diff --git a/apps/dashboard/src/main/java/com/akto/action/AccountAction.java b/apps/dashboard/src/main/java/com/akto/action/AccountAction.java index f572eb31f0..4da16dd73c 100644 --- a/apps/dashboard/src/main/java/com/akto/action/AccountAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/AccountAction.java @@ -37,6 +37,7 @@ import java.util.HashSet; import java.util.List; import java.util.Set; +import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.TimeUnit; @@ -52,6 +53,7 @@ public class AccountAction extends UserAction { public static final int MAX_NUM_OF_LAMBDAS_TO_FETCH = 50; private static final ScheduledExecutorService executorService = Executors.newSingleThreadScheduledExecutor(); + private static final ExecutorService service = Executors.newFixedThreadPool(1); @Override public String execute() { @@ -309,7 +311,11 @@ public void run() { DaoInit.createIndices(); Main.insertRuntimeFilters(); RuntimeListener.initialiseDemoCollections(); - RuntimeListener.addSampleData(); + service.submit(() ->{ + Context.accountId.set(newAccountId); + loggerMaker.infoAndAddToDb("updating vulnerable api's collection for new account " + newAccountId, LogDb.DASHBOARD); + RuntimeListener.addSampleData(); + }); AccountSettingsDao.instance.updateOnboardingFlag(true); InitializerListener.insertPiiSources(); diff --git a/apps/dashboard/src/main/java/com/akto/action/LoginAction.java b/apps/dashboard/src/main/java/com/akto/action/LoginAction.java index 47643a12ed..fbbf2871df 100644 --- a/apps/dashboard/src/main/java/com/akto/action/LoginAction.java +++ b/apps/dashboard/src/main/java/com/akto/action/LoginAction.java @@ -1,13 +1,17 @@ package com.akto.action; +import com.akto.dao.BackwardCompatibilityDao; import com.akto.dao.SignupDao; import com.akto.dao.SingleTypeInfoDao; import com.akto.dao.UsersDao; import com.akto.dao.context.Context; +import com.akto.dto.BackwardCompatibility; import com.akto.dto.Config; import com.akto.dto.SignupInfo; import com.akto.dto.SignupUserInfo; import com.akto.dto.User; +import com.akto.listener.RuntimeListener; +import com.akto.log.LoggerMaker.LogDb; import com.akto.utils.Token; import com.akto.utils.JWT; import com.mongodb.BasicDBObject; @@ -29,6 +33,8 @@ import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import java.util.*; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; import static com.akto.filter.UserDetailsFilter.LOGIN_URI; @@ -42,6 +48,7 @@ public class LoginAction implements Action, ServletResponseAware, ServletRequest private static final Logger logger = LoggerFactory.getLogger(LoginAction.class); public static final String REFRESH_TOKEN_COOKIE_NAME = "refreshToken"; + private static final ExecutorService service = Executors.newFixedThreadPool(1); public BasicDBObject getLoginResult() { return loginResult; } @@ -93,10 +100,37 @@ public String execute() throws IOException { //For the case when no account exists, the user will get access to 1_000_000 account String accountIdStr = user.getAccounts().keySet().isEmpty() ? "1000000" : user.getAccounts().keySet().iterator().next(); int accountId = StringUtils.isNumeric(accountIdStr) ? Integer.parseInt(accountIdStr) : 1_000_000; + try { + service.submit(() ->{ + triggerVulnColUpdation(user); + }); + } catch (Exception e) { + logger.error("error updating vuln collection ", e); + } decideFirstPage(loginResult, accountId); return result; } + private static void triggerVulnColUpdation(User user) { + for (String accountIdStr: user.getAccounts().keySet()) { + int accountId = Integer.parseInt(accountIdStr); + Context.accountId.set(accountId); + logger.info("updating vulnerable api's collection for account " + accountId); + try { + BackwardCompatibility backwardCompatibility = BackwardCompatibilityDao.instance.findOne(new BasicDBObject()); + if (backwardCompatibility.getVulnerableApiUpdationVersionV1() == 