contrast-agent 6.1.0 → 6.2.0

data/lib/contrast/agent/request_handler.rb

@@ -34,7 +34,6 @@ module Contrast
       def send_activity_messages
         events = [context.activity]
         unless Contrast::Agent::Reporter.enabled?
-          Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.generate_library_usage(context.activity)
           events << context.server_activity
           events << context.observed_route
         end
@@ -48,26 +47,31 @@ module Contrast
       # more endpoints over, this method will take the messages originally sent by #send_actiivty_messages. At the end,
       # that method should be removed.
       def report_activity # rubocop:disable Metrics/AbcSize
+        Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.
+            generate_library_usage(context.observed_library_usage)
+
+        Contrast::Agent.reporter.send_event(context.observed_library_usage)
         return unless Contrast::Agent::Reporter.enabled?
 
         reporter = Contrast::Agent.reporter
         return unless reporter
 
         # Mask Sensitive Data
-        Contrast::Agent::Reporting::Masker.mask context.activity
+        Contrast::Agent::Reporting::Masker.mask(context.activity)
 
-        Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.generate_library_usage(context.activity)
+        Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.
+            generate_library_usage(context.observed_library_usage)
         [
           context.new_observed_route,
+          context.observed_library_usage,
           Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.server_activity),
-          Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity.library_usages),
           Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity)
         ].each do |event|
           reporter.send_event(event)
         rescue StandardError => e
           logger.warn('Unable to send Event Activity', e)
         end
-        context.activity.library_usages.clear # TODO: RUBY-1355 remove when no longer using activity
+        context.observed_library_usage.clear # TODO: RUBY-1355 remove when no longer using activity
       end
 
       # If the response is streaming, we should only perform filtering on our stream safe rules

data/lib/contrast/agent/rule_set.rb

@@ -23,7 +23,7 @@ module Contrast
         end
       rescue Contrast::SecurityException => e
         logger.warn('RASP threw security exception in prefilter', e)
-        raise e
+        raise(e)
       rescue StandardError => e
         logger.error('Unexpected exception during prefilter', e)
       end
@@ -39,7 +39,7 @@ module Contrast
         end
       rescue Contrast::SecurityException => e
         logger.warn('RASP threw security exception in postfilter', e)
-        raise e
+        raise(e)
       rescue StandardError => e
         logger.error('Unexpected exception during postfilter', e)
       end

data/lib/contrast/agent/scope.rb

@@ -142,7 +142,7 @@ module Contrast
         # @param scope_sym [Symbol] scope to check.
         # @return [Boolean] true | false
         def valid_scope? scope_sym
-          Contrast::Agent::Scope::SCOPE_LIST.include? scope_sym
+          Contrast::Agent::Scope::SCOPE_LIST.include?(scope_sym)
         end
       end
     end

data/lib/contrast/agent/static_analysis.rb

@@ -24,24 +24,20 @@ module Contrast
           end
         end
 
-        # TODO: RUBY-1356
+        # TODO: RUBY-1703
         def send_inventory_message
           return unless ::Contrast::INVENTORY.enabled?
 
           app_update_msg = Contrast::Api::Dtm::ApplicationUpdate.build
-
           Contrast::Agent::Inventory::DatabaseConfig.append_db_config(app_update_msg)
-          # TODO: RUBY-1438 -- remove and build ReportingEvent directly
-          if Contrast::Agent.reporter
+          # TODO: RUBY-1703 -- remove and build ReportingEvent directly
+          if Contrast::Agent::Reporter.enabled?
             report = Contrast::Agent::Reporting::DtmMessage.dtm_to_event(app_update_msg)
             Contrast::Agent.reporter.send_event(report)
-
-            # This is being reported separately because we extract the data from the same message
-            inventory_report = Contrast::Agent::Reporting::ApplicationInventory.convert(app_update_msg)
-            Contrast::Agent.reporter.send_event(inventory_report)
           else
             Contrast::Agent.messaging_queue.send_event_eventually(app_update_msg, force: true)
           end
+          Contrast::Agent.reporter.send_event(Contrast::Agent::Reporting::ApplicationInventory.new)
         end
 
         private

data/lib/contrast/agent/telemetry/base.rb

@@ -7,6 +7,7 @@ require 'contrast/utils/telemetry_client'
 require 'contrast/agent/worker_thread'
 require 'contrast/utils/telemetry'
 require 'contrast/agent/telemetry/events/exceptions/telemetry_exceptions'
+require 'contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report'
 
 module Contrast
   module Agent
@@ -14,6 +15,8 @@ module Contrast
       # This class will initialize and hold everything needed for the telemetry
       class Base < WorkerThread
         include Contrast::Components::Logger::InstanceMethods
+        include Contrast::Agent::Telemetry::TelemetryExceptionReport
+
         # this is where we will send the data from the agents
         URL = 'https://telemetry.ruby.contrastsecurity.com/'
         # Suggested timeout after each send is to be 3 hours (10800 seconds)
@@ -87,16 +90,17 @@ module Contrast
             loop do
               next unless client && connection
 
