prettify request response body in vulnerable api findings

avzz-19 · avzz-19 · commit 045014778767 · 2024-10-30T22:06:23.000+05:30
diff --git a/app/components/file-details/vulnerability-analysis-details/findings/code-box/index.hbs b/app/components/file-details/vulnerability-analysis-details/findings/code-box/index.hbs
@@ -36,7 +36,7 @@
 
   <pre
     id={{this.copyTargetId}}
-    local-class='vulnerability-finding-description'
+    local-class='vulnerability-finding-description {{this.whiteSpace}}'
     data-test-analysisDetails-vulFinding-code
   >{{yield}}
   </pre>
diff --git a/app/components/file-details/vulnerability-analysis-details/findings/code-box/index.scss b/app/components/file-details/vulnerability-analysis-details/findings/code-box/index.scss
@@ -29,7 +29,6 @@
     text-overflow: clip;
     background-color: unset;
     color: var(--file-details-vulnerability-analysis-details-findings-code-box-color-primary);
-    white-space: pre-line;
     line-height: normal;
     padding: 0.75em;
   }
@@ -40,6 +39,14 @@
   }
 }
 
+.pre-wrap {
+  white-space: pre-wrap;
+}
+
+.pre-line {
+  white-space: pre-line;
+}
+
 .analysis-overridded-passed .vulnerability-finding-description {
   background-color: var(
     --file-details-vulnerability-analysis-details-findings-code-box-marked-passed-code-background-color
diff --git a/app/components/file-details/vulnerability-analysis-details/findings/code-box/index.ts b/app/components/file-details/vulnerability-analysis-details/findings/code-box/index.ts
@@ -10,6 +10,7 @@ export interface FileDetailsVulnerabilityAnalysisDetailsFindingsCodeBoxSignature
     title: string;
     copyIcon?: boolean;
     markedAsPassed?: boolean;
+    whiteSpace?: 'pre-wrap' | 'pre-line';
   };
   Blocks: {
     default: [];
@@ -24,6 +25,10 @@ export default class FileDetailsVulnerabilityAnalysisDetailsFindingsCodeBoxCompo
     return `copy-target-${guidFor(this)}`;
   }
 
+  get whiteSpace() {
+    return this.args.whiteSpace || 'pre-line';
+  }
+
   @action
   handleCopySuccess(event: ClipboardJS.Event) {
     this.notify.info(this.intl.t('copiedToClipboard'));
diff --git a/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.hbs b/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.hbs
@@ -34,14 +34,15 @@
             'file-details/vulnerability-analysis-details/findings/code-box'
             title=detail.title
             copyIcon=detail.copyIcon
+            whiteSpace=detail.whiteSpace
             markedAsPassed=@analysis.isOverriddenAsPassed
           )
           as |CodeBox|
         }}
           {{#if detail.isKeyValuePair}}
             {{! Note: formating will add a new line for each key value pair }}
-            <CodeBox>{{#each-in detail.value as |key value|}}<span>{{key}}:
-                  {{value}}</span>
+            <CodeBox>{{#each-in detail.value as |key value|}}<span
+                >{{key}}:&nbsp;{{value}}</span>
               {{/each-in}}
             </CodeBox>
           {{else}}
diff --git a/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts b/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts
@@ -1,5 +1,6 @@
 import Component from '@glimmer/component';
 import { service } from '@ember/service';
+import { action } from '@ember/object';
 import type IntlService from 'ember-intl/services/intl';
 
 import type AnalysisModel from 'irene/models/analysis';
@@ -13,6 +14,20 @@ export interface FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableApiSig
   };
 }
 
+interface FormattedResult {
+  value: string;
+  isJSON?: boolean;
+}
+
+interface VulnerabilityDetails {
+  title: string;
+  value: string;
+  isEmpty: boolean;
+  copyIcon: boolean;
+  isKeyValuePair?: boolean;
+  whiteSpace?: 'pre-wrap' | 'pre-line';
+}
+
 export default class FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableApiComponent extends Component<FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableApiSignature> {
   @service declare intl: IntlService;
 
@@ -113,16 +128,49 @@ export default class FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableAp
     }
   }
 
+  @action getFormattedText(inputString: string | undefined): FormattedResult {
+    if (!inputString) {
+      return {
+        value: '',
+      };
+    }
+
+    const sanitizedString = inputString
+      .trim()
+      .replace(/(^['"])|(['"]$)/g, '')
+      .replace(/\\n/g, '\n');
+
+    // Try to parse as JSON first
+    try {
+      const parsed = JSON.parse(sanitizedString);
+
+      return {
+        value: JSON.stringify(parsed, null, 2),
+        isJSON: true,
+      };
+    } catch {
+      // If JSON parsing fails, return the sanitized string
+      return {
+        value: sanitizedString,
+        isJSON: false,
+      };
+    }
+  }
+
   get vulnerabilityDetails() {
     const request = this.args.currentVulnerability?.request;
     const response = this.args.currentVulnerability?.response;
 