0) { + RuntimeListener.addSampleData(); + } + BackwardCompatibilityDao.instance.updateOne( + Filters.eq("_id", backwardCompatibility.getId()), + Updates.set(BackwardCompatibility.VULNERABLE_API_UPDATION_VERSION_V1, Context.now()) + ); + } catch (Exception e) { + logger.error("error updating vulnerable api's collection for account " + accountId + " " + e.getMessage()); + } + } + } + private void decideFirstPage(BasicDBObject loginResult, int accountId){ Context.accountId.set(accountId); long count = SingleTypeInfoDao.instance.getEstimatedCount(); @@ -157,6 +191,9 @@ public static String loginUser(User user, HttpServletResponse servletResponse, b ) ); } + service.submit(() ->{ + triggerVulnColUpdation(user); + }); return Action.SUCCESS.toUpperCase(); } catch (NoSuchAlgorithmException | InvalidKeySpecException | IOException e) { e.printStackTrace(); diff --git a/apps/dashboard/src/main/java/com/akto/listener/RuntimeListener.java b/apps/dashboard/src/main/java/com/akto/listener/RuntimeListener.java index da15a1e81b..377badbbcb 100644 --- a/apps/dashboard/src/main/java/com/akto/listener/RuntimeListener.java +++ b/apps/dashboard/src/main/java/com/akto/listener/RuntimeListener.java @@ -79,7 +79,7 @@ public void accept(Account account) { try { initialiseDemoCollections(); - addSampleData(); + //addSampleData(); } catch (Exception e) { loggerMaker.errorAndAddToDb(e,"Error while initialising demo collections: " + e, LoggerMaker.LogDb.DASHBOARD); } @@ -225,7 +225,7 @@ public static void addSampleData() { for (SingleTypeInfo singleTypeInfo: params) { urlList.add(singleTypeInfo.getUrl()); } - if (urlList.size() != 190) { + if (urlList.size() != 194) { Utils.pushDataToKafka(VULNERABLE_API_COLLECTION_ID, "", result, new ArrayList<>(), true); } diff --git a/apps/dashboard/src/main/resources/SampleApiData.json b/apps/dashboard/src/main/resources/SampleApiData.json index 304334d346..00239c8ed1 100644 --- a/apps/dashboard/src/main/resources/SampleApiData.json +++ b/apps/dashboard/src/main/resources/SampleApiData.json @@ -4490,5 +4490,135 @@ "responseHeaders": {}, "statusCode": 200 } + }, + { + "id": "CONTENT_TYPE_HEADER_MISSING", + "sampleData": { + "method": "GET", + "requestPayload": "", + "responsePayload": "{\"courses\": [{\"courseId\": \"CS101\", \"name\": \"Computer Science\", \"duration\": \"4 years\", \"faculty\": \"PROF-404\", \"description\": \"This course provides in-depth knowledge of computer science principles and applications.\"}, {\"courseId\": \"ENG201\", \"name\": \"English\", \"duration\": \"3 years\", \"faculty\": \"PROF-202\", \"description\": \"Explore the world of literature and develop critical thinking and analytical skills.\"}, {\"courseId\": \"MAT301\", \"name\": \"Mathematics\", \"duration\": \"3 years\", \"faculty\": \"PROF-505\", \"description\": \"Study advanced mathematical concepts and their real-world applications.\"}]}", + "requestHeaders": "{\"Authorization\":\"JWT eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJBa3RvIiwic3ViIjoibG9naW4iLCJzaWduZWRVcCI6InRydWUiLCJ1c2VybmFtZSI6InJpc2hhdi5zb2xhbmtpQGFrdG8uaW8iLCJpYXQiOjE2ODg3MTMzNTUsImV4cCI6MTY4ODcxNDI1NX0.ToSrgQdEWaTVBphY9QMPBmo1zWgaDt_2zRlFb4gLYcgn3x58ClnTciRXN--9 LeoKojWo466S2rDDK8KH3IhR7gTDKk9ihKfLaVoKIg7M7RaHxFgp - vtjWenFcR6IBqLXqYh_kCqBFDH3hjrbD1Qtoaieu_L1rtJFwqz2xoIZP0VEmTPXT4vxT6yoVlbgloROzu1cJFGnoFQm69OUNHpCLf9S_7Qs - 9 eV2V - AlzeClfMnblTqhQP_s4znPit2Ik0ypNIH - mEwgxL - coWVmphuFYy5uG5c2Z4F4te7r_QP9jlOVYFjwB6_9gQSwi1lrm8qKdNml1UKnh4NNizc1878oQ\", \"Content-Length\": \"2\"}", + "responseHeaders": "", + "status": "OK", + "statusCode": "200", + "path": "/api/college/course-list" + }, + "testData": { + "method": "GET", + "url": "/api/college/course-list", + "responsePayload": { + "courses": { + "courseId_1": "CS101", + "courseId_2": "CS102", + "courseId_3": "CS103", + "courseId_4": "CS104", + "courseId_5": "CS105" + } + }, + "responseHeaders": { + "Server": "Apache/2.4.18 (Ubuntu)" + }, + "statusCode": 200 + } + }, + { + "id": "FIREBASE_UNAUTHENTICATED", + "sampleData": { + "method": "GET", + "requestPayload": "", + "responsePayload": "{\"d1\" : \"CSE\", \"d2\": \"ECE\", \"d3\": \"IT\"}", + "requestHeaders": "{\"Authorization\":\"JWT eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJBa3RvIiwic3ViIjoibG9naW4iLCJzaWduZWRVcCI6InRydWUiLCJ1c2VybmFtZSI6InJpc2hhdi5zb2xhbmtpQGFrdG8uaW8iLCJpYXQiOjE2ODg3MTMzNTUsImV4cCI6MTY4ODcxNDI1NX0.ToSrgQdEWaTVBphY9QMPBmo1zWgaDt_2zRlFb4gLYcgn3x58ClnTciRXN--9 LeoKojWo466S2rDDK8KH3IhR7gTDKk9ihKfLaVoKIg7M7RaHxFgp - vtjWenFcR6IBqLXqYh_kCqBFDH3hjrbD1Qtoaieu_L1rtJFwqz2xoIZP0VEmTPXT4vxT6yoVlbgloROzu1cJFGnoFQm69OUNHpCLf9S_7Qs - 9 eV2V - AlzeClfMnblTqhQP_s4znPit2Ik0ypNIH - mEwgxL - coWVmphuFYy5uG5c2Z4F4te7r_QP9jlOVYFjwB6_9gQSwi1lrm8qKdNml1UKnh4NNizc1878oQ\", \"Content-Type\": \"application/json\", \"Content-Length\": \"2\"}", + "responseHeaders": "", + "status": "OK", + "statusCode": "200", + "path": "/api/college/info/departments/branch" + }, + "testData": { + "method": "GET", + "url": "/api/college/info/departments/branch.json", + "responsePayload": { + "d1": { + "id": "CSE", + "name": "Computer Science" + }, + "d2": { + "id": "ECE", + "name": "Electronics and Communication" + }, + "d3": { + "id": "IT", + "name": "Information Technology" + } + }, + "responseHeaders": {}, + "statusCode": 200 + } + }, + { + "id": "PASSWD_CHANGE_BRUTE_FORCE", + "sampleData": { + "method": "POST", + "requestPayload": "{\"username\": \"STUD-9965\", \"password\":\"qwerty123\"}", + "requestHeaders": "{\"Authorization\":\"JWT eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJBa3RvIiwic3ViIjoibG9naW4iLCJzaWduZWRVcCI6InRydWUiLCJ1c2VybmFtZSI6InJpc2hhdi5zb2xhbmtpQGFrdG8uaW8iLCJpYXQiOjE2ODg3MTMzNTUsImV4cCI6MTY4ODcxNDI1NX0.ToSrgQdEWaTVBphY9QMPBmo1zWgaDt_2zRlFb4gLYcgn3x58ClnTciRXN--9 LeoKojWo466S2rDDK8KH3IhR7gTDKk9ihKfLaVoKIg7M7RaHxFgp - vtjWenFcR6IBqLXqYh_kCqBFDH3hjrbD1Qtoaieu_L1rtJFwqz2xoIZP0VEmTPXT4vxT6yoVlbgloROzu1cJFGnoFQm69OUNHpCLf9S_7Qs - 9 eV2V - AlzeClfMnblTqhQP_s4znPit2Ik0ypNIH - mEwgxL - coWVmphuFYy5uG5c2Z4F4te7r_QP9jlOVYFjwB6_9gQSwi1lrm8qKdNml1UKnh4NNizc1878oQ\", \"HOST\": \"vulnerableapi.com\", \"Content-Type\": \"application/json\", \"Content-Length\": \"2\"}", + "responsePayload": "{\"status\": \"Password change successful\"}", + "responseHeaders": "", + "status": "OK", + "statusCode": "200", + "path": "/api/college/erp/login/change-password" + }, + "testData": { + "method": "POST", + "url": "/api/college/erp/login/change-password", + "responsePayload": { + "status": "Password change successful" + }, + "responseHeaders": {}, + "statusCode": 200 + } + }, + { + "id": "BOLA_COOKIE_FUZZING", + "sampleData": { + "method": "GET", + "requestPayload": "{\"email\": \"user6@example.com\",\"role\": \"user\"}", + "requestHeaders": "{\"Authorization\":\"JWT eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJBa3RvIiwic3ViIjoibG9naW4iLCJzaWduZWRVcCI6InRydWUiLCJ1c2VybmFtZSI6InJpc2hhdi5zb2xhbmtpQGFrdG8uaW8iLCJpYXQiOjE2ODg3MTMzNTUsImV4cCI6MTY4ODcxNDI1NX0.ToSrgQdEWaTVBphY9QMPBmo1zWgaDt_2zRlFb4gLYcgn3x58ClnTciRXN--9 LeoKojWo466S2rDDK8KH3IhR7gTDKk9ihKfLaVoKIg7M7RaHxFgp-vtjWenFcR6IBqLXqYh_kCqBFDH3hjrbD1Qtoaieu_L1rtJFwqz2xoIZP0VEmTPXT4vxT6yoVlbgloROzu1cJFGnoFQm69OUNHpCLf9S_7Qs-9eV2V-AlzeClfMnblTqhQP_s4znPit2Ik0ypNIH-mEwgxL-coWVmphuFYy5uG5c2Z4F4te7r_QP9jlOVYFjwB6_9gQSwi1lrm8qKdNml1UKnh4NNizc1878oQ\", \"HOST\": \"vulnerableapi.com\", \"cookie\": \"refreshToken=eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJBa3RvIiwic3ViIjoicmVmcmVzaFRva2VuIiwic2lnbmVasdkSDG3jsnVlIiwidjknbjhksd8757dfsjkgDFG93nQGFrdG8uaW8iLCJpYXQiOjE2ODk2OTg0MDgsImV4cCI6MTY5MDIxNjgwOH0.i4YOfDCn4W3weTYqU5M3zaB37L4DHRUaFc91XVzD0_WOYRlTETrzFyLRpMETP7GrttSE79DyFDIN9nVgtuiAOrcLafyZUZsbV9oqLaNxEHx3vcyOQpg7Br7AUPxzqnIyZs_vxdmnkewRoxaeMifhlXuhIvORCoLZRHBgLX66CuJNqBwQy6zO3W0DcdgFN0DOWeQulYN2m8KLuNVDzHswq0s9jOWLPEwVBwlQc-sdf3sFKAoe9rewKNMSA4ptWOds6tqphBs0RYyaE4S_HFywT8mmMb8mer7fdzFqTEXfyKFzEFbI2M9k2_kpASyd6uvl_Cdk22QSIZBzjRMVo3VOLWgg; intercom-device-id-xjvl0z2h=25750e91-1931-42e2-a319-8b7289df6800\"}", + "responsePayload": "{\"flower\": \"Lilium\", \"number\": \"274\"}", + "responseHeaders": "", + "status": "OK", + "statusCode": "200", + "path": "/api/college/garden/123653" + }, + "testData": { + "method": "GET", + "url": "/api/college/garden/123653", + "responsePayload": { + "flower": "Lilium", + "number": "274" + }, + "responseHeaders": {}, + "statusCode": 200 + } + }, + { + "id": "HEAD_METHOD_TEST", + "sampleData": { + "method": "GET", + "requestPayload": "", + "responsePayload": "{\"message\": \"Redirecting...