contrast-agent 6.15.3 → 7.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bb55239bd37c7b0d2c3adc47d2e47ff25e331694b9be68522a29f8e4ce8c1220
-  data.tar.gz: 41a5a677403dd10c0dcd67673b32e32aa8f8ad04a82d963891f95ceaa25b46a1
+  metadata.gz: 81222798666699f86b31b925d531d2ee2229eb7934582d2a502cc61de3ca4e0b
+  data.tar.gz: 7dd4d41a58600b7d57b5f57cf95c42bd2f6d198f5f1906e93751e33c09efa3e0
 SHA512:
-  metadata.gz: 94aaa0a8ed0b9fb08fb5c206bee3695cd1cc1f3a8b7752fa8c52abfb563a4e58fac60162ab13c4f06ceb785532ae1a76b93dcc8f348e99d29b112b265a88051b
-  data.tar.gz: 658421a2a8558bac001eb707340f0bc763012d06b9fdcfe1137fb3ceff6f53966d7cc9af9bced07f08411b5e44af1ad5c4f5805b54abaae0ad71dcc81011fbb9
+  metadata.gz: 02e5d3aa6b342e8c4277ad6cefde65819aed6f6b4a1079cfe7528fcce236ec702aa8a63fc756c403c0df6e3ef38d5d25dc9f1c6e5c450d272122d699b6fd9872
+  data.tar.gz: 9cc83b5f69edeea949784ae766be7e02c1d589e58b2af5b5c1bd7975dcee1450d294bc7de647f60a9a3f18a1ea05a43bfe452a52d4760ed1b1cfcb0a7339a6ab

data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c

@@ -62,7 +62,7 @@ VALUE rb_fiber_yield_hook(int argc, const VALUE *argv) {
     return rb_fiber_yield_original(argc, argv);
 }
 
-int install_fiber_hooks() {
+int install_fiber_hooks(void) {
     rb_fiber_new_original = rb_fiber_new;
     patch_via_funchook(&rb_fiber_new_original, &rb_fiber_new_hook);
 

data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h

@@ -28,6 +28,6 @@ VALUE rb_fiber_new_hook(VALUE (*func)(ANYARGS), VALUE obj);
 
 VALUE rb_fiber_yield_hook(int argc, const VALUE *argv);
 
-static int install_fiber_hooks();
+static int install_fiber_hooks(void);
 
 void Init_cs__assess_fiber_track(void);

data/ext/cs__assess_module/cs__assess_module.c

@@ -115,23 +115,4 @@ void Init_cs__assess_module(void) {
 
     contrast_register_patch("Module", "module_eval",
                             contrast_assess_module_module_eval);
-    /*
-     * We patch these for better ancestors handling, and only for older ruby
-     * versions.
-     */
-    //  if (rb_ver_below_three()) {
-    /*
-     * `included` is a private method. We should make it public, patch it,
-     * and make our new method public
-     */
-    //     contrast_register_patch("Module", "included",
-    //                             contrast_assess_module_included);
-    /*
-     * The `prepend` patch may actually be the issue, if we're not properly
-     * passing along the call/context. It could be that my attempt to fix
-     * `included` left this section unreachable.
-     */
-    //     contrast_register_patch("Module", "prepend",
-    //                             contrast_assess_module_prepend);
-    //     }
 }

data/ext/cs__assess_test/cs__assess_tests.c

@@ -1,4 +1,4 @@
-#include "../cs__common/cs__common.h";
+#include "../cs__common/cs__common.h"
 #include "ruby.h"
 #include <ruby/re.h>
 

data/ext/cs__common/cs__common.c

@@ -28,8 +28,12 @@ void patch_via_funchook(void *original_function, void *hook_function) {
 
     void *funchook_lib_handle;
     void *funchook_reference, *(*funchook_create)(void);
+    /* This variables are used to load the funchook dylib */
+    #pragma GCC diagnostic ignored "-Wunused-but-set-variable"
+    #pragma GCC diagnostic push
     int prepareResult, (*funchook_prepare)(void *, void **, void *);
     int installResult, (*funchook_install)(void *, int);
+    #pragma GCC diagnostic pop
 
     funchook_lib_handle =
         dlopen(StringValueCStr(funchook_path), RTLD_NOW | RTLD_GLOBAL);
@@ -55,7 +59,7 @@ void contrast_alias_method(const VALUE target, const char *to,
                ID2SYM(rb_intern(to)), ID2SYM(rb_intern(from)));
 }
 
