contrast-agent 4.13.1 → 4.14.0

data/lib/contrast/agent/request_context.rb

@@ -7,6 +7,8 @@ require 'contrast/agent/response'
 require 'contrast/agent/inventory/database_config'
 require 'contrast/components/logger'
 require 'contrast/components/scope'
+require 'contrast/utils/request_utils'
+require 'contrast/agent/request_context_extend'
 
 module Contrast
   module Agent
@@ -27,6 +29,8 @@ module Contrast
     class RequestContext
       include Contrast::Components::Logger::InstanceMethods
       include Contrast::Components::Scope::InstanceMethods
+      include Contrast::Utils::RequestUtils
+      include Contrast::Agent::RequestContextExtend
 
       EMPTY_INPUT_ANALYSIS_PB = Contrast::Api::Settings::InputAnalysis.new
 
@@ -100,98 +104,6 @@ module Contrast
         ::Contrast::ASSESS.enabled?
       end
 
-      # Convert the discovered route for this request to appropriate forms and disseminate it to those locations
-      # where it is necessary for our route coverage and finding vulnerability discovery features to function.
-      #
-      # @param route [Contrast::Api::Dtm::RouteCoverage, nil] the route of the current request, as determined from the
-      #   framework
-      def append_route_coverage route
-        return unless route
-
-        # For our findings
-        @route = route
-
-        # For SR findings
-        @activity.routes << route
-
-        # For TS routes
-        @observed_route.signature  = route.route
-        @observed_route.verb       = route.verb
-        @observed_route.url        = route.url if route.url
-        @request.route = route
-        @request.observed_route = @observed_route
-      end
-
-      # Collect the results for the given rule with the given action
-      #
-      # @param rule [String] the id of the rule to which the results apply
-      # @param response_type [Symbol] the result of the response, matching a value of
-      #   Contrast::Api::Dtm::AttackResult::ResponseType
-      # @return [Array<Contrast::Api::Dtm::AttackResult>]
-      def results_for rule, response_type = nil
-        if response_type.nil?
-          activity.results.select { |r| r.rule_id == rule }
-        else
-          activity.results.select { |r| r.rule_id == rule && r.response == response_type }
-        end
-      end
-
-      def service_extract_request
-        return false unless ::Contrast::AGENT.enabled?
-        return false unless ::Contrast::PROTECT.enabled?
-        return false if @do_not_track
-
-        service_response = Contrast::Agent.messaging_queue.send_event_immediately(@activity.http_request)
-        return false unless service_response
-
-        handle_protect_state(service_response)
-        ia = service_response.input_analysis
-        if ia
-          if logger.trace?
-            logger.trace('Analysis from Contrast Service', evaluations: ia.results.length)
-            logger.trace('Results', input_analysis: ia.inspect)
-          end
-          @speedracer_input_analysis = ia
-          speedracer_input_analysis.request = request
-        else
-          logger.trace('Analysis from Contrast Service was empty.')
-          false
-        end
-      rescue Contrast::SecurityException => e
-        raise e
-      rescue StandardError => e
-        logger.warn('Unable to extract Contrast Service information from request', e)
-        false
-      end
