contrast-agent 4.13.1 → 4.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 96cff410085a542c1003dda242268f349bc20f738b82bde70725b695661a79bc
-  data.tar.gz: 2a5d703693f697785034df1f602ef0f61241ae16edf11dbd174ad9a8da01b72c
+  metadata.gz: 2fd48ab0d63bb36fd51e032c360b2ffebe0c387a57e2b70a5e025c1af9667bfb
+  data.tar.gz: 7aaf091b2e3fd2ced8c8b11708db4a8e216bf55b7499fc235940e93ebff2ef1a
 SHA512:
-  metadata.gz: 409632acc3352b7c172a1aa12c9f5de482b5e5c3c0307b0732c48c7b8cf8d56c5ef5a4c039a0c866dd0c1ea31340b21ee8e4bcc0f2c4c4fdea9cd4fffcbaa212
-  data.tar.gz: 17b56ee4355a472b637cf1f9059f1bfce01319351713fc3b35e744bc3afad3d4f068cf77dd474032193249cb8f178141d7d7da2aa7b4d2f3a0cc2158e1c55d0c
+  metadata.gz: 56fbdd193cc27bcd7e21fe5c4f237276c616e4633344db18b6f27e7e73c99979131cbb9922a2d0cf947c0b666dd3a0d5098b120a805d8cf7b52bc73c6becc535
+  data.tar.gz: dce071438c0f996567c9867b4ab59900d2225fc3afc59887ffbd850705981f59f228360899084711fe88c9d566e33cdb20f3d5a9127b30efaa0c689274c84159

data/.simplecov

@@ -4,5 +4,6 @@
 SimpleCov.minimum_coverage line: 94.75
 SimpleCov.start do
   add_filter '/spec/'
+  add_filter '/lib/contrast/extension/assess/erb.rb'
   enable_coverage :branch
 end

data/lib/contrast/agent/assess/policy/policy_node.rb

@@ -135,14 +135,14 @@ module Contrast
 
             converted = []
             markers.split(Contrast::Utils::ObjectShare::COMMA).each do |t|
-              case t
-              when Contrast::Utils::ObjectShare::OBJECT_KEY,
+              converted << case t
+                           when Contrast::Utils::ObjectShare::OBJECT_KEY,
                    Contrast::Utils::ObjectShare::RETURN_KEY
 
-                converted << t
-              else
-                converted << Integer(t[1..-1])
-              end
+                             t
+                           else
+                             Integer(t[1..-1])
+                           end
             end
             converted
           end

data/lib/contrast/agent/assess/policy/policy_scanner.rb

@@ -32,8 +32,13 @@ module Contrast
               mod = trace_point.self
               return if mod.cs__frozen? || mod.singleton_class?
 
+              different_ruby_version trace_point, provider_values, mod
+            end
+
+            def different_ruby_version trace_point, provider_values, mod
               # TODO: RUBY-1014 - remove non-AST approach
               if RUBY_VERSION >= '2.6.0'
+                # TODO: RUBY-714 EOL 2.5. That check will be removed and the code will be brought back in here.
                 ast = RubyVM::AbstractSyntaxTree.parse_file(trace_point.path)
                 provider_values.each do |provider|
                   provider.parse(trace_point, ast)

data/lib/contrast/agent/assess/policy/propagator/center.rb

@@ -24,7 +24,7 @@ module Contrast
                 end
 
                 # find original in the target, copy tags to the new position in target
-                original_start_index = target[0..target.length / 2 + 1].rindex(source1)
+                original_start_index = target[0..(target.length / 2) + 1].rindex(source1)
                 original_start_index ||= 1
                 properties.copy_from(source1, target, original_start_index, propagation_node.untags)
 

data/lib/contrast/agent/assess/policy/propagator/substitution.rb

@@ -3,6 +3,7 @@
 
 require 'contrast/components/logger'
 require 'contrast/utils/duck_utils'
+require 'contrast/utils/substitution_utils'
 
 module Contrast
   module Agent
@@ -17,9 +18,7 @@ module Contrast
           class Substitution
             include Contrast::Components::Logger::InstanceMethods
             extend Contrast::Components::Logger::InstanceMethods
-
-            CAPTURE_GROUP_REGEXP = /\\[[:digit:]]/.cs__freeze
-            CAPTURE_NAME_REGEXP = /\\k<[[:alpha:]]/.cs__freeze
+            extend Contrast::Utils::SubstitutionUtils
 
