contrast-agent 7.3.2 → 7.4.0

data/lib/contrast/config/diagnostics/singleton_tools.rb

@@ -0,0 +1,170 @@
+# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+module Contrast
+  module Config
+    module Diagnostics
+      # Tools to help with the config diagnostics, called directly from the module.
+      module SingletonTools
+        API_CREDENTIALS = %w[api_key service_key].cs__freeze
+        CONTRAST_MARK = 'CONTRAST_'
+
+        # Creates new config instances for each read config entry from the flat generated configs.
+        #
+        # @param flats [Array] of flatten configs produced by #flatten_settings
+        # @param source [Boolean] flag to set the desired value class, it may be a effective or source value.
+        # @param cli [Boolean] flag to check if the value comes from cli.
+        # @return [Array<Contrast::Config::Diagnostics::SourceConfigValue>]
+        def to_config_values flats, source: false, cli: false
+          config_value_klass = if source
+                                 Contrast::Config::Diagnostics::SourceConfigValue
+                               else
+                                 Contrast::Config::Diagnostics::EffectiveConfigValue
+                               end
+          settings = []
+          flats.each do |entry|
+            entry.each do |key, value|
+              efc_value = config_value_klass.new.tap do |config_value|
+                config_value.canonical_name = key
+                if cli && key.to_s.include?(CONTRAST_MARK)
+                  config_value.canonical_name = key.gsub(Contrast::Utils::ObjectShare::DOUBLE_UNDERSCORE,
+                                                         Contrast::Utils::ObjectShare::PERIOD).downcase
+                end
+                config_value.key = key
+                config_value.value = if API_CREDENTIALS.include?(key.to_s)
+                                       Contrast::Configuration::EFFECTIVE_REDACTED
+                                     else
+                                       value_to_s(value)
+                                     end
+              end
+              next unless efc_value
+
+              settings << efc_value
+            end
+          end
+          settings
+        end
+
+        # Flattens out the read settings from file, env or contrast ui.
+        # example: {"agent.polling.server_settings_ms"=>"50000"}
+        #
+        # If cli is set we avoid adding the path and additional '.' to the key.
+        #
+        #  @param data [Hash, nil]
+        #  @param path  [String] where to look for settings.
+        #  @param config [Hash] symbolized config to fetch keys from.
+        #  @param cli [Boolean] does the config come from cli.
+        def flatten_settings data, path = [], config: Contrast::CONFIG.config.loaded_config, cli: false
+          return [] unless data
+
+          data.each_with_object([]) do |(k, v), entries|
+            if v.cs__is_a?(Hash)
+              entries.concat(flatten_settings(v, path.dup.append(k.to_sym)))
+            else
+              if API_CREDENTIALS.include?(k.to_s)
+                entries << { k.to_s => Contrast::Configuration::EFFECTIVE_REDACTED } if cli
+                entries << { "#{ path.join('.') }.#{ k }" => Contrast::Configuration::EFFECTIVE_REDACTED } unless cli
+                next
+              end
+              entries << { k.to_s => value_to_s(config.dig(*path, k)) } if cli
+              entries << { "#{ path.join('.') }.#{ k }" => value_to_s(config.dig(*path, k)) } unless cli
+            end
+          end.flatten # rubocop:disable Style/MethodCalledOnDoEndBlock
+        end
+
+        # Update the stored config values to ensure that we know about the correct values,
+        # and that the sources are correct for entries updated from the UI.
+        #
+        # @param parts [Array<Symbols>, String] the path to the setting in config
+        #   Accepts Array: [:agent :enable] or String: 'agent.enable'
+        # @param value [String, Integer, Array, nil] the value for the configuration setting
+        # @param source_type [String] the source of the configuration setting
+        def update_config parts, value, source_type
+          parts_array, string = handle_parts_array(parts)
+          path = string ? parts : parts_array.join('.')
+          return unless parts_array
+
+          # Check to see whether the source has been overridden by local settings,
+          # Before updating from Contrast UI.
+          if source_type == Contrast::Components::Config::Sources::CONTRAST_UI &&
+                Contrast::CONFIG.sources.source_overridden?(path)
+
+            return
+          end
+
+          level = Contrast::CONFIG.config.loaded_config
+          parts_array[0...-1]&.each do |segment|
+            level[segment] ||= {}
+            level = level[segment]
+          end
+          return unless level.cs__is_a?(Hash)
+
+          level[parts_array[-1]] = value
+          Contrast::CONFIG.sources.set(path, source_type)
+        end
+
+        # Recursively converts each value to string.
+        #
+        # @param value [Hash, nil]
+        def value_to_s value
+          case value
+          when String
+            if Contrast::Utils::DuckUtils.empty_duck?(value)
+              Contrast::Config::Diagnostics::SourceConfigValue::NULL
+            else
+              value
+            end
+          when Array
+            handle_array_to_s(value)
+          when Hash
+            handle_hash_to_s(value)
+          when TrueClass, FalseClass, Symbol, Integer
+            value.to_s
+          else
+            Contrast::Config::Diagnostics::SourceConfigValue::NULL
+          end
+        end
+
+        private
+
+        # Checks the type of path and converts it to array.
+        # If the path is string it splits it by '.' and converts each element to symbol.
+        #
+        # @param parts [Array<Symbols>, String] the path to the setting in config
+        # @return [Array<Symbols>, String]
+        def handle_parts_array parts
+          string = false
+          arr = if parts.cs__is_a?(String)
+                  string = true
+                  parts.split('.')&.map&.each(&:to_sym)
+                else
+                  parts
+                end
+          [arr, string]
+        end
+
+        # @param hash [Hash]
+        # @return [Hash]
+        def handle_hash_to_s hash
+          hash&.each_with_object({}) do |(k, v), m| # rubocop:disable Style/HashTransformValues
+            m[k] = if v.cs__is_a?(Hash)
+                     value_to_s(v)
+                   elsif v.cs__is_a?(Array)
+                     v.map(&:to_s)
+                   else
+                     v.to_s
+                   end
+          end
+        end
+
+        # @param array [Array]
+        # @return [String]
+        def handle_array_to_s array
+          return Contrast::Config::Diagnostics::SourceConfigValue::NULL if Contrast::Utils::DuckUtils.empty_duck?(array)
+
+          array.join(',')
+        end
+      end
+    end
+  end
+end