+    const formattedRequestBody = this.getFormattedText(request?.body);
+    const formattedResponseBody = this.getFormattedText(response?.text);
+
     return [
       {
         title: this.intl.t('requestBody'),
-        value: request?.body,
+        value: formattedRequestBody.value,
         isEmpty: this.isRequestBodyEmpty,
         copyIcon: true,
+        whiteSpace: formattedRequestBody.isJSON ? 'pre-wrap' : 'pre-line',
       },
       {
         title: this.intl.t('requestHeaders'),
@@ -167,11 +215,12 @@ export default class FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableAp
       },
       {
         title: this.intl.t('responseBody'),
-        value: response?.text,
+        value: formattedResponseBody.value,
         isEmpty: this.isResponseBodyEmpty,
+        whiteSpace: formattedResponseBody.isJSON ? 'pre-wrap' : 'pre-line',
         copyIcon: true,
       },
-    ];
+    ] as VulnerabilityDetails[];
   }
 }
 
diff --git a/app/utils/parse-vulnerable-api-finding.ts b/app/utils/parse-vulnerable-api-finding.ts
@@ -132,6 +132,39 @@ function splitVulnerableApiFindingIntoBlocks(content: string): string[] {
   return content.split(/\n{2,3}/);
 }
 
+function handleBodyField(
+  key: string,
+  value: string,
+  lines: string[],
+  i: number
+): { updatedBuffer: string; updatedIndex: number } {
+  let currentBuffer = value;
+  let nextIndex = i + 1;
+
+  // Check if body value is a multi-line JSON or array
+  if (
+    (value.startsWith("'{") && !value.endsWith("}'")) ||
+    (value.startsWith("'[") && !value.endsWith("]'"))
+  ) {
+    // Keep reading lines until the closing quote
+    while (
+      nextIndex < lines.length &&
+      !(lines[nextIndex]?.includes("}'") || lines[nextIndex]?.includes("]'"))
+    ) {
+      currentBuffer += '\n' + lines[nextIndex];
+      nextIndex++;
+    }
+
+    // Add the final line with the closing quote if found
+    if (nextIndex < lines.length) {
+      currentBuffer += '\n' + lines[nextIndex];
+      nextIndex++;
+    }
+  }
+
+  return { updatedBuffer: currentBuffer, updatedIndex: nextIndex - 1 };
+}
+
 /**
  * Parses a block of text into a `VulnerableApiFinding` object.
  * @param block - The text block to parse.
@@ -148,25 +181,48 @@ function parseVulnerableApiFindingBlock(block: string): VulnerableApiFinding {
   // Process the first line separately to handle initial URL or description
   processFirstLine(lines, finding);
 
-  lines.forEach((line) => {
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i] || '';
+    const trimmedLine = line.trim();
     const parsedLine = parseLine(line);
 
     if (parsedLine) {
       const [key, value] = parsedLine;
 
       if (currentKey && currentBuffer) {
-        // If a previous key exists, update it with the accumulated buffer
+        // Update the previous key with the accumulated buffer
         updateFindingField(finding, currentKey, currentBuffer, currentSection);
+
         currentBuffer = null; // Reset buffer after updating
         currentKey = null; // Reset key after updating
       }
 
       if (key) {
-        if (currentKey && currentBuffer) {
-          // Continue accumulating the value if the same key is detected
-          currentBuffer += `\n${value}`;
+        if (key === 'body') {
+          // Special handling for body field
+          const { updatedBuffer, updatedIndex } = handleBodyField(
+            key,
+            value,
+            lines,
+            i
+          );
+
+          currentBuffer = updatedBuffer;
+          i = updatedIndex;
+          currentKey = key;
+
+          const { updatedSection } = updateVulnerableApiFinding(
+            finding,
+            key,
+            currentBuffer,
+            currentSection
+          );
+
+          if (updatedSection !== currentSection) {
+            currentSection = updatedSection;
+          }
         } else {
-          // If a new key is detected, update section and headers
+          // Normal key-value handling
           const { updatedSection } = updateVulnerableApiFinding(
             finding,
             key,
@@ -184,10 +240,14 @@ function parseVulnerableApiFindingBlock(block: string): VulnerableApiFinding {
         }
       }
     } else if (currentBuffer) {
-      // Continue accumulating the value if no new key is detected
-      currentBuffer += `\n${line}`;
+      // Handle normal line continuations (non-body content)
+      if (line.match(/^\s{2,}/)) {
+        currentBuffer += ' ' + trimmedLine;
+      } else {
+        currentBuffer += '\n' + line;
+      }
     }
-  });
+  }
 
