contrast-agent 6.1.0 → 6.2.0

data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb

@@ -18,7 +18,7 @@ module Contrast
           # @return [Contrast::Agent::Reporting::ApplicationDefendActivity]
           def convert activity_dtm
             activity = new
-            activity.attach_data activity_dtm.results
+            activity.attach_data(activity_dtm.results)
             activity
           end
         end
@@ -35,11 +35,59 @@ module Contrast
           }
         end
 
-        # @param attack_dtms [Contrast::Api::Dtm::AttackResult]
-        # @return [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
+        # @param attack_dtms [Array<Contrast::Api::Dtm::AttackResult>]
         def attach_data attack_dtms
-          attack_dtms.each do |attack|
-            @attackers << Contrast::Agent::Reporting::ApplicationDefendAttackerActivity.convert(attack)
+          attack_dtms.each do |attack_result|
+            attacker_activity = Contrast::Agent::Reporting::ApplicationDefendAttackerActivity.convert(attack_result)
+            existing_attacker_activity = attackers.find do |existing|
+              existing.source_forwarded_for == attacker_activity.source_forwarded_for &&
+                  existing.source_ip == attacker_activity.source_ip
+            end
+            rule = attack_result.rule_id
+            if existing_attacker_activity
+              attach_existing(existing_attacker_activity, attacker_activity, rule)
+            else
+              attackers << attacker_activity
+            end
+          end
+        end
+
+        # @param existing_attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
+        # @param attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
+        # @param rule [String]
+        def attach_existing existing_attacker_activity, attacker_activity, rule
+          # TODO: RUBY-1663 figure out attack time mapping
+          new_violation = attacker_activity.protection_rules[rule]
+          if (previously_violated = existing_attacker_activity.protection_rules[rule])
+            if (new_blocked = new_violation.blocked&.samples)
+              unless previously_violated.blocked
+                previously_violated.blocked = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
+              end
+              previously_violated.blocked.samples.concat(new_blocked)
+            end
+
+            if (new_exploited = new_violation.exploited&.samples)
+              unless previously_violated.exploited
+                previously_violated.exploited = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
+              end
+              previously_violated.exploited.samples.concat(new_exploited)
+            end
+
+            if (new_ineffective = new_violation.ineffective&.samples)
+              unless previously_violated.ineffective
+                previously_violated.ineffective = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
+              end
+              previously_violated.ineffective.samples.concat(new_ineffective)
+            end
+
+            if (new_suspicious = new_violation.suspicious&.samples)
+              unless previously_violated.suspicious
+                previously_violated.suspicious = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
+              end
+              previously_violated.suspicious.samples.concat(new_suspicious)
+            end
+          else
+            existing_attacker_activity.protection_rules[rule] = new_violation
           end
         end
       end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb

@@ -1,6 +1,8 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/api/dtm.pb'
+require 'contrast/api/decorators/response_type'
 require 'contrast/components/logger'
 require 'contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity'
 
@@ -9,49 +11,53 @@ module Contrast
     module Reporting
       # This is the new ApplicationDefendAttackActivity class which will include the attacks sent by the source.
       class ApplicationDefendAttackActivity
-        attr_reader :blocked, :exploited, :ineffective, :suspicious
+        # @return [Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity]
+        attr_accessor :blocked
+        # @return [Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity]
+        attr_accessor :exploited
+        # @return [Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity]
+        attr_accessor :ineffective
+        # @return [Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity]
+        attr_accessor :suspicious
 
         class << self
+          # @param attack_result [Contrast::Api::Dtm::AttackResult]
           def convert attack_result
             activity = new
-            activity.attach_data attack_result
+            activity.attach_data(attack_result)
             activity
           end
         end
 
         def initialize
           @start_time = start_time
-          @blocked = []
-          @exploited = []
-          @ineffective = []
-          @suspicious = []
           super
         end
 
         def to_controlled_hash
           {
               startTime: @start_time,
-              blocked: blocked.map(&:to_controlled_hash),
-              exploited: exploited.map(&:to_controlled_hash),
-              ineffective: ineffective.map(&:to_controlled_hash),
-              suspicious: suspicious.map(&:to_controlled_hash)
+              blocked: blocked&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH,
+              exploited: exploited&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH,
+              ineffective: ineffective&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH,
+              suspicious: suspicious&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH
           }
         end
 
