15 Jul 2024 05:38 PM
Hello:
I am being asked to see if Dynatrace synthetic checks could be leveraged for security checks on certain pages
that contain JavaScript for code integrity.
In particular:
We would want Dynatrace to hit/visit some of our specific web pages that contain JavaScript.
Dynatrace would then "capture" a copy of the existing JavaScript code contained on a web page, and
calculate a hash of the code for comparison purposes to a known approved hash.
Then, if those 2 hashes did not match, have Dynatrace throw an alert/detection.
We have done some very basic synthetic checks previously.
(Log into a page, click a specific CSS or DOM object etc... but nothing of this complexity.)
However, I am uncertain how to approach this request.
1) How could the synthetic check be leveraged to "capture" the JavaScript from a page?
2) How could Dynatrace be told in a synthetic to run a program that calculates a hash?
3) How would synthetic check then compare it?
Any advice or experience in doing something similar to this is immensely appreciated!
Kindly,
Chris
Solved! Go to Solution.
15 Jul 2024 06:12 PM
Abstract:
I believe you can do this in synthetic steps - JS allow you to cut/copy HTML.
Then if your hash method is supported by Valina JS you can do it and store any text value it into the Dyantrace vault.
In the Next run you can evaluate the hash value against other values captured from a web page and raise a custom error.
16 Jul 2024 12:06 AM
This is an extreme request, but interesting. Some comments:
As such, your best bet is probably implementing at least the first two above and validating against the SRI hashes. And wait to see if that is automatically supported, as in the other thread.
Also, I'm not quite sure what "Valina JS" was, so I looked it up, but was not able to confirm it is SRI related. Or were you referring to "Vanilla JS"?
16 Jul 2024 06:34 AM
Valina JS - that means you can not import any libraries out of the standard JS package OOB