contrast-agent 6.0.0 → 6.1.0

data/lib/contrast/configuration.rb

@@ -7,7 +7,6 @@ require 'fileutils'
 require 'contrast/config'
 require 'contrast/utils/object_share'
 require 'contrast/components/scope'
-require 'contrast/utils/exclude_key'
 
 module Contrast
   # This is how we read in the local settings for the Agent, both ENV/ CMD line
@@ -27,15 +26,17 @@ module Contrast
     MILLISECOND_MARKER = '_ms'
     CONVERSION = { 'agent.service.enable' => 'agent.start_bundled_service' }.cs__freeze
     CONFIG_BASE_PATHS = ['', 'config/', '/etc/contrast/ruby/', '/etc/contrast/', '/etc/'].cs__freeze
+    KEYS_TO_REDACT = %i[api_key url service_key user_name].cs__freeze
+    REDACTED = '**REDACTED**'
 
     def initialize cli_options = nil, default_name = DEFAULT_YAML_PATH
       @default_name = default_name
 
       # Load config_kv from file
-      config_kv = deep_stringify_all_keys(load_config)
+      config_kv = deep_symbolize_all_keys(load_config)
 
       # Overlay CLI options - they take precedence over config file
-      cli_options = deep_stringify_all_keys(cli_options)
+      cli_options = deep_symbolize_all_keys(cli_options)
       config_kv = deep_merge(cli_options, config_kv) if cli_options
 
       # Some in-flight rewrites to maintain backwards compatibility
@@ -105,7 +106,7 @@ module Contrast
     def update_prop_keys config
       CONVERSION.each_pair do |old_method, new_method|
         # See if the old value was set and needs to be translated
-        deprecated_keys = old_method.split('.')
+        deprecated_keys = old_method.split('.').map(&:to_sym)
         old_value = config
         deprecated_keys.each do |key|
           old_value = old_value[key]
@@ -114,7 +115,7 @@ module Contrast
         next if old_value.nil? # have to account for literal false
 
         log_deprecated_property(old_method, new_method)
-        new_keys = new_method.split('.')
+        new_keys = new_method.split('.').map(&:to_sym)
         # We changed the seconds values into ms values. Multiply them accordingly
         old_value = old_value.to_i * 1000 if new_method.end_with?(MILLISECOND_MARKER)
         new_value = config
@@ -147,12 +148,12 @@ module Contrast
       end
     end
 
-    def deep_stringify_all_keys hash
+    def deep_symbolize_all_keys hash
       return if hash.nil?
 
       new_hash = {}
       hash.each do |key, value|
-        new_hash[key.to_s] = value.is_a?(Hash) ? deep_stringify_all_keys(value) : value
+        new_hash[key.to_sym] = value.is_a?(Hash) ? deep_symbolize_all_keys(value) : value
       end
       new_hash
     end
@@ -219,10 +220,9 @@ module Contrast
       when Contrast::Config::BaseConfiguration
         # to_hash returns @configuration_map
         convert.to_hash.each_key do |key|
-          next if Contrast::Utils::ExcludeKey.excludable?(key.to_s)
-
           # change '-' to '_' for ProtectRulesConfiguration
           hash[key] = convert_to_hash(convert.send(key.tr('-', '_').to_sym), {})
+          hash[key] = REDACTED if redactable?(key)
         end
         hash
       else
@@ -234,7 +234,7 @@ module Contrast
       idx = 0
       end_idx = new_keys.length - 1
       while idx < new_keys.length
-        new_key = new_keys[idx]
+        new_key = new_keys[idx].to_sym
         if idx == end_idx
           new_value[new_key] = old_value if new_value[new_key].nil?
         else
@@ -245,5 +245,14 @@ module Contrast
         idx += 1
       end
     end
+
+    # Check if keys with sensitive data needs to be
+    # redacted.
+    #
+    # @param key [Symbol] key to check
+    # @return[Boolean] true | false
+    def redactable? key
+      KEYS_TO_REDACT.include?(key.to_sym)
+    end
   end
 end

