contrast-agent 4.8.0 → 4.11.0

data/lib/contrast/agent/patching/policy/patcher.rb

@@ -7,7 +7,8 @@ require 'monitor'
 require 'contrast/agent/patching/policy/patch_status'
 require 'contrast/agent/patching/policy/method_policy'
 require 'contrast/agent/patching/policy/module_policy'
-require 'contrast/components/interface'
+require 'contrast/components/logger'
+require 'contrast/components/scope'
 require 'contrast/utils/class_util'
 
 # assess
@@ -43,9 +44,8 @@ module Contrast
         # and how.
         module Patcher
           extend Contrast::Agent::Patching::Policy::AfterLoadPatcher
-
-          include Contrast::Components::Interface
-          access_component :agent, :analysis, :logging, :scope
+          extend Contrast::Components::Logger::InstanceMethods
+          extend Contrast::Components::Scope::InstanceMethods
 
           class << self
             # Hook to install the Contrast changes needed to allow for the
@@ -54,7 +54,8 @@ module Contrast
             def patch
               catchup_after_load_patches
               catchup_loaded_methods
-              Contrast::Agent::Assess::Policy::RewriterPatch.rewrite_interpolations if RUBY_VERSION < '2.6.0' # TODO: RUBY-714 remove guard w/ EOL of 2.5
+              # TODO: RUBY-714 remove guard w/ EOL of 2.5
+              Contrast::Agent::Assess::Policy::RewriterPatch.rewrite_interpolations if RUBY_VERSION < '2.6.0'
             end
 
             # Hook to only monkeypatch Contrast. This will not trigger any
@@ -82,11 +83,11 @@ module Contrast
               with_contrast_scope do
                 mod_name = mod.cs__name
                 return unless Contrast::Utils::ClassUtil.truly_defined?(mod_name)
-                return if AGENT.skip_instrumentation?(mod_name)
+                return if ::Contrast::AGENT.skip_instrumentation?(mod_name)
 
                 load_patches_for_module(mod_name)
 
-                return unless all_module_names.any?(mod_name)
+                return if all_module_names.none?(mod_name)
 
                 module_data = Contrast::Agent::ModuleData.new(mod, mod_name)
                 patch_into_module(module_data)
@@ -156,7 +157,7 @@ module Contrast
               logger.trace_with_time('Running patching') do
                 patched = []
                 all_module_names.each do |patchable_name|
-                  next if AGENT.skip_instrumentation?(patchable_name)
+                  next if ::Contrast::AGENT.skip_instrumentation?(patchable_name)
 
                   patchable_mod = patchable(patchable_name)
                   next unless patchable_mod
@@ -176,12 +177,13 @@ module Contrast
             # @param redo_patch [Boolean] a trigger to force patching regardless of the state of the
             #   Contrast::Agent::Patching::Policy::PatchStatus status on the Module
             def patch_into_module module_data, redo_patch = false
-              status = status_type.get_status(module_data.mod)
+              status = Contrast::Agent::Patching::Policy::PatchStatus.get_status(module_data.mod)
               return if (status&.patched? || status&.patching?) && !redo_patch
 
               # Begin patching our sources into the given module. Any patcher that has the name of the module will be
               # evaluated for patching. Find all the patchers that apply to this class, sorted by type.
               module_policy = Contrast::Agent::Patching::Policy::ModulePolicy.create_module_policy(module_data.mod_name)
+
               # If there's nothing to match, then set that status and exit
               if module_policy.empty?
                 status.no_patch!
@@ -191,8 +193,8 @@ module Contrast
               status.patching!
               num_applied_patches = patch_into_instance_methods(module_data, module_policy)
               num_applied_patches += patch_into_singleton_methods(module_data, module_policy)
-              if adjust_for_prepend(module_data) || module_policy.num_expected_patches == num_applied_patches
 
+              if adjust_for_prepend(module_data) || module_policy.num_expected_patches == num_applied_patches
                 status.patched!
               else
                 status.partial_patch!
@@ -258,8 +260,7 @@ module Contrast
               patch_into_methods(mod, methods, module_policy, false)
             end
 
-            # We've found the patchers that apply to this class (or module). Now we'll
-            # filter on the given method.
+            # We've found the patchers that apply to this class (or module). Now we'll filter on the given method.
             #
             # @param mod [Module] The module from which to retrieve instance methods.
             # @param methods [Array<Symbol>] The names of all the methods in in this module
@@ -276,8 +277,7 @@ module Contrast
                                                                                                     is_instance_method)
                 next if method_policy.empty?
 
