@hclsoftware/secagent/src/AdditionalInfo.js

IAST agent

//IASTIGNORE

/*
 * ****************************************************
 * Licensed Materials - Property of HCL.
 * (c) Copyright HCL Technologies Ltd. 2017, 2025.
 * Note to U.S. Government Users *Restricted Rights.
 * ****************************************************
 */

'use strict'


const IastProperties = require("./Hooks/IastProperties");
const keys = Object.freeze({
    ISSUE_REASON: "Issue_reported_based_on_following_criteria",
    UNNECESSARY_RESPONSE_HEADER: "Unnecessary_response_header_name",
    PATH_TRAVERSAL_PARTIAL_CONTROL: "Path_traversal_partial_control",
    SINK_INFO: "Sink_info",
    VULNERABLE_CHARS: "Vulnerable_characters",
    EXPLOIT_EXAMPLE: "Exploit_example",
    K8S_POD_NAME: "Kubernetes_pod_name",
    IAST_TAG: "iast_tag",
    LIBRARY_NAME: "Library_name",
    LIBRARY_VERSION: "Library_version",
    VULNERABILITY: "Vulnerability",
    SANITIZED: "Sanitized",
    TELEMETRY_DATA: "Telemetry_data",
    MODIFICATIONS: "Modifications",
    K8S_SINK: "K8s_sink",
    DETECTED_APIS: "Detected_API",
})

function addAdditionalInfoToFlows(param, info, addAsArrayElement=false){
    if (param[IastProperties.property.TAINTED_DATA] !== undefined) {
        const flows = param[IastProperties.property.TAINTED_DATA].flows
        if (flows){
            for (let flow of flows){
                if (addAsArrayElement){
                    flow.addAdditionalInfoElementToArray(info)
                }
                else {
                    flow.addAdditionalInfo(info)
                }
            }
        }
    }
}

module.exports.keys = keys
module.exports.toString = toString
module.exports.addAdditionalInfoToFlows = addAdditionalInfoToFlows