diff --git a/backend/src/constants.ts b/backend/src/constants.ts index e69de29b..b29caf19 100644 --- a/backend/src/constants.ts +++ b/backend/src/constants.ts @@ -0,0 +1 @@ +export const pathParameterRegex = new RegExp(String.raw`/{[^/]+}`, "g"); diff --git a/backend/src/services/log-request/index.ts b/backend/src/services/log-request/index.ts index 46515d5f..453b678e 100644 --- a/backend/src/services/log-request/index.ts +++ b/backend/src/services/log-request/index.ts @@ -4,6 +4,7 @@ import { AppDataSource } from "../../data-source"; import { ScannerService } from "../scanner/scan"; import { DataClass } from "../../enums"; import Error500InternalServer from "../../errors/error-500-internal-server"; +import { getPathRegex } from "../../utils"; export class LogRequestService { static matchExists( @@ -81,46 +82,40 @@ export class LogRequestService { apiTraceObj.responseBody = responseBody; apiTraceObj.meta = traceParams?.meta; - /** Create new Api Endpoint record or update existing */ + /** Update existing endpoint record if exists */ const apiEndpointRepository = AppDataSource.getRepository(ApiEndpoint); - let apiEndpoint = await apiEndpointRepository.findOne({ - where: { path, method, host }, + const pathRegex = getPathRegex(path); + const apiEndpoint = await apiEndpointRepository.findOne({ + where: { pathRegex, method, host }, relations: { sensitiveDataClasses: true }, }); - if (!apiEndpoint) { - apiEndpoint = new ApiEndpoint(); - apiEndpoint.path = path; - apiEndpoint.method = method; - apiEndpoint.host = host; - apiEndpoint.totalCalls = 0; - apiEndpoint.sensitiveDataClasses = []; - } - apiEndpoint.totalCalls += 1; - - // Check for sensitive data - let matchedDataClasses: MatchedDataClass[] = - apiEndpoint.sensitiveDataClasses; - this.findMatchedDataClasses( - "req.params", - matchedDataClasses, - requestParameters - ); - this.findMatchedDataClasses( - "req.headers", - matchedDataClasses, - requestHeaders - ); - this.findMatchedDataClasses( - "res.headers", - matchedDataClasses, - responseHeaders - ); + if (apiEndpoint) { + apiEndpoint.totalCalls += 1; - //TODO: Check in request body and response body, might need to unmarshall the string into json to do data path properly - - apiEndpoint.sensitiveDataClasses = matchedDataClasses; + // Check for sensitive data + let matchedDataClasses: MatchedDataClass[] = + apiEndpoint.sensitiveDataClasses; + this.findMatchedDataClasses( + "req.params", + matchedDataClasses, + requestParameters + ); + this.findMatchedDataClasses( + "req.headers", + matchedDataClasses, + requestHeaders + ); + this.findMatchedDataClasses( + "res.headers", + matchedDataClasses, + responseHeaders + ); + //TODO: Check in request body and response body, might need to unmarshall the string into json to do data path properly + apiEndpoint.sensitiveDataClasses = matchedDataClasses; + apiTraceObj.apiEndpointUuid = apiEndpoint.uuid; + await apiEndpointRepository.save(apiEndpoint); + } await apiTraceRepository.save(apiTraceObj); - await apiEndpointRepository.save(apiEndpoint); } catch (err) { console.error(`Error in Log Request service: ${err}`); throw new Error500InternalServer(err); diff --git a/backend/src/utils/index.ts b/backend/src/utils/index.ts index 84741d74..0c98f809 100644 --- a/backend/src/utils/index.ts +++ b/backend/src/utils/index.ts @@ -1,4 +1,5 @@ import validator from "validator"; +import { pathParameterRegex } from "../constants"; export const isSuspectedParamater = (value: string) => { if (!isNaN(Number(value))) { @@ -9,3 +10,7 @@ export const isSuspectedParamater = (value: string) => { } return false; }; + +export const getPathRegex = (path: string) => { + return path.replace(pathParameterRegex, String.raw`/[^/]+`); +}