   // Finalize any remaining buffer
   if (currentBuffer && currentKey) {
diff --git a/tests/unit/utils/parse-vulnerable-api-finding-test.js b/tests/unit/utils/parse-vulnerable-api-finding-test.js
@@ -222,10 +222,104 @@ module('Unit | Utility | parse-vulnerable-api-finding', function (hooks) {
     },
   ];
 
+  const content4 =
+    'mobile.useinsider.com:443/api/v3/session/start: The time elapsed between the sending of the request and the arrival of the response exceeds the expected amount of time, suggesting a vulnerability to command injection attacks.\nconfidence: MEDIUM\nparam:\n  location: headers\n  method: POST\n  variables:\n  - Accept\n  - Content-Type\n  - Accept-Language\n  - Host\n  - Content-Length\n  - Connection\n  - Accept-Encoding\n  - User-Agent\n  - Ts\nrequest:\n  body: \'{"insider_id": "53B4EFCC2CFD40AAA5BF73B303F90BEB", "device_info": {"location_enabled":\n    false, "app_version": "5.6.0", "push_enabled": false, "os_version": "16.7.7",\n    "battery": 100, "sdk_version": "13.0.0", "connection": "wifi"}, "partner_name":\n    "nbdliv", "calledDueToInsiderIdChange": false, "first_run": true, "udid": "53B4EFCC2CFD40AAA5BF73B303F90BEB"}\'\n  headers:\n    Accept: \'*/*\'\n    Accept-Encoding: gzip, deflate, br\n    Ts: \'1717657521\'\n    User-Agent: Liv/666 CFNetwork/1410.1 Darwin/22.6.0\n  method: POST\n  params: {}\n  url: https://mobile.useinsider.com:443/api/v3/session/start\nresponse:\n  cookies:\n    __cf_bm: Y344vnTG2lq7wTlqEMFGsTIQ3PlYUFLpHkTrqTVlEzI-1717659521-1.0.1.1-mYaqUeGWUgRuX6qX3QSTYeBDLGEiWy7QvsPT.m.V81ZZla2e22iXwUZND2QPqL4Cv2r0yvmQuigDf0_Y_dAx8A\n  headers:\n    CF-RAY: 88f6be8aaa872258-ORD\n    Cache-Control: private,\n    Vary: Accept-Encoding\n    X-Frame-Options: SAMEORIGIN\n  reason: Forbidden\n  status_code: 403\n  text: "\\uFFFD(\\uFFFD\\0 \\uFFFDM"';
+
+  const expectedObject4 = [
+    {
+      confidence: 'MEDIUM',
+      description:
+        'The time elapsed between the sending of the request and the arrival of the response exceeds the expected amount of time, suggesting a vulnerability to command injection attacks.',
+      request: {
+        body: '\'{"insider_id": "53B4EFCC2CFD40AAA5BF73B303F90BEB", "device_info": {"location_enabled":\n    false, "app_version": "5.6.0", "push_enabled": false, "os_version": "16.7.7",\n    "battery": 100, "sdk_version": "13.0.0", "connection": "wifi"}, "partner_name":\n    "nbdliv", "calledDueToInsiderIdChange": false, "first_run": true, "udid": "53B4EFCC2CFD40AAA5BF73B303F90BEB"}\'',
+        cookies: {},
+        headers: {
+          accept: "'*/*'",
+          'accept-encoding': 'gzip, deflate, br',
+          ts: "'1717657521'",
+          'user-agent': 'Liv/666 CFNetwork/1410.1 Darwin/22.6.0',
+        },
+        method: 'POST',
+        params: {},
+        url: 'https://mobile.useinsider.com:443/api/v3/session/start',
+      },
+      response: {
+        cookies: {
+          __cf_bm:
+            'Y344vnTG2lq7wTlqEMFGsTIQ3PlYUFLpHkTrqTVlEzI-1717659521-1.0.1.1-mYaqUeGWUgRuX6qX3QSTYeBDLGEiWy7QvsPT.m.V81ZZla2e22iXwUZND2QPqL4Cv2r0yvmQuigDf0_Y_dAx8A',
+        },
+        headers: {
+          'cache-control': 'private,',
+          'cf-ray': '88f6be8aaa872258-ORD',
+          vary: 'Accept-Encoding',
+          'x-frame-options': 'SAMEORIGIN',
+        },
+        reason: 'Forbidden',
+        status_code: 403,
+        text: '"\\uFFFD(\\uFFFD\\0 \\uFFFDM"',
+        url: '',
+      },
+      severity: '',
+      url: 'mobile.useinsider.com:443/api/v3/session/start',
+    },
+  ];
+
+  const content5 =
