contrast-agent 6.9.0 → 6.10.0

data/lib/contrast/agent_lib/interface_base.rb

@@ -1,46 +1,16 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast-agent-lib'
+require 'contrast/agent/reporting/settings/helpers'
+
 module Contrast
   module AgentLib
     # Base class to set basic rule sets and input list.
     class InterfaceBase
-      # This could be changed to regular Hash.
-      # This format is used to supports this kind of log_level assignment:
-      # via Contrast::Api::Settings::LogLevel::WARN => 3
-      # ( note -1 is not supported in the protobuf LogLevel)
       LOG_LEVEL = { -1 => 'OFF', 0 => 'TRACE', 1 => 'DEBUG', 2 => 'INFO', 3 => 'WARN', 4 => 'ERROR' }.cs__freeze
       LOG_DIR = File.join(Dir.pwd).cs__freeze
-      # Named after Protect rule_id / Names
-      # Corresponding to Rust's ulong enum
-      RULE_SET = {
-          'unsafe-file-upload' => 1 << 0,
-          'path-traversal' => 1 << 1,
-          'reflected-xss' => 1 << 2,
-          'sql-injection' => 1 << 3,
-          'cmd-injection' => 1 << 4,
-          'nosql-injection' => 1 << 5,
-          'bot-blocker' => 1 << 6,
-          'ssjs-injection' => 1 << 7,
-          'method-tampering' => 1 << 8
-      }.cs__freeze
-      # Named same as Contrast::Agent::Reporting::InputTypes
-      INPUT_SET = {
-          COOKIE_NAME: 1,
-          COOKIE_VALUE: 2,
-          HEADER_NAME: 3,
-          HEADER_VALUE: 4,
-          JSON_NAME: 5,
-          JSON_VALUE: 6,
-          METHOD: 7,
-          PARAMETER_NAME: 8,
-          PARAMETER_VALUE: 9,
-          URI: 10,
-          URL_PARAMETER: 11,
-          MULTIPART_NAME: 12,
-          XML_VALUE: 13
-      }.cs__freeze
-      EVAL_OPTIONS = { NONE: 0, WORTHWATCHING: 1 }.cs__freeze
+      # Parameters passed to AgentLib. WorthWatching is used for those rules only that support it.
 
       # Initializes the Agent lib.
       #
@@ -54,18 +24,33 @@ module Contrast
         # Override
       end
 
-      # Return list of available rules
+      # Return list of available rules. On first call the constants are extracted from the gem and set
+      # to resemble the protect rules ids used across the agent, e.g. CMD_INJECTIONS => cmd-injection.
+      #
+      # *** Note that the NoSQLI rules is used within the agent, but in future need arise to be used with the
+      # AgentLib, the rule_id for that rule atm is 'nosql-injection-mongo' ***
       #
+      # All the rules types extracted from the AgentLib gem will have value corresponding to an ulong enum in
+      # Rust land.
       # @return [Hash]
+      # @raise [NameError] If Gem is loaded but not constants are generated there could be not defined
+      # module name, or if module was renamed.
       def rule_set
-        RULE_SET
+        @_rule_set ||= extract_constants(ContrastAgentLib::RuleType, to_rule_id: true)
       end
 
-      # Returns list of available input types.
+      # Returns list of available input types
       #
       # @return [Hash]
       def input_set
-        INPUT_SET
+        @_input_set ||= extract_constants(ContrastAgentLib::InputType)
+      end
+
+      # Return the AgentLib supported Database types.
+      #
+      # @return [Hash]
+      def db_set
+        @_db_set ||= extract_constants(ContrastAgentLib::DbType)
       end
 
