contrast-agent 7.1.0 → 7.3.0

data/lib/contrast/agent/telemetry/startup_metrics_event.rb

@@ -4,7 +4,6 @@
 require 'contrast/utils/metrics_hash'
 require 'contrast/agent/telemetry/metric_event'
 require 'contrast/agent/version'
-require 'contrast/utils/os'
 
 module Contrast
   module Agent
@@ -15,8 +14,6 @@ module Contrast
       # application framework and version and server framework
       # It will be initialized and send in Middleware#agent_startup_routine
       class StartupMetricsEvent < Contrast::Agent::Telemetry::MetricEvent
-        include Contrast::Utils::OS
-
         APP_AND_SERVER_DATA = ::Contrast::APP_CONTEXT.app_and_server_information.cs__freeze
         # Multi-tenant Production Environments
         SAAS_DEFAULT = { addr: 'app.contrastsecurity.com', type: 'SAAS_DEFAULT' }.cs__freeze
@@ -82,11 +79,6 @@ module Contrast
           end
         end
 
-        def sys_info
-          @sys_info ||= get_system_information if @sys_info.nil?
-          @sys_info
-        end
-
         private
 
         # Here we extract the TeamServer url type

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '7.1.0'
+    VERSION = '7.3.0'
   end
 end

data/lib/contrast/components/config/sources.rb

@@ -11,14 +11,15 @@ module Contrast
       # This component encapsulates storing the source for each entry in the config,
       # so that we can report on where the value was set from.
       class Sources
-        ENVIRONMENT_VARIABLE = 'ENV'
-        COMMAND_LINE = 'CLI'
-        CONTRAST_UI = 'ContrastUI'
-        DEFAULT_VALUE = 'Default'
+        ENVIRONMENT_VARIABLE = 'ENVIRONMENT_VARIABLE'
+        COMMAND_LINE = 'COMMAND_LINE'
+        CONTRAST_UI = 'CONTRAST_UI'
+        DEFAULT_VALUE = 'DEFAULT_VALUE'
+        APP_CONFIGURATION_FILE = 'USER_CONFIGURATION_FILE'
         # Order matters for the Configurations files. This is read when Agent starts up and will always go
         # through the YAML as priority.
         # Do not change the order!
-        APP_CONFIGURATION_FILE = %w[YAML YML].cs__freeze
+        APP_CONFIGURATION_EXTENSIONS = %w[yaml yml].cs__freeze
 
         # @return [Hash]
         attr_reader :data

data/lib/contrast/components/config.rb

@@ -25,7 +25,7 @@ module Contrast
     # time than to silently fail to deliver functionality.
     module Config
       CONTRAST_ENV_MARKER = 'CONTRAST__'
-      CONTRAST_LOG = 'contrast_agent.log'
+      CONTRAST_LOG = 'contrast.log'
       CONTRAST_NAME = 'Contrast Agent'
       DATE_TIME = '%Y-%m-%dT%H:%M:%S.%L%z'
 
@@ -63,7 +63,7 @@ module Contrast
           env_overrides
           validate
         rescue ArgumentError => e
-          proto_logger.error('Configuration failed with error: ', e)
+          proto_logger.error('[PROTO_LOGGER] Configuration failed with error: ', e)
         end
         alias_method :rebuild, :build
 
@@ -157,7 +157,7 @@ module Contrast
         # @return [boolean]
         def valid_session_metadata?
           if !session_id&.empty? && !session_metadata&.empty?
-            proto_logger.error(SESSION_VARIABLES)
+            proto_logger.error("[PROTO_LOGGER] #{ SESSION_VARIABLES }")
             return false
           end
           true
@@ -172,7 +172,7 @@ module Contrast
           msg << API_KEY unless api_key
           msg << API_SERVICE_KEY unless api_service_key
           msg << API_USERNAME unless api_username
-          msg.any? { |m| proto_logger.error(m) }
+          msg.any? { |m| proto_logger.error("[PROTO_LOGGER] #{ m }") }
           msg.empty?
         end
 

data/lib/contrast/components/protect.rb

@@ -15,12 +15,14 @@ module Contrast
         include Contrast::Config::BaseConfiguration
 
