contrast-agent 6.7.0 → 6.8.0

data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb

@@ -6,6 +6,7 @@ require 'contrast/utils/timer'
 require 'contrast/agent/reporting/attack_result/user_input'
 require 'contrast/agent/reporting/input_analysis/input_type'
 require 'contrast/agent/reporting/details/protect_rule_details'
+require 'contrast/agent/reporting/reporting_events/application_defend_attack_sample_stack'
 
 module Contrast
   module Agent
@@ -19,15 +20,11 @@ module Contrast
         #
         # @return [Contrast::Agent::Reporting::Details::ProtectRuleDetails, nil]
         attr_accessor :details
-        # @return [Contrast::Agent::Reporting::Details::IpDenylistDetails, nil]
-        attr_accessor :ip_denylist
-        # @return [Contrast::Agent::Reporting::Details::VirtualPatchDetails, nil]
-        attr_accessor :virtual_patch
 
         class << self
           # @param context [Contrast::Agent::RequestContext]
-          # @param ia_result [Contrast::Api::Settings::InputAnalysisResult] the analysis of the input that was
-          #   determined to be an attack
+          # @param ia_result [Contrast::Agent::Reporting::Settings::InputAnalysisResult] the analysis of the input that
+          #   was determined to be an attack
           # @return [Contrast::Agent::Reporting::RaspRuleSample]
           def build context, ia_result
             sample = new
@@ -39,43 +36,19 @@ module Contrast
             sample
           end
 
-          # @param ia_result [Contrast::Api::Settings::InputAnalysisResult] the analysis of the input that was
-          #   determined to be an attack
+          # @param ia_result [Contrast::Agent::Reporting::Settings::InputAnalysisResult] the analysis of the input that
+          #   was determined to be an attack
           def build_user_input_from_ia ia_result
-            # TODO: RUBY-99999 remove once only using Agent IA
-            result = if ia_result.cs__is_a?(Contrast::Api::Settings::InputAnalysisResult)
-                       transform_ia_result(ia_result)
-                     else
-                       # Use Agent ia_result
-                       ia_result
-                     end
             user_input = Contrast::Agent::Reporting::UserInput.new
-            return user_input unless result
+            return user_input unless ia_result
 
-            user_input.input_type = result.input_type
-            user_input.matcher_ids = result.ids
-            user_input.path = result.path
-            user_input.key = result.key if result.key
-            user_input.value = result.value if result.value
+            user_input.input_type = ia_result.input_type
+            user_input.matcher_ids = ia_result.ids
+            user_input.path = ia_result.path
+            user_input.key = ia_result.key if ia_result.key
+            user_input.value = ia_result.value if ia_result.value
             user_input
           end
-
-          # @param [Contrast::Api::Settings::InputAnalysisResult]
-          # @return [Contrast::Agent::Reporting::InputAnalysisResult]
-          def transform_ia_result dtm_ia_result
-            ia_result = Contrast::Agent::Reporting::InputAnalysisResult.new
-            ia_result.input_type = Contrast::Agent::Reporting::InputType.to_a.find do |value|
-              value == dtm_ia_result.input_type.name # rubocop:disable Security/Module/Name
-            end
-            ia_result.score_level = dtm_ia_result.score_level.name # rubocop:disable Security/Module/Name
-            ia_result.value = dtm_ia_result.value
-            ia_result.key = dtm_ia_result.key
-            ia_result.path = dtm_ia_result.path
-            ia_result.rule_id = dtm_ia_result.rule_id
-            ia_result.attack_count = dtm_ia_result.attack_count
-            ia_result.ids = dtm_ia_result.ids
-            ia_result
-          end
         end
 
         def time_stamp
@@ -94,11 +67,17 @@ module Contrast
           @_user_input = input if input.is_a?(Contrast::Agent::Reporting::UserInput)
         end
 
