Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Develop #711

Merged
merged 63 commits into from
Nov 20, 2023
Merged

Develop #711

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
63 commits
Select commit Hold shift + click to select a range
a7ea843
update existing collections and add field for all new entries
notshivansh Oct 12, 2023
872fe1c
fix query
notshivansh Oct 14, 2023
f0cc912
add missing update
notshivansh Oct 18, 2023
393efb3
remove unwanted update
notshivansh Oct 26, 2023
47286ac
fix info section in test editor for custom tests
notshivansh Nov 1, 2023
a6e2ed1
add support to use inactive from test template
notshivansh Nov 1, 2023
961adc0
Merge branch 'develop' into feature/collections_id_arr_2
notshivansh Nov 2, 2023
920fed2
add collection ids in issues
notshivansh Nov 2, 2023
0f24586
Merge pull request #708 from akto-api-security/fix/fix_info_in_test_e…
notshivansh Nov 3, 2023
67e079b
remove redundant indexes
notshivansh Nov 3, 2023
9807fbb
fix update limit
notshivansh Nov 3, 2023
e44e804
update logs
notshivansh Nov 4, 2023
2ad0634
Merge pull request #707 from akto-api-security/feature/using_inactive…
shivam-rawat-akto Nov 4, 2023
8aa66bc
Merge remote-tracking branch 'origin/master' into develop
shivam-rawat-akto Nov 4, 2023
48733e4
add custom webhooks support
avneesh-akto Nov 4, 2023
160d55d
Use ephemeral env
ankush-jain-akto Nov 6, 2023
6501c12
fix region
ankush-jain-akto Nov 6, 2023
16d0244
Update AWS Creds
ankush-jain-akto Nov 6, 2023
433e54d
Update staging.yml
ankush-jain-akto Nov 6, 2023
c24fafd
skip tests
ankush-jain-akto Nov 6, 2023
eeb8ce3
Update staging.yml
ankush-jain-akto Nov 6, 2023
a0970b2
Update staging.yml
ankush-jain-akto Nov 6, 2023
7312e9d
Update staging.yml
ankush-jain-akto Nov 6, 2023
530bb21
Update staging.yml
ankush-jain-akto Nov 6, 2023
e27822d
Merge pull request #669 from akto-api-security/feature/collections_id…
notshivansh Nov 6, 2023
73713bc
fixed ui for webhooks to update
avneesh-akto Nov 6, 2023
e2bed61
add build, test steps
oren-akto Nov 11, 2023
79780eb
change single.yml source for testing
oren-akto Nov 12, 2023
836fa3b
revert testing changes
oren-akto Nov 12, 2023
27adb11
Merge branch 'master' into feature/custom_webhooks
avneesh-akto Nov 13, 2023
a5a1b41
Merge branch 'develop' into feature/custom_webhooks
avneesh-akto Nov 13, 2023
1837276
update staging workflow
oren-akto Nov 13, 2023
121c3fd
Merge pull request #709 from akto-api-security/feature/custom_webhooks
avneesh-akto Nov 14, 2023
7bdc026
endpoints update mixpanel
mayankesh-akto Nov 14, 2023
4105caa
Merge pull request #719 from akto-api-security/feature/endpoints_mixp…
avneesh-akto Nov 14, 2023
0bb47b3
Remove setup-suffix, k8s agent patch-sidecar
oren-akto Nov 14, 2023
825e6ba
add akto_k8s_agent.yml
oren-akto Nov 14, 2023
a4834be
Fixed typo to solve infinite loop on loading page on new page
Ark2307 Nov 14, 2023
c213891
Merge pull request #720 from akto-api-security/fix/fix_onboarding_bug
avneesh-akto Nov 14, 2023
0b7cac9
add checkout step
oren-akto Nov 15, 2023
fb5d0ae
remove akto_k8s_agent and change event
oren-akto Nov 15, 2023
3b5d472
fixed the collection name width on inventory page and fixed test run …
Ark2307 Nov 16, 2023
af3a0ba
add helm changes
oren-akto Nov 16, 2023
c3e155b
move helm instructions to seperate step
oren-akto Nov 16, 2023
8107e39
move helm steps into deploy_cluster step
oren-akto Nov 17, 2023
8dd2dbd
Merge pull request #723 from akto-api-security/fix/frontend_bugs_in_ui
notshivansh Nov 17, 2023
a036725
explicitly add name to the index
ankush-jain-akto Nov 15, 2023
69cacfa
add indexes
notshivansh Nov 18, 2023
ff4935c
Merge pull request #726 from akto-api-security/feature/fix_index_crea…
notshivansh Nov 18, 2023
18b37a9
minor changes
notshivansh Nov 18, 2023
9429776
Update staging.yml
ankush-jain-akto Nov 18, 2023
c128868
Update staging.yml
ankush-jain-akto Nov 18, 2023
ac88c5e
Add latest github action
ankush-jain-akto Nov 19, 2023
f2fdae4
Merge pull request #716 from akto-api-security/ephemeral_env_staging
ankush-jain-akto Nov 19, 2023
6d01eb3
Update staging.yml
ankush-jain-akto Nov 19, 2023
deb2c10
Update staging.yml
ankush-jain-akto Nov 20, 2023
b96f5e3
Update staging.yml
ankush-jain-akto Nov 20, 2023
c1d3312
Update staging.yml
ankush-jain-akto Nov 20, 2023
78e6f34
trigger tests for pending test-run summaries
ankush-jain-akto Nov 20, 2023
8fbb075
allow overriding URLs
ankush-jain-akto Nov 20, 2023
208fc9b
Merge pull request #727 from akto-api-security/feature/configure_cicd…
ankush-jain-akto Nov 20, 2023
eb5cfe7
fix id
ankush-jain-akto Nov 20, 2023
4837c85
Merge pull request #728 from akto-api-security/feature/configure_cicd…
ankush-jain-akto Nov 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 21 additions & 2 deletions .github/scripts/akto-cicd.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,30 @@ sudo apt-get install jq -y
# Akto Variables
AKTO_DASHBOARD_URL=$AKTO_DASHBOARD_URL
AKTO_API_KEY=$AKTO_API_KEY
AKTO_TEST_ID=$AKTO_TEST_ID
#AKTO_TEST_ID=$AKTO_TEST_ID
LB_NAME=$LB_NAME
MAX_POLL_INTERVAL=$((30 * 60)) # 30 minutes in seconds

