contrast-agent 6.0.0 → 6.1.0

data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb

@@ -36,50 +36,64 @@ module Contrast
             # @param response [Contrast::Agent::Response] the response of the application
             # @return [Hash, nil] the evidence required to prove the violation of the rule
             def violated? response
-              has_header, evidence = process_header(response)
-              return evidence unless evidence.nil?
+              return unless header?(response) && meta_tag?(response)
 
-              has_tag, evidence = process_body(response)
-              return evidence unless evidence.nil?
-              return {} if !has_header && !has_tag
+              header_evidence = header_evidence(response)
+              return if header_evidence.nil?
 
-              nil
+              tag_evidence = tag_evidence(response)
+              return if tag_evidence.nil?
+
+              { DATA => [header_evidence, tag_evidence] }
             end
 
-            # Process Header value to determine if it violates rule
+            # Is a cache-control header available?
             # @param response [Contrast::Agent::Response] the response of the application
-            # @return [Array[Boolean, Hash]] whether the header exists and the evidence hash or nil
-            def process_header response
-              # Rails 7 adds support for the cache_control header directly in the
-              # rack response, we should use that value
-              if framework_supported?
-                cache_control = response.rack_response.cache_control
-                has_header = !cache_control.blank?
-                not_valid = has_header && !((cache_control[:no_cache]) || (cache_control[:no_store]))
-                # evidence requires header value string, pull directly instead of rebuilding from hash
-                return has_header, evidence(HEADER_TYPE, NAME, cache_control_to_s(cache_control)) if not_valid
-              else
-                # This rule is violated if the header is not there is there,
-                # but the value is not 'no-store' or 'no-cache'
-                cache_control = get_header_value(response)
-                has_header = !!cache_control
-                not_valid = has_header && !valid_header?(cache_control)
-                return has_header, evidence(HEADER_TYPE, NAME, cache_control) if not_valid
+            # @return [Boolean]
+            def header? response
+              cache_control = cache_control_from(response)
+              framework_supported? ? !cache_control.blank? : !!cache_control
+            end
+
+            # Is a cache-control meta tag available?
+            # @param response [Contrast::Agent::Response] the response of the application
+            # @return [Boolean]
+            def meta_tag? response
+              return false if meta_tags(response).empty?
+
+              meta_tags(response).each do |tag|
+                return true if meta_cache_tag? tag[HTML_PROP]
               end
-              [has_header, nil]
+
+              false
             end
 
-            # Process Body to determine cache control exists as meta tag and if it violates rule
+            def meta_tags response
+              return @_meta_tags if defined? @meta_tags
+
+              @_meta_tags = html_elements(response.body&.split(HEAD_TAG)&.last, META_START_STR)
+            end
+
+            # Process Header value to determine if it violates rule
+            # @param response [Contrast::Agent::Response] the response of the application
+            # @return [Hash, nil] the evidence hash or nil
+            def header_evidence response
+              cache_control = cache_control_from(response)
+              value = framework_supported? ? cache_control : cache_control_to_s(cache_control)
+              # If header is valid, then this portion of the rule isn't violated.
+              return if valid_header?(value)
+
+              # evidence requires header value string, pull directly instead of rebuilding from hash
+              evidence(HEADER_TYPE, NAME, value)
+            end
+
+            # Process Body to determine if cache control meta tag violates rule
             # @param response [Contrast::Agent::Response] the response of the application
-            # @return [Array[Boolean, Hash]] whether the meta tags exists and the evidence hash or nil
-            def process_body response
-              body = response.body
-              # check if the meta tag is include it
-              meta_tags = html_elements(body&.split(HEAD_TAG)&.last, META_START_STR)
-              meta_tags.each do |tag|
-                return true, evidence(META_TYPE, PRAGMA, tag[HTML_PROP]) if meta_cache_tag? tag[HTML_PROP]
+            # @return [Hash, nil] the evidence hash or nil
+            def tag_evidence response
+              meta_tags(response).each do |tag|
+                return evidence(META_TYPE, PRAGMA, tag[HTML_PROP]) if meta_cache_tag? tag[HTML_PROP]
               end
-              [!meta_tags.empty?, nil]
             end
 
             def potential_elements section, element_start
@@ -121,13 +135,23 @@ module Contrast
             end
 