-
-      # NOTE: this method is only used as a backstop if Speedracer sends Input Evaluations when the protect state
-      # indicates a security exception should be thrown. This method ensures that the attack reports are generated.
-      # Normally these should be generated on Speedracer for any attacks detected during prefilter.
-      #
-      # @param agent_settings [Contrast::Api::Settings::AgentSettings]
-      def handle_protect_state agent_settings
-        return unless agent_settings&.protect_state
-
-        state = agent_settings.protect_state
-        @uuid = state.uuid
-        @do_not_track = true unless state.track_request
-        return unless state.security_exception
-
-        # If Contrast Service has NOT handled the input analysis, handle them here
-        build_attack_results(agent_settings)
-        logger.debug('Contrast Service said to block this request')
-        raise Contrast::SecurityException.new(nil, (state.security_message || 'Blocking suspicious behavior'))
-      end
-
-      # append anything we've learned to the request seen message this is the sum-total of all inventory information
-      # that has been accumulated since the last request
-      def extract_after rack_response
-        @response = Contrast::Agent::Response.new(rack_response)
-        activity.http_response = @response.dtm if @sample_res
-      rescue StandardError => e
-        logger.error('Unable to extract information after request', e)
-      end
-
       def add_property key, value
         @_properties[key] = value
       end
@@ -205,42 +117,6 @@ module Contrast
         @server_activity = Contrast::Api::Dtm::ServerActivity.new
         @observed_route = Contrast::Api::Dtm::ObservedRoute.new
       end
-
-      private
-
-      # Generate attack results directly from any evaluations on the agent settings object.
-      #
-      # @param agent_settings [Contrast::Api::Settings::AgentSettings]
-      def build_attack_results agent_settings
-        return unless agent_settings&.input_analysis&.results&.any?
-
-        attack_results_by_rule = {}
-        agent_settings.input_analysis.results.each do |ia_result|
-          rule_id = ia_result.rule_id
-          rule = ::Contrast::PROTECT.rule(rule_id)
-          next unless rule
-
-          if logger.debug?
-            logger.debug('Building attack result from Contrast Service input analysis result',
-                         result: ia_result.inspect)
-          end
-
-          attack_result = if rule.mode == :BLOCK
-                            # special case for rules (like reflected xss) that used to have an infilter / block mode
-                            # but now are just block at perimeter
-                            rule.build_attack_with_match(self, ia_result, attack_results_by_rule[rule_id],
-                                                         ia_result.value)
-                          else
-                            rule.build_attack_without_match(self, ia_result, attack_results_by_rule[rule_id])
-                          end
-          attack_results_by_rule[rule_id] = attack_result
-        end
-
-        attack_results_by_rule.each_pair do |_, attack_result|
-          logger.info('Blocking attack result', rule: attack_result.rule_id)
-          activity.results << attack_result
-        end
-      end
     end
   end
 end

