contrast-agent 6.7.0 → 6.9.0

data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb

@@ -11,7 +11,7 @@ module Contrast
       module Rule
         # The Ruby implementation of the Protect Unsafe File Upload rule.
         # The unsafe-file-upload rule can trigger the following results:
-        # BLOCKED in Blocking mode na SUSPICIOUS in Monitor mode.
+        # BLOCKED in Blocking mode and SUSPICIOUS in Monitor mode.
         class UnsafeFileUpload < Contrast::Agent::Protect::Rule::BaseService
           include Contrast::Agent::Reporting::InputType
 
@@ -23,40 +23,13 @@ module Contrast
             NAME
           end
 
-          # This rule is solely based on input analysis, which the Service handles. When we move from the Service to the
-          # agent with protect library, we should re-enable these tests and that rule.
-          # TODO: RUBY-1574
-          def enabled?
-            super && false
+          def applicable_user_inputs
+            APPLICABLE_USER_INPUTS
           end
 
-          # def block_message
-          #   BLOCK_MESSAGE
-          # end
-          #
-          # def prefilter context
-          #   return unless prefilter?(context)
-          #
-          #   ia_results = gather_ia_results context
-          #
-          #   ia_results.each do |ia_result|
-          #     result = build_attack_result(context)
-          #     build_attack_without_match context, ia_result, result
-          #     append_to_activity context, result
-          #
-          #     cef_logging result, :successful_attack
-          #     raise Contrast::SecurityException.new(self, BLOCK_MESSAGE) if blocked?
-          #   end
-          # end
-          #
-          # private
-          #
-          # def prefilter? _context
-          #   return false unless enabled?
-          #   return false if protect_excluded_by_code?
-          #
-          #   true
-          # end
+          def block_message
+            BLOCK_MESSAGE
+          end
         end
       end
     end

data/lib/contrast/agent/protect/rule/xss/reflected_xss_input_classification.rb

@@ -0,0 +1,58 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/utils/input_classification_base'
+
+module Contrast
+  module Agent
+    module Protect
+      module Rule
+        # The Ruby implementation of the Protect Reflected XSS rule
+        # Input classification
+        module ReflectedXssInputClassification
+          REFLECTED_XSS_MATCH = 'reflected-xss-input-tracing-v1'.cs__freeze
+          WORTHWATCHING_MATCH = 'xss-worth-watching-v2'.cs__freeze
+          class << self
+            include InputClassificationBase
+
+            private
+
+            # This methods checks if input is tagged WORTHWATCHING or IGNORE matches value with it's
+            # key if needed and Creates new isntance of InputAnalysisResult.
+            #
+            # @param request [Contrast::Agent::Request] the current request context.
+            # @param rule_id [String] The name of the Protect Rule.
+            # @param input_type [Contrast::Agent::Reporting::InputType] The type of the user input.
+            # @param value [String, Array<String>] the value of the input.
+            #
+            # @return res [Contrast::Agent::Reporting::InputAnalysisResult]
+            def create_new_input_result request, rule_id, input_type, value
+              return unless Contrast::AGENT_LIB
+
+              input_eval = Contrast::AGENT_LIB.eval_input(value,
+                                                          convert_input_type(input_type),
+                                                          Contrast::AGENT_LIB.rule_set[rule_id],
+                                                          Contrast::AGENT_LIB.
+                                                            eval_option[:WORTHWATCHING])
+
+              score = input_eval&.score || 0
+              ia_result = new_ia_result(rule_id, input_type, request.path, value)
+              if score >= THRESHOLD
+                ia_result.score_level = DEFINITEATTACK
+                ia_result.ids << REFLECTED_XSS_MATCH
+              elsif score >= WORTHWATCHING_THRESHOLD
+                ia_result.score_level = WORTHWATCHING
+                ia_result.ids << WORTHWATCHING_MATCH
+              else
+                ia_result.score_level = IGNORE
+              end
+
+              add_needed_key(request, ia_result, input_type, value)
+              ia_result
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/protect/rule/xss.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base_service'
+require 'contrast/agent/reporting/input_analysis/input_type'
 
 module Contrast
   module Agent
@@ -9,37 +10,31 @@ module Contrast
       module Rule
         # The Ruby implementation of the Protect Cross-Site Scripting rule.
         class Xss < Contrast::Agent::Protect::Rule::BaseService
+          include Contrast::Agent::Reporting::InputType
           NAME = 'reflected-xss'
           BLOCK_MESSAGE = 'XSS rule triggered. Response blocked.'
 