+    'mobile-collector.newrelic.com:443/mobile/v3/data: The difference in length between the response to the baseline request and the request returned when sending an attack string exceeds 1000.0 percent, which could indicate a vulnerability to injection attacks\nconfidence: LOW\nparam:\n  location: headers\n  method: POST\n  variables:\n  - Connection\n  - Content-Length\n  - Content-Type\n  - User-Agent\n  - Content-Encoding\n  - Accept-Encoding\n  - X-Newrelic-Connect-Time\nrequest:\n  body: \'[[482998014, 594496047], ["Android", "10", "Mi A2", "AndroidAgent", "6.9.0",\n    "b36f41b0-37ae-4a68-9a54-d860c6876323", "", "", "Xiaomi", {"size": "normal", "platform":\n    "Native", "platformVersion": "6.9.0"}], 0.0, [], [[{"scope": "", "name": "Memory/Used"},\n    {"count": 1, "total": 76.3740234375, "min": 76.3740234375, "max": 76.3740234375,\n    "sum_of_squares": 5832.991456031799}]], [], [], [], {}, []]\'\n  headers:\n    Accept-Encoding: gzip\n    Connection: Keep-Alive\n    Content-Encoding: identity\n    Content-Length: \'358\'\n    Content-Type: application/json\n    Host: mobile-collector.newrelic.com:443\n    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Mi A2 Build/QQ3A.200805.001)\n    X-App-License-Key: AAa728a7f147e1cf95a25a315203d656a36f602257-NRMA\n    X-Newrelic-Connect-Time: \'*!@#$^&()[]{}|.,"\\\'\'/\'\'\'\'"\'\n  method: POST\n  params: {}\n  url: https://mobile-collector.newrelic.com:443/mobile/v3/data\nresponse:\n  cookies: {}\n  headers:\n    CF-Cache-Status: DYNAMIC\n    CF-Ray: 89e502ccbbcbc5cb-ORD\n    Connection: keep-alive\n    Content-Length: \'2\'\n    Content-Type: application/json; charset=UTF-8\n    Date: Fri, 05 Jul 2024 05:38:48 GMT\n    Server: cloudflare\n    Vary: Accept-Encoding\n  reason: OK\n  status_code: 200\n  text: \'{}\'';
+
+  const expectedObject5 = [
+    {
+      confidence: 'LOW',
+      description:
+        'The difference in length between the response to the baseline request and the request returned when sending an attack string exceeds 1000.0 percent, which could indicate a vulnerability to injection attacks',
+      request: {
+        body: '\'[[482998014, 594496047], ["Android", "10", "Mi A2", "AndroidAgent", "6.9.0",\n    "b36f41b0-37ae-4a68-9a54-d860c6876323", "", "", "Xiaomi", {"size": "normal", "platform":\n    "Native", "platformVersion": "6.9.0"}], 0.0, [], [[{"scope": "", "name": "Memory/Used"},\n    {"count": 1, "total": 76.3740234375, "min": 76.3740234375, "max": 76.3740234375,\n    "sum_of_squares": 5832.991456031799}]], [], [], [], {}, []]\'',
+        cookies: {},
+        headers: {
+          'accept-encoding': 'gzip',
+          connection: 'Keep-Alive',
+          'content-encoding': 'identity',
+          'content-length': "'358'",
+          'content-type': 'application/json',
+          host: 'mobile-collector.newrelic.com:443',
+          'user-agent':
+            'Dalvik/2.1.0 (Linux; U; Android 10; Mi A2 Build/QQ3A.200805.001)',
+          'x-app-license-key':
+            'AAa728a7f147e1cf95a25a315203d656a36f602257-NRMA',
+          'x-newrelic-connect-time': "'*!@#$^&()[]{}|.,\"\\''/''''\"'",
+        },
+        method: 'POST',
+        params: {},
+        url: 'https://mobile-collector.newrelic.com:443/mobile/v3/data',
+      },
+      response: {
+        cookies: {},
+        headers: {
+          'cf-cache-status': 'DYNAMIC',
+          'cf-ray': '89e502ccbbcbc5cb-ORD',
+          connection: 'keep-alive',
+          'content-length': "'2'",
+          'content-type': 'application/json; charset=UTF-8',
+          date: 'Fri, 05 Jul 2024 05:38:48 GMT',
+          server: 'cloudflare',
+          vary: 'Accept-Encoding',
+        },
+        reason: 'OK',
+        status_code: 200,
+        text: "'{}'",
+        url: '',
+      },
+      severity: '',
+      url: 'mobile-collector.newrelic.com:443/mobile/v3/data',
+    },
+  ];
+
   const vulnerableApiFindings = [
     { content: content1, expectedObject: expectedObject1 },
     { content: content2, expectedObject: expectedObject2 },
     { content: content3, expectedObject: expectedObject3 },
+    { content: content4, expectedObject: expectedObject4 },
+    { content: content5, expectedObject: expectedObject5 },
   ];
 
   test.each(
