Skip to content

Commit

Permalink
Merge pull request #1017 from akto-api-security/feature/ignore_redund…
Browse files Browse the repository at this point in the history
…ant_urls

added functionality to reduce garbage endpoints
  • Loading branch information
Ark2307 authored Apr 17, 2024
2 parents bdc7412 + dc3bb56 commit d35bde9
Show file tree
Hide file tree
Showing 6 changed files with 104 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import static com.akto.runtime.RuntimeUtil.matchesDefaultPayload;

Expand All @@ -53,6 +55,7 @@ public class HttpCallParser {
.build();

private static final ConcurrentLinkedQueue<BasicDBObject> queue = new ConcurrentLinkedQueue<>();
private static final int MAX_ALLOWED_HTML_CONTENT = 1024 * 1024 ;

public static void init() {
trafficMetricsExecutor.scheduleAtFixedRate(new Runnable() {
Expand Down Expand Up @@ -196,7 +199,7 @@ public void syncFunction(List<HttpResponseParams> responseParams, boolean syncIm
if (accountSettings != null && accountSettings.getDefaultPayloads() != null) {
filteredResponseParams = filterDefaultPayloads(filteredResponseParams, accountSettings.getDefaultPayloads());
}
filteredResponseParams = filterHttpResponseParams(filteredResponseParams);
filteredResponseParams = filterHttpResponseParams(filteredResponseParams, accountSettings);
boolean isHarOrPcap = aggregate(filteredResponseParams, aggregatorMap);

for (int apiCollectionId: aggregatorMap.keySet()) {
Expand Down Expand Up @@ -354,7 +357,23 @@ public void incTrafficMetrics(TrafficMetrics.Key key, int value) {
trafficMetrics.inc(value);
}

public List<HttpResponseParams> filterHttpResponseParams(List<HttpResponseParams> httpResponseParamsList) {
private boolean isRedundantEndpoint(String url){
String regex = ".*\\.(js|css|svg|png|json|html|io).*";

Pattern pattern = Pattern.compile(regex);
Matcher matcher = pattern.matcher(url);
return matcher.matches();
}

private boolean isInvalidContentType(String contentType){
boolean res = false;
if(contentType == null || contentType.length() == 0) return res;

res = contentType.contains("javascript") || contentType.contains("png");
return res;
}

public List<HttpResponseParams> filterHttpResponseParams(List<HttpResponseParams> httpResponseParamsList, AccountSettings accountSettings) {
List<HttpResponseParams> filteredResponseParams = new ArrayList<>();
int originalSize = httpResponseParamsList.size();
for (HttpResponseParams httpResponseParam: httpResponseParamsList) {
Expand All @@ -374,6 +393,21 @@ public List<HttpResponseParams> filterHttpResponseParams(List<HttpResponseParams
String ignoreAktoFlag = getHeaderValue(httpResponseParam.getRequestParams().getHeaders(),Constants.AKTO_IGNORE_FLAG);
if (ignoreAktoFlag != null) continue;

// check for garbage points here
if(!accountSettings.getAllowRedundantEndpoints()){
if(isRedundantEndpoint(httpResponseParam.getRequestParams().getURL())){
continue;
}
List<String> contentTypeList = (List<String>) httpResponseParam.getRequestParams().getHeaders().getOrDefault("content-type", new ArrayList<>());
String contentType = null;
if(!contentTypeList.isEmpty()){
contentType = contentTypeList.get(0);
}
if(isInvalidContentType(contentType)){
continue;
}
}

String hostName = getHeaderValue(httpResponseParam.getRequestParams().getHeaders(), "host");


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@
import com.akto.dao.*;
import com.akto.dao.billing.OrganizationsDao;
import com.akto.dao.context.Context;
import com.akto.dto.AccountSettings;
import com.akto.dto.User;
import com.akto.dto.type.CollectionReplaceDetails;
import com.akto.dto.*;
import com.akto.dto.billing.Organization;
Expand Down Expand Up @@ -50,8 +48,9 @@ public String execute() throws Exception {
public Boolean enableTelemetry;

private List<String> partnerIpList;
private boolean allowRedundantEndpoints;

public String updateSetupType() {
public String updateSetupType() {
AccountSettingsDao.instance.getMCollection().updateOne(
AccountSettingsDao.generateFilter(),
Updates.set(AccountSettings.SETUP_TYPE, this.setupType),
Expand Down Expand Up @@ -261,6 +260,21 @@ public String editPartnerIpList(){

}

public String updateUrlSettings() {
try {
AccountSettingsDao.instance.getMCollection().updateOne(
AccountSettingsDao.generateFilter(),
Updates.set(AccountSettings.ALLOW_REDUNDANT_ENDPOINTS, this.allowRedundantEndpoints),
new UpdateOptions().upsert(true)
);

return SUCCESS.toUpperCase();
} catch (Exception e) {
return ERROR.toUpperCase();
}

