contrast-agent 6.1.2 → 6.2.0

data/lib/contrast/agent/reporting/settings/syslog.rb

@@ -0,0 +1,176 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/object_share'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Settings
+        # Controls for the syslogging feature in the agent
+        class Syslog
+          CONNECTION_TYPE = %w[UNENCRYPTED ENCRYPTED].cs__freeze
+          # Used for:
+          # severity_blocked, severity_blocked_perimeter, severity_exploited, severity_probed,
+          # severity_probed_perimeter
+          SEVERITIES = %w[ALERT CRITICAL ERROR WARNING NOTICE INFO DEBUG].cs__freeze
+          SYSLOG_METHODS = %i[
+            enable= ip= port= facility= protocol= connection_type= severity_exploited= severity_blocked=
+            severity_probed= severity_probed_suspicious= severity_blocked_perimeter= severity_probed_perimeter=
+          ].cs__freeze
+          SYSLOG_RESPONSE_KEYS = %i[
+            syslogEnabled syslogIpAddress syslogPortNumber syslogFacilityCode syslogProtocol
+            syslogConnectionType syslogSeverityExploited syslogSeverityBlocked syslogSeverityProbed
+            syslogSeveritySuspicious syslogSeverityBlockedPerimeter syslogSeverityProbedPerimeter
+          ].cs__freeze
+
+          # @return enable [Boolean]
+          attr_accessor :enable
+          # @return ip [Integer]
+          attr_accessor :ip
+          # @return port [Integer]
+          attr_accessor :port
+          # @return facility [Integer]
+          attr_accessor :facility
+          # @return protocol [String]
+          attr_accessor :protocol
+
+          def initialize
+            @enable = false
+            @ip = Contrast::Utils::ObjectShare::EMPTY_STRING
+            @port = 0
+            @facility = 0
+          end
+
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def connection_type
+            @_connection_type ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the connection type
+          #
+          # @param type [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def connection_type= type
+            @_connection_type = type if valid_entry?(type, CONNECTION_TYPE)
+          end
+
+          # @return severity_blocked [String]
+          def severity_blocked
+            @_severity_blocked ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the severity type
+          #
+          # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def severity_blocked= severity
+            @_severity_blocked = severity if valid_entry?(severity, SEVERITIES)
+          end
+
+          # @return severity_blocked [String]
+          def severity_blocked_perimeter
+            @_severity_blocked_perimeter ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the severity type
+          #
+          # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def severity_blocked_perimeter= severity
+            @_severity_blocked_perimeter = severity if valid_entry?(severity, SEVERITIES)
+          end
+
+          # @return severity_blocked [String]
+          def severity_exploited
+            @_severity_exploited ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the severity type
+          #
+          # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def severity_exploited= severity
+            @_severity_exploited = severity if valid_entry?(severity, SEVERITIES)
+          end
+
+          # @return severity_blocked [String]
+          def severity_probed
+            @_severity_probed ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the severity type
+          #
+          # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def severity_probed= severity
+            @_severity_probed = severity if valid_entry?(severity, SEVERITIES)
+          end
+
+          # @return severity_blocked [String]
+          def severity_probed_perimeter
+            @_severity_probed_perimeter ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the severity type
+          #
+          # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def severity_probed_perimeter= severity
+            @_severity_probed_perimeter = severity if valid_entry?(severity, SEVERITIES)
+          end
+
+          # @return severity_blocked [String]
+          def severity_probed_suspicious
+            @_severity_probed_suspicious ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the severity type
+          #
+          # @param severity [String, Symbol] one of UNENCRYPTED, ENCRYPTED
+          # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
+          def severity_probed_suspicious= severity
+            @_severity_probed_suspicious = severity if valid_entry?(severity, SEVERITIES)
+          end
+
+          # @param settings_array [Array] Settings retrieved from response
+          def assign_array settings_array
+            Contrast::Agent::Reporting::Settings::Syslog::SYSLOG_METHODS.each_with_index do |method, index|
+              send(method, settings_array[SYSLOG_RESPONSE_KEYS[index]])
+            end
+          end
+
+          def to_controlled_hash
+            {
+                syslogEnabled: enable,
+                syslogIpAddress: ip,
+                syslogPortNumber: port,
+                syslogFacilityCode: facility,
+                syslogConnectionType: connection_type,
+                syslogProtocol: protocol,
+                syslogSeverityExploited: severity_exploited,
+                syslogSeverityBlocked: severity_blocked,
+                syslogSeverityProbed: severity_probed,
+                syslogSeveritySuspicious: severity_probed_suspicious,
+                syslogSeverityBlockedPerimeter: severity_blocked_perimeter,
+                syslogSeverityProbedPerimeter: severity_probed_perimeter
+            }
+          end
+
+          private
+
+          # Gets String or Symbol value and assigns it to iv after
+          # validation with allowed types.
+          #
+          # @param value [String, Symbol] value to write
+          # @param validation_hash [Hash] to validate against
+          def valid_entry? value, validation_hash
+            return false unless value && validation_hash
+
+            validation_hash.include?(value)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/url_exclusion.rb