-          class << self
-            # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
-            # @return [Hash] the details for this specific rule
-            def extract_details attack_sample
-              # TODO: RUBY-1702 - figure out why xss isn't populated when reported; probably something to do w/
-              #   suspicious
-              return Contrast::Utils::ObjectShare::EMPTY_HASH unless attack_sample&.xss
-
-              {
-                  input: attack_sample.xss.input,
-                  matches: attack_sample.xss.matches.map do |match|
-                             {
-                                 evidenceStart: match.evidence_start_ms,
-                                 evidence: match.evidence,
-                                 offset: match.offset
-                             }
-                           end
-              }
-            end
-          end
+          APPLICABLE_USER_INPUTS = [
+            BODY, PARAMETER_NAME, PARAMETER_VALUE, JSON_VALUE,
+            MULTIPART_VALUE, MULTIPART_FIELD_NAME, XML_VALUE,
+            DWR_VALUE, URI, QUERYSTRING
+          ].cs__freeze
 
           def rule_name
             NAME
           end
 
+          def block_message
+            BLOCK_MESSAGE
+          end
+
           def stream_safe?
             false
           end
+
+          def applicable_user_inputs
+            APPLICABLE_USER_INPUTS
+          end
         end
       end
     end

data/lib/contrast/agent/protect/rule/xxe.rb

@@ -22,28 +22,6 @@ module Contrast
           BLOCK_MESSAGE = 'XXE rule triggered. Response blocked.'
           EXTERNAL_ENTITY_PATTERN = /<!ENTITY\s+[a-zA-Z0-f]+\s+(?:SYSTEM|PUBLIC)\s+(.*?)>/.cs__freeze
 
-          class << self
-            # @param attack_sample [Contrast::Api::Dtm::RaspRuleSample]
-            # @return [Hash] the details for this specific rule
-            def extract_details attack_sample
-              {
-                  xml: attack_sample.xxe.xml,
-                  declaredEntities: attack_sample.xxe.declared_entities.map do |entity|
-                                      {
-                                          start: entity.start_idx,
-                                          end: entity.end_idx
-                                      }
-                                    end,
-                  entitiesResolved: attack_sample.xxe.entities_resolved.map do |entity|
-                                      {
-                                          systemId: entity.system_id,
-                                          publicId: entity.public_id
-                                      }
-                                    end
-              }
-            end
-          end
-
           def rule_name
             NAME
           end
@@ -81,7 +59,7 @@ module Contrast
           # @param xml [String] the literal value of the XML being checked for
           #   external entity resolution
           # @param _kwargs [Hash]
-          # @return [Contrast::Api::Dtm::AttackResult, nil] the determination
+          # @return [Contrast::Agent::Reporting, nil] the determination
           #   as to whether or not this XML has an XXE attack in it.
           def find_attacker context, xml, **_kwargs
             return unless xml
@@ -142,8 +120,10 @@ module Contrast
           # We know that this attack happened, so the result is always matched
           # and the level is always critical. Only variable is the XML value
           # supplied by the attacker.
+          #
+          # @return [Contrast::Agent::Reporting::InputAnalysisResult]
           def build_evaluation xml
-            ia_result = Contrast::Api::Settings::InputAnalysisResult.new
+            ia_result = Contrast::Agent::Reporting::InputAnalysisResult.new
             ia_result.rule_id = rule_name
             ia_result.input_type = :UNKNOWN
             ia_result.value = Contrast::Utils::StringUtils.protobuf_safe_string(xml)

