Merge pull request #727 from akto-api-security/feature/configure_cicd_action

ankush-jain-akto · web-flow · commit 208fc9ba5169 · 2023-11-20T13:13:02.000+05:30
Feature/configure cicd action
diff --git a/README.md b/README.md
@@ -1,5 +1,15 @@
+<a href="https://artifacthub.io/packages/search?repo=akto" _target="blank">
+  <img src="https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/akto"/>
+</a>  
+
+
 <a href="https://www.akto.io/blog/akto-takes-center-stage-at-black-hat-2023-in-las-vegas" _target="blank">
-  <img src="https://img.shields.io/badge/Black_Hat_Arsenal-USA_2023-blue?style=flat-square"/>
+  <img src="https://img.shields.io/badge/Black_Hat_Arsenal-USA_2023-blue?style=square"/>
+</a>  
+
+
+<a href="https://www.akto.io/blog/akto-presentation-at-defcon-2023-in-las-vegas" _target="blank">
+  <img src="https://img.shields.io/badge/Defcon-USA_2023-blue?style=square"/>
 </a>  
 
 <br/> 
diff --git a/apps/dashboard/src/main/java/com/akto/action/testing/StartTestAction.java b/apps/dashboard/src/main/java/com/akto/action/testing/StartTestAction.java
@@ -32,6 +32,7 @@
 import com.mongodb.client.model.Projections;
 import com.mongodb.client.model.Sorts;
 import com.mongodb.client.model.Updates;
+import com.mongodb.client.result.InsertOneResult;
 import org.apache.commons.lang3.StringUtils;
 import org.bson.conversions.Bson;
 import org.bson.types.ObjectId;
@@ -183,27 +184,35 @@ public String startTest() {
                 TestingRunDao.instance.insertOne(localTestingRun);
                 testingRunHexId = localTestingRun.getId().toHexString();
             }
+            this.testIdConfig = 0;
         } else {
             TestingRunDao.instance.updateOne(
                 Filters.eq(Constants.ID,localTestingRun.getId()),
                 Updates.combine(
                     Updates.set(TestingRun.STATE,TestingRun.State.SCHEDULED),
                     Updates.set(TestingRun.SCHEDULE_TIMESTAMP,scheduleTimestamp)
                 ));
+
+            TestingRunConfig testingRunConfig = new TestingRunConfig(Context.now(), null, this.selectedTests, null, this.overriddenTestAppUrl);
+            this.testIdConfig = testingRunConfig.getId();
+            TestingRunConfigDao.instance.insertOne(testingRunConfig);
+
         }
 
         Map<String, Object> session = getSession();
         String utility = (String) session.get("utility");
 
         if(utility!=null && ( Utility.CICD.toString().equals(utility) || Utility.EXTERNAL_API.toString().equals(utility))){
             TestingRunResultSummary summary = new TestingRunResultSummary(scheduleTimestamp, 0, new HashMap<>(),
-            0, localTestingRun.getId(), localTestingRun.getId().toHexString(), 0);
+            0, localTestingRun.getId(), localTestingRun.getId().toHexString(), 0, this.testIdConfig);
             summary.setState(TestingRun.State.SCHEDULED);
             if(metadata!=null){
                 loggerMaker.infoAndAddToDb("CICD test triggered at " + Context.now(), LogDb.DASHBOARD);
                 summary.setMetadata(metadata);
             }
-            TestingRunResultSummariesDao.instance.insertOne(summary);
+            InsertOneResult result = TestingRunResultSummariesDao.instance.insertOne(summary);
+            this.testingRunResultSummaryHexId = result.getInsertedId().asObjectId().getValue().toHexString();
+
         }
         
         this.startTimestamp = 0;
@@ -385,6 +394,18 @@ public String fetchTestingRunResultSummaries() {
         return SUCCESS.toUpperCase();
     }
 
+    public String fetchTestingRunResultSummary() {
+        this.testingRunResultSummaries = new ArrayList<>();
+        this.testingRunResultSummaries.add(TestingRunResultSummariesDao.instance.findOne("_id", new ObjectId(this.testingRunResultSummaryHexId)));
+
+        if (this.testingRunResultSummaries.size() == 0) {
+            addActionError("No test summaries found");
+            return ERROR.toUpperCase();
+        } else {
+            return SUCCESS.toUpperCase();
+        }
+    }
+
     String testingRunResultSummaryHexId;
     List<TestingRunResult> testingRunResults;
     private boolean fetchOnlyVulnerable;
@@ -612,6 +633,10 @@ public List<TestingRunResultSummary> getTestingRunResultSummaries() {
         return this.testingRunResultSummaries;
     }
 
