contrast-agent 6.9.0 → 6.11.0

data/lib/contrast/agent/telemetry/events/exceptions/obfuscate.rb

@@ -7,111 +7,116 @@ module Contrast
       module TelemetryException
         # Here will be all known gems to obfuscate during the building of TelemetryExceptions
         module Obfuscate
+          # TODO: RUBY-1984 Re-enable/Remove Telemetry Obfuscation.
+          #
           # List of known gems to be third parties not containing any
           # user sensitive data.
-          KNOWN_GEMS = %w[
-            activesupport redis-activesupport redis builder dry-types rails rails-html-sanitizer rails-observers sinatra
-            benchmark-ips bundler climate_control execjs factory_bot debride fake_ftp fasterer flay openssl
-            parallel_tests contrast contrast-agent ruby pry-byebug byebug pry resolv ougai protobuf async nokogiri
-            benchmark grape-order grape-activerecord newrelic newrelic-grape grape-rails-cache grape-msgpack
-            grape-batch rspec rake rubocop grape-jbuilder rack-test rack-protection minitest grape-instrumentation
-            minitest-global_expectations rack-proxy rack-attack rack-ssl grape-cancan grape-attack grape-rake-tasks
-            grape-route-helpers benchmark-memory grape-rabl grape-kaminari grape-path-helpers grape-swagger-entity
-            grape-swagger-rails grape-roar newrelic-rake grapes-wagger-representative grape-forgery_protection
-            grape-papertrail grape-app grape-middleware-logger rack-protection rake-compile rhino rspec-benchmark
-            rspec_junit_formatter rspec-rails rake-performance rubocop-rails rubocop-rake rubocop-rspec
-            ruby-debug-ide simplecov sqlite steep tilt tzinfo-data warning xpath sinatra-activerecord sinatra-param
-            sinatra-partial sinatra-flash sinatra-reloader sinatra-sinatra rake_fly rack rack-accept grape grape-entity
-            sinatra-advanced-routes sinatra-warden grape_logging grape-swagger sinatra-namespace sinatra-resource
-            sinatra-hashfix sinatra-instrumentation sinatra-helpers redis-rack sinatra-support sinatra-assetpack
-            sinatra-router sinatra-cross_origin sinatra_more sinatra-jsonp faraday-rack zlib mustermann mustermann-grape
-            rspec-expectations rspec-core rspec-mocks rspec-sidekiq
-          ].cs__freeze
-          KNOWN_ERRORS = %w[
-            ActiveModel Error Errors Resolv Rspec ActiveRecord nil NilClass NoMemoryError ScriptError
-            LoadError NotImplementedError SyntaxError SecurityError SignalException Interrupt
-            StandardError ArgumentError UncaughtThrowError FiberError IOError EOFError IndexError KeyError
-            StopIteration LocalJumpError NameError NoMethodError RangeError FloatDomainError RegexpError
-            RuntimeError FrozenError SystemCallError ThreadError TypeError ZeroDivisionError SystemExit
-            SystemStackError fatal Warning buffer OpenSSL SSL SSLError Errno Timeout Exception EOFError
-            ECONNRESET ECONNREFUSED ETIMEDOUT EINVAL ESHUTDOWN EHOSTDOWN EHOSTUNREACH EISCONN
-            ECONNABORTED ENETRESET ENETUNREACH Net HTTPBadResponse HTTPHeaderSyntaxError ProtocolError
-            Faraday BadRequestError UnauthorizedError ForbiddenError ResourceNotFound ProxyAuthError
-            ConflictError UnprocessableEntityError ClientError
-          ].cs__freeze
-          CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'.cs__freeze
-          # This will generate different chars for each agent startup but will be constant
-          # for current run and will make identical obfuscation to be compared if given type
-          # is the same.
-          CYPHER = CHARS.chars.shuffle.join
-
-          class << self
-            # Returns paths for known gems.
-            #
-            # @return [Array<Regexp>] known paths
-            def known_gem_paths
-              @_known_gem_paths ||= KNOWN_GEMS.map do |gem_name|
-                to_regexp(File.join(
-                              'gems', gem_name.tr('-', ''), 'lib'))
-              end
-            end
-
-            # Returns known modules names.
-            #
-            # @return [Array<Regexp>] known modules
-            def known_modules
-              @_known_modules ||= KNOWN_ERRORS.map { |module_name| to_regexp(module_name) }
-            end
-
-            # Obfuscate a type and replace it with random characters.
-            #
-            # @param type [String] the StackFrame type to obfuscate
-            # @return [String] obfuscated type
-            def obfuscate_type type
-              return unless type
-
-              check = type.tr('[^0-9].-', '')
-              type = cypher(type) unless match_known(known_gem_paths, check)
-              type
-            end
-
-            # Obfuscate a type and replace it with random characters.
-            #
-            # @param exception_type [String] the exception type to obfuscate
-            # @return [String] obfuscated exception type
-            def obfuscate_exception_type exception_type
-              return unless exception_type
-
-              exceptions = exception_type.split('::').each do |exception|
-                cypher(exception) unless match_known(known_modules, exception)
-              end
-              exceptions.join('::')
-            end
-
-            private
-
-            # Transforms string to regexp
-            #
-            # @param string [String]
-            def to_regexp string
-              /#{ string }/
-            end
-
-            # Add cypher to path to make it obscure, but unique enough for
-            # comparisons. Mutates original or duplicate if frozen string.
-            #
-            # @param string [String] string to be transformed.
-            def cypher string
-              string = string.dup if string.cs__frozen?
-              string.to_s.tr!(CHARS, CYPHER)
-            end
-
-            # @param known [Array<Regexp>] Array of regexp to match againts
-            # @param type [String] type to check
-            def match_known known, type
-              known.any? { |regexp| type =~ regexp }
