contrast-agent 7.3.0 → 7.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e64852411fae5dd5c52973361e7f54cdf60813105423ed81cd6455c6ec212330
-  data.tar.gz: d7d6a1ef01242d97b36f1b8fc4767829d300ec2f3ce1dcb21df7fe05aebc22b1
+  metadata.gz: a4ed370d3625c9e07c5966fb4e091e96cc37a6a2fce8376d63a547e655b27173
+  data.tar.gz: 601a4767e4317af72e2c610df6ba19bb68df2c42f128bb873539204c93801019
 SHA512:
-  metadata.gz: 86626808971cfc1fcd74febe8cdf2d41be668a78cc02d41d4bf7f6a488e550fef9f2a8fe3230eea7ea9ed63824d09e61956878d34d99375dd3595b77d3a9755f
-  data.tar.gz: 9fb15e1733095b1f7c2a9d5d4bfce96a3a2e9d5f956d77f0cd6c1fb810c44166a7bf0e2b89966a63ca80aa34514dd82e6f87e619a782d5024854d84c1ed93183
+  metadata.gz: 597307a8f3521cd9783c07ccc8b2f54d6bf2cf1631db84bd29fba683fbd93fc4f5eff47bbbc2ed50c37c02fd3c59d5df987526c839c5e731299cdb6e02e30c6f
+  data.tar.gz: 95898f87cbabbcc24d9ce3f0d5ba1397b4399f9ca35f4c4a1290c7e3d9c7cd26d6bf13c99affc013dea2456260aeb918349a97905863ba790ba869a272faccfc

data/ext/cs__scope/cs__scope.c

@@ -5,6 +5,7 @@
 #include "../cs__common/cs__common.h"
 #include <ruby.h>
 #include <stdlib.h>
+#include <pthread.h>
 
 /*-----------------------------------------
  |  Calls to Contrast modules and classes
@@ -23,6 +24,9 @@ static char truthy_arr[3][5] = {"true", "True", "TRUE"};
  |  Helpers
  -----------*/
 
+/* Declare new c mutex for scope locking: */
+pthread_mutex_t c_mutex;
+
 /**
  * @brief get scope for ec or create new
  *
@@ -153,22 +157,40 @@ VALUE contrast_scope_application_update() {
      * [ Do not touch, do not free. We don't control it! ]
      */
     char *eVar = getenv(c_const_ctr_agent_app_scope);
-    VALUE app_scope = eVar;
+    /* check to see if the ENV variable is set */
+    return INT2FIX(env_var_set(eVar));
+}
 
+/** 
+ * @brief Determines if the Contrast Scope should be set with the Trap Context. 
+ * @return 1 if set, 0 if not set.
+ */
+int contrast_scope_with_trap_context() {
+    char *eVar = getenv(c_const_ctr_agent_scope_trap_context);
+    return env_var_set(eVar);
+}
+
+/**
+ *  @brief Checks to see if the ENV variable is set.
+ *  @param args VALUE [String] ENV variable name.
+ *  @return 1 if set, 0 if not set.
+ */
+int env_var_set(char *eVar) {
+    VALUE env_var = eVar;
     /* check to see if the ENV variable is set */
-    if (RTEST(app_scope)) {
+    if (RTEST(env_var)) {
         /* Application Scope is set*/
         int i;
         for (i = 0; i < sizeof(truthy_arr) / sizeof(truthy_arr[0]); i++) {
             if (strcmp(eVar, truthy_arr[i]) == 0) {
-                return INT2FIX(1);
+                return 1;
             }
         }
         /* this covers all of the false values */
-        return INT2FIX(0);
+        return 0;
     } else {
         /* Application Scope is not set ( NULL )*/
-        return INT2FIX(0);
+        return 0;
     }
 }
 
