contrast-agent 6.1.0 → 6.1.1

data/lib/contrast/agent/telemetry/base.rb

@@ -7,6 +7,7 @@ require 'contrast/utils/telemetry_client'
 require 'contrast/agent/worker_thread'
 require 'contrast/utils/telemetry'
 require 'contrast/agent/telemetry/events/exceptions/telemetry_exceptions'
+require 'contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report'
 
 module Contrast
   module Agent
@@ -14,6 +15,8 @@ module Contrast
       # This class will initialize and hold everything needed for the telemetry
       class Base < WorkerThread
         include Contrast::Components::Logger::InstanceMethods
+        include Contrast::Agent::Telemetry::TelemetryExceptionReport
+
         # this is where we will send the data from the agents
         URL = 'https://telemetry.ruby.contrastsecurity.com/'
         # Suggested timeout after each send is to be 3 hours (10800 seconds)
@@ -87,16 +90,17 @@ module Contrast
             loop do
               next unless client && connection
 
-              Contrast::Agent::Telemetry::TelemetryExceptionReport.push_exceptions
+              # Start pushing exceptions to queue for reporting.
+              push_exceptions
               until queue.empty?
                 event = queue.pop
                 begin
                   logger.debug('This is the current processed event', event)
-                  sleep_time = request_with_response event
+                  sleep_time = request_with_response(event)
                   if sleep_time
                     sleep(sleep_time)
                     logger.debug('Retrying to process event', event)
-                    retry_sleep_time = request_with_response event
+                    retry_sleep_time = request_with_response(event)
                     sleep(retry_sleep_time) unless retry_sleep_time.nil?
                   end
                 rescue StandardError => e
@@ -136,8 +140,8 @@ module Contrast
         end
 
         def request_with_response event
-          res = client.send_request event, connection
-          client.handle_response res
+          res = client.send_request(event, connection)
+          client.handle_response(res)
         end
 
