Skip to content

Commit

Permalink
Merge pull request #857 from akto-api-security/develop
Browse files Browse the repository at this point in the history 
Develop
  • Loading branch information
@ayushaga14
ayushaga14 authored Feb 6, 2024
2 parents 1e2631c + 3950666 commit 9bd26b6
Show file tree
Hide file tree
Showing 65 changed files with 1,822 additions and 511 deletions.
45 changes: 35 additions & 10 deletions apps/dashboard/src/main/java/com/akto/action/ApiCollectionsAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,27 +3,25 @@
import java.util.*;

import org.bson.conversions.Bson;
import com.akto.dao.APISpecDao;
import com.akto.dao.AccountSettingsDao;
import com.akto.dao.ActivitiesDao;
import com.akto.dao.ApiCollectionsDao;
import com.akto.dao.ApiInfoDao;
import com.akto.dao.SensitiveParamInfoDao;
import com.akto.dao.SingleTypeInfoDao;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;

import com.akto.action.observe.Utils;
import com.akto.dao.*;
import com.akto.dao.billing.OrganizationsDao;
import com.akto.dao.context.Context;
import com.akto.dao.testing_run_findings.TestingRunIssuesDao;
import com.akto.dao.usage.UsageMetricInfoDao;
import com.akto.dao.usage.UsageMetricsDao;
import com.akto.dto.ApiCollection;
import com.akto.dto.ApiCollectionUsers;
import com.akto.dto.ApiInfo.ApiInfoKey;
import com.akto.dto.testing.CustomTestingEndpoints;
import com.akto.dto.testing.TestingEndpoints;
import com.akto.dto.CollectionConditions.ConditionUtils;
import com.akto.dto.billing.Organization;
import com.akto.dto.type.SingleTypeInfo;
import com.akto.dto.usage.MetricTypes;
import com.akto.dto.usage.UsageMetric;
import com.akto.listener.RuntimeListener;
import com.akto.log.LoggerMaker;
import com.akto.log.LoggerMaker.LogDb;
import com.akto.util.Constants;
Expand Down Expand Up @@ -52,6 +50,8 @@ public class ApiCollectionsAction extends UserAction {
int apiCollectionId;
List<ApiInfoKey> apiList;

private boolean hasUsageEndpoints;

public List<ApiInfoKey> getApiList() {
return apiList;
}
Expand Down Expand Up @@ -374,6 +374,26 @@ public String fetchTimersInfo(){
return Action.ERROR.toUpperCase();
}

public String fetchCustomerEndpoints(){
try {
ApiCollection juiceShop = ApiCollectionsDao.instance.findByName("juice_shop_demo");
ArrayList<Integer> demos = new ArrayList<>();
demos.add(RuntimeListener.VULNERABLE_API_COLLECTION_ID);
demos.add(RuntimeListener.LLM_API_COLLECTION_ID);
if (juiceShop != null) {
demos.add(juiceShop.getId());
}

Bson filter = Filters.nin(SingleTypeInfo._API_COLLECTION_ID, demos);
this.hasUsageEndpoints = SingleTypeInfoDao.instance.findOne(filter) != null;

return SUCCESS.toUpperCase();
} catch (Exception e) {
e.printStackTrace();
}
return Action.ERROR.toUpperCase();
}

public List<ApiCollection> getApiCollections() {
return this.apiCollections;
}
Expand Down Expand Up @@ -441,4 +461,9 @@ public int getApiCount() {
public void setApiCount(int apiCount) {
this.apiCount = apiCount;
}

