Merge pull request #640 from akto-api-security/develop

Develop

Author: avneesh-akto

apps/dashboard/src/main/java/com/akto/action/quick_start/QuickStartAction.java

@@ -154,14 +154,11 @@ public String saveLoadBalancers() {
         if (!AwsStack.getInstance().checkIfStackExists(MirroringStackDetails.getStackName())) {
             this.isFirstSetup = true;
             try {
-                Map<String, String> parameters = new HashMap<String, String>() {
-                    {
-                        put("MongoIp", System.getenv("AKTO_MONGO_CONN"));
-                        put("KeyPair", System.getenv("EC2_KEY_PAIR"));
-                        put("SourceLBs", extractLBs());
-                        put("SubnetId", System.getenv("EC2_SUBNET_ID"));
-                    }
-                };
+                Map<String, String> parameters = new HashMap<>();
+                parameters.put("MongoIp", System.getenv("AKTO_MONGO_CONN"));
+                parameters.put("KeyPair", System.getenv("EC2_KEY_PAIR"));
+                parameters.put("SourceLBs", extractLBs());
+                parameters.put("SubnetId", System.getenv("EC2_SUBNET_ID"));
                 String template = convertStreamToString(AwsStack.class
                         .getResourceAsStream("/cloud_formation_templates/akto_aws_mirroring.template"));
                 List<Tag> tags = Utils.fetchTags(DashboardStackDetails.getStackName());
@@ -174,11 +171,8 @@ public String saveLoadBalancers() {
         } else {
             this.isFirstSetup = false;
             try {
-                Map<String, String> updatedEnvVars = new HashMap<String, String>() {
-                    {
-                        put("ELB_NAMES", extractLBs());
-                    }
-                };
+                Map<String, String> updatedEnvVars = new HashMap<>();
+                updatedEnvVars.put("ELB_NAMES", extractLBs());
                 String functionName = AwsStack.getInstance().fetchResourcePhysicalIdByLogicalId(MirroringStackDetails.getStackName(), MirroringStackDetails.CREATE_MIRROR_SESSION_LAMBDA);
                 UpdateFunctionRequest ufr = new UpdateFunctionRequest(updatedEnvVars);
                 Lambda.getInstance().updateFunctionConfiguration(functionName, ufr);

apps/dashboard/src/main/resources/cloud_formation_templates/akto_aws_mirroring.template

@@ -57,11 +57,12 @@
             tabs: obj.arrR,
             description: obj.strN,
             defaultTabName: obj.strN,
-            tabsContent: obj.objN
+            tabsContent: obj.objN,
+            tab: obj.strN
         },
         data () {
             return {
-                tabName: null
+                tabName: parseInt(this.tab) || null
             }
         },
         methods: {

apps/dashboard/web/src/apps/dashboard/layouts/LayoutWithTabs.vue

@@ -2,7 +2,11 @@
     <spinner v-if="loading"/>
     <a-card  v-else title="Configure test" icon="$fas_cog" class="tests-selector-container">
         <div class="mx-8 my-4">
-            <div class="d-flex">
+            <div v-if="!authPresent">
+                Please set an authentication mechanism <a target="_blank" class="clickable-link" href="/dashboard/testing/active?tab=1">here</a> before you test any APIs.
+            </div>
+            <div :class="disableLinkClass">
+            <div class="d-flex" >
                 <div class="name-div">Name: </div>
                 <name-input :defaultName="collectionName" :defaultSuffixes="nameSuffixes" @changed="setTestName" />
             </div>
@@ -58,7 +62,7 @@
             </div>
 
             <schedule-box @schedule="emitTestSelection" class="mt-2"/>
-
+            </div>
         </div>
     </a-card>
 </template>
@@ -67,6 +71,7 @@
 
 import marketplaceApi from '../../../marketplace/api'
 import issuesApi from '../../../issues/api'
+import testingApi from '../../../testing/api'
 import Spinner from '@/apps/dashboard/shared/components/Spinner'
 import ScheduleBox from '@/apps/dashboard/shared/components/ScheduleBox'
 import func from '@/util/func'
@@ -96,7 +101,9 @@ export default {
             startTimestamp: func.timeNow(),
             selectedCategory: null,
             globalCheckbox: false,
-            testName: ""
+            testName: "",
+            authPresent: false,
+            disableLinkClass: 'disable-div'
         }
     },
     mounted() {
@@ -111,7 +118,12 @@ export default {
                 _this.mapCategoryToSubcategory = _this.populateMapCategoryToSubcategory()
             })
         })
-        
+        testingApi.fetchAuthMechanismData().then(resp => {
+            if(resp.authMechanism){
+                this.authPresent = true;
+                this.disableLinkClass = ''
+            }
+        })
         
     },
     methods: {
@@ -246,4 +258,11 @@ export default {
     margin: auto 8px auto 0
     font-size: 14px
     font-weight: 500
+
+.clickable-link
+    color: #6200ea !important
+
+.disable-div
+    pointer-events: none
+    opacity: 0.4
 </style>

apps/dashboard/web/src/apps/dashboard/views/observe/inventory/components/TestsSelector.vue

@@ -1,5 +1,5 @@
 <template>
-    <layout-with-tabs title="API Testing" class="page-testing" :tabs='["Test results", "User config", "Roles"]'>
+    <layout-with-tabs title="API Testing" class="page-testing" :tabs='["Test results", "User config", "Roles"]' :tab="tab">
         <template slot="Test results">
             <div class="py-8">
                 <div>
@@ -40,7 +40,7 @@
                             <p> 1 </p>
                         </div>
                         <div>
-                            <h3> Inject hard-coded auth token </h3>
+                            <h3> Inject hard-coded attacker auth token </h3>
                         </div>
                     </div>
                     <!-- <div>
@@ -83,7 +83,7 @@
                         </div>
 
