RubyGems - contrast-agent - Versions diffs - 6.6.4 → 6.8.0 - Mend

contrast-agent 6.6.4 → 6.8.0

Files changed (340) hide show

data/lib/contrast/agent/reporting/reporting_events/poll.rb CHANGED Viewed

@@ -6,7 +6,7 @@ require 'contrast/agent/reporting/reporting_events/application_reporting_event'
 module Contrast
   module Agent
     module Reporting
-      # This is the new Poll class for the Heartbeat Service.
+      # This is the new Poll class for the Heartbeat to TeamServer.
       class Poll < Contrast::Agent::Reporting::ApplicationReportingEvent
         def initialize
           @event_type = :heartbeat
@@ -17,16 +17,6 @@ module Contrast
         def file_name
           'applications-heartbeat'
         end
-        # This is commented out as I am not aware if we're supposed to send some information and/or parse it to hash
-        # In https://github.com/Contrast-Security-Inc/contrast-service/blob/next/reporting/tsreporter.go
-        #
-        # Convert the instance variables on the class, and other information, into the identifiers required for
-        # TeamServer to process the JSON form of this message.
-        #
-        # @return [Hash]
-        # @raise [ArgumentError]
-        # def to_controlled_hash; end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb CHANGED Viewed

@@ -1,9 +1,10 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
+require 'contrast/agent/reporting/reporting_events/reporting_event'
 require 'contrast/components/assess'
 require 'contrast/components/logger'
-require 'contrast/agent/reporting/reporting_events/reporting_event'
+require 'contrast/utils/string_utils'
 module Contrast
   module Agent
@@ -13,6 +14,8 @@ module Contrast
       # identifying information of a Finding/Trace, which TeamServer will use to determine if it requires the full
       # information of the Finding/Trace to be reported.
       class PreflightMessage
+        include Contrast::Components::Logger::InstanceMethods
         # @return [String] the message identifier; rule_id,hash
         attr_accessor :data
         # @return [String] CRC checksum of the finding to which this message pertains
@@ -26,9 +29,6 @@ module Contrast
         CODE = :TRACE
         def initialize
-          @app_language = Contrast::Utils::ObjectShare::RUBY
-          @app_name = ::Contrast::APP_CONTEXT.name # rubocop:disable Security/Module/Name
-          @app_version = ::Contrast::APP_CONTEXT.version
           @routes = []
         end
@@ -47,24 +47,20 @@ module Contrast
           {
               code: CODE,
-              app_language: @app_language,
-              app_name: @app_name,
-              app_version: @app_version,
+              app_language: Contrast::Utils::ObjectShare::RUBY,
+              app_name: ::Contrast::APP_CONTEXT.name, # rubocop:disable Security/Module/Name
+              app_version: ::Contrast::APP_CONTEXT.version,
               data: '',
               key: 0,
-              routes: @routes,
+              routes: @routes.map(&:to_controlled_hash),
               session_id: ::Contrast::ASSESS.session_id
           }
         end
         # @raise [ArgumentError]
         def validate
-          raise(ArgumentError, "#{ cs__class } did not have a proper data. Unable to continue.") unless data
-          unless @app_name
-            raise(ArgumentError, "#{ cs__class } did not have a proper application name. Unable to continue.")
-          end
-          unless @app_language
-            raise(ArgumentError, "#{ cs__class } did not have a proper application language. Unable to continue.")
+          unless Contrast::Utils::StringUtils.present?(data)
+            raise(ArgumentError, "#{ cs__class } did not have a proper data. Unable to continue.")
           end
           unless ::Contrast::ASSESS.session_id
             raise(ArgumentError, "#{ cs__class } did not have a proper session id. Unable to continue.")

data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb CHANGED Viewed

@@ -49,6 +49,17 @@ module Contrast
         # @raise [ArgumentError]
         def validate; end
+        # Helper method to get json representation of event and handle errors
+        #
+        #  @return [String] - JSON
+        def event_json
+          hsh = to_controlled_hash
+          hsh.to_json
+        rescue Exception => e # rubocop:disable Lint/RescueException
+          logger.error('Unable to convert JSON string', e, hsh)
+          raise(e)
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb CHANGED Viewed

