contrast-agent 6.1.0 → 6.2.0

data/lib/contrast/components/config.rb

@@ -28,6 +28,12 @@ module Contrast
       CONTRAST_NAME = 'Contrast Agent'
 
       class Interface # :nodoc:
+        SESSION_VARIABLES = 'Invalid configuration. '\
+                            "Setting both application.session_id and application.session_metadata is not allowed.\n"
+        API_URL = "Invalid configuration. Missing a required connection value 'url' is not set."
+        API_KEY = "Invalid configuration. Missing a required connection value 'api_key' is not set."
+        API_SERVICE_KEY = "Invalid configuration. Missing a required connection value 'service_tag' is not set."
+        API_USERNAME = "Invalid configuration. Missing a required connection value 'user_name' is not set."
         def initialize
           build
         end
@@ -87,12 +93,6 @@ module Contrast
 
         private
 
-        SESSION_VARIABLES = 'Invalid configuration. '\
-                            "Setting both application.session_id and application.session_metadata is not allowed.\n"
-        API_URL = "Invalid configuration. Missing a required connection value 'url' is not set."
-        API_KEY = "Invalid configuration. Missing a required connection value 'api_key' is not set."
-        API_SERVICE_KEY = "Invalid configuration. Missing a required connection value 'service_tag' is not set."
-        API_USERNAME = "Invalid configuration. Missing a required connection value 'user_name' is not set."
         # The config has information about how to construct the logger. If the config is invalid, and you want to know
         # about it, then you have a circular dependency if you try to log it, so we use basic proto_logger to do this
         # job.

data/lib/contrast/components/contrast_service.rb

@@ -18,7 +18,10 @@ module Contrast
         DEFAULT_SERVICE_LEVEL = :TRACE
         # The Rails ActionDispatch regexp for localhost IP + literal localhost
         # https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/http/request.rb#L32
-        LOCALHOST = Regexp.union [/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/, /^localhost$/]
+        LOCALHOST = Regexp.union([
+                                   /^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/,
+                                   /^localhost$/
+                                 ])
 
         def use_bundled_service?
           # Validates the config to decide if it's suitable for starting

data/lib/contrast/components/sampling.rb

@@ -25,7 +25,7 @@ module Contrast
         def sampling_control
           @_sampling_control ||= begin
             config_settings = ::Contrast::CONFIG.root.assess&.sampling
-            settings = ::Contrast::SETTINGS&.assess_state&.[](:sampling_settings)
+            settings = ::Contrast::SETTINGS&.assess_state&.sampling_settings
             {
                 enabled: enabled?(config_settings, settings),
                 baseline: baseline(config_settings, settings),

data/lib/contrast/components/settings.rb

@@ -99,43 +99,29 @@ module Contrast
           @application_state.exclusion_matchers.select(&:code?)
         end
 
-        # @param features [Contrast::Api::Settings::ServerFeatures, Contrast::Agent::Reporting::Response]
-        def update_from_server_features features
-          if features.cs__is_a?(Contrast::Agent::Reporting::Response)
-            server_features = features.server_features
-            return unless server_features
-
-            log_file = server_features.log_file
-            log_level = server_features.log_level
-            Contrast::Logger::Log.instance.update(log_file, log_level) if log_file || log_level
-            @protect_state.enabled = server_features.protect.enabled?
-            @assess_state.enabled = server_features.assess.enabled?
-            @assess_state.sampling_settings = server_features.assess.sampling
+        # @param features_response [Contrast::Api::Settings::ServerFeatures, Contrast::Agent::Reporting::Response]
+        def update_from_server_features features_response
+          if features_response.cs__is_a?(Contrast::Agent::Reporting::Response)
+            update_from_response(features_response)
           else
-            @protect_state.enabled = features.protect_enabled?
-            @assess_state.enabled = features.assess_enabled?
-            @assess_state.sampling_settings = features.assess.sampling
+            @protect_state.enabled = features_response.protect_enabled?
+            @assess_state.enabled = features_response.assess_enabled?
+            @assess_state.sampling_settings = features_response.assess.sampling
+            @last_server_update_ms = Contrast::Utils::Timer.now_ms
           end
           @last_server_update_ms = Contrast::Utils::Timer.now_ms
         end
 