         private

data/lib/contrast/agent/telemetry/events/exceptions/obfuscate.rb

@@ -0,0 +1,119 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Telemetry
+      module TelemetryException
+        # Here will be all known gems to obfuscate during the building of TelemetryExceptions
+        module Obfuscate
+          # List of known gems to be third parties not containing any
+          # user sensitive data.
+          KNOWN_GEMS = %w[
+            activesupport redis-activesupport redis builder dry-types rails rails-html-sanitizer rails-observers sinatra
+            benchmark-ips bundler climate_control execjs factory_bot debride fake_ftp fasterer flay openssl
+            parallel_tests contrast contrast-agent ruby pry-byebug byebug pry resolv ougai protobuf async nokogiri
+            benchmark grape-order grape-activerecord newrelic newrelic-grape grape-rails-cache grape-msgpack
+            grape-batch rspec rake rubocop grape-jbuilder rack-test rack-protection minitest grape-instrumentation
+            minitest-global_expectations rack-proxy rack-attack rack-ssl grape-cancan grape-attack grape-rake-tasks
+            grape-route-helpers benchmark-memory grape-rabl grape-kaminari grape-path-helpers grape-swagger-entity
+            grape-swagger-rails grape-roar newrelic-rake grapes-wagger-representative grape-forgery_protection
+            grape-papertrail grape-app grape-middleware-logger rack-protection rake-compile rhino rspec-benchmark
+            rspec_junit_formatter rspec-rails rake-performance rubocop-rails rubocop-rake rubocop-rspec
+            ruby-debug-ide simplecov sqlite steep tilt tzinfo-data warning xpath sinatra-activerecord sinatra-param
+            sinatra-partial sinatra-flash sinatra-reloader sinatra-sinatra rake_fly rack rack-accept grape grape-entity
+            sinatra-advanced-routes sinatra-warden grape_logging grape-swagger sinatra-namespace sinatra-resource
+            sinatra-hashfix sinatra-instrumentation sinatra-helpers redis-rack sinatra-support sinatra-assetpack
+            sinatra-router sinatra-cross_origin sinatra_more sinatra-jsonp faraday-rack zlib mustermann mustermann-grape
+            rspec-expectations rspec-core rspec-mocks rspec-sidekiq
+          ].cs__freeze
+          KNOWN_ERRORS = %w[
+            ActiveModel Error Errors Resolv Rspec ActiveRecord nil NilClass NoMemoryError ScriptError
+            LoadError NotImplementedError SyntaxError SecurityError SignalException Interrupt
+            StandardError ArgumentError UncaughtThrowError FiberError IOError EOFError IndexError KeyError
+            StopIteration LocalJumpError NameError NoMethodError RangeError FloatDomainError RegexpError
+            RuntimeError FrozenError SystemCallError ThreadError TypeError ZeroDivisionError SystemExit
+            SystemStackError fatal Warning buffer OpenSSL SSL SSLError Errno Timeout Exception EOFError
+            ECONNRESET ECONNREFUSED ETIMEDOUT EINVAL ESHUTDOWN EHOSTDOWN EHOSTUNREACH EISCONN
+            ECONNABORTED ENETRESET ENETUNREACH Net HTTPBadResponse HTTPHeaderSyntaxError ProtocolError
+            Faraday BadRequestError UnauthorizedError ForbiddenError ResourceNotFound ProxyAuthError
+            ConflictError UnprocessableEntityError ClientError
+          ].cs__freeze
+          CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'.cs__freeze
+          # This will generate different chars for each agent startup but will be constant
+          # for current run and will make identical obfuscation to be compared if given type
+          # is the same.
+          CYPHER = CHARS.chars.shuffle.join
+
+          class << self
+            # Returns paths for known gems.
+            #
+            # @return [Array<Regexp>] known paths
+            def known_gem_paths
+              @_known_gem_paths ||= KNOWN_GEMS.map do |gem_name|
+                to_regexp(File.join(
+                              'gems', gem_name.tr('-', ''), 'lib'))
+              end
+            end
+
+            # Returns known modules names.
+            #
+            # @return [Array<Regexp>] known modules
+            def known_modules
+              @_known_modules ||= KNOWN_ERRORS.map { |module_name| to_regexp(module_name) }
+            end
+
+            # Obfuscate a type and replace it with random characters.
+            #
+            # @param type [String] the StackFrame type to obfuscate
+            # @return [String] obfuscated type
+            def obfuscate_type type
+              return unless type
+
+              check = type.tr('[^0-9].-', '')
+              type = cypher(type) unless match_known(known_gem_paths, check)
+              type
+            end
+
+            # Obfuscate a type and replace it with random characters.
+            #
+            # @param exception_type [String] the exception type to obfuscate
+            # @return [String] obfuscated exception type
+            def obfuscate_exception_type exception_type
+              return unless exception_type
+
+              exceptions = exception_type.split('::').each do |exception|
+                cypher(exception) unless match_known(known_modules, exception)
+              end
+              exceptions.join('::')
+            end
+
+            private
+
+            # Transforms string to regexp
+            #
+            # @param string [String]
+            def to_regexp string
+              /#{ string }/
+            end
+
+            # Add cypher to path to make it obscure, but unique enough for
+            # comparisons. Mutates original or duplicate if frozen string.
+            #
+            # @param string [String] string to be transformed.
+            def cypher string
+              string = string.dup if string.cs__frozen?
+              string.to_s.tr!(CHARS, CYPHER)
+            end
+
+            # @param known [Array<Regexp>] Array of regexp to match againts
+            # @param type [String] type to check
+            def match_known known, type
+              known.any? { |regexp| type =~ regexp }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb

@@ -37,7 +37,7 @@ module Contrast
                              value_to_validate.entries.length
                            end
             unless validation_pair[:range].include?(value_length)
-              raise ArgumentError, "The provided value for #{ key } is invalid: #{ value_to_validate }"
+              raise(ArgumentError, "The provided value for #{ key } is invalid: #{ value_to_validate }")
             end
 
             nil
@@ -50,7 +50,7 @@ module Contrast
           # @param field [Object] The field with the error
           def validate_class message, klass, field
             message = message[0] if message.cs__is_a?(Array)
-            raise ArgumentError, "The provided value for #{ field } is of wrong class" unless message.cs__is_a? klass
+            raise(ArgumentError, "The provided value for #{ field } is of wrong class") unless message.cs__is_a?(klass)
           end
         end
       end

