contrast-agent 6.7.0 → 6.9.0

data/lib/contrast/agent/reporting/settings/exclusions.rb

@@ -26,6 +26,7 @@ module Contrast
           # @param new_code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
           #   name         [String] The name of the exclusion as defined by the user in TS.
           #   modes        [String] If this exclusion applies to assess or protect. [assess, defend]
+          #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
           #   assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
           #   denylist     [String] The call, if in the stack, should result in the agent not taking action.
           # }
@@ -39,7 +40,7 @@ module Contrast
 
           # Cases where rules should be excluded if violated from a given input.
           #
-          # @return input_exclusions [Array<Contrast::Agent::Reporting::Settings::InputExclusions>]
+          # @return input_exclusions [Array<Contrast::Agent::Reporting::Settings::InputExclusion>]
           # Array of InputExclusions
           def input_exclusions
             @_input_exclusions ||= []

data/lib/contrast/agent/reporting/settings/helpers.rb

@@ -48,6 +48,13 @@ module Contrast
               result.slice!(idx + 1)
               result.index('_') ? no_more_underscore(result).to_sym : result.to_sym
             end
+
+            # rule_id => rule-id
+            #
+            # @param id [String]
+            def to_rule_id id
+              id.to_s.tr('_', '-')
+            end
           end
         end
       end

data/lib/contrast/agent/reporting/settings/input_exclusion.rb

@@ -1,7 +1,7 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/reporting/settings/exclusion_base'
+require 'contrast/agent/reporting/settings/url_exclusion'
 require 'contrast/utils/object_share'
 
 module Contrast
@@ -9,11 +9,17 @@ module Contrast
     module Reporting
       module Settings
         # InputExclusions class
-        class InputExclusion < ExclusionBase
-          ATTRIBUTES = BASE_ATTRIBUTES.dup << :type
+        class InputExclusion < UrlExclusion
+          ATTRIBUTES = UrlExclusion::ATTRIBUTES.dup << :type
           ATTRIBUTES.cs__freeze
           VALID_INPUT_TYPES = %w[COOKIE PARAMETER HEADER BODY QUERYSTRING].cs__freeze
 
+          # @return [String] the name of the input to match
+          attr_accessor :input_name
+
+          # @return [String] the type of the input to match
+          attr_accessor :input_type
+
           # @return type [String] The type of the input
           def type
             @_type ||= Contrast::Utils::ObjectShare::EMPTY_STRING

data/lib/contrast/agent/reporting/settings/protect.rb

@@ -2,8 +2,6 @@
 # frozen_string_literal: true
 
 require 'contrast/utils/object_share'
-require 'contrast/api/dtm.pb'
-require 'contrast/api/settings.pb'
 
 module Contrast
   module Agent
@@ -79,23 +77,25 @@ module Contrast
 
             modes_by_id = {}
             protection_rules.each do |rule|
-              setting_mode = rule[:mode]
-              next unless PROTECT_RULES_MODE.include?(setting_mode)
-
-              api_mode = case setting_mode
-                         when PROTECT_RULES_MODE[1]
-                           ::Contrast::Api::Settings::ProtectionRule::Mode::MONITOR
-                         when PROTECT_RULES_MODE[2]
-                           if rule[:blockAtEntry]
-                             ::Contrast::Api::Settings::ProtectionRule::Mode::BLOCK_AT_PERIMETER
+              setting_mode = rule[:mode] || rule['mode']
+              api_mode = if PROTECT_RULES_MODE.include?(setting_mode)
+                           case setting_mode
+                           when PROTECT_RULES_MODE[1]
+                             :MONITOR
+                           when PROTECT_RULES_MODE[2]
+                             if rule[:blockAtEntry] || rule['blockAtEntry']
+                               :BLOCK_AT_PERIMETER
+                             else
+                               :BLOCK
+                             end
                            else
-                             ::Contrast::Api::Settings::ProtectionRule::Mode::BLOCK
+                             :NO_ACTION
                            end
                          else
-                           ::Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION
+                           setting_mode.to_sym
                          end
-
-              modes_by_id[rule[:id]] = api_mode
+              id = rule[:id] || rule['id']
+              modes_by_id[id] = api_mode
             end
             modes_by_id
           end

data/lib/contrast/agent/reporting/settings/protect_server_feature.rb

@@ -17,6 +17,10 @@ module Contrast
         # Application level settings for the Protect featureset.
         # Used for the FeatureSet TS response
         class ProtectServerFeature
+          PROTECT_RULES_KEYS = %i[
+            cmd_injection method_tampering nosql_injection path_traversal redos reflected_xss sql_injection
+            ssrf unsafe_file_upload untrusted_deserialization xxe
+          ].cs__freeze
           # Indicate if the protect feature set is enabled for this server or not.
           #
           # @return enabled [Boolean]
@@ -32,6 +36,21 @@ module Contrast
             @_enabled = enabled
           end
 
