contrast-agent 7.5.0 → 7.6.0

data/lib/contrast/agent/assess/policy/propagator/match_data.rb

@@ -15,6 +15,13 @@ module Contrast
               # MatchData#match methods, since the last was introduced after
               # Ruby 3.1.0, but shares similar functionality, except it does not
               # support ranges.
+              #
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param ret [Object] the return value of the method.
+              # @param _block [Proc] the block passed to the method.
+              # @return [Object] the return value of the method.
               def square_bracket_tagger propagation_node, preshift, ret, _block
                 case ret
                 when Array
@@ -36,6 +43,14 @@ module Contrast
                 ret
               end
 
+              # Captures is a method that returns an array of MatchData objects.
+              #
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param ret [Object] the return value of the method.
+              # @param _block [Proc] the block passed to the method.
+              # @return [Object] the return value of the method.
               def captures_tagger propagation_node, preshift, ret, _block
                 return unless ret
 
@@ -52,6 +67,12 @@ module Contrast
                 ret
               end
 
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param ret [Object] the return value of the method.
+              # @param _block [Proc] the block passed to the method.
+              # @return [Object] the return value of the method.
               def to_a_tagger propagation_node, preshift, ret, _block
                 idx = 0
                 while idx < ret.length
@@ -65,6 +86,12 @@ module Contrast
                 ret
               end
 
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param ret [Object] the return value of the method.
+              # @param _block [Proc] the block passed to the method.
+              # @return [Object] the return value of the method.
               def values_at_tagger propagation_node, preshift, ret, _block
                 idx = 0
                 while idx < ret.length
@@ -81,6 +108,9 @@ module Contrast
 
               private
 
+              # @param preshift [Object] pre call state of the things.
+              # @param index [Integer] the index of the argument to retrieve.
+              # @return [Integer] the index of the argument to retrieve.
               def target_matchdata_index preshift, index
                 if preshift.args[0].is_a?(Range)
                   arg_range = preshift.args[0]
@@ -90,6 +120,14 @@ module Contrast
                 end
               end
 
+              # Handles the propagation of a single argument.
+              #
+              # @param argument_index [Integer] the index of the argument to retrieve.
+              # @param preshift [Object] pre call state of the things.
+              # @param return_value [Object] the return value of the method.
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @return [Object] the return value of the method.
               def square_bracket_single argument_index, preshift, return_value, propagation_node
                 original_start_index = preshift.object.begin(argument_index)
                 original_end_index = preshift.object.end(argument_index)

data/lib/contrast/agent/assess/policy/propagator/next.rb

@@ -14,6 +14,12 @@ module Contrast
             class << self
               # String has some silly methods like next. Basically, this flips a
               # character in a predictable manner
+              #
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param target [Object] the object to which the source is being appended
+              # @return [Object] the target with the tags applied
               def propagate propagation_node, preshift, target
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))
 

data/lib/contrast/agent/assess/policy/propagator/prepend.rb

@@ -13,6 +13,11 @@ module Contrast
             class << self
               # For the source, prepend its tags to the target. It's basically the
               # opposite of append. :-P
+              #
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param target [Object] the object to which the source is being appended
               def propagate propagation_node, preshift, target
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))
 

data/lib/contrast/agent/assess/policy/propagator/remove.rb

@@ -37,6 +37,10 @@ module Contrast
                 handle_removal(propagation_node, source, target)
               end
 
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param source [Object] the object to which the source is being appended
+              # @param target [Object] the object to which the source is being appended
               def handle_removal propagation_node, source, target
                 return unless source
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))

data/lib/contrast/agent/assess/policy/propagator/replace.rb

@@ -13,6 +13,11 @@ module Contrast
             class << self
               # Replace means we're replacing the target w/ the source. Anything
               # on the source should be passed to the target.
+              #
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param target [Object] the object to which the source is being appended
               def propagate propagation_node, preshift, target
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))
 

data/lib/contrast/agent/assess/policy/propagator/reverse.rb

@@ -12,6 +12,11 @@ module Contrast
           # overlapping tags.
           class Reverse < Contrast::Agent::Assess::Policy::Propagator::Base
             class << self
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param target [Object] the object to which the source is being appended
+              # @return [Object] the target with the tags applied
               def propagate propagation_node, preshift, target
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))
 