public boolean getHasUsageEndpoints() {
return hasUsageEndpoints;
}

}
2 changes: 1 addition & 1 deletion apps/dashboard/src/main/java/com/akto/action/test_editor/SaveTestEditorAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -331,7 +331,7 @@ public String runTestForGivenTemplate() {
testingRunResult.setId(new ObjectId());
if (testingRunResult.isVulnerable()) {
TestingIssuesId issuesId = new TestingIssuesId(infoKey, GlobalEnums.TestErrorSource.TEST_EDITOR, testConfig.getId(), null);
testingRunIssues = new TestingRunIssues(issuesId, GlobalEnums.Severity.valueOf(testConfig.getInfo().getSeverity()), GlobalEnums.TestRunIssueStatus.OPEN, Context.now(), Context.now(),null);
testingRunIssues = new TestingRunIssues(issuesId, GlobalEnums.Severity.valueOf(testConfig.getInfo().getSeverity()), GlobalEnums.TestRunIssueStatus.OPEN, Context.now(), Context.now(),null, Context.now());
}
BasicDBObject infoObj = IssuesAction.createSubcategoriesInfoObj(testConfig);
subCategoryMap = new HashMap<>();
Expand Down
158 changes: 86 additions & 72 deletions apps/dashboard/src/main/java/com/akto/action/testing/StartTestAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,12 @@
import com.akto.DaoInit;
import com.akto.action.ExportSampleDataAction;
import com.akto.action.UserAction;
import com.akto.dao.AccountSettingsDao;
import com.akto.dao.AuthMechanismsDao;
import com.akto.dao.context.Context;
import com.akto.dao.test_editor.YamlTemplateDao;
import com.akto.dao.testing.sources.TestSourceConfigsDao;
import com.akto.dao.testing_run_findings.TestingRunIssuesDao;
import com.akto.dao.testing.*;
import com.akto.dto.AccountSettings;
import com.akto.dto.ApiInfo;
import com.akto.dto.User;
import com.akto.dto.ApiToken.Utility;
Expand All @@ -20,19 +18,18 @@
import com.akto.dto.testing.*;
import com.akto.dto.testing.TestResult.Confidence;
import com.akto.dto.testing.TestingRun.State;
import com.akto.dto.testing.TestingRun.TestingRunType;
import com.akto.dto.testing.WorkflowTestResult.NodeResult;
import com.akto.dto.testing.sources.TestSourceConfig;
import com.akto.log.LoggerMaker;
import com.akto.log.LoggerMaker.LogDb;
import com.akto.util.Constants;
import com.akto.util.LastCronRunInfo;
import com.akto.util.enums.GlobalEnums.TestErrorSource;
import com.akto.utils.Utils;
import com.mongodb.BasicDBObject;
import com.mongodb.client.model.Filters;
import com.mongodb.client.model.Projections;
import com.mongodb.client.model.Sorts;
import com.mongodb.client.model.UpdateOptions;
import com.mongodb.client.model.Updates;
import com.mongodb.client.result.InsertOneResult;
import com.opensymphony.xwork2.Action;
Expand Down Expand Up @@ -63,14 +60,13 @@ public class StartTestAction extends UserAction {
private int endTimestamp;
private String testName;
private Map<String, String> metadata;
private boolean fetchCicd;
private String triggeredBy;
private boolean isTestRunByTestEditor;
private Map<ObjectId, TestingRunResultSummary> latestTestingRunResultSummaries;
private Map<String, String> sampleDataVsCurlMap;
private String overriddenTestAppUrl;
private static final LoggerMaker loggerMaker = new LoggerMaker(StartTestAction.class);
private boolean fetchAllTestRuns;
private TestingRunType testingRunType;

private Map<String,Long> allTestsCountMap = new HashMap<>();
private Map<String,Integer> issuesSummaryInfoMap = new HashMap<>();
Expand Down Expand Up @@ -277,9 +273,13 @@ private void handleCallFromAktoGpt() {
private Map<String, List> filters;
private long testingRunsCount;

private ArrayList<Bson> prepareFilters() {
private ArrayList<Bson> prepareFilters(int startTimestamp, int endTimestamp) {
ArrayList<Bson> filterList = new ArrayList<>();

filterList.add(Filters.lte(TestingRun.SCHEDULE_TIMESTAMP, endTimestamp));
filterList.add(Filters.gte(TestingRun.SCHEDULE_TIMESTAMP, startTimestamp));
filterList.add(Filters.ne(TestingRun.TRIGGERED_BY, "test_editor"));

if (filters == null) {
return filterList;
}
Expand All @@ -293,13 +293,6 @@ private ArrayList<Bson> prepareFilters() {
continue;

switch (key) {

case "endTimestamp":
List<Long> ll = Utils.castList(Long.class, value);
filterList.add(Filters.gte(key, ll.get(0)));
filterList.add(Filters.lte(key, ll.get(1)));
break;