         CANON_NAME = 'protect'
-        CONFIG_VALUES = %w[enabled?].cs__freeze
+        CONFIG_VALUES = %w[enabled? normalize_base64?].cs__freeze
         RULES = 'rules'
         MODE = 'mode'
 
         # @return [Boolean, nil]
         attr_accessor :enable
+        # @return [Boolean, nil]
+        attr_accessor :normalize_base64
         # @return [String]
         attr_reader :canon_name
         # @return [Array]
@@ -36,6 +38,7 @@ module Contrast
           @_exceptions = Contrast::Config::ExceptionConfiguration.new(hsh[:exceptions])
           @_rules = Contrast::Config::ProtectRulesConfiguration.new(hsh[:rules])
           @enable = hsh[:enable]
+          @normalize_base64 = hsh[:normalize_base64]
           @agent_lib = hsh[:agent_lib]
         end
 
@@ -68,6 +71,13 @@ module Contrast
           ::Contrast::SETTINGS.protect_state.enabled == true
         end
 
+        # Check to determine if the base64 decoding is required for user inputs.
+        def normalize_base64?
+          @normalize_base64 = Contrast::CONFIG.protect.normalize_base64 if @normalize_base64.nil?
+
+          true?(@normalize_base64)
+        end
+
         # Current Configuration for the protect rules
         #
         # @return [Contrast::Config::ProtectRulesConfiguration]

data/lib/contrast/components/sampling.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require 'contrast/components/base'
+require 'contrast/utils/duck_utils'
 
 module Contrast
   module Components
@@ -27,7 +28,7 @@ module Contrast
             config_settings = ::Contrast::CONFIG.assess&.sampling
             settings = ::Contrast::SETTINGS&.assess_state&.sampling_settings
             {
-                enabled: enabled?(config_settings, settings),
+                enabled: enabled?(config_settings&.enable, settings&.enabled),
                 baseline: check_baseline(config_settings, settings),
                 request_frequency: check_request_frequency(config_settings, settings),
                 response_frequency: check_response_frequency(config_settings, settings),
@@ -43,13 +44,20 @@ module Contrast
 
         private
 
-        # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
+        # @param config_value [Boolean, nil] the Sampling configuration as provided by
         #   local user input
-        # @param settings [Contrast::Agent::Reporting::Settings::Sampling, nil] the Sampling settings as provided by
+        # @param settings_value [Boolean, nil] the Sampling settings as provided by
         # TeamServer
         # @return [Boolean] the resolution of the config_settings, settings, and default value
-        def enabled? config_settings, settings
-          true?([config_settings&.enable, settings&.enabled, DEFAULT_SAMPLING_ENABLED].compact[0])
+        def enabled? config_value, settings_value
+          # Check the Assess State received from TS:
+          sampling_enable = settings_value unless Contrast::Utils::DuckUtils.empty_duck?(settings_value)
+          # Check for local settings, YAML, ENV, CLI (it's with higher priority than Web Interface)
+          # see: https://docs.contrastsecurity.com/en/order-of-precedence.html
+          sampling_enable = config_value unless Contrast::Utils::DuckUtils.empty_duck?(config_value)
+          # Use default value, unless a false or true is set from local or TS settings.
+          sampling_enable = DEFAULT_SAMPLING_ENABLED if Contrast::Utils::DuckUtils.empty_duck?(sampling_enable)
+          true?(sampling_enable)
         end
 
         # @param config_settings [Contrast::Config::SamplingConfiguration] the Sampling configuration as provided by
@@ -106,6 +114,8 @@ module Contrast
         NAME_PREFIX = "#{ CONTRAST }.#{ CANON_NAME }".cs__freeze
         CONFIG_VALUES = %w[enable baseline request_frequency response_frequency window_ms].cs__freeze
 
+        # @return [Boolean, nil]
+        attr_accessor :enable
         # @return [Integer, nil]
         attr_accessor :baseline
         # @return [Integer, nil]
@@ -128,11 +138,6 @@ module Contrast
           @window_ms = hsh[:window_ms]
         end
 
