contrast-agent 6.4.0 → 6.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d74206aa94d644cbe7c47523a69efdb9c0f27d59604125287fd98b123f0d20d6
-  data.tar.gz: d4c28074b8d3f11e968d9c3875bfd16d3de41bdd63452bec470cea65a6c83089
+  metadata.gz: b9901918f58625ea7f9366f73110afcdd5f05e119261ba9a08f24f36903fe897
+  data.tar.gz: c618ebc74b006529e2317cd62ba59fabbba9d0c8fbf24c7988dfd98ec627b04e
 SHA512:
-  metadata.gz: 3dd36988b29722b7961e919d2685a8cafbf001917f54f5e43107cf51fddb7c105cfea368e04f819f01dc388dd75f5bf739f9bb0c58301784c90bf48188c43bd8
-  data.tar.gz: 18a2cbb1e4a4e56d64d3a3821c47ec3aca5709f64673ffb0024b26173de7d1ed4aa8213c851c202c1d30c118d73a4f373b14563d3aa3d9f017ea8caa24ead71d
+  metadata.gz: d2f584a6658ab0e316b41021575888d9ecc1eaacf79d971492fd2e6317609bfd0cb3a762a64d620b08fc18c76e2434d05cc3d82f8d587c86cdae5116df6cae61
+  data.tar.gz: df8f941fe730188be0bc3b69bd9a9d6d60f9695be8ee8e8eb0b6e35ab1207d97debba28220ff796bec702ad3b158f53f00f87a58f1c14939092ed843bef66715

data/ext/cs__contrast_patch/cs__contrast_patch.c

@@ -101,7 +101,18 @@ VALUE rescue_func(VALUE arg1) {
     return Qnil;
 }
 
+/**
+  * In the event that the original_method call throws an exception we need to ensure that contrast_post_patch is called
+  * to report that error. However, if there is no error we will call post_patch with the original_return instead of
+  * Qnil.
+  *
+**/
 VALUE contrast_patch_call_ensure(const VALUE *args) {
+    // we do not need to ensure that post patch is called if no error was thrown
+    if(!RTEST(rb_errinfo())) {
+        return Qnil;
+    }
+
     int argc;
     VALUE object, preshift, method_policy, method;
     VALUE *argv;
@@ -125,6 +136,7 @@ VALUE ensure_wrapper(const VALUE *args) {
     original_args = (VALUE)args[1];
     ensure_args = (VALUE)args[2];
 
+    //this ensure if being treated as a rescue due to issues surrounding Kernel#throw
     return rb_ensure(original_method, original_args, contrast_patch_call_ensure,
                      (VALUE)ensure_args);
 }
@@ -220,13 +232,14 @@ VALUE contrast_run_patches(const VALUE *wrapped_args) {
      * If the original method threw an exception, contrast_patch_call_rescue
      * re-raises the original exception, which unwinds the stack back to the
      * call site.  This means the rest of this function is not executed.
+     * post_patch is called in the ensure_wrapper on exception.  rb_rescue
+     * raises the exception so the below will not be executed in that event.
      */
 
     /* Invoke Contrast post-call patching. */
     contrast_call_post_patch(method_policy, preshift, object,
                                                original_ret, argc, argv);
 
-    /* Special case for tracking frozen sources */
     return original_ret;
 }
 

data/lib/contrast/agent/assess/finalizers/hash.rb

@@ -14,6 +14,7 @@ module Contrast
           FROZEN_FINALIZED_IDS = Set.new
 
           def []= key, obj
+            return unless obj
             return unless ::Contrast::AGENT.enabled? && ::Contrast::ASSESS.enabled?
 
