-
Notifications
You must be signed in to change notification settings - Fork 323
/
Copy pathcookie-analyzer.js
59 lines (47 loc) · 1.32 KB
/
cookie-analyzer.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
'use strict'
const Analyzer = require('./vulnerability-analyzer')
const { getNodeModulesPaths } = require('../path-line')
const EXCLUDED_PATHS = getNodeModulesPaths('express/lib/response.js')
class CookieAnalyzer extends Analyzer {
constructor (type, propertyToBeSafe) {
super(type)
this.propertyToBeSafe = propertyToBeSafe.toLowerCase()
}
onConfigure () {
this.addSub(
{ channelName: 'datadog:iast:set-cookie', moduleName: 'http' },
(cookieInfo) => this.analyze(cookieInfo)
)
}
_isVulnerable ({ cookieProperties, cookieValue }) {
return cookieValue && !(cookieProperties && cookieProperties
.map(x => x.toLowerCase().trim()).includes(this.propertyToBeSafe))
}
_getEvidence ({ cookieName }) {
return { value: cookieName }
}
_createHashSource (type, evidence, location) {
return `${type}:${evidence.value}`
}
_getExcludedPaths () {
return EXCLUDED_PATHS
}
_checkOCE (context, value) {
if (value && value.location) {
return true
}
return super._checkOCE(context, value)
}
_getLocation (value) {
if (!value) {
return super._getLocation()
}
if (value.location) {
return value.location
}
const location = super._getLocation(value)
value.location = location
return location
}
}
module.exports = CookieAnalyzer