+    public String getTestingRunResultSummaryHexId() {
+        return this.testingRunResultSummaryHexId;
+    }
+
     public void setTestingRunResultSummaryHexId(String testingRunResultSummaryHexId) {
         this.testingRunResultSummaryHexId = testingRunResultSummaryHexId;
     }
diff --git a/apps/dashboard/src/main/resources/struts.xml b/apps/dashboard/src/main/resources/struts.xml
@@ -992,6 +992,17 @@
             </result>
         </action>
 
+        <action name="api/fetchTestingRunResultSummary" class="com.akto.action.testing.StartTestAction" method="fetchTestingRunResultSummary">
+            <interceptor-ref name="json"/>
+            <interceptor-ref name="defaultStack" />
+            <result name="SUCCESS" type="json"/>
+            <result name="ERROR" type="json">
+                <param name="statusCode">422</param>
+                <param name="ignoreHierarchy">false</param>
+                <param name="includeProperties">^actionErrors.*</param>
+            </result>
+        </action>
+
         <action name="api/toggleTestingRunForCollection" class="com.akto.action.testing.StartTestAction" method="toggleTestingRunForCollection">
             <interceptor-ref name="json"/>
             <interceptor-ref name="defaultStack" />
diff --git a/apps/dashboard/src/test/java/com/akto/action/testing/TestStartTestAction.java b/apps/dashboard/src/test/java/com/akto/action/testing/TestStartTestAction.java
@@ -94,7 +94,7 @@ public void testFetchTestingRunResultSummaries() {
         testingRun.setId(testingRunId);
         for (int startTimestamp=0; startTimestamp < 30; startTimestamp++) {
             TestingRunResultSummary testingRunResultSummary = new TestingRunResultSummary(
-                startTimestamp, startTimestamp+10, new HashMap<>(), 10, testingRunId, testingRunId.toHexString(), 10
+                startTimestamp, startTimestamp+10, new HashMap<>(), 10, testingRunId, testingRunId.toHexString(), 10, 0
             );
 
             testingRunResultSummaryList.add(testingRunResultSummary);
diff --git a/apps/testing/src/main/java/com/akto/testing/Main.java b/apps/testing/src/main/java/com/akto/testing/Main.java
@@ -62,7 +62,7 @@ private static ObjectId createTRRSummaryIfAbsent(TestingRun testingRun, int star
                     Updates.set(TestingRunResultSummary.STATE, TestingRun.State.RUNNING));
         } catch (Exception e){
             TestingRunResultSummary summary = new TestingRunResultSummary(start, 0, new HashMap<>(),
-            0, testingRun.getId(), testingRun.getId().toHexString(), 0);
+            0, testingRun.getId(), testingRun.getId().toHexString(), 0, 0);
 
             summaryId = TestingRunResultSummariesDao.instance.insertOne(summary).getInsertedId().asObjectId().getValue();
         }
@@ -92,6 +92,73 @@ public void accept(Account t) {
 
     private static final int LAST_TEST_RUN_EXECUTION_DELTA = 5 * 60;
 
