Class: Contrast::Utils::HashDigest

Inherits:
Digest::Class
  • Object
show all
Extended by:
HashDigestExtend
Includes:
Digest::Instance
Defined in:
lib/contrast/utils/hash_digest.rb

Overview

We use this class to provide hashes for our Request and Finding objects based upon our definitions of uniqueness. While the uniqueness of the request object is something internal to the Ruby agent, the uniqueness of the Finding hash is defined by a specification shared across all agent teams. The spec can be found here: bitbucket.org/contrastsecurity/assess-specifications/src/master/vulnerability/preflight.md

Constant Summary collapse

CONTENT_LENGTH_HEADER = 
'Content-Length'
CHARS = 
%w[a b c d e f g].cs__freeze
CRYPTO_RULES = 
%w[crypto-bad-ciphers crypto-bad-mac].cs__freeze
CONFIG_PATH_KEY = 
'path'
CONFIG_SESSION_ID_KEY = 
'sessionId'
CLASS_SOURCE_KEY = 
'source'
CLASS_CONSTANT_NAME_KEY = 
'name'
CLASS_LINE_NO_KEY = 
'lineNo'

Instance Method Summary collapse

Methods included from HashDigestExtend

generate_class_scanning_hash, generate_config_hash, generate_event_hash, generate_request_hash

Constructor Details

#initializeHashDigest

Returns a new instance of HashDigest.



27
28
29
30
 
# File 'lib/contrast/utils/hash_digest.rb', line 27

def initialize
  super
  @crc32 = 0
end

Instance Method Details

#finishObject

Casts current CRC checksum to String



96
97
98
 
# File 'lib/contrast/utils/hash_digest.rb', line 96

def finish
  @crc32.to_s
end

#update(str) ⇒ Object

Converts given string to CRC checksum. CRC32 checksum ensures that If error of a single bit occurs, the CRC checksum will fail, regardless of any other property of the transmitted data, including its length. Called several times with previous CRC to recalculate the new output.

nil if passed string is nil or empty

Parameters:



87
88
89
90
91
 
# File 'lib/contrast/utils/hash_digest.rb', line 87

def update str
  return unless str

  @crc32 = Zlib.crc32(str, @crc32)
end

#update_on_content_length(chr) ⇒ Object

This method converts and integer value for length into a string value that we can hash on, based on the logarithmic value of the length, and updates the current hash with that value.

Parameters:

  • chr (Numeric)

    the length to translate



75
76
77
 
# File 'lib/contrast/utils/hash_digest.rb', line 75

def update_on_content_length chr
  update(CHARS[Math.log10(chr.to_s.length).to_i] || CHARS[-1])
end

#update_on_request(finding, request) ⇒ Object

Update to CRC checksum the finding route and verb if finding route is available, else update the passed request or Contrast::REQUEST_TRACKER.current.request uri and used request method.

is disabled.

Parameters:



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/contrast/utils/hash_digest.rb', line 39

def update_on_request finding, request
  context = Contrast::Agent::REQUEST_TRACKER.current
  return unless context || ::Contrast::ASSESS.non_request_tracking?

  if (route = finding.routes[0])
    update(route.signature)
    if (observation = route.observations[0])
      update(observation.verb)
    else
      update(request.request_method)
    end
  else
    return unless request ||= context&.request

    update(request.normalized_uri) # the normalized URL used to access the method in the route.
    update(request.request_method)
  end
end

#update_on_sources(events) ⇒ Object

Update to CRC checksum the event source name and source type.

Parameters:



62
63
64
65
66
67
68
69
 
# File 'lib/contrast/utils/hash_digest.rb', line 62

def update_on_sources events
  events.each do |event|
    event.event_sources.each do |source|
      update(source.source_type)
      update(source.source_name)
    end
  end
end