Merge branch 'develop' into flash-inventory-swagger

.github/workflows/prod.yml

@@ -28,6 +28,9 @@ jobs:
       - uses: actions/setup-node@v2
         with:
           node-version: '17'
+      - name: Download Akto templates zip
+        working-directory: ./apps/dashboard/src/main/resources
+        run: wget -O test-library-master.zip https://github.com/akto-api-security/tests-library/archive/refs/heads/master.zip
       - name: Prepare Dashboard UI
         working-directory: ./apps/dashboard/
         run: npm install && export RELEASE_VERSION=${{github.event.inputs.release_version}} && npm run build

.github/workflows/staging.yml

@@ -54,6 +54,9 @@ jobs:
       - name: Convert github branch name to be compatible with docker tag name convention and generate tag name
         id: docker_tag
         run: echo "IMAGE_TAG=${{ github.event.inputs.Tag }}_$(echo ${{ github.ref_name }} | sed 's/[^a-zA-Z0-9]/_/g')" >> $GITHUB_OUTPUT
+      - name: Download Akto templates zip
+        working-directory: ./apps/dashboard/src/main/resources
+        run: wget -O test-library-master.zip https://github.com/akto-api-security/tests-library/archive/refs/heads/master.zip
       - name: Prepare Dashboard UI
         working-directory: ./apps/dashboard/
         run: npm install && export RELEASE_VERSION=${{steps.docker_tag.outputs.IMAGE_TAG}} && npm run build

apps/dashboard/src/main/java/com/akto/action/AccountAction.java

@@ -8,6 +8,7 @@
 import com.akto.log.LoggerMaker;
 import com.akto.log.LoggerMaker.LogDb;
 import com.akto.runtime.Main;
+import com.akto.utils.GithubSync;
 import com.akto.utils.cloud.Utils;
 import com.akto.utils.cloud.serverless.aws.Lambda;
 import com.akto.utils.cloud.stack.aws.AwsStack;
@@ -261,12 +262,21 @@ public void run() {
                 RuntimeListener.addSampleData();
                 AccountSettingsDao.instance.updateOnboardingFlag(true);
                 InitializerListener.insertPiiSources();
-                InitializerListener.saveTestEditorYaml();
+
                 try {
                     InitializerListener.executePIISourceFetch();
                 } catch (Exception e) {
                     e.printStackTrace();
                 }
+
+                try {
+                    GithubSync githubSync = new GithubSync();
+                    byte[] repoZip = githubSync.syncRepo("akto-api-security/tests-library", "master");
+                    loggerMaker.infoAndAddToDb(String.format("Updating akto test templates for new account: %d", newAccountId), LogDb.DASHBOARD);
+                    InitializerListener.processTemplateFilesZip(repoZip);
+                } catch (Exception e) {
+                    loggerMaker.errorAndAddToDb(String.format("Error while adding test editor templates for new account %d, Error: %s", newAccountId, e.getMessage()), LogDb.DASHBOARD);
+                }
             }
         }, 0, TimeUnit.SECONDS);
     }

apps/dashboard/src/main/java/com/akto/action/ExportSampleDataAction.java

@@ -1,13 +1,16 @@
 package com.akto.action;
 
 import com.akto.DaoInit;
+import com.akto.action.test_editor.SaveTestEditorAction;
 import com.akto.dao.ApiCollectionsDao;
 import com.akto.dao.SampleDataDao;
 import com.akto.dao.context.Context;
 import com.akto.dto.*;
 import com.akto.dto.traffic.Key;
 import com.akto.dto.traffic.SampleData;
 import com.akto.dto.type.URLMethods;
+import com.akto.listener.InitializerListener;
+import com.akto.listener.RuntimeListener;
 import com.akto.parsers.HttpCallParser;
 import com.fasterxml.jackson.core.JsonFactory;
 import com.fasterxml.jackson.core.JsonParser;
@@ -310,6 +313,15 @@ public static String getCurl(String sampleData) throws IOException {
         return builder.toString();
     }
 
+    int accountId;
+
+    public String insertLlmData() {
+        Context.accountId.set(accountId);
+        RuntimeListener.addLlmSampleData(accountId);
+        InitializerListener.saveLLmTemplates();
+        return SUCCESS.toUpperCase();
+    }
+
     public String getCurlString() {
         return curlString;
     }
@@ -349,5 +361,13 @@ public String getLastUrlFetched() {
     public String getLastMethodFetched() {
         return lastMethodFetched;
     }
+
+    public int getAccountId() {
+        return accountId;
+    }
+
+    public void setAccountId(int accountId) {
+        this.accountId = accountId;
+    }
 }
 

apps/dashboard/src/main/java/com/akto/action/ProfileAction.java

@@ -13,6 +13,7 @@
 import com.akto.util.Constants;
 import com.akto.util.EmailAccountName;
 import com.akto.utils.DashboardMode;
+import com.akto.utils.cloud.Utils;
 import com.mongodb.BasicDBList;
 import com.mongodb.BasicDBObject;
 import com.mongodb.client.model.Filters;
@@ -93,6 +94,7 @@ public static void executeMeta1(User user, HttpServletRequest request, HttpServl
                 .append("dashboardMode", DashboardMode.getDashboardMode())
                 .append("isSaas","true".equals(System.getenv("IS_SAAS")))
                 .append("users", UsersDao.instance.getAllUsersInfoForTheAccount(Context.accountId.get()))
+                .append("cloudType", Utils.getCloudType())
                 .append("accountName", accountName)
                 .append("aktoUIMode", userFromDB.getAktoUIMode().name());
         if (versions.length > 2) {

apps/dashboard/src/main/java/com/akto/action/testing_issues/IssuesAction.java

@@ -1,5 +1,6 @@
 package com.akto.action.testing_issues;
 
