contrast-agent 5.3.0 → 6.1.1

data/lib/contrast/logger/application.rb

@@ -1,8 +1,6 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/utils/exclude_key'
-
 module Contrast
   module Logger
     # Our decorator for the Ougai logger allowing for the logging of the
@@ -19,7 +17,7 @@ module Contrast
           env_key = env_key.to_s
           next unless ENV_KEYS.include?(env_key) ||
               (env_key.start_with?(Contrast::Components::Config::CONTRAST_ENV_MARKER) &&
-                  !env_key.start_with?(Contrast::Components::Config::CONTRAST_ENV_MARKER + 'API'))
+                  !env_key.start_with?("#{ Contrast::Components::Config::CONTRAST_ENV_MARKER }API"))
 
           info('Environment settings', key: env_key, value: env_value)
         end
@@ -31,8 +29,6 @@ module Contrast
         loggable = ::Contrast::CONFIG.loggable
         info('Current configuration', configuration: loggable)
         env_keys = ENV.keys.select do |env_key|
-          next if Contrast::Utils::ExcludeKey.excludable? env_key.to_s
-
           env_key&.to_s&.start_with?(Contrast::Components::Config::CONTRAST_ENV_MARKER)
         end
         env_items = env_keys.map { |env_key| Contrast::Utils::EnvConfigurationItem.new(env_key, nil) }

data/lib/contrast/logger/cef_log.rb

@@ -30,7 +30,7 @@ module Contrast
           else
             cs__error(*args, **kwargs)
           end
-          args.each { |arg| raise arg if arg && arg.cs__class < Exception }
+          args.each { |arg| raise(arg) if arg && arg.cs__class < Exception }
         end
       end
     end
@@ -69,11 +69,11 @@ module Contrast
         if @_cef_logger
           @_cef_logger.error('Unable to process update to LoggerManager.', e)
         else
-          puts 'Unable to process update to LoggerManager.'
-          raise e if ENV['CONTRAST__AGENT__RUBY_MORE_COWBELL']
+          puts('Unable to process update to LoggerManager.')
+          raise(e) if ENV['CONTRAST__AGENT__RUBY_MORE_COWBELL']
 
-          puts e.message
-          puts e.backtrace.join("\n")
+          puts(e.message)
+          puts(e.backtrace.join("\n"))
         end
         # rubocop:enable Rails/Output
       end
@@ -99,28 +99,28 @@ module Contrast
 
       def virtual_patch_message patch, outcome
         message = "Virtual Patch #{ patch.fetch(:name, '') } - #{ patch[:uuid] } was triggered by this request."
-        log [message, patch, outcome], ::Logger::Severity::DEBUG
+        log([message, patch, outcome], ::Logger::Severity::DEBUG)
       end
 
       def bot_blocking_message matching_bot, outcome
         message = "User agent #{ matching_bot[:user_agent] } matched the disallowed value #{ matching_bot[:bot] }"
-        log [message, matching_bot, outcome], ::Logger::Severity::DEBUG
+        log([message, matching_bot, outcome], ::Logger::Severity::DEBUG)
       end
 
       def ip_denylisted_message remote_ip, block_entry, outcome
         message = "IP Address #{ remote_ip } matched the disallowed value" \
                   "#{ block_entry[:ip] } in the IP Blacklist #{ block_entry[:uuid] }"
-        log [message, block_entry, outcome], ::Logger::Severity::DEBUG
+        log([message, block_entry, outcome], ::Logger::Severity::DEBUG)
       end
 
       def successful_attack rule_id, outcome, input_type = nil, input_value = nil
         if input_type.present? && input_value.present?
           successful_attack_with_input = "#{ input_type } had a value that successfully exploited" \
                                          "#{ rule_id } - #{ input_value }"
-          log [successful_attack_with_input, rule_id, outcome], ::Logger::Severity::WARN
+          log([successful_attack_with_input, rule_id, outcome], ::Logger::Severity::WARN)
         else
           successful_attack_wo_input = "An effective attack was detected against #{ rule_id }"
-          log [successful_attack_wo_input, rule_id, outcome], ::Logger::Severity::WARN
+          log([successful_attack_wo_input, rule_id, outcome], ::Logger::Severity::WARN)
         end
       end
 