-        # @param features [Contrast::Api::Settings::ApplicationSettings, Contrast::Agent::Reporting::Response]
-        def update_from_application_settings features
-          if features&.class == Contrast::Agent::Reporting::Response
-            settings = features.application_settings
-            return unless settings
-
-            @application_state.modes_by_id = settings.protect.protection_rules_to_settings_hash
-            # TODO: RUBY-1438 this needs to be translated
-            # @application_state.exclusion_matchers = new_vals[:exclusion_matchers]
-            update_sensitive_data_policy(settings.sensitive_data_masking)
-            @assess_state.disabled_assess_rules = settings.assess.disabled_rules
-            @assess_state.session_id = settings.assess.session_id if settings.assess.session_id
+        # @param settings_response [Contrast::Api::Settings::ApplicationSettings, Contrast::Agent::Reporting::Response]
+        def update_from_application_settings settings_response
+          if settings_response&.cs__class == Contrast::Agent::Reporting::Response
+            update_from_response(settings_response)
           else
-            new_vals = features.application_state_translation
+            new_vals = settings_response.application_state_translation
             @application_state.modes_by_id = new_vals[:modes_by_id]
             @application_state.exclusion_matchers = new_vals[:exclusion_matchers]
             @assess_state.disabled_assess_rules = new_vals[:disabled_assess_rules]
+            @last_app_update_ms = Contrast::Utils::Timer.now_ms
           end
           @last_app_update_ms = Contrast::Utils::Timer.now_ms
         end
@@ -184,6 +170,44 @@ module Contrast
 
         private
 
+        # @param response [Contrast::Agent::Reporting::Response]
+        def update_from_response response
+          if (server_features = response.server_features)
+            update_server_features(server_features)
+          end
+          return unless (app_settings = response.application_settings)
+
+          update_application_settings(app_settings)
+        end
+
+        # @param server_features [Contrast::Agent::Reporting::Settings::FeatureSettings]
+        def update_server_features server_features
+          return unless server_features
+
+          log_file = server_features.log_file
+          log_level = server_features.log_level
+          Contrast::Logger::Log.instance.update(log_file, log_level) if log_file || log_level
+          @protect_state.enabled = server_features.protect.enabled?
+          @assess_state.enabled = server_features.assess.enabled?
+          @assess_state.sampling_settings = server_features.assess.sampling
+          @last_server_update_ms = Contrast::Utils::Timer.now_ms
+        end
+
+        # @param app_settings [Contrast::Agent::Reporting::Settings::ApplicationSettings]
+        def update_application_settings app_settings
+          return unless app_settings
+
+          @application_state.modes_by_id = app_settings.protect.protection_rules_to_settings_hash
+          # TODO: RUBY-1438 this needs to be translated
+          # @application_state.exclusion_matchers = new_vals[:exclusion_matchers]
+          update_sensitive_data_policy(app_settings.sensitive_data_masking)
+          @assess_state.disabled_assess_rules = app_settings.assess.disabled_rules
+          if app_settings.assess.session_id && !app_settings.assess.session_id.blank?
+            @assess_state.session_id = app_settings.assess.session_id
+          end
+          @last_app_update_ms = Contrast::Utils::Timer.now_ms
+        end
+
         # check if settings are empty and return true if so.
         #
         # @param settings [String, Boolean, Array, Hash]

data/lib/contrast/config/assess_rules_configuration.rb

@@ -15,7 +15,7 @@ module Contrast
       def initialize hsh = {}
         return unless hsh
 
-        @disabled_rules = cast_disabled_rules hsh
+        @disabled_rules = cast_disabled_rules(hsh)
       end
 
       private

data/lib/contrast/config/protect_rules_configuration.rb

@@ -11,7 +11,7 @@ module Contrast
 
       attr_accessor :disabled_rules
       attr_writer :bot_blocker, :cmd_injection, :sql_injection, :nosql_injection, :untrusted_deserialization,
-                  :method_tampering, :xxe, :path_traversal, :reflected_xss, :unsafe_file_upload, :rule_base
+                  :xxe, :path_traversal, :reflected_xss, :unsafe_file_upload, :rule_base
 
