Skip to content

Commit

Permalink
Merge pull request #695 from akto-api-security/hotfix/severity_count
Browse files Browse the repository at this point in the history
Hotfix/severity count
  • Loading branch information
notshivansh authored Oct 27, 2023
2 parents 0f3505d + bdaa0d6 commit ee8a282
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 30 deletions.
9 changes: 8 additions & 1 deletion apps/testing/src/main/java/com/akto/testing/Main.java
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
import com.akto.dto.Account;
import com.akto.dto.AccountSettings;
import com.akto.dto.testing.TestingRun;
import com.akto.dto.testing.TestingRun.State;
import com.akto.dto.testing.TestingRunConfig;
import com.akto.dto.testing.TestingRunResult;
import com.akto.dto.testing.TestingRunResultSummary;
Expand All @@ -25,6 +26,7 @@
import com.akto.util.EmailAccountName;
import com.mongodb.ConnectionString;
import com.mongodb.client.model.Filters;
import com.mongodb.client.model.Projections;
import com.mongodb.client.model.Updates;
import org.bson.conversions.Bson;
import org.bson.types.ObjectId;
Expand Down Expand Up @@ -140,6 +142,7 @@ public static void main(String[] args) throws InterruptedException {
}


ObjectId summaryId = null;
try {
long timestamp = testingRun.getId().getTimestamp();
long seconds = Context.now() - timestamp;
Expand Down Expand Up @@ -173,7 +176,7 @@ public static void main(String[] args) throws InterruptedException {
TestingRunResultSummariesDao.instance.updateOne(Filters.eq(TestingRunResultSummary.ID, testingRunResultSummary.getId()), Updates.set(TestingRunResultSummary.STATE, TestingRun.State.FAILED));
}
}
ObjectId summaryId = createTRRSummaryIfAbsent(testingRun, start);
summaryId = createTRRSummaryIfAbsent(testingRun, start);
TestExecutor testExecutor = new TestExecutor();
testExecutor.init(testingRun, summaryId);
raiseMixpanelEvent(summaryId, testingRun);
Expand All @@ -197,6 +200,10 @@ public static void main(String[] args) throws InterruptedException {
Filters.eq("_id", testingRun.getId()), completedUpdate
);

if(summaryId != null && testingRun.getTestIdConfig() != 1){
TestExecutor.updateTestSummary(summaryId);
}

loggerMaker.infoAndAddToDb("Tests completed in " + (Context.now() - start) + " seconds", LogDb.TESTING);
}, "testing");
Thread.sleep(1000);
Expand Down
76 changes: 52 additions & 24 deletions apps/testing/src/main/java/com/akto/testing/TestExecutor.java
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,15 @@
import com.akto.store.TestingUtil;
import com.akto.testing.yaml_tests.YamlTestTemplate;
import com.akto.testing_issues.TestingIssuesHandler;
import com.akto.util.Constants;
import com.akto.util.JSONUtils;
import com.akto.util.enums.GlobalEnums.Severity;
import com.akto.util.enums.LoginFlowEnums;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.gson.Gson;
import com.mongodb.BasicDBObject;
import com.mongodb.client.model.Filters;
import com.mongodb.client.model.Projections;
import com.mongodb.client.model.Updates;
import org.bson.types.ObjectId;
import org.json.JSONObject;
Expand Down Expand Up @@ -222,51 +224,77 @@ public void apiWiseInit(TestingRun testingRun, ObjectId summaryId) {

loggerMaker.infoAndAddToDb("Finished testing", LogDb.TESTING);

List<TestingRunResult> testingRunResults = new ArrayList<>();
int totalResults = 0;
for (Future<List<TestingRunResult>> future: futureTestingRunResults) {
if (!future.isDone()) continue;
try {
if (!future.get().isEmpty()) {
testingRunResults.addAll(future.get());
int resultSize = future.get().size();
totalResults += resultSize;
}
} catch (InterruptedException | ExecutionException e) {
loggerMaker.errorAndAddToDb("Error while after running test : " + e, LogDb.TESTING);
}
}

loggerMaker.infoAndAddToDb("Finished adding " + testingRunResults.size() + " testingRunResults", LogDb.TESTING);
loggerMaker.infoAndAddToDb("Finished adding " + totalResults + " testingRunResults", LogDb.TESTING);
}

TestingRunResultSummariesDao.instance.updateOne(
Filters.eq("_id", summaryId),
Updates.set(TestingRunResultSummary.TEST_RESULTS_COUNT, testingRunResults.size())
);
public static void updateTestSummary(ObjectId summaryId){

loggerMaker.infoAndAddToDb("Finished adding issues", LogDb.TESTING);
long testingRunResultsCount = TestingRunResultDao.instance
.count(Filters.eq(TestingRunResult.TEST_RUN_RESULT_SUMMARY_ID, summaryId));

