currently
-    # prefilter and postfilter).
+    # This class is instantiated when we receive a request and the agent is enabled to process that request. It holds
+    # the ruleset that we perform filtering operations on (currently prefilter and postfilter).
     class RequestHandler
       include Contrast::Components::Logger::InstanceMethods
 
       attr_reader :ruleset, :context
 
+      # @param context [Contrast::Agent::RequestContext] the context of the request for which this handler applies
       def initialize context
         @context = context
         @ruleset = ::Contrast::AGENT.ruleset
       end
 
+      # TODO: RUBY-1353
+      # TODO: RUBY-1355
+      # TODO: RUBY-1357
+      # TODO: RUBY-1358
       def send_activity_messages
         Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.generate_library_usage(context.activity)
         [context.server_activity, context.activity, context.observed_route].each do |message|

data/lib/contrast/agent/response.rb

@@ -8,6 +8,7 @@ require 'contrast/utils/object_share'
 require 'contrast/utils/string_utils'
 require 'contrast/utils/hash_digest'
 require 'contrast/components/logger'
+require 'contrast/utils/response_utils'
 
 module Contrast
   module Agent
@@ -17,6 +18,7 @@ module Contrast
     # order to avoid repeatedly creating Strings & thrashing GC.
     class Response
       include Contrast::Components::Logger::InstanceMethods
+      include Contrast::Utils::ResponseUtils
 
       extend Forwardable
 
@@ -88,79 +90,6 @@ module Contrast
         body_content = @is_array ? rack_response[2] : rack_response.body
         extract_body(body_content)
       end
-
-      private
-
-      # From the dtm for normalized_response_headers:
-      #   Key is UPPERCASE_UNDERSCORE
-      #
-      #   Example: Content-Type: text/html; charset=utf-8
-      #   "CONTENT_TYPE" => Content-Type,["text/html; charset=utf8"]
-      def append_pair map, key, value
-        return unless key && value
-        return if value.is_a?(Hash)
-
-        safe_key = Contrast::Utils::StringUtils.force_utf8(key)
-        hash_key = Contrast::Utils::StringUtils.normalized_key(safe_key)
-        map[hash_key] ||= Contrast::Api::Dtm::Pair.new
-        map[hash_key].key = safe_key
-        map[hash_key].values << Contrast::Utils::StringUtils.force_utf8(value)
-      end
-
-      HTTP_PREFIX = /^[Hh][Tt][Tt][Pp][_-]/i.cs__freeze
-
-      # Given some holder of the content of the response's body, extract that
-      # content and return it as a String
-      #
-      # @param body [String, Rack::File, Rack::BodyProxy,
-      #   ActionDispatch::Response::RackBody, Rack::Response] Something that
-      #   holds, wraps, or is the body of the Response
-      # @return [nil, String] the content of the body
-      def extract_body body
-        return unless body
-
-        if defined?(Rack::File) && body.is_a?(Rack::File)
-          # not sure what to do in this situation, so don't do anything.
-          nil
-        elsif body.is_a?(Rack::BodyProxy)
-          handle_rack_body_proxy(body)
-        elsif (defined?(ActionDispatch::Response::RackBody) && body.is_a?(ActionDispatch::Response::RackBody)) ||
-              body.is_a?(Rack::Response)
-
-          extract_body(body.body)
-        elsif Contrast::Utils::DuckUtils.quacks_to?(body, :each)
-          acc = []
-          body.each { |tmp| acc << read_or_string(tmp) }
-          acc.compact.join(Contrast::Utils::ObjectShare::NEW_LINE)
-        elsif ActionView::OutputBuffer
-          # https://stackoverflow.com/questions/15654676/how-to-convert-activesupportsafebuffer-to-string
-          body.to_str
-        else
-          read_or_string(body)
-        end
-      end
-
-      def handle_rack_body_proxy body
-        next_body = body.instance_variable_get(:@body)
-        case next_body
-        when Array
-          extract_body(next_body[0])
-        else
-          extract_body(next_body)
-        end
-      end
-
-      def read_or_string obj
-        return unless obj
-
-        if Contrast::Utils::DuckUtils.quacks_to?(obj, :read)
-          tmp = obj.read
-          obj.rewind
-          tmp
-        else
-          obj.to_s
-        end
-      end
     end
   end
 end