             # We can't finalize frozen things, so only act on those that went through .pre_freeze

data/lib/contrast/agent/assess/policy/propagation_method.rb

@@ -8,6 +8,7 @@ require 'contrast/components/logger'
 require 'contrast/utils/object_share'
 require 'contrast/utils/sha256_builder'
 require 'contrast/utils/assess/propagation_method_utils'
+require 'contrast/utils/assess/event_limit_utils'
 require 'contrast/agent/assess/events/event_data'
 require 'contrast/utils/assess/object_store'
 
@@ -21,6 +22,7 @@ module Contrast
         module PropagationMethod
           extend Contrast::Components::Logger::InstanceMethods
           extend Contrast::Utils::Assess::PropagationMethodUtils
+          extend Contrast::Utils::Assess::EventLimitUtils
 
           @properties = Contrast::Utils::Assess::ObjectStore.new
 
@@ -38,6 +40,7 @@ module Contrast
             def apply_propagation method_policy, preshift, object, ret, args, block
               return unless (propagation_node = method_policy.propagation_node)
               return unless propagation_node.use_original_object? || preshift
+              return if event_limit?(method_policy)
 
               target = determine_target(propagation_node, ret, object, args)
               propagation_data = Contrast::Agent::Assess::Events::EventData.new(nil, nil, object, ret, args)
@@ -184,7 +187,7 @@ module Contrast
             # @param _block [Block] the Block passed to the original method
             def handle_cs_properties_propagation propagation_node, preshift, target, propagation_data, _block
               return if propagation_node.action == NOOP_ACTION
-              return unless can_propagate?(propagation_node, preshift, target)
+              return unless can_propagate?(propagation_node, preshift, target, propagation_data)
               return unless (propagation_class = find_propagation_class(propagation_node))
 
               # If we are using the original object tracking, the preshift object is not created.
@@ -192,6 +195,7 @@ module Contrast
               source = propagation_node.use_original_object? ? propagation_data.object : preshift
               handle_propagation(propagation_class, propagation_node, source, target)
               update_properties(propagation_node, target, propagation_data)
+              increment_event_count(propagation_node)
             end
 
             def handle_propagation propagation_class, propagation_node, source, target

data/lib/contrast/agent/assess/policy/propagator/custom.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/extension/module'
+require 'contrast/utils/assess/event_limit_utils'
 
 module Contrast
   module Agent
@@ -13,6 +14,8 @@ module Contrast
           # action knows the class and method it should call to preform this
           # action.
           module Custom
+            extend Contrast::Utils::Assess::EventLimitUtils
+
             class << self
               def propagate propagation_node, preshift, ret, block
                 clazz = propagation_node.patch_class
@@ -26,6 +29,7 @@ module Contrast
                   propagation_node.patch_class = clazz
                 end
                 clazz.send(method, propagation_node, preshift, ret, block)
+                increment_event_count(propagation_node)
               end
             end
           end

data/lib/contrast/agent/assess/policy/propagator/database_write.rb

@@ -1,6 +1,8 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/utils/assess/event_limit_utils'
+
 module Contrast
   module Agent
     module Assess
@@ -11,6 +13,8 @@ module Contrast
           # results in new source nodes to track which columns in the database
           # have been tainted.
           class DatabaseWrite < Contrast::Agent::Assess::Policy::Propagator::Base
+            extend Contrast::Utils::Assess::EventLimitUtils
+
             class << self
               def propagate propagation_node, preshift, target
                 return unless Contrast::ASSESS.require_dynamic_sources?
@@ -22,6 +26,7 @@ module Contrast
                 known_tainted = ::Contrast::ASSESS.tainted_columns[class_name]
                 propagation_node.sources.each do |source|
                   handle_write(propagation_node, source, preshift, target, known_tainted, tainted_columns)
+                  increment_event_count(propagation_node)
                 end
                 return if tainted_columns.empty?
 

data/lib/contrast/agent/assess/policy/propagator/split.rb

@@ -6,6 +6,7 @@ require 'contrast/components/agent'
 require 'contrast/components/logger'
 require 'contrast/components/scope'
 require 'contrast/utils/thread_tracker'
+require 'contrast/utils/assess/event_limit_utils'
 require 'contrast/utils/assess/split_utils'
 require 'contrast/agent/assess/events/event_data'
 
@@ -20,6 +21,7 @@ module Contrast
             extend Contrast::Components::Scope::InstanceMethods
             extend Contrast::Components::Logger::InstanceMethods
             extend Contrast::Utils::Assess::SplitUtils
+            extend Contrast::Utils::Assess::EventLimitUtils
 