@@ -505,8 +527,48 @@ VALUE contrast_scope_interface_init(VALUE self, VALUE args) {
 VALUE contrast_scope_for_current_ec(VALUE self, VALUE args) {
     /* synchronize */
     VALUE mutex = rb_const_get(scope_mod, rb_intern(rb_const_mon));
-
-    return rb_mutex_synchronize(mutex, get_ec, 0);
+    if (contrast_scope_with_trap_context()) {
+        /**
+         * trap context safety:
+         *
+         * If  mutex  synchonize is called inside a  trap  context,
+         * it will raise a thread error. To avoid that,  there  are
+         * different  approaches as to  trap all signal  in a loop,
+         * but that is  not a good idea, since the scope is checked
+         * once, and only one signal could be trapped.  Another way
+         * is  to make new thread around the mutex  synchronization
+         * call,  but this will create a new execution context  and
+         * the returned scope will be different.
+         *
+         * Most of the  thread error occur randomly whenever GC  is
+         * started. We  cannot detect, When the  GC  is started, it
+         * will stop all current Ruby code execution while running.
+         *
+         * Instead we call the `get_ec()` directly since  Ruby have
+         * GVL (Global VM Lock) when calling it's C  API  therefore
+         * This should be safe called from Ruby land. Just in  case
+         * this is a feature flag, so that only be used when thread
+         * safety could be traded for signal safety.
+         *
+         * This is still experimental as relies ong the GLV and the
+         * Ruby VM is not thread safe by default. Various  problems
+         * might occur, when the mutex is in  Ruby  and called from
+         * different thread, at once, but since the mutex stays  in
+         * the C API context, this might work fine. Still use  only
+         * when unusual conditions are met.
+         * 
+         * In addition we could use C mutex lock just in case. Ruby
+         * Threads under the hood are C threads (pthread),  so they
+         * should be treated as such. In theory only one thread can
+         * access this code at a time.
+         */
+        pthread_mutex_lock(&c_mutex);
+        VALUE res = get_ec();
+        pthread_mutex_unlock(&c_mutex);
+        return res;
+    } else {
+        return rb_mutex_synchronize(mutex, get_ec, 0);
+    }
 }
 
 /*--------------------------------------------------------
@@ -819,6 +881,9 @@ VALUE scope_mod_sweep_dead_ecs(VALUE self, VALUE args) {
 }
 
 void Init_cs__scope() {
+    /* Init new mutex handle */
+    pthread_mutex_init(&c_mutex, NULL);
+
     /* ivs */
     rb_iv_cntr_scope = "@contrast_scope";
     rb_iv_dslr_scope = "@deserialization_scope";
@@ -829,6 +894,7 @@ void Init_cs__scope() {
     rb_const_ec = "EXECUTION_CONTEXT";
     rb_const_ec_keys = "EC_KEYS";
     c_const_ctr_agent_app_scope = "CONTRAST__AGENT__RUBY__APPLICATION_SCOPE";
+    c_const_ctr_agent_scope_trap_context = "CONTRAST__AGENT__SCOPE__WITH_TRAP_CONTEXT";
 
     /* Symbols */
     rb_sym_scope_mod = rb_intern("Scope");
@@ -977,4 +1043,7 @@ void Init_cs__scope() {
                      inst_methods_enter_method_scope, 1);
     rb_define_method(scope_inst_methods, "contrast_exit_method_scopes!",
                      inst_methods_exit_method_scope, 1);
+
+    /* free the c_mutex */
+    pthread_mutex_destroy(&c_mutex);
 }

data/ext/cs__scope/cs__scope.h

@@ -1,4 +1,5 @@
 #include <ruby.h>
+#include <ruby/thread.h>
 
 /* Calls to Contrast modules and classes */
 VALUE scope_interface;
@@ -14,6 +15,7 @@ static VALUE rb_const_ec;
 static VALUE rb_const_mon;
 static VALUE rb_const_ec_keys;
 static VALUE c_const_ctr_agent_app_scope;
+static VALUE c_const_ctr_agent_scope_trap_context;
 
 /* Symbols */
 static VALUE rb_sym_scope_mod;
@@ -58,6 +60,7 @@ VALUE scope_klass_exit_scope(VALUE self, VALUE method_scope_sym);
 VALUE contrast_scope_interface_init(VALUE self, VALUE args);
 VALUE contrast_scope_for_current_ec(VALUE self, VALUE args);
 VALUE contrast_scope_application_update();
+int contrast_scope_with_trap_context();
 
