lib/contrast/agent/middleware.rb in contrast-agent-6.9.0 vs lib/contrast/agent/middleware.rb in contrast-agent-6.10.0

@@ -12,20 +12,21 @@
 require 'contrast/utils/heap_dump_util'
 require 'contrast/utils/telemetry'
 require 'contrast/agent/request_handler'
 require 'contrast/agent/static_analysis'
 require 'contrast/agent/telemetry/events/startup_metrics_event'
+require 'contrast/agent/protect/input_analyzer/input_analyzer'
 require 'contrast/utils/middleware_utils'
 require 'contrast/utils/reporting/application_activity_batch_utils'
 require 'contrast/utils/timer'
 
 module Contrast
   module Agent
     # This class allows the Agent to plug into the Rack middleware stack. When the application is first started, we
     # initialize ourselves as a rack middleware inside of #initialize. Afterwards, we process each http request and
     # response as it goes through the middleware stack inside of #call.
-    class Middleware
+    class Middleware # rubocop:disable Metrics/ClassLength
       include Contrast::Components::Logger::InstanceMethods
       include Contrast::Components::Scope::InstanceMethods
       include Contrast::Utils::MiddlewareUtils
       include Contrast::Utils::Reporting::ApplicationActivityBatchUtils
 
@@ -169,15 +170,16 @@
       #    which is being triggered when there is a failure within the post-call with the agent
       def post_call_with_agent context, env, request_handler, response
         with_contrast_scope do
           context.extract_after(response) # update context with final response information
 
-          # Build and report all collected findings prior response
           Contrast::Agent::FINDINGS.report_collected_findings unless Contrast::Agent::FINDINGS.collection.empty?
           # All protect rules, which are trigger but require response to be reported
           Contrast::Agent::EXPLOITS.report_recorded_exploits(context) unless Contrast::Agent::EXPLOITS.collection.empty?
           # Process Worth Watching Inputs for v2 rules
           Contrast::Agent.worth_watching_analyzer&.add_to_queue(context.agent_input_analysis)
+          # Now we can build the ia_results only for postfilter rules.
+          context.protect_postfilter_ia
 
           if Contrast::Agent.framework_manager.streaming?(env)
             context.reset_activity
             request_handler.stream_safe_postfilter
           else