-VALUE contrast_patcher() {
+VALUE contrast_patcher(void) {
     return patcher;
 }
 
@@ -102,7 +106,7 @@ VALUE contrast_check_and_register_instance_patch(const char *module_name,
                                                  VALUE(c_fn)(const int, VALUE *,
                                                              const VALUE)) {
 
-    VALUE object, method, is_prepended, patch_type;
+    VALUE object, method, is_prepended;
     /* check if method is prepended */
     object = rb_const_get(rb_cObject, rb_intern(module_name));
     method = ID2SYM(rb_intern(method_name));
@@ -119,7 +123,7 @@ VALUE contrast_check_and_register_instance_patch(const char *module_name,
     }
 }
 
-static VALUE
+VALUE
 _contrast_register_patch(const char *module_name, const char *method_name,
                          VALUE(c_fn)(const int, VALUE *, const VALUE),
                          patch_impl patch) {
@@ -175,13 +179,6 @@ _contrast_register_patch(const char *module_name, const char *method_name,
     return SYM2ID(underlying_method_name);
 }
 
-int rb_ver_below_three() {
-    int ruby_version =
-        FIX2INT(rb_funcall(rb_const_get(rb_cObject, rb_intern("RUBY_VERSION")),
-                           rb_intern("to_i"), 0));
-    return ruby_version < 3;
-}
-
 /* used for direct check on object: String.cs__prepended? *args  */
 extern VALUE contrast_check_prepended(VALUE self, VALUE method_name,
                                       VALUE is_instance) {
@@ -200,17 +197,18 @@ extern VALUE contrast_lookout_prepended(VALUE self, VALUE object_name,
     return result;
 }
 
-static VALUE _contrast_check_prepended(VALUE object, VALUE method_name,
+VALUE _contrast_check_prepended(VALUE object, VALUE method_name,
                                        VALUE is_instance) {
-    VALUE entry, ancestors, object_idx, entry_methods;
+    VALUE entry, ancestors, entry_methods;
     VALUE result = Qfalse;
-    int i;
-    int y;
+    VALUE object_idx = Qnil;
+    long y;
+    unsigned long i;
 
     /* get self ancestors */
     ancestors = rb_mod_ancestors(object);
     /* get the size of the array */
-    int length = RARRAY_LEN(ancestors);
+    unsigned long length = RARRAY_LEN(ancestors);
     /* Locate self in ancestors: */
     for (i = 0; i < length; ++i) {
         entry = rb_ary_entry(ancestors, i);
@@ -226,14 +224,14 @@ static VALUE _contrast_check_prepended(VALUE object, VALUE method_name,
     for (i = 0; i < object_idx; ++i) {
         entry = rb_ary_entry(ancestors, i);
         if (is_instance == Qtrue) {
-            entry_methods = rb_class_instance_methods(1, entry, entry);
+            entry_methods = rb_class_instance_methods(1UL, &entry, entry);
         } else {
-            entry_methods = rb_obj_singleton_methods(1, entry, entry);
+            entry_methods = rb_obj_singleton_methods(1UL, &entry, entry);
         }
 
         /* Loop through the instance/singleton methods of the prepended modules
          */
-        int entry_methods_length = RARRAY_LEN(entry_methods);
+        long entry_methods_length = RARRAY_LEN(entry_methods);
         for (y = 0; y <= entry_methods_length; ++y) {
             if (rb_ary_entry(entry_methods, y) == method_name) {
                 result = Qtrue;
@@ -244,6 +242,7 @@ static VALUE _contrast_check_prepended(VALUE object, VALUE method_name,
             break;
         }
     }
+
     return result;
 }
 

data/ext/cs__common/cs__common.h

@@ -10,6 +10,9 @@ typedef enum {
     IMPL_PREPEND_SINGLETON,
 } patch_impl;
 
+/* the unused variable warning is triggered for gcc only */
+#pragma GCC diagnostic ignored "-Wunused-variable"
+#pragma GCC diagnostic push
 static VALUE cs__send_method;
 static VALUE cs__alias_method_sym;
 
