contrast-agent 6.6.4 → 6.6.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 15953528d5e347bd018a0e448e2653107c782481cc3df1e6513fc52641d52900
-  data.tar.gz: c7bec86c862f372a1e2e3804a129cef4eb2d7ebc18115c7b829ba31080d4553f
+  metadata.gz: 9a7491020083af4de63e878defb8a57583d22258ec534fba4b6d7ad923861c55
+  data.tar.gz: 9c784b84420c8caa8f3123e8dc053b21a7a8964058f8e5b073cbf794275e9793
 SHA512:
-  metadata.gz: b7de9ceb2ed80201d5c74aea212b652c86999b58c20693c5e2d1e233684c1ee54f1d2f56a3cdba20e374b22f35b89d231eec3a486325f7dde183a3ac0c9e114f
-  data.tar.gz: ce3fa2a7ae5021eb60978696254f7b0331f5d7c1d75bb697d423403e7fe2071aea5b66660875afe555a3ad101e8a121b546a3f9d5c7423833bc21a10c8cb4406
+  metadata.gz: 8896ddef1bb19c81b279f54c3ec1f5458474d7f6a9b5b7910670c2e87e00a1bdfab2a6ab422bb585eb125ba707839b9967490b2001951b360b211d3e41f2b15e
+  data.tar.gz: 2a6e933028aaf9b899cc107e565a112344408563035c20fec1cd3625d02bbd1de5ca6d02566a9379a07b532bda16d64b0868f2a30b0183aaafcfc0d2d3dc1a6d

data/lib/contrast/agent/assess/policy/trigger_method.rb

@@ -9,6 +9,7 @@ require 'contrast/utils/sha256_builder'
 require 'contrast/utils/assess/trigger_method_utils'
 require 'contrast/agent/assess/events/event_data'
 require 'contrast/agent/reporting/reporting_events/preflight'
+require 'contrast/agent/reporting/reporting_events/application_activity'
 require 'contrast/agent/reporting/reporting_events/preflight_message'
 require 'contrast/agent/reporting/reporting_events/route_discovery'
 require 'contrast/agent/reporting/reporting_utilities/reporting_storage'
@@ -118,7 +119,8 @@ module Contrast
                 append_to_finding(finding, event_data, request)
                 logger.trace('Finding created', node_id: trigger_node.id, source_id: source.__id__,
                                                 rule: trigger_node.rule_id)
-                report_finding(finding, request)
+                # check here if we need to add that finding
+                report_finding(finding, request) unless not_reported?(finding)
               end
             end
 
@@ -133,22 +135,21 @@ module Contrast
             def report_finding finding, request = nil
               context = Contrast::Agent::REQUEST_TRACKER.current
               if context
-                context.activity.findings << finding
+                # REMOVE_DTM_ACTIVITY
+                context.dtm_activity.findings << finding
                 return
               end
 
               return unless ::Contrast::ASSESS.non_request_tracking? || NON_REQUEST_RULES.include?(finding.rule_id)
 
+              # REMOVE_DTM_ACTIVITY Findings still using dtm - REMOVE
               activity = Contrast::Api::Dtm::Activity.new
-              activity.findings << finding
               if request
-                activity.http_request = request.dtm
+                activity.request = request.dtm
               else
                 logger.debug('Attempted to report finding without request', finding: finding)
               end
 
-              # If we're out of request context, then we need to report this finding ourselves,
-              # so we'll send it in the one-off activity we created.
               Contrast::Agent.messaging_queue&.send_event_eventually(activity)
             end
 
@@ -269,6 +270,20 @@ module Contrast
 
               MINIMUM_FINDING_VERSION
             end
+
+            # Check if the following finding was already added to context.activity
+            # We could use this after we get rid of the MessagingQueue.
+            #
+            # @param finding [Contrast::Api::Dtm::Finding] Finding we're about to report
+            # @return Boolean
+            def not_reported? finding
+              return false unless (current = Contrast::Agent::REQUEST_TRACKER.current)
+
+              currently_added_findings = current.dtm_activity.findings
+              return false if currently_added_findings.empty?
+
+              currently_added_findings.any? { |f| f.rule_id == finding.rule_id && f.hash_code == finding.hash_code }
+            end
           end
         end
       end

data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb

@@ -113,6 +113,8 @@ module Contrast
               class_name = clazz.cs__name
 
               finding = assign_finding(class_name, constant_string)
+              # TODO: RUBY-1705
+              # The only place we still use dtm activity
               activity = Contrast::Api::Dtm::Activity.new
               activity.findings << finding
               Contrast::Agent.messaging_queue.send_event_eventually(activity, force: true)

