@hclsoftware/secagent/src/RequestRules/RequestRule.js

IAST agent

//IASTIGNORE
/*
 * ****************************************************
 * Licensed Materials - Property of HCL.
 * (c) Copyright HCL Technologies Ltd. 2017, 2025.
 * Note to U.S. Government Users *Restricted Rights.
 * ****************************************************
 */

const Entity = require('../Entity')
const TaintTracker = require('../TaintTracker')
const AdditionalInfo = require("../AdditionalInfo");

const AdditionalInfoKey = AdditionalInfo.keys.ISSUE_REASON
let rules = []

module.exports.createInstances = () => {
  const PasswordLeakage = require('./PasswordLeakage')
  const InsecureLogin = require('./InsecureLogin')
  const Csrf = require('./Csrf')

  rules = [new PasswordLeakage(), new InsecureLogin(), new Csrf()]
}

module.exports.reportVulnerabilities = (requestInfo, responseText) => {
  rules.forEach( (rule) => {
    let additionalInfo = {}
    additionalInfo[AdditionalInfoKey] = ""
    if (rule.isVulnerable(requestInfo, responseText, additionalInfo)) {
      rule.reportVulnerability(requestInfo, additionalInfo)
    }
  }
)
}

class RequestRule {
  constructor (v, reportPerRequest) {
    this.vulnerability = v
    this.reportPerRequest = reportPerRequest
    this.entity = new Entity.Entity('', '', Entity.EntityType.NO_TYPE)
  }

  reportVulnerability (requestInfo, additionalInfo) {
    TaintTracker.reportStackLessVulnerability(this.vulnerability, null, '', null, null, this.reportPerRequest, this.entity, requestInfo, additionalInfo)
  }

  setEntity (entity) {
    this.entity = entity
  }
}
module.exports.RequestRule = RequestRule
module.exports.AdditionalInfoKey = AdditionalInfoKey