Merge pull request #1355 from akto-api-security/hotfix/first_url_param_merging

fix first url param merging

Author: avneesh-akto

apps/api-runtime/src/main/java/com/akto/runtime/APICatalogSync.java

@@ -709,9 +709,7 @@ public static boolean isNumber(String val) {
 
     public static URLTemplate tryParamteresingUrl(URLStatic newUrl){
         String[] tokens = tokenize(newUrl.getUrl());
-        if(tokens.length < 2){
-            return null;
-        }
+        boolean tokensBelowThreshold = tokens.length < 2;
         Pattern pattern = patternToSubType.get(SingleTypeInfo.UUID);
         boolean allNull = true;
         SuperType[] newTypes = new SuperType[tokens.length];
@@ -733,7 +731,7 @@ public static URLTemplate tryParamteresingUrl(URLStatic newUrl){
 
             if(tokens[i] != null){
                 SubType tempSubType = KeyTypes.findSubType(tokens[i], ""+i, null,true);
-                if(isValidSubtype(tempSubType)){
+                if(!tokensBelowThreshold && isValidSubtype(tempSubType)){
                     newTypes[i] = SuperType.STRING;
                     tokens[i] = null;
                 }else if(isAlphanumericString(tempToken)){

apps/api-runtime/src/test/java/com/akto/parsers/TestMergingNew.java

@@ -164,6 +164,34 @@ public void testmultipleUUIDForceMerge(){
         assertNotNull(singleTypeInfo2);
     }
 
+    @Test
+    public void testFirstUrlParameterMerging(){
+        SingleTypeInfoDao.instance.getMCollection().drop();
+        ApiCollectionsDao.instance.getMCollection().drop();
+        HttpCallParser parser = new HttpCallParser("userIdentifier", 1, 1, 1, true);
+        List<HttpResponseParams> responseParams = new ArrayList<>();
+        List<String> urls = new ArrayList<>();
+        urls.add("/D654447FF7"); // merges to /STRING
+        urls.add("/c7e5e544-4040-4405-b2a7-22bf9c5286fb"); // merges to /STRING
+        urls.add("/3"); // merges to /INTEGER
+        urls.add(new ObjectId().toHexString()); // merges to /OBJECT_ID
+        urls.add("[email protected]"); //this shouldn't get merge because tokensBelowThreshold and subtype match
+
+        int i = 0;
+        for (String c: urls) {
+            HttpResponseParams resp = createDifferentHttpResponseParams(i*100, c);
+            responseParams.add(resp);
+            i +=1;
+        }
+
+        parser.syncFunction(responseParams, false, true, null);
+        parser.apiCatalogSync.syncWithDB(false, true, SyncLimit.noLimit);
+        parser.apiCatalogSync.buildFromDB(false, true);
+        assertEquals(1, parser.apiCatalogSync.getDbState(123).getStrictURLToMethods().size());
+        assertEquals(3, parser.apiCatalogSync.getDbState(123).getTemplateURLToMethods().size());
+
+    }
+
     @Test
     public void testUUIDForceMerge() {
         SingleTypeInfoDao.instance.getMCollection().drop();

apps/mini-runtime/src/main/java/com/akto/hybrid_runtime/APICatalogSync.java

@@ -526,9 +526,7 @@ public static boolean isNumber(String val) {
 
     public static URLTemplate tryParamteresingUrl(URLStatic newUrl){
         String[] tokens = tokenize(newUrl.getUrl());
-        if(tokens.length < 2){
-            return null;
-        }
+        boolean tokensBelowThreshold = tokens.length < 2;
         Pattern pattern = patternToSubType.get(SingleTypeInfo.UUID);
         boolean allNull = true;
         SuperType[] newTypes = new SuperType[tokens.length];
@@ -550,7 +548,7 @@ public static URLTemplate tryParamteresingUrl(URLStatic newUrl){
 
             if(tokens[i] != null){
                 SubType tempSubType = KeyTypes.findSubType(tokens[i], ""+i, null,true);
-                if(isValidSubtype(tempSubType)){
+                if(!tokensBelowThreshold && isValidSubtype(tempSubType)){
                     newTypes[i] = SuperType.STRING;
                     tokens[i] = null;
                 }else if(isAlphanumericString(tempToken)){