contrast-agent 5.1.0 → 5.2.0

data/lib/contrast/agent/reporting/reporting_events/finding.rb

@@ -16,28 +16,42 @@ module Contrast
       # relay this information in the Finding/Trace messages. These findings are used by TeamServer to construct the
       # vulnerability information for the assess feature. They represent those parts of the application, either through
       # configuration, method invocation, or dataflow, which are determined to be insecure.
-      #
-      # @attr_accessor events [Array<Contrast::Agent::Assess::ContrastEvent>] if a dataflow based finding, the
-      #   representation of those method calls which constitute a dangerous code path.
-      # @attr_accessor properties [Hash<String,String>] a set of values that TeamServer can use to provide more context
-      #   to the user when rendering the finding. For some findings, a specific set of keys and values are required.
-      # @attr_accessor request [Contrast::Agent::Request, nil] the request, if any, in which this finding occurred
-      # @attr_accessor hash_code [String] the unique identifier of this finding.
-      # @attr_reader rule_id [String] the name of the rule violated; must match those in TeamServer.
       class Finding < Contrast::Agent::Reporting::ReportingEvent
-        attr_reader :rule_id, :routes, :events, :properties, :request
+        include Contrast::Components::Logger::InstanceMethods
+
+        # @return [Integer] the time, in ms, that this object was initialized
+        attr_reader :created
+        # @return [String] the ID of the rule associated with this finding
+        attr_reader :rule_id
+        # @return [Array<Contrast::Agent::Reporting::RouteDiscovery>] the routes associated with this finding, if the
+        #   finding is request based.
+        attr_reader :routes
+        # @return [Array<Contrast::Agent::Reporting::FindingEvent>] the events associated with this finding, if the
+        #   finding is event (dataflow) based.
+        attr_reader :events
+        # @return [String] the evidence associated with this finding, if the finding is event based. deprecated in
+        #   favor of properties
+        # attr_reader :evidence
+        # @return [Hash<String,String>] properties that prove the violation of the rule for this finding
+        attr_reader :properties
+        # @return [Contrast::Agent::Reporting::FindingRequest] the request associated with this finding, if the finding
+        #   is request based
+        attr_reader :request
+        # @return [String] the uniquely identifying hash of this finding
         attr_accessor :hash_code
 
+        CONFIGURATION_RULES = %w[rails-http-only-disabled secure-flag-missing session-timeout].cs__freeze
+        HARDCODED_RULES = %w[hardcoded-key hardcoded-password].cs__freeze
         PROPERTIES_RULES = %w[
           autocomplete-missing
           cache-controls-missing
           clickjacking-control-missing
-          xcontenttype-header-missing
-          hsts-header-missing
-          xxssprotection-header-disabled
           csp-header-missing
           csp-header-insecure
+          hsts-header-missing
           parameter-pollution
+          xcontenttype-header-missing
+          xxssprotection-header-disabled
         ].cs__freeze
 
         class << self
@@ -57,6 +71,7 @@ module Contrast
           @routes = []
           @rule_id = Contrast::Utils::StringUtils.truncate(rule_id)
           @properties = {}
+          @created = Contrast::Utils::Timer.now_ms
           super()
         end
 
@@ -76,15 +91,16 @@ module Contrast
         # @param request [Contrast::Agent::Request]
         # @param args [Array<Object>] the Arguments with which the method was invoked
         def attach_data trigger_node, source, object, ret, request, *args
+          event_messages = Contrast::Agent::Reporting::FindingEvent.from_source(source)
+          events.concat(event_messages) if event_messages&.any?
           event_data = Contrast::Agent::Assess::Events::EventData.new(trigger_node, source, object, ret, args)
-          event_msgs = Contrast::Agent::Reporting::FindingEvent.from_source(source)
-          events.concat(event_msgs) if event_msgs
-          if request
-            @request = Contrast::Agent::Reporting::FindingRequest.convert(request)
-            @routes << Contrast::Agent::Reporting::RouteDiscovery.convert(request&.route)
-          end
-          events << Contrast::Agent::Assess::ContrastEvent.new(event_data)
+          contrast_event = Contrast::Agent::Assess::ContrastEvent.new(event_data)
+          events << Contrast::Agent::Reporting::FindingEvent.convert(contrast_event)
           attach_properties
+          return unless request
+
+          @request = Contrast::Agent::Reporting::FindingRequest.convert(request)
+          @routes << Contrast::Agent::Reporting::RouteDiscovery.convert(request.route)
         end
 
