-
Notifications
You must be signed in to change notification settings - Fork 25
/
pre-request.js
64 lines (51 loc) · 2.27 KB
/
pre-request.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
/*jshint esversion: 6 */
var url = require('url');
var crypto = require('crypto-js');
/* set Veracode API credentials in api_id and api_key in environment*/
const id = pm.environment.get('api_id');
if (!id) {
throw new Error("Environment does not have an 'api_id'. Please ensure you have configured a Veracode environment.");
}
const key = pm.environment.get('api_key');
if (!id) {
throw new Error("Environment does not have an 'api_key'. Please ensure you have configured a Veracode environment.");
}
const authorizationScheme = 'VERACODE-HMAC-SHA-256';
const requestVersion = "vcode_request_version_1";
const nonceSize = 16;
function computeHashHex(message, key_hex) {
return crypto.HmacSHA256(message, crypto.enc.Hex.parse(key_hex)).toString(crypto.enc.Hex);
}
function calculateDataSignature(apikey, nonceBytes, dateStamp, data) {
let kNonce = computeHashHex(nonceBytes, apikey);
let kDate = computeHashHex(dateStamp, kNonce);
let kSig = computeHashHex(requestVersion, kDate);
return computeHashHex(data, kSig);
}
function newNonce() {
return crypto.lib.WordArray.random(nonceSize).toString().toUpperCase();
}
function toHexBinary(input) {
return crypto.enc.Hex.stringify(crypto.enc.Utf8.parse(input));
}
function removePrefixFromApiCredential(input) {
return input.split('-').at(-1);
}
function calculateVeracodeAuthHeader(httpMethod, requestUrl) {
const formattedId = removePrefixFromApiCredential(id);
const formattedKey = removePrefixFromApiCredential(key);
let parsedUrl = url.parse(requestUrl);
let data = `id=${formattedId}&host=${parsedUrl.hostname}&url=${parsedUrl.path}&method=${httpMethod}`;
let dateStamp = Date.now().toString();
let nonceBytes = newNonce();
let dataSignature = calculateDataSignature(formattedKey, nonceBytes, dateStamp, data);
let authorizationParam = `id=${formattedId},ts=${dateStamp},nonce=${toHexBinary(nonceBytes)},sig=${dataSignature}`;
return authorizationScheme + " " + authorizationParam;
}
var {Property} = require('postman-collection');
const substitutedUrl = Property.replaceSubstitutions(pm.request.url.toString(), pm.variables.toObject());
let hmac = calculateVeracodeAuthHeader(pm.request.method, substitutedUrl);
pm.request.headers.add({
key: "Authorization",
value: hmac
});