contrast-agent 5.2.0 → 6.1.0

data/lib/contrast/api/decorators/activity.rb

@@ -0,0 +1,33 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/string_utils'
+
+module Contrast
+  module Api
+    module Decorators
+      # Used to decorate the {Contrast::Api::Dtm::Activity} protobuf model
+      # to handle conversion between framework route classes and the dtm.
+      module Activity
+        def self.included klass
+          klass.extend(ClassMethods)
+        end
+
+        # Class methods for Activity
+        module ClassMethods
+          def source_or_string obj
+            if obj.cs__is_a?(Regexp)
+              obj.source
+            elsif obj.cs__respond_to?(:safe_string)
+              obj.safe_string
+            else
+              obj.to_s
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+Contrast::Api::Dtm::Activity.include(Contrast::Api::Decorators::Activity)

data/lib/contrast/api/decorators/address.rb

@@ -28,7 +28,7 @@ module Contrast
             @_build_receiver ||= begin
               address = new
               address.host = 'localhost'
-              address.ip = '127.0.0.1'
+              address.ip = '127.0.0.1' # rubocop:disable Style/IpAddresses
               begin
                 Timeout.timeout(1) do
                   address.host = Contrast::Utils::StringUtils.force_utf8(Socket.gethostname)

data/lib/contrast/api/decorators/http_request.rb

@@ -94,7 +94,7 @@ module Contrast
           return true if ::Contrast::AGENT.omit_body?
           return false if request.document_type != :NORMAL
 
-          request.content_type&.include?('multipart/form-data')
+          request.media_type&.include?('multipart/form-data')
         end
 
         def append_pair map, key, value

data/lib/contrast/api/decorators/response_type.rb

@@ -0,0 +1,30 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/api/dtm.pb'
+require 'protobuf/message'
+
+module Contrast
+  module Api
+    module Decorators
+      # Used to decorate the {Contrast::Api::Dtm::AttackResult::ResponseType} protobuf
+      # model so it can add SUSPICIOUS.
+      module ResponseType
+        ::Protobuf::Enum.define(:SUSPICIOUS, 6)
+
+        def self.included klass
+          klass.extend(ClassMethods)
+        end
+
+        # Used to add class methods to the  class on inclusion of the decorator
+        module ClassMethods
+          def build
+            new
+          end
+        end
+      end
+    end
+  end
+end
+
+Contrast::Api::Dtm::AttackResult::ResponseType.include(Contrast::Api::Decorators::ResponseType)

data/lib/contrast/api/decorators.rb

@@ -28,3 +28,4 @@ require 'contrast/api/decorators/rasp_rule_sample'
 require 'contrast/api/decorators/user_input'
 require 'contrast/api/decorators/address'
 require 'contrast/api/decorators/http_request'
+require 'contrast/api/decorators/response_type'

data/lib/contrast/components/app_context.rb

@@ -48,10 +48,6 @@ module Contrast
           end
         end
 
-        def session_id
-          @_session_id ||= build_app_startup_message.session_id
-        end
-
         def app_version
           @_app_version ||= Contrast::CONFIG.root.application.version
         end

data/lib/contrast/components/assess.rb

@@ -110,6 +110,20 @@ module Contrast
               []
         end
 
+        def track_original_object?
+          if @_track_original_object.nil?
+            @_track_original_object = !false?(::Contrast::CONFIG.root.assess.enable_original_object)
+          end
+
+          @_track_original_object
+        end
+
+        # The id for this process, based on the session metadata or id provided by the user, as indicated in
+        # application startup.
+        def session_id
+          ::Contrast::SETTINGS.assess_state.session_id
+        end
+
         private
 
         def forcibly_enabled?

data/lib/contrast/components/config.rb

@@ -72,6 +72,19 @@ module Contrast
           @config.loggable
         end
 
+        # Typically, this would be accessed through Contrast::SETTINGS, but we're specifically checking for the user
+        # provided value here rather than that echoed back by TeamServer.
+        #
+        # @return [String,nil] the value of the session id set in the configuration, or nil if unset
+        def session_id
+          root.application.session_id
+        end
+
+        # @return [String,nil] the value of the session metadata set in the configuration, or nil if unset
+        def session_metadata
+          root.application.session_metadata
+        end
+
         private
 