data/lib/contrast/agent/assess/policy/propagator/select.rb

@@ -13,6 +13,10 @@ module Contrast
           # a 'get it right' state soon.
           class Select
             class << self
+              # @param patcher [Contrast::Agent::Assess::Patcher] the patcher
+              # @param preshift [Object] pre call state of the things.
+              # @param ret [Object] the return value of the method.
+              # @param _block [Proc] the block passed to the method.
               def select_tagger patcher, preshift, ret, _block
                 source = preshift.object
                 args = preshift.args
@@ -42,6 +46,12 @@ module Contrast
 
               private
 
+              # Handles the integer case for select.
+              #
+              # @param args [Array] the arguments passed to the method
+              # @param arg [Object] the first argument passed to the method
+              # @param source [String] the source string
+              # @return [Range, nil] the range to select from the source string
               def handle_integer args, arg, source
                 length = args[1] || 1
                 # (void) negative range
@@ -49,11 +59,22 @@ module Contrast
                 arg...(arg + length)
               end
 
+              # Handles the string case for select.
+              #
+              # @param arg [String] the first argument passed to the method
+              # @param source [String] the source string
+              # @return [Range, nil] the range to select from the source string
               def handle_string arg, source
                 idx = source.index(arg)
                 idx...(idx + arg.length)
               end
 
+              # Handles the regexp case for select.
+              #
+              # @param args [Array] the arguments passed to the method
+              # @param arg [Regexp] the first argument passed to the method
+              # @param source [String] the source string
+              # @return [Range, nil] the range to select from the source string
               def handle_regexp args, arg, source
                 match_data = arg.match(source)
                 # nil has the same meaning as 0. use full match
@@ -61,6 +82,11 @@ module Contrast
                 match_data.begin(group)...match_data.end(group)
               end
 
+              # Handles the range case for select.
+              #
+              # @param arg [Range] the first argument passed to the method
+              # @param source [String] the source string
+              # @return [Range, nil] the range to select from the source string
               def handle_range arg, source
                 start = arg.begin
                 finish = arg.end
@@ -73,6 +99,10 @@ module Contrast
                 start...finish
               end
 
+              # Determines the range to select from the source string.
+              #
+              # @param source [Object] the source string
+              # @param args [Array] the arguments passed to the method
               def determine_select_range source, args
                 arg = args[0]
                 case arg

data/lib/contrast/agent/assess/policy/propagator/splat.rb

@@ -11,6 +11,11 @@ module Contrast
           # tags are unaffected beyond any merging of overlapping tags.
           class Splat < Contrast::Agent::Assess::Policy::Propagator::Base
             class << self
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param target [Object] the object to which the source is being appended
+              # @return [Object] the target with the tags applied
               def propagate propagation_node, preshift, target
                 tracked_inputs = []
 
@@ -28,6 +33,11 @@ module Contrast
                 Contrast::Agent::Assess::Tracker.properties(target)&.cleanup_tags
               end
 
+              # Handles the splatting of tags from the tracked inputs to the target.
+              #
+              # @param tracked_inputs [Array<String>] storage for the inputs to act on later
+              # @param target [Object] the object to which the source is being appended
+              # @return [Object] the target with the tags applied
               def splat_tags tracked_inputs, target
                 return if tracked_inputs.empty?
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))

data/lib/contrast/agent/assess/policy/source_node.rb

@@ -22,19 +22,23 @@ module Contrast
             @tags << SOURCE_TAG
           end
 
+          # @return [String]
           def node_class
             SOURCE
           end
 
           # This is confusing. Sources are Creation action but
           # Propagation type. Oh and also Type refers to input type,
-          # like parameter, so we have to call this node_type. :-/
+          # like parameter, so we have to call this node_type. :-/\
+          #
+          # @return [Symbol]
           def node_type
             :TYPE_PROPAGATION
           end
 