@@ -0,0 +1,42 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/settings/exclusion_base'
+require 'contrast/utils/object_share'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Settings
+        # UrlExclusions class
+        class UrlExclusion < ExclusionBase
+          ATTRIBUTES = BASE_ATTRIBUTES.dup << :urls
+          ATTRIBUTES << :match_strategy
+          ATTRIBUTES.cs__freeze
+          STRATEGIES = %w[ALL ONLY].cs__freeze
+
+          # @return urls [Array<String>]
+          attr_accessor :urls
+
+          # @return match_strategy [String] The type of the input
+          def match_strategy
+            @_match_strategy ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # @param new_strategy [String] Set new input type.
+          # @return type [String] The type of the input.
+          def match_strategy= new_strategy
+            @_match_strategy = new_strategy if STRATEGIES.include?(new_strategy)
+          end
+
+          def to_controlled_hash
+            hash = super
+            hash[:urls] = urls
+            hash[:matchStrategy] = match_strategy
+            hash
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/validator.rb

@@ -0,0 +1,17 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/settings/sanitizer'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Settings
+        # The validators defined by the user for use by the agent on this server for this organization.
+        class Validator < Sanitizer
+          # This uses the same fields as Sanitizer.
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/request_context.rb

@@ -46,6 +46,9 @@ module Contrast
       attr_reader :speedracer_input_analysis
       # @return [Contrast::Utils::Timer] when the context was created
       attr_reader :timer
+      # @return [Contrast::Agent::Reporting::ObservedLibraryUsage] List of the libraries that have been observed to be
+      #   executed or to have something loaded. This here replaces part of the Activity Dtm
+      attr_reader :observed_library_usage
 
       def initialize rack_request, app_loaded: true
         with_contrast_scope do
@@ -60,6 +63,7 @@ module Contrast
           @activity.http_request = request.dtm
 
           @server_activity = Contrast::Api::Dtm::ServerActivity.new
+          @observed_library_usage = Contrast::Agent::Reporting::ObservedLibraryUsage.new
 
           # build analyzer
           @do_not_track = false

data/lib/contrast/agent/request_handler.rb

@@ -34,7 +34,6 @@ module Contrast
       def send_activity_messages
         events = [context.activity]
         unless Contrast::Agent::Reporter.enabled?
-          Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.generate_library_usage(context.activity)
           events << context.server_activity
           events << context.observed_route
         end
@@ -48,6 +47,10 @@ module Contrast
       # more endpoints over, this method will take the messages originally sent by #send_actiivty_messages. At the end,
       # that method should be removed.
       def report_activity # rubocop:disable Metrics/AbcSize
+        Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.
+            generate_library_usage(context.observed_library_usage)
+
+        Contrast::Agent.reporter.send_event(context.observed_library_usage)
         return unless Contrast::Agent::Reporter.enabled?
 
         reporter = Contrast::Agent.reporter
@@ -56,18 +59,19 @@ module Contrast
         # Mask Sensitive Data
         Contrast::Agent::Reporting::Masker.mask(context.activity)
 
-        Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.generate_library_usage(context.activity)
+        Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.
+            generate_library_usage(context.observed_library_usage)
         [
           context.new_observed_route,
+          context.observed_library_usage,
           Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.server_activity),
-          Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity.library_usages),
           Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity)
         ].each do |event|
           reporter.send_event(event)
         rescue StandardError => e
           logger.warn('Unable to send Event Activity', e)
         end
-        context.activity.library_usages.clear # TODO: RUBY-1355 remove when no longer using activity
+        context.observed_library_usage.clear # TODO: RUBY-1355 remove when no longer using activity
       end
 