data/lib/contrast/framework/rails/patch/support.rb

@@ -25,51 +25,19 @@ module Contrast
 
           # (See BaseSupport#after_load_patches)
           def after_load_patches
-            patches = Set.new([
-                                Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                                    'ActionController::Live::Buffer',
-                                    'contrast/framework/rails/patch/action_controller_live_buffer',
-                                    instrumenting_module:
-                                      'Contrast::Framework::Rails::Patch::ActionControllerLiveBuffer'),
-                                Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                                    'Rails::Application::Configuration',
-                                    'contrast/framework/rails/patch/rails_application_configuration',
-                                    method_to_instrument: :session_store,
-                                    instrumenting_module:
-                                      'Contrast::Framework::Rails::Patch::RailsApplicationConfiguration')
-                              ])
-            patches.merge(special_after_load_patches) if RUBY_VERSION < '2.6.0'
-            patches
-          end
-
-          def special_after_load_patches
-            [
-              # TODO: RUBY-714 remove w/ EOL of 2.5
-              #
-              # @deprecated  Everything past here is used for Rewriting and can
-              #   be removed once we no longer support 2.5.
-              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                  'ActionController::Railties::Helper::ClassMethods',
-                  'contrast/framework/rails/rewrite/action_controller_railties_helper_inherited',
-                  method_to_instrument: :inherited,
-                  instrumenting_module:
-                    'Contrast::Framework::Rails::Rewrite::ActionControllerRailtiesHelperInherited'),
-              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                  'ActiveRecord::AttributeMethods::Read::ClassMethods',
-                  'contrast/framework/rails/rewrite/active_record_attribute_methods_read',
-                  instrumenting_module:
-                    'Contrast::Framework::Rails::Rewrite::ActiveRecordAttributeMethodsRead'),
-              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                  'ActiveRecord::Scoping::Named::ClassMethods',
-                  'contrast/framework/rails/rewrite/active_record_named',
-                  instrumenting_module: 'Contrast::Framework::Rails::Rewrite::ActiveRecordNamed'),
-              Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
-                  'ActiveRecord::AttributeMethods::TimeZoneConversion::ClassMethods',
-                  'contrast/framework/rails/rewrite/active_record_time_zone_inherited',
-                  method_to_instrument: :inherited,
-                  instrumenting_module:
-                    'Contrast::Framework::Rails::Rewrite::ActiveRecordTimeZoneInherited')
-            ]
+            Set.new([
+                      Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
+                          'ActionController::Live::Buffer',
+                          'contrast/framework/rails/patch/action_controller_live_buffer',
+                          instrumenting_module:
+                            'Contrast::Framework::Rails::Patch::ActionControllerLiveBuffer'),
+                      Contrast::Agent::Patching::Policy::AfterLoadPatch.new(
+                          'Rails::Application::Configuration',
+                          'contrast/framework/rails/patch/rails_application_configuration',
+                          method_to_instrument: :session_store,
+                          instrumenting_module:
+                            'Contrast::Framework::Rails::Patch::RailsApplicationConfiguration')
+                    ])
           end
         end
       end

