contrast-agent 7.5.0 → 7.6.1

data/lib/contrast/agent/assess/policy/propagator/match_data.rb

@@ -15,6 +15,13 @@ module Contrast
               # MatchData#match methods, since the last was introduced after
               # Ruby 3.1.0, but shares similar functionality, except it does not
               # support ranges.
+              #
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param ret [Object] the return value of the method.
+              # @param _block [Proc] the block passed to the method.
+              # @return [Object] the return value of the method.
               def square_bracket_tagger propagation_node, preshift, ret, _block
                 case ret
                 when Array
@@ -36,6 +43,14 @@ module Contrast
                 ret
               end
 
+              # Captures is a method that returns an array of MatchData objects.
+              #
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param ret [Object] the return value of the method.
+              # @param _block [Proc] the block passed to the method.
+              # @return [Object] the return value of the method.
               def captures_tagger propagation_node, preshift, ret, _block
                 return unless ret
 
@@ -52,6 +67,12 @@ module Contrast
                 ret
               end
 
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param ret [Object] the return value of the method.
+              # @param _block [Proc] the block passed to the method.
+              # @return [Object] the return value of the method.
               def to_a_tagger propagation_node, preshift, ret, _block
                 idx = 0
                 while idx < ret.length
@@ -65,6 +86,12 @@ module Contrast
                 ret
               end
 
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param ret [Object] the return value of the method.
+              # @param _block [Proc] the block passed to the method.
+              # @return [Object] the return value of the method.
               def values_at_tagger propagation_node, preshift, ret, _block
                 idx = 0
                 while idx < ret.length
@@ -81,6 +108,9 @@ module Contrast
 
               private
 
+              # @param preshift [Object] pre call state of the things.
+              # @param index [Integer] the index of the argument to retrieve.
+              # @return [Integer] the index of the argument to retrieve.
               def target_matchdata_index preshift, index
                 if preshift.args[0].is_a?(Range)
                   arg_range = preshift.args[0]
@@ -90,6 +120,14 @@ module Contrast
                 end
               end
 
+              # Handles the propagation of a single argument.
+              #
+              # @param argument_index [Integer] the index of the argument to retrieve.
+              # @param preshift [Object] pre call state of the things.
+              # @param return_value [Object] the return value of the method.
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @return [Object] the return value of the method.
               def square_bracket_single argument_index, preshift, return_value, propagation_node
                 original_start_index = preshift.object.begin(argument_index)
                 original_end_index = preshift.object.end(argument_index)

data/lib/contrast/agent/assess/policy/propagator/next.rb

@@ -14,6 +14,12 @@ module Contrast
             class << self
               # String has some silly methods like next. Basically, this flips a
               # character in a predictable manner
+              #
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param target [Object] the object to which the source is being appended
+              # @return [Object] the target with the tags applied
               def propagate propagation_node, preshift, target
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))
 

data/lib/contrast/agent/assess/policy/propagator/prepend.rb

@@ -13,6 +13,11 @@ module Contrast
             class << self
               # For the source, prepend its tags to the target. It's basically the
               # opposite of append. :-P
+              #
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param target [Object] the object to which the source is being appended
               def propagate propagation_node, preshift, target
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))
 

data/lib/contrast/agent/assess/policy/propagator/remove.rb

@@ -37,6 +37,10 @@ module Contrast
                 handle_removal(propagation_node, source, target)
               end
 
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param source [Object] the object to which the source is being appended
+              # @param target [Object] the object to which the source is being appended
               def handle_removal propagation_node, source, target
                 return unless source
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))

data/lib/contrast/agent/assess/policy/propagator/replace.rb

@@ -13,6 +13,11 @@ module Contrast
             class << self
               # Replace means we're replacing the target w/ the source. Anything
               # on the source should be passed to the target.
+              #
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param target [Object] the object to which the source is being appended
               def propagate propagation_node, preshift, target
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))
 

data/lib/contrast/agent/assess/policy/propagator/reverse.rb

@@ -12,6 +12,11 @@ module Contrast
           # overlapping tags.
           class Reverse < Contrast::Agent::Assess::Policy::Propagator::Base
             class << self
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param target [Object] the object to which the source is being appended
+              # @return [Object] the target with the tags applied
               def propagate propagation_node, preshift, target
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))
 