           # Standard validation + TS trace version two rules:
           # Must have source and type
+          #
           # @raise[ArgumentError] raises if any of the required fields is missing or invalid
           def validate
             super

data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb

@@ -16,6 +16,10 @@ module Contrast
             # ActionDispatch::Http::Headers to convert keys like `referer` to `HTTP_REFERER` before they get to the
             # Rack::Request#get_header method
             # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/rules/dataflow/reflected_xss.md
+            #
+            # @param tag [String] the tag to be applied.
+            # @param source_type [String] the type of the source.
+            # @param source_name [String] the name of the source.
             def self.valid? tag, source_type, source_name
               return true unless tag == 'CROSS_SITE'
               return false if source_type == Contrast::Agent::Assess::Policy::SourceMethod::HEADER_KEY_TYPE

data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb

@@ -24,6 +24,12 @@ module Contrast
               }.cs__freeze
               TEMPLATE_PROPAGATION_NODE = Contrast::Agent::Assess::Policy::PropagationNode.new(NODE_HASH)
 
+              # @param trigger_node [Contrast::Agent::Assess::Policy::MethodPolicy] the node that governs this
+              #  propagation event.
+              # @param _source [Object] the source of the propagation
+              # @param object [Object] the object to which the source is being appended
+              # @param args [Array] the arguments to the method
+              # @param ret [Object] the return value of the method
               def xss_tilt_trigger trigger_node, _source, object, ret, *args
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
 
@@ -63,6 +69,11 @@ module Contrast
 
               private
 
+              # @param scope [Object] the scope of the template
+              # @param erb_template_prerender [String] the template string
+              # @param properties [Contrast::Agent::Assess::Policy::Properties] the properties of the return value
+              # @param interpolated_inputs [Array<String>] the interpolated inputs
+              # @param ret [String] the return value of the method
               def handle_binding_variables scope, erb_template_prerender, ret, properties, interpolated_inputs
                 binding_variables = scope.instance_variables
 
@@ -81,6 +92,11 @@ module Contrast
                 end
               end
 
+              # @param args [Array<String>] the arguments to the method
+              # @param erb_template_prerender [String] the template string
+              # @param ret [String] the return value of the method
+              # @param properties [Contrast::Agent::Assess::Policy::Properties] the properties of the return value
+              # @param interpolated_inputs [Array<String>] the interpolated inputs
               def handle_local_variables args, erb_template_prerender, ret, properties, interpolated_inputs
                 locals = args[1]
                 locals.each do |local_name, local_value|

data/lib/contrast/agent/assess/policy/trigger/xpath.rb

@@ -15,12 +15,26 @@ module Contrast
           # a finding if so.
           class Xpath
             class << self
+              # @param trigger_node [Contrast::Agent::Assess::Policy::MethodPolicy] the node that governs this
+              # propagation event.
+              # @param _source [Object] the source of the propagation
+              # @param object [Object] the object to which the source is being appended
+              # @param args [Array<Object>] the arguments to the method
+              # @param ret [Object] the return value of the method
+              # @return [Object] the return value of the method
               def xpath_expression_trigger trigger_node, _source, object, ret, *args
                 return ret unless args
 
                 process(trigger_node, object, ret, *args)
               end
 
+              # @param trigger_node [Contrast::Agent::Assess::Policy::MethodPolicy] the node that governs this
+              # propagation event.
+              # @param _source [Object] the source of the propagation
+              # @param object [Object] the object to which the source is being appended
+              # @param args [Array<Object>] the arguments to the method
+              # @param ret [Object] the return value of the method
+              # @return [Object] the return value of the method
               def xpath_oga_trigger trigger_node, _source, object, ret, *args
                 return ret unless args
 
@@ -32,6 +46,11 @@ module Contrast
 
               private
 
+              # @param trigger_node [Contrast::Agent::Assess::Policy::MethodPolicy] the node that governs this
+              # propagation event.
+              # @param object [Object] the object to which the source is being appended
+              # @param ret [Object] the return value of the method
+              # @param args [Array<Object>] the arguments to the method
               def process trigger_node, object, ret, *args
                 args.each do |arg|
                   next unless arg.cs__is_a?(String) || arg.cs__is_a?(Symbol)

data/lib/contrast/agent/assess/policy/trigger_method.rb

@@ -178,6 +178,10 @@ module Contrast
               Contrast::SETTINGS.excluder.assess_excluded_by_url_and_rule?(rule_id)
             end
 
