contrast-agent 6.1.2 → 6.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c901ed882ebff8176fe2f3794907e29b03cc2903b61260f138d93b2ef02a465c
-  data.tar.gz: 72e4f01ccf5a57bbd5afa0cac58c51cddbe26183691d9495f563dfd9fb37e7e1
+  metadata.gz: b285299c51379c206ff8c7a64426ef5207594391d59c1ce284bae3a899d6d56f
+  data.tar.gz: f7847b7523600ebad30ba380cd338d36f6ed2e8136e86d2fdb71f4c7953f530a
 SHA512:
-  metadata.gz: 1d60653e61e95443c45bb43caac325b3c72449ddea435096e2d8e49c0a0851ff9ae6486fc16a17f65f663c2f069c58f6157f4f7ef8745d0b082d4fe7c5c0b8b6
-  data.tar.gz: e1e5dd1a542009d153fa6e77f86d889d8bb852d85d66c84400a583b63536be06a70423c4f05e547280f06368851a43720ac941efedf3aeb17a314ff3c9f61a14
+  metadata.gz: 3edc5557919437f5c7f76b741ed4133263bd975baebb6c81d8ac416713571c6ef871e9ab4d3b1ddf34aa0ff548242e71081443bc5c3cd04c2f4bae35b030e866
+  data.tar.gz: 21c33b917d5f9c0f3b8070bde64b42c8d800dd73c952b0d45830b9d13eb6135ba086c9abf43b3003168f5c3902753cf1a480444bbfca506f00d7bf51b5039d03

data/lib/contrast/agent/at_exit_hook.rb

@@ -31,11 +31,12 @@ module Contrast
         context = Contrast::Agent::REQUEST_TRACKER.current
         return unless context
 
+        Contrast::Agent.reporter.send_event_immediately(context.observed_library_usage)
+
         if Contrast::Agent::Reporter.enabled?
           [
             context.new_observed_route,
             Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.server_activity),
-            Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity.library_usages),
             Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity)
           ].each do |event|
             Contrast::Agent.reporter&.send_event_immediately(event)

data/lib/contrast/agent/inventory/dependency_usage_analysis.rb

@@ -1,6 +1,7 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/agent/reporting/reporting_events/library_usage_observation'
 require 'contrast/agent/inventory/dependencies'
 require 'contrast/components/logger'
 require 'contrast/utils/object_share'
@@ -73,10 +74,11 @@ module Contrast
         #
         # TODO: RUBY-1355
         # TODO: RUBY-1438 -- change to just use EventMessage
-        # @param activity [Contrast::Api::Dtm::Activity] the message to which to append the usage data
-        def generate_library_usage activity
+        # @param observed_library_usage [Contrast::Agent::Reporting::ObservedLibraryUsage] the message to
+        #   which to append the usage data
+        def generate_library_usage observed_library_usage
           return unless enabled?
-          return unless activity
+          return unless observed_library_usage
 
           # Disconnect gemdigest_cache and replace it with an empty one; synch so new libs cannot be added between the
           # assignment and the replace
@@ -86,8 +88,10 @@ module Contrast
             hold
           end
           gem_spec_digest_to_files.each_pair do |digest, files|
-            usage = Contrast::Api::Dtm::LibraryUsageUpdate.build(digest, files)
-            activity.library_usages[usage.hash_code] = usage
+            usage = Contrast::Agent::Reporting::LibraryUsageObservation.new(digest, files)
+            next if usage.names.empty?
+
+            observed_library_usage.observations << usage
           end
         rescue StandardError => e
           logger.error('Unable to generate library usage.', e)

data/lib/contrast/agent/protect/rule/xss.rb

@@ -16,6 +16,10 @@ module Contrast
             # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
             # @return [Hash] the details for this specific rule
             def extract_details attack_sample
+              # TODO: RUBY-1702 - figure out why xss isn't populated when reported; probably something to do w/
+              #   suspicious
+              return Contrast::Utils::ObjectShare::EMPTY_HASH unless attack_sample&.xss
+
               {
                   input: attack_sample.xss.input,
                   matches: attack_sample.xss.matches.map do |match|

data/lib/contrast/agent/reporting/reporter.rb

@@ -31,16 +31,6 @@ module Contrast
         @_connection ||= client.initialize_connection
       end
 
-      def attempt_to_start?
-        unless cs__class.enabled?
-          logger.warn('Reporter service is disabled!')
-          return false
-        end
-
-        logger.debug('Attempting to start Reporter thread') unless running?
-        true
-      end
-
       def start_thread!
         return if running?
 