                         <div>
-                            <h3> Automate auth token generation </h3>
+                            <h3> Automate attacker auth token generation </h3>
                         </div>
                     </div>
 
@@ -153,6 +153,7 @@ import ApiCollectionGroup from '@/apps/dashboard/shared/components/menus/ApiColl
 import LoginStepBuilder from './components/token/LoginStepBuilder'
 import TokenAutomation from './components/token/TokenAutomation'
 import HelpTooltip from '@/apps/dashboard/shared/components/help/HelpTooltip'
+import obj from "@/util/obj";
 
 export default {
     name: "PageTesting",
@@ -172,7 +173,7 @@ export default {
         LogFetch
     },
     props: {
-
+        tab: obj.strN
     },
     data() {
         return {

apps/dashboard/web/src/apps/dashboard/views/testing/PageTesting.vue

@@ -106,7 +106,15 @@
                             </div>
                             <div style="margin-left: 24px">
                                 <div class="d-flex jc-sb mr-3">
-                                    <span class="description-title mt-4">Test response matches {{ percentageMatch }}% with original API response</span>
+                                    <span class="description-title mt-4">
+                                        Test response matches {{ percentageMatch }}% with original API response
+
+                                        <v-chip v-if="isVulnerableAttempt" :style="{ 'height': '18px !important' }" class="ml-2 mr-2" color="rgba(255, 0, 0, 0.5)" text-color="#FFFFFF">
+                                            Vulnerable Attempt
+                                        </v-chip>
+                                    </span>
+                                    <span>
+                                    </span>
                                     <v-btn v-if="messagesBasic.length > 1" icon @click="nextClicked">
                                         <v-icon>$fas_angle-double-right</v-icon>
                                     </v-btn>
@@ -232,7 +240,7 @@ export default {
             let testSubType = this.testingRunResult["testSubType"]
             let singleTypeInfos = this.testingRunResult["singleTypeInfos"]
             let highlightPaths = this.buildHighlightPaths(singleTypeInfos);
-            return this.testingRunResult["testResults"].map(x => { return { message: x.originalMessage, title: testSubType, highlightPaths: highlightPaths, errors: x.errors, percentageMatch: x.percentageMatch } })
+            return this.testingRunResult["testResults"].map(x => { return { message: x.originalMessage, title: testSubType, highlightPaths: highlightPaths, errors: x.errors, percentageMatch: x.percentageMatch, vulnerable: x.vulnerable } })
         },
         jsonBasic: function () {
             if (this.testingRunResult == null) return null
@@ -254,6 +262,11 @@ export default {
                 return null
             }
         },
+        isVulnerableAttempt: function () {
+            if (this.testingRunResult == null) return null
+            let currentMessage = this.messagesAdvance[this.currentIndex]
+            return currentMessage ? currentMessage["vulnerable"] : null
+        },
         jsonAdvance: function () {
             if (this.testingRunResult == null) return null
             let currentMessage = this.messagesAdvance[this.currentIndex]

apps/dashboard/web/src/apps/dashboard/views/testing/components/TestResultsDialog.vue

@@ -25,8 +25,19 @@
                 @dateClicked=dateClicked
             />     
             <div class="testing-results-header" v-if="currentTest">
-                <span>Test results: </span>    
-                <span>{{selectedDateStr()}}</span>
+                <div>
+                    <span>Test results: </span>    
+                    <span>{{selectedDateStr()}}</span>
+                </div>
+                <div style="display: flex; text-transform: capitalize;">
+                    <div v-if="this.currentTest.state">Test status: {{this.currentTest.state.toLowerCase()}}</div>
+                    <div v-if="this.currentTest.state === 'SCHEDULED' || this.currentTest.state === 'RUNNING' " style="padding-left: 6px; padding-top: 4px;">
+                        <v-progress-circular indeterminate color="primary" :size="12" :width="1.5"></v-progress-circular>
+                    </div>
+                    <span v-if="this.currentTest.state === 'COMPLETED'" style="padding-top: 4px;">
+                        <v-icon color="green" :size="14">$fas_check-circle</v-icon>
+                    </span>
+                </div>
             </div>                  
             <simple-table
                 :headers="testingRunResultsHeaders" 
@@ -354,4 +365,7 @@ export default {
     font-size: 14px        
     font-weight: 500
     color: #47466A80
+    display: flex
+    justify-content: space-between
+    padding-right: 24px
 </style>

apps/dashboard/web/src/apps/dashboard/views/testing/components/TestingRunResults.vue

@@ -70,6 +70,11 @@ const router =  new Router({
                     components: {
                         default: PageTesting
                     },
+                    props: {
+                        default: route => ({
+                            tab: route.query.tab
+                        })
+                    },
                     children: [
                         {
                             path: 'active',

apps/dashboard/web/src/apps/main/router/index.js

@@ -147,7 +147,7 @@ export default {
         var d = date.getDate();
         var m = strArray[date.getMonth()];
         var y = date.getFullYear();
-        return m + ' ' + d + ', ' + (needYear ? y: '' ) + ' ' + date.toISOString().substr(11,5)
+        return m + ' ' + d + ', ' + (needYear ? y: '' ) + ' ' + date.toTimeString().substr(0, 5)
     },
     toDateStrShort(date) {
         var d = "" + date.getDate();