data/lib/contrast/config/diagnostics/source_config_value.rb

@@ -1,11 +1,16 @@
 # Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
 # frozen_string_literal: true
 
+require 'contrast/utils/object_share'
+require 'contrast/utils/duck_utils'
+
 module Contrast
   module Config
     module Diagnostics
       # All config values from all sources, stored in a easy to write representation.
       class SourceConfigValue
+        NULL = 'null'
+
         # @return [String] Name of the config starting form root of yaml config.
         attr_accessor :canonical_name
         # @return [String] Name of the config.
@@ -20,23 +25,23 @@ module Contrast
         def to_controlled_hash
           {
               canonical_name: canonical_name,
-              name: key,
-              value: value.cs__is_a?(Array) ? value.map(&:to_s) : value.to_s,
-              source: source,
-              filename: filename
-          }.compact
+              name: key || Contrast::Utils::ObjectShare::EMPTY_STRING,
+              value: Contrast::Config::Diagnostics::Tools.value_to_s(value),
+              source: source || Contrast::Utils::ObjectShare::EMPTY_STRING,
+              filename: filename || Contrast::Utils::ObjectShare::EMPTY_STRING
+          }
         end
 
         def to_source_hash
           {
               canonical_name: canonical_name,
-              name: key,
-              value: value.cs__is_a?(Array) ? value.map(&:to_s) : value.to_s
-          }.compact
+              name: key || Contrast::Utils::ObjectShare::EMPTY_STRING,
+              value: Contrast::Config::Diagnostics::Tools.value_to_s(value)
+          }
         end
 
