contrast-agent 6.6.5 → 6.7.0

data/lib/contrast/framework/rails/support.rb

@@ -49,36 +49,6 @@ module Contrast
             find_all_routes(::Rails.application, [])
           end
 
-          # Find the current route, based on the provided Request wrapper
-          #
-          # @param request[Contrast::Agent::Request]
-          # @return [Contrast::Api::Dtm::RouteCoverage, nil]
-          def current_route request
-            return unless ::Rails.cs__respond_to?(:application)
-
-            # ActionDispatch::Journey::Path::Pattern::MatchData, Hash, ActionDispatch::Journey::Route, Array<String>
-            match, _params, route, path = get_full_route(request.rack_request)
-            unless route
-              logger.warn("Unable to determine the current route of this request: #{ request.rack_request }")
-              return
-            end
-
-            original_url = request.rack_request.path_info
-            mounted_app = route&.app&.app
-            # Route is either the final rails route, or a router that points to a Sinatra controller.
-            if mounted_app && Contrast::Framework::Sinatra::Support.sinatra_controller?(mounted_app)
-              return mounted_sinatra_route(request, match, path, route, original_url)
-            end
-            if mounted_app && Contrast::Framework::Grape::Support.grape_controller?(mounted_app)
-              return mounted_grape_route(request, match, path, route, original_url)
-            end
-
-            Contrast::Api::Dtm::RouteCoverage.from_action_dispatch_journey(route, original_url)
-          rescue StandardError => e
-            logger.warn('Unable to determine the current route of this request', e)
-            nil
-          end
-
           # Find the current route, based on the provided Request wrapper
           #
           # @param request[Contrast::Agent::Request]
@@ -105,9 +75,10 @@ module Contrast
             end
 
             new_route_coverage = Contrast::Agent::Reporting::RouteCoverage.new
-            new_route_coverage.attach_rails_data(route, original_url)
+            new_route_coverage&.attach_rails_data(route, original_url)
+            new_route_coverage
           rescue StandardError => e
-            logger.warn('Unable to determine the current route of this request', e)
+            logger.warn('Unable to determine the current route of this request due to exception: ', e)
             nil
           end
 
@@ -132,7 +103,7 @@ module Contrast
           # Determine if route is a Rails engine route.
           #
           # @param route [Object] app or route that points to a ::Rails::Engine
-          # @return [bool] whether the router is an engine or not.
+          # @return [Boolean, nil] whether the router is an engine or not.
           def engine_route? route
             return false unless route&.app&.app
             return false unless route.app.is_a?(::ActionDispatch::Routing::Mapper::Constraints) ||
@@ -155,7 +126,7 @@ module Contrast
 
             match, params, route = route_matches.first
 
-            # If the current routing node points to a sub-app (::Rais::Engine), dive deeper.
+            # If the current routing node points to a sub-app (::Rails::Engine), dive deeper.
             # Have sub-app route the remainder of the url.
             if engine_route?(route)
               new_req = retrieve_request(request.env)
@@ -186,36 +157,12 @@ module Contrast
             route_list
           end
 
-          # @param request[Contrast::Agent::Request]
-          # @param match [ActionDispatch::Journey::Path::Pattern::MatchData]
-          # @param path [Array<String>] the path of this request, built out from each nested
-          #   ActionDispatch::Journey::Path::Pattern::MatchData
-          # @param route [::ActionDispatch::Journey::Route]
-          # @param original_url [String] the full url of this request, including the mount
-          # @return [Contrast::Api::Dtm::RouteCoverage, nil]
-          def mounted_sinatra_route request, match, path, route, original_url
-            new_req = unmounted_route(request, match, path)
-            Contrast::Framework::Sinatra::Support.current_route(new_req, route.app.app, original_url)
-          end
-
           # @return [Contrast::Agent::Reporting::RouteCoverage, nil]
           def mounted_new_sinatra_route request, match, path, route, original_url
             new_req = unmounted_route(request, match, path)
             Contrast::Framework::Sinatra::Support.current_route_coverage(new_req, route.app.app, original_url)
           end
 
