Class: Contrast::Agent::Reporting::FindingRequest

Inherits:
ReportableHash show all
Defined in:
lib/contrast/agent/reporting/reporting_events/finding_request.rb

Overview

This is the new FindingRequest class which will include all the needed information for the new reporting system to relay this information in the Finding/Trace messages. These requests are used by TeamServer to construct the HTTP information for the assess feature. They represent the literal request made that resulted in the vulnerability being triggered.

Constant Summary collapse

OMITTED_BODY = 
'{{body-omitted-by-contrast}}'

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from ReportableHash

#event_json, #valid?

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Instance Attribute Details

#bodyString 



17
18
19
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 17

def body
  @body
end

#body_binaryString 



37
38
39
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 37

def body_binary
  @body_binary
end

#cookiesHash (readonly) 



39
40
41
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 39

def cookies
  @cookies
end

#headersHash<String,Array<String>> 



19
20
21
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 19

def headers
  @headers
end

#ipString (readonly) 



35
36
37
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 35

def ip
  @ip
end

#methodString (readonly) 



21
22
23
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 21

def method
  @method
end

#parametersHash<String,Array<String>> (readonly) 



23
24
25
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 23

def parameters
  @parameters
end

#portInteger (readonly) 



25
26
27
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 25

def port
  @port
end

#protocolString (readonly) 



27
28
29
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 27

def protocol
  @protocol
end

#query_stringString 



29
30
31
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 29

def query_string
  @query_string
end

#uriString (readonly) 



31
32
33
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 31

def uri
  @uri
end

#versionString (readonly) 



33
34
35
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 33

def version
  @version
end

Class Method Details

.convert(request) ⇒ Contrast::Agent::Reporting::FindingRequest? 



44
45
46
47
48
49
50
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 44

def convert request
  return unless request

  report = new
  report.attach_data(request)
  report
end

Instance Method Details

#attach_data(request) ⇒ Object

Parse the data from a Contrast::Agent::Request to attach what is required for reporting to TeamServer to this Contrast::Agent::Reporting::FindingRequest



57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 57

def attach_data request
  @body = request.body
  @headers = {}
  extract_headers(request)
  @method = request.request_method
  @parameters = {}
  request.parameters.each_pair { |key, value| @parameters[key] = Array(value) }
  @port = request.port || 0
  @protocol = request.scheme
  @query_string = request.query_string
  @uri = request.normalized_uri
  @version = request.version
  @ip = request.ip || ''
  @body_binary = if omit_body?(request)
                   OMITTED_BODY
                 else
                   Contrast::Utils::StringUtils.force_utf8(request.body)
                 end
  @cookies = {}
  @cookies = request.cookies unless request.cookies.empty?
end

#extract_headers(request) ⇒ Object 



116
117
118
119
120
121
122
123
124
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 116

def extract_headers request
  request.headers.each_pair do |key, value|
    # We need to change from the uppercase _ format to capitalized - format.
    header = key.split('_')
    header.each(&:capitalize!)
    header = header.join('-')
    headers[header] = value.split
  end
end

#omit_body?(request) ⇒ Boolean 



99
100
101
102
103
104
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 99

def omit_body? request
  return true if ::Contrast::AGENT.omit_body?
  return false if request.document_type != :NORMAL

  request.media_type&.include?('multipart/form-data')
end

#to_controlled_hashHash

Convert the instance variables on the class, and other information, into the identifiers required for TeamServer to process the JSON form of this message.

Raises:

  • (ArgumentError) 


84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 84

def to_controlled_hash
  validate
  {
      body: body,
      headers: headers,
      method: method, # rubocop:disable Security/Object/Method
      parameters: parameters,
      port: port || 0,
      protocol: protocol,
      queryString: query_string,
      uri: uri,
      version: version
  }
end

#validateObject

Raises:

  • (ArgumentError) 


106
107
108
109
110
111
112
113
 
# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 106

def validate
  unless method && !method.empty? # rubocop:disable Security/Object/Method
    raise(ArgumentError, "#{ self } did not have a proper method. Unable to continue.")
  end
  raise(ArgumentError, "#{ self } did not have a proper uri. Unable to continue.") unless uri && !uri.empty?

  nil
end