case "severity":
List<String> severities = Utils.castList(String.class, value);
filterList.add(Filters.in(Constants.ID, getTestsWithSeverity(severities)));
Expand Down Expand Up @@ -327,36 +320,37 @@ private Bson prepareSort() {
return sortOrder == 1 ? Sorts.ascending(sortFields) : Sorts.descending(sortFields);
}

public String retrieveAllCollectionTests() {
if (this.startTimestamp == 0) {
this.startTimestamp = Context.now();
private Bson getTestingRunTypeFilter(TestingRunType testingRunType){
if(testingRunType == null){
return Filters.empty();
}

if (this.endTimestamp == 0) {
this.endTimestamp = Context.now() + 86400;
switch (testingRunType) {
case CI_CD:
return Filters.in(Constants.ID, getCicdTests());
case ONE_TIME:
return Filters.and(
Filters.nin(Constants.ID, getCicdTests()),
Filters.eq(TestingRun.PERIOD_IN_SECONDS,0
));
case RECURRING:
return Filters.and(
Filters.nin(Constants.ID, getCicdTests()),
Filters.ne(TestingRun.PERIOD_IN_SECONDS,0
));
default:
return Filters.empty();
}
}

public String retrieveAllCollectionTests() {

this.authMechanism = AuthMechanismsDao.instance.findOne(new BasicDBObject());

ArrayList<Bson> testingRunFilters = new ArrayList<>();

if(fetchCicd){
// filters for test runs to be only CI/CD pipeline
testingRunFilters.add(Filters.in(Constants.ID, getCicdTests()));
} else if(fetchAllTestRuns){
// get All test runs which are not run by test editor
testingRunFilters.add(Filters.ne("triggeredBy", "test_editor"));
} else {
// the left test are the scheduled one
Collections.addAll(testingRunFilters,
Filters.lte(TestingRun.SCHEDULE_TIMESTAMP, this.endTimestamp),
Filters.gte(TestingRun.SCHEDULE_TIMESTAMP, this.startTimestamp),
Filters.nin(Constants.ID,getCicdTests()),
Filters.ne("triggeredBy", "test_editor")
);
}

testingRunFilters.addAll(prepareFilters());
Bson testingRunTypeFilter = getTestingRunTypeFilter(testingRunType);
testingRunFilters.add(testingRunTypeFilter);
testingRunFilters.addAll(prepareFilters(startTimestamp, endTimestamp));


int pageLimit = Math.min(limit == 0 ? 50 : limit, 10_000);

Expand Down Expand Up @@ -410,6 +404,21 @@ public String fetchTestingRunResultSummaries() {
limitForTestingRunResultSummary, sort);
this.testingRun = TestingRunDao.instance.findOne(Filters.eq("_id", testingRunId));

long cicdCount = TestingRunDao.instance.getMCollection().countDocuments(
Filters.and(
Filters.eq(Constants.ID, testingRunId),
getTestingRunTypeFilter(TestingRunType.CI_CD)
)
);

this.testingRunType = TestingRunType.ONE_TIME;
if(cicdCount > 0){
this.testingRunType = TestingRunType.CI_CD;
}
else if(this.testingRun.getPeriodInSeconds() > 0){
this.testingRunType = TestingRunType.RECURRING;
}

if (this.testingRun != null && this.testingRun.getTestIdConfig() == 1) {
WorkflowTestingEndpoints workflowTestingEndpoints = (WorkflowTestingEndpoints) testingRun
.getTestingEndpoints();
Expand Down Expand Up @@ -611,23 +620,22 @@ public String fetchMetadataFilters() {
// needed for new ui as the table was server table.
public String computeAllTestsCountMap(){
Map<String,Long> result = new HashMap<>();
ArrayList<Bson> filters = new ArrayList<>();
filters.addAll(prepareFilters(startTimestamp, endTimestamp));

long totalCount = TestingRunDao.instance.getMCollection().countDocuments(Filters.and(filters));