start_time=$(date +%s)

echo "Triggering Akto test"
response=$(curl -s 'https://flash.staging.akto.io/api/startTest' \
-H "X-API-KEY: $AKTO_API_KEY" \
-H 'content-type: application/json' \
--data-raw "{
\"apiCollectionId\": 1013188780,
\"type\": \"COLLECTION_WISE\",
\"startTimestamp\": $start_time,
\"recurringDaily\": false,
\"selectedTests\": [ \"XSS_VIA_APPENDING_TO_QUERY_PARAMS\", \"XSS_IN_PATH\", \"XSS_VIA_FILE_NAME\", \"BASIC_XSS\", \"SERVER_VERSION_EXPOSED_VIA_RESPONSE_HEADER\", \"SERVER_VERSION_EXPOSED_IN_AN_INVALID_REQUEST\", \"LLM_MALWARE_COMPLETE_C_SHARP\", \"INSECURE_OUTPUT_HANDLING_2\", \"INSECURE_OUTPUT_HANDLING_1\", \"LLM_MALWARE_COMPLETE_x86_64\", \"LLM_MALWARE_SUBFUNCTION_ARM64\", \"PROMPT_INJECTION_STAN\", \"LLM_MALWARE_SUBFUNCTION_SWIFT\", \"LLM_ENCODING_2\", \"LLM_ENCODING_5\", \"LLM_ENCODING_4\", \"PROMPT_LEAK_INJECTION\", \"LLM_ENCODING_1\", \"LLM_MALWARE_SUBFUNCTION_RUST\", \"SENSITIVE_DATA_EXPOSURE_AWS_KEY\", \"LLM_MALWARE_PAYLOAD_RUST\", \"LLM_MALWARE_PAYLOAD_x86\", \"LLM_MALWARE_COMPLETE_RUST\", \"LLM_MALWARE_EVADE_SWIFT\", \"LLM_MALWARE_COMPLETE_x86\", \"LLM_MALWARE_EVADE_C_SHARP\", \"LLM_MALWARE_EVADE_X86\", \"LLM_MALWARE_COMPLETE_CPP\", \"LLM_MALWARE_EVADE_ARM64\", \"LLM_MALWARE_SUBFUNCTION_C_SHARP\", \"LLM_MALWARE_PAYLOAD_CPP\", \"LLM_MALWARE_PAYLOAD_CSharp\", \"LLM_MALWARE_EVADE_CPP\", \"LLM_MALWARE_PAYLOAD_ARM64\", \"SENSITIVE_DATA_EXPOSURE_PASSWORD\", \"LLM_MALWARE_PAYLOAD_SWIFT\", \"LLM_MALWARE_EVADE_X86_64\", \"LLM_MALWARE_EVADE_C\", \"PROMPT_INJECTION_BASIC_HELLO\", \"LLM_MALWARE_EVADE_RUST\", \"LLM_WRONG_ANSWER_2\", \"LLM_MALWARE_COMPLETE_ARM64\", \"LLM_MALWARE_COMPLETE_C\", \"PROMPT_INJECTION_BASIC_v2\", \"OBFUSCATION_LLM\", \"LLM_INSECURE_OUTPUT_1\", \"LLM_INSECURE_OUTPUT_2\", \"LLM_INSECURE_OUTPUT_3\", \"LLM_MALWARE_SUBFUNCTION_C\", \"LLM_MALWARE_SUBFUNCTION_x86\", \"LLM_MALWARE_COMPLETE_SWIFT\", \"LLM_PKG_HALLUCINATION\", \"LLM_MALWARE_SUBFUNCTION_CPP\", \"PROMPT_INJECTION_XSS\", \"LLM_GLITCH_4\", \"LLM_GLITCH_5\", \"LLM_GLITCH_6\", \"LLM_GLITCH_1\", \"LLM_GLITCH_2\", \"LLM_MALWARE_SUBFUNCTION_x86_