-                patched = patch_method(mod, methods, method_policy)
-                count += 1 if patched
+                count += 1 if patch_method(mod, methods, method_policy)
               end
               count
             end

data/lib/contrast/agent/patching/policy/policy.rb

@@ -5,7 +5,7 @@ require 'json'
 require 'singleton'
 
 require 'contrast'
-require 'contrast/components/interface'
+require 'contrast/components/logger'
 require 'contrast/agent/patching/policy/module_policy'
 require 'contrast/agent/patching/policy/method_policy'
 
@@ -19,7 +19,7 @@ module Contrast
         # @abstract
         class Policy
           include Singleton
-          include Contrast::Components::Interface
+          include Contrast::Components::Logger::InstanceMethods
 
           # Indicates the folder in `resources` where this policy lives.
           def self.policy_folder
@@ -36,8 +36,6 @@ module Contrast
             raise(NoMethodError, 'specify the concrete node type for this poilcy')
           end
 
-          access_component :analysis, :logging
-
           attr_reader :sources, :propagators, :triggers, :providers
 
           SOURCES_KEY =          'sources'

data/lib/contrast/agent/patching/policy/policy_node.rb

@@ -1,7 +1,7 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/components/interface'
+require 'contrast/components/scope'
 
 module Contrast
   module Agent
@@ -12,8 +12,7 @@ module Contrast
         #
         # @abstract
         class PolicyNode
-          include Contrast::Components::Interface
-          access_component :analysis, :scope
+          include Contrast::Components::Scope::InstanceMethods
 
           attr_accessor :class_name, :instance_method, :method_name, :method_visibility
           attr_reader :properties, :method_scope

data/lib/contrast/agent/protect/policy/applies_no_sqli_rule.rb

@@ -14,7 +14,7 @@ module Contrast
         # infilter methods of the rule should be invoked.
         module AppliesNoSqliRule
           extend Contrast::Agent::Protect::Policy::RuleApplicator
-
+          DATABASE_NOSQL = 'MongoDB'
           class << self
             def invoke method, _exception, properties, _object, args
               return unless valid_input?(args)

data/lib/contrast/agent/protect/policy/policy.rb

@@ -24,7 +24,7 @@ module Contrast
           end
 
           def disabled_globally?
-            PROTECT.forcibly_disabled?
+            ::Contrast::PROTECT.forcibly_disabled?
           end
 
           def node_type

data/lib/contrast/agent/protect/policy/rule_applicator.rb

@@ -1,7 +1,7 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/components/interface'
+require 'contrast/components/logger'
 
 module Contrast
   module Agent
@@ -11,9 +11,7 @@ module Contrast
         # form of the Applicator, which will override specific implementations
         # in order to properly invoke its Rule.
         module RuleApplicator
-          include Contrast::Components::Interface
-
-          access_component :analysis, :logging
+          include Contrast::Components::Logger::InstanceMethods
 
           # Calls the actual invocation for this applicator, if required. Will
           # attempt to transform the data as required prior to invocation and
@@ -82,7 +80,7 @@ module Contrast
           #
           # @return [Contrast::Agent::Protect::Rule::Base]
           def rule
-            PROTECT.rule rule_name
+            ::Contrast::PROTECT.rule rule_name
           end
 
           # Should we skip analysis for this rule for this method invocation?

data/lib/contrast/agent/protect/rule/base.rb

@@ -1,7 +1,8 @@
 # Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/components/interface'
+require 'contrast/components/logger'
+require 'contrast/components/scope'
 
 module Contrast
   module Agent
@@ -12,9 +13,8 @@ module Contrast
         #
         # @abstract Subclass and override {#prefilter}, {#infilter}, {#find_attacker}, {#postfilter} to implement
         class Base
-          include Contrast::Components::Interface
-
-          access_component :agent, :analysis, :logging, :scope, :settings
+          include Contrast::Components::Logger::InstanceMethods
+          include Contrast::Components::Scope::InstanceMethods
 
