diff --git a/apps/testing/src/main/java/com/akto/rules/TestPlugin.java b/apps/testing/src/main/java/com/akto/rules/TestPlugin.java index 8273c0eb16..aaf1f1596c 100644 --- a/apps/testing/src/main/java/com/akto/rules/TestPlugin.java +++ b/apps/testing/src/main/java/com/akto/rules/TestPlugin.java @@ -345,7 +345,7 @@ public static boolean validateValidator(FilterNode validatorNode, RawApi rawApi, private static ValidationResult validate(FilterNode node, RawApi rawApi, RawApi testRawApi, ApiInfoKey apiInfoKey, String context, Map varMap, String logId) { Filter filter = new Filter(); DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(node, rawApi, testRawApi, apiInfoKey, null, null , false,context, varMap, logId, false); - return new ValidationResult(dataOperandsFilterResponse.getResult(), dataOperandsFilterResponse.getValidationReason()); + return ValidationResult.getInstance().resetValues(dataOperandsFilterResponse.getResult(), dataOperandsFilterResponse.getValidationReason()); } public static class ApiExecutionDetails { diff --git a/apps/testing/src/main/java/com/akto/testing/yaml_tests/YamlTestTemplate.java b/apps/testing/src/main/java/com/akto/testing/yaml_tests/YamlTestTemplate.java index 75f8be3189..a629303c5c 100644 --- a/apps/testing/src/main/java/com/akto/testing/yaml_tests/YamlTestTemplate.java +++ b/apps/testing/src/main/java/com/akto/testing/yaml_tests/YamlTestTemplate.java @@ -101,9 +101,7 @@ public ValidationResult filter() { // loggerMaker.debugAndAddToDb("validating auth, authenticated value is " + this.auth.getAuthenticated() + " " + logId, LogDb.TESTING); boolean validAuthHeaders = AuthValidator.validate(this.auth, this.rawApi, this.authMechanism, this.customAuthTypes); if (!validAuthHeaders) { - ValidationResult validationResult = new ValidationResult(false, "No valid auth headers"); - // loggerMaker.debugAndAddToDb("invalid auth, skipping filter " + logId, LogDb.TESTING); - return validationResult; + return ValidationResult.getInstance().resetValues(false, "No valid auth headers"); } } ValidationResult isValid = TestPlugin.validateFilter(this.getFilterNode(),this.getRawApi(), this.getApiInfoKey(), this.varMap, this.logId); diff --git a/apps/testing/src/test/java/com/akto/testing/FilterValidationTests.java b/apps/testing/src/test/java/com/akto/testing/FilterValidationTests.java new file mode 100644 index 0000000000..c1ae05a5ba --- /dev/null +++ b/apps/testing/src/test/java/com/akto/testing/FilterValidationTests.java @@ -0,0 +1,391 @@ +package com.akto.testing; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotEquals; + +import java.io.File; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.junit.Test; +import org.springframework.security.access.method.P; + +import com.akto.dto.ApiInfo; +import com.akto.dto.OriginalHttpRequest; +import com.akto.dto.OriginalHttpResponse; +import com.akto.dto.RawApi; +import com.akto.dto.test_editor.ConfigParserResult; +import com.akto.dto.test_editor.DataOperandsFilterResponse; +import com.akto.dto.testing.TestingRunConfig; +import com.akto.dto.type.URLMethods.Method; +import com.akto.test_editor.execution.Executor; +import com.akto.test_editor.filter.Filter; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; + +public class FilterValidationTests { + + + @Test + public void testHappyCase() { + Map config = initconfig(); + ApiInfo.ApiInfoKey apiInfoKey = new ApiInfo.ApiInfoKey(123, "https://epsilon.6sense.com:443/v3/company/details", Method.PUT); + RawApi rawApi = initRawapi(apiInfoKey); + + Object filterObj = config.get("happy_case"); + com.akto.dao.test_editor.filter.ConfigParser parser = new com.akto.dao.test_editor.filter.ConfigParser(); + ConfigParserResult configParserResult = parser.parse(filterObj); + Filter filter = new Filter(); + Map varMap = new HashMap<>(); + DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + assertEquals(1, varMap.size()); + assertEquals(true, varMap.containsKey("urlVar")); + } + + @Test + public void testRequestKeyValueExtraction() { + Map config = initconfig(); + ApiInfo.ApiInfoKey apiInfoKey = new ApiInfo.ApiInfoKey(123, "https://epsilon.6sense.com:443/v3/company/details", Method.PUT); + RawApi rawApi = initRawapi(apiInfoKey); + + Object filterObj = config.get("req_payload_key_val_extract"); + com.akto.dao.test_editor.filter.ConfigParser parser = new com.akto.dao.test_editor.filter.ConfigParser(); + ConfigParserResult configParserResult = parser.parse(filterObj); + Filter filter = new Filter(); + Map varMap = new HashMap<>(); + DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + assertEquals(2, varMap.size()); + assertEquals(true, varMap.containsKey("keyName")); + assertEquals(true, varMap.containsKey("keyVal")); + } + + @Test + public void testRequestKeyNeqConditionExtraction() { + Map config = initconfig(); + ApiInfo.ApiInfoKey apiInfoKey = new ApiInfo.ApiInfoKey(123, "https://epsilon.6sense.com:443/v3/company/details", Method.PUT); + RawApi rawApi = initRawapi(apiInfoKey); + + Object filterObj = config.get("req_payload_key_val_neq_extract"); + com.akto.dao.test_editor.filter.ConfigParser parser = new com.akto.dao.test_editor.filter.ConfigParser(); + ConfigParserResult configParserResult = parser.parse(filterObj); + Filter filter = new Filter(); + Map varMap = new HashMap<>(); + DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + assertEquals(2, varMap.size()); + assertEquals(true, varMap.containsKey("keyName")); + assertNotEquals("id", varMap.get("keyName")); + assertEquals(true, varMap.containsKey("keyVal")); + } + + @Test + public void testRequestValGteConditionExtraction() { + Map config = initconfig(); + ApiInfo.ApiInfoKey apiInfoKey = new ApiInfo.ApiInfoKey(123, "https://epsilon.6sense.com:443/v3/company/details", Method.PUT); + RawApi rawApi = initRawapi(apiInfoKey); + + Object filterObj = config.get("req_payload_val_gte_extract"); + com.akto.dao.test_editor.filter.ConfigParser parser = new com.akto.dao.test_editor.filter.ConfigParser(); + ConfigParserResult configParserResult = parser.parse(filterObj); + Filter filter = new Filter(); + Map varMap = new HashMap<>(); + DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + assertEquals(2, varMap.size()); + assertEquals(true, varMap.containsKey("keyName")); + assertEquals("id", varMap.get("keyName")); + assertEquals(true, varMap.containsKey("keyVal")); + } + + @Test + public void testRequestValGtConditionExtraction() { + Map config = initconfig(); + ApiInfo.ApiInfoKey apiInfoKey = new ApiInfo.ApiInfoKey(123, "https://epsilon.6sense.com:443/v3/company/details", Method.PUT); + RawApi rawApi = initRawapi(apiInfoKey); + + Object filterObj = config.get("req_payload_val_gt_extract"); + com.akto.dao.test_editor.filter.ConfigParser parser = new com.akto.dao.test_editor.filter.ConfigParser(); + ConfigParserResult configParserResult = parser.parse(filterObj); + Filter filter = new Filter(); + Map varMap = new HashMap<>(); + DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + assertEquals(2, varMap.size()); + assertEquals(true, varMap.containsKey("keyName")); + assertEquals("id", varMap.get("keyName")); + assertEquals(true, varMap.containsKey("keyVal")); + } + + @Test + public void testRequestValLtConditionExtraction() { + Map config = initconfig(); + ApiInfo.ApiInfoKey apiInfoKey = new ApiInfo.ApiInfoKey(123, "https://epsilon.6sense.com:443/v3/company/details", Method.PUT); + RawApi rawApi = initRawapi(apiInfoKey); + + Object filterObj = config.get("req_payload_val_lt_extract"); + com.akto.dao.test_editor.filter.ConfigParser parser = new com.akto.dao.test_editor.filter.ConfigParser(); + ConfigParserResult configParserResult = parser.parse(filterObj); + Filter filter = new Filter(); + Map varMap = new