64\", \"LLM_MISLEADING\", \"LLM_MALWARE_PAYLOAD_C\", \"LLM_MALWARE_PAYLOAD_x86_64\", \"REPLACE_AUTH_TOKEN_OLD_VERSION\", \"ADD_USER_ID\", \"REPLACE_Arandom_textUTH_TOKEN_CUSTOM_1696070362\", \"REPLACE_AUTH_TOKEN\", \"REPLACE_Arandom_textUTH_TOKEN_CUSTOM_1696335205\", \"REPLACE_Arandom_textUTH_TOKEN\", \"PARAMETER_POLLUTION\", \"DESCRIPTIVE_ERROR_MESSAGE_INVALID_PAYLOAD\", \"INVALID_FILE_INPUT\", \"DJANGO_URL_EXPOSED\", \"PROMETHEUS_METRICS\", \"RAILS_DEFAULT_HOMEPAGE_ENABLED\", \"TEXT_INJECTION_VIA_INVALID_URLS\", \"APPSPEC_YML_DISCLOSURE\", \"SPRING_BOOT_BEANS_ACTUATOR_EXPOSED\", \"APACHE_CONFIG\", \"FTP_CREDENTIALS_EXPOSURE\", \"MSMTP_CONFIG\", \"NGINX_STATUS_VISIBLE\", \"GIT_CONFIG_NGINXOFFBYSLASH\", \"GIT_CREDENTIALS_DISCLOSURE\", \"LARAVEL_TELESCOPE_ENABLED\", \"FIREBASE_CONFIG_EXPOSURE\", \"FLASK_DEBUG_MODE_ENABLED\", \"GRAPHQL_DEBUG_MODE_ENABLED\", \"HEADER_REFLECTED_IN_INVALID_URLS\", \"OPEN_REDIRECT_HOST_HEADER_INJECTION\", \"PARAMETERS_CONFIG\", \"LARAVEL_ENV\", \"STRUTS_DEBUG_MODE_ENABLED\", \"MISCONFIGURED_DOCKER\", \"DOCKERFILE_HIDDEN_DISCLOSURE\", \"ROBOMONGO_CREDENTIAL\", \"SSH_AUTHORIZED_KEYS\", \"NGINX_SERVER_VERSION_DISCLOSED\", \"GRAPHQL_FIELD_SUGGESTIONS_ENABLED\", \"DEBUG_VARS\", \"CIRCLECI_CONFIG\", \"SESSION_FIXATION\", \"AMAZON_DOCKER_CONFIG\", \"SFTP_CONFIG_EXPOSURE\", \"COOKIE_MISCONFIGURATION\", \"GITHUB_WORKFLOW_DISCLOSURE\", \"GIT_CONFIG\", \"OPEN_REDIRECT_SUBDOMAIN_WHITELIST\", \"REDIS_CONFIG\", \"SONARQUBE_PUBLIC_PROJECTS\", \"SERVER_PRIVATE_KEYS\", \"STRUTS_OGNL_CONSOLE_ENABLED\", \"SSH_KNOWN_HOSTS\", \"OPEN_REDIRECT\", \"EXPRESS_STACK_TRACE_ENABLED\", \"LARAVEL_DEFAULT_HOMEPAGE_ENABLED\", \"WPCONFIG_AWS_KEY\", \"CONFIG_RUBY\", \"KUBERNETES_KUSTOMIZATION_DISCLOSURE\", \"JWT_SIGNING_IN_CLIENT_SIDE\", \"ESMTPRC_CONFIG\", \"GRAPHQL_TYPE_INTROSPECTION_ALLOWED\", \"NGINX_CONFIG\", \"DOCKER_COMPOSE_CONFIG\", \"OPEN_REDIRECT_CUSTOM_1695888186\", \"EXPRESS_DEFAULT_HOMEPAGE_ENABLED\", \"LARAVEL_DEBUG_MODE_ENABLED\", \"DJANGO_DEFAULT_HOMEPAGE_ENABLED\", \"ORACLE_EBS_CREDENTIALS\", \"OPEN_REDIRECT_IN_PATH\", \"SPRING