contrast-agent 6.6.5 → 6.7.0

data/lib/contrast/agent/reporting/reporting_events/preflight_message.rb

@@ -1,9 +1,10 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/agent/reporting/reporting_events/reporting_event'
 require 'contrast/components/assess'
 require 'contrast/components/logger'
-require 'contrast/agent/reporting/reporting_events/reporting_event'
+require 'contrast/utils/string_utils'
 
 module Contrast
   module Agent
@@ -13,6 +14,8 @@ module Contrast
       # identifying information of a Finding/Trace, which TeamServer will use to determine if it requires the full
       # information of the Finding/Trace to be reported.
       class PreflightMessage
+        include Contrast::Components::Logger::InstanceMethods
+
         # @return [String] the message identifier; rule_id,hash
         attr_accessor :data
         # @return [String] CRC checksum of the finding to which this message pertains
@@ -26,9 +29,6 @@ module Contrast
         CODE = :TRACE
 
         def initialize
-          @app_language = Contrast::Utils::ObjectShare::RUBY
-          @app_name = ::Contrast::APP_CONTEXT.name # rubocop:disable Security/Module/Name
-          @app_version = ::Contrast::APP_CONTEXT.version
           @routes = []
         end
 
@@ -47,24 +47,20 @@ module Contrast
 
           {
               code: CODE,
-              app_language: @app_language,
-              app_name: @app_name,
-              app_version: @app_version,
+              app_language: Contrast::Utils::ObjectShare::RUBY,
+              app_name: ::Contrast::APP_CONTEXT.name, # rubocop:disable Security/Module/Name
+              app_version: ::Contrast::APP_CONTEXT.version,
               data: '',
               key: 0,
-              routes: @routes,
+              routes: @routes.map(&:to_controlled_hash),
               session_id: ::Contrast::ASSESS.session_id
           }
         end
 
         # @raise [ArgumentError]
         def validate
-          raise(ArgumentError, "#{ cs__class } did not have a proper data. Unable to continue.") unless data
-          unless @app_name
-            raise(ArgumentError, "#{ cs__class } did not have a proper application name. Unable to continue.")
-          end
-          unless @app_language
-            raise(ArgumentError, "#{ cs__class } did not have a proper application language. Unable to continue.")
+          unless Contrast::Utils::StringUtils.present?(data)
+            raise(ArgumentError, "#{ cs__class } did not have a proper data. Unable to continue.")
           end
           unless ::Contrast::ASSESS.session_id
             raise(ArgumentError, "#{ cs__class } did not have a proper session id. Unable to continue.")

data/lib/contrast/agent/reporting/reporting_events/reporting_event.rb

@@ -49,6 +49,17 @@ module Contrast
 
         # @raise [ArgumentError]
         def validate; end
+
+        # Helper method to get json representation of event and handle errors
+        #
+        #  @return [String] - JSON
+        def event_json
+          hsh = to_controlled_hash
+          hsh.to_json
+        rescue Exception => e # rubocop:disable Lint/RescueException
+          logger.error('Unable to convert JSON string', e, hsh)
+          raise(e)
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/route_coverage.rb

@@ -42,7 +42,9 @@ module Contrast
         # @param url [String] the literal url of the route actively being executed
         # @return [Contrast::Agent::Reporting::RouteCoverage]
         def attach_rack_based_data final_controller, method, route_pattern, url = nil
-          if route_pattern.cs__is_a?(Grape::Router::Route)
+          if Contrast::Utils::ClassUtil.truly_defined?('Grape::Router::Route') &&
+                route_pattern.cs__is_a?(Grape::Router::Route)
+
             safe_pattern = route_pattern.pattern&.path&.to_s
             safe_url = source_or_string(url || safe_pattern)
           else

data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb

@@ -14,34 +14,22 @@ module Contrast
       # externally accessible endpoints within the application, as registered to the application framework. They may or
       # may not have been invoked at the time of reporting.
       #
-      # @attr_reader observations [observations] the routes and verbs seen that match to this Route
-      # @attr_reader signature [String] the unique identifier for this route; typically the method signature. Required
-      #   for reporting.
       class RouteDiscovery
         include Contrast::Components::Logger::InstanceMethods
 
