contrast-agent 4.13.1 → 5.1.0

data/lib/contrast/agent/reporting/settings/assess.rb

@@ -0,0 +1,45 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/object_share'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This module will hold all the settings from the TS responce
+      module Settings
+        # Application level settings for the Assess featureset.
+        class Assess
+          # Assess rules to disable for this application.
+          #
+          # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
+          def disabled_rules
+            @_disabled_rules ||= []
+          end
+
+          # @param disabled_rules [Array] with AssessRuleID strings
+          # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
+          def disabled_rules= disabled_rules
+            @_disabled_rules = disabled_rules if disabled_rules.is_a? Array
+          end
+
+          # The id of a session on TeamServer under which this session of this application should report
+          # Overrides that set by application.session_id (should match if provided).
+          #
+          # @return session_id [String]
+          def session_id
+            @_session_id ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the session_id
+          #
+          # @param session_id [String]
+          # @return session_id [String]
+          def session_id= session_id
+            @_session_id = session_id if session_id.is_a? String
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/assess_server_feature.rb

@@ -0,0 +1,136 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/object_share'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This module will hold all the settings from the TS responce
+      module Settings
+        # Application level settings for the Assess featureset.
+        # Used for the FeatureSet TS response
+        class AssessServerFeature
+          # Assess rules to disable for this application.
+          #
+          # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
+          def disabled_rules
+            @_disabled_rules ||= []
+          end
+
+          # @param disabled_rules [Array<AssessRuleID>] with AssessRuleID strings
+          # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
+          def disabled_rules= disabled_rules
+            @_disabled_rules = disabled_rules if disabled_rules.is_a? Array
+          end
+
+          # Indicate if the assess feature set is enabled for this server or not.
+          #
+          # @return enabled [Boolean]
+          def enabled?
+            @_enabled
+          end
+
+          # Set the enabled
+          #
+          # @param enabled [Boolean]
+          # @return enabled [Boolean]
+          def enabled= enabled
+            @_enabled = enabled if !!enabled == enabled
+          end
+
+          # Used to control the sampling feature in the agent.
+          #
+          # @return sampling [Hash<AssessSampling>] Hash of AssessSampling: {
+          #  baseline          [Integer] The number of baseline requests to take before switching to sampling
+          #                               for the window.
+          #  enabled           [Boolean] If the sampling feature should be used or not.
+          #  frequency         [Integer] The number of requests to skip before observing during the sampling
+          #                               window after the baseline.
+          #  responseFrequency [Integer]
+          #  window            [Integer]
+          # }
+          def sampling
+            @_sampling ||= {}
+          end
+
+          # set sampling
+          #
+          # @param sampling [Hash<AssessSampling>] Hash of AssessSampling: {
+          #  baseline          [Integer] The number of baseline requests to take before switching to sampling
+          #                               for the window.
+          #  enabled           [Boolean] If the sampling feature should be used or not.
+          #  frequency         [Integer] The number of requests to skip before observing during the sampling
+          #                               window after the baseline.
+          #  responseFrequency [Integer]
+          #  window            [Integer]
+          # }
+          # @return sampling [Hash<AssessSampling>] Hash of AssessSampling: {
+          #  baseline          [Integer] The number of baseline requests to take before switching to sampling
+          #                               for the window.
+          #  enabled           [Boolean] If the sampling feature should be used or not.
+          #  frequency         [Integer] The number of requests to skip before observing during the sampling
+          #                               window after the baseline.
+          #  responseFrequency [Integer]
+          #  window            [Integer]
+          # }
+          def sampling= sampling
+            @_sampling = sampling if sampling.is_a? Hash
+          end
+
+          # The sanitizers defined by the user for use by the agent on this server for this organization.
+          #
+          # @return sanitizers [Array<AssessCustomRules>] AssessCustomRules
+          #   Api   [String], Rules [Array[RulesID]]
+          #   tags  [Array[String]]
+          #   uuid  [String]
+          def sanitizers
+            @_sanitizers ||= []
+          end
+
+          # set sanitizer
+          #
+          # @param sanitizers [Array<AssessCustomRules>] of AssessCustomRule: {
+          #   Api   [String], Rules [Array[RulesID]]
+          #   tags  [Array[String]]
+          #   uuid  [String]
+          # }
+          # @return sanitizers [Array<AssessCustomRules>] AssessCustomRules
+          #   Api   [String], Rules [Array[RulesID]]
+          #   tags  [Array[String]]
+          #   uuid  [String]
+          def sanitizers= sanitizers
+            @_sanitizers = sanitizers if sanitizers.is_a? Array
+          end
+
+          # The validators defined by the user for use by the agent on this server for this organization.
