RequestInfo.js

//IASTIGNORE

/*
 * ****************************************************
 * Licensed Materials - Property of HCL.
 * (c) Copyright HCL Technologies Ltd. 2017, 2024.
 * Note to U.S. Government Users *Restricted Rights.
 * ****************************************************
 */

'use strict'

const SessionTracker = require("./SessionTracker");
const Utils = require("./Utils/Utils");
const {ConfigInfo} = require("./ConfigFile/ConfigInfo");
const DastResponseData = require("./IastDast/DastResponseData")

function parseQueryString(request, hidePasswords){
  return request.query != null ? Object.keys(request.query).map(key => `${key}=${ hidePasswords && SessionTracker.isPasswordName(key) ? Utils.PASSWORD_TEXT : request.query[key]}`).origJoin('&') : request.query
}

class RequestInfo {
  /* use Object.Assign method for each source container because the original containers are replaced by proxies
  * and we dont want to apply their hooks when we access them in our code.
  */
  constructor (request, dastRequestData) {
    this.uri = request._parsedUrl != null ? request._parsedUrl.pathname : request.uri
    this.url = request.url
    this.queryString = parseQueryString(request, ConfigInfo.ConfigInfo.hidePasswords)
    this.method = request.method
    this.queryParameters = Object.assign({}, request.query)
    this.routeParameters = Object.assign({}, request.params)
    this.allParameters = Object.assign({}, this.queryParameters, this.routeParameters)
    this.headers = Object.assign({}, request.headers)
    this.isSecure = request.secure
    this.usedParameters = new Set()
    this.usedheaders = new Set()
    this.usedCookies = new Set()
    this.dastRequestData = dastRequestData
    if(this.dastRequestData != null)
    {
      // create empty response data
      this.dastResponseData = new DastResponseData();
    }
    this.sentDastData = false;
  }
  updateBodyParameters (parameters) {
    this.bodyParameters = parameters != null ? parameters : {}
    Object.assign(this.allParameters, this.bodyParameters)
  }

  getInfoForReporting () {
    return {
      uri: this.uri,
      queryString: this.queryString,
      method: this.method
    }
  }

  addUsedParameter (name) {
    this.usedParameters.add(name)
  }

  addUsedHeader (name) {
    this.usedheaders.add(name)
  }

  addUsedCookie (name) {
    this.usedCookies.add(name)
  }

  isUsedParameter (name) {
    return this.usedParameters.has(name)
  }

  isUsedHeader (name) {
    return this.usedheaders.has(name)
  }

  clearUsedCookies(){
    this.usedCookies.clear()
  }

  hasDastRequestData()
  {
    return this.dastRequestData != null;
  }

  addSinkReportToDastResponse(url, entity, stack, vulnerability, isExtra) {
    this.dastResponseData.addSinkReport(url, entity, stack, vulnerability, isExtra);
  }
}

module.exports = RequestInfo