@@ -128,10 +128,10 @@ module Contrast
         if input_type.present? && input_value.present?
           ineffective_attack_with_input = "#{ input_type } had a value that matched a signature for, " \
                                           "but did not successfully exploit #{ rule_id } - #{ input_value }"
-          log [ineffective_attack_with_input, rule_id, outcome], ::Logger::Severity::WARN
+          log([ineffective_attack_with_input, rule_id, outcome], ::Logger::Severity::WARN)
         else
           ineffective_attack_wo_input = "An unsuccessful attack was detected against #{ rule_id }"
-          log [ineffective_attack_wo_input, rule_id, outcome], ::Logger::Severity::WARN
+          log([ineffective_attack_wo_input, rule_id, outcome], ::Logger::Severity::WARN)
         end
       end
 
@@ -140,10 +140,10 @@ module Contrast
         if input_type.present? && input_value.present?
           suspicious_attack_with = "#{ input_type } included a potential attack value that was detected" \
                                    "as suspicious using #{ rule_id } - #{ input_value }"
-          log [suspicious_attack_with, rule_id, outcome], ::Logger::WARN
+          log([suspicious_attack_with, rule_id, outcome], ::Logger::WARN)
         elsif input_value.present?
-          suspicious_attack_without = 'Suspicious activity indicates a potential attack using ' + rule_id.to_s
-          log [suspicious_attack_without, rule_id, outcome], ::Logger::WARN
+          suspicious_attack_without = "Suspicious activity indicates a potential attack using #{ rule_id }"
+          log([suspicious_attack_without, rule_id, outcome], ::Logger::WARN)
         end
       end
     end

data/lib/contrast/logger/format.rb

@@ -10,6 +10,7 @@ module Contrast
     # Our format for the Ougai logger allowing for custom log format that
     # extends the behavior of the default Ougai logger
     class Format < Ougai::Formatters::Bunyan
+      NO_REQUEST_HASH = { request_id: -1 }.cs__freeze
       LOG_TRACKER = Contrast::Utils::ThreadTracker.new
       # Our override of the _call method to add in the extra data that we want,
       # based on
@@ -49,7 +50,6 @@ module Contrast
         hash
       end
 
-      NO_REQUEST_HASH = { request_id: -1 }.cs__freeze
       def request_hash
         @request_tracker_defined ||= defined?(Contrast::Agent) && defined?(Contrast::Agent::REQUEST_TRACKER)
         return NO_REQUEST_HASH unless @request_tracker_defined

data/lib/contrast/logger/log.rb

@@ -44,8 +44,8 @@ module Contrast
       untimed_func_symbol = "untimed_#{ meth_spec.method_name }".to_sym
       send_to = class_method ? meth_spec.clazz.cs__singleton_class : meth_spec.clazz
       meth_spec.clazz.class_eval do
-        include Contrast::Components::Logger::InstanceMethods
-        extend Contrast::Components::Logger::InstanceMethods
+        include(Contrast::Components::Logger::InstanceMethods)
+        extend(Contrast::Components::Logger::InstanceMethods)
 
         send_to.send(:alias_method, untimed_func_symbol, meth_spec.method_name)
         meth_spec.aliased = true
@@ -73,7 +73,7 @@ module Contrast
         next if meth_spec.aliased
 
         is_class_method = meth_spec.clazz.singleton_methods(false).include?(meth_spec.method_name)
-        trace_time_class_method meth_spec, is_class_method
+        trace_time_class_method(meth_spec, is_class_method)
       end
     end
   end
@@ -96,7 +96,7 @@ module Contrast
           else
             cs__error(*args, **kwargs)
           end
-          args.each { |arg| raise arg if arg && arg.cs__class < Exception }
+          args.each { |arg| raise(arg) if arg && arg.cs__class < Exception }
         end
       end
     end
@@ -142,11 +142,11 @@ module Contrast
         if logger
           logger.error('Unable to process update to LoggerManager.', e)
         else
-          puts 'Unable to process update to LoggerManager.'
-          raise e if ENV['CONTRAST__AGENT__RUBY_MORE_COWBELL']
+          puts('Unable to process update to LoggerManager.')
+          raise(e) if ENV['CONTRAST__AGENT__RUBY_MORE_COWBELL']
 
-          puts e.message
-          puts e.backtrace.join("\n")
+          puts(e.message)
+          puts(e.backtrace.join("\n"))
         end
       end
 

data/lib/contrast/tasks/config.rb

@@ -2,10 +2,12 @@
 # frozen_string_literal: true
 
 require 'yaml'
+require 'contrast/configuration'
+require 'contrast/agent/reporting/reporter'
 
 module Contrast
   # A Rake task to generate a contrast_security.yaml file with some basic settings
-  module Config
+  module Config # rubocop:disable Metrics/ModuleLength
     extend Rake::DSL
     DEFAULT_CONFIG = {
         'api' => {
@@ -29,6 +31,9 @@ module Contrast
         }
     }.cs__freeze
 