-        # required attributes
-        attr_reader :observations, :signature
+        # @return [Array<Contrast::Agent::Reporting::RouteDiscoveryObservation>] the routes and verbs seen that match
+        #   to this Route.
+        attr_reader :observations
+        # @return [String] the unique identifier for this route; typically the method signature. Required for
+        #   reporting.
+        attr_accessor :signature
 
-        class << self
-          # Convert a DTM for SpeedRacer to an Event for TeamServer.
-          #
-          # @param route_coverage_dtm [Contrast::Api::Dtm::RouteCoverage]
-          # @return [Contrast::Agent::Reporting::RouteDiscovery]
-          def convert route_coverage_dtm
-            report = new
-            report.attach_data(route_coverage_dtm)
-            report
-          end
-        end
-
-        # Attach the data from the protobuf models to this reporter so that it can be sent to TeamServer directly
-        #
-        # @param route_coverage_dtm [Contrast::Api::Dtm::RouteCoverage]
-        def attach_data route_coverage_dtm
-          @signature = route_coverage_dtm.route
+        # @param signature [String]
+        # @param observation [Contrast::Agent::Reporting::RouteDiscoveryObservation]
+        def initialize signature, observation
+          @signature = signature
           @observations = []
-          observations << Contrast::Agent::Reporting::RouteDiscoveryObservation.convert(route_coverage_dtm)
+          observations << observation
         end
 
         # Convert the instance variables on the class, and other information, into the identifiers required for

data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb

@@ -12,36 +12,18 @@ module Contrast
       # reporting system to relay this information in the Application Update messages. These route observations are
       # used by TeamServer to construct the route coverage information for the assess feature. They represent the
       # literal URL and HTTP verb used to invoke a method in the application, as routed by the application framework.
-      #
-      # @attr_reader url [String] the URL requested to hit this endpoint. Required for reporting.
-      # @attr_reader verb [String] the HTTP Method requested to his this endpoint. Empty means all, so is allowed.
-      #   for reporting.
       class RouteDiscoveryObservation
         include Contrast::Components::Logger::InstanceMethods
 
-        # required attributes
-        attr_reader :url
-        # optional attributes
-        attr_reader :verb
+        # @return [String] the URL requested to hit this endpoint. Required for reporting; required attributes
+        attr_accessor :url
+        # @return [String] the HTTP Method requested to his this endpoint. Empty means all, so is allowed for
+        #   reporting; optional attributes
+        attr_accessor :verb
 
-        class << self
-          # Convert a DTM for SpeedRacer to an Event for TeamServer.
-          #
-          # @param route_coverage_dtm [Contrast::Api::Dtm::RouteCoverage]
-          # @return [Contrast::Agent::Reporting::RouteDiscoveryObservation]
-          def convert route_coverage_dtm
-            report = new
-            report.attach_data(route_coverage_dtm)
-            report
-          end
-        end
-
-        # Attach the data from the protobuf models to this reporter so that it can be sent to TeamServer directly
-        #
-        # @param route_coverage_dtm [Contrast::Api::Dtm::RouteCoverage]
-        def attach_data route_coverage_dtm
-          @url = route_coverage_dtm.url
-          @verb = route_coverage_dtm.verb if Contrast::Utils::StringUtils.present?(route_coverage_dtm.verb)
+        def initialize url, verb
+          @url = url
+          @verb = verb if Contrast::Utils::StringUtils.present?(verb)
         end
 
         # Convert the instance variables on the class, and other information, into the identifiers required for

data/lib/contrast/agent/reporting/reporting_utilities/audit.rb

@@ -29,7 +29,7 @@ module Contrast
           return unless ::Contrast::API.request_audit_requests || ::Contrast::API.request_audit_responses
 
           file_name = event.cs__respond_to?(:file_name) ? event.file_name : event.cs__class.cs__name.to_s.downcase
-          data = event.to_controlled_hash.to_json
+          data = event.event_json
           log_data(:request, file_name, data) if data
           return unless ::Contrast::API.request_audit_responses
 

data/lib/contrast/agent/reporting/reporting_utilities/build_preflight.rb

@@ -14,17 +14,14 @@ module Contrast
       module BuildPreflight
         class << self
           # @param finding [Contrast::Agent::Reporting::Finding]
-          # @param request [Contrast::Agent::Request] current request
-          def build finding, request
+          # @return [Contrast::Agent::Reporting::Preflight, nil]
+          def generate finding
             return unless finding
 
