# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true cs__scoped_require 'contrast/utils/string_utils' cs__scoped_require 'contrast/utils/assess/tracking_util' cs__scoped_require 'base64' cs__scoped_require 'contrast/components/interface' module Contrast module Api module Decorators # Used to decorate the TraceEventObject protobuf model module TraceEventObject def self.included klass klass.extend(ClassMethods) end # Class methods for TraceEventObject module ClassMethods include Contrast::Components::Interface access_component :scope # Build the event object. We were originally going to include taint on # each one, but TS doesn't accept / use that, so it is a waste of time. # # We'll truncate any object that isn't important to the taint ranges of # this event, so that we don't murder TeamServer by, for instance, # hypothetically sending the entire rendered HTML page >_> <_< >_> ELLIPSIS = '...' UNTRUNCATED_PORTION_LENGTH = 25 TRUNCATION_LENGTH = (UNTRUNCATED_PORTION_LENGTH * 2) + ELLIPSIS.length def build object, truncate event_object = new with_contrast_scope do obj_string = Contrast::Utils::StringUtils.force_utf8(object) obj_string = truncate(obj_string) if truncate && obj_string.length > TRUNCATION_LENGTH event_object.value = Base64.encode64(obj_string) event_object.tracked = Contrast::Utils::Assess::TrackingUtil.tracked?(object) end event_object end def truncate obj_string tmp = [] tmp << obj_string[0, UNTRUNCATED_PORTION_LENGTH] tmp << ELLIPSIS tmp << obj_string[ obj_string.length - UNTRUNCATED_PORTION_LENGTH, UNTRUNCATED_PORTION_LENGTH] tmp.join end end end end end end Contrast::Api::Dtm::TraceEventObject.include(Contrast::Api::Decorators::TraceEventObject)