@hclsoftware/secagent/src/Rules/BeforeRules/ArgObjectsToStringRule.js

IAST agent

//IASTIGNORE

/*
 * ****************************************************
 * Licensed Materials - Property of HCL.
 * (c) Copyright HCL Technologies Ltd. 2017, 2025.
 * Note to U.S. Government Users *Restricted Rights.
 * ****************************************************
 */

const ConvertArgsRule = require('./ConvertArgsRule')
const TaintTracker = require('../../TaintTracker')
/**
 * Converts the object elements to string.
 * @class ArgObjectsToStringRule
 * @extends ConvertArgsRule
 * @see ConvertArgsRule
 */
module.exports = class ArgObjectsToStringRule extends ConvertArgsRule {

    /**
     * Used in doRule of ConvertArgsRule class
     * @param input
     * @returns {*|string|String}
     */
    convert(input) {
        return this.objectElementsToString(input)
    }

    additionalChecks(input) {
        return TaintTracker.ObjectHasTaintedData(input)
    }


    objectElementsToString(obj, memoization) {
        memoization = memoization || new Set()
        if (memoization.has(obj)) return obj
        memoization.add(obj)
        if (obj == null || typeof obj === 'string' || typeof obj === 'function' || Buffer.isBuffer(obj)) {
            return obj
        }
        if (obj instanceof String) {
            if(TaintTracker.hasTaintedData(obj)) {
                return obj.toString()
            }
            return obj
        }
        const jsonString = JSON.origStringify(obj)
        if (jsonString == null){
            return obj
        }
        let shallowCopyObj = JSON.origParse(jsonString)
        for (const property of Object.getOwnPropertyNames(obj)) {
            shallowCopyObj[property] = this.objectElementsToString(obj[property], memoization)
        }
        return shallowCopyObj
    }
}