data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb

@@ -6,6 +6,7 @@ require 'contrast/utils/timer'
 require 'contrast/agent/reporting/attack_result/user_input'
 require 'contrast/agent/reporting/input_analysis/input_type'
 require 'contrast/agent/reporting/details/protect_rule_details'
+require 'contrast/agent/reporting/reporting_events/application_defend_attack_sample_stack'
 
 module Contrast
   module Agent
@@ -19,19 +20,15 @@ module Contrast
         #
         # @return [Contrast::Agent::Reporting::Details::ProtectRuleDetails, nil]
         attr_accessor :details
-        # @return [Contrast::Agent::Reporting::Details::IpDenylistDetails, nil]
-        attr_accessor :ip_denylist
-        # @return [Contrast::Agent::Reporting::Details::VirtualPatchDetails, nil]
-        attr_accessor :virtual_patch
 
         class << self
           # @param context [Contrast::Agent::RequestContext]
-          # @param ia_result [Contrast::Api::Settings::InputAnalysisResult] the analysis of the input that was
-          #   determined to be an attack
+          # @param ia_result [Contrast::Agent::Reporting::Settings::InputAnalysisResult] the analysis of the input that
+          #   was determined to be an attack
           # @return [Contrast::Agent::Reporting::RaspRuleSample]
           def build context, ia_result
             sample = new
-            sample.time_stamp = context&.timer&.start_ms
+            sample.time_stamp = context&.timer&.start_ms || Contrast::Utils::Timer.now_ms
             sample.user_input = build_user_input_from_ia(ia_result)
             sample.user_input.document_type = if context&.request
                                                 Contrast::Utils::StringUtils.force_utf8(context.request.document_type)
@@ -39,43 +36,19 @@ module Contrast
             sample
           end
 
-          # @param ia_result [Contrast::Api::Settings::InputAnalysisResult] the analysis of the input that was
-          #   determined to be an attack
+          # @param ia_result [Contrast::Agent::Reporting::Settings::InputAnalysisResult] the analysis of the input that
+          #   was determined to be an attack
           def build_user_input_from_ia ia_result
-            # TODO: RUBY-99999 remove once only using Agent IA
-            result = if ia_result.cs__is_a?(Contrast::Api::Settings::InputAnalysisResult)
-                       transform_ia_result(ia_result)
-                     else
-                       # Use Agent ia_result
-                       ia_result
-                     end
             user_input = Contrast::Agent::Reporting::UserInput.new
-            return user_input unless result
+            return user_input unless ia_result
 
-            user_input.input_type = result.input_type
-            user_input.matcher_ids = result.ids
-            user_input.path = result.path
-            user_input.key = result.key if result.key
-            user_input.value = result.value if result.value
+            user_input.input_type = ia_result.input_type
+            user_input.matcher_ids = ia_result.ids
+            user_input.path = ia_result.path
+            user_input.key = ia_result.key if ia_result.key
+            user_input.value = ia_result.value if ia_result.value
             user_input
           end
-
-          # @param [Contrast::Api::Settings::InputAnalysisResult]
-          # @return [Contrast::Agent::Reporting::InputAnalysisResult]
-          def transform_ia_result dtm_ia_result
-            ia_result = Contrast::Agent::Reporting::InputAnalysisResult.new
-            ia_result.input_type = Contrast::Agent::Reporting::InputType.to_a.find do |value|
-              value == dtm_ia_result.input_type.name # rubocop:disable Security/Module/Name
-            end
-            ia_result.score_level = dtm_ia_result.score_level.name # rubocop:disable Security/Module/Name
-            ia_result.value = dtm_ia_result.value
-            ia_result.key = dtm_ia_result.key
-            ia_result.path = dtm_ia_result.path
-            ia_result.rule_id = dtm_ia_result.rule_id
-            ia_result.attack_count = dtm_ia_result.attack_count
-            ia_result.ids = dtm_ia_result.ids
-            ia_result
-          end
         end
 
         def time_stamp
@@ -94,11 +67,17 @@ module Contrast
           @_user_input = input if input.is_a?(Contrast::Agent::Reporting::UserInput)
         end
 