+import com.akto.action.ExportSampleDataAction;
 import com.akto.action.UserAction;
 import com.akto.dao.demo.VulnerableRequestForTemplateDao;
 import com.akto.dao.test_editor.YamlTemplateDao;
@@ -13,6 +14,7 @@
 import com.akto.dto.test_editor.YamlTemplate;
 import com.akto.dto.test_run_findings.TestingIssuesId;
 import com.akto.dto.test_run_findings.TestingRunIssues;
+import com.akto.dto.testing.TestResult;
 import com.akto.dto.testing.TestingRunResult;
 import com.akto.dto.testing.sources.TestSourceConfig;
 import com.akto.util.enums.GlobalEnums;
@@ -26,6 +28,7 @@
 import org.bson.conversions.Bson;
 
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -37,6 +40,8 @@ public class IssuesAction extends UserAction {
     private TestingIssuesId issueId;
     private List<TestingIssuesId> issueIdArray;
     private TestingRunResult testingRunResult;
+    private List<TestingRunResult> testingRunResults;
+    private Map<String, String> sampleDataVsCurlMap;
     private TestRunIssueStatus statusToBeUpdated;
     private String ignoreReason;
     private int skip;
@@ -109,6 +114,46 @@ public String fetchAllIssues() {
         }
         return SUCCESS.toUpperCase();
     }
+
+    public String fetchVulnerableTestingRunResultsFromIssues() {
+        Bson filters = createFilters();
+        try {
+            List<TestingRunIssues> issues =  TestingRunIssuesDao.instance.findAll(filters, skip, 50, null);
+            this.totalIssuesCount = issues.size();
+            List<Bson> andFilters = new ArrayList<>();
+            for (TestingRunIssues issue : issues) {
+                andFilters.add(Filters.and(
+                        Filters.eq(TestingRunResult.TEST_RUN_RESULT_SUMMARY_ID, issue.getLatestTestingRunSummaryId()),
+                        Filters.eq(TestingRunResult.TEST_SUB_TYPE, issue.getId().getTestSubCategory()),
+                        Filters.eq(TestingRunResult.API_INFO_KEY, issue.getId().getApiInfoKey()),
+                        Filters.eq(TestingRunResult.VULNERABLE, true)
+                ));
+            }
+            if (issues.isEmpty()) {
+                this.testingRunResults = new ArrayList<>();
+                this.sampleDataVsCurlMap = new HashMap<>();
+                return SUCCESS.toUpperCase();
+            }
+            Bson orFilters = Filters.or(andFilters);
+            this.testingRunResults = TestingRunResultDao.instance.findAll(orFilters);
+            Map<String, String> sampleDataVsCurlMap = new HashMap<>();
+            for (TestingRunResult runResult: this.testingRunResults) {
+                List<TestResult> testResults = new ArrayList<>();
+                for (TestResult testResult : runResult.getTestResults()) {
+                    if (testResult.isVulnerable()) {
+                        testResults.add(testResult);
+                        sampleDataVsCurlMap.put(testResult.getMessage(), ExportSampleDataAction.getCurl(testResult.getMessage()));
+                        sampleDataVsCurlMap.put(testResult.getOriginalMessage(), ExportSampleDataAction.getCurl(testResult.getOriginalMessage()));
+                    }
+                }
+                runResult.setTestResults(testResults);
+            }
+            this.sampleDataVsCurlMap = sampleDataVsCurlMap;
+        } catch (Exception e) {
+            return ERROR.toUpperCase();
+        }
+        return SUCCESS.toUpperCase();
+    }
     public String fetchTestingRunResult() {
         if (issueId == null) {
             throw new IllegalStateException();
@@ -378,4 +423,20 @@ public boolean getFetchOnlyActive() {
     public void setFetchOnlyActive(boolean fetchOnlyActive) {
         this.fetchOnlyActive = fetchOnlyActive;
     }
+
+    public List<TestingRunResult> getTestingRunResults() {
+        return testingRunResults;
+    }
+
+    public void setTestingRunResults(List<TestingRunResult> testingRunResults) {
+        this.testingRunResults = testingRunResults;
+    }
+
+    public Map<String, String> getSampleDataVsCurlMap() {
+        return sampleDataVsCurlMap;
+    }
+
+    public void setSampleDataVsCurlMap(Map<String, String> sampleDataVsCurlMap) {
+        this.sampleDataVsCurlMap = sampleDataVsCurlMap;
+    }
 }