contrast-agent 6.3.0 → 6.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3b7fbfe09d8f01268274ec60a3861fc4377278e0e33aafadd29a13aec59348bb
-  data.tar.gz: caf12a68dca338f4e1ed0e04483857cd7c55140d8698f1aa55b82c6f85d210c6
+  metadata.gz: 958ef5b303e23294af4b85759012ab4c80cb0000d97088b4c8f495560701b91e
+  data.tar.gz: 714c35c53e89cc2f6335fda57827c5eba620e2ee42ede41d586f072f074defb8
 SHA512:
-  metadata.gz: cd9eb2d8fd9faf79ad16e0d32889806c93178f696ad64aa58cdc046e46c1cb5e0ff463e54cf81e491518fd732a664f5838147f83c791c869d3689695b1255384
-  data.tar.gz: '097d53ac525825b0b3b305dafe1be2cc178f7198e057f292561e7ffa4801476dcf151d9a51d6277033dbaf149f6ed0d9b52606aebebeffc7636564eea59bbf74'
+  metadata.gz: a3e1c9a23238e9c3a6727fcd19e1ddf177ac699fcb2200eb1ae190f6a9022a3c5b8e0ee109c90793634cbeb54245f07e3b043e244664782f4a83d34896270baa
+  data.tar.gz: 79b54ad82d5df30ff7c95499d0862947703a6f6dadab29d3f946072d6c91cd84e3a4207dad71e2be9584b720471325d8eb8fb7d124c4bf4136c4b01a225560bf

data/.gitignore

@@ -56,8 +56,5 @@ contrast-agent-*.gem
 .ruby-gemset
 service_executables/*-*
 
-# Generated Protobuf files
-/lib/contrast/api/*.pb.rb
-
 # IDE stuff
 tags

data/.simplecov

@@ -4,5 +4,6 @@
 SimpleCov.minimum_coverage(line: 94)
 SimpleCov.start do
   add_filter '/spec/'
+  add_filter '/lib/protobuf/'
   enable_coverage :branch
 end

data/Rakefile

@@ -17,30 +17,3 @@ Dir['ext/cs__*'].each do |extension|
     ext.lib_dir = "lib/#{ name }"
   end
 end
-
-desc 'compile the protobuf files for the agent, translating them to .rb classes'
-task :contrast_pb_compile do
-  # do some stuff before compile
-
-  # Invoke the protobuf compile task with your sensible defaults
-  ::Rake::Task['protobuf:compile'].invoke('lib', './agent-service-api/protobuf ./agent-service-api/protobuf/dtm.proto',
-                                          'lib/contrast/api',
-                                          nil)
-
-  ::Rake::Task['protobuf:compile'].reenable
-
-  ::Rake::Task['protobuf:compile'].invoke('lib',
-                                          './agent-service-api/protobuf ./agent-service-api/protobuf/settings.proto',
-                                          'lib/contrast/api',
-                                          nil)
-
-  ['dtm.pb.rb', 'settings.pb.rb'].each do |target_file|
-    target_path = File.absolute_path(File.join(__dir__, "./lib/contrast/api/#{ target_file }"))
-    unless File.exist?(target_path)
-      puts "File not found #{ target_path }"
-      exit 1
-    end
-  end
-
-  puts 'Protobuf copied successfully'
-end

data/ext/cs__contrast_patch/cs__contrast_patch.c

@@ -101,7 +101,18 @@ VALUE rescue_func(VALUE arg1) {
     return Qnil;
 }
 
+/**
+  * In the event that the original_method call throws an exception we need to ensure that contrast_post_patch is called
+  * to report that error. However, if there is no error we will call post_patch with the original_return instead of
+  * Qnil.
+  *
+**/
 VALUE contrast_patch_call_ensure(const VALUE *args) {
+    // we do not need to ensure that post patch is called if no error was thrown
+    if(!RTEST(rb_errinfo())) {
+        return Qnil;
+    }
+
     int argc;
     VALUE object, preshift, method_policy, method;
     VALUE *argv;
@@ -125,6 +136,7 @@ VALUE ensure_wrapper(const VALUE *args) {
     original_args = (VALUE)args[1];
     ensure_args = (VALUE)args[2];
 
