fix: request/response finding pattern fix

appknox · Sep 4, 2024 · 6be02b0 · 6be02b0
1 parent 5064f9f
commit 6be02b0
Show file tree

Hide file tree

Showing 7 changed files with 130 additions and 83 deletions.
diff --git a/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.hbs b/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.hbs
@@ -1,84 +1,94 @@
 <div class='px-4 py-2'>
-    <AkStack @direction='column'>
-        {{#each this.currentVulnerabilityDetails as |item|}}
-          {{#if item.value}}
-            <AkStack @width='full' class='mb-1'>
-              <AkStack @width='4/12'>
-                <AkTypography
-                  data-test-analysisDetails-vulFindingLabel='{{item.label}}'
-                  @color='textSecondary'
-                >
-                  {{item.label}}
-                </AkTypography>
-              </AkStack>
-
-              <AkStack @width='9/12'>
-                <AkTypography
-                  data-test-analysisDetails-vulFindingValue
-                  @fontWeight='medium'
-                >
-                  {{item.value}}
-                </AkTypography>
-              </AkStack>
-            </AkStack>
-          {{/if}}
-        {{/each}}
+  <AkStack @direction='column'>
+    {{#each this.currentVulnerabilityDetails as |item|}}
+      {{#if item.value}}
+        <AkStack @width='full' class='mb-1'>
+          <AkStack @width='4/12'>
+            <AkTypography
+              data-test-analysisDetails-vulFindingLabel='{{item.label}}'
+              @color='textSecondary'
+            >
+              {{item.label}}
+            </AkTypography>
+          </AkStack>
 
-        {{#if @currentVulnerability.request.body}}
-          {{#unless this.isRequestBodyEmpty}}
-            <AkTypography @color='textSecondary'>
-              {{t 'requestBody'}}:
+          <AkStack @width='9/12'>
+            <AkTypography
+              data-test-analysisDetails-vulFindingValue
+              @fontWeight='medium'
+            >
+              {{item.value}}
             </AkTypography>
+          </AkStack>
+        </AkStack>
+      {{/if}}
+    {{/each}}
+
+    {{#if @currentVulnerability.request.body}}
+      {{#unless this.isRequestBodyEmpty}}
+        <AkTypography @color='textSecondary'>
+          {{t 'requestBody'}}:
+        </AkTypography>
+
+        <div local-class='vulnerability-finding-container'>
+          <pre
+            local-class='vulnerability-finding-description {{if
+              @analysis.isOverriddenAsPassed
+              "analysis-overridded-passed"
+            }}'
+          >
+            {{@currentVulnerability.request.body}}
+          </pre>
+        </div>
+      {{/unless}}
+    {{/if}}
 
-            <div local-class='vulnerability-finding-container'>
-              <pre local-class='vulnerability-finding-description'>
-                {{@currentVulnerability.request.body}}
-              </pre>
-            </div>
-          {{/unless}}
-        {{/if}}
+    {{#unless this.isRequestHeadersEmpty}}
+      <FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox
+        @title={{t 'requestHeaders'}}
+        @copyIcon={{true}}
+        @markedAsPassed={{@analysis.isOverriddenAsPassed}}
+      >{{#each-in @currentVulnerability.request.headers as |key value|}}<span
+          >{{key}}: {{value}}</span>
+        {{/each-in}}
+      </FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox>
+    {{/unless}}
 
-        {{#unless this.isRequestHeadersEmpty}}
-          <FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox
-            @title={{t 'requestHeaders'}}
-            @copyIcon={{true}}
-            @markedAsPassed={{@analysis.isOverriddenAsPassed}}
-          >{{#each-in
-              @currentVulnerability.request.headers
-              as |key value|
-            }}<span>{{key}}: {{value}}</span>
-            {{/each-in}}
-          </FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox>
-        {{/unless}}
+    {{#unless this.isRequestParamsEmpty}}
+      <FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox
+        @title={{t 'requestParameters'}}
+        @copyIcon={{true}}
+        @markedAsPassed={{@analysis.isOverriddenAsPassed}}
+      >{{this.requestParamsKey}}<br />{{this.requestParamsToken}}
+      </FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox>
+    {{/unless}}
 