+          # When false, the agent should not track observations.
+          # when true, the agent should track observed usage of protect URLs
+          #  { enable: true }
+          #
+          # @return observability [Boolean]
+          def observability
+            @_observability
+          end
+
+          # @param enable [Boolean]
+          # @return observability [Boolean]
+          def observability= enable
+            @_observability = enable
+          end
+
           # Indicate if the bot protection feature set is enabled for this server or not.
           #
           # @return bot_blocker [Contrast::Agent::Reporting::Settings::BotBlocker]
@@ -149,6 +168,23 @@ module Contrast
                 list)
           end
 
+          # Transforms ServerSettings hash rules to definition_list
+          #
+          # @param rules [Hash]
+          def rules_to_definition_list rules
+            return unless rules&.cs__is_a?(Hash)
+
+            definition_list = []
+            rules.slice(*PROTECT_RULES_KEYS).each_pair do |key, rule|
+              new_entry = Contrast::Agent::Reporting::Settings::RuleDefinition.new
+              new_entry.name = Contrast::Agent::Reporting::Settings::Helpers.to_rule_id(key)
+              new_entry.patterns = rule[:patterns]
+              new_entry.keywords = rule[:keywords]
+              definition_list << new_entry
+            end
+            @_rule_definition_list = definition_list
+          end
+
           # Controls for the syslogging feature in the agent.
           #
           # @return syslog [Contrast::Agent::Reporting::Settings::Syslog]
@@ -175,13 +211,14 @@ module Contrast
             {
                 botBlockers: bot_blocker.bots.map(&:to_controlled_hash),
                 enabled: enabled?,
+                observability: observability, # used with ServerSettings only
                 logEnhancers: log_enhancers.map(&:to_controlled_hash),
                 ipDenylist: ip_denylist.map(&:to_controlled_hash),
                 ipAllowlist: ip_allowlist.map(&:to_controlled_hash),
-                syslog: syslog.to_controlled_hash,
+                syslog: syslog.settings_blank? ? nil : syslog.to_controlled_hash, # used with ServerSettings only
                 ruleDefinitionList: rule_definition_list.map(&:to_controlled_hash),
                 'bot-blocker': bot_blocker.to_controlled_hash
-            }
+            }.compact
           end
         end
       end

data/lib/contrast/agent/reporting/settings/rule_definition.rb

@@ -12,6 +12,9 @@ module Contrast
         class RuleDefinition
           ATTRIBUTES = %i[name keywords patterns].cs__freeze
 
+          # For the ServerSettings this name is not used instead it is used as key to the keywords and patterns
+          # arrays. It is used in the agent startup message.
+          #
           # @return name [String] Name of the rule
           attr_accessor :name
 

data/lib/contrast/agent/reporting/settings/security_logger.rb

@@ -0,0 +1,77 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/settings/syslog'
+
+module Contrast
+  module Agent
+    module Reporting
+      module Settings
+        # this class will hold the security logger settings.
+        class SecurityLogger
+          def initialize
+            @blank = true
+          end
+
+          # check to see if object is being used
+          #
+          # @return [Boolean]
+          def settings_blank?
+            @blank
+          end
+
+          # Set the state of settings
+          #
+          # @return [Boolean]
+          def not_blank!
+            @blank = false
+          end
+
+          # The level at which the agent should log. Overridden by agent.logger.level
+          # if set in a local configuration
+          #
+          # @return log_level [String] [ ERROR, WARN, INFO, DEBUG, TRACE ]
+          def log_level
+            @_log_level ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # set the log level
+          #
+          # @param log_level [String]
+          # @return log_level [String] [ ERROR, WARN, INFO, DEBUG, TRACE ]
+          def log_level= log_level
+            @_log_level = log_level if log_level.is_a?(String)
+          end
+
+          # Where to log the agent's log file, if set by the user. Overridden by agent.logger.path
+          # if set in a local configuration.
+          #
+          # @return log_file [String] path
+          def log_file
+            @_log_file ||= Contrast::Utils::ObjectShare::EMPTY_STRING
+          end
+
+          # Set the log file
+          #
+          # @param log_file [String] path
+          # @return log_file [String] path
+          def log_file= log_file
+            @_log_file = log_file if log_file.is_a?(String)
+          end
+
+          def syslog
+            @_syslog ||= Contrast::Agent::Reporting::Settings::Syslog.new
+          end
+
+          def to_controlled_hash
+            {
+                level: log_level,
+                path: log_file,
+                syslog: syslog.to_controlled_hash
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/settings/server_features.rb