_BOOT_THREAD_DUMP_ACTUATOR_EXPOSED\", \"UNAUTHENTICATED_MONGO_EXPRESS\", \"SPRING_BOOT_CONFIG_PROPS_ACTUATOR_EXPOSED\", \"GRAPHQL_DEVELOPMENT_CONSOLE_EXPOSED\", \"WGETRC_CONFIG\", \"CONFIG_JSON\", \"CGI_PRINTENV\", \"RAILS_DEBUG_MODE_ENABLED\", \"DEFAULT_LOGIN_CREDENTIALS\", \"AIRFLOW_CONFIGURATION_EXPOSURE\", \"NGINX_DEFAULT_PAGE_ENABLED\", \"SPRING_BOOT_ENV_ACTUATOR_EXPOSED\", \"SPRING_BOOT_HTTP_TRACE_ACTUATOR_EXPOSED\", \"FIREBASE_UNAUTHENTICATED\", \"CONFIGURATION_LISTING\", \"GRAPHQL_INTROSPECTION_MODE_ENABLED\", \"MUST_CONTAIN_RESPONSE_HEADERS_CUSTOM_1695893796\", \"UNWANTED_RESPONSE_HEADERS\", \"MUST_CONTAIN_RESPONSE_HEADERS\", \"CONTENT_TYPE_HEADER_MISSING\", \"PAGINATION_MISCONFIGURATION\", \"REMOVE_CAPTCHA\", \"BYPASS_CAPTCHA_ADDING_HEADER\", \"REPLAY_CAPTCHA\", \"BYPASS_CAPTCHA_REMOVING_COOKIE\", \"MASS_ASSIGNMENT_CREATE_ADMIN_ROLE\", \"MASS_ASSIGNMENT_CHANGE_ROLE\", \"MASS_ASSIGNMENT_CHANGE_ACCOUNT\", \"MASS_ASSIGNMENT_CHANGE_ADMIN_ROLE\", \"SSRF_ON_LOCALHOST\", \"SSRF_ON_LOCALHOST_ENCODED\", \"SSRF_ON_AWS_META_ENDPOINT\", \"SSRF_ON_AWS_META_ENDPOINT_ENCLOSED\", \"SSRF_ON_CSV_UPLOAD\", \"SSRF_ON_IMAGE_UPLOAD\", \"PORT_SCANNING\", \"SSRF_ON_PDF_UPLOAD\", \"SSRF_ON_LOCALHOST_DNS_PINNING\", \"SSRF_ON_XML_UPLOAD\", \"SSRF_ON_FILES\", \"FETCH_SENSITIVE_FILES\", \"REPLACE_CSRF\", \"JWT_NONE_ALGO_CUSTOM_1698482241\", \"ADD_JKU_TO_JWT\", \"JWT_INVALID_SIGNATURE\", \"JWT_NONE_ALGO\", \"CSRF_LOGIN_ATTACK\", \"REMOVE_TOKENS\", \"ADD_JKU_TO_JWT_CUSTOM_1698476660\", \"REMOVE_TOKENS_CUSTOM_1698726897\", \"USERNAME_ENUMERATION\", \"REMOVE_CSRF_CUSTOM_1697460106\", \"REMOVE_CSRF\", \"TRACK_METHOD_TEST\", \"HEAD_METHOD_TEST\", \"TRACE_METHOD_TEST\", \"RANDOM_METHOD_TEST\", \"LFI_IN_PARAMETER\", \"FILE_INCLUSION_NEW_PARAM\", \"LFI_IN_PATH\", \"KERNEL_OPEN_COMMAND_INJECTION\", \"COMMAND_INJECTION_BY_ADDING_QUERY_PARAM\" ],
\"testName\": \"Akto on Akto (k8s staging)\",
\"testRunTime\": -1,
\"maxConcurrentRequests\": -1,
\"overriddenTestAppUrl\": \"$LB_NAME\"
}" \
--compressed)
AKTO_TEST_ID=$(echo $response | jq -r '.testingRunHexId // empty')

