contrast-agent 6.8.0 → 6.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2c32847e196cdcf1540bd39373f9327a46e50cb1c4be6516f2ad5664696c0221
-  data.tar.gz: 03b9bc37cf6b8fe3fd0662f120f6f24cc9faf868cf91c7fb698ccbcb52f15aac
+  metadata.gz: b850f63bce180f09f998f5363f58b01e9c69db61a2f98a31db97fb59b82564d7
+  data.tar.gz: 811072666998fb4daf0f49d2514d875b45c18d79d29398639862f1c2144aa930
 SHA512:
-  metadata.gz: 204a13ebf2cc20d9302d55a1d2201cc0f8f2ba35b5bf1b3392f75c0636f8ab5224de54106af8349c16da111d86f2381e894d8925eccf2df1e46e4d04b99eb7be
-  data.tar.gz: ac50424a98754b82bab6576b7205cdb3f6243f5dc6aa9c55f817f15cfba61e1f0858c27a66efd18457442f0b4f2e8ea42cdfcbecdd67c6941edcd86c77b11164
+  metadata.gz: ac0f4dcea0a62d6aa000659943f2b994a02940148fffdff2901ff4ff61d27fd257170ec4f48d0b1925d569dbc20de89a8866f76a17dd1c22aa15d9c80e4e9eb1
+  data.tar.gz: bd2490f015d1a5c8be5f0e7a0fc60e5acdc436b03e32420cbf19542a53b760c843cd84a17a0e7a8a3794ec69e3aa909e63fabdb32f4c32d5daa48ece261176aa

data/lib/contrast/agent/assess/policy/trigger_method.rb

@@ -1,7 +1,6 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/assess/events/event_factory'
 require 'contrast/agent/assess/policy/trigger_validation/trigger_validation'
 require 'contrast/agent/excluder'
 require 'contrast/components/logger'
@@ -15,6 +14,7 @@ require 'contrast/agent/reporting/reporting_events/preflight_message'
 require 'contrast/agent/reporting/reporting_events/route_discovery'
 require 'contrast/agent/reporting/reporting_utilities/reporting_storage'
 require 'contrast/agent/reporting/reporting_utilities/build_preflight'
+require 'contrast/utils/assess/event_limit_utils'
 
 module Contrast
   module Agent

data/lib/contrast/agent/assess/property/evented.rb

@@ -1,8 +1,7 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/assess/events/event_factory'
-require 'contrast/agent/assess/events/source_event'
+require 'contrast/agent/reporting/reporting_events/finding_event'
 
 module Contrast
   module Agent
@@ -25,7 +24,7 @@ module Contrast
           #   the key used to accessed if from a map or nil if a type like
           #   BODY
           def build_event event_data, source_type = nil, source_name = nil
-            @event = Contrast::Agent::Assess::Events::EventFactory.build(event_data, source_type, source_name)
+            @event = Contrast::Agent::Reporting::FindingEvent.new(event_data, source_type, source_name)
             report_sources(event_data.tagged, @event)
           end
 
@@ -35,21 +34,22 @@ module Contrast
           # context's observed route
           #
           # @param tagged [Object] The Target of the Event
-          # @param event [Contrast::Agent::Assess::Events::ContrastEvent]
+          # @param event [Contrast::Agent::Reporting::FindingEvent]
           def report_sources tagged, event
             return unless tagged && !tagged.to_s.empty?
-            return unless event.cs__is_a?(Contrast::Agent::Assess::Events::SourceEvent)
             return unless event.source_type
             return unless (current_request = Contrast::Agent::REQUEST_TRACKER.current)
 
-            if current_request.observed_route.sources.any? do |source|
-              source.type == event.source_type && source.name == event.source_name # rubocop:disable Security/Module/Name
-            end
+            event.event_sources&.each do |event_source|
+              if current_request.observed_route.sources.any? do |source|
+                source.source_type == event_source.source_type && source.source_name == event_source.source_name
+              end
 