data/lib/contrast/agent/startup_metrics_telemetry_event.rb

@@ -0,0 +1,94 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/metrics_hash'
+require 'contrast/agent/metric_telemetry_event'
+require 'contrast/agent/version'
+require 'contrast/utils/os'
+
+module Contrast
+  module Agent
+    # This class will hold the Startup Metrics Telemetry Event
+    # The class will include initialization of the agent version, language version
+    # os type, arch and version
+    # application framework and version and server framework
+    # It will be initialized and send in Middleware#agent_startup_routine
+    class StartupMetricsTelemetryEvent < Contrast::Agent::MetricTelemetryEvent
+      include Contrast::Utils::OS
+
+      APP_AND_SERVER_DATA = ::Contrast::APP_CONTEXT.app_and_server_information.cs__freeze
+      # Multi-tenant Production Environments
+      SAAS_DEFAULT = { addr: 'app.contrastsecurity.com', type: 'SAAS_DEFAULT' }.cs__freeze
+      SAAS_CS = { addr: /cs[[:digit:]]+\.contrastsecurity\.com/, type: 'SAAS_DEFAULT' }.cs__freeze
+      SAAS_JP = { addr: 'app.contrastsecurity.jp', type: 'SAAS_DEFAULT' }.cs__freeze
+      SAAS_CE = { addr: 'ce.contrastsecurity.com', type: 'SAAS_CE' }.cs__freeze
+      # Multi-tenant Demo Environments
+      SAAS_DEMO = { addr: 'apptwo.contrastsecurity.com', type: 'SAAS_DEMO' }.cs__freeze
+      SAAS_POV = { addr: 'eval.contrastsecurity.com', type: 'SAAS_POV' }.cs__freeze
+      # Multi-tenant Testing Environment
+      SAAS_RESEARCH = { addr: 'security-research.contrastsecurity.com', type: 'SAAS_RESEARCH' }.cs__freeze
+      SAAS_ALPHA = { addr: 'alpha.contrastsecurity.com', type: 'SAAS_ALPHA' }.cs__freeze
+      SAAS_STAGING = { addr: 'teamserver-staging.contsec.com', type: 'SAAS_TESTING' }.cs__freeze
+      SAAS_STAGING_TOKYO = { addr: 'teamserver-staging.contsec.jp', type: 'SAAS_TESTING' }.cs__freeze
+      SAAS_TESTING = { addr: 'teamserver-darpa.contsec.com', type: 'SAAS_TESTING' }.cs__freeze
+      SAAS_OPS_TESTING = { addr: 'teamserver-ops.contsec.com', type: 'SAAS_TESTING' }.cs__freeze
+      # Fallback for Single-tenant Production Environments
+      SAAS_CUSTOM = { addr: 'contrastsecurity.com', type: 'SAAS_CUSTOM' }.cs__freeze
+      SAAS_CUSTOM_JP = { addr: 'contrastsecurity.jp', type: 'SAAS_CUSTOM' }.cs__freeze
+
+      SINGLE_MAP_TENANTS = [
+        SAAS_DEFAULT, SAAS_JP, SAAS_CE, SAAS_DEMO, SAAS_POV, SAAS_RESEARCH, SAAS_ALPHA,
+        SAAS_STAGING, SAAS_STAGING_TOKYO, SAAS_TESTING, SAAS_OPS_TESTING
+      ].cs__freeze
+      REGEXP_MAP_TENANTS = [SAAS_CS].cs__freeze
+      FALLBACK_TENANTS = [SAAS_CUSTOM, SAAS_CUSTOM_JP].cs__freeze
+      # Fallback for Custom, most likely self-hosted, Environments
+      EOP = 'EOP'
+
+      def initialize
+        super
+        add_tags
+      end
+
+      def path
+        '/startup'
+      end
+
+      def add_tags
+        @tags['teamserver'] = teamserver_type
+        @tags['agent_version'] = VERSION
+        @tags['ruby_version'] = RUBY_VERSION
+        @tags['os_type'] = sys_info['os_type'] == 'Darwin' ? 'MacOS' : 'Linux'
+        @tags['os_arch'] = sys_info['os_arch']
+        @tags['os_version'] = sys_info['os_version']
+        @tags['app_framework_and_version'] = APP_AND_SERVER_DATA[:application_info].to_s
+        @tags['server_framework_and_version'] = APP_AND_SERVER_DATA[:server_info].to_s
+      end
+
+      def sys_info
+        @sys_info ||= get_system_information if @sys_info.nil?
+        @sys_info
+      end
+
+      private
+
+      # Here we extract the TeamServer url type
+      #
+      # @return [String] the type of TeamServer environment to which we're connecting
+      def teamserver_type
+        @_teamserver_type ||= begin
+          url = Contrast::API.api_url
+          if (single = SINGLE_MAP_TENANTS.find { |tenant| url.include?(tenant[:addr]) })
+            single[:type]
+          elsif (regexp = REGEXP_MAP_TENANTS.find { |tenant| tenant[:addr].match?(url) })
+            regexp[:type]
+          elsif (fallback = FALLBACK_TENANTS.find { |tenant| url.include?(tenant[:addr]) })
+            fallback[:type]
+          else
+            EOP
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/static_analysis.rb

