contrast-agent 6.7.0 → 6.9.0

data/lib/contrast/components/logger.rb

@@ -13,6 +13,14 @@ module Contrast
           Contrast::Logger::Log.instance.logger
         end
 
+        # When calling this method from any instance
+        # The CEF logger will be initialized and it's
+        # path and level will be set. Since we don't
+        # call this method unless protect is started,
+        # on Agent Startup no file is created before is
+        # needed.
+        #
+        # @return [Logger]
         def cef_logger
           @_cef_logger ||= Contrast::Logger::CEFLog.instance.tap(&:build_logger)
         end
@@ -23,6 +31,10 @@ module Contrast
       # instance methods and will initialize new instances for where they're needed
       class Interface
         include InstanceMethods
+        include Contrast::Components::ComponentBase
+
+        CANON_NAME = 'agent.logger'
+        CONFIG_VALUES = %w[path level progname].cs__freeze
 
         # @return [String, nil]
         attr_accessor :path
@@ -30,8 +42,14 @@ module Contrast
         attr_accessor :level
         # @return [String, nil]
         attr_accessor :progname
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
 
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @path = hsh[:path]

data/lib/contrast/components/polling.rb

@@ -0,0 +1,36 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/components/base'
+
+module Contrast
+  module Components
+    module Polling
+      # A wrapper build around the agent.polling config
+      class Interface
+        include Contrast::Components::ComponentBase
+
+        # @return [Integer, nil]
+        attr_reader :server_settings_ms
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
+        # @return [Integer, nil]
+        attr_reader :batch_reporting_interval_ms
+
+        CANON_NAME = 'agent.polling'
+        CONFIG_VALUES = %w[server_settings_ms batch_reporting_interval_ms].cs__freeze
+
+        def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
+          return unless hsh
+
+          @server_settings_ms = hsh[:server_settings_ms]
+          @batch_reporting_interval_ms = hsh[:batch_reporting_interval_ms]
+        end
+      end
+    end
+  end
+end

data/lib/contrast/components/protect.rb

@@ -14,15 +14,29 @@ module Contrast
         include Contrast::Components::ComponentBase
         include Contrast::Config::BaseConfiguration
 
+        CANON_NAME = 'protect'
+        CONFIG_VALUES = %w[enabled?].cs__freeze
+        RULES = 'rules'
+        MODE = 'mode'
+
         # @return [Boolean, nil]
         attr_accessor :enable
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
+        # @return [Boolean, nil]
+        attr_accessor :agent_lib
 
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @_exceptions = Contrast::Config::ExceptionConfiguration.new(hsh[:exceptions])
           @_rules = Contrast::Config::ProtectRulesConfiguration.new(hsh[:rules])
           @enable = hsh[:enable]
+          @agent_lib = hsh[:agent_lib]
         end
 
         # @return [Contrast::Config::ExceptionConfiguration]
@@ -54,6 +68,9 @@ module Contrast
           ::Contrast::SETTINGS.protect_state.enabled == true
         end
 
+        # Current Configuration for the protect rules
+        #
+        # @return [Contrast::Config::ProtectRulesConfiguration]
         def rule_config
           ::Contrast::CONFIG.protect.rules
         end
@@ -62,18 +79,27 @@ module Contrast
         # protect rules.
         #
         # @return defend_rules[Hash<Contrast::SETTINGS.protect_state.rules>]
-        #
         def defend_rules
           ::Contrast::SETTINGS.protect_state.rules
         end
 
+        # The Contrast::CONFIG.protect.rules is object so we need to check it's
+        # corresponding method call for each rule of interest. If there is no
+        # status available we search for any Settings available received form
+        # TS response.
+        #
+        # @param rule_id [String]
+        # @return mode [Symbol]
         def rule_mode rule_id
           str = rule_id.tr('-', '_')
           ::Contrast::CONFIG.protect.rules[str]&.applicable_mode ||
               ::Contrast::SETTINGS.application_state.modes_by_id[rule_id] ||
-              Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION
+              :NO_ACTION
         end
 
+        # Name of the protect rule
+        #
+        # @return [String]
         def rule name
           ::Contrast::SETTINGS.protect_state.rules[name]
         end
@@ -101,8 +127,32 @@ module Contrast
           @_forcibly_disabled = false?(::Contrast::CONFIG.protect.enable)
         end
 