data/lib/contrast/agent/assess/policy/propagator/select.rb

@@ -13,6 +13,10 @@ module Contrast
           # a 'get it right' state soon.
           class Select
             class << self
+              # @param patcher [Contrast::Agent::Assess::Patcher] the patcher
+              # @param preshift [Object] pre call state of the things.
+              # @param ret [Object] the return value of the method.
+              # @param _block [Proc] the block passed to the method.
               def select_tagger patcher, preshift, ret, _block
                 source = preshift.object
                 args = preshift.args
@@ -42,6 +46,12 @@ module Contrast
 
               private
 
+              # Handles the integer case for select.
+              #
+              # @param args [Array] the arguments passed to the method
+              # @param arg [Object] the first argument passed to the method
+              # @param source [String] the source string
+              # @return [Range, nil] the range to select from the source string
               def handle_integer args, arg, source
                 length = args[1] || 1
                 # (void) negative range
@@ -49,11 +59,22 @@ module Contrast
                 arg...(arg + length)
               end
 
+              # Handles the string case for select.
+              #
+              # @param arg [String] the first argument passed to the method
+              # @param source [String] the source string
+              # @return [Range, nil] the range to select from the source string
               def handle_string arg, source
                 idx = source.index(arg)
                 idx...(idx + arg.length)
               end
 
+              # Handles the regexp case for select.
+              #
+              # @param args [Array] the arguments passed to the method
+              # @param arg [Regexp] the first argument passed to the method
+              # @param source [String] the source string
+              # @return [Range, nil] the range to select from the source string
               def handle_regexp args, arg, source
                 match_data = arg.match(source)
                 # nil has the same meaning as 0. use full match
@@ -61,6 +82,11 @@ module Contrast
                 match_data.begin(group)...match_data.end(group)
               end
 
+              # Handles the range case for select.
+              #
+              # @param arg [Range] the first argument passed to the method
+              # @param source [String] the source string
+              # @return [Range, nil] the range to select from the source string
               def handle_range arg, source
                 start = arg.begin
                 finish = arg.end
@@ -73,6 +99,10 @@ module Contrast
                 start...finish
               end
 
+              # Determines the range to select from the source string.
+              #
+              # @param source [Object] the source string
+              # @param args [Array] the arguments passed to the method
               def determine_select_range source, args
                 arg = args[0]
                 case arg

data/lib/contrast/agent/assess/policy/propagator/splat.rb

@@ -11,6 +11,11 @@ module Contrast
           # tags are unaffected beyond any merging of overlapping tags.
           class Splat < Contrast::Agent::Assess::Policy::Propagator::Base
             class << self
+              # @param propagation_node [Contrast::Agent::Assess::Policy::PropagationNode] the node responsible for the
+              # propagation action required by this method.
+              # @param preshift [Object] pre call state of the things.
+              # @param target [Object] the object to which the source is being appended
+              # @return [Object] the target with the tags applied
               def propagate propagation_node, preshift, target
                 tracked_inputs = []
 
@@ -28,6 +33,11 @@ module Contrast
                 Contrast::Agent::Assess::Tracker.properties(target)&.cleanup_tags
               end
 
+              # Handles the splatting of tags from the tracked inputs to the target.
+              #
+              # @param tracked_inputs [Array<String>] storage for the inputs to act on later
+              # @param target [Object] the object to which the source is being appended
+              # @return [Object] the target with the tags applied
               def splat_tags tracked_inputs, target
                 return if tracked_inputs.empty?
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(target))

data/lib/contrast/agent/assess/policy/source_node.rb

@@ -22,19 +22,23 @@ module Contrast
             @tags << SOURCE_TAG
           end
 
+          # @return [String]
           def node_class
             SOURCE
           end
 
           # This is confusing. Sources are Creation action but
           # Propagation type. Oh and also Type refers to input type,
-          # like parameter, so we have to call this node_type. :-/
+          # like parameter, so we have to call this node_type. :-/\
+          #
+          # @return [Symbol]
           def node_type
             :TYPE_PROPAGATION
           end
 
