HumanSecurity · yaronschwimmer · Nov 1, 2018 · Oct 31, 2018 · Oct 31, 2018 · Oct 31, 2018
diff --git a/lib/pxapi.js b/lib/pxapi.js
@@ -49,7 +49,8 @@ function callServer(pxCtx, callback) {
             http_method: pxCtx.httpMethod,
             risk_mode: riskMode,
             module_version: config.MODULE_VERSION,
-            cookie_origin: pxCtx.cookieOrigin
+            cookie_origin: pxCtx.cookieOrigin,
+            request_cookie_names: pxCtx.requestCookieNames
         }
     };
 
@@ -186,3 +187,4 @@ function isBadRiskScore(res, pxCtx) {
         return 1;
     }
 }
+
diff --git a/lib/pxcontext.js b/lib/pxcontext.js
@@ -12,6 +12,7 @@ class PxContext {
         this.cookies = {};
         this.score = 0;
         this.ip = PxContext.extractIP(config, request);
+        this.requestCookieNames = pxUtil.extractCookieNames(request.headers['cookie']);
         this.headers = pxUtil.filterSensitiveHeaders(request.headers);
         this.hostname = request.hostname || request.get('host');
         this.userAgent = userAgent;

diff --git a/lib/pxutil.js b/lib/pxutil.js
@@ -140,12 +140,26 @@ function filterConfig(config) {
     return jsonConfig;
 }
 
+/**
+ * extractCookieNames - Extract all the cookie names that were sent in the cookie http header.
+ * @param {Object} cookieHeader - The received http request cookie header.
+ */
+function extractCookieNames(cookieHeader) {
+    let result;
+    if(cookieHeader){
+        let cookies = cookieHeader.split(';');
+        result = cookies.map(cookie => cookie.split('=')[0].trim());
+    }
+    return result;
+}
+
 module.exports = {
     formatHeaders,
     filterSensitiveHeaders,
     checkForStatic,
     verifyDefined,
     filterConfig,
     parseAction,
-    generateProxyHeaders
+    generateProxyHeaders,
+    extractCookieNames
 }
diff --git a/test/pxutils.test.js b/test/pxutils.test.js
@@ -32,4 +32,14 @@ describe('PX Utils - pxutils.js', () => {
         formattedHeaders[0]['value'].should.be.exactly('v');
         return done();
     });
+
+    it('should extract cookie names from the cookie header', (done) => {
+        var cookieHeader = '_px3=px3Cookie;tempCookie=CookieTemp; _px7=NotARealCookie';
+        var formattedHeaders = pxutil.extractCookieNames(cookieHeader);
+        (Object.prototype.toString.call(formattedHeaders)).should.be.exactly('[object Array]');
-        (Object.prototype.toString.call(formattedHeaders)).should.be.exactly('[object Array]');
+        Array.isArray(formattedHeaders).should.be.true()
-        (Object.prototype.toString.call(formattedHeaders)).should.be.exactly('[object Array]');
+        Array.isArray(formattedHeaders).should.be.true()
+        formattedHeaders[0].should.be.exactly('_px3');
+        formattedHeaders[1].should.be.exactly('tempCookie');
+        formattedHeaders[2].should.be.exactly('_px7');
+        return done();
+    });
 });