-        {{#unless this.isRequestParamsEmpty}}
-          <FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox
-            @title={{t 'requestParameters'}}
-            @copyIcon={{true}}
-            @markedAsPassed={{@analysis.isOverriddenAsPassed}}
-          >{{this.requestParamsKey}}<br />{{this.requestParamsToken}}
-          </FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox>
-        {{/unless}}
+    {{#if @currentVulnerability.response.status_code}}
+      <FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox
+        @title={{t 'response'}}
+        @markedAsPassed={{@analysis.isOverriddenAsPassed}}
+      >{{this.responseStatusCode}}<br />{{this.responseMessage}}
+      </FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox>
+    {{/if}}
 
-        {{#if @currentVulnerability.response.status_code}}
-          <FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox
-            @title={{t 'response'}}
-            @markedAsPassed={{@analysis.isOverriddenAsPassed}}
-          >{{this.responseStatusCode}}<br />{{this.responseMessage}}
-          </FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox>
-        {{/if}}
+    {{#unless this.isResponseHeadersEmpty}}
+      <FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox
+        @title={{t 'responseHeaders'}}
+        @copyIcon={{true}}
+        @markedAsPassed={{@analysis.isOverriddenAsPassed}}
+      >{{#each-in @currentVulnerability.response.headers as |key value|}}<span
+          >{{key}}: {{value}}</span>
+        {{/each-in}}
+      </FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox>
+    {{/unless}}
 
-        {{#unless this.isResponseHeadersEmpty}}
-          <FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox
-            @title={{t 'responseHeaders'}}
-            @copyIcon={{true}}
-            @markedAsPassed={{@analysis.isOverriddenAsPassed}}
-          >{{#each-in
-              @currentVulnerability.response.headers
-              as |key value|
-            }}<span>{{key}}: {{value}}</span>
-            {{/each-in}}
-          </FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox>
-        {{/unless}}
-    </AkStack>
+    {{#unless this.isResponseBodyEmpty}}
+      <FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox
+        @title={{t 'responseBody'}}
+        @copyIcon={{true}}
+        @markedAsPassed={{@analysis.isOverriddenAsPassed}}
+      >{{@currentVulnerability.response.text}}
+      </FileDetails::VulnerabilityAnalysisDetails::Findings::CodeBox>
+    {{/unless}}
+  </AkStack>
 </div>
diff --git a/...components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.scss b/...components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.scss
@@ -13,5 +13,15 @@
         width: max-content;
         line-height: normal;
         padding: 0.75em;
+
+        &.analysis-overridded-passed {
+            background-color: var(--file-details-vulnerability-analysis-details-findings-vulnerable-api-marked-passed-code-background-color);
+
+            .analysis-static-content pre code,
+            .vulnerability-finding-container {
+                background-color: var(--file-details-vulnerability-analysis-details-findings-vulnerable-api-marked-passed-code-background-color);
+                border: 1px solid var(--file-details-vulnerability-analysis-details-findings-vulnerable-api-border-color);
+            }
+        }
     }
 }
diff --git a/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts b/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts
@@ -67,6 +67,12 @@ export default class FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableAp
     return body === "''" || body === '';
   }
 
+  get isResponseBodyEmpty() {
+    const body = this.args.currentVulnerability?.response?.text;
+
+    return body === "''" || body === '';
+  }
+
   get requestParamsKey() {
     const key = this.args.currentVulnerability?.request.params.key;
 

diff --git a/app/styles/_component-variables.scss b/app/styles/_component-variables.scss
@@ -1002,6 +1002,12 @@ body {
   --file-details-vulnerability-analysis-details-findings-vulnerable-api-code-background-color: var(
     --neutral-grey-100
   );
+  --file-details-vulnerability-analysis-details-findings-vulnerable-api-marked-passed-code-background-color: var(
+    --neutral-grey-50
+  );
+  --file-details-vulnerability-analysis-details-findings-vulnerable-api-border-color: var(
+    --border-color-1
+  );
 
