Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Develop #940

Merged
merged 22 commits into from
Mar 15, 2024
Merged

Develop #940

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
df7929f
support for multistep tests in vulnerability report
shivam-rawat-akto Mar 11, 2024
a9ad460
Merge remote-tracking branch 'origin/develop' into bugfix/handle_mult…
shivam-rawat-akto Mar 14, 2024
57259f6
Merge remote-tracking branch 'origin/develop' into bugfix/handle_mult…
shivam-rawat-akto Mar 14, 2024
0533c0e
export csv fix
ayushaga14 Feb 7, 2024
06c2452
fix burp token issue
Ark2307 Mar 15, 2024
f576f77
removing moreInfoSection from ExportHtml.jsx
shivam-rawat-akto Mar 15, 2024
fe50216
reverting testing page change
shivam-rawat-akto Mar 15, 2024
900c536
Merge pull request #939 from akto-api-security/fix/fix_broken_dashboard
shivam-rawat-akto Mar 15, 2024
3c973d0
Merge pull request #930 from akto-api-security/bugfix/handle_multiste…
shivam-rawat-akto Mar 15, 2024
d1b444b
Changing signup page in new ui
Ark2307 Feb 13, 2024
447cc38
iteration one completed
Ark2307 Feb 15, 2024
fa87cef
login signup with new design completed
Ark2307 Feb 19, 2024
8109eee
fixing reviews
Ark2307 Feb 19, 2024
fda9c98
fixed ui bugs list
Ark2307 Mar 12, 2024
0ae56ee
called signup api in new ui
Ark2307 Mar 14, 2024
91496dd
fixed signup page for invitation code
Ark2307 Mar 14, 2024
60d0c60
Merge pull request #941 from akto-api-security/temp/sync_with_new_ui
shivam-rawat-akto Mar 15, 2024
59e9a7c
prevent concurrent tests
avneesh-akto Mar 15, 2024
3696022
added error handling
avneesh-akto Mar 15, 2024
f9d0085
Merge pull request #942 from akto-api-security/hotfix/prevent_concurr…
avneesh-akto Mar 15, 2024
1db6377
update main.js path in login.jsp for community akto
shivam-rawat-akto Mar 15, 2024
14c7bd6
Merge remote-tracking branch 'origin/develop' into develop
shivam-rawat-akto Mar 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions apps/dashboard/src/main/java/com/akto/action/BurpJarAction.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ public String fetchBurpCredentials() {
apiToken = ApiTokensDao.instance.findOne(
Filters.and(
Filters.eq(ApiToken.USER_NAME, getSUser().getLogin()),
Filters.eq(ApiToken.ACCOUNT_ID, Context.accountId.get()),
Filters.eq(ApiToken.UTILITY, ApiToken.Utility.BURP)
)
);
Expand Down
56 changes: 46 additions & 10 deletions apps/dashboard/src/main/java/com/akto/action/testing/StartTestAction.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@
import com.akto.util.Constants;
import com.akto.util.enums.GlobalEnums.TestErrorSource;
import com.akto.utils.Utils;
import com.google.gson.Gson;
import com.google.gson.JsonParser;
import com.mongodb.BasicDBList;
import com.mongodb.BasicDBObject;
import com.mongodb.client.model.Filters;
import com.mongodb.client.model.Projections;
Expand Down Expand Up @@ -71,6 +74,7 @@ public class StartTestAction extends UserAction {
private Map<String,Long> allTestsCountMap = new HashMap<>();
private Map<String,Integer> issuesSummaryInfoMap = new HashMap<>();
private String testRoleId;
private static final Gson gson = new Gson();

private static List<ObjectId> getTestingRunListFromSummary(Bson filters) {
Bson projections = Projections.fields(
Expand Down Expand Up @@ -480,30 +484,62 @@ public String fetchVulnerableTestRunResults() {
List<TestingRunResult> testingRunResultList = TestingRunResultDao.instance.findAll(filters, skip, 50, null);
Map<String, String> sampleDataVsCurlMap = new HashMap<>();
for (TestingRunResult runResult: testingRunResultList) {
List<GenericTestResult> testResults = new ArrayList<>();
// todo: fix
WorkflowTest workflowTest = runResult.getWorkflowTest();
for (GenericTestResult tr : runResult.getTestResults()) {
TestResult testResult = (TestResult) tr;
if (testResult.isVulnerable()) {
testResults.add(testResult);
sampleDataVsCurlMap.put(testResult.getMessage(),
ExportSampleDataAction.getCurl(testResult.getMessage()));
sampleDataVsCurlMap.put(testResult.getOriginalMessage(),
ExportSampleDataAction.getCurl(testResult.getOriginalMessage()));
if (tr.isVulnerable()) {
if (tr instanceof TestResult) {
TestResult testResult = (TestResult) tr;
sampleDataVsCurlMap.put(testResult.getMessage(),
ExportSampleDataAction.getCurl(testResult.getMessage()));
sampleDataVsCurlMap.put(testResult.getOriginalMessage(),
ExportSampleDataAction.getCurl(testResult.getOriginalMessage()));
} else if (tr instanceof MultiExecTestResult){
MultiExecTestResult testResult = (MultiExecTestResult) tr;
Map<String, WorkflowTestResult.NodeResult> nodeResultMap = testResult.getNodeResultMap();
for (String order : nodeResultMap.keySet()) {
WorkflowTestResult.NodeResult nodeResult = nodeResultMap.get(order);
String nodeResultLastMessage = getNodeResultLastMessage(nodeResult.getMessage());
if (nodeResultLastMessage != null) {
nodeResult.setMessage(nodeResultLastMessage);
sampleDataVsCurlMap.put(nodeResultLastMessage,
ExportSampleDataAction.getCurl(nodeResultLastMessage));
}
}
}
}
}
if (workflowTest != null) {
Map<String, WorkflowNodeDetails> nodeDetailsMap = workflowTest.getMapNodeIdToWorkflowNodeDetails();
for (String nodeName: nodeDetailsMap.keySet()) {
if (nodeDetailsMap.get(nodeName) instanceof YamlNodeDetails) {
YamlNodeDetails details = (YamlNodeDetails) nodeDetailsMap.get(nodeName);
sampleDataVsCurlMap.put(details.getOriginalMessage(),
ExportSampleDataAction.getCurl(details.getOriginalMessage()));
}