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb

@@ -39,7 +39,7 @@ module Contrast
             super()
             @type = type
             @stack_frames = Array.new(1, stack_frame)
-            validate VALIDATIONS
+            validate(VALIDATIONS)
           end
 
           # @param stack_frame [Contrast::Agent::Telemetry::TelemetryException::StackFrame]

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb

@@ -33,7 +33,7 @@ module Contrast
             @function = function
             @type = type
             @in_contrast = false
-            validate VALIDATIONS
+            validate(VALIDATIONS)
           end
 
           def module_name= module_name

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb

@@ -6,25 +6,23 @@ module Contrast
     module Telemetry
       # This module will handle the reporting of the TelemetryExceptionHash
       module TelemetryExceptionReport
-        class << self
-          # Here we will send any exceptions gathered. The telemetry_hash is split into batches of 256
-          # and then added to the telemetry queue. Since this method is called before entering the
-          # until queue loop any updates after clearing the Contrast::TELEMETRY_EXCEPTIONS would have
-          # to wait for the sending process to be completed, so accumulating new batches.
-          # This methods expects queue and error_messages methods from Contrast::Agent::Telemetry::Base
-          def push_exceptions
-            return unless Contrast::TELEMETRY_EXCEPTIONS&.any?
+        # Here we will send any exceptions gathered. The telemetry_hash is split into batches of 256
+        # and then added to the telemetry queue. Since this method is called before entering the
+        # until queue loop any updates after clearing the Contrast::TELEMETRY_EXCEPTIONS would have
+        # to wait for the sending process to be completed, so accumulating new batches.
+        # This methods expects queue and error_messages methods from Contrast::Agent::Telemetry::Base
+        def push_exceptions
+          return unless Contrast::TELEMETRY_EXCEPTIONS&.any?
 
-            Contrast::TELEMETRY_EXCEPTIONS.values.each_slice(256) { |tuple| error_messages.push tuple }
-            # Clear the hash. All exceptions now live in @_error_messages instance variable. and we will
-            # add them to the queue. Clearing would make the hash available to be populated again while the
-            # sending is proceeding.
-            Contrast::TELEMETRY_EXCEPTIONS.clear
-            # Add batch to queue. We need to shift here, because we want to report from the oldest batch to
-            # the newest. And even if somehow the array is filled during sending the new messages would stay
-            # and wait their turn.
-            queue << error_messages.shift until error_messages.empty?
-          end
+          Contrast::TELEMETRY_EXCEPTIONS.values.each_slice(256) { |tuple| error_messages.push(tuple) }
+          # Clear the hash. All exceptions now live in @_error_messages instance variable. and we will
+          # add them to the queue. Clearing would make the hash available to be populated again while the
+          # sending is proceeding.
+          Contrast::TELEMETRY_EXCEPTIONS.clear
+          # Add batch to queue. We need to shift here, because we want to report from the oldest batch to
+          # the newest. And even if somehow the array is filled during sending the new messages would stay
+          # and wait their turn.
+          queue << error_messages.shift until error_messages.empty?
         end
       end
     end

data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb

@@ -50,7 +50,7 @@ module Contrast
         def initialize
           super
           @settings = []
-          add_config_keys ::Contrast::CONFIG.root, 'root'
+          add_config_keys(::Contrast::CONFIG.root, 'root')
           @settings << ENV.keys.select { |v| v.starts_with?('CONTRAST') }
           @settings.flatten
           add_tags
@@ -78,7 +78,7 @@ module Contrast
               next
             end
 
-            add_config_keys v, "#{ nested_key }.#{ k }"
+            add_config_keys(v, "#{ nested_key }.#{ k }")
           end
         end
 