-          # @param request[Contrast::Agent::Request]
-          # @param match [ActionDispatch::Journey::Path::Pattern::MatchData]
-          # @param path [Array<String>] the path of this request, built out from each nested
-          #   ActionDispatch::Journey::Path::Pattern::MatchData
-          # @param route [::ActionDispatch::Journey::Route]
-          # @param original_url [String] the full url of this request, including the mount
-          # @return [Contrast::Api::Dtm::RouteCoverage, nil]
-          def mounted_grape_route request, match, path, route, original_url
-            new_req = unmounted_route(request, match, path)
-            Contrast::Framework::Grape::Support.current_route(new_req, route.app.app, original_url)
-          end
-
           # @return [Contrast::Agent::Reporting::RouteCoverage, nil]
           def mounted_new_grape_route request, match, path, route, original_url
             new_req = unmounted_route(request, match, path)

data/lib/contrast/framework/sinatra/support.rb

@@ -64,26 +64,6 @@ module Contrast
             routes
           end
 
-          # Given the current request return a RouteCoverage dtm.
-          #
-          # @param request [Contrast::Agent::Request] a contrast tracked request.
-          # @param controller [::Sinatra::Base] optionally use this controller instead of global ::Sinatra::Base.
-          # @return [Contrast::Api::Dtm::RouteCoverage, nil] a Dtm describing the route
-          # matched to the request if a match was found.
-          def current_route request, controller = ::Sinatra::Base, full_route = nil
-            return unless sinatra_controller?(controller)
-
-            method = request.env[::Rack::REQUEST_METHOD] # GET, PUT, POST, etc...
-
-            # Find route match--checking superclasses if necessary.
-            final_controller, route_pattern = _route_recurse(controller, method, _cleaned_route(request))
-            return unless !final_controller.nil? && !route_pattern.nil?
-
-            full_route ||= request.path_info
-
-            Contrast::Api::Dtm::RouteCoverage.from_sinatra_route(final_controller, method, route_pattern, full_route)
-          end
-
           # Given the current request - return a RouteCoverage object
 
           # @param request [Contrast::Agent::Request] a contrast tracked request.
@@ -97,12 +77,13 @@ module Contrast
 
             # Find route match--checking superclasses if necessary.
             final_controller, route_pattern = _route_recurse(controller, method, _cleaned_route(request))
-            return unless final_controller
+            return unless final_controller && route_pattern
 
             full_route ||= request.env[::Rack::PATH_INFO]
 
             new_route_coverage = Contrast::Agent::Reporting::RouteCoverage.new
             new_route_coverage.attach_rack_based_data(final_controller, method, route_pattern, full_route)
+            new_route_coverage
           end
 
           # Search object space for sinatra controllers--any class that subclasses ::Sinatra::Base.

data/lib/contrast/logger/cef_log.rb

@@ -51,16 +51,20 @@ module Contrast
       # set by local configuration.
       #
       # @param log_level [String] the level at which to log, as provided by TeamServer settings
-      def build_logger log_level = nil
+      # @param log_file [String] the file to which to log, as provided by TeamServer settings
+      def build_logger log_level = nil, log_file = nil
+        current_path_const = find_valid_path(log_file)
         current_level_const = find_valid_level(log_level)
         level_change = current_level_const != previous_level
+        path_change = current_path_const != previous_path
 
         # don't needlessly recreate logger
-        return if @cef_logger && !level_change
+        return if @cef_logger && !(level_change || path_change)
 
         @previous_level = current_level_const
+        @previous_path = current_path_const
 
-        @_cef_logger = build(path: DEFAULT_CEF_NAME, level_const: current_level_const)
+        @_cef_logger = build(path: current_path_const, level_const: current_level_const)
         # If we're logging to a new path, then let's start it w/ our helpful
         # data gathering messages
         # log_update if path_change
@@ -82,6 +86,20 @@ module Contrast
         @_cef_logger
       end
 
