Merge pull request #1332 from akto-api-security/hotfix/npe_fix_valida…

…tion_reason Hotfix/npe fix validation reason
akto-api-security · Aug 7, 2024 · c28d6a1 · c28d6a1
2 parents 43ce679 + 948b57b
commit c28d6a1
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 63 deletions.
diff --git a/apps/testing/src/main/java/com/akto/test_editor/Utils.java b/apps/testing/src/main/java/com/akto/test_editor/Utils.java
@@ -859,5 +859,20 @@ public static Object getEpochTime(Object value) {
         }
         return val;
     }
+
+    public static String escapeSpecialCharacters(String inputString){
+        String specialChars = "\\.*+?^${}()|[]";
+        StringBuilder escaped = new StringBuilder();
+
+        for (char c : inputString.toCharArray()) {
+            if (specialChars.contains(String.valueOf(c))) {
+                // Escape special character
+                escaped.append("\\").append(c);
+            } else {
+                escaped.append(c);
+            }
+        }
+        return escaped.toString();
+    }
 
 }
diff --git a/apps/testing/src/main/java/com/akto/test_editor/filter/Filter.java b/apps/testing/src/main/java/com/akto/test_editor/filter/Filter.java
@@ -92,79 +92,58 @@ public DataOperandsFilterResponse isEndpointValid(FilterNode node, RawApi rawApi
         boolean keyValOpSeen = keyValOperandSeen;
 
         FilterNode firstExtractNode = null;
-        Map<FilterNode, String> childNodeVsValidationReason = new HashMap<>();
-        for (int i = 0; i < childNodes.size(); i++) {
-            FilterNode childNode = childNodes.get(i);
-            boolean skipExecutingExtractNode = skipExtractExecution;
-            if (node.getNodeType().equalsIgnoreCase(TestEditorEnums.OperandTypes.Collection.toString()) && i == 0) {
-                skipExecutingExtractNode = (firstExtractNode == null);
-            }
-            dataOperandsFilterResponse = isEndpointValid(childNode, rawApi, testRawApi, apiInfoKey, matchingKeySet, contextEntities, keyValOpSeen,context, varMap, logId, skipExecutingExtractNode);
-            if (!dataOperandsFilterResponse.getResult()) {
-                childNodeVsValidationReason.put(childNode, dataOperandsFilterResponse.getValidationReason());
-//                validationFailedReasons.add(dataOperandsFilterResponse.getValidationReason());
-//                validationReason.append("\n ParentOperand:- ").append(node.getOperand()).append(" - ").append(dataOperandsFilterResponse.getValidationReason());
-            }
+        StringBuilder validationReason = new StringBuilder();
+        try {
+            Map<FilterNode, String> childNodeVsValidationReason = new HashMap<>();
+            for (int i = 0; i < childNodes.size(); i++) {
+                FilterNode childNode = childNodes.get(i);
+                boolean skipExecutingExtractNode = skipExtractExecution;
+                if (node.getNodeType().equalsIgnoreCase(TestEditorEnums.OperandTypes.Collection.toString()) && i == 0) {
+                    skipExecutingExtractNode = (firstExtractNode == null);
+                }
+                dataOperandsFilterResponse = isEndpointValid(childNode, rawApi, testRawApi, apiInfoKey, matchingKeySet, contextEntities, keyValOpSeen,context, varMap, logId, skipExecutingExtractNode);
+                if (!dataOperandsFilterResponse.getResult()) {
+                    childNodeVsValidationReason.put(childNode, dataOperandsFilterResponse.getValidationReason());
+                }
 
-            // if (!dataOperandsFilterResponse.getResult()) {
-            //     loggerMaker.infoAndAddToDb("invalid node condition " + logId + " operand " + childNode.getOperand() + 
-            //     " concernedProperty " + childNode.getConcernedProperty() + " subConcernedProperty " + childNode.getSubConcernedProperty()
-            //     + " contextProperty " + childNode.getContextProperty() + " context " + context, LogDb.TESTING);
-            // }
-            if (firstExtractNode == null) {
-                firstExtractNode = dataOperandsFilterResponse.getExtractNode();
-            }
-            contextEntities = dataOperandsFilterResponse.getContextEntities();
-            result = operator.equals("and") ? result && dataOperandsFilterResponse.getResult() : result || dataOperandsFilterResponse.getResult();
-
-            if (childNodes.get(i).getOperand().toLowerCase().equals("key")) {
-                keyValOpSeen = true;
-            }
+                if (firstExtractNode == null) {
+                    firstExtractNode = dataOperandsFilterResponse.getExtractNode();
+                }
+                contextEntities = dataOperandsFilterResponse.getContextEntities();
+                result = operator.equals("and") ? result && dataOperandsFilterResponse.getResult() : result || dataOperandsFilterResponse.getResult();
+
+                if (childNodes.get(i).getOperand().toLowerCase().equals("key")) {
+                    keyValOpSeen = true;
+                }
 