         SESSION_VARIABLES = 'Invalid configuration. '\
@@ -127,28 +140,6 @@ module Contrast
           end
         end
 
-        # Typically, this would be accessed through
-        # Contrast::Components::AppContext, but we're too early in the
-        # initialization of the Agent to use that mechanism, so we look it up
-        # directly for ourselves
-        #
-        # @return [String,nil] the value of the session id set in the
-        #   configuration, or nil if unset
-        def session_id
-          root.application.session_id
-        end
-
-        # Typically, this would be accessed through
-        # Contrast::Components::AppContext, but we're too early in the
-        # initialization of the Agent to use that mechanism, so we look it up
-        # directly for ourselves
-        #
-        # @return [String,nil] the value of the session metadata set in the
-        #   configuration, or nil if unset
-        def session_metadata
-          root.application.session_metadata
-        end
-
         # Typically, the following values would be accessed through Contrast::Components::AppContext
         # and Contrast::Components::API, but we're too early in the initialization of the Agent to use
         # that mechanism, so we look it up directly for ourselves.

data/lib/contrast/components/contrast_service.rb

@@ -38,6 +38,15 @@ module Contrast
           @_use_agent_communication = true?(::Contrast::CONFIG.root.agent.service.bypass)
         end
 
+        # If we're using the agent directly and not using protect, then there is no need to start the service. Because
+        # we only know this at startup when hardcoded as such (b/c TS could turn protect on otherwise), we can only do
+        # so when bypass is on and protect is off in local config
+        #
+        # @return [Boolean]
+        def unnecessary?
+          ::Contrast::CONTRAST_SERVICE.use_agent_communication? && ::Contrast::PROTECT.forcibly_disabled?
+        end
+
         def host
           @_host ||=
             (::Contrast::CONFIG.root.agent.service.host || Contrast::Config::ServiceConfiguration::DEFAULT_HOST).to_s

data/lib/contrast/components/protect.rb

@@ -41,7 +41,7 @@ module Contrast
         def report_any_command_execution?
           if @_report_any_command_execution.nil?
             ctrl = rule_config[Contrast::Agent::Protect::Rule::CmdInjection::NAME]
-            @_report_any_command_execution = true?(ctrl.disable_system_commands)
+            @_report_any_command_execution = ctrl && true?(ctrl.disable_system_commands)
           end
           @_report_any_command_execution
         end
@@ -50,7 +50,7 @@ module Contrast
           if @_report_custom_code_sysfile_access.nil?
             name_changed = Contrast::Agent::Protect::Rule::PathTraversal::NAME.tr('-', '_')
             ctrl = rule_config[name_changed]
-            @_report_custom_code_sysfile_access = true?(ctrl.detect_custom_code_accessing_system_files)
+            @_report_custom_code_sysfile_access = ctrl && true?(ctrl.detect_custom_code_accessing_system_files)
           end
           @_report_custom_code_sysfile_access
         end

data/lib/contrast/components/sampling.rb

@@ -48,7 +48,7 @@ module Contrast
         # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
         # @return [Boolean] the resolution of the config_settings, settings, and default value
         def enabled? config_settings, settings
-          true?([config_settings&.enable, settings&.enabled, DEFAULT_SAMPLING_ENABLED].reject(&:nil?)[0])
+          true?([config_settings&.enable, settings&.enabled, DEFAULT_SAMPLING_ENABLED].compact[0])
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
@@ -56,7 +56,7 @@ module Contrast
         # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
         def baseline config_settings, settings
-          [config_settings&.baseline, settings&.baseline, DEFAULT_SAMPLING_BASELINE].map(&:to_i).find(&:positive?)
+          [config_settings&.baseline, settings&.baseline].map(&:to_i).find(&:positive?) || DEFAULT_SAMPLING_BASELINE
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
@@ -64,10 +64,8 @@ module Contrast
         # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
         def request_frequency config_settings, settings
-          [
-            config_settings&.request_frequency, settings&.request_frequency,
-            DEFAULT_SAMPLING_REQUEST_FREQUENCY
-          ].map(&:to_i).find(&:positive?)
+          [config_settings&.request_frequency, settings&.request_frequency].map(&:to_i).find(&:positive?) ||
+              DEFAULT_SAMPLING_REQUEST_FREQUENCY
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
@@ -75,10 +73,8 @@ module Contrast
         # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
         def response_frequency config_settings, settings
-          [
-            config_settings&.response_frequency, settings&.response_frequency,
-            DEFAULT_SAMPLING_RESPONSE_FREQUENCY
-          ].map(&:to_i).find(&:positive?)
+          [config_settings&.response_frequency, settings&.response_frequency].map(&:to_i).find(&:positive?) ||
+              DEFAULT_SAMPLING_RESPONSE_FREQUENCY
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
@@ -86,7 +82,7 @@ module Contrast
         # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
         def window config_settings, settings
-          [config_settings&.window_ms, settings&.window_ms, DEFAULT_SAMPLING_WINDOW_MS].map(&:to_i).find(&:positive?)
+          [config_settings&.window_ms, settings&.window_ms].map(&:to_i).find(&:positive?) || DEFAULT_SAMPLING_WINDOW_MS
         end
       end
 