Map<String, Integer> totalCountIssues = new HashMap<>();
totalCountIssues.put("HIGH", 0);
totalCountIssues.put("MEDIUM", 0);
totalCountIssues.put("LOW", 0);
TestingRunResultSummariesDao.instance.getMCollection().findOneAndUpdate(
Filters.eq(Constants.ID, summaryId),
Updates.set(TestingRunResultSummary.TEST_RESULTS_COUNT, testingRunResultsCount));

for (TestingRunResult testingRunResult: testingRunResults) {
if (testingRunResult.isVulnerable()) {
loggerMaker.infoAndAddToDb("Finished updating results count", LogDb.TESTING);

Map<String, Integer> totalCountIssues = new HashMap<>();
totalCountIssues.put(Severity.HIGH.toString(), 0);
totalCountIssues.put(Severity.MEDIUM.toString(), 0);
totalCountIssues.put(Severity.LOW.toString(), 0);

int skip = 0;
int limit = 1000;
boolean fetchMore = false;
do {
fetchMore = false;
List<TestingRunResult> testingRunResults = TestingRunResultDao.instance
.fetchLatestTestingRunResult(
Filters.and(
Filters.eq(TestingRunResult.TEST_RUN_RESULT_SUMMARY_ID, summaryId),
Filters.eq(TestingRunResult.VULNERABLE, true)),
limit,
skip,
Projections.include(
TestingRunResult.TEST_RESULTS));

loggerMaker.infoAndAddToDb("Reading " + testingRunResults.size() + " vulnerable testingRunResults",
LogDb.TESTING);

for (TestingRunResult testingRunResult : testingRunResults) {
String severity = getSeverityFromTestingRunResult(testingRunResult).toString();
int initialCount = totalCountIssues.get(severity);
totalCountIssues.put(severity, initialCount + 1);
}
}

TestingRunResultSummariesDao.instance.updateOne(
Filters.eq("_id", summaryId),
Updates.combine(
Updates.set(TestingRunResultSummary.END_TIMESTAMP, Context.now()),
Updates.set(TestingRunResultSummary.STATE, State.COMPLETED),
Updates.set(TestingRunResultSummary.COUNT_ISSUES, totalCountIssues)
)
);
if (testingRunResults.size() == limit) {
skip += limit;
fetchMore = true;
}

loggerMaker.infoAndAddToDb("Finished updating TestingRunResultSummariesDao", LogDb.TESTING);
} while (fetchMore);

TestingRunResultSummariesDao.instance.getMCollection().findOneAndUpdate(
Filters.eq(Constants.ID, summaryId),
Updates.combine(
Updates.set(TestingRunResultSummary.END_TIMESTAMP, Context.now()),
Updates.set(TestingRunResultSummary.STATE, State.COMPLETED),
Updates.set(TestingRunResultSummary.COUNT_ISSUES, totalCountIssues)));

loggerMaker.infoAndAddToDb("Finished updating TestingRunResultSummariesDao", LogDb.TESTING);
}

public static Severity getSeverityFromTestingRunResult(TestingRunResult testingRunResult){
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,7 @@ public List<TestingRunResult> fetchLatestTestingRunResult(Bson filters) {
}

public List<TestingRunResult> fetchLatestTestingRunResult(Bson filters, int limit) {
MongoCursor<TestingRunResult> cursor = instance.getMCollection().find(filters)
.projection(
Projections.include(
Bson projections = Projections.include(
TestingRunResult.TEST_RUN_ID,
TestingRunResult.API_INFO_KEY,
TestingRunResult.TEST_SUPER_TYPE,
Expand All @@ -59,9 +57,16 @@ public List<TestingRunResult> fetchLatestTestingRunResult(Bson filters, int limi
TestingRunResult.START_TIMESTAMP,
TestingRunResult.END_TIMESTAMP,
TestingRunResult.TEST_RUN_RESULT_SUMMARY_ID
)
)
);

return fetchLatestTestingRunResult(filters, limit, 0, projections);
}

public List<TestingRunResult> fetchLatestTestingRunResult(Bson filters, int limit, int skip, Bson projections) {
MongoCursor<TestingRunResult> cursor = instance.getMCollection().find(filters)
.projection(projections)
.sort(Sorts.descending("_id"))
.skip(skip)
.limit(limit)
.cursor();
List<TestingRunResult> testingRunResults = new ArrayList<>();
Expand Down

0 comments on commit ee8a282

Please sign in to comment.