code cleanup

akto-api-security · Apr 16, 2024 · 674d2cd · 674d2cd
1 parent f850f7f
commit 674d2cd
Show file tree

Hide file tree

Showing 16 changed files with 59 additions and 116 deletions.
diff --git a/apps/api-runtime/src/main/java/com/akto/dependency/DependencyAnalyser.java b/apps/api-runtime/src/main/java/com/akto/dependency/DependencyAnalyser.java
@@ -238,7 +238,7 @@ public boolean filterValues(Object val) {
         if (val == null) return false;
         if (val instanceof Boolean) return false;
         if (val instanceof String) return val.toString().length() > 4 && val.toString().length() <= 4096;
-        if (val instanceof Integer) return ((int) val) > 0;
+        if (val instanceof Integer) return ((int) val) > 50;
         return true;
     }
 

diff --git a/apps/dashboard/src/main/java/com/akto/utils/Utils.java b/apps/dashboard/src/main/java/com/akto/utils/Utils.java
@@ -470,6 +470,7 @@ public static void pushDataToKafka(int apiCollectionId, String topic, List<Strin
                 info = new AccountHTTPCallParserAktoPolicyInfo();
                 HttpCallParser callParser = new HttpCallParser("userIdentifier", 1, 1, 1, false);
                 info.setHttpCallParser(callParser);
+                // info.setResourceAnalyser(new ResourceAnalyser(300_000, 0.01, 100_000, 0.01));
                 RuntimeListener.accountHTTPParserMap.put(accountId, info);
             }
 

diff --git a/apps/testing/src/main/java/com/akto/test_editor/execution/Executor.java b/apps/testing/src/main/java/com/akto/test_editor/execution/Executor.java
@@ -76,7 +76,7 @@ public class Executor {
     public YamlTestResult execute(ExecutorNode node, RawApi rawApi, Map<String, Object> varMap, String logId,
                                   AuthMechanism authMechanism, FilterNode validatorNode, ApiInfo.ApiInfoKey apiInfoKey, TestingRunConfig testingRunConfig,
                                   List<CustomAuthType> customAuthTypes, boolean debug, List<TestingRunResult.TestLog> testLogs,
-                                  Memory memory, Map<String, ApiInfo.ApiInfoKey> apiNameToApiInfoKey) {
+                                  Memory memory) {
         List<GenericTestResult> result = new ArrayList<>();
 
         ExecutionListBuilder executionListBuilder = new ExecutionListBuilder();
@@ -152,7 +152,7 @@ public YamlTestResult execute(ExecutorNode node, RawApi rawApi, Map<String, Obje
                 memory = new Memory(apiInfoKeys, new HashMap<>());
             }
             workflowTest = buildWorkflowGraph(reqNodes, rawApi, authMechanism, customAuthTypes, apiInfoKey, varMap, validatorNode);
-            result.add(triggerMultiExecution(workflowTest, reqNodes, rawApi, authMechanism, customAuthTypes, apiInfoKey, varMap, validatorNode, debug, testLogs, memory, apiNameToApiInfoKey));
+            result.add(triggerMultiExecution(workflowTest, reqNodes, rawApi, authMechanism, customAuthTypes, apiInfoKey, varMap, validatorNode, debug, testLogs, memory));
             yamlTestResult = new YamlTestResult(result, workflowTest);
 
             return yamlTestResult;
@@ -264,7 +264,7 @@ public WorkflowTest buildWorkflowGraph(ExecutorNode reqNodes, RawApi rawApi, Aut
         }
 
     public MultiExecTestResult triggerMultiExecution(WorkflowTest workflowTest, ExecutorNode reqNodes, RawApi rawApi, AuthMechanism authMechanism,
-        List<CustomAuthType> customAuthTypes, ApiInfo.ApiInfoKey apiInfoKey, Map<String, Object> varMap, FilterNode validatorNode, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory, Map<String, ApiInfo.ApiInfoKey> apiNameToApiInfoKey) {
+        List<CustomAuthType> customAuthTypes, ApiInfo.ApiInfoKey apiInfoKey, Map<String, Object> varMap, FilterNode validatorNode, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory) {
 