@@ -4,6 +4,7 @@
 require 'contrast/utils/object_share'
 require 'contrast/agent/reporting/settings/assess_server_feature'
 require 'contrast/agent/reporting/settings/protect_server_feature'
+require 'contrast/agent/reporting/settings/security_logger'
 
 module Contrast
   module Agent
@@ -46,6 +47,13 @@ module Contrast
             @_log_file = log_file if log_file.is_a?(String)
           end
 
+          # Class holding security logger settings:
+          #
+          # @return [Contrast::Agent::Reporting::Settings::SecurityLogger]
+          def security_logger
+            @_security_logger ||= Contrast::Agent::Reporting::Settings::SecurityLogger.new
+          end
+
           # Controls for the reporting of telemetry events from the agent to TeamServer.
           # This is NOT for the agent telemetry feature collecting metrics sent to other services.
           #
@@ -74,6 +82,7 @@ module Contrast
 
           def to_controlled_hash
             {
+                security_logger: security_logger.settings_blank? ? nil : security_logger.to_controlled_hash,
                 assessment: @_assess ? assess.to_controlled_hash : {},
                 defend: @_protect ? protect.to_controlled_hash : {},
                 telemetry: telemetry

data/lib/contrast/agent/reporting/settings/syslog.rb

@@ -14,15 +14,24 @@ module Contrast
           # severity_blocked, severity_blocked_perimeter, severity_exploited, severity_probed,
           # severity_probed_perimeter
           SEVERITIES = %w[ALERT CRITICAL ERROR WARNING NOTICE INFO DEBUG].cs__freeze
-          SYSLOG_METHODS = %i[
+          # Order and elements matter, the same setter must be called against same response field.
+          SYSLOG_METHODS_NG = %i[
             enable= ip= port= facility= protocol= connection_type= severity_exploited= severity_blocked=
             severity_probed= severity_probed_suspicious= severity_blocked_perimeter= severity_probed_perimeter=
           ].cs__freeze
-          SYSLOG_RESPONSE_KEYS = %i[
+          SYSLOG_RESPONSE_KEYS_NG = %i[
             syslogEnabled syslogIpAddress syslogPortNumber syslogFacilityCode syslogProtocol
             syslogConnectionType syslogSeverityExploited syslogSeverityBlocked syslogSeverityProbed
             syslogSeveritySuspicious syslogSeverityBlockedPerimeter syslogSeverityProbedPerimeter
           ].cs__freeze
+          SYSLOG_METHODS = %i[
+            enable= ip= port= facility= connection_type= severity_blocked= severity_blocked_perimeter=
+            severity_exploited= severity_probed= severity_probed_perimeter=
+          ].cs__freeze
+          SYSLOG_RESPONSE_KEYS = %i[
+            enable ip facility connection_type severity_blocked severity_blocked_perimeter severity_exploited
+            severity_probed severity_probed_perimeter
+          ].cs__freeze
 
           # @return enable [Boolean]
           attr_accessor :enable
@@ -40,6 +49,21 @@ module Contrast
             @ip = Contrast::Utils::ObjectShare::EMPTY_STRING
             @port = 0
             @facility = 0
+            @blank = true
+          end
+
+          # check to see if object is being used
+          #
+          # @return [Boolean]
+          def settings_blank?
+            @blank
+          end
+
+          # Set the state of settings
+          #
+          # @return [Boolean]
+          def not_blank!
+            @blank = false
           end
 