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '6.1.0'
+    VERSION = '6.1.1'
   end
 end

data/lib/contrast/api/communication/messaging_queue.rb

@@ -58,7 +58,7 @@ module Contrast
         # application to our post-filter operations as well as those that don't alter the application's execution (i.e.
         # Assess' vulnerability reporting).
         #
-        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of
+        # @param event [Contrast::Api::Dtm, Contrast::Api::Dtm::Poll] One of the DTMs valid for the event field of
         #   Contrast::Api::Dtm::Message|Contrast::Api::Dtm::Activity
         # @param force [Boolean] if we should always queue this event, even if the service isn't running, in case the
         #   message may be ready before the service has initiated. usually for those events which happen in a separate

data/lib/contrast/api/communication/service_lifecycle.rb

@@ -55,7 +55,7 @@ module Contrast
         def spawn_service
           options = determine_startup_options
           logger.debug('Spawning service')
-          spawn 'contrast_service', options
+          spawn('contrast_service', options)
         end
 
         # Create a thread to start the SpeedRacer, making calls to spawn until one starts successfully. As soon as the

data/lib/contrast/api/communication/socket.rb

@@ -35,7 +35,7 @@ module Contrast
 
         # Override this method to return a socket. Should be interface compatible with TCPSocket, UNIXSocket, etc.
         def new_socket
-          raise NoMethodError, 'This is abstract, override it.'
+          raise(NoMethodError, 'This is abstract, override it.')
         end
       end
     end

data/lib/contrast/api/communication/socket_client.rb

@@ -114,7 +114,7 @@ module Contrast
         rescue StandardError => e
           logger.error('Sending failed for message.', e, msg_id: msg.__id__, p_id: msg.pid,
                                                          msg_count: msg.message_count, response_id: response&.__id__)
-          raise e # reraise to let SpeedRacer manage the connection
+          raise(e) # reraise to let SpeedRacer manage the connection
         end
 
         # Send the marshaled Contrast::Api::Dtm::Message across the socket used to talk to SpeedRacer

data/lib/contrast/api/communication/speedracer.rb

@@ -87,9 +87,9 @@ module Contrast
           ensure_startup!
 
           logger.debug_with_time(event.cs__class.cs__name) do
-            response = socket_client.send_one event
+            response = socket_client.send_one(event)
             status.success!
-            yield response
+            yield(response)
           end
         rescue StandardError => e
           status.failure!

data/lib/contrast/api/decorators/agent_startup.rb

@@ -27,11 +27,11 @@ module Contrast
           def build name, path, type
             msg = new
             msg.server_version   = Contrast::Agent::VERSION
-            msg.server_name      = Contrast::Utils::StringUtils.protobuf_format name
-            msg.server_path      = Contrast::Utils::StringUtils.protobuf_format path
-            msg.server_type      = Contrast::Utils::StringUtils.protobuf_format type
+            msg.server_name      = Contrast::Utils::StringUtils.protobuf_format(name)
+            msg.server_path      = Contrast::Utils::StringUtils.protobuf_format(path)
+            msg.server_type      = Contrast::Utils::StringUtils.protobuf_format(type)
             config!(msg)
-            msg.finding_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::ASSESS.tags
+            msg.finding_tags = Contrast::Utils::StringUtils.protobuf_format(::Contrast::ASSESS.tags)
             msg
           end
 