           UNKNOWN_USER_INPUT = Contrast::Api::Dtm::UserInput.new.tap do |user_input|
             user_input.input_type = :UNKNOWN
@@ -37,7 +37,7 @@ module Contrast
           attr_reader :mode
 
           def initialize
-            PROTECT.rules[rule_name] = self
+            ::Contrast::PROTECT.rules[rule_name] = self
             @mode = mode_from_settings
           end
 
@@ -48,11 +48,11 @@ module Contrast
 
           def enabled?
             # 1. it is not enabled because protect is not enabled
-            return false unless AGENT.enabled?
-            return false unless PROTECT.enabled?
+            return false unless ::Contrast::AGENT.enabled?
+            return false unless ::Contrast::PROTECT.enabled?
 
             # 2. it is not enabled because it is in the list of disabled protect rules
-            return false if PROTECT.rule_config&.disabled_rules&.include?(rule_name)
+            return false if ::Contrast::PROTECT.rule_config&.disabled_rules&.include?(rule_name)
 
             # 3. it is enabled so long as its mode is not NO_ACTION
             @mode != Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION
@@ -176,7 +176,7 @@ module Contrast
           protected
 
           def mode_from_settings
-            PROTECT.rule_mode(rule_name).tap do |mode|
+            ::Contrast::PROTECT.rule_mode(rule_name).tap do |mode|
               logger.trace('Retrieving rule mode', rule: rule_name, mode: mode)
             end
           end
@@ -191,7 +191,7 @@ module Contrast
           # @return [Boolean] if an exclusion was applicable to this request
           #   for this rule
           def protect_excluded_by_code?
-            exclusions = SETTINGS.code_exclusions
+            exclusions = ::Contrast::SETTINGS.code_exclusions
             return false unless exclusions
 
             for_rule = exclusions.select { |ex| ex.protection_rule?(rule_name) }

data/lib/contrast/agent/protect/rule/cmd_injection.rb

@@ -4,7 +4,7 @@
 require 'contrast/agent/protect/rule/base_service'
 require 'contrast/utils/stack_trace_utils'
 require 'contrast/utils/object_share'
-require 'contrast/components/interface'
+require 'contrast/components/logger'
 
 module Contrast
   module Agent
@@ -12,8 +12,7 @@ module Contrast
       module Rule
         # The Ruby implementation of the Protect Command Injection rule.
         class CmdInjection < Contrast::Agent::Protect::Rule::BaseService
-          include Contrast::Components::Interface
-          access_component :app_context, :logging
+          include Contrast::Components::Logger::InstanceMethods
 
           NAME = 'cmd-injection'
           CHAINED_COMMAND_CHARS = /[;&|<>]/.cs__freeze
@@ -28,7 +27,7 @@ module Contrast
             ia_results = gather_ia_results(context)
             return if ia_results.empty?
 
-            if APP_CONTEXT.in_new_process?
+            if ::Contrast::APP_CONTEXT.in_new_process?
               logger.trace('Running cmd-injection infilter within new process - creating new context')
               context = Contrast::Agent::RequestContext.new(context.request.rack_request)
               Contrast::Agent::REQUEST_TRACKER.update_current_context(context)
@@ -124,7 +123,7 @@ module Contrast
           # @return [Boolean] if the agent should report all command
           #   executions.
           def report_any_command_execution?
-            PROTECT.report_any_command_execution?
+            ::Contrast::PROTECT.report_any_command_execution?
           end
         end
       end

data/lib/contrast/agent/protect/rule/no_sqli.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base_service'
+require 'contrast/agent/protect/rule/sql_sample_builder'
 
 module Contrast
   module Agent
@@ -9,6 +10,12 @@ module Contrast
       module Rule
         # The Ruby implementation of the Protect NoSQL Injection rule.
         class NoSqli < Contrast::Agent::Protect::Rule::BaseService
+          # Generate a sample for the No-SQL injection detection rule, allowing for reporting to and rendering
+          # by TeamServer
+          include SqlSampleBuilder::NoSqliSample
+          # Defining build_attack_with_match method
+          include SqlSampleBuilder::AttackBuilder
+
           NAME = 'nosql-injection'
           BLOCK_MESSAGE = 'NoSQLi rule triggered. Response blocked.'
 