             SPLIT_TRACKER = Contrast::Utils::ThreadTracker.new
 
@@ -42,6 +44,7 @@ module Contrast
                 return unless (source_properties = Contrast::Agent::Assess::Tracker.properties(source))
 
                 update_element_properties(propagation_node, target, preshift, source_properties)
+                increment_event_count(propagation_node)
                 nil
               end
 

data/lib/contrast/agent/assess/policy/source_method.rb

@@ -7,6 +7,7 @@ require 'contrast/components/logger'
 require 'contrast/utils/object_share'
 require 'contrast/utils/sha256_builder'
 require 'contrast/utils/assess/source_method_utils'
+require 'contrast/utils/assess/event_limit_utils'
 require 'contrast/agent/assess/events/event_data'
 
 module Contrast
@@ -19,6 +20,7 @@ module Contrast
         module SourceMethod
           extend Contrast::Components::Logger::InstanceMethods
           extend Contrast::Utils::Assess::SourceMethodUtils
+          extend Contrast::Utils::Assess::EventLimitUtils
 
           PARAMETER_TYPE     = 'PARAMETER'
           PARAMETER_KEY_TYPE = 'PARAMETER_KEY'
@@ -37,6 +39,7 @@ module Contrast
             # @param args [Array<Object>] the Arguments with which the method was invoked
             def apply_source method_policy, object, ret, args
               return unless analyze?(method_policy, object, ret, args)
+              return if event_limit?(method_policy)
               return unless (source_node = method_policy.source_node)
 
               # used to hold the object and ret
@@ -66,6 +69,8 @@ module Contrast
               context = Contrast::Agent::REQUEST_TRACKER.current
               return unless context && source_node && target
 
+              increment_event_count(source_node)
+
               source_name ||= determine_source_name(source_node, source_data.object, source_data.ret, *args)
               # We know we only work on certain things.
               # Skip if this isn't one of them

data/lib/contrast/agent/assess/policy/trigger_method.rb

@@ -25,6 +25,7 @@ module Contrast
         module TriggerMethod # rubocop:disable Metrics/ModuleLength
           extend Contrast::Components::Logger::InstanceMethods
           extend Contrast::Utils::Assess::TriggerMethodUtils
+          extend Contrast::Utils::Assess::EventLimitUtils
 
           # The level of TeamServer compliance our traces meet when in the abnormal condition of being dataflow rules
           # without routes.
@@ -48,6 +49,7 @@ module Contrast
             # @param args [Array<Object>] the Arguments with which the method was invoked
             def apply_trigger_rule trigger_node, object, ret, args
               return if trigger_node.nil?
+              return if event_limit_for_rule?(trigger_node.rule_id)
 
               context = Contrast::Agent::REQUEST_TRACKER.current
               # return if there is no context and the flag is set to default => false
@@ -102,6 +104,12 @@ module Contrast
               request = find_request(source)
               return unless reportable?(request&.env)
 
+              process_reportable_finding(trigger_node, source, object, ret, request, *args)
+            rescue StandardError => e
+              logger.error('Unable to build a finding', e, rule: trigger_node.rule_id, node_id: trigger_node.id)
+            end
+
+            def process_reportable_finding trigger_node, source, object, ret, request, *args
               if Contrast::Agent::Reporter.enabled?
                 handle_new_finding(trigger_node, source, object, ret, request, *args)
               else # TODO: RUBY-1438 -- remove
@@ -112,8 +120,6 @@ module Contrast
                                                 rule: trigger_node.rule_id)
                 report_finding(finding, request)
               end
-            rescue StandardError => e
-              logger.error('Unable to build a finding', e, rule: trigger_node.rule_id, node_id: trigger_node.id)
             end
 