-              return
-            end
+                next
+              end
 
-            current_request.observed_route.sources << event.event_source if event.event_source
+              current_request.observed_route.sources << event_source
+            end
           end
         end
       end

data/lib/contrast/agent/assess.rb

@@ -18,7 +18,6 @@ module Contrast
       # reporting / tracking
       require 'contrast/agent/assess/properties'
       require 'contrast/agent/assess/tag'
-      require 'contrast/agent/assess/events/event_factory'
     end
   end
 end

data/lib/contrast/agent/excluder.rb

@@ -82,7 +82,7 @@ module Contrast
         event_sources = finding.events.flat_map(&:event_sources)
         event_sources.each do |event_source|
           return false unless rule_input_exclusions.any? do |exclusion|
-            input_match?(exclusion, event_source.type, event_source.name) # rubocop:disable Security/Module/Name
+            input_match?(exclusion, event_source.source_type, event_source.source_name)
           end
         end
 

data/lib/contrast/agent/middleware.rb

@@ -15,7 +15,7 @@ require 'contrast/agent/request_handler'
 require 'contrast/agent/static_analysis'
 require 'contrast/agent/telemetry/events/startup_metrics_event'
 require 'contrast/utils/middleware_utils'
-
+require 'contrast/utils/reporting/application_activity_batch_utils'
 require 'contrast/utils/timer'
 
 module Contrast
@@ -27,6 +27,7 @@ module Contrast
       include Contrast::Components::Logger::InstanceMethods
       include Contrast::Components::Scope::InstanceMethods
       include Contrast::Utils::MiddlewareUtils
+      include Contrast::Utils::Reporting::ApplicationActivityBatchUtils
 
       attr_reader :app
 
@@ -62,6 +63,7 @@ module Contrast
       #   the Rack framework.
       def call env
         logger.trace_with_time('Elapsed time for Contrast::Agent::Middleware#call') do
+          ::Contrast::Agent::ThreadWatcher.check_before_start
           return app.call(env) unless ::Contrast::AGENT.enabled?
 
           Contrast::Agent.heapdump_util.start_thread!
@@ -173,13 +175,17 @@ module Contrast
           Contrast::Agent::FINDINGS.report_collected_findings unless Contrast::Agent::FINDINGS.collection.empty?
           # All protect rules, which are trigger but require response to be reported
           Contrast::Agent::EXPLOITS.report_recorded_exploits(context) unless Contrast::Agent::EXPLOITS.collection.empty?
+          # Process Worth Watching Inputs for v2 rules
+          Contrast::Agent.worth_watching_analyzer&.add_to_queue(context.agent_input_analysis)
 
           if Contrast::Agent.framework_manager.streaming?(env)
             context.reset_activity
             request_handler.stream_safe_postfilter
           else
             request_handler.ruleset.postfilter
-            request_handler.report_activity
+            request_handler.report_observed_route
+            add_activity_to_batch(context.activity)
+            report_batch
           end
         end
       # unsuccessful attack