@@ -31,40 +38,6 @@ module Contrast
             raise Contrast::SecurityException.new(self, BLOCK_MESSAGE) if blocked?
           end
 
-          def build_attack_with_match context, input_analysis_result, result, query_string, **kwargs
-            if mode == Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION ||
-                  mode == Contrast::Api::Settings::ProtectionRule::Mode::PERMIT
-
-              return result
-            end
-
-            attack_string = input_analysis_result.value
-            regexp = Regexp.new(Regexp.escape(attack_string), Regexp::IGNORECASE)
-            return unless query_string.match?(regexp)
-
-            scanner = select_scanner
-            ss = StringScanner.new(query_string)
-            length = attack_string.length
-            while ss.scan_until(regexp)
-              # the pos of StringScanner is at the end of the regexp (input string),
-              # we need the beginning
-              idx = ss.pos - attack_string.length
-              last_boundary, boundary = scanner.crosses_boundary(query_string, idx, input_analysis_result.value)
-              next unless last_boundary && boundary
-
-              kwargs[:start_idx] = idx
-              kwargs[:end_idx] = idx + length
-              kwargs[:boundary_overrun_idx] = boundary
-              kwargs[:input_boundary_idx] = last_boundary
-
-              result ||= build_attack_result(context)
-              update_successful_attack_response(context, input_analysis_result, result, query_string)
-              append_sample(context, input_analysis_result, result, query_string, **kwargs)
-            end
-
-            result
-          end
-
           protected
 
           def find_attacker context, potential_attack_string, **kwargs
@@ -79,25 +52,6 @@ module Contrast
             end
             super(context, potential_attack_string, **kwargs)
           end
-
-          def build_sample context, input_analysis_result, candidate_string, **kwargs
-            input = input_analysis_result.value
-
-            sample = build_base_sample(context, input_analysis_result)
-            sample.no_sqli = Contrast::Api::Dtm::NoSqlInjectionDetails.new
-            sample.no_sqli.query = Contrast::Utils::StringUtils.protobuf_safe_string(candidate_string)
-            sample.no_sqli.start_idx = sample.no_sqli.query.index(input).to_i
-            sample.no_sqli.boundary_overrun_idx = sample.no_sqli.start_idx + input.length
-            sample.no_sqli.input_boundary_idx = kwargs[:boundary].to_i
-            sample.no_sqli.input_boundary_idx = kwargs[:last_boundary].to_i
-            sample
-          end
-
-          private
-
-          def select_scanner
-            @_select_scanner ||= Contrast::Agent::Protect::Rule::NoSqli::MongoNoSqlScanner.new
-          end
         end
       end
     end

data/lib/contrast/agent/protect/rule/path_traversal.rb

@@ -2,7 +2,6 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base_service'
-require 'contrast/components/interface'
 require 'contrast/utils/stack_trace_utils'
 
 module Contrast
@@ -12,9 +11,6 @@ module Contrast
         # This class handles our implementation of the Path Traversal
         # Protect rule.
         class PathTraversal < Contrast::Agent::Protect::Rule::BaseService
-          include Contrast::Components::Interface
-          access_component :agent, :analysis
-
           NAME = 'path-traversal'
           SYSTEM_PATHS = %w[
             /proc/self
@@ -96,7 +92,7 @@ module Contrast
           end
 
           def custom_code_access_sysfile_enabled?
-            PROTECT.report_custom_code_sysfile_access?
+            ::Contrast::PROTECT.report_custom_code_sysfile_access?
           end
 