}
}
runResult.setTestResults(testResults);
}
this.testingRunResults = testingRunResultList;
this.sampleDataVsCurlMap = sampleDataVsCurlMap;
} catch (Exception e) {
loggerMaker.errorAndAddToDb("Error while executing test run summary" + e.getMessage(), LogDb.DASHBOARD);
addActionError("Invalid test summary id");
return ERROR.toUpperCase();
}

return SUCCESS.toUpperCase();
}

private String getNodeResultLastMessage(String message) {
if (StringUtils.isEmpty(message) || "[]".equals(message)) {
return null;
}
List listOfMessage = gson.fromJson(message, List.class);
Object vulnerableMessage = listOfMessage.get(listOfMessage.size() - 1);
return gson.toJson(vulnerableMessage);
}

private String testingRunResultHexId;
private TestingRunResult testingRunResult;

Expand Down
14 changes: 2 additions & 12 deletions apps/dashboard/web/pages/login.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,19 +131,9 @@
// the user will always see the old login screen
script.type = "text/javascript"
if (window.RELEASE_VERSION_GLOBAL == '' || window.RELEASE_VERSION_GLOBAL == 'akto-release-version') {// Case when akto version is not available
if (window.AKTO_UI_MODE == 'VERSION_2') {
script.src = "/polaris_web/web/dist/main.js";
} else {
script.src = "/dist/main.js";
}
} else if (window.RELEASE_VERSION == '' || window.RELEASE_VERSION == 'akto-release-version') {
script.src = "https://d1hvi6xs55woen.cloudfront.net/web/" + window.RELEASE_VERSION_GLOBAL + "/dist/main.js";;
script.src = "/polaris_web/web/dist/main.js";
} else {
if (window.AKTO_UI_MODE == 'VERSION_2') {
script.src = "https://d1hvi6xs55woen.cloudfront.net/polaris_web/" + window.RELEASE_VERSION + "/dist/main.js";
} else {
script.src = "https://d1hvi6xs55woen.cloudfront.net/web/" + window.RELEASE_VERSION + "/dist/main.js";
}
script.src = "https://d1hvi6xs55woen.cloudfront.net/polaris_web/" + window.RELEASE_VERSION_GLOBAL + "/dist/main.js";;
}
document.body.appendChild(script);
</script>
Expand Down
1 change: 1 addition & 0 deletions ...dashboard/web/polaris_web/web/src/apps/dashboard/components/layouts/PasswordTextField.jsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ function PasswordTextField(props) {
return (
<TextField suffix={toggleButton} value={props.field} type={type} helpText={props.helpText}
onChange={handleValueChange} label={props.label ? props.label : null}
monospaces={props?.monospaced}
/>
)
}
Expand Down
13 changes: 9 additions & 4 deletions ...ard/web/polaris_web/web/src/apps/dashboard/pages/observe/api_collections/ApiEndpoints.jsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,13 @@ const headings = [
text: "Endpoint",
value: "endpointComp",
title: "Api endpoints",
textValue: "endpoint"
},
{
text: "Risk score",
title: "Risk score",
value: "riskScoreComp",
textValue: "riskScore"
},
{
text: "Hostname",
Expand All @@ -56,28 +58,31 @@ const headings = [
title: 'Auth type',
value: 'auth_type',
showFilter: true,
type: CellType.TEXT,
textValue: 'authTypeTag'
},
{
text: 'Sensitive Params',
title: 'Sensitive params',
value: 'sensitiveTagsComp',
filterKey: 'sensitiveTags',
showFilter: true
showFilter: true,
textValue: "sensitiveDataTags"
},
{
text: 'Last Seen',
title: 'Last seen',
value: 'last_seen',
isText: true,
type: CellType.TEXT
}
]

let headers = JSON.parse(JSON.stringify(headings))
headers.push({
text: 'Method',
filterKey: 'method',
showFilter: true
showFilter: true,
textValue: 'method',
})


Expand Down Expand Up @@ -322,7 +327,7 @@ function ApiEndpoints() {

function exportCsv() {
if (!loading) {
let headerTextToValueMap = Object.fromEntries(headers.map(x => [x.text, x.value]).filter(x => x[0].length > 0));
let headerTextToValueMap = Object.fromEntries(headers.map(x => [x.text, x.type === CellType.TEXT ? x.value : x.textValue]).filter(x => x[0].length > 0));

let csv = Object.keys(headerTextToValueMap).join(",") + "\r\n"
const allEndpoints = endpointData['All']
Expand Down
3 changes: 2 additions & 1 deletion apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/observe/transform.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -487,7 +487,8 @@ const transform = {
sensitiveTagsComp: this.prettifySubtypes(url.sensitiveTags),
riskScoreComp: <Badge status={this.getStatus(score)} size="small">{score.toString()}</Badge>,
riskScore: score,
isNew: this.isNewEndpoint(url.lastSeenTs)
isNew: this.isNewEndpoint(url.lastSeenTs),
sensitiveDataTags: url?.sensitiveTags.join(" "),
}
})

Expand Down
Loading
Loading