             # Given a finding, append it to an activity message and send it to the Service for processing. If an

data/lib/contrast/agent/assess/tracker.rb

@@ -12,6 +12,7 @@ module Contrast
       # have tightly coupled dependencies on each other.
       class Tracker
         PROPERTIES_HASH = Contrast::Agent::Assess::Finalizers::Hash.new
+        KEEP_AGE = 600_000.cs__freeze # 10 minutes
 
         class << self
           # Retrieve the properties of the given Object, iff they exist.
@@ -55,6 +56,17 @@ module Contrast
           def copy source, target
             PROPERTIES_HASH[target] ||= properties(source).dup
           end
+
+          # Clean PROPERTIES_HASH of any values older than KEEP_AGE ms or
+          # have nil properties
+          def cleanup!
+            PROPERTIES_HASH.delete_if do |_k, properties|
+              return true if properties.nil?
+              return false unless (event = properties&.event)
+
+              KEEP_AGE <= (Contrast::Utils::Timer.now_ms - event.time)
+            end
+          end
         end
       end
     end

data/lib/contrast/agent/inventory/database_config.rb

@@ -66,7 +66,8 @@ module Contrast
                                        # TODO: RUBY-99999 - Remove when Rails 6.0 is not supported
                                        ActiveRecord::Base.connection_config
                                      end
-          rescue StandardError
+          rescue StandardError => e
+            logger.error('Unable to detect db config connection', e)
             nil
           end
 

data/lib/contrast/agent/inventory/dependency_analysis.rb

@@ -18,8 +18,8 @@ module Contrast
         # @return [Array<Contrast::Agent::Reporting::LibraryDiscovery>] direct report form of
         #   Gem::Specification that have been loaded for this application.
         def library_pb_list
-          return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless ::Contrast::INVENTORY.enabled?
-          return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless ::Contrast::INVENTORY.analyze_libraries?
+          return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless ::Contrast::INVENTORY.enable
+          return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless ::Contrast::INVENTORY.analyze_libraries
 
           loaded_specs.each_with_object([]) do |(_name, spec), reported_lib_list|
             next unless spec

data/lib/contrast/agent/inventory/dependency_usage_analysis.rb

@@ -111,7 +111,7 @@ module Contrast
 
         # We only use this if inventory and library analysis are enabled
         def enabled?
-          @_enabled = ::Contrast::INVENTORY.enabled? && ::Contrast::INVENTORY.analyze_libraries? if @_enabled.nil?
+          @_enabled = ::Contrast::INVENTORY.enable && ::Contrast::INVENTORY.analyze_libraries if @_enabled.nil?
           @_enabled
         end
       end

data/lib/contrast/agent/inventory/policy/datastores.rb

@@ -21,7 +21,7 @@ module Contrast
             DATA_STORE_MARKER = 'data_store'
 
             def report_data_store _method, _exception, properties, object, _args
-              return unless ::Contrast::INVENTORY.enabled?
+              return unless ::Contrast::INVENTORY.enable
 
               marker = properties[DATA_STORE_MARKER]
               return unless marker

data/lib/contrast/agent/inventory/policy/policy.rb

@@ -19,7 +19,7 @@ module Contrast
           end
 
           def disabled_globally?
-            !::Contrast::INVENTORY.enabled?
+            !::Contrast::INVENTORY.enable
           end
 
           def node_type

data/lib/contrast/agent/patching/policy/method_policy.rb

@@ -17,9 +17,9 @@ module Contrast
           #
           # @param method_policy [Hash]
           #  {
-          #   source_node       [ Contrast::Agent::Assesss::Policy::SourceNode      ]
-          #   propagation_node  [ Contrast::Agent::Assesss::Policy::PropagationNode ]
-          #   trigger_node      [ Contrast::Agent::Assesss::Policy::TriggerNode     ]
+          #   source_node       [ Contrast::Agent::Assess::Policy::SourceNode      ]
+          #   propagation_node  [ Contrast::Agent::Assess::Policy::PropagationNode ]
+          #   trigger_node      [ Contrast::Agent::Assess::Policy::TriggerNode     ]
           #   inventory_node    [ Contrast::Agent::Inventory::Policy::TriggerNode   ]
           #   protect_node      [ Contrast::Agent::Protect::Policy::TriggerNode     ]
           #   deadzone_node     [ Contrast::Agent::Deadzone::Policy::DeadzoneNode   ]

