add html formatting support in request response findings

appknox · Nov 13, 2024 · 0d6bec4 · 0d6bec4
1 parent 11c3dbc
commit 0d6bec4
Show file tree

Hide file tree

Showing 5 changed files with 376 additions and 644 deletions.
diff --git a/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts b/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts
@@ -17,6 +17,7 @@ export interface FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableApiSig
 interface FormattedResult {
   value: string;
   isJSON?: boolean;
+  isHTML?: boolean;
 }
 
 interface VulnerabilityDetails {
@@ -40,82 +41,34 @@ export default class FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableAp
   }
 
   get currentVulnerabilityDetails() {
-    return [
-      {
-        label: this.intl.t('url'),
-        value: this.url,
-      },
-      {
-        label: this.intl.t('method'),
-        value: this.vulnerabilityRequest?.method,
-      },
-      {
-        label: this.intl.t('severity'),
-        value: this.args.currentVulnerability?.severity,
-      },
-      {
-        label: this.intl.t('confidence'),
-        value: this.args.currentVulnerability?.confidence,
-      },
-      {
-        label: this.intl.t('issueDetails'),
-        value: this.args.currentVulnerability?.description,
-      },
-    ];
-  }
-
-  get isRequestHeadersEmpty() {
-    const headers = this.vulnerabilityRequest?.headers;
-
-    return headers && Object.keys(headers).length === 0;
-  }
-
-  get isResponseHeadersEmpty() {
-    const headers = this.args.currentVulnerability?.response?.headers;
-
-    return headers && Object.keys(headers).length === 0;
-  }
-
-  get isRequestParamsEmpty() {
-    const params = this.vulnerabilityRequest?.params;
-
-    return params && Object.keys(params).length === 0;
-  }
-
-  get isRequestBodyEmpty() {
-    const body = this.vulnerabilityRequest?.body;
-
-    return body === "''" || body === '';
-  }
-
-  get isResponseBodyEmpty() {
-    const body = this.vulnerabilityResponse?.text;
-
-    return body === "''" || body === '';
-  }
-
-  get isRequestCookiesEmpty() {
-    const cookies = this.vulnerabilityRequest?.cookies;
-
-    return cookies && Object.keys(cookies).length === 0;
-  }
-
-  get isResponseCookiesEmpty() {
-    const cookies = this.vulnerabilityResponse?.cookies;
-
-    return cookies && Object.keys(cookies).length === 0;
-  }
-
-  get responseStatusCode() {
-    const statusCode = this.vulnerabilityResponse?.status_code;
-
-    return this.intl.t('statusCode') + ': ' + statusCode;
-  }
-
-  get responseMessage() {
-    const message = this.vulnerabilityResponse?.reason;
-
-    return this.intl.t('message') + ': ' + message;
+    const currentVulnerability = this.args.currentVulnerability || {};
+
+    if (Object.keys(currentVulnerability).length !== 0) {
+      return [
+        {
+          label: this.intl.t('url'),
+          value: this.url,
+        },
+        {
+          label: this.intl.t('method'),
+          value: this.vulnerabilityRequest?.method,
+        },
+        {
+          label: this.intl.t('severity'),
+          value: this.args.currentVulnerability?.severity,
+        },
+        {
+          label: this.intl.t('confidence'),
+          value: this.args.currentVulnerability?.confidence,
+        },
+        {
+          label: this.intl.t('issueDetails'),
+          value: this.args.currentVulnerability?.description,
+        },
+      ];
+    } else {
+      return [];
+    }
   }
 
   get url() {
@@ -140,84 +93,117 @@ export default class FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableAp
       .replace(/(^['"])|(['"]$)/g, '')
       .replace(/\\n/g, '\n');
 