\"}", + "requestHeaders": "{\"Authorization\":\"JWT eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJBa3RvIiwic3ViIjoibG9naW4iLCJzaWduZWRVcCI6InRydWUiLCJ1c2VybmFtZSI6InJpc2hhdi5zb2xhbmtpQGFrdG8uaW8iLCJpYXQiOjE2ODg3MTMzNTUsImV4cCI6MTY4ODcxNDI1NX0.ToSrgQdEWaTVBphY9QMPBmo1zWgaDt_2zRlFb4gLYcgn3x58ClnTciRXN--9 LeoKojWo466S2rDDK8KH3IhR7gTDKk9ihKfLaVoKIg7M7RaHxFgp - vtjWenFcR6IBqLXqYh_kCqBFDH3hjrbD1Qtoaieu_L1rtJFwqz2xoIZP0VEmTPXT4vxT6yoVlbgloROzu1cJFGnoFQm69OUNHpCLf9S_7Qs - 9 eV2V - AlzeClfMnblTqhQP_s4znPit2Ik0ypNIH - mEwgxL - coWVmphuFYy5uG5c2Z4F4te7r_QP9jlOVYFjwB6_9gQSwi1lrm8qKdNml1UKnh4NNizc1878oQ\", \"Content-Type\": \"application/json\", \"Content-Length\": \"2\", \"X-CSRF-Token\": \"abcdef1234567890\"}", + "responseHeaders": "", + "status": "OK", + "statusCode": "302", + "path": "/api/college/head-endpoint" + }, + "testData": { + "method": "HEAD", + "url": "/api/college/head-endpoint", + "responsePayload": { + "message": "Welcome to the collegeXYZ Portal" + }, + "responseHeaders": {}, + "statusCode": 200 + } } ] diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/components/shared/style.css b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/components/shared/style.css index 40ce595203..f592dd4285 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/components/shared/style.css +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/components/shared/style.css @@ -44,10 +44,6 @@ padding-left: 10px ; } -.new-diff .view-lines{ - background: #FAFBFB !important; -} - .new-diff .monaco-hover{ background-color: #FFF5EA !important; border-radius: 2px; diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/dashboard.css b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/dashboard.css index e8b2051bce..1c651c8df1 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/dashboard.css +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/dashboard.css @@ -114,6 +114,10 @@ word-break: break-all !important; } +.test-title .Polaris-Text--break { + word-break: normal !important; +} + .Polaris-Frame__Skip{ visibility: hidden !important; } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/TestEditor.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/TestEditor.jsx index ca344036b8..2078fb47cd 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/TestEditor.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/TestEditor.jsx @@ -25,6 +25,7 @@ const TestEditor = () => { const setVulnerableRequestMap = TestEditorStore(state => state.setVulnerableRequestMap) const setDefaultRequest = TestEditorStore(state => state.setDefaultRequest) const setActive = PersistStore(state => state.setActive) + const selectedSampleApi = TestEditorStore(state => state.selectedSampleApi) const [loading, setLoading] = useState(true) diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/SampleApi.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/SampleApi.jsx index d558c00bfe..de17dccc30 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/SampleApi.