data/lib/contrast/agent/at_exit_hook.rb

@@ -37,13 +37,7 @@ module Contrast
         ].compact.each do |event|
           Contrast::Agent.reporter&.send_event_immediately(event)
         end
-
-        if Contrast::Agent::Reporter.enabled?
-          event = Contrast::Agent::Reporting::DtmMessage.dtm_to_event(context.activity)
-          Contrast::Agent.reporter&.send_event_immediately(event)
-        else
-          Contrast::Agent.messaging_queue&.send_event_immediately(context.activity)
-        end
+        Contrast::Agent.reporter&.send_event_immediately(context.activity)
       end
     end
   end

data/lib/contrast/agent/inventory/database_config.rb

@@ -30,20 +30,19 @@ module Contrast
           # Both report the same
           # Contrast::Api::Dtm::ArchitectureComponent, but have different names for their fields.
           #
-          # @param activity_or_update [Contrast::Api::Dtm::Activity, Contrast::Agent::Reporting::ApplicationUpdate]
-          # @param hash_or_str [Hash, String, #configuration_hash] the database connection information
+          # @param activity_or_update [Contrast::Agent::Reporting::ApplicationUpdate]
+          # @param hash_or_str [Hash, String] the database connection information
           def append_db_config activity_or_update, hash_or_str = active_record_config
             arr = build_from_db_config(hash_or_str)
             return unless arr&.any?
 
-            arr.each do |a|
-              next unless a
+            arr.each do |component|
+              next unless component
 
-              if activity_or_update.is_a?(Contrast::Api::Dtm::Activity)
-                activity_or_update.architectures << a
+              if activity_or_update.cs__is_a?(Contrast::Agent::Reporting::ApplicationUpdate)
+                activity_or_update.components << component
               else
-                converted_comp = Contrast::Agent::Reporting::ArchitectureComponent.convert(a)
-                activity_or_update.components << converted_comp
+                activity_or_update.attach_inventory(component)
               end
             end
           rescue StandardError => e
@@ -78,7 +77,7 @@ module Contrast
           # reporting.
           #
           # @param hash_or_str [Hash, String]
-          # @return [Array<Contrast::Api::Dtm::ArchitectureComponent>, nil]
+          # @return [Array<Contrast::Agent::Reporting::ArchitectureComponent>, nil]
           def build_from_db_config hash_or_str
             return unless hash_or_str
 
@@ -98,9 +97,9 @@ module Contrast
           # understandable by TeamServer.
           #
           # @param hash [Hash] the information used to open a database connection
-          # @return [Array<Contrast::Api::Dtm::ArchitectureComponent>]
+          # @return [Array<Contrast::Agent::Reporting::ArchitectureComponent>]
           def build_from_db_hash hash
-            ac = Contrast::Api::Dtm::ArchitectureComponent.build_database
+            ac = Contrast::Agent::Reporting::ArchitectureComponent.build_database
             ac.vendor = hash[:adapter] || hash[ADAPTER] || Contrast::Utils::ObjectShare::EMPTY_STRING
             ac.remote_host = host_from_hash(hash)
             ac.remote_port = port_from_hash(hash)
@@ -131,7 +130,7 @@ module Contrast
           # mysql+mysqlconnector://scott:tiger@localhost/foo # pragma: allowlist secret
           #
           # @param str [String] the DB connection string
-          # @return [Array<Contrast::Api::Dtm::ArchitectureComponent>, nil]
+          # @return [Array<Contrast::Agent::Reporting::ArchitectureComponent>, nil]
           def build_from_db_string str
             adapter, hosts, database = split_connection_str(str)
             return unless adapter && hosts && database
@@ -140,7 +139,7 @@ module Contrast
             hosts.split(Contrast::Utils::ObjectShare::COMMA).map do |s|
               host, port = s.split(Contrast::Utils::ObjectShare::COLON)
 