 /* Scope instance methods */
 VALUE inst_methods_in_cntr_scope(VALUE self, VALUE args);
@@ -83,6 +86,7 @@ VALUE inst_methods_exit_method_scope(VALUE self, VALUE scopes_to_exit);
 VALUE is_in_scope(int scope);
 VALUE get_ec();
 VALUE rb_new_c_scope();
+int env_var_set(char *eVar);
 int scope_increase(int scope);
 int scope_decrease(int scope);
 void rb_raise_scope_no_method_err(const VALUE method_scope_sym);

data/lib/contrast/agent/assess/policy/policy_node.rb

@@ -16,6 +16,7 @@ module Contrast
         class PolicyNode < Contrast::Agent::Patching::Policy::PolicyNode
           include Contrast::Components::Logger::InstanceMethods
           include PolicyNodeUtils
+
           JSON_TAGS = 'tags'
           JSON_DATAFLOW = 'dataflow'
           # The keys used to read from policy.json to create the individual
@@ -48,6 +49,9 @@ module Contrast
           ].cs__freeze
           TO_S = %w[to_s to_str].cs__freeze
 
+          # Here are all Responses that will be tracked as sources, or methods they use, like body.
+          RESPONSE_SOURCES = %w[Net::HTTPResponse Rack::Response Sinatra::Response].cs__freeze
+
           def initialize policy_hash = {}
             super(policy_hash)
             @source_string = policy_hash[JSON_SOURCE]
@@ -57,13 +61,14 @@ module Contrast
             @targets = convert_policy_markers(target_string)
             @_use_original_object = ORIGINAL_OBJECT_METHODS.include?(@method_name)
             @_use_original_on_bang_method = assign_on_bang_check(policy_hash)
+            @_use_response_as_source = RESPONSE_SOURCES.include?(@class_name)
           end
 
+          # If we have KEEP action on String, and the method is to_s, that method would return self:
+          # String#to_s => self or string. This method is included here to cover the situations such as
+          # String.to_s.html_safe, where normally the dynamic sources properties get lost. To solve this
+          # we will simply return the original object here.
           def assign_on_bang_check policy_hash
-            # If we have KEEP action on String, and the method is to_s, that method would return self:
-            # String#to_s => self or string. This method is included here to cover the situations such as
-            # String.to_s.html_safe, where normally the dynamic sources properties get lost. To solve this
-            # we will simply return the original object here.
             return true if @_use_original_object && TO_S.include?(policy_hash[JSON_METHOD_NAME])
 
             @_use_original_object &&
@@ -166,7 +171,7 @@ module Contrast
           # that the method is without bang - it does not change the source, but rather
           # creates a copy of it.
           #
-          # @return true | false
+          # @return [Boolean]
           def use_original_object?
             @_use_original_object && Contrast::ASSESS.track_original_object?
           end
@@ -175,10 +180,24 @@ module Contrast
           # that the target return is the same as object - a bang method modifying the
           # source.
           #
-          # @return true | false
+          # @return [Boolean]
           def use_original_on_bang_method?
             @_use_original_on_bang_method && Contrast::ASSESS.track_original_object?
           end
+
+          # This method will check if policy is fit to use response as source.
+          #
+          # @return [Boolean]
+          def use_response_as_source?
+            Contrast::ASSESS.track_response_as_source?
+          end
+
+          # This method will check if the policy node is for response method.
+          #
+          # @return [Boolean]
+          def response_source_node?
+            @_use_response_as_source
+          end
         end
       end
     end