       # If the response is streaming, we should only perform filtering on our stream safe rules

data/lib/contrast/agent/static_analysis.rb

@@ -24,24 +24,20 @@ module Contrast
           end
         end
 
-        # TODO: RUBY-1356
+        # TODO: RUBY-1703
         def send_inventory_message
           return unless ::Contrast::INVENTORY.enabled?
 
           app_update_msg = Contrast::Api::Dtm::ApplicationUpdate.build
-
           Contrast::Agent::Inventory::DatabaseConfig.append_db_config(app_update_msg)
-          # TODO: RUBY-1438 -- remove and build ReportingEvent directly
-          if Contrast::Agent.reporter
+          # TODO: RUBY-1703 -- remove and build ReportingEvent directly
+          if Contrast::Agent::Reporter.enabled?
             report = Contrast::Agent::Reporting::DtmMessage.dtm_to_event(app_update_msg)
             Contrast::Agent.reporter.send_event(report)
-
-            # This is being reported separately because we extract the data from the same message
-            inventory_report = Contrast::Agent::Reporting::ApplicationInventory.convert(app_update_msg)
-            Contrast::Agent.reporter.send_event(inventory_report)
           else
             Contrast::Agent.messaging_queue.send_event_eventually(app_update_msg, force: true)
           end
+          Contrast::Agent.reporter.send_event(Contrast::Agent::Reporting::ApplicationInventory.new)
         end
 
         private

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exceptions_report.rb

@@ -14,7 +14,7 @@ module Contrast
         def push_exceptions
           return unless Contrast::TELEMETRY_EXCEPTIONS&.any?
 
-          Contrast::TELEMETRY_EXCEPTIONS.values.each_slice(256) { |tuple| error_messages.push(tuple) }
+          Contrast::TELEMETRY_EXCEPTIONS.each_value { |value| error_messages.push(value) }
           # Clear the hash. All exceptions now live in @_error_messages instance variable. and we will
           # add them to the queue. Clearing would make the hash available to be populated again while the
           # sending is proceeding.

data/lib/contrast/agent/thread_watcher.rb

@@ -32,10 +32,8 @@ module Contrast
           @heartbeat = Contrast::Agent::ServiceHeartbeat.new
           @messaging_queue = Contrast::Api::Communication::MessagingQueue.new
         end
-        if Contrast::Agent::Reporter.enabled?
-          @reporter = Contrast::Agent::Reporter.new
-          @reporter_heartbeat = Contrast::Agent::ReporterHeartbeat.new
-        end
+        @reporter = Contrast::Agent::Reporter.new
+        @reporter_heartbeat = Contrast::Agent::ReporterHeartbeat.new if Contrast::Agent::Reporter.enabled?
         @telemetry = Contrast::Agent::Telemetry::Base.new if Contrast::Agent::Telemetry::Base.enabled?
       end
 
@@ -51,9 +49,10 @@ module Contrast
           telemetry_status = init_thread(telemetry_queue)
           @pids[Process.pid] = @pids[Process.pid] && telemetry_status
         end
+        reporter_status = init_thread(reporter)
+
         return @pids unless Contrast::Agent::Reporter.enabled?
 
-        reporter_status = init_thread(reporter)
         reporter_heartbeat_status = init_thread(reporter_heartbeat)
         @pids[Process.pid] = @pids[Process.pid] && reporter_status && reporter_heartbeat_status
         @pids

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '6.1.2'
+    VERSION = '6.2.0'
   end
 end

data/lib/contrast/agent.rb

@@ -76,10 +76,8 @@ module Contrast
       thread_watcher.telemetry_queue
     end
 