data/lib/contrast/agent/protect/rule/base.rb

@@ -38,7 +38,7 @@ module Contrast
           attr_reader :mode
 
           def initialize
-            ::Contrast::PROTECT.rules[rule_name] = self
+            ::Contrast::PROTECT.defend_rules[rule_name] = self
             @mode = mode_from_settings
           end
 

data/lib/contrast/agent/reporting/reporter_heartbeat.rb

@@ -3,7 +3,6 @@
 
 require 'contrast/agent/worker_thread'
 require 'contrast/agent/reporting/report'
-require 'contrast/components/logger'
 require 'contrast/agent/inventory/dependency_usage_analysis'
 require 'contrast/agent/reporting/reporting_events/poll'
 require 'contrast/agent/reporting/reporting_events/server_activity'
@@ -14,8 +13,6 @@ module Contrast
     # reach out to get the latest settings for this application. It also sends out those messages which do not need to
     # be associated directly with a request, such as Server Activity and Library Observation.
     class ReporterHeartbeat < WorkerThread
-      include Contrast::Components::Logger::InstanceMethods
-
       # TeamServer will mark an application offline after 5 minutes. Sending this every one should be more than enough
       # to satisfy our goals.
       REFRESH_INTERVAL_SEC = 60
@@ -29,6 +26,7 @@ module Contrast
             polling_events.each do |event|
               Contrast::Agent.reporter&.send_event(event)
             end
+            clean_properties
             sleep(REFRESH_INTERVAL_SEC)
           end
         end

data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb

@@ -56,35 +56,31 @@ module Contrast
         # @param attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
         # @param rule [String]
         def attach_existing existing_attacker_activity, attacker_activity, rule
-          # TODO: RUBY-1663 figure out attack time mapping
           new_violation = attacker_activity.protection_rules[rule]
+          sample_activity = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity
           if (previously_violated = existing_attacker_activity.protection_rules[rule])
-            if (new_blocked = new_violation.blocked&.samples)
-              unless previously_violated.blocked
-                previously_violated.blocked = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
-              end
-              previously_violated.blocked.samples.concat(new_blocked)
+            if (new_blocked = new_violation.blocked)
+              previously_violated.blocked ||= sample_activity.new
+              previously_violated.blocked.samples.concat(new_blocked.samples) if new_blocked.samples
+              previously_violated.blocked.merge_time_maps(new_blocked.time_map)
             end
 
-            if (new_exploited = new_violation.exploited&.samples)
-              unless previously_violated.exploited
-                previously_violated.exploited = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
-              end
-              previously_violated.exploited.samples.concat(new_exploited)
+            if (new_exploited = new_violation.exploited)
+              previously_violated.exploited ||= sample_activity.new
+              previously_violated.exploited.samples.concat(new_exploited.samples) if new_exploited.samples
+              previously_violated.exploited.merge_time_maps(new_exploited.time_map)
             end
 
-            if (new_ineffective = new_violation.ineffective&.samples)
-              unless previously_violated.ineffective
-                previously_violated.ineffective = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
-              end
-              previously_violated.ineffective.samples.concat(new_ineffective)
+            if (new_ineffective = new_violation.ineffective)
+              previously_violated.ineffective ||= sample_activity.new
+              previously_violated.ineffective.samples.concat(new_ineffective.samples) if new_ineffective.samples
+              previously_violated.ineffective.merge_time_maps(new_ineffective.time_map)
             end
 
-            if (new_suspicious = new_violation.suspicious&.samples)
-              unless previously_violated.suspicious
-                previously_violated.suspicious = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity.new
-              end
-              previously_violated.suspicious.samples.concat(new_suspicious)
+            if (new_suspicious = new_violation.suspicious)
+              previously_violated.suspicious ||= sample_activity.new
+              previously_violated.suspicious.samples.concat(new_suspicious.samples) if new_suspicious.samples
+              previously_violated.suspicious.merge_time_maps(new_suspicious.time_map)
             end
           else
             existing_attacker_activity.protection_rules[rule] = new_violation