-              ac = Contrast::Api::Dtm::ArchitectureComponent.build_database
+              ac = Contrast::Agent::Reporting::ArchitectureComponent.build_database
               ac.vendor = Contrast::Utils::StringUtils.force_utf8(adapter)
               ac.remote_host = Contrast::Utils::StringUtils.force_utf8(host)
               ac.remote_port = port.to_i

data/lib/contrast/agent/middleware.rb

@@ -180,7 +180,6 @@ module Contrast
           else
             request_handler.ruleset.postfilter
             request_handler.report_activity
-            request_handler.send_activity_messages # TODO: RUBY-1438 -- remove
           end
         end
       # unsuccessful attack

data/lib/contrast/agent/protect/rule/base.rb

@@ -169,9 +169,9 @@ module Contrast
           #
           # @param context [Contrast::Agent::RequestContext] the context of the
           #   request in which this input is evaluated.
-          # @param result [Contrast::Api::Dtm::AttackResult]
+          # @param result [Contrast::Agent::Reporting::AttackResult]
           def append_to_activity context, result
-            context.activity.results << result if result
+            context.activity.attach_defend(result) if result
           end
 
           # With this we log to CEF
@@ -179,15 +179,11 @@ module Contrast
           # @param result [Contrast::Api::Dtm::AttackResult]
           # @param attack [Symbol] the type of message we want to send
           # @param value [String] the input value we want to log
-          def cef_logging result, attack = :ineffective_attack, value = nil
-            sample_to_json = Contrast::Api::Dtm::RaspRuleSample.to_controlled_hash(result.samples[0])
-            outcome = if result.response.cs__is_a?(Hash)
-                        Contrast::Agent::Reporting::ResponseType.cs__const_get(result.response[:name])
-                      else
-                        Contrast::Api::Dtm::AttackResult::ResponseType.get_name_by_tag(result.response)
-                      end
-            input_type = extract_input_type(sample_to_json[:user_input].input_type)
-            input_value = value || sample_to_json[:user_input].value
+          def cef_logging result, attack = :ineffective_attack, value: nil
+            sample = result.samples[0]
+            outcome = result.response.to_s
+            input_type = sample.user_input.input_type.to_s
+            input_value = sample.user_input.value || value
             cef_logger.send(attack, result.rule_id, outcome, input_type, input_value)
           end
 
@@ -238,9 +234,9 @@ module Contrast
           def update_successful_attack_response context, ia_result, result, attack_string = nil
             case mode
             when Contrast::Api::Settings::ProtectionRule::Mode::MONITOR
-              result.response = Contrast::Api::Dtm::AttackResult::ResponseType::MONITORED
+              result.response = Contrast::Agent::Reporting::ResponseType::MONITORED
             when Contrast::Api::Settings::ProtectionRule::Mode::BLOCK
-              result.response = Contrast::Api::Dtm::AttackResult::ResponseType::BLOCKED
+              result.response = Contrast::Agent::Reporting::ResponseType::BLOCKED
             end
 
             ia_result.attack_count = ia_result.attack_count + 1 if ia_result
@@ -259,9 +255,9 @@ module Contrast
           def update_perimeter_attack_response context, ia_result, result
             if mode == Contrast::Api::Settings::ProtectionRule::Mode::BLOCK_AT_PERIMETER
               result.response = if blocked_rule?(ia_result)
-                                  Contrast::Api::Dtm::AttackResult::ResponseType::BLOCKED
+                                  Contrast::Agent::Reporting::ResponseType::BLOCKED
                                 else
-                                  Contrast::Api::Dtm::AttackResult::ResponseType::BLOCKED_AT_PERIMETER
+                                  Contrast::Agent::Reporting::ResponseType::BLOCKED_AT_PERIMETER
                                 end
               log_rule_matched(context, ia_result, result.response)
             elsif ia_result.nil? || ia_result.attack_count.zero?
@@ -276,9 +272,9 @@ module Contrast
           #
           # @param _context [Contrast::Agent::RequestContext] the context of
           #   the current request
-          # @return [Contrast::Api::Dtm::AttackResult]
+          # @return [Contrast::Agent::Reporting::AttackResult]
           def build_attack_result _context
-            result = Contrast::Api::Dtm::AttackResult.new
+            result = Contrast::Agent::Reporting::AttackResult.new
             result.rule_id = rule_name
             result
           end
@@ -311,7 +307,7 @@ module Contrast
           end
 
           def build_base_sample context, ia_result
-            Contrast::Api::Dtm::RaspRuleSample.build(context, ia_result)
+            Contrast::Agent::Reporting::RaspRuleSample.build(context, ia_result)
           end
 
