From 6d60379aeeeab700cc6506e68bdf1ee8b81b454c Mon Sep 17 00:00:00 2001 From: Ark2307 Date: Mon, 18 Mar 2024 16:13:04 +0530 Subject: [PATCH] "changes made for testing ssrf" --- apps/testing/src/main/java/com/akto/test_editor/Utils.java | 6 +++++- .../main/java/com/akto/test_editor/execution/Executor.java | 4 ++-- docker.env | 3 ++- .../main/java/com/akto/dao/test_editor/TestEditorEnums.java | 2 +- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/apps/testing/src/main/java/com/akto/test_editor/Utils.java b/apps/testing/src/main/java/com/akto/test_editor/Utils.java index 96e6ef7421..bb83f70c10 100644 --- a/apps/testing/src/main/java/com/akto/test_editor/Utils.java +++ b/apps/testing/src/main/java/com/akto/test_editor/Utils.java @@ -660,7 +660,11 @@ public static ExecutorSingleOperationResp sendRequestToSsrfServer(String request public static Boolean sendRequestToSsrfServer(String url){ String requestUrl = ""; if(!(url.startsWith("http"))){ - requestUrl = "http://ssrf.akto.io/validate/" + url; + String hostName ="https://test-services.akto.io/"; + if(System.getenv("SSRF_SERVICE_NAME") != null && System.getenv("SSRF_SERVICE_NAME").length() > 0){ + hostName = System.getenv("SSRF_SERVICE_NAME"); + } + requestUrl = hostName + url; } Request request = new Request.Builder() diff --git a/apps/testing/src/main/java/com/akto/test_editor/execution/Executor.java b/apps/testing/src/main/java/com/akto/test_editor/execution/Executor.java index ed08cdec45..274bac613a 100644 --- a/apps/testing/src/main/java/com/akto/test_editor/execution/Executor.java +++ b/apps/testing/src/main/java/com/akto/test_editor/execution/Executor.java @@ -440,7 +440,7 @@ private static BasicDBObject getBillingTokenForAuth() { Filters.in(Organization.ACCOUNTS, accountId) ); if (organization == null) { - + return new BasicDBObject("error", "organization not found"); } Tokens tokens; @@ -466,7 +466,7 @@ private static BasicDBObject getBillingTokenForAuth() { public ExecutorSingleOperationResp runOperation(String operationType, RawApi rawApi, Object key, Object value, Map varMap, AuthMechanism authMechanism, List customAuthTypes) { switch (operationType.toLowerCase()) { - case "send_ssrf_request": + case "send_ssrf_req": String keyValue = key.toString().replaceAll("\\$\\{random_uuid\\}", ""); String url = Utils.extractValue(keyValue, "url="); String redirectUrl = Utils.extractValue(keyValue, "redirect_url="); diff --git a/docker.env b/docker.env index f9e4d9cd4d..4c02a9279e 100644 --- a/docker.env +++ b/docker.env @@ -5,4 +5,5 @@ AKTO_TRAFFIC_BATCH_SIZE=100 AKTO_TRAFFIC_BATCH_TIME_SECS=10 DASHBOARD_MODE=local_deploy USE_HOSTNAME=true -PUPPETEER_REPLAY_SERVICE_URL=http://akto-puppeteer-replay:3000 \ No newline at end of file +PUPPETEER_REPLAY_SERVICE_URL=http://akto-puppeteer-replay:3000 +SSRF_SERVICE_NAME="https://test-services.akto.io/" \ No newline at end of file diff --git a/libs/dao/src/main/java/com/akto/dao/test_editor/TestEditorEnums.java b/libs/dao/src/main/java/com/akto/dao/test_editor/TestEditorEnums.java index c882d20a2a..9b8b732a69 100644 --- a/libs/dao/src/main/java/com/akto/dao/test_editor/TestEditorEnums.java +++ b/libs/dao/src/main/java/com/akto/dao/test_editor/TestEditorEnums.java @@ -206,7 +206,7 @@ public enum TerminalExecutorDataOperands { REPLACE_BODY, JWT_REPLACE_BODY, ATTACH_FILE, - SEND_SSRF_REQUEST, + SEND_SSRF_REQ, } public enum NonTerminalExecutorDataOperands {