-              Contrast::Agent::Telemetry::TelemetryExceptionReport.push_exceptions
+              # Start pushing exceptions to queue for reporting.
+              push_exceptions
               until queue.empty?
                 event = queue.pop
                 begin
                   logger.debug('This is the current processed event', event)
-                  sleep_time = request_with_response event
+                  sleep_time = request_with_response(event)
                   if sleep_time
                     sleep(sleep_time)
                     logger.debug('Retrying to process event', event)
-                    retry_sleep_time = request_with_response event
+                    retry_sleep_time = request_with_response(event)
                     sleep(retry_sleep_time) unless retry_sleep_time.nil?
                   end
                 rescue StandardError => e
@@ -136,8 +140,8 @@ module Contrast
         end
 
         def request_with_response event
-          res = client.send_request event, connection
-          client.handle_response res
+          res = client.send_request(event, connection)
+          client.handle_response(res)
         end
 
         private

data/lib/contrast/agent/telemetry/events/exceptions/obfuscate.rb

@@ -0,0 +1,119 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Telemetry
+      module TelemetryException
+        # Here will be all known gems to obfuscate during the building of TelemetryExceptions
+        module Obfuscate
+          # List of known gems to be third parties not containing any
+          # user sensitive data.
+          KNOWN_GEMS = %w[
+            activesupport redis-activesupport redis builder dry-types rails rails-html-sanitizer rails-observers sinatra
+            benchmark-ips bundler climate_control execjs factory_bot debride fake_ftp fasterer flay openssl
+            parallel_tests contrast contrast-agent ruby pry-byebug byebug pry resolv ougai protobuf async nokogiri
+            benchmark grape-order grape-activerecord newrelic newrelic-grape grape-rails-cache grape-msgpack
+            grape-batch rspec rake rubocop grape-jbuilder rack-test rack-protection minitest grape-instrumentation
+            minitest-global_expectations rack-proxy rack-attack rack-ssl grape-cancan grape-attack grape-rake-tasks
+            grape-route-helpers benchmark-memory grape-rabl grape-kaminari grape-path-helpers grape-swagger-entity
+            grape-swagger-rails grape-roar newrelic-rake grapes-wagger-representative grape-forgery_protection
+            grape-papertrail grape-app grape-middleware-logger rack-protection rake-compile rhino rspec-benchmark
+            rspec_junit_formatter rspec-rails rake-performance rubocop-rails rubocop-rake rubocop-rspec
+            ruby-debug-ide simplecov sqlite steep tilt tzinfo-data warning xpath sinatra-activerecord sinatra-param
+            sinatra-partial sinatra-flash sinatra-reloader sinatra-sinatra rake_fly rack rack-accept grape grape-entity
+            sinatra-advanced-routes sinatra-warden grape_logging grape-swagger sinatra-namespace sinatra-resource
+            sinatra-hashfix sinatra-instrumentation sinatra-helpers redis-rack sinatra-support sinatra-assetpack
+            sinatra-router sinatra-cross_origin sinatra_more sinatra-jsonp faraday-rack zlib mustermann mustermann-grape
+            rspec-expectations rspec-core rspec-mocks rspec-sidekiq
+          ].cs__freeze
+          KNOWN_ERRORS = %w[
+            ActiveModel Error Errors Resolv Rspec ActiveRecord nil NilClass NoMemoryError ScriptError
+            LoadError NotImplementedError SyntaxError SecurityError SignalException Interrupt
+            StandardError ArgumentError UncaughtThrowError FiberError IOError EOFError IndexError KeyError
+            StopIteration LocalJumpError NameError NoMethodError RangeError FloatDomainError RegexpError
+            RuntimeError FrozenError SystemCallError ThreadError TypeError ZeroDivisionError SystemExit
+            SystemStackError fatal Warning buffer OpenSSL SSL SSLError Errno Timeout Exception EOFError
+            ECONNRESET ECONNREFUSED ETIMEDOUT EINVAL ESHUTDOWN EHOSTDOWN EHOSTUNREACH EISCONN
+            ECONNABORTED ENETRESET ENETUNREACH Net HTTPBadResponse HTTPHeaderSyntaxError ProtocolError