           def log_rule_matched _context, ia_result, response, _matched_string = nil
@@ -366,9 +362,9 @@ module Contrast
           #   determined to be an attack
           def assign_reporter_response_type ia_result
             if suspicious_rule?(ia_result) && Contrast::CONTRAST_SERVICE.use_agent_communication?
-              Contrast::Api::Dtm::AttackResult::ResponseType::SUSPICIOUS
+              Contrast::Agent::Reporting::ResponseType::SUSPICIOUS
             else
-              Contrast::Api::Dtm::AttackResult::ResponseType::PROBED
+              Contrast::Agent::Reporting::ResponseType::PROBED
             end
           end
         end

data/lib/contrast/agent/protect/rule/cmd_injection.rb

@@ -6,6 +6,7 @@ require 'contrast/utils/stack_trace_utils'
 require 'contrast/utils/object_share'
 require 'contrast/components/logger'
 require 'contrast/agent/reporting/input_analysis/input_type'
+require 'contrast/agent/reporting/details/cmd_injection_details'
 
 module Contrast
   module Agent
@@ -97,17 +98,17 @@ module Contrast
           # evaluation
           def build_sample context, input_analysis_result, candidate_string, **_kwargs
             sample = build_base_sample(context, input_analysis_result)
-            sample.cmdi = Contrast::Api::Dtm::CmdInjectionDetails.new
+            sample.details = Contrast::Agent::Reporting::Details::CmdInjectionDetails.new
 
             command = candidate_string || input_analysis_result.value
             command = Contrast::Utils::StringUtils.protobuf_safe_string(command)
-            sample.cmdi.command = command
-            sample.cmdi.end_idx = command.length
+            sample.details.cmd = command
+            sample.details.end_idx = command.length
 
             # This is a special case where the user input is UNKNOWN_USER_INPUT but
             # we want to send the attack value
             if input_analysis_result.nil?
-              ui = Contrast::Api::Dtm::UserInput.new
+              ui = Contrast::Agent::Reporting::UserInput.new
               ui.input_type = :UNKNOWN
               ui.value = command
               sample.user_input = ui

data/lib/contrast/agent/protect/rule/deserialization.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base'
+require 'contrast/agent/reporting/details/untrusted_deserialization_details'
 require 'contrast/components/logger'
 
 module Contrast
@@ -116,7 +117,7 @@ module Contrast
             ia_result = build_evaluation(gadget_command)
             result = build_attack_with_match(context, ia_result, nil, gadget_command, **kwargs)
             append_to_activity(context, result)
-            cef_logging(result, :successful_attack, gadget_command)
+            cef_logging(result, :successful_attack, value: gadget_command)
             raise(Contrast::SecurityException.new(self, BLOCK_MESSAGE)) if blocked?
           end
 
@@ -135,13 +136,13 @@ module Contrast
           #   to render this attack event in TeamServer.
           def build_sample context, input_analysis_result, _candidate_string, **kwargs
             sample = build_base_sample(context, input_analysis_result)
-            sample.untrusted_deserialization = Contrast::Api::Dtm::UntrustedDeserializationDetails.new
+            sample.details = Contrast::Agent::Reporting::Details::UntrustedDeserializationDetails.new
 
             deserializer = Contrast::Utils::StringUtils.protobuf_safe_string(kwargs[:GADGET_TYPE])
-            sample.untrusted_deserialization.deserializer = deserializer
+            sample.details.deserializer = deserializer
 
             command = !!kwargs[:COMMAND_SCOPE]
-            sample.untrusted_deserialization.command = command
+            sample.details.cmd = command
 
             sample
           end

data/lib/contrast/agent/protect/rule/path_traversal.rb

@@ -3,6 +3,8 @@
 
 require 'contrast/agent/protect/rule/base_service'
 require 'contrast/utils/stack_trace_utils'
+require 'contrast/agent/reporting/details/path_traversal_details'
+require 'contrast/agent/reporting/details/path_traversal_semantic_analysis_details'
 
 module Contrast
   module Agent
@@ -48,7 +50,7 @@ module Contrast
             append_to_activity(context, result)
             return unless blocked?
 