-            end
-          end
+          # KNOWN_GEMS = %w[
+          #   activesupport redis-activesupport redis builder dry-types rails rails-html-sanitizer rails-observers
+          #   sinatra
+          #   benchmark-ips bundler climate_control execjs factory_bot debride fake_ftp fasterer flay openssl
+          #   parallel_tests contrast contrast-agent ruby pry-byebug byebug pry resolv ougai protobuf async nokogiri
+          #   benchmark grape-order grape-activerecord newrelic newrelic-grape grape-rails-cache grape-msgpack
+          #   grape-batch rspec rake rubocop grape-jbuilder rack-test rack-protection minitest grape-instrumentation
+          #   minitest-global_expectations rack-proxy rack-attack rack-ssl grape-cancan grape-attack grape-rake-tasks
+          #   grape-route-helpers benchmark-memory grape-rabl grape-kaminari grape-path-helpers grape-swagger-entity
+          #   grape-swagger-rails grape-roar newrelic-rake grapes-wagger-representative grape-forgery_protection
+          #   grape-papertrail grape-app grape-middleware-logger rack-protection rake-compile rhino rspec-benchmark
+          #   rspec_junit_formatter rspec-rails rake-performance rubocop-rails rubocop-rake rubocop-rspec
+          #   ruby-debug-ide simplecov sqlite steep tilt tzinfo-data warning xpath sinatra-activerecord sinatra-param
+          #   sinatra-partial sinatra-flash sinatra-reloader sinatra-sinatra rake_fly rack rack-accept grape
+          #   grape-entity
+          #   sinatra-advanced-routes sinatra-warden grape_logging grape-swagger sinatra-namespace sinatra-resource
+          #   sinatra-hashfix sinatra-instrumentation sinatra-helpers redis-rack sinatra-support sinatra-assetpack
+          #   sinatra-router sinatra-cross_origin sinatra_more sinatra-jsonp faraday-rack zlib mustermann
+          #   mustermann-grape
+          #   rspec-expectations rspec-core rspec-mocks rspec-sidekiq
+          # ].cs__freeze
+          # KNOWN_ERRORS = %w[
+          #   ActiveModel Error Errors Resolv Rspec ActiveRecord nil NilClass NoMemoryError ScriptError
+          #   LoadError NotImplementedError SyntaxError SecurityError SignalException Interrupt
+          #   StandardError ArgumentError UncaughtThrowError FiberError IOError EOFError IndexError KeyError
+          #   StopIteration LocalJumpError NameError NoMethodError RangeError FloatDomainError RegexpError
+          #   RuntimeError FrozenError SystemCallError ThreadError TypeError ZeroDivisionError SystemExit
+          #   SystemStackError fatal Warning buffer OpenSSL SSL SSLError Errno Timeout Exception EOFError
+          #   ECONNRESET ECONNREFUSED ETIMEDOUT EINVAL ESHUTDOWN EHOSTDOWN EHOSTUNREACH EISCONN
+          #   ECONNABORTED ENETRESET ENETUNREACH Net HTTPBadResponse HTTPHeaderSyntaxError ProtocolError
+          #   Faraday BadRequestError UnauthorizedError ForbiddenError ResourceNotFound ProxyAuthError
+          #   ConflictError UnprocessableEntityError ClientError
+          # ].cs__freeze
+          # CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'.cs__freeze
+          # # This will generate different chars for each agent startup but will be constant
+          # # for current run and will make identical obfuscation to be compared if given type
+          # # is the same.
+          # CYPHER = CHARS.chars.shuffle.join
+          #
+          # class << self
+          #   # Returns paths for known gems.
+          #   #
+          #   # @return [Array<Regexp>] known paths
+          #   def known_gem_paths
+          #     @_known_gem_paths ||= KNOWN_GEMS.map do |gem_name|
+          #       to_regexp(File.join(
+          #                     'gems', gem_name.tr('-', ''), 'lib'))
+          #     end
+          #   end
+          #
+          #   # Returns known modules names.
+          #   #
+          #   # @return [Array<Regexp>] known modules
+          #   def known_modules
+          #     @_known_modules ||= KNOWN_ERRORS.map { |module_name| to_regexp(module_name) }
+          #   end
+          #
+          #   # Obfuscate a type and replace it with random characters.
+          #   #
+          #   # @param type [String] the StackFrame type to obfuscate
+          #   # @return [String] obfuscated type
+          #   def obfuscate_type type
+          #     return unless type
+          #
+          #     check = type.tr('[^0-9].-', '')
+          #     type = cypher(type) unless match_known(known_gem_paths, check)
+          #     type
+          #   end
+          #
+          #   # Obfuscate a type and replace it with random characters.
+          #   #
+          #   # @param exception_type [String] the exception type to obfuscate
+          #   # @return [String] obfuscated exception type
+          #   def obfuscate_exception_type exception_type
+          #     return unless exception_type
+          #
+          #     exceptions = exception_type.split('::').each do |exception|
+          #       cypher(exception) unless match_known(known_modules, exception)
+          #     end
+          #     exceptions.join('::')
+          #   end
+          #
+          #   private
+          #
+          #   # Transforms string to regexp
+          #   #
+          #   # @param string [String]
+          #   def to_regexp string
+          #     /#{ string }/
+          #   end
+          #
+          #   # Add cypher to path to make it obscure, but unique enough for
+          #   # comparisons. Mutates original or duplicate if frozen string.
+          #   #
+          #   # @param string [String] string to be transformed.
+          #   def cypher string
+          #     string = string.dup if string.cs__frozen?
+          #     string.to_s.tr!(CHARS, CYPHER)
+          #   end
+          #
+          #   # @param known [Array<Regexp>] Array of regexp to match against
+          #   # @param type [String] type to check
+          #   def match_known known, type
+          #     known.any? { |regexp| type =~ regexp }
+          #   end
+          # end
         end
       end
     end