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb

@@ -16,7 +16,7 @@ module Contrast
       class ApplicationDefendAttackSample
         include Contrast::Agent::Reporting::InputType
 
-        # @return [Hash]
+        # @return [Hash] => start: ms, elapsed: ms
         attr_reader :time_stamp
 
         class << self

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/components/logger'
+require 'contrast/utils/timer'
 require 'contrast/agent/reporting/reporting_events/application_defend_attack_sample'
 
 module Contrast
@@ -26,7 +27,7 @@ module Contrast
 
         def initialize
           @samples = []
-          @start_time = (Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0) / 1000
+          @start_time = Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0 # in ms
           @event_type = :application_defend_attack_sample_activity
           @time_map = Hash.new { |h, k| h[k] = 0 }
           super
@@ -36,7 +37,7 @@ module Contrast
           {
               attackTimeMap: time_map,
               samples: samples.map(&:to_controlled_hash),
-              startTime: @start_time,
+              startTime: @start_time, # Start time in ms.
               total: 1 # there will only ever be 1 attack sample, until batching is done
           }
         end
@@ -44,12 +45,34 @@ module Contrast
         # @param attack_result [Contrast::Api::Dtm::AttackResult]
         def attach_data attack_result
           attack_result.samples.each do |attack_sample|
+            base_time = Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0
+            dmt_time = attack_sample.timestamp_ms.to_i
             converted = Contrast::Agent::Reporting::ApplicationDefendAttackSample.convert(attack_result, attack_sample)
             samples << converted
-            attack_second = converted.time_stamp[:elapsed] / 1000
+            @start_time = if dmt_time.zero?
+                            @start_time
+                          else
+                            dmt_time
+                          end
+            attack_second = (@start_time - base_time) / 1000 # in seconds
             time_map[attack_second] += 1
           end
         end
+
+        # This method will merge time_maps of attack samples with same
+        # type.
+        #
+        # @param map [Hash<Integer,Integer>] TimeMap to append to previously_violated rule
+        # samples.
+        # @return time_map [Hash<Integer,Integer>] merged time map with updated occurrences.
+        def merge_time_maps map
+          # If the second is the same (key) if we just merge there won't be a new entry,
+          # so just increase the attack count.
+          map.each_key do |key|
+            @time_map[key] = @time_map.fetch(key, 0) + map[key]
+          end
+          @time_map
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_utilities/audit.rb

@@ -26,12 +26,12 @@ module Contrast
         #   event field of Contrast::Agent::Reporting::ReportingEvent
         # @param response_data [Net::HTTP::Response]
         def audit_event event, response_data = nil
-          return unless ::Contrast::API.request_audit_requests? || ::Contrast::API.request_audit_responses?
+          return unless ::Contrast::API.request_audit_requests || ::Contrast::API.request_audit_responses
 
           file_name = event.cs__respond_to?(:file_name) ? event.file_name : event.cs__class.cs__name.to_s.downcase
           data = event.to_controlled_hash.to_json
           log_data(:request, file_name, data) if data
-          return unless ::Contrast::API.request_audit_responses?
+          return unless ::Contrast::API.request_audit_responses
 
           data = response_data&.body || 'There is no available response'
           log_data(:response, file_name, data)
@@ -94,7 +94,7 @@ module Contrast
         # Retrieves the configuration value if the request audit is enabled
         # @return [Boolean]
         def enabled?
-          ::Contrast::API.request_audit_enable?
+          ::Contrast::API.request_audit_enable
         end
 
         # The boolean values for the requests and the responses should be taken under
@@ -107,13 +107,13 @@ module Contrast
         # Retrieve the configuration value if the audit for requests is enabled
         # @return [Boolean]
         def enabled_for_requests?
-          ::Contrast::API.request_audit_requests?
+          ::Contrast::API.request_audit_requests
         end
 
         # Retrieve the configuration value if the audit for responses is enabled
         # @return [Boolean]
         def enabled_for_responses?
-          ::Contrast::API.request_audit_requests?
+          ::Contrast::API.request_audit_requests
         end
 