-        # @param attack_result [Contrast::Agent::Reporting::AttackResult]
+        # @param attack_result [Contrast::Api::Dtm::AttackResult]
         # @return [Contrast::Agent::Reporting::Defend::AttackSampleActivity]
         def attach_data attack_result
           attack_sample_activity =
             Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.convert(attack_result)
           case attack_result.response
-          when Contrast::Agent::Reporting::ResponseType::BLOCKED
-            @blocked << attack_sample_activity
-          when Contrast::Agent::Reporting::ResponseType::EXPLOITED
-            @exploited << attack_sample_activity
-          when Contrast::Agent::Reporting::ResponseType::MONITORED
-            @ineffective << attack_sample_activity
-          when Contrast::Agent::Reporting::ResponseType::SUSPICIOUS
-            @suspicious << attack_sample_activity
+          when ::Contrast::Api::Dtm::AttackResult::ResponseType::BLOCKED
+            @blocked = attack_sample_activity
+          when ::Contrast::Api::Dtm::AttackResult::ResponseType::MONITORED
+            @exploited = attack_sample_activity
+          when ::Contrast::Api::Dtm::AttackResult::ResponseType::PROBED
+            @ineffective = attack_sample_activity
+          when ::Contrast::Api::Dtm::AttackResult::ResponseType::SUSPICIOUS
+            @suspicious = attack_sample_activity
           end
         end
 

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb

@@ -1,6 +1,11 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/agent/protect/rule/cmd_injection'
+require 'contrast/agent/protect/rule/deserialization'
+require 'contrast/agent/protect/rule/http_method_tampering'
+require 'contrast/agent/protect/rule/no_sqli'
+require 'contrast/api/dtm.pb'
 require 'contrast/components/logger'
 
 module Contrast
@@ -11,10 +16,15 @@ module Contrast
       class ApplicationDefendAttackSample
         include Contrast::Agent::Reporting::InputType
 
+        # @return [Hash]
+        attr_reader :time_stamp
+
         class << self
-          def convert attack_result
+          # @param attack_result [Contrast::Api::Dtm::AttackResult]
+          # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
+          def convert attack_result, attack_sample
             activity = new
-            activity.attach_data attack_result
+            activity.attach_data(attack_result, attack_sample)
             activity
           end
         end
@@ -28,22 +38,26 @@ module Contrast
           {
               blocked: @blocked,
               input: @input,
-              request: @request.to_controlled_hash,
-              stack: @stack,
-              timeStamp: @time_stamp
+              details: @details,
+              request: @request&.to_controlled_hash,
+              stack: @stack&.map(&:to_controlled_hash),
+              timestamp: time_stamp
           }
         end
 
         # @param attack_result [Contrast::Api::Dtm::AttackResult]
-        def attach_data attack_result
-          rasp_rule = attack_result.samples[0]
-          @blocked = attack_result.response == Contrast::Agent::Reporting::ResponseType::BLOCKED
-          @input = build_input(rasp_rule)
-          @time_stamp = build_time_stamp(rasp_rule.timestamp_ms)
+        # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
+        def attach_data attack_result, attack_sample
+          @blocked = attack_result.response == ::Contrast::Api::Dtm::AttackResult::ResponseType::BLOCKED
+          @input = build_input(attack_sample)
+          @details = build_details(attack_result.rule_id, attack_sample)
+          @time_stamp = build_time_stamp(attack_sample.timestamp_ms)
           @request = FindingRequest.convert(Contrast::Agent::REQUEST_TRACKER.current&.request)
-          @stack = Contrast::Utils::StackTraceUtils.build_protect_stack_array
+          @stack = Contrast::Utils::StackTraceUtils.build_protect_report_stack_array
         end
 
+        # @param start [Integer]
+        # @return [Hash]
         def build_time_stamp start
           {
               start: start,
@@ -51,19 +65,117 @@ module Contrast
           }
         end
 