data/lib/contrast/agent/telemetry/events/startup_metrics_event.rb

@@ -51,7 +51,7 @@ module Contrast
           super
           @settings = []
           add_config_keys(::Contrast::CONFIG.config, 'root')
-          @settings << ENV.keys.select { |v| v.starts_with?('CONTRAST') }
+          @settings << ENV.keys.select { |v| v.start_with?('CONTRAST') }
           @settings.flatten
           add_tags
         end

data/lib/contrast/agent/thread_watcher.rb

@@ -3,8 +3,7 @@
 
 require 'contrast/components/logger'
 require 'contrast/agent/reporting/report'
-require 'contrast/agent/reporting/reporter_heartbeat'
-require 'contrast/agent/reporting/server_settings_worker'
+require 'contrast/agent/reporting/reporting_workers/reporting_workers'
 require 'contrast/agent/telemetry/base'
 require 'contrast/agent/protect/input_analyzer/worth_watching_analyzer'
 require 'contrast/config/diagnostics'
@@ -19,19 +18,22 @@ module Contrast
       attr_reader :heapdump_util
       # @return [Contrast::Agent::Reporter]
       attr_reader :reporter
-      # @return [Contrast::Agent::ReporterHeartbeat]
+      # @return [Contrast::Agent::ReportingWorkers::ReporterHeartbeat]
       attr_reader :reporter_heartbeat
       # @return [Contrast::Agent::Protect::WorthWatchingInputAnalyzer]
       attr_reader :worth_watching_analyzer
-      # @return [Contrast::Agent::ServerSettingsWorker]
+      # @return [Contrast::Agent::ReportingWorkers::ServerSettingsWorker]
       attr_reader :reporter_settings_worker
+      # @return [Contrast::Agent::ReportingWorkers::ApplicationServerWorker]
+      attr_reader :reporter_app_settings_worker
 