-        # @return [Boolean, false]
-        def enable
-          !!@enable
-        end
-
         # Converts current configuration to effective config values class and appends them to
         # EffectiveConfig class.
         #

data/lib/contrast/components/settings.rb

@@ -5,6 +5,7 @@ require 'contrast/agent/excluder/excluder'
 require 'contrast/agent/reporting/settings/sensitive_data_masking'
 require 'contrast/components/config'
 require 'contrast/components/logger'
+require 'contrast/utils/duck_utils'
 
 module Contrast
   module Components
@@ -219,6 +220,14 @@ module Contrast
           exclusions.input_exclusions.each do |exclusion|
             matchers << Contrast::Agent::ExclusionMatcher.new(exclusion)
           end
+          # Do not populate the matchers unless we have any. There are certain checks in
+          # SourceMethod that will safe-guard return if there are no exclusions received.
+          # The matching operation is expensive, and the excluder calls are made for each
+          # source, and we do not want to check for exclusions if they are empty. This is
+          # probably redundant as all exclusions default to empty, but will save useless
+          # new object creation at very least.
+          return if Contrast::Utils::DuckUtils.empty_duck?(matchers)
+
           @excluder = Contrast::Agent::Excluder.new(matchers)
         end
 

data/lib/contrast/config/diagnostics/environment_variables.rb

@@ -11,7 +11,9 @@ module Contrast
       # Reads All ENV variables.
       module EnvironmentVariables
         class << self
-          NON_COMMON_ENV = %w[CONTRAST_CONFIG_PATH CONTRAST_AGENT_TELEMETRY_OPTOUT].cs__freeze
+          NON_COMMON_ENV = %w[
+            CONTRAST_CONFIG_PATH CONTRAST_AGENT_TELEMETRY_OPTOUT CONTRAST_AGENT_TELEMETRY_TEST
+          ].cs__freeze
 
           # This method will fill the canonical name for each env var and will check for any uncommon ones.
           #

data/lib/contrast/config/diagnostics/source_config_value.rb

@@ -41,7 +41,11 @@ module Contrast
         # @param source [String] name of the source file yaml | yml
         # @return [Array<String>, nil]
         def assign_filename source
-          Contrast::Components::Config::Sources::APP_CONFIGURATION_FILE.each do |type|
+          Contrast::Components::Config::Sources::APP_CONFIGURATION_EXTENSIONS.each do |type|
+            # We use the source to transfer the file's name from the mapping of the extensions.
+            # This is done b/c the user_configuration file has a second field to be filled,
+            # and other sources don't. Transfer the source as filename and set the default value
+            # for it later when we find the sources.
             instance_variable_set(:@filename, source) if source.include?(".#{ type.downcase }")
           end
         end

data/lib/contrast/config/diagnostics/tools.rb

@@ -164,10 +164,10 @@ module Contrast
           # For files we keep the whole path as source.
           source = Contrast::CONFIG.sources.get(new_effective_value.canonical_name)
           new_effective_value.assign_filename(source)
-          new_source = if source.include?(Contrast::Config::LocalSourceValue::YAML_EXT)
-                         Contrast::Components::Config::Sources::APP_CONFIGURATION_FILE[0]
-                       elsif source.include?(Contrast::Config::LocalSourceValue::YML_EXT)
-                         Contrast::Components::Config::Sources::APP_CONFIGURATION_FILE[1]
+          new_source = if source.include?(Contrast::Config::LocalSourceValue::YAML_EXT) ||
+                source.include?(Contrast::Config::LocalSourceValue::YML_EXT)
+
+                         Contrast::Components::Config::Sources::APP_CONFIGURATION_FILE
                        else
                          Contrast::Components::Config::Sources::DEFAULT_VALUE
                        end

data/lib/contrast/config/validate.rb

@@ -108,9 +108,9 @@ module Contrast
 
       def test_connection reporter
         puts("  Connection failed #{ FAIL }") unless reporter
-        connection = reporter.connection
+        connection = reporter.client.send(:reporting_connection)
         abort("Failed to Initialize Connection please check error logs for details #{ FAIL } ") unless connection
-        abort('Failed to Start Client please check error logs for details') unless reporter.client.startup!(connection)
+        abort('Failed to Start Client please check error logs for details') unless reporter.client.startup
         last_response = reporter.client.response_handler.last_response_code
         if last_response.include?('40')
           puts("  Last response code: #{ last_response  } #{ FAIL }")

data/lib/contrast/config/yaml_file.rb

@@ -11,6 +11,8 @@ module Contrast
     # instrumentation.
     module YamlFile
       CONFIG_FILE_NAME = 'contrast_security'
+      CONTRAST_ENV_MARKER = 'CONTRAST__'
+
       EXT = { yml: 'yml', yaml: 'yaml' }.freeze # rubocop:disable Security/Object/Freeze
 