-            cef_logging(result, :successful_attack, path)
+            cef_logging(result, :successful_attack)
             raise(Contrast::SecurityException.new(self,
                                                   "Path Traversal rule triggered. Call to File.#{ method } blocked."))
           end
@@ -65,9 +67,9 @@ module Contrast
           # evaluation
           def build_sample context, input_analysis_result, path, **_kwargs
             sample = build_base_sample(context, input_analysis_result)
-            sample.path_traversal = Contrast::Api::Dtm::PathTraversalDetails.new
+            sample.details = Contrast::Agent::Reporting::Details::PathTraversalDetails.new
             path ||= input_analysis_result.value
-            sample.path_traversal.path = Contrast::Utils::StringUtils.protobuf_safe_string(path)
+            sample.details.path = Contrast::Utils::StringUtils.protobuf_safe_string(path)
             sample
           end
 
@@ -76,17 +78,17 @@ module Contrast
           # Build a subclass of the RaspRuleSample if the sample matches
           def build_rep_sample context, path
             sample = build_base_sample(context, nil)
-            sample.path_traversal_semantic = Contrast::Api::Dtm::PathTraversalSemanticAnalysisDetails.new
+            sample.details = Contrast::Agent::Reporting::Details::PathTraversalSemanticAnalysisDetails.new
             path = Contrast::Utils::StringUtils.protobuf_safe_string(path)
-            sample.path_traversal_semantic.path = path
+            sample.details.path = path
 
             if custom_code_access_sysfile_enabled? && custom_code_accessing_system_file?(path)
-              sample.path_traversal_semantic.findings << :CUSTOM_CODE_ACCESSING_SYSTEM_FILES
+              sample.details.findings << :CUSTOM_CODE_ACCESSING_SYSTEM_FILES
               return sample
             end
 
             if common_file_exploits_enabled? && contains_known_attack_signatures?(path)
-              sample.path_traversal_semantic.findings << :COMMON_FILE_EXPLOITS
+              sample.details.findings << :COMMON_FILE_EXPLOITS
               return sample
             end
 

data/lib/contrast/agent/protect/rule/sql_sample_builder.rb

@@ -3,6 +3,8 @@
 
 require 'contrast/agent/protect/rule/base'
 require 'contrast/agent/protect/rule/base_service'
+require 'contrast/agent/reporting/details/sqli_details'
+require 'contrast/agent/reporting/details/no_sqli_details'
 
 module Contrast
   module Agent
@@ -18,16 +20,16 @@ module Contrast
           # @candidate_string [String] the value of the input which may be an attack
           # @kwargs [Hash] key - value pairs of context individual rules need to build out details
           #   to send to the Service to tell the story of the attack
-          # @return [Contrast::Api::Dtm::RaspRuleSample] the sample from this attack
+          # @return [Contrast::Agent::Reporting::RaspRuleSample] the sample from this attack
           module SqliSample
             def build_sample context, input_analysis_result, candidate_string, **kwargs
               sqli_sample = build_base_sample(context, input_analysis_result)
-              sqli_sample.sqli = Contrast::Api::Dtm::SqlInjectionDetails.new
-              sqli_sample.sqli.query = Contrast::Utils::StringUtils.protobuf_safe_string(candidate_string)
-              sqli_sample.sqli.start_idx = kwargs[:start_idx]
-              sqli_sample.sqli.end_idx = kwargs[:end_idx]
-              sqli_sample.sqli.boundary_overrun_idx = kwargs[:boundary_overrun_idx].to_i
-              sqli_sample.sqli.input_boundary_idx = kwargs[:input_boundary_idx].to_i
+              sqli_sample.details = Contrast::Agent::Reporting::Details::SqliDetails.new
+              sqli_sample.details.query = Contrast::Utils::StringUtils.protobuf_safe_string(candidate_string)
+              sqli_sample.details.start_idx = kwargs[:start_idx]
+              sqli_sample.details.end_idx = kwargs[:end_idx]
+              sqli_sample.details.boundary_overrun_idx = kwargs[:boundary_overrun_idx].to_i
+              sqli_sample.details.input_boundary_idx = kwargs[:input_boundary_idx].to_i
               sqli_sample
             end
           end
@@ -41,16 +43,16 @@ module Contrast
           # @candidate_string [String] the value of the input which may be an attack
           # @kwargs [Hash] key - value pairs of context individual rules need to build out details
           #   to send to the Service to tell the story of the attack
-          # @return [Contrast::Api::Dtm::RaspRuleSample] the sample from this attack
+          # @return [Contrast::Agent::Reporting::RaspRuleSample] the sample from this attack
           module NoSqliSample
             def build_sample context, input_analysis_result, candidate_string, **kwargs
               no_sqli_sample = build_base_sample(context, input_analysis_result)
-              no_sqli_sample.no_sqli = Contrast::Api::Dtm::NoSqlInjectionDetails.new
-              no_sqli_sample.no_sqli.query = Contrast::Utils::StringUtils.protobuf_safe_string(candidate_string)
-              no_sqli_sample.no_sqli.start_idx = kwargs[:start_idx].to_i
-              no_sqli_sample.no_sqli.end_idx = kwargs[:end_idx].to_i
-              no_sqli_sample.no_sqli.boundary_overrun_idx = kwargs[:boundary_overrun_idx].to_i
-              no_sqli_sample.no_sqli.input_boundary_idx = kwargs[:input_boundary_idx].to_i
+              no_sqli_sample.details = Contrast::Agent::Reporting::Details::NoSqliDetails.new
+              no_sqli_sample.details.query = Contrast::Utils::StringUtils.protobuf_safe_string(candidate_string)
+              no_sqli_sample.details.start_idx = kwargs[:start_idx].to_i
+              no_sqli_sample.details.end_idx = kwargs[:end_idx].to_i
+              no_sqli_sample.details.boundary_overrun_idx = kwargs[:boundary_overrun_idx].to_i
+              no_sqli_sample.details.input_boundary_idx = kwargs[:input_boundary_idx].to_i
               no_sqli_sample
             end
           end

