contrast-agent 6.6.3 → 6.7.0

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb

@@ -6,6 +6,8 @@ require 'contrast/agent/protect/rule/deserialization'
 require 'contrast/agent/protect/rule/http_method_tampering'
 require 'contrast/agent/protect/rule/no_sqli'
 require 'contrast/api/dtm.pb'
+require 'contrast/agent/reporting/attack_result/user_input'
+require 'contrast/agent/reporting/attack_result/response_type'
 require 'contrast/components/logger'
 
 module Contrast
@@ -16,12 +18,20 @@ module Contrast
       class ApplicationDefendAttackSample
         include Contrast::Agent::Reporting::InputType
 
-        # @return [Hash] => start: ms, elapsed: ms
-        attr_reader :time_stamp
+        # @return [Contrast::Agent::Reporting::UserInput]
+        attr_accessor :user_input
+        # @return [Array<Contrast::Agent::Reporting::ApplicationDefendAttackSampleStack>]
+        attr_reader :stack
+        # Details are per rule specific and should be set when the sample is build
+        #
+        # @return [Contrast::Agent::Reporting::Details::ProtectRuleDetails, {}]
+        attr_accessor :details
+        # @return [Integer] time in ms
+        attr_accessor :time_stamp
 
         class << self
-          # @param attack_result [Contrast::Api::Dtm::AttackResult]
-          # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
+          # @param attack_result [Contrast::Agent::Reporting::AttackResult]
+          # @param attack_sample [Contrast::Agent::Reporting::ApplicationDefendAttackSample]
           def convert attack_result, attack_sample
             activity = new
             activity.attach_data(attack_result, attack_sample)
@@ -30,151 +40,62 @@ module Contrast
         end
 
         def initialize
+          @time_stamp = Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0 # in ms
           @blocked = false
           @event_type = :application_defend_attack_sample
+          @user_input = Contrast::Agent::Reporting::UserInput.new
+          @request = Contrast::Agent::REQUEST_TRACKER.current&.activity&.request
+          @stack = Contrast::Utils::StackTraceUtils.build_protect_report_stack_array
+          @details = {}
         end
 
         def to_controlled_hash
           {
               blocked: @blocked,
-              input: @input,
-              details: @details,
+              input: build_input(@user_input),
+              details: @details&.to_controlled_hash,
               request: @request&.to_controlled_hash,
               stack: @stack&.map(&:to_controlled_hash),
-              timestamp: time_stamp
+              timestamp: build_time_stamp
           }
         end
 
-        # @param attack_result [Contrast::Api::Dtm::AttackResult]
-        # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
-        def attach_data attack_result, attack_sample
-          @blocked = attack_result.response == ::Contrast::Api::Dtm::AttackResult::ResponseType::BLOCKED
-          @input = build_input(attack_sample)
-          @details = build_details(attack_result.rule_id, attack_sample)
-          @time_stamp = build_time_stamp(attack_sample.timestamp_ms)
-          @request = FindingRequest.convert(Contrast::Agent::REQUEST_TRACKER.current&.request)
-          @stack = Contrast::Utils::StackTraceUtils.build_protect_report_stack_array
-        end
-
-        # @param start [Integer]
-        # @return [Hash]
-        def build_time_stamp start
-          {
-              start: start,
-              elapsed: Contrast::Utils::Timer.now_ms - start
-          }
+        # @param response_type [Contrast::Api::Dtm::AttackResult::ResponseType]
+        # @return [Boolean] check if response type is blocked
+        def blocked? response_type
+          @blocked = response_type == Contrast::Agent::Reporting::ResponseType::BLOCKED
         end
 
-        # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
-        def build_input attack_sample
-          user_input = attack_sample.user_input
+        # @param user_input [Contrast::Agent::Reporting::UserInput]
+        def build_input user_input
           {
               documentPath: user_input.path,
-              documentType: build_document_type(user_input.document_type),
+              documentType: user_input.document_type.to_s,
               filters: user_input.matcher_ids,
               name: user_input.key,
-              time: attack_sample.timestamp_ms,
-              type: build_input_type(user_input.input_type),
+              time: time_stamp,
+              type: user_input.input_type.to_s,
               value: user_input.value
           }
         end
 