       POSSIBLE_TARGET_PATHS = %w[
@@ -89,6 +91,8 @@ module Contrast
         #
         def create
           # rubocop:disable Rails/Output
+          return puts("\u{02C3}  Contrast configuration set by ENV variables.") if env_config_set?
+
           puts("\u{1F48E} Generating: Contrast Configuration file.")
           if Contrast::Config::YamlFile.created?
             puts("\u{2705}  Configuration file already exists: #{ Contrast::Config::YamlFile.find! }")
@@ -123,6 +127,10 @@ module Contrast
         def file_name
           ENV['CONTRAST_YAML_FILE_TEST_CREATE_CONFIG_FILE_NAME_VALUE'] || CONFIG_FILE_NAME
         end
+
+        def env_config_set?
+          ENV.keys&.select { |config| config.include?(CONTRAST_ENV_MARKER) }&.any?
+        end
       end
     end
   end

data/lib/contrast/configuration.rb

@@ -81,11 +81,11 @@ module Contrast
       # Overlay CLI options - they take precedence over config file
       cli_options = Contrast::Utils::HashUtils.deep_symbolize_all_keys(cli_options)
       if cli_options
-        config_kv = Contrast::Utils::HashUtils.deep_merge(cli_options, config_kv)
+        config_kv = Contrast::Utils::HashUtils.precedence_merge(cli_options, config_kv)
         @_source_file_extensions = Contrast::Utils::HashUtils.
-            deep_merge(assign_source_to(cli_options,
-                                        Contrast::Components::Config::Sources::COMMAND_LINE),
-                       @_source_file_extensions)
+            precedence_merge(assign_source_to(cli_options,
+                                              Contrast::Components::Config::Sources::COMMAND_LINE),
+                             @_source_file_extensions)
       end
 
       # Some in-flight rewrites to maintain backwards compatibility
@@ -157,7 +157,7 @@ module Contrast
       @_configuration_paths ||= begin
         basename = default_name.split('.').first
         # Order of extensions comes from here:
-        extensions = Contrast::Components::Config::Sources::APP_CONFIGURATION_FILE.map(&:downcase)
+        extensions = Contrast::Components::Config::Sources::APP_CONFIGURATION_EXTENSIONS
 
         paths = []
         # Environment paths takes precedence here. Look first through them.
@@ -216,7 +216,6 @@ module Contrast
         end
         origin.add_source_file(path, (yaml_to_hash(path) || {}))
       end
-
       # Legacy usage: Assign main configuration file for reference.
       @config_file = origin.main_file
       # merge all settings keeping the top yaml files values as priority.
@@ -225,13 +224,15 @@ module Contrast
       # precedence of paths: see Contrast::Configuration::CONFIG_BASE_PATHS
       extensions_maps = []
       origin.source_files.each do |file|
-        # config.merge!(file.values) { |_key, oldval, _newval| oldval = oldval }
-        precedence_merge!(config, file.values)
+        config = Contrast::Utils::HashUtils.precedence_merge(config, file.values)
         # assign source values extentions:
         extensions_maps << assign_source_to(Contrast::Utils::HashUtils.deep_symbolize_all_keys(file.values), file.path)
       end
+
       # merge all origin paths to be used as extension classification to preserve the precedence of config files:
-      extensions_maps.each { |path| @_source_file_extensions = precedence_merge!(@_source_file_extensions, path) }
+      extensions_maps.each do |path|
+        @_source_file_extensions = Contrast::Utils::HashUtils.precedence_merge!(@_source_file_extensions, path)
+      end
 
       config
     end
@@ -357,7 +358,7 @@ module Contrast
       KEYS_TO_REDACT.include?(key.to_sym)
     end
 
