Class: Contrast::Agent::Reporting::FindingEventObject

Inherits:
ReportableHash show all
Defined in:
lib/contrast/agent/reporting/reporting_events/finding_event_object.rb

Overview

This is the new FindingEventObject class which will include all the needed information for the new reporting system to relay this information in the Finding/Trace messages. These FindingEventObjects are used by TeamServer to construct the vulnerability information for the assess feature. They represent those parts of the objects that were acted on in a Dataflow Finding.

Constant Summary collapse

ELLIPSIS =

We’ll truncate any object that isn’t important to the taint ranges of this event, so that we don’t murder TeamServer by, for instance, hypothetically sending the entire rendered HTML page >_> <_< >_>

'...'
UNTRUNCATED_PORTION_LENGTH = 
25
TRUNCATION_LENGTH = 
(UNTRUNCATED_PORTION_LENGTH * 2) + ELLIPSIS.length

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from ReportableHash

#event_json, #valid?

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Instance Attribute Details

#hashInteger (readonly)

Returns the id of the Object this represents.

Returns:

  • (Integer)

    the id of the Object this represents.



17
18
19
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_event_object.rb', line 17

def hash
  @hash
end

#trackedBoolean (readonly)

Returns if the Object is tracked or not.

Returns:

  • (Boolean)

    if the Object is tracked or not



19
20
21
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_event_object.rb', line 19

def tracked
  @tracked
end

#valueString (readonly)

Returns the base64 of the human readable representation of the Object this represents.

Returns:

  • (String)

    the base64 of the human readable representation of the Object this represents.



21
22
23
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_event_object.rb', line 21

def value
  @value
end

Class Method Details

.convert(object, truncate) ⇒ Contrast::Agent::Reporting::FindingEventObject

Parameters:

Returns:



33
34
35
36
37
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_event_object.rb', line 33

def convert object, truncate
  report = new
  report.attach_data(object, truncate)
  report
end

Instance Method Details

#attach_data(object, truncate) ⇒ Object

Parse the data from a Contrast::Agent::Assess::ContrastObject to attach what is required for reporting to TeamServer to this Contrast::Agent::Reporting::FindingEventObject

Parameters:



44
45
46
47
48
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_event_object.rb', line 44

def attach_data object, truncate
  @hash = object ? object.tracked_object_id : nil.__id__
  @tracked = !!object&.tracked?
  @value = reportable_value(object&.object, truncate)
end

#to_controlled_hashHash

Convert the instance variables on the class, and other information, into the identifiers required for TeamServer to process the JSON form of this message.

Returns:

Raises:

  • (ArgumentError) 


55
56
57
58
59
60
61
62
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_event_object.rb', line 55

def to_controlled_hash
  validate
  {
      hash: hash,
      tracked: tracked,
      value: value
  }
end

#validateObject

Raises:

  • (ArgumentError) 


65
66
67
68
69
70
71
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_event_object.rb', line 65

def validate
  raise(ArgumentError, "#{ self } did not have a proper hash. Unable to continue.") unless hash
  raise(ArgumentError, "#{ self } did not have a proper tracked. Unable to continue.") if tracked.nil?
  return if value

  raise(ArgumentError, "#{ self } did not have a proper value. Unable to continue.")
end