             # This method accepts the violation and transforms it to the proper hash
-            # before return in as violation
+            # before returning a violation
             #
             # @param type [String] String of Header or META of the type
             # @param name [String] String of either cache-control or pragma
             # @param value [String] String of the violated value
             def evidence type, name, value
-              { DATA => { type: type, name: name, value: value }.to_s }
+              { type: type, name: name, value: value }.to_json
+            end
+
+            def cache_control_from response
+              # Rails 7 adds support for the cache_control header directly in the
+              # rack response, we should use that value
+              if framework_supported? && response.rack_response.cs__is_a?(Rack::Response)
+                response.rack_response.cache_control
+              else
+                get_header_value(response)
+              end
             end
 
             # Rebuilds the String value of the Cache-Control Header

data/lib/contrast/agent/at_exit_hook.rb

@@ -31,7 +31,7 @@ module Contrast
         context = Contrast::Agent::REQUEST_TRACKER.current
         return unless context
 
-        Contrast::Agent.messaging_queue.send_event_immediately(context.activity)
+        Contrast::Agent.messaging_queue&.send_event_immediately(context.activity)
       end
     end
   end

data/lib/contrast/agent/inventory/database_config.rb

@@ -44,20 +44,27 @@ module Contrast
               end
             end
           rescue StandardError => e
-            logger.error('Unable to append db config', e)
+            logger.warn('Unable to append db config', e)
             nil
           end
 
           private
 
           # We capture the active record configuration used by this application, as reported by
-          # ActiveRecord::Base.connection_config, so that we can record it once and report it as needed.
+          # ActiveRecord::Base.connection_db_config, so that we can record it once and report it as needed.
           #
           # @return [Hash]
           def active_record_config
             return @_active_record_config if instance_variable_defined?(:@_active_record_config)
 
-            @_active_record_config = ActiveRecord::Base.connection_config rescue nil # rubocop:disable Style/RescueModifier
+            @_active_record_config = if ActiveRecord::Base.cs__respond_to?(:connection_db_config)
+                                       ActiveRecord::Base.connection_db_config
+                                     else
+                                       # TODO: RUBY-99999 - Remove when Rails 6.0 is not supported
+                                       ActiveRecord::Base.connection_config
+                                     end
+          rescue StandardError
+            nil
           end
 
           # The classes we instrument in order to determine which, if any, database(s) an application connects to take

data/lib/contrast/agent/middleware.rb

@@ -13,7 +13,7 @@ require 'contrast/utils/heap_dump_util'
 require 'contrast/utils/telemetry'
 require 'contrast/agent/request_handler'
 require 'contrast/agent/static_analysis'
-require 'contrast/agent/telemetry/events/startup_metrics_telemetry_event'
+require 'contrast/agent/telemetry/events/startup_metrics_event'
 require 'contrast/utils/middleware_utils'
 
 require 'contrast/utils/timer'
@@ -78,9 +78,9 @@ module Contrast
           Contrast::Agent.thread_watcher.ensure_running?
         end
 
-        if Contrast::Agent::Telemetry.enabled?
+        if Contrast::Agent::Telemetry::Base.enabled?
           logger.debug_with_time('middleware: sending startup metrics telemetry event') do
-            event = Contrast::Agent::StartupMetricsTelemetryEvent.new
+            event = Contrast::Agent::Telemetry::StartupMetricsEvent.new
             Contrast::Agent.thread_watcher.telemetry_queue.send_event(event)
           end
         end

data/lib/contrast/agent/patching/policy/after_load_patch.rb

@@ -59,8 +59,6 @@ module Contrast
           end
 
           def instrument!
-            return if instrumenting_module == :'Contrast::Framework::Rails::Rewrite' && RAILS_VER >= '2.6.0'
-
             require instrumentation_file_path
 