+        # @return [Array<Contrast::Agent::Reporting::ApplicationDefendAttackSampleStack>,Array]
+        def stack
+          @_stack ||= []
+        end
+
         def to_controlled_hash
           {
               timeStamp: Time.at(time_stamp).iso8601,
               userInput: user_input.to_controlled_hash,
-              details: details&.to_controlled_hash
+              details: details&.to_controlled_hash,
+              stack: stack.map(&:to_controlled_hash)
           }
         end
       end

data/lib/contrast/agent/reporting/attack_result/response_type.rb

@@ -9,18 +9,18 @@ module Contrast
       # This module will hold the response types used to generate
       # attack result.
       module ResponseType
-        BLOCKED             = :BLOCKED.cs__freeze
-        MONITORED           = :MONITORED.cs__freeze
-        PROBED              = :PROBED.cs__freeze
-        BLOCK_AT_PERIMETER  = :BLOCK_AT_PERIMETER.cs__freeze
-        SUSPICIOUS          = :SUSPICIOUS.cs__freeze
-        AGGREGATED          = :AGGREGATED.cs__freeze
-        EXPLOITED           = :EXPLOITED.cs__freeze
-        NO_ACTION           = :NO_ACTION.cs__freeze
+        BLOCKED               = :BLOCKED.cs__freeze
+        MONITORED             = :MONITORED.cs__freeze
+        PROBED                = :PROBED.cs__freeze
+        BLOCKED_AT_PERIMETER  = :BLOCKED_AT_PERIMETER.cs__freeze
+        SUSPICIOUS            = :SUSPICIOUS.cs__freeze
+        AGGREGATED            = :AGGREGATED.cs__freeze
+        EXPLOITED             = :EXPLOITED.cs__freeze
+        NO_ACTION             = :NO_ACTION.cs__freeze
 
         class << self
           def to_a
-            [NO_ACTION, BLOCKED, MONITORED, PROBED, BLOCK_AT_PERIMETER, EXPLOITED, SUSPICIOUS, AGGREGATED]
+            [NO_ACTION, BLOCKED, MONITORED, PROBED, BLOCKED_AT_PERIMETER, EXPLOITED, SUSPICIOUS, AGGREGATED]
           end
         end
       end

data/lib/contrast/agent/reporting/details/ip_denylist_details.rb

@@ -10,9 +10,17 @@ module Contrast
         # Bot blocker IA result details info.
         class IpDenylistDetails < ProtectRuleDetails
           # @return [String]
-          attr_accessor :ip
+          attr_reader :ip
           # @return [String]
-          attr_accessor :uuid
+          attr_reader :uuid
+
+          # @param ip [String] the IP address that was blocked
+          # @param uuid [String] the UUID to identify the block rule in TeamServer
+          def initialize ip, uuid
+            @ip = ip
+            @uuid = uuid
+            super()
+          end
 
           def to_controlled_hash
             {

data/lib/contrast/agent/reporting/details/virtual_patch_details.rb

@@ -7,10 +7,16 @@ module Contrast
   module Agent
     module Reporting
       module Details
-        # Bot blocker IA result details info.
+        # Virtual Patch IA result details info.
         class VirtualPatchDetails < ProtectRuleDetails
           # @return [String]
-          attr_accessor :uuid
+          attr_reader :uuid
+
+          # @param uuid [String] the UUID to identify the block rule in TeamServer
+          def initialize uuid
+            @uuid = uuid
+            super()
+          end
 
           def to_controlled_hash
             {

data/lib/contrast/agent/reporting/input_analysis/details/bot_blocker_details.rb

@@ -0,0 +1,27 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/input_analysis/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      # Bot blocker IA result details info.
+      class BotBlockerDetails < ProtectRuleDetails
+        # @return [String]
+        attr_accessor :bot
+        # User agent header value
+        #
+        # @return [String]
+        attr_accessor :user_agent
+
+        def to_controlled_hash
+          {
+              bot: bot,
+              userAgent: user_agent
+          }
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/input_analysis/details/protect_rule_details.rb

@@ -0,0 +1,15 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      # This class is holding additional info which is rule specific and this is
+      # the base class for type check made easy.
+      class ProtectRuleDetails
+        # Extend per each rule.
+        def to_controlled_hash; end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/input_analysis/input_analysis.rb