data/lib/contrast/agent/protect/rule/sqli.rb

@@ -61,7 +61,7 @@ module Contrast
 
             append_to_activity(context, result)
 
-            cef_logging(result, :successful_attack, query_string)
+            cef_logging(result, :successful_attack, value: query_string)
             raise(Contrast::SecurityException.new(self, BLOCK_MESSAGE)) if blocked?
           end
         end

data/lib/contrast/agent/protect/rule/xxe.rb

@@ -2,6 +2,9 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base'
+require 'contrast/agent/reporting/details/xxe_details'
+require 'contrast/agent/reporting/details/xxe_match'
+require 'contrast/agent/reporting/details/xxe_wrapper'
 require 'contrast/utils/timer'
 require 'contrast/components/logger'
 
@@ -62,7 +65,7 @@ module Contrast
             append_to_activity(context, result)
             return unless blocked?
 
-            cef_logging(result, :successful_attack, xml)
+            cef_logging(result, :successful_attack, value: xml)
             raise(Contrast::SecurityException.new(self, BLOCK_MESSAGE))
           end
 
@@ -105,7 +108,7 @@ module Contrast
               entity_wrapper = Contrast::Agent::Protect::Rule::Xxe::EntityWrapper.new(ss.matched)
               next unless entity_wrapper.external_entity?
 
-              xxe_details ||= Contrast::Api::Dtm::XxeDetails.new
+              xxe_details ||= Contrast::Agent::Reporting::Details::XxeDetails.new
               xxe_details.declared_entities << build_match(ss)
               xxe_details.entities_resolved << build_wrapper(entity_wrapper)
             end
@@ -119,12 +122,12 @@ module Contrast
           def build_sample context, ia_result, _url, **kwargs
             sample = build_base_sample(context, ia_result)
             sample.user_input = build_user_input(ia_result)
-            sample.xxe = kwargs[:details]
+            sample.details = kwargs[:details]
             sample
           end
 
           def build_user_input ia_result
-            input = Contrast::Api::Dtm::UserInput.new
+            input = Contrast::Agent::Reporting::UserInput.new
             input.key = INPUT_NAME
             input.input_type = :UNKNOWN
             input.document_type = :XML
@@ -146,14 +149,14 @@ module Contrast
           end
 
           def build_match string_scanner
-            match = Contrast::Api::Dtm::XxeMatch.new
+            match = Contrast::Agent::Reporting::Details::XxeMatch.new
             match.end_idx = string_scanner.pos.to_i
             match.start_idx = match.end_idx - string_scanner.matched_size
             match
           end
 
           def build_wrapper entity_wrapper
-            wrapper = Contrast::Api::Dtm::XxeWrapper.new
+            wrapper = Contrast::Agent::Reporting::Details::XxeWrapper.new
             wrapper.system_id = Contrast::Utils::StringUtils.protobuf_safe_string(entity_wrapper.system_id)
             wrapper.public_id = Contrast::Utils::StringUtils.protobuf_safe_string(entity_wrapper.public_id)
             wrapper

data/lib/contrast/agent/reporting/attack_result/attack_result.rb

@@ -57,6 +57,14 @@ module Contrast
         def tags= tags
           @_tags = tags if tags.is_a?(String)
         end
+
+        def details
+          @_details ||= {}
+        end
+
+        def details= protect_details
+          @_details = protect_details if protect_details.is_a?(Contrast::Agent::Reporting::Details::ProtectRuleDetails)
+        end
       end
     end
   end