         # Attach the data from a Contrast::Api::Dtm::Finding required for property based findings generated during
@@ -92,7 +108,6 @@ module Contrast
         #
         # @param finding_dtm [Contrast::Api::Dtm::Finding]
         def attach_property_data finding_dtm
-          @created = Contrast::Utils::Timer.now_ms
           @hash_code = finding_dtm.hash_code
           @rule_id = finding_dtm.rule_id
           finding_dtm.properties.each_pair do |key, value|
@@ -101,7 +116,7 @@ module Contrast
           finding_dtm.routes.each do |route|
             @routes << Contrast::Agent::Reporting::RouteDiscovery.convert(route)
           end
-          request = Contrast::Agent::REQUEST_TRACKER.current&.activity&.http_request
+          request = Contrast::Agent::REQUEST_TRACKER.current&.request
           @request = Contrast::Agent::Reporting::FindingRequest.convert(request) if request
         end
 
@@ -113,20 +128,20 @@ module Contrast
         def to_controlled_hash
           validate
           hsh = {
-              created: @created,
-              hash: hash_code,
-              ruleId: @rule_id,
-              session_id: @agent_session_id_value,
+              created: created,
+              hash: hash_code.to_s,
+              ruleId: rule_id,
+              session_id: @agent_session_id_value.to_s,
               version: 4
           }
-          hsh[:events] = events if event_based?
-          hsh[:evidence] = @evidence unless event_based? || property_based?
+          hsh[:events] = events.map(&:to_controlled_hash) if event_based?
+          # hsh[:evidence] = evidence unless event_based? || property_based?
           hsh[:properties] = properties if property_based?
           hsh[:tags] = Contrast::ASSESS.tags if Contrast::ASSESS.tags
-          if request_based?
-            hsh[:request] = request
-            hsh[:routes] = routes
-          end
+          return hsh unless request_based?
+
+          hsh[:request] = request.to_controlled_hash
+          hsh[:routes] = routes.map(&:to_controlled_hash)
           hsh
         end
 
@@ -135,14 +150,14 @@ module Contrast
           raise(ArgumentError, "#{ self } did not have a proper rule. Unable to continue.") unless @rule_id
 
           if event_based? && events.empty?
-            raise(ArgumentError, "#{ self } did not have proper events. Unable to continue.")
+            raise(ArgumentError, "#{ self } did not have proper events for #{ @rule_id }. Unable to continue.")
           end
           if property_based? && properties.empty?
-            raise(ArgumentError, "#{ self } did not have proper properties. Unable to continue.")
+            raise(ArgumentError, "#{ self } did not have proper properties for #{ @rule_id }. Unable to continue.")
           end
           return unless request_based? && request.nil?
 
-          raise(ArgumentError, "#{ self } did not have a proper request. Unable to continue.")
+          raise(ArgumentError, "#{ self } did not have a proper request for #{ @rule_id }. Unable to continue.")
         end
 
         private
@@ -169,7 +184,7 @@ module Contrast
         #
         # @return [Boolean]
         def event_based?
-          !property_based?
+          !property_based? && !config_based?
         end
 
         # Rules which are property based must have a property to be sent to TeamServer. Eventually, each rule may own
@@ -181,13 +196,31 @@ module Contrast
           PROPERTIES_RULES.include?(@rule_id)
         end
 
+        # Rules which are config based must have a configuration to be sent to TeamServer. Eventually, each rule may own
+        # its own validation, as the properties each needs are different; however, that's a refactor for after we've
+        # translated all rules from the Service and have had time to build proper child structure.
+        #
+        # @return [Boolean]
+        def config_based?
+          CONFIGURATION_RULES.include?(@rule_id)
+        end
+
+        # Rules which are hardcode based send properties to TeamServer. Eventually, each rule may own its own
+        # validation, as the properties each needs are different; however, that's a refactor for after we've
+        # translated all rules from the Service and have had time to build proper child structure.
+        #
+        # @return [Boolean]
+        def hardcoded?
+          HARDCODED_RULES.include?(@rule_id)
+        end
+
         # Rules which are request based must have a request to be sent to TeamServer. Most rules fit this category, so
         # we'll default to true for now. Eventually, this will be split out for those rules, like Hardcoded, which do
         # not need requests.
         #
         # @return [Boolean]
         def request_based?
-          true
+          !config_based? && !hardcoded?
         end
       end
     end