@@ -34,14 +37,7 @@ static VALUE rb_sym_alias_instance;
 static VALUE rb_sym_alias_singleton;
 static VALUE rb_sym_prepend_instance;
 static VALUE rb_sym_prepend_singleton;
-
-/*
- * Check if ruby version is < 3.0.0.
- * We are using this for handling ancestors of included modules.
- * Since this is fixed after Ruby 3.0.0 we should remove this after
- * dropping support for older versions, as no longer needed.
- */
-int rb_ver_below_three();
+#pragma GCC diagnostic pop
 
 void patch_via_funchook(void *original_function, void *hook_function);
 
@@ -73,11 +69,11 @@ VALUE contrast_register_prepend_patch(const char *module_name,
                                                 VALUE(c_fn)(const int, VALUE *,
                                                              const VALUE));
 
-static VALUE _contrast_register_patch(const char *module_name, const char *method_name,
+VALUE _contrast_register_patch(const char *module_name, const char *method_name,
                          VALUE(c_fn)(const int, VALUE *, const VALUE),
                          patch_impl patch_impl);
 
-static VALUE _contrast_check_prepended(VALUE self, VALUE method_name, VALUE is_instance);
+VALUE _contrast_check_prepended(VALUE self, VALUE method_name, VALUE is_instance);
 
 extern VALUE contrast_check_prepended(VALUE self, VALUE method_name, VALUE is_instance);
 
@@ -90,7 +86,7 @@ VALUE contrast_check_and_register_instance_patch(const char *module_name,
                                                 VALUE(c_fn)(const int, VALUE *,
                                                             const VALUE));
 
-VALUE contrast_patcher();
+VALUE contrast_patcher(void);
 
 void Init_cs__common(void);
 

data/ext/cs__contrast_patch/cs__contrast_patch.c

@@ -97,8 +97,6 @@ VALUE rescue_func(VALUE arg1) {
      */
     exception = rb_errinfo();
     rb_exc_raise(exception);
-
-    return Qnil;
 }
 
 /**
@@ -109,17 +107,18 @@ VALUE rescue_func(VALUE arg1) {
  *
  **/
 VALUE contrast_patch_call_ensure(const VALUE *args) {
-    // we do not need to ensure that post patch is called if no error was thrown
+    /* we do not need to ensure that post patch is called if no error was thrown */
     if (!RTEST(rb_errinfo())) {
         return Qnil;
     }
 
     int argc;
-    VALUE object, preshift, method_policy, method;
+    VALUE object, preshift, method_policy;
     VALUE *argv;
+    /* VALUE method; */
 
     object = args[0];
-    method = args[1];
+    /* method = args[1]; */
     argc = NUM2INT(args[2]);
     argv = (VALUE *)args[3];
     method_policy = args[4];
@@ -137,8 +136,8 @@ VALUE ensure_wrapper(const VALUE *args) {
     original_args = (VALUE)args[1];
     ensure_args = (VALUE)args[2];
 
-    // this ensure if being treated as a rescue due to issues surrounding
-    // Kernel#throw
+    /* this ensure if being treated as a rescue due to issues surrounding
+       Kernel#throw */
     return rb_ensure(original_method, original_args, contrast_patch_call_ensure,
                      (VALUE)ensure_args);
 }
@@ -154,7 +153,7 @@ VALUE contrast_call_super(const VALUE *args) {
 
 VALUE contrast_run_patches(const VALUE *wrapped_args) {
     VALUE impl, method, method_policy, object, original_args, original_ret,
-        preshift, transformed_ret;
+        preshift;
     int argc;
     VALUE *argv;
     VALUE ensure_args[6];
@@ -257,9 +256,15 @@ VALUE contrast_ensure_function(const VALUE method_policy) {
 
 VALUE contrast_patch_dispatch(const int argc, const VALUE *argv,
                               const patch_impl impl, const VALUE object) {
+    /*
+     * Silence the known variable unused warning detected by compiler.
+     * Since this Variable is set by cases and we check if it is set or not.
+     * To disalbe this remove the -Wno-maybe-uninitialized flag.
+     */
+
     VALUE cs__method, known, method, method_policy;
     VALUE original_args[4];
-    int do_contrast, nested_scope;
+    long do_contrast, nested_scope;
 
     /* Do Contrast analysis, unless our subsequent checks tell us no. */
     do_contrast = 1;
@@ -369,6 +374,8 @@ call_original:
     case IMPL_PREPEND_SINGLETON:
         return contrast_call_super(original_args);
     };
+
+    return Qfalse;
 }
 
