contrast-agent 6.1.0 → 6.2.0

data/lib/contrast/agent/reporting/settings/rule_definition.rb

@@ -0,0 +1,63 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/settings/helpers'
+require 'contrast/agent/reporting/settings/keyword'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Settings
+        # The keywords and patterns required for the input analysis of each rule with that capability.
+        class RuleDefinition
+          ATTRIBUTES = %i[name keywords patterns].cs__freeze
+
+          # @return name [String] Name of the rule
+          attr_accessor :name
+
+          # The words to search for in input that indicate an attack
+          #
+          # @return [array<Contrast::Agent::Reporting::Settings::Keyword>]
+          def keywords
+            @_keywords ||= []
+          end
+
+          # A word or pattern whose presence in an input represents an attack
+          #
+          # @return [array<Contrast::Agent::Reporting::Settings::Pattern>]
+          def patterns
+            @_patterns ||= []
+          end
+
+          # Set keywords.
+          #
+          # @param keywords_array [Array]
+          # @return [array<Contrast::Agent::Reporting::Settings::Keyword>]
+          def keywords= keywords_array
+            Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(Contrast::Agent::Reporting::Settings::Keyword,
+                                                                      keywords,
+                                                                      keywords_array)
+          end
+
+          # Set patterns.
+          #
+          # @param patterns_array [Array]
+          # @return [array<Contrast::Agent::Reporting::Settings::Pattern>]
+          def patterns= patterns_array
+            Contrast::Agent::Reporting::Settings::Helpers.array_to_iv(Contrast::Agent::Reporting::Settings::Pattern,
+                                                                      patterns,
+                                                                      patterns_array)
+          end
+
+          def to_controlled_hash
+            {
+                name: name, # rubocop:disable Security/Module/Name
+                keywords: keywords.map(&:to_controlled_hash),
+                patterns: patterns.map(&:to_controlled_hash)
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/sampling.rb

@@ -29,6 +29,16 @@ module Contrast
             @response_frequency = hsh[:responseFrequency]
             @window_ms = hsh[:window]
           end
+
+          def to_controlled_hash
+            {
+                baseline: baseline,
+                enabled: enabled,
+                frequency: request_frequency,
+                responseFrequency: response_frequency,
+                window: window_ms
+            }
+          end
         end
       end
     end

data/lib/contrast/agent/reporting/settings/sanitizer.rb

@@ -0,0 +1,38 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      module Settings
+        # The sanitizers defined by the user for use by the agent on this server for this organization.
+        class Sanitizer
+          ATTRIBUTES = %i[uuid api tags rules].cs__freeze
+
+          # @return uuid [String]
+          attr_accessor :uuid
+          # @return api [String]
+          attr_accessor :api
+          # @return uuid [Array<String>]
+          attr_accessor :tags
+          # @return uuid [Array<String>]
+          attr_accessor :rules
+
+          def initialize
+            @tags = []
+            @rules = []
+          end
+
+          def to_controlled_hash
+            {
+                api: api,
+                rules: rules,
+                tags: tags,
+                uuid: uuid
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/sensitive_data_masking.rb

@@ -58,7 +58,7 @@ module Contrast
           # @param rules [Array<Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule>]
           # @return rules [Array<Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule>, []]
           def rules= rules
-            @_rules = rules if rules_array? rules
+            @_rules = rules if rules_array?(rules)
           end
 
           # Build rules from hash
@@ -66,7 +66,7 @@ module Contrast
           # @param settings_rules [Hash] Response settings under Settings/sensitive_data_masking_policy/rules
           # @return rules [Array<Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule>, nil
           def build_rules_form_settings settings_rules
-            return unless settings_rules || settings_rules.empty?
+            return if settings_rules.nil? || settings_rules.empty?
 
             settings_rules.each do |rule|
               instance = Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule.new
@@ -77,6 +77,14 @@ module Contrast
             rules
           end
 
+          def to_controlled_hash
+            {
+                rules: rules.map(&:to_controlled_hash),
+                mask_attack_vector: mask_attack_vector?,
+                mask_http_body: mask_http_body?
+            }
+          end
+
           private
 
           # Determine if parameter is array of Rules.
@@ -99,7 +107,7 @@ module Contrast
           # @param item [Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule]
           # @return itself [Array<Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule>]
           def << item
-            return itself unless item.instance_of? Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule
+            return itself unless item.instance_of?(Contrast::Agent::Reporting::Settings::SensitiveDataMaskingRule)
 
             super
           end

data/lib/contrast/agent/reporting/settings/sensitive_data_masking_rule.rb

@@ -37,7 +37,14 @@ module Contrast
           # @param words_array [Array<String>]
           # @return keywords [Array<String>] set of keywords
           def keywords= words_array
-            @_keywords = words_array if string_array? words_array
+            @_keywords = words_array if string_array?(words_array)
+          end
+
+          def to_controlled_hash
+            {
+                id: rule_id,
+                keywords: keywords
+            }
           end
 
           private
@@ -49,7 +56,7 @@ module Contrast
           def string_array? array
             return false unless array.is_a?(Array) && array.any?
 