+            # Check if the finding should be excluded due to the assess exclusion rules.
+            #
+            # @param finding [Contrast::Agent::Reporting::Finding]
+            # @param rule_id [String]
             def excluded_by_input_and_rule? finding, rule_id
               return false unless Contrast::SETTINGS.excluder.exclusions.any?
               return unless Contrast::Agent::REQUEST_TRACKER.current
@@ -185,7 +189,9 @@ module Contrast
               Contrast::SETTINGS.excluder.assess_excluded_by_input_and_rule?(finding, rule_id)
             end
 
-            # Handles the Stored Xss rule. If a vector is stored in the database
+            # Handles the Stored Xss rule. If a vector is stored in the database.
+            #
+            # @param finding [Contrast::Agent::Reporting::Finding]
             def check_for_stored_xss finding
               return unless finding && finding.rule_id == 'reflected-xss'
 
@@ -200,6 +206,7 @@ module Contrast
               end
             end
 
+            # @param finding [Contrast::Agent::Reporting::Finding]
             def extract_dynamic_source_info finding
               return unless finding
 

data/lib/contrast/agent/assess/policy/trigger_node.rb

@@ -29,7 +29,16 @@ module Contrast
           # from the application. Some rules rely on Content-Type validation.
           COLLECTABLE_RULES = %w[reflected-xss].cs__freeze
 
-          attr_reader :rule_id, :required_tags, :disallowed_tags, :good_value, :bad_value
+          # @return [String]
+          attr_reader :rule_id
+          # @return [Array<String>]
+          attr_reader :required_tags
+          # @return [Array<String>]
+          attr_reader :disallowed_tags
+          # @return [Array<String>]
+          attr_reader :good_value
+          # @return [Array<String>]
+          attr_reader :bad_value
 
           ENCODER_START = 'CUSTOM_ENCODED_'
           # By default, any rule will be triggered if the source
@@ -46,6 +55,7 @@ module Contrast
           LIMITED_CHARS = 'LIMITED_CHARS'
           CUSTOM_ENCODED = 'CUSTOM_ENCODED'
           CUSTOM_VALIDATED = 'CUSTOM_VALIDATED'
+
           def initialize trigger_hash = {}, rule_hash = {}
             super(trigger_hash)
             good_value = trigger_hash[JSON_GOOD_VALUE]

data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb

@@ -16,6 +16,10 @@ module Contrast
             NEGATIVE_INFINITY = -POSITIVE_INFINITY
 
             class << self
+              # @param _patcher [Contrast::Agent::Patcher] the patcher instance
+              # @param object [Object] the object that was called
+              # @param _ret [Object] the return value of the method
+              # @param args [Array<Object>] the arguments passed to the method
               def valid? _patcher, object, _ret, args
                 # Can arrive here from either:
                 #   regexp =~ string

data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb

@@ -21,6 +21,12 @@ module Contrast
             # a valid URL in which the User controls a section prior to the
             # querystring
             # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/rules/dataflow/server_side_request_forgery.md
+            #
+            # @param patcher [Contrast::Agent::Patcher] the patcher instance
+            # @param _object [Object] the object that was called
+            # @param _ret [Object] the return value of the method
+            # @param args [Array<Object>] the arguments passed to the method
+            # @return [Boolean] true if the finding is valid, false otherwise
             def self.valid? patcher, _object, _ret, args
               return true if patcher.id.to_s.start_with?(PATH_ONLY_PATCH_MARKER)
 

data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb

@@ -16,6 +16,12 @@ module Contrast
             # A finding is valid for XSS if the response type is not one of
             # those assumed to be safe
             # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/rules/dataflow/reflected_xss.md
+            #
+            # @param patcher [Contrast::Agent::Patcher] the patcher instance
+            # @param _object [Object] the object that was called
+            # @param _ret [Object] the return value of the method
+            # @param args [Array<Object>] the arguments passed to the method
+            # @return [Boolean] true if the finding is valid, false otherwise
             def self.valid? _patcher, _object, _ret, _args
               content_type = Contrast::Agent::REQUEST_TRACKER.current&.response&.content_type
               return false unless content_type