       def initialize
         @pids = {}
         @heapdump_util = Contrast::Utils::HeapDumpUtil.new
         @reporter = Contrast::Agent::Reporter.new
-        @reporter_heartbeat = Contrast::Agent::ReporterHeartbeat.new
-        @reporter_settings_worker = Contrast::Agent::ServerSettingsWorker.new
+        @reporter_heartbeat = Contrast::Agent::ReportingWorkers::ReporterHeartbeat.new
+        @reporter_settings_worker = Contrast::Agent::ReportingWorkers::ServerSettingsWorker.new
+        @reporter_app_settings_worker = Contrast::Agent::ReportingWorkers::ApplicationServerWorker.new
         @telemetry = Contrast::Agent::Telemetry::Base.new if Contrast::Agent::Telemetry::Base.enabled?
         @worth_watching_analyzer = Contrast::Agent::Protect::WorthWatchingInputAnalyzer.new unless protect_disabled?
       end
@@ -41,10 +43,8 @@ module Contrast
         return unless ::Contrast::AGENT.enabled?
 
         logger.debug('ThreadWatcher started threads')
-        reporter_status = init_thread(reporter)
-        reporter_heartbeat_status = init_thread(reporter_heartbeat)
-        reporter_settings_worker_status = init_thread(reporter_settings_worker)
-        @pids[Process.pid] = reporter_status && reporter_heartbeat_status && reporter_settings_worker_status
+
+        @pids[Process.pid] = reporter_threads
         if Contrast::Agent::Telemetry::Base.enabled?
           telemetry_status = init_thread(telemetry_queue)
           @pids[Process.pid] = @pids[Process.pid] && telemetry_status
@@ -56,6 +56,11 @@ module Contrast
         @pids
       end
 
+      def reporter_threads
+        init_thread(reporter) && init_thread(reporter_heartbeat) &&
+            init_thread(reporter_settings_worker) && init_thread(reporter_app_settings_worker)
+      end
+
       def ensure_running?
         return if @pids[Process.pid] == true
 
@@ -84,6 +89,7 @@ module Contrast
         reporter_heartbeat&.stop!
         worth_watching_analyzer&.stop!
         reporter_settings_worker&.stop!
+        reporter_app_settings_worker&.stop!
       end
 
       # @return [Contrast::Agent::Telemetry::Base]

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '6.9.0'
+    VERSION = '6.11.0'
   end
 end

data/lib/contrast/agent.rb

@@ -55,6 +55,7 @@ module Contrast
 
     # @return [Contrast::Framework::Manager]
     def self.framework_manager
+      reinitialize_with_log
       @_framework_manager ||= Contrast::Framework::Manager.new
     end
 
@@ -82,6 +83,17 @@ module Contrast
     def self.thread_watcher
       @_thread_watcher ||= Contrast::Agent::ThreadWatcher.new
     end
+
+    # Apparently by some unknown reason - if we have already some instance for the AgentLib - we can set the
+    # logger with options. That's why in rspec it started passing - because when we set the const in
+    # protect_spec_helper in the with AgentLib context - we've already set the AGENT_LIB constant.
+    #
+    # So that leads to this methods logic here, which somehow works
+    def self.reinitialize_with_log
+      return if Contrast::AGENT_LIB.enable_log
+
+      Contrast.cs__const_set(:AGENT_LIB, Contrast::AgentLib::Interface.new(true, 2, nil))
+    end
   end
 end
 

data/lib/contrast/agent_lib/api/init.rb

@@ -30,7 +30,6 @@ module Contrast
       # @return [Integer] Return type of the function.
       attach_function :init, [], :int
 
