# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true module Contrast module Agent module Reporting # This is the new FindingObject class which will include all the needed information for the new reporting system # to relay this information in the Finding/Trace messages. These FindingTaintRanges are used by TeamServer to # construct the vulnerability information for the assess feature. They represent those parts of the objects that # are tracked because of a security relevant operation acting on them. # # @attr_reader range [String] the range (inclusive:exclusive), that this tag covers. # @attr_reader tag [String] the type of action this tag represents. class FindingTaintRange attr_reader :range, :tag class << self # @param tag [Contrast::Agent::Assess::Tag] the tag to convert # @return [Contrast::Agent::Reporting::FindingTaintRange] def convert tag report = new report.attach_data(tag) report end end # Parse the data from a Contrast::Agent::Assess::Tag to attach what is required for reporting to TeamServer to # this Contrast::Agent::Reporting::FindingTaintRange # # @param tag [Contrast::Agent::Assess::Tag] the tag to convert def attach_data tag @range = "#{ tag.start_idx }:#{ tag.end_idx }" @tag = tag.label end # Convert the instance variables on the class, and other information, into the identifiers required for # TeamServer to process the JSON form of this message. # # @return [Hash] # @raise [ArgumentError] def to_controlled_hash validate { range: range, tag: tag } end def validate raise(ArgumentError, "#{ self } did not have a proper hash. Unable to continue.") unless hash && !hash.empty? return unless value && !value.empty? raise(ArgumentError, "#{ self } did not have a proper value. Unable to continue.") end end end end end