contrast-agent 5.3.0 → 6.1.1

data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb

@@ -1,51 +1,149 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/agent/reporting/reporting_utilities/response_extractor'
+
 module Contrast
   module Agent
     module Reporting
       # This module holds utilities required by the reporting service response handler
       module ResponseHandlerUtils
-        ANALYZE_WHEN = '200'
-        SLEEP_WHEN = %w[401 408 500].cs__freeze
+        include Contrast::Agent::Reporting::ResponseExtractor
+
+        ANALYZE_WHEN = %w[200 204].cs__freeze
+        ERROR_CODES = {
+            message_not_sent: '400',
+            access_forbidden: '401',
+            access_forbidden_no_action: '403',
+            application_do_not_exist: '404',
+            unprocessable_entity: '422',
+            too_many_requests: '429'
+        }.cs__freeze
+        APP_NON_EXISTENT_MSG = 'Application does not exist! Either it has not been created or has '\
+                               'been deleted or archived. '\
+                               'Disabling permanently.'
+        SUSPEND_MSG = 'Reporter is temporarily suspended.'
+        UNSUCCESSFULLY_RECEIVED_MSG = 'The Reporter was unable to send message.'
+        FORBIDDEN_MSG = 'Access was forbidden for current Report because the request authentication '\
+                        'information was not provided'
+        FORBIDDEN_NO_ACTION_MSG = 'Report access was forbidden because the supplied credentials failed '\
+                                  'to authenticate the Agent'
+        UNPROCESSABLE_ENTITY_MSG = 'Reporter received Unprocessable Entity response. Disabling permanently.'
+        RETRY_AFTER_MSG = "There are too many requests of this type being sent by this Agent. #{ SUSPEND_MSG }"
 
         private
 
         # check if response code is valid before analyze it
         #
-        # @param response_code [Integer]
+        # @param response [Net::HTTP::Response, nil]
         # @return [Boolean]
-        def analyze_response_code? response_code
-          # 200 Successful recording of the server record on the database. FeatureSet successfully returned
+        def analyze_response? response
+          # Code descriptions:
+          # 200:
+          # Message successfully received and there are new settings
+          # 204:
+          # Message successfully received and it's up to Contrast Server to decide what is done with the data.
+          # 304:
+          # Message successfully received and there are no new settings. Use your current ones.
+          #
+          # ERRORS:
+          # 400:
+          # Message unsuccessfully received. The Contrast Server was unable to process the message properly.
           # 401:
-          # If any authentication errors occur. Agents should enter a suspended mode
-          # (no reporting) and attempt to reconnect in 15 minutes.
-          # 408:
-          # If the FeatureSet from TeamServer cannot be constructed in time.
-          # Agents should enter a suspended mode (no reporting) and attempt to reconnect in 15 minutes.
-          # 500:
-          # If any server error occurs. Agents should enter a suspended mode
-          # (no reporting) and attempt to reconnect in 15 minutes.
-          # 204, 304
-          # Successful update of the server record on the database.
-          # No FeatureSet update since the last time an activity was sent.
-          @_sleep = true if SLEEP_WHEN.include? response_code
-          return true if ANALYZE_WHEN.include? response_code
-
+          # Access was forbidden because the request authentication information was not provided.
+          # headers:
+          # www-Authenticate => Indicate that the API-Key and Authorization header are both required,
+          #                     in the standard format per RFC 2616
+          # 403:
+          # Access was forbidden because the supplied credentials failed to authenticate the Agent.
+          # 404:
+          # The application does not exist - either it has not been created or has been deleted or archived.
+          # If possible, the Agent should no longer analyze this application. For those Agents with multiple
+          # applications in a single process, at a minimum, cease reporting about this application.
+          # 422:
+          # Unprocessable Entity - The application startup is rejected because some piece of data is incorrect.
+          # The session_id could reference a non-existent session or the metadata (not session_metadata) could
+          # fail a constraint check. TeamServer should indicate this is an error message which the Agent should
+          # log. The Agent should no longer analyze this application.
+          # {
+          #   "error": "string"
+          # }
+          # 429:
+          # There are too many requests of this type being sent by this Agent. Back off for the time listed in
+          # the Retry-After header. In this case, it is on the Agent to determine if it is safe to hold onto the
+          # data to attempt to send again or if it needs to be dropped. The Contrast Server can choose what to do
+          # with message from improperly throttled Agents, including dropping them.
+          # header:
+          # Retry-After => how long, in seconds, to wait before attempting to send another request to this endpoint,
+          #                in the standard format per RFC 2616
+          # used for in observed routes message.
+          return false unless response && (response_code = response&.code)
+          return true if ANALYZE_WHEN.include?(response_code)
+
+          handle_error(response) if ERROR_CODES.value?(response_code)
+          # There was error, so analyze the Error and nothing more.
           false
         end
 