@@ -54,6 +44,8 @@ module Contrast
             next unless client && connection
 
             process_event(queue.pop)
+          rescue StandardError => e
+            logger.debug('Reporter thread could not process because of:', error: e)
           end
         end
       end
@@ -78,7 +70,6 @@ module Contrast
           return
         end
         return unless event
-        return unless cs__class.enabled?
 
         logger.debug('Enqueued event for sending', event_type: event.cs__class)
         queue << event

data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb

@@ -17,19 +17,12 @@ module Contrast
         #   discovered during first request processing.
         attr_reader :routes
 
-        class << self
-          def convert app_update_dtm
-            app_inventory = new
-            app_inventory.attach_data(app_update_dtm)
-            app_inventory
-          end
-        end
-
         def initialize
-          @routes = []
           @event_type = :application_inventory
           @event_method = :POST
           @event_endpoint = Contrast::Agent::Reporting::Endpoints.application_inventory
+          # The API spec limits us to 500 routes, so we'll enforce that here to not hold on to superfulous data.
+          @routes = Contrast::Agent.framework_manager.find_route_discovery_data.take(500)
           super
         end
 
@@ -39,18 +32,10 @@ module Contrast
 
         def to_controlled_hash
           {
-              session_id: @agent_session_id_value,
+              session_id: ::Contrast::ASSESS.session_id,
               routes: routes.map(&:to_controlled_hash)
           }
         end
-
-        # @param inventory_dtm [Contrast::Api::Dtm::ApplicationUpdate]
-        # @return [Contrast::Agent::Reporting::ApplicationInventory]
-        def attach_data inventory_dtm
-          inventory_dtm.routes.each do |route|
-            @routes << Contrast::Agent::Reporting::DiscoveredRoute.convert(route)
-          end
-        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/discovered_route.rb

@@ -17,15 +17,84 @@ module Contrast
       # recorded.
       class DiscoveredRoute < Contrast::Agent::Reporting::ObservedRoute
         class << self
-          # @param dtm [Contrast::Api::Dtm::RouteCoverage]
+          # @param obj [Regexp, Object]
+          # @return [String]
+          def source_or_string obj
+            if obj.cs__is_a?(Regexp)
+              obj.source
+            elsif obj.cs__respond_to?(:safe_string)
+              obj.safe_string
+            else
+              obj.to_s
+            end
+          end
+
+          # Convert ActionDispatch::Journey::Route to Contrast::Agent::Reporting::DiscoveredRoute
+          #
+          # @param journey_obj [ActionDispatch::Journey::Route] a rails route
+          # @param url [String, nil] use url from string instead of journey object.
+          # @return [Contrast::Agent::Reporting::DiscoveredRoute]
+          def from_action_dispatch_journey journey_obj, url = nil
+            msg = new
+            msg.signature = "#{ journey_obj.defaults[:controller] }##{ journey_obj.defaults[:action] }"
+
+            verb = source_or_string(journey_obj.verb)
+            msg.verb = Contrast::Utils::StringUtils.force_utf8(verb)
+
+            url ||= source_or_string(journey_obj.path.spec)
+            msg.url = Contrast::Utils::StringUtils.force_utf8(url)
+            msg
+          end
+
+          # Convert Grape route data to discovered route.
+          #
+          # @param controller [::Grape::API] the route's final controller.
+          # @param method [String] GET, PUT, POST, etc...
+          # @param url [String, nil] use url from string instead matched pattern.
+          # @param pattern [String, Grape::Router::Route] the pattern that was matched in routing.
           # @return [Contrast::Agent::Reporting::DiscoveredRoute]
-          def convert dtm
-            discovered_route = new
-            discovered_route.attach_data(dtm)
-            discovered_route
+          def from_grape_controller controller, method, pattern, url = nil
+            if pattern.cs__is_a?(Grape::Router::Route)
+              safe_pattern = pattern.pattern&.path&.to_s
+              safe_url = source_or_string(url || safe_pattern)
+            else
+              safe_pattern = source_or_string(pattern)
+              safe_url = source_or_string(url || pattern)
+            end
+
+            msg = new
+            msg.signature = "#{ controller }##{ method } #{ safe_pattern }"
+            msg.verb = Contrast::Utils::StringUtils.force_utf8(method)
+            msg.url = Contrast::Utils::StringUtils.force_utf8(safe_url)
+            msg
+          end
+
+          # Convert Sinatra route data to discovered route.
+          #
+          # @param controller [::Sinatra::Base] the route's final controller.
+          # @param method [String] GET, PUT, POST, etc...
+          # @param pattern [::Mustermann::Sinatra]  the pattern that was matched in routing.
+          # @param url [String, nil] use url from string instead matched pattern.
+          # @return [Contrast::Agent::Reporting::DiscoveredRoute]
+          def from_sinatra_route controller, method, pattern, url = nil
+            safe_pattern = source_or_string(pattern)
+            safe_url = source_or_string(url || pattern)
+
+            msg = new
+            msg.signature = "#{ controller }##{ method } #{ safe_pattern }"
+            msg.verb = Contrast::Utils::StringUtils.force_utf8(method)
+            msg.url = Contrast::Utils::StringUtils.force_utf8(safe_url)
+            msg
           end
         end
 