   // variables for file-details/vulnerability-analysis-details/findings/custom-vulnerabilities
   --file-details-vulnerability-analysis-details-findings-custom-vulnerabilities-background-main: var(

diff --git a/app/utils/parse-vulnerable-api-finding.ts b/app/utils/parse-vulnerable-api-finding.ts
@@ -74,7 +74,18 @@ function initializeVulnerableApiFinding(): VulnerableApiFinding {
  * @returns `true` if the content contains vulnerability indicators, otherwise `false`.
  */
 export function isVulnerableApiFinding(content: string): boolean {
-  const vulnerabilityPattern = /(\bseverity\b|\bconfidence\b|\bmethod\b)/;
+  const severityPattern =
+    '\\bseverity:\\s*?(PASSED|LOW|MEDIUM|HIGH|CRITICAL|UNKNOWN)\\b';
+
+  const confidencePattern = '\\bconfidence:\\s*?(LOW|HIGH|MEDIUM)\\b';
+
+  const methodPattern =
+    '\\bmethod:\\s*?(GET|POST|PUT|DELETE|TRACE|HEAD|CONNECT|OPTIONS|PATCH)\\b';
+
+  const vulnerabilityPattern = new RegExp(
+    `(${severityPattern}|${confidencePattern}|${methodPattern})`,
+    'i'
+  );
 
   return content.length > 0 && vulnerabilityPattern.test(content);
 }
@@ -114,12 +125,12 @@ function isValidVulnerableApiFinding(finding: VulnerableApiFinding): boolean {
 }
 
 /**
- * Splits the report content into blocks based on double or triple newlines.
- * @param report - The report content to split.
- * @returns An array of strings, each representing a block of the report.
+ * Splits the content into blocks based on double or triple newlines.
+ * @param content - The content to split.
+ * @returns An array of strings, each representing a block of the content.
  */
-function splitVulnerableApiFindingIntoBlocks(report: string): string[] {
-  return report.split(/\n{2,3}/);
+function splitVulnerableApiFindingIntoBlocks(content: string): string[] {
+  return content.split(/\n{2,3}/);
 }
 
 /**
@@ -188,10 +199,12 @@ function processFirstLine(
   if (lines[0]) {
     const firstLine = lines[0].trim();
     const colonIndex = firstLine.indexOf(': ');
+    const beforeColon = firstLine.substring(0, colonIndex).trim();
 
-    const genericUrlRegex = /^http[s]?:\/\/[a-zA-Z0-9.-]+(:\d+)?\/[^\s:]+/;
+    const genericUrlRegex =
+      /^(https?:\/\/)?([a-zA-Z0-9-]+\.)+[a-zA-Z0-9.-]+(:\d+)?(\/[^\s]*)?$/;
 
-    const match = firstLine.match(genericUrlRegex);
+    const match = beforeColon.match(genericUrlRegex);
 
     if (match) {
       finding.request.url = finding.request.url = firstLine

diff --git a/translations/en.json b/translations/en.json
@@ -1203,6 +1203,7 @@
   "resetOverriddenAnalysis": "Reset Overridden Analysis",
   "resolved": "resolved",
   "response": "Response",
+  "responseBody": "Response Body",
   "responseHeaders": "Response Headers",
   "restartSAST": "Restart SAST",
   "revokeGithub": "Revoke Github",

diff --git a/translations/ja.json b/translations/ja.json
@@ -1203,6 +1203,7 @@
   "resetOverriddenAnalysis": "Reset Overridden Analysis",
   "resolved": "resolved",
   "response": "Response",
+  "responseBody": "Response Body",
   "responseHeaders": "Response Headers",
   "restartSAST": "Restart SAST",
   "revokeGithub": "Githubを取り消す",