data/lib/contrast/agent/request_context_extend.rb

@@ -0,0 +1,138 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    # This class extends RequestContexts: this class acts to encapsulate information about the currently
+    # executed request, making it available to the Agent for the duration of the request in a standardized
+    # and normalized format which the Agent understands.
+    module RequestContextExtend
+      BUILD_ATTACK_LOGGER_MESSAGE = 'Building attack result from Contrast Service input analysis result'
+      # Convert the discovered route for this request to appropriate forms and disseminate it to those locations
+      # where it is necessary for our route coverage and finding vulnerability discovery features to function.
+      #
+      # @param route [Contrast::Api::Dtm::RouteCoverage, nil] the route of the current request, as determined from the
+      #   framework
+      def append_route_coverage route
+        return unless route
+
+        # For our findings
+        @route = route
+
+        # For SR findings
+        @activity.routes << route
+
+        # For TS routes
+        @observed_route.signature  = route.route
+        @observed_route.verb       = route.verb
+        @observed_route.url        = route.url if route.url
+        @request.route = route
+        @request.observed_route = @observed_route
+      end
+
+      # Collect the results for the given rule with the given action
+      #
+      # @param rule [String] the id of the rule to which the results apply
+      # @param response_type [Symbol] the result of the response, matching a value of
+      #   Contrast::Api::Dtm::AttackResult::ResponseType
+      # @return [Array<Contrast::Api::Dtm::AttackResult>]
+      def results_for rule, response_type = nil
+        if response_type.nil?
+          activity.results.select { |r| r.rule_id == rule }
+        else
+          activity.results.select { |r| r.rule_id == rule && r.response == response_type }
+        end
+      end
+
+      def service_extract_request
+        return false unless ::Contrast::AGENT.enabled?
+        return false unless ::Contrast::PROTECT.enabled?
+        return false if @do_not_track
+
+        service_response = Contrast::Agent.messaging_queue.send_event_immediately(@activity.http_request)
+        return false unless service_response
+
+        handle_protect_state(service_response)
+        ia = service_response.input_analysis
+        if ia
+          if logger.trace?
+            logger.trace('Analysis from Contrast Service', evaluations: ia.results.length)
+            logger.trace('Results', input_analysis: ia.inspect)
+          end
+          @speedracer_input_analysis = ia
+          speedracer_input_analysis.request = request
+        else
+          logger.trace('Analysis from Contrast Service was empty.')
+          false
+        end
+      rescue Contrast::SecurityException => e
+        raise e
+      rescue StandardError => e
+        logger.warn('Unable to extract Contrast Service information from request', e)
+        false
+      end
+
+      # NOTE: this method is only used as a backstop if Speedracer sends Input Evaluations when the protect state
+      # indicates a security exception should be thrown. This method ensures that the attack reports are generated.
+      # Normally these should be generated on Speedracer for any attacks detected during prefilter.
+      #
+      # @param agent_settings [Contrast::Api::Settings::AgentSettings]
+      def handle_protect_state agent_settings
+        return unless agent_settings&.protect_state
+
+        state = agent_settings.protect_state
+        @uuid = state.uuid
+        @do_not_track = true unless state.track_request
+        return unless state.security_exception
+
+        # If Contrast Service has NOT handled the input analysis, handle them here
+        build_attack_results(agent_settings)
+        logger.debug('Contrast Service said to block this request')
+        raise Contrast::SecurityException.new(nil, (state.security_message || 'Blocking suspicious behavior'))
+      end
+
+      # append anything we've learned to the request seen message this is the sum-total of all inventory information
+      # that has been accumulated since the last request
+      def extract_after rack_response
+        @response = Contrast::Agent::Response.new(rack_response)
+        activity.http_response = @response.dtm if @sample_res
+      rescue StandardError => e
+        logger.error('Unable to extract information after request', e)
+      end
+
+      private
+
+      # Generate attack results directly from any evaluations on the agent settings object.
+      #
+      # @param agent_settings [Contrast::Api::Settings::AgentSettings]
+      def build_attack_results agent_settings
+        return unless agent_settings&.input_analysis&.results&.any?
+
+        results_by_rule = {}
+        agent_settings.input_analysis.results.each do |ia_result|
+          rule_id = ia_result.rule_id
+          rule = ::Contrast::PROTECT.rule(rule_id)
+          next unless rule
+
+          logger.debug(BUILD_ATTACK_LOGGER_MESSAGE, result: ia_result.inspect) if logger.debug?
+          results_by_rule[rule_id] = attack_result rule, rule_id, ia_result, results_by_rule
+        end
+
+        results_by_rule.each_pair do |_, attack_result|
+          logger.info('Blocking attack result', rule: attack_result.rule_id)
+          activity.results << attack_result
+        end
+      end
+
+      def attack_result rule, rule_id, ia_result, results_by_rule
+        @_attack_result = if rule.mode == :BLOCK
+                            # special case for rules (like reflected xss) that used to have an infilter / block mode
+                            # but now are just block at perimeter
+                            rule.build_attack_with_match(self, ia_result, results_by_rule[rule_id], ia_result.value)
+                          else
+                            rule.build_attack_without_match(self, ia_result, results_by_rule[rule_id])
+                          end
+      end
+    end
+  end
+end

data/lib/contrast/agent/response.rb

@@ -8,6 +8,7 @@ require 'contrast/utils/object_share'
 require 'contrast/utils/string_utils'
 require 'contrast/utils/hash_digest'
 require 'contrast/components/logger'
+require 'contrast/utils/response_utils'
 
