Class: Contrast::Agent::Reporting::FindingRequest

Inherits:

ReportableHash

• Object
• ReportableHash
• Contrast::Agent::Reporting::FindingRequest

Defined in:

lib/contrast/agent/reporting/reporting_events/finding_request.rb

Overview

This is the new FindingRequest class which will include all the needed information for the new reporting system to relay this information in the Finding/Trace messages. These requests are used by TeamServer to construct the HTTP information for the assess feature. They represent the literal request made that resulted in the vulnerability being triggered.

Constant Summary

OMITTED_BODY =

'{{body-omitted-by-contrast}}'

Instance Attribute Summary

• #body ⇒ String

  The body of this request.

• #body_binary ⇒ String

  Byte representation of the body.

• #cookies ⇒ Hash readonly
• #headers ⇒ Hash<String,Array<String>>

  The headers of this request.

• #ip ⇒ String readonly
• #method ⇒ String readonly

  The HTTP verb of this request.

• #parameters ⇒ Hash<String,Array<String>> readonly

  The parameters of this request.

• #port ⇒ Integer readonly

  The port to which this request connected.

• #protocol ⇒ String readonly

  The HTTP(S) protocol of this request.

• #query_string ⇒ String

  The query string of this request.

• #uri ⇒ String readonly

  The url, including path and script, of this request.

• #version ⇒ String readonly

  The HTTP version of this request.

Class Method Summary

• .convert(request) ⇒ Contrast::Agent::Reporting::FindingRequest^?

Instance Method Summary

• #attach_data(request) ⇒ Object

  Parse the data from a Contrast::Agent::Request to attach what is required for reporting to TeamServer to this Contrast::Agent::Reporting::FindingRequest.

• #extract_headers(request) ⇒ Object
• #omit_body?(request) ⇒ Boolean
• #to_controlled_hash ⇒ Hash

  Convert the instance variables on the class, and other information, into the identifiers required for TeamServer to process the JSON form of this message.

• #validate ⇒ Object

Methods inherited from ReportableHash

#event_json, #valid?

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Instance Attribute Details

#body ⇒ String

Returns the body of this request.

Returns:

• (String) —

  the body of this request

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 17

def body
  @body
end

#body_binary ⇒ String

Returns Byte representation of the body.

Returns:

• (String) —

  Byte representation of the body

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 37

def body_binary
  @body_binary
end

#cookies ⇒ Hash (readonly)

Returns:

• (Hash)

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 39

def cookies
  @cookies
end

#headers ⇒ Hash<String,Array<String>>

Returns the headers of this request.

Returns:

• (Hash<String,Array<String>>) —

  the headers of this request

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 19

def headers
  @headers
end

#ip ⇒ String (readonly)

Returns:

• (String)

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 35

def ip
  @ip
end

#method ⇒ String (readonly)

Returns the HTTP verb of this request.

Returns:

• (String) —

  the HTTP verb of this request

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 21

def method
  @method
end

#parameters ⇒ Hash<String,Array<String>> (readonly)

Returns the parameters of this request.

Returns:

• (Hash<String,Array<String>>) —

  the parameters of this request

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 23

def parameters
  @parameters
end

#port ⇒ Integer (readonly)

Returns the port to which this request connected.

Returns:

• (Integer) —

  the port to which this request connected

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 25

def port
  @port
end

#protocol ⇒ String (readonly)

Returns the HTTP(S) protocol of this request.

Returns:

• (String) —

  the HTTP(S) protocol of this request

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 27

def protocol
  @protocol
end

#query_string ⇒ String

Returns the query string of this request.

Returns:

• (String) —

  the query string of this request

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 29

def query_string
  @query_string
end

#uri ⇒ String (readonly)

Returns the url, including path and script, of this request.

Returns:

• (String) —

  the url, including path and script, of this request

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 31

def uri
  @uri
end

#version ⇒ String (readonly)

Returns the HTTP version of this request.

Returns:

• (String) —

  the HTTP version of this request

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 33

def version
  @version
end

Class Method Details

.convert(request) ⇒ Contrast::Agent::Reporting::FindingRequest^?

Parameters:

• request (Contrast::Agent::Request)

Returns:

• (Contrast::Agent::Reporting::FindingRequest, nil)

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 44

def convert request
  return unless request

  report = new
  report.attach_data(request)
  report
end

Instance Method Details

#attach_data(request) ⇒ Object

Parse the data from a Contrast::Agent::Request to attach what is required for reporting to TeamServer to this Contrast::Agent::Reporting::FindingRequest

Parameters:

• request (Contrast::Agent::Request)

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 57

def attach_data request
  @body = request.body
  @headers = {}
  extract_headers(request)
  @method = request.request_method
  @parameters = {}
  request.parameters.each_pair { |key, value| @parameters[key] = Array(value) }
  @port = request.port || 0
  @protocol = request.scheme
  @query_string = request.query_string
  @uri = request.normalized_uri
  @version = request.version
  @ip = request.ip || ''
  @body_binary = if omit_body?(request)
                   OMITTED_BODY
                 else
                   Contrast::Utils::StringUtils.force_utf8(request.body)
                 end
  @cookies = {}
  @cookies = request.cookies unless request.cookies.empty?
end

#extract_headers(request) ⇒ Object

Parameters:

• request (Contrast::Agent::Request)

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 116

def extract_headers request
  request.headers.each_pair do |key, value|
    # We need to change from the uppercase _ format to capitalized - format.
    header = key.split('_')
    header.each(&:capitalize!)
    header = header.join('-')
    headers[header] = value.split
  end
end

#omit_body?(request) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 99

def omit_body? request
  return true if ::Contrast::AGENT.omit_body?
  return false if request.document_type != :NORMAL

  request.media_type&.include?('multipart/form-data')
end

#to_controlled_hash ⇒ Hash

Convert the instance variables on the class, and other information, into the identifiers required for TeamServer to process the JSON form of this message.

Returns:

• (Hash)

Raises:

• (ArgumentError)

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 84

def to_controlled_hash
  validate
  {
      body: body,
      headers: headers,
      method: method, # rubocop:disable Security/Object/Method
      parameters: parameters,
      port: port || 0,
      protocol: protocol,
      queryString: query_string,
      uri: uri,
      version: version
  }
end

#validate ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/contrast/agent/reporting/reporting_events/finding_request.rb', line 106

def validate
  unless method && !method.empty? # rubocop:disable Security/Object/Method
    raise(ArgumentError, "#{ self } did not have a proper method. Unable to continue.")
  end
  raise(ArgumentError, "#{ self } did not have a proper uri. Unable to continue.") unless uri && !uri.empty?

  nil
end