+    SKIP_LOG = %w[service_key api_key].cs__freeze
+    REQUIRED = %i[url api_key service_key user_name].cs__freeze
+
     namespace :contrast do
       namespace :config do
         desc 'Create a contrast_security.yaml in the applications root directory'
@@ -38,9 +43,7 @@ module Contrast
           if File.exist?(target_path)
             puts 'WARNING: contrast_security.yaml already exists'
           else
-            File.open(target_path, 'w') do |f|
-              f.write(YAML.dump(DEFAULT_CONFIG))
-            end
+            File.write(target_path, YAML.dump(DEFAULT_CONFIG))
 
             puts "Created contrast_security.yaml at #{ target_path }"
             puts 'Open the file and enter your Contrast Security api keys or set them via environment variables'
@@ -49,5 +52,98 @@ module Contrast
         end
       end
     end
+
+    namespace :contrast do
+      namespace :config do
+        desc 'Validate the provided Contrast configuration and confirm connectivity'
+        task validate: :environment do
+          puts 'Validating Agent Configuration...'
+          Contrast::Config.validate_config
+          puts '...done!'
+          puts 'Validating Contrast Reporter Headers...'
+          reporter = Contrast::Config.validate_headers
+          puts '...done!'
+          puts 'Testing Reporter Client Connection...'
+          Contrast::Config.test_connection(reporter) if reporter
+          puts '...done!'
+        end
+      end
+
+      def self.validate_config
+        config = Contrast::Configuration.new
+        abort('Unable to Build Config') unless config
+        missing = []
+        api_hash = config.root.api.to_hash
+        api_hash.each_key do |key|
+          value = mask_keys(api_hash, key)
+          if value.is_a?(Contrast::Config::ApiProxyConfiguration)
+            Contrast::Config.validate_proxy(value)
+          elsif value.is_a?(Contrast::Config::CertificationConfiguration)
+            Contrast::Config.validate_cert(value)
+            next
+          elsif value.is_a?(Contrast::Config::RequestAuditConfiguration)
+            Contrast::Config.validate_audit(value)
+            next
+          elsif value.nil? && REQUIRED.includes?(key.to_sym)
+            missing << key
+          end
+        end
+        abort("Missing required API configuration values: #{ missing.join(', ') }") unless missing.empty?
+      end
+
+      def self.validate_proxy config
+        puts("Proxy Enabled: #{ config.enable }")
+        return unless config.enable
+
+        puts("Proxy URL: #{ config.url }")
+        abort('Proxy Enabled but no Proxy URL given') unless config.url
+      end
+
+      def self.validate_cert config
+        puts("Certification Enabled: #{ config.enable }")
+        return unless config.enable
+
+        puts("CA File: #{ config.ca_file }")
+        abort('CA file path not provided') unless config.ca_file
+        puts("Cert File: #{ config.cert_file }")
+        abort('Cert file path not provided') unless config.cert_file
+        puts("Key File: #{ config.key_file }")
+        abort('Key file path not provided') unless config.key_file
+      end
+
+      def self.validate_audit config
+        puts("Request Audit Enabled: #{ config.enable }")
+        return unless config.enable
+
+        config.each do |k, v|
+          puts("#{ k }::#{ v }")
+        end
+      end
+
+      def self.validate_headers
+        missing = []
+        reporter = Contrast::Agent::Reporter.new
+        reporter_headers = reporter.client.headers.to_hash
+        reporter_headers.each_key do |key|
+          value = mask_keys(reporter_headers, key)
+          missing << key if value.nil?
+        end
+        abort("Missing required header values: #{ missing.join(', ') }") unless missing.empty?
+        reporter
+      end
+
+      def self.test_connection reporter
+        connection = reporter.connection
+        abort('Failed to Initialize Connection please check error logs for details') unless connection
+        abort('Failed to Start Client please check error logs for details') unless reporter.client.startup!(connection)
+      end
+
+      def self.mask_keys hash, key
+        value = hash[key]
+        redacted_value = Contrast::Configuration::REDACTED if SKIP_LOG.include?(key.to_s)
+        puts("#{ key }::#{ redacted_value || value }") unless value.is_a?(Contrast::Config::BaseConfiguration)
+        value
+      end
+    end
   end
 end