data/lib/contrast/agent/reporting/reporting_events/finding_event.rb

@@ -1,44 +1,63 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/agent/reporting/reporting_events/finding_event_object'
+require 'contrast/agent/reporting/reporting_events/finding_event_parent_object'
+require 'contrast/agent/reporting/reporting_events/finding_event_property'
+require 'contrast/agent/reporting/reporting_events/finding_event_signature'
 require 'contrast/agent/reporting/reporting_events/finding_event_source'
-require 'contrast/agent/reporting/reporting_events/finding_object'
-require 'contrast/agent/reporting/reporting_events/finding_stack'
-require 'contrast/agent/reporting/reporting_events/finding_taint_range'
+require 'contrast/agent/reporting/reporting_events/finding_event_stack'
+require 'contrast/agent/reporting/reporting_events/finding_event_taint_range'
 
 module Contrast
   module Agent
     module Reporting
-      # This is the new Finding class which will include all the needed information for the new reporting system to
-      # relay this information in the Finding/Trace messages. These findings are used by TeamServer to construct the
-      # vulnerability information for the assess feature. They represent those parts of the application, either through
-      # configuration, method invocation, or dataflow, which are determined to be insecure.
-      #
-      # @attr_reader action [String] what the event did; CREATION, A2O, A2P, A2A, A2R, O2A, O2O, O2P, O2R, P2A, P2O,
-      #   P2P, P2R, TAG, TRIGGER.
-      # @attr_reader args [Array<Contrast::Agent::Reporting::FindingObject>] the arguments passed to the method.
-      # @attr_reader code [nil] unused.
-      # @attr_reader event_id [Integer] the id of this event.
-      # @attr_reader event_sources [Array<Contrast::Agent::Reporting::FindingEventSource>] the source of taint
-      # @attr_reader field_name [nil] unused.
-      # @attr_reader object [Contrast::Agent::Reporting::FindingEventSource] the object this method was invoked on.
-      # @attr_reader parent_object_ids [Array<Integer>]
-      # @attr_reader properties [Hash<String,String]
-      # @attr_reader ret [Contrast::Agent::Reporting::FindingObject] the return of the method.
-      # @attr_reader signature [Contrast::Agent::Reporting::FindingSignature] the signature of the method.
-      # @attr_reader source [String] the source of the taint from the method; ^(O|R|P\d+)$
-      # @attr_reader stack [Array<Contrast::Agent::Reporting::FindingStack>]
-      # @attr_reader tags [Array<String>] description of what's happened to the data
-      # @attr_reader taint_ranges [Array<Contrast::Agent::Reporting::FindingTaintRange>] the tags and spans of the
-      #   source that are tracked
-      # @attr_reader target [String] the target of the taint from the method; ^(O|R|P\d+)$
-      # @attr_reader thread [String] the id of the thread on which the method was invoked
-      # @attr_reader time [Integer] the time, in ms, when the event was generated
-      # @attr_reader type [String] the type of event; METHOD, PROPAGATION, TAG
+      # This is the new FindingEvent class which will include all the needed information for the new reporting system
+      # to relay this information in the Finding/Trace messages. These FindingEvents are used by TeamServer to
+      # construct the vulnerability information for the assess feature. They represent the operation the application
+      # underwent that transformed data during the dataflow.
       class FindingEvent
-        attr_reader :action, :args, :code, :event_id, :event_sources, :field_name, :object, :parent_object_ids,
-                    :properties, :ret, :signature, :source, :stack, :tags, :taint_ranges, :target, :thread, :time,
-                    :type
+        # @return [Symbol] what the event did; CREATION, A2O, A2P, A2A, A2R, O2A, O2O, O2P, O2R, P2A, P2O, P2P, P2R,
+        #   TAG, TRIGGER.
+        attr_reader :action
+        # @return [Array<Contrast::Agent::Reporting::FindingEventObject>] the arguments passed to the method.
+        attr_reader :args
+        # @return [nil] unused.
+        attr_reader :code
+        # @return [Integer] the id of this event.
+        attr_reader :event_id
+        # @return [Array<Contrast::Agent::Reporting::FindingEventSource>] the source of taint
+        attr_reader :event_sources
+        # @return [nil] unused.
+        attr_reader :field_name
+        # @return [Contrast::Agent::Reporting::FindingEventObject] the object this method was invoked on.
+        attr_reader :object
+        # @@return [Array<Contrast::Agent::Reporting::FindingEventParentObject>] the ids of all the events directly
+        #   preceding this
+        attr_reader :parent_object_ids
+        # @return [Array<Contrast::Agent::Reporting::FindingEventProperty>]
+        attr_reader :properties
+        # @return  [Contrast::Agent::Reporting::FindingEventObject] the return of the method.
+        attr_reader :ret
+        # @return [Contrast::Agent::Reporting::FindingEventSignature] the signature of the method.
+        attr_reader :signature
+        # @return [String] the source of the taint from the method; ^(O|R|P\d+)$
+        attr_reader :source
+        # @return [Array<Contrast::Agent::Reporting::FindingEventStack>]
+        attr_reader :stack
+        # @return [String] comma separated list of descriptions of what's happened to the data
+        attr_reader :tags
+        # @return [Array<Contrast::Agent::Reporting::FindingEventTaintRange>] the tags and spans of the source that are
+        #   tracked
+        attr_reader :taint_ranges
+        # @return [String] the target of the taint from the method; ^(O|R|P\d+)$
+        attr_reader :target
+        # @return [String] the id of the thread on which the method was invoked
+        attr_reader :thread
+        # @return [Integer] the time, in ms, when the event was generated
+        attr_reader :time
+        # @return [String] the type of event; METHOD, PROPAGATION, TAG
+        attr_reader :type
 