+        # Converts current configuration to effective config values class and appends them to
+        # EffectiveConfig class.
+        #
+        # @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
+        def to_effective_config effective_config
+          super
+          protect_rules_to_effective_config(effective_config)
+        end
+
         private
 
+        # @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
+        def protect_rules_to_effective_config effective_config
+          return unless defend_rules
+
+          defend_rules.each do |key, value|
+            next unless key && value
+
+            config_prefix = "#{ CANON_NAME }.#{ RULES }.#{ key }"
+            name_prefix = "#{ CONTRAST }.#{ CANON_NAME }.#{ RULES }.#{ key }"
+            add_single_effective_value(effective_config, ENABLE, value.enabled?, config_prefix, name_prefix)
+            # Get the mode by checking Current Configs or Settings received:
+            add_single_effective_value(effective_config, MODE, rule_mode(key), config_prefix, name_prefix)
+          end
+        end
+
         def forcibly_enabled?
           return @_forcibly_enabled unless @_forcibly_enabled.nil?
 

data/lib/contrast/components/ruby_component.rb

@@ -1,6 +1,8 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/components/base'
+
 module Contrast
   module Components
     module Ruby
@@ -19,15 +21,28 @@ module Contrast
           log:clear middleware notes notes:custom rails:template rails:update routes secret spec spec:features
           spec:requests spec:controllers spec:helpers spec:models spec:views spec:routing spec:rcov stats
           test test:all test:all:db test:recent test:single test:uncommitted time:zones:all tmp:clear
-          tmp:create webpacker:compile contrast:service:start contrast:service:status contrast:service:stop
+          tmp:create webpacker:compile
         ].cs__freeze
 
         DEFAULT_UNINSTRUMENTED_NAMESPACES = %w[FactoryGirl FactoryBot].cs__freeze
+        CANON_NAME = 'agent.ruby'
+        CONFIG_VALUES = %w[
+          disabled_agent_rake_tasks
+          propagate_yield require_scan
+          non_request_tracking
+          uninstrument_namespace
+        ].cs__freeze
 
         attr_writer :disabled_agent_rake_tasks, :exceptions, :propagate_yield, :require_scan,
                     :non_request_tracking, :uninstrument_namespace
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
 
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @disabled_agent_rake_tasks = hsh[:disabled_agent_rake_tasks]

data/lib/contrast/components/sampling.rb

@@ -28,10 +28,10 @@ module Contrast
             settings = ::Contrast::SETTINGS&.assess_state&.sampling_settings
             {
                 enabled: enabled?(config_settings, settings),
-                baseline: baseline(config_settings, settings),
-                request_frequency: request_frequency(config_settings, settings),
-                response_frequency: response_frequency(config_settings, settings),
-                window: window(config_settings, settings)
+                baseline: check_baseline(config_settings, settings),
+                request_frequency: check_request_frequency(config_settings, settings),
+                response_frequency: check_response_frequency(config_settings, settings),
+                window: check_window(config_settings, settings)
             }
           end
         end
@@ -45,7 +45,8 @@ module Contrast
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
         #   local user input
-        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @param settings [Contrast::Agent::Reporting::Settings::Sampling, nil] the Sampling settings as provided by
+        # TeamServer
         # @return [Boolean] the resolution of the config_settings, settings, and default value
         def enabled? config_settings, settings
           true?([config_settings&.enable, settings&.enabled, DEFAULT_SAMPLING_ENABLED].compact[0])
@@ -53,35 +54,39 @@ module Contrast
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
         #   local user input
-        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @param settings [Contrast::Agent::Reporting::Settings::Sampling] the Sampling settings as provided by
+        # TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
-        def baseline config_settings, settings
+        def check_baseline config_settings, settings
           [config_settings&.baseline, settings&.baseline].map(&:to_i).find(&:positive?) || DEFAULT_SAMPLING_BASELINE
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
         #   local user input
-        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @param settings [Contrast::Agent::Reporting::Settings::Sampling] the Sampling settings as provided by
+        # TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
-        def request_frequency config_settings, settings
+        def check_request_frequency config_settings, settings
           [config_settings&.request_frequency, settings&.request_frequency].map(&:to_i).find(&:positive?) ||
               DEFAULT_SAMPLING_REQUEST_FREQUENCY
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
         #   local user input
-        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @param settings [Contrast::Agent::Reporting::Settings::Sampling] the Sampling settings as provided by
+        # TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
-        def response_frequency config_settings, settings
+        def check_response_frequency config_settings, settings
           [config_settings&.response_frequency, settings&.response_frequency].map(&:to_i).find(&:positive?) ||
               DEFAULT_SAMPLING_RESPONSE_FREQUENCY
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
         #   local user input
-        # @param settings [Contrast::Api::Settings::Sampling] the Sampling settings as provided by TeamServer
+        # @param settings [Contrast::Agent::Reporting::Settings::Sampling] the Sampling settings as provided by
+        # TeamServer
         # @return [Integer] the resolution of the config_settings, settings, and default value
-        def window config_settings, settings
+        def check_window config_settings, settings
           [config_settings&.window_ms, settings&.window_ms].map(&:to_i).find(&:positive?) || DEFAULT_SAMPLING_WINDOW_MS
         end
       end
@@ -94,8 +99,13 @@ module Contrast
 