         # Retrieve the configuration value for the path of the audits

data/lib/contrast/agent/reporting/reporting_utilities/headers.rb

@@ -24,7 +24,7 @@ module Contrast
           @app_language = RUBY
           @app_path = Base64.strict_encode64(Contrast::APP_CONTEXT.path)
           @app_version = Contrast::APP_CONTEXT.app_version
-          @authorization = Base64.strict_encode64("#{ Contrast::API.username }:#{ Contrast::API.service_key }")
+          @authorization = Base64.strict_encode64("#{ Contrast::API.user_name }:#{ Contrast::API.service_key }")
           @server_name = Base64.strict_encode64(Contrast::APP_CONTEXT.server_name)
           @server_path = Base64.strict_encode64(Contrast::APP_CONTEXT.server_path)
           @server_type = Base64.strict_encode64(Contrast::APP_CONTEXT.server_type)

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb

@@ -59,7 +59,7 @@ module Contrast
 
           request = build_request(event)
           response = connection.request(request)
-          audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable?
+          audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable
           process_settings_response(response)
           process_preflight_response(event, response, connection)
           response

data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb

@@ -185,7 +185,7 @@ module Contrast
             ::Contrast::SETTINGS.build_protect_rules if ::Contrast::PROTECT.enabled?
             ::Contrast::AGENT.reset_ruleset
             logger.info('Current rule settings:')
-            ::Contrast::PROTECT.rules.each { |k, v| logger.info('Protect Rule mode set', rule: k, mode: v.mode) }
+            ::Contrast::PROTECT.defend_rules.each { |k, v| logger.info('Protect Rule mode set', rule: k, mode: v.mode) }
             logger.info('Disabled Assess Rules', rules: ::Contrast::ASSESS.disabled_rules)
           end
         end

data/lib/contrast/agent/request_context.rb

@@ -43,6 +43,8 @@ module Contrast
       # @return [Contrast::Utils::Timer] when the context was created
       attr_reader :timer
 
+      attr_accessor :propagation_event_count, :source_event_count
+
       def initialize rack_request, app_loaded: true
         with_contrast_scope do
           # all requests get a timer and hash
@@ -68,6 +70,12 @@ module Contrast
           # generic holder for properties that can be set throughout this request
           @_properties = {}
 
+          # count of propagation events
+          @propagation_event_count = 0
+
+          # count of source events
+          @source_event_count = 0
+
           if ::Contrast::ASSESS.enabled?
             @sample_req, @sample_res = Contrast::Utils::Assess::SamplingUtil.instance.sample?(@request)
           end

data/lib/contrast/agent/service_heartbeat.rb

@@ -1,7 +1,6 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/components/logger'
 require 'contrast/agent/worker_thread'
 require 'contrast/agent/reporting/report'
 
@@ -10,8 +9,6 @@ module Contrast
     # The ServiceHeartbeat functions to keep the Contrast Service alive and ensure that it maintains this Agent's
     # ApplicationContext.
     class ServiceHeartbeat < WorkerThread
-      include Contrast::Components::Logger::InstanceMethods
-
       # Spec recommends 30 seconds, we're going with 15.
       REFRESH_INTERVAL_SEC = 15
 
@@ -22,7 +19,9 @@ module Contrast
         @_thread = Contrast::Agent::Thread.new do
           logger.info('Starting heartbeat thread.')
           loop do
+            logger.info("Queue Size: #{ Contrast::Agent.messaging_queue.queue&.length }")
             Contrast::Agent.messaging_queue&.send_event_eventually(poll_message)
+            clean_properties
             sleep(REFRESH_INTERVAL_SEC)
           end
         end

data/lib/contrast/agent/static_analysis.rb

@@ -24,7 +24,7 @@ module Contrast
         end
 
         def send_inventory_message
-          return unless ::Contrast::INVENTORY.enabled?
+          return unless ::Contrast::INVENTORY.enable
 
           report = Contrast::Agent::Reporting::ApplicationUpdate.new
           # This convert here is left as it'll be easier to be replaced when the Library is being changed

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '6.4.0'
+    VERSION = '6.6.0'
   end
 end