data/lib/contrast/agent/protect/input_analyzer/worth_watching_analyzer.rb

@@ -0,0 +1,116 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/worker_thread'
+require 'contrast/agent/reporting/input_analysis/score_level'
+require 'contrast/agent/reporting/reporting_events/application_activity'
+require 'contrast/utils/input_classification_base'
+
+module Contrast
+  module Agent
+    module Protect
+      # WorthWatchingInputAnalyzer Perform analysis of input tracing v2 worthwatching results in a
+      # separate thread, should only be run at the end of the request.
+      # Currently only includes: cmd_injection & sqli_injection rules
+      class WorthWatchingInputAnalyzer < WorkerThread
+        include Timeout
+        include Contrast::Agent::Protect::Rule::InputClassificationBase
+
+        QUEUE_SIZE = 1000.cs__freeze
+        AGENTLIB_TIMEOUT = 5.cs__freeze
+        # max size of inputs to evaluate
+        INPUT_BYTESIZE_THRESHOLD = 100_000.cs__freeze
+        REPORT_INTERVAL_SECOND = 30.cs__freeze
+
+        # Thread that will process all the InputAnalysisResults that have a score level of WORTHWATCHING and
+        # sends results to TeamServer
+        def start_thread!
+          return if running?
+
+          @_thread = Contrast::Agent::Thread.new do
+            logger.info('Starting Worth Watching Analyzer thread.')
+            loop do
+              sleep(REPORT_INTERVAL_SECOND)
+              next if queue.empty?
+
+              report = false
+              num_to_report = queue.length
+              activity = Contrast::Agent::Reporting::ApplicationActivity.new
+              num_to_report.times do
+                next unless (attack_result = eval_input(queue.pop))
+
+                activity.attach_defend(attack_result)
+                report = true
+              end
+              Contrast::Agent.reporter.send_event_immediately(activity) if report
+            rescue StandardError => e
+              logger.debug('Worth Watching Analyzer thread could not process result because of:', e)
+            end
+          end
+        end
+
+        # param Contrast::Agent::Reporting::InputAnalysis
+        def add_to_queue input_analysis
+          return if input_analysis&.results&.empty?
+
+          if queue.size >= QUEUE_SIZE
+            logger.debug('WorthWatching queue at max size, skip input_result')
+            return
+          end
+          input_analysis.results.select { |val| val.score_level == WORTHWATCHING }.
+              each do |ia_result|
+            queue << ia_result
+          end
+        end
+
+        private
+
+        # @param ia_result Contrast::Agent::Reporting::InputAnalysisResult the WorthWatching InputAnalysisResult
+        # @return [Contrast::Agent::Reporting::InputAnalysisResult, nil] InputAnalysisResult updated Result or nil
+        def eval_input ia_result
+          return if ia_result.nil?
+
+          if ia_result.value.to_s.bytesize >= INPUT_BYTESIZE_THRESHOLD
+            logger.debug("Skip anaylsis: Input size is larger than #{ INPUT_BYTESIZE_THRESHOLD / 1024 }KB")
+            return
+          end
+
+          begin
+            input_eval = Timeout.timeout(AGENTLIB_TIMEOUT) do
+              Contrast::AGENT_LIB.eval_input(ia_result.value,
+                                             convert_input_type(ia_result.input_type),
+                                             Contrast::AGENT_LIB.rule_set[ia_result.rule_id],
+                                             Contrast::AGENT_LIB.eval_option[:NONE])
+            end
+            score = input_eval&.score || 0
+            return if score <= THRESHOLD
+
+            ia_result.score_level = DEFINITEATTACK
+            build_attack_result(ia_result)
+          rescue Timeout::Error => e
+            logger.warn('AgentLib timed out when processing WORTHWATCHING InputAnalysisResult', e, ia_result)
+            nil
+          end
+        end
+
+        # @param ia_result Contrast::Agent::Reporting::InputAnalysisResult the updated InputAnalysisResult
+        # with a score of :DEFINITEATTACK
+        # @return [Contrast::Agent::Reporting::AttackResult] the attack result from
+        #   this input
+        def build_attack_result ia_result
+          Contrast::PROTECT.rule(ia_result.rule_id).build_attack_without_match(nil, ia_result, nil)
+        end
+
+        def queue
+          @_queue ||= Queue.new
+        end
+
+        def delete_queue!
+          @_queue&.clear
+          @_queue&.close
+          @_queue = nil
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/protect/rule/base.rb

@@ -148,14 +148,14 @@ module Contrast
           # protect rule but did not exploit the application. As such, we need
           # to build a result to report this violation to TeamServer.
           #
-          # @param context [Contrast::Agent::RequestContext] the context of the
+          # @param context [Contrast::Agent::RequestContext, nil] the context of the
           #   request in which this input is evaluated.
           # @param ia_result [Contrast::Agent::Reporting::InputAnalysis] the
           #   analysis of the input that was determined to be an attack
           # @param result [Contrast::Agent::Reporting::AttackResult, nil] previous
           #   attack result for this rule, if one exists, in the case of
           #   multiple inputs being found to violate the protection criteria
-          # @param kwargs [Hash] key - value pairs of context individual rules
+          # @param kwargs [Hash, nil] key - value pairs of context individual rules
           #   need to build out details to send to TeamServer to tell the
           #   story of the attack
           # @return [Contrast::Agent::Reporting::AttackResult] the attack result from