       class Interface # :nodoc:
         include InstanceMethods
+        extend ClassMethods
         include Contrast::Config::BaseConfiguration
 
+        CANON_NAME = 'assess.sampling'
+        NAME_PREFIX = "#{ CONTRAST }.#{ CANON_NAME }"
+        CONFIG_VALUES = %w[enable baseline request_frequency response_frequency window_ms].cs__freeze
+
         # @return [Integer, nil]
         attr_reader :baseline
         # @return [Integer, nil]
@@ -104,8 +114,11 @@ module Contrast
         attr_reader :response_frequency
         # @return [Integer, nil]
         attr_reader :window_ms
+        # @return [String]
+        attr_reader :canon_name
 
         def initialize hsh = {}
+          @canon_name = CANON_NAME
           return unless hsh
 
           @enable = hsh[:enable]
@@ -119,6 +132,50 @@ module Contrast
         def enable
           !!@enable
         end
+
+        # Converts current configuration to effective config values class and appends them to
+        # EffectiveConfig class.
+        #
+        # @param effective_config [Contrast::Agent::DiagnosticsConfig::EffectiveConfig]
+        def to_effective_config effective_config
+          confirm_sources
+
+          add_single_effective_value(effective_config, 'enable', sampling_control[:enabled], canon_name, NAME_PREFIX)
+          add_single_effective_value(effective_config, 'baseline', sampling_control[:baseline], canon_name, NAME_PREFIX)
+          add_single_effective_value(effective_config, 'window_ms', sampling_control[:window], canon_name, NAME_PREFIX)
+          add_single_effective_value(effective_config,
+                                     'request_frequency',
+                                     sampling_control[:request_frequency],
+                                     canon_name,
+                                     NAME_PREFIX)
+          add_single_effective_value(effective_config,
+                                     'response_frequency',
+                                     sampling_control[:response_frequency],
+                                     canon_name,
+                                     NAME_PREFIX)
+        end
+
+        private
+
+        # Confirm the sources for the sample entries to ensure that we use 'Default' if we've fallen
+        # back to the default values.
+        def confirm_sources
+          if sampling_control[:enabled] == DEFAULT_SAMPLING_ENABLED
+            Contrast::CONFIG.sources.set('assess.sampling.enable', Contrast::Components::Config::Sources::DEFAULT)
+          end
+          if sampling_control[:window] == DEFAULT_SAMPLING_WINDOW_MS
+            Contrast::CONFIG.sources.set('assess.sampling.window_ms', Contrast::Components::Config::Sources::DEFAULT)
+          end
+          {
+              'baseline' => :baseline,
+              'request_frequency' => :request_frequency,
+              'response_frequency' => :response_frequency
+          }.each do |k, v|
+            if sampling_control[v] == cs__class.cs__const_get("DEFAULT_SAMPLING_#{ v.upcase }")
+              Contrast::CONFIG.sources.set("assess.sampling.#{ k }", Contrast::Components::Config::Sources::DEFAULT)
+            end
+          end
+        end
       end
     end
   end

data/lib/contrast/components/security_logger.rb

@@ -1,17 +1,30 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/components/base'
+
 module Contrast
   module Components
     module SecurityLogger
       # Here we will read and store the setting for the CEF Logging functionality
       class Interface
+        include Contrast::Components::ComponentBase
+
+        CANON_NAME = 'agent.security_logger'
+        CONFIG_VALUES = %w[path level].cs__freeze
+
         # @return [String, nil]
         attr_accessor :path
         # @return [String, nil]
         attr_accessor :level
+        # @return [String]
+        attr_reader :canon_name
+        # @return [Array]
+        attr_reader :config_values
 
         def initialize hsh = {}
+          @config_values = CONFIG_VALUES
+          @canon_name = CANON_NAME
           return unless hsh
 