+    //this ensure if being treated as a rescue due to issues surrounding Kernel#throw
     return rb_ensure(original_method, original_args, contrast_patch_call_ensure,
                      (VALUE)ensure_args);
 }
@@ -220,13 +232,14 @@ VALUE contrast_run_patches(const VALUE *wrapped_args) {
      * If the original method threw an exception, contrast_patch_call_rescue
      * re-raises the original exception, which unwinds the stack back to the
      * call site.  This means the rest of this function is not executed.
+     * post_patch is called in the ensure_wrapper on exception.  rb_rescue
+     * raises the exception so the below will not be executed in that event.
      */
 
     /* Invoke Contrast post-call patching. */
     contrast_call_post_patch(method_policy, preshift, object,
                                                original_ret, argc, argv);
 
-    /* Special case for tracking frozen sources */
     return original_ret;
 }
 

data/lib/contrast/agent/assess/finalizers/hash.rb

@@ -14,6 +14,7 @@ module Contrast
           FROZEN_FINALIZED_IDS = Set.new
 
           def []= key, obj
+            return unless obj
             return unless ::Contrast::AGENT.enabled? && ::Contrast::ASSESS.enabled?
 
             # We can't finalize frozen things, so only act on those that went through .pre_freeze

data/lib/contrast/agent/assess/policy/propagation_method.rb

@@ -8,6 +8,7 @@ require 'contrast/components/logger'
 require 'contrast/utils/object_share'
 require 'contrast/utils/sha256_builder'
 require 'contrast/utils/assess/propagation_method_utils'
+require 'contrast/utils/assess/event_limit_utils'
 require 'contrast/agent/assess/events/event_data'
 require 'contrast/utils/assess/object_store'
 
@@ -21,6 +22,7 @@ module Contrast
         module PropagationMethod
           extend Contrast::Components::Logger::InstanceMethods
           extend Contrast::Utils::Assess::PropagationMethodUtils
+          extend Contrast::Utils::Assess::EventLimitUtils
 
           @properties = Contrast::Utils::Assess::ObjectStore.new
 
@@ -38,6 +40,7 @@ module Contrast
             def apply_propagation method_policy, preshift, object, ret, args, block
               return unless (propagation_node = method_policy.propagation_node)
               return unless propagation_node.use_original_object? || preshift
+              return if event_limit?(method_policy)
 
               target = determine_target(propagation_node, ret, object, args)
               propagation_data = Contrast::Agent::Assess::Events::EventData.new(nil, nil, object, ret, args)
@@ -58,8 +61,6 @@ module Contrast
             #                         ret [Object] the Return of the invoked method
             #                         args [Array<Object>] the Arguments with which the method was invoked
             # @param block [Block] the Block passed to the original method
-            # @return [Object, nil] the tracked Return or nil if no changes were made; will replace the return of the
-            #   original function if not nil
             def apply_propagator propagation_node, preshift, target, propagation_data, block
               return unless propagation_possible?(propagation_node, target)
 
@@ -186,7 +187,7 @@ module Contrast
             # @param _block [Block] the Block passed to the original method
             def handle_cs_properties_propagation propagation_node, preshift, target, propagation_data, _block
               return if propagation_node.action == NOOP_ACTION
-              return unless can_propagate?(propagation_node, preshift, target)
+              return unless can_propagate?(propagation_node, preshift, target, propagation_data)
               return unless (propagation_class = find_propagation_class(propagation_node))
 