             class << self
               # gsub is hard. there are four versions of this method
@@ -38,157 +37,6 @@ module Contrast
               def sub_tagger patcher, preshift, ret, block
                 substitution_tagger(patcher, preshift, ret, !block.nil?, false)
               end
-
-              private
-
-              def substitution_tagger patcher, preshift, ret, block, global = true
-                return ret unless ret
-
-                begin
-                  source = preshift.object
-                  self_tracked = Contrast::Agent::Assess::Tracker.tracked?(source)
-                  args = preshift.args[1]
-                  incoming_tracked = args && determine_tracked(args)
-                  return ret unless self_tracked || incoming_tracked
-
-                  parent_events = []
-                  if block
-                    block_sub(self_tracked, source, ret)
-                  elsif args.is_a?(String)
-                    string_sub(parent_events, self_tracked, preshift, ret, args, incoming_tracked, global)
-                  elsif args.is_a?(Hash)
-                    hash_sub(self_tracked, source, ret)
-                  else # Enumerator, only for gsub
-                    pattern_gsub(parent_events, preshift, ret)
-                  end
-
-                  if self_tracked
-                    source_properties = Contrast::Agent::Assess::Tracker.properties(source)
-                    parent_event = source_properties&.event
-                    parent_events.prepend(parent_event) if parent_event
-                  end
-                  string_build_event(parent_events, patcher, preshift, ret)
-                rescue StandardError => e
-                  logger.error('Unable to apply gsub propagator', e)
-                end
-                ret
-              end
-
-              def determine_tracked args
-                # if there's no arg, it can't be tracked
-                return false unless args
-
-                # if it's a string, just ask if it's tracked
-                case args
-                when String
-                  Contrast::Agent::Assess::Tracker.tracked?(args)
-                  # if it's a hash, ask if it has a tracked string
-                when Hash
-                  args.values.any? { |value| value.is_a?(String) && Contrast::Agent::Assess::Tracker.tracked?(value) }
-                  # this should never happen
-                else
-                  false
-                end
-              end
-
-              def string_sub parent_events, self_tracked, preshift, ret, incoming, incoming_tracked, global
-                return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
-
-                incoming_properties = Contrast::Agent::Assess::Tracker.properties(incoming)
-                parent_events << incoming_properties&.event if incoming_properties&.event
-
-                source = preshift.object
-
-                # We can't efficiently find the places that things were
-                # copied from regexp / captures. Trading accuracy for
-                # performance
-                if incoming.match?(CAPTURE_GROUP_REGEXP) || incoming.match?(CAPTURE_NAME_REGEXP)
-                  properties.splat_from(source, ret) if self_tracked
-                  return
-                end
-
-                # if it's just a straight insert, that we can do
-                # Copy the tags from us to the return
-                ranges = find_string_sub_insert(properties, preshift, incoming, ret, global)
-
-                properties.delete_tags_at_ranges(ranges)
-                properties.shift_tags(ranges)
-                return unless incoming_tracked
-                return unless incoming_properties
-
-                tags = incoming_properties.tag_keys
-                ranges.each do |range|
-                  tags.each do |tag|
-                    properties.add_tag(tag, range)
-                  end
-                end
-              end
-
-              # Find the points at which the new String was placed into the original
-              #
-              # @param properties [Contrast::Agent::Assess::Properties] the Properties of the ret
-              # @param preshift [Contrast::Agent::Assess::PreShift] the capture of the state of the code just prior to
-              #   the invocation of the patched method
-              # @param incoming [String] the new String going into the substitution
-              # @param ret [String] the result of the substitution
-              # @param global [Boolean] if this was a global or single substitution
-              # @return [Array<Range>] the Ranges where substitution occurred
-              def find_string_sub_insert properties, preshift, incoming, ret, global
-                pattern = preshift.args[0]
-                source = preshift.object
-
-                properties.copy_from(source, ret)
-                # Figure out where inserts occurred
-                last_idx = 0
-                ranges = []
-                # For each insert, move the tag ranges
-                while last_idx
-                  idx = source.index(pattern, last_idx)
-                  break unless idx
-
-                  last_idx = idx ? idx + 1 : nil
-                  start_index = idx
-                  end_index = idx + incoming.length
-                  ranges << (start_index...end_index)
-                  break unless global
-                end
-                ranges
-              end
-
-              def block_sub self_tracked, source, ret
-                return unless self_tracked
-
-                properties = Contrast::Agent::Assess::Tracker.properties!(ret)
-                properties&.splat_from(source, ret)
-              end
-
-              def hash_sub self_tracked, source, ret
-                return unless self_tracked
-
-                properties = Contrast::Agent::Assess::Tracker.properties!(ret)
-                properties&.splat_from(source, ret)
-              end
-
-              def pattern_gsub parent_events, preshift, ret
-                source = preshift.object
-                return unless (source_properties = Contrast::Agent::Assess::Tracker.properties(source))
-                return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
-
-                source_properties.tag_keys.each do |key|
-                  properties.add_tag(key, 0...1)
-                end
-                parent_event = source_properties.event
-                parent_events << parent_event if parent_event
-              end
-
-              def string_build_event parent_events, patcher, preshift, ret
-                return unless Contrast::Agent::Assess::Tracker.tracked?(ret)
-
-                properties = Contrast::Agent::Assess::Tracker.properties(ret)
-                args = preshift.args
-                properties.build_event(patcher, ret, preshift.object, ret, args, 2)
-                properties.event.instance_variable_set(:@_parent_events, parent_events)
-              end
             end
           end
         end