-        # Convert the document type api enum to a String constant TeamServer can understand.
-        #
-        # @param type_enum [::Contrast::Api::Dtm::HttpRequest::DocumentType]
-        # @return [String]
-        def build_document_type type_enum
-          case type_enum
-          when ::Contrast::Api::Dtm::HttpRequest::DocumentType::JSON
-            'JSON'
-          when ::Contrast::Api::Dtm::HttpRequest::DocumentType::XML
-            'XML'
-          else
-            'NORMAL'
-          end
-        end
-
-        # Convert the input type api enum to a String constant TeamServer can understand.
-        #
-        # @param type_enum [when ::Contrast::Api::Dtm::UserInput::InputType]
-        # @return [String]
-        def build_input_type type_enum
-          case type_enum
-          when ::Contrast::Api::Dtm::UserInput::InputType::UNDEFINED_TYPE
-            'UNDEFINED_TYPE'
-          when ::Contrast::Api::Dtm::UserInput::InputType::BODY
-            'BODY'
-          when ::Contrast::Api::Dtm::UserInput::InputType::COOKIE_NAME
-            'COOKIE_NAME'
-          when ::Contrast::Api::Dtm::UserInput::InputType::COOKIE_VALUE
-            'COOKIE_VALUE'
-          when ::Contrast::Api::Dtm::UserInput::InputType::HEADER
-            'HEADER'
-          when ::Contrast::Api::Dtm::UserInput::InputType::PARAMETER_NAME
-            'PARAMETER_NAME'
-          when ::Contrast::Api::Dtm::UserInput::InputType::PARAMETER_VALUE
-            'PARAMETER_VALUE'
-          when ::Contrast::Api::Dtm::UserInput::InputType::QUERYSTRING
-            'QUERYSTRING'
-          when ::Contrast::Api::Dtm::UserInput::InputType::URI
-            'URI'
-          when ::Contrast::Api::Dtm::UserInput::InputType::SOCKET
-            'SOCKET'
-          when ::Contrast::Api::Dtm::UserInput::InputType::JSON_VALUE
-            'JSON_VALUE'
-          when ::Contrast::Api::Dtm::UserInput::InputType::JSON_ARRAYED_VALUE
-            'JSON_ARRAYED_VALUE'
-          when ::Contrast::Api::Dtm::UserInput::InputType::MULTIPART_CONTENT_TYPE
-            'MULTIPART_CONTENT_TYPE'
-          when ::Contrast::Api::Dtm::UserInput::InputType::MULTIPART_VALUE
-            'MULTIPART_VALUE'
-          when ::Contrast::Api::Dtm::UserInput::InputType::MULTIPART_FIELD_NAME
-            'MULTIPART_FIELD_NAME'
-          when ::Contrast::Api::Dtm::UserInput::InputType::MULTIPART_NAME
-            'MULTIPART_NAME'
-          when ::Contrast::Api::Dtm::UserInput::InputType::XML_VALUE
-            'XML_VALUE'
-          when ::Contrast::Api::Dtm::UserInput::InputType::DWR_VALUE
-            'DWR_VALUE'
-          when ::Contrast::Api::Dtm::UserInput::InputType::METHOD
-            'METHOD'
-          when ::Contrast::Api::Dtm::UserInput::InputType::REQUEST
-            'REQUEST'
-          when ::Contrast::Api::Dtm::UserInput::InputType::URL_PARAMETER
-            'URL_PARAMETER'
-          else # ::Contrast::Api::Dtm::UserInput::InputType::UNKNOWN
-            'UNKNOWN'
-          end
+        # @param attack_result [Contrast::Agent::Reporting::AttackResult]
+        # @param attack_sample [Contrast::Agent::Reporting::RaspRuleSample]
+        def attach_data attack_result, attack_sample
+          @blocked = attack_result.response == ::Contrast::Agent::Reporting::ResponseType::BLOCKED
+          @user_input = attack_sample.user_input
+          @details = attack_sample.details
+          @time_stamp = attack_sample.time_stamp
+          @request = FindingRequest.convert(Contrast::Agent::REQUEST_TRACKER.current&.request)
+          @stack = Contrast::Utils::StackTraceUtils.build_protect_report_stack_array
         end
 