+      def find_valid_path log_file
+        config = ::Contrast::CONFIG.agent.security_logger
+        config_path = config&.path&.length.to_i.positive? ? config.path : nil
+        valid_path(config_path || log_file, default_name: DEFAULT_CEF_NAME)
+      end
+
+      # @return [::Ougai::Logging::Severity] the level at which to log
+      def find_valid_level log_level
+        config = ::Contrast::CONFIG.agent.security_logger
+        config_level = config&.level&.length&.positive? ? config.level : nil
+
+        valid_level(config_level || log_level)
+      end
+
       def log msg, level = @_cef_logger.level
         case level
         when ::Logger::Severity::INFO

data/lib/contrast/logger/log.rb

@@ -65,7 +65,7 @@ module Contrast
         @previous_path  = current_path
         @previous_level = current_level_const
 
-        progname = Contrast::CONFIG.root.agent.logger.progname
+        progname = Contrast::CONFIG.agent.logger.progname
         @_logger = build(path: current_path, level_const: current_level_const, progname: progname)
         # If we're logging to a new path, then let's start it w/ our helpful
         # data gathering messages
@@ -85,16 +85,6 @@ module Contrast
       def logger
         @_logger
       end
-
-      # StringIO is a valid path because it logs directly to a string buffer
-      def write_permission? path
-        return false if path.nil?
-        return true if path.is_a?(StringIO)
-        return File.writable?(path) if File.exist?(path)
-
-        dir_name = File.dirname(File.absolute_path(path))
-        File.writable?(dir_name)
-      end
     end
   end
 end

data/lib/contrast/tasks/config.rb

@@ -73,7 +73,9 @@ module Contrast
         config = Contrast::Configuration.new
         abort('Unable to Build Config') unless config
         missing = []
-        api_hash = config.root.api.to_hash
+
+        api_hash = config.api.to_contrast_hash
+
         api_hash.each_key do |key|
           value = mask_keys(api_hash, key)
           if value.is_a?(Contrast::Config::ApiProxyConfiguration)
@@ -123,7 +125,7 @@ module Contrast
       def self.validate_headers
         missing = []
         reporter = Contrast::Agent::Reporter.new
-        reporter_headers = reporter.client.headers.to_hash
+        reporter_headers = reporter.client.headers.to_contrast_hash
         reporter_headers.each_key do |key|
           value = mask_keys(reporter_headers, key)
           missing << key if value.nil?

data/lib/contrast/utils/assess/event_limit_utils.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/components/logger'
+require 'contrast/components/assess'
 
 module Contrast
   module Utils
@@ -16,14 +17,12 @@ module Contrast
           return false unless (context = Contrast::Agent::REQUEST_TRACKER.current)
 
           if method_policy.source_node
-            max =  (::Contrast::ASSESS.max_source_events ||
-              Contrast::Config::AssessConfiguration::DEFAULT_MAX_SOURCE_EVENTS)
+            max =  ::Contrast::ASSESS.max_context_source_events
             return at_limit?(method_policy, context.source_event_count, max)
 
           end
           if method_policy.propagation_node
-            max = (::Contrast::ASSESS.max_propagation_events ||
-              Contrast::Config::AssessConfiguration::DEFAULT_MAX_PROPAGATION_EVENTS)
+            max = ::Contrast::ASSESS.max_propagation_events
             return at_limit?(method_policy, context.propagation_event_count, max)
           end
 
@@ -33,7 +32,7 @@ module Contrast
         def event_limit_for_rule? rule_id # rubocop:disable Metrics/AbcSize
           return false unless (context = Contrast::Agent::REQUEST_TRACKER.current)
 
-          saved_request_ids = rule_counts.keys.map { |k| k.to_s.split('_')[1] }
+          saved_request_ids = rule_counts.keys.map { |k| k.to_s.split('_')[1].to_i }
 
           # if we passed the threshold and we actually have records for that request - wipe them
           if saved_request_ids.uniq.include?(context.request.__id__)
@@ -43,15 +42,13 @@ module Contrast
 