+        # @return [String] the controller, method, and pattern of this route
+        attr_accessor :signature
+        # @return [String] the url (or url pattern) used to access this route
+        attr_accessor :url
+        # @return [String, nil] the HTTP verb used to access this route or nil for any verb
+        attr_accessor :verb
+
         def initialize
           super
           @event_type = :discovered_route
@@ -34,18 +103,9 @@ module Contrast
           @url = Contrast::Utils::ObjectShare::EMPTY_STRING
         end
 
-        # @param dtm[Contrast::Api::Dtm::RouteCoverage]
-        def attach_data dtm
-          @signature = dtm.route
-          @verb = dtm.verb
-          @url = dtm.url
-        end
-
         def to_controlled_hash
           validate
-          dr_hash = { session_id: @agent_session_id_value, signature: @signature, verb: @verb, url: @url }
-          dr_hash.delete(:verb) unless @verb
-          dr_hash
+          { session_id: ::Contrast::ASSESS.session_id, signature: @signature, verb: @verb, url: @url }.compact
         end
 
         def validate

data/lib/contrast/agent/reporting/reporting_events/finding.rb

@@ -135,7 +135,7 @@ module Contrast
               created: created,
               hash: hash_code.to_s,
               ruleId: rule_id,
-              session_id: @agent_session_id_value.to_s,
+              session_id: ::Contrast::ASSESS.session_id,
               version: 4
           }
           hsh[:events] = events.map(&:to_controlled_hash) if event_based?
@@ -152,7 +152,7 @@ module Contrast
         # @raise [ArgumentError]
         def validate
           raise(ArgumentError, "#{ self } did not have a proper rule. Unable to continue.") unless @rule_id
-          unless @agent_session_id_value
+          unless ::Contrast::ASSESS.session_id
             raise(ArgumentError, "#{ self } did not have a proper session id. Unable to continue.")
           end
           if event_based? && events.empty?

data/lib/contrast/agent/reporting/reporting_events/library_usage_observation.rb

@@ -11,25 +11,11 @@ module Contrast
         # @param [Array<String>] List of file paths that have been loaded out of or executed by the library
         attr_reader :names
 
-        class << self
-          # Convert a DTM for SpeedRacer to an Event for TeamServer.
-          #
-          # @param usage_dtm [Contrast::Api::Dtm::LibraryUsageUpdate]
-          # @return [Contrast::Agent::Reporting::LibraryUsageObservation]
-          def convert usage_dtm
-            observation = new
-            observation.attach_data(usage_dtm)
-            observation
-          end
-        end
-
-        def initialize
-          @names = []
-        end
-
-        def attach_data usage_dtm
-          @id = usage_dtm.hash_code
-          @names = usage_dtm.class_names.keys
+        # @param id [String] Sha256Sum of library as identified by the agent
+        # @param class_names [Array<String>] List of file paths that have been loaded out of or executed by the library
+        def initialize id, class_names
+          @id = id
+          @names = class_names
         end
 
         def to_controlled_hash

data/lib/contrast/agent/reporting/reporting_events/observed_library_usage.rb

@@ -9,23 +9,11 @@ module Contrast
     module Reporting
       # List of libraries that have been observed to have something loaded or executed.
       #
-      # @attr_reader observations - Array[Contrast::Agent::Reporting::LibraryUsageObservation]
-      #                            - Hash of LibraryUsageObservations
       class ObservedLibraryUsage < Contrast::Agent::Reporting::ApplicationReportingEvent
+        # @attr_reader observations - Array[Contrast::Agent::Reporting::LibraryUsageObservation]
+        #                            - Hash of LibraryUsageObservations
         attr_reader :observations
 
