From aaa3d33330b19a09aa99ed39958a17a360226b96 Mon Sep 17 00:00:00 2001 From: Alex Bluvstein Date: Wed, 31 Oct 2018 12:54:51 +0200 Subject: [PATCH 1/6] Added cookie name extraction --- lib/pxapi.js | 4 +++- lib/pxcontext.js | 1 + lib/pxutil.js | 17 ++++++++++++++++- test/pxutils.test.js | 10 ++++++++++ 4 files changed, 30 insertions(+), 2 deletions(-) diff --git a/lib/pxapi.js b/lib/pxapi.js index c7c00250..f3ae01fb 100644 --- a/lib/pxapi.js +++ b/lib/pxapi.js @@ -49,7 +49,8 @@ function callServer(pxCtx, callback) { http_method: pxCtx.httpMethod, risk_mode: riskMode, module_version: config.MODULE_VERSION, - cookie_origin: pxCtx.cookieOrigin + cookie_origin: pxCtx.cookieOrigin, + riskCookieNames: pxCtx.riskCookieNames } }; @@ -186,3 +187,4 @@ function isBadRiskScore(res, pxCtx) { return 1; } } + diff --git a/lib/pxcontext.js b/lib/pxcontext.js index a9bfdee2..de5d4e5e 100644 --- a/lib/pxcontext.js +++ b/lib/pxcontext.js @@ -12,6 +12,7 @@ class PxContext { this.cookies = {}; this.score = 0; this.ip = PxContext.extractIP(config, request); + this.riskCookieNames = pxUtil.extractCookieNames(request.headers['cookie']); this.headers = pxUtil.filterSensitiveHeaders(request.headers); this.hostname = request.hostname || request.get('host'); this.userAgent = userAgent; diff --git a/lib/pxutil.js b/lib/pxutil.js index 4158f4bd..11ba4e37 100644 --- a/lib/pxutil.js +++ b/lib/pxutil.js @@ -140,6 +140,20 @@ function filterConfig(config) { return jsonConfig; } +/** + * extractCookieNames - Extract all the cookie names that were sent in the cookie http header. + * @param {Object} request - The received http request. + * @param {Object} pxCtx - current request context. + */ +function extractCookieNames(cookieHeader) { + var cookies = cookieHeader.split(';'); + var cookieNames = new Array (cookies.length); + for (var i = 0; i < cookies.length ; i++){ + cookieNames[i] = cookies[i].split('=')[0].trim(); + } + return cookieNames; +} + module.exports = { formatHeaders, filterSensitiveHeaders, @@ -147,5 +161,6 @@ module.exports = { verifyDefined, filterConfig, parseAction, - generateProxyHeaders + generateProxyHeaders, + extractCookieNames } diff --git a/test/pxutils.test.js b/test/pxutils.test.js index f4350807..9460b5cd 100644 --- a/test/pxutils.test.js +++ b/test/pxutils.test.js @@ -32,4 +32,14 @@ describe('PX Utils - pxutils.js', () => { formattedHeaders[0]['value'].should.be.exactly('v'); return done(); }); + + it('should extract cookie names from the cookie header', (done) => { + var cookieHeader = '_px3=px3Cookie;tempCookie=CookieTemp; _px7=NotARealCookie'; + var formattedHeaders = pxutil.extractCookieNames(cookieHeader); + (Object.prototype.toString.call(formattedHeaders)).should.be.exactly('[object Array]'); + formattedHeaders[0].should.be.exactly('_px3'); + formattedHeaders[1].should.be.exactly('tempCookie'); + formattedHeaders[2].should.be.exactly('_px7'); + return done(); + }); }); \ No newline at end of file From d049a552174d3a6c1e69205ba949e808d11670b1 Mon Sep 17 00:00:00 2001 From: Alex Bluvstein Date: Wed, 31 Oct 2018 13:19:22 +0200 Subject: [PATCH 2/6] Handling empty cookie headers --- lib/pxutil.js | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/lib/pxutil.js b/lib/pxutil.js index 11ba4e37..df38b5cf 100644 --- a/lib/pxutil.js +++ b/lib/pxutil.js @@ -146,12 +146,16 @@ function filterConfig(config) { * @param {Object} pxCtx - current request context. */ function extractCookieNames(cookieHeader) { - var cookies = cookieHeader.split(';'); - var cookieNames = new Array (cookies.length); - for (var i = 0; i < cookies.length ; i++){ - cookieNames[i] = cookies[i].split('=')[0].trim(); + var result; + if(cookieHeader){ + var cookies = cookieHeader.split(';'); + var cookieNames = new Array (cookies.length); + for (var i = 0; i < cookies.length ; i++){ + cookieNames[i] = cookies[i].split('=')[0].trim(); + } + result = cookieNames; } - return cookieNames; + return result; } module.exports = { From d04b44b6992f7e2b36c55201f01ae0af48baf227 Mon Sep 17 00:00:00 2001 From: Alex Bluvstein Date: Wed, 31 Oct 2018 14:47:10 +0200 Subject: [PATCH 3/6] Changed risk api param anming convenvtion --- lib/pxapi.