data/lib/contrast/agent/hooks/at_exit_hook.rb

@@ -43,6 +43,7 @@ module Contrast
 
       def self.report_traces
         return unless Contrast::ASSESS.enabled?
+        return if ENV.fetch('CONTRAST__PIPELINE__RUN', nil) == 'true'
 
         collection = Contrast::Agent::Reporting::ReportingStorage.collection
 

data/lib/contrast/agent/reporting/reporting_utilities/audit.rb

@@ -24,7 +24,7 @@ module Contrast
         #
         # @param event [Contrast::Agent::Reporting::ReportingEvent] One of the DTMs valid for the
         #   event field of Contrast::Agent::Reporting::ReportingEvent
-        # @param response_data [Net::HTTP::Response]
+        # @param response_data [Net::HTTPResponse]
         def audit_event event, response_data = nil
           return unless ::Contrast::API.request_audit_requests || ::Contrast::API.request_audit_responses
 

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb

@@ -69,7 +69,7 @@ module Contrast
         # @param event [Contrast::Agent::Reporting::ReportingEvent] The event to send to TeamServer. Really a
         #   child of the ReportingEvent rather than a literal one.
         # @param connection [Net::HTTP] open connection
-        # @return response [Net::HTTP::Response, nil] response from TS if no response
+        # @return response [Net::HTTPResponse, nil] response from TS if no response
         def send_event event, connection
           return unless connection
           return unless event.valid?

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb

@@ -90,7 +90,7 @@ module Contrast
         # Handles response processing and sets status
         #
         # @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer.
-        # @param response [Net::HTTP::Response]
+        # @param response [Net::HTTPResponse]
         def process_settings_response response, event
           res = response_handler.process(response, event)
           if res

data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb

@@ -20,9 +20,9 @@ module Contrast
 
         # Process the response from TS
         #
-        # @param response [Net::HTTP::Response, nil]
+        # @param response [Net::HTTPResponse, nil]
         # @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer.
-        # @return response [Net::HTTP::Response, nil]
+        # @return response [Net::HTTPResponse, nil]
         def process response, event
           logger.debug('[Reporter] Received a response')
           return unless analyze_response?(response)
@@ -107,7 +107,7 @@ module Contrast
         # Handles the errors code received from TS and takes appropriate action.
         # If we are here the response.code is an error that needs handling [4XX]
         #
-        # @param response [Net::HTTP::Response]
+        # @param response [Net::HTTPResponse]
         def handle_error response
           case response&.code
           when ERROR_CODES[:message_not_sent]

data/lib/contrast/agent/reporting/reporting_utilities/response_handler_utils.rb

@@ -68,7 +68,7 @@ module Contrast
 
         # check if response code is valid before analyze it
         #
-        # @param response [Net::HTTP::Response, nil]
+        # @param response [Net::HTTPResponse, nil]
         # @return [Boolean]
         def analyze_response? response
           # Code descriptions:
@@ -118,7 +118,7 @@ module Contrast
           @_last_response_code = response_code
           return true if ANALYZE_WHEN.include?(response_code)
 
-          handle_error(response) if ERROR_CODES.value?(response_code)
+          handle_error(response) if ERROR_CODES.value?(response_code) && response&.body
           # There was error, so analyze the Error and nothing more.
           false
         end
@@ -126,7 +126,7 @@ module Contrast
         # Analyze the headers of the response code. They have information about the
         # retry timeout and some response bodies contains error messages.
         #
-        # @param response [String] the response code from Net::HTTPResponse, which is obnoxiousy a String, not an
+        # @param response [Net::HTTPResponse]
         # Integer
         # @param message [String] Message to log.
         # @param mode [Symbol, nil]
@@ -142,6 +142,8 @@ module Contrast
                           error_message: error_message || 'none',
                           auth_error: auth_error || 'none')
           end
+          return unless rejected_by_ts?(response)
+
           suspend_reporting(message, ready_after, error_message) if mode == @_mode.resending
           return unless mode == @_mode.disabled
 