data/lib/contrast/tasks/service.rb

@@ -11,7 +11,7 @@ module Contrast
     extend Rake::DSL
     # Start the service if it is not already running
     def self.start_service
-      puts 'Starting Contrast Service'
+      puts('Starting Contrast Service')
       service_log = ::Contrast::CONTRAST_SERVICE.logger_path
       if File.writable?(service_log)
         spawn('contrast_service', out: File::NULL, err: service_log)
@@ -23,7 +23,7 @@ module Contrast
         sleep(0.05) until Contrast::Utils::OS.running?
       end
       watcher.join(1)
-      puts Contrast::Utils::OS.running? ? 'Contrast Service started successfully.' : 'Contrast Service did not start.'
+      puts(Contrast::Utils::OS.running? ? 'Contrast Service started successfully.' : 'Contrast Service did not start.')
     end
 
     # Stop the service if it is running

data/lib/contrast/utils/assess/object_store.rb

@@ -0,0 +1,36 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Utils
+    module Assess
+      # keep track of object properties and events data
+      class ObjectStore
+        def initialize capacity = 500
+          @capacity = capacity
+          @cache = {}
+        end
+
+        def get
+          @cache
+        end
+
+        def [] key
+          @cache[key]
+        end
+
+        def delete key
+          @cache.delete(key)
+        end
+
+        # We would keep object ids with capacity.
+        # If a reference is kept to an object only by it's id,
+        # It would be CG-ted safely.
+        def []= key, value
+          @cache[key] = value
+          @cache.shift if @cache.length > @capacity
+        end
+      end
+    end
+  end
+end

data/lib/contrast/utils/assess/propagation_method_utils.rb

@@ -10,6 +10,7 @@ module Contrast
         APPEND_ACTION = 'APPEND'
         CENTER_ACTION = 'CENTER'
         INSERT_ACTION = 'INSERT'
+        BUFFER_ACTION = 'BUFFER'
         KEEP_ACTION = 'KEEP'
         NEXT_ACTION = 'NEXT'
         NOOP_ACTION = 'NOOP'
@@ -30,6 +31,7 @@ module Contrast
             INSERT_ACTION => Contrast::Agent::Assess::Policy::Propagator::Insert,
             KEEP_ACTION => Contrast::Agent::Assess::Policy::Propagator::Keep,
             NEXT_ACTION => Contrast::Agent::Assess::Policy::Propagator::Next,
+            BUFFER_ACTION => Contrast::Agent::Assess::Policy::Propagator::Buffer,
             NOOP_ACTION => nil,
             PREPEND_ACTION => Contrast::Agent::Assess::Policy::Propagator::Prepend,
             REPLACE_ACTION => Contrast::Agent::Assess::Policy::Propagator::Replace,
@@ -94,6 +96,10 @@ module Contrast
         def can_propagate? propagation_node, preshift, target
           return false unless appropriate_target?(propagation_node, target)
           return true if Contrast::Utils::Assess::TrackingUtil.tracked?(target)
+          if propagation_node.use_original_object?
+            # return true since we don't have preshift while using the original object.
+            return true
+          end
           return false unless preshift
 
           propagation_node.sources.each do |source|

data/lib/contrast/utils/assess/tracking_util.rb

@@ -50,9 +50,9 @@ module Contrast
 
             idx += 1
             if Contrast::Utils::DuckUtils.iterable_hash?(obj)
-              handle_hash obj, idx
+              handle_hash(obj, idx)
             elsif Contrast::Utils::DuckUtils.iterable_enumerable?(obj)
-              handle_enumerable obj, idx
+              handle_enumerable(obj, idx)
             else
               Contrast::Agent::Assess::Tracker.tracked?(obj)
             end
@@ -79,9 +79,9 @@ module Contrast
 
             idx += 1
             if Contrast::Utils::DuckUtils.iterable_hash?(obj)
-              handle_hash obj, idx
+              handle_hash(obj, idx)
             elsif Contrast::Utils::DuckUtils.iterable_enumerable?(obj)
-              handle_enumerable obj, idx
+              handle_enumerable(obj, idx)
             else
               Contrast::Agent::Assess::Tracker.trackable?(obj)
             end

data/lib/contrast/utils/class_util.rb

@@ -33,7 +33,7 @@ module Contrast
         #   need to check
         # @return [Boolean] if this method specifically was prepended
         def prepended_method? mod, method_policy
-          target_module = determine_target_class mod, method_policy.instance_method
+          target_module = determine_target_class(mod, method_policy.instance_method)
           ancestors = target_module.ancestors
           return false unless prepended?(target_module, ancestors)
 