+        # @return [Array<Contrast::Agent::Reporting::ApplicationDefendAttackSampleStack>,Array]
+        def stack
+          @_stack ||= []
+        end
+
         def to_controlled_hash
           {
               timeStamp: Time.at(time_stamp).iso8601,
               userInput: user_input.to_controlled_hash,
-              details: details&.to_controlled_hash
+              details: details&.to_controlled_hash,
+              stack: stack.map(&:to_controlled_hash)
           }
         end
       end

data/lib/contrast/agent/reporting/attack_result/response_type.rb

@@ -9,18 +9,18 @@ module Contrast
       # This module will hold the response types used to generate
       # attack result.
       module ResponseType
-        BLOCKED             = :BLOCKED.cs__freeze
-        MONITORED           = :MONITORED.cs__freeze
-        PROBED              = :PROBED.cs__freeze
-        BLOCK_AT_PERIMETER  = :BLOCK_AT_PERIMETER.cs__freeze
-        SUSPICIOUS          = :SUSPICIOUS.cs__freeze
-        AGGREGATED          = :AGGREGATED.cs__freeze
-        EXPLOITED           = :EXPLOITED.cs__freeze
-        NO_ACTION           = :NO_ACTION.cs__freeze
+        BLOCKED               = :BLOCKED.cs__freeze
+        MONITORED             = :MONITORED.cs__freeze
+        PROBED                = :PROBED.cs__freeze
+        BLOCKED_AT_PERIMETER  = :BLOCKED_AT_PERIMETER.cs__freeze
+        SUSPICIOUS            = :SUSPICIOUS.cs__freeze
+        AGGREGATED            = :AGGREGATED.cs__freeze
+        EXPLOITED             = :EXPLOITED.cs__freeze
+        NO_ACTION             = :NO_ACTION.cs__freeze
 
         class << self
           def to_a
-            [NO_ACTION, BLOCKED, MONITORED, PROBED, BLOCK_AT_PERIMETER, EXPLOITED, SUSPICIOUS, AGGREGATED]
+            [NO_ACTION, BLOCKED, MONITORED, PROBED, BLOCKED_AT_PERIMETER, EXPLOITED, SUSPICIOUS, AGGREGATED]
           end
         end
       end

data/lib/contrast/agent/reporting/details/ip_denylist_details.rb

@@ -10,9 +10,17 @@ module Contrast
         # Bot blocker IA result details info.
         class IpDenylistDetails < ProtectRuleDetails
           # @return [String]
-          attr_accessor :ip
+          attr_reader :ip
           # @return [String]
-          attr_accessor :uuid
+          attr_reader :uuid
+
+          # @param ip [String] the IP address that was blocked
+          # @param uuid [String] the UUID to identify the block rule in TeamServer
+          def initialize ip, uuid
+            @ip = ip
+            @uuid = uuid
+            super()
+          end
 
           def to_controlled_hash
             {

data/lib/contrast/agent/reporting/details/virtual_patch_details.rb

@@ -7,10 +7,16 @@ module Contrast
   module Agent
     module Reporting
       module Details
-        # Bot blocker IA result details info.
+        # Virtual Patch IA result details info.
         class VirtualPatchDetails < ProtectRuleDetails
           # @return [String]
-          attr_accessor :uuid
+          attr_reader :uuid
+
+          # @param uuid [String] the UUID to identify the block rule in TeamServer
+          def initialize uuid
+            @uuid = uuid
+            super()
+          end
 
           def to_controlled_hash
             {

data/lib/contrast/agent/reporting/input_analysis/details/bot_blocker_details.rb

@@ -0,0 +1,27 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/input_analysis/details/protect_rule_details'
+
+module Contrast
+  module Agent
+    module Reporting
+      # Bot blocker IA result details info.
+      class BotBlockerDetails < ProtectRuleDetails
+        # @return [String]
+        attr_accessor :bot
+        # User agent header value
+        #
+        # @return [String]
+        attr_accessor :user_agent
+
+        def to_controlled_hash
+          {
+              bot: bot,
+              userAgent: user_agent
+          }
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/input_analysis/details/protect_rule_details.rb