         ApiWorkflowExecutor apiWorkflowExecutor = new ApiWorkflowExecutor();
         Graph graph = new Graph();
@@ -273,7 +273,7 @@ public MultiExecTestResult triggerMultiExecution(WorkflowTest workflowTest, Exec
         List<String> executionOrder = new ArrayList<>();
         WorkflowTestResult workflowTestResult = new WorkflowTestResult(id, workflowTest.getId(), new HashMap<>(), null, null);
         GraphExecutorRequest graphExecutorRequest = new GraphExecutorRequest(graph, graph.getNode("x1"), workflowTest, null, null, varMap, "conditional", workflowTestResult, new HashMap<>(), executionOrder);
-        GraphExecutorResult graphExecutorResult = apiWorkflowExecutor.init(graphExecutorRequest, debug, testLogs, memory, apiNameToApiInfoKey);
+        GraphExecutorResult graphExecutorResult = apiWorkflowExecutor.init(graphExecutorRequest, debug, testLogs, memory);
         return new MultiExecTestResult(graphExecutorResult.getWorkflowTestResult().getNodeResultMap(), graphExecutorResult.getVulnerable(), Confidence.HIGH, graphExecutorRequest.getExecutionOrder());
     }
 

diff --git a/apps/testing/src/main/java/com/akto/testing/ApiWorkflowExecutor.java b/apps/testing/src/main/java/com/akto/testing/ApiWorkflowExecutor.java
@@ -11,9 +11,9 @@
 
 public class ApiWorkflowExecutor {
 
-    public GraphExecutorResult init(GraphExecutorRequest graphExecutorRequest, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory, Map<String, ApiInfo.ApiInfoKey> apiNameToApiInfoKey) {
+    public GraphExecutorResult init(GraphExecutorRequest graphExecutorRequest, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory) {
         GraphExecutor graphExecutor = GraphExecutorFactory.fetchExecutor(graphExecutorRequest);
-        GraphExecutorResult graphExecutorResult = graphExecutor.executeGraph(graphExecutorRequest,debug,testLogs, memory, apiNameToApiInfoKey);
+        GraphExecutorResult graphExecutorResult = graphExecutor.executeGraph(graphExecutorRequest,debug,testLogs, memory);
         return graphExecutorResult;
     }
 

diff --git a/apps/testing/src/main/java/com/akto/testing/TestExecutor.java b/apps/testing/src/main/java/com/akto/testing/TestExecutor.java
@@ -107,7 +107,7 @@ public void workflowInit (TestingRun testingRun, ObjectId summaryId, boolean deb
             Graph graph = new Graph();
             graph.buildGraph(workflowTest);
             GraphExecutorRequest graphExecutorRequest = new GraphExecutorRequest(graph, workflowTest, testingRun.getId(), summaryId, valuesMap, false, "linear");
-            GraphExecutorResult graphExecutorResult = apiWorkflowExecutor.init(graphExecutorRequest, debug, testLogs, null, null);
+            GraphExecutorResult graphExecutorResult = apiWorkflowExecutor.init(graphExecutorRequest, debug, testLogs, null);
             WorkflowTestResultsDao.instance.insertOne(graphExecutorResult.getWorkflowTestResult());
         } catch (Exception e) {
             loggerMaker.errorAndAddToDb("Error while executing workflow test " + e, LogDb.TESTING);
@@ -651,7 +651,6 @@ public TestingRunResult runTestNew(ApiInfo.ApiInfoKey apiInfoKey, ObjectId testR
         }
 