 module Contrast
   module Agent
@@ -17,6 +18,7 @@ module Contrast
     # order to avoid repeatedly creating Strings & thrashing GC.
     class Response
       include Contrast::Components::Logger::InstanceMethods
+      include Contrast::Utils::ResponseUtils
 
       extend Forwardable
 
@@ -88,79 +90,6 @@ module Contrast
         body_content = @is_array ? rack_response[2] : rack_response.body
         extract_body(body_content)
       end
-
-      private
-
-      # From the dtm for normalized_response_headers:
-      #   Key is UPPERCASE_UNDERSCORE
-      #
-      #   Example: Content-Type: text/html; charset=utf-8
-      #   "CONTENT_TYPE" => Content-Type,["text/html; charset=utf8"]
-      def append_pair map, key, value
-        return unless key && value
-        return if value.is_a?(Hash)
-
-        safe_key = Contrast::Utils::StringUtils.force_utf8(key)
-        hash_key = Contrast::Utils::StringUtils.normalized_key(safe_key)
-        map[hash_key] ||= Contrast::Api::Dtm::Pair.new
-        map[hash_key].key = safe_key
-        map[hash_key].values << Contrast::Utils::StringUtils.force_utf8(value)
-      end
-
-      HTTP_PREFIX = /^[Hh][Tt][Tt][Pp][_-]/i.cs__freeze
-
-      # Given some holder of the content of the response's body, extract that
-      # content and return it as a String
-      #
-      # @param body [String, Rack::File, Rack::BodyProxy,
-      #   ActionDispatch::Response::RackBody, Rack::Response] Something that
-      #   holds, wraps, or is the body of the Response
-      # @return [nil, String] the content of the body
-      def extract_body body
-        return unless body
-
-        if defined?(Rack::File) && body.is_a?(Rack::File)
-          # not sure what to do in this situation, so don't do anything.
-          nil
-        elsif body.is_a?(Rack::BodyProxy)
-          handle_rack_body_proxy(body)
-        elsif (defined?(ActionDispatch::Response::RackBody) && body.is_a?(ActionDispatch::Response::RackBody)) ||
-              body.is_a?(Rack::Response)
-
-          extract_body(body.body)
-        elsif Contrast::Utils::DuckUtils.quacks_to?(body, :each)
-          acc = []
-          body.each { |tmp| acc << read_or_string(tmp) }
-          acc.compact.join(Contrast::Utils::ObjectShare::NEW_LINE)
-        elsif ActionView::OutputBuffer
-          # https://stackoverflow.com/questions/15654676/how-to-convert-activesupportsafebuffer-to-string
-          body.to_str
-        else
-          read_or_string(body)
-        end
-      end
-
-      def handle_rack_body_proxy body
-        next_body = body.instance_variable_get(:@body)
-        case next_body
-        when Array
-          extract_body(next_body[0])
-        else
-          extract_body(next_body)
-        end
-      end
-
-      def read_or_string obj
-        return unless obj
-
-        if Contrast::Utils::DuckUtils.quacks_to?(obj, :read)
-          tmp = obj.read
-          obj.rewind
-          tmp
-        else
-          obj.to_s
-        end
-      end
     end
   end
 end