         # Assigns file name of the config iv viable, Currently supported formats for config file are *.yaml
-        # and *.yml
+        # and *.yml. For the config loaded from file the filename is kept as source.
         #
         # @param source [String] name of the source file yaml | yml
         # @return [Array<String>, nil]

data/lib/contrast/config/diagnostics/tools.rb

@@ -3,6 +3,7 @@
 
 require 'contrast/utils/object_share'
 require 'contrast/config/diagnostics/effective_config_value'
+require 'contrast/config/diagnostics/singleton_tools'
 require 'contrast/utils/duck_utils'
 
 module Contrast
@@ -11,79 +12,11 @@ module Contrast
       # Diagnostics tools to be included in config components.
       module Tools
         CHECK = 'd'
-        CONTRAST_MARK = 'CONTRAST_'
-        class << self
-          # Creates new config instances for each read config entry from the flat generated configs.
-          #
-          # @param flats [Array] of flatten configs produced by #flatten_settings
-          # @param source [Boolean] flag to set the desired value class, it may be a effective or source value.
-          # @param cli [Boolean] flag to check if the value comes from cli.
-          # @return [Array<Contrast::Config::Diagnostics::SourceConfigValue>]
-          def to_config_values flats, source: false, cli: false
-            config_value_klass = if source
-                                   Contrast::Config::Diagnostics::SourceConfigValue
-                                 else
-                                   Contrast::Config::Diagnostics::EffectiveConfigValue
-                                 end
-            settings = []
-            flats.each do |entry|
-              entry.each do |key, value|
-                efc_value = config_value_klass.new.tap do |config_value|
-                  config_value.canonical_name = Contrast::Utils::ObjectShare::CONTRAST_DOT + key unless cli
-                  if cli && key.to_s.include?(CONTRAST_MARK)
-                    config_value.canonical_name = key.gsub(Contrast::Utils::ObjectShare::DOUBLE_UNDERSCORE,
-                                                           Contrast::Utils::ObjectShare::PERIOD).downcase
-                  end
-                  config_value.key = key
-                  config_value.value = value_to_s(value)
-                end
-                settings << efc_value if efc_value
-              end
-            end
-            settings
-          end
-
-          # Flattens out the read settings from file, env or contrast ui.
-          # example: {"agent.polling.server_settings_ms"=>"50000"}
-          #
-          # If cli is set we avoid adding the path and additional '.' to the key.
-          #
-          #  @param data [Hash, nil]
-          #  @param path  [String] where to look for settings.
-          #  @param config [Hash] symbolized config to fetch keys from.
-          #  @param cli [Boolean] does the config come from cli.
-          def flatten_settings data, path = [], config: Contrast::CONFIG.config.loaded_config, cli: false
-            return [] unless data
-
-            data.each_with_object([]) do |(k, v), entries|
-              if v.cs__is_a?(Hash)
-                entries.concat(flatten_settings(v, path.dup.append(k.to_sym)))
-              else
-                entries << { k.to_s => config.dig(*path, k).to_s } if cli
-                entries << { "#{ path.join('.') }.#{ k }" => config.dig(*path, k).to_s } unless cli
-              end
-            end.flatten # rubocop:disable Style/MethodCalledOnDoEndBlock
-          end
 
-          # Recursively converts each value to string.
-          #
-          # @param value [Hash, nil]
-          def value_to_s value
-            return if value.nil?
-            return value if value.cs__is_a?(String)
-
-            value&.each_with_object({}) do |(k, v), m| # rubocop:disable Style/HashTransformValues
-              m[k] = if v.cs__is_a?(Hash)
-                       value_to_s(v)
-                     elsif v.cs__is_a?(Array)
-                       v.map(&:to_s)
-                     else
-                       v.to_s
-                     end
-            end
-          end
-        end
+        extend Contrast::Config::Diagnostics::SingletonTools
 
+        # TODO: RUBY-2113 deprecate name_prefix
+        #
         # Converts current configuration from array of values to effective config values class and appends them to
         # EffectiveConfig class. Must be used inside Config Components only.
         #
@@ -91,13 +24,15 @@ module Contrast
         # @param config_values [] array of the names of values.
         # @param canonical_prefix [String] starting of the path to config => api.proxy...
         # @param name_prefix [String] the name of the config prefix => contrast.api_key, contrast.url
-        def add_effective_config_values effective_config, config_values, canonical_prefix, name_prefix
+        def add_effective_config_values(effective_config,
+                                        config_values,
+                                        canonical_prefix,
+                                        name_prefix = canonical_prefix)
           return if config_values.to_s.empty?
 