+            Faraday BadRequestError UnauthorizedError ForbiddenError ResourceNotFound ProxyAuthError
+            ConflictError UnprocessableEntityError ClientError
+          ].cs__freeze
+          CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'.cs__freeze
+          # This will generate different chars for each agent startup but will be constant
+          # for current run and will make identical obfuscation to be compared if given type
+          # is the same.
+          CYPHER = CHARS.chars.shuffle.join
+
+          class << self
+            # Returns paths for known gems.
+            #
+            # @return [Array<Regexp>] known paths
+            def known_gem_paths
+              @_known_gem_paths ||= KNOWN_GEMS.map do |gem_name|
+                to_regexp(File.join(
+                              'gems', gem_name.tr('-', ''), 'lib'))
+              end
+            end
+
+            # Returns known modules names.
+            #
+            # @return [Array<Regexp>] known modules
+            def known_modules
+              @_known_modules ||= KNOWN_ERRORS.map { |module_name| to_regexp(module_name) }
+            end
+
+            # Obfuscate a type and replace it with random characters.
+            #
+            # @param type [String] the StackFrame type to obfuscate
+            # @return [String] obfuscated type
+            def obfuscate_type type
+              return unless type
+
+              check = type.tr('[^0-9].-', '')
+              type = cypher(type) unless match_known(known_gem_paths, check)
+              type
+            end
+
+            # Obfuscate a type and replace it with random characters.
+            #
+            # @param exception_type [String] the exception type to obfuscate
+            # @return [String] obfuscated exception type
+            def obfuscate_exception_type exception_type
+              return unless exception_type
+
+              exceptions = exception_type.split('::').each do |exception|
+                cypher(exception) unless match_known(known_modules, exception)
+              end
+              exceptions.join('::')
+            end
+
+            private
+
+            # Transforms string to regexp
+            #
+            # @param string [String]
+            def to_regexp string
+              /#{ string }/
+            end
+
+            # Add cypher to path to make it obscure, but unique enough for
+            # comparisons. Mutates original or duplicate if frozen string.
+            #
+            # @param string [String] string to be transformed.
+            def cypher string
+              string = string.dup if string.cs__frozen?
+              string.to_s.tr!(CHARS, CYPHER)
+            end
+
+            # @param known [Array<Regexp>] Array of regexp to match againts
+            # @param type [String] type to check
+            def match_known known, type
+              known.any? { |regexp| type =~ regexp }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_base.rb

@@ -37,7 +37,7 @@ module Contrast
                              value_to_validate.entries.length
                            end
             unless validation_pair[:range].include?(value_length)
-              raise ArgumentError, "The provided value for #{ key } is invalid: #{ value_to_validate }"
+              raise(ArgumentError, "The provided value for #{ key } is invalid: #{ value_to_validate }")
             end
 
             nil
@@ -50,7 +50,7 @@ module Contrast
           # @param field [Object] The field with the error
           def validate_class message, klass, field
             message = message[0] if message.cs__is_a?(Array)
-            raise ArgumentError, "The provided value for #{ field } is of wrong class" unless message.cs__is_a? klass
+            raise(ArgumentError, "The provided value for #{ field } is of wrong class") unless message.cs__is_a?(klass)
           end
         end
       end

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_message_exception.rb

@@ -39,7 +39,7 @@ module Contrast
             super()
             @type = type
             @stack_frames = Array.new(1, stack_frame)
-            validate VALIDATIONS
+            validate(VALIDATIONS)
           end
 