               # If we are using the original object tracking, the preshift object is not created.
@@ -194,6 +195,7 @@ module Contrast
               source = propagation_node.use_original_object? ? propagation_data.object : preshift
               handle_propagation(propagation_class, propagation_node, source, target)
               update_properties(propagation_node, target, propagation_data)
+              increment_event_count(propagation_node)
             end
 
             def handle_propagation propagation_class, propagation_node, source, target

data/lib/contrast/agent/assess/policy/propagator/custom.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/extension/module'
+require 'contrast/utils/assess/event_limit_utils'
 
 module Contrast
   module Agent
@@ -13,6 +14,8 @@ module Contrast
           # action knows the class and method it should call to preform this
           # action.
           module Custom
+            extend Contrast::Utils::Assess::EventLimitUtils
+
             class << self
               def propagate propagation_node, preshift, ret, block
                 clazz = propagation_node.patch_class
@@ -26,6 +29,7 @@ module Contrast
                   propagation_node.patch_class = clazz
                 end
                 clazz.send(method, propagation_node, preshift, ret, block)
+                increment_event_count(propagation_node)
               end
             end
           end

data/lib/contrast/agent/assess/policy/propagator/database_write.rb

@@ -1,6 +1,8 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/utils/assess/event_limit_utils'
+
 module Contrast
   module Agent
     module Assess
@@ -11,6 +13,8 @@ module Contrast
           # results in new source nodes to track which columns in the database
           # have been tainted.
           class DatabaseWrite < Contrast::Agent::Assess::Policy::Propagator::Base
+            extend Contrast::Utils::Assess::EventLimitUtils
+
             class << self
               def propagate propagation_node, preshift, target
                 return unless Contrast::ASSESS.require_dynamic_sources?
@@ -22,6 +26,7 @@ module Contrast
                 known_tainted = ::Contrast::ASSESS.tainted_columns[class_name]
                 propagation_node.sources.each do |source|
                   handle_write(propagation_node, source, preshift, target, known_tainted, tainted_columns)
+                  increment_event_count(propagation_node)
                 end
                 return if tainted_columns.empty?
 

data/lib/contrast/agent/assess/policy/propagator/split.rb

@@ -6,6 +6,7 @@ require 'contrast/components/agent'
 require 'contrast/components/logger'
 require 'contrast/components/scope'
 require 'contrast/utils/thread_tracker'
+require 'contrast/utils/assess/event_limit_utils'
 require 'contrast/utils/assess/split_utils'
 require 'contrast/agent/assess/events/event_data'
 
@@ -20,6 +21,7 @@ module Contrast
             extend Contrast::Components::Scope::InstanceMethods
             extend Contrast::Components::Logger::InstanceMethods
             extend Contrast::Utils::Assess::SplitUtils
+            extend Contrast::Utils::Assess::EventLimitUtils
 
             SPLIT_TRACKER = Contrast::Utils::ThreadTracker.new
 
@@ -42,6 +44,7 @@ module Contrast
                 return unless (source_properties = Contrast::Agent::Assess::Tracker.properties(source))
 
                 update_element_properties(propagation_node, target, preshift, source_properties)
+                increment_event_count(propagation_node)
                 nil
               end
 

data/lib/contrast/agent/assess/policy/source_method.rb

@@ -7,6 +7,7 @@ require 'contrast/components/logger'
 require 'contrast/utils/object_share'
 require 'contrast/utils/sha256_builder'
 require 'contrast/utils/assess/source_method_utils'
+require 'contrast/utils/assess/event_limit_utils'
 require 'contrast/agent/assess/events/event_data'
 
 module Contrast
@@ -19,6 +20,7 @@ module Contrast
         module SourceMethod
           extend Contrast::Components::Logger::InstanceMethods
           extend Contrast::Utils::Assess::SourceMethodUtils
+          extend Contrast::Utils::Assess::EventLimitUtils
 
           PARAMETER_TYPE     = 'PARAMETER'
           PARAMETER_KEY_TYPE = 'PARAMETER_KEY'
@@ -37,6 +39,7 @@ module Contrast
             # @param args [Array<Object>] the Arguments with which the method was invoked
             def apply_source method_policy, object, ret, args
               return unless analyze?(method_policy, object, ret, args)
+              return if event_limit?(method_policy)
               return unless (source_node = method_policy.source_node)
 
               # used to hold the object and ret
@@ -66,6 +69,8 @@ module Contrast
               context = Contrast::Agent::REQUEST_TRACKER.current
               return unless context && source_node && target
 