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/SampleApi.jsx @@ -35,15 +35,15 @@ const SampleApi = () => { const selectedTest = TestEditorStore(state => state.selectedTest) const vulnerableRequestsObj = TestEditorStore(state => state.vulnerableRequestsMap) const defaultRequest = TestEditorStore(state => state.defaultRequest) - const selectedSampleApi = TestEditorStore(state => state.selectedSampleApi) - const setSelectedSampleApi = TestEditorStore(state => state.setSelectedSampleApi) + const selectedSampleApi = PersistStore(state => state.selectedSampleApi) + const setSelectedSampleApi = PersistStore(state => state.setSelectedSampleApi) const tabs = [{ id: 'request', content: 'Request' }, { id: 'response', content: 'Response'}]; const mapCollectionIdToName = func.mapCollectionIdToName(allCollections) useEffect(()=>{ let testId = selectedTest.value - let selectedUrl = selectedSampleApi.hasOwnProperty(testId) ? selectedSampleApi[testId] : vulnerableRequestsObj?.[testId] + let selectedUrl = Object.keys(selectedSampleApi).length > 0 ? selectedSampleApi : vulnerableRequestsObj?.[testId] setSelectedCollectionId(null) setCopyCollectionId(null) setTestResult(null) @@ -95,6 +95,8 @@ const SampleApi = () => { localEditorData = transform.formatData(sampleData?.responseJson, "http") } setEditorData({message: localEditorData}) + }else{ + setEditorData({message: ''}) } } @@ -137,23 +139,26 @@ const SampleApi = () => { },0) setSelected(0) + }else{ + setEditorData({message: ''}) } + }else{ + setEditorData({message: ''}) } } const toggleSelectApiActive = () => setSelectApiActive(prev => !prev) const saveFunc = () =>{ setSelectedApiEndpoint(copySelectedApiEndpoint) - let copySampleApiObj = {...selectedSampleApi} const urlObj = func.toMethodUrlObject(copySelectedApiEndpoint) - copySampleApiObj[selectedTest.value] = { + const sampleApi = { apiCollectionId :copyCollectionId, url: urlObj.url, method:{ "_name": urlObj.method } } - setSelectedSampleApi(copySampleApiObj) + setSelectedSampleApi(sampleApi) setSelectedCollectionId(copyCollectionId) toggleSelectApiActive() } diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/YamlEditor.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/YamlEditor.jsx index 766e0590c7..561e73f3b1 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/YamlEditor.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/YamlEditor.jsx @@ -41,9 +41,6 @@ const YamlEditor = ({ fetchAllTests }) => { const setTestsObj = TestEditorStore(state => state.setTestsObj) const setCurrentContent = TestEditorStore(state => state.setCurrentContent) - const selectedSampleApi = TestEditorStore(state => state.selectedSampleApi) - const setSelectedSampleApi = TestEditorStore(state => state.setSelectedSampleApi) - const [ isEdited, setIsEdited ] = useState(false) const [ editorInstance, _setEditorInstance ] = useState() const editorInstanceRef = useRef(editorInstance) @@ -72,9 +69,6 @@ const YamlEditor = ({ fetchAllTests }) => { isError: false, message: "Test saved successfully!" }) - let newUrlObj = {...selectedSampleApi} - newUrlObj[addTestTemplateResponse.finalTestId] = selectedSampleApi[selectedTest.value]; - setSelectedSampleApi(newUrlObj); navigate(`/dashboard/test-editor/${addTestTemplateResponse.finalTestId}`) fetchAllTests() } catch(error) { diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/testEditorStore.js b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/testEditorStore.js index 81060fa74b..11ca3db2a9 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/testEditorStore.js +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/testEditorStore.js @@ -26,9 +26,6 @@ let testEditorStore = (set)=>({ setCurrentContent:(currentContent)=>{ set({currentContent: currentContent}) }, - - selectedSampleApi: {}, - setSelectedSampleApi: (selectedSampleApi) => set({selectedSampleApi: selectedSampleApi}) }) testEditorStore = devtools(testEditorStore) diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRunResultPage/TestRunResultFlyout.jsx b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRunResultPage/TestRunResultFlyout.jsx index 735cfc68c1..4094008d5d 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRunResultPage/TestRunResultFlyout.jsx +++ b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRunResultPage/TestRunResultFlyout.jsx @@ -118,7 +118,7 @@ function TestRunResultFlyout(props) {
-
+