           def custom_code_accessing_system_file? input

data/lib/contrast/agent/protect/rule/sql_sample_builder.rb

@@ -0,0 +1,137 @@
+# Copyright (c) 2021 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/protect/rule/base'
+require 'contrast/agent/protect/rule/base_service'
+
+module Contrast
+  module Agent
+    module Protect
+      module Rule
+        module SqlSampleBuilder
+          # Generate a sample for the SQL injection detection rule, allowing for reporting to and rendering
+          # by TeamServer
+          #
+          # @param context [Contrast::Agent::RequestContext] the context for the current request
+          # @param input_analysis_result [Contrast::Api::Dtm::AttackResult, nil] previous attack result for this rule,
+          #   if one exists, in the case of multiple inputs being found to violate the protection criteria
+          # @candidate_string [String] the value of the input which may be an attack
+          # @kwargs [Hash] key - value pairs of context individual rules need to build out details
+          #   to send to the Service to tell the story of the attack
+          # @return [Contrast::Api::Dtm::RaspRuleSample] the sample from this attack
+          module SqliSample
+            def build_sample context, input_analysis_result, candidate_string, **kwargs
+              sqli_sample = build_base_sample(context, input_analysis_result)
+              sqli_sample.sqli = Contrast::Api::Dtm::SqlInjectionDetails.new
+              sqli_sample.sqli.query = Contrast::Utils::StringUtils.protobuf_safe_string(candidate_string)
+              sqli_sample.sqli.start_idx = kwargs[:start_idx]
+              sqli_sample.sqli.end_idx = kwargs[:end_idx]
+              sqli_sample.sqli.boundary_overrun_idx = kwargs[:boundary_overrun_idx].to_i
+              sqli_sample.sqli.input_boundary_idx = kwargs[:input_boundary_idx].to_i
+              sqli_sample
+            end
+          end
+
+          # Generate a sample for the No-SQL injection detection rule, allowing for reporting to and rendering
+          # by TeamServer
+          #
+          # @param context [Contrast::Agent::RequestContext] the context for the current request
+          # @param input_analysis_result [Contrast::Api::Dtm::AttackResult, nil] previous attack result for this rule,
+          #   if one exists, in the case of multiple inputs being found to violate the protection criteria
+          # @candidate_string [String] the value of the input which may be an attack
+          # @kwargs [Hash] key - value pairs of context individual rules need to build out details
+          #   to send to the Service to tell the story of the attack
+          # @return [Contrast::Api::Dtm::RaspRuleSample] the sample from this attack
+          module NoSqliSample
+            def build_sample context, input_analysis_result, candidate_string, **kwargs
+              no_sqli_sample = build_base_sample(context, input_analysis_result)
+              no_sqli_sample.no_sqli = Contrast::Api::Dtm::NoSqlInjectionDetails.new
+              no_sqli_sample.no_sqli.query = Contrast::Utils::StringUtils.protobuf_safe_string(candidate_string)
+              no_sqli_sample.no_sqli.start_idx = kwargs[:start_idx].to_i
+              no_sqli_sample.no_sqli.end_idx = kwargs[:end_idx].to_i
+              no_sqli_sample.no_sqli.boundary_overrun_idx = kwargs[:boundary_overrun_idx].to_i
+              no_sqli_sample.no_sqli.input_boundary_idx = kwargs[:input_boundary_idx].to_i
+              no_sqli_sample
+            end
+          end
+
+          # This Module is how we apply the attack fo NoSQL and SQL Injection rule.
+          # It includes methods for building attack with match and database scanners
+          module AttackBuilder
+            # Set up an attack result and assigns Database scanner for the No-SQL and SQLI injection detection rules
+            #