+              increment_event_count(source_node)
+
               source_name ||= determine_source_name(source_node, source_data.object, source_data.ret, *args)
               # We know we only work on certain things.
               # Skip if this isn't one of them

data/lib/contrast/agent/assess/policy/trigger_method.rb

@@ -25,6 +25,7 @@ module Contrast
         module TriggerMethod # rubocop:disable Metrics/ModuleLength
           extend Contrast::Components::Logger::InstanceMethods
           extend Contrast::Utils::Assess::TriggerMethodUtils
+          extend Contrast::Utils::Assess::EventLimitUtils
 
           # The level of TeamServer compliance our traces meet when in the abnormal condition of being dataflow rules
           # without routes.
@@ -48,6 +49,7 @@ module Contrast
             # @param args [Array<Object>] the Arguments with which the method was invoked
             def apply_trigger_rule trigger_node, object, ret, args
               return if trigger_node.nil?
+              return if event_limit_for_rule?(trigger_node.rule_id)
 
               context = Contrast::Agent::REQUEST_TRACKER.current
               # return if there is no context and the flag is set to default => false
@@ -102,6 +104,12 @@ module Contrast
               request = find_request(source)
               return unless reportable?(request&.env)
 
+              process_reportable_finding(trigger_node, source, object, ret, request, *args)
+            rescue StandardError => e
+              logger.error('Unable to build a finding', e, rule: trigger_node.rule_id, node_id: trigger_node.id)
+            end
+
+            def process_reportable_finding trigger_node, source, object, ret, request, *args
               if Contrast::Agent::Reporter.enabled?
                 handle_new_finding(trigger_node, source, object, ret, request, *args)
               else # TODO: RUBY-1438 -- remove
@@ -112,8 +120,6 @@ module Contrast
                                                 rule: trigger_node.rule_id)
                 report_finding(finding, request)
               end
-            rescue StandardError => e
-              logger.error('Unable to build a finding', e, rule: trigger_node.rule_id, node_id: trigger_node.id)
             end
 
             # Given a finding, append it to an activity message and send it to the Service for processing. If an
@@ -211,7 +217,7 @@ module Contrast
 
               build_events(finding, properties.event) if properties.event
 
-              # Google::Protobuf::Map doesn't support merge!, so we have to do this long form
+              # CSGoogle::Protobuf::Map doesn't support merge!, so we have to do this long form
               source_props = properties.properties
               return unless source_props
 

data/lib/contrast/agent/assess/tracker.rb

@@ -12,6 +12,7 @@ module Contrast
       # have tightly coupled dependencies on each other.
       class Tracker
         PROPERTIES_HASH = Contrast::Agent::Assess::Finalizers::Hash.new
+        KEEP_AGE = 600_000.cs__freeze # 10 minutes
 
         class << self
           # Retrieve the properties of the given Object, iff they exist.
@@ -55,6 +56,17 @@ module Contrast
           def copy source, target
             PROPERTIES_HASH[target] ||= properties(source).dup
           end
+
+          # Clean PROPERTIES_HASH of any values older than KEEP_AGE ms or
+          # have nil properties
+          def cleanup!
+            PROPERTIES_HASH.delete_if do |_k, properties|
+              return true if properties.nil?
+              return false unless (event = properties&.event)
+
+              KEEP_AGE <= (Contrast::Utils::Timer.now_ms - event.time)
+            end
+          end
         end
       end
     end

data/lib/contrast/agent/inventory/dependency_analysis.rb

@@ -18,8 +18,8 @@ module Contrast
         # @return [Array<Contrast::Agent::Reporting::LibraryDiscovery>] direct report form of
         #   Gem::Specification that have been loaded for this application.
         def library_pb_list
-          return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless ::Contrast::INVENTORY.enabled?
-          return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless ::Contrast::INVENTORY.analyze_libraries?
+          return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless ::Contrast::INVENTORY.enable
+          return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless ::Contrast::INVENTORY.analyze_libraries
 
           loaded_specs.each_with_object([]) do |(_name, spec), reported_lib_list|
             next unless spec

