"changes made for testing ssrf"

akto-api-security · Mar 18, 2024 · 6d60379 · 6d60379
1 parent c84dd28
commit 6d60379
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 5 deletions.
diff --git a/apps/testing/src/main/java/com/akto/test_editor/Utils.java b/apps/testing/src/main/java/com/akto/test_editor/Utils.java
@@ -660,7 +660,11 @@ public static ExecutorSingleOperationResp sendRequestToSsrfServer(String request
     public static Boolean sendRequestToSsrfServer(String url){
         String requestUrl = "";
         if(!(url.startsWith("http"))){
-            requestUrl = "http://ssrf.akto.io/validate/" + url;
+            String hostName ="https://test-services.akto.io/";
+            if(System.getenv("SSRF_SERVICE_NAME") != null && System.getenv("SSRF_SERVICE_NAME").length() > 0){
+                hostName = System.getenv("SSRF_SERVICE_NAME");
+            }
+            requestUrl = hostName + url;
         }
 
         Request request = new Request.Builder()

diff --git a/apps/testing/src/main/java/com/akto/test_editor/execution/Executor.java b/apps/testing/src/main/java/com/akto/test_editor/execution/Executor.java
@@ -440,7 +440,7 @@ private static BasicDBObject getBillingTokenForAuth() {
                 Filters.in(Organization.ACCOUNTS, accountId)
         );
         if (organization == null) {
-
+            return new BasicDBObject("error", "organization not found");
         }
 
         Tokens tokens;
@@ -466,7 +466,7 @@ private static BasicDBObject getBillingTokenForAuth() {
 
     public ExecutorSingleOperationResp runOperation(String operationType, RawApi rawApi, Object key, Object value, Map<String, Object> varMap, AuthMechanism authMechanism, List<CustomAuthType> customAuthTypes) {
         switch (operationType.toLowerCase()) {
-            case "send_ssrf_request":
+            case "send_ssrf_req":
                 String keyValue = key.toString().replaceAll("\\$\\{random_uuid\\}", "");
                 String url = Utils.extractValue(keyValue, "url=");
                 String redirectUrl = Utils.extractValue(keyValue, "redirect_url=");

diff --git a/docker.env b/docker.env
@@ -5,4 +5,5 @@ AKTO_TRAFFIC_BATCH_SIZE=100
 AKTO_TRAFFIC_BATCH_TIME_SECS=10
 DASHBOARD_MODE=local_deploy
 USE_HOSTNAME=true
-PUPPETEER_REPLAY_SERVICE_URL=http://akto-puppeteer-replay:3000
+PUPPETEER_REPLAY_SERVICE_URL=http://akto-puppeteer-replay:3000
+SSRF_SERVICE_NAME="https://test-services.akto.io/"
diff --git a/libs/dao/src/main/java/com/akto/dao/test_editor/TestEditorEnums.java b/libs/dao/src/main/java/com/akto/dao/test_editor/TestEditorEnums.java
@@ -206,7 +206,7 @@ public enum TerminalExecutorDataOperands {
         REPLACE_BODY,
         JWT_REPLACE_BODY,
         ATTACH_FILE,
-        SEND_SSRF_REQUEST,
+        SEND_SSRF_REQ,
     }
 
     public enum NonTerminalExecutorDataOperands {