+    private static TestingRun findPendingTestingRun() {
+        int delta = Context.now() - 20*60;
+
+        Bson filter1 = Filters.and(Filters.eq(TestingRun.STATE, TestingRun.State.SCHEDULED),
+                Filters.lte(TestingRun.SCHEDULE_TIMESTAMP, Context.now())
+        );
+        Bson filter2 = Filters.and(
+                Filters.eq(TestingRun.STATE, TestingRun.State.RUNNING),
+                Filters.lte(TestingRun.SCHEDULE_TIMESTAMP, delta)
+        );
+
+        Bson update = Updates.combine(
+                Updates.set(TestingRun.PICKED_UP_TIMESTAMP, Context.now()),
+                Updates.set(TestingRun.STATE, TestingRun.State.RUNNING)
+        );
+
+        return TestingRunDao.instance.getMCollection().findOneAndUpdate(
+                Filters.or(filter1,filter2), update);
+    }
+
+    private static TestingRunResultSummary findPendingTestingRunResultSummary() {
+        int delta = Context.now() - 20*60;
+
+        Bson filter1 = Filters.and(
+            Filters.eq(TestingRun.STATE, TestingRun.State.SCHEDULED),
+            Filters.lte(TestingRunResultSummary.START_TIMESTAMP, Context.now()),
+            Filters.gt(TestingRunResultSummary.START_TIMESTAMP, delta)
+        );
+
+        Bson filter2 = Filters.and(
+            Filters.eq(TestingRun.STATE, TestingRun.State.RUNNING),
+            Filters.gt(TestingRunResultSummary.START_TIMESTAMP, delta)
+        );
+
+        Bson update = Updates.set(TestingRun.STATE, TestingRun.State.RUNNING);
+
+        TestingRunResultSummary trrs = TestingRunResultSummariesDao.instance.getMCollection().findOneAndUpdate(Filters.or(filter1,filter2), update);
+
+        return trrs;
+    }
+
+    private static void setTestingRunConfig(TestingRun testingRun, TestingRunResultSummary trrs) {
+        long timestamp = testingRun.getId().getTimestamp();
+        long seconds = Context.now() - timestamp;
+        loggerMaker.infoAndAddToDb("Found one + " + testingRun.getId().toHexString() + " created: " + seconds + " seconds ago", LogDb.TESTING);
+
+        TestingRunConfig configFromTrrs = null;
+        TestingRunConfig baseConfig = null;
+
+        if (trrs != null && trrs.getTestIdConfig() > 1) {
+            configFromTrrs = TestingRunConfigDao.instance.findOne(Constants.ID, trrs.getTestIdConfig());
+            loggerMaker.infoAndAddToDb("Found testing run config with id :" + configFromTrrs.getId(), LogDb.TESTING);
+        }
+
+        if (testingRun.getTestIdConfig() > 1) {
+            baseConfig = TestingRunConfigDao.instance.findOne(Constants.ID, testingRun.getTestIdConfig());
+            loggerMaker.infoAndAddToDb("Found testing run config with id :" + baseConfig.getId(), LogDb.TESTING);
+        }
+
+        if (configFromTrrs == null) {
+            testingRun.setTestingRunConfig(baseConfig);
+        } else {
+            configFromTrrs.rebaseOn(baseConfig);
+            testingRun.setTestingRunConfig(configFromTrrs);
+        }
+    }
+
     public static void main(String[] args) throws InterruptedException {
         String mongoURI = System.getenv("AKTO_MONGO_CONN");;
         DaoInit.init(new ConnectionString(mongoURI));
@@ -117,66 +184,50 @@ public static void main(String[] args) throws InterruptedException {
 
         while (true) {
             AccountTask.instance.executeTask(account -> {
-                int delta = Context.now() - 20*60;
-
-                Bson filter1 = Filters.and(Filters.eq(TestingRun.STATE, TestingRun.State.SCHEDULED),
-                        Filters.lte(TestingRun.SCHEDULE_TIMESTAMP, Context.now())
-                );
-                Bson filter2 = Filters.and(
-                        Filters.eq(TestingRun.STATE, TestingRun.State.RUNNING),
-                        Filters.lte(TestingRun.SCHEDULE_TIMESTAMP, delta)
-                );
-
-                Bson update = Updates.combine(
-                        Updates.set(TestingRun.PICKED_UP_TIMESTAMP, Context.now()),
-                        Updates.set(TestingRun.STATE, TestingRun.State.RUNNING)
-                );
 
                 int start = Context.now();
 
-                TestingRun testingRun = TestingRunDao.instance.getMCollection().findOneAndUpdate(
-                        Filters.or(filter1,filter2), update);
+                TestingRunResultSummary trrs = findPendingTestingRunResultSummary();
+                TestingRun testingRun;
+                ObjectId summaryId = null;
+                if (trrs == null) {
+                    testingRun = findPendingTestingRun();
+                } else {
+                    summaryId = trrs.getId();
+                    testingRun = TestingRunDao.instance.findOne("_id", trrs.getTestingRunId());
+                }
 