+        # Analyze the headers of the response code. They have information about the
+        # retry timeout and some response bodies contains error messages.
+        #
+        # @param response [String] the response code from Net::HTTPResponse, which is obnoxiousy a String, not an
+        # Integer
+        # @param message [String] Message to log.
+        # @param mode [Symbol, nil]
+        def handle_response_errors response, message, mode
+          # Set the current mode status.
+          @_mode.status = mode
+          ready_after, error_message, auth_error = extract_response_info(response)
+          # log, suspend, disable:
+          if mode == @_mode.running
+            log_debug_msg(message,
+                          response: response.__id__,
+                          request: Contrast::Agent::REQUEST_TRACKER.current&.request&.type,
+                          error_message: error_message || 'none',
+                          auth_error: auth_error || 'none')
+          end
+          suspend_reporting(message, ready_after, error_message) if mode == @_mode.resending
+          return unless mode == @_mode.disabled
+
+          stop_reporting(message, application: Contrast::APP_CONTEXT.app_name, error_message: error_message)
+        rescue StandardError => e
+          logger.debug('Could not handle Response error information', error: e)
+        end
+
+        # Extract what we've received.
+        #
+        # @param response [Net::HTTP::Response, nil]
+        # @return [Array<String, Integer>] all collected error info.
+        def extract_response_info response
+          # Extract what we got from the response:
+          ready_after = response['Ready-After'] if response.to_hash.keys.map(&:downcase).include?('ready-after')
+          if response.to_hash.keys.map(&:downcase).include?('www-authenticate')
+            auth_error = response['www-Authenticate']
+          end
+          error_message = response.message
+          [ready_after.to_i, error_message, auth_error]
+        end
+
+        # Cease reporting about this application
+        #
+        # @param message [String] Message to log
+        # @param info_hash [Hash] information about the context to log.
+        def stop_reporting message, info_hash
+          Contrast::Agent.reporter&.stop!
+          log_debug_msg(message, info_hash)
+          ::Contrast::AGENT.disable!
+        end
+
         # Applies the settings from the TS response
         #
         # @param response [Contrast::Agent::Reporting::Response]
         def update_agent_settings response
-          if response.server_features
-            log_file = response.server_features.log_file
-            log_level = response.server_features.log_level
-            Contrast::Logger::Log.instance.update(log_file, log_level) if log_file && log_level
-            Contrast::SETTINGS.update_from_server_features(response)
-          end
-          Contrast::SETTINGS.update_from_application_settings(response) if response.application_settings
+          return unless response
+
+          ::Contrast::SETTINGS.update_from_server_features(response) if response.server_features
+          ::Contrast::SETTINGS.update_from_application_settings(response) if response.application_settings
         end
 
         # Process the given Reactions from the application settings based on what
@@ -54,23 +152,18 @@ module Contrast
         #
         # @param response [Contrast::Agent::Reporting::Response]
         def update_reaction response
-          return unless response.application_settings.reactions&.any?
+          return unless response.application_settings&.reactions&.any?
 
