This gist is deprecated. Please use the pre-request script found at https://github.com/veracode/veracode-postman.

pre-request.js

var url = require('url');

const id = 'YOUR_VERACODE_API_KEY_ID';
const key = 'YOUR_VERACODE_API_KEY_SECRET';

const authorizationScheme = 'VERACODE-HMAC-SHA-256';
const requestVersion = "vcode_request_version_1";
const nonceSize = 16;

function computeHashHex(message, key_hex) {
    return CryptoJS.HmacSHA256(message, CryptoJS.enc.Hex.parse(key_hex)).toString(CryptoJS.enc.Hex);
}

function calculateDataSignature(key, nonceBytes, dateStamp, data) {
    let kNonce = computeHashHex(nonceBytes, key);
    let kDate = computeHashHex(dateStamp, kNonce);
    let kSig = computeHashHex(requestVersion, kDate);
    let kFinal = computeHashHex(data, kSig);
    return kFinal;
}

function newNonce() {
    return CryptoJS.lib.WordArray.random(nonceSize).toString().toUpperCase();
}

function toHexBinary(input) {
    return CryptoJS.enc.Hex.stringify(CryptoJS.enc.Utf8.parse(input));
}

function calculateVeracodeAuthHeader(httpMethod, requestUrl) {
    let parsedUrl = url.parse(requestUrl);
    let data = `id=${id}&host=${parsedUrl.hostname}&url=${parsedUrl.path}&method=${httpMethod}`;
    let dateStamp = Date.now().toString();
    let nonceBytes = newNonce(nonceSize);
    let dataSignature = calculateDataSignature(key, nonceBytes, dateStamp, data);
    let authorizationParam = `id=${id},ts=${dateStamp},nonce=${toHexBinary(nonceBytes)},sig=${dataSignature}`;
    let header = authorizationScheme + " " + authorizationParam;
    return header;
}

var {Property} = require('postman-collection');
const substitutedUrl = Property.replaceSubstitutions(request.url, pm.variables.toObject());
postman.setEnvironmentVariable('hmacAuthHeader', calculateVeracodeAuthHeader(request.method, substitutedUrl));

This gist is deprecated. Please use the pre-request script found at https://github.com/veracode/veracode-postman.