data/lib/contrast/agent/inventory/dependency_usage_analysis.rb

@@ -111,7 +111,7 @@ module Contrast
 
         # We only use this if inventory and library analysis are enabled
         def enabled?
-          @_enabled = ::Contrast::INVENTORY.enabled? && ::Contrast::INVENTORY.analyze_libraries? if @_enabled.nil?
+          @_enabled = ::Contrast::INVENTORY.enable && ::Contrast::INVENTORY.analyze_libraries if @_enabled.nil?
           @_enabled
         end
       end

data/lib/contrast/agent/inventory/policy/datastores.rb

@@ -21,7 +21,7 @@ module Contrast
             DATA_STORE_MARKER = 'data_store'
 
             def report_data_store _method, _exception, properties, object, _args
-              return unless ::Contrast::INVENTORY.enabled?
+              return unless ::Contrast::INVENTORY.enabled
 
               marker = properties[DATA_STORE_MARKER]
               return unless marker

data/lib/contrast/agent/inventory/policy/policy.rb

@@ -19,7 +19,7 @@ module Contrast
           end
 
           def disabled_globally?
-            !::Contrast::INVENTORY.enabled?
+            !::Contrast::INVENTORY.enable
           end
 
           def node_type

data/lib/contrast/agent/patching/policy/method_policy.rb

@@ -17,9 +17,9 @@ module Contrast
           #
           # @param method_policy [Hash]
           #  {
-          #   source_node       [ Contrast::Agent::Assesss::Policy::SourceNode      ]
-          #   propagation_node  [ Contrast::Agent::Assesss::Policy::PropagationNode ]
-          #   trigger_node      [ Contrast::Agent::Assesss::Policy::TriggerNode     ]
+          #   source_node       [ Contrast::Agent::Assess::Policy::SourceNode      ]
+          #   propagation_node  [ Contrast::Agent::Assess::Policy::PropagationNode ]
+          #   trigger_node      [ Contrast::Agent::Assess::Policy::TriggerNode     ]
           #   inventory_node    [ Contrast::Agent::Inventory::Policy::TriggerNode   ]
           #   protect_node      [ Contrast::Agent::Protect::Policy::TriggerNode     ]
           #   deadzone_node     [ Contrast::Agent::Deadzone::Policy::DeadzoneNode   ]

data/lib/contrast/agent/protect/rule/base.rb

@@ -38,7 +38,7 @@ module Contrast
           attr_reader :mode
 
           def initialize
-            ::Contrast::PROTECT.rules[rule_name] = self
+            ::Contrast::PROTECT.defend_rules[rule_name] = self
             @mode = mode_from_settings
           end
 

data/lib/contrast/agent/reporting/reporter_heartbeat.rb

@@ -3,7 +3,6 @@
 
 require 'contrast/agent/worker_thread'
 require 'contrast/agent/reporting/report'
-require 'contrast/components/logger'
 require 'contrast/agent/inventory/dependency_usage_analysis'
 require 'contrast/agent/reporting/reporting_events/poll'
 require 'contrast/agent/reporting/reporting_events/server_activity'
@@ -14,8 +13,6 @@ module Contrast
     # reach out to get the latest settings for this application. It also sends out those messages which do not need to
     # be associated directly with a request, such as Server Activity and Library Observation.
     class ReporterHeartbeat < WorkerThread
-      include Contrast::Components::Logger::InstanceMethods
-
       # TeamServer will mark an application offline after 5 minutes. Sending this every one should be more than enough
       # to satisfy our goals.
       REFRESH_INTERVAL_SEC = 60
@@ -29,6 +26,7 @@ module Contrast
             polling_events.each do |event|
               Contrast::Agent.reporter&.send_event(event)
             end
+            clean_properties
             sleep(REFRESH_INTERVAL_SEC)
           end
         end