-            array.all? String
+            array.all?(String)
           end
         end
       end

data/lib/contrast/agent/reporting/settings/server_features.rb

@@ -27,7 +27,7 @@ module Contrast
           # @param log_level [String]
           # @return log_level [String] [ ERROR, WARN, INFO, DEBUG, TRACE ]
           def log_level= log_level
-            @_log_level = log_level if log_level.is_a? String
+            @_log_level = log_level if log_level.is_a?(String)
           end
 
           # Where to log the agent's log file, if set by the user. Overridden by agent.logger.path
@@ -43,7 +43,7 @@ module Contrast
           # @param log_file [String] path
           # @return log_file [String] path
           def log_file= log_file
-            @_log_file = log_file if log_file.is_a? String
+            @_log_file = log_file if log_file.is_a?(String)
           end
 
           # Controls for the reporting of telemetry events from the agent to TeamServer.
@@ -71,6 +71,14 @@ module Contrast
           def protect
             @_protect ||= Contrast::Agent::Reporting::Settings::ProtectServerFeature.new
           end
+
+          def to_controlled_hash
+            {
+                assessment: @_assess ? assess.to_controlled_hash : {},
+                defend: @_protect ? protect.to_controlled_hash : {},
+                telemetry: telemetry
+            }.compact
+          end
         end
       end
     end

data/lib/contrast/agent/reporting/settings/syslog.rb

@@ -0,0 +1,176 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/object_share'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Settings
+        # Controls for the syslogging feature in the agent
+        class Syslog
+          CONNECTION_TYPE = %w[UNENCRYPTED ENCRYPTED].cs__freeze
+          # Used for:
+          # severity_blocked, severity_blocked_perimeter, severity_exploited, severity_probed,
+          # severity_probed_perimeter
+          SEVERITIES = %w[ALERT CRITICAL ERROR WARNING NOTICE INFO DEBUG].cs__freeze
+          SYSLOG_METHODS = %i[
+            enable= ip= port= facility= protocol= connection_type= severity_exploited= severity_blocked=
+            severity_probed= severity_probed_suspicious= severity_blocked_perimeter= severity_probed_perimeter=
+          ].cs__freeze
+          SYSLOG_RESPONSE_KEYS = %i[
+            syslogEnabled syslogIpAddress syslogPortNumber syslogFacilityCode syslogProtocol
+            syslogConnectionType syslogSeverityExploited syslogSeverityBlocked syslogSeverityProbed
+            syslogSeveritySuspicious syslogSeverityBlockedPerimeter syslogSeverityProbedPerimeter
+          ].cs__freeze
+
+          # @return enable [Boolean]
+          attr_accessor :enable
+          # @return ip [Integer]
+          attr_accessor :ip
+          # @return port [Integer]
+          attr_accessor :port
+          # @return facility [Integer]
+          attr_accessor :facility
+          # @return protocol [String]
+          attr_accessor :protocol
+
+          def initialize
+            @enable = false
+            @ip = Contrast::Utils::ObjectShare::EMPTY_STRING
+            @port = 0
+            @facility = 0
+          end
+
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def connection_type
+            @_connection_type ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the connection type
+          #
+          # @param type [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def connection_type= type
+            @_connection_type = type if valid_entry?(type, CONNECTION_TYPE)
+          end
+
+          # @return severity_blocked [String]
+          def severity_blocked
+            @_severity_blocked ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the severity type
+          #
+          # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def severity_blocked= severity
+            @_severity_blocked = severity if valid_entry?(severity, SEVERITIES)
+          end
+
+          # @return severity_blocked [String]
+          def severity_blocked_perimeter
+            @_severity_blocked_perimeter ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the severity type
+          #
+          # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def severity_blocked_perimeter= severity
+            @_severity_blocked_perimeter = severity if valid_entry?(severity, SEVERITIES)
+          end
+
+          # @return severity_blocked [String]
+          def severity_exploited
+            @_severity_exploited ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the severity type
+          #
+          # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def severity_exploited= severity
+            @_severity_exploited = severity if valid_entry?(severity, SEVERITIES)
+          end
+
+          # @return severity_blocked [String]
+          def severity_probed
+            @_severity_probed ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the severity type
+          #
+          # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def severity_probed= severity
+            @_severity_probed = severity if valid_entry?(severity, SEVERITIES)
+          end
+
+          # @return severity_blocked [String]
+          def severity_probed_perimeter
+            @_severity_probed_perimeter ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the severity type
+          #
+          # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def severity_probed_perimeter= severity
+            @_severity_probed_perimeter = severity if valid_entry?(severity, SEVERITIES)
+          end
+
+          # @return severity_blocked [String]
+          def severity_probed_suspicious
+            @_severity_probed_suspicious ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the severity type
+          #
+          # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def severity_probed_suspicious= severity
+            @_severity_probed_suspicious = severity if valid_entry?(severity, SEVERITIES)
+          end
+
+          # @param settings_array [Array] Settings retrieved from response
+          def assign_array settings_array
+            Contrast::Agent::Reporting::Settings::Syslog::SYSLOG_METHODS.each_with_index do |method, index|
+              send(method, settings_array[SYSLOG_RESPONSE_KEYS[index]])
+            end
+          end
+
+          def to_controlled_hash
+            {
+                syslogEnabled: enable,
+                syslogIpAddress: ip,
+                syslogPortNumber: port,
+                syslogFacilityCode: facility,
+                syslogConnectionType: connection_type,
+                syslogProtocol: protocol,
+                syslogSeverityExploited: severity_exploited,
+                syslogSeverityBlocked: severity_blocked,
+                syslogSeverityProbed: severity_probed,
+                syslogSeveritySuspicious: severity_probed_suspicious,
+                syslogSeverityBlockedPerimeter: severity_blocked_perimeter,
+                syslogSeverityProbedPerimeter: severity_probed_perimeter
+            }
+          end
+
+          private
+
+          # Gets String or Symbol value and assigns it to iv after
+          # validation with allowed types.
+          #
+          # @param value [String, Symbol] value to write
+          # @param validation_hash [Hash] to validate against
+          def valid_entry? value, validation_hash
+            return false unless value && validation_hash
+
+            validation_hash.include?(value)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/url_exclusion.rb