data/lib/contrast/components/settings.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/api/settings.pb'
+require 'contrast/agent/reporting/settings/sensitive_data_masking'
 
 module Contrast
   module Components
@@ -13,12 +14,14 @@ module Contrast
       APPLICATION_STATE_BASE = Struct.new(:modes_by_id, :exclusion_matchers).
           new(Hash.new(Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION), [])
       PROTECT_STATE_BASE = Struct.new(:enabled, :rules).new(false, {})
-      ASSESS_STATE_BASE = Struct.new(:enabled, :sampling_settings, :disabled_assess_rules).new(false, nil, []) do
+      ASSESS_STATE_BASE = Struct.new(:enabled, :sampling_settings, :disabled_assess_rules, :session_id).new(false, nil,
+                                                                                                            [], nil) do
         def sampling_settings= new_val
           @sampling_settings = new_val
           Contrast::Utils::Assess::SamplingUtil.instance.update
         end
       end
+      SENSITIVE_DATA_MASKING_BASE = Contrast::Agent::Reporting::Settings::SensitiveDataMasking.new
 
       # This is a class.
       class Interface
@@ -26,7 +29,67 @@ module Contrast
 
         # tainted_columns are database columns that receive unsanitized input.
         attr_reader :tainted_columns # This can probably go into assess_state?
-        attr_reader :assess_state, :protect_state, :application_state
+        # Current state for Assess.
+        # enabled [Boolean] Indicate if the assess feature set is enabled for this server or not.
+        #
+        # sampling [Hash<AssessSampling>] Hash of AssessSampling Used to control the sampling feature in the agent: {
+        #  baseline          [Integer] The number of baseline requests to take before switching to sampling
+        #                               for the window.
+        #  enabled           [Boolean] If the sampling feature should be used or not.
+        #  frequency         [Integer] The number of requests to skip before observing during the sampling
+        #                               window after the baseline.
+        #  responseFrequency [Integer]
+        #  window            [Integer]
+        # }
+        #
+        # disabled_assess_rules [array<AssessRuleID(String)>] Assess rules to disable for this application.
+        attr_reader :assess_state
+        # Current State for Protect.
+        # enabled [Boolean] Indicate if the protect feature set is enabled for this server or not.
+        #
+        # Protection rules are returned as:
+        # rules [Hash<RULE_ID => MODE>, nil] Hash with rule_id as key and mode as value
+        attr_reader :protect_state
+        # Current Application State.
+        #
+        # modes_by_id [Hash<Rule_id => Mode] Returns Hash with rules and their current mode.
+        # exclusion_matchers [Array] Array of all the exclusions.
+        # code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
+        #   name         [String] The name of the exclusion as defined by the user in TS.
+        #   modes        [String] If this exclusion applies to assess or protect. [assess, defend]
+        #   assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+        #   denylist     [String] The call, if in the stack, should result in the agent not taking action.
+        # input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
+        #   name           [String] The name of the input.
+        #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+        #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+        #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+        #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+        #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+        #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+        # }
+        # url_exclusions [Array<UrlExclusions>] Array of UrlExclusions: {
+        #   name           [String] The name of the input.
+        #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
+        #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
+        #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
+        #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
+        #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
+        #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
+        # }
+        attr_reader :application_state
+        # This the structure that will hold the masking rules send from TS.
+        #
+        # @return [Contrast::Agent::Reporting::Settings::SensitiveDataMasking]:
+        #           mask_http_body [Boolean] Policy flag to enable the use of masking on request body.
+        #           rules          [Array<Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule>]
+        #                          Rules to follow when using the masking. Each rules contains Id [String]
+        #                          and Keywords [Array<String>].
+        attr_reader :sensitive_data_masking
+        # @return [Integer] the time, in ms, that application settings last changed
+        attr_reader :last_app_update_ms
+        # @return [Integer] the time, in ms, that server settings last changed
+        attr_reader :last_server_update_ms
 