         FilterNode filterNode = testConfig.getApiSelectionFilters().getNode();
-        Map<String, ConfigParserResult> workFlowSelectionFilters = testConfig.getWorkFlowSelectionFilters();
         FilterNode validatorNode = null;
         if (testConfig.getValidation() != null) {
             validatorNode = testConfig.getValidation().getNode();
@@ -677,7 +676,7 @@ public TestingRunResult runTestNew(ApiInfo.ApiInfoKey apiInfoKey, ObjectId testR
         // TestingUtil -> authMechanism
         // TestingConfig -> auth
         YamlTestTemplate yamlTestTemplate = new YamlTestTemplate(apiInfoKey,filterNode, validatorNode, executorNode,
-                rawApi, varMap, auth, testingUtil.getAuthMechanism(), testExecutionLogId, testingRunConfig, customAuthTypes, testConfig.getStrategy(), workFlowSelectionFilters);
+                rawApi, varMap, auth, testingUtil.getAuthMechanism(), testExecutionLogId, testingRunConfig, customAuthTypes, testConfig.getStrategy());
         YamlTestResult testResults = yamlTestTemplate.run(debug, testLogs);
         if (testResults == null || testResults.getTestResults().isEmpty()) {
             List<GenericTestResult> res = new ArrayList<>();

diff --git a/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/ApiNodeExecutor.java b/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/ApiNodeExecutor.java
@@ -26,7 +26,7 @@ public class ApiNodeExecutor extends NodeExecutor {
 
     private static final LoggerMaker loggerMaker = new LoggerMaker(ApiNodeExecutor.class);
 
-    public NodeResult processNode(Node node, Map<String, Object> valuesMap, Boolean allowAllStatusCodes, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory, Map<String, ApiInfo.ApiInfoKey> apiNameToApiInfoKey) {
+    public NodeResult processNode(Node node, Map<String, Object> valuesMap, Boolean allowAllStatusCodes, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory) {
         loggerMaker.infoAndAddToDb("\n", LogDb.TESTING);
         loggerMaker.infoAndAddToDb("NODE: " + node.getId(), LogDb.TESTING);
         List<String> testErrors = new ArrayList<>();

diff --git a/...sting/src/main/java/com/akto/testing/workflow_node_executor/ConditionalGraphExecutor.java b/...sting/src/main/java/com/akto/testing/workflow_node_executor/ConditionalGraphExecutor.java
@@ -16,7 +16,7 @@
 
 public class ConditionalGraphExecutor extends GraphExecutor {
 
-    public GraphExecutorResult executeGraph(GraphExecutorRequest graphExecutorRequest, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory, Map<String, ApiInfo.ApiInfoKey> apiNameToApiInfoKey) {
+    public GraphExecutorResult executeGraph(GraphExecutorRequest graphExecutorRequest, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory) {
 
         Map<String, Boolean> visitedMap = graphExecutorRequest.getVisitedMap();
         List<String> errors = new ArrayList<>();
@@ -32,7 +32,7 @@ public GraphExecutorResult executeGraph(GraphExecutorRequest graphExecutorReques
         boolean success = false;
 
         WorkflowTestResult.NodeResult nodeResult;
-        nodeResult = Utils.executeNode(node, graphExecutorRequest.getValuesMap(), debug, testLogs, memory, apiNameToApiInfoKey);
+        nodeResult = Utils.executeNode(node, graphExecutorRequest.getValuesMap(), debug, testLogs, memory);
 
         graphExecutorRequest.getWorkflowTestResult().getNodeResultMap().put(node.getId(), nodeResult);
         graphExecutorRequest.getExecutionOrder().add(node.getId());
@@ -79,7 +79,7 @@ public GraphExecutorResult executeGraph(GraphExecutorRequest graphExecutorReques
         boolean vulnerable = success;
         if (childNode != null) {
             GraphExecutorRequest childExecReq = new GraphExecutorRequest(graphExecutorRequest, childNode, graphExecutorRequest.getWorkflowTestResult(), visitedMap, graphExecutorRequest.getExecutionOrder());
-            GraphExecutorResult childExecResult = executeGraph(childExecReq, debug, testLogs, memory, apiNameToApiInfoKey);
+            GraphExecutorResult childExecResult = executeGraph(childExecReq, debug, testLogs, memory);
             vulnerable = childExecResult.getVulnerable();
             return new GraphExecutorResult(graphExecutorRequest.getWorkflowTestResult(), vulnerable, errors);
         } else {

diff --git a/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/GraphExecutor.java b/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/GraphExecutor.java
@@ -11,6 +11,6 @@
 
 public abstract class GraphExecutor {
 
-    public abstract GraphExecutorResult executeGraph(GraphExecutorRequest graphExecutorRequest, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory, Map<String, ApiInfo.ApiInfoKey> apiNameToApiInfoKey);
+    public abstract GraphExecutorResult executeGraph(GraphExecutorRequest graphExecutorRequest, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory);
 