           # @return connection_type [String] one of UNENCRYPTED, ENCRYPTED
@@ -134,10 +158,15 @@ module Contrast
           end
 
           # @param settings_array [Array] Settings retrieved from response
-          def assign_array settings_array
-            Contrast::Agent::Reporting::Settings::Syslog::SYSLOG_METHODS.each_with_index do |method, index|
-              send(method, settings_array[SYSLOG_RESPONSE_KEYS[index]])
+          # @param ng_ [Boolean]
+          def assign_array settings_array, ng_: true
+            methods = ng_ ? SYSLOG_METHODS_NG : SYSLOG_METHODS
+            response_keys = ng_ ? SYSLOG_RESPONSE_KEYS_NG : SYSLOG_RESPONSE_KEYS
+
+            methods.each_with_index do |method, index|
+              send(method, settings_array[response_keys[index]])
             end
+            not_blank!
           end
 
           def to_controlled_hash

data/lib/contrast/agent/request.rb

@@ -74,7 +74,9 @@ module Contrast
       # @return uri [String]
       def normalized_uri
         @_normalized_uri ||= begin
-          path = rack_request.path_info
+          path = rack_request.path_info || rack_request.path.to_s
+          path = '/' if path.empty?
+
           uri = path.split(Contrast::Utils::ObjectShare::SEMICOLON)[0]    # remove ;jsessionid
           uri = uri.split(Contrast::Utils::ObjectShare::QUESTION_MARK)[0] # remove ?query_string=
           uri.gsub(INNER_REST_TOKEN, INNER_NUMBER_MARKER)                 # replace interior tokens
@@ -142,19 +144,6 @@ module Contrast
         @_body
       end
 
-      # REMOVE_DTM_REQUEST
-      #
-      # Unlike most of our translation, which is called where needed for each
-      # message and forgotten, we'll leave this method to call the build as we
-      # don't want to pay to reconstruct the DTM for this Request multiple
-      # times.
-      #
-      # @return [Contrast::Api::Dtm::HttpRequest] the SpeedRacer compatible
-      #   form of this Request
-      def dtm
-        @_dtm ||= Contrast::Api::Dtm::HttpRequest.build(self)
-      end
-
       # flattened hash of request params
       #
       # @return parameters [Hash]

data/lib/contrast/agent/request_context.rb

@@ -1,7 +1,6 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/api/dtm.pb'
 require 'contrast/utils/timer'
 require 'contrast/agent/request'
 require 'contrast/agent/response'
@@ -24,7 +23,7 @@ module Contrast
       include Contrast::Utils::RequestUtils
       include Contrast::Agent::RequestContextExtend
 
-      EMPTY_INPUT_ANALYSIS_PB = Contrast::Api::Settings::InputAnalysis.new
+      INPUT_ANALYSIS = Contrast::Agent::Reporting::InputAnalysis.new
 
       # @return [Contrast::Agent::Reporting:ApplicationActivity] the application activity found in this request
       attr_reader :activity
@@ -39,8 +38,8 @@ module Contrast
       attr_reader :response
       # @return [Contrast::Agent::Reporting::RouteDiscovery] the route, used for findings, of this request
       attr_reader :discovered_route
-      # @return [Contrast::Api::Settings::InputAnalysis] the protect input analysis of sources on this request
-      attr_reader :speedracer_input_analysis
+      # @return [Contrast::Agent::Reporting::InputAnalysis]
+      attr_reader :agent_input_analysis
       # @return [Array<String>] the hash of findings already reported fro this request
       attr_reader :reported_findings
       # @return [Contrast::Utils::Timer] when the context was created
@@ -55,15 +54,13 @@ module Contrast
           @logging_hash = { request_id: __id__ }
 
           # instantiate helper for request and response
-          @request = Contrast::Agent::Request.new(rack_request)
+          @request = Contrast::Agent::Request.new(rack_request) if rack_request
           @activity = Contrast::Agent::Reporting::ApplicationActivity.new
 
           # build analyzer
           @do_not_track = false
-          @speedracer_input_analysis = EMPTY_INPUT_ANALYSIS_PB
-          speedracer_input_analysis.request = request
-
-          # TODO: RUBY-1627
+          @agent_input_analysis = INPUT_ANALYSIS
+          agent_input_analysis.request = request
 
           # flag to indicate whether the app is fully loaded
           @app_loaded = !!app_loaded

data/lib/contrast/agent/request_context_extend.rb

@@ -20,12 +20,9 @@ module Contrast
     # This class extends RequestContexts: this class acts to encapsulate information about the currently
     # executed request, making it available to the Agent for the duration of the request in a standardized
     # and normalized format which the Agent understands.
-    module RequestContextExtend # rubocop:disable Metrics/ModuleLength
+    module RequestContextExtend
       include Contrast::Utils::CEFLogUtils
       include Contrast::Components::Logger::InstanceMethods
-      BUILD_ATTACK_LOGGER_MESSAGE = 'Building attack result from Contrast Service input analysis result'
-      CEF_LOGGING_RULES = %w[bot-blocker virtual-patch ip-denylist].cs__freeze
-
       # Convert the discovered route for this request to appropriate forms and disseminate it to those locations
       # where it is necessary for our route coverage and finding vulnerability discovery features to function.
       #
@@ -43,55 +40,24 @@ module Contrast
         @request.discovered_route = @discovered_route
       end
 