@@ -41,11 +41,12 @@ module Contrast
           #
           # @param msg [Contrast::Api::Dtm::AgentStartup]
           def config! msg
-            msg.version      = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.version
-            msg.server_tags  = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.tags
-            msg.library_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.inventory.tags
-            msg.environment  = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.environment
-            msg.application_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.tags
+            msg.version      = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.server.version)
+            msg.server_tags  = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.server.tags)
+            msg.library_tags = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.inventory.tags)
+            msg.environment  = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.server.environment)
+            msg.application_tags =
+              Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.application.tags)
           end
         end
       end

data/lib/contrast/api/decorators/application_settings.rb

@@ -23,7 +23,7 @@ module Contrast
         # Convert protobuf protect rule settings into a hash that settings state understands
         def translated_protection_mode_by_id
           protection_rules = self.protection_rules.map { |pr, _hash| [pr.id, pr.mode] } # [[RULE_ID, MODE]]
-          protection_rules.select! { |(_id, mode)| MODE_ALLOWLIST.include? mode } # [REMOVE IF MODE INVALID]
+          protection_rules.select! { |(_id, mode)| MODE_ALLOWLIST.include?(mode) } # [REMOVE IF MODE INVALID]
           protection_rules.to_h # {RULE_ID => MODE}
         end
 

data/lib/contrast/api/decorators/application_startup.rb

@@ -24,12 +24,12 @@ module Contrast
           # @return [Contrast::Api::Dtm::ApplicationCreate]
           def build
             msg = new
-            msg.code     = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.code
-            msg.group    = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.group
-            msg.metadata = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.metadata
+            msg.code     = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.application.code)
+            msg.group    = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.application.group)
+            msg.metadata = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.application.metadata)
             msg.mode     = Contrast::Api::Dtm::InstrumentationMode.build
             msg.app_version =
-                Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.version.to_s # rubocop:disable Layout/AssignmentIndentation Layout/FirstArgumentIndentation:
+                Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.application.version.to_s) # rubocop:disable Layout/AssignmentIndentation Layout/FirstArgumentIndentation:
             session!(msg)
             msg
           end

data/lib/contrast/api/decorators/response_type.rb

@@ -6,25 +6,12 @@ require 'protobuf/message'
 
 module Contrast
   module Api
-    module Decorators
-      # Used to decorate the {Contrast::Api::Dtm::AttackResult::ResponseType} protobuf
-      # model so it can add SUSPICIOUS.
-      module ResponseType
-        ::Protobuf::Enum.define(:SUSPICIOUS, 6)
-
-        def self.included klass
-          klass.extend(ClassMethods)
-        end
-
-        # Used to add class methods to the  class on inclusion of the decorator
-        module ClassMethods
-          def build
-            new
-          end
+    module Dtm
+      class AttackResult < ::Protobuf::Message
+        class ResponseType < ::Protobuf::Enum
+          define :SUSPICIOUS, 6
         end
       end
     end
   end
 end
-
-Contrast::Api::Dtm::AttackResult::ResponseType.include(Contrast::Api::Decorators::ResponseType)

data/lib/contrast/components/agent.rb

@@ -75,7 +75,7 @@ module Contrast
 
         # Insert ourselves into the application, keeping our middleware at the outermost layer of the onion
         def insert_middleware app
-          app.middleware.insert_before 0, Contrast::Agent::Middleware
+          app.middleware.insert_before(0, Contrast::Agent::Middleware)
         end
 
         def enable_tracepoint

data/lib/contrast/components/base.rb

@@ -56,7 +56,7 @@ module Contrast
       def file_exists? path
         return false unless path
 
-        File.exist? path
+        File.exist?(path)
       end
     end
   end

data/lib/contrast/components/config.rb

@@ -28,6 +28,12 @@ module Contrast
       CONTRAST_NAME = 'Contrast Agent'
 
       class Interface # :nodoc:
+        SESSION_VARIABLES = 'Invalid configuration. '\
+                            "Setting both application.session_id and application.session_metadata is not allowed.\n"
+        API_URL = "Invalid configuration. Missing a required connection value 'url' is not set."
+        API_KEY = "Invalid configuration. Missing a required connection value 'api_key' is not set."
+        API_SERVICE_KEY = "Invalid configuration. Missing a required connection value 'service_tag' is not set."
+        API_USERNAME = "Invalid configuration. Missing a required connection value 'user_name' is not set."
         def initialize
           build
         end
@@ -87,12 +93,6 @@ module Contrast
 