data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb

@@ -56,35 +56,31 @@ module Contrast
         # @param attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
         # @param rule [String]
         def attach_existing existing_attacker_activity, attacker_activity, rule
-          # TODO: RUBY-1663 figure out attack time mapping
           new_violation = attacker_activity.protection_rules[rule]
+          sample_activity = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity
           if (previously_violated = existing_attacker_activity.protection_rules[rule])
-            if (new_blocked = new_violation.blocked&.samples)
-              unless previously_violated.blocked
-                previously_violated.blocked = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
-              end
-              previously_violated.blocked.samples.concat(new_blocked)
+            if (new_blocked = new_violation.blocked)
+              previously_violated.blocked ||= sample_activity.new
+              previously_violated.blocked.samples.concat(new_blocked.samples) if new_blocked.samples
+              previously_violated.blocked.merge_time_maps(new_blocked.time_map)
             end
 
-            if (new_exploited = new_violation.exploited&.samples)
-              unless previously_violated.exploited
-                previously_violated.exploited = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
-              end
-              previously_violated.exploited.samples.concat(new_exploited)
+            if (new_exploited = new_violation.exploited)
+              previously_violated.exploited ||= sample_activity.new
+              previously_violated.exploited.samples.concat(new_exploited.samples) if new_exploited.samples
+              previously_violated.exploited.merge_time_maps(new_exploited.time_map)
             end
 
-            if (new_ineffective = new_violation.ineffective&.samples)
-              unless previously_violated.ineffective
-                previously_violated.ineffective = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
-              end
-              previously_violated.ineffective.samples.concat(new_ineffective)
+            if (new_ineffective = new_violation.ineffective)
+              previously_violated.ineffective ||= sample_activity.new
+              previously_violated.ineffective.samples.concat(new_ineffective.samples) if new_ineffective.samples
+              previously_violated.ineffective.merge_time_maps(new_ineffective.time_map)
             end
 
-            if (new_suspicious = new_violation.suspicious&.samples)
-              unless previously_violated.suspicious
-                previously_violated.suspicious = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
-              end
-              previously_violated.suspicious.samples.concat(new_suspicious)
+            if (new_suspicious = new_violation.suspicious)
+              previously_violated.suspicious ||= sample_activity.new
+              previously_violated.suspicious.samples.concat(new_suspicious.samples) if new_suspicious.samples
+              previously_violated.suspicious.merge_time_maps(new_suspicious.time_map)
             end
           else
             existing_attacker_activity.protection_rules[rule] = new_violation

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb

@@ -16,7 +16,7 @@ module Contrast
       class ApplicationDefendAttackSample
         include Contrast::Agent::Reporting::InputType
 
-        # @return [Hash]
+        # @return [Hash] => start: ms, elapsed: ms
         attr_reader :time_stamp
 
         class << self

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/components/logger'
+require 'contrast/utils/timer'
 require 'contrast/agent/reporting/reporting_events/application_defend_attack_sample'
 
 module Contrast
@@ -26,7 +27,7 @@ module Contrast
 
         def initialize
           @samples = []
-          @start_time = (Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0) / 1000
+          @start_time = Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0 # in ms
           @event_type = :application_defend_attack_sample_activity
           @time_map = Hash.new { |h, k| h[k] = 0 }
           super
@@ -36,7 +37,7 @@ module Contrast
           {
               attackTimeMap: time_map,
               samples: samples.map(&:to_controlled_hash),
-              startTime: @start_time,
+              startTime: @start_time, # Start time in ms.
               total: 1 # there will only ever be 1 attack sample, until batching is done
           }
         end
@@ -44,12 +45,34 @@ module Contrast
         # @param attack_result [Contrast::Api::Dtm::AttackResult]
         def attach_data attack_result
           attack_result.samples.each do |attack_sample|
+            base_time = Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0
+            dmt_time = attack_sample.timestamp_ms.to_i
             converted = Contrast::Agent::Reporting::ApplicationDefendAttackSample.convert(attack_result, attack_sample)
             samples << converted
-            attack_second = converted.time_stamp[:elapsed] / 1000
+            @start_time = if dmt_time.zero?
+                            @start_time
+                          else
+                            dmt_time
+                          end
+            attack_second = (@start_time - base_time) / 1000 # in seconds
             time_map[attack_second] += 1
           end
         end
+
+        # This method will merge time_maps of attack samples with same
+        # type.
+        #
+        # @param map [Hash<Integer,Integer>] TimeMap to append to previously_violated rule
+        # samples.
+        # @return time_map [Hash<Integer,Integer>] merged time map with updated occurrences.
+        def merge_time_maps map
+          # If the second is the same (key) if we just merge there won't be a new entry,
+          # so just increase the attack count.
+          map.each_key do |key|
+            @time_map[key] = @time_map.fetch(key, 0) + map[key]
+          end
+          @time_map
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_utilities/audit.rb