+    // Check if it's HTML content
+    if (
+      sanitizedString.includes('<!DOCTYPE html') ||
+      sanitizedString.includes('<html') ||
+      sanitizedString.toLowerCase().includes('<!doctype html')
+    ) {
+      return {
+        value: sanitizedString,
+        isJSON: false,
+        isHTML: true,
+      };
+    }
+
     // Try to parse as JSON first
     try {
       const parsed = JSON.parse(sanitizedString);
 
       return {
         value: JSON.stringify(parsed, null, 2),
         isJSON: true,
+        isHTML: false,
       };
     } catch {
       // If JSON parsing fails, return the sanitized string
       return {
         value: sanitizedString,
         isJSON: false,
+        isHTML: false,
       };
     }
   }
 
+  getWhiteSpaceStyle(formattedBody: {
+    isJSON?: boolean;
+    isHTML?: boolean;
+  }): string {
+    return formattedBody.isJSON || formattedBody.isHTML
+      ? 'pre-wrap'
+      : 'pre-line';
+  }
+
   get vulnerabilityDetails() {
     const request = this.args.currentVulnerability?.request;
     const response = this.args.currentVulnerability?.response;
 
     const formattedRequestBody = this.getFormattedText(request?.body);
     const formattedResponseBody = this.getFormattedText(response?.text);
 
+    const reqBodyWhitespaceStyle =
+      this.getWhiteSpaceStyle(formattedRequestBody);
+
+    const resBodyWhitespaceStyle = this.getWhiteSpaceStyle(
+      formattedResponseBody
+    );
+
     return [
       {
         title: this.intl.t('requestBody'),
         value: formattedRequestBody.value,
-        isEmpty: this.isRequestBodyEmpty,
+        isEmpty: !request?.body,
         copyIcon: true,
-        whiteSpace: formattedRequestBody.isJSON ? 'pre-wrap' : 'pre-line',
+        whiteSpace: reqBodyWhitespaceStyle,
       },
       {
         title: this.intl.t('requestHeaders'),
         value: request?.headers,
-        isEmpty: this.isRequestHeadersEmpty,
+        isEmpty: !request?.headers,
         copyIcon: true,
         isKeyValuePair: true,
       },
       {
         title: this.intl.t('requestParameters'),
         value: request?.params,
-        isEmpty: this.isRequestParamsEmpty,
+        isEmpty: !request?.params || Object.keys(request.params).length === 0,
         copyIcon: true,
         isKeyValuePair: true,
       },
       {
         title: this.intl.t('requestCookies'),
         value: request?.cookies,
-        isEmpty: this.isRequestCookiesEmpty,
+        isEmpty: !request?.cookies || Object.keys(request.cookies).length === 0,
         copyIcon: true,
         isKeyValuePair: true,
       },
       {
         title: this.intl.t('response'),
-        value: `${this.responseStatusCode}\n${this.responseMessage}`,
+        value: response?.status_code,
         isEmpty: !response?.status_code,
         copyIcon: false,
       },
       {
         title: this.intl.t('responseHeaders'),
         value: response?.headers,
-        isEmpty: this.isResponseHeadersEmpty,
+        isEmpty:
+          !response?.headers || Object.keys(response.headers).length === 0,
         copyIcon: true,
         isKeyValuePair: true,
       },
       {
         title: this.intl.t('responseCookies'),
         value: response?.cookies,
-        isEmpty: this.isResponseCookiesEmpty,
+        isEmpty:
+          !response?.cookies || Object.keys(response.cookies).length === 0,
         copyIcon: true,
         isKeyValuePair: true,
       },
       {
         title: this.intl.t('responseBody'),
         value: formattedResponseBody.value,
-        isEmpty: this.isResponseBodyEmpty,
-        whiteSpace: formattedResponseBody.isJSON ? 'pre-wrap' : 'pre-line',
+        isEmpty: !response?.text || response?.text === '""',
+        whiteSpace: resBodyWhitespaceStyle,
         copyIcon: true,
       },
     ] as VulnerabilityDetails[];