-    def assign_source_to hash, source = Contrast::Components::Config::Sources::APP_CONFIGURATION_FILE[0]
+    def assign_source_to hash, source = Contrast::Components::Config::Sources::APP_CONFIGURATION_FILE
       hash.transform_values do |value|
         if value.is_a?(Hash)
           assign_source_to(value, source)
@@ -366,14 +367,5 @@ module Contrast
         end
       end
     end
-
-    # Merges two hashes, first hash will preserve it's values and will only add unique values.
-    #
-    # @param hsh [Hash]
-    # @param other_hsh [Hash]
-    # @return [Hash]
-    def precedence_merge! hsh, other_hsh
-      hsh.merge!(other_hsh) { |_key, old_val, _new_val| old_val }
-    end
   end
 end

data/lib/contrast/framework/grape/support.rb

@@ -72,8 +72,7 @@ module Contrast
 
           # @param request [Contrast::Agent::Request] a contrast tracked request.
           # @param controller [::Grape::API] optionally use this controller instead of global ::Grape::API.
-          # @return [Contrast::Agent::Reporting::RouteCoverage, nil] a Dtm describing the route
-          # matched to the request if a match was found.
+          # @return [Contrast::Agent::Reporting::RouteCoverage, nil] the route coverage object or nil if no route
           def current_route_coverage request, controller = ::Grape::API, full_route = nil
             return unless grape_controller?(controller)
 

data/lib/contrast/framework/manager.rb

@@ -37,6 +37,9 @@ module Contrast
           logger.info('Framework detected. Enabling support.', framework: framework_klass.detection_class)
           framework_klass
         end
+
+        # Delete Rack if we have more than one framework detected
+        @_frameworks.delete(Contrast::Framework::Rack::Support) if @_frameworks.length > 1
         @_frameworks.compact!
       end
 
@@ -87,16 +90,22 @@ module Contrast
       #   this particular Request
       # @return [::Rack::Request] either a rack request or subclass thereof.
       def retrieve_request env
-        # If we're mounted on Rails, use Rails.
-        if @_frameworks.include?(Contrast::Framework::Rails::Support)
-          return Contrast::Framework::Rails::Support.retrieve_request(env)
+        if Contrast::Utils::DuckUtils.empty_duck?(@_frameworks)
+          return Contrast::Framework::Rack::Support.retrieve_request(env)
         end
 
-        # If we know the framework, use it.
-        return @_frameworks[0].retrieve_request(env) if @_frameworks.length == 1
-
-        # Fall back on a regular Rack::Request
-        ::Rack::Request.new(env)
+        framework = @_frameworks[0]
+
+        case framework.cs__name
+        when 'Contrast::Framework::Rails::Support'
+          Contrast::Framework::Rails::Support.retrieve_request(env)
+        when 'Contrast::Framework::Grape::Support'
+          Contrast::Framework::Grape::Support.retrieve_request(env)
+        when 'Contrast::Framework::Sinatra::Support'
+          Contrast::Framework::Sinatra::Support.retrieve_request(env)
+        else
+          Contrast::Framework::Rack::Support.retrieve_request(env)
+        end
       rescue StandardError => e
         logger.warn('Unable to retrieve_request', e)
       end

