From c4566e19f827cef8579df80d35842dc2d7814530 Mon Sep 17 00:00:00 2001 From: shivamrawat101192 Date: Tue, 6 Aug 2024 16:44:50 +0530 Subject: [PATCH 1/2] npe fix for failed validation reason --- .../com/akto/test_editor/filter/Filter.java | 103 +++++++----------- 1 file changed, 41 insertions(+), 62 deletions(-) diff --git a/apps/testing/src/main/java/com/akto/test_editor/filter/Filter.java b/apps/testing/src/main/java/com/akto/test_editor/filter/Filter.java index 32ae2c0998..5f55a37b69 100644 --- a/apps/testing/src/main/java/com/akto/test_editor/filter/Filter.java +++ b/apps/testing/src/main/java/com/akto/test_editor/filter/Filter.java @@ -92,79 +92,58 @@ public DataOperandsFilterResponse isEndpointValid(FilterNode node, RawApi rawApi boolean keyValOpSeen = keyValOperandSeen; FilterNode firstExtractNode = null; - Map childNodeVsValidationReason = new HashMap<>(); - for (int i = 0; i < childNodes.size(); i++) { - FilterNode childNode = childNodes.get(i); - boolean skipExecutingExtractNode = skipExtractExecution; - if (node.getNodeType().equalsIgnoreCase(TestEditorEnums.OperandTypes.Collection.toString()) && i == 0) { - skipExecutingExtractNode = (firstExtractNode == null); - } - dataOperandsFilterResponse = isEndpointValid(childNode, rawApi, testRawApi, apiInfoKey, matchingKeySet, contextEntities, keyValOpSeen,context, varMap, logId, skipExecutingExtractNode); - if (!dataOperandsFilterResponse.getResult()) { - childNodeVsValidationReason.put(childNode, dataOperandsFilterResponse.getValidationReason()); -// validationFailedReasons.add(dataOperandsFilterResponse.getValidationReason()); -// validationReason.append("\n ParentOperand:- ").append(node.getOperand()).append(" - ").append(dataOperandsFilterResponse.getValidationReason()); - } + StringBuilder validationReason = new StringBuilder(); + try { + Map childNodeVsValidationReason = new HashMap<>(); + for (int i = 0; i < childNodes.size(); i++) { + FilterNode childNode = childNodes.get(i); + boolean skipExecutingExtractNode = skipExtractExecution; + if (node.getNodeType().equalsIgnoreCase(TestEditorEnums.OperandTypes.Collection.toString()) && i == 0) { + skipExecutingExtractNode = (firstExtractNode == null); + } + dataOperandsFilterResponse = isEndpointValid(childNode, rawApi, testRawApi, apiInfoKey, matchingKeySet, contextEntities, keyValOpSeen,context, varMap, logId, skipExecutingExtractNode); + if (!dataOperandsFilterResponse.getResult()) { + childNodeVsValidationReason.put(childNode, dataOperandsFilterResponse.getValidationReason()); + } - // if (!dataOperandsFilterResponse.getResult()) { - // loggerMaker.infoAndAddToDb("invalid node condition " + logId + " operand " + childNode.getOperand() + - // " concernedProperty " + childNode.getConcernedProperty() + " subConcernedProperty " + childNode.getSubConcernedProperty() - // + " contextProperty " + childNode.getContextProperty() + " context " + context, LogDb.TESTING); - // } - if (firstExtractNode == null) { - firstExtractNode = dataOperandsFilterResponse.getExtractNode(); - } - contextEntities = dataOperandsFilterResponse.getContextEntities(); - result = operator.equals("and") ? result && dataOperandsFilterResponse.getResult() : result || dataOperandsFilterResponse.getResult(); - - if (childNodes.get(i).getOperand().toLowerCase().equals("key")) { - keyValOpSeen = true; - } + if (firstExtractNode == null) { + firstExtractNode = dataOperandsFilterResponse.getExtractNode(); + } + contextEntities = dataOperandsFilterResponse.getContextEntities(); + result = operator.equals("and") ? result && dataOperandsFilterResponse.getResult() : result || dataOperandsFilterResponse.getResult(); + + if (childNodes.get(i).getOperand().toLowerCase().equals("key")) { + keyValOpSeen = true; + } - if (!childNode.getNodeType().equalsIgnoreCase("extract")) { - matchingKeySet = evaluateMatchingKeySet(matchingKeySet, dataOperandsFilterResponse.getMatchedEntities(), operator); + if (!childNode.getNodeType().equalsIgnoreCase("extract")) { + matchingKeySet = evaluateMatchingKeySet(matchingKeySet, dataOperandsFilterResponse.getMatchedEntities(), operator); + } } - } - StringBuilder validationReason = new StringBuilder(); - if (!result && !childNodeVsValidationReason.isEmpty()) {//Validation failed by all conditions - validationReason.append("\n").append(node.getOperand().toLowerCase()).append(":"); - if (operator.equalsIgnoreCase("or")) { -// validationReason.append("\nThese 'or' conditions failed for `parent type`").append(node.getOperand()).append(":- "); - for (FilterNode failedValidation: childNodeVsValidationReason.keySet()) { - String validationReasonStr = childNodeVsValidationReason.get(failedValidation).replaceAll("\n","\n\t"); + if (!result && !childNodeVsValidationReason.isEmpty()) {//Validation failed by all conditions + validationReason.append("\n").append(node.getOperand().toLowerCase()).append(":"); + if (operator.equalsIgnoreCase("or")) { + for (FilterNode failedValidation: childNodeVsValidationReason.keySet()) { + String validationReasonStr = childNodeVsValidationReason.getOrDefault(failedValidation, null); + if (!StringUtils.isEmpty(validationReasonStr)) { + validationReasonStr = validationReasonStr.replaceAll("\n","\n\t"); + validationReason.append(validationReasonStr); + } + } + } else { + String validationReasonStr = childNodeVsValidationReason.getOrDefault(childNodeVsValidationReason.keySet().iterator().next(), null); if (!StringUtils.isEmpty(validationReasonStr)) { + validationReasonStr = validationReasonStr.replaceAll("\n","\n\t"); validationReason.append(validationReasonStr); } -// if (!validationReason.toString().replaceAll("\t","").contains(failedV';alidation.replaceAll("\t",""))) { -// validationReason.insert(0,failedValidation); -// validationReason.insert(0, "\n"); -// } } - } else { - String validationReasonStr = childNodeVsValidationReason.get(childNodeVsValidationReason.keySet().iterator().next()).replaceAll("\n","\n\t"); - if (!StringUtils.isEmpty(validationReasonStr)) { - validationReason.append(validationReasonStr); - } -// if (!validationReason.toString().replaceAll("\t","").contains(validationFailedReasons.get(0).replaceAll("\t",""))) { -// validationReason.insert(0, validationFailedReasons.get(0)); -//// validationReason.insert(0, "\n"); -// } } -// if (validationReason.length() > 0) { -// validationReason.replace(0, validationReason.length(), validationReason.toString().replaceAll("\n","\n\t")); -// } -// validationReason = new StringBuilder(validationReason.toString().replaceAll("\n","\n\t")); -// validationReason.insert(0, ":"); -// validationReason.insert(0, node.getOperand().toLowerCase()); -// validationReason.insert(0, "\n"); -// - } + } catch (Exception e) { + loggerMaker.errorAndAddToDb("Error while creating failed validation reason", LogDb.TESTING); + } if (node.getNodeType().equalsIgnoreCase(TestEditorEnums.OperandTypes.Collection.toString()) && firstExtractNode != null && result) { DataOperandsFilterResponse resp = isEndpointValid(firstExtractNode, rawApi, testRawApi, apiInfoKey, matchingKeySet, contextEntities, keyValOpSeen,context, varMap, logId, false); -// if (!resp.getResult()) { -// validationReason.append("\nThe 'and' condition failed because :- ").append(resp.getValidationReason()); -// } result = resp.getResult(); } From 948b57b7b4b61874f09bd8569543856c3372daed Mon Sep 17 00:00:00 2001 From: Ark2307 Date: Wed, 7 Aug 2024 11:25:21 +0530 Subject: [PATCH 2/2] fixing escape check for regex --- .../src/main/java/com/akto/test_editor/Utils.java | 15 +++++++++++++++ .../com/akto/test_editor/filter/FilterAction.java | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/apps/testing/src/main/java/com/akto/test_editor/Utils.java b/apps/testing/src/main/java/com/akto/test_editor/Utils.java index 983e32fe0b..84fed2bded 100644 --- a/apps/testing/src/main/java/com/akto/test_editor/Utils.java +++ b/apps/testing/src/main/java/com/akto/test_editor/Utils.java @@ -859,5 +859,20 @@ public static Object getEpochTime(Object value) { } return val; } + + public static String escapeSpecialCharacters(String inputString){ + String specialChars = "\\.*+?^${}()|[]"; + StringBuilder escaped = new StringBuilder(); + + for (char c : inputString.toCharArray()) { + if (specialChars.contains(String.valueOf(c))) { + // Escape special character + escaped.append("\\").append(c); + } else { + escaped.append(c); + } + } + return escaped.toString(); + } } diff --git a/apps/testing/src/main/java/com/akto/test_editor/filter/FilterAction.java b/apps/testing/src/main/java/com/akto/test_editor/filter/FilterAction.java index 059c055ca0..b4f61c423c 100644 --- a/apps/testing/src/main/java/com/akto/test_editor/filter/FilterAction.java +++ b/apps/testing/src/main/java/com/akto/test_editor/filter/FilterAction.java @@ -1490,7 +1490,7 @@ public static SingleTypeInfo querySti(String param, boolean isUrlParam, ApiInfo. Filters.eq("method", apiInfoKey.method.name()), Filters.eq("responseCode", responseCode), Filters.eq("isHeader", isHeader), - Filters.regex("param", param), + Filters.regex("param", Utils.escapeSpecialCharacters(param)), urlParamFilters );