}

public AccountSettings getAccountSettings() {
return this.accountSettings;
}
Expand Down Expand Up @@ -345,4 +359,8 @@ public void setPrivateCidrList(List<String> privateCidrList) {
public List<String> getPrivateCidrList() {
return privateCidrList;
}

public void setAllowRedundantEndpoints(boolean allowRedundantEndpoints) {
this.allowRedundantEndpoints = allowRedundantEndpoints;
}
}
13 changes: 13 additions & 0 deletions apps/dashboard/src/main/resources/struts.xml
Original file line number Diff line number Diff line change
Expand Up @@ -1821,6 +1821,19 @@
</result>
</action>

<action name="api/updateUrlSettings" class="com.akto.action.AdminSettingsAction" method="updateUrlSettings">
<interceptor-ref name="json"/>
<interceptor-ref name="defaultStack" />
<result name="SUCCESS" type="json">
<param name="root">allowRedundantEndpoints</param>
</result>
<result name="ERROR" type="json">
<param name="statusCode">422</param>
<param name="ignoreHierarchy">false</param>
<param name="includeProperties">^actionErrors.*</param>
</result>
</action>

<action name="api/fetchParamsStatus" class="com.akto.action.ParamStateAction" method="fetchParamsStatus">
<interceptor-ref name="json"/>
<interceptor-ref name="defaultStack" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ function About() {
const [enableTelemetry, setEnableTelemetry] = useState(false)
const [privateCidrList, setPrivateCidrList] = useState([])
const [partnerIpsList, setPartnerIpsList] = useState([])
const [allowRedundantUrls,setAllowRedundantUrls] = useState(false)

const setupOptions = settingFunctions.getSetupOptions()

Expand All @@ -57,6 +58,7 @@ function About() {

setPrivateCidrList(resp.privateCidrList || [])
setPartnerIpsList(resp.partnerIpList || [])
setAllowRedundantUrls(resp.allowRedundantEndpoints)
}

useEffect(()=>{
Expand Down Expand Up @@ -112,6 +114,11 @@ function About() {
await settingRequests.updateTrafficAlertThresholdSeconds(val);
}

const toggleUrlSettings = async(val) => {
setAllowRedundantUrls(val);
await settingRequests.handleRedundantUrls(val);
}

const handleIpsChange = async(ip, isAdded, type) => {
if(type === 'cidr'){
let updatedIps = []
Expand Down Expand Up @@ -308,7 +315,7 @@ function About() {
<LegacyCard.Section title={<Text variant="headingMd">Details</Text>}>
{infoComponent}
</LegacyCard.Section>
{isOnPrem &&
{isOnPrem ?
<LegacyCard.Section title={<Text variant="headingMd">More settings</Text>}>
<div style={{ display: 'flex' }}>
<div style={{ flex: "1" }}>
Expand All @@ -326,6 +333,7 @@ function About() {
<ToggleComponent text={"Redact sample data"} initial={redactPayload} onToggle={handleRedactPayload} />
<ToggleComponent text={"Activate regex matching in merging"} initial={newMerging} onToggle={handleNewMerging} />
<ToggleComponent text={"Enable telemetry"} initial={enableTelemetry} onToggle={toggleTelemetry} />
<ToggleComponent text={"Allow redundant urls"} initial={allowRedundantUrls} onToggle={toggleUrlSettings} />
<VerticalStack gap={1}>
<Text color="subdued">Traffic alert threshold</Text>
<Box width='120px'>
Expand All @@ -345,6 +353,9 @@ function About() {
</div>
</div>
</LegacyCard.Section>
:<LegacyCard.Section title={<Text variant="headingMd">More settings</Text>}>
<ToggleComponent text={"Allow redundant urls"} initial={allowRedundantUrls} onToggle={toggleUrlSettings} />
</LegacyCard.Section>
}
<LegacyCard.Section subdued>
View our <a href='https://www.akto.io/terms-and-policies' target="_blank">terms of service</a> and <a href='https://www.akto.io/terms/privacy' target="_blank" >privacy policy </a>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -412,7 +412,16 @@ const settingRequests = {
method: 'post',
data: {partnerIpList}
})
}
},
handleRedundantUrls(allowRedundantEndpoints) {
return request({
url: '/api/updateUrlSettings',
method: 'post',
data: {
allowRedundantEndpoints
}
});
},
}

export default settingRequests
13 changes: 12 additions & 1 deletion libs/dao/src/main/java/com/akto/dto/AccountSettings.java
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,10 @@ public class AccountSettings {
public static final String PARTNER_IP_LIST = "partnerIpList";
private List<String> partnerIpList;

public AccountSettings() {
public static final String ALLOW_REDUNDANT_ENDPOINTS = "allowRedundantEndpoints";
private boolean allowRedundantEndpoints;

public AccountSettings() {
}

public AccountSettings(int id, List<String> privateCidrList, Boolean redactPayload, SetupType setupType) {
Expand Down Expand Up @@ -360,4 +363,12 @@ public List<String> getPartnerIpList() {
public void setPartnerIpList(List<String> partnerIpList) {
this.partnerIpList = partnerIpList;
}

public boolean getAllowRedundantEndpoints() {
return allowRedundantEndpoints;
}

public void setAllowRedundantEndpoints(boolean allowRedundantEndpoints) {
this.allowRedundantEndpoints = allowRedundantEndpoints;
}
}

0 comments on commit d35bde9

Please sign in to comment.