UNPKG

@hclsoftware/secagent

Version:

IAST agent

99 lines (86 loc) 3.63 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
//IASTIGNORE /* * **************************************************** * Licensed Materials - Property of HCL. * (c) Copyright HCL Technologies Ltd. 2017, 2025. * Note to U.S. Government Users *Restricted Rights. * **************************************************** */ 'use strict' const EncodingUtils = require("../Utils/EncodingUtils"); const AppInfo = require("../AppInfo"); const Phase = require("./DastRequestData").Phase; const Distributor = require("../Distributor/Distributor"); const iastLogger = require("../Logger/IastLogger"); const DastHeaderParser = require("./DastHeaderParser") let exploreInfoForDast = null; class DastResponseGenerator { static generateJsonString(requestInfo) { const output = []; output.push(`"agentId":"${Distributor.getAgentId()}","appInfo":{${DastResponseGenerator.getAppInfoJsonString()}}`); if (requestInfo.hasDastRequestData()) { output.push(`,\"requestInfo\":{${this.getRequestInfoJsonString(requestInfo)}}`); } const jsonData = "{" + output.origJoin("") + "}"; iastLogger.eventLog.trace(`${DastHeaderParser.APPSCAN_HEADER_NAME_RESPONSE}: ${jsonData}`) const gzippedData = EncodingUtils.gzip(jsonData); const gzippedBase64 = EncodingUtils.encodeBase64(gzippedData); let urlEncodedHeader = EncodingUtils.encodeUrl(gzippedBase64); let maxHeaderLength= 0; if(requestInfo.hasDastRequestData()){ maxHeaderLength = requestInfo.dastRequestData.getMaxHeaderLength(); } return DastResponseGenerator.chunkData(urlEncodedHeader, maxHeaderLength); } static getAppInfoJsonString() { if (exploreInfoForDast == null){ let appInfoStr = AppInfo.getOlderFieldsJsonString(); appInfoStr += `"components": ${AppInfo.getComponentsJsonString()}`; exploreInfoForDast = appInfoStr; } return exploreInfoForDast; } static getRequestInfoJsonString(requestInfo) { let requestInfoJson = ""; const dastResponseData = requestInfo.dastResponseData; let sinkReportsJson = "[]"; if (requestInfo.dastRequestData.getPhase() === Phase.TEST) { sinkReportsJson = DastResponseGenerator.getSinkReportsJsonString(dastResponseData); } requestInfoJson = `\"sinkReports\":${sinkReportsJson},\"routeTemplate\":\"${requestInfo.dastResponseData.getRouteTemplate()}\"`; return requestInfoJson; } static getSinkReportsJsonString(dastResponseData) { let output = []; const sinkReportMap = dastResponseData.getSinkReports(); for (const sinkReport of sinkReportMap.values()) { const strReport = JSON.origStringify(sinkReport, function replacer(key, value) { if (key === "stackList") { return [...value].map(strStack => strStack.origSplit(',')); } return value; }, 2); output.push(strReport); } return "[" + output.join(",") + "]"; } static chunkData(data, chunkSize) { const chunks = []; if (chunkSize === 0) { chunks.push(data); }else { for (let i = 0; i < data.length; i += chunkSize) { const chunk = data.origSlice(i, i + chunkSize); chunks.push(chunk); } } return chunks; } } module.exports = DastResponseGenerator