@@ -42,7 +42,9 @@ module Contrast
         # @param url [String] the literal url of the route actively being executed
         # @return [Contrast::Agent::Reporting::RouteCoverage]
         def attach_rack_based_data final_controller, method, route_pattern, url = nil
-          if route_pattern.cs__is_a?(Grape::Router::Route)
+          if Contrast::Utils::ClassUtil.truly_defined?('Grape::Router::Route') &&
+                route_pattern.cs__is_a?(Grape::Router::Route)
             safe_pattern = route_pattern.pattern&.path&.to_s
             safe_url = source_or_string(url || safe_pattern)
           else

data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb CHANGED Viewed

@@ -2,7 +2,6 @@
 # frozen_string_literal: true
 require 'contrast/agent/reporting/reporting_events/route_discovery_observation'
-require 'contrast/api/dtm.pb'
 require 'contrast/components/logger'
 module Contrast
@@ -14,34 +13,22 @@ module Contrast
       # externally accessible endpoints within the application, as registered to the application framework. They may or
       # may not have been invoked at the time of reporting.
       #
-      # @attr_reader observations [observations] the routes and verbs seen that match to this Route
-      # @attr_reader signature [String] the unique identifier for this route; typically the method signature. Required
-      #   for reporting.
       class RouteDiscovery
         include Contrast::Components::Logger::InstanceMethods
-        # required attributes
-        attr_reader :observations, :signature
-        class << self
-          # Convert a DTM for SpeedRacer to an Event for TeamServer.
-          #
-          # @param route_coverage_dtm [Contrast::Api::Dtm::RouteCoverage]
-          # @return [Contrast::Agent::Reporting::RouteDiscovery]
-          def convert route_coverage_dtm
-            report = new
-            report.attach_data(route_coverage_dtm)
-            report
-          end
-        end
-        # Attach the data from the protobuf models to this reporter so that it can be sent to TeamServer directly
-        #
-        # @param route_coverage_dtm [Contrast::Api::Dtm::RouteCoverage]
-        def attach_data route_coverage_dtm
-          @signature = route_coverage_dtm.route
+        # @return [Array<Contrast::Agent::Reporting::RouteDiscoveryObservation>] the routes and verbs seen that match
+        #   to this Route.
+        attr_reader :observations
+        # @return [String] the unique identifier for this route; typically the method signature. Required for
+        #   reporting.
+        attr_accessor :signature
+        # @param signature [String]
+        # @param observation [Contrast::Agent::Reporting::RouteDiscoveryObservation]
+        def initialize signature, observation
+          @signature = signature
           @observations = []
-          observations << Contrast::Agent::Reporting::RouteDiscoveryObservation.convert(route_coverage_dtm)
+          observations << observation
         end
         # Convert the instance variables on the class, and other information, into the identifiers required for

data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/api/dtm.pb'
 require 'contrast/utils/string_utils'
 require 'contrast/components/logger'
@@ -12,36 +11,18 @@ module Contrast
       # reporting system to relay this information in the Application Update messages. These route observations are
       # used by TeamServer to construct the route coverage information for the assess feature. They represent the
       # literal URL and HTTP verb used to invoke a method in the application, as routed by the application framework.
-      #
-      # @attr_reader url [String] the URL requested to hit this endpoint. Required for reporting.
-      # @attr_reader verb [String] the HTTP Method requested to his this endpoint. Empty means all, so is allowed.
-      #   for reporting.
       class RouteDiscoveryObservation
         include Contrast::Components::Logger::InstanceMethods
-        # required attributes
-        attr_reader :url
-        # optional attributes
-        attr_reader :verb
+        # @return [String] the URL requested to hit this endpoint. Required for reporting; required attributes
+        attr_accessor :url
+        # @return [String] the HTTP Method requested to his this endpoint. Empty means all, so is allowed for
+        #   reporting; optional attributes
+        attr_accessor :verb
-        class << self
-          # Convert a DTM for SpeedRacer to an Event for TeamServer.
-          #
-          # @param route_coverage_dtm [Contrast::Api::Dtm::RouteCoverage]
-          # @return [Contrast::Agent::Reporting::RouteDiscoveryObservation]
-          def convert route_coverage_dtm
-            report = new
-            report.attach_data(route_coverage_dtm)
-            report
-          end
-        end
-        # Attach the data from the protobuf models to this reporter so that it can be sent to TeamServer directly
-        #
-        # @param route_coverage_dtm [Contrast::Api::Dtm::RouteCoverage]
-        def attach_data route_coverage_dtm
-          @url = route_coverage_dtm.url
-          @verb = route_coverage_dtm.verb if Contrast::Utils::StringUtils.present?(route_coverage_dtm.verb)
+        def initialize url, verb
+          @url = url
+          @verb = verb if Contrast::Utils::StringUtils.present?(verb)
         end
         # Convert the instance variables on the class, and other information, into the identifiers required for