           @path = hsh[:path]

data/lib/contrast/components/settings.rb

@@ -1,10 +1,10 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/api/settings.pb'
 require 'contrast/agent/excluder'
 require 'contrast/agent/reporting/settings/sensitive_data_masking'
 require 'contrast/components/config'
+require 'contrast/components/logger'
 
 module Contrast
   module Components
@@ -13,8 +13,7 @@ module Contrast
     # directives (likely provided by TeamServer) about product operation.
     # 'Settings' is not a generic term for 'configurable stuff'.
     module Settings
-      APPLICATION_STATE_BASE = Struct.new(:modes_by_id, :exclusion_matchers).
-          new(Hash.new(Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION), [])
+      APPLICATION_STATE_BASE = Struct.new(:modes_by_id).new(Hash.new(:NO_ACTION))
       PROTECT_STATE_BASE = Struct.new(:enabled, :rules).new(false, {})
       ASSESS_STATE_BASE = Struct.new(:enabled, :sampling_settings, :disabled_assess_rules, :session_id).new(false, nil,
                                                                                                             [], nil) do
@@ -27,6 +26,7 @@ module Contrast
 
       # This is a class.
       class Interface # rubocop:disable Metrics/ClassLength
+        include Contrast::Components::Logger::InstanceMethods
         extend Contrast::Components::Config
 
         # tainted_columns are database columns that receive unsanitized input.
@@ -55,30 +55,6 @@ module Contrast
         # Current Application State.
         #
         # modes_by_id [Hash<Rule_id => Mode] Returns Hash with rules and their current mode.
-        # exclusion_matchers [Array] Array of all the exclusions.
-        # code_exclusions [Array<CodeExclusion>] Array of CodeExclusion: {
-        #   name         [String] The name of the exclusion as defined by the user in TS.
-        #   modes        [String] If this exclusion applies to assess or protect. [assess, defend]
-        #   assess_rules [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
-        #   denylist     [String] The call, if in the stack, should result in the agent not taking action.
-        # input_exclusions [Array<InputExclusions>] Array of InputExclusions: {
-        #   name           [String] The name of the input.
-        #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
-        #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
-        #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
-        #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
-        #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
-        #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
-        # }
-        # url_exclusions [Array<UrlExclusions>] Array of UrlExclusions: {
-        #   name           [String] The name of the input.
-        #   modes          [String] If this exclusion applies to assess or protect. [assess, defend]
-        #   assess_rules   [Array] Array of assess rules to which this exclusion applies. AssessRuleID [String]
-        #   protect_rules  [Array] Array of ProtectRuleID [String] The protect rules to which this exclusion applies.
-        #   urls           [Array] Array of URLs to which the exclusions apply. URL [String]
-        #   match_strategy [String] If this exclusion applies to all URLs or only those specified. [ALL, ONLY]
-        #   type           [String] The type of the input [COOKIE, PARAMETER, HEADER, BODY, QUERYSTRING]
-        # }
         attr_reader :application_state
         # This the structure that will hold the masking rules send from TS.
         #
@@ -94,43 +70,75 @@ module Contrast
         attr_reader :last_server_update_ms
         # @return [Contrast::Agent::Excluder] a wrapper around the exclusion rules for the application
         attr_reader :excluder
+        # @return [String] The last update but in string format used to build request header.
+        # This value should be sent be TS in the Last-Modified header to sync and save resources if the
+        # two dates are the same.
+        # format: <day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT
+        attr_reader :server_settings_last_httpdate
 
         def initialize
           reset_state
         end
 
         def code_exclusions
-          @application_state.exclusion_matchers.select(&:code?)
+          excluder&.exclusions&.select(&:code?)
         end
 