         class << self
           # Find all the events leading up to the given source and return an array of FindingEvents
@@ -48,7 +67,7 @@ module Contrast
           def from_source source
             return unless source && (props = Contrast::Agent::Assess::Tracker.properties(source))
 
-            build_events([], props.event) if props&.event
+            build_events([], props.event) if props.event
           end
 
           # @param event [Contrast::Agent::Assess::ContrastEvent]
@@ -71,7 +90,7 @@ module Contrast
             return unless event
 
             event.parent_events&.each do |parent_event|
-              build_events(finding, parent_event)
+              build_events(events, parent_event)
             end
             events << convert(event)
             events
@@ -85,11 +104,11 @@ module Contrast
         def attach_data event
           @event_id = event.event_id
           @time = event.time.to_i
-          @thread = event.thread
+          @thread = event.thread.to_s
           display_params!(event)
           dataflow!(event)
           event_sources!(event)
-          @signature = Contrast::Agent::Reporting::FindingSignature.convert(event)
+          @signature = Contrast::Agent::Reporting::FindingEventSignature.convert(event)
           stack!(event)
           parent_ids!(event)
           properties!(event)
@@ -100,25 +119,25 @@ module Contrast
         #
         # @return [Hash]
         # @raise [ArgumentError]
-        def to_controlled_hash
+        def to_controlled_hash # rubocop:disable Metrics/AbcSize
           validate
           {
               action: action,
-              args: args,
+              args: args.map(&:to_controlled_hash),
               # code: code, # Unused by our agent
-              eventId: event_id,
-              eventSources: event_sources,
+              objectId: event_id,
+              eventSources: event_sources.map(&:to_controlled_hash),
               # fieldName: field_name, # Unused by our agent
-              object: object,
-              parentObjectIds: parent_object_ids,
-              properties: properties,
-              ret: ret,
-              signature: signature,
-              source: source,
-              stack: stack,
-              tags: tags,
-              taintRanges: taint_ranges,
-              target: target,
+              object: object.to_controlled_hash,
+              parentObjectIds: parent_object_ids.map(&:to_controlled_hash),
+              properties: properties.map(&:to_controlled_hash),
+              ret: ret&.to_controlled_hash,
+              signature: signature.to_controlled_hash,
+              source: source || '',
+              stack: stack.map(&:to_controlled_hash),
+              tags: tags.join(','),
+              taintRanges: taint_ranges.map(&:to_controlled_hash),
+              target: target || '',
               thread: thread,
               time: time,
               type: type
@@ -139,7 +158,14 @@ module Contrast
         # @param event [Contrast::Agent::Assess::ContrastEvent]
         def display_params! event
           @action = event.policy_node.build_action
-          @type = event.policy_node.node_type
+          @type = case event.policy_node.node_type
+                  when :TYPE_TAG
+                    'TAG'
+                  when :TYPE_PROPAGATION
+                    'PROPAGATION'
+                  else # :TYPE_METHOD
+                    'METHOD'
+                  end
         end
 