             if instrumenting_module

data/lib/contrast/agent/patching/policy/patch.rb

@@ -114,16 +114,15 @@ module Contrast
             #                          (equivalent to :alias, where `module = module.singleton class`)
             #                          (this is a.k.a. "class-method patch")
             #   :prepend            -> prepend instance method of module
-            #   [prepending singleton is easily supported too, just not implemented yet.]
+            #   :prepending singleton -> prepend singleton method of module
             # @return [Symbol] new alias for the underlying method (presumably, so the patched method can call it)
             def register_c_patch target_module_name, unbound_method, impl = :alias_instance
               # These could be set as AfterLoadPatches.
               method_name = unbound_method.name.to_sym # rubocop:disable Security/Module/Name -- ruby built in attribute.
-              underlying_method_name = build_unbound_method_name(method_name).to_sym
+              underlying_method_name = underlying_method_name(method_name, impl)
 
               target_module = Module.cs__const_get(target_module_name)
-              target_module = target_module.cs__singleton_class if %i[prepend_singleton prepend].include? impl
-              target_module = target_module.cs__singleton_class if %i[alias_singleton prepend].include? impl
+              target_module = target_module.cs__singleton_class if %i[prepend_singleton alias_singleton].include? impl
 
               visibility = if target_module.private_instance_methods(false).include?(method_name)
                              :private
@@ -161,7 +160,7 @@ module Contrast
             # @param visibility [Symbol] method visibility
             def reflect_implementation impl, target_module, unbound_method, visibility
               method_name = unbound_method.name.to_sym # rubocop:disable Security/Module/Name -- ruby built in attribute.
-              underlying_method_name = build_unbound_method_name(method_name).to_sym
+              underlying_method_name = underlying_method_name(method_name, impl)
 
               case impl
               when :alias_instance, :alias_singleton
@@ -174,14 +173,10 @@ module Contrast
                 end
                 target_module.send(visibility, method_name) # e.g., module.private(:my_method)
               when :prepend_instance, :prepend_singleton
+                prepending_module = Module.new
+                prepending_module.send(:define_method, method_name, unbound_method.bind(target_module))
+                prepending_module.send(visibility, method_name)
 
-                unless target_module.instance_methods(false).include? underlying_method_name
-
-                  prepending_module = Module.new
-                  prepending_module.send(:define_method, method_name, unbound_method.bind(target_module))
-                  prepending_module.send(visibility, method_name)
-
-                end
                 # This prepends to the singleton class (it patches a class method)
                 target_module.prepend prepending_module
                 # rubocop:enable Performance/Kernel/DefineMethod
@@ -207,6 +202,12 @@ module Contrast
 
               !ASSESS&.enabled?
             end
+
+            def underlying_method_name method_name, impl
+              return method_name.to_sym if %i[prepend_instance prepend_singleton].include? impl
+
+              build_unbound_method_name(method_name).to_sym
+            end
           end
         end
       end

data/lib/contrast/agent/patching/policy/patcher.rb

@@ -207,7 +207,7 @@ module Contrast
             def patch_into_instance_methods module_data, module_policy
               mod = module_data.mod
               methods = all_instance_methods(mod, private: true)
-              methods.delete(:initialize) if mod.to_s.starts_with?('RSpec') && mod.to_s.include?('Matchers')
+              methods.delete(:initialize) if mod.to_s.start_with?('RSpec') && mod.to_s.include?('Matchers')
               patch_into_methods(mod, methods, module_policy, true)
             end
 

data/lib/contrast/agent/protect/input_analyzer/input_analyzer.rb

@@ -8,6 +8,7 @@ require 'contrast/agent/protect/rule/no_sqli/no_sqli_input_classification'
 require 'contrast/agent/protect/rule/sqli/sqli_input_classification'
 require 'contrast/agent/protect/rule/unsafe_file_upload/unsafe_file_upload_input_classification'
 require 'contrast/agent/protect/rule/unsafe_file_upload'
+require 'contrast/components/logger'
 require 'contrast/utils/object_share'
 require 'contrast/agent/protect/rule/cmdi/cmdi_input_classification'
 require 'contrast/agent/protect/rule/http_method_tampering/http_method_tampering_input_classification'
@@ -59,7 +60,7 @@ module Contrast
           # @param request [Contrast::Agent::Request] current request context.
           # @return input_analysis [Contrast::Agent::Reporting::InputAnalysis, nil]
           def analyse request
-            return unless Contrast::SETTINGS.protect_state.enabled
+            return unless Contrast::PROTECT.enabled?
             return if request.nil?
 
