Module: Contrast::Utils::HashDigestExtend

Included in:
HashDigest
Defined in:
lib/contrast/utils/hash_digest_extend.rb

Overview

We use this class to provide hashes for our Request and Finding objects based upon our definitions of uniqueness. While the uniqueness of the request object is something internal to the Ruby agent, the uniqueness of the Finding hash is defined by a specification shared across all agent teams. The spec can be found here: bitbucket.org/contrastsecurity/assess-specifications/src/master/vulnerability/preflight.md

Instance Method Summary collapse

Instance Method Details

#generate_class_scanning_hash(finding) ⇒ Object

Generates the hash checksum for class scanning. Converts the rule_id, finding.properties(source, name) to CRC32 checksum and returns string representation.

Parameters:



68
69
70
71
72
73
74
75
76
77
78
79
 
# File 'lib/contrast/utils/hash_digest_extend.rb', line 68

def generate_class_scanning_hash finding
  hash = new
  hash.update(finding.rule_id)
  module_name = finding.properties[Contrast::Utils::HashDigest::CLASS_SOURCE_KEY]
  hash.update(module_name)
  # We're not currently collecting this. 30/7/19 HM
  line_no = finding.properties[Contrast::Utils::HashDigest::CLASS_LINE_NO_KEY]
  hash.update(line_no)
  field = finding.properties[Contrast::Utils::HashDigest::CLASS_CONSTANT_NAME_KEY]
  hash.update(field)
  hash.finish
end

#generate_config_hash(finding) ⇒ String

Generates the hash checksum for configurations. Converts the finding rule_id, session_id and configPath and to CRC32 checksum and returns string representation to be appended to Contrast::Api::Dtm::Finding

Parameters:

Returns:

  • (String)

    String representation of CRC32 checksum.



53
54
55
56
57
58
59
60
61
 
# File 'lib/contrast/utils/hash_digest_extend.rb', line 53

def generate_config_hash finding
  hash = new
  hash.update(finding.rule_id)
  path = finding.properties[Contrast::Utils::HashDigest::CONFIG_PATH_KEY]
  hash.update(path)
  method = finding.properties[Contrast::Utils::HashDigest::CONFIG_SESSION_ID_KEY]
  hash.update(method)
  hash.finish
end

#generate_event_hash(finding, source, request) ⇒ String

Generates the hash checksum for the event, either dataflow, crypto(crypto-bad-ciphers, crypto-bad-mac) rules or trigger event and returns string representation.

Parameters:

Returns:

  • (String)

    String representation of CRC32 checksum



39
40
41
42
43
44
45
46
 
# File 'lib/contrast/utils/hash_digest_extend.rb', line 39

def generate_event_hash finding, source, request
  return generate_dataflow_hash(finding, request) if finding.events.length.to_i > 1

  id = finding.rule_id
  return generate_crypto_hash(finding, source, request) if Contrast::Utils::HashDigest::CRYPTO_RULES.include?(id)

  generate_trigger_hash(finding, request)
end

#generate_request_hash(request) ⇒ String

Generates the hash checksum for the request. Converts the request method, uri, param names and content length to CRC checksum and returns string representation

Parameters:

Returns:

  • (String)

    String representation of CRC32 checksum



21
22
23
24
25
26
27
28
29
 
# File 'lib/contrast/utils/hash_digest_extend.rb', line 21

def generate_request_hash request
  hash = new
  hash.update(request.request_method)
  hash.update(request.normalized_uri)
  request.parameters.each_key do |name|
    hash.update(name)
  end
  hash.finish
end

#generate_response_hash(finding, request) ⇒ String

Generates the hash checksum for response scanning. Converts the rule_id and request to CRC32 checksum and returns string representation.

# @param request [Contrast::Agent::Request]

Parameters:

Returns:

  • (String)

    String representation of CRC32 checksum.



87
88
89
90
91
92
 
# File 'lib/contrast/utils/hash_digest_extend.rb', line 87

def generate_response_hash finding, request
  hash = new
  hash.update(finding.rule_id)
  hash.update_on_request(finding, request)
  hash.finish
end