HashMap<>(); + DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + assertEquals(2, varMap.size()); + assertEquals(true, varMap.containsKey("keyName")); + assertEquals("id", varMap.get("keyName")); + assertEquals(true, varMap.containsKey("keyVal")); + } + + @Test + public void testRequestValLteConditionExtraction() { + Map config = initconfig(); + ApiInfo.ApiInfoKey apiInfoKey = new ApiInfo.ApiInfoKey(123, "https://epsilon.6sense.com:443/v3/company/details", Method.PUT); + RawApi rawApi = initRawapi(apiInfoKey); + + Object filterObj = config.get("req_payload_val_lte_extract"); + com.akto.dao.test_editor.filter.ConfigParser parser = new com.akto.dao.test_editor.filter.ConfigParser(); + ConfigParserResult configParserResult = parser.parse(filterObj); + Filter filter = new Filter(); + Map varMap = new HashMap<>(); + DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + assertEquals(2, varMap.size()); + assertEquals(true, varMap.containsKey("keyName")); + assertEquals("id", varMap.get("keyName")); + assertEquals(true, varMap.containsKey("keyVal")); + } + + @Test + public void testRequestValGteConditionExtractionInvalid() { + Map config = initconfig(); + ApiInfo.ApiInfoKey apiInfoKey = new ApiInfo.ApiInfoKey(123, "https://epsilon.6sense.com:443/v3/company/details", Method.PUT); + RawApi rawApi = initRawapi(apiInfoKey); + + Object filterObj = config.get("req_payload_val_gte_extract_invalid"); + com.akto.dao.test_editor.filter.ConfigParser parser = new com.akto.dao.test_editor.filter.ConfigParser(); + ConfigParserResult configParserResult = parser.parse(filterObj); + Filter filter = new Filter(); + Map varMap = new HashMap<>(); + DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(false, dataOperandsFilterResponse.getResult()); + assertEquals(0, varMap.size()); + } + + @Test + public void testContainsEitherCondition() { + Map config = initconfig(); + ApiInfo.ApiInfoKey apiInfoKey = new ApiInfo.ApiInfoKey(123, "https://epsilon.6sense.com:443/v3/company/details", Method.PUT); + RawApi rawApi = initRawapi(apiInfoKey); + + Object filterObj = config.get("req_payload_val_gte_extract_invalid"); + com.akto.dao.test_editor.filter.ConfigParser parser = new com.akto.dao.test_editor.filter.ConfigParser(); + ConfigParserResult configParserResult = parser.parse(filterObj); + Filter filter = new Filter(); + Map varMap = new HashMap<>(); + DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(false, dataOperandsFilterResponse.getResult()); + assertEquals(0, varMap.size()); + } + + @Test + public void testContainsNotContainsConditions() { + Map config = initconfig(); + ApiInfo.ApiInfoKey apiInfoKey = new ApiInfo.ApiInfoKey(123, "https://epsilon.6sense.com:443/v3/company/details", Method.PUT); + RawApi rawApi = initRawapi(apiInfoKey); + + Object filterObj = config.get("contains_either_valid"); + com.akto.dao.test_editor.filter.ConfigParser parser = new com.akto.dao.test_editor.filter.ConfigParser(); + ConfigParserResult configParserResult = parser.parse(filterObj); + Filter filter = new Filter(); + Map varMap = new HashMap<>(); + DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + + filterObj = config.get("contains_either_invalid"); + configParserResult = parser.parse(filterObj); + varMap = new HashMap<>(); + dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(false, dataOperandsFilterResponse.getResult()); + + filterObj = config.get("contains_all_valid"); + configParserResult = parser.parse(filterObj); + varMap = new HashMap<>(); + dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + + filterObj = config.get("contains_all_invalid"); + configParserResult = parser.parse(filterObj); + varMap = new HashMap<>(); + dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(false, dataOperandsFilterResponse.getResult()); + + filterObj = config.get("contains_either_valid_extract"); + configParserResult = parser.parse(filterObj); + varMap = new