       # Return list of input evaluation options:
@@ -73,7 +58,12 @@ module Contrast
       #
       # @return [Hash]
       def eval_option
-        EVAL_OPTIONS
+        @_eval_option ||= begin
+          consts = extract_constants(ContrastAgentLib::EvalOptions).dup
+          # Adding the option to call the AgentLib without WorthWatching:
+          consts[:NONE] = 0
+          consts.cs__freeze
+        end
       end
 
       private
@@ -113,6 +103,29 @@ module Contrast
         FileUtils.mkdir_p(LOG_DIR)
         LOG_DIR
       end
+
+      # This method extracts constats from the AgentLib gem, from specific module.
+      # If the to_rule_id flag is set the constant names would be transformed from
+      # Symbols to string protect rule ids: e.g. CMD_INJECTIONS => cmd-injection.
+      #
+      # @param module_name [Module] e.g. ContrastAgentLib::RuleType
+      # @param to_rule_id [Boolean] Flag to convert the keys of the hash to protect rule_id style
+      # @return [Hash] Frozen hash with the extracted constants
+      def extract_constants module_name, to_rule_id: false
+        hash = {}
+        return hash unless module_name.cs__is_a?(Module)
+
+        module_name.cs__constants.each do |constant|
+          key = to_rule_id ? Contrast::Agent::Reporting::Settings::Helpers.to_rule_id(constant) : constant
+          hash[key] = module_name.cs__const_get(constant)
+        end
+        hash.cs__freeze
+      rescue NameError => e
+        # This should be log as error since if there is no rule set there will be no ia happening,
+        # and something has gone wrong with enabling the gem for the Agent.
+        logger.error("[AgentLib] Could not extract #{ module_name } constants", error: e)
+        {}.cs__freeze
+      end
     end
   end
 end

data/lib/contrast/agent_lib/return_types/eval_result.rb

@@ -26,8 +26,8 @@ module Contrast
       def initialize hsh
         return unless hsh&.cs__is_a?(Hash)
 
-        @rule_id = Contrast::AgentLib::Interface::RULE_SET.key(hsh[:rule_id])
-        @input_type = Contrast::AgentLib::Interface::INPUT_SET.key(hsh[:input_type])
+        @rule_id = Contrast::AGENT_LIB.rule_set.key(hsh[:rule_id])
+        @input_type = Contrast::AGENT_LIB.input_set.key(hsh[:input_type])
         @score = hsh[:score]
       end
 

data/lib/contrast/components/assess.rb

@@ -23,6 +23,16 @@ module Contrast
         attr_reader :canon_name
         # @return [Array]
         attr_reader :config_values
+        # @return [Boolean]
+        attr_writer :enable_original_object
+        # @return [Integer]
+        attr_writer :max_context_source_events
+        # @return [Integer]
+        attr_writer :max_propagation_events
+        # @return [Integer]
+        attr_writer :max_rule_reported
+        # @return [Integer]
+        attr_writer :time_limit_threshold
 
         DEFAULT_STACKTRACES = 'ALL'
         DEFAULT_MAX_SOURCE_EVENTS = 50_000
@@ -55,10 +65,7 @@ module Contrast
           @sampling = Contrast::Components::Sampling::Interface.new(hsh[:sampling])
           @rules = Contrast::Components::AssessRules::Interface.new(hsh[:rules])
           @stacktraces = hsh[:stacktraces]
-          @max_context_source_events = hsh[:max_context_source_events]
-          @max_propagation_events = hsh[:max_propagation_events]
-          @max_rule_reported = hsh[:max_rule_reported]
-          @time_limit_threshold = hsh[:time_limit_threshold]
+          assign_limits(hsh)
         end
 
         # @return [Boolean, true]
@@ -224,6 +231,21 @@ module Contrast
           @_forcibly_enabled = true?(::Contrast::CONFIG.assess.enable) if @_forcibly_enabled.nil?
           @_forcibly_enabled
         end
+
+        # Sets Event limits from configuration and converts string numbers to integers.
+        def assign_limits hsh
+          return unless hsh
+
+          source_limit = hsh[:max_context_source_events]&.to_i
+          propagation_limit = hsh[:max_propagation_events]&.to_i
+          max_rule_reporter = hsh[:max_rule_reported]&.to_i
+          time_limit = hsh[:time_limit_threshold]&.to_i
+
+          @max_context_source_events = source_limit if source_limit
+          @max_propagation_events = propagation_limit if propagation_limit
+          @max_rule_reported = max_rule_reporter if max_rule_reporter
+          @time_limit_threshold = time_limit if time_limit
+        end
       end
     end
   end

data/lib/contrast/components/polling.rb

@@ -12,6 +12,8 @@ module Contrast
 
         # @return [Integer, nil]
         attr_reader :server_settings_ms
+        # @return [Integer, nil]
+        attr_reader :app_settings_ms
         # @return [String]
         attr_reader :canon_name
         # @return [Array]
@@ -20,7 +22,7 @@ module Contrast
         attr_reader :batch_reporting_interval_ms
 