+      # If protect is enabled for this request, examine said request for any possible attack input. If those inputs
+      # provided match a rule which should block at the perimeter, that will be raised here.
+      #
       # @raise [Contrast::SecurityException]
-      def service_extract_request
+      def protect_input_analysis
         return false unless ::Contrast::AGENT.enabled?
         return false unless ::Contrast::PROTECT.enabled?
         return false if @do_not_track
 
-        service_response = Contrast::Agent&.messaging_queue&.send_event_immediately(@activity.request.dtm)
-        return false unless service_response
-
-        handle_protect_state(service_response)
-        ia = service_response.input_analysis
-        if ia
-          service_extract_logging(ia)
-          # TODO: RUBY-1629
-          # using Agent analysis
-          # initialize_agent_input_analysis request
-
-          @speedracer_input_analysis = ia
-          speedracer_input_analysis.request = request
+        if (ia = Contrast::Agent::Protect::InputAnalyzer.analyse(request))
+          @agent_input_analysis = ia
         else
-          logger.trace('Analysis from Contrast Service was empty.')
-          false
+          logger.trace('Analysis from Agent was empty.')
         end
       rescue Contrast::SecurityException => e
         raise(e)
       rescue StandardError => e
-        logger.warn('Unable to extract Contrast Service information from request', e)
-        false
-      end
-
-      # NOTE: this method is only used as a backstop if Speedracer sends Input Evaluations when the protect state
-      # indicates a security exception should be thrown. This method ensures that the attack reports are generated.
-      # Normally these should be generated on Speedracer for any attacks detected during prefilter.
-      #
-      # @param agent_settings [Contrast::Api::Settings::AgentSettings]
-      # @raise[Contrast::SecurityException]
-      def handle_protect_state agent_settings
-        return unless agent_settings&.protect_state
-
-        state = agent_settings.protect_state
-        @uuid = state.uuid
-        @do_not_track = true unless state.track_request
-        return unless state.security_exception
-
-        # make sure the activity get send before the error
-        # If Contrast Service has NOT handled the input analysis, handle them here
-        build_attack_results(agent_settings)
-        logger.debug('Contrast Service said to block this request')
-        raise(Contrast::SecurityException.new(nil, (state.security_message || 'Blocking suspicious behavior')))
+        logger.warn('Unable to extract protect information from request', e)
       end
 