             inputs = extract_input request
@@ -86,8 +87,11 @@ module Contrast
               next if value.nil? || value.empty?
 
               PROTECT_RULES.each do |_key, rule|
+                protect_rule = Contrast::PROTECT.rule(rule[:rule_name])
+                logger.debug("Rule #{ rule[:rule_name] } not recognised in Protect rules") if protect_rule.nil?
+
                 # check if rule is enabled
-                next unless Contrast::PROTECT.rule(rule[:rule_name]).enabled?
+                next unless protect_rule&.enabled?
 
                 # method tampering doesn't take value
                 if rule[:rule_name] == Contrast::Agent::Protect::Rule::HttpMethodTampering::NAME

data/lib/contrast/agent/reporting/masker/masker.rb

@@ -33,21 +33,18 @@ module Contrast
           # @param [Contrast::Api::Dtm::Activity]
           def mask activity
             return unless Contrast::Agent::Reporter.enabled?
-            return unless activity || activity.http_request || activity.results
+            return unless activity
 
             logger.debug('Searching for sensitive data',
                          activity: activity.__id__,
                          request: activity.http_request&.uuid)
-            mask_body activity
-            mask_query_string activity
-            mask_request_params activity
-            mask_request_cookies activity
-            mask_request_headers activity
-          rescue StandardError => e
-            logger.debug('Could not mask activity!',
-                         activity: activity.__id__,
-                         request: activity.http_request&.uuid,
-                         error_msg: e.message)
+            mask_body(activity)
+            mask_query_string(activity)
+            mask_request_params(activity)
+            mask_request_cookies(activity)
+            mask_request_headers(activity)
+          rescue StandardError => _e
+            logger.debug('Could not mask activity!', activity: activity.__id__, request: activity.http_request&.uuid)
           end
 
           private

data/lib/contrast/agent/reporting/masker/masker_utils.rb

@@ -14,10 +14,14 @@ module Contrast
         # @param field_hash [Protobuf::Field::FieldHash] hash to be masked
         # @param results [Array<Contrast::Api::Dtm::AttackResults>]
         # results to match against.
+        # @return [Hash]
         def mask_field_hash field_hash, results
+          return {} unless field_hash&.any?
+
           hash = {}
-          masked = EMPTY_STRING
-          field_hash.any? do |entry|
+          # Because this is the start of a built string, we have to be sure that it is not frozen.
+          masked = +''
+          field_hash.each do |entry|
             # Protobuf::Field::FieldHash produces array, with the key as first param and value as second.
             new_value = entry[1].delete(SEMICOLON).split(SPACE)
             new_value.each do |value|
@@ -29,7 +33,7 @@ module Contrast
             mask_with_dictionary results, hash
 
             # Restore to original form.
-            hash.each { |k, v| masked += "#{ k + EQUALS }#{ v + SEMICOLON + SPACE }" }
+            hash.each { |k, v| masked += "#{ k }=#{ v }; " }
             masked.rstrip!
             field_hash[entry[0]] = masked
           end
@@ -48,7 +52,7 @@ module Contrast
           hash = URI.decode_www_form(query).to_h
           mask_with_dictionary results, hash
           # Restore to string form.
-          hash.each { |k, v| masked += "#{ k + EQUALS }#{ v }#{ AMPERSAND }" }
+          hash.each { |k, v| masked += "#{ k }=#{ v }&" }
           query = masked
           query.chomp!(masked[-1])
         end

data/lib/contrast/agent/reporting/reporter.rb

@@ -31,10 +31,6 @@ module Contrast
         @_connection ||= client.initialize_connection
       end
 
