UNPKG

@hclsoftware/secagent

Version:

IAST agent

46 lines (43 loc) 1.75 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
//IASTIGNORE /* * **************************************************** * Licensed Materials - Property of HCL. * (c) Copyright HCL Technologies Ltd. 2017, 2025. * Note to U.S. Government Users *Restricted Rights. * **************************************************** */ const HookRule = require('./HookRule') const TaintTracker = require('../../TaintTracker') /** * To propagate taint from source to certain target's properties only that are mentioned in the hookObj. * @class PropagatorToPropertiesRule * @extends HookRule * @see HookRule * @Example * rules: [{ * optional: true, * type: HookType.PROPAGATOR_TO_PROPERTIES, * from: '0', * targetProperties: ['message', 'stack'] * }] * 'message', 'stack' are the properties that the hook would propagate taint to ... * @see PropagatorRule */ class PropagatorToPropertiesRule extends HookRule { doHook(hookValues) { const source = HookRule.getActualParam(this.data.from, hookValues, this.data.optional) if (TaintTracker.isObjectTainted(source)) { for (const propertyName of this.data.targetProperties) { if (typeof hookValues.ret[propertyName] === 'string') { // noinspection JSPrimitiveTypeWrapperUsage hookValues.ret[propertyName] = new String(hookValues.ret[propertyName]) } if (typeof hookValues.ret[propertyName] === 'object') { TaintTracker.propagateTaint(source, hookValues.ret[propertyName], hookValues.simpleThat, '[[Get]]', propertyName, hookValues.simpleRet) } } } } } module.exports = PropagatorToPropertiesRule