           response.application_settings.reactions.each do |reaction|
             # The enums are all uppercase, we need to downcase them before attempting to log.
-            level = if reaction.level.nil?
-                      :error
-                    else
-                      reaction.level.downcase
-                    end
-
+            level = reaction.level.nil? ? :error : reaction.level.downcase
             logger.with_level(level, reaction.message) if reaction.message
 
             case reaction.operation
-            when Contrast::Agent::Reporting::Settings::Reaction::OPERATIONS.second
+            when Contrast::Agent::Reporting::Settings::Reaction::OPERATIONS[1]
               # DISABLED
-              Contrast::Agent::DisableReaction.run reaction, level
-            when Contrast::Agent::Reporting::Settings::Reaction::OPERATIONS.first
+              Contrast::Agent::DisableReaction.run(reaction, level)
+            when Contrast::Agent::Reporting::Settings::Reaction::OPERATIONS[0]
               # NOOP
             else
               logger.warn('ReactionProcessor received a reaction with an unknown operation',
@@ -79,6 +172,24 @@ module Contrast
           end
         end
 
+        # This can't go in the Settings component because protect and assess depend on settings
+        # I don't think it should go into contrast_service because that only handles connection specific data.
+        #
+        # @param response [Contrast::Agent::Reporting::Response]
+        def update_ruleset response
+          logger.info('Updating features from TeamServer')
+          return unless response&.server_features || response&.application_settings
+          return unless ::Contrast::AGENT.enabled?
+
+          logger.trace_with_time('Rebuilding rule modes from TeamServer') do
+            ::Contrast::SETTINGS.build_protect_rules if ::Contrast::PROTECT.enabled?
+            ::Contrast::AGENT.reset_ruleset
+            logger.info('Current rule settings:')
+            ::Contrast::PROTECT.rules.each { |k, v| logger.info('Protect Rule mode set', rule: k, mode: v.mode) }
+            logger.info('Disabled Assess Rules', rules: ::Contrast::ASSESS.disabled_rules)
+          end
+        end
+
         # Converts response from Net to Reporting Response object
         #
         # @param response [Net::HTTP::Response, nil]
@@ -94,12 +205,14 @@ module Contrast
           # check if response contains application settings or Feature settings
           if response_data[:settings]
             # the response contains ApplicationSettings
-            logger.trace('Agent: Received updated application settings')
-            build_application_settings response_data
+            app_settings = build_application_settings(response_data)
+            logger.trace('Agent: Received updated application settings', raw: response_data, processed: app_settings)
+            app_settings
           else
             # the response contains FeatureSettings
-            logger.trace('Agent: Received updated server features')
-            build_feature_settings response_data
+            server_features = build_feature_settings(response_data)
+            logger.trace('Agent: Received updated application settings', raw: response_data, processed: server_features)
+            server_features
           end
         rescue StandardError => e
           logger.error('Unable to convert response', e)
@@ -109,99 +222,27 @@ module Contrast
         # @param response_data [Hash]
         # @return res [Contrast::Agent::Reporting::Response]
         def build_application_settings response_data
-          res = Contrast::Agent::Reporting::Response.new
-          extract_assess response_data, res
-          extract_protect response_data, res
-          extract_exclusions response_data, res
-          extract_reactions response_data, res
+          res = Contrast::Agent::Reporting::Response.application_response
+          extract_assess(response_data, res)
+          extract_protect(response_data, res)
+          extract_exclusions(response_data, res)
+          extract_reactions(response_data, res)
+          extract_sensitive_data_policy(response_data, res)
           res
         end
 