-      # TODO: RUBY-1693
       #  Initialize agent lib without any optional settings. To set optional settings consider using
       # `init_with_options` instead If you want to enable logging, it must be set using environment variables
       # `CONTRAST_AGENTLIB_LOG_LEVEL` - set to log level.  Must of one of ERROR, WARN, INFO, DEBUG or TRACE
@@ -45,7 +44,6 @@ module Contrast
       # @return [Integer] Return type of the function.
       attach_function :init_with_options, %i[bool string string], :int
 
-      # TODO: RUBY-1693
       # Change log settings for agent lib after it's been initialized.  This api must be used after init
       #
       # Safety
@@ -55,7 +53,6 @@ module Contrast
       # if logging is enabled
       attach_function :change_log_settings, %i[bool string], :int
 
-      # TODO: RUBY-1693
       # Initialize AgentLib with options.
       # If init returns 0 = successful setup with options
       # if init returns 1 = unsuccessful setup with options
@@ -83,16 +80,13 @@ module Contrast
         init.zero?
       end
 
-      # TODO: RUBY-1693
       # Change the log settings. This api must be called after the dl__init_with_options.
       #
       # @param enable_log [Boolean] flag to enable or disable logging this sets the inner flag.
       # @param log_level [String] OFF, ERROR, WARN, INFO, DEBUG or TRACE.
       # @return [Boolean] true if initialized false if not.
       def dl__change_log_settings enable_log, log_level
-        # transform to C strings pointers here and pass to function.
-        log_dir_pointer = FFI::MemoryPointer.from_string(log_level.dup.force_encoding('UTF-8'))
-        return true if change_log_settings(enable_log, log_dir_pointer).zero?
+        return true if change_log_settings(enable_log, log_level).zero?
 
         false
       end

data/lib/contrast/agent_lib/api/input_tracing.rb

@@ -53,12 +53,10 @@ module Contrast
       ffi_lib ContrastAgentLib::CONTRAST_C
       ffi_convention :stdcall
 
-      DbType = enum(:DB2, :MySQL, :Oracle, :Postgres, :Sqlite, :SqlServer, :Unknown)
-
       # Returns 0 if evaluation was successful, -1 if there was an unexpected error.
       attach_function :check_cmd_injection_query, %i[int int string pointer], :int
       # Return 0 if evaluation was successful, -1 iif there was an unexpected error.
-      attach_function :check_sql_injection_query, [:int, :int, DbType, :string, :pointer], :int
+      attach_function :check_sql_injection_query, %i[int int int string pointer], :int
       # Free function for all input tracing results pass to check functions.
       attach_function :free_check_query_sink_result, [:pointer], :int
       # Evaluate header input:
@@ -126,7 +124,7 @@ module Contrast
       # @return [Hash, nil] Returns 0 if evaluation was successful, -1 if there was an unexpected error.
       def dl__check_sql_injection_query input_index, input_length, db_type, sql_query
         db_type = :Sqlite if db_type.to_s.casecmp('sqlite3').zero?
-        dbtype = DbType[db_type]
+        dbtype = Contrast::AGENT_LIB.db_set[db_type.to_s.upcase.to_sym]
         pointer = FFI::MemoryPointer.new(:pointer)
         check = check_sql_injection_query(input_index, input_length, dbtype, sql_query, pointer)
 

data/lib/contrast/agent_lib/interface.rb

@@ -5,7 +5,6 @@ require 'contrast/agent_lib/api/init'
 require 'contrast/agent_lib/api/command_injection'
 require 'contrast/agent_lib/api/input_tracing'
 require 'contrast/agent_lib/api/panic'
-require 'contrast/agent_lib/api/method_tempering'
 require 'contrast/agent_lib/api/path_semantic_file_security_bypass'
 require 'contrast/components/logger'
 require 'contrast/utils/object_share'
@@ -24,8 +23,6 @@ module Contrast
       include Contrast::AgentLib::Panic
       include Contrast::AgentLib::InputTracing
       include Contrast::AgentLib::CommandInjection
-      # TODO: RUBY-1632
-      # include Contrast::AgentLib::MethodTempering
       include Contrast::AgentLib::PathSemanticFileSecurityBypass
       include Contrast::Components::Logger::InstanceMethods
 
@@ -113,7 +110,7 @@ module Contrast
       # @param level [Integer, nil] one of:
       # [-1...4]
       def log_level= level = nil
-        set_level = level.nil? ? 3 : level
+        set_level = level.nil? ? 4 : level
         update_log_level(set_level)
       end
 