           # if we have recorded rule counts, but none of them are for the current request_id
           # eventually we can try and play with the time_limit_threshold -> DEFAULT_MAX_RULE_TIME_THRESHOLD
-          unless !rule_counts.empty? && saved_request_ids.include?(context.request.__id__)
+          if !rule_counts.empty? && !saved_request_ids.include?(context.request.__id__)
             restore_defaults
             threshold_time_limit
           end
 
           rule_key = "#{ rule_id }_#{ context.request.__id__ }"
           rule_counts[rule_key] += 1
-          # TODO: RUBY-1680 remove default
-          # we don't need the default here because we either return from the config, or we return the default
           rule_counts[rule_key] >= ::Contrast::ASSESS.max_rule_reported
         end
 

data/lib/contrast/utils/assess/trigger_method_utils.rb

@@ -72,7 +72,8 @@ module Contrast
           elsif trigger_node.dataflow?
             apply_dataflow_rule(trigger_node, source, object, ret, *args)
           else # trigger rule - just calling the method is dangerous
-            build_finding(trigger_node, source, object, ret, *args)
+            finding = build_finding(trigger_node, source, object, ret, *args)
+            Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding) if finding
           end
         rescue StandardError => e
           logger.warn('Unable to apply trigger', e, node_id: trigger_node.id)
@@ -81,8 +82,8 @@ module Contrast
         # This is our method that actually checks the taint on the object our trigger_node targets for our Regexp
         # based rules.
         #
-        # @param trigger_node [Contrast::Agent::Assess::Policy::TriggerNode] the node to direct applying this
-        #   trigger event
+        # @param trigger_node [Contrast::Agent::Assess::Policy::TriggerNode] the node to direct applying this trigger
+        #   event
         # @param source [Object] the source of the Trigger Event
         # @param object [Object] the Object on which the method was invoked
         # @param ret [Object] the Return of the invoked method
@@ -92,7 +93,8 @@ module Contrast
           return if trigger_node.good_value && source.match?(trigger_node.good_value)
           return if trigger_node.bad_value && source !~ trigger_node.bad_value
 
-          build_finding(trigger_node, source, object, ret, *args)
+          finding = build_finding(trigger_node, source, object, ret, *args)
+          Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding) if finding
         end
 
         # This is our method that actually checks the taint on the object our trigger_node targets for our Dataflow
@@ -104,33 +106,23 @@ module Contrast
         # @param object [Object] the Object on which the method was invoked
         # @param ret [Object] the Return of the invoked method
         # @param args [Array<Object>] the Arguments with which the method was invoked
-        def apply_dataflow_rule trigger_node, source, object, ret, *args # rubocop:disable Metrics/PerceivedComplexity
-          return unless source
+        def apply_dataflow_rule trigger_node, source, object, ret, *args
+          return unless source && Contrast::Agent::Assess::Tracker.tracked?(source)
 
           if Contrast::Agent::Assess::Tracker.trackable?(source)
-            return unless Contrast::Agent::Assess::Tracker.tracked?(source)
             return unless trigger_node.violated?(source)
 
-            build_finding(trigger_node, source, object, ret, *args)
+            finding = build_finding(trigger_node, source, object, ret, *args)
+            report_finding(finding) if finding
           elsif Contrast::Utils::DuckUtils.iterable_hash?(source)
-            return unless Contrast::Agent::Assess::Tracker.tracked?(source)
-
             source.each_pair do |key, value|
               apply_dataflow_rule(trigger_node, key, object, ret, *args)
               apply_dataflow_rule(trigger_node, value, object, ret, *args)
             end
           elsif Contrast::Utils::DuckUtils.iterable_enumerable?(source)
-            return unless Contrast::Agent::Assess::Tracker.tracked?(source)
-
             source.each do |value|
               apply_dataflow_rule(trigger_node, value, object, ret, *args)
             end
-          else
-            logger.debug('Trigger source is untrackable. Unable to inspect.',
-                         node_id: trigger_node.id,
-                         source_id: source.__id__,
-                         source_type: source.cs__class.cs__name,
-                         frozen: source.cs__frozen?)
           end
         end
       end

