contrast-agent 5.3.0 → 6.1.1

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb

@@ -0,0 +1,70 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/api/dtm.pb'
+require 'contrast/api/decorators/response_type'
+require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationDefendAttackActivity class which will include the attacks sent by the source.
+      class ApplicationDefendAttackActivity
+        # @return [Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity]
+        attr_accessor :blocked
+        # @return [Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity]
+        attr_accessor :exploited
+        # @return [Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity]
+        attr_accessor :ineffective
+        # @return [Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity]
+        attr_accessor :suspicious
+
+        class << self
+          # @param attack_result [Contrast::Api::Dtm::AttackResult]
+          def convert attack_result
+            activity = new
+            activity.attach_data(attack_result)
+            activity
+          end
+        end
+
+        def initialize
+          @start_time = start_time
+          super
+        end
+
+        def to_controlled_hash
+          {
+              startTime: @start_time,
+              blocked: blocked&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH,
+              exploited: exploited&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH,
+              ineffective: ineffective&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH,
+              suspicious: suspicious&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH
+          }
+        end
+
+        # @param attack_result [Contrast::Api::Dtm::AttackResult]
+        # @return [Contrast::Agent::Reporting::Defend::AttackSampleActivity]
+        def attach_data attack_result
+          attack_sample_activity =
+            Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.convert(attack_result)
+          case attack_result.response
+          when ::Contrast::Api::Dtm::AttackResult::ResponseType::BLOCKED
+            @blocked = attack_sample_activity
+          when ::Contrast::Api::Dtm::AttackResult::ResponseType::MONITORED
+            @exploited = attack_sample_activity
+          when ::Contrast::Api::Dtm::AttackResult::ResponseType::PROBED
+            @ineffective = attack_sample_activity
+          when ::Contrast::Api::Dtm::AttackResult::ResponseType::SUSPICIOUS
+            @suspicious = attack_sample_activity
+          end
+        end
+
+        def start_time
+          Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb

@@ -0,0 +1,182 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/protect/rule/cmd_injection'
+require 'contrast/agent/protect/rule/deserialization'
+require 'contrast/agent/protect/rule/http_method_tampering'
+require 'contrast/agent/protect/rule/no_sqli'
+require 'contrast/api/dtm.pb'
+require 'contrast/components/logger'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationDefendAttackSample class which includes a samples of an attack for the given rule of
+      # the given result observed in the activity period.
+      class ApplicationDefendAttackSample
+        include Contrast::Agent::Reporting::InputType
+
+        # @return [Hash]
+        attr_reader :time_stamp
+
+        class << self
+          # @param attack_result [Contrast::Api::Dtm::AttackResult]
+          # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
+          def convert attack_result, attack_sample
+            activity = new
+            activity.attach_data(attack_result, attack_sample)
+            activity
+          end
+        end
+
+        def initialize
+          @blocked = false
+          @event_type = :application_defend_attack_sample
+        end
+
+        def to_controlled_hash
+          {
+              blocked: @blocked,
+              input: @input,
+              details: @details,
+              request: @request&.to_controlled_hash,
+              stack: @stack&.map(&:to_controlled_hash),
+              timestamp: time_stamp
+          }
+        end
+
+        # @param attack_result [Contrast::Api::Dtm::AttackResult]
+        # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
+        def attach_data attack_result, attack_sample
+          @blocked = attack_result.response == ::Contrast::Api::Dtm::AttackResult::ResponseType::BLOCKED
+          @input = build_input(attack_sample)
+          @details = build_details(attack_result.rule_id, attack_sample)
+          @time_stamp = build_time_stamp(attack_sample.timestamp_ms)
+          @request = FindingRequest.convert(Contrast::Agent::REQUEST_TRACKER.current&.request)
+          @stack = Contrast::Utils::StackTraceUtils.build_protect_report_stack_array
+        end
+
+        # @param start [Integer]
+        # @return [Hash]
+        def build_time_stamp start
+          {
+              start: start,
+              elapsed: Contrast::Utils::Timer.now_ms - start
+          }
+        end
+
+        # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
+        def build_input attack_sample
+          user_input = attack_sample.user_input
+          {
+              documentPath: user_input.path,
+              documentType: build_document_type(user_input.document_type),
+              filters: user_input.matcher_ids,
+              name: user_input.key,
+              time: attack_sample.timestamp_ms,
+              type: build_input_type(user_input.input_type),
+              value: user_input.value
+          }
+        end
+
+        # Convert the document type api enum to a String constant TeamServer can understand.
+        #
+        # @param type_enum [::Contrast::Api::Dtm::HttpRequest::DocumentType]
+        # @return [String]
+        def build_document_type type_enum
+          case type_enum
+          when ::Contrast::Api::Dtm::HttpRequest::DocumentType::JSON
+            'JSON'
+          when ::Contrast::Api::Dtm::HttpRequest::DocumentType::XML
+            'XML'
+          else
+            'NORMAL'
+          end
+        end
+
+        # Convert the input type api enum to a String constant TeamServer can understand.
+        #
+        # @param type_enum [when ::Contrast::Api::Dtm::UserInput::InputType]
+        # @return [String]
+        def build_input_type type_enum
+          case type_enum
+          when ::Contrast::Api::Dtm::UserInput::InputType::UNDEFINED_TYPE
+            'UNDEFINED_TYPE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::BODY
+            'BODY'
+          when ::Contrast::Api::Dtm::UserInput::InputType::COOKIE_NAME
+            'COOKIE_NAME'
+          when ::Contrast::Api::Dtm::UserInput::InputType::COOKIE_VALUE
+            'COOKIE_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::HEADER
+            'HEADER'
+          when ::Contrast::Api::Dtm::UserInput::InputType::PARAMETER_NAME
+            'PARAMETER_NAME'
+          when ::Contrast::Api::Dtm::UserInput::InputType::PARAMETER_VALUE
+            'PARAMETER_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::QUERYSTRING
+            'QUERYSTRING'
+          when ::Contrast::Api::Dtm::UserInput::InputType::URI
+            'URI'
+          when ::Contrast::Api::Dtm::UserInput::InputType::SOCKET
+            'SOCKET'
+          when ::Contrast::Api::Dtm::UserInput::InputType::JSON_VALUE
+            'JSON_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::JSON_ARRAYED_VALUE
+            'JSON_ARRAYED_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::MULTIPART_CONTENT_TYPE
+            'MULTIPART_CONTENT_TYPE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::MULTIPART_VALUE
+            'MULTIPART_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::MULTIPART_FIELD_NAME
+            'MULTIPART_FIELD_NAME'
+          when ::Contrast::Api::Dtm::UserInput::InputType::MULTIPART_NAME
+            'MULTIPART_NAME'
+          when ::Contrast::Api::Dtm::UserInput::InputType::XML_VALUE
+            'XML_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::DWR_VALUE
+            'DWR_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::METHOD
+            'METHOD'
+          when ::Contrast::Api::Dtm::UserInput::InputType::REQUEST
+            'REQUEST'
+          when ::Contrast::Api::Dtm::UserInput::InputType::URL_PARAMETER
+            'URL_PARAMETER'
+          else # ::Contrast::Api::Dtm::UserInput::InputType::UNKNOWN
+            'UNKNOWN'
+          end
+        end
+
+        # This is a temporary method to facilitate the translation of API details to Reporting details. As we move off
+        # of protobuf, this responsibility should shift from this class to the individual rules, as they do today when
+        # they populate their details in Contrast::Api::Dtm::RaspRuleSample
+        #
+        # @param rule_id [String]
+        # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
+        # @return [Hash] the details for this specific rule
+        def build_details rule_id, attack_sample
+          case rule_id
+          when Contrast::Agent::Protect::Rule::CmdInjection::NAME
+            Contrast::Agent::Protect::Rule::CmdInjection.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::Deserialization::NAME
+            Contrast::Agent::Protect::Rule::Deserialization.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::HttpMethodTampering::NAME
+            Contrast::Agent::Protect::Rule::HttpMethodTampering.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::NoSqli::NAME
+            Contrast::Agent::Protect::Rule::NoSqli.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::PathTraversal::NAME
+            Contrast::Agent::Protect::Rule::PathTraversal.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::Sqli::NAME
+            Contrast::Agent::Protect::Rule::Sqli.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::Xss::NAME
+            Contrast::Agent::Protect::Rule::Xss.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::Xxe::NAME
+            Contrast::Agent::Protect::Rule::Xxe.extract_details(attack_sample)
+          else # something unknown or Contrast::Agent::Protect::Rule::UnsafeFileUpload::NAME
+            Contrast::Utils::ObjectShare::EMPTY_HASH
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb

@@ -0,0 +1,56 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/application_defend_attack_sample'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new AttackerSampleActivity class which will include Sample of the given attacks in the activity
+      # period.
+      class ApplicationDefendAttackSampleActivity
+        # @return [Array<Contrast::Agent::Reporting::ApplicationDefendAttackSample>]
+        attr_reader :samples
+        # @return [Hash<Integer,Integer>] map of time from start in seconds to number of attacks in that second
+        attr_reader :time_map
+
+        class << self
+          # @param attack_result [Contrast::Api::Dtm::AttackResult]
+          def convert attack_result
+            activity = new
+            activity.attach_data(attack_result)
+            activity
+          end
+        end
+
+        def initialize
+          @samples = []
+          @start_time = (Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0) / 1000
+          @event_type = :application_defend_attack_sample_activity
+          @time_map = Hash.new { |h, k| h[k] = 0 }
+          super
+        end
+
+        def to_controlled_hash
+          {
+              attackTimeMap: time_map,
+              samples: samples.map(&:to_controlled_hash),
+              startTime: @start_time,
+              total: 1 # there will only ever be 1 attack sample, until batching is done
+          }
+        end
+
+        # @param attack_result [Contrast::Api::Dtm::AttackResult]
+        def attach_data attack_result
+          attack_result.samples.each do |attack_sample|
+            converted = Contrast::Agent::Reporting::ApplicationDefendAttackSample.convert(attack_result, attack_sample)
+            samples << converted
+            attack_second = converted.time_stamp[:elapsed] / 1000
+            time_map[attack_second] += 1
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_stack.rb

@@ -0,0 +1,22 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationDefendAttackSample class which includes a samples of an attack for the given rule of
+      # the given result observed in the activity period.
+      class ApplicationDefendAttackSampleStack
+        # @return [String]
+        attr_accessor :file_name
+        # @return [String]
+        attr_accessor :method_name
+
+        # @return [Hash]
+        def to_controlled_hash
+          { fileName: @file_name, methodName: @method_name }.compact
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb

@@ -0,0 +1,70 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/application_defend_attack_activity'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new AttackerActivity class which will includes the attacker information discovered during this
+      # activity period.
+      class ApplicationDefendAttackerActivity
+        # @return [Hash<String,Contrast::Agent::Reporting::ApplicationDefendAttackActivity>] map of rule-id to violated
+        #   samples for that rule
+        attr_reader :protection_rules
+        # @return [String, nil] the IP address of the request from which the attack originated; used to identify unique
+        #   attackers
+        attr_reader :source_ip
+        # @return [String, nil] the X-Forwarded-For Header of the request from which the attack originated; used to
+        #   identify unique attackers
+        attr_reader :source_forwarded_for
+
+        class << self
+          # @param attack_result_dtm [Contrast::Api::Dtm::AttackResult]
+          # @return [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
+          def convert attack_result_dtm
+            activity = new
+            activity.attach_data(attack_result_dtm)
+            activity
+          end
+        end
+
+        def initialize
+          @protection_rules = {}
+          req = Contrast::Agent::REQUEST_TRACKER.current.activity.http_request
+          if req
+            @source_ip = req.sender.ip
+            @source_forwarded_for = req.request_headers['X-Forwarded-For']
+          end
+          @event_type = :application_defend_attacker_activity
+          super
+        end
+
+        def to_controlled_hash
+          {
+              protectionRules: process_protection_rules,
+              source: {
+                  ip: source_ip,
+                  xForwardedFor: source_forwarded_for
+              }
+          }
+        end
+
+        # @param attack_result [Contrast::Api::Dtm::AttackResult]
+        def attach_data attack_result
+          @protection_rules[attack_result.rule_id] =
+            Contrast::Agent::Reporting::ApplicationDefendAttackActivity.convert(attack_result)
+        end
+
+        def process_protection_rules
+          hsh = {}
+          @protection_rules.each_pair do |rule_id, attack_activity|
+            hsh[rule_id] = attack_activity.to_controlled_hash
+          end
+          hsh
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb

@@ -9,14 +9,18 @@ module Contrast
   module Agent
     module Reporting
       # This is the new ApplicationInventory class which will include all the needed information
-      # for the new reporting system to report
-      class ApplicationInventory < Contrast::Agent::Reporting::ReportingEvent
-        attr_accessor :routes, :agent_session_id_value
+      # for the new reporting system to report. Reporting those components or details discovered at
+      # startup, or as soon as possible, but not necessarily seen used by the application. Each of
+      # these messages should only be sent once per application.
+      class ApplicationInventory < Contrast::Agent::Reporting::ApplicationReportingEvent
+        # @param [Array<Contrast::Agent::Reporting::DiscoveredRoute>] the routes registered to this application, as
+        #   discovered during first request processing.
+        attr_reader :routes
 
         class << self
           def convert app_update_dtm
             app_inventory = new
-            app_inventory.attach_data app_update_dtm
+            app_inventory.attach_data(app_update_dtm)
             app_inventory
           end
         end
@@ -29,9 +33,13 @@ module Contrast
           super
         end
 
+        def file_name
+          'applications-inventory'
+        end
+
         def to_controlled_hash
           {
-              session_id: agent_session_id_value,
+              session_id: @agent_session_id_value,
               routes: routes.map(&:to_controlled_hash)
           }
         end

data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb

@@ -0,0 +1,60 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/application_reporting_event'
+require 'contrast/agent/reporting/reporting_events/architecture_component'
+require 'contrast/utils/object_share'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationInventoryActivity class which will include all the information
+      # about the inventory of the application which was discovered during exercise of the application
+      # during this activity period.
+      class ApplicationInventoryActivity < Contrast::Agent::Reporting::ApplicationReportingEvent
+        # return [Contrast::Agent::Reporting::ArchitectureComponent]
+        attr_reader :components
+        # @ return [Array<String>, nil] - User-Agent Header value
+        attr_reader :browsers
+
+        class << self
+          # @param activity_dtm [Contrast::Api::Dtm::ApplicationActivity]
+          # @return [Contrast::Agent::Reporting::ApplicationInventoryActivity]
+          def convert activity_dtm
+            inventory = new
+            inventory.attach_data(activity_dtm)
+            inventory
+          end
+        end
+
+        def initialize
+          @event_type = :application_inventory_activity
+          @browsers = []
+          @components = []
+          super
+        end
+
+        def to_controlled_hash
+          {
+              activityDuration: duration,
+              browsers: browsers,
+              components: components.map(&:to_controlled_hash)
+          }
+        end
+
+        def attach_data activity
+          activity.architectures.each do |architecture|
+            @components << Contrast::Agent::Reporting::ArchitectureComponent.convert(architecture)
+          end
+          request_headers = activity.http_request&.request_headers
+          @browsers << request_headers['USER_AGENT'] if request_headers
+        end
+
+        def duration
+          Contrast::Utils::Timer.now_ms - (Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0)
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_reporting_event.rb

@@ -0,0 +1,27 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/reporting_events/reporting_event'
+require 'contrast/utils/timer'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationReportingEvent class which will include all the needed and mutual information for
+      # those events which correspond to Applications, such as Application Activity or Application Update
+      #
+      # @abstract
+      class ApplicationReportingEvent < Contrast::Agent::Reporting::ReportingEvent
+        protected
+
+        # The timestamp field is a bit of a misnomer. It's really the time, in ms, since the settings for this
+        # application have been updated. If I've never updated, then it's been 0ms since then.
+        #
+        # @return [Integer]
+        def since_last_update
+          (update_time = Contrast::SETTINGS.last_app_update_ms) ? Contrast::Utils::Timer.now_ms - update_time : 0
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_startup.rb