-        # This is a temporary method to facilitate the translation of API details to Reporting details. As we move off
-        # of protobuf, this responsibility should shift from this class to the individual rules, as they do today when
-        # they populate their details in Contrast::Api::Dtm::RaspRuleSample
-        #
-        # @param rule_id [String]
-        # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
-        # @return [Hash] the details for this specific rule
-        def build_details rule_id, attack_sample
-          case rule_id
-          when Contrast::Agent::Protect::Rule::CmdInjection::NAME
-            Contrast::Agent::Protect::Rule::CmdInjection.extract_details(attack_sample)
-          when Contrast::Agent::Protect::Rule::Deserialization::NAME
-            Contrast::Agent::Protect::Rule::Deserialization.extract_details(attack_sample)
-          when Contrast::Agent::Protect::Rule::HttpMethodTampering::NAME
-            Contrast::Agent::Protect::Rule::HttpMethodTampering.extract_details(attack_sample)
-          when Contrast::Agent::Protect::Rule::NoSqli::NAME
-            Contrast::Agent::Protect::Rule::NoSqli.extract_details(attack_sample)
-          when Contrast::Agent::Protect::Rule::PathTraversal::NAME
-            Contrast::Agent::Protect::Rule::PathTraversal.extract_details(attack_sample)
-          when Contrast::Agent::Protect::Rule::Sqli::NAME
-            Contrast::Agent::Protect::Rule::Sqli.extract_details(attack_sample)
-          when Contrast::Agent::Protect::Rule::Xss::NAME
-            Contrast::Agent::Protect::Rule::Xss.extract_details(attack_sample)
-          when Contrast::Agent::Protect::Rule::Xxe::NAME
-            Contrast::Agent::Protect::Rule::Xxe.extract_details(attack_sample)
-          else # something unknown or Contrast::Agent::Protect::Rule::UnsafeFileUpload::NAME
-            Contrast::Utils::ObjectShare::EMPTY_HASH
-          end
+        # @return [Hash]
+        def build_time_stamp
+          {
+              start: time_stamp,
+              elapsed: Contrast::Utils::Timer.now_ms - time_stamp
+          }
         end
       end
     end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb

@@ -16,21 +16,11 @@ module Contrast
         # @return [Hash<Integer,Integer>] map of time from start in seconds to number of attacks in that second
         attr_reader :time_map
 
-        class << self
-          # @param attack_result [Contrast::Api::Dtm::AttackResult]
-          def convert attack_result
-            activity = new
-            activity.attach_data(attack_result)
-            activity
-          end
-        end
-
         def initialize
           @samples = []
           @start_time = Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0 # in ms
           @event_type = :application_defend_attack_sample_activity
           @time_map = Hash.new { |h, k| h[k] = 0 }
-          super
         end
 
         def to_controlled_hash
@@ -42,17 +32,16 @@ module Contrast
           }
         end
 
-        # @param attack_result [Contrast::Api::Dtm::AttackResult]
+        # @param attack_result [Contrast::Agent::Reporting::AttackResult]
         def attach_data attack_result
           attack_result.samples.each do |attack_sample|
             base_time = Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0
-            dmt_time = attack_sample.timestamp_ms.to_i
-            converted = Contrast::Agent::Reporting::ApplicationDefendAttackSample.convert(attack_result, attack_sample)
-            samples << converted
-            @start_time = if dmt_time.zero?
+            sample_time = attack_sample.time_stamp.to_i
+            samples << Contrast::Agent::Reporting::ApplicationDefendAttackSample.convert(attack_result, attack_sample)
+            @start_time = if sample_time.zero?
                             @start_time
                           else
-                            dmt_time
+                            sample_time
                           end
             attack_second = (@start_time - base_time) / 1000 # in seconds
             time_map[attack_second] += 1

data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/components/logger'
+require 'contrast/utils/object_share'
 require 'contrast/agent/reporting/reporting_events/application_defend_attack_activity'
 
 module Contrast
@@ -12,7 +13,7 @@ module Contrast
       class ApplicationDefendAttackerActivity
         # @return [Hash<String,Contrast::Agent::Reporting::ApplicationDefendAttackActivity>] map of rule-id to violated
         #   samples for that rule
-        attr_reader :protection_rules
+        attr_accessor :protection_rules
         # @return [String, nil] the IP address of the request from which the attack originated; used to identify unique
         #   attackers
         attr_reader :source_ip
@@ -20,25 +21,14 @@ module Contrast
         #   identify unique attackers
         attr_reader :source_forwarded_for
 
-        class << self
-          # @param attack_result_dtm [Contrast::Api::Dtm::AttackResult]
-          # @return [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
-          def convert attack_result_dtm
-            activity = new
-            activity.attach_data(attack_result_dtm)
-            activity
-          end
-        end
-
         def initialize
           @protection_rules = {}
-          req = Contrast::Agent::REQUEST_TRACKER.current.activity.http_request
+          req = Contrast::Agent::REQUEST_TRACKER.current&.request
           if req
-            @source_ip = req.sender.ip
-            @source_forwarded_for = req.request_headers['X-Forwarded-For']
+            @source_ip = req.ip || Contrast::Utils::ObjectShare::EMPTY_STRING
+            @source_forwarded_for = req.headers['X-Forwarded-For']
           end
           @event_type = :application_defend_attacker_activity
-          super
         end
 
         def to_controlled_hash
@@ -51,10 +41,12 @@ module Contrast
           }
         end
 