data/lib/contrast/agent/assess/policy/propagator/response.rb

@@ -0,0 +1,64 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/agent/assess/policy/propagator/select'
+require 'contrast/utils/duck_utils'
+
+module Contrast
+  module Agent
+    module Assess
+      module Policy
+        module Propagator
+          # Propagation that results in all the tags of the source being
+          # applied to the target at the point of insertion. The target's
+          # preexisting tags are shifted to account for this insertion.
+          class Response < Contrast::Agent::Assess::Policy::Propagator::Base
+            class << self
+              # This will path the Net::HTTP.request method. It takes two parameters:
+              #  - req: Net::HTTPGenericRequest
+              #  - body: String
+              # As body may be optional, we need to check if it's nil or not.
+              #
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode]
+              # @param preshift [Contrast::Agent::Assess::Preshift]
+              # @param ret [Object] Return targer from method invocation.
+              # @param _block [nil, {}] block passed.
+              def net_response_keep propagation_node, preshift, ret, _block
+                return unless Contrast::ASSESS.track_response_as_source?
+
+                # Check to see if the argument is of correct type, and whether the body is tracked or not.
+                # if it's tracked and the body is not nil, then copy the properties from the source's body
+                # to the target's body.
+                source_body = if preshift.args.length == 2
+                                preshift.args[1]
+                              else
+                                preshift.args[0]&.body
+                              end
+                copy_body_tags(propagation_node, source_body, ret)
+              end
+
+              private
+
+              # Copy the properties form source body to the response body, if one is present.
+              #
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode]
+              # @param source_body [String] the tracked body to copy from.
+              # @param ret [String] the return target from method invocation.
+              # @return [String, nil]
+              def copy_body_tags propagation_node, source_body, ret
+                return if Contrast::Utils::DuckUtils.empty_duck?(source_body)
+                return unless ret&.body&.cs__is_a?(String)
+                return unless source_body&.cs__is_a?(String)
+                return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret.body))
+
+                # KEEP
+                properties.copy_from(source_body, ret.body, 0, propagation_node.untags)
+                ret
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/contrast/agent/assess/policy/propagator.rb

@@ -31,6 +31,7 @@ module Contrast
           require 'contrast/agent/assess/policy/propagator/substitution'
           require 'contrast/agent/assess/policy/propagator/trim'
           require 'contrast/agent/assess/policy/propagator/buffer'
+          require 'contrast/agent/assess/policy/propagator/response'
         end
       end
     end

data/lib/contrast/agent/assess/policy/source_method.rb

@@ -46,6 +46,11 @@ module Contrast
                 # Exclusions makes method slow:
                 return if excluded_by_url?
 
+                # Check to see if the source node is to be used for response as source.
+                if method_policy.source_node.response_source_node? && !method_policy.source_node.use_response_as_source?
+                  return
+                end
+
                 # used to hold the object and ret
                 source_data = Contrast::Agent::Assess::Events::EventData.new(nil, nil, object, ret, nil)
 

data/lib/contrast/agent/assess/rule/response/body_rule.rb

@@ -3,6 +3,7 @@
 
 require 'rack'
 require 'contrast/utils/hash_digest'
+require 'contrast/utils/duck_utils'
 require 'contrast/utils/string_utils'
 require 'contrast/agent/assess/rule/response/base_rule'
 
@@ -44,21 +45,35 @@ module Contrast
             # @param element_start_str [String] element to find in html section
             # @return [Array<Hash>] the found elements of this section, as well as their start and end indexes.
             def html_elements section, element_start_str = '', capture_overflow: false
+              return [] unless section
+              return [] unless (potentials = potential_elements(section, element_start_str).flatten).any?
+
               elements = []
               section_start = 0
-              return [] unless section
 
-              potential_elements(section, element_start_str).flatten.each do |potential_element|
+              potentials.each do |potential_element|
                 next unless potential_element
                 next unless element_openings.any? { |opening| potential_element.start_with?(opening) }
 
-                section_start = section.index(element_start_str, section_start)
-                next unless section_start
+                start = section&.index(element_start_str, section_start)
+                next if Contrast::Utils::DuckUtils.empty_duck?(start)
+
+                stop = potential_element.index('>').to_i
+                next if Contrast::Utils::DuckUtils.empty_duck?(stop)
 