-            # save the current finding
-            Contrast::Agent::Reporting::ReportingStorage[finding.hash_code] = finding
-
             new_preflight = Contrast::Agent::Reporting::Preflight.new
             new_preflight_message = Contrast::Agent::Reporting::PreflightMessage.new
-            if request&.route
-              new_preflight_message.routes << Contrast::Agent::Reporting::RouteDiscovery.convert(request.route)
+            finding.routes.each do |route|
+              new_preflight_message.routes << route
             end
             new_preflight_message.hash_code = finding.hash_code
             new_preflight_message.data = "#{ finding.rule_id },#{ finding.hash_code }"

data/lib/contrast/agent/reporting/reporting_utilities/headers.rb

@@ -32,7 +32,7 @@ module Contrast
           @encoding = ENCODING
         end
 
-        def to_hash
+        def to_contrast_hash
           {
               app_name: @app_name,
               api_key: @api_key,

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb

@@ -69,7 +69,7 @@ module Contrast
         # Handles standard error case, logs and set status for failure
         #
         # @param event [Contrast::Agent::Reporting::ReportingEvent]
-        # One of the DTMs valid for the event field of Contrast::Api::Dtm::Message|Contrast::Api::Dtm::Activity
+        #   One of the DTMs valid for the event field of Contrast::Api::Dtm::Message
         # @param error_msg [StandardError]
         # @return nil [NilClass] to be passed as response
         def handle_error event, error_msg
@@ -105,7 +105,7 @@ module Contrast
           findings_to_return = response.body.split(',').delete_if { |el| el.include?('*') }
           findings_to_return.each do |index|
             preflight_message = event.messages[index.to_i]
-            corresponding_finding = Contrast::Agent::Reporting::ReportingStorage.delete(preflight_message.hash_code)
+            corresponding_finding = Contrast::Agent::Reporting::ReportingStorage.delete(preflight_message.data)
             next unless corresponding_finding
 
             send_event(corresponding_finding, connection)
@@ -130,7 +130,7 @@ module Contrast
                       end
             build_headers(request)
             event.attach_headers(request)
-            request.body = event.to_controlled_hash.to_json
+            request.body = event.event_json
             request
           end
         end

data/lib/contrast/agent/request.rb

@@ -33,10 +33,10 @@ module Contrast
 
       # @return [Rack::Request] The passed to the Agent RackRequest to be wrapped.
       attr_reader :rack_request
-      # @return [Contrast::Api::Dtm::RouteCoverage] the route, used for findings, of this request
-      attr_accessor :route
       # @return [Contrast::Agent::Reporting::ObservedRoute] the route, used for coverage, of this request
       attr_accessor :observed_route
+      # @return [Contrast::Agent::Reporting::RouteDiscovery]
+      attr_accessor :discovered_route
 
       # Delegate calls to the following methods to the attribute @rack_request
       def_delegators :@rack_request, :base_url, :cookies, :env, :ip, :media_type, :path, :port, :query_string,

data/lib/contrast/agent/request_context.rb

@@ -28,10 +28,6 @@ module Contrast
 
       # @return [Contrast::Agent::Reporting:ApplicationActivity] the application activity found in this request
       attr_reader :activity
-      # REMOVE once findings and routes are done.
-      #
-      # @return [Contrast::Api::Dtm::Activity] the application activity found in this request
-      attr_reader :dtm_activity
       # @return [Hash] context used to log the request
       attr_reader :logging_hash
       # @return [Contrast::Agent::Reporting::ObservedRoute] the route, used for coverage, of this request
@@ -41,10 +37,12 @@ module Contrast
       # @return [Contrast::Agent::Response] our wrapper around the Rack::Response or Array for this context,
       #   only available after the application has finished its processing
       attr_reader :response
-      # @return [Contrast::Api::Dtm::RouteCoverage] the route, used for findings, of this request
-      attr_reader :route
+      # @return [Contrast::Agent::Reporting::RouteDiscovery] the route, used for findings, of this request
+      attr_reader :discovered_route
       # @return [Contrast::Api::Settings::InputAnalysis] the protect input analysis of sources on this request
       attr_reader :speedracer_input_analysis
+      # @return [Array<String>] the hash of findings already reported fro this request
+      attr_reader :reported_findings
       # @return [Contrast::Utils::Timer] when the context was created
       attr_reader :timer
 