echo "### Akto test summary" >> $GITHUB_STEP_SUMMARY

while true; do
Expand Down Expand Up @@ -43,7 +62,7 @@ while true; do
medium=$(echo "$response" | jq -r '.testingRunResultSummaries[0].countIssues.MEDIUM // empty')
low=$(echo "$response" | jq -r '.testingRunResultSummaries[0].countIssues.LOW // empty')

echo "[Results]($AKTO_DASHBOARD_URL/dashboard/testing/$AKTO_TEST_ID/results)" >> $GITHUB_STEP_SUMMARY
echo "[Results]($AKTO_DASHBOARD_URL/dashboard/testing/$AKTO_TEST_ID)" >> $GITHUB_STEP_SUMMARY
echo "HIGH: $high" >> $GITHUB_STEP_SUMMARY
echo "MEDIUM: $medium" >> $GITHUB_STEP_SUMMARY
echo "LOW: $low" >> $GITHUB_STEP_SUMMARY
Expand Down
6 changes: 6 additions & 0 deletions .github/scripts/vulnerable_checker.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,10 @@ function logGithubStepSummary(message) {
fs.appendFileSync(GITHUB_STEP_SUMMARY, `${message}\n`);
}

function sleep(ms) {
return new Promise(resolve => setTimeout(resolve, ms));
}

async function main() {

logGithubStepSummary("### Vulnerable API's summary")
Expand Down Expand Up @@ -112,6 +116,8 @@ async function main() {
counter += 1
}
}

await sleep(500)
}

logGithubStepSummary("#### Missing ")
Expand Down
Loading
Loading