+          #
+          # @return validators [Array<AssessCustomRules>] of AssessCustomRule: {
+          #   Api   [String], Rules [Array[RulesID]]
+          #   tags  [Array[String]]
+          #   uuid  [String]
+          # }
+          def validators
+            @_validators ||= []
+          end
+
+          # The validators defined by the user for use by the agent on this server for this organization.
+          #
+          # @param validators [Array<AssessCustomRules>] of AssessCustomRule: {
+          #   Api   [String], Rules [Array[RulesID]]
+          #   tags  [Array[String]]
+          #   uuid  [String]
+          # }
+          # @return validators [Array<AssessCustomRules>] of AssessCustomRule: {
+          #   Api   [String], Rules [Array[RulesID]]
+          #   tags  [Array[String]]
+          #   uuid  [String]
+          # }
+          def validators= validators
+            @_validators = validators if validators.is_a? Array
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/exclusions.rb

@@ -0,0 +1,123 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      # This module will hold all the settings from the TS responce
+      module Settings
+        # Application level settings for the Exclusions featureset
+        # (ApplicationStartupSettingsExclusions)
+        class Exclusions
+          # Cases where rules should be excluded if violated in a method call
+          #
+          # @return code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
+          #   name         [String] The name of the exclusion as defined by the user in TS.
+          #   modes        [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   denylist     [String] The call, if in the stack, should result in the agent not taking action.
+          # }
+          def code_exclusions
+            @_code_exclusions ||= []
+          end
+
+          # set the CodeExclusions array
+          #
+          # @param code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
+          #   name         [String] The name of the exclusion as defined by the user in TS.
+          #   modes        [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   denylist     [String] The call, if in the stack, should result in the agent not taking action.
+          # }
+          # @return code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
+          #   name         [String] The name of the exclusion as defined by the user in TS.
+          #   modes        [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   denylist     [String] The call, if in the stack, should result in the agent not taking action.
+          # }
+          def code_exclusions= code_exclusions
+            @_code_exclusions = code_exclusions if code_exclusions.is_a? Array
+          end
+
+          # Cases where rules should be excluded if violated from a given input.
+          #
+          # @return input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
+          #   name           [String] The name of the input.
+          #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+          #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+          #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+          #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+          # }
+          def input_exclusions
+            @_input_exclusions ||= []
+          end
+
+          # set the InputExclusions array
+          #
+          # @param input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
+          #   name           [String] The name of the input.
+          #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+          #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+          #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+          #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+          # }
+          # @return input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
+          #   name           [String] The name of the input.
+          #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+          #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+          #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+          #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+          # }
+          def input_exclusions= input_exclusions
+            @_input_exclusions = input_exclusions if input_exclusions.is_a? Array
+          end
+
+          # A case where rules should be excluded if violated during a call to a given URL.
+          #
+          # @return url_exclusions [Array<UrlExclusions>] Array of UrlExclusions: {
+          #   name           [String] The name of the input.
+          #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+          #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+          #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+          #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+          # }
+          def url_exclusions
+            @_url_exclusions ||= []
+          end
+
+          # set the UrlExclusions array
+          #
+          # @param url_exclusions [Array] Array of UrlExclusions: {
+          #   name           [String] The name of the input.
+          #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+          #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+          #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+          #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+          # }
+          # @return url_exclusions [Array<UrlExclusions>] Array of UrlExclusions: {
+          #   name           [String] The name of the input.
+          #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+          #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+          #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+          #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+          # }
+          def url_exclusions= url_exclusions
+            @_url_exclusions = url_exclusions if url_exclusions.is_a? Array
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/protect.rb

@@ -0,0 +1,89 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/object_share'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This module will hold all the settings from the TS responce
+      module Settings
+        # Application level settings for the Protect featureset
+        class Protect
+          # block at perimeter needs to be check against the blockAtEntry boolean value
+          PROTECT_RULES_MODE = %w[OFF BLOCKING MONITORING].cs__freeze
+          # The settings for each protect rule for this application
+          #
+          # @return protection_rules [Array<protectRule>] protectRule: {
+          #   blockAtEntry [Boolean] If in block mode, to block at perimeter or not.
+          #   id           [String] The id of a rule in Contrast.
+          #   mode         [String] The mode that this rule should run in. [OFF, MONITORING, BLOCKING] }
+          def protection_rules
+            @_protection_rules ||= []
+          end
+
+          # Set the protection_rules array
+          #
+          # @param protection_rules [Array<protectRule>] protectRule: {
+          #   blockAtEntry [Boolean] If in block mode, to block at perimeter or not.