data/lib/contrast/agent/reporting/reporting_utilities/audit.rb CHANGED Viewed

@@ -19,8 +19,8 @@ module Contrast
           generate_paths if enabled?
         end
-        # This method will be handling the auditing of the requests and responses we send to SpeedRacer. If the audit
-        # feature is enabled, we'll log to file the request and/or response protobuf objects.
+        # This method will be handling the auditing of the requests and responses we send to TeamServer. If the audit
+        # feature is enabled, we'll log to file the request and/or response JSON objects.
         #
         # @param event [Contrast::Agent::Reporting::ReportingEvent] One of the DTMs valid for the
         #   event field of Contrast::Agent::Reporting::ReportingEvent
@@ -29,7 +29,7 @@ module Contrast
           return unless ::Contrast::API.request_audit_requests || ::Contrast::API.request_audit_responses
           file_name = event.cs__respond_to?(:file_name) ? event.file_name : event.cs__class.cs__name.to_s.downcase
-          data = event.to_controlled_hash.to_json
+          data = event.event_json
           log_data(:request, file_name, data) if data
           return unless ::Contrast::API.request_audit_responses

data/lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb CHANGED Viewed

@@ -14,17 +14,14 @@ module Contrast
       module BuildPreflight
         class << self
           # @param finding [Contrast::Agent::Reporting::Finding]
-          # @param request [Contrast::Agent::Request] current request
-          def build finding, request
+          # @return [Contrast::Agent::Reporting::Preflight, nil]
+          def generate finding
             return unless finding
-            # save the current finding
-            Contrast::Agent::Reporting::ReportingStorage[finding.hash_code] = finding
             new_preflight = Contrast::Agent::Reporting::Preflight.new
             new_preflight_message = Contrast::Agent::Reporting::PreflightMessage.new
-            if request&.route
-              new_preflight_message.routes << Contrast::Agent::Reporting::RouteDiscovery.convert(request.route)
+            finding.routes.each do |route|
+              new_preflight_message.routes << route
             end
             new_preflight_message.hash_code = finding.hash_code
             new_preflight_message.data = "#{ finding.rule_id },#{ finding.hash_code }"

data/lib/contrast/agent/reporting/reporting_utilities/headers.rb CHANGED Viewed

@@ -32,7 +32,7 @@ module Contrast
           @encoding = ENCODING
         end
-        def to_hash
+        def to_contrast_hash
           {
               app_name: @app_name,
               api_key: @api_key,

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb CHANGED Viewed

@@ -43,7 +43,6 @@ module Contrast
         # @param connection [Net::HTTP] open connection
         def startup! connection
           return if status.startup_messages_sent?
-          return unless Contrast::Agent::Reporter.enabled?
           send_agent_startup(connection)
         end
@@ -57,6 +56,8 @@ module Contrast
         def send_event event, connection
           return unless connection
+          logger.debug('Preparing to send reporting event', event_class: event.cs__class)
           request = build_request(event)
           response = connection.request(request)
           audit&.audit_event(event, response) if ::Contrast::API.request_audit_enable

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb CHANGED Viewed

@@ -69,7 +69,7 @@ module Contrast
         # Handles standard error case, logs and set status for failure
         #
         # @param event [Contrast::Agent::Reporting::ReportingEvent]
-        # One of the DTMs valid for the event field of Contrast::Api::Dtm::Message|Contrast::Api::Dtm::Activity
+        #   One of the DTMs valid for the event field of Contrast::Api::Dtm::Message
         # @param error_msg [StandardError]
         # @return nil [NilClass] to be passed as response
         def handle_error event, error_msg
@@ -105,7 +105,7 @@ module Contrast
           findings_to_return = response.body.split(',').delete_if { |el| el.include?('*') }
           findings_to_return.each do |index|
             preflight_message = event.messages[index.to_i]
-            corresponding_finding = Contrast::Agent::Reporting::ReportingStorage.delete(preflight_message.hash_code)
+            corresponding_finding = Contrast::Agent::Reporting::ReportingStorage.delete(preflight_message.data)
             next unless corresponding_finding
             send_event(corresponding_finding, connection)
@@ -130,7 +130,7 @@ module Contrast
                       end
             build_headers(request)
             event.attach_headers(request)
-            request.body = event.to_controlled_hash.to_json
+            request.body = event.event_json
             request
           end
         end