@@ -243,18 +240,6 @@ module Contrast
 
         with_mutex { dl__does_file_bypass_security(file_path, is_custom_code) }
       end
-
-      # TODO: RUBY-1632 Test after integration and if method-tempering is covered
-      # # Check to see if method is being tempered or not.
-      # # Used with Protect method-tampering rule.
-      # #
-      # # @param method [String] method to check
-      # # @return [Boolean]
-      # def method_tempered? method
-      #   return false unless method
-      #
-      #   with_mutex { dl__method_tempered?(method) }
-      # end
     end
   end
 end

data/lib/contrast/agent_lib/interface_base.rb

@@ -1,46 +1,16 @@
 # Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast-agent-lib'
+require 'contrast/agent/reporting/settings/helpers'
+
 module Contrast
   module AgentLib
     # Base class to set basic rule sets and input list.
     class InterfaceBase
-      # This could be changed to regular Hash.
-      # This format is used to supports this kind of log_level assignment:
-      # via Contrast::Api::Settings::LogLevel::WARN => 3
-      # ( note -1 is not supported in the protobuf LogLevel)
       LOG_LEVEL = { -1 => 'OFF', 0 => 'TRACE', 1 => 'DEBUG', 2 => 'INFO', 3 => 'WARN', 4 => 'ERROR' }.cs__freeze
       LOG_DIR = File.join(Dir.pwd).cs__freeze
-      # Named after Protect rule_id / Names
-      # Corresponding to Rust's ulong enum
-      RULE_SET = {
-          'unsafe-file-upload' => 1 << 0,
-          'path-traversal' => 1 << 1,
-          'reflected-xss' => 1 << 2,
-          'sql-injection' => 1 << 3,
-          'cmd-injection' => 1 << 4,
-          'nosql-injection' => 1 << 5,
-          'bot-blocker' => 1 << 6,
-          'ssjs-injection' => 1 << 7,
-          'method-tampering' => 1 << 8
-      }.cs__freeze
-      # Named same as Contrast::Agent::Reporting::InputTypes
-      INPUT_SET = {
-          COOKIE_NAME: 1,
-          COOKIE_VALUE: 2,
-          HEADER_NAME: 3,
-          HEADER_VALUE: 4,
-          JSON_NAME: 5,
-          JSON_VALUE: 6,
-          METHOD: 7,
-          PARAMETER_NAME: 8,
-          PARAMETER_VALUE: 9,
-          URI: 10,
-          URL_PARAMETER: 11,
-          MULTIPART_NAME: 12,
-          XML_VALUE: 13
-      }.cs__freeze
-      EVAL_OPTIONS = { NONE: 0, WORTHWATCHING: 1 }.cs__freeze
+      # Parameters passed to AgentLib. WorthWatching is used for those rules only that support it.
 
       # Initializes the Agent lib.
       #
@@ -54,18 +24,33 @@ module Contrast
         # Override
       end
 
-      # Return list of available rules
+      # Return list of available rules. On first call the constants are extracted from the gem and set
+      # to resemble the protect rules ids used across the agent, e.g. CMD_INJECTIONS => cmd-injection.
+      #
+      # *** Note that the NoSQLI rules is used within the agent, but in future need arise to be used with the
+      # AgentLib, the rule_id for that rule atm is 'nosql-injection-mongo' ***
       #
+      # All the rules types extracted from the AgentLib gem will have value corresponding to an ulong enum in
+      # Rust land.
       # @return [Hash]
+      # @raise [NameError] If Gem is loaded but not constants are generated there could be not defined
+      # module name, or if module was renamed.
       def rule_set
-        RULE_SET
+        @_rule_set ||= extract_constants(ContrastAgentLib::RuleType, to_rule_id: true)
       end
 
-      # Returns list of available input types.
+      # Returns list of available input types
       #
       # @return [Hash]
       def input_set
-        INPUT_SET
+        @_input_set ||= extract_constants(ContrastAgentLib::InputType)
+      end
+
+      # Return the AgentLib supported Database types.
+      #
+      # @return [Hash]
+      def db_set
+        @_db_set ||= extract_constants(ContrastAgentLib::DbType)
       end
 