data/lib/contrast/agent/startup_metrics_telemetry_event.rb

@@ -17,10 +17,32 @@ module Contrast
       include Contrast::Utils::OS
 
       APP_AND_SERVER_DATA = ::Contrast::APP_CONTEXT.app_and_server_information.cs__freeze
-      SAAS_DEFAULT = { addr: 'app.contrastsecuirty.com', type: 'SAAS_DEFAULT' }.cs__freeze
+      # Multi-tenant Production Environments
+      SAAS_DEFAULT = { addr: 'app.contrastsecurity.com', type: 'SAAS_DEFAULT' }.cs__freeze
+      SAAS_CS = { addr: /cs[[:digit:]]+\.contrastsecurity\.com/, type: 'SAAS_DEFAULT' }.cs__freeze
+      SAAS_JP = { addr: 'app.contrastsecurity.jp', type: 'SAAS_DEFAULT' }.cs__freeze
       SAAS_CE = { addr: 'ce.contrastsecurity.com', type: 'SAAS_CE' }.cs__freeze
-      SAAS_CUSTOM = { addr: 'contrastsecurite.com', type: 'SAAS_CUSTOM' }.cs__freeze
-      SAAS_POV = { addr: 'eval.contrastsecuirty.com', type: 'SAAS_POV' }.cs__freeze
+      # Multi-tenant Demo Environments
+      SAAS_DEMO = { addr: 'apptwo.contrastsecurity.com', type: 'SAAS_DEMO' }.cs__freeze
+      SAAS_POV = { addr: 'eval.contrastsecurity.com', type: 'SAAS_POV' }.cs__freeze
+      # Multi-tenant Testing Environment
+      SAAS_RESEARCH = { addr: 'security-research.contrastsecurity.com', type: 'SAAS_RESEARCH' }.cs__freeze
+      SAAS_ALPHA = { addr: 'alpha.contrastsecurity.com', type: 'SAAS_ALPHA' }.cs__freeze
+      SAAS_STAGING = { addr: 'teamserver-staging.contsec.com', type: 'SAAS_TESTING' }.cs__freeze
+      SAAS_STAGING_TOKYO = { addr: 'teamserver-staging.contsec.jp', type: 'SAAS_TESTING' }.cs__freeze
+      SAAS_TESTING = { addr: 'teamserver-darpa.contsec.com', type: 'SAAS_TESTING' }.cs__freeze
+      SAAS_OPS_TESTING = { addr: 'teamserver-ops.contsec.com', type: 'SAAS_TESTING' }.cs__freeze
+      # Fallback for Single-tenant Production Environments
+      SAAS_CUSTOM = { addr: 'contrastsecurity.com', type: 'SAAS_CUSTOM' }.cs__freeze
+      SAAS_CUSTOM_JP = { addr: 'contrastsecurity.jp', type: 'SAAS_CUSTOM' }.cs__freeze
+
+      SINGLE_MAP_TENANTS = [
+        SAAS_DEFAULT, SAAS_JP, SAAS_CE, SAAS_DEMO, SAAS_POV, SAAS_RESEARCH, SAAS_ALPHA,
+        SAAS_STAGING, SAAS_STAGING_TOKYO, SAAS_TESTING, SAAS_OPS_TESTING
+      ].cs__freeze
+      REGEXP_MAP_TENANTS = [SAAS_CS].cs__freeze
+      FALLBACK_TENANTS = [SAAS_CUSTOM, SAAS_CUSTOM_JP].cs__freeze
+      # Fallback for Custom, most likely self-hosted, Environments
       EOP = 'EOP'
 
       def initialize
@@ -50,21 +72,22 @@ module Contrast
 
       private
 
-      # Here we extract the Teamserver url type
+      # Here we extract the TeamServer url type
       #
-      # @return[String] type, it could be SAAS_DEFAULT, SAAS_POV, SAAS_CE, SAAS_CUSTOM, or EOP
+      # @return [String] the type of TeamServer environment to which we're connecting
       def teamserver_type
-        @_teamserver_type ||= if Contrast::API.api_url.include?(SAAS_DEFAULT[:addr])
-                                SAAS_DEFAULT[:type]
-                              elsif Contrast::API.api_url.include?(SAAS_POV[:addr])
-                                SAAS_POV[:type]
-                              elsif Contrast::API.api_url.include?(SAAS_CE[:addr])
-                                SAAS_CE[:type]
-                              elsif Contrast::API.api_url.end_with? SAAS_CUSTOM[:addr]
-                                SAAS_CUSTOM[:type]
-                              else
-                                EOP
-                              end
+        @_teamserver_type ||= begin
+          url = Contrast::API.api_url
+          if (single = SINGLE_MAP_TENANTS.find { |tenant| url.include?(tenant[:addr]) })
+            single[:type]
+          elsif (regexp = REGEXP_MAP_TENANTS.find { |tenant| tenant[:addr].match?(url) })
+            regexp[:type]
+          elsif (fallback = FALLBACK_TENANTS.find { |tenant| url.include?(tenant[:addr]) })
+            fallback[:type]
+          else
+            EOP
+          end
+        end
       end
     end
   end