data/lib/contrast/logger/aliased_logging.rb

@@ -0,0 +1,87 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/telemetry/events/exceptions/telemetry_exceptions'
+
+module Contrast
+  module Logger
+    # Our decorator for the Ougai logger allowing for the catching, creating and saving Telemetry exceptions
+    module AliasedLogging
+      ALIASED_WARN = 'warn'.cs__freeze
+      ALIASED_ERROR = 'error'.cs__freeze
+      ALIASED_FATAL = 'fatal'.cs__freeze
+
+      # @param message [String] The message to log. Use default_message if not specified.
+      # @param exception [Exception] The exception or the error
+      # @param data [Object] Any structured data
+      def warn message = nil, exception = nil, data = nil, &block
+        # build Telemetry Exclusion
+        build_exclusion(ALIASED_WARN, message, exception, data)
+        super(message, exception, data, &block)
+      end
+
+      # @param message [String] The message to log. Use default_message if not specified.
+      # @param exception [Exception] The exception or the error
+      # @param data [Object] Any structured data
+      def error message = nil, exception = nil, data = nil, &block
+        # build Telemetry Exclusion
+        build_exclusion(ALIASED_ERROR, message, exception, data)
+        super(message, exception, data, &block)
+      end
+
+      # @param message [String] The message to log. Use default_message if not specified.
+      # @param exception [Exception] The exception or the error
+      # @param data [Object] Any structured data
+      def fatal message = nil, exception = nil, data = nil, &block
+        # build Telemetry Exclusion
+        build_exclusion(ALIASED_FATAL, message, exception, data)
+        super(message, exception, data, &block)
+      end
+
+      private
+
+      def build_exclusion type, message = nil, exception = nil, data = nil
+        start = caller_locations&.find_index { |stack| stack.to_s.include?(type) }
+        stack_trace = start ? caller_locations(start + 1, 20) : caller_locations(20, 20)
+        stack_frame_type = stack_trace[1].path.delete_prefix(Dir.pwd)
+        message_exception_type = exception ? exception.cs__class.to_s : stack_frame_type.split('/').last
+        stack_frame_function = stack_trace[1].label
+        key = "#{ stack_frame_type }|#{ stack_frame_function }|#{ message }"
+        if TELEMETRY_EXCEPTIONS[key]
+          TELEMETRY_EXCEPTIONS.increment key
+          return
+        end
+
+        event_message = create_message(stack_frame_function, stack_frame_type, message_exception_type, data, exception,
+                                       message)
+        TELEMETRY_EXCEPTIONS[key] = event_message
+      rescue StandardError => e
+        debug('Unable to report exception to telemetry', e)
+      end
+
+      def create_message stack_frame_function, stack_frame_type, message_exception_type, data, exception, message
+        message_for_exception = if exception
+                                  exception.cs__respond_to?(:message) ? exception.message : exception
+                                else
+                                  message
+                                end
+        module_name = exception ? exception.cs__class.to_s.split('::').first : nil
+        stack_frame = Contrast::Agent::Telemetry::TelemetryException::StackFrame.build stack_frame_function,
+                                                                                       stack_frame_type,
+                                                                                       module_name
+        message_exception = Contrast::Agent::Telemetry::TelemetryException::MessageException.build(
+            message_exception_type,
+            message_for_exception,
+            module_name,
+            stack_frame)
+        tags = if data
+                 data
+               else
+                 exception.cs__is_a?(Hash) ? exception : {}
+               end
+        message = Contrast::Agent::Telemetry::TelemetryException::Message.build tags, [message_exception]
+        Contrast::Agent::Telemetry::TelemetryException::Event.new message
+      end
+    end
+  end
+end

data/lib/contrast/logger/application.rb

@@ -1,8 +1,6 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/utils/exclude_key'
-
 module Contrast
   module Logger
     # Our decorator for the Ougai logger allowing for the logging of the
@@ -31,8 +29,6 @@ module Contrast
         loggable = ::Contrast::CONFIG.loggable
         info('Current configuration', configuration: loggable)
         env_keys = ENV.keys.select do |env_key|
-          next if Contrast::Utils::ExcludeKey.excludable? env_key.to_s
-
           env_key&.to_s&.start_with?(Contrast::Components::Config::CONTRAST_ENV_MARKER)
         end
         env_items = env_keys.map { |env_key| Contrast::Utils::EnvConfigurationItem.new(env_key, nil) }

data/lib/contrast/tasks/config.rb

@@ -7,7 +7,7 @@ require 'contrast/agent/reporting/reporter'
 
 module Contrast
   # A Rake task to generate a contrast_security.yaml file with some basic settings
-  module Config
+  module Config # rubocop:disable Metrics/ModuleLength
     extend Rake::DSL
     DEFAULT_CONFIG = {
         'api' => {
@@ -32,6 +32,7 @@ module Contrast
     }.cs__freeze
 