@@ -0,0 +1,15 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Agent
+    module Reporting
+      # This class is holding additional info which is rule specific and this is
+      # the base class for type check made easy.
+      class ProtectRuleDetails
+        # Extend per each rule.
+        def to_controlled_hash; end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/input_analysis/input_analysis.rb

@@ -7,8 +7,7 @@ require 'contrast/agent/reporting/input_analysis/input_analysis_result'
 module Contrast
   module Agent
     module Reporting
-      # This class will do ia analysis for our protect rules instead of
-      # using the service.
+      # This class will do ia analysis for our protect rules
       class InputAnalysis
         # result from input analysis
         #

data/lib/contrast/agent/reporting/input_analysis/input_analysis_result.rb

@@ -4,12 +4,12 @@
 require 'contrast/utils/object_share'
 require 'contrast/agent/reporting/input_analysis/input_type'
 require 'contrast/agent/reporting/input_analysis/score_level'
+require 'contrast/agent/reporting/input_analysis/details/protect_rule_details'
 
 module Contrast
   module Agent
     module Reporting
-      # This class will do ia analysis for our protect rules instead of
-      # using the service.
+      # This class will do ia analysis for our protect rules
       class InputAnalysisResult
         INPUT_TYPE = Contrast::Agent::Reporting::InputType
         SCORE_LEVEL = Contrast::Agent::Reporting::ScoreLevel
@@ -109,6 +109,20 @@ module Contrast
         def score_level= score_level
           @_score_level = score_level if SCORE_LEVEL.to_a.include?(score_level)
         end
+
+        # Additional per rule details containing more specific info.
+        #
+        # @param protect_rule_details [Contrast::Agent::Reporting::ProtectRuleDetails]
+        def details= protect_rule_details
+          @_details = protect_rule_details if protect_rule_details.is_a?(Contrast::Agent::Reporting::ProtectRuleDetails)
+        end
+
+        # Additional per rule details containing more specific info.
+        #
+        # @return [Contrast::Agent::Reporting::ProtectRuleDetails, nil]
+        def details
+          @_details
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/masker/masker.rb

@@ -35,6 +35,8 @@ module Contrast
             return unless activity
 
             logger.debug('Masker: masking sensitive data', activity: activity.__id__, request: activity.request&.__id__)
+            return if activity.request.nil?
+
             mask_body(activity)
             mask_query_string(activity)
             mask_request_params(activity)

data/lib/contrast/agent/reporting/report.rb

@@ -26,5 +26,6 @@ require 'contrast/agent/reporting/reporting_events/observed_route'
 require 'contrast/agent/reporting/reporting_events/route_coverage'
 require 'contrast/agent/reporting/reporting_events/observed_library_usage'
 require 'contrast/agent/reporting/reporting_events/poll'
+require 'contrast/agent/reporting/reporting_events/server_settings'
 # Sensitive data masking
 require 'contrast/agent/reporting/masker/masker'

data/lib/contrast/agent/reporting/reporter.rb

@@ -5,6 +5,8 @@ require 'contrast/agent/worker_thread'
 require 'contrast/agent/reporting/report'
 require 'contrast/components/logger'
 require 'contrast/agent/reporting/reporting_events/agent_startup'
+require 'contrast/agent/telemetry/events/exceptions/telemetry_exceptions'
+require 'contrast/agent/telemetry/events/exceptions/obfuscate'
 
 module Contrast
   module Agent
@@ -13,12 +15,14 @@ module Contrast
       include Contrast::Components::Logger::InstanceMethods
       include Contrast::Utils::ObjectShare
 
+      MAX_QUEUE_SIZE = 1000
+
       class << self
         # check if we can report to TS
         #
         # @return[Boolean] true if bypass is enabled, or false if bypass disabled
         def enabled?
-          @_enabled = Contrast::CONTRAST_SERVICE.use_agent_communication? if @_enabled.nil?
+          @_enabled = ::Contrast::AGENT.enabled? if @_enabled.nil?
           @_enabled
         end
       end
@@ -39,7 +43,6 @@ module Contrast
           logger.debug('Starting background Reporter thread.')
           loop do
             next unless connected?
-            next unless app_create_complete?
 