-        # @param attack_result [Contrast::Api::Dtm::AttackResult]
+        # @param attack_result [Contrast::Agent::Reporting::AttackResult]
         def attach_data attack_result
-          @protection_rules[attack_result.rule_id] =
-            Contrast::Agent::Reporting::ApplicationDefendAttackActivity.convert(attack_result)
+          @protection_rules[attack_result.rule_id] = Contrast::Agent::Reporting::ApplicationDefendAttackActivity.new.
+              tap do |activity|
+            activity.attach_data(attack_result)
+          end
         end
 
         def process_protection_rules

data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb

@@ -18,16 +18,6 @@ module Contrast
         # @ return [Array<String>, nil] - User-Agent Header value
         attr_reader :browsers
 
-        class << self
-          # @param activity_dtm [Contrast::Api::Dtm::ApplicationActivity]
-          # @return [Contrast::Agent::Reporting::ApplicationInventoryActivity]
-          def convert activity_dtm
-            inventory = new
-            inventory.attach_data(activity_dtm)
-            inventory
-          end
-        end
-
         def initialize
           @event_type = :application_inventory_activity
           @browsers = []
@@ -43,11 +33,13 @@ module Contrast
           }
         end
 
-        def attach_data activity
-          activity.architectures.each do |architecture|
-            @components << Contrast::Agent::Reporting::ArchitectureComponent.convert(architecture)
+        # @param architectures [Array<Contrast::Agent::Reporting::ArchitectureComponent>,
+        # Contrast::Agent::Reporting::ArchitectureComponent]
+        def attach_data architectures
+          Array(architectures).each do |architecture|
+            @components << architecture
           end
-          request_headers = activity.http_request&.request_headers
+          request_headers = Contrast::Agent::REQUEST_TRACKER.current&.request&.headers
           @browsers << request_headers['USER_AGENT'] if request_headers
         end
 

data/lib/contrast/agent/reporting/reporting_events/application_startup.rb

@@ -27,7 +27,7 @@ module Contrast
         #
         # @return [Hash]
         def to_controlled_hash
-          app_config = ::Contrast::CONFIG.root.application
+          app_config = ::Contrast::CONFIG.application
           {
               code: app_config.code,
               group: app_config.group,

data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb

@@ -20,37 +20,23 @@ module Contrast
       class ArchitectureComponent
         include Contrast::Components::Logger::InstanceMethods
         # required attributes
-        attr_reader :type, :url
+        attr_accessor :type, :url
         # optional attributes
-        attr_reader :remote_host, :remote_port, :vendor
+        attr_accessor :remote_host, :remote_port, :vendor
 
         # TeamServer only treats these specific values as valid for Architecture Components. It does not know how to
         # process a message with a different type.
+        AC_TYPE_DB = 'db'
         VALID_TYPES = %w[db ldap ws].cs__freeze
 
         class << self
-          # Convert a DTM for SpeedRacer to an Event for TeamServer.
-          #
-          # @param component_dtm [Contrast::Api::Dtm::ArchitectureComponent]
-          # @return [Contrast::Agent::Reporting::ArchitectureComponent]
-          def convert component_dtm
-            report = new
-            report.attach_data(component_dtm)
-            report
+          def build_database
+            msg = new
+            msg.type = AC_TYPE_DB
+            msg
           end
         end
 
-        # Attach the data from the protobuf models to this reporter so that it can be sent to TeamServer directly.
-        #
-        # @param component_dtm [Contrast::Api::Dtm::ArchitectureComponent]
-        def attach_data component_dtm
-          @remote_host = component_dtm.remote_host
-          @remote_port = component_dtm.remote_port
-          @type = component_dtm.type
-          @url = component_dtm.url
-          @vendor = component_dtm.vendor
-        end
-
         # Convert the instance variables on the class, and other information, into the identifiers required for
         # TeamServer to process the JSON form of this message.
         #