           # @param stack_frame [Contrast::Agent::Telemetry::TelemetryException::StackFrame]

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_stack_frame.rb

@@ -33,7 +33,7 @@ module Contrast
             @function = function
             @type = type
             @in_contrast = false
-            validate VALIDATIONS
+            validate(VALIDATIONS)
           end
 
           def module_name= module_name

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb

@@ -6,25 +6,23 @@ module Contrast
     module Telemetry
       # This module will handle the reporting of the TelemetryExceptionHash
       module TelemetryExceptionReport
-        class << self
-          # Here we will send any exceptions gathered. The telemetry_hash is split into batches of 256
-          # and then added to the telemetry queue. Since this method is called before entering the
-          # until queue loop any updates after clearing the Contrast::TELEMETRY_EXCEPTIONS would have
-          # to wait for the sending process to be completed, so accumulating new batches.
-          # This methods expects queue and error_messages methods from Contrast::Agent::Telemetry::Base
-          def push_exceptions
-            return unless Contrast::TELEMETRY_EXCEPTIONS&.any?
+        # Here we will send any exceptions gathered. The telemetry_hash is split into batches of 256
+        # and then added to the telemetry queue. Since this method is called before entering the
+        # until queue loop any updates after clearing the Contrast::TELEMETRY_EXCEPTIONS would have
+        # to wait for the sending process to be completed, so accumulating new batches.
+        # This methods expects queue and error_messages methods from Contrast::Agent::Telemetry::Base
+        def push_exceptions
+          return unless Contrast::TELEMETRY_EXCEPTIONS&.any?
 
-            Contrast::TELEMETRY_EXCEPTIONS.values.each_slice(256) { |tuple| error_messages.push tuple }
-            # Clear the hash. All exceptions now live in @_error_messages instance variable. and we will
-            # add them to the queue. Clearing would make the hash available to be populated again while the
-            # sending is proceeding.
-            Contrast::TELEMETRY_EXCEPTIONS.clear
-            # Add batch to queue. We need to shift here, because we want to report from the oldest batch to
-            # the newest. And even if somehow the array is filled during sending the new messages would stay
-            # and wait their turn.
-            queue << error_messages.shift until error_messages.empty?
-          end
+          Contrast::TELEMETRY_EXCEPTIONS.each_value { |value| error_messages.push(value) }
+          # Clear the hash. All exceptions now live in @_error_messages instance variable. and we will
+          # add them to the queue. Clearing would make the hash available to be populated again while the
+          # sending is proceeding.
+          Contrast::TELEMETRY_EXCEPTIONS.clear
+          # Add batch to queue. We need to shift here, because we want to report from the oldest batch to
+          # the newest. And even if somehow the array is filled during sending the new messages would stay
+          # and wait their turn.
+          queue << error_messages.shift until error_messages.empty?
         end
       end
     end

data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb

@@ -50,7 +50,7 @@ module Contrast
         def initialize
           super
           @settings = []
-          add_config_keys ::Contrast::CONFIG.root, 'root'
+          add_config_keys(::Contrast::CONFIG.root, 'root')
           @settings << ENV.keys.select { |v| v.starts_with?('CONTRAST') }
           @settings.flatten
           add_tags
@@ -78,7 +78,7 @@ module Contrast
               next
             end
 
-            add_config_keys v, "#{ nested_key }.#{ k }"
+            add_config_keys(v, "#{ nested_key }.#{ k }")
           end
         end
 

data/lib/contrast/agent/thread_watcher.rb

@@ -32,10 +32,8 @@ module Contrast
           @heartbeat = Contrast::Agent::ServiceHeartbeat.new
           @messaging_queue = Contrast::Api::Communication::MessagingQueue.new
         end
-        if Contrast::Agent::Reporter.enabled?
-          @reporter = Contrast::Agent::Reporter.new
-          @reporter_heartbeat = Contrast::Agent::ReporterHeartbeat.new
-        end
+        @reporter = Contrast::Agent::Reporter.new
+        @reporter_heartbeat = Contrast::Agent::ReporterHeartbeat.new if Contrast::Agent::Reporter.enabled?
         @telemetry = Contrast::Agent::Telemetry::Base.new if Contrast::Agent::Telemetry::Base.enabled?
       end
 
@@ -51,9 +49,10 @@ module Contrast
           telemetry_status = init_thread(telemetry_queue)
           @pids[Process.pid] = @pids[Process.pid] && telemetry_status
         end
+        reporter_status = init_thread(reporter)
+
         return @pids unless Contrast::Agent::Reporter.enabled?
 