@@ -60,12 +58,6 @@ module Contrast
           @request = Contrast::Agent::Request.new(rack_request)
           @activity = Contrast::Agent::Reporting::ApplicationActivity.new
 
-          # REMOVE once findings and routes are done.
-          #
-          # We still need the activity to report routes and findings
-          @dtm_activity = Contrast::Api::Dtm::Activity.new
-          @dtm_activity.http_request = request.dtm
-
           # build analyzer
           @do_not_track = false
           @speedracer_input_analysis = EMPTY_INPUT_ANALYSIS_PB
@@ -89,6 +81,8 @@ module Contrast
             @sample_req, @sample_res = Contrast::Utils::Assess::SamplingUtil.instance.sample?(@request)
           end
 
+          @reported_findings = []
+
           handle_routes
         end
       end
@@ -142,14 +136,8 @@ module Contrast
 
       def handle_routes
         @observed_route = Contrast::Agent::Reporting::ObservedRoute.new
-        # TODO: RUBY-1705 when we no longer need the DTM style, delete this method and use the get_route_information
-        #   instead.
-        route_dtm = Contrast::Agent.framework_manager.get_route_dtm(@request)
-        # new_route_coverage_dtm = Contrast::Agent.framework_manager.get_route_information(@request)
-        # TODO: RUBY-1705 -- delete append_route_coverage
-        append_route_coverage(route_dtm)
-        # TODO: RUBY-1705 -- change to take [Contrast::Agent::Reporting::ObservedRoute]
-        append_to_observed_route(route_dtm)
+        reporting_route = Contrast::Agent.framework_manager.get_route_information(@request)
+        append_to_observed_route(reporting_route)
       end
     end
   end

data/lib/contrast/agent/request_context_extend.rb

@@ -13,6 +13,7 @@ require 'contrast/agent/assess/rule/response/x_xss_protection_header_rule'
 require 'contrast/agent/protect/input_analyzer/input_analyzer'
 require 'contrast/components/logger'
 require 'contrast/utils/log_utils'
+require 'contrast/utils/string_utils'
 
 module Contrast
   module Agent
@@ -24,30 +25,11 @@ module Contrast
       include Contrast::Components::Logger::InstanceMethods
       BUILD_ATTACK_LOGGER_MESSAGE = 'Building attack result from Contrast Service input analysis result'
       CEF_LOGGING_RULES = %w[bot-blocker virtual-patch ip-denylist].cs__freeze
-      # Convert the discovered route for this request to appropriate forms and disseminate it to those locations
-      # where it is necessary for our route coverage and finding vulnerability discovery features to function.
-      #
-      # @param route [Contrast::Api::Dtm::RouteCoverage, nil] the route of the current request, as determined from the
-      #   framework
-      def append_route_coverage route
-        return unless route
-
-        # For our findings
-        @route = route
-
-        # REMOVE_DTM_ACTIVITY
-        #
-        # For SR findings
-        @dtm_activity.routes << route
-
-        # For TS routes
-        @request.route = route
-      end
 
       # Convert the discovered route for this request to appropriate forms and disseminate it to those locations
       # where it is necessary for our route coverage and finding vulnerability discovery features to function.
       #
-      # @param route [Contrast::Api::Dtm::RouteCoverage]
+      # @param route [Contrast::Agent::Reporting::RouteCoverage]
       def append_to_observed_route route
         return unless route
 