 VALUE contrast_alias_instance_patch(const int argc, const VALUE *argv,
@@ -490,21 +497,6 @@ VALUE contrast_patch_prepend(const VALUE self, const VALUE originalModule,
     }
     rb_prepend_module(originalModule, module);
 
-    if (rb_ver_below_three()) {
-        VALUE module_at;
-        VALUE rb_incl_in_mod_ary =
-            rb_funcall(originalModule, rb_intern("included_in"), 0);
-        if (RB_TYPE_P(rb_incl_in_mod_ary, T_ARRAY)) {
-            int i = 0;
-            int size = RARRAY_LEN(rb_incl_in_mod_ary);
-            for (i = 0; i < size; ++i) {
-                module_at = rb_ary_entry(rb_incl_in_mod_ary, i);
-                if (RB_TYPE_P(module_at, T_MODULE)) {
-                    rb_include_module(module_at, module);
-                }
-            }
-        }
-    }
     return Qtrue;
 }
 

data/ext/extconf_common.rb

@@ -2,18 +2,97 @@
 # frozen_string_literal: true
 
 require 'mkmf'
+require 'rbconfig'
 require_relative '../lib/contrast/agent/version'
 
+# The mkmf.rb file uses all passed flags from Ruby configuration (RbConfig::CONFIG) on
+# Ruby build time. Problem with Clang and GCC is that it do not keep up with c89 and finds
+# error on including <ryby.h> as not allowing inline variables.
+#
+# Ruby inlining is a C99 feature that is allowed to be used, because the Ruby configure script
+# can work around the absence of the inline feature with a simple #define:
+#
+# ifndef __cplusplus
+# define inline
+# endif
+#
+# There is difference between using c89 and gnu89, as the latter is extended version of the
+# 1989 standard allowing features like // comments for example. This makes the use of the
+# gnu not favorable since it will skip some checks and would make wholes in the c89 standard
+# support.
+#
+# We can directly append the CFLAGS we need with ENV variable used to create the makefile.
+# MAKEFILE_CONFIG is extension of the RbConfig::CONFIG used to build the Ruby itself.
+# So if we try to run c89 on clang it will brake because of detecting errors from external
+# library used - Ruby itself build with different standard as it seems. This means the
+# Ruby must be compiled beforehand with the compiler forced to C89.
+#
+# This makes the C dialect of choice to be gnu89 with strict pedantic warnings reported as errors,
+# and making the compiler configurable by flags:
+STANDARD_FLAGS = '-std=gnu89'
+CLANG = 'clang'
+
+# TODO: RUBY-999999 Add -pedantic flag, remove all warning flags and see to it that as many as possible become obsolete.
+# Note: Adding -pedantic could raise <ruby.h> warnings, and we are not in control of that code.
+# e.g. error: '_Bool' is a C99 extension [-Werror,-Wc99-extensions] ; empty macros and etc.
+#
+# -Wno-int-conversion => Passing VALUEs as function args but required as unsigned long parameters.
+# -Werror => report all warnings as errors
+# -Wshorten-64-to-32 => is recognized by clang but not in gcc.
+#  Use alternative if viable. [Wno-narrowing]
+# -Wno-maybe-uninitialized is used by clang but not gcc
+#
+#  Note: Clang supports old style function definition e.g. void func () {}
+#  but the gcc is not.
+#  make sure to add parameters type => void func (void) {}.
+#  All Changes must be tested against both clang and gcc.
+WARNING_FLAGS = %w[
+  -Wno-language-extension-token -Wno-incompatible-function-pointer-types
+  -Wno-declaration-after-statement -Wno-variadic-macros -Wno-int-conversion
+  -Wno-incompatible-pointer-types -Wno-narrowing
+].freeze # rubocop:disable Security/Object/Freeze
+
+# Flags that are only recognized by gcc:
+GCC_FLAGS = %w[-Wno-maybe-uninitialized].freeze # rubocop:disable Security/Object/Freeze
+
+# Extend $CFLAGS passed directly to compiler in ruby mkmf
+def extend_cflags
+  $CFLAGS += " #{ [STANDARD_FLAGS, WARNING_FLAGS].flatten.join(' ') }"
+  # Extend with GCC specific flags:
+  unless RbConfig::MAKEFILE_CONFIG['CC'].downcase.include?(CLANG) ||
+        RbConfig::MAKEFILE_CONFIG['CPP'].downcase.include?(CLANG) ||
+        RbConfig::CONFIG['CC'].downcase.include?(CLANG)
+
+    $CFLAGS += " #{ GCC_FLAGS.flatten.join(' ') }"
+  end
+end
+
 def make!
   create_makefile("#{ $TO_MAKE }/#{ $TO_MAKE }")
 end
 
