Class: Contrast::Utils::HashDigest

Inherits:

Digest::Class

• Object
• Digest::Class
• Contrast::Utils::HashDigest

Extended by:

HashDigestExtend

Includes:

Digest::Instance

Defined in:

lib/contrast/utils/hash_digest.rb

Overview

We use this class to provide hashes for our Request and Finding objects based upon our definitions of uniqueness. While the uniqueness of the request object is something internal to the Ruby agent, the uniqueness of the Finding hash is defined by a specification shared across all agent teams. The spec can be found here: bitbucket.org/contrastsecurity/assess-specifications/src/master/vulnerability/preflight.md

Constant Summary

CHARS =

%w[a b c d e f g].cs__freeze

CRYPTO_RULES =

%w[crypto-bad-ciphers crypto-bad-mac].cs__freeze

CONFIG_PATH_KEY =

'path'

CONFIG_SESSION_ID_KEY =

'sessionId'

CLASS_SOURCE_KEY =

'source'

CLASS_CONSTANT_NAME_KEY =

'name'

CLASS_LINE_NO_KEY =

'lineNo'

Instance Method Summary

• #finish ⇒ Object

  Casts current CRC checksum to String.

• #initialize ⇒ HashDigest constructor

  A new instance of HashDigest.

• #update(str) ⇒ Object

  Converts given string to CRC checksum.

• #update_on_request(finding, request) ⇒ Object

  Update to CRC checksum the finding route and verb if finding route is available, else update the passed request or Contrast::REQUEST_TRACKER.current.request uri and used request method.

• #update_on_sources(events) ⇒ Object

  Update to CRC checksum the event source name and source type.

Methods included from HashDigestExtend

generate_class_scanning_hash, generate_config_hash, generate_event_hash, generate_request_hash, generate_response_hash

Constructor Details

#initialize ⇒ HashDigest

Returns a new instance of HashDigest.

# File 'lib/contrast/utils/hash_digest.rb', line 26

def initialize
  super
  @crc32 = 0
end

Instance Method Details

#finish ⇒ Object

Casts current CRC checksum to String

# File 'lib/contrast/utils/hash_digest.rb', line 82

def finish
  @crc32.to_s
end

#update(str) ⇒ Object

Converts given string to CRC checksum. CRC32 checksum ensures that If error of a single bit occurs, the CRC checksum will fail, regardless of any other property of the transmitted data, including its length. Called several times with previous CRC to recalculate the new output.

Parameters:

• str (String)

# File 'lib/contrast/utils/hash_digest.rb', line 73

def update str
  return unless str

  @crc32 = Zlib.crc32(str, @crc32)
end

#update_on_request(finding, request) ⇒ Object

Update to CRC checksum the finding route and verb if finding route is available, else update the passed request or Contrast::REQUEST_TRACKER.current.request uri and used request method.

Parameters:

• finding (Contrast::Agent::Reporting::Finding) —

  finding to be reported

• request (Contrast::Agent::Request) —

  our wrapper around the Rack::Request.

# File 'lib/contrast/utils/hash_digest.rb', line 36

def update_on_request finding, request
  context = Contrast::Agent::REQUEST_TRACKER.current
  return unless context || ::Contrast::ASSESS.non_request_tracking?

  if (route = finding.routes[0])
    update(route.signature)
    if (observation = route.observations[0])
      update(observation.verb)
    else
      update(request.request_method)
    end
  else
    return unless request ||= context&.request

    update(request.normalized_uri) # the normalized URL used to access the method in the route.
    update(request.request_method)
  end
end

#update_on_sources(events) ⇒ Object

Update to CRC checksum the event source name and source type.

Parameters:

• events (Array<Contrast::Agent::Reporting::FindingEvent>)

# File 'lib/contrast/utils/hash_digest.rb', line 58

def update_on_sources events
  events.each do |event|
    event.event_sources.each do |source|
      update(source.source_type)
      update(source.source_name)
    end
  end
end