@hclsoftware/secagent/src/IastDast/DastRequestData.js

IAST agent

//IASTIGNORE

/*
 * ****************************************************
 * Licensed Materials - Property of HCL.
 * (c) Copyright HCL Technologies Ltd. 2017, 2025.
 * Note to U.S. Government Users *Restricted Rights.
 * ****************************************************
 */


'use strict'

const phase = Object.freeze({EXPLORE: 1, TEST: 2})

class DastRequestData {

    constructor(phase, entity, attackInfo, maxHeaderLengthKb) {
        this.phase = phase;
        this.entity = entity;
        this.attackInfo = attackInfo;
        this.maxHeaderLength = maxHeaderLengthKb * 1024;
    }

    getEntity()
    {
        return this.entity;
    }

    getAttackInfo()
    {
        return this.attackInfo;
    }

    getPhase()
    {
        return this.phase;
    }

    getMaxHeaderLength()
    {
        return this.maxHeaderLength;
    }

    isTestPhase()
    {
        return this.phase === phase.TEST;
    }

    // check if Dast is looking for the same vulnerability as the one that was found by IAST
    iastVulnerabilityMatchesDastAttack(vulnerability)
    {
        // if attackInfo is missing we still want to add the info to the response (not matter the vulnerability type)
        return this.attackInfo == null || this.attackInfo.isRelevantVulnerability(vulnerability);
    }

    // check if DAST entity is the same as the flow entity (name and type) that IAST found
    iastEntityMatchesDastEntity(iastEntity)
    {
        return iastEntity != null && iastEntity.name === this.entity.name && iastEntity.type === this.entity.type;
    }
}

module.exports.Phase = phase;
module.exports.DastRequestData = DastRequestData;