-                element_stop = potential_element.index('>').to_i
-                next unless element_stop
+                section_close = start + 6 + stop
+                # Now we have valid tag section with start and stop.
+                # Save new boundaries. This is to make sure that If
+                # on previous iteration there were non valid section,
+                # the start_section will be assigned to nil, thus making
+                # the detection of new section not possible, and throwing
+                # an error. To that end old values are kept safe.
+                #
+                # Assign new start index.
+                section_start = start
+                # Assign new end index.
+                element_stop = stop
 
-                section_close = section_start + 6 + element_stop
                 elements << capture(section, section_start, section_close, element_stop, overflow: capture_overflow)
                 section_start = section_close
               end

data/lib/contrast/agent/assess/rule/response/cache_control_header_rule.rb

@@ -70,7 +70,10 @@ module Contrast
             # @param response [Contrast::Agent::Response] the response of the application
             # @return [Array<Hash<String,String>]
             def cache_meta_tags response
-              html_elements(response.body&.split(HEAD_TAG)&.last, META_START_STR).
+              head_tag = response.body&.split(HEAD_TAG)&.last
+              return [] unless head_tag
+
+              html_elements(head_tag, META_START_STR, capture_overflow: false).
                   select { |tag| cache_control_tag?(tag[HTML_PROP]) }
             end
 

data/lib/contrast/agent/inventory/policy/datastores.rb

@@ -38,9 +38,6 @@ module Contrast
               context = Contrast::Agent::REQUEST_TRACKER.current
               return unless context&.activity
 
-              context.activity.query_count += 1
-              return unless context.activity.query_count == 1
-
               Contrast::Agent::Inventory::DatabaseConfig.append_db_config(context.activity)
             end
           end

data/lib/contrast/agent/reporting/reporting_events/application_activity.rb

@@ -16,16 +16,11 @@ module Contrast
         include Contrast::Agent::Reporting::ResponseType
         include Contrast::Components::Logger::InstanceMethods
 
-        # @return [Integer]
-        attr_accessor :query_count
-        # @return [Array]
-        attr_accessor :routes
         # @return [Contrast::Agent::Response]
         attr_accessor :response
 
+        # @param ia_request [Contrast::Agent::Request]
         def initialize ia_request: nil
-          @routes = []
-          @query_count = 0
           @event_method = :PUT
           @event_type = :application_activity
           @event_endpoint = Contrast::Agent::Reporting::Endpoints.application_activity
@@ -66,7 +61,7 @@ module Contrast
         # searching with rule_id and response_type
         #
         # @param rule_id [String] name of the protect rule
-        # @param response_type[Symbol<Contrast::Agent::Reporting::ResponseType]
+        # @param response_type[Symbol<Contrast::Agent::Reporting::ResponseType>]
         #  filter by response type
         # @return [Array<Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity>, nil]
         # return any matches.
@@ -99,9 +94,8 @@ module Contrast
           defend.attackers.map { |a| a.protection_rules.values }
         end
 
-        # This is primary used for attaching new data and merging existing
-        # samples per rule entry in attackers, and to make sure the attack
-        # time_map is updated correctly.
+        # This is primary used for attaching new data and merging existing samples and counts per rule entry in
+        # attackers.
         #
         # @param attack_result [Contrast::Agent::Reporting::AttackResult]
         def attach_defend attack_result

data/lib/contrast/agent/reporting/reporting_events/application_defend_activity.rb

@@ -55,6 +55,7 @@ module Contrast
 
         # Find an existing attacker if it matches on source details
         # @param new_attacker_activity [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity]
+        # @return [Contrast::Agent::Reporting::ApplicationDefendAttackerActivity, nil]
         def find_existing_attacker_activity new_attacker_activity
           attackers.find do |existing|
             existing.source_forwarded_for == new_attacker_activity.source_forwarded_for &&
@@ -67,30 +68,28 @@ module Contrast
         # @param rule [String]
         def attach_existing existing_attacker_activity, attacker_activity, rule
           new_violation = attacker_activity.protection_rules[rule]
+          return unless new_violation
+
           sample_activity = Contrast::Agent::Reporting::ApplicationDefendAttackSampleActivity
           if (previously_violated = existing_attacker_activity.protection_rules[rule])
-            if (new_blocked = new_violation.blocked)
+            if (new_blocked_samples = new_violation.blocked&.samples)&.any?
               previously_violated.blocked ||= sample_activity.new
-              previously_violated.blocked.samples.concat(new_blocked.samples) if new_blocked.samples
-              previously_violated.blocked.merge_time_maps(new_blocked.time_map)
+              previously_violated.blocked.samples.concat(new_blocked_samples)
             end
 
