contrast-agent 6.8.0 → 6.10.0

data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb

@@ -13,33 +13,50 @@ module Contrast
         # @return [Array<Contrast::Agent::Reporting::ApplicationDefendAttackerActivity>]
         attr_reader :attackers
 
+        # @return [Boolean]
+        attr_reader :existing_attacker_activity
+
         def initialize
           @attackers = []
+          @existing_attacker_activity = false
           @event_type = :application_defend_activity
         end
 
         def to_controlled_hash
+          validate
           {
               attackers: attackers.map(&:to_controlled_hash)
           }
         end
 
+        def validate
+          raise(ArgumentError, 'Attackers data must be populated') if existing_attacker_activity && attackers.empty?
+        end
+
         # @param attack_result [Contrast::Agent::Reporting::AttackResult]
         def attach_data attack_result
+          return unless attack_result&.cs__is_a?(Contrast::Agent::Reporting::AttackResult)
+
           attacker_activity = Contrast::Agent::Reporting::ApplicationDefendAttackerActivity.new
           attacker_activity.attach_data(attack_result)
-          existing_attacker_activity = attackers.find do |existing|
-            existing.source_forwarded_for == attacker_activity.source_forwarded_for &&
-                existing.source_ip == attacker_activity.source_ip
-          end
-          rule = attack_result.rule_id
-          if existing_attacker_activity
-            attach_existing(existing_attacker_activity, attacker_activity, rule)
+
+          @existing_attacker_activity = true
+          if (existing_attacker_activity = find_existing_attacker_activity(attacker_activity))
+            attach_existing(existing_attacker_activity, attacker_activity, attack_result.rule_id)
           else
             attackers << attacker_activity
           end
         end
 
+        # Find an existing attacker if it matches on source details
+        # @param new_attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
+        def find_existing_attacker_activity new_attacker_activity
+          attackers.find do |existing|
+            existing.source_forwarded_for == new_attacker_activity.source_forwarded_for &&
+                existing.source_ip == new_attacker_activity.source_ip
+          end
+        end
+
         # @param existing_attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
         # @param attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
         # @param rule [String]

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_activity.rb

@@ -9,6 +9,7 @@ module Contrast
     module Reporting
       # This is the new ApplicationDefendAttackActivity class which will include the attacks sent by the source.
       class ApplicationDefendAttackActivity
+        include Contrast::Components::Logger::InstanceMethods
         # @return [Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity]
         attr_accessor :blocked
         # @return [Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity]
@@ -27,15 +28,29 @@ module Contrast
         end
 
         def to_controlled_hash
+          blocked_hash = blocked&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH
+          exploited_hash = exploited&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH
+          ineffective_hash = ineffective&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH
+          suspicious_hash = suspicious&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH
+          validate(blocked_hash, exploited_hash, ineffective_hash, suspicious_hash)
+
           {
               startTime: @start_time,
-              blocked: @blocked&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH,
-              exploited: @exploited&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH,
-              ineffective: @ineffective&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH,
-              suspicious: @suspicious&.to_controlled_hash || Contrast::Utils::ObjectShare::EMPTY_HASH
+              blocked: blocked_hash,
+              exploited: exploited_hash,
+              ineffective: ineffective_hash,
+              suspicious: suspicious_hash
           }
         end
 
+        def validate blocked_hash, exploited_hash, ineffective_hash, suspicious_hash
+          return unless [blocked_hash, exploited_hash, ineffective_hash, suspicious_hash].all?(&:empty?)
+
+          raise(ArgumentError, 'Start Time for is not presented') unless start_time
+
+          raise(ArgumentError, 'At least one of the samples must be populated')
+        end
+
         # @param attack_result [Contrast::Agent::Reporting::AttackResult]
         # @return [Contrast::Agent::Reporting::Defend::AttackSampleActivity]
         def attach_data attack_result
@@ -57,7 +72,7 @@ module Contrast
         end
 
         def start_time
-          Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms
+          Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0
         end
       end
     end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample.rb

@@ -3,7 +3,6 @@
 
 require 'contrast/agent/protect/rule/cmd_injection'
 require 'contrast/agent/protect/rule/deserialization'
-require 'contrast/agent/protect/rule/http_method_tampering'
 require 'contrast/agent/protect/rule/no_sqli'
 require 'contrast/agent/reporting/attack_result/user_input'
 require 'contrast/agent/reporting/attack_result/response_type'

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb

@@ -24,6 +24,7 @@ module Contrast
         end
 
         def to_controlled_hash
+          validate
           {
               attackTimeMap: time_map,
               samples: samples.map(&:to_controlled_hash),
@@ -32,6 +33,10 @@ module Contrast
           }
         end
 