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pxapi.js b/lib/pxapi.js index f3ae01fb..09fd8355 100644 --- a/lib/pxapi.js +++ b/lib/pxapi.js @@ -50,7 +50,7 @@ function callServer(pxCtx, callback) { risk_mode: riskMode, module_version: config.MODULE_VERSION, cookie_origin: pxCtx.cookieOrigin, - riskCookieNames: pxCtx.riskCookieNames + risk_cookie_names: pxCtx.risk_cookie_names } }; From d988e2ffab86cda83312d965a23ddea20486c367 Mon Sep 17 00:00:00 2001 From: Alex Bluvstein Date: Thu, 1 Nov 2018 11:00:50 +0200 Subject: [PATCH 4/6] Swapped var with let, changed documentation --- lib/pxutil.js | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/lib/pxutil.js b/lib/pxutil.js index df38b5cf..74b2262a 100644 --- a/lib/pxutil.js +++ b/lib/pxutil.js @@ -142,18 +142,13 @@ function filterConfig(config) { /** * extractCookieNames - Extract all the cookie names that were sent in the cookie http header. - * @param {Object} request - The received http request. - * @param {Object} pxCtx - current request context. + * @param {Object} cookieHeader - The received http request cookie header. */ function extractCookieNames(cookieHeader) { - var result; + let result; if(cookieHeader){ - var cookies = cookieHeader.split(';'); - var cookieNames = new Array (cookies.length); - for (var i = 0; i < cookies.length ; i++){ - cookieNames[i] = cookies[i].split('=')[0].trim(); - } - result = cookieNames; + let cookies = cookieHeader.split(';'); + result = cookies.map(cookie => cookie.split('=')[0].trim()); } return result; } From cc3a9f5d3979a6d7f62d1acdc1b68d4a6805ec46 Mon Sep 17 00:00:00 2001 From: Alex Bluvstein Date: Thu, 1 Nov 2018 11:10:59 +0200 Subject: [PATCH 5/6] Fixed risk cookie names --- lib/pxapi.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pxapi.js b/lib/pxapi.js index 09fd8355..3532a7f2 100644 --- a/lib/pxapi.js +++ b/lib/pxapi.js @@ -50,7 +50,7 @@ function callServer(pxCtx, callback) { risk_mode: riskMode, module_version: config.MODULE_VERSION, cookie_origin: pxCtx.cookieOrigin, - risk_cookie_names: pxCtx.risk_cookie_names + risk_cookie_names: pxCtx.riskCookieNames } }; From 113c520940f19e9d33d4dbf6bb703349156f2fdd Mon Sep 17 00:00:00 2001 From: Alex Bluvstein Date: Thu, 1 Nov 2018 17:12:00 +0200 Subject: [PATCH 6/6] Fixed risk cookie names --- lib/pxapi.js | 2 +- lib/pxcontext.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pxapi.js b/lib/pxapi.js index 3532a7f2..598c0397 100644 --- a/lib/pxapi.js +++ b/lib/pxapi.js @@ -50,7 +50,7 @@ function callServer(pxCtx, callback) { risk_mode: riskMode, module_version: config.MODULE_VERSION, cookie_origin: pxCtx.cookieOrigin, - risk_cookie_names: pxCtx.riskCookieNames + request_cookie_names: pxCtx.requestCookieNames } }; diff --git a/lib/pxcontext.js b/lib/pxcontext.js index de5d4e5e..79056b56 100644 --- a/lib/pxcontext.js +++ b/lib/pxcontext.js @@ -12,7 +12,7 @@ class PxContext { this.cookies = {}; this.score = 0; this.ip = PxContext.extractIP(config, request); - this.riskCookieNames = pxUtil.extractCookieNames(request.headers['cookie']); + this.requestCookieNames = pxUtil.extractCookieNames(request.headers['cookie']); this.headers = pxUtil.filterSensitiveHeaders(request.headers); this.hostname = request.hostname || request.get('host'); this.userAgent = userAgent;