@@ -7,8 +7,7 @@ require 'contrast/agent/reporting/input_analysis/input_analysis_result'
 module Contrast
   module Agent
     module Reporting
-      # This class will do ia analysis for our protect rules instead of
-      # using the service.
+      # This class will do ia analysis for our protect rules
       class InputAnalysis
         # result from input analysis
         #

data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb

@@ -4,12 +4,12 @@
 require 'contrast/utils/object_share'
 require 'contrast/agent/reporting/input_analysis/input_type'
 require 'contrast/agent/reporting/input_analysis/score_level'
+require 'contrast/agent/reporting/input_analysis/details/protect_rule_details'
 
 module Contrast
   module Agent
     module Reporting
-      # This class will do ia analysis for our protect rules instead of
-      # using the service.
+      # This class will do ia analysis for our protect rules
       class InputAnalysisResult
         INPUT_TYPE = Contrast::Agent::Reporting::InputType
         SCORE_LEVEL = Contrast::Agent::Reporting::ScoreLevel
@@ -109,6 +109,20 @@ module Contrast
         def score_level= score_level
           @_score_level = score_level if SCORE_LEVEL.to_a.include?(score_level)
         end
+
+        # Additional per rule details containing more specific info.
+        #
+        # @param protect_rule_details [Contrast::Agent::Reporting::ProtectRuleDetails]
+        def details= protect_rule_details
+          @_details = protect_rule_details if protect_rule_details.is_a?(Contrast::Agent::Reporting::ProtectRuleDetails)
+        end
+
+        # Additional per rule details containing more specific info.
+        #
+        # @return [Contrast::Agent::Reporting::ProtectRuleDetails, nil]
+        def details
+          @_details
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/masker/masker.rb

@@ -35,6 +35,8 @@ module Contrast
             return unless activity
 
             logger.debug('Masker: masking sensitive data', activity: activity.__id__, request: activity.request&.__id__)
+            return if activity.request.nil?
+
             mask_body(activity)
             mask_query_string(activity)
             mask_request_params(activity)

data/lib/contrast/agent/reporting/reporter.rb

@@ -18,7 +18,7 @@ module Contrast
         #
         # @return[Boolean] true if bypass is enabled, or false if bypass disabled
         def enabled?
-          @_enabled = Contrast::CONTRAST_SERVICE.use_agent_communication? if @_enabled.nil?
+          @_enabled = ::Contrast::AGENT.enabled? if @_enabled.nil?
           @_enabled
         end
       end
@@ -39,7 +39,6 @@ module Contrast
           logger.debug('Starting background Reporter thread.')
           loop do
             next unless connected?
-            next unless app_create_complete?
 
             process_event(queue.pop)
           rescue StandardError => e
@@ -120,18 +119,6 @@ module Contrast
         false
       end
 
-      # Unless we're in bypass mode, we need to make sure the service has started and built the application on
-      # TeamServer since we're doing a split style here.
-      #
-      # @return [Boolean]
-      def app_create_complete?
-        return true if Contrast::APP_CONTEXT.session_id
-
-        logger.debug('Service startup incomplete; Application may not be created; sleeping')
-        sleep(5)
-        false
-      end
-
       # @param event [Contrast::Agent::Reporting::ReportingEvent]
       def process_event event
         client.send_event(event, connection)