-            if (new_exploited = new_violation.exploited)
+            if (new_exploited_samples = new_violation.exploited&.samples)&.any?
               previously_violated.exploited ||= sample_activity.new
-              previously_violated.exploited.samples.concat(new_exploited.samples) if new_exploited.samples
-              previously_violated.exploited.merge_time_maps(new_exploited.time_map)
+              previously_violated.exploited.samples.concat(new_exploited_samples)
             end
 
-            if (new_ineffective = new_violation.ineffective)
+            if (new_ineffective_samples = new_violation.ineffective&.samples)&.any?
               previously_violated.ineffective ||= sample_activity.new
-              previously_violated.ineffective.samples.concat(new_ineffective.samples) if new_ineffective.samples
-              previously_violated.ineffective.merge_time_maps(new_ineffective.time_map)
+              previously_violated.ineffective.samples.concat(new_ineffective_samples)
             end
 
-            if (new_suspicious = new_violation.suspicious)
+            if (new_suspicious_samples = new_violation.suspicious&.samples)&.any?
               previously_violated.suspicious ||= sample_activity.new
-              previously_violated.suspicious.samples.concat(new_suspicious.samples) if new_suspicious.samples
-              previously_violated.suspicious.merge_time_maps(new_suspicious.time_map)
+              previously_violated.suspicious.samples.concat(new_suspicious_samples)
             end
           else
             existing_attacker_activity.protection_rules[rule] = new_violation

data/lib/contrast/agent/reporting/reporting_events/application_defend_attack_sample_activity.rb

@@ -13,21 +13,17 @@ module Contrast
       class ApplicationDefendAttackSampleActivity < Contrast::Agent::Reporting::ReportableHash
         # @return [Array<Contrast::Agent::Reporting::ApplicationDefendAttackSample>]
         attr_reader :samples
-        # @return [Hash<Integer,Integer>] map of time from start in seconds to number of attacks in that second
-        attr_reader :time_map
 
         def initialize
           @samples = []
-          @start_time = Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0 # in ms
+          @start_time = Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || Contrast::Utils::Timer.now_ms
           @event_type = :application_defend_attack_sample_activity
-          @time_map = Hash.new { |h, k| h[k] = 0 }
           super()
         end
 
         def to_controlled_hash
           validate
           {
-              attackTimeMap: time_map,
               samples: samples.map(&:to_controlled_hash),
               startTime: @start_time, # Start time in ms.
               total: 1 # there will only ever be 1 attack sample, until batching is done
@@ -41,32 +37,11 @@ module Contrast
         # @param attack_result [Contrast::Agent::Reporting::AttackResult]
         def attach_data attack_result
           attack_result.samples.each do |attack_sample|
-            base_time = Contrast::Agent::REQUEST_TRACKER.current&.timer&.start_ms || 0
-            sample_time = attack_sample.time_stamp.to_i
             samples << Contrast::Agent::Reporting::ApplicationDefendAttackSample.convert(attack_result, attack_sample)
-            @start_time = if sample_time.zero?
-                            @start_time
-                          else
-                            sample_time
-                          end
-            attack_second = (@start_time - base_time) / 1000 # in seconds
-            time_map[attack_second] += 1
-          end
-        end
-
-        # This method will merge time_maps of attack samples with same
-        # type.
-        #
-        # @param map [Hash<Integer,Integer>] TimeMap to append to previously_violated rule
-        # samples.
-        # @return time_map [Hash<Integer,Integer>] merged time map with updated occurrences.
-        def merge_time_maps map
-          # If the second is the same (key) if we just merge there won't be a new entry,
-          # so just increase the attack count.
-          map.each_key do |key|
-            @time_map[key] = @time_map.fetch(key, 0) + map[key]
+            # If somehow this sample was found before this container was created, change the time to reflect that
+            sample_time = attack_sample.time_stamp.to_i
+            @start_time = sample_time if sample_time < @start_time
           end
-          @time_map
         end
       end
     end

data/lib/contrast/agent/reporting/reporting_events/application_defend_attacker_activity.rb