-        # @param features_response [Contrast::Api::Settings::ServerFeatures, Contrast::Agent::Reporting::Response]
+        # @param features_response [Contrast::Agent::Reporting::Response]
         def update_from_server_features features_response
-          if features_response.cs__is_a?(Contrast::Agent::Reporting::Response)
-            update_from_response(features_response)
-          else
-            @protect_state.enabled = features_response.protect_enabled?
-            @assess_state.enabled = features_response.assess_enabled?
-            @assess_state.sampling_settings = features_response.assess.sampling
-            @last_server_update_ms = Contrast::Utils::Timer.now_ms
+          return unless (server_features = features_response&.server_features)
+
+          log_file = server_features.log_file
+          log_level = server_features.log_level
+          # Update logger:
+          Contrast::Logger::Log.instance.update(log_file, log_level) if log_file || log_level
+          # Update CEFlogger:
+          unless server_features.security_logger.settings_blank?
+            cef_logger.build_logger(server_features.security_logger.log_level, server_features.security_logger.log_file)
+          end
+          # TODO: RUBY-99999 Update Bot-Blocker from server settings - check enable value.
+          # For now all protection rules are rebuild on Application update. Bot blocker uses the default
+          # enable from the base rule, and update it's mode on app settings update.
+          # Here we receive also bots for that rule.
+          unless settings_empty?(server_features.protect.enabled?)
+            @protect_state.enabled = server_features.protect.enabled?
+            store_in_config(%i[protect enable], server_features.protect.enabled?)
           end
+          update_assess_server_features(server_features.assess)
           @last_server_update_ms = Contrast::Utils::Timer.now_ms
+          # update via response header. We receive header from TS with last update info, setting the
+          # next request's header with the same time will save needless update of settings if there
+          # are no new server features updates after the said time.
+          @server_settings_last_httpdate = header_last_update
         end
 
-        # @param settings_response [Contrast::Api::Settings::ApplicationSettings, Contrast::Agent::Reporting::Response]
-        def update_from_application_settings settings_response
-          if settings_response&.cs__class == Contrast::Agent::Reporting::Response
-            update_from_response(settings_response)
-          else
-            new_vals = settings_response.application_state_translation
-            @application_state.modes_by_id = new_vals[:modes_by_id]
-            @application_state.exclusion_matchers = new_vals[:exclusion_matchers]
-            @excluder = Contrast::Agent::Excluder.new(@application_state.exclusion_matchers)
-            @assess_state.disabled_assess_rules = new_vals[:disabled_assess_rules]
-            if settings_response.session_id && !settings_response.session_id.blank?
-              @assess_state.session_id = settings_response.session_id
-            end
-            @last_app_update_ms = Contrast::Utils::Timer.now_ms
+        # Update Assess server features
+        #
+        # @param assess [Contrast::Agent::Reporting::Settings::AssessServerFeature]
+        def update_assess_server_features assess
+          return if settings_empty?(assess.enabled?)
+
+          @assess_state.enabled = assess.enabled?
+          store_in_config(%i[assess enable], assess.enabled?)
+          @assess_state.sampling_settings = assess.sampling
+
+          Contrast::Components::Sampling::Interface::CONFIG_VALUES.each do |field|
+            lookup_field = field == 'enable' ? :enabled : field.to_sym
+            store_in_config(Contrast::Components::Sampling::Interface::CANON_NAME.split('.') + [field.to_sym],
+                            assess.sampling.send(lookup_field))
           end
+        end
+
+        # @param settings_response [Contrast::Agent::Reporting::Response]
+        def update_from_application_settings settings_response
+          return unless (app_settings = settings_response&.application_settings)
+
+          @application_state.modes_by_id = app_settings.protect.protection_rules_to_settings_hash
+          update_exclusion_matchers(app_settings.exclusions)
+          update_sensitive_data_policy(app_settings.sensitive_data_masking)
+          @assess_state.disabled_assess_rules = app_settings.assess.disabled_rules
+          new_session_id = app_settings.assess.session_id
+          @assess_state.session_id = new_session_id if new_session_id && !new_session_id.blank?
           @last_app_update_ms = Contrast::Utils::Timer.now_ms
         end
 