data/lib/contrast/agent/reporting/reporting_events/application_activity.rb

@@ -71,18 +71,21 @@ module Contrast
         def attack_results_for rule_id, response_type = nil
           results = []
           defend.attackers.each do |attacker|
-            results << case response_type
-                       when BLOCKED, BLOCK_AT_PERIMETER
-                         attacker.protection_rules[rule_id].blocked
-                       when MONITORED
-                         attacker.protection_rules[rule_id].exploited
-                       when PROBED
-                         attacker.protection_rules[rule_id].ineffective
-                       when SUSPICIOUS
-                         attacker.protection_rules[rule_id].suspicious
-                       else
-                         attacker.protection_rules[rule_id]
-                       end
+            next unless attacker.protection_rules[rule_id]
+
+            result = case response_type
+                     when BLOCKED, BLOCKED_AT_PERIMETER
+                       attacker.protection_rules[rule_id].blocked
+                     when EXPLOITED
+                       attacker.protection_rules[rule_id].exploited
+                     when PROBED
+                       attacker.protection_rules[rule_id].ineffective
+                     when SUSPICIOUS
+                       attacker.protection_rules[rule_id].suspicious
+                     else
+                       attacker.protection_rules[rule_id]
+                     end
+            results << result if result
           end
           results
         end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb

@@ -1,8 +1,6 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/api/dtm.pb'
-require 'contrast/api/decorators/response_type'
 require 'contrast/components/logger'
 require 'contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity'
 
@@ -45,7 +43,9 @@ module Contrast
           attack_sample_activity.attach_data(attack_result)
           @response_type = attack_result.response
           case response_type
-          when ::Contrast::Agent::Reporting::ResponseType::BLOCKED
+          when ::Contrast::Agent::Reporting::ResponseType::BLOCKED,
+              ::Contrast::Agent::Reporting::ResponseType::BLOCKED_AT_PERIMETER
+
             @blocked = attack_sample_activity
           when ::Contrast::Agent::Reporting::ResponseType::MONITORED
             @exploited = attack_sample_activity

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb

@@ -5,7 +5,6 @@ require 'contrast/agent/protect/rule/cmd_injection'
 require 'contrast/agent/protect/rule/deserialization'
 require 'contrast/agent/protect/rule/http_method_tampering'
 require 'contrast/agent/protect/rule/no_sqli'
-require 'contrast/api/dtm.pb'
 require 'contrast/agent/reporting/attack_result/user_input'
 require 'contrast/agent/reporting/attack_result/response_type'
 require 'contrast/components/logger'
@@ -60,7 +59,7 @@ module Contrast
           }
         end
 
-        # @param response_type [Contrast::Api::Dtm::AttackResult::ResponseType]
+        # @param response_type [Contrast::Agent::Reporting::ResponseType]
         # @return [Boolean] check if response type is blocked
         def blocked? response_type
           @blocked = response_type == Contrast::Agent::Reporting::ResponseType::BLOCKED

data/lib/contrast/agent/reporting/reporting_events/application_update.rb

@@ -6,9 +6,7 @@ require 'contrast/agent/reporting/reporting_events/application_reporting_event'
 require 'contrast/agent/reporting/reporting_events/library_discovery'
 require 'contrast/agent/reporting/reporting_events/reporting_event'
 require 'contrast/agent/reporting/reporting_events/route_discovery'
-require 'contrast/api/dtm.pb'
 require 'contrast/components/logger'
-require 'json'
 
 module Contrast
   module Agent

data/lib/contrast/agent/reporting/reporting_events/architecture_component.rb

@@ -1,7 +1,6 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/api/dtm.pb'
 require 'contrast/components/logger'
 
 module Contrast

data/lib/contrast/agent/reporting/reporting_events/finding.rb

@@ -162,7 +162,7 @@ module Contrast
         # Rules which are event based must have an event to be sent to TeamServer. They include the Trigger, Regexp,
         # and Data flow type Rules, meaning all those which are not Properties based. Eventually, we may have
         # validation for each of those types; however, that's a refactor for after we've translated all rules from the
-        # Service and have had time to build proper child structure.
+        # TeamServer and have had time to build proper child structure.
         #
         # @return [Boolean]
         def event_based?
@@ -171,7 +171,7 @@ module Contrast
 
         # Rules which are property based must have a property to be sent to TeamServer. Eventually, each rule may own
         # its own validation, as the properties each needs are different; however, that's a refactor for after we've
-        # translated all rules from the Service and have had time to build proper child structure.
+        # translated all rules from TeamServer and have had time to build proper child structure.
         #
         # @return [Boolean]
         def property_based?
@@ -180,7 +180,7 @@ module Contrast
 