         def initialize
           reset_state
@@ -38,30 +101,43 @@ module Contrast
 
         # @param features [Contrast::Api::Settings::ServerFeatures, Contrast::Agent::Reporting::Response]
         def update_from_server_features features
-          if features&.class == Contrast::Agent::Reporting::Response
-            @protect_state.enabled = features.server_features.protect.enabled?
-            @assess_state.enabled = features.server_features.assess.enabled?
-            @assess_state.sampling_settings = features.server_features.assess.sampling
+          if features.cs__is_a?(Contrast::Agent::Reporting::Response)
+            server_features = features.server_features
+            return unless server_features
+
+            log_file = server_features.log_file
+            log_level = server_features.log_level
+            Contrast::Logger::Log.instance.update(log_file, log_level) if log_file || log_level
+            @protect_state.enabled = server_features.protect.enabled?
+            @assess_state.enabled = server_features.assess.enabled?
+            @assess_state.sampling_settings = server_features.assess.sampling
           else
             @protect_state.enabled = features.protect_enabled?
             @assess_state.enabled = features.assess_enabled?
             @assess_state.sampling_settings = features.assess.sampling
           end
+          @last_server_update_ms = Contrast::Utils::Timer.now_ms
         end
 
         # @param features [Contrast::Api::Settings::ApplicationSettings, Contrast::Agent::Reporting::Response]
         def update_from_application_settings features
           if features&.class == Contrast::Agent::Reporting::Response
-            @application_state.modes_by_id = features.application_settings.protect.protection_rules_to_settings_hash
+            settings = features.application_settings
+            return unless settings
+
+            @application_state.modes_by_id = settings.protect.protection_rules_to_settings_hash
             # TODO: RUBY-1438 this needs to be translated
             # @application_state.exclusion_matchers = new_vals[:exclusion_matchers]
-            @assess_state.disabled_assess_rules = features.application_settings.assess.disabled_rules
+            update_sensitive_data_policy(settings.sensitive_data_masking)
+            @assess_state.disabled_assess_rules = settings.assess.disabled_rules
+            @assess_state.session_id = settings.assess.session_id if settings.assess.session_id
           else
             new_vals = features.application_state_translation
             @application_state.modes_by_id = new_vals[:modes_by_id]
             @application_state.exclusion_matchers = new_vals[:exclusion_matchers]
             @assess_state.disabled_assess_rules = new_vals[:disabled_assess_rules]
           end
+          @last_app_update_ms = Contrast::Utils::Timer.now_ms
         end
 
         # Wipe state to zero.
@@ -70,6 +146,7 @@ module Contrast
           @assess_state = ASSESS_STATE_BASE.dup
           @application_state = APPLICATION_STATE_BASE.dup
           @tainted_columns = {}
+          @sensitive_data_masking = SENSITIVE_DATA_MASKING_BASE.dup
         end
 