         private
 
-        SESSION_VARIABLES = 'Invalid configuration. '\
-                            "Setting both application.session_id and application.session_metadata is not allowed.\n"
-        API_URL = "Invalid configuration. Missing a required connection value 'url' is not set."
-        API_KEY = "Invalid configuration. Missing a required connection value 'api_key' is not set."
-        API_SERVICE_KEY = "Invalid configuration. Missing a required connection value 'service_tag' is not set."
-        API_USERNAME = "Invalid configuration. Missing a required connection value 'user_name' is not set."
         # The config has information about how to construct the logger. If the config is invalid, and you want to know
         # about it, then you have a circular dependency if you try to log it, so we use basic proto_logger to do this
         # job.

data/lib/contrast/components/contrast_service.rb

@@ -18,7 +18,10 @@ module Contrast
         DEFAULT_SERVICE_LEVEL = :TRACE
         # The Rails ActionDispatch regexp for localhost IP + literal localhost
         # https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/http/request.rb#L32
-        LOCALHOST = Regexp.union [/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/, /^localhost$/]
+        LOCALHOST = Regexp.union([
+                                   /^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/,
+                                   /^localhost$/
+                                 ])
 
         def use_bundled_service?
           # Validates the config to decide if it's suitable for starting

data/lib/contrast/components/sampling.rb

@@ -25,7 +25,7 @@ module Contrast
         def sampling_control
           @_sampling_control ||= begin
             config_settings = ::Contrast::CONFIG.root.assess&.sampling
-            settings = ::Contrast::SETTINGS&.assess_state&.[](:sampling_settings)
+            settings = ::Contrast::SETTINGS&.assess_state&.sampling_settings
             {
                 enabled: enabled?(config_settings, settings),
                 baseline: baseline(config_settings, settings),

data/lib/contrast/components/settings.rb

@@ -99,43 +99,29 @@ module Contrast
           @application_state.exclusion_matchers.select(&:code?)
         end
 
-        # @param features [Contrast::Api::Settings::ServerFeatures, Contrast::Agent::Reporting::Response]
-        def update_from_server_features features
-          if features.cs__is_a?(Contrast::Agent::Reporting::Response)
-            server_features = features.server_features
-            return unless server_features
-
-            log_file = server_features.log_file
-            log_level = server_features.log_level
-            Contrast::Logger::Log.instance.update(log_file, log_level) if log_file || log_level
-            @protect_state.enabled = server_features.protect.enabled?
-            @assess_state.enabled = server_features.assess.enabled?
-            @assess_state.sampling_settings = server_features.assess.sampling
+        # @param features_response [Contrast::Api::Settings::ServerFeatures, Contrast::Agent::Reporting::Response]
+        def update_from_server_features features_response
+          if features_response.cs__is_a?(Contrast::Agent::Reporting::Response)
+            update_from_response(features_response)
           else
-            @protect_state.enabled = features.protect_enabled?
-            @assess_state.enabled = features.assess_enabled?
-            @assess_state.sampling_settings = features.assess.sampling
+            @protect_state.enabled = features_response.protect_enabled?
+            @assess_state.enabled = features_response.assess_enabled?
+            @assess_state.sampling_settings = features_response.assess.sampling
+            @last_server_update_ms = Contrast::Utils::Timer.now_ms
           end
           @last_server_update_ms = Contrast::Utils::Timer.now_ms
         end
 