       # append anything we've learned to the request seen message this is the sum-total of all inventory information
@@ -114,111 +80,6 @@ module Contrast
       rescue StandardError => e
         logger.error('Unable to extract information after request', e)
       end
-
-      # This here is for things we don't have implemented
-      def log_to_cef
-        activity.defend.attackers.each { |attacker| logging_logic(attacker.protection_rules) }
-      end
-
-      # @param input_analysis [Contrast::Api::Settings::InputAnalysis]
-      def service_extract_logging input_analysis
-        log_to_cef
-        logger.trace('Analysis from Contrast Service', evaluations: input_analysis.results.length) if logger.trace?
-        logger.trace('Results', input_analysis: input_analysis.inspect) if logger.trace?
-      end
-
-      private
-
-      # Generate attack results directly from any evaluations on the agent settings object.
-      #
-      # @param agent_settings [Contrast::Api::Settings::AgentSettings]
-      def build_attack_results agent_settings
-        return unless agent_settings&.input_analysis&.results&.any?
-
-        results_by_rule = {}
-        agent_settings.input_analysis.results.each do |ia_result|
-          rule_id = ia_result.rule_id
-          rule = ::Contrast::PROTECT.rule(rule_id)
-          next unless rule
-
-          logger.debug(BUILD_ATTACK_LOGGER_MESSAGE, result: ia_result.inspect) if logger.debug?
-          results_by_rule[rule_id] = attack_result(rule, rule_id, ia_result, results_by_rule)
-        end
-
-        results_by_rule.each_pair do |_, attack_result|
-          logger.info('Blocking attack result', rule: attack_result.rule_id)
-          activity.attach_defend(attack_result)
-        end
-      end
-
-      # Generates the attack result
-      #
-      # @param rule [Contrast::Agent::Protect::Rule, Contrast::Agent::Assess::Rule]
-      # @param rule_id [String] String name of the rule
-      # @param ia_result [Contrast::Api::Settings::InputAnalysisResult] the
-      #   analysis of the input that was determined to be an attack
-      # @param results_by_rule [Hash] attack results from any evaluations on the agent settings object.
-      # @return [Contrast::Api::Dtm::AttackResult] the attack result from this input
-      def attack_result rule, rule_id, ia_result, results_by_rule
-        @_attack_result = if rule.mode == :BLOCK
-                            # special case for rules (like reflected xss) that used to have an infilter / block mode
-                            # but now are just block at perimeter
-                            rule.build_attack_with_match(self, ia_result, results_by_rule[rule_id], ia_result.value)
-                          else
-                            rule.build_attack_without_match(self, ia_result, results_by_rule[rule_id])
-                          end
-      end
-
-      # @param protection_rules [Array<rule_id => Contrast::Agent::Reporting::ApplicationDefendAttackActivity>] Array
-      # of all protection rules per active attackers of this request life cycle.
-      def logging_logic protection_rules
-        protection_rules.any? do |rule_id, activity|
-          next unless CEF_LOGGING_RULES.include?(rule_id)
-
-          outcome = activity.response_type
-          rule_details = details_builder(outcome, activity)
-          case rule_id
-          when /bot-blocker/i
-            cef_logger.bot_blocking_message(rule_details.to_controlled_hash, outcome) if rule_details
-          when /virtual-patch/i
-            cef_logger.virtual_patch_message(rule_details.to_controlled_hash, outcome) if rule_details
-          when /ip-denylist/i
-            sender_ip = extract_sender_ip
-            next unless sender_ip
-            next unless rule_details && rule_details.ip == sender_ip
-
-            cef_logger.ip_denylisted_message(sender_ip, rule_details.to_controlled_hash, outcome)
-          end
-        end
-      end
-
-      # @param outcome [Symbol<Contrast::Agent::Reporting::ResponseType>]
-      # @param activity [Contrast::Agent::Reporting::ApplicationDefendAttackActivity]
-      def details_builder outcome, activity
-        case outcome
-        when ::Contrast::Agent::Reporting::ResponseType::BLOCKED
-          blocked = activity.blocked
-          get_details(blocked)
-        when ::Contrast::Agent::Reporting::ResponseType::MONITORED
-          exploited = activity.exploited
-          get_details(exploited)
-        when ::Contrast::Agent::Reporting::ResponseType::PROBED
-          ineffective = activity.ineffective
-          get_details(ineffective)
-        when ::Contrast::Agent::Reporting::ResponseType::SUSPICIOUS
-          activity.suspicious.samples[0].details
-          suspicious = activity.suspicious
-          get_details(suspicious)
-        end
-      end
-
-      # @param type [Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity]
-      # @return details [Contrast::Agent::Reporting::ProtectRuleDetails] depends on rule
-      def get_details type
-        sample = nil
-        sample = type.samples[0] unless type.samples.empty?
-        sample&.details
-      end
     end
   end
 end

data/lib/contrast/agent/request_handler.rb

@@ -21,18 +21,13 @@ module Contrast
         @ruleset = ::Contrast::AGENT.ruleset
       end
 
-      # reports events[Contrast::Agent::Reporting::ReporterEvent] to TS
-      # This method is used to send our JSON messages directly to TeamServer at the end of each request. As we move
-      # more endpoints over, this method will take the messages originally sent by #send_actiivty_messages. At the end,
-      # that method should be removed.
-      def report_activity
+      # reports events[Contrast::Agent::Reporting::ObservedRoute] to TS
+      # Other ReportingEvents are handled through batching in the middleware
+      #
+      def report_observed_route
         return unless (reporter = Contrast::Agent.reporter)
 
-        reporter.send_event(context.observed_route)
-        # Mask Sensitive Data
-        Contrast::Agent::Reporting::Masker.mask(context.activity)
-        event = context.activity
-        reporter.send_event(event)
+        reporter.send_event(context.observed_route) if Contrast::ROUTES_SENT.sendable?(context.observed_route)
       end
 
       # If the response is streaming, we should only perform filtering on our stream safe rules

data/lib/contrast/agent/telemetry/events/exceptions/telemetry_exception_event.rb

@@ -33,7 +33,7 @@ module Contrast
           end
 
           def self.path
-            '/ruby/runtime'
+            '/error'
           end
 
           def to_controlled_hash