       BASE_RULE = 'Contrast::Agent::Protect::Rule::Base'.cs__freeze
 

data/lib/contrast/config/root_configuration.rb

@@ -27,7 +27,7 @@ module Contrast
       attr_accessor :enable
 
       def initialize hsh = {}
-        raise ArgumentError, 'Expected a hash' unless hsh.is_a?(Hash)
+        raise(ArgumentError, 'Expected a hash') unless hsh.is_a?(Hash)
 
         @api = Contrast::Config::ApiConfiguration.new(hsh[:api])
         @enable = hsh[:enable]

data/lib/contrast/configuration.rb

@@ -94,7 +94,7 @@ module Contrast
         rescue Psych::Exception => e
           log_yaml_parse_error(path, e)
         rescue RuntimeError => e
-          puts "WARN: Unable to load configuration. #{ e }; path: #{ path }, pwd: #{ Dir.pwd }"
+          puts("WARN: Unable to load configuration. #{ e }; path: #{ path }, pwd: #{ Dir.pwd }")
         end
       end
 
@@ -182,7 +182,7 @@ module Contrast
       if logger
         logger.warn('YAML validator found an error', hash)
       else
-        puts "CONTRAST - WARN: YAML validator found an error. #{ hash.inspect }"
+        puts("CONTRAST - WARN: YAML validator found an error. #{ hash.inspect }")
       end
     end
 
@@ -190,7 +190,7 @@ module Contrast
       if logger
         logger.warn('Configuration file is not readable by current user', path: path)
       else
-        puts "CONTRAST - WARN: Configuration file is not readable by current user; path: #{ path }"
+        puts("CONTRAST - WARN: Configuration file is not readable by current user; path: #{ path }")
       end
     end
 
@@ -198,7 +198,7 @@ module Contrast
       if logger
         logger.warn('Deprecated property in use', old_method: old_method, new_method: new_method)
       else
-        puts "CONTRAST - WARN: Deprecated property in use; old_method: #{ old_method }, new_method: #{ new_method }"
+        puts("CONTRAST - WARN: Deprecated property in use; old_method: #{ old_method }, new_method: #{ new_method }")
       end
     end
 

data/lib/contrast/extension/assess/array.rb

@@ -53,7 +53,7 @@ module Contrast
               return ret unless Contrast::Agent::Assess::Tracker.tracked?(ret)
 
               properties.cleanup_tags
-              event_data = Contrast::Agent::Assess::Events::EventData.new ARRAY_JOIN_NODE, ret, ary, ret, [separator]
+              event_data = Contrast::Agent::Assess::Events::EventData.new(ARRAY_JOIN_NODE, ret, ary, ret, [separator])
               properties.build_event(event_data)
               properties.event.instance_variable_set(:@_parent_events, parent_events)
               ret

data/lib/contrast/extension/assess/erb.rb

@@ -20,7 +20,7 @@ module ERBPropagator
 
       erb_pre_result = preshift.object.src
       parent_events = []
-      binding_variable_set binding_variable_set, used_binding, erb_pre_result, properties, parent_events, ret
+      binding_variable_set(binding_variable_set, used_binding, erb_pre_result, properties, parent_events, ret)
       properties.build_event(Contrast::Agent::Assess::Events::EventData.new(patcher,
                                                                             ret,
                                                                             preshift.object,

data/lib/contrast/extension/assess/marshal.rb

@@ -43,7 +43,7 @@ module Contrast
               properties.copy_from(source, ret)
 
               node = Contrast::Agent::Assess::Policy::Policy.instance.find_propagator_node('Marshal', :load, false)
-              event_data = Contrast::Agent::Assess::Events::EventData.new node, ret, self, ret, args
+              event_data = Contrast::Agent::Assess::Events::EventData.new(node, ret, self, ret, args)
               properties.build_event(event_data)
             rescue StandardError => e
               logger.error('Unable to run Assess for Marshal.load', e)