         # Build the dataflow components of this FindingEvent.
@@ -148,9 +174,9 @@ module Contrast
         def dataflow! event
           taint_target = taint_target!(event)
           truncate_obj = Contrast::Utils::ObjectShare::OBJECT_KEY != taint_target
-          @object = Contrast::Agent::Reporting::FindingObject.convert(event.object, truncate_obj)
+          @object = Contrast::Agent::Reporting::FindingEventObject.convert(event.object, truncate_obj)
           truncate_ret = Contrast::Utils::ObjectShare::RETURN_KEY != taint_target
-          @ret = Contrast::Agent::Reporting::FindingObject.convert(event.ret, truncate_ret)
+          @ret = Contrast::Agent::Reporting::FindingEventObject.convert(event.ret, truncate_ret)
           event_args!(event, taint_target)
           taint_ranges!(event)
         end
@@ -164,7 +190,7 @@ module Contrast
           @args = []
           idx = 0
           while idx < event.args.length
-            @args << Contrast::Agent::Reporting::FindingObject.convert(event.args[idx], taint_target != idx)
+            @args << Contrast::Agent::Reporting::FindingEventObject.convert(event.args[idx], taint_target != idx)
             idx += 1
           end
         end
@@ -176,7 +202,8 @@ module Contrast
           @event_sources = []
           return unless event.cs__is_a?(Contrast::Agent::Assess::Events::SourceEvent)
 
-          event_sources << Contrast::Agent::Reporting::FindingEventSource.convert(event)
+          source = Contrast::Agent::Reporting::FindingEventSource.convert(event)
+          event_sources << source if source
         end
 
         # Convert the parent id's of the given ContrastEvent to the reportable form for this FindingEvent.
@@ -185,7 +212,7 @@ module Contrast
         def parent_ids! event
           @parent_object_ids = []
           event.parent_events&.each do |parent_event|
-            parent_object_ids << parent_event.event_id.to_i
+            parent_object_ids << Contrast::Agent::Reporting::FindingEventParentObject.new(parent_event.event_id.to_i)
           end
         end
 
@@ -194,7 +221,7 @@ module Contrast
         #
         # @param _event [Contrast::Agent::Assess::ContrastEvent]
         def properties! _event
-          @properties = {}
+          @properties = []
         end
 
         # Convert the stack of the given ContrastEvent to the reportable form for this FindingEvent.
@@ -203,7 +230,7 @@ module Contrast
         def stack! event
           @stack = []
           event.stack_trace.each do |stack_event|
-            if (report = Contrast::Agent::Reporting::FindingStack.convert(stack_event))
+            if (report = Contrast::Agent::Reporting::FindingEventStack.convert(stack_event))
               stack << report
             end
           end
@@ -217,7 +244,9 @@ module Contrast
           @taint_ranges = []
           event&.tags&.each_pair do |tag_key, tag_ranges|
             tags << tag_key
-            tag_ranges.each { |range| taint_ranges << Contrast::Agent::Reporting::FindingTaintRange.convert(range) }
+            tag_ranges.each do |range|
+              taint_ranges << Contrast::Agent::Reporting::FindingEventTaintRange.convert(range)
+            end
           end
         end
 

data/lib/contrast/agent/reporting/reporting_events/{finding_object.rb → finding_event_object.rb}

@@ -2,20 +2,22 @@
 # frozen_string_literal: true
 
 require 'base64'
+require 'contrast/agent/assess/contrast_object'
 
 module Contrast
   module Agent
     module Reporting
-      # This is the new FindingObject class which will include all the needed information for the new reporting system
-      # to relay this information in the Finding/Trace messages. These FindingObjects are used by TeamServer to
-      # construct the vulnerability information for the assess feature. They represent those parts of the objects that
-      # were acted on in a Dataflow Finding.
-      #
-      # @attr_reader hash [String] the id of the Object this represents.
-      # @attr_reader tracked [Boolean] if the Object this represents is tracked or not.
-      # @attr_reader value [String] the base64 of the human readable representation of the Object this represents.
-      class FindingObject
-        attr_reader :hash, :tracked, :value
+      # This is the new FindingEventObject class which will include all the needed information for the new reporting
+      # system to relay this information in the Finding/Trace messages. These FindingEventObjects are used by
+      # TeamServer to construct the vulnerability information for the assess feature. They represent those parts of the
+      # objects that were acted on in a Dataflow Finding.
+      class FindingEventObject
+        # @return [Integer] the id of the Object this represents.
+        attr_reader :hash
+        # @return [Boolean] if the Object is tracked or not
+        attr_reader :tracked
+        # @return [String] the base64 of the human readable representation of the Object this represents.
+        attr_reader :value
 