data/lib/contrast/agent/protect/rule/bot_blocker.rb

@@ -66,7 +66,7 @@ module Contrast
           # @param ia_result [Contrast::Agent::Reporting::InputAnalysisResult]
           # @param _candidate_string
           # @param **_kwargs
-          # @return [Contrast::Api::Dtm::RaspRuleSample]
+          # @return [Contrast::Agent::Reporting::RaspRuleSample]
           def build_sample context, ia_result, _candidate_string, **_kwargs
             sample = build_base_sample(context, ia_result)
             sample.details = Contrast::Agent::Reporting::BotBlockerDetails.new

data/lib/contrast/agent/protect/rule/cmd_injection.rb

@@ -21,24 +21,25 @@ module Contrast
           include Contrast::Components::Logger::InstanceMethods
           include Contrast::Agent::Reporting::InputType
           NAME = 'cmd-injection'
-
           APPLICABLE_USER_INPUTS = [
             BODY, COOKIE_VALUE, HEADER, PARAMETER_NAME,
             PARAMETER_VALUE, JSON_VALUE, MULTIPART_VALUE,
             MULTIPART_FIELD_NAME, XML_VALUE, DWR_VALUE
           ].cs__freeze
-          SUB_RULES = [
-            Contrast::Agent::Protect::Rule::CmdiBackdoors.new,
-            Contrast::Agent::Protect::Rule::CmdiChainedCommand.new,
-            Contrast::Agent::Protect::Rule::CmdiDangerousPath.new
-          ].cs__freeze
 
           def rule_name
             NAME
           end
 
+          # Array of sub_rules:
+          #
+          # @return [Array]
           def sub_rules
-            SUB_RULES
+            @_sub_rules ||= [
+              Contrast::Agent::Protect::Rule::CmdiBackdoors.new,
+              Contrast::Agent::Protect::Rule::CmdiChainedCommand.new,
+              Contrast::Agent::Protect::Rule::CmdiDangerousPath.new
+            ].cs__freeze
           end
 
           def applicable_user_inputs

data/lib/contrast/agent/protect/rule/cmdi/cmdi_chained_command.rb

@@ -15,11 +15,6 @@ module Contrast
         class CmdiChainedCommand < Contrast::Agent::Protect::Rule::CmdiBaseRule
           NAME = 'cmd-injection-semantic-chained-commands'
 
-          def initialize
-            super
-            @mode = :MONITOR
-          end
-
           def rule_name
             NAME
           end

data/lib/contrast/agent/protect/rule/cmdi/cmdi_dangerous_path.rb

@@ -15,11 +15,6 @@ module Contrast
         class CmdiDangerousPath < Contrast::Agent::Protect::Rule::CmdiBaseRule
           NAME = 'cmd-injection-semantic-dangerous-paths'
 
-          def initialize
-            super
-            @mode = :MONITOR
-          end
-
           def rule_name
             NAME
           end

data/lib/contrast/agent/protect/rule/path_traversal.rb

@@ -37,14 +37,15 @@ module Contrast
             /windows/repair/
           ].cs__freeze
 
-          SUB_RULES = [Contrast::Agent::Protect::Rule::PathTraversalSemanticBypass.new].cs__freeze
-
           def rule_name
             NAME
           end
 
+          # Array of sub_rules
+          #
+          # @return [Array]
           def sub_rules
-            SUB_RULES
+            @_sub_rules ||= [Contrast::Agent::Protect::Rule::PathTraversalSemanticBypass.new].cs__freeze
           end
 
           def applicable_user_inputs

data/lib/contrast/agent/protect/rule/sqli.rb

@@ -26,8 +26,6 @@ module Contrast
 
           NAME = 'sql-injection'
 
-          SUB_RULES = [Contrast::Agent::Protect::Rule::SqliDangerousFunctions.new].cs__freeze
-
           def rule_name
             NAME
           end
@@ -36,8 +34,11 @@ module Contrast
             BLOCK_MESSAGE
           end
 