           config_values.each do |config_value_name|
             Contrast::Config::Diagnostics::EffectiveConfigValue.new.tap do |new_effective_value|
-              next if Contrast::Utils::DuckUtils.empty_duck?((config_value = send(config_value_name.to_sym)))
-
+              config_value = send(config_value_name.to_sym)
               fill_effective_value(new_effective_value, config_value, config_value_name, canonical_prefix, name_prefix)
               effective_config.values << new_effective_value
             rescue StandardError => e
@@ -107,6 +42,8 @@ module Contrast
           end
         end
 
+        # TODO: RUBY-2113 deprecate name_prefix
+        #
         # Converts current configuration from single value to effective config values class and appends them to
         # EffectiveConfig class. Must be used inside Config Components only.
         #
@@ -115,10 +52,12 @@ module Contrast
         # @param config_value [String, Boolean] value of the config.
         # @param canonical_prefix [String] starting of the path to config => api.proxy...
         # @param name_prefix [String] the name of the config prefix => contrast.api_key, contrast.url
-        def add_single_effective_value effective_config, config_name, config_value, canonical_prefix, name_prefix
+        def add_single_effective_value(effective_config,
+                                       config_name,
+                                       config_value,
+                                       canonical_prefix,
+                                       name_prefix = canonical_prefix)
           Contrast::Config::Diagnostics::EffectiveConfigValue.new.tap do |new_effective_value|
-            break if Contrast::Utils::DuckUtils.empty_duck?(config_value)
-
             fill_effective_value(new_effective_value, config_value, config_name, canonical_prefix, name_prefix)
             effective_config.values << new_effective_value
           rescue StandardError => e
@@ -139,7 +78,11 @@ module Contrast
         # @return filled_new_effective_config [Contrast::Config::Diagnostics::EffectiveConfigValue]
         def fill_effective_value new_effective_value, config_value, config_value_name, canonical_prefix, name_prefix
           find_source(new_effective_value, canonical_prefix, assign_name(config_value_name), name_prefix)
-          new_effective_value.value = config_value
+          if Contrast::Config::Diagnostics::SingletonTools::API_CREDENTIALS.include?(config_value_name.to_s)
+            new_effective_value.value = Contrast::Configuration::EFFECTIVE_REDACTED
+            return new_effective_value
+          end
+          new_effective_value.value = config_value.cs__is_a?(Array) ? config_value.join(',') : config_value.to_s
           new_effective_value
         end
 
@@ -174,14 +117,10 @@ module Contrast
           # For files we keep the whole path as source.
           source = Contrast::CONFIG.sources.get(new_effective_value.canonical_name)
           new_effective_value.assign_filename(source)
-          new_source = if source.include?(Contrast::Config::LocalSourceValue::YAML_EXT) ||
-                source.include?(Contrast::Config::LocalSourceValue::YML_EXT)
-
+          new_source = if Contrast::CONFIG.sources.configuration_file_source?(new_effective_value.canonical_name)
                          Contrast::Components::Config::Sources::APP_CONFIGURATION_FILE
-                       else
-                         Contrast::Components::Config::Sources::DEFAULT_VALUE
                        end
-          new_effective_value.source = new_source
+          new_effective_value.source = new_source || source
           new_effective_value
         end
 

data/lib/contrast/config/request_audit_configuration.rb

@@ -50,7 +50,7 @@ module Contrast
       #
       # @param effective_config [Contrast::Config::Diagnostics::EffectiveConfig]
       def to_effective_config effective_config
-        add_effective_config_values(effective_config, CONFIG_VALUES, CANON_NAME, "#{ CONTRAST }.#{ CANON_NAME }")
+        add_effective_config_values(effective_config, CONFIG_VALUES, CANON_NAME)
       end
     end
   end

data/lib/contrast/config/server_configuration.rb

@@ -54,21 +54,9 @@ module Contrast
       # @param effective_config [Contrast::Config::Diagnostics::EffectiveConfig]
       def to_effective_config effective_config
         super
-        add_single_effective_value(effective_config,
-                                   'type',
-                                   Contrast::APP_CONTEXT.server_type,
-                                   CANON_NAME,
-                                   "#{ CONTRAST }.#{ CANON_NAME }")
-        add_single_effective_value(effective_config,
-                                   'name',
-                                   Contrast::APP_CONTEXT.server_name,
-                                   CANON_NAME,
-                                   "#{ CONTRAST }.#{ CANON_NAME }")
-        add_single_effective_value(effective_config,
-                                   'path',
-                                   Contrast::APP_CONTEXT.server_path,
-                                   CANON_NAME,
-                                   "#{ CONTRAST }.#{ CANON_NAME }")
+        add_single_effective_value(effective_config, 'type', Contrast::APP_CONTEXT.server_type, CANON_NAME)
+        add_single_effective_value(effective_config, 'name', Contrast::APP_CONTEXT.server_name, CANON_NAME)
+        add_single_effective_value(effective_config, 'path', Contrast::APP_CONTEXT.server_path, CANON_NAME)
       end
     end
   end