         # @param response_data [Hash]
         # @return res [Contrast::Agent::Reporting::Response]
         def build_feature_settings response_data
-          res = Contrast::Agent::Reporting::Response.new
-          extract_assess_server_features response_data, res
-          extract_protect_server_features response_data, res
-          extract_protect_lists response_data, res
+          res = Contrast::Agent::Reporting::Response.server_response
+          extract_assess_server_features(response_data, res)
+          extract_protect_server_features(response_data, res)
+          extract_protect_lists(response_data, res)
           res.server_features.log_level = response_data[:logLevel]
           res.server_features.log_file = response_data[:logFile]
           res.server_features.telemetry = response_data[:telemetry]
           res
         end
-
-        # @param response_data [Hash]
-        # @return res [Contrast::Agent::Reporting::Response]
-        def extract_assess response_data, res
-          assessments = response_data[:settings][:assessment]
-          return unless assessments
-
-          res.application_settings.assess.disabled_rules = assessments[:disabledRules]
-          res.application_settings.assess.session_id = assessments[:session_id]
-        end
-
-        # @param response_data [Hash]
-        # @return res [Contrast::Agent::Reporting::Response]
-        def extract_protect response_data, res
-          protect = response_data[:settings][:defend]
-          return unless protect
-
-          res.application_settings.protect.protection_rules = protect[:protectionRules]
-          res.application_settings.protect.virtual_patches = protect[:virtualPatches]
-        end
-
-        # @param response_data [Hash]
-        # @return res [Contrast::Agent::Reporting::Response]
-        def extract_exclusions response_data, res
-          exclusions = response_data[:settings][:exceptions]
-          return unless exclusions
-
-          res.application_settings.exclusions.code_exclusions = exclusions[:codeExceptions]
-          res.application_settings.exclusions.input_exclusions = exclusions[:inputExceptions]
-          res.application_settings.exclusions.url_exclusions = exclusions[:urlExceptions]
-        end
-
-        # @param response_data [Hash]
-        # @return res [Contrast::Agent::Reporting::Response]
-        def extract_reactions response_data, res
-          res.application_settings.reactions = response_data[:settings][:reactions]
-        end
-
-        # @param response_data [Hash]
-        # @return res [Contrast::Agent::Reporting::Response]
-        def extract_assess_server_features response_data, res
-          assess = response_data[:assessment]
-          return unless assess
-
-          res.server_features.assess.enabled = assess[:enabled]
-          res.server_features.assess.disabled_rules = assess[:disabledRules]
-          res.server_features.assess.sampling = assess[:sampling]
-          res.server_features.assess.sanitizers = assess[:sanitizers]
-          res.server_features.assess.validators = assess[:validators]
-        end
-
-        # @param response_data [Hash]
-        # @return res [Contrast::Agent::Reporting::Response]
-        def extract_protect_server_features response_data, res
-          protect = response_data[:defend]
-          return unless protect
-
-          res.server_features.protect.enabled = protect[:enabled]
-          res.server_features.protect.bot_blocker = protect[:bot_blocker]
-          res.server_features.protect.syslog = protect[:syslog]
-        end
-
-        # @param response_data [Hash]
-        # @return res [Contrast::Agent::Reporting::Response]
-        def extract_protect_lists response_data, res
-          protect = response_data[:defend]
-          return unless protect
-
-          res.server_features.protect.ip_allowlist = protect[:ipAllowlist]
-          res.server_features.protect.ip_denylist = protect[:ipDenyList]
-          res.server_features.protect.log_enchancers = protect[:logEnhancers]
-          res.server_features.protect.rule_definition_list = protect[:ruleDefinitionList]
-        end
       end
     end
   end

data/lib/contrast/agent/reporting/settings/application_settings.rb

@@ -5,6 +5,7 @@ require 'contrast/agent/reporting/settings/assess'
 require 'contrast/agent/reporting/settings/protect'
 require 'contrast/agent/reporting/settings/exclusions'
 require 'contrast/agent/reporting/settings/reaction'
+require 'contrast/agent/reporting/settings/sensitive_data_masking'
 
 module Contrast
   module Agent
@@ -43,6 +44,14 @@ module Contrast
             @_reactions
           end
 