@@ -10,12 +10,12 @@ module Contrast
     # this module handles one time static analysis tasks
     class StaticAnalysis
       include Singleton
-      include Contrast::Components::Logger::InstanceMethods
       include Contrast::Components::Scope::InstanceMethods
+      extend Contrast::Components::Logger::InstanceMethods
 
       class << self
-        # After the first request is complete, we do a one-time manual catchup to review and
-        # report the already-loaded gems.
+        # After the first request is complete, we do a one-time manual catchup to review and report the already-loaded
+        # gems.
         def catchup
           @_catchup ||= begin
             threaded_analysis!
@@ -23,6 +23,8 @@ module Contrast
           end
         end
 
+        # TODO: RUBY-1354
+        # TODO: RUBY-1356
         def send_inventory_message
           return unless ::Contrast::INVENTORY.enabled?
 

data/lib/contrast/agent/telemetry.rb

@@ -0,0 +1,137 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/config/env_variables'
+require 'contrast/components/logger'
+require 'contrast/utils/telemetry_client'
+require 'contrast/agent/worker_thread'
+require 'contrast/utils/telemetry'
+
+module Contrast
+  module Agent
+    # This class will initialize and hold everything needed for the telemetry
+    class Telemetry < WorkerThread
+      include Contrast::Components::Logger::InstanceMethods
+      # this is where we will send the data from the agents
+      URL = 'https://telemetry.ruby.contrastsecurity.com/'
+      # Suggested timeout after each send is to be 3 hours (10800 seconds)
+      SUGGESTED_TIMEOUT = 10_800
+
+      class << self
+        include Contrast::Components::Logger::InstanceMethods
+        include Contrast::Config::EnvVariables
+
+        def application_id
+          @_application_id ||= begin
+            id = nil
+            mac = Contrast::Utils::Telemetry::Identifier.mac
+            app_name = Contrast::Utils::Telemetry::Identifier.app_name
+            id = mac + app_name if mac && app_name
+            Digest::SHA2.new(256).hexdigest(id || ('_' + SecureRandom.uuid))
+          end
+        end
+
+        def instance_id
+          @_instance_id ||= Digest::SHA2.new(256).hexdigest(Contrast::Utils::Telemetry::Identifier.mac ||
+                                                                  ('_' + SecureRandom.uuid))
+        end
+
+        def enabled?
+          @_enabled = telemetry_enabled? if @_enabled.nil?
+          @_enabled
+        end
+
+        private
+
+        def telemetry_enabled?
+          opt_out_telemetry = return_value(:telemetry_opt_outs)
+          return false if opt_out_telemetry.to_s.casecmp('true').zero?
+          return false if opt_out_telemetry.to_s.casecmp('1').zero?
+
+          # In case of connection error, do not create the background thread or queue,
+          # as if the opt-out env var was set
+          @_client = Contrast::Utils::TelemetryClient.new
+          ip_opt_out_telemetry = @_client.initialize_connection(URL)
+          if ip_opt_out_telemetry.nil?
+            logger.warn('Connection was not established properly!!!')
+            logger.warn('THE SERVICE IS GOING TO BE TERMINATED!!')
+            return false
+          end
+
+          true
+        end
+      end
+
+      def client
+        @_client ||= Contrast::Utils::TelemetryClient.new
+      end
+
+      def connection
+        @_connection ||= client.initialize_connection(URL)
+      end
+
+      def attempt_to_start?
+        unless cs__class.enabled?
+          logger.warn('Telemetry service is disabled!')
+          return false
+        end
+
+        logger.debug('Attempting to start telemetry thread') unless running?
+        true
+      end
+
+      def start_thread!
+        return if running?
+
+        # It is recommended that implementations send a single payload of
+        # general metrics every 3 hours, starting from implementation startup.
+        @_thread = Contrast::Agent::Thread.new do
+          logger.debug('Starting background telemetry thread.')
+          event = queue.pop
+
+          begin
+            logger.debug('This is the current processed event', event)
+            res = client.send_request event, connection
+            sleep_time = client.handle_response res
+            sleep(sleep_time) unless sleep_time.nil?
+          rescue StandardError => e
+            logger.error('Could not send message to service from telemetry queue.', e)
+          end
+          sleep(SUGGESTED_TIMEOUT)
+        end
+      end
+
+      def send_event event
+        if ::Contrast::AGENT.disabled?
+          logger.warn('Attempted to queue event with Agent disabled', caller: caller, event: event)
+          return
+        end
+
+        return unless cs__class.enabled?
+
+        logger.debug('Enqueued event for sending', event_type: event.cs__class)
+
+        queue << event if event
+      end
+
+      def delete_queue!
+        @_queue&.clear
+        @_queue&.close
+        @_queue = nil
+      end
+
+      def stop!
+        return unless running?
+
+        super
+        delete_queue!
+      end
+
+      private
+
+      def queue
+        @_queue ||= Queue.new
+      end
+    end
+  end
+end