-        # @param features [Contrast::Api::Settings::ApplicationSettings, Contrast::Agent::Reporting::Response]
-        def update_from_application_settings features
-          if features&.class == Contrast::Agent::Reporting::Response
-            settings = features.application_settings
-            return unless settings
-
-            @application_state.modes_by_id = settings.protect.protection_rules_to_settings_hash
-            # TODO: RUBY-1438 this needs to be translated
-            # @application_state.exclusion_matchers = new_vals[:exclusion_matchers]
-            update_sensitive_data_policy(settings.sensitive_data_masking)
-            @assess_state.disabled_assess_rules = settings.assess.disabled_rules
-            @assess_state.session_id = settings.assess.session_id if settings.assess.session_id
+        # @param settings_response [Contrast::Api::Settings::ApplicationSettings, Contrast::Agent::Reporting::Response]
+        def update_from_application_settings settings_response
+          if settings_response&.cs__class == Contrast::Agent::Reporting::Response
+            update_from_response(settings_response)
           else
-            new_vals = features.application_state_translation
+            new_vals = settings_response.application_state_translation
             @application_state.modes_by_id = new_vals[:modes_by_id]
             @application_state.exclusion_matchers = new_vals[:exclusion_matchers]
             @assess_state.disabled_assess_rules = new_vals[:disabled_assess_rules]
+            @last_app_update_ms = Contrast::Utils::Timer.now_ms
           end
           @last_app_update_ms = Contrast::Utils::Timer.now_ms
         end
@@ -184,6 +170,44 @@ module Contrast
 
         private
 
+        # @param response [Contrast::Agent::Reporting::Response]
+        def update_from_response response
+          if (server_features = response.server_features)
+            update_server_features(server_features)
+          end
+          return unless (app_settings = response.application_settings)
+
+          update_application_settings(app_settings)
+        end
+
+        # @param server_features [Contrast::Agent::Reporting::Settings::FeatureSettings]
+        def update_server_features server_features
+          return unless server_features
+
+          log_file = server_features.log_file
+          log_level = server_features.log_level
+          Contrast::Logger::Log.instance.update(log_file, log_level) if log_file || log_level
+          @protect_state.enabled = server_features.protect.enabled?
+          @assess_state.enabled = server_features.assess.enabled?
+          @assess_state.sampling_settings = server_features.assess.sampling
+          @last_server_update_ms = Contrast::Utils::Timer.now_ms
+        end
+
+        # @param app_settings [Contrast::Agent::Reporting::Settings::ApplicationSettings]
+        def update_application_settings app_settings
+          return unless app_settings
+
+          @application_state.modes_by_id = app_settings.protect.protection_rules_to_settings_hash
+          # TODO: RUBY-1438 this needs to be translated
+          # @application_state.exclusion_matchers = new_vals[:exclusion_matchers]
+          update_sensitive_data_policy(app_settings.sensitive_data_masking)
+          @assess_state.disabled_assess_rules = app_settings.assess.disabled_rules
+          if app_settings.assess.session_id && !app_settings.assess.session_id.blank?
+            @assess_state.session_id = app_settings.assess.session_id
+          end
+          @last_app_update_ms = Contrast::Utils::Timer.now_ms
+        end
+
         # check if settings are empty and return true if so.
         #
         # @param settings [String, Boolean, Array, Hash]

data/lib/contrast/config/assess_rules_configuration.rb

@@ -15,7 +15,7 @@ module Contrast
       def initialize hsh = {}
         return unless hsh
 
-        @disabled_rules = cast_disabled_rules hsh
+        @disabled_rules = cast_disabled_rules(hsh)
       end
 
       private

data/lib/contrast/config/protect_rules_configuration.rb

@@ -11,7 +11,7 @@ module Contrast
 
       attr_accessor :disabled_rules
       attr_writer :bot_blocker, :cmd_injection, :sql_injection, :nosql_injection, :untrusted_deserialization,
-                  :method_tampering, :xxe, :path_traversal, :reflected_xss, :unsafe_file_upload, :rule_base
+                  :xxe, :path_traversal, :reflected_xss, :unsafe_file_upload, :rule_base
 
       BASE_RULE = 'Contrast::Agent::Protect::Rule::Base'.cs__freeze
 

data/lib/contrast/config/root_configuration.rb

@@ -27,7 +27,7 @@ module Contrast
       attr_accessor :enable
 
       def initialize hsh = {}
-        raise ArgumentError, 'Expected a hash' unless hsh.is_a?(Hash)
+        raise(ArgumentError, 'Expected a hash') unless hsh.is_a?(Hash)
 
         @api = Contrast::Config::ApiConfiguration.new(hsh[:api])
         @enable = hsh[:enable]