@@ -50,8 +50,8 @@ module Contrast
         # After implementing the LRU Cache, we firstly need to check if already had that object cached and if we have
         # it - we can return it directly; otherwise we'll calculate and store the result before returning.
         #
-        # TODO: RUBY-1327
-        # Once we move to 2.7+, we can combine the caches using ID b/c the memory location stops being the id
+        # Combining of the caches have close performance, but keeping the two with current implementation has
+        # a slight advantage in performance. For now we can keep the things the way they are.
         #
         # @param object [Object, nil] the entity to convert to a String
         # @return [String, Object] the human readable form of the String, as defined by
@@ -60,13 +60,13 @@ module Contrast
           # Only treat object like a string if it actually is a string+ some subclasses of String override string
           # methods we depend on
           if object.cs__class == String
-            return @string_cache[object] if @string_cache.key? object
+            return @string_cache[object] if @string_cache.key?(object)
 
             @string_cache[object] = to_cached_string(object) || object.dup
           else
-            return @lru_cache[object.__id__] if @lru_cache.key? object.__id__
+            return @lru_cache[object.__id__] if @lru_cache.key?(object.__id__)
 
-            @lru_cache[object.__id__] = convert_object object
+            @lru_cache[object.__id__] = convert_object(object)
           end
         end
 
@@ -86,28 +86,15 @@ module Contrast
           end
         end
 
-        # The method const_defined? can cause autoload, which is bad for us. The method autoload? doesn't traverse
-        # namespaces. This method lets us provide a constant, as a String, and parse it to determine if it has been
-        # truly truly defined, meaning it existed before this method was invoked, not as a result of it.
+        # The method Module.const_defined? can raise an exception if the constant is poorly named. As such, we need to
+        # handle the case where that exception is raised.
         #
-        # TODO: RUBY-1326
-        # This is required to handle a bug in Ruby prior to 2.7.0. When we drop support for 2.6.X, we should remove
-        # this code. https://bugs.ruby-lang.org/issues/10741
         # @param name [String] the name of the constant to look up
         # @return [Boolean]
         def truly_defined? name
           return false unless name
 
-          segments = name.split(Contrast::Utils::ObjectShare::DOUBLE_COLON)
-          previous_module = Module
-          segments.each do |segment|
-            return false if previous_module.cs__autoload?(segment)
-            return false unless previous_module.cs__const_defined?(segment)
-
-            previous_module = previous_module.cs__const_get(segment)
-          end
-
-          true
+          Module.cs__const_defined?(name)
         rescue NameError # account for nonsense / poorly formatted constants
           false
         end

data/lib/contrast/utils/findings.rb

@@ -34,7 +34,7 @@ module Contrast
       # @param ret [Object] the Return of the invoked method
       # @param args [Array<Object>] the Arguments with which the method was invoked
       def collect_finding trigger_node, source, object, ret, *args
-        push trigger_node, source, object, ret, args
+        push(trigger_node, source, object, ret, args)
         logger.trace('Finding collected', node_id: trigger_node.id,
                                           source_id: source.__id__,
                                           rule: trigger_node.rule_id)
@@ -52,11 +52,11 @@ module Contrast
 
         while @_collection.any?
           finding = @_collection.pop
-          Contrast::Agent::Assess::Policy::TriggerMethod.build_finding finding[:trigger_node],
+          Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(finding[:trigger_node],
                                                                        finding[:source],
                                                                        finding[:object],
                                                                        finding[:ret],
-                                                                       finding[:args]
+                                                                       finding[:args])
         end
         true
       end

data/lib/contrast/utils/hash_digest.rb

@@ -15,8 +15,8 @@ module Contrast
     class HashDigest < Digest::Class
       include Digest::Instance
       extend Contrast::Utils::HashDigestExtend
-
       CONTENT_LENGTH_HEADER = 'Content-Length'
+      CHARS = %w[a b c d e f g].cs__freeze
       CRYPTO_RULES = %w[crypto-bad-ciphers crypto-bad-mac].cs__freeze
       CONFIG_PATH_KEY = 'path'
       CONFIG_SESSION_ID_KEY = 'sessionId'
@@ -24,6 +24,11 @@ module Contrast
       CLASS_CONSTANT_NAME_KEY = 'name'
       CLASS_LINE_NO_KEY = 'lineNo'
 