-      def audit
-        @_audit ||= Contrast::Agent::Reporting::Audit.new
-      end
-
       def attempt_to_start?
         unless cs__class.enabled?
           logger.warn('Reporter service is disabled!')
@@ -65,7 +61,7 @@ module Contrast
       # Suspend the Reporter and try sending the event after the timeout.
       # The timeout is either default 15 min or received via TS response.
       #
-      # @param event [Contrast::Agent::Reporting::FindingEvent] Freshly pop-ed event.
+      # @param event [Contrast::Agent::Reporting::ReportingEvent] Freshly pop-ed event.
       def handle_resend event
         sleep(client.timeout) if client.sleep?
         # Retry once than discard the event. This is trigger on too many events of
@@ -75,6 +71,7 @@ module Contrast
         client.wake_up
       end
 
+      # @param event [Contrast::Agent::Reporting::ReportingEvent]
       def send_event event
         if ::Contrast::AGENT.disabled?
           logger.warn('Attempted to queue event with Agent disabled', caller: caller, event: event)
@@ -84,23 +81,21 @@ module Contrast
         return unless cs__class.enabled?
 
         logger.debug('Enqueued event for sending', event_type: event.cs__class)
-        audit&.audit_event(event) if ::Contrast::API.request_audit_enable?
         queue << event
       end
 
       # Use this to bypass the messaging queue and leave response processing to the caller
+      #
+      # @param event [Contrast::Agent::Reporting::ReportingEvent]
+      # @return [Net::HTTPResponse, nil]
       def send_event_immediately event
         if ::Contrast::AGENT.disabled?
           logger.warn('Reporter attempted to send event immediately with Agent disabled', caller: caller, event: event)
           return
         end
-        response = client.send_event(event, connection, true)
-        return unless response
-
-        client.handle_response(event, response, connection)
-        audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable?
+        client.send_event(event, connection, send_immediately: true)
       rescue StandardError => e
-        logger.error('Could not send message to service from Reporter queue.', e)
+        logger.error('Could not send message to TeamServer from Reporter queue.', e)
       end
 
       def delete_queue!
@@ -122,12 +117,12 @@ module Contrast
         @_queue ||= Queue.new
       end
 
+      # @param event [Contrast::Agent::Reporting::ReportingEvent]
       def process_event event
-        response = client.send_event(event, connection)
-        audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable?
-        handle_resend event
+        client.send_event(event, connection)
+        handle_resend(event) if client.mode.status == client.mode.resending
       rescue StandardError => e
-        logger.error('Could not send message to service from Reporter queue.', e)
+        logger.error('Could not send message to TeamServer from Reporter queue.', e)
       end
     end
   end

data/lib/contrast/agent/reporting/reporter_heartbeat.rb

@@ -0,0 +1,49 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/worker_thread'
+require 'contrast/agent/reporting/report'
+require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/agent_startup'
+
+module Contrast
+  module Agent
+    # The ReporterHeartbeat will make sure that the process remains marked alive by TeamServer and that we periodically
+    # reach out to get the latest settings for this application.
+    class ReporterHeartbeat < WorkerThread
+      include Contrast::Components::Logger::InstanceMethods
+
+      # TeamServer will mark an application offline after 5 minutes. Sending this every one should be more than enough
+      # to satisfy our goals.
+      REFRESH_INTERVAL_SEC = 60
+
+      # check if we can report to TS
+      #
+      # @return[Boolean] true if bypass is enabled, or false if bypass disabled
+      def enabled?
+        @_enabled = Contrast::CONTRAST_SERVICE.use_agent_communication? if @_enabled.nil?
+        @_enabled
+      end
+
+      def connection
+        @_connection ||= client.initialize_connection
+      end
+
+      def start_thread!
+        return if running?
+
+        @_thread = Contrast::Agent::Thread.new do
+          logger.info('Starting heartbeat thread.')
+          loop do
+            Contrast::Agent.reporter&.send_event(poll_message)
+            sleep(REFRESH_INTERVAL_SEC)
+          end
+        end
+      end
+
+      def poll_message
+        @_poll_message ||= Contrast::Agent::Reporting::Poll.new
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/agent_startup.rb