     SKIP_LOG = %w[service_key api_key].cs__freeze
+    REQUIRED = %i[url api_key service_key user_name].cs__freeze
 
     namespace :contrast do
       namespace :config do
@@ -62,20 +63,19 @@ module Contrast
           puts 'Validating Contrast Reporter Headers...'
           reporter = Contrast::Config.validate_headers
           puts '...done!'
-          puts 'Testing Client Connection...'
+          puts 'Testing Reporter Client Connection...'
           Contrast::Config.test_connection(reporter) if reporter
           puts '...done!'
         end
       end
-      def self.validate_config # rubocop:disable Metrics/PerceivedComplexity
+
+      def self.validate_config
         config = Contrast::Configuration.new
         abort('Unable to Build Config') unless config
-
-        required = %i[url api_key service_key user_name]
-
         missing = []
-        config.root.api.each do |key, value|
-          puts "#{ key }::#{ value }" unless value.is_a?(Contrast::Config::BaseConfiguration) || SKIP_LOG.includes?(key)
+        api_hash = config.root.api.to_hash
+        api_hash.each_key do |key|
+          value = mask_keys api_hash, key
           if value.is_a?(Contrast::Config::ApiProxyConfiguration)
             Contrast::Config.validate_proxy(value)
           elsif value.is_a?(Contrast::Config::CertificationConfiguration)
@@ -84,7 +84,7 @@ module Contrast
           elsif value.is_a?(Contrast::Config::RequestAuditConfiguration)
             Contrast::Config.validate_audit(value)
             next
-          elsif value == Contrast::Config::BaseConfiguration::EMPTY_VALUE && required.includes?(key.to_sym)
+          elsif value.nil? && REQUIRED.includes?(key.to_sym)
             missing << key
           end
         end
@@ -123,8 +123,9 @@ module Contrast
       def self.validate_headers
         missing = []
         reporter = Contrast::Agent::Reporter.new
-        reporter.client.headers.to_hash.each_pair do |key, value|
-          puts "#{ key }::#{ value }"
+        reporter_headers = reporter.client.headers.to_hash
+        reporter_headers.each_key do |key|
+          value = mask_keys reporter_headers, key
           missing << key if value.nil?
         end
         abort("Missing required header values: #{ missing.join(', ') }") unless missing.empty?
@@ -132,8 +133,16 @@ module Contrast
       end
 
       def self.test_connection reporter
-        abort('Failed to Initialize Connection please check error logs for details') unless reporter.connection
-        abort('Failed to Start Client please check error logs for details') unless reporter.client.startup!
+        connection = reporter.connection
+        abort('Failed to Initialize Connection please check error logs for details') unless connection
+        abort('Failed to Start Client please check error logs for details') unless reporter.client.startup! connection
+      end
+
+      def self.mask_keys hash, key
+        value = hash[key]
+        redacted_value = Contrast::Configuration::REDACTED if SKIP_LOG.include?(key.to_s)
+        puts "#{ key }::#{ redacted_value || value }" unless value.is_a?(Contrast::Config::BaseConfiguration)
+        value
       end
     end
   end

data/lib/contrast/utils/class_util.rb

@@ -86,13 +86,9 @@ module Contrast
           end
         end
 
-        # The method const_defined? can cause autoload, which is bad for us. The method autoload? doesn't traverse
-        # namespaces. This method lets us provide a constant, as a String, and parse it to determine if it has been
-        # truly truly defined, meaning it existed before this method was invoked, not as a result of it.
+        # The method Module.const_defined? can raise an exception if the constant is poorly named. As such, we need to
+        # handle the case where that exception is raised.
         #
-        # TODO: RUBY-1326
-        # This is required to handle a bug in Ruby prior to 2.7.0. When we drop support for 2.6.X, we should remove
-        # this code. https://bugs.ruby-lang.org/issues/10741
         # @param name [String] the name of the constant to look up
         # @return [Boolean]
         def truly_defined? name