       # Return list of input evaluation options:
@@ -73,7 +58,12 @@ module Contrast
       #
       # @return [Hash]
       def eval_option
-        EVAL_OPTIONS
+        @_eval_option ||= begin
+          consts = extract_constants(ContrastAgentLib::EvalOptions).dup
+          # Adding the option to call the AgentLib without WorthWatching:
+          consts[:NONE] = 0
+          consts.cs__freeze
+        end
       end
 
       private
@@ -113,6 +103,29 @@ module Contrast
         FileUtils.mkdir_p(LOG_DIR)
         LOG_DIR
       end
+
+      # This method extracts constats from the AgentLib gem, from specific module.
+      # If the to_rule_id flag is set the constant names would be transformed from
+      # Symbols to string protect rule ids: e.g. CMD_INJECTIONS => cmd-injection.
+      #
+      # @param module_name [Module] e.g. ContrastAgentLib::RuleType
+      # @param to_rule_id [Boolean] Flag to convert the keys of the hash to protect rule_id style
+      # @return [Hash] Frozen hash with the extracted constants
+      def extract_constants module_name, to_rule_id: false
+        hash = {}
+        return hash unless module_name.cs__is_a?(Module)
+
+        module_name.cs__constants.each do |constant|
+          key = to_rule_id ? Contrast::Agent::Reporting::Settings::Helpers.to_rule_id(constant) : constant
+          hash[key] = module_name.cs__const_get(constant)
+        end
+        hash.cs__freeze
+      rescue NameError => e
+        # This should be log as error since if there is no rule set there will be no ia happening,
+        # and something has gone wrong with enabling the gem for the Agent.
+        logger.error("[AgentLib] Could not extract #{ module_name } constants", error: e)
+        {}.cs__freeze
+      end
     end
   end
 end

data/lib/contrast/agent_lib/return_types/eval_result.rb

@@ -26,8 +26,8 @@ module Contrast
       def initialize hsh
         return unless hsh&.cs__is_a?(Hash)
 
-        @rule_id = Contrast::AgentLib::Interface::RULE_SET.key(hsh[:rule_id])
-        @input_type = Contrast::AgentLib::Interface::INPUT_SET.key(hsh[:input_type])
+        @rule_id = Contrast::AGENT_LIB.rule_set.key(hsh[:rule_id])
+        @input_type = Contrast::AGENT_LIB.input_set.key(hsh[:input_type])
         @score = hsh[:score]
       end
 

data/lib/contrast/components/assess.rb

@@ -23,6 +23,16 @@ module Contrast
         attr_reader :canon_name
         # @return [Array]
         attr_reader :config_values
+        # @return [Boolean]
+        attr_writer :enable_original_object
+        # @return [Integer]
+        attr_writer :max_context_source_events
+        # @return [Integer]
+        attr_writer :max_propagation_events
+        # @return [Integer]
+        attr_writer :max_rule_reported
+        # @return [Integer]
+        attr_writer :time_limit_threshold
 
         DEFAULT_STACKTRACES = 'ALL'
         DEFAULT_MAX_SOURCE_EVENTS = 50_000
@@ -55,10 +65,7 @@ module Contrast
           @sampling = Contrast::Components::Sampling::Interface.new(hsh[:sampling])
           @rules = Contrast::Components::AssessRules::Interface.new(hsh[:rules])
           @stacktraces = hsh[:stacktraces]
-          @max_context_source_events = hsh[:max_context_source_events]
-          @max_propagation_events = hsh[:max_propagation_events]
-          @max_rule_reported = hsh[:max_rule_reported]
-          @time_limit_threshold = hsh[:time_limit_threshold]
+          assign_limits(hsh)
         end
 
         # @return [Boolean, true]
@@ -224,6 +231,21 @@ module Contrast
           @_forcibly_enabled = true?(::Contrast::CONFIG.assess.enable) if @_forcibly_enabled.nil?
           @_forcibly_enabled
         end
+
+        # Sets Event limits from configuration and converts string numbers to integers.
+        def assign_limits hsh
+          return unless hsh
+
+          source_limit = hsh[:max_context_source_events]&.to_i
+          propagation_limit = hsh[:max_propagation_events]&.to_i
+          max_rule_reporter = hsh[:max_rule_reported]&.to_i
+          time_limit = hsh[:time_limit_threshold]&.to_i
+
+          @max_context_source_events = source_limit if source_limit
+          @max_propagation_events = propagation_limit if propagation_limit
+          @max_rule_reported = max_rule_reporter if max_rule_reporter
+          @time_limit_threshold = time_limit if time_limit
+        end
       end
     end
   end