-    # @return [nil, Contrast::Agent::Reporter]
+    # @return [Contrast::Agent::Reporter]
     def self.reporter
-      return unless  thread_watcher.reporter
-
       thread_watcher.reporter
     end
 

data/lib/contrast/api/decorators/application_update.rb

@@ -20,13 +20,6 @@ module Contrast
           end
         end
 
-        # TS only allows you to report 500 routes per application
-        def append_route_coverage_data route_coverage_dtms
-          route_coverage_dtms.take(500).each do |route_coverage_dtm|
-            routes << route_coverage_dtm
-          end
-        end
-
         def append_platform_version platform_version
           self.platform = Contrast::Api::Dtm::Platform.new if platform.nil?
           platform.major = platform_version.major
@@ -38,7 +31,6 @@ module Contrast
         module ClassMethods
           def build
             msg = new
-            msg.append_route_coverage_data(Contrast::Agent.framework_manager.find_route_discovery_data)
             msg.append_platform_version(Contrast::Agent.framework_manager.platform_version)
             msg.append_library_update(Contrast::Agent::Inventory::DependencyAnalysis.instance.library_pb_list)
             msg

data/lib/contrast/api/decorators.rb

@@ -18,7 +18,6 @@ require 'contrast/api/decorators/input_analysis'
 require 'contrast/api/decorators/application_settings'
 require 'contrast/api/decorators/server_features'
 require 'contrast/api/decorators/library'
-require 'contrast/api/decorators/library_usage_update'
 require 'contrast/api/decorators/route_coverage'
 require 'contrast/api/decorators/trace_event_object'
 require 'contrast/api/decorators/trace_event_signature'

data/lib/contrast/framework/base_support.rb

@@ -1,6 +1,8 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/agent/reporting/reporting_events/discovered_route'
+
 module Contrast
   module Framework
     # The API for all subclasses to implement to correctly support a given framework
@@ -22,10 +24,9 @@ module Contrast
         raise(NoMethodError, 'Subclasses of BaseSupport should implement this method')
       end
 
-      # Find all the predefined routes for this application and append them to the
-      # provided inventory message
-      # msg should be a Contrast::Api::Dtm::ApplicationUpdate or some other msg
-      # that has a routes array consisting of Contrast::Api::Dtm::RouteCoverage
+      # Find all the predefined routes for this application
+      #
+      # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
       def collect_routes
         raise(NoMethodError, 'Subclasses of BaseSupport should implement this method')
       end

data/lib/contrast/framework/grape/support.rb

@@ -49,7 +49,7 @@ module Contrast
 
           # Find all classes that subclass ::Grape::API, Gather their routes
           #
-          # @return [Array<Contrast::Api::Dtm::RouteCoverage>, Array]- founded routes as Dtms
+          # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
           def collect_routes
             return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless grape_defined?
 
@@ -60,8 +60,8 @@ module Contrast
               c&.endpoints&.each do |endpoint|
                 endpoint&.routes&.map do |r|
                   pattern = r.pattern.pattern
-                  temp = Contrast::Api::Dtm::RouteCoverage.from_grape_controller(c, r.request_method, pattern, r.path)
-                  routes << temp
+                  routes << Contrast::Agent::Reporting::DiscoveredRoute.from_grape_controller(c, r.request_method,
+                                                                                              pattern, r.path)
                 end
               end
             end
@@ -140,8 +140,8 @@ module Contrast
           # @param method [::Rack::REQUEST_METHOD] GET, POST, PUT, etc...
           # @param route [String] the relative route passed from Rack.
           # @param controllers [Array<::Grape::API>] All Grape controllers found
-          # @return [Array[::Grape::API]], nil] Either the controller that
-          # will handle the route along with the route pattern or nil if no match.
+          # @return [Array[::Grape::API. Grape::Router::Route], nil] Either the controller that will handle the route
+          #   along with the route pattern or nil if no match.
           def _route_recurse method, route, controllers = grape_controllers
             # return if there aren't any controllers
             return unless controllers&.any?
@@ -155,7 +155,7 @@ module Contrast
 
             contr_routes = controller.endpoints&.map(&:routes)&.flatten || []
             route_pattern = contr_routes&.find do |r|
-              r.pattern.to_regexp.match(route) # ::Mustermann::Grape match
+              r.pattern.to_regexp.match(route) # Grape::Router::Route match
             end
             return controller, route_pattern unless route_pattern.nil?
 