         # We'll truncate any object that isn't important to the taint ranges of this event, so that we don't murder
         # TeamServer by, for instance, hypothetically sending the entire rendered HTML page >_>  <_<  >_>
@@ -25,8 +27,8 @@ module Contrast
 
         class << self
           # @param object [Contrast::Agent::Assess::ContrastObject] the object to translate
-          # @param truncate [Boolean] if the value of this FindingObject should be truncated or not
-          # @return [Contrast::Agent::Reporting::FindingObject]
+          # @param truncate [Boolean] if the value of this FindingEventObject should be truncated or not
+          # @return [Contrast::Agent::Reporting::FindingEventObject]
           def convert object, truncate
             report = new
             report.attach_data(object, truncate)
@@ -35,13 +37,13 @@ module Contrast
         end
 
         # Parse the data from a Contrast::Agent::Assess::ContrastObject to attach what is required for reporting to
-        # TeamServer to this Contrast::Agent::Reporting::FindingObject
+        # TeamServer to this Contrast::Agent::Reporting::FindingEventObject
         #
-        # @param object [Contrast::Agent::Assess::ContrastObject]
+        # @param object [Contrast::Agent::Assess::ContrastObject, nil]
         def attach_data object, truncate
-          @hash = object.__id__
-          @tracked = object.tracked?
-          @value = reportable_value(object.object, truncate)
+          @hash = object&.object.__id__
+          @tracked = !!object&.tracked?
+          @value = reportable_value(object&.object, truncate)
         end
 
         # Convert the instance variables on the class, and other information, into the identifiers required for
@@ -59,9 +61,9 @@ module Contrast
         end
 
         def validate
-          raise(ArgumentError, "#{ self } did not have a proper hash. Unable to continue.") unless hash && !hash.empty?
+          raise(ArgumentError, "#{ self } did not have a proper hash. Unable to continue.") unless hash
           raise(ArgumentError, "#{ self } did not have a proper tracked. Unable to continue.") if tracked.nil?
-          return unless value && !value.empty?
+          return if value
 
           raise(ArgumentError, "#{ self } did not have a proper value. Unable to continue.")
         end
@@ -71,10 +73,12 @@ module Contrast
         # Parse, truncate, and translate the given value to be reported to TeamServer. The field is expected to be
         # base64 encoded.
         #
-        # @param value [String] the contrast_string of the object this represents.
+        # @param value [String, nil] the contrast_string of the object this represents.
         # @param truncate [Boolean] if the string should be truncated or not.
         # @return [String]
         def reportable_value value, truncate
+          return Contrast::Utils::ObjectShare::NIL_STRING unless value
+
           if truncate && value.length > TRUNCATION_LENGTH
             tmp = []
             tmp << value[0, UNTRUNCATED_PORTION_LENGTH]

data/lib/contrast/agent/reporting/reporting_events/finding_event_parent_object.rb

@@ -0,0 +1,39 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'base64'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new FindingEventParentObject class which will include all the needed information for the new
+      # reporting system to relay this information in the Finding/Trace messages. These FindingEventParentObject are
+      # used by TeamServer to relate this event to those that came previously. They represent the events that directly
+      # preceding the FindingEvent generated.
+      class FindingEventParentObject
+        # @return [Integer] the Id of the parent event
+        attr_reader :id
+
+        def initialize id
+          @id = id
+        end
+
+        # Convert the instance variables on the class, and other information, into the identifiers required for
+        # TeamServer to process the JSON form of this message.
+        #
+        # @return [Hash]
+        # @raise [ArgumentError]
+        def to_controlled_hash
+          validate
+          {
+              id: id
+          }
+        end
+
+        def validate
+          raise(ArgumentError, "#{ self } did not have a proper id. Unable to continue.") unless id
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/finding_event_property.rb

@@ -0,0 +1,40 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new FindingEventProperty class which will include all the needed information for the new reporting
+      # system to relay this information in the Finding/Trace messages. Events have properties on them which are held
+      # as an array of key-value pairs.
+      class FindingEventProperty
+        # @return [String] the key of the property
+        attr_reader :key
+        # @return [String] the value of the source
+        attr_reader :value
+
+        def initialize key, value
+          @key = key
+          @value = value
+        end
+
+        # Convert the instance variables on the class, and other information, into the identifiers required for
+        # TeamServer to process the JSON form of this message.
+        #
+        # @return [Hash]
+        # @raise [ArgumentError]
+        def to_controlled_hash
+          validate
+          {
+              key: key,
+              value: value
+          }
+        end
+
+        def validate
+          raise(ArgumentError, "#{ self } did not have a proper key. Unable to continue.") unless key && !key.empty?
+        end
+      end
+    end
+  end
+end