data/lib/contrast/utils/invalid_configuration_util.rb

@@ -53,7 +53,7 @@ module Contrast
         ruby_finding = Contrast::Agent::Reporting::Finding.new rule_id
         ruby_finding.hash_code = hash_code
         set_new_finding_properties(ruby_finding, user_provided_options, call_location)
-        Contrast::Agent.reporter&.send_event_immediately(new_preflight)
+        Contrast::Agent.reporter&.send_event(new_preflight)
         Contrast::Agent::Reporting::ReportingStorage[hash_code] = ruby_finding
       end
 

data/lib/contrast/utils/log_utils.rb

@@ -3,6 +3,7 @@
 
 require 'socket'
 require 'contrast/agent/version'
+require 'contrast/logger/aliased_logging'
 
 module Contrast
   module Utils
@@ -37,6 +38,7 @@ module Contrast
         logger.extend(Contrast::Logger::Application)
         logger.extend(Contrast::Logger::Request)
         logger.extend(Contrast::Logger::Time)
+        logger.extend(Contrast::Logger::AliasedLogging) if Contrast::Utils::Telemetry.exceptions_enabled?
       end
 
       # Determine the valid path to which to log, given the precedence of config > settings > default.

data/lib/contrast/utils/middleware_utils.rb

@@ -66,7 +66,7 @@ module Contrast
       # if .telemetry file doesn't exist we create one and then show the disclaimer.
       # if the file already exists we do nothing.
       def telemetry_disclaimer
-        return unless Contrast::Agent::Telemetry.enabled?
+        return unless Contrast::Agent::Telemetry::Base.enabled?
         return unless Contrast::Utils::Telemetry.create_telemetry_file
 
         logger.info Contrast::Utils::Telemetry.disclaimer

data/lib/contrast/utils/object_share.rb

@@ -10,7 +10,6 @@ module Contrast
     module ObjectShare
       # Strings
       ASTERISK =      '*'
-      AMPERSAND =     '&'
       BACK_SLASH =    '\\'
       EMPTY_STRING =  ''
       COLON =         ':'
@@ -24,6 +23,7 @@ module Contrast
       HTTPS_START =   'https:'
       NEW_LINE =      "\n"
       NIL_STRING =    'nil'
+      NIL_64_STRING = 'bmls'
       PERIOD =        '.'
       POUND_SIGN =    '#'
       QUESTION_MARK = '?'

data/lib/contrast/utils/telemetry.rb

@@ -1,8 +1,9 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/telemetry/telemetry'
+require 'contrast/agent/telemetry/base'
 require 'contrast/utils/telemetry_identifier'
+require 'contrast/config/env_variables'
 
 module Contrast
   module Utils
@@ -37,7 +38,17 @@ module Contrast
         @_disclaimer = MESSAGE[:disclaimer]
       end
 
+      def self.exceptions_enabled?
+        # TODO: RUBY-1643 Obfuscate path
+        # Enabled this once the masking of stack frames is done.
+        # @_exceptions_enabled = telemetry_exceptions_enabled? if @_exceptions_enabled.nil?
+        @_exceptions_enabled = false if @_exceptions_enabled.nil?
+        @_exceptions_enabled
+      end
+
       class << self
+        include Contrast::Config::EnvVariables
+
         private
 
         # Create the mark file
@@ -48,7 +59,7 @@ module Contrast
         # @return[Boolean, nil] true if file is created, false if file already exist
         # and nil if Telemetry is disabled or on unsupported OS.
         def write_mark_file dir, file, config_dir
-          return unless Contrast::Agent::Telemetry.enabled?
+          return unless Contrast::Agent::Telemetry::Base.enabled?
           return if Contrast::Utils::OS.windows?
 
