Skip to content

Commit

Permalink
Merge pull request #1099 from akto-api-security/develop
Browse files Browse the repository at this point in the history 
Develop
  • Loading branch information
@notshivansh
notshivansh authored May 10, 2024
2 parents b6af73c + 2e7ef1c commit 209c67a
Show file tree
Hide file tree
Showing 9 changed files with 169 additions and 149 deletions.
57 changes: 32 additions & 25 deletions apps/dashboard/src/main/java/com/akto/action/JiraIntegrationAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,6 @@
import java.util.Map;

import org.apache.commons.io.FileUtils;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.mime.MultipartEntityBuilder;
import org.apache.http.entity.mime.content.FileBody;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.bson.conversions.Bson;

import com.akto.dao.JiraIntegrationDao;
Expand All @@ -29,15 +21,24 @@
import com.akto.dto.test_run_findings.TestingIssuesId;
import com.akto.dto.test_run_findings.TestingRunIssues;
import com.akto.log.LoggerMaker;
import com.akto.log.LoggerMaker.LogDb;
import com.akto.parsers.HttpCallParser;
import com.akto.testing.ApiExecutor;
import com.akto.util.http_util.CoreHTTPClient;
import com.mongodb.BasicDBList;
import com.mongodb.BasicDBObject;
import com.mongodb.client.model.Filters;
import com.mongodb.client.model.UpdateOptions;
import com.mongodb.client.model.Updates;
import com.opensymphony.xwork2.Action;

import okhttp3.MediaType;
import okhttp3.MultipartBody;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;

public class JiraIntegrationAction extends UserAction {

private String baseUrl;
Expand All @@ -64,6 +65,7 @@ public class JiraIntegrationAction extends UserAction {
private final String CREATE_ISSUE_ENDPOINT = "/rest/api/3/issue";
private final String ATTACH_FILE_ENDPOINT = "/attachments";
private static final LoggerMaker loggerMaker = new LoggerMaker(ApiExecutor.class);
private static final OkHttpClient client = CoreHTTPClient.client.newBuilder().build();

public String testIntegration() {

Expand Down Expand Up @@ -292,28 +294,33 @@ public String attachFileToIssue() {
FileUtils.writeStringToFile(new File(tmpOutputFile.getPath()), resp + "\n\n", (String) null, true);


CloseableHttpClient httpClient = HttpClients.createDefault();


MultipartEntityBuilder builder = MultipartEntityBuilder.create();
builder.addPart("file", new FileBody(tmpOutputFile, ContentType.DEFAULT_BINARY));

HttpEntity multipart = builder.build();
MediaType mType = MediaType.parse("application/octet-stream");
RequestBody requestBody = new MultipartBody.Builder().setType(MultipartBody.FORM)
.addFormDataPart("file", tmpOutputFile.getName(),
RequestBody.create(tmpOutputFile, mType))
.build();

Request request = new Request.Builder()
.url(url)
.post(requestBody)
.header("Authorization", "Basic " + authHeader)
.header("X-Atlassian-Token", "nocheck")
.build();

HttpPost uploadFile = new HttpPost(url);
uploadFile.addHeader("Authorization", "Basic " + authHeader);
uploadFile.addHeader("X-Atlassian-Token", "nocheck");
uploadFile.setEntity(multipart);

try (CloseableHttpResponse response = httpClient.execute(uploadFile)) {
HttpEntity responseEntity = response.getEntity();
int statusCode = response.getStatusLine().getStatusCode();
Response response = null;

try {
response = client.newCall(request).execute();
} catch (Exception ex) {
loggerMaker.errorAndAddToDb(ex,
String.format("Failed to call jira from url %s. Error %s", url, ex.getMessage()),
LogDb.DASHBOARD);
} finally {
if (response != null) {
response.close();
}
}

httpClient.close();

} catch (Exception ex) {
ex.printStackTrace();
}
Expand Down
10 changes: 10 additions & 0 deletions apps/dashboard/src/main/java/com/akto/action/PostmanAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
import com.akto.log.LoggerMaker.LogDb;
import com.akto.postman.Main;
import com.akto.util.DashboardMode;
import com.akto.util.http_util.CoreHTTPClient;
import com.akto.utils.GzipUtils;
import com.akto.utils.SampleDataToSTI;
import com.akto.utils.Utils;
Expand All @@ -39,6 +40,8 @@
import com.mongodb.client.model.Updates;
import com.mongodb.client.result.InsertOneResult;
import io.swagger.v3.oas.models.OpenAPI;
import okhttp3.OkHttpClient;

import org.apache.commons.lang3.tuple.Pair;
import org.bson.conversions.Bson;
import org.bson.types.ObjectId;
Expand All @@ -55,6 +58,13 @@ public class PostmanAction extends UserAction {

private static final LoggerMaker loggerMaker = new LoggerMaker(PostmanAction.class, LogDb.DASHBOARD);
private static final ObjectMapper mapper = new ObjectMapper();
private static final OkHttpClient client = CoreHTTPClient.client.newBuilder().build();

static{
loggerMaker.infoAndAddToDb("Initializing http client for postman operations");
ApiRequest.initCommonHttpClient(client);
}