data/lib/contrast/extension/assess/string.rb

@@ -43,7 +43,7 @@ module Contrast
               offset = 0
               inputs.each do |input|
                 properties.copy_from(input, result, offset)
-                add_dynamic_sources_info input, result
+                add_dynamic_sources_info(input, result)
                 offset += input.length
                 parent_event = Contrast::Agent::Assess::Tracker.properties(input)&.event
                 parent_events << parent_event if parent_event

data/lib/contrast/extension/extension.rb

@@ -37,9 +37,9 @@ module Contrast
           def assign_value path
             case path
             when /fiber/, /interpolation26/
-              require path if Funchook.available?
+              require(path) if Funchook.available?
             else
-              require path
+              require(path)
             end
             true
           end

data/lib/contrast/framework/base_support.rb

@@ -1,45 +1,46 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/agent/reporting/reporting_events/discovered_route'
+
 module Contrast
   module Framework
     # The API for all subclasses to implement to correctly support a given framework
     module BaseSupport
       # The top level module name used by the framework
       def detection_class
-        raise NoMethodError('Subclasses of BaseSupport should implement this method')
+        raise(NoMethodError('Subclasses of BaseSupport should implement this method'))
       end
 
       def version
-        raise NoMethodError('Subclasses of BaseSupport should implement this method')
+        raise(NoMethodError('Subclasses of BaseSupport should implement this method'))
       end
 
       def application_name
-        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+        raise(NoMethodError, 'Subclasses of BaseSupport should implement this method')
       end
 
       def server_type
-        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+        raise(NoMethodError, 'Subclasses of BaseSupport should implement this method')
       end
 
-      # Find all the predefined routes for this application and append them to the
-      # provided inventory message
-      # msg should be a Contrast::Api::Dtm::ApplicationUpdate or some other msg
-      # that has a routes array consisting of Contrast::Api::Dtm::RouteCoverage
+      # Find all the predefined routes for this application
+      #
+      # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
       def collect_routes
-        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+        raise(NoMethodError, 'Subclasses of BaseSupport should implement this method')
       end
 
       def current_route_coverage
-        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+        raise(NoMethodError, 'Subclasses of BaseSupport should implement this method')
       end
 
       def current_route
-        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+        raise(NoMethodError, 'Subclasses of BaseSupport should implement this method')
       end
 
       def retrieve_request _env
-        raise NoMethodError, 'Subclasses of BaseSupport should implement this method'
+        raise(NoMethodError, 'Subclasses of BaseSupport should implement this method')
       end
 
       # Some Frameworks require specific patching for their classes to handle

data/lib/contrast/framework/grape/support.rb

@@ -49,7 +49,7 @@ module Contrast
 
           # Find all classes that subclass ::Grape::API, Gather their routes
           #
-          # @return [Array<Contrast::Api::Dtm::RouteCoverage>, Array]- founded routes as Dtms
+          # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
           def collect_routes
             return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless grape_defined?
 
@@ -60,8 +60,8 @@ module Contrast
               c&.endpoints&.each do |endpoint|
                 endpoint&.routes&.map do |r|
                   pattern = r.pattern.pattern
-                  temp = Contrast::Api::Dtm::RouteCoverage.from_grape_controller(c, r.request_method, pattern, r.path)
-                  routes << temp
+                  routes << Contrast::Agent::Reporting::DiscoveredRoute.from_grape_controller(c, r.request_method,
+                                                                                              pattern, r.path)
                 end
               end
             end
@@ -112,7 +112,7 @@ module Contrast
             full_route ||= request.env[::Rack::PATH_INFO]
 
             new_route_coverage = Contrast::Agent::Reporting::RouteCoverage.new
-            new_route_coverage.attach_rack_based_data final_controller, method, route_pattern, full_route
+            new_route_coverage.attach_rack_based_data(final_controller, method, route_pattern, full_route)
           end
 