+            # @param context [Contrast::Agent::RequestContext] the context for the current request
+            # @param input_analysis_result [Contrast::Api::Dtm::AttackResult, nil] previous attack result for this rule,
+            #   if one exists, in the case of multiple inputs being found to violate the protection criteria
+            # @param result [Contrast::Api::Dtm::AttackResult, nil] previous attack result for this rule, if one exists,
+            #   in the case of multiple inputs being found to violate the protection criteria
+            # @query_string [string] he value of the input which may be an attack
+            # @kwargs [Hash] key - value pairs of context individual rules need to build out details to send
+            #   to the Service to tell the story of the attack
+            # @return [Contrast::Api::Dtm::AttackResult] the result from this attack
+            def build_attack_with_match context, input_analysis_result, result, query_string, **kwargs
+              if mode == Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION ||
+                    mode == Contrast::Api::Settings::ProtectionRule::Mode::PERMIT
+
+                return result
+              end
+
+              attack_string = input_analysis_result.value
+              regexp = Regexp.new(Regexp.escape(attack_string), Regexp::IGNORECASE)
+
+              return unless query_string.match?(regexp)
+
+              database = kwargs[:database]
+              scanner = select_scanner(database)
+              ss = StringScanner.new(query_string)
+              length = attack_string.length
+              while ss.scan_until(regexp)
+                # the pos of StringScanner is at the end of the regexp (input string),
+                # we need the beginning
+                idx = ss.pos - attack_string.length
+                last_boundary, boundary = scanner.crosses_boundary(query_string, idx, input_analysis_result.value)
+                next unless last_boundary && boundary
+
+                result ||= build_attack_result(context)
+
+                record_match(idx, length, boundary, last_boundary, kwargs)
+                append_match(context, input_analysis_result, result, query_string, **kwargs)
+              end
+
+              result
+            end
+
+            def select_scanner database
+              @scanners ||= {
+                  Contrast::Agent::Protect::Policy::AppliesSqliRule::DATABASE_MYSQL =>
+                  Contrast::Agent::Protect::Rule::Sqli::MysqlSqlScanner.new,
+                  Contrast::Agent::Protect::Policy::AppliesSqliRule::DATABASE_PG =>
+                  Contrast::Agent::Protect::Rule::Sqli::PostgresSqlScanner.new,
+                  Contrast::Agent::Protect::Policy::AppliesSqliRule::DATABASE_SQLITE =>
+                  Contrast::Agent::Protect::Rule::Sqli::SqliteSqlScanner.new,
+                  Contrast::Agent::Protect::Policy::AppliesNoSqliRule::DATABASE_NOSQL =>
+                  Contrast::Agent::Protect::Rule::NoSqli::MongoNoSqlScanner.new
+              }.cs__freeze
+
+              @default_scanner ||= Contrast::Agent::Protect::Rule::Sqli::DefaultSqlScanner.new
+              @scanners[database.to_s] || @default_scanner
+            end
+
+            def record_match idx, length, boundary, last_boundary, kwargs
+              kwargs[:start_idx] = idx
+              kwargs[:end_idx] = idx + length
+              kwargs[:boundary_overrun_idx] = boundary
+              kwargs[:input_boundary_idx] = last_boundary
+            end
+
+            def append_match context, input_analysis_result, result, query_string, **kwargs
+              input_analysis_result.attack_count = input_analysis_result.attack_count + 1
+              update_successful_attack_response(context, input_analysis_result, result, query_string)
+              append_sample(context, input_analysis_result, result, query_string, **kwargs)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/protect/rule/sqli.rb