data/lib/contrast/utils/findings.rb

@@ -52,11 +52,12 @@ module Contrast
 
         while @_collection.any?
           finding = @_collection.pop
-          Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(finding[:trigger_node],
-                                                                       finding[:source],
-                                                                       finding[:object],
-                                                                       finding[:ret],
-                                                                       finding[:args])
+          collected = Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(finding[:trigger_node],
+                                                                                   finding[:source],
+                                                                                   finding[:object],
+                                                                                   finding[:ret],
+                                                                                   finding[:args])
+          Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(collected) if collected
         end
         true
       end

data/lib/contrast/utils/hash_digest.rb

@@ -29,12 +29,10 @@ module Contrast
         @crc32 = 0
       end
 
-      # Update to CRC checksum the finding route and verb if finding route
-      # [Contrast::Api::Dtm::RouteCoverage] is available else update the passed
-      # request or Contrast::REQUEST_TRACKER.current.request uri and used request
-      # method.
+      # Update to CRC checksum the finding route and verb if finding route is available, else update the passed
+      # request or Contrast::REQUEST_TRACKER.current.request uri and used request method.
       #
-      # @param finding [Contrast::Api::Dtm::Finding, Contrast::Agent::Reporting::Finding] finding to be reported
+      # @param finding [Contrast::Agent::Reporting::Finding] finding to be reported
       # @param request [Contrast::Agent::Request] our wrapper around the Rack::Request.
       # @return checksum [Integer, nil] returns nil if there is no request context or tracking
       # is disabled.
@@ -43,12 +41,9 @@ module Contrast
         return unless context || ::Contrast::ASSESS.non_request_tracking?
 
         if (route = finding.routes[0])
-          if finding.cs__is_a?(Contrast::Agent::Reporting::Finding) && (observation = route.observations[0])
-            update(observation.url)
+          update(route.signature)
+          if (observation = route.observations[0])
             update(observation.verb)
-          else
-            update(route.route) # the normalized URL used to access the method in the route.
-            update(route.verb) # the HTTP Verb used  to access the method in the route.
           end
           return
         end
@@ -60,24 +55,14 @@ module Contrast
       end
 
       # Update to CRC checksum the event source name and source type.
-      # Expects Contrast::Api::Dtm::TraceEvent || Contrast::Agent::Assess::Events::SourceEvent
       #
-      # @param events [Protobuf::Field::FieldArray<Contrast::Api::Dtm::TraceEvent>,
-      #                                            <Contrast::Agent::Assess::Events::SourceEvent>]
-      #                                            Array of TraceEvents
+      # @param events [Array<Contrast::Agent::Reporting::FindingEvent>]
       # @return checksum [Integer, nil] returns nil if there is no events
       def update_on_sources events
-        return unless events&.any?
-
         events.each do |event|
-          if event.cs__is_a?(Contrast::Api::Dtm::TraceEvent)
-            event.event_sources&.each do |source|
-              update(source.type)
-              update(source.name) # rubocop:disable Security/Module/Name
-            end
-          elsif event.cs__is_a?(Contrast::Agent::Assess::Events::SourceEvent)
-            update(event.source_type)
-            update(event.source_name)
+          event.event_sources.each do |source|
+            update(source.type)
+            update(source.name) # rubocop:disable Security/Module/Name
           end
         end
       end