ArrayList<Bson> filterForCicd = new ArrayList<>(filters); // Create a copy of filters
filterForCicd.add(getTestingRunTypeFilter(TestingRunType.CI_CD));
long cicdCount = TestingRunDao.instance.getMCollection().countDocuments(Filters.and(filterForCicd));

long totalCount = TestingRunDao.instance.getMCollection().countDocuments();
List<Bson> filtersForCiCd = new ArrayList<>();
filtersForCiCd.add(Filters.in(Constants.ID, getCicdTests()));
long cicdCount = TestingRunDao.instance.getMCollection().countDocuments(Filters.and(filtersForCiCd));

int startTime = Context.now();
int endTime = Context.now() + 86400;
List<Bson> filtersForSchedule = new ArrayList<>();
Collections.addAll(filtersForSchedule,
Filters.lte(TestingRun.SCHEDULE_TIMESTAMP, endTime),
Filters.gte(TestingRun.SCHEDULE_TIMESTAMP, startTime),
Filters.nin(Constants.ID,getCicdTests())
);
long scheduleCount = TestingRunDao.instance.getMCollection().countDocuments(Filters.and(filtersForSchedule));
filters.add(getTestingRunTypeFilter(TestingRunType.ONE_TIME));

long oneTimeCount = TestingRunDao.instance.getMCollection().countDocuments(Filters.and(filters));

long scheduleCount = totalCount - oneTimeCount - cicdCount;

long oneTimeCount = totalCount - cicdCount - scheduleCount;

result.put("allTestRuns", totalCount);
result.put("oneTime", oneTimeCount);
result.put("scheduled", scheduleCount);
Expand Down Expand Up @@ -683,13 +691,6 @@ public String deleteTestRunsAction() {
DeleteTestRuns DeleteTestRuns = new DeleteTestRuns(testRunIdsCopy, Context.now(), new HashMap<>(),
testConfigIds, latestSummaryIds);
executeDelete(DeleteTestRuns);

// set timestamp for last calculated severity score as 0. then severity score of apiinfo will get updated automatically
AccountSettingsDao.instance.getMCollection().updateOne(
AccountSettingsDao.generateFilter(),
Updates.set((AccountSettings.LAST_UPDATED_CRON_INFO + "."+ LastCronRunInfo.LAST_UPDATED_SEVERITY), 0),
new UpdateOptions().upsert(true)
);
} catch (Exception e) {
return Action.ERROR.toUpperCase();
}
Expand All @@ -713,6 +714,23 @@ public String deleteTestDataFromSummaryId(){
return SUCCESS.toUpperCase();
}

private boolean testRunsByUser;

private boolean getUserTestingRuns(){
Bson filter = Filters.ne(TestingRun.NAME, "Onboarding demo test");
return TestingRunDao.instance.getMCollection().find(filter).limit(1).first() != null;
}

public String getUsageTestRuns(){
try {
this.testRunsByUser = getUserTestingRuns();
return SUCCESS.toUpperCase();
} catch (Exception e) {
e.printStackTrace();
}
return Action.ERROR.toUpperCase();
}


public void setType(TestingEndpoints.Type type) {
this.type = type;
Expand Down Expand Up @@ -858,14 +876,6 @@ public void setMetadata(Map<String, String> metadata) {
this.metadata = metadata;
}

public boolean isFetchCicd() {
return fetchCicd;
}

public void setFetchCicd(boolean fetchCicd) {
this.fetchCicd = fetchCicd;
}

public CallSource getSource() {
return this.source;
}
Expand Down Expand Up @@ -971,12 +981,12 @@ public Map<String, Set<String>> getMetadataFilters() {
return metadataFilters;
}

public boolean isFetchAllTestRuns() {
return fetchAllTestRuns;
public TestingRunType getTestingRunType() {
return testingRunType;
}

public void setFetchAllTestRuns(boolean fetchAllTestRuns) {
this.fetchAllTestRuns = fetchAllTestRuns;
public void setTestingRunType(TestingRunType testingRunType) {
this.testingRunType = testingRunType;
}

public Map<String, Integer> getIssuesSummaryInfoMap() {
Expand All @@ -1003,6 +1013,10 @@ public void setLatestSummaryIds(List<String> latestSummaryIds) {
this.latestSummaryIds = latestSummaryIds;
}

public boolean getTestRunsByUser() {
return testRunsByUser;
}


public enum CallSource {
TESTING_UI,
Expand Down
Loading

0 comments on commit 9bd26b6

Please sign in to comment.