                 if (testingRun == null) {
                     return;
                 }
 
-
-                ObjectId summaryId = null;
                 try {
-                    long timestamp = testingRun.getId().getTimestamp();
-                    long seconds = Context.now() - timestamp;
-                    loggerMaker.infoAndAddToDb("Found one + " + testingRun.getId().toHexString() + " created: " + seconds + " seconds ago", LogDb.TESTING);
-                    if (testingRun.getTestIdConfig() > 1) {
-                        TestingRunConfig testingRunConfig = TestingRunConfigDao.instance.findOne(Constants.ID, testingRun.getTestIdConfig());
-                        if (testingRunConfig != null) {
-                            loggerMaker.infoAndAddToDb("Found testing run config with id :" + testingRunConfig.getId(), LogDb.TESTING);
-                            testingRun.setTestingRunConfig(testingRunConfig);
-                        }else {
-                            loggerMaker.errorAndAddToDb("Couldn't find testing run config id for " + testingRun.getTestIdConfig(), LogDb.TESTING);
-                        }
-                    }
-                    if(testingRun.getState().equals(TestingRun.State.RUNNING)){
-                        Map<ObjectId, TestingRunResultSummary> objectIdTestingRunResultSummaryMap = TestingRunResultSummariesDao.instance.fetchLatestTestingRunResultSummaries(Collections.singletonList(testingRun.getId()));
-                        TestingRunResultSummary testingRunResultSummary = objectIdTestingRunResultSummaryMap.get(testingRun.getId());
-                        List<TestingRunResult> testingRunResults = TestingRunResultDao.instance.fetchLatestTestingRunResult(Filters.eq(TestingRunResult.TEST_RUN_RESULT_SUMMARY_ID, testingRunResultSummary.getId()), 1);
-                        if(testingRunResults != null && !testingRunResults.isEmpty()){
-                            TestingRunResult testingRunResult = testingRunResults.get(0);
-                            if(Context.now() - testingRunResult.getEndTimestamp() < LAST_TEST_RUN_EXECUTION_DELTA){
-                                loggerMaker.infoAndAddToDb("Skipping test run as it was executed recently, TRR_ID:"
-                                        + testingRunResult.getHexId() + ", TRRS_ID:" + testingRunResultSummary.getHexId() + " TR_ID:" + testingRun.getHexId(), LogDb.TESTING);
-                                return;
+                    setTestingRunConfig(testingRun, trrs);
+
+                    if (summaryId == null) {
+                        if (testingRun.getState().equals(TestingRun.State.RUNNING)) {
+                            Map<ObjectId, TestingRunResultSummary> objectIdTestingRunResultSummaryMap = TestingRunResultSummariesDao.instance.fetchLatestTestingRunResultSummaries(Collections.singletonList(testingRun.getId()));
+                            TestingRunResultSummary testingRunResultSummary = objectIdTestingRunResultSummaryMap.get(testingRun.getId());
+                            List<TestingRunResult> testingRunResults = TestingRunResultDao.instance.fetchLatestTestingRunResult(Filters.eq(TestingRunResult.TEST_RUN_RESULT_SUMMARY_ID, testingRunResultSummary.getId()), 1);
+                            if (testingRunResults != null && !testingRunResults.isEmpty()) {
+                                TestingRunResult testingRunResult = testingRunResults.get(0);
+                                if (Context.now() - testingRunResult.getEndTimestamp() < LAST_TEST_RUN_EXECUTION_DELTA) {
+                                    loggerMaker.infoAndAddToDb("Skipping test run as it was executed recently, TRR_ID:"
+                                            + testingRunResult.getHexId() + ", TRRS_ID:" + testingRunResultSummary.getHexId() + " TR_ID:" + testingRun.getHexId(), LogDb.TESTING);
+                                    return;
+                                } else {
+                                    loggerMaker.infoAndAddToDb("Test run was executed long ago, TRR_ID:"
+                                            + testingRunResult.getHexId() + ", TRRS_ID:" + testingRunResultSummary.getHexId() + " TR_ID:" + testingRun.getHexId(), LogDb.TESTING);
+                                    TestingRunResultSummariesDao.instance.updateOne(Filters.eq(TestingRunResultSummary.ID, testingRunResultSummary.getId()), Updates.set(TestingRunResultSummary.STATE, TestingRun.State.FAILED));
+                                }
                             } else {
-                                loggerMaker.infoAndAddToDb("Test run was executed long ago, TRR_ID:"
-                                        + testingRunResult.getHexId() + ", TRRS_ID:" + testingRunResultSummary.getHexId() + " TR_ID:" + testingRun.getHexId(), LogDb.TESTING);
+                                loggerMaker.infoAndAddToDb("No executions made for this test, will need to restart it, TRRS_ID:" + testingRunResultSummary.getHexId() + " TR_ID:" + testingRun.getHexId(), LogDb.TESTING);
                                 TestingRunResultSummariesDao.instance.updateOne(Filters.eq(TestingRunResultSummary.ID, testingRunResultSummary.getId()), Updates.set(TestingRunResultSummary.STATE, TestingRun.State.FAILED));
                             }
-                        } else {
-                            loggerMaker.infoAndAddToDb("No executions made for this test, will need to restart it, TRRS_ID:" + testingRunResultSummary.getHexId() + " TR_ID:" + testingRun.getHexId(), LogDb.TESTING);
-                            TestingRunResultSummariesDao.instance.updateOne(Filters.eq(TestingRunResultSummary.ID, testingRunResultSummary.getId()), Updates.set(TestingRunResultSummary.STATE, TestingRun.State.FAILED));
                         }
+
+                        summaryId = createTRRSummaryIfAbsent(testingRun, start);
                     }
-                    summaryId = createTRRSummaryIfAbsent(testingRun, start);
                     TestExecutor testExecutor = new TestExecutor();
                     testExecutor.init(testingRun, summaryId);
                     raiseMixpanelEvent(summaryId, testingRun);
diff --git a/libs/dao/src/main/java/com/akto/dto/testing/TestingRunConfig.java b/libs/dao/src/main/java/com/akto/dto/testing/TestingRunConfig.java
@@ -68,4 +68,26 @@ public String getOverriddenTestAppUrl() {
     public void setOverriddenTestAppUrl(String overriddenTestAppUrl) {
         this.overriddenTestAppUrl = overriddenTestAppUrl;
     }
+
+    public void rebaseOn(TestingRunConfig that) {
+        if (that == null) return;
+
+        if (this == that) return;
+
+        if (this.collectionWiseApiInfoKey == null) {
+            this.collectionWiseApiInfoKey = that.collectionWiseApiInfoKey;
+        }
+
+        if (this.testSubCategoryList == null) {
+            this.testSubCategoryList = that.testSubCategoryList;
+        }
+
+        if (this.authMechanismId == null) {
+            this.authMechanismId = that.authMechanismId;
+        }
+
+        if (this.overriddenTestAppUrl == null) {
+            this.overriddenTestAppUrl = that.overriddenTestAppUrl;
+        }
+    }
 }
diff --git a/libs/dao/src/main/java/com/akto/dto/testing/TestingRunResultSummary.java b/libs/dao/src/main/java/com/akto/dto/testing/TestingRunResultSummary.java
@@ -30,6 +30,8 @@ public class TestingRunResultSummary {
     private TestingRun.State state; 
     private int testResultsCount;
 