data/lib/contrast/agent/assess/policy/trigger_method.rb

@@ -7,6 +7,7 @@ require 'contrast/components/logger'
 require 'contrast/utils/object_share'
 require 'contrast/utils/sha256_builder'
 require 'contrast/utils/assess/trigger_method_utils'
+require 'contrast/agent/reporting/reporting_utilities/reporting_storage'
 
 module Contrast
   module Agent
@@ -16,7 +17,7 @@ module Contrast
         # Contrast::Agent::Assess::Policy::TriggerNode class. Each such method will call to this module just after
         # invocation in order to determine if the call was done safely. In those cases where it was not, a Finding
         # report is issued to the Service.
-        module TriggerMethod
+        module TriggerMethod # rubocop:disable Metrics/ModuleLength
           extend Contrast::Components::Logger::InstanceMethods
           extend Contrast::Utils::Assess::TriggerMethodUtils
 
@@ -52,6 +53,14 @@ module Contrast
               apply_trigger(trigger_node, source, object, ret, *args)
             end
 
+            def append_to_finding finding, trigger_node, source, object, ret, request, *args
+              finding.rule_id = Contrast::Utils::StringUtils.protobuf_safe_string(trigger_node.rule_id)
+              finding.version = determine_compliance_version(finding)
+              append_events(finding, trigger_node, source, object, ret, args)
+              append_route(finding, request)
+              append_hash(finding, source, request)
+            end
+
             # This converts the source of the finding, and the events leading up to it into a Finding
             #
             # @param trigger_node [Contrast::Agent::Assess::Policy::TriggerNode] the node to direct applying this
@@ -63,18 +72,21 @@ module Contrast
             # @return [Contrast::Api::Dtm::Finding, nil] the Contrast::Api::Dtm::Finding to send to TeamServer or
             #   nil if conditions were not met
             def build_finding trigger_node, source, object, ret, *args
+              content_type = Contrast::Agent::REQUEST_TRACKER.current&.response&.content_type
+
+              if content_type.nil? && trigger_node.collectable?
+                Contrast::Agent::FINDINGS.collect_finding trigger_node, source, object, ret, *args
+                return
+              end
+
               return unless Contrast::Agent::Assess::Policy::TriggerValidation.valid?(trigger_node, object, ret, args)
 
               request = find_request(source)
               return unless reportable?(request&.env)
 
+              handle_new_finding trigger_node, source, object, ret, request, *args
               finding = Contrast::Api::Dtm::Finding.new
-              finding.rule_id = Contrast::Utils::StringUtils.protobuf_safe_string(trigger_node.rule_id)
-
-              append_events(finding, trigger_node, source, object, ret, args)
-              append_route(finding, request)
-              append_hash(finding, source, request)
-              finding.version = determine_compliance_version(finding)
+              append_to_finding finding, trigger_node, source, object, ret, request, *args
               logger.trace('Finding created', node_id: trigger_node.id, source_id: source.__id__,
                                               rule: trigger_node.rule_id)
               report_finding(finding, request)
@@ -110,6 +122,31 @@ module Contrast
               Contrast::Agent.messaging_queue.send_event_eventually(activity)
             end
 