+# -----------------------------------------------------------------------
+# | MOVING CODE BELLOW THIS SECTION MAY BRAKE MAKEFILE. ORDER MATTERS!  |
+# ----------------------------------------------------------------------
+
 def ext_path
   # __dir__ is relative to the file you're reading.
   # this file you're reading is presently within $APP_ROOT/ext/.
   __dir__
 end
 
+# We need to first build funchook which relies on ext_path method. This enables the require of
+# funchook.h file. Then we can pass CFLAGS and extend makefile flags and invoke make!
 require_relative './build_funchook'
 
+# Extended flags are mainly tested with clang and gcc. Experience with other compilers may vary.
+# To that end if something brakes on client side we must have a mechanism to go back to previous
+# non strict gnu89 standard and be able to maintain the build.
+# We can disable newly added changes with this setting CONTRAST_USE_C89=false.
+extend_cflags unless ENV['CONTRAST__USE_GNU89'] == 'false'
+
+# use same C compiler if set.
+RbConfig::CONFIG['CC'] = RbConfig::MAKEFILE_CONFIG['CC'] = ENV['CC'] if ENV['CC']
+
+# Generate Makefile.
 make!

data/lib/contrast/agent/assess/policy/policy.rb

@@ -58,7 +58,7 @@ module Contrast
             # can skip policy loading.
             return if disabled_globally?
 
-            policy_data = JSON.parse(string)
+            policy_data = Contrast::Utils::Json.parse(string)
 
             policy_data[SOURCES_KEY].each do |source_hash|
               source = Contrast::Agent::Assess::Policy::SourceNode.new(source_hash)

data/lib/contrast/agent/assess/policy/source_method.rb

@@ -91,6 +91,7 @@ module Contrast
                   process_source(source_node, value, source_data, source_type, source_name, *args)
                 end
               end
+              nil
             rescue StandardError => e
               logger.warn('Unable to apply source', e, node_id: source_node.id)
             end

data/lib/contrast/agent/deadzone/policy/policy.rb

@@ -28,7 +28,7 @@ module Contrast
           end
 
           def from_hash_string string
-            policy_data = JSON.parse(string)
+            policy_data = Contrast::Utils::Json.parse(string)
 
             policy_data[DEADZONES_KEY].each do |deadzone_hash|
               add_node(node_type.new(deadzone_hash))

data/lib/contrast/agent/patching/policy/policy.rb

@@ -1,7 +1,7 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'json'
+require 'contrast/utils/json'
 require 'singleton'
 
 require 'contrast'
@@ -71,7 +71,7 @@ module Contrast
             # it, so in that case, we can skip policy loading.
             return if disabled_globally?
 
-            policy_data = JSON.parse(string)
+            policy_data = Contrast::Utils::Json.parse(string)
 
             policy_data[RULES_KEY].each do |rule_hash|
               rule_hash[TRIGGERS_KEY].each do |trigger_hash|

data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb

@@ -26,11 +26,14 @@ module Contrast
         # Thread that will process all the InputAnalysisResults that have a score level of WORTHWATCHING and
         # sends results to TeamServer
         def start_thread!
+          return unless attempt_to_start?
           return if running?
 
           @_thread = Contrast::Agent::Thread.new do
             logger.info('[WorthWatchingAnalyzer] Starting thread.')
             loop do
+              break unless attempt_to_start?
+
               sleep(REPORT_INTERVAL_SECOND)
               next if queue.empty?
 

data/lib/contrast/agent/protect/rule/no_sqli/no_sqli.rb

@@ -94,7 +94,7 @@ module Contrast
           #
           # @return [Boolean]
           def json? string
-            return true if JSON.parse(string)
+            return true if Contrast::Utils::Json.parse(string)
           rescue StandardError
             false
           end

data/lib/contrast/agent/reporting/reporter.rb

@@ -10,10 +10,12 @@ require 'contrast/agent/telemetry/exception'
 module Contrast
   module Agent
     # This module will hold everything essential to reporting to TeamServer
-    class Reporter < WorkerThread
+    class Reporter < WorkerThread # rubocop:disable Metrics/ClassLength
       include Contrast::Components::Logger::InstanceMethods
       include Contrast::Utils::ObjectShare
 
+      # How many tries to reconnect the Reporter should make.
+      RETRY_ATTEMPTS = 10
       MAX_QUEUE_SIZE = 1000
 
       class << self
@@ -35,13 +37,17 @@ module Contrast
       end
 
       def start_thread!
+        return unless attempt_to_start?
         return if running?
 