+      def initialize
+        super
+        @crc32 = 0
+      end
+
       # Update to CRC checksum the finding route and verb if finding route
       # [Contrast::Api::Dtm::RouteCoverage] is available else update the passed
       # request or Contrast::REQUEST_TRACKER.current.request uri and used request
@@ -77,7 +82,6 @@ module Contrast
         end
       end
 
-      CHARS = %w[a b c d e f g].cs__freeze
       # This method converts and integer value for length into a string value
       # that we can hash on, based on the logarithmic value of the length, and
       # updates the current hash with that value.
@@ -86,11 +90,6 @@ module Contrast
         update(CHARS[Math.log10(chr.to_s.length).to_i] || CHARS[-1])
       end
 
-      def initialize
-        super
-        @crc32 = 0
-      end
-
       # Converts  given string to CRC checksum. CRC32 checksum ensures that If error
       # of a single bit occurs, the CRC checksum will fail, regardless of any other
       # property of the transmitted data, including its length. Called several times

data/lib/contrast/utils/head_dump_utils_extend.rb

@@ -13,7 +13,7 @@ module Contrast
         delay  = control[:delay]
         clean  = control[:clean]
 
-        logger.info <<~WARNING
+        logger.info(<<~WARNING)
           *****************************************************
           ********      HEAP DUMP HAS BEEN ENABLED     ********
           *** APPLICATION PROCESS WILL EXIT UPON COMPLETION ***

data/lib/contrast/utils/input_classification.rb

@@ -0,0 +1,73 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/object_share'
+require 'contrast/agent/reporting/input_analysis/input_type'
+require 'contrast/agent/reporting/input_analysis/score_level'
+require 'contrast/agent/protect/input_analyzer/input_analyzer'
+
+module Contrast
+  module Agent
+    module Protect
+      module Rule
+        # This module will include all the similar information for all input classifications
+        # between different rules
+        module InputClassificationBase
+          include Contrast::Agent::Reporting::InputType
+          include Contrast::Agent::Reporting::ScoreLevel
+
+          # Input Classification stage is done to determine if an user input is
+          # WORTHWATCHING or to be ignored.
+          #
+          # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
+          # @param value [String, Array<String>] the value of the input.
+          # @param input_analysis [Contrast::Agent::Reporting::InputAnalysis] Holds all the results from the
+          #                                                       agent analysis from the current
+          #                                                       Request.
+          # @return ia [Contrast::Agent::Reporting::InputAnalysis] with updated results.
+          def classify input_type, value, input_analysis # rubocop:disable Lint/UnusedMethodArgument
+            return false unless input_analysis.request
+
+            true
+          end
+
+          # Creates new isntance of InputAnalysisResult with basic info.
+          #
+          # @param rule_id [String] The name of the Protect Rule.
+          # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
+          # @param value [String, Array<String>] the value of the input.
+          # @param path [String] the path of the current request context.
+          #
+          # @return res [Contrast::Agent::Reporting::InputAnalysisResult]
+          def new_ia_result rule_id, input_type, path, value = nil
+            res = Contrast::Agent::Reporting::InputAnalysisResult.new
+            res.rule_id = rule_id
+            res.input_type = input_type
+            res.path = path
+            res.value = value
+            res
+          end
+
+          # This methods checks if input is value that matches a key in the input.
+          #
+          # @param request [Contrast::Agent::Request] the current request context.
+          # @param result [Contrast::Agent::Reporting::InputAnalysisResult] result to be updated.
+          # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
+          # @param value [String, Array<String>] the value of the input.
+          #
+          # @return result [Contrast::Agent::Reporting::InputAnalysisResult] updated with key result.
+          def add_needed_key request, result, input_type, value
+            case input_type
+            when COOKIE_VALUE
+              result.key = request.cookies.key(value)
+            when PARAMETER_VALUE
+              result.key = request.parameters.key(value)
+            else
+              result.key
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/utils/invalid_configuration_util.rb

@@ -50,10 +50,10 @@ module Contrast
         new_preflight_message.data = "#{ rule_id },#{ hash_code }"
         new_preflight.messages << new_preflight_message
 
-        ruby_finding = Contrast::Agent::Reporting::Finding.new rule_id
+        ruby_finding = Contrast::Agent::Reporting::Finding.new(rule_id)
         ruby_finding.hash_code = hash_code
         set_new_finding_properties(ruby_finding, user_provided_options, call_location)
-        Contrast::Agent.reporter&.send_event_immediately(new_preflight)
+        Contrast::Agent.reporter&.send_event(new_preflight)
         Contrast::Agent::Reporting::ReportingStorage[hash_code] = ruby_finding
       end