{selectedTestRunResult?.name} {severity.length > 0 ? {severity} : null}
diff --git a/apps/dashboard/web/polaris_web/web/src/apps/main/PersistStore.js b/apps/dashboard/web/polaris_web/web/src/apps/main/PersistStore.js index 704346dd42..21f52a93c3 100644 --- a/apps/dashboard/web/polaris_web/web/src/apps/main/PersistStore.js +++ b/apps/dashboard/web/polaris_web/web/src/apps/main/PersistStore.js @@ -20,7 +20,7 @@ const initialState = { lastFetchedSeverityResp: {}, lastCalledSensitiveInfo: 0, lastFetchedSensitiveResp: [], - // selectedSampleApi: {}, + selectedSampleApi: {}, coverageMap:{}, filtersMap:{}, tableInitialState: {}, @@ -42,7 +42,7 @@ let persistStore = (set) => ({ setLastFetchedSeverityResp: (lastFetchedSeverityResp) => set({ lastFetchedSeverityResp }), setLastCalledSensitiveInfo: (lastCalledSensitiveInfo) => set({ lastCalledSensitiveInfo }), setLastFetchedSensitiveResp: (lastFetchedSensitiveResp) => set({ lastFetchedSensitiveResp }), - // setSelectedSampleApi: (selectedSampleApi) => set({selectedSampleApi: selectedSampleApi}), + setSelectedSampleApi: (selectedSampleApi) => set({selectedSampleApi: selectedSampleApi}), setCoverageMap:(coverageMap)=>{set({coverageMap: coverageMap})}, setFiltersMap: (filtersMap) => set({ filtersMap }), setTableInitialState: (tableInitialState) => set({ tableInitialState }), diff --git a/apps/testing/src/main/java/com/akto/test_editor/execution/Executor.java b/apps/testing/src/main/java/com/akto/test_editor/execution/Executor.java index 0a10676278..f468d763a4 100644 --- a/apps/testing/src/main/java/com/akto/test_editor/execution/Executor.java +++ b/apps/testing/src/main/java/com/akto/test_editor/execution/Executor.java @@ -155,7 +155,7 @@ public YamlTestResult execute(ExecutorNode node, RawApi rawApi, Map algoMap = new HashMap<>(); - ExecutorSingleRequest singleReq = executorAlgorithm.execute(executorNodes, 0, algoMap, testRawApis, false, 0); + ExecutorSingleRequest singleReq = executorAlgorithm.execute(executorNodes, 0, algoMap, testRawApis, false, 0, apiInfoKey); if (!singleReq.getSuccess()) { testRawApis = new ArrayList<>(); @@ -371,9 +371,9 @@ public TestResult validate(ExecutionResult attempt, RawApi rawApi, Map varMap, AuthMechanism authMechanism, List customAuthTypes) { + public ExecutorSingleOperationResp invokeOperation(String operationType, Object key, Object value, RawApi rawApi, Map varMap, AuthMechanism authMechanism, List customAuthTypes, ApiInfo.ApiInfoKey apiInfoKey) { try { - ExecutorSingleOperationResp resp = runOperation(operationType, rawApi, key, value, varMap, authMechanism, customAuthTypes); + ExecutorSingleOperationResp resp = runOperation(operationType, rawApi, key, value, varMap, authMechanism, customAuthTypes, apiInfoKey); return resp; } catch(Exception e) { return new ExecutorSingleOperationResp(false, "error executing executor operation " + e.getMessage()); @@ -544,7 +544,7 @@ private static BasicDBObject getBillingTokenForAuth() { return bDObject; } - public ExecutorSingleOperationResp runOperation(String operationType, RawApi rawApi, Object key, Object value, Map varMap, AuthMechanism authMechanism, List customAuthTypes) { + public ExecutorSingleOperationResp runOperation(String operationType, RawApi rawApi, Object key, Object value, Map varMap, AuthMechanism authMechanism, List customAuthTypes, ApiInfo.ApiInfoKey apiInfoKey) { switch (operationType.toLowerCase()) { case "send_ssrf_req": String keyValue = key.toString().replaceAll("\\$\\{random_uuid\\}", ""); @@ -650,6 +650,9 @@ public ExecutorSingleOperationResp runOperation(String operationType, RawApi raw } removed = removeCustomAuth(rawApi, customAuthTypes) || removed ; if (removed) { + if (apiInfoKey.getApiCollectionId() == 1111111111) { + Operations.addHeader(rawApi, Constants.AKTO_REMOVE_AUTH , "0"); + } return new ExecutorSingleOperationResp(true, ""); } else { return new ExecutorSingleOperationResp(false, "header key not present"); diff --git a/apps/testing/src/main/java/com/akto/test_editor/execution/ExecutorAlgorithm.java