@@ -148,17 +156,36 @@ module Contrast
           @protect_state.rules = {}
 
           # Rules. They add themselves on initialize.
-          Contrast::Agent::Protect::Rule::CmdInjection.new
+          Contrast::Agent::Protect::Rule::BotBlocker.new
+          cmdi = Contrast::Agent::Protect::Rule::CmdInjection.new
+          cmdi.sub_rules
           Contrast::Agent::Protect::Rule::Deserialization.new
           Contrast::Agent::Protect::Rule::HttpMethodTampering.new
           Contrast::Agent::Protect::Rule::NoSqli.new
-          Contrast::Agent::Protect::Rule::PathTraversal.new
-          Contrast::Agent::Protect::Rule::Sqli.new
+          path = Contrast::Agent::Protect::Rule::PathTraversal.new
+          path.sub_rules
+          sqli = Contrast::Agent::Protect::Rule::Sqli.new
+          sqli.sub_rules
           Contrast::Agent::Protect::Rule::UnsafeFileUpload.new
           Contrast::Agent::Protect::Rule::Xss.new
           Contrast::Agent::Protect::Rule::Xxe.new
         end
 
+        # @param exclusions [Contrast::Agent::Reporting::Settings::Exclusions]
+        def update_exclusion_matchers exclusions
+          matchers = []
+          exclusions.url_exclusions.each do |exclusion|
+            matchers << Contrast::Agent::ExclusionMatcher.new(exclusion)
+          end
+          exclusions.input_exclusions.each do |exclusion|
+            matchers << Contrast::Agent::ExclusionMatcher.new(exclusion)
+          end
+          exclusions.code_exclusions.each do |exclusion|
+            matchers << Contrast::Agent::ExclusionMatcher.new(exclusion)
+          end
+          @excluder = Contrast::Agent::Excluder.new(matchers)
+        end
+
         # Update the sensitive data masking policy from settings,
         # received from TS. In case the settings are empty,
         # keep current ones.
@@ -179,43 +206,6 @@ module Contrast
 
         private
 
-        # @param response [Contrast::Agent::Reporting::Response]
-        def update_from_response response
-          if (server_features = response.server_features)
-            update_server_features(server_features)
-          end
-          return unless (app_settings = response.application_settings)
-
-          update_application_settings(app_settings)
-        end
-
-        # @param server_features [Contrast::Agent::Reporting::Settings::FeatureSettings]
-        def update_server_features server_features
-          return unless server_features
-
-          log_file = server_features.log_file
-          log_level = server_features.log_level
-          Contrast::Logger::Log.instance.update(log_file, log_level) if log_file || log_level
-          @protect_state.enabled = server_features.protect.enabled?
-          @assess_state.enabled = server_features.assess.enabled?
-          @assess_state.sampling_settings = server_features.assess.sampling
-          @last_server_update_ms = Contrast::Utils::Timer.now_ms
-        end
-
-        # @param app_settings [Contrast::Agent::Reporting::Settings::ApplicationSettings]
-        def update_application_settings app_settings
-          return unless app_settings
-
-          @application_state.modes_by_id = app_settings.protect.protection_rules_to_settings_hash
-          # TODO: RUBY-1438 this needs to be translated
-          # @application_state.exclusion_matchers = new_vals[:exclusion_matchers]
-          update_sensitive_data_policy(app_settings.sensitive_data_masking)
-          @assess_state.disabled_assess_rules = app_settings.assess.disabled_rules
-          new_session_id = app_settings.assess.session_id
-          @assess_state.session_id = new_session_id if new_session_id && !new_session_id.blank?
-          @last_app_update_ms = Contrast::Utils::Timer.now_ms
-        end
-
         # check if settings are empty and return true if so.
         #
         # @param settings [String, Boolean, Array, Hash]
@@ -226,6 +216,31 @@ module Contrast
 
           false
         end
+
+        # update via response header.
+        # Used to build the next request header.
+        #
+        # @return [String]
+        def header_last_update
+          Contrast::Agent.reporter.client.response_handler.last_server_modified
+        end
+
+        # Update the stored config values to ensure that we know about the correct values,
+        # and that the sources are correct for entries updated from the UI.
+        #
+        # @param parts [Array] the path to the setting in config
+        # @param value [String, Integer, Array, nil] the value for the configuration setting
+        def store_in_config parts, value
+          level = Contrast::CONFIG.config.loaded_config
+          parts[0...-1].each do |segment|
+            level[segment] ||= {}
+            level = level[segment]
+          end
+          return unless level.cs__is_a?(Hash)
+
+          level[parts[-1]] = value
+          Contrast::CONFIG.sources.set(parts.join('.'), Contrast::Components::Config::Sources::CONTRASTUI)
+        end
       end
     end
   end