@@ -1,7 +1,7 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/reporting/reporting_events/reporting_event'
+require 'contrast/agent/reporting/reporting_events/server_reporting_event'
 require 'contrast/config'
 
 module Contrast
@@ -9,7 +9,7 @@ module Contrast
     module Reporting
       #	AgentStartup Event which sends the agent data to TeamServer on the startup of a server or process,
       # used to create a new Server entity there.
-      class AgentStartup < Contrast::Agent::Reporting::ReportingEvent
+      class AgentStartup < Contrast::Agent::Reporting::ServerReportingEvent
         def initialize
           @event_method = :PUT
           @event_endpoint = Contrast::Agent::Reporting::Endpoints::NG_ENDPOINTS[:agent_startup]
@@ -17,6 +17,10 @@ module Contrast
           super
         end
 
+        def file_name
+          'agent-startup'
+        end
+
         def to_controlled_hash
           {
               environment: ::Contrast::CONFIG.root.server.environment,

data/lib/contrast/agent/reporting/reporting_events/application_activity.rb

@@ -0,0 +1,53 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/application_reporting_event'
+require 'contrast/agent/reporting/reporting_events/application_defend_activity'
+require 'contrast/agent/reporting/reporting_events/application_inventory_activity'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationActivity class which will include all the needed information for the new reporting
+      # system to report
+      class ApplicationActivity < Contrast::Agent::Reporting::ApplicationReportingEvent
+        class << self
+          # @param app_activity_dtm [Contrast::Api::Dtm::Activity]
+          # @return [Contrast::Agent::Reporting::ApplicationActivity]
+          def convert app_activity_dtm
+            app_activity = new
+            app_activity.attach_data app_activity_dtm
+            app_activity
+          end
+        end
+
+        def initialize
+          @defend = []
+          @inventory = []
+          @event_type = :application_activity
+          @event_endpoint = Contrast::Agent::Reporting::Endpoints.application_activity
+          super
+        end
+
+        def file_name
+          'activity-application'
+        end
+
+        def to_controlled_hash
+          {
+              lastUpdate: since_last_update,
+              defend: @defend.map(&:to_controlled_hash),
+              inventory: @inventory.map(&:to_controlled_hash)
+          }
+        end
+
+        # @param activity_dtm [Contrast::Api::Dtm::ApplicationActivity]
+        def attach_data activity_dtm
+          @defend << Contrast::Agent::Reporting::ApplicationDefendActivity.convert(activity_dtm)
+          @inventory << Contrast::Agent::Reporting::ApplicationInventoryActivity.convert(activity_dtm)
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb

@@ -0,0 +1,48 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+require 'contrast/agent/reporting/reporting_events/application_defend_attacker_activity'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationDefendActivity class which includes information about the defense of the application
+      # which was discovered during exercise of the application during this activity period.
+      class ApplicationDefendActivity
+        # @return [Array<Contrast::Agent::Reporting::ApplicationDefendAttackerActivity>]
+        attr_reader :attackers
+
+        class << self
+          # @param activity_dtm [Contrast::Api::Dtm::ApplicationActivity]
+          # @return [Contrast::Agent::Reporting::ApplicationDefendActivity]
+          def convert activity_dtm
+            activity = new
+            activity.attach_data activity_dtm.results
+            activity
+          end
+        end
+
+        def initialize
+          @attackers = []
+          @event_type = :application_defend_activity
+          super
+        end
+
+        def to_controlled_hash
+          {
+              attackers: attackers.map(&:to_controlled_hash)
+          }
+        end
+
+        # @param attack_dtms [Contrast::Api::Dtm::AttackResult]
+        # @return [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
+        def attach_data attack_dtms
+          attack_dtms.each do |attack|
+            @attackers << Contrast::Agent::Reporting::ApplicationDefendAttackerActivity.convert(attack)
+          end
+        end
+      end
+    end
+  end
+end