         CANON_NAME = 'agent.polling'
-        CONFIG_VALUES = %w[server_settings_ms batch_reporting_interval_ms].cs__freeze
+        CONFIG_VALUES = %w[server_settings_ms app_settings_ms batch_reporting_interval_ms].cs__freeze
 
         def initialize hsh = {}
           @config_values = CONFIG_VALUES
@@ -29,6 +31,7 @@ module Contrast
 
           @server_settings_ms = hsh[:server_settings_ms]
           @batch_reporting_interval_ms = hsh[:batch_reporting_interval_ms]
+          @app_settings_ms = hsh[:app_settings_ms]
         end
       end
     end

data/lib/contrast/components/settings.rb

@@ -75,6 +75,11 @@ module Contrast
         # two dates are the same.
         # format: <day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT
         attr_reader :server_settings_last_httpdate
+        # @return [String] The last update but in string format used to build request header.
+        # This value should be sent be TS in the Last-Modified header to sync and save resources if the
+        # two dates are the same.
+        # format: <day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT
+        attr_reader :app_settings_last_httpdate
 
         def initialize
           reset_state
@@ -85,13 +90,15 @@ module Contrast
         end
 
         # @param features_response [Contrast::Agent::Reporting::Response]
-        def update_from_server_features features_response
+        def update_from_server_features features_response # rubocop:disable Metrics/AbcSize
           return unless (server_features = features_response&.server_features)
 
           log_file = server_features.log_file
           log_level = server_features.log_level
           # Update logger:
           Contrast::Logger::Log.instance.update(log_file, log_level) if log_file || log_level
+          # Update AgentLib Logger
+          update_agent_lib_log(log_level.to_s)
           # Update CEFlogger:
           unless server_features.security_logger.settings_blank?
             cef_logger.build_logger(server_features.security_logger.log_level, server_features.security_logger.log_file)
@@ -110,6 +117,25 @@ module Contrast
           # next request's header with the same time will save needless update of settings if there
           # are no new server features updates after the said time.
           @server_settings_last_httpdate = header_last_update
+        rescue StandardError => e
+          logger.warn('The following error occurred from server update: ', e: e)
+        end
+
+        # Update AgentLib log level
+        def update_agent_lib_log new_log_level
+          agent_lib_log_level = Contrast::AgentLib::InterfaceBase::LOG_LEVEL[0] if new_log_level.empty?
+          agent_lib_log_level ||= Contrast::AgentLib::InterfaceBase::LOG_LEVEL.key(new_log_level.upcase)
+
+          # detect if the provided level is invalid and log if it is
+          # by default if we pass invalid log level - it will leave the last active
+          unless Contrast::AgentLib::InterfaceBase::LOG_LEVEL.value?(new_log_level.upcase)
+            cur_active = Contrast::AGENT_LIB.log_level
+            logger.debug('The provided level was invalid, so the logger stays to the last active: ',
+                         active: cur_active,
+                         provided_level: new_log_level)
+          end
+
+          Contrast::AGENT_LIB.change_log_options(true, agent_lib_log_level)
         end
 
         # Update Assess server features
@@ -135,23 +161,41 @@ module Contrast
 
           @application_state.modes_by_id = app_settings.protect.protection_rules_to_settings_hash
           update_exclusion_matchers(app_settings.exclusions)
+          app_settings.protect.virtual_patches = app_settings.protect.virtual_patches unless
+            settings_empty?(app_settings.protect.virtual_patches)
           update_sensitive_data_policy(app_settings.sensitive_data_masking)
           @assess_state.disabled_assess_rules = app_settings.assess.disabled_rules
           new_session_id = app_settings.assess.session_id
           @assess_state.session_id = new_session_id if new_session_id && !new_session_id.blank?
           @last_app_update_ms = Contrast::Utils::Timer.now_ms
+          @app_settings_last_httpdate = header_last_update
         end
 