-        class << self
-          # Convert a Hash of LibraryUsageUpdate DTMs for SpeedRacer to an Event for TeamServer.
-          #
-          # @param usages_dtm_hash Hash[Contrast::Api::Dtm::LibraryUsageUpdate]
-          # @return [Contrast::Agent::Reporting::ObservedLibraryUsage]
-          def convert usages_dtm_hash
-            report = new
-            report.attach_data(usages_dtm_hash)
-            report
-          end
-        end
-
         def initialize
           @event_endpoint = Contrast::Agent::Reporting::Endpoints.library_usage
           @observations = []
@@ -41,17 +29,13 @@ module Contrast
           { observations: @observations.map(&:to_controlled_hash) }
         end
 
-        def attach_data usages_dtm_hash
-          usages_dtm_hash.each do |_key, value|
-            next unless value.class_names.any?
-
-            @observations << Contrast::Agent::Reporting::LibraryUsageObservation.convert(value)
-          end
-        end
-
         def validate
           raise(ArgumentError, "#{ self } did not have observations. Unable to continue.") if observations.empty?
         end
+
+        def clear
+          @observations = []
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/observed_route.rb

@@ -47,7 +47,7 @@ module Contrast
         def to_controlled_hash
           validate
           rc_hash = {
-              session_id: @agent_session_id_value,
+              session_id: ::Contrast::ASSESS.session_id,
               sources: @sources.map(&:to_controlled_hash),
               signature: @signature,
               verb: @verb,

data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb

@@ -30,7 +30,6 @@ module Contrast
           @app_name = ::Contrast::APP_CONTEXT.app_name
           @app_version = ::Contrast::APP_CONTEXT.app_version
           @routes = []
-          @agent_session_id_value = ::Contrast::ASSESS.session_id
         end
 
         # Convert the instance variables on the class, and other information, into the identifiers required for
@@ -48,7 +47,7 @@ module Contrast
               data: '',
               key: 0,
               routes: @routes,
-              session_id: @agent_session_id_value
+              session_id: ::Contrast::ASSESS.session_id
           }
         end
 
@@ -60,7 +59,7 @@ module Contrast
           unless @app_language
             raise(ArgumentError, "#{ cs__class } did not have a proper application language. Unable to continue.")
           end
-          unless @agent_session_id_value
+          unless ::Contrast::ASSESS.session_id
             raise(ArgumentError, "#{ cs__class } did not have a proper session id. Unable to continue.")
           end
 

data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb

@@ -20,9 +20,7 @@ module Contrast
         attr_reader :event_method
 
         def initialize
-          @agent_session_id_value = ::Contrast::ASSESS.session_id
-          @event_endpoint ||= nil
-          @event_method ||= :POST
+          @event_method ||= :POST # rubocop:disable Lint/DisjunctiveAssignmentInConstructor
         end
 
         # Some reports require specific additional headers to be used. To that end, we'll attach them here, letting

data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb

@@ -32,6 +32,15 @@ module Contrast
           @count = 0
         end
 
+        # Parse the given controller and route from a Rack based application framework in order to create an instance
+        # of this class
+        #
+        # @param final_controller [Grape::API, Sinatra::Base] the controller responsible for the definition of the
+        #   entrypoint of the route actively being executed
+        # @param method [String] the HTTP request method of the route actively being executed
+        # @param route_pattern [Grape::Router::Route, Mustermann::Sinatra] the pattern to which the url maps
+        # @param url [String] the literal url of the route actively being executed
+        # @return [Contrast::Agent::Reporting::RouteCoverage]
         def attach_rack_based_data final_controller, method, route_pattern, url = nil
           if route_pattern.cs__is_a?(Grape::Router::Route)
             safe_pattern = route_pattern.pattern&.path&.to_s

data/lib/contrast/agent/reporting/reporting_utilities/audit.rb

@@ -16,7 +16,7 @@ module Contrast
         attr_reader :path_for_requests, :path_for_responses
 
         def initialize
-          generate_paths if enabled? && Contrast::CONTRAST_SERVICE.use_agent_communication?
+          generate_paths if enabled?
         end
 
         # This method will be handling the auditing of the requests and responses we send to SpeedRacer. If the audit
@@ -45,7 +45,6 @@ module Contrast
         # @param data[String] String representation if the logged data
         def log_data type, file_name, data = nil
           return unless enabled?
-          return unless Contrast::CONTRAST_SERVICE.use_agent_communication?
 