@@ -0,0 +1,42 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/settings/exclusion_base'
+require 'contrast/utils/object_share'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Settings
+        # UrlExclusions class
+        class UrlExclusion < ExclusionBase
+          ATTRIBUTES = BASE_ATTRIBUTES.dup << :urls
+          ATTRIBUTES << :match_strategy
+          ATTRIBUTES.cs__freeze
+          STRATEGIES = %w[ALL ONLY].cs__freeze
+
+          # @return urls [Array<String>]
+          attr_accessor :urls
+
+          # @return match_strategy [String] The type of the input
+          def match_strategy
+            @_match_strategy ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # @param new_strategy [String] Set new input type.
+          # @return type [String] The type of the input.
+          def match_strategy= new_strategy
+            @_match_strategy = new_strategy if STRATEGIES.include?(new_strategy)
+          end
+
+          def to_controlled_hash
+            hash = super
+            hash[:urls] = urls
+            hash[:matchStrategy] = match_strategy
+            hash
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/validator.rb

@@ -0,0 +1,17 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/settings/sanitizer'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Settings
+        # The validators defined by the user for use by the agent on this server for this organization.
+        class Validator < Sanitizer
+          # This uses the same fields as Sanitizer.
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/request.rb

@@ -34,6 +34,8 @@ module Contrast
       LAST_REST_TOKEN = %r{/\d+$}.cs__freeze
       INNER_NUMBER_MARKER = '/{n}/'
       LAST_NUMBER_MARKER = '/{n}'
+      STATIC_SUFFIXES = /\.(?:js|css|jpeg|jpg|gif|png|ico|woff|svg|pdf|eot|ttf|jar)$/i.cs__freeze
+      MEDIA_TYPE_MARKERS = %w[image/ text/css text/javascript].cs__freeze
 
       attr_reader :rack_request
       attr_accessor :route, :observed_route, :new_observed_route
@@ -181,8 +183,6 @@ module Contrast
         @_hash_id ||= Contrast::Utils::HashDigest.generate_request_hash(self)
       end
 