         # Wipe state to zero.
         def reset_state
           @protect_state = PROTECT_STATE_BASE.dup
-          @assess_state = ASSESS_STATE_BASE.dup
+          update_assess_state
           @application_state = APPLICATION_STATE_BASE.dup
           @tainted_columns = {}
           @sensitive_data_masking = SENSITIVE_DATA_MASKING_BASE.dup
           @excluder = Contrast::Agent::Excluder.new
         end
 
+        # We save the session_id, reset and set it again if available.
+        # This done so that reporting between updates won't trigger argument error
+        # for missing session_id given one is already set and used with the first application
+        # create response received from TS.
+        #
+        # @return [Struct]
+        def update_assess_state
+          current_session_id = @assess_state&.session_id
+          @assess_state = ASSESS_STATE_BASE.dup
+          # There is application settings update for the session id if new is received.
+          # Here we make sure not to delete the already set one.
+          @assess_state&.session_id = current_session_id unless current_session_id&.empty?
+          @assess_state
+        end
+
         def build_protect_rules
           @protect_state.rules = {}
 
@@ -160,7 +204,6 @@ module Contrast
           cmdi = Contrast::Agent::Protect::Rule::CmdInjection.new
           cmdi.sub_rules
           Contrast::Agent::Protect::Rule::Deserialization.new
-          Contrast::Agent::Protect::Rule::HttpMethodTampering.new
           Contrast::Agent::Protect::Rule::NoSqli.new
           path = Contrast::Agent::Protect::Rule::PathTraversal.new
           path.sub_rules

data/lib/contrast/config/config.rb

@@ -25,10 +25,10 @@ module Contrast
         def determine_config_status response
           return unless response
           # If we encounter for some of the startup events failure - always return failure
-          return if @config_status == MESSAGE_FAIL || CONN_STATUS_MSG_FAILURE
+          return if [MESSAGE_FAIL, CONN_STATUS_MSG_FAILURE].include?(@config_status)
 
           response_code = response.code.to_s
-          @config_status = response_code.starts_with?('2') ? MESSAGE_SUCCESSFUL : MESSAGE_FAIL
+          @config_status = response_code.start_with?('2') ? MESSAGE_SUCCESSFUL : MESSAGE_FAIL
           nil
         end
 

data/lib/contrast/config/protect_rule_configuration.rb

@@ -36,7 +36,7 @@ module Contrast
       # String to its recognized symbol equivalent. If a nonsense value is provided, it'll
       # be treated the same as disabling the rule.
       #
-      # @return [Symbol]
+      # @return [Symbol, nil]
       def applicable_mode
         return unless mode
 

data/lib/contrast/config/protect_rules_configuration.rb

@@ -50,7 +50,7 @@ module Contrast
           Contrast::Config::ProtectRuleConfiguration.new(hsh[:'sql-injection-semantic-dangerous-functions'])
         @unsafe_file_upload = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'unsafe-file-upload'])
         @untrusted_deserialization = Contrast::Config::ProtectRuleConfiguration.new(hsh[:'untrusted-deserialization'])
-        @xxe = Contrast::Config::ProtectRuleConfiguration.new(hsh['xxe'])
+        @xxe = Contrast::Config::ProtectRuleConfiguration.new(hsh[:xxe])
       end
 
       def []= key, value

data/lib/contrast/extension/assess/array.rb

@@ -13,10 +13,10 @@ module Contrast
       # This is our patch of the Array class required to handle propagation
       # Disclaimer: there may be a better way, but we're in a 'get it work' state.
       # Hopefully, we'll be in a 'get it right' state soon.
-      class ArrayPropagator # rubocop:disable Style/StaticClass
+      class ArrayPropagator
         extend Contrast::Components::Scope::InstanceMethods
 