-        def build_input rasp_rule
-          user_input = rasp_rule.user_input
+        # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
+        def build_input attack_sample
+          user_input = attack_sample.user_input
           {
-              details: Contrast::Api::Dtm::RaspRuleSample.to_controlled_hash(rasp_rule),
               documentPath: user_input.path,
-              documentType: user_input.document_type,
+              documentType: build_document_type(user_input.document_type),
               filters: user_input.matcher_ids,
               name: user_input.key,
-              time: rasp_rule.timestamp_ms,
-              type: user_input.input_type,
+              time: attack_sample.timestamp_ms,
+              type: build_input_type(user_input.input_type),
               value: user_input.value
           }
         end
+
+        # Convert the document type api enum to a String constant TeamServer can understand.
+        #
+        # @param type_enum [::Contrast::Api::Dtm::HttpRequest::DocumentType]
+        # @return [String]
+        def build_document_type type_enum
+          case type_enum
+          when ::Contrast::Api::Dtm::HttpRequest::DocumentType::JSON
+            'JSON'
+          when ::Contrast::Api::Dtm::HttpRequest::DocumentType::XML
+            'XML'
+          else
+            'NORMAL'
+          end
+        end
+
+        # Convert the input type api enum to a String constant TeamServer can understand.
+        #
+        # @param type_enum [when ::Contrast::Api::Dtm::UserInput::InputType]
+        # @return [String]
+        def build_input_type type_enum
+          case type_enum
+          when ::Contrast::Api::Dtm::UserInput::InputType::UNDEFINED_TYPE
+            'UNDEFINED_TYPE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::BODY
+            'BODY'
+          when ::Contrast::Api::Dtm::UserInput::InputType::COOKIE_NAME
+            'COOKIE_NAME'
+          when ::Contrast::Api::Dtm::UserInput::InputType::COOKIE_VALUE
+            'COOKIE_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::HEADER
+            'HEADER'
+          when ::Contrast::Api::Dtm::UserInput::InputType::PARAMETER_NAME
+            'PARAMETER_NAME'
+          when ::Contrast::Api::Dtm::UserInput::InputType::PARAMETER_VALUE
+            'PARAMETER_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::QUERYSTRING
+            'QUERYSTRING'
+          when ::Contrast::Api::Dtm::UserInput::InputType::URI
+            'URI'
+          when ::Contrast::Api::Dtm::UserInput::InputType::SOCKET
+            'SOCKET'
+          when ::Contrast::Api::Dtm::UserInput::InputType::JSON_VALUE
+            'JSON_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::JSON_ARRAYED_VALUE
+            'JSON_ARRAYED_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::MULTIPART_CONTENT_TYPE
+            'MULTIPART_CONTENT_TYPE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::MULTIPART_VALUE
+            'MULTIPART_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::MULTIPART_FIELD_NAME
+            'MULTIPART_FIELD_NAME'
+          when ::Contrast::Api::Dtm::UserInput::InputType::MULTIPART_NAME
+            'MULTIPART_NAME'
+          when ::Contrast::Api::Dtm::UserInput::InputType::XML_VALUE
+            'XML_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::DWR_VALUE
+            'DWR_VALUE'
+          when ::Contrast::Api::Dtm::UserInput::InputType::METHOD
+            'METHOD'
+          when ::Contrast::Api::Dtm::UserInput::InputType::REQUEST
+            'REQUEST'
+          when ::Contrast::Api::Dtm::UserInput::InputType::URL_PARAMETER
+            'URL_PARAMETER'
+          else # ::Contrast::Api::Dtm::UserInput::InputType::UNKNOWN
+            'UNKNOWN'
+          end
+        end
+
+        # This is a temporary method to facilitate the translation of API details to Reporting details. As we move off
+        # of protobuf, this responsibility should shift from this class to the individual rules, as they do today when
+        # they populate their details in Contrast::Api::Dtm::RaspRuleSample
+        #
+        # @param rule_id [String]
+        # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
+        # @return [Hash] the details for this specific rule
+        def build_details rule_id, attack_sample
+          case rule_id
+          when Contrast::Agent::Protect::Rule::CmdInjection::NAME
+            Contrast::Agent::Protect::Rule::CmdInjection.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::Deserialization::NAME
+            Contrast::Agent::Protect::Rule::Deserialization.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::HttpMethodTampering::NAME
+            Contrast::Agent::Protect::Rule::HttpMethodTampering.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::NoSqli::NAME
+            Contrast::Agent::Protect::Rule::NoSqli.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::PathTraversal::NAME
+            Contrast::Agent::Protect::Rule::PathTraversal.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::Sqli::NAME
+            Contrast::Agent::Protect::Rule::Sqli.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::Xss::NAME
+            Contrast::Agent::Protect::Rule::Xss.extract_details(attack_sample)
+          when Contrast::Agent::Protect::Rule::Xxe::NAME
+            Contrast::Agent::Protect::Rule::Xxe.extract_details(attack_sample)
+          else # something unknown or Contrast::Agent::Protect::Rule::UnsafeFileUpload::NAME
+            Contrast::Utils::ObjectShare::EMPTY_HASH
+          end
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb

@@ -10,46 +10,45 @@ module Contrast
       # This is the new AttackerSampleActivity class which will include Sample of the given attacks in the activity
       # period.
       class ApplicationDefendAttackSampleActivity
+        # @return [Array<Contrast::Agent::Reporting::ApplicationDefendAttackSample>]
+        attr_reader :samples
+        # @return [Hash<Integer,Integer>] map of time from start in seconds to number of attacks in that second
+        attr_reader :time_map
+
         class << self
-          def convert attack_samples
+          # @param attack_result [Contrast::Api::Dtm::AttackResult]
+          def convert attack_result
             activity = new
-            activity.attach_data attack_samples
+            activity.attach_data(attack_result)
             activity
           end
         end
 
         def initialize
           @samples = []
-          @start_time = (Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0)
+          @start_time = (Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0) / 1000
           @event_type = :application_defend_attack_sample_activity
+          @time_map = Hash.new { |h, k| h[k] = 0 }
           super
         end
 
         def to_controlled_hash
           {
-              attackTimeMap: attack_time_map,
-              samples: @samples.map(&:to_controlled_hash),
+              attackTimeMap: time_map,
+              samples: samples.map(&:to_controlled_hash),
               startTime: @start_time,
               total: 1 # there will only ever be 1 attack sample, until batching is done
           }
         end
 
-        # @param inventory_dtm [Contrast::Api::Dtm::ApplicationUpdate]
-        # @return [Contrast::Agent::Reporting::ApplicationInventory]
-        # TODO: RUBY-9999 update to handle batching
-        def attach_data attack_sample
-          @samples << Contrast::Agent::Reporting::ApplicationDefendAttackSample.convert(attack_sample)
-        end
-
-        def attack_time_map
-          {
-              second: duration,
-              count: 1 # there will only ever be 1 attack sample, until batching is done
-          }
-        end
-
-        def duration
-          Contrast::Utils::Timer.now_ms - @start_time
+        # @param attack_result [Contrast::Api::Dtm::AttackResult]
+        def attach_data attack_result
+          attack_result.samples.each do |attack_sample|
+            converted = Contrast::Agent::Reporting::ApplicationDefendAttackSample.convert(attack_result, attack_sample)
+            samples << converted
+            attack_second = converted.time_stamp[:elapsed] / 1000
+            time_map[attack_second] += 1
+          end
         end
       end
     end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_stack.rb

@@ -0,0 +1,22 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      # This is the new ApplicationDefendAttackSample class which includes a samples of an attack for the given rule of
+      # the given result observed in the activity period.
+      class ApplicationDefendAttackSampleStack
+        # @return [String]
+        attr_accessor :file_name
+        # @return [String]
+        attr_accessor :method_name
+
+        # @return [Hash]
+        def to_controlled_hash
+          { fileName: @file_name, methodName: @method_name }.compact
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb

@@ -10,19 +10,33 @@ module Contrast
       # This is the new AttackerActivity class which will includes the attacker information discovered during this
       # activity period.
       class ApplicationDefendAttackerActivity
-        attr_reader :attackers
+        # @return [Hash<String,Contrast::Agent::Reporting::ApplicationDefendAttackActivity>] map of rule-id to violated
+        #   samples for that rule
+        attr_reader :protection_rules
+        # @return [String, nil] the IP address of the request from which the attack originated; used to identify unique
+        #   attackers
+        attr_reader :source_ip
+        # @return [String, nil] the X-Forwarded-For Header of the request from which the attack originated; used to
+        #   identify unique attackers
+        attr_reader :source_forwarded_for
 
         class << self
+          # @param attack_result_dtm [Contrast::Api::Dtm::AttackResult]
+          # @return [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
           def convert attack_result_dtm
             activity = new
-            activity.attach_data attack_result_dtm
+            activity.attach_data(attack_result_dtm)
             activity
           end
         end
 
         def initialize
           @protection_rules = {}
-          @request = Contrast::Agent::REQUEST_TRACKER.current.activity.http_request
+          req = Contrast::Agent::REQUEST_TRACKER.current.activity.http_request
+          if req
+            @source_ip = req.sender.ip
+            @source_forwarded_for = req.request_headers['X-Forwarded-For']
+          end
           @event_type = :application_defend_attacker_activity
           super
         end
@@ -31,24 +45,24 @@ module Contrast
           {
               protectionRules: process_protection_rules,
               source: {
-                  ip: @request.sender.ip,
-                  xForwardedFor: @request.request_headers['X-Forwarded-For']
+                  ip: source_ip,
+                  xForwardedFor: source_forwarded_for
               }
           }
         end
 