+          # Array of sub_rules
+          #
+          # @return [Array]
           def sub_rules
-            SUB_RULES
+            @_sub_rules ||= [Contrast::Agent::Protect::Rule::SqliDangerousFunctions.new].cs__freeze
           end
 
           def applicable_user_inputs

data/lib/contrast/agent/protect/rule/xss.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/agent/protect/rule/base_service'
+require 'contrast/agent/reporting/input_analysis/input_type'
 
 module Contrast
   module Agent

data/lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb

@@ -28,7 +28,7 @@ module Contrast
           # @return [Contrast::Agent::Reporting::RaspRuleSample]
           def build context, ia_result
             sample = new
-            sample.time_stamp = context&.timer&.start_ms
+            sample.time_stamp = context&.timer&.start_ms || Contrast::Utils::Timer.now_ms
             sample.user_input = build_user_input_from_ia(ia_result)
             sample.user_input.document_type = if context&.request
                                                 Contrast::Utils::StringUtils.force_utf8(context.request.document_type)

data/lib/contrast/agent/reporting/report.rb

@@ -26,5 +26,6 @@ require 'contrast/agent/reporting/reporting_events/observed_route'
 require 'contrast/agent/reporting/reporting_events/route_coverage'
 require 'contrast/agent/reporting/reporting_events/observed_library_usage'
 require 'contrast/agent/reporting/reporting_events/poll'
+require 'contrast/agent/reporting/reporting_events/server_settings'
 # Sensitive data masking
 require 'contrast/agent/reporting/masker/masker'

data/lib/contrast/agent/reporting/reporter.rb

@@ -5,6 +5,8 @@ require 'contrast/agent/worker_thread'
 require 'contrast/agent/reporting/report'
 require 'contrast/components/logger'
 require 'contrast/agent/reporting/reporting_events/agent_startup'
+require 'contrast/agent/telemetry/events/exceptions/telemetry_exceptions'
+require 'contrast/agent/telemetry/events/exceptions/obfuscate'
 
 module Contrast
   module Agent
@@ -13,6 +15,8 @@ module Contrast
       include Contrast::Components::Logger::InstanceMethods
       include Contrast::Utils::ObjectShare
 
+      MAX_QUEUE_SIZE = 1000
+
       class << self
         # check if we can report to TS
         #
@@ -68,6 +72,14 @@ module Contrast
         end
         return unless event
 
+        if queue.size >= MAX_QUEUE_SIZE
+          if Contrast::Agent::Telemetry::Base.enabled?
+            Contrast::Agent.thread_watcher.telemetry_queue.send_event(queue_limit_telemetry_event)
+          end
+
+          return
+        end
+
         queue << event
       end
 
@@ -126,6 +138,28 @@ module Contrast
       rescue StandardError => e
         logger.error('Could not send message to TeamServer from Reporter queue.', e)
       end
+
+      # @return [Contrast::Agent::Telemetry::TelemetryException::Event]
+      def queue_limit_telemetry_event
+        message_exception = Contrast::Agent::Telemetry::TelemetryException::MessageException.build(
+            'String',
+            "Maximum queue size (#{ MAX_QUEUE_SIZE }) reached for reporting events", nil, stack_frame)
+        message = Contrast::Agent::Telemetry::TelemetryException::Message.build({}, [message_exception])
+        Contrast::Agent::Telemetry::TelemetryException::Event.new(message)
+      end
+
+      def stack_frame
+        stack_trace = caller_locations(20, 20)
+        stack_frame_type = if stack_trace.nil? || stack_trace[1].nil?
+                             'none'
+                           else
+                             Contrast::Agent::Telemetry::TelemetryException::Obfuscate.obfuscate_type(
+                                 stack_trace[1].path.delete_prefix(Dir.pwd))
+                           end
+
+        stack_frame_function = stack_trace.nil? || stack_trace[1].nil? ? 'none' : stack_trace[1].label
+        Contrast::Agent::Telemetry::TelemetryException::StackFrame.build(stack_frame_function, stack_frame_type, nil)
+      end
     end
   end
 end

data/lib/contrast/agent/reporting/reporter_heartbeat.rb

@@ -1,18 +1,16 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
-require 'contrast/agent/worker_thread'
-require 'contrast/agent/reporting/report'
+require 'contrast/agent/reporting/reporter'
 require 'contrast/agent/inventory/dependency_usage_analysis'
 require 'contrast/agent/reporting/reporting_events/poll'
-require 'contrast/agent/reporting/reporting_events/server_activity'
 