data/lib/contrast/agent/reporting/reporting_utilities/response.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module Contrast
         # All of the feature server_features
         #
-        # @return [Contrast::Agent::Reporting::Settings::FeatureSettings, nil]
+        # @return [Contrast::Agent::Reporting::Settings::ServerFeatures, nil]
         attr_accessor :server_features
         # Success boolean message value

data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb CHANGED Viewed

@@ -1,12 +1,9 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/api/communication/response_processor'
-require 'contrast/api/decorators/application_settings'
 require 'contrast/agent/reporting/reporting_utilities/response'
 require 'contrast/agent/reporting/reporting_utilities/response_handler_utils'
 require 'contrast/agent/reporting/reporting_utilities/response_handler_mode'
-require 'contrast/api/decorators/server_features'
 require 'contrast/components/logger'
 require 'json'

data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb CHANGED Viewed

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 require 'contrast/agent/reporting/reporting_utilities/response_extractor'
+require 'contrast/agent/disable_reaction'
 module Contrast
   module Agent

data/lib/contrast/agent/reporting/settings/code_exclusion.rb CHANGED Viewed

@@ -12,9 +12,14 @@ module Contrast
           ATTRIBUTES = BASE_ATTRIBUTES.dup << :denylist
           ATTRIBUTES.cs__freeze
-          # @return denylist [Array<String>] #rubocop:disable [Naming/InclusiveLanguage]
+          # @return [Array<String>]
           attr_accessor :denylist
+          def initialize
+            super
+            @denylist = []
+          end
           def to_controlled_hash
             hash = super
             hash[:denylist] = denylist

data/lib/contrast/agent/reporting/settings/exclusion_base.rb CHANGED Viewed

@@ -18,6 +18,24 @@ module Contrast
           # @return protect_rules [Array<String>]
           attr_accessor :protect_rules
+          def initialize
+            @modes = []
+            @assess_rules = []
+            @protect_rules = []
+          end
+          # @return [Boolean] does this exclusion apply to Assess or not
+          def assess
+            @_assess = modes&.include?('assess') if @_assess.nil?
+            @_assess
+          end
+          # @return [Boolean] does this exclusion apply to Protect or not
+          def protect
+            @_protect = modes&.include?('defend') if @_protect.nil?
+            @_protect
+          end
           def to_controlled_hash
             {
                 name: name, # rubocop:disable Security/Module/Name

data/lib/contrast/agent/reporting/settings/exclusions.rb CHANGED Viewed

@@ -26,6 +26,7 @@ module Contrast
           # @param new_code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
           #   name         [String] The name of the exclusion as defined by the user in TS.
           #   modes        [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
           #   assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
           #   denylist     [String] The call, if in the stack, should result in the agent not taking action.
           # }
@@ -39,7 +40,7 @@ module Contrast
           # Cases where rules should be excluded if violated from a given input.
           #
-          # @return input_exclusions [Array<Contrast::Agent::Reporting::Settings::InputExclusions>]
+          # @return input_exclusions [Array<Contrast::Agent::Reporting::Settings::InputExclusion>]
           # Array of InputExclusions
           def input_exclusions
             @_input_exclusions ||= []

data/lib/contrast/agent/reporting/settings/input_exclusion.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/agent/reporting/settings/exclusion_base'
+require 'contrast/agent/reporting/settings/url_exclusion'
 require 'contrast/utils/object_share'
 module Contrast
@@ -9,11 +9,17 @@ module Contrast
     module Reporting
       module Settings
         # InputExclusions class
-        class InputExclusion < ExclusionBase
-          ATTRIBUTES = BASE_ATTRIBUTES.dup << :type
+        class InputExclusion < UrlExclusion
+          ATTRIBUTES = UrlExclusion::ATTRIBUTES.dup << :type
           ATTRIBUTES.cs__freeze
           VALID_INPUT_TYPES = %w[COOKIE PARAMETER HEADER BODY QUERYSTRING].cs__freeze
+          # @return [String] the name of the input to match
+          attr_accessor :input_name
+          # @return [String] the type of the input to match
+          attr_accessor :input_type
           # @return type [String] The type of the input
           def type
             @_type ||= Contrast::Utils::ObjectShare::EMPTY_STRING