           # Standard validation + TS trace version two rules:
           # Must have source and type
+          #
           # @raise[ArgumentError] raises if any of the required fields is missing or invalid
           def validate
             super

data/lib/contrast/agent/assess/policy/source_validation/cross_site_validator.rb

@@ -16,6 +16,10 @@ module Contrast
             # ActionDispatch::Http::Headers to convert keys like `referer` to `HTTP_REFERER` before they get to the
             # Rack::Request#get_header method
             # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/rules/dataflow/reflected_xss.md
+            #
+            # @param tag [String] the tag to be applied.
+            # @param source_type [String] the type of the source.
+            # @param source_name [String] the name of the source.
             def self.valid? tag, source_type, source_name
               return true unless tag == 'CROSS_SITE'
               return false if source_type == Contrast::Agent::Assess::Policy::SourceMethod::HEADER_KEY_TYPE

data/lib/contrast/agent/assess/policy/trigger/reflected_xss.rb

@@ -24,6 +24,12 @@ module Contrast
               }.cs__freeze
               TEMPLATE_PROPAGATION_NODE = Contrast::Agent::Assess::Policy::PropagationNode.new(NODE_HASH)
 
+              # @param trigger_node [Contrast::Agent::Assess::Policy::MethodPolicy] the node that governs this
+              #  propagation event.
+              # @param _source [Object] the source of the propagation
+              # @param object [Object] the object to which the source is being appended
+              # @param args [Array] the arguments to the method
+              # @param ret [Object] the return value of the method
               def xss_tilt_trigger trigger_node, _source, object, ret, *args
                 return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))
 
@@ -63,6 +69,11 @@ module Contrast
 
               private
 
+              # @param scope [Object] the scope of the template
+              # @param erb_template_prerender [String] the template string
+              # @param properties [Contrast::Agent::Assess::Policy::Properties] the properties of the return value
+              # @param interpolated_inputs [Array<String>] the interpolated inputs
+              # @param ret [String] the return value of the method
               def handle_binding_variables scope, erb_template_prerender, ret, properties, interpolated_inputs
                 binding_variables = scope.instance_variables
 
@@ -81,6 +92,11 @@ module Contrast
                 end
               end
 
+              # @param args [Array<String>] the arguments to the method
+              # @param erb_template_prerender [String] the template string
+              # @param ret [String] the return value of the method
+              # @param properties [Contrast::Agent::Assess::Policy::Properties] the properties of the return value
+              # @param interpolated_inputs [Array<String>] the interpolated inputs
               def handle_local_variables args, erb_template_prerender, ret, properties, interpolated_inputs
                 locals = args[1]
                 locals.each do |local_name, local_value|

data/lib/contrast/agent/assess/policy/trigger/xpath.rb

@@ -15,12 +15,26 @@ module Contrast
           # a finding if so.
           class Xpath
             class << self
+              # @param trigger_node [Contrast::Agent::Assess::Policy::MethodPolicy] the node that governs this
+              # propagation event.
+              # @param _source [Object] the source of the propagation
+              # @param object [Object] the object to which the source is being appended
+              # @param args [Array<Object>] the arguments to the method
+              # @param ret [Object] the return value of the method
+              # @return [Object] the return value of the method
               def xpath_expression_trigger trigger_node, _source, object, ret, *args
                 return ret unless args
 
                 process(trigger_node, object, ret, *args)
               end
 
+              # @param trigger_node [Contrast::Agent::Assess::Policy::MethodPolicy] the node that governs this
+              # propagation event.
+              # @param _source [Object] the source of the propagation
+              # @param object [Object] the object to which the source is being appended
+              # @param args [Array<Object>] the arguments to the method
+              # @param ret [Object] the return value of the method
+              # @return [Object] the return value of the method
               def xpath_oga_trigger trigger_node, _source, object, ret, *args
                 return ret unless args
 