           # Search object space for grape controllers--any class that subclasses ::Grape::API.
@@ -140,8 +140,8 @@ module Contrast
           # @param method [::Rack::REQUEST_METHOD] GET, POST, PUT, etc...
           # @param route [String] the relative route passed from Rack.
           # @param controllers [Array<::Grape::API>] All Grape controllers found
-          # @return [Array[::Grape::API]], nil] Either the controller that
-          # will handle the route along with the route pattern or nil if no match.
+          # @return [Array[::Grape::API. Grape::Router::Route], nil] Either the controller that will handle the route
+          #   along with the route pattern or nil if no match.
           def _route_recurse method, route, controllers = grape_controllers
             # return if there aren't any controllers
             return unless controllers&.any?
@@ -151,15 +151,15 @@ module Contrast
             # Grape controller actually has endpoints and each endpoint
             # has routes and that's why we need to do it that way
             controller = controllers.pop
-            return _route_recurse method, route, controllers unless controller
+            return _route_recurse(method, route, controllers) unless controller
 
             contr_routes = controller.endpoints&.map(&:routes)&.flatten || []
             route_pattern = contr_routes&.find do |r|
-              r.pattern.to_regexp.match(route) # ::Mustermann::Grape match
+              r.pattern.to_regexp.match(route) # Grape::Router::Route match
             end
             return controller, route_pattern unless route_pattern.nil?
 
-            _route_recurse method, route, controllers
+            _route_recurse(method, route, controllers)
           end
 
           # Get route and do some cleaning

data/lib/contrast/framework/manager.rb

@@ -59,30 +59,31 @@ module Contrast
         patches
       end
 
+      # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
       def find_route_discovery_data
         routes_for_all_frameworks
       end
 
       def platform_version
-        framework_version = first_framework_result :version, ''
+        framework_version = first_framework_result(:version, '')
 
         Contrast::Framework::PlatformVersion.from_string(framework_version)
       end
 
       def platform_version_string
-        first_framework_result :version, ''
+        first_framework_result(:version, '')
       end
 
       def server_type
-        first_framework_result :server_type, 'rack'
+        first_framework_result(:server_type, 'rack')
       end
 
       def app_name
-        first_framework_result :application_name, 'root'
+        first_framework_result(:application_name, 'root')
       end
 
       def app_root
-        found = first_framework_result :application_root, nil
+        found = first_framework_result(:application_root, nil)
         found || ::Rack::Directory.new('').root
       end
 
@@ -162,13 +163,10 @@ module Contrast
           if Contrast::Agent.reporter
             report = Contrast::Agent::Reporting::DtmMessage.dtm_to_event(app_update_msg)
             Contrast::Agent.reporter.send_event(report)
-
-            # This is being reported separately because we extract the data from the same message
-            inventory_report = Contrast::Agent::Reporting::ApplicationInventory.convert(app_update_msg)
-            Contrast::Agent.reporter.send_event(inventory_report)
           else
             Contrast::Agent.messaging_queue.send_event_eventually(app_update_msg)
           end
+          Contrast::Agent.reporter.send_event(Contrast::Agent::Reporting::ApplicationInventory.new)
           logger.info('Framework detected after initialization. Enabling support.',
                       framework: framework.detection_class,
                       frameworks: @_frameworks)

data/lib/contrast/framework/manager_extend.rb

@@ -20,8 +20,9 @@ module Contrast
         Contrast::Utils::ClassUtil.truly_defined?(klass)
       end
 
+      # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
       def routes_for_all_frameworks
-        data_for_all_frameworks :collect_routes
+        data_for_all_frameworks(:collect_routes)
       end
 
       # This returns an array of all data from each framework in a flat, no-nil values array

data/lib/contrast/framework/rack/patch/session_cookie.rb

@@ -25,7 +25,7 @@ module Contrast
             def instrument
               @_instrument ||= begin
                 ::Rack::Session::Cookie.class_eval do
-                  alias_method :cs__patched_initialize, :initialize
+                  alias_method(:cs__patched_initialize, :initialize)
                   def initialize app, options = {} # rubocop:disable Style/OptionHash
                     Contrast::Framework::Rack::Patch::SessionCookie.analyze(options)
                     cs__patched_initialize(app, options)

data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb

@@ -16,8 +16,20 @@ module Contrast
             def send_messages
               return unless (context = Contrast::Agent::REQUEST_TRACKER.current)
 