+            def handle_new_finding trigger_node, source, object, ret, request, *args
+              return unless Contrast::Agent::Reporter.enabled?
+
+              new_finding_and_reporting trigger_node, source, object, ret, request, *args
+            end
+
+            def new_finding_and_reporting trigger_node, source, object, ret, request, *args
+              # sent to reporter
+              # here we will generate new type of finding
+              ruby_finding = Contrast::Agent::Reporting::Finding.new trigger_node.rule_id
+              ruby_finding.attach_data trigger_node, source, object, ret, request, *args
+              hash_code = Contrast::Utils::HashDigest.generate_event_hash(ruby_finding, source, request)
+              ruby_finding.hash_code = hash_code
+              # save the current finding
+              Contrast::Agent::Reporting::ReportingStorage[hash_code] = ruby_finding
+
+              new_preflight = Contrast::Agent::Reporting::Preflight.new
+              new_preflight_message = Contrast::Agent::Reporting::PreflightMessage.new
+              new_preflight_message.routes << request
+              new_preflight_message.hash_code = hash_code
+              new_preflight_message.data = "#{ trigger_node.rule_id },#{ hash_code }"
+              new_preflight.messages << new_preflight_message
+              Contrast::Agent.reporter_queue.send_event_immediately(new_preflight)
+            end
+
             private
 
             def settings

data/lib/contrast/agent/assess/policy/trigger_node.rb

@@ -22,6 +22,10 @@ module Contrast
           JSON_RULE_NAME = 'name'
           JSON_CUSTOM_PATCH = 'custom_patch'
 
+          # Our list with rules to be collected and reported back when we have response
+          # from the application. Some rules rely on Content-Type validation.
+          COLLECTABLE_RULES = %w[reflected-xss].cs__freeze
+
           attr_reader :rule_id, :required_tags, :disallowed_tags, :good_value, :bad_value
 
           def initialize trigger_hash = {}, rule_hash = {}
@@ -67,6 +71,10 @@ module Contrast
             :TYPE_METHOD
           end
 
+          def collectable?
+            COLLECTABLE_RULES.include?(rule_id)
+          end
+
           def rule_disabled?
             ::Contrast::ASSESS.rule_disabled?(rule_id)
           end
@@ -160,8 +168,8 @@ module Contrast
             @disallowed_tags << LIMITED_CHARS
             @disallowed_tags << CUSTOM_ENCODED
             @disallowed_tags << CUSTOM_VALIDATED
-            @disallowed_tags << ENCODER_START + loud_name
-            @disallowed_tags << VALIDATOR_START + loud_name
+            @disallowed_tags << (ENCODER_START + loud_name)
+            @disallowed_tags << (VALIDATOR_START + loud_name)
           end
 
           def validate_rule_tags tags
@@ -200,14 +208,14 @@ module Contrast
               satisfied = tags_at.any? && required_tags.all? { |tag| tags_at.any? { |found| found.label == tag } }
               # if this range matches all the required tags and we're already
               # chunking, meaning the previous range matched, do nothing
-              if satisfied && chunking
-                start_range += 1
-                next
-              end
 
               # if we are satisfied and we were not chunking, this represents
               # the start of the next range, so create a new entry.
               if satisfied
+                if chunking
+                  start_range += 1
+                  next
+                end
                 ranges << Contrast::Agent::Assess::Tag.new('required', 0, start_range)
                 chunking = true
                 # if we are chunking and not satisfied, this represents the end

data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb

@@ -18,7 +18,7 @@ module Contrast
             # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/rules/dataflow/reflected_xss.md
             def self.valid? _patcher, _object, _ret, _args
               content_type = Contrast::Agent::REQUEST_TRACKER.current&.response&.content_type
-              return true unless content_type
+              return false unless content_type
 
               content_type = content_type.downcase
               SAFE_CONTENT_TYPES.none? { |safe_type| content_type.index(safe_type) }

data/lib/contrast/agent/assess/property/tagged.rb

@@ -24,29 +24,6 @@ module Contrast
             instance_variable_defined?(:@_tags) && tags.any?
           end
 
-          # Is the given tag present?
-          # Used in testing, so found by `be_tagged`, if you're grepping for it
-          #
-          # @param label [Symbol] the tag to check for
-          # @return [Boolean]
-          def tagged? label
-            tracked? && tags.key?(label)
-          end
-
-          # Similar to #tracked?, but limited to a given range.
-          #
-          # @param start [Integer] the inclusive start index to check.
-          # @param finish [Integer] the exclusive end index to check.
-          # @return [Boolean]
-          def any_tags_between? start, finish
-            return false unless tracked?
-
-            tags.each_value do |tag_array|
-              return true if tag_array.any? { |tag| tag.overlaps?(start, finish) }
-            end
-            false
-          end
-
           # Remove all tags within the given ranges.
           # This does not delete an entire tag if part of that tag is
           # outside this range, meaning we may reduce sizes of tags
@@ -102,6 +79,8 @@ module Contrast
           end
 
           # Remove the tag ranges covering the given range
+          # and appends any trailing value that might
+          # exist after removal of range
           def remove_tags range
             return unless tracked?
 