+          #   id           [String] The id of a rule in Contrast.
+          #   mode         [String] The mode that this rule should run in. [OFF, MONITORING, BLOCKING] }
+          # @return protection_rules [Array<protectRule>] protectRule: {
+          #   blockAtEntry [Boolean] If in block mode, to block at perimeter or not.
+          #   id           [String] The id of a rule in Contrast.
+          #   mode         [String] The mode that this rule should run in. [OFF, MONITORING, BLOCKING] }
+          def protection_rules= protection_rules
+            @_protection_rules = protection_rules if protection_rules.is_a? Array
+          end
+
+          # The virtual patches to apply for this application
+          #
+          # @return virtual_patches [Array<VirtualPatch>] Array of VirtualPatch: {
+          #   name       [String] The name of the Virtual Patch
+          #   headers    [Array] The headers that must be present in the request to result in the request being blocked
+          #   parameters [Array] The parameters that must be present in the request
+          #                       to result in the request being blocked.
+          #   urls       [Array] The urls that must be present in the request to result in the request being blocked.
+          #   uuids      [String] The UUID of the Virtual Patch }
+          def virtual_patches
+            @_virtual_patches ||= []
+          end
+
+          # Set the virtual patches array
+          #
+          # @param virtual_patches [Array<VirtualPatch>] Array of VirtualPatch: {
+          #   name       [String] The name of the Virtual Patch
+          #   headers    [Array] The headers that must be present in the request to result in the request being blocked
+          #   parameters [Array] The parameters that must be present in the request
+          #                       to result in the request being blocked.
+          #   urls       [Array] The urls that must be present in the request to result in the request being blocked.
+          #   uuids      [String] The UUID of the Virtual Patch }
+          # @return virtual_patches [Array<VirtualPatch>] Array of VirtualPatch: {
+          #   name       [String] The name of the Virtual Patch
+          #   headers    [Array] The headers that must be present in the request to result in the request being blocked
+          #   parameters [Array] The parameters that must be present in the request
+          #                       to result in the request being blocked.
+          #   urls       [Array] The urls that must be present in the request to result in the request being blocked.
+          #   uuids      [String] The UUID of the Virtual Patch }
+          def virtual_patches= virtual_patches
+            @_virtual_patches = virtual_patches if virtual_patches.is_a? Array
+          end
+
+          # Converts settings into Agent Settings understandable hash {RULE_ID => MODE}
+          #
+          # @return rules [Hash<RULE_ID => MODE>, nil] Hash with rule_id as key and mode as value
+          def protection_rules_to_settings_hash
+            return if protection_rules.empty?
+
+            modes_by_id = {}
+            protection_rules.each do |rule|
+              PROTECT_RULES_MODE.include? rule[:mode]
+              modes_by_id[rule[:id]] = rule[:mode]
+            end
+            modes_by_id
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/protect_server_feature.rb

@@ -0,0 +1,243 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/object_share'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This module will hold all the settings from the TS responce
+      module Settings
+        # Application level settings for the Protect featureset.
+        # Used for the FeatureSet TS response
+        class ProtectServerFeature
+          # Indicate if the protect feature set is enabled for this server or not.
+          #
+          # @return enabled [Boolean]
+          def enabled?
+            @_enabled
+          end
+
+          # Set the enabled
+          #
+          # @param enabled [Boolean]
+          # @return enabled [Boolean]
+          def enabled= enabled
+            @_enabled = enabled if !!enabled == enabled
+          end
+
+          # Indicate if the bot protection feature set is enabled for this server or not.
+          #
+          # @return bot_blocker [Boolean]
+          def bot_blocker
+            @_bot_blocker
+          end
+
+          # set bot_blocker
+          #
+          # @param bot_blocker [Boolean]
+          # @return bot_blocker [Boolean]
+          def bot_blocker= bot_blocker
+            @_bot_blocker = bot_blocker if !!bot_blocker == bot_blocker
+          end
+
+          # The IP addresses for which to disable protection.
+          #
+          # @return ip_allowlist [Array<IpFilter>]
+          #   expires [Integer] The time after which the filter is no longer valid.
+          #   ip      [String] The IP or range of IPs to which this message pertains.
+          #   name    [String] The user defined name of the filter.
+          #   uuid    [String] The identifier of the filter as defined by TeamServer.
+          def ip_allowlist
+            @_ip_allowlist ||= []
+          end
+
+          # set ip_allowlist
+          #
+          # @param allowlist [array<IpFilter>] of IpFilter: {
+          #   expires [Integer] The time after which the filter is no longer valid.
+          #   ip      [String] The IP or range of IPs to which this message pertains.