@@ -55,6 +37,10 @@ module Contrast
         @observed_route.verb       = route.verb
         @observed_route.url        = route.url if route.url
         @request.observed_route    = @observed_route
+
+        observation = Contrast::Agent::Reporting::RouteDiscoveryObservation.new(route.url, route.verb)
+        @discovered_route = Contrast::Agent::Reporting::RouteDiscovery.new(route.route, observation)
+        @request.discovered_route = @discovered_route
       end
 
       # @raise [Contrast::SecurityException]
@@ -63,7 +49,6 @@ module Contrast
         return false unless ::Contrast::PROTECT.enabled?
         return false if @do_not_track
 
-        # REMOVE_DTM_ACTIVITY
         service_response = Contrast::Agent&.messaging_queue&.send_event_immediately(@activity.request.dtm)
         return false unless service_response
 
@@ -117,21 +102,15 @@ module Contrast
         @response = Contrast::Agent::Response.new(rack_response)
         return unless @sample_res
 
-        # TODO: RUBY-1376 once all rules translated, move this to if/else w/ the enabled
-        if Contrast::Agent::Reporter.enabled?
-          Contrast::Agent::Assess::Rule::Response::AutoComplete.new.analyze(@response)
-          Contrast::Agent::Assess::Rule::Response::CacheControl.new.analyze(@response)
-          Contrast::Agent::Assess::Rule::Response::ClickJacking.new.analyze(@response)
-          Contrast::Agent::Assess::Rule::Response::CspHeaderMissing.new.analyze(@response)
-          Contrast::Agent::Assess::Rule::Response::CspHeaderInsecure.new.analyze(@response)
-          Contrast::Agent::Assess::Rule::Response::HSTSHeader.new.analyze(@response)
-          Contrast::Agent::Assess::Rule::Response::ParametersPollution.new.analyze(@response)
-          Contrast::Agent::Assess::Rule::Response::XContentType.new.analyze(@response)
-          Contrast::Agent::Assess::Rule::Response::XXssProtection.new.analyze(@response)
-        else
-          # REMOVE_DTM_ACTIVITY
-          dtm_activity.http_response = @response.dtm
-        end
+        Contrast::Agent::Assess::Rule::Response::AutoComplete.new.analyze(@response)
+        Contrast::Agent::Assess::Rule::Response::CacheControl.new.analyze(@response)
+        Contrast::Agent::Assess::Rule::Response::ClickJacking.new.analyze(@response)
+        Contrast::Agent::Assess::Rule::Response::CspHeaderMissing.new.analyze(@response)
+        Contrast::Agent::Assess::Rule::Response::CspHeaderInsecure.new.analyze(@response)
+        Contrast::Agent::Assess::Rule::Response::HSTSHeader.new.analyze(@response)
+        Contrast::Agent::Assess::Rule::Response::ParametersPollution.new.analyze(@response)
+        Contrast::Agent::Assess::Rule::Response::XContentType.new.analyze(@response)
+        Contrast::Agent::Assess::Rule::Response::XXssProtection.new.analyze(@response)
       rescue StandardError => e
         logger.error('Unable to extract information after request', e)
       end

data/lib/contrast/agent/request_handler.rb

@@ -4,7 +4,6 @@
 require 'contrast/components/logger'
 require 'contrast/components/scope'
 require 'contrast/agent/reporting/reporter'
-require 'contrast/agent/reporting/reporting_utilities/dtm_message'
 require 'contrast/agent/reporting/masker/masker'
 
 module Contrast
@@ -30,13 +29,6 @@ module Contrast
         return unless (reporter = Contrast::Agent.reporter)
 
         reporter.send_event(context.observed_route)
-        # return unless Contrast::Agent::Reporter.enabled?
-
-        # REMOVE_DTM_ACTIVITY after reporter routes, responses, findings are implemented
-        #
-        # This reports routes, findings and traces with response dependent rules.
-        Contrast::Agent.messaging_queue&.send_event_eventually(context.dtm_activity)
-
         # Mask Sensitive Data
         Contrast::Agent::Reporting::Masker.mask(context.activity)
         event = context.activity