data/lib/contrast/agent/reporting/reporting_events/finding.rb

@@ -29,14 +29,14 @@ module Contrast
         # @return [Array<Contrast::Agent::Reporting::FindingEvent>] the events associated with this finding, if the
         #   finding is event (dataflow) based.
         attr_reader :events
-        # @return [String] the evidence associated with this finding, if the finding is event based. deprecated in
-        #   favor of properties
+        # # @return [String] the evidence associated with this finding, if the finding is event based. deprecated in
+        # #   favor of properties
         # attr_reader :evidence
         # @return [Hash<String,String>] properties that prove the violation of the rule for this finding
         attr_reader :properties
         # @return [Contrast::Agent::Reporting::FindingRequest] the request associated with this finding, if the finding
         #   is request based
-        attr_reader :request
+        attr_accessor :request
         # @return [String] the uniquely identifying hash of this finding
         attr_accessor :hash_code
 
@@ -54,16 +54,6 @@ module Contrast
           xxssprotection-header-disabled
         ].cs__freeze
 
-        class << self
-          # @param finding_dtm [Contrast::Api::Dtm::Finding]
-          # @return [Contrast::Agent::Reporting::Finding]
-          def convert finding_dtm
-            report = new(finding_dtm.rule_id)
-            report.attach_property_data(finding_dtm)
-            report
-          end
-        end
-
         def initialize rule_id
           @event_method = :PUT
           @event_endpoint = "#{ Contrast::API.api_url }/api/ng/traces"
@@ -100,28 +90,10 @@ module Contrast
           event_data = Contrast::Agent::Assess::Events::EventData.new(trigger_node, source, object, ret, args)
           contrast_event = Contrast::Agent::Assess::ContrastEvent.new(event_data)
           events << Contrast::Agent::Reporting::FindingEvent.convert(contrast_event)
-          attach_properties
           return unless request
 
           @request = Contrast::Agent::Reporting::FindingRequest.convert(request)
-          @routes << Contrast::Agent::Reporting::RouteDiscovery.convert(request.route) if request.route
-        end
-
-        # Attach the data from a Contrast::Api::Dtm::Finding required for property based findings generated during
-        # response analysis.
-        #
-        # @param finding_dtm [Contrast::Api::Dtm::Finding]
-        def attach_property_data finding_dtm
-          @hash_code = finding_dtm.hash_code
-          @rule_id = finding_dtm.rule_id
-          finding_dtm.properties.each_pair do |key, value|
-            @properties[key] = value
-          end
-          finding_dtm.routes.each do |route|
-            @routes << Contrast::Agent::Reporting::RouteDiscovery.convert(route)
-          end
-          request = Contrast::Agent::REQUEST_TRACKER.current&.request
-          @request = Contrast::Agent::Reporting::FindingRequest.convert(request) if request
+          @routes << request.discovered_route if request.discovered_route
         end
 
         # Convert the instance variables on the class, and other information, into the identifiers required for
@@ -137,16 +109,9 @@ module Contrast
             return
           end
 
-          hsh = {
-              created: created,
-              hash: hash_code.to_s,
-              ruleId: rule_id,
-              session_id: ::Contrast::ASSESS.session_id,
-              version: 4
-          }
-          hsh[:events] = events.map(&:to_controlled_hash) if event_based?
-          # hsh[:evidence] = evidence unless event_based? || property_based?
-          hsh[:properties] = properties if property_based?
+          hsh = base_hash
+          hsh[:events] = events.map(&:to_controlled_hash) if events.any?
+          hsh[:properties] = properties if properties.any?
           hsh[:tags] = Contrast::ASSESS.tags if Contrast::ASSESS.tags
           return hsh unless request_based?
 
@@ -155,6 +120,17 @@ module Contrast
           hsh
         end
 
+        # @return [Hash] the base of every finding, regardless of type
+        def base_hash
+          {
+              created: created,
+              hash: hash_code.to_s,
+              ruleId: rule_id,
+              session_id: ::Contrast::ASSESS.session_id,
+              version: 4
+          }
+        end
+
         # @raise [ArgumentError]
         def validate
           raise(ArgumentError, "#{ self } did not have a proper rule. Unable to continue.") unless @rule_id
@@ -174,12 +150,6 @@ module Contrast
 
         private
 
-        # Our events have properties on them. To report them to TeamServer, we need to pull them from our object up to
-        # the Contrast::Agent::Reporting::Finding level.
-        #
-        # TODO: RUBY-99999 put properties on events, not just on DTM
-        def attach_properties; end
-
         def build_events events, event
           return unless event
 