+        def validate
+          raise(ArgumentError, 'Start Time is not presented') unless @start_time
+        end
+
         # @param attack_result [Contrast::Agent::Reporting::AttackResult]
         def attach_data attack_result
           attack_result.samples.each do |attack_sample|

data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb

@@ -11,6 +11,7 @@ module Contrast
       # This is the new AttackerActivity class which will includes the attacker information discovered during this
       # activity period.
       class ApplicationDefendAttackerActivity
+        include Contrast::Components::Logger::InstanceMethods
         # @return [Hash<String,Contrast::Agent::Reporting::ApplicationDefendAttackActivity>] map of rule-id to violated
         #   samples for that rule
         attr_accessor :protection_rules
@@ -32,8 +33,11 @@ module Contrast
         end
 
         def to_controlled_hash
+          processed_rules = process_protection_rules
+          validate(processed_rules)
+
           {
-              protectionRules: process_protection_rules,
+              protectionRules: processed_rules,
               source: {
                   ip: source_ip,
                   xForwardedFor: source_forwarded_for
@@ -41,6 +45,11 @@ module Contrast
           }
         end
 
+        def validate processed_rules
+          raise(ArgumentError, 'Protection Rules are not presented') if processed_rules.empty?
+          raise(ArgumentError, 'Source is not presented') unless source_ip
+        end
+
         # @param attack_result [Contrast::Agent::Reporting::AttackResult]
         def attach_data attack_result
           @protection_rules[attack_result.rule_id] = Contrast::Agent::Reporting::ApplicationDefendAttackActivity.new.

data/lib/contrast/agent/reporting/reporting_events/application_inventory.rb

@@ -22,7 +22,7 @@ module Contrast
           @event_method = :POST
           @event_endpoint = Contrast::Agent::Reporting::Endpoints.application_inventory
           # The API spec limits us to 500 routes, so we'll enforce that here to not hold on to superfulous data.
-          @routes = Contrast::Agent.framework_manager.find_route_discovery_data.take(500)
+          @routes = Contrast::Agent.framework_manager.find_route_discovery_data&.take(500)
           super
         end
 
@@ -33,6 +33,7 @@ module Contrast
         def to_controlled_hash
           {
               session_id: ::Contrast::ASSESS.session_id,
+              # documentation lists routes as deprecated from the agent_ng_endpoints.yml
               routes: routes.map(&:to_controlled_hash)
           }
         end

data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb

@@ -13,7 +13,7 @@ module Contrast
       # about the inventory of the application which was discovered during exercise of the application
       # during this activity period.
       class ApplicationInventoryActivity < Contrast::Agent::Reporting::ApplicationReportingEvent
-        # return [Contrast::Agent::Reporting::ArchitectureComponent]
+        # return [Array<Contrast::Agent::Reporting::ArchitectureComponent>]
         attr_reader :components
         # @ return [Array<String>, nil] - User-Agent Header value
         attr_reader :browsers
@@ -46,6 +46,11 @@ module Contrast
         def duration
           Contrast::Utils::Timer.now_ms - (Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0)
         end
+
+        # Helper method to determine if InventoryActivity has no data
+        def empty?
+          @browsers.empty? && @components.empty?
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/application_reporting_event.rb

@@ -17,10 +17,20 @@ module Contrast
         # The timestamp field is a bit of a misnomer. It's really the time, in ms, since the settings for this
         # application have been updated. If I've never updated, then it's been 0ms since then.
         #
+        #
         # @return [Integer]
         def since_last_update
           (update_time = Contrast::SETTINGS.last_app_update_ms) ? Contrast::Utils::Timer.now_ms - update_time : 0
         end
+
+        # Human readable last time update for header set. Set to 0 if the agent is just starting and have not received
+        # the latest header from TS.
+        #
+        #
+        # @return [String]
+        def since_last_update_httpdate
+          Contrast::SETTINGS.app_settings_last_httpdate || Contrast::Utils::Timer.ms_to_httpdate(0)
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/application_settings.rb

@@ -0,0 +1,40 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/reporting/reporting_events/application_reporting_event'
+require 'contrast/agent/reporting/reporting_utilities/endpoints'
+require 'contrast/utils/timer'
+
+module Contrast
+  module Agent
+    module Reporting
+      # This class will initialize a GET request to be send to TS. The application settings endpoint is the way
+      # the Agent receives application sittings
+      class ApplicationSettings < Contrast::Agent::Reporting::ApplicationReportingEvent
+        def initialize
+          @event_method = :GET
+          @event_endpoint = Contrast::Agent::Reporting::Endpoints.application_settings
+          super
+        end
+
+        def file_name
+          'application-settings'
+        end
+
+        # Attach the last server settings received timestamp to the request as it is required.
+        #
+        # If-Modified-Since: <day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT
+        # @param request [Net::HTTPRequest]
+        def attach_headers request
+          request['If-Modified-Since'] = since_last_update_httpdate
+        end
+
+        # @return [Hash]
+        # @raise [ArgumentError]
+        def to_controlled_hash
+          {}
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/reporting/reporting_events/finding.rb

@@ -88,8 +88,8 @@ module Contrast
           event_messages = Contrast::Agent::Reporting::FindingEvent.from_source(source)
           events.concat(event_messages) if event_messages&.any?
           event_data = Contrast::Agent::Assess::Events::EventData.new(trigger_node, source, object, ret, args)
-          contrast_event = Contrast::Agent::Assess::ContrastEvent.new(event_data)
-          events << Contrast::Agent::Reporting::FindingEvent.convert(contrast_event)
+          contrast_event = Contrast::Agent::Reporting::FindingEvent.new(event_data)
+          events << contrast_event
           return unless request
 
           @request = Contrast::Agent::Reporting::FindingRequest.convert(request)