           @dir = dir
@@ -73,6 +84,13 @@ module Contrast
         rescue StandardError => _e
           false
         end
+
+        def telemetry_exceptions_enabled?
+          opts_out_telemetry = return_value(:telemetry_opt_outs).to_s
+          return false if opts_out_telemetry.casecmp?('true') || opts_out_telemetry == '1'
+
+          true
+        end
       end
     end
   end

data/lib/contrast/utils/telemetry_client.rb

@@ -13,6 +13,7 @@ module Contrast
     # This module creates a Net::HTTP client and initiates a connection to the provided result
     class TelemetryClient < NetHttpBase
       ENDPOINT = 'api/v1/telemetry/metrics' # /TelemetryEvent.path
+      EXCEPTIONS = 'api/v1/telemetry/exceptions' # /TelemetryExceptions::Event.path
       SERVICE_NAME = 'Telemetry'
       include Contrast::Components::Logger::InstanceMethods
       # This method initializes the Net::HTTP client we'll need. it will validate
@@ -28,23 +29,28 @@ module Contrast
       # This method will be responsible for building the request. Because the telemetry collector expects to receive
       # multiple events in a single request, we must always wrap the event in an array, even if there is only one.
       #
-      # @param event [Contrast::Agent::TelemetryEvent,Contrast::Agent::StartupMetricsTelemetryEvent]
+      # @param event [Contrast::Agent::Telemetry::Event, Array<Contrast::Agent::Telemetry::TelemetryException::Event>]
       # @return [Net::HTTP::Post]
       def build_request event
         return unless valid_event? event
 
-        string_body = [event.to_hash].to_json
+        string_body = if Array(event).all?(Contrast::Agent::Telemetry::TelemetryException::Event)
+                        event.map(&:to_controlled_hash).flatten!
+                      else
+                        [event.to_hash]
+                      end
+
         header = {
             'User-Agent' => "<#{ Contrast::Utils::ObjectShare::RUBY }>-<#{ Contrast::Agent::VERSION }>",
             'Content-Type' => 'application/json'
         }
-        request = Net::HTTP::Post.new(build_path(event.path), header)
-        request.body = string_body
+        request = Net::HTTP::Post.new(build_path(event), header)
+        request.body = string_body.to_json
         request
       end
 
       # This method will create the actual request and send it
-      # @param event[Contrast::Agent::TelemetryEvent]
+      # @param event[Contrast::Agent::Telemetry::Event]
       # @param connection[Net::HTTP]
       def send_request event, connection
         return if connection.nil? || event.nil?
@@ -68,10 +74,13 @@ module Contrast
       end
 
       # This method will be responsible for validating the event
-      # @param event[Contrast::Agent::TelemetryEvent,Contrast::Agent::StartupMetricsTelemetryEvent]
+      # @param event[Contrast::Agent::Telemetry::Event,Contrast::Agent::Telemetry::StartupMetricsEvent,
+      # array<Contrast::Agent::Telemetry::TelemetryException::Event>]
       def valid_event? event
-        return true if event.cs__is_a?(Contrast::Agent::TelemetryEvent)
-        return true if event.cs__is_a?(Contrast::Agent::StartupMetricsTelemetryEvent)
+        return true if event.cs__is_a?(Contrast::Agent::Telemetry::Event)
+        return true if event.cs__is_a?(Contrast::Agent::Telemetry::StartupMetricsEvent)
+        # Batch
+        return true if Array(event).all?(Contrast::Agent::Telemetry::TelemetryException::Event)
 
         false
       end
@@ -81,9 +90,12 @@ module Contrast
       # The telemetry instance accepts any path to #{ Contrast::Agent::Telemetry::URL }#{ ENDPOINT }, using the
       # remainder of the path to segregate messages.
       #
+      # @param event [Contrast::Agent::Telemetry::Event, Contrast::Agent::Telemetry::TelemetryException::Event]
       # @return [String] the fully qualified path to send the request
-      def build_path event_path
-        "#{ Contrast::Agent::Telemetry::URL }#{ ENDPOINT }#{ event_path }"
+      def build_path event
+        endpoint = Array(event).all?(Contrast::Agent::Telemetry::TelemetryException::Event) ? EXCEPTIONS : ENDPOINT
+        path = endpoint == EXCEPTIONS ? Contrast::Agent::Telemetry::TelemetryException::Event.path : event.path
+        "#{ Contrast::Agent::Telemetry::Base::URL }#{ endpoint }#{ path }"
       end
     end
   end

