@hclsoftware/secagent/src/Tasks/UnimplementedSinkTask.js

IAST agent

//IASTIGNORE
/*
 * ****************************************************
 * Licensed Materials - Property of HCL.
 * (c) Copyright HCL Technologies Ltd. 2017, 2025.
 * Note to U.S. Government Users *Restricted Rights.
 * ****************************************************
 */

'use strict'

const Logger = require('../Logger/IastLogger')
const SinkTask = require('./SinkTask')
const TaskType = require('./TaskType')

const logger = Logger.eventLog

module.exports = class UnimplementedSinkTask extends SinkTask.SinkTask {
  constructor (source, vulnerability, stack, parameters) {
    super(source, vulnerability, stack, parameters)
    this.taskType = TaskType.UNIMPLEMENTED_SINK
  }

  performAction () {
    // We have a list of verifications and sanitizers that have been run on a string. In order to validate that they actually work, we need
    // to send through multiple tainted strings and see whether they were validated or not.

    const signature = this.getTasksInfo()
    logger.debug(`signature ${signature} is verified as a sanitizer`)
    this.taintedObjectFlow.sanitize(this.vulnerability)
    return false
  }
}