@@ -3,6 +3,7 @@
 
 require 'contrast/agent/protect/rule/base_service'
 require 'contrast/agent/protect/policy/applies_sqli_rule'
+require 'contrast/agent/protect/rule/sql_sample_builder'
 
 module Contrast
   module Agent
@@ -10,6 +11,12 @@ module Contrast
       module Rule
         # The Ruby implementation of the Protect SQL Injection rule.
         class Sqli < Contrast::Agent::Protect::Rule::BaseService
+          # Generate a sample for the SQLI injection detection rule, allowing for reporting to and rendering
+          # by TeamServer
+          include SqlSampleBuilder::SqliSample
+          # Defining build_attack_with_match method
+          include SqlSampleBuilder::AttackBuilder
+
           NAME = 'sql-injection'
           BLOCK_MESSAGE = 'SQLi rule triggered. Response blocked.'
 
@@ -31,76 +38,6 @@ module Contrast
 
             raise Contrast::SecurityException.new(self, BLOCK_MESSAGE) if blocked?
           end
-
-          def build_attack_with_match context, input_analysis_result, result, query_string, **kwargs
-            attack_string = input_analysis_result.value
-            regexp = Regexp.new(Regexp.escape(attack_string), Regexp::IGNORECASE)
-
-            return unless query_string.match?(regexp)
-
-            database = kwargs[:database]
-            scanner = select_scanner(database)
-
-            ss = StringScanner.new(query_string)
-            length = attack_string.length
-            while ss.scan_until(regexp)
-              # the pos of StringScanner is at the end of the regexp (input string),
-              # we need the beginning
-              idx = ss.pos - attack_string.length
-              last_boundary, boundary = scanner.crosses_boundary(query_string, idx, input_analysis_result.value)
-              next unless last_boundary && boundary
-
-              result ||= build_attack_result(context)
-              record_match(idx, length, boundary, last_boundary, kwargs)
-              append_match(context, input_analysis_result, result, query_string, **kwargs)
-            end
-
-            result
-          end
-
-          protected
-
-          def build_sample context, input_analysis_result, candidate_string, **kwargs
-            input = input_analysis_result.value
-
-            sample = build_base_sample(context, input_analysis_result)
-            sample.sqli = Contrast::Api::Dtm::SqlInjectionDetails.new
-            sample.sqli.query = Contrast::Utils::StringUtils.protobuf_safe_string(candidate_string)
-            sample.sqli.start_idx = sample.sqli.query.index(input).to_i
-            sample.sqli.end_idx = sample.sqli.start_idx + input.length
-            sample.sqli.boundary_overrun_idx = kwargs[:boundary_overrun_idx].to_i
-            sample.sqli.input_boundary_idx = kwargs[:input_boundary_idx].to_i
-            sample
-          end
-
-          private
-
-          def record_match idx, length, boundary, last_boundary, kwargs
-            kwargs[:start_idx] = idx
-            kwargs[:end_idx] = idx + length
-            kwargs[:boundary_overrun_idx] = boundary
-            kwargs[:input_boundary_idx] = last_boundary
-          end
-
-          def append_match context, input_analysis_result, result, query_string, **kwargs
-            input_analysis_result.attack_count = input_analysis_result.attack_count + 1
-            update_successful_attack_response(context, input_analysis_result, result, query_string)
-            append_sample(context, input_analysis_result, result, query_string, **kwargs)
-          end
-
-          def select_scanner database
-            @sql_scanners ||= {
-                Contrast::Agent::Protect::Policy::AppliesSqliRule::DATABASE_MYSQL =>
-                    Contrast::Agent::Protect::Rule::Sqli::MysqlSqlScanner.new,
-                Contrast::Agent::Protect::Policy::AppliesSqliRule::DATABASE_PG =>
-                    Contrast::Agent::Protect::Rule::Sqli::PostgresSqlScanner.new,
-                Contrast::Agent::Protect::Policy::AppliesSqliRule::DATABASE_SQLITE =>
-                    Contrast::Agent::Protect::Rule::Sqli::SqliteSqlScanner.new
-            }.cs__freeze
-
-            @default_sql_scanner ||= Contrast::Agent::Protect::Rule::Sqli::DefaultSqlScanner.new
-            @sql_scanners[database.to_s] || @default_sql_scanner
-          end
         end
       end
     end

data/lib/contrast/agent/reaction_processor.rb

@@ -2,16 +2,15 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/disable_reaction'
-require 'contrast/components/interface'
+require 'contrast/components/logger'
 
 module Contrast
   module Agent
     # Because communication between the Agent/Service and TeamServer can only be initiated by outbound connections
     # from the Agent/Service, we must provide a mechanism for the TeamServer to direct the Agent to take a specific
     # action. This action is referred to as a Reaction. This class is how we handle those Reaction messages.
-    class ReactionProcessor
-      include Contrast::Components::Interface
-      access_component :logging
+    module ReactionProcessor
+      extend Contrast::Components::Logger::InstanceMethods
 
       # Process the given Reactions from the application settings based on what
       # TeamServer has indicated. Each Reaction will result in a log message