@Override
public String execute() {
return SUCCESS;
Expand Down
20 changes: 10 additions & 10 deletions apps/dashboard/src/main/java/com/akto/action/SignupAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -443,10 +443,10 @@ public String registerViaGithub() {
if (githubConfig == null) {
return ERROR.toUpperCase();
}
List<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair("client_id", githubConfig.getClientId()));
params.add(new BasicNameValuePair("client_secret", githubConfig.getClientSecret()));
params.add(new BasicNameValuePair("code", this.code));
BasicDBObject params = new BasicDBObject();
params.put("client_id", githubConfig.getClientId());
params.put("client_secret", githubConfig.getClientSecret());
params.put("code", this.code);
try {
Map<String,Object> tokenData = CustomHttpRequest.postRequest("https://github.com/login/oauth/access_token", params);
String accessToken = tokenData.get("access_token").toString();
Expand Down Expand Up @@ -486,12 +486,12 @@ public String registerViaOkta() throws IOException{
String clientSecret = oktaConfig.getClientSecret();
String redirectUri = oktaConfig.getRedirectUri();

List<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair("grant_type", "authorization_code"));
params.add(new BasicNameValuePair("code", this.code));
params.add(new BasicNameValuePair("client_id", clientId));
params.add(new BasicNameValuePair("client_secret", clientSecret));
params.add(new BasicNameValuePair("redirect_uri", redirectUri));
BasicDBObject params = new BasicDBObject();
params.put("grant_type", "authorization_code");
params.put("code", this.code);
params.put("client_id", clientId);
params.put("client_secret", clientSecret);
params.put("redirect_uri", redirectUri);

try {
Map<String,Object> tokenData = CustomHttpRequest.postRequestEncodedType(domainUrl +"/token",params);
Expand Down
10 changes: 9 additions & 1 deletion apps/dashboard/src/main/java/com/akto/action/user/GithubSsoAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,19 +14,27 @@
import com.akto.github.GithubUtils;
import com.akto.log.LoggerMaker;
import com.akto.util.DashboardMode;
import com.akto.util.http_util.CoreHTTPClient;
import com.mongodb.BasicDBObject;
import com.mongodb.client.model.Filters;
import com.mongodb.client.model.Updates;
import com.mongodb.client.result.DeleteResult;

import okhttp3.OkHttpClient;

import org.kohsuke.github.GitHub;
import org.kohsuke.github.GitHubBuilder;
import org.kohsuke.github.connector.GitHubConnector;
import org.kohsuke.github.extras.okhttp3.OkHttpGitHubConnector;

import java.util.ArrayList;

import static com.akto.dao.AccountSettingsDao.generateFilter;

public class GithubSsoAction extends UserAction {
private static final LoggerMaker loggerMaker = new LoggerMaker(StartTestAction.class);
private static final OkHttpClient client = CoreHTTPClient.client.newBuilder().build();
private static final GitHubConnector connector = new OkHttpGitHubConnector(client);

public String deleteGithubSso() {

Expand Down Expand Up @@ -100,7 +108,7 @@ public String addGithubAppSecretKey() {

try {
String jwtToken = GithubUtils.createJWT(githubAppId,githubAppSecretKey, 10 * 60 * 1000);
GitHub gitHub = new GitHubBuilder().withJwtToken(jwtToken).build();
GitHub gitHub = new GitHubBuilder().withConnector(connector).withJwtToken(jwtToken).build();
gitHub.getApp();
} catch (Exception e) {
addActionError("invalid github app Id and secret key");
Expand Down
9 changes: 8 additions & 1 deletion apps/dashboard/src/main/java/com/akto/listener/InitializerListener.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@
import com.akto.util.UsageUtils;
import com.akto.util.enums.GlobalEnums.TestCategory;
import com.akto.util.enums.GlobalEnums.YamlTemplateSource;
import com.akto.util.http_util.CoreHTTPClient;
import com.akto.util.tasks.OrganizationTask;
import com.akto.utils.*;
import com.akto.util.DashboardMode;
Expand All @@ -98,7 +99,11 @@
import com.mongodb.client.MongoCursor;
import com.mongodb.client.model.*;
import com.slack.api.Slack;
import com.slack.api.util.http.SlackHttpClient;
import com.slack.api.webhook.WebhookResponse;

import okhttp3.OkHttpClient;

import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.StringUtils;
import org.bson.conversions.Bson;
Expand Down Expand Up @@ -710,7 +715,9 @@ public void accept(Account t) {
return;
}