-        ARRAY_JOIN_HASH = {
+        ARRAY_JOIN_HASH ||= { # rubocop:disable Lint/OrAssignmentToConstant
             'class_name' => 'Array',
             'instance_method' => true,
             'method_visibility' => 'public',
@@ -27,7 +27,7 @@ module Contrast
             'patch_class' => 'NOOP',
             'patch_method' => 'cs__track_join'
         }.cs__freeze
-        ARRAY_JOIN_NODE = Contrast::Agent::Assess::Policy::PropagationNode.new(ARRAY_JOIN_HASH)
+        ARRAY_JOIN_NODE ||= Contrast::Agent::Assess::Policy::PropagationNode.new(ARRAY_JOIN_HASH) # rubocop:disable Lint/OrAssignmentToConstant
 
         class << self
           # When you call join, they use an internal thing, so there's no good way to get at the thing being returned.

data/lib/contrast/extension/assess/regexp.rb

@@ -17,7 +17,7 @@ module Contrast
         extend Contrast::Components::Logger::InstanceMethods
         extend Contrast::Components::Scope::InstanceMethods
 
-        REGEXP_EQUAL_SQUIGGLE_HASH = {
+        REGEXP_EQUAL_SQUIGGLE_HASH ||= { # rubocop:disable Lint/OrAssignmentToConstant
             'id' => 'regexp_100',
             'class_name' => 'Regexp',
             'instance_method' => true,
@@ -29,7 +29,7 @@ module Contrast
             'patch_class' => 'Contrast::Extension::Assess::RegexpPropagator',
             'patch_method' => 'track_equal_squiggle'
         }.cs__freeze
-        REGEXP_EQUAL_SQUIGGLE_NODE = Contrast::Agent::Assess::Policy::PropagationNode.new(REGEXP_EQUAL_SQUIGGLE_HASH)
+        REGEXP_EQUAL_SQUIGGLE_NODE ||= Contrast::Agent::Assess::Policy::PropagationNode.new(REGEXP_EQUAL_SQUIGGLE_HASH) # rubocop:disable Lint/OrAssignmentToConstant
         private_constant :REGEXP_EQUAL_SQUIGGLE_HASH
         private_constant :REGEXP_EQUAL_SQUIGGLE_NODE
 

data/lib/contrast/logger/aliased_logging.rb

@@ -41,31 +41,39 @@ module Contrast
 
       private
 
+      # @param type [ALIASED_FATAL, ALIASED_ERROR, ALIASED_WARN] the type of error, used to indicate the function used
+      #   for logging
+      # @param message [String] the exception message
+      # @param exception [Exception] The exception or error
+      # @param data [Object] Any structured data
       def build_exception type, message = nil, exception = nil, data = nil
-        stack_trace = get_stack_trace(type)
-        stack_frame_type = Contrast::Agent::Telemetry::TelemetryException::Obfuscate.obfuscate_type(
-            stack_trace[1].path.delete_prefix(Dir.pwd))
-        stack_frame_function = stack_trace[1].label
+        stack_trace = wrapped_caller_locations
+        caller_idx = stack_trace&.find_index { |stack| stack.to_s.include?(type) } || 0
+        # The caller_stack is the method in which the error occurred, so has to be above this method
+        caller_idx += 1
+        caller_frame = stack_trace[caller_idx]
+        stack_frame_type = caller_frame.path.delete_prefix(Dir.pwd)
+        stack_frame_function = caller_frame.label
         key = "#{ stack_frame_type }|#{ stack_frame_function }|#{ message }"
-        if TELEMETRY_EXCEPTIONS[key]
-          TELEMETRY_EXCEPTIONS.increment(key)
+        if Contrast::TELEMETRY_EXCEPTIONS[key]
+          Contrast::TELEMETRY_EXCEPTIONS.increment(key)
           return
         end
 
-        return if TELEMETRY_EXCEPTIONS.exception_limit?
-
-        message_exception_type = Contrast::Agent::Telemetry::TelemetryException::Obfuscate.obfuscate_exception_type(
-            exception ? exception.cs__class.to_s : stack_frame_type.split('/').last)
+        return if Contrast::TELEMETRY_EXCEPTIONS.exception_limit?
 