-        # @param attack_result [Contrast::Agent::Reporting::AttackResult]
+        # @param attack_result [Contrast::Api::Dtm::AttackResult]
         def attach_data attack_result
-          attack_activity = Contrast::Agent::Reporting::ApplicationDefendAttackActivity.convert(attack_result)
-          @protection_rules[attack_result.rule_id] = attack_activity
+          @protection_rules[attack_result.rule_id] =
+            Contrast::Agent::Reporting::ApplicationDefendAttackActivity.convert(attack_result)
         end
 
         def process_protection_rules
-          arr = []
-          @protection_rules.each_pair do |k, v|
-            arr << { k => v&.to_controlled_hash }
+          hsh = {}
+          @protection_rules.each_pair do |rule_id, attack_activity|
+            hsh[rule_id] = attack_activity.to_controlled_hash
           end
-          arr
+          hsh
         end
       end
     end

data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb

@@ -17,40 +17,25 @@ module Contrast
         #   discovered during first request processing.
         attr_reader :routes
 
-        class << self
-          def convert app_update_dtm
-            app_inventory = new
-            app_inventory.attach_data app_update_dtm
-            app_inventory
-          end
-        end
-
-        def file_name
-          'applications-inventory'
-        end
-
         def initialize
-          @routes = []
           @event_type = :application_inventory
           @event_method = :POST
           @event_endpoint = Contrast::Agent::Reporting::Endpoints.application_inventory
+          # The API spec limits us to 500 routes, so we'll enforce that here to not hold on to superfulous data.
+          @routes = Contrast::Agent.framework_manager.find_route_discovery_data.take(500)
           super
         end
 
+        def file_name
+          'applications-inventory'
+        end
+
         def to_controlled_hash
           {
-              session_id: @agent_session_id_value,
+              session_id: ::Contrast::ASSESS.session_id,
               routes: routes.map(&:to_controlled_hash)
           }
         end
-
-        # @param inventory_dtm [Contrast::Api::Dtm::ApplicationUpdate]
-        # @return [Contrast::Agent::Reporting::ApplicationInventory]
-        def attach_data inventory_dtm
-          inventory_dtm.routes.each do |route|
-            @routes << Contrast::Agent::Reporting::DiscoveredRoute.convert(route)
-          end
-        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb

@@ -4,6 +4,7 @@
 require 'contrast/components/logger'
 require 'contrast/agent/reporting/reporting_events/application_reporting_event'
 require 'contrast/agent/reporting/reporting_events/architecture_component'
+require 'contrast/utils/object_share'
 
 module Contrast
   module Agent
@@ -14,21 +15,22 @@ module Contrast
       class ApplicationInventoryActivity < Contrast::Agent::Reporting::ApplicationReportingEvent
         # return [Contrast::Agent::Reporting::ArchitectureComponent]
         attr_reader :components
-        # @ return [String, nil] - User-Agent Header value
-        attr_reader :browser
+        # @ return [Array<String>, nil] - User-Agent Header value
+        attr_reader :browsers
 
         class << self
           # @param activity_dtm [Contrast::Api::Dtm::ApplicationActivity]
           # @return [Contrast::Agent::Reporting::ApplicationInventoryActivity]
           def convert activity_dtm
             inventory = new
-            inventory.attach_data activity_dtm
+            inventory.attach_data(activity_dtm)
             inventory
           end
         end
 
         def initialize
           @event_type = :application_inventory_activity
+          @browsers = []
           @components = []
           super
         end
@@ -36,7 +38,7 @@ module Contrast
         def to_controlled_hash
           {
               activityDuration: duration,
-              browser: browser,
+              browsers: browsers,
               components: components.map(&:to_controlled_hash)
           }
         end
@@ -46,7 +48,7 @@ module Contrast
             @components << Contrast::Agent::Reporting::ArchitectureComponent.convert(architecture)
           end
           request_headers = activity.http_request&.request_headers
-          @browser = request_headers['USER_AGENT'] if request_headers
+          @browsers << request_headers['USER_AGENT'] if request_headers
         end
 
         def duration

data/lib/contrast/agent/reporting/reporting_events/application_startup.rb

@@ -26,23 +26,17 @@ module Contrast
         # TeamServer to process the JSON form of this message.
         #
         # @return [Hash]
-        # @raise [ArgumentError]
         def to_controlled_hash
           app_config = ::Contrast::CONFIG.root.application
-          hsh = {
+          {
               code: app_config.code,
               group: app_config.group,
               instrumentation: Contrast::Agent::Reporting::ApplicationStartupInstrumentation.new.to_controlled_hash,
               metadata: app_config.metadata,
+              session_id: ::Contrast::CONFIG.session_id,
+              session_metadata: ::Contrast::CONFIG.session_metadata,
               tags: app_config.tags
-          }
-          if (session_id = ::Contrast::CONFIG.session_id)
-            hsh[:session_id] = session_id
-          end
-          if (session_metadata = ::Contrast::CONFIG.session_metadata)
-            hsh[:session_metadata] = session_metadata
-          end
-          hsh
+          }.compact
         end
       end
     end