data/lib/contrast/agent/reporting/settings/protect.rb CHANGED Viewed

@@ -2,8 +2,6 @@
 # frozen_string_literal: true
 require 'contrast/utils/object_share'
-require 'contrast/api/dtm.pb'
-require 'contrast/api/settings.pb'
 module Contrast
   module Agent
@@ -79,23 +77,25 @@ module Contrast
             modes_by_id = {}
             protection_rules.each do |rule|
-              setting_mode = rule[:mode]
-              next unless PROTECT_RULES_MODE.include?(setting_mode)
-              api_mode = case setting_mode
-                         when PROTECT_RULES_MODE[1]
-                           ::Contrast::Api::Settings::ProtectionRule::Mode::MONITOR
-                         when PROTECT_RULES_MODE[2]
-                           if rule[:blockAtEntry]
-                             ::Contrast::Api::Settings::ProtectionRule::Mode::BLOCK_AT_PERIMETER
+              setting_mode = rule[:mode] || rule['mode']
+              api_mode = if PROTECT_RULES_MODE.include?(setting_mode)
+                           case setting_mode
+                           when PROTECT_RULES_MODE[1]
+                             :MONITOR
+                           when PROTECT_RULES_MODE[2]
+                             if rule[:blockAtEntry] || rule['blockAtEntry']
+                               :BLOCK_AT_PERIMETER
+                             else
+                               :BLOCK
+                             end
                            else
-                             ::Contrast::Api::Settings::ProtectionRule::Mode::BLOCK
+                             :NO_ACTION
                            end
                          else
-                           ::Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION
+                           setting_mode.to_sym
                          end
-              modes_by_id[rule[:id]] = api_mode
+              id = rule[:id] || rule['id']
+              modes_by_id[id] = api_mode
             end
             modes_by_id
           end

data/lib/contrast/agent/request.rb CHANGED Viewed

@@ -33,10 +33,10 @@ module Contrast
       # @return [Rack::Request] The passed to the Agent RackRequest to be wrapped.
       attr_reader :rack_request
-      # @return [Contrast::Api::Dtm::RouteCoverage] the route, used for findings, of this request
-      attr_accessor :route
       # @return [Contrast::Agent::Reporting::ObservedRoute] the route, used for coverage, of this request
       attr_accessor :observed_route
+      # @return [Contrast::Agent::Reporting::RouteDiscovery]
+      attr_accessor :discovered_route
       # Delegate calls to the following methods to the attribute @rack_request
       def_delegators :@rack_request, :base_url, :cookies, :env, :ip, :media_type, :path, :port, :query_string,
@@ -74,7 +74,8 @@ module Contrast
       # @return uri [String]
       def normalized_uri
         @_normalized_uri ||= begin
-          path = rack_request.path_info
+          path = rack_request.path_info || rack_request.path.to_s
+          path = '/' if path.empty?
           uri = path.split(Contrast::Utils::ObjectShare::SEMICOLON)[0]    # remove ;jsessionid
           uri = uri.split(Contrast::Utils::ObjectShare::QUESTION_MARK)[0] # remove ?query_string=
           uri.gsub(INNER_REST_TOKEN, INNER_NUMBER_MARKER)                 # replace interior tokens
@@ -142,17 +143,6 @@ module Contrast
         @_body
       end
-      # Unlike most of our translation, which is called where needed for each
-      # message and forgotten, we'll leave this method to call the build as we
-      # don't want to pay to reconstruct the DTM for this Request multiple
-      # times.
-      #
-      # @return [Contrast::Api::Dtm::HttpRequest] the SpeedRacer compatible
-      #   form of this Request
-      def dtm
-        @_dtm ||= Contrast::Api::Dtm::HttpRequest.build(self)
-      end
       # flattened hash of request params
       #
       # @return parameters [Hash]