-              [context.server_activity, context.activity, context.observed_route].each do |msg|
-                Contrast::Agent.messaging_queue.send_event_immediately(msg)
+              if Contrast::Agent::Reporter.enabled?
+                [
+                  context.new_observed_route,
+                  context.observed_library_usage,
+                  Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.server_activity),
+                  Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity)
+                ].each do |event|
+                  Contrast::Agent.reporter&.send_event_immediately(event)
+                end
+              else
+                Contrast::Agent.reporter.send_event_immediately(context.observed_library_usage)
+                [context.server_activity, context.activity, context.observed_route].each do |msg|
+                  Contrast::Agent.messaging_queue&.send_event_immediately(msg)
+                end
               end
             end
 
@@ -27,7 +39,7 @@ module Contrast
                   # normally pre->in->post filters are applied however, in a streamed response we can run into a case
                   # where it's pre -> in -> post -> more infilters in order to submit anything found during the
                   # infilters after the response has been written we need to explicitly send them
-                  alias_method :cs__close, :close
+                  alias_method(:cs__close, :close)
                   def close
                     Contrast::Framework::Rails::Patch::ActionControllerLiveBuffer.send_messages
                     cs__close

data/lib/contrast/framework/rails/patch/assess_configuration.rb

@@ -49,7 +49,7 @@ module Contrast
             end
 
             def apply_session_timeout *args
-              return if ::Contrast::ASSESS.rule_disabled? CS__SESSION_TIMEOUT_NAME
+              return if ::Contrast::ASSESS.rule_disabled?(CS__SESSION_TIMEOUT_NAME)
               return unless vulnerable_setting?(:expire_after, SAFE_SESSION_TIMEOUT, args,
                                                 comparison_type: :greater_than, safe_default: false)
 
@@ -64,7 +64,7 @@ module Contrast
             end
 
             def apply_secure_cookie_disabled *args
-              return if ::Contrast::ASSESS.rule_disabled? CS__SECURE_RULE_NAME
+              return if ::Contrast::ASSESS.rule_disabled?(CS__SECURE_RULE_NAME)
               return unless vulnerable_setting?(:secure, true, args)
 
               rails_session_settings = args[1]
@@ -78,7 +78,7 @@ module Contrast
             end
 
             def apply_httponly_disabled *args
-              return if ::Contrast::ASSESS.rule_disabled? CS__HTTPONLY_RULE_NAME
+              return if ::Contrast::ASSESS.rule_disabled?(CS__HTTPONLY_RULE_NAME)
               return unless vulnerable_setting?(:httponly, true, args)
 
               rails_session_settings = args[1]

data/lib/contrast/framework/rails/patch/rails_application_configuration.rb

@@ -14,7 +14,7 @@ module Contrast
           def self.instrument
             @_instrument ||= begin
               ::Rails::Application::Configuration.class_eval do
-                alias_method :cs__patched_session_store, :session_store
+                alias_method(:cs__patched_session_store, :session_store)
                 def session_store *args, **kwargs
                   ret = cs__patched_session_store(*args, **kwargs)
                   Contrast::Framework::Rails::Patch::AssessConfiguration.analyze_session_store(*args, **kwargs)

data/lib/contrast/framework/rails/patch/support.rb

@@ -20,7 +20,7 @@ module Contrast
             # (i.e., where we normally patch) we will miss the configuration
             # and will never be able to report session misconfiguration rules.
             Contrast::Framework::Rails::Patch::RailsApplicationConfiguration.instrument
-            require 'contrast/framework/rails/railtie' if ::Rails::VERSION::MAJOR.to_i >= 3
+            require('contrast/framework/rails/railtie') if ::Rails::VERSION::MAJOR.to_i >= 3
           end
 
