lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb in contrast-agent-4.13.1 vs lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb in contrast-agent-4.14.0
- old
+ new
@@ -2,10 +2,11 @@
# frozen_string_literal: true
require 'contrast/agent/assess/policy/trigger_method'
require 'contrast/components/logger'
require 'contrast/extension/module'
+require 'contrast/agent/reporting/report'
module Contrast
module Agent
module Assess
module Rule
@@ -64,11 +65,12 @@
next unless value_type_passes?(value)
# if it looks like a placeholder / pointer to a config, skip it
next unless value_passes?(value)
- build_finding(clazz, constant_string)
+ new_finding_and_reporting clazz, constant_string
+ build_finding clazz, constant_string
end
end
# Parse the file pertaining to the given TracePoint to walk its AST
# to determine if a Constant is hardcoded. For our purposes, this
@@ -136,11 +138,12 @@
value = children[1]
# The assignment node could be a direct value or a call of some
# sort. We leave it to each rule to properly handle these nodes.
return unless value_node_passes?(value)
- build_finding(mod, name)
+ new_finding_and_reporting mod, name
+ build_finding mod, name
end
# Constants can be set as frozen directly. We need to account for
# this change as it means the Node given to the :CDECL call will be
# a :CALL, not a constant.
@@ -159,10 +162,18 @@
end
def build_finding clazz, constant_string
class_name = clazz.cs__name
+ finding = assign_finding class_name, constant_string
+ Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding)
+ rescue StandardError => e
+ logger.error('Unable to build a finding for Hardcoded Rule', e)
+ nil
+ end
+
+ def assign_finding class_name, constant_string
finding = Contrast::Api::Dtm::Finding.new
finding.rule_id = Contrast::Utils::StringUtils.protobuf_safe_string(rule_id)
finding.version = Contrast::Agent::Assess::Policy::TriggerMethod::CURRENT_FINDING_VERSION
finding.properties[SOURCE_KEY] = Contrast::Utils::StringUtils.protobuf_safe_string(class_name)
@@ -171,13 +182,36 @@
Contrast::Utils::StringUtils.protobuf_safe_string(constant_string + redacted_marker)
hash = Contrast::Utils::HashDigest.generate_class_scanning_hash(finding)
finding.hash_code = Contrast::Utils::StringUtils.protobuf_safe_string(hash)
finding.preflight = Contrast::Utils::PreflightUtil.create_preflight(finding)
- Contrast::Agent::Assess::Policy::TriggerMethod.report_finding(finding)
- rescue StandardError => e
- logger.error('Unable to build a finding for Hardcoded Rule', e)
- nil
+ finding
+ end
+
+ def new_finding_and_reporting clazz, constant_string
+ return unless Contrast::Agent::Reporter.enabled?
+
+ # sent to reporter
+ # and add logger message for the report of the preflight
+ new_preflight = Contrast::Agent::Reporting::Preflight.new
+ new_preflight_message = Contrast::Agent::Reporting::PreflightMessage.new
+ new_preflight_message.hash_code = hash
+ new_preflight_message.data = "#{ rule_id },#{ hash }"
+ new_preflight.messages << new_preflight_message
+
+ # extract to new method
+ # here we will generate new type of finding
+ ruby_finding = Contrast::Agent::Reporting::Finding.new rule_id
+ ruby_finding.hash_code = hash
+ ruby_finding.properties[SOURCE_KEY] = clazz.cs__name
+ ruby_finding.properties[CONSTANT_NAME_KEY] = constant_string
+ ruby_finding.properties[CODE_SOURCE_KEY] = constant_string + redacted_marker
+ save_and_report_finding ruby_finding, new_preflight
+ end
+
+ def save_and_report_finding ruby_finding, new_preflight
+ Contrast::Agent::Reporting::ReportingStorage[hash] = ruby_finding
+ Contrast::Agent.reporter_queue.send_event_immediately(new_preflight)
end
end
end
end
end