+          # This object will hold the masking rules send from TS.
+          #
+          # @return sensitive_data_masking [Contrast::Agent::Reporting::Settings::SensitiveDataMasking] this object
+          # includes mask_http_body flag and Array set of rules with keywords in them.
+          def sensitive_data_masking
+            @_sensitive_data_masking ||= Contrast::Agent::Reporting::Settings::SensitiveDataMasking.new
+          end
+
           # Set the reaction
           #
           # @param reactions [Array<Reaction>] {
@@ -52,7 +61,7 @@ module Contrast
           #   operation [String] What to do in response to this reaction.[NOOP, DISABLE] }
           # @return [Array<Contrast::Agent::Reporting::Settings::Reaction>]
           def reactions= reactions
-            return unless reactions.is_a? Array
+            return unless reactions.is_a?(Array)
 
             @_reactions = []
             reactions.each do |r|

data/lib/contrast/agent/reporting/settings/assess.rb

@@ -12,7 +12,7 @@ module Contrast
         class Assess
           # Assess rules to disable for this application.
           #
-          # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
+          # @return disabled_rules [Array<String>] Array with string rule_ids
           def disabled_rules
             @_disabled_rules ||= []
           end
@@ -20,15 +20,15 @@ module Contrast
           # @param disabled_rules [Array] with AssessRuleID strings
           # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
           def disabled_rules= disabled_rules
-            @_disabled_rules = disabled_rules if disabled_rules.is_a? Array
+            @_disabled_rules = disabled_rules if disabled_rules.is_a?(Array)
           end
 
           # The id of a session on TeamServer under which this session of this application should report
           # Overrides that set by application.session_id (should match if provided).
           #
-          # @return session_id [String]
+          # @return session_id [String, nil]
           def session_id
-            @_session_id ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+            @_session_id
           end
 
           # Set the session_id
@@ -36,7 +36,7 @@ module Contrast
           # @param session_id [String]
           # @return session_id [String]
           def session_id= session_id
-            @_session_id = session_id if session_id.is_a? String
+            @_session_id = session_id if session_id.is_a?(String) && !session_id.blank?
           end
         end
       end

data/lib/contrast/agent/reporting/settings/assess_server_feature.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/utils/object_share'
+require 'contrast/agent/reporting/settings/sampling'
 
 module Contrast
   module Agent
@@ -11,19 +12,6 @@ module Contrast
         # Application level settings for the Assess featureset.
         # Used for the FeatureSet TS response
         class AssessServerFeature
-          # Assess rules to disable for this application.
-          #
-          # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
-          def disabled_rules
-            @_disabled_rules ||= []
-          end
-
-          # @param disabled_rules [Array<AssessRuleID>] with AssessRuleID strings
-          # @return disabled_rules [Array<AssessRuleID>] Array with string rule_ids
-          def disabled_rules= disabled_rules
-            @_disabled_rules = disabled_rules if disabled_rules.is_a? Array
-          end
-
           # Indicate if the assess feature set is enabled for this server or not.
           #
           # @return enabled [Boolean]
@@ -41,17 +29,9 @@ module Contrast
 
           # Used to control the sampling feature in the agent.
           #
-          # @return sampling [Hash<AssessSampling>] Hash of AssessSampling: {
-          #  baseline          [Integer] The number of baseline requests to take before switching to sampling
-          #                               for the window.
-          #  enabled           [Boolean] If the sampling feature should be used or not.
-          #  frequency         [Integer] The number of requests to skip before observing during the sampling
-          #                               window after the baseline.
-          #  responseFrequency [Integer]
-          #  window            [Integer]
-          # }
+          # @return [Contrast::Agent::Reporting::Settings::Sampling]
           def sampling
-            @_sampling ||= {}
+            @_sampling ||= Contrast::Agent::Reporting::Settings::Sampling.new({})
           end
 