 }
diff --git a/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/LinearGraphExecutor.java b/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/LinearGraphExecutor.java
@@ -16,15 +16,15 @@
 
 public class LinearGraphExecutor extends GraphExecutor {
 
-    public GraphExecutorResult executeGraph(GraphExecutorRequest graphExecutorRequest, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory, Map<String, ApiInfo.ApiInfoKey> apiNameToApiInfoKey) {
+    public GraphExecutorResult executeGraph(GraphExecutorRequest graphExecutorRequest, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory) {
         List<Node> nodes = graphExecutorRequest.getGraph().sort();
 
         int id = Context.now();
         WorkflowTestResult workflowTestResult = new WorkflowTestResult(id, graphExecutorRequest.getWorkflowTest().getId(), new HashMap<>(), graphExecutorRequest.getTestingRunId(), graphExecutorRequest.getTestingRunSummaryId());
         Map<String, WorkflowTestResult.NodeResult> testResultMap = workflowTestResult.getNodeResultMap();
         for (Node node: nodes) {
             WorkflowTestResult.NodeResult nodeResult;
-            nodeResult = Utils.executeNode(node, graphExecutorRequest.getValuesMap(), debug, testLogs, memory, apiNameToApiInfoKey);
+            nodeResult = Utils.executeNode(node, graphExecutorRequest.getValuesMap(), debug, testLogs, memory);
             testResultMap.put(node.getId(), nodeResult);
             if (nodeResult.getErrors().size() > 0) break;
             if (graphExecutorRequest.getSkipIfNotVulnerable() && !nodeResult.isVulnerable()) {

diff --git a/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/NodeExecutor.java b/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/NodeExecutor.java
@@ -11,5 +11,5 @@
 
 public abstract class NodeExecutor {
 
-    public abstract WorkflowTestResult.NodeResult processNode(Node node, Map<String, Object> valuesMap, Boolean allowAllStatusCodes, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory, Map<String, ApiInfo.ApiInfoKey> apiNameToApiInfoKey);
+    public abstract WorkflowTestResult.NodeResult processNode(Node node, Map<String, Object> valuesMap, Boolean allowAllStatusCodes, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory);
 }
diff --git a/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/Utils.java b/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/Utils.java
@@ -189,30 +189,30 @@ public static String fetchToken(RecordedLoginFlowInput recordedLoginFlowInput, i
         return token;
     }
 
-    public static WorkflowTestResult.NodeResult processNode(Node node, Map<String, Object> valuesMap, Boolean allowAllStatusCodes, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory, Map<String, ApiInfo.ApiInfoKey> apiNameToApiInfoKey) {
+    public static WorkflowTestResult.NodeResult processNode(Node node, Map<String, Object> valuesMap, Boolean allowAllStatusCodes, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory) {
         if (node.getWorkflowNodeDetails().getType() == WorkflowNodeDetails.Type.RECORDED) {
             return processRecorderNode(node, valuesMap);
         }
         else if (node.getWorkflowNodeDetails().getType() == WorkflowNodeDetails.Type.OTP) {
             return processOtpNode(node, valuesMap);
         }
         else {
-            return processApiNode(node, valuesMap, allowAllStatusCodes, debug, testLogs, memory, apiNameToApiInfoKey);
+            return processApiNode(node, valuesMap, allowAllStatusCodes, debug, testLogs, memory);
         }
     }
 
 
-    public static WorkflowTestResult.NodeResult processApiNode(Node node, Map<String, Object> valuesMap, Boolean allowAllStatusCodes, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory, Map<String, ApiInfo.ApiInfoKey> apiNameToApiInfoKey) {
+    public static WorkflowTestResult.NodeResult processApiNode(Node node, Map<String, Object> valuesMap, Boolean allowAllStatusCodes, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory) {
 