@@ -112,19 +91,7 @@ module Contrast
               value.each do |tag|
                 comparison = tag.compare_range(range.begin, range.end)
                 # ABOVE and BELOW are not affected by this check
-                case comparison
-                when Contrast::Agent::Assess::Tag::LOW_SPAN
-                  tag.update_end(range.begin)
-                when Contrast::Agent::Assess::Tag::WITHIN
-                  remove << tag
-                when Contrast::Agent::Assess::Tag::WITHOUT
-                  new_tag = tag.clone
-                  new_tag.update_start(range.end)
-                  add << new_tag
-                  tag.update_end(range.begin)
-                when Contrast::Agent::Assess::Tag::HIGH_SPAN
-                  tag.update_start(range.end)
-                end
+                tags_remove_comparison comparison, tag, remove, add, range
               end
               value.delete_if { |tag| remove.include?(tag) }
               Contrast::Utils::TagUtil.ordered_merge(value, add)
@@ -133,6 +100,29 @@ module Contrast
             full_delete.each { |key| tags.delete(key) }
           end
 
+          # This method is for the tags comparison
+          # the idea is to move the whole case here
+          # @param comparison [String] indicates type of removal is to occur
+          # @param tag Contrast::Agent::Assess::Tag
+          # @param remove [String] holds removed Tag if exists
+          # @param add [String] holds trailing Tag if exists
+          # @param range [Range] start and stop for idx for removal
+          def tags_remove_comparison comparison, tag, remove, add, range
+            case comparison
+            when Contrast::Agent::Assess::Tag::LOW_SPAN
+              tag.update_end(range.begin)
+            when Contrast::Agent::Assess::Tag::WITHIN
+              remove << tag
+            when Contrast::Agent::Assess::Tag::WITHOUT
+              new_tag = tag.clone
+              new_tag.update_start(range.end)
+              add << new_tag
+              tag.update_end(range.begin)
+            when Contrast::Agent::Assess::Tag::HIGH_SPAN
+              tag.update_start(range.end)
+            end
+          end
+
           # Shift the tag ranges covering the given range
           # We assume this is for a deletion, meaning we
           # have to move tags to the left
@@ -176,32 +166,36 @@ module Contrast
                 comparison = tag.compare_range(range.begin, range.end)
                 length = range.end - range.begin
                 # BELOW is not affected by this check
-                case comparison
-                  # part of the tag is being inserted on
-                when Contrast::Agent::Assess::Tag::LOW_SPAN
-                  new_tag = tag.clone
-                  new_tag.update_start(range.begin)
-                  new_tag.shift(length)
-                  add << new_tag
-                  tag.update_end(range.begin)
-                  # the tag exists in the inserted range. it is partially shifted
-                when Contrast::Agent::Assess::Tag::WITHIN
-                  tag.shift(length)
-                  # the tag spans the range. leave the part below alone
-                when Contrast::Agent::Assess::Tag::WITHOUT # rubocop:disable Lint/DuplicateBranch
-                  new_tag = tag.clone
-                  new_tag.update_start(range.begin)
-                  new_tag.shift(length)
-                  add << new_tag
-                  tag.update_end(range.begin)
-                when Contrast::Agent::Assess::Tag::HIGH_SPAN, Contrast::Agent::Assess::Tag::ABOVE # rubocop:disable Lint/DuplicateBranch
-                  tag.shift(length)
-                end
+                shift_tags_comparison comparison, add, tag, length, range
               end
               Contrast::Utils::TagUtil.ordered_merge(value, add)
             end
           end
 