           # (See BaseSupport#after_load_patches)

data/lib/contrast/framework/rails/support.rb

@@ -44,6 +44,7 @@ module Contrast
             'rails'
           end
 
+          # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
           def collect_routes
             find_all_routes(::Rails.application, [])
           end
@@ -104,7 +105,7 @@ module Contrast
             end
 
             new_route_coverage = Contrast::Agent::Reporting::RouteCoverage.new
-            new_route_coverage.attach_rails_data route, original_url
+            new_route_coverage.attach_rails_data(route, original_url)
           rescue StandardError => e
             logger.warn('Unable to determine the current route of this request', e)
             nil
@@ -138,7 +139,8 @@ module Contrast
             route.app.is_a?(::ActionDispatch::Routing::Mapper::Constraints) && route.app.app < ::Rails::Engine
           end
 
-          # Recursively get final route traversing engines as required.
+          # Recursively get final route traversing engines as required. Because this can only be called once, we store
+          # this match for the duration of our request context.
           #
           # @param request [::Rack::Request] the rack request as will be handed to rails controller.
           # @param top_router [::ActionDispatch::Journey::Router] the current router relative to the previous.
@@ -153,7 +155,7 @@ module Contrast
             # If the current routing node points to a sub-app (::Rais::Engine), dive deeper.
             # Have sub-app route the remainder of the url.
             if engine_route?(route)
-              new_req = retrieve_request request.env
+              new_req = retrieve_request(request.env)
               new_req.path_info = new_req.path_info.gsub(match.to_s, '')
               get_full_route(new_req, route.app.app.routes.router, path << match.to_s)
             else
@@ -162,12 +164,17 @@ module Contrast
           end
 
           # Rails engine routes need to be detected by inspecting Engine class route set
+          #
+          # @param app [Rails::Application]
+          # @param route_list [Array<Contrast::Agent::Reporting::DiscoveredRoute>] the list of discovered routes to
+          #   which to append and return
+          # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
           def find_all_routes app, route_list
             return route_list unless app.cs__respond_to?(:routes) && app.routes.cs__respond_to?(:routes)
 
             app.routes.routes.each do |route|
               if route.cs__respond_to?(:app) && route.app.cs__class == ActionDispatch::Routing::RouteSet::Dispatcher
-                route_list << Contrast::Api::Dtm::RouteCoverage.from_action_dispatch_journey(route)
+                route_list << Contrast::Agent::Reporting::DiscoveredRoute.from_action_dispatch_journey(route)
               elsif route.app.app.cs__respond_to?(:routes)
                 route_list += find_all_routes(route.app.app, [])
               end

data/lib/contrast/framework/sinatra/support.rb

@@ -47,7 +47,7 @@ module Contrast
 
           # Find all classes that subclass ::Sinatra::Base. Gather their routes.
           #
-          # @return [Array<Contrast::Api::Dtm::RouteCoverage>] the routes found as Dtms.
+          # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
           def collect_routes
             return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless defined?(::Sinatra) && defined?(::Sinatra::Base)
 
@@ -56,7 +56,8 @@ module Contrast
               controller.routes.each_pair do |method, route_triplets|
                 # Sinatra stores its routes as a triplet: [Mustermann::Sinatra, [], Proc]
                 route_triplets.map(&:first).each do |route_pattern|
-                  routes << Contrast::Api::Dtm::RouteCoverage.from_sinatra_route(controller, method, route_pattern)
+                  routes << Contrast::Agent::Reporting::DiscoveredRoute.from_sinatra_route(controller, method,
+                                                                                           route_pattern)
                 end
               end
             end
@@ -101,7 +102,7 @@ module Contrast
             full_route ||= request.env[::Rack::PATH_INFO]
 
             new_route_coverage = Contrast::Agent::Reporting::RouteCoverage.new
-            new_route_coverage.attach_rack_based_data final_controller, method, route_pattern, full_route
+            new_route_coverage.attach_rack_based_data(final_controller, method, route_pattern, full_route)
           end
 
           # Search object space for sinatra controllers--any class that subclasses ::Sinatra::Base.