         def build_protect_rules
@@ -86,6 +163,37 @@ module Contrast
           Contrast::Agent::Protect::Rule::Xss.new
           Contrast::Agent::Protect::Rule::Xxe.new
         end
+
+        # Update the sensitive data masking policy from settings,
+        # received from TS. In case the settings are empty,
+        # keep current ones.
+        #
+        # @param sensitive_data_masking [Contrast::Agent::Reporting::Settings::SensitiveDataMasking]
+        # Ts Response settings for sensitive data masking policy
+        def update_sensitive_data_policy sensitive_data_masking
+          @sensitive_data_masking.mask_http_body = sensitive_data_masking.mask_http_body? unless
+            settings_empty?(sensitive_data_masking.mask_http_body?)
+          @sensitive_data_masking.mask_attack_vector = sensitive_data_masking.mask_attack_vector? unless
+            settings_empty?(sensitive_data_masking.mask_attack_vector?)
+          return if settings_empty?(sensitive_data_masking.rules)
+
+          @sensitive_data_masking.rules = sensitive_data_masking.rules
+          # update with the newly received rules.
+          Contrast::Agent::Reporting::Masker.send(:update_dictionary)
+        end
+
+        private
+
+        # check if settings are empty and return true if so.
+        #
+        # @param settings [String, Boolean, Array, Hash]
+        # @return true | false
+        def settings_empty? settings
+          return false if !!settings == settings
+          return true if settings.nil? || settings.empty?
+
+          false
+        end
       end
     end
   end

data/lib/contrast/config/agent_configuration.rb

@@ -9,61 +9,54 @@ require 'contrast/config/api_configuration'
 
 module Contrast
   module Config
-    # Common Configuration settings. Those in this section pertain to the
-    # core functionality of the Agent.
-    class AgentConfiguration < BaseConfiguration
-      attr_accessor :enable, :omit_body, :start_bundled_service, :api
-      attr_writer :ruby, :service, :logger, :heap_dump
+    # Common Configuration settings. Those in this section pertain to the core functionality of the Agent.
+    class AgentConfiguration
+      include Contrast::Config::BaseConfiguration
+
+      # @return [Boolean, nil]
+      attr_accessor :enable
+      # @return [Boolean, nil]
+      attr_accessor :omit_body
+      # @return [Contrast::Config::RubyConfiguration]
+      attr_writer :ruby
+      # @return [Contrast::Config::ServiceConfiguration]
+      attr_writer :service
+      # @return [ Contrast::Config::LoggerConfiguration]
+      attr_writer :logger
+      # @return [Contrast::Config::HeapDumpConfiguration]
+      attr_writer :heap_dump
 
       def initialize hsh = {}
-        @enable = traverse_config(hsh, :enable)
-        @start_bundled_service = traverse_config(hsh, :start_bundled_service)
-        @omit_body = traverse_config(hsh, :omit_body)
-        @service = Contrast::Config::ServiceConfiguration.new(traverse_config(hsh, :service))
-        @logger = Contrast::Config::LoggerConfiguration.new(traverse_config(hsh, :logger))
-        @ruby = Contrast::Config::RubyConfiguration.new(traverse_config(hsh, :ruby))
-        @heap_dump = Contrast::Config::HeapDumpConfiguration.new(traverse_config(hsh, :heap_dump))
-        @configuration_map = {}
-        build_configuration_map
+        return unless hsh
+
+        @enable = hsh[:enable]
+        @start_bundled_service = hsh[:start_bundled_service]
+        @omit_body = hsh[:omit_body]
+        @service = Contrast::Config::ServiceConfiguration.new(hsh[:service])
+        @logger = Contrast::Config::LoggerConfiguration.new(hsh[:logger])
+        @ruby = Contrast::Config::RubyConfiguration.new(hsh[:ruby])
+        @heap_dump = Contrast::Config::HeapDumpConfiguration.new(hsh[:heap_dump])
+      end
+
+      # @return [Boolean, true]
+      def start_bundled_service
+        @start_bundled_service.nil? ? true : @start_bundled_service
       end
 
       def service
-        @service ||= Contrast::Config::ServiceConfiguration.new({})
+        @service ||= Contrast::Config::ServiceConfiguration.new
       end
 
       def logger
-        @logger ||= Contrast::Config::LoggerConfiguration.new({})
+        @logger ||= Contrast::Config::LoggerConfiguration.new
       end
 
       def ruby
-        @ruby ||= Contrast::Config::RubyConfiguration.new({})
+        @ruby ||= Contrast::Config::RubyConfiguration.new
       end
 
