UNPKG

@hclsoftware/secagent

Version:

IAST agent

83 lines (67 loc) 2.98 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
//IASTIGNORE /* * **************************************************** * Licensed Materials - Property of HCL. * (c) Copyright HCL Technologies Ltd. 2017, 2025. * Note to U.S. Government Users *Restricted Rights. * **************************************************** */ 'use strict' const Vulnerability = require("../../Vulnerability") const Utils = require("../../Utils/Utils"); const {ConfigInfo} = require("../../ConfigFile/ConfigInfo"); const textType = new Map([ [Vulnerability.XSS, "html"], [Vulnerability.COMMAND_INJECTION_BASH, "bash-command"], [Vulnerability.COMMAND_INJECTION_CMD, "cmd-command"], [Vulnerability.COMMAND_INJECTION_POWERSHELL, "powershell-command"], [Vulnerability.PATH_TRAVERSAL, "file-path"], [Vulnerability.SQL_INJECTION, "sql-query"] ]) const sinkType = new Map([ [Vulnerability.XSS, "an xss"], [Vulnerability.COMMAND_INJECTION_BASH, "a command-injection"], [Vulnerability.COMMAND_INJECTION_CMD, "a command-injection"], [Vulnerability.COMMAND_INJECTION_POWERSHELL, "a command-injection"], [Vulnerability.PATH_TRAVERSAL, "a path-traversal"], [Vulnerability.SQL_INJECTION, "an sql-injection"] ]) class SinkInfoStringGenerator { constructor(sinkTaskInfo) { this.sinkInfo = sinkTaskInfo } generateAdditionalInfo(){ if (!this.sinkInfo.hasSinkInfo){ return null } const strVulnerability = sinkType.get(this.sinkInfo.vulnerability) const contextTypesAsStr = this.listToString(this.sinkInfo.contextTypes) const currentTextType = textType.get(this.sinkInfo.vulnerability) return this.getComposedText(strVulnerability, contextTypesAsStr, currentTextType) } listToString(lst){ return "[" + lst.origJoin(", ") + "]" } getExploitExample(entity) { const exploit = this.sinkInfo.exploitExample // in some cases the exploit is hard coded string. if size is less than 4, it is a sample character, we append the entity if (exploit.length < 4 && entity.value != null) { let entityValue = entity.value if (ConfigInfo.ConfigInfo.hidePasswords && SessionTracker.isPasswordName(entity.name)){ entityValue = Utils.PASSWORD_TEXT } return [entityValue, exploit, entityValue].origJoin('') } return exploit } getVulnerableCharsAsString() { return this.listToString(this.sinkInfo.exploits) } getComposedText(vulnerability, contextListAsStr, textType) { const info = []; info.push("IAST has tracked unsanitized user input that has reached ", vulnerability, " sink. ", "IAST detected the user input in context of ", contextListAsStr, " inside ", textType, ".") return info.origJoin('') } } module.exports.SinkInfoStringGenerator = SinkInfoStringGenerator