data/lib/contrast/agent/static_analysis.rb

@@ -10,8 +10,8 @@ module Contrast
     # this module handles one time static analysis tasks
     class StaticAnalysis
       include Singleton
-      include Contrast::Components::Logger::InstanceMethods
       include Contrast::Components::Scope::InstanceMethods
+      extend Contrast::Components::Logger::InstanceMethods
 
       class << self
         # After the first request is complete, we do a one-time manual catchup to review and report the already-loaded

data/lib/contrast/agent/telemetry.rb

@@ -3,7 +3,7 @@
 
 require 'contrast/config/env_variables'
 require 'contrast/components/logger'
-require 'contrast/utils/requests_client'
+require 'contrast/utils/telemetry_client'
 require 'contrast/agent/worker_thread'
 require 'contrast/utils/telemetry'
 
@@ -11,7 +11,6 @@ module Contrast
   module Agent
     # This class will initialize and hold everything needed for the telemetry
     class Telemetry < WorkerThread
-      include Contrast::Utils::RequestsClient
       include Contrast::Components::Logger::InstanceMethods
       # this is where we will send the data from the agents
       URL = 'https://telemetry.ruby.contrastsecurity.com/'
@@ -28,13 +27,13 @@ module Contrast
             mac = Contrast::Utils::Telemetry::Identifier.mac
             app_name = Contrast::Utils::Telemetry::Identifier.app_name
             id = mac + app_name if mac && app_name
-            Digest::SHA2.new(256).hexdigest(id || '_' + SecureRandom.uuid)
+            Digest::SHA2.new(256).hexdigest(id || ('_' + SecureRandom.uuid))
           end
         end
 
         def instance_id
           @_instance_id ||= Digest::SHA2.new(256).hexdigest(Contrast::Utils::Telemetry::Identifier.mac ||
-                                                                  '_' + SecureRandom.uuid)
+                                                                  ('_' + SecureRandom.uuid))
         end
 
         def enabled?
@@ -51,7 +50,8 @@ module Contrast
 
           # In case of connection error, do not create the background thread or queue,
           # as if the opt-out env var was set
-          ip_opt_out_telemetry = Contrast::Utils::RequestsClient.initialize_connection(URL)
+          @_client = Contrast::Utils::TelemetryClient.new
+          ip_opt_out_telemetry = @_client.initialize_connection(URL)
           if ip_opt_out_telemetry.nil?
             logger.warn('Connection was not established properly!!!')
             logger.warn('THE SERVICE IS GOING TO BE TERMINATED!!')
@@ -62,6 +62,14 @@ module Contrast
         end
       end
 
+      def client
+        @_client ||= Contrast::Utils::TelemetryClient.new
+      end
+
+      def connection
+        @_connection ||= client.initialize_connection(URL)
+      end
+
       def attempt_to_start?
         unless cs__class.enabled?
           logger.warn('Telemetry service is disabled!')
@@ -83,8 +91,8 @@ module Contrast
 
           begin
             logger.debug('This is the current processed event', event)
-            res = Contrast::Utils::RequestsClient.send_request event, connection
-            sleep_time = Contrast::Utils::RequestsClient.handle_response res
+            res = client.send_request event, connection
+            sleep_time = client.handle_response res
             sleep(sleep_time) unless sleep_time.nil?
           rescue StandardError => e
             logger.error('Could not send message to service from telemetry queue.', e)