data/lib/contrast/agent/response.rb

@@ -45,24 +45,6 @@ module Contrast
         end
       end
 
-      # A form of the Rack::Response which we can report to the Service to be sent to TeamServer for processing. B/c
-      # the response can change, we can't memoize this :(
-      #
-      # @return [Contrast::Api::Dtm::HttpResponse]
-      def dtm
-        context_response = Contrast::Api::Dtm::HttpResponse.new
-        context_response.response_code = response_code.to_i
-        headers&.each_pair do |key, value|
-          append_pair(context_response.normalized_response_headers, key, value)
-        end
-        context_response.response_body_binary = Contrast::Utils::StringUtils.force_utf8(body)
-
-        doc_type = document_type
-        context_response.document_type = doc_type if doc_type
-
-        context_response
-      end
-
       # The response code of this response
       #
       # @return [Integer]

data/lib/contrast/agent/telemetry/events/event.rb

@@ -21,7 +21,7 @@ module Contrast
           ''
         end
 
-        def to_hash **_args
+        def to_controlled_hash **_args
           {
               tags: @tags,
               timestamp: @timestamp,

data/lib/contrast/agent/telemetry/events/metric_event.rb

@@ -19,7 +19,7 @@ module Contrast
           @fields['_filler'] = 0
         end
 
-        def to_hash **_args
+        def to_controlled_hash **_args
           super.merge!({ fields: @fields })
         end
       end

data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb

@@ -50,7 +50,7 @@ module Contrast
         def initialize
           super
           @settings = []
-          add_config_keys(::Contrast::CONFIG.root, 'root')
+          add_config_keys(::Contrast::CONFIG.config, 'root')
           @settings << ENV.keys.select { |v| v.starts_with?('CONTRAST') }
           @settings.flatten
           add_tags
@@ -70,9 +70,9 @@ module Contrast
         end
 
         def add_config_keys config, nested_key
-          config.to_hash.reject! { |_k, v| REJECTED_VALUES.include?(v) }
+          config.to_contrast_hash.reject! { |_k, v| REJECTED_VALUES.include?(v) }
 
-          config.to_hash.each do |k, v|
+          config.to_contrast_hash.each do |k, v|
             unless v.cs__class <= Contrast::Config::BaseConfiguration
               @settings << "#{ nested_key }.#{ k }"
               next

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '6.6.5'
+    VERSION = '6.7.0'
   end
 end

data/lib/contrast/api/communication/messaging_queue.rb

@@ -29,8 +29,7 @@ module Contrast
         # types of events include initial settings/ setup on startup and analysis required to complete before handing
         # execution from our pre-filter operations to the application code (i.e. Protect's input analysis).
         #
-        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of
-        #   Contrast::Api::Dtm::Message|Contrast::Api::Dtm::Activity
+        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of Contrast::Api::Dtm::Message
         # @return [Contrast::Api::Settings::AgentSettings,nil]
         def send_event_immediately event
           if ::Contrast::AGENT.disabled?
@@ -59,7 +58,7 @@ module Contrast
         # Assess' vulnerability reporting).
         #
         # @param event [Contrast::Api::Dtm, Contrast::Api::Dtm::Poll] One of the DTMs valid for the event field of
-        #   Contrast::Api::Dtm::Message|Contrast::Api::Dtm::Activity
+        #   Contrast::Api::Dtm::Message
         # @param force [Boolean] if we should always queue this event, even if the service isn't running, in case the
         #   message may be ready before the service has initiated. usually for those events which happen in a separate
         #   thread or which may occur during initialization.