         # Rules which are config based must have a configuration to be sent to TeamServer. Eventually, each rule may own
         # its own validation, as the properties each needs are different; however, that's a refactor for after we've
-        # translated all rules from the Service and have had time to build proper child structure.
+        # translated all rules from TeamServer and have had time to build proper child structure.
         #
         # @return [Boolean]
         def config_based?
@@ -189,7 +189,7 @@ module Contrast
 
         # Rules which are hardcode based send properties to TeamServer. Eventually, each rule may own its own
         # validation, as the properties each needs are different; however, that's a refactor for after we've
-        # translated all rules from the Service and have had time to build proper child structure.
+        # translated all rules from TeamServer and have had time to build proper child structure.
         #
         # @return [Boolean]
         def hardcoded?

data/lib/contrast/agent/reporting/reporting_events/finding_request.rb

@@ -39,9 +39,6 @@ module Contrast
         attr_accessor :body_binary
         # @return [Hash]
         attr_reader :cookies
-        # REMOVE_DTM_REQUEST
-        # @return [Contrast::Api::Dtm::HttpRequest]
-        attr_reader :dtm
 
         class << self
           # @param request [Contrast::Agent::Request]
@@ -60,8 +57,6 @@ module Contrast
         #
         # @param request [Contrast::Agent::Request]
         def attach_data request
-          # REMOVE_DTM_REQUEST
-          @dtm = request.dtm
           @body = request.body
           @headers = {}
           extract_headers(request)

data/lib/contrast/agent/reporting/reporting_events/library_discovery.rb

@@ -1,7 +1,6 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/api/dtm.pb'
 require 'contrast/utils/string_utils'
 require 'contrast/components/logger'
 

data/lib/contrast/agent/reporting/reporting_events/poll.rb

@@ -6,7 +6,7 @@ require 'contrast/agent/reporting/reporting_events/application_reporting_event'
 module Contrast
   module Agent
     module Reporting
-      # This is the new Poll class for the Heartbeat Service.
+      # This is the new Poll class for the Heartbeat to TeamServer.
       class Poll < Contrast::Agent::Reporting::ApplicationReportingEvent
         def initialize
           @event_type = :heartbeat
@@ -17,16 +17,6 @@ module Contrast
         def file_name
           'applications-heartbeat'
         end
-
-        # This is commented out as I am not aware if we're supposed to send some information and/or parse it to hash
-        # In https://github.com/Contrast-Security-Inc/contrast-service/blob/next/reporting/tsreporter.go
-        #
-        # Convert the instance variables on the class, and other information, into the identifiers required for
-        # TeamServer to process the JSON form of this message.
-        #
-        # @return [Hash]
-        # @raise [ArgumentError]
-        # def to_controlled_hash; end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/route_discovery.rb

@@ -2,7 +2,6 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/reporting/reporting_events/route_discovery_observation'
-require 'contrast/api/dtm.pb'
 require 'contrast/components/logger'
 
 module Contrast

data/lib/contrast/agent/reporting/reporting_events/route_discovery_observation.rb

@@ -1,7 +1,6 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/api/dtm.pb'
 require 'contrast/utils/string_utils'
 require 'contrast/components/logger'
 

data/lib/contrast/agent/reporting/reporting_utilities/audit.rb

@@ -19,8 +19,8 @@ module Contrast
           generate_paths if enabled?
         end
 
-        # This method will be handling the auditing of the requests and responses we send to SpeedRacer. If the audit
-        # feature is enabled, we'll log to file the request and/or response protobuf objects.
+        # This method will be handling the auditing of the requests and responses we send to TeamServer. If the audit
+        # feature is enabled, we'll log to file the request and/or response JSON objects.
         #
         # @param event [Contrast::Agent::Reporting::ReportingEvent] One of the DTMs valid for the
         #   event field of Contrast::Agent::Reporting::ReportingEvent

data/lib/contrast/agent/reporting/reporting_utilities/response.rb

@@ -19,7 +19,7 @@ module Contrast
 
         # All of the feature server_features
         #
-        # @return [Contrast::Agent::Reporting::Settings::FeatureSettings, nil]
+        # @return [Contrast::Agent::Reporting::Settings::ServerFeatures, nil]
         attr_accessor :server_features
 