Slack slack = Slack.getInstance();
OkHttpClient httpClient = CoreHTTPClient.client.newBuilder().build();
SlackHttpClient slackHttpClient = new SlackHttpClient(httpClient);
Slack slack = Slack.getInstance(slackHttpClient);

for (SlackWebhook slackWebhook : listWebhooks) {
int now = Context.now();
Expand Down
47 changes: 18 additions & 29 deletions apps/dashboard/src/main/java/com/akto/utils/GithubSync.java
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,8 @@
package com.akto.utils;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;

import org.apache.commons.lang3.ArrayUtils;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.HttpClients;
import org.json.JSONArray;
import org.json.JSONObject;

Expand All @@ -28,11 +14,8 @@
import com.akto.github.GithubFile;
import com.akto.log.LoggerMaker;
import com.akto.log.LoggerMaker.LogDb;
import com.akto.util.Pair;
import com.akto.util.http_util.CoreHTTPClient;

import javassist.bytecode.ByteArray;

public class GithubSync {
private static final LoggerMaker loggerMaker = new LoggerMaker(GithubSync.class);
private static final OkHttpClient client = CoreHTTPClient.client.newBuilder().build();
Expand Down Expand Up @@ -128,35 +111,41 @@ public byte[] syncRepo(String repo, String branch) {
public byte[] syncRepo(String url) {
byte[] repoZip = null;

HttpClient httpClient = HttpClients.createDefault();
HttpGet httpGet = new HttpGet(url);
Request request = new Request.Builder()
.url(url)
/*
* this header is needed to force the URL
* to send the content-length header.
*/
.addHeader("Accept-encoding", "None")
.build();
Response response = null;

try {
HttpResponse response = httpClient.execute(httpGet);

if (response.getStatusLine().getStatusCode() == 200) {
response = client.newCall(request).execute();

if (response.isSuccessful()) {
long content_length = 0;
Header content_length_header = response.getFirstHeader("content-length");
String content_length_header = response.header("content-length");
if (content_length_header != null) {
content_length = Long.parseLong(content_length_header.getValue());
content_length = Long.parseLong(content_length_header);
}
if (content_length > REPO_SIZE_LIMIT) {
throw new Exception("Repo size is too large, max allowed size is 10 MB");
}

loggerMaker.infoAndAddToDb(String.format("Downloaded github repo archive: %s", url), LogDb.DASHBOARD);
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
response.getEntity().writeTo(outputStream);
repoZip = outputStream.toByteArray();
repoZip = response.body().bytes();
} else {
loggerMaker.errorAndAddToDb(String.format("Failed to download the zip archive from url %s. Status code: %d", url, response.getStatusLine().getStatusCode()), LogDb.DASHBOARD);
loggerMaker.errorAndAddToDb(String.format("Failed to download the zip archive from url %s. Status code: %d", url, response.code()), LogDb.DASHBOARD);
}
} catch (Exception ex) {
loggerMaker.errorAndAddToDb(ex, String.format("Failed to download the zip archive from url %s. Error %s", url, ex.getMessage()), LogDb.DASHBOARD);
}
finally {
httpGet.releaseConnection();
if (response != null) {
response.close();
}
}

return repoZip;
Expand Down
8 changes: 6 additions & 2 deletions libs/integrations/src/main/java/com/akto/ApiRequest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,14 @@
public class ApiRequest {
private static final ObjectMapper mapper = new ObjectMapper();
private static final OkHttpClient client = new OkHttpClient();
;
private static OkHttpClient commonClient = new OkHttpClient();

public static void initCommonHttpClient(OkHttpClient client){
commonClient = client.newBuilder().build();
}

public static JsonNode common(Request request) {
Call call = client.newCall(request);
Call call = commonClient.newCall(request);
Response response;
try {
response = call.execute();
Expand Down
Loading

0 comments on commit 209c67a

Please sign in to comment.