             process_event(queue.pop)
           rescue StandardError => e
@@ -69,6 +72,14 @@ module Contrast
         end
         return unless event
 
+        if queue.size >= MAX_QUEUE_SIZE
+          if Contrast::Agent::Telemetry::Base.enabled?
+            Contrast::Agent.thread_watcher.telemetry_queue.send_event(queue_limit_telemetry_event)
+          end
+
+          return
+        end
+
         queue << event
       end
 
@@ -120,18 +131,6 @@ module Contrast
         false
       end
 
-      # Unless we're in bypass mode, we need to make sure the service has started and built the application on
-      # TeamServer since we're doing a split style here.
-      #
-      # @return [Boolean]
-      def app_create_complete?
-        return true if Contrast::APP_CONTEXT.session_id
-
-        logger.debug('Service startup incomplete; Application may not be created; sleeping')
-        sleep(5)
-        false
-      end
-
       # @param event [Contrast::Agent::Reporting::ReportingEvent]
       def process_event event
         client.send_event(event, connection)
@@ -139,6 +138,28 @@ module Contrast
       rescue StandardError => e
         logger.error('Could not send message to TeamServer from Reporter queue.', e)
       end
+
+      # @return [Contrast::Agent::Telemetry::TelemetryException::Event]
+      def queue_limit_telemetry_event
+        message_exception = Contrast::Agent::Telemetry::TelemetryException::MessageException.build(
+            'String',
+            "Maximum queue size (#{ MAX_QUEUE_SIZE }) reached for reporting events", nil, stack_frame)
+        message = Contrast::Agent::Telemetry::TelemetryException::Message.build({}, [message_exception])
+        Contrast::Agent::Telemetry::TelemetryException::Event.new(message)
+      end
+
+      def stack_frame
+        stack_trace = caller_locations(20, 20)
+        stack_frame_type = if stack_trace.nil? || stack_trace[1].nil?
+                             'none'
+                           else
+                             Contrast::Agent::Telemetry::TelemetryException::Obfuscate.obfuscate_type(
+                                 stack_trace[1].path.delete_prefix(Dir.pwd))
+                           end
+
+        stack_frame_function = stack_trace.nil? || stack_trace[1].nil? ? 'none' : stack_trace[1].label
+        Contrast::Agent::Telemetry::TelemetryException::StackFrame.build(stack_frame_function, stack_frame_type, nil)
+      end
     end
   end
 end

data/lib/contrast/agent/reporting/reporter_heartbeat.rb

@@ -1,18 +1,16 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/worker_thread'
-require 'contrast/agent/reporting/report'
+require 'contrast/agent/reporting/reporter'
 require 'contrast/agent/inventory/dependency_usage_analysis'
 require 'contrast/agent/reporting/reporting_events/poll'
-require 'contrast/agent/reporting/reporting_events/server_activity'
 
 module Contrast
   module Agent
     # The ReporterHeartbeat will make sure that the process remains marked alive by TeamServer and that we periodically
     # reach out to get the latest settings for this application. It also sends out those messages which do not need to
     # be associated directly with a request, such as Server Activity and Library Observation.
-    class ReporterHeartbeat < WorkerThread
+    class ReporterHeartbeat < Reporter
       # TeamServer will mark an application offline after 5 minutes. Sending this every one should be more than enough
       # to satisfy our goals.
       REFRESH_INTERVAL_SEC = 60
@@ -42,11 +40,7 @@ module Contrast
       #
       # @return [Array<Contrast::Agent::Reporting::ReportingEvent>]
       def polling_events
-        [
-          Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.generate_library_usage,
-          Contrast::Agent::Reporting::ServerActivity.new,
-          poll_message
-        ].compact
+        [Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.generate_library_usage, poll_message].compact
       end
     end
   end