only update endpoint if exists in log request call and assign endpoin…

…t to trace

backend/src/constants.ts

@@ -0,0 +1 @@
+export const pathParameterRegex = new RegExp(String.raw`/{[^/]+}`, "g");

backend/src/services/log-request/index.ts

@@ -4,6 +4,7 @@ import { AppDataSource } from "../../data-source";
 import { ScannerService } from "../scanner/scan";
 import { DataClass } from "../../enums";
 import Error500InternalServer from "../../errors/error-500-internal-server";
+import { getPathRegex } from "../../utils";
 
 export class LogRequestService {
   static matchExists(
@@ -81,46 +82,40 @@ export class LogRequestService {
       apiTraceObj.responseBody = responseBody;
       apiTraceObj.meta = traceParams?.meta;
 
-      /** Create new Api Endpoint record or update existing */
+      /** Update existing endpoint record if exists */
       const apiEndpointRepository = AppDataSource.getRepository(ApiEndpoint);
-      let apiEndpoint = await apiEndpointRepository.findOne({
-        where: { path, method, host },
+      const pathRegex = getPathRegex(path);
+      const apiEndpoint = await apiEndpointRepository.findOne({
+        where: { pathRegex, method, host },
         relations: { sensitiveDataClasses: true },
       });
-      if (!apiEndpoint) {
-        apiEndpoint = new ApiEndpoint();
-        apiEndpoint.path = path;
-        apiEndpoint.method = method;
-        apiEndpoint.host = host;
-        apiEndpoint.totalCalls = 0;
-        apiEndpoint.sensitiveDataClasses = [];
-      }
-      apiEndpoint.totalCalls += 1;
-
-      // Check for sensitive data
-      let matchedDataClasses: MatchedDataClass[] =
-        apiEndpoint.sensitiveDataClasses;
-      this.findMatchedDataClasses(
-        "req.params",
-        matchedDataClasses,
-        requestParameters
-      );
-      this.findMatchedDataClasses(
-        "req.headers",
-        matchedDataClasses,
-        requestHeaders
-      );
-      this.findMatchedDataClasses(
-        "res.headers",
-        matchedDataClasses,
-        responseHeaders
-      );
+      if (apiEndpoint) {
+        apiEndpoint.totalCalls += 1;
 
-      //TODO: Check in request body and response body, might need to unmarshall the string into json to do data path properly
-
-      apiEndpoint.sensitiveDataClasses = matchedDataClasses;
+        // Check for sensitive data
+        let matchedDataClasses: MatchedDataClass[] =
+          apiEndpoint.sensitiveDataClasses;
+        this.findMatchedDataClasses(
+          "req.params",
+          matchedDataClasses,
+          requestParameters
+        );
+        this.findMatchedDataClasses(
+          "req.headers",
+          matchedDataClasses,
+          requestHeaders
+        );
+        this.findMatchedDataClasses(
+          "res.headers",
+          matchedDataClasses,
+          responseHeaders
+        );
+        //TODO: Check in request body and response body, might need to unmarshall the string into json to do data path properly
+        apiEndpoint.sensitiveDataClasses = matchedDataClasses;
+        apiTraceObj.apiEndpointUuid = apiEndpoint.uuid;
+        await apiEndpointRepository.save(apiEndpoint);
+      }
       await apiTraceRepository.save(apiTraceObj);
-      await apiEndpointRepository.save(apiEndpoint);
     } catch (err) {
       console.error(`Error in Log Request service: ${err}`);
       throw new Error500InternalServer(err);

backend/src/utils/index.ts

@@ -1,4 +1,5 @@
 import validator from "validator";
+import { pathParameterRegex } from "../constants";
 
 export const isSuspectedParamater = (value: string) => {
   if (!isNaN(Number(value))) {
@@ -9,3 +10,7 @@ export const isSuspectedParamater = (value: string) => {
   }
   return false;
 };
+
+export const getPathRegex = (path: string) => {
+  return path.replace(pathParameterRegex, String.raw`/[^/]+`);
+}