+        message_exception_type = exception ? exception.cs__class.to_s : stack_frame_type.split('/').last
         event_message = create_message(stack_frame_function,
                                        stack_frame_type, message_exception_type,
                                        data, exception,
                                        message)
+        build_stack(event_message, stack_trace, caller_idx)
         TELEMETRY_EXCEPTIONS[key] = event_message
       rescue StandardError => e
-        debug('Unable to report exception to telemetry', e)
+        debug('[Telemetry] Unable to report exception', e)
       end
 
+      # @return [Contrast::Agent::Telemetry::TelemetryException::Event]
       def create_message stack_frame_function, stack_frame_type, message_exception_type, data, exception, message
         message_for_exception = if exception
                                   exception.cs__respond_to?(:message) ? exception.message : exception
@@ -89,12 +97,37 @@ module Contrast
         message = Contrast::Agent::Telemetry::TelemetryException::Message.build(tags, [message_exception])
         Contrast::Agent::Telemetry::TelemetryException::Event.new(message)
       rescue ArgumentError => e
-        debug('TelemetryException failed from aliased logging with: ', e)
+        debug('[Telemetry] TelemetryException failed from aliased logging with: ', e)
+      end
+
+      # Convert the given caller_stack from the event into the exception StackFrame format for reporting, appending it
+      # to the Exception wrapped in the Event.
+      #
+      # @param event_message [Contrast::Agent::Telemetry::TelemetryException::Event]
+      # @param caller_stack [(Array<Thread::Backtrace::Location>, nil]
+      # @param caller_idx [Integer] the starting location for the exception, which allows filtering out the logger code
+      #   from the stack
+      def build_stack event_message, caller_stack, caller_idx = 0
+        return unless caller_stack
+
+        event_exception = event_message.exceptions[0]
+        event_exception_message = event_exception.exceptions[0]
+
+        caller_stack.each_with_index do |caller, idx|
+          next unless idx > caller_idx
+
+          stack_frame =
+            Contrast::Agent::Telemetry::TelemetryException::StackFrame.build(caller.label,
+                                                                             caller.path.delete_prefix(Dir.pwd))
+          event_exception_message.push(stack_frame)
+        end
       end
 
-      def get_stack_trace type
-        start = caller_locations&.find_index { |stack| stack.to_s.include?(type) }
-        start ? caller_locations(start + 1, 20) : caller_locations(20, 20)
+      # This is purely a wrapper around caller_locations used for testing
+      #
+      # @return [Array<Thread::Backtrace::Location>, nil]
+      def wrapped_caller_locations
+        caller_locations
       end
     end
   end

data/lib/contrast/utils/input_classification_base.rb

@@ -43,7 +43,7 @@ module Contrast
                 next unless v
 
                 result = create_new_input_result(input_analysis.request, rule.rule_name, input_type, v)
-                input_analysis.results << result unless result.nil?
+                append_result(input_analysis, result)
               end
             end
 
@@ -51,6 +51,7 @@ module Contrast
           rescue StandardError => e
             logger.debug("An Error was recorded in the input classification of the #{ rule_id }")
             logger.debug(e)
+            nil
           end
 
           # Creates new isntance of InputAnalysisResult with basic info.
@@ -103,16 +104,24 @@ module Contrast
           # @return [Integer<Contrast::AgentLib::Interface::INPUT_SET>]
           def convert_input_type input_type
             case input_type
-            when BODY, DWR_VALUE
+            when URI, URL_PARAMETER
+              Contrast::AGENT_LIB.input_set[:URI_PATH]
+            when BODY, DWR_VALUE, SOCKET, UNDEFINED_TYPE, UNKNOWN, REQUEST, QUERYSTRING
               Contrast::AGENT_LIB.input_set[:PARAMETER_VALUE]
             when HEADER
               Contrast::AGENT_LIB.input_set[:HEADER_VALUE]
             when MULTIPART_VALUE, MULTIPART_FIELD_NAME
               Contrast::AGENT_LIB.input_set[:MULTIPART_NAME]
+            when JSON_ARRAYED_VALUE
+              Contrast::AGENT_LIB.input_set[:JSON_KEY]
+            when PARAMETER_NAME
+              Contrast::AGENT_LIB.input_set[:PARAMETER_KEY]
             else
               Contrast::AGENT_LIB.input_set[input_type]
             end
-          rescue StandardError
+          rescue StandardError => e
+            logger.debug('Protect Input classification could not determine input type, falling back to default',
+                         error: e)
             Contrast::AGENT_LIB.input_set[:PARAMETER_VALUE]
           end
 
