Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update vuln col on login #1002

Merged
merged 4 commits into from
Apr 15, 2024
+55 −3
Merged

update vuln col on login #1002

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
010f93b
update vuln col on login
ayushaga14 Apr 12, 2024
d3c039f
run addsampleapi call in different thread
ayushaga14 Apr 12, 2024
48dd0f7
handle updation on multiple accounts on login
ayushaga14 Apr 13, 2024
7b046ae
remove duplicate call
ayushaga14 Apr 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion apps/dashboard/src/main/java/com/akto/action/AccountAction.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
Expand All @@ -52,6 +53,7 @@ public class AccountAction extends UserAction {

public static final int MAX_NUM_OF_LAMBDAS_TO_FETCH = 50;
private static final ScheduledExecutorService executorService = Executors.newSingleThreadScheduledExecutor();
private static final ExecutorService service = Executors.newFixedThreadPool(1);

@Override
public String execute() {
Expand Down Expand Up @@ -309,7 +311,11 @@ public void run() {
DaoInit.createIndices();
Main.insertRuntimeFilters();
RuntimeListener.initialiseDemoCollections();
RuntimeListener.addSampleData();
service.submit(() ->{
Context.accountId.set(newAccountId);
loggerMaker.infoAndAddToDb("updating vulnerable api's collection for new account " + newAccountId, LogDb.DASHBOARD);
RuntimeListener.addSampleData();
});
AccountSettingsDao.instance.updateOnboardingFlag(true);
InitializerListener.insertPiiSources();

Expand Down
34 changes: 34 additions & 0 deletions apps/dashboard/src/main/java/com/akto/action/LoginAction.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,17 @@
package com.akto.action;

import com.akto.dao.BackwardCompatibilityDao;
import com.akto.dao.SignupDao;
import com.akto.dao.SingleTypeInfoDao;
import com.akto.dao.UsersDao;
import com.akto.dao.context.Context;
import com.akto.dto.BackwardCompatibility;
import com.akto.dto.Config;
import com.akto.dto.SignupInfo;
import com.akto.dto.SignupUserInfo;
import com.akto.dto.User;
import com.akto.listener.RuntimeListener;
import com.akto.log.LoggerMaker.LogDb;
import com.akto.utils.Token;
import com.akto.utils.JWT;
import com.mongodb.BasicDBObject;
Expand All @@ -29,6 +33,8 @@
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.*;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;

import static com.akto.filter.UserDetailsFilter.LOGIN_URI;

Expand All @@ -42,6 +48,7 @@ public class LoginAction implements Action, ServletResponseAware, ServletRequest
private static final Logger logger = LoggerFactory.getLogger(LoginAction.class);

public static final String REFRESH_TOKEN_COOKIE_NAME = "refreshToken";
private static final ExecutorService service = Executors.newFixedThreadPool(1);
public BasicDBObject getLoginResult() {
return loginResult;
}
Expand Down Expand Up @@ -93,10 +100,37 @@ public String execute() throws IOException {
//For the case when no account exists, the user will get access to 1_000_000 account
String accountIdStr = user.getAccounts().keySet().isEmpty() ? "1000000" : user.getAccounts().keySet().iterator().next();
int accountId = StringUtils.isNumeric(accountIdStr) ? Integer.parseInt(accountIdStr) : 1_000_000;
try {
service.submit(() ->{
triggerVulnColUpdation(user);
});
} catch (Exception e) {
logger.error("error updating vuln collection ", e);
}
decideFirstPage(loginResult, accountId);
return result;
}

private void triggerVulnColUpdation(User user) {
for (String accountIdStr: user.getAccounts().keySet()) {
int accountId = Integer.parseInt(accountIdStr);
Context.accountId.set(accountId);
logger.info("updating vulnerable api's collection for account " + accountId);
try {
BackwardCompatibility backwardCompatibility = BackwardCompatibilityDao.instance.findOne(new BasicDBObject());
if (backwardCompatibility.getVulnerableApiUpdationVersionV1() == 0) {
RuntimeListener.addSampleData();
}
BackwardCompatibilityDao.instance.updateOne(
Filters.eq("_id", backwardCompatibility.getId()),
Updates.set(BackwardCompatibility.VULNERABLE_API_UPDATION_VERSION_V1, Context.now())
);
} catch (Exception e) {
logger.error("error updating vulnerable api's collection for account " + accountId + " " + e.getMessage());
}
}
}

private void decideFirstPage(BasicDBObject loginResult, int accountId){
Context.accountId.set(accountId);
long count = SingleTypeInfoDao.instance.getEstimatedCount();
Expand Down
2 changes: 1 addition & 1 deletion apps/dashboard/src/main/java/com/akto/listener/RuntimeListener.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ public void accept(Account account) {

try {
initialiseDemoCollections();
addSampleData();
//addSampleData();
} catch (Exception e) {
loggerMaker.errorAndAddToDb(e,"Error while initialising demo collections: " + e, LoggerMaker.LogDb.DASHBOARD);
}
Expand Down
14 changes: 13 additions & 1 deletion libs/dao/src/main/java/com/akto/dto/BackwardCompatibility.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,12 +59,15 @@ public class BackwardCompatibility {
public static final String DEFAULT_TELEMETRY_SETTINGS = "defaultTelemetrySettings";
private int defaultTelemetrySettings;

public static final String VULNERABLE_API_UPDATION_VERSION_V1 = "vulnerableApiUpdationVersionV1";
private int vulnerableApiUpdationVersionV1;

public BackwardCompatibility(int id, int dropFilterSampleData, int resetSingleTypeInfoCount, int dropWorkflowTestResult,
int readyForNewTestingFramework,int addAktoDataTypes, boolean deploymentStatusUpdated,
int authMechanismData, boolean mirroringLambdaTriggered, int deleteAccessListFromApiToken,
int deleteNullSubCategoryIssues, int enableNewMerging,
int aktoDefaultNewUI, int initializeOrganizationAccountBelongsTo, int orgsInBilling,
int computeIntegratedConnections, int deleteLastCronRunInfo) {
int computeIntegratedConnections, int deleteLastCronRunInfo, int vulnerableApiUpdationVersionV1) {
this.id = id;
this.dropFilterSampleData = dropFilterSampleData;
this.resetSingleTypeInfoCount = resetSingleTypeInfoCount;
Expand All @@ -83,6 +86,7 @@ public BackwardCompatibility(int id, int dropFilterSampleData, int resetSingleTy
this.initializeOrganizationAccountBelongsTo = initializeOrganizationAccountBelongsTo;
this.orgsInBilling = orgsInBilling;
this.deleteLastCronRunInfo = deleteLastCronRunInfo;
this.vulnerableApiUpdationVersionV1 = vulnerableApiUpdationVersionV1;
}

public BackwardCompatibility() {
Expand Down Expand Up @@ -247,4 +251,12 @@ public int getDefaultTelemetrySettings() {
public void setDefaultTelemetrySettings(int defaultTelemetrySettings) {
this.defaultTelemetrySettings = defaultTelemetrySettings;
}

public int getVulnerableApiUpdationVersionV1() {
return vulnerableApiUpdationVersionV1;
}

public void setVulnerableApiUpdationVersionV1(int vulnerableApiUpdationVersionV1) {
this.vulnerableApiUpdationVersionV1 = vulnerableApiUpdationVersionV1;
}
}
Loading