+          #   name    [String] The user defined name of the filter.
+          #   uuid    [String] The identifier of the filter as defined by TeamServer.
+          # }
+          # @return ip_allowlist [Array<IpFilter>]
+          #   expires [Integer] The time after which the filter is no longer valid.
+          #   ip      [String] The IP or range of IPs to which this message pertains.
+          #   name    [String] The user defined name of the filter.
+          #   uuid    [String] The identifier of the filter as defined by TeamServer.
+          def ip_allowlist= allowlist
+            @_ip_allowlist = allowlist if allowlist.is_a? Array
+          end
+
+          # The IP addresses for which to disable protection.
+          #
+          # @return ip_denylist [Array<IpFilter>]
+          #                     expires [Integer] The time after which the filter is no longer valid.
+          #                     ip      [String] The IP or range of IPs to which this message pertains.
+          #                     name    [String] The user defined name of the filter.
+          #                     uuid    [String] The identifier of the filter as defined by TeamServer.
+          def ip_denylist
+            @_ip_denylist ||= []
+          end
+
+          # set ip_denylist
+          #
+          # @param denylist [array] of IpFilter: {
+          #   expires [Integer] The time after which the filter is no longer valid.
+          #   ip      [String] The IP or range of IPs to which this message pertains.
+          #   name    [String] The user defined name of the filter.
+          #   uuid    [String] The identifier of the filter as defined by TeamServer.
+          # }
+          # @return ip_denylist [Array<IpFilter>]
+          #                     expires [Integer] The time after which the filter is no longer valid.
+          #                     ip      [String] The IP or range of IPs to which this message pertains.
+          #                     name    [String] The user defined name of the filter.
+          #                     uuid    [String] The identifier of the filter as defined by TeamServer.
+          def ip_denylist= denylist
+            @_ip_denylist = denylist if denylist.is_a? Array
+          end
+
+          # All of the apis to add new logging calls to the application at runtime.
+          #
+          # @return log_enchancers [Array<LogEnchancers>]
+          #    api     [String]  The method signature to instrument, as understood by the agent.
+          #    format  [String]  The format of the message to log.
+          #    id      [Integer] The identifier of the enhancer as defined by TeamServer.
+          #    level   [String] The level at which to log this message. Trace as 0 and Error as 4.
+          #                     [ TRACE, DEBUG, INFO, WARN, ERROR ]
+          #    name    [String] The user defined name of the enhancer.
+          #    type    [String] The type of log message to tenerate. Audit as 0, Security as 2.
+          #                     [ AUDIT, ERROR, SECURITY ]
+          def log_enchancers
+            @_log_enchancers ||= []
+          end
+
+          # All of the apis to add new logging calls to the application at runtime.
+          #
+          # @param log_enchancers [Array<LogEnchancers>] of LogEnchancers: {
+          #    api     [String]  The method signature to instrument, as understood by the agent.
+          #    format  [String]  The format of the message to log.
+          #    id      [Integer] The identifier of the enhancer as defined by TeamServer.
+          #    level   [String] The level at which to log this message. Trace as 0 and Error as 4.
+          #                     [ TRACE, DEBUG, INFO, WARN, ERROR ]
+          #    name    [String] The user defined name of the enhancer.
+          #    type    [String] The type of log message to tenerate. Audit as 0, Security as 2.
+          #                     [ AUDIT, ERROR, SECURITY ]
+          # }
+          # @return log_enchancers [Array<LogEnchancers>]
+          #    api     [String]  The method signature to instrument, as understood by the agent.
+          #    format  [String]  The format of the message to log.
+          #    id      [Integer] The identifier of the enhancer as defined by TeamServer.
+          #    level   [String] The level at which to log this message. Trace as 0 and Error as 4.
+          #                     [ TRACE, DEBUG, INFO, WARN, ERROR ]
+          #    name    [String] The user defined name of the enhancer.
+          #    type    [String] The type of log message to tenerate. Audit as 0, Security as 2.
+          #                     [ AUDIT, ERROR, SECURITY ]
+          def log_enchancers= log_enchancers
+            @_log_enchancers = log_enchancers if log_enchancers.is_a? Array
+          end
+
+          # The keywords and patterns required for the input analysis of each rule with that capability.