+          def shift_tags_comparison comparison, add, tag, length, range
+            case comparison
+              # part of the tag is being inserted on
+            when Contrast::Agent::Assess::Tag::LOW_SPAN
+              new_tag = tag.clone
+              new_tag.update_start(range.begin)
+              new_tag.shift(length)
+              add << new_tag
+              tag.update_end(range.begin)
+              # the tag exists in the inserted range. it is partially shifted
+            when Contrast::Agent::Assess::Tag::WITHIN
+              tag.shift(length)
+              # the tag spans the range. leave the part below alone
+            when Contrast::Agent::Assess::Tag::WITHOUT # rubocop:disable Lint/DuplicateBranch
+              new_tag = tag.clone
+              new_tag.update_start(range.begin)
+              new_tag.shift(length)
+              add << new_tag
+              tag.update_end(range.begin)
+            when Contrast::Agent::Assess::Tag::HIGH_SPAN, Contrast::Agent::Assess::Tag::ABOVE # rubocop:disable Lint/DuplicateBranch
+              tag.shift(length)
+            end
+          end
+
           private
 
           # Because of the auto-fill thing, we should not allow direct access to

data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb

@@ -4,6 +4,7 @@
 require 'contrast/agent/assess/policy/trigger_method'
 require 'contrast/components/logger'
 require 'contrast/extension/module'
+require 'contrast/agent/reporting/report'
 
 module Contrast
   module Agent
@@ -66,7 +67,8 @@ module Contrast
                 # if it looks like a placeholder / pointer to a config, skip it
                 next unless value_passes?(value)
 
-                build_finding(clazz, constant_string)
+                new_finding_and_reporting clazz, constant_string
+                build_finding clazz, constant_string
               end
             end
 
@@ -138,7 +140,8 @@ module Contrast
               # sort. We leave it to each rule to properly handle these nodes.
               return unless value_node_passes?(value)
 
-              build_finding(mod, name)
+              new_finding_and_reporting mod, name
+              build_finding mod, name
             end
 
             # Constants can be set as frozen directly. We need to account for
@@ -161,6 +164,14 @@ module Contrast
             def build_finding clazz, constant_string
               class_name = clazz.cs__name
 
+              finding = assign_finding class_name, constant_string
+              Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding)
+            rescue StandardError => e
+              logger.error('Unable to build a finding for Hardcoded Rule', e)
+              nil
+            end
+
+            def assign_finding class_name, constant_string
               finding = Contrast::Api::Dtm::Finding.new
               finding.rule_id = Contrast::Utils::StringUtils.protobuf_safe_string(rule_id)
               finding.version = Contrast::Agent::Assess::Policy::TriggerMethod::CURRENT_FINDING_VERSION
@@ -173,10 +184,33 @@ module Contrast
               hash = Contrast::Utils::HashDigest.generate_class_scanning_hash(finding)
               finding.hash_code = Contrast::Utils::StringUtils.protobuf_safe_string(hash)
               finding.preflight = Contrast::Utils::PreflightUtil.create_preflight(finding)
-              Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding)
-            rescue StandardError => e
-              logger.error('Unable to build a finding for Hardcoded Rule', e)
-              nil
+              finding
+            end
+
+            def new_finding_and_reporting clazz, constant_string
+              return unless Contrast::Agent::Reporter.enabled?
+
+              # sent to reporter
+              # and add logger message for the report of the preflight
+              new_preflight = Contrast::Agent::Reporting::Preflight.new
+              new_preflight_message = Contrast::Agent::Reporting::PreflightMessage.new
+              new_preflight_message.hash_code = hash
+              new_preflight_message.data = "#{ rule_id },#{ hash }"
+              new_preflight.messages << new_preflight_message
+
+              # extract to new method
+              # here we will generate new type of finding
+              ruby_finding = Contrast::Agent::Reporting::Finding.new rule_id
+              ruby_finding.hash_code = hash
+              ruby_finding.properties[SOURCE_KEY] = clazz.cs__name
+              ruby_finding.properties[CONSTANT_NAME_KEY] = constant_string
+              ruby_finding.properties[CODE_SOURCE_KEY] = constant_string + redacted_marker
+              save_and_report_finding ruby_finding, new_preflight
+            end
+
+            def save_and_report_finding ruby_finding, new_preflight
+              Contrast::Agent::Reporting::ReportingStorage[hash] = ruby_finding
+              Contrast::Agent.reporter_queue.send_event_immediately(new_preflight)
             end
           end
         end

data/lib/contrast/agent/metric_telemetry_event.rb

@@ -15,10 +15,10 @@ module Contrast
       def initialize
         super
         @fields = MetricsHash.new(Numeric)
-        @fields['_filter'] = 0
+        @fields['_filler'] = 0
       end
 
-      def to_json **_args
+      def to_hash **_args
         super.merge!({ fields: @fields })
       end
     end