data/lib/contrast/utils/hash_digest_extend.rb

@@ -34,7 +34,7 @@ module Contrast
       # crypto(crypto-bad-ciphers, crypto-bad-mac) rules or trigger event
       # and returns string representation.
       #
-      # @param finding [Contrast::Api::Dtm::Finding] to be reported
+      # @param finding [Contrast::Agent::Reporting::Finding] to be reported
       # @param source [Object] the source of the Trigger Event
       # @param request [Contrast::Agent::Request] our wrapper around the Rack::Request.
       # @return checksum [String] String representation of CRC32 checksum
@@ -50,7 +50,7 @@ module Contrast
       # Generates the hash checksum for configurations. Converts the finding rule_id, session_id and configPath and
       # to CRC32 checksum and returns string representation to be appended to Contrast::Api::Dtm::Finding
       #
-      # @param finding [Contrast::Api::Dtm::Finding] to be reported
+      # @param finding [Contrast::Agent::Reporting::Finding] to be reported
       # @return checksum [String] String representation of CRC32 checksum.
       def generate_config_hash finding
         hash = new
@@ -65,7 +65,7 @@ module Contrast
       # Generates the hash checksum for class scanning. Converts the rule_id, finding.properties(source, name)
       # to CRC32 checksum and returns string representation.
       #
-      # @param finding [Contrast::Api::Dtm::Finding] to be reported
+      # @param finding [Contrast::Agent::Reporting::Finding] to be reported
       # @return checksum [String] String representation of CRC32 checksum.
       def generate_class_scanning_hash finding
         hash = new
@@ -86,7 +86,7 @@ module Contrast
       # used in #generate_event_hash.
       #
       #
-      # @param finding [Contrast::Api::Dtm::Finding] to be reported
+      # @param finding [Contrast::Agent::Reporting::Finding] to be reported
       # @param algorithm [Object] the source of the Trigger Event
       # @param request [Contrast::Agent::Request] our wrapper around the Rack::Request.
       # @return checksum [String] String representation of CRC32 checksum
@@ -101,7 +101,7 @@ module Contrast
       # Generates the hash checksum for dataflow when the finding events are more than one
       # used in #generate_event_hash.
       #
-      # @param finding [Contrast::Api::Dtm::Finding] to be reported
+      # @param finding [Contrast::Agent::Reporting::Finding] to be reported
       # @param request [Contrast::Agent::Request] our wrapper around the Rack::Request.
       # @return checksum [String] String representation of CRC32 checksum
       def generate_dataflow_hash finding, request
@@ -115,7 +115,7 @@ module Contrast
       # Generates the hash checksum for trigger
       # used in #generate_event_hash.
       #
-      # @param finding [Contrast::Api::Dtm::Finding] to be reported
+      # @param finding [Contrast::Agent::Reporting::Finding] to be reported
       # @param request [Contrast::Agent::Request] our wrapper around the Rack::Request.
       # @return checksum [String] String representation of CRC32 checksum
       def generate_trigger_hash finding, request

data/lib/contrast/utils/invalid_configuration_util.rb

@@ -7,8 +7,8 @@ require 'contrast/components/scope'
 
 module Contrast
   module Utils
-    # This utility allows us to report invalid configurations detected in
-    # customer applications, as determined by Configuration Rules at runtime.
+    # This utility allows us to report invalid configurations detected in customer applications, as determined by
+    # Configuration Rules at runtime.
     module InvalidConfigurationUtil
       include Contrast::Components::Logger::InstanceMethods
       include Contrast::Components::Scope::InstanceMethods
@@ -20,64 +20,39 @@ module Contrast
       # Build and report a finding for the given rule
       #
       # @param rule_id [String] the rule that was violated by the configuration
-      # @param user_provided_options [Hash] the configuration value(s) which
-      #   violated the rule
-      # @param call_location [Thread::Backtrace::Location] the location where
-      #   the bad configuration was set
+      # @param user_provided_options [Hash] the configuration value(s) which violated the rule
+      # @param call_location [Thread::Backtrace::Location] the location where the bad configuration was set
       def cs__report_finding rule_id, user_provided_options, call_location
         with_contrast_scope do
-          finding = Contrast::Api::Dtm::Finding.new
-          finding.version = Contrast::Agent::Assess::Policy::TriggerMethod::CURRENT_FINDING_VERSION
-          finding.rule_id = rule_id
-          set_properties(finding, user_provided_options, call_location)
-          hash = Contrast::Utils::HashDigest.generate_config_hash(finding)
-          finding.hash_code = Contrast::Utils::StringUtils.force_utf8(hash)
-          finding.preflight = Contrast::Utils::PreflightUtil.create_preflight(finding)
-          if Contrast::Agent::Reporter.enabled? # TODO: RUBY-1438 -- remove
-            cs__report_new_finding(hash, rule_id, user_provided_options, call_location)
-          else
-            Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding)
-          end
+          finding = build_finding(rule_id, user_provided_options, call_location)
+          return unless finding
+
+          Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding)
         end
       rescue StandardError => e
         logger.error('Unable to build a finding', e, rule: rule_id)
       end
 