@@ -133,7 +142,7 @@ module Contrast
             input_eval = Contrast::AGENT_LIB.eval_input(value,
                                                         convert_input_type(input_type),
                                                         Contrast::AGENT_LIB.rule_set[rule_id],
-                                                        Contrast::AGENT_LIB.eval_option[:WORTHWATCHING])
+                                                        Contrast::AGENT_LIB.eval_option[:PREFER_WORTH_WATCHING])
 
             ia_result = new_ia_result(rule_id, input_type, request.path, value)
             score = input_eval&.score || 0
@@ -148,6 +157,14 @@ module Contrast
             add_needed_key(request, ia_result, input_type, value) if KEYS_NEEDED.include?(input_type)
             ia_result
           end
+
+          def append_result ia_analysis, result
+            unless result.nil?
+              ia_analysis.results << result
+              ia_analysis.triggered_rules << result.rule_id unless ia_analysis.triggered_rules.include?(result.rule_id)
+            end
+            ia_analysis
+          end
         end
       end
     end

data/lib/contrast/utils/routes_sent.rb

@@ -12,7 +12,7 @@ module Contrast
     class RoutesSent
       # include Contrast::Components::Logger::InstanceMethods
       ROUTES_LIMIT = 500
-      TIME_LIMIT_IN_SECONDS = 3600
+      TIME_LIMIT_IN_SECONDS = 60
 
       attr_accessor :cache
 
@@ -22,7 +22,7 @@ module Contrast
 
       # Determine whether the provided route can be sent to TeamServer.
       #
-      # @param [Contrast::Agent::Reporting::ObservedRoute] the route
+      # @param route [Contrast::Agent::Reporting::ObservedRoute] the route
       # @return [boolean]
       def sendable? route
         route_hash = route.hash_id

data/lib/contrast/utils/telemetry.rb

@@ -9,7 +9,7 @@ module Contrast
   module Utils
     # Tools for supporting the Telemetry feature
     module Telemetry
-      DIR = '/ect/contrast/ruby-agent/'.cs__freeze
+      DIR = '/etc/contrast/ruby-agent/'.cs__freeze
       FILE = '.telemetry'.cs__freeze
       CURRENT_DIR = Dir.pwd.cs__freeze
       CONFIG_DIR = CURRENT_DIR + '/config/contrast/'.cs__freeze

data/lib/contrast/utils/telemetry_client.rb

@@ -99,7 +99,7 @@ module Contrast
       def get_event_json event
         Array(event.to_controlled_hash).to_json
       rescue Exception => e # rubocop:disable Lint/RescueException
-        logger.error('Unable to convert TelemetryEvent to JSON string', e, hsh)
+        logger.error('[Telemetry] Unable to convert TelemetryEvent to JSON string', e, hsh)
         raise(e)
       end
     end

data/resources/protect/policy.json

@@ -128,6 +128,14 @@
             "database": "MongoDB"
           }
         },{
+          "class_name": "Mongo::Collection",
+          "instance_method": true,
+          "method_visibility": "public",
+          "method_name": "find",
+          "properties": {
+            "database": "MongoDB"
+           }
+         },{
           "class_name": "Moped::Node",
           "method_name": "read",
           "instance_method": true,

data/ruby-agent.gemspec

@@ -121,7 +121,7 @@ end
 def self.add_dependencies spec
   spec.add_dependency 'ougai', '>= 1.8', '< 3.0.0'
   spec.add_dependency 'rack', '~> 2.0'
-  spec.add_dependency 'contrast-agent-lib', '~> 0.1.0'
+  spec.add_dependency 'contrast-agent-lib',  '~> 0.1.0', '>= 0.1.3'
   spec.add_dependency 'ffi', '~> 1.0'
 end