data/lib/contrast/agent/telemetry_event.rb

@@ -11,23 +11,22 @@ module Contrast
 
       attr_reader :timestamp, :tags
 
-      # The instance_id comes from the Telemetry Instance
       def initialize
         @tags = MetricsHash.new(String)
-        @timestamp = format_date
-        @instance_id = Contrast::Agent.telemetry_queue.__id__
+        @timestamp = Time.now.iso8601
       end
 
       def path
         ''
       end
 
-      def to_json **_args
-        { tags: @tags, timestamp: @timestamp, instance_id: @instance_id }
-      end
-
-      def format_date
-        Time.now.strftime('%Y-%m-%d %H:%M:%S.%L')
+      def to_hash **_args
+        {
+            tags: @tags,
+            timestamp: @timestamp,
+            instance: Contrast::Agent::Telemetry.instance_id,
+            application: Contrast::Agent::Telemetry.application_id
+        }
       end
     end
   end

data/lib/contrast/agent/thread_watcher.rb

@@ -4,6 +4,7 @@
 require 'contrast/components/logger'
 require 'contrast/agent/service_heartbeat'
 require 'contrast/api/communication/messaging_queue'
+require 'contrast/agent/reporting/report'
 require 'contrast/agent/telemetry'
 
 module Contrast
@@ -24,21 +25,26 @@ module Contrast
         @heartbeat = Contrast::Agent::ServiceHeartbeat.new
         @messaging_queue = Contrast::Api::Communication::MessagingQueue.new
         @telemetry = Contrast::Agent::Telemetry.new if Contrast::Agent::Telemetry.enabled?
+        @reporter = Contrast::Agent::Reporter.new if Contrast::Agent::Reporter.enabled?
       end
 
       def startup!
         return unless ::Contrast::AGENT.enabled?
 
-        telemetry_thread_status = telemetry_thread_init
-        heartbeat_thread_status = heartbeat_thread_init
-        messaging_thread_status = messaging_thread_init
+        telemetry_status = telemetry_thread_init
+        heartbeat_status = heartbeat_thread_init
+        messaging_status = messaging_thread_init
+        reporter_status = reporter_thread_init
 
         logger.debug('ThreadWatcher started threads')
 
-        @pids[Process.pid] = messaging_thread_status && heartbeat_thread_status
+        @pids[Process.pid] = messaging_status && heartbeat_status
         return @pids unless Contrast::Agent::Telemetry.enabled?
 
-        @pids[Process.pid] = messaging_thread_status && heartbeat_thread_status && telemetry_thread_status
+        @pids[Process.pid] = @pids[Process.pid] && telemetry_status
+        return @pids unless Contrast::Agent::Reporter.enabled?
+
+        @pids[Process.pid] = @pids[Process.pid] && reporter_status
       end
 
       def ensure_running?
@@ -53,6 +59,7 @@ module Contrast
         messaging_queue.stop!
         heapdump_util.stop!
         telemetry_queue&.stop!
+        reporter_queue&.stop!
       end
 
       def heartbeat_thread_init
@@ -82,11 +89,30 @@ module Contrast
         messaging_result
       end
 
+      def reporter_thread_init
+        @reporter.start_thread! if @reporter&.attempt_to_start?
+        unless @reporter&.running?
+          logger.debug('Attempting to start reporter thread')
+          @reporter&.start_thread!
+        end
+        reporter_result = @reporter&.running?
+        logger.debug('Reporter thread status', alive: reporter_result)
+        reporter_result
+      end
+
+      # @return [Contrast::Agent::Telemetry]
       def telemetry_queue
         return if @telemetry.nil?
 
         @telemetry
       end
+
+      # @return [Contrast::Agent::Reporter]
+      def reporter_queue
+        return if @reporter.nil?
+
+        @reporter
+      end
     end
   end
 end

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '4.13.1'
+    VERSION = '4.14.0'
   end
 end