+        @connection_attempts = 0
+
         client.startup!(connection)
         @_thread = Contrast::Agent::Thread.new do
           logger.debug('[Reporter] Starting background Reporter thread.')
           loop do
             next unless connected?
+            break unless attempt_to_start?
 
             process_event(queue.pop)
           rescue StandardError => e
@@ -124,10 +130,19 @@ module Contrast
       #
       # @return [Boolean]
       def connected?
-        return true if client && connection
+        if client && connection
+          # Try to resend startup messages now with connection:
+          client.startup!(connection) unless client.status.startup_messages_sent?
+          return true
+        end
 
-        logger.debug('[Reporter] No client/connection; sleeping...', client: client, connection: connection)
-        sleep(5)
+        logger.debug('[Reporter] No client/connection; sleeping...')
+        @connection_attempts += 1
+        if @connection_attempts >= RETRY_ATTEMPTS
+          logger.debug('[Reporter] shutting down..')
+          Contrast::AGENT.disable!
+        end
+        sleep(5) unless Contrast::AGENT.disabled?
         false
       end
 

data/lib/contrast/agent/reporting/reporting_events/agent_effective_config.rb

@@ -0,0 +1,32 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/reporting_events/reporting_event'
+require 'contrast/config'
+
+module Contrast
+  module Agent
+    module Reporting
+      #	AgentStartup Event which sends the agent data to TeamServer on the startup of a server or process,
+      # used to create a new Server entity there.
+      class AgentEffectiveConfig < Contrast::Agent::Reporting::ReportingEvent
+        # @param diagnostics [Contrast::Agent::DiagnosticsConfig::Diagnostics] current diagnostics
+        def initialize diagnostics
+          @event_method = :PUT
+          @event_endpoint = Contrast::Agent::Reporting::Endpoints.effective_config
+          @event_type = :effective_config
+          @diagnostics = diagnostics
+          super()
+        end
+
+        def file_name
+          'agent-effective-config'
+        end
+
+        def to_controlled_hash
+          @diagnostics.to_controlled_hash
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_utilities/endpoints.rb

@@ -83,6 +83,13 @@ module Contrast
             end
           end
 
+          # @return [String, nil]
+          def effective_config
+            with_rescue do
+              "#{ application_endpoint }/effective-config".cs__freeze
+            end
+          end
+
           private
 
           # Returns the URL needed to connect to endpoints in TeamServer required for application related information.

data/lib/contrast/agent/reporting/reporting_utilities/headers.rb

@@ -11,7 +11,7 @@ module Contrast
       # This class will build the required headers for agent reporting to TS
       class Headers
         attr_reader :app_name, :api_key, :agent_version, :app_language, :app_path, :app_version, :authorization,
-                    :server_name, :server_path, :server_type, :content_type, :encoding, :compression
+                    :server_name, :server_path, :server_type, :content_type, :encoding, :compression, :session_id
 
         include Contrast::Utils::ObjectShare
         ENCODING = 'base64'
@@ -29,6 +29,7 @@ module Contrast
           @server_name = Base64.strict_encode64(Contrast::APP_CONTEXT.server_name)
           @server_path = Base64.strict_encode64(Contrast::APP_CONTEXT.server_path)
           @server_type = Base64.strict_encode64(Contrast::APP_CONTEXT.server_type)
+          @session_id = Contrast::CONFIG.session_id
           @content_type = CONTENT_TYPE
           @encoding = ENCODING
           @compression = COMPRESSION
@@ -46,6 +47,7 @@ module Contrast
               server_name: @server_name,
               server_path: @server_path,
               server_type: @server_type,
+              'Session-ID': @session_id,
               content_type: @content_type,
               encoding: @encoding,
               compression: @compression