         # Success boolean message value

data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb

@@ -1,12 +1,9 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/api/communication/response_processor'
-require 'contrast/api/decorators/application_settings'
 require 'contrast/agent/reporting/reporting_utilities/response'
 require 'contrast/agent/reporting/reporting_utilities/response_handler_utils'
 require 'contrast/agent/reporting/reporting_utilities/response_handler_mode'
-require 'contrast/api/decorators/server_features'
 require 'contrast/components/logger'
 require 'json'
 

data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/reporting/reporting_utilities/response_extractor'
+require 'contrast/agent/disable_reaction'
 
 module Contrast
   module Agent

data/lib/contrast/agent/reporting/settings/code_exclusion.rb

@@ -12,9 +12,14 @@ module Contrast
           ATTRIBUTES = BASE_ATTRIBUTES.dup << :denylist
           ATTRIBUTES.cs__freeze
 
-          # @return denylist [Array<String>] #rubocop:disable [Naming/InclusiveLanguage]
+          # @return [Array<String>]
           attr_accessor :denylist
 
+          def initialize
+            super
+            @denylist = []
+          end
+
           def to_controlled_hash
             hash = super
             hash[:denylist] = denylist

data/lib/contrast/agent/reporting/settings/exclusion_base.rb

@@ -18,6 +18,24 @@ module Contrast
           # @return protect_rules [Array<String>]
           attr_accessor :protect_rules
 
+          def initialize
+            @modes = []
+            @assess_rules = []
+            @protect_rules = []
+          end
+
+          # @return [Boolean] does this exclusion apply to Assess or not
+          def assess
+            @_assess = modes&.include?('assess') if @_assess.nil?
+            @_assess
+          end
+
+          # @return [Boolean] does this exclusion apply to Protect or not
+          def protect
+            @_protect = modes&.include?('defend') if @_protect.nil?
+            @_protect
+          end
+
           def to_controlled_hash
             {
                 name: name, # rubocop:disable Security/Module/Name

data/lib/contrast/agent/reporting/settings/exclusions.rb

@@ -26,6 +26,7 @@ module Contrast
           # @param new_code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
           #   name         [String] The name of the exclusion as defined by the user in TS.
           #   modes        [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
           #   assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
           #   denylist     [String] The call, if in the stack, should result in the agent not taking action.
           # }
@@ -39,7 +40,7 @@ module Contrast
 
           # Cases where rules should be excluded if violated from a given input.
           #
-          # @return input_exclusions [Array<Contrast::Agent::Reporting::Settings::InputExclusions>]
+          # @return input_exclusions [Array<Contrast::Agent::Reporting::Settings::InputExclusion>]
           # Array of InputExclusions
           def input_exclusions
             @_input_exclusions ||= []

data/lib/contrast/agent/reporting/settings/input_exclusion.rb

@@ -1,7 +1,7 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/reporting/settings/exclusion_base'
+require 'contrast/agent/reporting/settings/url_exclusion'
 require 'contrast/utils/object_share'
 
 module Contrast
@@ -9,11 +9,17 @@ module Contrast
     module Reporting
       module Settings
         # InputExclusions class
-        class InputExclusion < ExclusionBase
-          ATTRIBUTES = BASE_ATTRIBUTES.dup << :type
+        class InputExclusion < UrlExclusion
+          ATTRIBUTES = UrlExclusion::ATTRIBUTES.dup << :type
           ATTRIBUTES.cs__freeze
           VALID_INPUT_TYPES = %w[COOKIE PARAMETER HEADER BODY QUERYSTRING].cs__freeze
 
+          # @return [String] the name of the input to match
+          attr_accessor :input_name
+
+          # @return [String] the type of the input to match
+          attr_accessor :input_type
+
           # @return type [String] The type of the input
           def type
             @_type ||= Contrast::Utils::ObjectShare::EMPTY_STRING