-            if (!childNode.getNodeType().equalsIgnoreCase("extract")) {
-                matchingKeySet = evaluateMatchingKeySet(matchingKeySet, dataOperandsFilterResponse.getMatchedEntities(), operator);
+                if (!childNode.getNodeType().equalsIgnoreCase("extract")) {
+                    matchingKeySet = evaluateMatchingKeySet(matchingKeySet, dataOperandsFilterResponse.getMatchedEntities(), operator);
+                }
             }
-        }
-        StringBuilder validationReason = new StringBuilder();
-        if (!result && !childNodeVsValidationReason.isEmpty()) {//Validation failed by all conditions
-            validationReason.append("\n").append(node.getOperand().toLowerCase()).append(":");
-            if (operator.equalsIgnoreCase("or")) {
-//                validationReason.append("\nThese 'or' conditions failed for `parent type`").append(node.getOperand()).append(":- ");
-                for (FilterNode failedValidation: childNodeVsValidationReason.keySet()) {
-                    String validationReasonStr = childNodeVsValidationReason.get(failedValidation).replaceAll("\n","\n\t");
+            if (!result && !childNodeVsValidationReason.isEmpty()) {//Validation failed by all conditions
+                validationReason.append("\n").append(node.getOperand().toLowerCase()).append(":");
+                if (operator.equalsIgnoreCase("or")) {
+                    for (FilterNode failedValidation: childNodeVsValidationReason.keySet()) {
+                        String validationReasonStr = childNodeVsValidationReason.getOrDefault(failedValidation, null);
+                        if (!StringUtils.isEmpty(validationReasonStr)) {
+                            validationReasonStr = validationReasonStr.replaceAll("\n","\n\t");
+                            validationReason.append(validationReasonStr);
+                        }
+                    }
+                } else {
+                    String validationReasonStr = childNodeVsValidationReason.getOrDefault(childNodeVsValidationReason.keySet().iterator().next(), null);
                     if (!StringUtils.isEmpty(validationReasonStr)) {
+                        validationReasonStr = validationReasonStr.replaceAll("\n","\n\t");
                         validationReason.append(validationReasonStr);
                     }
-//                    if (!validationReason.toString().replaceAll("\t","").contains(failedV';alidation.replaceAll("\t",""))) {
-//                        validationReason.insert(0,failedValidation);
-//                        validationReason.insert(0, "\n");
-//                    }
                 }
-            } else {
-                String validationReasonStr = childNodeVsValidationReason.get(childNodeVsValidationReason.keySet().iterator().next()).replaceAll("\n","\n\t");
-                if (!StringUtils.isEmpty(validationReasonStr)) {
-                    validationReason.append(validationReasonStr);
-                }
-//                if (!validationReason.toString().replaceAll("\t","").contains(validationFailedReasons.get(0).replaceAll("\t",""))) {
-//                    validationReason.insert(0, validationFailedReasons.get(0));
-////                    validationReason.insert(0, "\n");
-//                }
             }
-//            if (validationReason.length() > 0) {
-//                validationReason.replace(0, validationReason.length(), validationReason.toString().replaceAll("\n","\n\t"));
-//            }
-//            validationReason = new StringBuilder(validationReason.toString().replaceAll("\n","\n\t"));
-//            validationReason.insert(0, ":");
-//            validationReason.insert(0, node.getOperand().toLowerCase());
-//            validationReason.insert(0, "\n");
-//
-        }
 
+        } catch (Exception e) {
+            loggerMaker.errorAndAddToDb("Error while creating failed validation reason", LogDb.TESTING);
+        }
         if (node.getNodeType().equalsIgnoreCase(TestEditorEnums.OperandTypes.Collection.toString()) && firstExtractNode != null && result) {
             DataOperandsFilterResponse resp = isEndpointValid(firstExtractNode, rawApi, testRawApi, apiInfoKey, matchingKeySet, contextEntities, keyValOpSeen,context, varMap, logId, false);
-//            if (!resp.getResult()) {
-//                validationReason.append("\nThe 'and' condition failed because :- ").append(resp.getValidationReason());
-//            }
             result = resp.getResult();
         }
 

diff --git a/apps/testing/src/main/java/com/akto/test_editor/filter/FilterAction.java b/apps/testing/src/main/java/com/akto/test_editor/filter/FilterAction.java
@@ -1490,7 +1490,7 @@ public static SingleTypeInfo querySti(String param, boolean isUrlParam, ApiInfo.
             Filters.eq("method", apiInfoKey.method.name()),
             Filters.eq("responseCode", responseCode),
             Filters.eq("isHeader", isHeader),
-            Filters.regex("param", param),
+            Filters.regex("param", Utils.escapeSpecialCharacters(param)),
             urlParamFilters
         );