@@ -32,6 +46,11 @@ module Contrast
 
               private
 
+              # @param trigger_node [Contrast::Agent::Assess::Policy::MethodPolicy] the node that governs this
+              # propagation event.
+              # @param object [Object] the object to which the source is being appended
+              # @param ret [Object] the return value of the method
+              # @param args [Array<Object>] the arguments to the method
               def process trigger_node, object, ret, *args
                 args.each do |arg|
                   next unless arg.cs__is_a?(String) || arg.cs__is_a?(Symbol)

data/lib/contrast/agent/assess/policy/trigger_method.rb

@@ -178,6 +178,10 @@ module Contrast
               Contrast::SETTINGS.excluder.assess_excluded_by_url_and_rule?(rule_id)
             end
 
+            # Check if the finding should be excluded due to the assess exclusion rules.
+            #
+            # @param finding [Contrast::Agent::Reporting::Finding]
+            # @param rule_id [String]
             def excluded_by_input_and_rule? finding, rule_id
               return false unless Contrast::SETTINGS.excluder.exclusions.any?
               return unless Contrast::Agent::REQUEST_TRACKER.current
@@ -185,7 +189,9 @@ module Contrast
               Contrast::SETTINGS.excluder.assess_excluded_by_input_and_rule?(finding, rule_id)
             end
 
-            # Handles the Stored Xss rule. If a vector is stored in the database
+            # Handles the Stored Xss rule. If a vector is stored in the database.
+            #
+            # @param finding [Contrast::Agent::Reporting::Finding]
             def check_for_stored_xss finding
               return unless finding && finding.rule_id == 'reflected-xss'
 
@@ -200,6 +206,7 @@ module Contrast
               end
             end
 
+            # @param finding [Contrast::Agent::Reporting::Finding]
             def extract_dynamic_source_info finding
               return unless finding
 

data/lib/contrast/agent/assess/policy/trigger_node.rb

@@ -29,7 +29,16 @@ module Contrast
           # from the application. Some rules rely on Content-Type validation.
           COLLECTABLE_RULES = %w[reflected-xss].cs__freeze
 
-          attr_reader :rule_id, :required_tags, :disallowed_tags, :good_value, :bad_value
+          # @return [String]
+          attr_reader :rule_id
+          # @return [Array<String>]
+          attr_reader :required_tags
+          # @return [Array<String>]
+          attr_reader :disallowed_tags
+          # @return [Array<String>]
+          attr_reader :good_value
+          # @return [Array<String>]
+          attr_reader :bad_value
 
           ENCODER_START = 'CUSTOM_ENCODED_'
           # By default, any rule will be triggered if the source
@@ -46,6 +55,7 @@ module Contrast
           LIMITED_CHARS = 'LIMITED_CHARS'
           CUSTOM_ENCODED = 'CUSTOM_ENCODED'
           CUSTOM_VALIDATED = 'CUSTOM_VALIDATED'
+
           def initialize trigger_hash = {}, rule_hash = {}
             super(trigger_hash)
             good_value = trigger_hash[JSON_GOOD_VALUE]

data/lib/contrast/agent/assess/policy/trigger_validation/redos_validator.rb

@@ -16,6 +16,10 @@ module Contrast
             NEGATIVE_INFINITY = -POSITIVE_INFINITY
 
             class << self
+              # @param _patcher [Contrast::Agent::Patcher] the patcher instance
+              # @param object [Object] the object that was called
+              # @param _ret [Object] the return value of the method
+              # @param args [Array<Object>] the arguments passed to the method
               def valid? _patcher, object, _ret, args
                 # Can arrive here from either:
                 #   regexp =~ string

data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb

@@ -21,6 +21,12 @@ module Contrast
             # a valid URL in which the User controls a section prior to the
             # querystring
             # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/rules/dataflow/server_side_request_forgery.md
+            #
+            # @param patcher [Contrast::Agent::Patcher] the patcher instance
+            # @param _object [Object] the object that was called
+            # @param _ret [Object] the return value of the method
+            # @param args [Array<Object>] the arguments passed to the method
+            # @return [Boolean] true if the finding is valid, false otherwise
             def self.valid? patcher, _object, _ret, args
               return true if patcher.id.to_s.start_with?(PATH_ONLY_PATCH_MARKER)
 