-      def cs__report_new_finding hash_code, rule_id, user_provided_options, call_location
-        new_preflight = Contrast::Agent::Reporting::Preflight.new
-        new_preflight_message = Contrast::Agent::Reporting::PreflightMessage.new
-        new_preflight_message.hash_code = hash_code
-        new_preflight_message.data = "#{ rule_id },#{ hash_code }"
-        new_preflight.messages << new_preflight_message
-
-        ruby_finding = Contrast::Agent::Reporting::Finding.new(rule_id)
-        ruby_finding.hash_code = hash_code
-        set_new_finding_properties(ruby_finding, user_provided_options, call_location)
-        Contrast::Agent.reporter&.send_event(new_preflight)
-        Contrast::Agent::Reporting::ReportingStorage[hash_code] = ruby_finding
-      end
-
       private
 
       # Set the properties needed to report and subsequently render this finding on the finding given.
       #
-      # @param finding [Contrast::Api::Dtm::Finding] the configuration finding to populate
-      # @param user_provided_options [Hash] the configuration value(s) which
-      #   violated the rule
-      # @param call_location [Thread::Backtrace::Location] the location where
-      #   the bad configuration was set
-      def set_properties finding, user_provided_options, call_location
-        path = call_location.path
+      # @param rule_id [String] the rule that was violated by the configuration
+      # @param user_provided_options [Hash] the configuration value(s) which violated the rule
+      # @param call_location [Thread::Backtrace::Location] the location where the bad configuration was set
+      # @return [Contrast::Agent::Reporting::Finding]
+      def build_finding rule_id, user_provided_options, call_location
+        finding = Contrast::Agent::Reporting::Finding.new(rule_id)
+        finding.properties[CS__SESSION_ID] = user_provided_options[:key].to_s if user_provided_options
         # just get the file name, not the full path
-        path = path.split(Contrast::Utils::ObjectShare::SLASH).last
-        session_id = user_provided_options[:key].to_s if user_provided_options
-        finding.properties[CS__SESSION_ID] = Contrast::Utils::StringUtils.force_utf8(session_id)
-        finding.properties[CS__PATH] = Contrast::Utils::StringUtils.force_utf8(path)
-        file_path = call_location.absolute_path
-        snippet = file_snippet(file_path, call_location)
-        finding.properties[CS__SNIPPET] = Contrast::Utils::StringUtils.force_utf8(snippet)
+        finding.properties[CS__PATH] = call_location.path.split(Contrast::Utils::ObjectShare::SLASH).last
+        finding.properties[CS__SNIPPET] = file_snippet(call_location.absolute_path, call_location)
+        finding.hash_code = Contrast::Utils::HashDigest.generate_config_hash(finding)
+        finding
       end
 
+      # @param file_path [String] full path to the file with the property
+      # @param call_location [Thread::Backtrace::Location] the location where the bad configuration was set
       def file_snippet file_path, call_location
         idx = call_location&.lineno
         if file_path && idx && File.exist?(file_path)
@@ -94,18 +69,6 @@ module Contrast
         end
         call_location&.label&.dup
       end
-
-      def set_new_finding_properties finding, user_provided_options, call_location
-        path = call_location.path
-        # just get the file name, not the full path
-        path = path.split(Contrast::Utils::ObjectShare::SLASH).last
-        session_id = user_provided_options[:key].to_s if user_provided_options
-        finding.properties[CS__SESSION_ID] = session_id
-        finding.properties[CS__PATH] = path
-        file_path = call_location.absolute_path
-        snippet = file_snippet(file_path, call_location)
-        finding.properties[CS__SNIPPET] = snippet
-      end
     end
   end
 end