data/lib/contrast/configuration.rb

@@ -63,6 +63,7 @@ module Contrast
     CONFIG_BASE_PATHS = %w[./ config/ /etc/contrast/ruby/ /etc/contrast/ /etc/].cs__freeze
     KEYS_TO_REDACT = %i[api_key url service_key user_name].cs__freeze
     REDACTED = '**REDACTED**'
+    EFFECTIVE_REDACTED = '****'
 
     DEPRECATED_PROPERTIES = %w[
       CONTRAST__AGENT__SERVICE__ENABLE CONTRAST__AGENT__SERVICE__LOGGER__LEVEL
@@ -146,8 +147,10 @@ module Contrast
 
         paths = []
         # Environment paths takes precedence here. Look first through them.
-        paths << ENV['CONTRAST_CONFIG_PATH']     if ENV['CONTRAST_CONFIG_PATH']
-        paths << ENV['CONTRAST_SECURITY_CONFIG'] if ENV['CONTRAST_SECURITY_CONFIG']
+        config_path = ENV.fetch('CONTRAST_CONFIG_PATH', nil)
+        security_path = ENV.fetch('CONTRAST_SECURITY_CONFIG', nil)
+        paths << config_path if config_path
+        paths << security_path if security_path
 
         extensions.each do |ext|
           places = CONFIG_BASE_PATHS.product(["#{ basename }.#{ ext }"])

data/lib/contrast/framework/manager.rb

@@ -29,6 +29,7 @@ module Contrast
       ].cs__freeze
 
       def initialize
+        @_frameworks = []
         return if Contrast::AGENT.disabled? || Contrast::Utils::JobServersRunning.job_servers_running?
 
         @_frameworks = SUPPORTED_FRAMEWORKS.map do |framework_klass|
@@ -90,9 +91,7 @@ module Contrast
       #   this particular Request
       # @return [::Rack::Request] either a rack request or subclass thereof.
       def retrieve_request env
-        if Contrast::Utils::DuckUtils.empty_duck?(@_frameworks)
-          return Contrast::Framework::Rack::Support.retrieve_request(env)
-        end
+        return Contrast::Framework::Rack::Support.retrieve_request(env) if @_frameworks.empty?
 
         framework = @_frameworks[0]
 
@@ -115,6 +114,8 @@ module Contrast
       # @return [Boolean] true if at least one framework is streaming the response; false if none are streaming
       def streaming? env
         result = false
+        return result if @_frameworks.empty?
+
         @_frameworks.each do |framework|
           result = framework.streaming?(env)
           break if result

data/lib/contrast/framework/manager_extend.rb

@@ -29,7 +29,7 @@ module Contrast
       # @param method_name [Symbol] the method to call on each FrameworkSupport class
       # @return [Array]
       def data_for_all_frameworks method_name
-        @_frameworks.flat_map { |framework| framework.send(method_name) }.
+        @_frameworks&.flat_map { |framework| framework.send(method_name) }&.
             compact
       end
 
@@ -39,6 +39,8 @@ module Contrast
       # @return [Object] - Determined by method to be invoked
       def first_framework_result method_name, default_value
         result = nil
+        return default_value if @_frameworks.empty?
+
         @_frameworks.each do |framework|
           result = framework.send(method_name)
           break if result

data/lib/contrast/framework/rack/support.rb

@@ -3,6 +3,7 @@
 
 require 'contrast/framework/base_support'
 require 'contrast/framework/rack/patch/support'
+require 'contrast/utils/duck_utils'
 
 module Contrast
   module Framework
@@ -10,6 +11,9 @@ module Contrast
       # Used when Rack is present to define framework specific behavior. For
       # now, the only part of this implemented is the Patch Support.
       module Support
+        RACK_REQUEST_PATH = 'REQUEST_PATH'
+        RACK_SERVER_NAME = 'SERVER_NAME'
+
         extend Contrast::Framework::BaseSupport
         extend Contrast::Framework::Rack::Patch::Support
         class << self
@@ -74,8 +78,13 @@ module Contrast
           def current_route_coverage request, _controller = nil, full_route = nil
             method = request.env[::Rack::REQUEST_METHOD] # GET, PUT, POST, etc...
 