b/apps/testing/src/main/java/com/akto/test_editor/execution/ExecutorAlgorithm.java index 54cc36e5dc..556d35cf32 100644 --- a/apps/testing/src/main/java/com/akto/test_editor/execution/ExecutorAlgorithm.java +++ b/apps/testing/src/main/java/com/akto/test_editor/execution/ExecutorAlgorithm.java @@ -6,6 +6,7 @@ import com.akto.dao.test_editor.TestEditorEnums; import com.akto.dao.test_editor.TestEditorEnums.ExecutorOperandTypes; +import com.akto.dto.ApiInfo; import com.akto.dto.CustomAuthType; import com.akto.dto.RawApi; import com.akto.dto.test_editor.ExecuteAlgoObj; @@ -33,7 +34,7 @@ public ExecutorAlgorithm(RawApi sampleRawApi, Map varMap, AuthMe public ExecutorAlgorithm(){ } - public ExecutorSingleRequest execute(List executorNodes, int operationIndex, Map algoMap, List rawApis, boolean expandRawApis, int rawapiInsertCount) { + public ExecutorSingleRequest execute(List executorNodes, int operationIndex, Map algoMap, List rawApis, boolean expandRawApis, int rawapiInsertCount, ApiInfo.ApiInfoKey apiInfoKey) { if (operationIndex < 0 || operationIndex >= executorNodes.size()) { return new ExecutorSingleRequest(true, "", rawApis, null); @@ -92,7 +93,7 @@ public ExecutorSingleRequest execute(List executorNodes, int opera for (int i = 0; i < numberOfOperations; i++) { if (!expandRawApis && rawApiIndex >= rawApis.size()) { for (int j = 0; j < operationIndex; j++) { - executorSingleRequest = execute(executorNodes, j, algoMap, rawApis, true, numberOfOperations - i); + executorSingleRequest = execute(executorNodes, j, algoMap, rawApis, true, numberOfOperations - i, apiInfoKey); if (!executorSingleRequest.getSuccess()) { return executorSingleRequest; } @@ -110,7 +111,7 @@ public ExecutorSingleRequest execute(List executorNodes, int opera valIndex = (valIndex + 1)%valList.size(); } } - ExecutorSingleOperationResp resp = executor.invokeOperation(executorNode.getOperationType(), key, val, rawApis.get(rawApiIndex), varMap, authMechanism, customAuthTypes); + ExecutorSingleOperationResp resp = executor.invokeOperation(executorNode.getOperationType(), key, val, rawApis.get(rawApiIndex), varMap, authMechanism, customAuthTypes, apiInfoKey); if (!resp.getSuccess()) { return new ExecutorSingleRequest(false, resp.getErrMsg(), null, false); } @@ -123,7 +124,7 @@ public ExecutorSingleRequest execute(List executorNodes, int opera algoMap.put(operationIndex, new ExecuteAlgoObj(numberOfOperations, keyIndex, valIndex, rawApis.size())); if (!expandRawApis) { - executorSingleRequest = execute(executorNodes, operationIndex + 1, algoMap, rawApis, false, 0); + executorSingleRequest = execute(executorNodes, operationIndex + 1, algoMap, rawApis, false, 0, apiInfoKey); } return executorSingleRequest; } diff --git a/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/YamlNodeExecutor.java b/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/YamlNodeExecutor.java index cd372a77a6..5a42505a90 100644 --- a/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/YamlNodeExecutor.java +++ b/apps/testing/src/main/java/com/akto/testing/workflow_node_executor/YamlNodeExecutor.java @@ -82,7 +82,7 @@ public NodeResult processNode(Node node, Map varMap, Boolean all ExecutorAlgorithm executorAlgorithm = new ExecutorAlgorithm(sampleRawApi, varMap, authMechanism, customAuthTypes); Map algoMap = new HashMap<>(); - ExecutorSingleRequest singleReq = executorAlgorithm.execute(executorNodes, 0, algoMap, rawApis, false, 0); + ExecutorSingleRequest singleReq = executorAlgorithm.execute(executorNodes, 0, algoMap, rawApis, false, 0, yamlNodeDetails.getApiInfoKey()); if (!singleReq.getSuccess()) { rawApis = new ArrayList<>(); @@ -104,9 +104,11 @@ public NodeResult processNode(Node node, Map varMap, Boolean all List responseLenArr = new ArrayList<>(); for (RawApi testReq: rawApis) { - Map> headers = testReq.fetchReqHeaders(); - headers.put(Constants.AKTO_NODE_ID, Collections.singletonList(node.getId())); - testReq.modifyReqHeaders(headers); + if (yamlNodeDetails.getApiCollectionId() == 1111111111) { + Map> headers = testReq.fetchReqHeaders(); + headers.put(Constants.AKTO_NODE_ID, Collections.singletonList(node.getId())); + testReq.modifyReqHeaders(headers); + } if (vulnerable) { break; } diff --git a/libs/dao/src/main/java/com/akto/dto/BackwardCompatibility.java b/libs/dao/src/main/java/com/akto/dto/BackwardCompatibility.java index b4066eff8c..1d19d9456f 100644 --- a/libs/dao/src/main/java/com/akto/dto/BackwardCompatibility.java +++ b/libs/dao/src/main/java/com/akto/dto/BackwardCompatibility.java @@ -59,12 +59,15 @@ public class BackwardCompatibility { public static final String DEFAULT_TELEMETRY_SETTINGS = "defaultTelemetrySettings"; private int defaultTelemetrySettings; + public static final String VULNERABLE_API_UPDATION_VERSION_V1 = "vulnerableApiUpdationVersionV1"; + private int vulnerableApiUpdationVersionV1; + public BackwardCompatibility(int id, int dropFilterSampleData, int resetSingleTypeInfoCount, int dropWorkflowTestResult, int readyForNewTestingFramework,int addAktoDataTypes, boolean deploymentStatusUpdated, int authMechanismData, boolean mirroringLambdaTriggered, int deleteAccessListFromApiToken, int deleteNullSubCategoryIssues, int enableNewMerging, int aktoDefaultNewUI, int initializeOrganizationAccountBelongsTo, int orgsInBilling, - int computeIntegratedConnections, int deleteLastCronRunInfo) { + int computeIntegratedConnections, int deleteLastCronRunInfo, int vulnerableApiUpdationVersionV1) { this.id = id; this.dropFilterSampleData = dropFilterSampleData; this.resetSingleTypeInfoCount = resetSingleTypeInfoCount; @@ -83,6 +86,7 @@ public BackwardCompatibility(int id, int dropFilterSampleData, int resetSingleTy this.initializeOrganizationAccountBelongsTo = initializeOrganizationAccountBelongsTo; this.orgsInBilling = orgsInBilling; this.deleteLastCronRunInfo = deleteLastCronRunInfo; + this.vulnerableApiUpdationVersionV1 = vulnerableApiUpdationVersionV1; } public BackwardCompatibility() { @@ -247,4 +251,12 @@ public int getDefaultTelemetrySettings() { public void setDefaultTelemetrySettings(int defaultTelemetrySettings) { this.defaultTelemetrySettings = defaultTelemetrySettings; } + + public int getVulnerableApiUpdationVersionV1() { + return vulnerableApiUpdationVersionV1; + } + + public void setVulnerableApiUpdationVersionV1(int vulnerableApiUpdationVersionV1) { + this.vulnerableApiUpdationVersionV1 = vulnerableApiUpdationVersionV1; + } } diff --git a/libs/dao/src/main/java/com/akto/util/Constants.java b/libs/dao/src/main/java/com/akto/util/Constants.java index b75380cbd9..8d2a5468ef 100644 --- a/libs/dao/src/main/java/com/akto/util/Constants.java +++ b/libs/dao/src/main/java/com/akto/util/Constants.java @@ -17,5 +17,6 @@ private Constants() {} public static final String AKTO_ATTACH_FILE = "x-akto-attach-file"; public static final String AKTO_TOKEN_KEY = "x-akto-key"; public static final String AKTO_NODE_ID = "x-akto-node"; + public static final String AKTO_REMOVE_AUTH= "x-akto-remove-auth"; } diff --git a/libs/utils/src/main/java/com/akto/open_api/parser/parameter_parser/PathParamParser.java b/libs/utils/src/main/java/com/akto/open_api/parser/parameter_parser/PathParamParser.java index 952a80075f..5e2bedacca 100644 --- a/libs/utils/src/main/java/com/akto/open_api/parser/parameter_parser/PathParamParser.java +++ b/libs/utils/src/main/java/com/akto/open_api/parser/parameter_parser/PathParamParser.java @@ -35,7 +35,7 @@ private static String replacePathParameterUtil(String path, Parameter parameter) String type = schema.getType(); String format = schema.getFormat(); - String example = schema.getExample() != null ? String.valueOf(schema.getExample()) : null; + String example = schema.getExample() != null ? String.valueOf(schema.getExample()) : parameter.getExample() != null ? String.valueOf(parameter.getExample()): null; if(example != null) { replacement = example; }