data/lib/contrast/framework/rack/support.rb

@@ -14,7 +14,105 @@ module Contrast
         extend Contrast::Framework::Rack::Patch::Support
         class << self
           def detection_class
-            'rack -- don\'t let me be detected'
+            'Rack'
+          end
+
+          # @return [String] the Rack version
+          def version
+            ::Rack.version
+          rescue StandardError
+            ''
+          end
+
+          # @return [String] the Rack application name
+          def application_name
+            'Rack Application'
+          end
+
+          def application_root
+            Dir.pwd
+          end
+
+          # @return [String] the server type
+          def server_type
+            'Rack'
+          end
+
+          # Find all the predefined routes for this application
+          #
+          # Extracting the Rack application routes is not trivial. Routes are evaluated dynamically
+          # when a request comes in, so they are not loaded before and stored in a data structure
+          # available somewhere. This mean that route discovery is only available through the rack map,
+          # but this is limited as not showing the actual method (GET, POST, etc...). For now The Agent
+          # will use only the current_route_coverage for Rack applications.
+          #
+          # @return [Array<Contrast::Agent::Reporting::DiscoveredRoute>]
+          # @raise [NoMethodError] raises error if subclass does not implement this method
+          def collect_routes
+            # return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless defined?(Rack)
+            # Rack::URLMap is used for mapping different rack apps to different paths.
+            # The Rack app could be separated into smaller rack applications.
+            # Rack::Builder is another option.
+            # return Contrast::Utils::ObjectShare::EMPTY_ARRAY unless rack_map
+
+            # This method is disabled for now, as it is not returning the actual routes. Code is left for as
+            # comment for future reference.
+            #
+            # routes = []
+            # rack_map.any? do |path, meta|
+            #   routes << Contrast::Agent::Reporting::DiscoveredRoute.from_rack_route(meta[1], meta[0], path)
+            # end
+            # routes
+            Contrast::Utils::ObjectShare::EMPTY_ARRAY
+          end
+
+          # Given the current request - return a RouteCoverage object
+
+          # @param request [Contrast::Agent::Request] a contrast tracked request.
+          # @param _controller [::Sinatra::Base] optionally use this controller instead of global ::Sinatra::Base.
+          # @return [Contrast::Agent::Reporting::RouteCoverage, nil] the route coverage object or nil if no route
+          def current_route_coverage request, _controller = nil, full_route = nil
+            method = request.env[::Rack::REQUEST_METHOD] # GET, PUT, POST, etc...
+
+            full_route ||= request.env[::Rack::PATH_INFO]
+            return unless full_route && method
+
+            route_coverage = Contrast::Agent::Reporting::RouteCoverage.new
+            # We might not have controller, or even if there is defined one, it could not bare the name of the
+            # route to match as an object, it could be one router class with base controller with several methods
+            # describing each class, search for final controller might be resource heavy, and not efficient.
+            # For now to identify the controller the Agent will use the route name, this may lead to recording
+            # of false routes, but it is better than nothing. If route do no match a pattern it is a good practice
+            # to notify the user by displaying a not found page, in a sense this is a exercise of the application, but
+            # not correctly recorded controller name. Try to see if there is a define Rack::URLMap, and use it first.
+            mapped_controller = rack_map[full_route]&.last
+            final_controller = mapped_controller || full_route
+            route_coverage.attach_rack_based_data(final_controller, method, nil, full_route)
+            route_coverage
+          end
+
+          # Try and get map of Rack application { "path" => ["pattern", "controller"] }.
+          #
+          # @return [Hash<String, Array<String>>] the rack map
+          def rack_map
+            rack_map = {}
+            maps = ObjectSpace.each_object(::Rack::URLMap).to_a
+            maps.any? do |map|
+              mapping = map.instance_variable_get(:@mapping)
+              mapping.any? do |arr|
+                path = arr[1]
+                pattern = arr[2]
+                controller = arr[3]&.cs__class&.cs__name
+                rack_map[path] = [pattern, controller] if path&.cs__is_a?(String) && controller
+              end
+            end
+            rack_map
+          rescue StandardError
+            {}
+          end
+
+          def retrieve_request env
+            ::Rack::Request.new(env)
           end
         end
       end

data/lib/contrast/framework/rails/support.rb

@@ -4,6 +4,7 @@
 require 'contrast/framework/base_support'
 require 'contrast/framework/rails/patch/support'
 require 'contrast/utils/string_utils'
+require 'contrast/utils/duck_utils'
 
 module Contrast
   module Framework
@@ -51,8 +52,7 @@ module Contrast
           # Find the current route, based on the provided Request wrapper
           #
           # @param request[Contrast::Agent::Request]
-          # @return [Contrast::Agent::Reporting::RouteCoverage, nil] a Dtm describing the route
-          # matched to the request if a match was found.
+          # @return [Contrast::Agent::Reporting::RouteCoverage, nil] the route coverage object or nil if no route
           def current_route_coverage request
             return unless ::Rails.cs__respond_to?(:application)
 