+          #
+          # @return rule_defenition_list [Array<RuleDefinition>]
+          #   keywords [Array] The words to search for in input that indicate an attack.{
+          #                     caseSensitive [Boolean]
+          #                     id            [String]
+          #                     score         [Integer] The impact of matching this entry; higher meaning more
+          #                                             likely to be an attack
+          #                     value         [String] }
+          #   name   [String] 	AssessRuleID
+          #   patterns [Array] A word or pattern whose presence in an input represents an attack {
+          #                     caseSensitive [Boolean]
+          #                     id            [String]
+          #                    score          [Integer] The impact of matching this entry; higher meaning more
+          #                                            likely to be an attack
+          #                    value          [String] }
+          # }
+          def rule_definition_list
+            @_rule_definition_list ||= []
+          end
+
+          # The keywords and patterns required for the input analysis of each rule with that capability.
+          #
+          # @param list [Array<RuleDefinition>] Array of RuleDefinition: {
+          #   keywords [Array] The words to search for in input that indicate an attack.{
+          #                     caseSensitive [Boolean]
+          #                     id            [String]
+          #                     score         [Integer] The impact of matching this entry; higher meaning more
+          #                                             likely to be an attack
+          #                     value         [String] }
+          #   name   [String] 	AssessRuleID
+          #   patterns [Array] A word or pattern whose presence in an input represents an attack {
+          #                     caseSensitive [Boolean]
+          #                     id            [String]
+          #                    score          [Integer] The impact of matching this entry; higher meaning more
+          #                                            likely to be an attack
+          #                    value          [String] }
+          # }
+          # @return rule_defenition_list [Array<RuleDefinition>]  Array of RuleDefinition: {
+          #   keywords [Array] The words to search for in input that indicate an attack.{
+          #                     caseSensitive [Boolean]
+          #                     id            [String]
+          #                     score         [Integer] The impact of matching this entry; higher meaning more
+          #                                             likely to be an attack
+          #                     value         [String] }
+          #   name   [String] 	AssessRuleID
+          #   patterns [Array] A word or pattern whose presence in an input represents an attack {
+          #                     caseSensitive [Boolean]
+          #                     id            [String]
+          #                    score          [Integer] The impact of matching this entry; higher meaning more
+          #                                            likely to be an attack
+          #                    value          [String] }
+          # }
+          def rule_definition_list= list
+            @_rule_definition_list = list.is_a? Array
+          end
+
+          # Controls for the syslogging feature in the agent.
+          #
+          # @return syslog [Hash<logsSettings>]
+          #   syslogConnectionType    [String]
+          #   syslogEnabled           [Integer]
+          #   syslogFacilityCode      [Integer]
+          #   syslogIpAddress         [String]
+          #   syslogPortNumber        [Integer]
+          #   syslogProtocol          [String]
+          #   syslogSeverityExploited [String]
+          #   syslogSeverityProbed    [String]
+          #   syslogSeveritySuspicous [String]
+          def syslog
+            @_syslog ||= {}
+          end
+
+          # Controls for the syslogging feature in the agent.
+          #
+          # @param log [Hash<logsSettings>] {
+          #   syslogConnectionType    [String]
+          #   syslogEnabled           [Integer]
+          #   syslogFacilityCode      [Integer]
+          #   syslogIpAddress         [String]
+          #   syslogPortNumber        [Integer]
+          #   syslogProtocol          [String]
+          #   syslogSeverityExploited [String]
+          #   syslogSeverityProbed    [String]
+          #   syslogSeveritySuspicous [String]
+          # }
+          # @return syslog [Hash<logsSettings>]
+          #   syslogConnectionType    [String]
+          #   syslogEnabled           [Integer]
+          #   syslogFacilityCode      [Integer]
+          #   syslogIpAddress         [String]
+          #   syslogPortNumber        [Integer]
+          #   syslogProtocol          [String]
+          #   syslogSeverityExploited [String]
+          #   syslogSeverityProbed    [String]
+          #   syslogSeveritySuspicous [String]
+          def syslog= log
+            @_syslog = log if log.is_a? Hash
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/reaction.rb

@@ -0,0 +1,30 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      module Settings
+        # Reaction the agent should take based on a state in TS.
+        class Reaction
+          attr_accessor :level, :operation, :message
+
+          # used to check the parameters and also before reactions settings update
+          LEVELS = %w[ERROR WARN INFO DEBUG TRACE].cs__freeze
+          OPERATIONS = %w[NOOP DISABLE].cs__freeze
+
+          # Reaction the agent should take based on a state in TS.
+          #
+          # @param level [String] The level at which the agent should log this reaction[ERROR, WARN, INFO, DEBUG, TRACE]
+          # @param message [String] A message to log when receiving this reaction.
+          # @param operation [String] What to do in response to this reaction.[NOOP, DISABLE]
+          def initialize level, operation, message
+            @level = level if LEVELS.include? level
+            @operation = operation if OPERATIONS.include? operation
+            @message = message if message.is_a? String
+          end
+        end
+      end
+    end
+  end
+end