-        reporter_status = init_thread(reporter)
         reporter_heartbeat_status = init_thread(reporter_heartbeat)
         @pids[Process.pid] = @pids[Process.pid] && reporter_status && reporter_heartbeat_status
         @pids

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '6.1.0'
+    VERSION = '6.2.0'
   end
 end

data/lib/contrast/agent.rb

@@ -76,10 +76,8 @@ module Contrast
       thread_watcher.telemetry_queue
     end
 
-    # @return [nil, Contrast::Agent::Reporter]
+    # @return [Contrast::Agent::Reporter]
     def self.reporter
-      return unless  thread_watcher.reporter
-
       thread_watcher.reporter
     end
 

data/lib/contrast/api/communication/messaging_queue.rb

@@ -58,7 +58,7 @@ module Contrast
         # application to our post-filter operations as well as those that don't alter the application's execution (i.e.
         # Assess' vulnerability reporting).
         #
-        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of
+        # @param event [Contrast::Api::Dtm, Contrast::Api::Dtm::Poll] One of the DTMs valid for the event field of
         #   Contrast::Api::Dtm::Message|Contrast::Api::Dtm::Activity
         # @param force [Boolean] if we should always queue this event, even if the service isn't running, in case the
         #   message may be ready before the service has initiated. usually for those events which happen in a separate

data/lib/contrast/api/communication/service_lifecycle.rb

@@ -55,7 +55,7 @@ module Contrast
         def spawn_service
           options = determine_startup_options
           logger.debug('Spawning service')
-          spawn 'contrast_service', options
+          spawn('contrast_service', options)
         end
 
         # Create a thread to start the SpeedRacer, making calls to spawn until one starts successfully. As soon as the

data/lib/contrast/api/communication/socket.rb

@@ -35,7 +35,7 @@ module Contrast
 
         # Override this method to return a socket. Should be interface compatible with TCPSocket, UNIXSocket, etc.
         def new_socket
-          raise NoMethodError, 'This is abstract, override it.'
+          raise(NoMethodError, 'This is abstract, override it.')
         end
       end
     end

data/lib/contrast/api/communication/socket_client.rb

@@ -114,7 +114,7 @@ module Contrast
         rescue StandardError => e
           logger.error('Sending failed for message.', e, msg_id: msg.__id__, p_id: msg.pid,
                                                          msg_count: msg.message_count, response_id: response&.__id__)
-          raise e # reraise to let SpeedRacer manage the connection
+          raise(e) # reraise to let SpeedRacer manage the connection
         end
 
         # Send the marshaled Contrast::Api::Dtm::Message across the socket used to talk to SpeedRacer

data/lib/contrast/api/communication/speedracer.rb

@@ -87,9 +87,9 @@ module Contrast
           ensure_startup!
 
           logger.debug_with_time(event.cs__class.cs__name) do
-            response = socket_client.send_one event
+            response = socket_client.send_one(event)
             status.success!
-            yield response
+            yield(response)
           end
         rescue StandardError => e
           status.failure!

data/lib/contrast/api/decorators/agent_startup.rb

@@ -27,11 +27,11 @@ module Contrast
           def build name, path, type
             msg = new
             msg.server_version   = Contrast::Agent::VERSION
-            msg.server_name      = Contrast::Utils::StringUtils.protobuf_format name
-            msg.server_path      = Contrast::Utils::StringUtils.protobuf_format path
-            msg.server_type      = Contrast::Utils::StringUtils.protobuf_format type
+            msg.server_name      = Contrast::Utils::StringUtils.protobuf_format(name)
+            msg.server_path      = Contrast::Utils::StringUtils.protobuf_format(path)
+            msg.server_type      = Contrast::Utils::StringUtils.protobuf_format(type)
             config!(msg)
-            msg.finding_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::ASSESS.tags
+            msg.finding_tags = Contrast::Utils::StringUtils.protobuf_format(::Contrast::ASSESS.tags)
             msg
           end
 
@@ -41,11 +41,12 @@ module Contrast
           #
           # @param msg [Contrast::Api::Dtm::AgentStartup]
           def config! msg
-            msg.version      = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.version
-            msg.server_tags  = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.tags
-            msg.library_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.inventory.tags
-            msg.environment  = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.server.environment
-            msg.application_tags = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.tags
+            msg.version      = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.server.version)
+            msg.server_tags  = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.server.tags)
+            msg.library_tags = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.inventory.tags)
+            msg.environment  = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.server.environment)
+            msg.application_tags =
+              Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.application.tags)
           end
         end
       end