       def heap_dump
-        @heap_dump ||= Contrast::Config::HeapDumpConfiguration.new({})
-      end
-
-      # Traverse the given entity to build out the configuration graph.
-      #
-      # The values will be either a hash, indicating internal nodes to
-      # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
-      # leaf node.
-      #
-      # The spec_key are the Contrast defined keys based on the instance variables of
-      # a given configuration.
-      def traverse_config values, spec_key
-        internal_nodes = values.cs__respond_to?(:has_key?)
-        val = internal_nodes ? value_from_key_config(spec_key, values) : nil
-        val == EMPTY_VALUE ? nil : val
-      end
-
-      def build_configuration_map
-        instance_variables.each do |key|
-          str_key = key.to_s.tr('@', '')
-          next if str_key == 'configuration_map'
-
-          @configuration_map[str_key] = send(str_key.to_sym)
-        end
+        @heap_dump ||= Contrast::Config::HeapDumpConfiguration.new
       end
     end
   end

data/lib/contrast/config/api_configuration.rb

@@ -8,26 +8,29 @@ require 'contrast/config/request_audit_configuration'
 module Contrast
   module Config
     # Api keys configuration
-    class ApiConfiguration < BaseConfiguration
+    class ApiConfiguration
+      include Contrast::Config::BaseConfiguration
+
       # @return [String]
-      attr_reader :api_key
+      attr_accessor :api_key
       # @return [String]
-      attr_reader :user_name
+      attr_accessor :user_name
       # @return [String]
-      attr_reader :service_key
+      attr_accessor :service_key
+      attr_writer :url, :proxy, :request_audit, :certificate
 
       DEFAULT_URL = 'https://app.contrastsecurity.com/Contrast'
 
       def initialize hsh = {}
-        @api_key = traverse_config(hsh, :api_key)
-        @url = traverse_config(hsh, :url)
-        @user_name = traverse_config(hsh, :user_name)
-        @service_key = traverse_config(hsh, :service_key)
-        @proxy = Contrast::Config::ApiProxyConfiguration.new(traverse_config(hsh, :proxy))
-        @request_audit = Contrast::Config::RequestAuditConfiguration.new(traverse_config(hsh, :request_audit))
-        @certificate = Contrast::Config::CertificationConfiguration.new(traverse_config(hsh, :certificate))
-        @configuration_map = {}
-        build_configuration_map
+        return unless hsh
+
+        @api_key = hsh[:api_key]
+        @url = hsh[:url]
+        @user_name = hsh[:user_name]
+        @service_key = hsh[:service_key]
+        @proxy = Contrast::Config::ApiProxyConfiguration.new(hsh[:proxy])
+        @request_audit = Contrast::Config::RequestAuditConfiguration.new(hsh[:request_audit])
+        @certificate = Contrast::Config::CertificationConfiguration.new(hsh[:certificate])
       end
 
       def url
@@ -48,68 +51,6 @@ module Contrast
       def certificate
         @certificate ||= Contrast::Config::CertificationConfiguration.new
       end
-
-      def api_key= value
-        self['api_key'] = value
-      end
-
-      def url= value
-        self['url'] = value
-      end
-
-      def user_name= value
-        self['user_name'] = value
-      end
-
-      def service_key= value
-        self['service_key'] = value
-      end
-
-      def proxy= value
-        self['proxy'] = value
-      end
-
-      def request_audit= value
-        self['request_audit'] = value
-      end
-
-      def certificate= value
-        self['certificate'] = value
-      end
-
-      # TODO: RUBY-1493 MOVE TO BASE CONFIG
-
-      def []= key, value
-        instance_variable_set("@#{ key }".to_sym, value)
-        @configuration_map[key] = value
-      end
-
-      def [] key
-        send(key.to_sym)
-      end
-
-      # Traverse the given entity to build out the configuration graph.
-      #
-      # The values will be either a hash, indicating internal nodes to
-      # traverse, or a value to set or the EMPTY_VALUE symbol, indicating a
-      # leaf node.
-      #
-      # The spec_key are the Contrast defined keys based on the instance variables of
-      # a given configuration.
-      def traverse_config values, spec_key
-        internal_nodes = values.cs__respond_to?(:has_key?)
-        val = internal_nodes ? value_from_key_config(spec_key, values) : nil
-        val == EMPTY_VALUE ? nil : val
-      end
-
-      def build_configuration_map
-        instance_variables.each do |key|
-          str_key = key.to_s.tr('@', '')
-          next if str_key == 'configuration_map'
-
-          @configuration_map[str_key] = send(str_key.to_sym)
-        end
-      end
     end
   end
 end