@@ -26,12 +26,12 @@ module Contrast
         #   event field of Contrast::Agent::Reporting::ReportingEvent
         # @param response_data [Net::HTTP::Response]
         def audit_event event, response_data = nil
-          return unless ::Contrast::API.request_audit_requests? || ::Contrast::API.request_audit_responses?
+          return unless ::Contrast::API.request_audit_requests || ::Contrast::API.request_audit_responses
 
           file_name = event.cs__respond_to?(:file_name) ? event.file_name : event.cs__class.cs__name.to_s.downcase
           data = event.to_controlled_hash.to_json
           log_data(:request, file_name, data) if data
-          return unless ::Contrast::API.request_audit_responses?
+          return unless ::Contrast::API.request_audit_responses
 
           data = response_data&.body || 'There is no available response'
           log_data(:response, file_name, data)
@@ -94,7 +94,7 @@ module Contrast
         # Retrieves the configuration value if the request audit is enabled
         # @return [Boolean]
         def enabled?
-          ::Contrast::API.request_audit_enable?
+          ::Contrast::API.request_audit_enable
         end
 
         # The boolean values for the requests and the responses should be taken under
@@ -107,13 +107,13 @@ module Contrast
         # Retrieve the configuration value if the audit for requests is enabled
         # @return [Boolean]
         def enabled_for_requests?
-          ::Contrast::API.request_audit_requests?
+          ::Contrast::API.request_audit_requests
         end
 
         # Retrieve the configuration value if the audit for responses is enabled
         # @return [Boolean]
         def enabled_for_responses?
-          ::Contrast::API.request_audit_requests?
+          ::Contrast::API.request_audit_requests
         end
 
         # Retrieve the configuration value for the path of the audits

data/lib/contrast/agent/reporting/reporting_utilities/headers.rb

@@ -24,7 +24,7 @@ module Contrast
           @app_language = RUBY
           @app_path = Base64.strict_encode64(Contrast::APP_CONTEXT.path)
           @app_version = Contrast::APP_CONTEXT.app_version
-          @authorization = Base64.strict_encode64("#{ Contrast::API.username }:#{ Contrast::API.service_key }")
+          @authorization = Base64.strict_encode64("#{ Contrast::API.user_name }:#{ Contrast::API.service_key }")
           @server_name = Base64.strict_encode64(Contrast::APP_CONTEXT.server_name)
           @server_path = Base64.strict_encode64(Contrast::APP_CONTEXT.server_path)
           @server_type = Base64.strict_encode64(Contrast::APP_CONTEXT.server_type)

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb

@@ -59,7 +59,7 @@ module Contrast
 
           request = build_request(event)
           response = connection.request(request)
-          audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable?
+          audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable
           process_settings_response(response)
           process_preflight_response(event, response, connection)
           response

data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb

@@ -185,7 +185,7 @@ module Contrast
             ::Contrast::SETTINGS.build_protect_rules if ::Contrast::PROTECT.enabled?
             ::Contrast::AGENT.reset_ruleset
             logger.info('Current rule settings:')
-            ::Contrast::PROTECT.rules.each { |k, v| logger.info('Protect Rule mode set', rule: k, mode: v.mode) }
+            ::Contrast::PROTECT.defend_rules.each { |k, v| logger.info('Protect Rule mode set', rule: k, mode: v.mode) }
             logger.info('Disabled Assess Rules', rules: ::Contrast::ASSESS.disabled_rules)
           end
         end