           # set sampling
@@ -65,17 +45,9 @@ module Contrast
           #  responseFrequency [Integer]
           #  window            [Integer]
           # }
-          # @return sampling [Hash<AssessSampling>] Hash of AssessSampling: {
-          #  baseline          [Integer] The number of baseline requests to take before switching to sampling
-          #                               for the window.
-          #  enabled           [Boolean] If the sampling feature should be used or not.
-          #  frequency         [Integer] The number of requests to skip before observing during the sampling
-          #                               window after the baseline.
-          #  responseFrequency [Integer]
-          #  window            [Integer]
-          # }
+          # @return [Contrast::Agent::Reporting::Settings::Sampling]
           def sampling= sampling
-            @_sampling = sampling if sampling.is_a? Hash
+            @_sampling = Contrast::Agent::Reporting::Settings::Sampling.new(sampling) if sampling.is_a?(Hash)
           end
 
           # The sanitizers defined by the user for use by the agent on this server for this organization.
@@ -100,7 +72,7 @@ module Contrast
           #   tags  [Array[String]]
           #   uuid  [String]
           def sanitizers= sanitizers
-            @_sanitizers = sanitizers if sanitizers.is_a? Array
+            @_sanitizers = sanitizers if sanitizers.is_a?(Array)
           end
 
           # The validators defined by the user for use by the agent on this server for this organization.
@@ -127,7 +99,7 @@ module Contrast
           #   uuid  [String]
           # }
           def validators= validators
-            @_validators = validators if validators.is_a? Array
+            @_validators = validators if validators.is_a?(Array)
           end
         end
       end

data/lib/contrast/agent/reporting/settings/exclusions.rb

@@ -36,7 +36,7 @@ module Contrast
           #   denylist     [String] The call, if in the stack, should result in the agent not taking action.
           # }
           def code_exclusions= code_exclusions
-            @_code_exclusions = code_exclusions if code_exclusions.is_a? Array
+            @_code_exclusions = code_exclusions if code_exclusions.is_a?(Array)
           end
 
           # Cases where rules should be excluded if violated from a given input.
@@ -75,7 +75,7 @@ module Contrast
           #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
           # }
           def input_exclusions= input_exclusions
-            @_input_exclusions = input_exclusions if input_exclusions.is_a? Array
+            @_input_exclusions = input_exclusions if input_exclusions.is_a?(Array)
           end
 
           # A case where rules should be excluded if violated during a call to a given URL.
@@ -114,7 +114,7 @@ module Contrast
           #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
           # }
           def url_exclusions= url_exclusions
-            @_url_exclusions = url_exclusions if url_exclusions.is_a? Array
+            @_url_exclusions = url_exclusions if url_exclusions.is_a?(Array)
           end
         end
       end

data/lib/contrast/agent/reporting/settings/protect.rb

@@ -11,7 +11,7 @@ module Contrast
         # Application level settings for the Protect featureset
         class Protect
           # block at perimeter needs to be check against the blockAtEntry boolean value
-          PROTECT_RULES_MODE = %w[OFF BLOCKING MONITORING].cs__freeze
+          PROTECT_RULES_MODE = %w[OFF MONITORING BLOCKING].cs__freeze
           # The settings for each protect rule for this application
           #
           # @return protection_rules [Array<protectRule>] protectRule: {
@@ -33,7 +33,7 @@ module Contrast
           #   id           [String] The id of a rule in Contrast.
           #   mode         [String] The mode that this rule should run in. [OFF, MONITORING, BLOCKING] }
           def protection_rules= protection_rules
-            @_protection_rules = protection_rules if protection_rules.is_a? Array
+            @_protection_rules = protection_rules if protection_rules.is_a?(Array)
           end
 
           # The virtual patches to apply for this application
@@ -66,19 +66,34 @@ module Contrast
           #   urls       [Array] The urls that must be present in the request to result in the request being blocked.
           #   uuids      [String] The UUID of the Virtual Patch }
           def virtual_patches= virtual_patches
-            @_virtual_patches = virtual_patches if virtual_patches.is_a? Array
+            @_virtual_patches = virtual_patches if virtual_patches.is_a?(Array)
           end
 
           # Converts settings into Agent Settings understandable hash {RULE_ID => MODE}
           #
           # @return rules [Hash<RULE_ID => MODE>, nil] Hash with rule_id as key and mode as value
           def protection_rules_to_settings_hash
-            return if protection_rules.empty?
+            return {} if protection_rules.empty?
 