-      STATIC_SUFFIXES = /\.(?:js|css|jpeg|jpg|gif|png|ico|woff|svg|pdf|eot|ttf|jar)$/i.cs__freeze
-      MEDIA_TYPE_MARKERS = %w[image/ text/css text/javascript].cs__freeze
       # Utility method for checking if a request is for a static resource.
       # @return [Boolean] true, if the request is for a well-known static
       #  type as determined by the request suffix or the accept header.

data/lib/contrast/agent/request_context.rb

@@ -1,6 +1,7 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/api/dtm.pb'
 require 'contrast/utils/timer'
 require 'contrast/agent/request'
 require 'contrast/agent/response'
@@ -16,20 +17,6 @@ module Contrast
   module Agent
     # This class acts to encapsulate information about the currently executed request, making it available to the Agent
     # for the duration of the request in a standardized and normalized format which the Agent understands.
-    #
-    # @attr_reader timer [Contrast::Utils::Timer] when the context was created
-    # @attr_reader logging_hash [Hash] context used to log the request
-    # @attr_reader speedracer_input_analysis [Contrast::Api::Settings::InputAnalysis] the protect input analysis of
-    #   sources on this request
-    # @attr_reader request [Contrast::Agent::Request] our wrapper around the Rack::Request for this context
-    # @attr_reader response [Contrast::Agent::Response] our wrapper aroudn the Rack::Response or Array for this context,
-    #   only available after the application has finished its processing
-    # @attr_reader activity [Contrast::Api::Dtm::Activity] the application activity found in this request
-    # @attr_reader server_activity [Contrast::Api::Dtm::ServerActivity] the server activity found in this request
-    # @attr_reader route [Contrast::Api::Dtm::RouteCoverage] the route, used for findings, of this request
-    # @attr_reader observed_route [Contrast::Api::Dtm::ObservedRoute] the route, used for coverage, of this request
-    # @attr_reader new_observed_route [Contrast::Agent::Reporting::ObservedRoute] the route, used for coverage, of this
-    # request
     class RequestContext
       include Contrast::Components::Logger::InstanceMethods
       include Contrast::Components::Scope::InstanceMethods
@@ -37,10 +24,31 @@ module Contrast
       include Contrast::Agent::RequestContextExtend
 
       EMPTY_INPUT_ANALYSIS_PB = Contrast::Api::Settings::InputAnalysis.new
-      INPUT_ANALYSIS = Contrast::Agent::Reporting::InputAnalysis.new
 
-      attr_reader :activity, :logging_hash, :observed_route, :new_observed_route, :request, :response, :route,
-                  :speedracer_input_analysis, :agent_input_analysis, :server_activity, :timer
+      # @return [Contrast::Api::Dtm::Activity] the application activity found in this request
+      attr_reader :activity
+      # @return [Hash] context used to log the request
+      attr_reader :logging_hash
+      # @return [Contrast::Agent::Reporting::ObservedRoute] the route, used for coverage, of this request
+      attr_reader :new_observed_route
+      # @return [Contrast::Api::Dtm::ObservedRoute] the route, used for coverage, of this request
+      attr_reader :observed_route
+      # @return [Contrast::Agent::Request] our wrapper around the Rack::Request for this context
+      attr_reader :request
+      # @return [Contrast::Agent::Response] our wrapper around the Rack::Response or Array for this context,
+      #   only available after the application has finished its processing
+      attr_reader :response
+      # @return [Contrast::Api::Dtm::RouteCoverage] the route, used for findings, of this request
+      attr_reader :route
+      # @return [Contrast::Api::Dtm::ServerActivity] the server activity found in this request
+      attr_reader :server_activity
+      # @return [Contrast::Api::Settings::InputAnalysis] the protect input analysis of sources on this request
+      attr_reader :speedracer_input_analysis
+      # @return [Contrast::Utils::Timer] when the context was created
+      attr_reader :timer
+      # @return [Contrast::Agent::Reporting::ObservedLibraryUsage] List of the libraries that have been observed to be
+      #   executed or to have something loaded. This here replaces part of the Activity Dtm
+      attr_reader :observed_library_usage
 
       def initialize rack_request, app_loaded: true
         with_contrast_scope do
@@ -55,14 +63,14 @@ module Contrast
           @activity.http_request = request.dtm
 
           @server_activity = Contrast::Api::Dtm::ServerActivity.new
+          @observed_library_usage = Contrast::Agent::Reporting::ObservedLibraryUsage.new
 