@@ -0,0 +1,44 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/reporting_events/application_reporting_event'
+require 'contrast/agent/reporting/reporting_events/application_startup_instrumentation'
+require 'contrast/config'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationStartup class which will include all the needed information for the new reporting
+      # system to report an Application has started; creating a new one or marking an existing one as online in the
+      # Contrast UI
+      class ApplicationStartup < Contrast::Agent::Reporting::ApplicationReportingEvent
+        def initialize
+          @event_method = :PUT
+          @event_endpoint = Contrast::Agent::Reporting::Endpoints::NG_ENDPOINTS[:application_create]
+          super
+        end
+
+        def file_name
+          'applications-create'
+        end
+
+        # Convert the instance variables on the class, and other information, into the identifiers required for
+        # TeamServer to process the JSON form of this message.
+        #
+        # @return [Hash]
+        def to_controlled_hash
+          app_config = ::Contrast::CONFIG.root.application
+          {
+              code: app_config.code,
+              group: app_config.group,
+              instrumentation: Contrast::Agent::Reporting::ApplicationStartupInstrumentation.new.to_controlled_hash,
+              metadata: app_config.metadata,
+              session_id: ::Contrast::CONFIG.session_id,
+              session_metadata: ::Contrast::CONFIG.session_metadata,
+              tags: app_config.tags
+          }.compact
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_startup_instrumentation.rb

@@ -0,0 +1,27 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/protect'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationStartupInstrumentation class which will include all the needed information for the
+      # system to report the instrumentation mode to which the agent was set by local configuration.
+      class ApplicationStartupInstrumentation
+        # Convert the instance variables on the class, and other information, into the identifiers required for
+        # TeamServer to process the JSON form of this message.
+        #
+        # @return [Hash]
+        # @raise [ArgumentError]
+        def to_controlled_hash
+          {
+              protect: {
+                  enable: ::Contrast::PROTECT.enabled?
+              }
+          }
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_update.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/reporting/reporting_events/architecture_component'
+require 'contrast/agent/reporting/reporting_events/application_reporting_event'
 require 'contrast/agent/reporting/reporting_events/library_discovery'
 require 'contrast/agent/reporting/reporting_events/reporting_event'
 require 'contrast/agent/reporting/reporting_events/route_discovery'
@@ -17,7 +18,7 @@ module Contrast
       #
       # @attr_reader components [Array<Contrast::Agent::Reporting::ArchitectureComponent>]
       # @attr_reader libraries [Array<Contrast::Agent::Reporting::LibraryDiscovery>]
-      class ApplicationUpdate < Contrast::Agent::Reporting::ReportingEvent
+      class ApplicationUpdate < Contrast::Agent::Reporting::ApplicationReportingEvent
         attr_reader :components, :libraries
 
         class << self
@@ -36,6 +37,10 @@ module Contrast
           super
         end
 
+        def file_name
+          'update-application'
+        end
+
         # Attach the data from the protobuf models to this reporter so that it can be sent to TeamServer directly.
         #
         # @param app_update_dtm [Contrast::Api::Dtm::ApplicationUpdate]
@@ -58,7 +63,7 @@ module Contrast
           {
               components: components.map(&:to_controlled_hash),
               libraries: libraries.map(&:to_controlled_hash),
-              timestamp: timestamp
+              timestamp: since_last_update
           }
         end
 
@@ -66,16 +71,6 @@ module Contrast
         #
         # @raise [ArgumentError]
         def validate; end
-
-        private
-
-        # The timestamp field is a bit of a misnomer. It's really the time, in ms, since the settings for this
-        # application have been updated.
-        #
-        # @return [Integer]
-        def timestamp
-          Contrast::Utils::Timer.now_ms - (Contrast::Agent.reporter&.client&.response_handler&.last_app_update_ms || 0)
-        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb

@@ -21,7 +21,7 @@ module Contrast
           # @return [Contrast::Agent::Reporting::DiscoveredRoute]
           def convert dtm
             discovered_route = new
-            discovered_route.attach_data dtm
+            discovered_route.attach_data(dtm)
             discovered_route
           end
         end