             modes_by_id = {}
             protection_rules.each do |rule|
-              PROTECT_RULES_MODE.include? rule[:mode]
-              modes_by_id[rule[:id]] = rule[:mode]
+              setting_mode = rule[:mode]
+              next unless PROTECT_RULES_MODE.include?(setting_mode)
+
+              api_mode = case setting_mode
+                         when PROTECT_RULES_MODE[1]
+                           ::Contrast::Api::Settings::ProtectionRule::Mode::MONITORED
+                         when PROTECT_RULES_MODE[2]
+                           if rule[:blockAtEntry]
+                             ::Contrast::Api::Settings::ProtectionRule::Mode::BLOCK_AT_PERIMETER
+                           else
+                             ::Contrast::Api::Settings::ProtectionRule::Mode::BLOCKED
+                           end
+                         else
+                           ::Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION
+                         end
+
+              modes_by_id[rule[:id]] = api_mode
             end
             modes_by_id
           end

data/lib/contrast/agent/reporting/settings/protect_server_feature.rb

@@ -23,7 +23,7 @@ module Contrast
           # @param enabled [Boolean]
           # @return enabled [Boolean]
           def enabled= enabled
-            @_enabled = enabled if !!enabled == enabled
+            @_enabled = enabled
           end
 
           # Indicate if the bot protection feature set is enabled for this server or not.
@@ -66,7 +66,7 @@ module Contrast
           #   name    [String] The user defined name of the filter.
           #   uuid    [String] The identifier of the filter as defined by TeamServer.
           def ip_allowlist= allowlist
-            @_ip_allowlist = allowlist if allowlist.is_a? Array
+            @_ip_allowlist = allowlist if allowlist.is_a?(Array)
           end
 
           # The IP addresses for which to disable protection.
@@ -94,7 +94,7 @@ module Contrast
           #                     name    [String] The user defined name of the filter.
           #                     uuid    [String] The identifier of the filter as defined by TeamServer.
           def ip_denylist= denylist
-            @_ip_denylist = denylist if denylist.is_a? Array
+            @_ip_denylist = denylist if denylist.is_a?(Array)
           end
 
           # All of the apis to add new logging calls to the application at runtime.
@@ -134,7 +134,7 @@ module Contrast
           #    type    [String] The type of log message to tenerate. Audit as 0, Security as 2.
           #                     [ AUDIT, ERROR, SECURITY ]
           def log_enchancers= log_enchancers
-            @_log_enchancers = log_enchancers if log_enchancers.is_a? Array
+            @_log_enchancers = log_enchancers if log_enchancers.is_a?(Array)
           end
 
           # The keywords and patterns required for the input analysis of each rule with that capability.
@@ -191,7 +191,7 @@ module Contrast
           #                    value          [String] }
           # }
           def rule_definition_list= list
-            @_rule_definition_list = list.is_a? Array
+            @_rule_definition_list = list if list.is_a?(Array)
           end
 
           # Controls for the syslogging feature in the agent.
@@ -234,7 +234,7 @@ module Contrast
           #   syslogSeverityProbed    [String]
           #   syslogSeveritySuspicous [String]
           def syslog= log
-            @_syslog = log if log.is_a? Hash
+            @_syslog = log if log.is_a?(Hash)
           end
         end
       end

data/lib/contrast/agent/reporting/settings/reaction.rb

@@ -19,9 +19,9 @@ module Contrast
           # @param message [String] A message to log when receiving this reaction.
           # @param operation [String] What to do in response to this reaction.[NOOP, DISABLE]
           def initialize level, operation, message
-            @level = level if LEVELS.include? level
-            @operation = operation if OPERATIONS.include? operation
-            @message = message if message.is_a? String
+            @level = level if LEVELS.include?(level)
+            @operation = operation if OPERATIONS.include?(operation)
+            @message = message if message.is_a?(String)
           end
         end
       end