data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb

@@ -16,6 +16,12 @@ module Contrast
             # A finding is valid for XSS if the response type is not one of
             # those assumed to be safe
             # https://bitbucket.org/contrastsecurity/assess-specifications/src/master/rules/dataflow/reflected_xss.md
+            #
+            # @param patcher [Contrast::Agent::Patcher] the patcher instance
+            # @param _object [Object] the object that was called
+            # @param _ret [Object] the return value of the method
+            # @param args [Array<Object>] the arguments passed to the method
+            # @return [Boolean] true if the finding is valid, false otherwise
             def self.valid? _patcher, _object, _ret, _args
               content_type = Contrast::Agent::REQUEST_TRACKER.current&.response&.content_type
               return false unless content_type

data/lib/contrast/agent/assess/rule/response/base_rule.rb

@@ -73,7 +73,8 @@ module Contrast
               finding.routes << context.discovered_route if context&.discovered_route
               build_evidence(evidence, finding)
               finding.request = Contrast::Agent::Reporting::FindingRequest.convert(context.request) if context&.request
-              hash = Contrast::Utils::HashDigest.generate_config_hash(finding)
+              # Hash must be built last so that finding has full context.
+              hash = Contrast::Utils::HashDigest.generate_response_hash(finding, context&.request)
               finding.hash_code = Contrast::Utils::StringUtils.force_utf8(hash)
               finding
             end

data/lib/contrast/agent/hooks/at_exit_hook.rb

@@ -43,6 +43,7 @@ module Contrast
 
       def self.report_traces
         return unless Contrast::ASSESS.enabled?
+        return if ENV.fetch('CONTRAST__PIPELINE__RUN', nil) == 'true'
 
         collection = Contrast::Agent::Reporting::ReportingStorage.collection
 

data/lib/contrast/agent/reporting/reporting_utilities/audit.rb

@@ -24,7 +24,7 @@ module Contrast
         #
         # @param event [Contrast::Agent::Reporting::ReportingEvent] One of the DTMs valid for the
         #   event field of Contrast::Agent::Reporting::ReportingEvent
-        # @param response_data [Net::HTTP::Response]
+        # @param response_data [Net::HTTPResponse]
         def audit_event event, response_data = nil
           return unless ::Contrast::API.request_audit_requests || ::Contrast::API.request_audit_responses
 

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client.rb

@@ -69,21 +69,46 @@ module Contrast
         # @param event [Contrast::Agent::Reporting::ReportingEvent] The event to send to TeamServer. Really a
         #   child of the ReportingEvent rather than a literal one.
         # @param connection [Net::HTTP] open connection
-        # @return response [Net::HTTP::Response, nil] response from TS if no response
         def send_event event, connection
           return unless connection
           return unless event.valid?
 
           logger.debug('[Reporter] Preparing to send reporting event', event_class: event.cs__class)
           request = build_request(event)
-          response = connection.request(request)
+          begin
+            response = connection.request(request)
+          rescue StandardError => e
+            handle_response_error(event, connection, e)
+            return
+          end
           audit.audit_event(event, response) if ::Contrast::API.request_audit_enable
-          process_settings_response(response, event)
-          process_preflight_response(event, response, connection)
-          report_configuration(response, event)
+          process_event_response(event, response, connection)
           response
         rescue StandardError => e
-          handle_response_error(event, connection, e)
+          logger.error('[Reporter] Error while processing event sent to TeamServer',
+                       error: e,
+                       event_type: event&.cs__class)
+        end
+
+        # Only two types of events require processing when returned from TeamServer; preflight and settings.
+        # For Settings, we want to update internally and then report the resulting configuration.
+        # For preflight, we want to process the response and send findings if requested.
+        #
+        # @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer
+        # @param response [Net::HTTPResponse] the response from TeamServer
+        # @param connection [Net::HTTP] open connection
+        def process_event_response event, response, connection
+          case event
+          when Contrast::Agent::Reporting::Preflight
+            process_preflight_response(event, response, connection)
+          when Contrast::Agent::Reporting::AgentStartup,
+            Contrast::Agent::Reporting::ApplicationStartup,
+            Contrast::Agent::Reporting::ApplicationSettings,
+            Contrast::Agent::Reporting::ServerSettings
+
+            process_settings_response(response, event)
+            report_configuration(response, event)
+          end
         end
 