data/lib/contrast/framework/manager.rb

@@ -59,6 +59,7 @@ module Contrast
         patches
       end
 
+      # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
       def find_route_discovery_data
         routes_for_all_frameworks
       end
@@ -162,13 +163,10 @@ module Contrast
           if Contrast::Agent.reporter
             report = Contrast::Agent::Reporting::DtmMessage.dtm_to_event(app_update_msg)
             Contrast::Agent.reporter.send_event(report)
-
-            # This is being reported separately because we extract the data from the same message
-            inventory_report = Contrast::Agent::Reporting::ApplicationInventory.convert(app_update_msg)
-            Contrast::Agent.reporter.send_event(inventory_report)
           else
             Contrast::Agent.messaging_queue.send_event_eventually(app_update_msg)
           end
+          Contrast::Agent.reporter.send_event(Contrast::Agent::Reporting::ApplicationInventory.new)
           logger.info('Framework detected after initialization. Enabling support.',
                       framework: framework.detection_class,
                       frameworks: @_frameworks)

data/lib/contrast/framework/manager_extend.rb

@@ -20,6 +20,7 @@ module Contrast
         Contrast::Utils::ClassUtil.truly_defined?(klass)
       end
 
+      # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
       def routes_for_all_frameworks
         data_for_all_frameworks(:collect_routes)
       end

data/lib/contrast/framework/rails/patch/action_controller_live_buffer.rb

@@ -19,13 +19,14 @@ module Contrast
               if Contrast::Agent::Reporter.enabled?
                 [
                   context.new_observed_route,
+                  context.observed_library_usage,
                   Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.server_activity),
-                  Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity.library_usages),
                   Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity)
                 ].each do |event|
                   Contrast::Agent.reporter&.send_event_immediately(event)
                 end
               else
+                Contrast::Agent.reporter.send_event_immediately(context.observed_library_usage)
                 [context.server_activity, context.activity, context.observed_route].each do |msg|
                   Contrast::Agent.messaging_queue&.send_event_immediately(msg)
                 end

data/lib/contrast/framework/rails/support.rb

@@ -44,6 +44,7 @@ module Contrast
             'rails'
           end
 
+          # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
           def collect_routes
             find_all_routes(::Rails.application, [])
           end
@@ -138,7 +139,8 @@ module Contrast
             route.app.is_a?(::ActionDispatch::Routing::Mapper::Constraints) && route.app.app < ::Rails::Engine
           end
 
-          # Recursively get final route traversing engines as required.
+          # Recursively get final route traversing engines as required. Because this can only be called once, we store
+          # this match for the duration of our request context.
           #
           # @param request [::Rack::Request] the rack request as will be handed to rails controller.
           # @param top_router [::ActionDispatch::Journey::Router] the current router relative to the previous.
@@ -162,12 +164,17 @@ module Contrast
           end
 
           # Rails engine routes need to be detected by inspecting Engine class route set
+          #
+          # @param app [Rails::Application]
+          # @param route_list [Array<Contrast::Agent::Reporting::DiscoveredRoute>] the list of discovered routes to
+          #   which to append and return
+          # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
           def find_all_routes app, route_list
             return route_list unless app.cs__respond_to?(:routes) && app.routes.cs__respond_to?(:routes)
 
             app.routes.routes.each do |route|
               if route.cs__respond_to?(:app) && route.app.cs__class == ActionDispatch::Routing::RouteSet::Dispatcher
-                route_list << Contrast::Api::Dtm::RouteCoverage.from_action_dispatch_journey(route)
+                route_list << Contrast::Agent::Reporting::DiscoveredRoute.from_action_dispatch_journey(route)
               elsif route.app.app.cs__respond_to?(:routes)
                 route_list += find_all_routes(route.app.app, [])
               end

data/lib/contrast/framework/sinatra/support.rb

@@ -47,7 +47,7 @@ module Contrast
 
           # Find all classes that subclass ::Sinatra::Base. Gather their routes.
           #
-          # @return [Array<Contrast::Api::Dtm::RouteCoverage>] the routes found as Dtms.
+          # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
           def collect_routes
             return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless defined?(::Sinatra) && defined?(::Sinatra::Base)
 
@@ -56,7 +56,8 @@ module Contrast
               controller.routes.each_pair do |method, route_triplets|
                 # Sinatra stores its routes as a triplet: [Mustermann::Sinatra, [], Proc]
                 route_triplets.map(&:first).each do |route_pattern|
-                  routes << Contrast::Api::Dtm::RouteCoverage.from_sinatra_route(controller, method, route_pattern)
+                  routes << Contrast::Agent::Reporting::DiscoveredRoute.from_sinatra_route(controller, method,
+                                                                                           route_pattern)
                 end
               end
             end