data/lib/contrast/agent/request_context.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
-require 'contrast/api/dtm.pb'
 require 'contrast/utils/timer'
 require 'contrast/agent/request'
 require 'contrast/agent/response'
@@ -12,6 +11,7 @@ require 'contrast/utils/request_utils'
 require 'contrast/agent/request_context_extend'
 require 'contrast/agent/reporting/reporting_events/observed_route'
 require 'contrast/agent/reporting/input_analysis/input_analysis'
+require 'contrast/agent/reporting/reporting_events/application_activity'
 module Contrast
   module Agent
@@ -23,9 +23,9 @@ module Contrast
       include Contrast::Utils::RequestUtils
       include Contrast::Agent::RequestContextExtend
-      EMPTY_INPUT_ANALYSIS_PB = Contrast::Api::Settings::InputAnalysis.new
+      INPUT_ANALYSIS = Contrast::Agent::Reporting::InputAnalysis.new
-      # @return [Contrast::Api::Dtm::Activity] the application activity found in this request
+      # @return [Contrast::Agent::Reporting:ApplicationActivity] the application activity found in this request
       attr_reader :activity
       # @return [Hash] context used to log the request
       attr_reader :logging_hash
@@ -36,10 +36,12 @@ module Contrast
       # @return [Contrast::Agent::Response] our wrapper around the Rack::Response or Array for this context,
       #   only available after the application has finished its processing
       attr_reader :response
-      # @return [Contrast::Api::Dtm::RouteCoverage] the route, used for findings, of this request
-      attr_reader :route
-      # @return [Contrast::Api::Settings::InputAnalysis] the protect input analysis of sources on this request
-      attr_reader :speedracer_input_analysis
+      # @return [Contrast::Agent::Reporting::RouteDiscovery] the route, used for findings, of this request
+      attr_reader :discovered_route
+      # @return [Contrast::Agent::Reporting::InputAnalysis]
+      attr_reader :agent_input_analysis
+      # @return [Array<String>] the hash of findings already reported fro this request
+      attr_reader :reported_findings
       # @return [Contrast::Utils::Timer] when the context was created
       attr_reader :timer
@@ -52,17 +54,13 @@ module Contrast
           @logging_hash = { request_id: __id__ }
           # instantiate helper for request and response
-          @request = Contrast::Agent::Request.new(rack_request)
-          @activity = Contrast::Api::Dtm::Activity.new
-          @activity.http_request = request.dtm
+          @request = Contrast::Agent::Request.new(rack_request) if rack_request
+          @activity = Contrast::Agent::Reporting::ApplicationActivity.new
           # build analyzer
           @do_not_track = false
-          @speedracer_input_analysis = EMPTY_INPUT_ANALYSIS_PB
-          speedracer_input_analysis.request = request
-          # TODO: RUBY-1627
+          @agent_input_analysis = INPUT_ANALYSIS
+          agent_input_analysis.request = request
           # flag to indicate whether the app is fully loaded
           @app_loaded = !!app_loaded
@@ -80,6 +78,8 @@ module Contrast
             @sample_req, @sample_res = Contrast::Utils::Assess::SamplingUtil.instance.sample?(@request)
           end
+          @reported_findings = []
           handle_routes
         end
       end
@@ -125,7 +125,7 @@ module Contrast
       end
       def reset_activity
-        @activity = Contrast::Api::Dtm::Activity.new(http_request: request.dtm)
+        @activity = Contrast::Agent::Reporting::ApplicationActivity.new
         @observed_route = Contrast::Agent::Reporting::ObservedRoute.new
       end
@@ -133,14 +133,8 @@ module Contrast
       def handle_routes
         @observed_route = Contrast::Agent::Reporting::ObservedRoute.new
-        # TODO: RUBY-1705 when we no longer need the DTM style, delete this method and use the get_route_information
-        #   instead.
-        route_dtm = Contrast::Agent.framework_manager.get_route_dtm(@request)
-        # new_route_coverage_dtm = Contrast::Agent.framework_manager.get_route_information(@request)
-        # TODO: RUBY-1705 -- delete append_route_coverage
-        append_route_coverage(route_dtm)
-        # TODO: RUBY-1705 -- change to take [Contrast::Agent::Reporting::ObservedRoute]
-        append_to_observed_route(route_dtm)
+        reporting_route = Contrast::Agent.framework_manager.get_route_information(@request)
+        append_to_observed_route(reporting_route)
       end
     end
   end