-            full_route ||= request.env[::Rack::PATH_INFO]
-            return unless full_route && method
+            full_route ||= request.env.fetch(::Rack::PATH_INFO, nil)
+            full_route = request.env.fetch(RACK_REQUEST_PATH, nil) if Contrast::Utils::DuckUtils.empty_duck?(full_route)
+            return unless method
+
+            # If we are here and have method but the route is "" we might be expecting the home page.
+            full_route = '/' if Contrast::Utils::DuckUtils.empty_duck?(full_route) &&
+                request.env.fetch(RACK_SERVER_NAME, nil)
 
             route_coverage = Contrast::Agent::Reporting::RouteCoverage.new
             # We might not have controller, or even if there is defined one, it could not bare the name of the

data/lib/contrast/utils/log_utils.rb

@@ -12,7 +12,7 @@ module Contrast
     # Method utility used by Contrast::Logger::log
     module LogUtils
       DEFAULT_NAME     = 'contrast.log'
-      DEFAULT_LEVEL    = ::Ougai::Logging::Severity::INFO
+      DEFAULT_LEVEL    = 'INFO'
       VALID_LEVELS     = ::Ougai::Logging::Severity::SEV_LABEL
       STDOUT_STR       = 'STDOUT'
       STDERR_STR       = 'STDERR'

data/lib/contrast/utils/request_utils.rb

@@ -12,7 +12,7 @@ module Contrast
       NUM_PATTERN = %r{/\d+/}.cs__freeze
       END_PATTERN = %r{/\d+$}.cs__freeze
       STATIC_SUFFIXES = /\.(?:js|css|jpeg|jpg|gif|png|ico|woff|svg|pdf|eot|ttf|jar)$/i.cs__freeze
-      UUID_PATTERN = Regexp.new('[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}').cs__freeze # rubocop:disable Metrics/LineLength
+      UUID_PATTERN = Regexp.new('[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}').cs__freeze # rubocop:disable Layout/LineLength
       # Regular expression to match any type of hash pattern that is 16 bytes like uuid with no
       # slashes, md5, sha1, sha256, etc
       HASH_PATTERN = Regexp.new('([a-fA-F0-9]{2}){16,}').cs__freeze

data/lib/contrast/utils/timer.rb

@@ -29,7 +29,7 @@ module Contrast
       #
       # @return[String]
       def self.time_now
-        Time.now.utc.iso8601(7)
+        Time.now.utc.iso8601(2)
       end
 
       # Converts time given in ms format form TS to HttpDate.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: contrast-agent
 version: !ruby/object:Gem::Version
-  version: 7.3.2
+  version: 7.4.0
 platform: ruby
 authors:
 - galen.palmer@contrastsecurity.com
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-08-09 00:00:00.000000000 Z
+date: 2023-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -1058,6 +1058,7 @@ files:
 - lib/contrast/agent/protect/rule/xss/xss.rb
 - lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb
 - lib/contrast/agent/protect/rule/xxe/xxe.rb
+- lib/contrast/agent/protect/state.rb
 - lib/contrast/agent/reactions/disable_reaction.rb
 - lib/contrast/agent/reporting/attack_result/attack_result.rb
 - lib/contrast/agent/reporting/attack_result/rasp_rule_sample.rb
@@ -1253,6 +1254,7 @@ files:
 - lib/contrast/config/diagnostics/effective_config_value.rb
 - lib/contrast/config/diagnostics/environment_variables.rb
 - lib/contrast/config/diagnostics/monitor.rb
+- lib/contrast/config/diagnostics/singleton_tools.rb
 - lib/contrast/config/diagnostics/source_config_value.rb
 - lib/contrast/config/diagnostics/tools.rb
 - lib/contrast/config/diagnostics/user_configuration_file.rb