data/lib/contrast/utils/telemetry_hash.rb

@@ -0,0 +1,41 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/logger'
+
+module Contrast
+  module Utils
+    # This is the TelemetryHash, which will take data type, so we can push freely, without worrying about
+    # validating the event before that
+    class TelemetryHash < Hash
+      include Contrast::Components::Logger::InstanceMethods
+
+      attr_reader :data_type
+
+      def initialize data_type, *_several_variants
+        super()
+        @data_type = data_type
+      end
+
+      def []= key, value
+        return unless valid_value? value
+
+        super(key, value)
+      end
+
+      def increment key
+        self[key].exceptions[0].increment_occurrences
+        :incremented!
+      end
+
+      def valid_value? value
+        unless value.cs__is_a?(data_type)
+          logger.debug('The following key will be omitted', value: value)
+          return false
+        end
+
+        true
+      end
+    end
+  end
+end

data/lib/contrast/utils/telemetry_identifier.rb

@@ -1,8 +1,8 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/telemetry/telemetry'
 require 'contrast/utils/os'
+require 'digest'
 require 'socket'
 
 module Contrast
@@ -38,6 +38,21 @@ module Contrast
           @_mac = find_mac(primary) || find_mac
         end
 
+        def self.application_id
+          @_application_id ||= begin
+            id = nil
+            mac = Contrast::Utils::Telemetry::Identifier.mac
+            app_name = Contrast::Utils::Telemetry::Identifier.app_name
+            id = mac + app_name if mac && app_name
+            Digest::SHA2.new(256).hexdigest(id || "_#{ SecureRandom.uuid }")
+          end
+        end
+
+        def self.instance_id
+          @_instance_id ||= Digest::SHA2.new(256).hexdigest(Contrast::Utils::Telemetry::Identifier.mac ||
+                                                              "_#{ SecureRandom.uuid }")
+        end
+
         class << self
           private
 

data/lib/contrast.rb

@@ -47,6 +47,9 @@ require 'contrast/components/protect'
 require 'contrast/components/sampling'
 require 'contrast/components/scope'
 require 'contrast/components/settings'
+require 'contrast/utils/telemetry_hash'
+require 'contrast/utils/telemetry'
+require 'contrast/agent/telemetry/events/exceptions/telemetry_exception_event'
 
 module Contrast
   API = Contrast::Components::Api::Interface.new
@@ -62,6 +65,12 @@ module Contrast
   APP_CONTEXT = Contrast::Components::AppContext::Interface.new
 end
 
+module Contrast
+  TELEMETRY_EXCEPTIONS = if Contrast::Utils::Telemetry.exceptions_enabled?
+                           Contrast::Utils::TelemetryHash.new(Contrast::Agent::Telemetry::TelemetryException::Event)
+                         end
+end
+
 # This needs to be required very early, after component interfaces, and before instrumentation attempts
 require 'contrast/funchook/funchook'
 

data/ruby-agent.gemspec

@@ -156,7 +156,7 @@ def self.add_files spec
 end
 
 def self.add_metadata spec
-  spec.metadata['changelog_uri'] =        'https://docs.contrastsecurity.com/release.html'
+  spec.metadata['changelog_uri'] =        'https://docs.contrastsecurity.com/en/ruby-agent-release-notes-and-archive.html'
   spec.metadata['support_uri'] =          'https://support.contrastsecurity.com'
   spec.metadata['trouble_shooting_uri'] = 'https://support.contrastsecurity.com/hc/en-us/search?utf8=%E2%9C%93&query=Ruby'
   spec.metadata['wiki_uri'] =             'https://docs.contrastsecurity.com/'

data/service_executables/VERSION

@@ -1 +1 @@
-2.28.19
+2.28.20