         # Write effective config to file:
@@ -91,7 +116,7 @@ module Contrast
         # 200 or 304. In case of 304 there will be no new settings and we can write current ones.
         # This is done on every settings request.
         #
-        # @param response [Contrast::Agent::Reporting::Response, nil]
+        # @param response [Net::HTTPResponse, nil]
         # @param event [Contrast::Agent::Reporting::ReportingEvent]
         def report_configuration response, event
           return unless response
@@ -109,14 +134,17 @@ module Contrast
           logger.error('[Reporter] Error while reporting configuration', error: e, event_type: event&.cs__class)
         end
 
+        # @return [Contrast::Agent::Reporting::ConnectionStatus]
         def status
           @_status ||= Contrast::Agent::Reporting::ConnectionStatus.new
         end
 
+        # @return [Contrast::Agent::Reporting::ResponseHandler]
         def response_handler
           @_response_handler ||= Contrast::Agent::Reporting::ResponseHandler.new
         end
 
+        # @return [Contrast::Config::Diagnostics::Monitor]
         def diagnostics
           @_diagnostics ||= Contrast::Config::Diagnostics::Monitor.new(Contrast::LOGGER.path)
         end

data/lib/contrast/agent/reporting/reporting_utilities/reporter_client_utils.rb

@@ -90,7 +90,8 @@ module Contrast
         # Handles response processing and sets status
         #
         # @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer.
-        # @param response [Net::HTTP::Response]
+        # @param response [Net::HTTPResponse]
+        # @return [Contrast::Agent::Reporting::Response]
         def process_settings_response response, event
           res = response_handler.process(response, event)
           if res
@@ -115,7 +116,6 @@ module Contrast
           return unless response&.body && connection
 
           findings_to_return = response.body.split(',').delete_if { |el| el.include?('*') }
-          mode.resend.reset_rescue_attempts
           findings_to_return.each do |index|
             preflight_message = event.messages[index.to_i]
             preflight_data = preflight_message&.data
@@ -127,6 +127,12 @@ module Contrast
 
             send_event(corresponding_finding, connection)
           end
+
+          # Event rejected traces should be removed from the set.
+          # We could clean this up to know if the message was already deleted by the loop above.
+          event.messages&.each do |preflight_message|
+            Contrast::Agent::Reporting::ReportingStorage.delete(preflight_message&.data)
+          end
         rescue StandardError => e
           logger.error('[Reporter] Unable to handle preflight response', e)
         end

data/lib/contrast/agent/reporting/reporting_utilities/reporting_storage.rb

@@ -44,12 +44,7 @@ module Contrast
           def delete key
             return unless key
 
-            logger.debug('Starting deleting value for', key: key)
-
-            deleted_value = collection.delete(key)
-            logger.debug('Key wasn\'t found') unless deleted_value
-
-            deleted_value
+            collection.delete(key)
           end
 
           # @param rule_id [String] the rule_id

data/lib/contrast/agent/reporting/reporting_utilities/response_handler.rb

@@ -20,11 +20,12 @@ module Contrast
 
         # Process the response from TS
         #
-        # @param response [Net::HTTP::Response, nil]
+        # @param response [Net::HTTPResponse, nil]
         # @param event [Contrast::Agent::Reporting::ReportingEvent] The event sent to TeamServer.
-        # @return response [Net::HTTP::Response, nil]
+        # @return response [Net::HTTPResponse, nil]
         def process response, event
           logger.debug('[Reporter] Received a response')
+          return if event&.cs__is_a?(Contrast::Agent::Reporting::Finding)
           return unless analyze_response?(response)
 
           # Handle the response body and obtain server_features or app_settings
@@ -107,7 +108,7 @@ module Contrast
         # Handles the errors code received from TS and takes appropriate action.
         # If we are here the response.code is an error that needs handling [4XX]
         #
-        # @param response [Net::HTTP::Response]
+        # @param response [Net::HTTPResponse]
         def handle_error response
           case response&.code
           when ERROR_CODES[:message_not_sent]