@@ -28,8 +28,7 @@ module Contrast
         # saved request.
         def initialize ia_request: nil
           @protection_rules = {}
-          req = ia_request || Contrast::Agent::REQUEST_TRACKER.current&.request
-          if req
+          if (req = ia_request || Contrast::Agent::REQUEST_TRACKER.current&.request)
             @source_ip = req.ip || Contrast::Utils::ObjectShare::EMPTY_STRING
             @source_forwarded_for = req.headers['X-Forwarded-For']
           end

data/lib/contrast/agent/reporting/reporting_events/application_inventory_activity.rb

@@ -15,7 +15,7 @@ module Contrast
       class ApplicationInventoryActivity < Contrast::Agent::Reporting::ApplicationReportingEvent
         # return [Array<Contrast::Agent::Reporting::ArchitectureComponent>]
         attr_reader :components
-        # @ return [Array<String>, nil] - User-Agent Header value
+        # @ return [Array<String>] - User-Agent Header value
         attr_reader :browsers
 
         def initialize
@@ -34,7 +34,7 @@ module Contrast
         end
 
         # @param architectures [Array<Contrast::Agent::Reporting::ArchitectureComponent>,
-        # Contrast::Agent::Reporting::ArchitectureComponent]
+        #   Contrast::Agent::Reporting::ArchitectureComponent]
         def attach_data architectures
           Array(architectures).each do |architecture|
             @components << architecture

data/lib/contrast/agent/reporting/reporting_events/finding_request.rb

@@ -31,7 +31,7 @@ module Contrast
         attr_reader :uri
         # @return [String] the HTTP version of this request
         attr_reader :version
-        # @return [Integer]
+        # @return [String]
         attr_reader :ip
         # @return [String] Byte representation of the body
         attr_accessor :body_binary
@@ -40,7 +40,7 @@ module Contrast
 
         class << self
           # @param request [Contrast::Agent::Request]
-          # @return [Contrast::Agent::Reporting::FindingRequest]
+          # @return [Contrast::Agent::Reporting::FindingRequest, nil]
           def convert request
             return unless request
 

data/lib/contrast/agent/reporting/reporting_utilities/ng_response_extractor.rb

@@ -126,10 +126,23 @@ module Contrast
         # @param response_data [Hash]
         # @param res [Contrast::Agent::Reporting::Response]
         def ng_extract_log_settings response_data, res
-          return unless (log_level = response_data[:logLevel])
+          # agent_startup event defines the log level under features.
+          log_level = if response_data[:features]
+                        response_data[:features][:logLevel]
+                      else
+                        response_data[:logLevel]
+                      end
+          return unless log_level
 
           res.server_features.log_level = log_level
-          res.server_features.log_file = response_data[:logFile] if response_data[:logFile]
+          log_file = if response_data[:features]
+                       response_data[:features][:logFile]
+                     else
+                       response_data[:logFile]
+                     end
+          return unless log_file
+
+          res.server_features.log_file = log_file
         end
       end
     end

data/lib/contrast/agent/reporting/reporting_utilities/response.rb

@@ -87,8 +87,6 @@ module Contrast
               messages: messages,
               features: server_features.nil? ? nil : server_features.to_controlled_hash,
               settings: application_settings.nil? ? nil : application_settings.to_controlled_hash,
-              logLevel: server_features&.log_level,
-              logFile: server_features&.log_file,
               reactions: server_features.nil? ? nil : reactions.map(&:to_controlled_hash)
           }.compact
         end