Module: Contrast::Utils::HashDigestExtend

Included in:

HashDigest

Defined in:

lib/contrast/utils/hash_digest_extend.rb

Overview

We use this class to provide hashes for our Request and Finding objects based upon our definitions of uniqueness. While the uniqueness of the request object is something internal to the Ruby agent, the uniqueness of the Finding hash is defined by a specification shared across all agent teams. The spec can be found here: bitbucket.org/contrastsecurity/assess-specifications/src/master/vulnerability/preflight.md

Instance Method Summary

• #generate_class_scanning_hash(finding) ⇒ Object

  Generates the hash checksum for class scanning.

• #generate_config_hash(finding) ⇒ Object

  Generates the hash checksum for configurations.

• #generate_event_hash(finding, source, request) ⇒ Object

  Generates the hash checksum for the event, either dataflow, crypto(crypto-bad-ciphers, crypto-bad-mac) rules or trigger event and returns string representation.

• #generate_request_hash(request) ⇒ Object

  Generates the hash checksum for the request.

Instance Method Details

#generate_class_scanning_hash(finding) ⇒ Object

Generates the hash checksum for class scanning. Converts the rule_id, finding.properties(source, name) to CRC32 checksum and returns string representation.

Parameters:

• finding (Contrast::Agent::Reporting::Finding) —

  to be reported

# File 'lib/contrast/utils/hash_digest_extend.rb', line 70

def generate_class_scanning_hash finding
  hash = new
  hash.update(finding.rule_id)
  module_name = finding.properties[Contrast::Utils::HashDigest::CLASS_SOURCE_KEY]
  hash.update(module_name)
  # We're not currently collecting this. 30/7/19 HM
  line_no = finding.properties[Contrast::Utils::HashDigest::CLASS_LINE_NO_KEY]
  hash.update(line_no)
  field = finding.properties[Contrast::Utils::HashDigest::CLASS_CONSTANT_NAME_KEY]
  hash.update(field)
  hash.finish
end

#generate_config_hash(finding) ⇒ Object

Generates the hash checksum for configurations. Converts the finding rule_id, session_id and configPath and to CRC32 checksum and returns string representation to be appended to Contrast::Api::Dtm::Finding

Parameters:

• finding (Contrast::Agent::Reporting::Finding) —

  to be reported

# File 'lib/contrast/utils/hash_digest_extend.rb', line 55

def generate_config_hash finding
  hash = new
  hash.update(finding.rule_id)
  path = finding.properties[Contrast::Utils::HashDigest::CONFIG_PATH_KEY]
  hash.update(path)
  method = finding.properties[Contrast::Utils::HashDigest::CONFIG_SESSION_ID_KEY]
  hash.update(method)
  hash.finish
end

#generate_event_hash(finding, source, request) ⇒ Object

Generates the hash checksum for the event, either dataflow, crypto(crypto-bad-ciphers, crypto-bad-mac) rules or trigger event and returns string representation.

Parameters:

• finding (Contrast::Agent::Reporting::Finding) —

  to be reported

• source (Object) —

  the source of the Trigger Event

• request (Contrast::Agent::Request) —

  our wrapper around the Rack::Request.

# File 'lib/contrast/utils/hash_digest_extend.rb', line 41

def generate_event_hash finding, source, request
  return generate_dataflow_hash(finding, request) if finding.events.length.to_i > 1

  id = finding.rule_id
  return generate_crypto_hash(finding, source, request) if Contrast::Utils::HashDigest::CRYPTO_RULES.include?(id)

  generate_trigger_hash(finding, request)
end

#generate_request_hash(request) ⇒ Object

Generates the hash checksum for the request. Converts the request method, uri, param names and content length to CRC checksum and returns string representation

Parameters:

• request (Contrast::Agent::Request) —

  our wrapper around the Rack::Request.

# File 'lib/contrast/utils/hash_digest_extend.rb', line 21

def generate_request_hash request
  hash = new
  hash.update(request.request_method)
  hash.update(request.normalized_uri)
  request.parameters.each_key do |name|
    hash.update(name)
  end
  cl = request.headers[Contrast::Utils::HashDigest::CONTENT_LENGTH_HEADER]
  hash.update_on_content_length(cl) if cl
  hash.finish
end