@@ -196,7 +166,7 @@ module Contrast
         #
         # @return [Boolean]
         def event_based?
-          !property_based? && !config_based?
+          !property_based? && !config_based? && !hardcoded?
         end
 
         # Rules which are property based must have a property to be sent to TeamServer. Eventually, each rule may own

data/lib/contrast/agent/reporting/reporting_events/finding_event.rb

@@ -100,6 +100,10 @@ module Contrast
           end
         end
 
+        def initialize
+          @event_sources = []
+        end
+
         # Parse the data from a Contrast::Agent::Assess::ContrastEvent to attach what is required for reporting to
         # TeamServer to this Contrast::Agent::Reporting::FindingEvent
         #
@@ -208,11 +212,9 @@ module Contrast
         #
         # @param event [Contrast::Agent::Assess::ContrastEvent]
         def event_sources! event
-          @event_sources = []
           return unless event.cs__is_a?(Contrast::Agent::Assess::Events::SourceEvent)
 
-          source = Contrast::Agent::Reporting::FindingEventSource.convert(event)
-          event_sources << source if source
+          event_sources << event.event_source if event.event_source
         end
 
         # Convert the parent id's of the given ContrastEvent to the reportable form for this FindingEvent.
@@ -237,12 +239,13 @@ module Contrast
         #
         # @param event [Contrast::Agent::Assess::ContrastEvent]
         def stack! event
-          @stack = []
-          event.stack_trace.each do |stack_event|
-            if (report = Contrast::Agent::Reporting::FindingEventStack.convert(stack_event))
-              stack << report
-            end
-          end
+          @stack = if event.stack_trace
+                     event.stack_trace.compact.map! do |stack_event|
+                       Contrast::Agent::Reporting::FindingEventStack.new(stack_event)
+                     end
+                   else
+                     Contrast::Utils::ObjectShare::EMPTY_ARRAY
+                   end
         end
 
         # Convert the taint ranges of the given ContrastEvent to the reportable form for this FindingEvent.

data/lib/contrast/agent/reporting/reporting_events/finding_event_signature.rb

@@ -61,7 +61,7 @@ module Contrast
           # 8 is STATIC in Java... we have to placate them for now it has been requested that flags be removed since it
           # isn't used
           @flags = 8 unless node.instance_method?
-          @method_name = node.method_name
+          @method_name = node.method_name.to_s
           @return_type = type_name(event.ret)
           # if there's a ret, then this method isn't nil. not 100% full proof since you can return nil, but this is the
           # best we've got currently.

data/lib/contrast/agent/reporting/reporting_events/finding_event_source.rb

@@ -2,8 +2,6 @@
 # frozen_string_literal: true
 
 require 'base64'
-require 'contrast/agent/assess/contrast_event'
-require 'contrast/agent/assess/events/source_event'
 require 'contrast/components/logger'
 
 module Contrast
@@ -21,25 +19,11 @@ module Contrast
         # @return [String] the type of the source
         attr_reader :type
 
-        class << self
-          # @param event [Contrast::Agent::Assess::Events::ContrastEvent] the event to pull the source off of
-          # @return [Contrast::Agent::Reporting::FindingEventSource]
-          def convert event
-            return unless event.cs__is_a?(Contrast::Agent::Assess::Events::SourceEvent)
-
-            report = new
-            report.attach_data(event)
-            report
-          end
-        end
-
-        # Parse the data from a Contrast::Agent::Assess::Events::SourceEvent to attach what is required for reporting
-        # to TeamServer to this Contrast::Agent::Reporting::FindingEventSource
-        #
-        # @param event [Contrast::Agent::Assess::Events::SourceEvent] the event to pull the source off of
-        def attach_data event
-          @name = event.source_name
-          @type = event.source_type
+        # @param type [String]
+        # @param name [String]
+        def initialize type, name
+          @type = type
+          @name = name
         end
 
         # Convert the instance variables on the class, and other information, into the identifiers required for
@@ -61,6 +45,24 @@ module Contrast
           }
         end
 
+        # Convert this EventSource into the format expected for route observation
+        #
+        # @return [Hash]
+        # @raise [ArgumentError]
+        def to_controlled_observation_hash
+          begin
+            validate
+          rescue ArgumentError => e
+            logger.error('FindingEventSource observation validation failed with: ', e)
+            return
+          end
+
+          {
+              name: name, # rubocop:disable Security/Module/Name
+              type: type
+          }
+        end
+
         # @raise [ArgumentError]
         def validate
           raise(ArgumentError, "#{ self } did not have a proper type. Unable to continue.") unless type && !type.empty?