data/lib/contrast/api/decorators/application_settings.rb

@@ -23,7 +23,7 @@ module Contrast
         # Convert protobuf protect rule settings into a hash that settings state understands
         def translated_protection_mode_by_id
           protection_rules = self.protection_rules.map { |pr, _hash| [pr.id, pr.mode] } # [[RULE_ID, MODE]]
-          protection_rules.select! { |(_id, mode)| MODE_ALLOWLIST.include? mode } # [REMOVE IF MODE INVALID]
+          protection_rules.select! { |(_id, mode)| MODE_ALLOWLIST.include?(mode) } # [REMOVE IF MODE INVALID]
           protection_rules.to_h # {RULE_ID => MODE}
         end
 

data/lib/contrast/api/decorators/application_startup.rb

@@ -24,12 +24,12 @@ module Contrast
           # @return [Contrast::Api::Dtm::ApplicationCreate]
           def build
             msg = new
-            msg.code     = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.code
-            msg.group    = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.group
-            msg.metadata = Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.metadata
+            msg.code     = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.application.code)
+            msg.group    = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.application.group)
+            msg.metadata = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.application.metadata)
             msg.mode     = Contrast::Api::Dtm::InstrumentationMode.build
             msg.app_version =
-                Contrast::Utils::StringUtils.protobuf_format ::Contrast::CONFIG.root.application.version.to_s # rubocop:disable Layout/AssignmentIndentation Layout/FirstArgumentIndentation:
+                Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.application.version.to_s) # rubocop:disable Layout/AssignmentIndentation Layout/FirstArgumentIndentation:
             session!(msg)
             msg
           end

data/lib/contrast/api/decorators/application_update.rb

@@ -20,13 +20,6 @@ module Contrast
           end
         end
 
-        # TS only allows you to report 500 routes per application
-        def append_route_coverage_data route_coverage_dtms
-          route_coverage_dtms.take(500).each do |route_coverage_dtm|
-            routes << route_coverage_dtm
-          end
-        end
-
         def append_platform_version platform_version
           self.platform = Contrast::Api::Dtm::Platform.new if platform.nil?
           platform.major = platform_version.major
@@ -38,7 +31,6 @@ module Contrast
         module ClassMethods
           def build
             msg = new
-            msg.append_route_coverage_data(Contrast::Agent.framework_manager.find_route_discovery_data)
             msg.append_platform_version(Contrast::Agent.framework_manager.platform_version)
             msg.append_library_update(Contrast::Agent::Inventory::DependencyAnalysis.instance.library_pb_list)
             msg

data/lib/contrast/api/decorators/response_type.rb

@@ -6,25 +6,12 @@ require 'protobuf/message'
 
 module Contrast
   module Api
-    module Decorators
-      # Used to decorate the {Contrast::Api::Dtm::AttackResult::ResponseType} protobuf
-      # model so it can add SUSPICIOUS.
-      module ResponseType
-        ::Protobuf::Enum.define(:SUSPICIOUS, 6)
-
-        def self.included klass
-          klass.extend(ClassMethods)
-        end
-
-        # Used to add class methods to the  class on inclusion of the decorator
-        module ClassMethods
-          def build
-            new
-          end
+    module Dtm
+      class AttackResult < ::Protobuf::Message
+        class ResponseType < ::Protobuf::Enum
+          define :SUSPICIOUS, 6
         end
       end
     end
   end
 end
-
-Contrast::Api::Dtm::AttackResult::ResponseType.include(Contrast::Api::Decorators::ResponseType)

data/lib/contrast/api/decorators.rb

@@ -18,7 +18,6 @@ require 'contrast/api/decorators/input_analysis'
 require 'contrast/api/decorators/application_settings'
 require 'contrast/api/decorators/server_features'
 require 'contrast/api/decorators/library'
-require 'contrast/api/decorators/library_usage_update'
 require 'contrast/api/decorators/route_coverage'
 require 'contrast/api/decorators/trace_event_object'
 require 'contrast/api/decorators/trace_event_signature'

data/lib/contrast/components/agent.rb

@@ -75,7 +75,7 @@ module Contrast
 
         # Insert ourselves into the application, keeping our middleware at the outermost layer of the onion
         def insert_middleware app
-          app.middleware.insert_before 0, Contrast::Agent::Middleware
+          app.middleware.insert_before(0, Contrast::Agent::Middleware)
         end
 
         def enable_tracepoint

data/lib/contrast/components/base.rb

@@ -56,7 +56,7 @@ module Contrast
       def file_exists? path
         return false unless path
 
-        File.exist? path
+        File.exist?(path)
       end
     end
   end