 module Contrast
   module Agent
     # The ReporterHeartbeat will make sure that the process remains marked alive by TeamServer and that we periodically
     # reach out to get the latest settings for this application. It also sends out those messages which do not need to
     # be associated directly with a request, such as Server Activity and Library Observation.
-    class ReporterHeartbeat < WorkerThread
+    class ReporterHeartbeat < Reporter
       # TeamServer will mark an application offline after 5 minutes. Sending this every one should be more than enough
       # to satisfy our goals.
       REFRESH_INTERVAL_SEC = 60
@@ -42,11 +40,7 @@ module Contrast
       #
       # @return [Array<Contrast::Agent::Reporting::ReportingEvent>]
       def polling_events
-        [
-          Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.generate_library_usage,
-          Contrast::Agent::Reporting::ServerActivity.new,
-          poll_message
-        ].compact
+        [Contrast::Agent::Inventory::DependencyUsageAnalysis.instance.generate_library_usage, poll_message].compact
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/application_activity.rb

@@ -110,7 +110,7 @@ module Contrast
 
         # This is primary used for attaching new inventory reporting
         #
-        # @param architecture [Contrast::Agent::Reporting::AttackResult]
+        # @param architecture [Contrast::Agent::Reporting::ArchitectureComponent]
         def attach_inventory architecture
           inventory.attach_data(architecture)
         end

data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb

@@ -28,18 +28,23 @@ module Contrast
         def attach_data attack_result
           attacker_activity = Contrast::Agent::Reporting::ApplicationDefendAttackerActivity.new
           attacker_activity.attach_data(attack_result)
-          existing_attacker_activity = attackers.find do |existing|
-            existing.source_forwarded_for == attacker_activity.source_forwarded_for &&
-                existing.source_ip == attacker_activity.source_ip
-          end
-          rule = attack_result.rule_id
-          if existing_attacker_activity
-            attach_existing(existing_attacker_activity, attacker_activity, rule)
+
+          if (existing_attacker_activity = find_existing_attacker_activity(attacker_activity))
+            attach_existing(existing_attacker_activity, attacker_activity, attack_result.rule_id)
           else
             attackers << attacker_activity
           end
         end
 
+        # Find an existing attacker if it matches on source details
+        # @param attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
+        def find_existing_attacker_activity new_attacker_activity
+          attackers.find do |existing|
+            existing.source_forwarded_for == new_attacker_activity.source_forwarded_for &&
+                existing.source_ip == new_attacker_activity.source_ip
+          end
+        end
+
         # @param existing_attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
         # @param attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
         # @param rule [String]

data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb

@@ -13,7 +13,7 @@ module Contrast
       # about the inventory of the application which was discovered during exercise of the application
       # during this activity period.
       class ApplicationInventoryActivity < Contrast::Agent::Reporting::ApplicationReportingEvent
-        # return [Contrast::Agent::Reporting::ArchitectureComponent]
+        # return [Array<Contrast::Agent::Reporting::ArchitectureComponent>]
         attr_reader :components
         # @ return [Array<String>, nil] - User-Agent Header value
         attr_reader :browsers
@@ -46,6 +46,11 @@ module Contrast
         def duration
           Contrast::Utils::Timer.now_ms - (Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0)
         end
+
+        # Helper method to determine if InventoryActivity has no data
+        def empty?
+          @browsers.empty? && @components.empty?
+        end
       end
     end
   end

data/lib/contrast/agent/reporting/reporting_events/finding.rb

@@ -88,8 +88,8 @@ module Contrast
           event_messages = Contrast::Agent::Reporting::FindingEvent.from_source(source)
           events.concat(event_messages) if event_messages&.any?
           event_data = Contrast::Agent::Assess::Events::EventData.new(trigger_node, source, object, ret, args)
-          contrast_event = Contrast::Agent::Assess::ContrastEvent.new(event_data)
-          events << Contrast::Agent::Reporting::FindingEvent.convert(contrast_event)
+          contrast_event = Contrast::Agent::Reporting::FindingEvent.new(event_data)
+          events << contrast_event
           return unless request
 
           @request = Contrast::Agent::Reporting::FindingRequest.convert(request)