         NodeExecutorFactory nodeExecutorFactory = new NodeExecutorFactory();
         NodeExecutor nodeExecutor = nodeExecutorFactory.getExecutor(node);
-        return nodeExecutor.processNode(node, valuesMap, allowAllStatusCodes, debug, testLogs, memory, apiNameToApiInfoKey);
+        return nodeExecutor.processNode(node, valuesMap, allowAllStatusCodes, debug, testLogs, memory);
     }
 
-    public static WorkflowTestResult.NodeResult executeNode(Node node, Map<String, Object> valuesMap,boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory, Map<String, ApiInfo.ApiInfoKey> apiNameToApiInfoKey) {
+    public static WorkflowTestResult.NodeResult executeNode(Node node, Map<String, Object> valuesMap,boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory) {
         WorkflowTestResult.NodeResult nodeResult;
         try {
-            nodeResult = Utils.processNode(node, valuesMap, true, debug, testLogs, memory, apiNameToApiInfoKey);
+            nodeResult = Utils.processNode(node, valuesMap, true, debug, testLogs, memory);
         } catch (Exception e) {
             ;
             List<String> testErrors = new ArrayList<>();
@@ -246,7 +246,7 @@ public static LoginFlowResponse runLoginFlow(WorkflowTest workflowTest, AuthMech
                 if (authMechanism.getRequestData() != null && authMechanism.getRequestData().size() > 0 && authMechanism.getRequestData().get(index).getAllowAllStatusCodes()) {
                     allowAllStatusCodes = authMechanism.getRequestData().get(0).getAllowAllStatusCodes();
                 }
-                nodeResult = processNode(node, valuesMap, allowAllStatusCodes, false, new ArrayList<>(), null, null);
+                nodeResult = processNode(node, valuesMap, allowAllStatusCodes, false, new ArrayList<>(), null);
             } catch (Exception e) {
                 ;
                 List<String> testErrors = new ArrayList<>();

diff --git a/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/YamlNodeExecutor.java b/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/YamlNodeExecutor.java
@@ -50,7 +50,7 @@ public class YamlNodeExecutor extends NodeExecutor {
     private static final Gson gson = new Gson();
 
 
-    public NodeResult processNode(Node node, Map<String, Object> varMap, Boolean allowAllStatusCodes, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory, Map<String, ApiInfo.ApiInfoKey> apiNameToApiInfoKey) {
+    public NodeResult processNode(Node node, Map<String, Object> varMap, Boolean allowAllStatusCodes, boolean debug, List<TestingRunResult.TestLog> testLogs, Memory memory) {
         List<String> testErrors = new ArrayList<>();
 
         YamlNodeDetails yamlNodeDetails = (YamlNodeDetails) node.getWorkflowNodeDetails();
@@ -69,15 +69,17 @@ public NodeResult processNode(Node node, Map<String, Object> varMap, Boolean all
 
         ApiInfo.ApiInfoKey apiInfoKey = ((YamlNodeDetails) node.getWorkflowNodeDetails()).getApiInfoKey();
         ExecutorNode firstChildNode = childNodes.get(0); // todo check for length
-        if (firstChildNode.getOperationType().equalsIgnoreCase("api")) {
-            String apiType = firstChildNode.getValues().toString();
-            if (apiType.equalsIgnoreCase("get_asset_api")) {
-                rawApi = memory.findAssetGetterRequest(apiInfoKey);
+        if (memory != null) {
+            if (firstChildNode.getOperationType().equalsIgnoreCase("api")) {
+                String apiType = firstChildNode.getValues().toString();
+                if (apiType.equalsIgnoreCase("get_asset_api")) {
+                    rawApi = memory.findAssetGetterRequest(apiInfoKey);
+                }
+                childNodes.remove(0);
+            } else {
+                OriginalHttpRequest request = memory.run(apiInfoKey.getApiCollectionId(), apiInfoKey.getUrl(), apiInfoKey.getMethod().name());
+                rawApi.setRequest(request);
             }
-            childNodes.remove(0);
-        } else {
-            OriginalHttpRequest request = memory.run(apiInfoKey.getApiCollectionId(), apiInfoKey.getUrl(), apiInfoKey.getMethod().name());
-            rawApi.setRequest(request);
         }