           logger.debug('logging to file', file_name: file_name) # TODO: RUBY-99999 DO NOT COMMIT THIS
           write_to_file(type, file_name, data)

data/lib/contrast/agent/reporting/reporting_utilities/dtm_message.rb

@@ -21,15 +21,6 @@ module Contrast
             dtm.cs__is_a?(Contrast::Api::Dtm::ServerActivity)
           end
 
-          # Checks if the message is a Hash of Contrast::Api::Dtm::LibraryUsageUpdate class
-          #
-          # @param message [Protobuf::Field::FieldHash<String,::Contrast::Api::Dtm::LibraryUsageUpdate>]
-          # @return [Boolean]
-          def library_usage? message
-            message.cs__is_a?(Protobuf::Field::FieldHash) &&
-                message.values[0].cs__is_a?(Contrast::Api::Dtm::LibraryUsageUpdate)
-          end
-
           # Checks if the message is of Contrast::Api::Dtm::ApplicationUpdate class
           #
           # @param dtm [Contrast::Api::Dtm::ApplicationUpdate,Object]
@@ -61,7 +52,6 @@ module Contrast
             return Contrast::Agent::Reporting::ServerActivity.new if server_activity?(dtm)
 
             # For the others, we convert them.
-            return Contrast::Agent::Reporting::ObservedLibraryUsage.convert(dtm) if library_usage?(dtm)
             return Contrast::Agent::Reporting::ApplicationUpdate.convert(dtm) if application_update?(dtm)
             return Contrast::Agent::Reporting::Finding.convert(dtm) if finding?(dtm)
             return Contrast::Agent::Reporting::ApplicationActivity.convert(dtm) if activity?(dtm)

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb

@@ -56,7 +56,6 @@ module Contrast
         # @param send_immediately [Boolean] flag for the logger
         # @return response [Net::HTTP::Response, nil] response from TS if no response
         def send_event event, connection, send_immediately: false
-          return unless Contrast::Agent::Reporter.enabled?
           return unless connection
 
           log_send_event(event) if send_immediately

data/lib/contrast/agent/reporting/reporting_utilities/response.rb

@@ -3,6 +3,7 @@
 
 require 'contrast/agent/reporting/settings/application_settings'
 require 'contrast/agent/reporting/settings/server_features'
+require 'contrast/agent/reporting/settings/reaction'
 
 module Contrast
   module Agent
@@ -21,19 +22,76 @@ module Contrast
         # @return [Contrast::Agent::Reporting::Settings::FeatureSettings, nil]
         attr_accessor :server_features
 
+        # Success boolean message value
+        #
+        # @return [Boolean]
+        attr_accessor :success
+
+        # Message with reasons for success or fail.
+        #
+        # @return [Array<String>] Messages received from TS.
+        attr_accessor :messages
+
         class << self
-          def application_response
+          # All of the settings from TeamServer that apply at the application level.
+          #
+          # @return response [Contrast::Agent::Reporting::Response]
+          def build_application_response
             res = new
             res.application_settings = Contrast::Agent::Reporting::Settings::ApplicationSettings.new
             res
           end
 
-          def server_response
+          # All of the settings from TeamServer that apply at the server level.
+          #
+          # @return response [Contrast::Agent::Reporting::Response]
+          def build_server_response
             res = new
             res.server_features = Contrast::Agent::Reporting::Settings::ServerFeatures.new
             res
           end
         end
+
+        # Reaction the agent should take based on a state in TS.
+        # This is moved one level up because the responses we
+        # receive for feature and settings from TS have different
+        # place to store these reactions:
+        #
+        # body.reactions vs body.settings.reactions
+        #
+        # @return [Array<Contrast::Agent::Reporting::Settings::Reaction>]
+        def reactions
+          @_reactions ||= []
+        end
+
+        # Set the reaction
+        #
+        # @param reaction_array [Array<Reaction>] {
+        #   level     [String] The level at which the agent should log this reaction.
+        #                      [ERROR, WARN, INFO, DEBUG, TRACE]
+        #   message   [String] A message to log when receiving this reaction.
+        #   operation [String] What to do in response to this reaction.[NOOP, DISABLE] }
+        # @return [Array<Contrast::Agent::Reporting::Settings::Reaction>]
+        def reactions= reaction_array
+          return unless reaction_array.is_a?(Array)
+
+          reaction_array.each do |r|
+            reactions << Contrast::Agent::Reporting::Settings::Reaction.new(r[:level], r[:operation], r[:message])
+          end
+        end
+
+        # This method is used only for testing with golden files.
+        def to_controlled_hash
+          {
+              success: success,
+              messages: messages,
+              features: server_features.nil? ? nil : server_features.to_controlled_hash,
+              settings: application_settings.nil? ? nil : application_settings.to_controlled_hash,
+              logLevel: server_features&.log_level,
+              logFile: server_features&.log_file,
+              reactions: server_features.nil? ? nil : reactions.map(&:to_controlled_hash)
+          }.compact
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_utilities/response_extractor.rb