           # build analyzer
           @do_not_track = false
           @speedracer_input_analysis = EMPTY_INPUT_ANALYSIS_PB
           speedracer_input_analysis.request = request
 
-          @agent_input_analysis = INPUT_ANALYSIS
-          agent_input_analysis.request = request
+          # TODO: RUBY-1627
 
           # flag to indicate whether the app is fully loaded
           @app_loaded = !!app_loaded

data/lib/contrast/agent/request_context_extend.rb

@@ -82,9 +82,10 @@ module Contrast
         handle_protect_state(service_response)
         ia = service_response.input_analysis
         if ia
-          service_extract_logging ia
+          service_extract_logging(ia)
+          # TODO: RUBY-1629
           # using Agent analysis
-          initialize_agent_input_analysis request
+          # initialize_agent_input_analysis request
 
           @speedracer_input_analysis = ia
           speedracer_input_analysis.request = request
@@ -93,7 +94,7 @@ module Contrast
           false
         end
       rescue Contrast::SecurityException => e
-        raise e
+        raise(e)
       rescue StandardError => e
         logger.warn('Unable to extract Contrast Service information from request', e)
         false
@@ -115,7 +116,7 @@ module Contrast
         # If Contrast Service has NOT handled the input analysis, handle them here
         build_attack_results(agent_settings)
         logger.debug('Contrast Service said to block this request')
-        raise Contrast::SecurityException.new(nil, (state.security_message || 'Blocking suspicious behavior'))
+        raise(Contrast::SecurityException.new(nil, (state.security_message || 'Blocking suspicious behavior')))
       end
 
       # append anything we've learned to the request seen message this is the sum-total of all inventory information
@@ -147,7 +148,7 @@ module Contrast
 
       # This here is for things we don't have implemented
       def log_to_cef
-        activity.results.each { |attack_result| logging_logic attack_result, attack_result.rule_id.downcase }
+        activity.results.each { |attack_result| logging_logic(attack_result, attack_result.rule_id.downcase) }
       end
 
       # @param input_analysis [Contrast::Api::Settings::InputAnalysis]
@@ -172,7 +173,7 @@ module Contrast
           next unless rule
 
           logger.debug(BUILD_ATTACK_LOGGER_MESSAGE, result: ia_result.inspect) if logger.debug?
-          results_by_rule[rule_id] = attack_result rule, rule_id, ia_result, results_by_rule
+          results_by_rule[rule_id] = attack_result(rule, rule_id, ia_result, results_by_rule)
         end
 
         results_by_rule.each_pair do |_, attack_result|
@@ -199,20 +200,6 @@ module Contrast
                           end
       end
 
-      # Sets request to be used with agent and service input analysis.
-      #
-      # @param request [Contrast::Agent::Request] our wrapper around the Rack::Request
-      # for this context
-      def initialize_agent_input_analysis request
-        # using Agent analysis
-        ia = Contrast::Agent::Protect::InputAnalyzer.analyse request
-        if ia
-          @agent_input_analysis = ia
-        else
-          logger.trace('Analysis from Agent was empty.')
-        end
-      end
-
       def logging_logic result, rule_id
         rules = %w[bot_blocker virtual_patch ip_denylist]
         return unless rules.include?(rule_id)
@@ -221,14 +208,14 @@ module Contrast
         outcome = Contrast::Api::Dtm::AttackResult::ResponseType.get_name_by_tag(result.response)
         case rule_id
         when /bot_blocker/i
-          blocker_to_json = Contrast::Api::Dtm::BotBlockerDetails.to_controlled_hash rule_details
+          blocker_to_json = Contrast::Api::Dtm::BotBlockerDetails.to_controlled_hash(rule_details)
           cef_logger.bot_blocking_message(blocker_to_json, outcome)
         when /virtual_patch/i
-          virtual_patch_to_json = Contrast::Api::Dtm::VirtualPatchDetails.to_controlled_hash rule_details
+          virtual_patch_to_json = Contrast::Api::Dtm::VirtualPatchDetails.to_controlled_hash(rule_details)
           cef_logger.virtual_patch_message(virtual_patch_to_json, outcome)
         when /ip_denylist/i
           sender_ip = extract_sender_ip
-          ip_denylist_to_json = Contrast::Api::Dtm::IpDenylistDetails.to_controlled_hash rule_details
+          ip_denylist_to_json = Contrast::Api::Dtm::IpDenylistDetails.to_controlled_hash(rule_details)
           return unless sender_ip
           return unless sender_ip.include?(ip_denylist_to_json[:ip])