@@ -152,7 +154,7 @@ module Contrast
 
         # Extract what we've received.
         #
-        # @param response [Net::HTTP::Response, nil]
+        # @param response [Net::HTTPResponse, nil]
         # @return [Array<String, Integer>] all collected error info.
         def extract_response_info response
           # Extract what we got from the response:
@@ -164,11 +166,21 @@ module Contrast
           [ready_after.to_i, error_message, auth_error]
         end
 
+        # We only want to shut down the agent if TeamServer actually told us to, not because of a network error
+        #
+        # @param [Net::HTTPResponse]
+        # @return Boolean
+        def rejected_by_ts? response
+          response_body = response&.body || Contrast::Utils::ObjectShare::EMPTY_STRING
+          response_data = Contrast::Utils::Json.parse(response_body, deep_symbolize: true)
+          response_data.key?(:success) && response_data[:success] == false
+        end
+
         # Extract Last-Modified header from ServerSettings response.
         # The new GET server settings endpoint have different payload.
         # Extract the last modify headers with last update form TS.
         #
-        # @param response [Net::HTTP::Response, nil]
+        # @param response [Net::HTTPResponse, nil]
         # @param event [Contrast::Agent::Reporting::ServerSettings,
         #               Contrast::Agent::Reporting::ApplicationSettings, nil]
         # @return last_modified[integer, nil] Time since last server update
@@ -250,7 +262,7 @@ module Contrast
         #
         # This method works to extract away these differences.
         #
-        # @param response [Net::HTTP::Response, nil]
+        # @param response [Net::HTTPResponse, nil]
         # @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer.
         # @return response [Contrast::Agent::Reporting::Response]
         def convert_response response, event

data/lib/contrast/agent/request/request_handler.rb

@@ -26,6 +26,7 @@ module Contrast
       #
       def report_observed_route
         return unless (reporter = Contrast::Agent.reporter)
+        return if Contrast::Agent::REQUEST_TRACKER.current&.response&.response_code == 404
 
         reporter.send_event(context.observed_route) if Contrast::ROUTES_SENT.sendable?(context.observed_route)
       end

data/lib/contrast/agent/version.rb

@@ -3,6 +3,6 @@
 
 module Contrast
   module Agent
-    VERSION = '7.5.0'
+    VERSION = '7.6.0'
   end
 end

data/lib/contrast/configuration.rb

@@ -124,7 +124,7 @@ module Contrast
 
     # @return [Contrast::Components::Assess::Interface]
     def assess
-      @assess ||= Contrast::Components::Assess::Interface.new # rubocop:disable Naming/MemoizedInstanceVariableName
+      @assess ||= Contrast::Components::Settings::Interface.new # rubocop:disable Naming/MemoizedInstanceVariableName
     end
 
     # @return [Contrast::Components::Inventory::Interface]

data/lib/contrast/utils/middleware_utils.rb

@@ -91,6 +91,15 @@ module Contrast
       rescue Contrast::SecurityException => e
         logger.trace('Security Exception raised during application lifecycle to prevent an attack', e)
         raise(e)
+      rescue StandardError => e
+        # If there is a routing error of this type, then we cannot find a method explicitly mapped to this route.
+        # In this case, we should report nothing.
+        if Contrast::Utils::ClassUtil.truly_defined?('ActionController::RoutingError') &&
+              e.is_a?(ActionController::RoutingError)
+
+          Contrast::Agent::REQUEST_TRACKER.current&.observed_route = nil
+        end
+        raise(e)
       end
     end
   end

data/lib/contrast/utils/routes_sent.rb

@@ -25,8 +25,9 @@ module Contrast
       # @param route [Contrast::Agent::Reporting::ObservedRoute] the route
       # @return [boolean]
       def sendable? route
-        return false if Contrast::Utils::DuckUtils.empty_duck?(route.signature)
-        return false if Contrast::Utils::DuckUtils.empty_duck?(route.url)
+        return false unless route
+        return false unless route.signature && !route.signature.blank?
+        return false unless route.url && !route.url.blank?
 
         route_hash = route.hash_id