@@ -24,7 +24,6 @@ module Contrast
           protect = response_data[:settings][:defend]
           return unless protect
 
-          # TODO: RUBY-1636 should this be `:rules` or `:protectionRules`
           res.application_settings.protect.protection_rules = protect[:protectionRules]
           res.application_settings.protect.virtual_patches = protect[:virtualPatches]
         end
@@ -40,10 +39,14 @@ module Contrast
           res.application_settings.exclusions.url_exclusions = exclusions[:urlExceptions]
         end
 
+        # The responses we receive for feature and settings from TS have different
+        # place to store these reactions: body.reactions vs body.settings.reactions.
+        #
         # @param response_data [Hash]
         # @param res [Contrast::Agent::Reporting::Response]
         def extract_reactions response_data, res
-          res.application_settings.reactions = response_data[:settings][:reactions]
+          res.reactions = response_data[:settings][:reactions] if response_data[:settings]
+          res.reactions = response_data[:reactions] if response_data[:features]
         end
 
         # @param response_data [Hash]
@@ -65,10 +68,17 @@ module Contrast
           return unless protect
 
           res.server_features.protect.enabled = protect[:enabled]
-          res.server_features.protect.bot_blocker = protect[:'bot-blocker']
-          # TODO: RUBY-1636 should this be `:rules` or `:protectionRules`
-          # process the botBlockers field
-          res.server_features.protect.syslog = protect[:syslog]
+          res.server_features.protect.bot_blocker.enable = protect[:'bot-blocker']
+          res.server_features.protect.bot_blocker.bots = protect[:botBlockers]
+          extract_syslog(response_data, res)
+        end
+
+        # @param response_data [Hash]
+        # @param res [Contrast::Agent::Reporting::Response]
+        def extract_syslog response_data, res
+          return unless (syslog = response_data[:features][:defend][:syslog])
+
+          res.server_features.protect.syslog.assign_array(syslog)
         end
 
         # @param response_data [Hash]
@@ -78,22 +88,34 @@ module Contrast
           return unless protect
 
           res.server_features.protect.ip_allowlist = protect[:ipAllowlist]
-          res.server_features.protect.ip_denylist = protect[:ipDenyList]
-          res.server_features.protect.log_enchancers = protect[:logEnhancers]
+          res.server_features.protect.ip_denylist = protect[:ipDenylist]
+          res.server_features.protect.log_enhancers = protect[:logEnhancers]
           res.server_features.protect.rule_definition_list = protect[:ruleDefinitionList]
         end
 
         # Here we extract the rules and state for the sensitive data masking policy
-        # Received from TS.
+        # received from TS.
         #
         # @param response_data [Hash]
         # @param res [Contrast::Agent::Reporting::Response]
         def extract_sensitive_data_policy response_data, res
-          sensitive_data = response_data[:settings][:sensitive_data_masking_policy]
+          return unless (sensitive_data = response_data[:settings][:sensitive_data_masking_policy])
+
           res.application_settings.sensitive_data_masking.mask_http_body = sensitive_data[:mask_http_body]
           res.application_settings.sensitive_data_masking.mask_attack_vector = sensitive_data[:mask_attack_vector]
           res.application_settings.sensitive_data_masking.build_rules_form_settings(sensitive_data[:rules])
         end
+
+        # Here we extract the log settings received from TS.
+        #
+        # @param response_data [Hash]
+        # @param res [Contrast::Agent::Reporting::Response]
+        def extract_log_settings response_data, res
+          return unless (log_level = response_data[:logLevel])
+
+          res.server_features.log_level = log_level
+          res.server_features.log_file = response_data[:logFile] if response_data[:logFile]
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb

@@ -90,7 +90,7 @@ module Contrast
           when ERROR_CODES[:too_many_requests]
             handle_response_errors(response, RETRY_AFTER_MSG, mode.resending)
           else
-            logger.debug('Response Error code could not be processed')
+            logger.error('Response Error code could not be processed')
           end
         end