data/lib/contrast/api/communication/socket_client.rb

@@ -53,13 +53,13 @@ module Contrast
         # Log information about the connection being used to communicate between the Agent and SpeedRacer.
         def log_connection
           # The socket is set,
-          if ::Contrast::CONFIG.root.agent.service.socket
+          if ::Contrast::CONFIG.agent.service.socket
             logger.info('Connecting to the Contrast Service using a UnixSocket socket',
                         socket: ::Contrast::CONTRAST_SERVICE.socket_path)
             return
           end
           # The host & port are set,
-          if ::Contrast::CONFIG.root.agent.service.host && ::Contrast::CONFIG.root.agent.service.port
+          if ::Contrast::CONFIG.agent.service.host && ::Contrast::CONFIG.agent.service.port
             logger.info('Connecting to the Contrast Service using a TCP socket',
                         host: ::Contrast::CONTRAST_SERVICE.host,
                         port: ::Contrast::CONTRAST_SERVICE.port)
@@ -78,11 +78,11 @@ module Contrast
         #
         # @return [String]
         def log_connection_error_msg
-          if ::Contrast::CONFIG.root.agent.service.host
+          if ::Contrast::CONFIG.agent.service.host
             'Missing a required connection value to the Contrast Service. ' \
               '`agent.service.port` is not set. ' \
               'Falling back to default TCP socket port.'
-          elsif ::Contrast::CONFIG.root.agent.service.port
+          elsif ::Contrast::CONFIG.agent.service.port
             'Missing a required connection value to the Contrast Service. ' \
               '`agent.service.host` is not set. ' \
               'Falling back to default TCP socket host.'

data/lib/contrast/api/communication/speedracer.rb

@@ -55,8 +55,7 @@ module Contrast
         # if anything's changed in TeamServer meaning the Agent needs to replace its current settings or there is
         # Protect analysis information or nil if the current Agent settings do not need updating.
         #
-        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of
-        # Contrast::Api::Dtm::Message|Contrast::Api::Dtm::Activity
+        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of Contrast::Api::Dtm::Message
         # @return [Contrast::Api::Settings::AgentSettings,nil]
         def return_response event
           send_to_speedracer(event) do |response|
@@ -67,8 +66,7 @@ module Contrast
         # Send the given Event to SpeedRacer and pass the result to our Contrast::Api::Communication::ResponseProcessor
         # as there is no immediate action required from sending this Event.
         #
-        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of
-        # Contrast::Api::Dtm::Message|Contrast::Api::Dtm::Activity
+        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of Contrast::Api::Dtm::Message
         def process_internally event
           send_to_speedracer(event) do |response|
             response_processor.process(response)
@@ -80,8 +78,7 @@ module Contrast
         # Ensure there is a running SpeedRacer and then send the given Event to it. It is necessary to ensure the
         # SpeedRacer is running as, if the process has crashed or restarted, we must rebuild our context there.
         #
-        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of
-        # Contrast::Api::Dtm::Message|Contrast::Api::Dtm::Activity
+        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of Contrast::Api::Dtm::Message
         # @return [Contrast::Api::Settings::AgentSettings, nil]
         def send_to_speedracer event
           ensure_startup!
@@ -131,8 +128,7 @@ module Contrast
 
         # Log the startup message we're sending to SpeedRacer
         #
-        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of
-        # Contrast::Api::Dtm::Message|Contrast::Api::Dtm::Activity
+        # @param event [Contrast::Api::Dtm] One of the DTMs valid for the event field of Contrast::Api::Dtm::Message
         def log_send_event event
           logger.debug('Immediately sending event.', event_id: event.__id__, event_type: event.cs__class.cs__name)
         end

data/lib/contrast/api/decorators/agent_startup.rb

@@ -41,12 +41,11 @@ module Contrast
           #
           # @param msg [Contrast::Api::Dtm::AgentStartup]
           def config! msg
-            msg.version      = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.server.version)
-            msg.server_tags  = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.server.tags)
-            msg.library_tags = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.inventory.tags)
-            msg.environment  = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.server.environment)
-            msg.application_tags =
-              Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.root.application.tags)
+            msg.version      = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.server.version)
+            msg.server_tags  = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.server.tags)
+            msg.library_tags = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.inventory.tags)
+            msg.environment  = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.server.environment)
+            msg.application_tags = Contrast::Utils::StringUtils.protobuf_format(::Contrast::CONFIG.application.tags)
           end
         end
       end

data/lib/contrast/api/decorators/application_settings.rb

@@ -31,7 +31,8 @@ module Contrast
           {
               modes_by_id: translated_protection_mode_by_id,
               exclusion_matchers: translated_exclusions,
-              disabled_assess_rules: disabled_assess_rules
+              disabled_assess_rules: disabled_assess_rules,
+              session_id: session_id
           }
         end
       end