@@ -130,6 +130,8 @@ module Contrast
             if engine_route?(route)
               new_req = retrieve_request(request.env)
               new_req.path_info = new_req.path_info.gsub(match.to_s, '')
+              # solves the issue when requiring base path '/' without the slash
+              new_req.path_info = '/' if Contrast::Utils::DuckUtils.empty_duck?(new_req.path_info)
               get_full_route(new_req, route.app.app.routes.router, path << match.to_s)
             else
               [match, params, route, path]

data/lib/contrast/framework/sinatra/support.rb

@@ -68,8 +68,7 @@ module Contrast
 
           # @param request [Contrast::Agent::Request] a contrast tracked request.
           # @param _controller [::Sinatra::Base] optionally use this controller instead of global ::Sinatra::Base.
-          # @return [Contrast::Agent::Reporting::RouteCoverage, nil] a Dtm describing the route
-          # matched to the request if a match was found.
+          # @return [Contrast::Agent::Reporting::RouteCoverage, nil] the route coverage object or nil if no route
           def current_route_coverage request, _controller = ::Sinatra::Base, full_route = nil
             method = request.env[::Rack::REQUEST_METHOD] # GET, PUT, POST, etc...
             route = _cleaned_route(request)

data/lib/contrast/logger/aliased_logging.rb

@@ -72,13 +72,11 @@ module Contrast
       def build_exception type, message = nil, exception = nil, data = nil
         return unless buildable?
 
-        stack_trace = wrapped_caller_locations
-        caller_idx = stack_trace&.find_index { |stack| stack.to_s.include?(type) } || 0
-        # The caller_stack is the method in which the error occurred, so has to be above this method
+        caller_idx = wrapped_caller_locations&.find_index { |stack| stack.to_s.include?(type) } || 0
         caller_idx += 1
-        caller_frame = stack_trace[caller_idx]
-        stack_frame_type = caller_frame.path.delete_prefix(Dir.pwd)
-        stack_frame_function = caller_frame.label
+        caller = wrapped_caller_locations[caller_idx]
+        stack_frame_type = obfuscate_type(caller)
+        stack_frame_function = caller.label
         key = "#{ stack_frame_type }|#{ stack_frame_function }|#{ message }"
         if Contrast::TELEMETRY_EXCEPTIONS[key]
           Contrast::TELEMETRY_EXCEPTIONS.increment(key)
@@ -92,7 +90,7 @@ module Contrast
                                        stack_frame_type, message_exception_type,
                                        data, exception,
                                        message)
-        build_stack(event_message, stack_trace, caller_idx)
+        build_stack(event_message, wrapped_caller_locations, caller_idx)
         TELEMETRY_EXCEPTIONS[key] = event_message
       rescue StandardError => e
         debug('[Telemetry] Unable to report exception', e)
@@ -141,8 +139,11 @@ module Contrast
         caller_stack.each_with_index do |caller, idx|
           next unless idx > caller_idx
 
-          stack_frame = Contrast::Agent::Telemetry::Exception::StackFrame.build(caller.label,
-                                                                                caller.path.delete_prefix(Dir.pwd))
+          obfuscated_label = Contrast::Agent::Telemetry::Exception::Obfuscate.obfuscate_path(caller.label)
+          obfuscated_path =  Contrast::Agent::Telemetry::Exception::Obfuscate.
+              obfuscate_path(caller.path.delete_prefix(Dir.pwd))
+
+          stack_frame = Contrast::Agent::Telemetry::Exception::StackFrame.build(obfuscated_label, obfuscated_path)
           event_exception_message.push(stack_frame)
         end
       end
@@ -153,6 +154,14 @@ module Contrast
       def wrapped_caller_locations
         caller_locations
       end
+
+      # @param caller [Thread::Backtrace::Location, nil]
+      # @return [String]
+      def obfuscate_type caller
+        return '' unless caller.cs__respond_to?(:path)
+
+        Contrast::Agent::Telemetry::Exception::Obfuscate.obfuscate_path(caller.path.delete_prefix(Dir.pwd).to_s)
+      end
     end
   end
 end