+    private int testIdConfig;
+
     @BsonIgnore
     private String hexId;
 
@@ -38,7 +40,8 @@ public class TestingRunResultSummary {
     public TestingRunResultSummary() {
     }
 
-    public TestingRunResultSummary(int startTimestamp, int endTimestamp, Map<String,Integer> countIssues, int totalApis, ObjectId testingRunId, String testingRunHexId, int testResultsCount) {
+    public TestingRunResultSummary(int startTimestamp, int endTimestamp, Map<String,Integer> countIssues, int totalApis,
+                                   ObjectId testingRunId, String testingRunHexId, int testResultsCount, int testIdConfig) {
         this.startTimestamp = startTimestamp;
         this.endTimestamp = endTimestamp;
         this.countIssues = countIssues;
@@ -47,6 +50,7 @@ public TestingRunResultSummary(int startTimestamp, int endTimestamp, Map<String,
         this.testingRunHexId = testingRunHexId;
         this.state = TestingRun.State.RUNNING;
         this.testResultsCount = testResultsCount;
+        this.testIdConfig = testIdConfig;
     }
 
     public ObjectId getId() {
@@ -134,13 +138,22 @@ public void setMetadata(Map<String, String> metadata) {
         this.metadata = metadata;
     }
 
+    public int getTestIdConfig() {
+        return testIdConfig;
+    }
+
+    public void setTestIdConfig(int testIdConfig) {
+        this.testIdConfig = testIdConfig;
+    }
+
     @Override
     public String toString() {
         return "{" +
             " startTimestamp='" + getStartTimestamp() + "'" +
             ", endTimestamp='" + getEndTimestamp() + "'" +
             ", countIssues='" + getCountIssues() + "'" +
             ", totalApis='" + getTotalApis() + "'" +
+            ", testIdConfig='" + getTestIdConfig() + "'" +
             ", testingRunId='" + getTestingRunId() + "'" +
             ", testingRunHexId='" + getTestingRunHexId() + "'" +
             ", state='" + getState() + "'" +