HashMap<>(); + dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + assertEquals(2, varMap.size()); + assertEquals(true, varMap.containsKey("keyName")); + assertEquals("course", varMap.get("keyName")); + assertEquals(true, varMap.containsKey("keyVal")); + } + + @Test + public void testComplexConditions() { + Map config = initconfig(); + ApiInfo.ApiInfoKey apiInfoKey = new ApiInfo.ApiInfoKey(123, "https://epsilon.6sense.com:443/v3/company/details", Method.PUT); + RawApi rawApi = initRawapi(apiInfoKey); + + Object filterObj = config.get("complex_and_condition_filter"); + com.akto.dao.test_editor.filter.ConfigParser parser = new com.akto.dao.test_editor.filter.ConfigParser(); + ConfigParserResult configParserResult = parser.parse(filterObj); + Filter filter = new Filter(); + Map varMap = new HashMap<>(); + DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + + filterObj = config.get("complex_and_condition_filter_invalid"); + configParserResult = parser.parse(filterObj); + varMap = new HashMap<>(); + dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(false, dataOperandsFilterResponse.getResult()); + + filterObj = config.get("complex_or_condition_filter"); + configParserResult = parser.parse(filterObj); + varMap = new HashMap<>(); + dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + + filterObj = config.get("complex_or_condition_filter_invalid"); + configParserResult = parser.parse(filterObj); + varMap = new HashMap<>(); + dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(false, dataOperandsFilterResponse.getResult()); + + filterObj = config.get("complex_and_condition_filter_extract"); + configParserResult = parser.parse(filterObj); + varMap = new HashMap<>(); + dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + assertEquals(2, varMap.size()); + assertEquals(true, varMap.containsKey("keyName")); + assertEquals(true, varMap.containsKey("methodName")); + + filterObj = config.get("complex_or_condition_filter_extract"); + configParserResult = parser.parse(filterObj); + varMap = new HashMap<>(); + dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + assertEquals(2, varMap.size()); + assertEquals(true, varMap.containsKey("keyName")); + assertEquals(true, varMap.containsKey("methodName")); + + } + + @Test + public void testContainsJwtConditions() { + Map config = initconfig(); + ApiInfo.ApiInfoKey apiInfoKey = new ApiInfo.ApiInfoKey(123, "https://epsilon.6sense.com:443/v3/company/details", Method.PUT); + RawApi rawApi = initRawapi(apiInfoKey); + + Object filterObj = config.get("contains_jwt"); + com.akto.dao.test_editor.filter.ConfigParser parser = new com.akto.dao.test_editor.filter.ConfigParser(); + ConfigParserResult configParserResult = parser.parse(filterObj); + Filter filter = new Filter(); + Map varMap = new HashMap<>(); + DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + + Map> headers = rawApi.getRequest().getHeaders(); + headers.remove("authorization"); + rawApi.getRequest().setHeaders(headers); + filterObj = config.get("contains_jwt"); + configParserResult = parser.parse(filterObj); + varMap = new HashMap<>(); + dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(false, dataOperandsFilterResponse.getResult()); + } + + @Test + public void testRegexConditions() { + Map config = initconfig(); + ApiInfo.ApiInfoKey apiInfoKey = new ApiInfo.ApiInfoKey(123, "https://epsilon.6sense.com:443/v3/company/details", Method.PUT); + RawApi rawApi = initRawapi(apiInfoKey); + + Object filterObj = config.get("regex_filter"); + com.akto.dao.test_editor.filter.ConfigParser parser = new com.akto.dao.test_editor.filter.ConfigParser(); + ConfigParserResult configParserResult = parser.parse(filterObj); + Filter filter = new Filter(); + Map varMap = new HashMap<>(); + DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + assertEquals(1, varMap.size()); + + filterObj = config.get("regex_filter_invalid"); + configParserResult = parser.parse(filterObj); + varMap = new HashMap<>(); + dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(false, dataOperandsFilterResponse.getResult()); + assertEquals(0, varMap.size()); + + filterObj = config.get("regex_filter_extract_multiple"); + configParserResult = parser.parse(filterObj); + varMap = new HashMap<>(); + dataOperandsFilterResponse = filter.isEndpointValid(configParserResult.getNode(), rawApi, rawApi, apiInfoKey, null, null, false, "filter", varMap, "logId", false); + assertEquals(true, dataOperandsFilterResponse.getResult()); + assertEquals(1, varMap.size()); + assertEquals(4, ((List) varMap.get("keyName")).size()); + } + + public Map initconfig() { + Map config = new HashMap<>(); + try { + InputStream inputStream = getClass().getClassLoader().getResourceAsStream("com/akto/testing/filter.yaml"); + config = new ObjectMapper(new YAMLFactory()).readValue(inputStream, Map.class); + } catch(Exception e) { + System.out.println("error " + e.getMessage()); + } + return config; + } + + public RawApi initRawapi(ApiInfo.ApiInfoKey apiInfoKey) { + String payload1 = "{\"id\": 101, \"name\": \"Stud-101\", \"email\": \"stude_101@example.com\", \"course\": \"MECH\"}"; + OriginalHttpRequest originalHttpRequest = new OriginalHttpRequest("https://epsilon.6sense.com:443/v3/company/details", "limit=10&redirect=false", apiInfoKey.getMethod().name(), payload1, new HashMap<>(), ""); + + //BasicDBObject basicDBObject = BasicDBObject.parse(originalHttpRequest.getBody()); + //basicDBObject.containsKey(apiInfoKey); + + Map> headers = new HashMap<>(); + headers.put("authorization", createList("eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6MjIsInVzZXJuYW1lIjoiYXR0YWNrZXIiLCJlbWFpbCI6ImF0dGFja2VyQGdtYWlsLmNvbSIsInBhc3N3b3JkIjoiMTY2YzU1YjUxZmQ1ZmJkYTg3NWFiNmMzMTg0NDIyNTUiLCJyb2xlIjoiY3VzdG9tZXIiLCJkZWx1eGVUb2tlbiI6IiIsImxhc3RMb2dpbklwIjoiIiwicHJvZmlsZUltYWdlIjoiYXNzZXRzL3B1YmxpYy9pbWFnZXMvdXBsb2Fkcy9kZWZhdWx0LnN2ZyIsInRvdHBTZWNyZXQiOiIiLCJpc0FjdGl2ZSI6dHJ1ZSwiY3JlYXRlZEF0IjoiMjAyMy0wMy0xMCAwNTozOToxOC4yOTkgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAyMy0wMy0xMCAwNTozOToxOC4yOTkgKzAwOjAwIiwiZGVsZXRlZEF0IjpudWxsfSwiaWF0IjoxNjc4NDI3Mjg1LCJleHAiOjE5OTM3ODcyODV9.hBAPAJm1FZIpDb7fm4nT3GY_u3R0KeyjqK-Ns5pcz22RN5_qhWt-K98y8DdELjUsRKVodAFPOki0QBmAqdhp5umgJB1ZPk4uEKLg2AI6ztr5729UezMbQozbIOu8UFmVm2crJn5YZKCbPKCcDwRUpisICbjDtJ5PD41RhZfLut8")); + headers.put("f2", createList("http://xyz.com")); + headers.put("Cfontent-Length", createList(" 762")); + headers.put("cookie", createList("mutiny.user.token=d7b12062-724d-4e92-9aa2-7b8c2892f71b; mutiny.user.token=d7b12062-724d-4e92-9aa2-7b8c2892f71b; mutiny.user.session=9d9a1cf2-0989-4755-a5a5-1d60059fd00f; mutiny.user.session=9d9a1cf2-0989-4755-a5a5-1d60059fd00f; mutiny.user.session_number=1; mutiny.user.session_number=1; loom_referral_video=313bf71d20ca47b2a35b6634cefdb761; loom_anon_comment=9f0a021fc6d54c159eff17b9dfde1cd6; ajs_anonymous_id=%2288bfc7c8-558e-4a27-8a22-df3fb000b7fa%22; loomhq:thirdPartyCookieSupported=true; _fs_sample_user=false; _rdt_uuid=1709878031567.505f28d9-1e0c-45b2-82fe-85e43db50702; _ga=GA1.1.1327063241.1709878032; _uetsid=1a601440dd1211eea5115bd1dad24a1d; _uetvid=22fe1d80f19711ed9b574bc2df1804bc; _tt_enable_cookie=1; _ttp=7r1MndIyW-ox3IlXOZHKBqgyWvF; _clck=16c4vtk%7C2%7Cfjw%7C0%7C1528; __hstc=185935670.ebc6a4595609b7884ffedd34feaf528e.1709878032459.1709878032459.1709878032459.1; hubspotutk=ebc6a4595609b7884ffedd34feaf528e; __hssrc=1; __hssc=185935670.1.1709878032459; _clsk=15p3ckj%7C1709878033332%7C1%7C1%7Ca.clarity.ms%2Fcollect; _gcl_au=1.1.357658991.1709878031.688003409.1709878043.1709878042; connect.sid=s%3AjvlNRnOz612UAASEg6J7qhAja7EiQk1F.lb0257cK49oOmgXYsNDFYa%2BH91q%2B9e7YId6No8U5azA; loom-sst=lsst-d1efbe35-0ccd-4901-a580-fc31871973af; connect.lpid=p%3Alpid-3199c9ba-3603-4554-8150-c76b61fb38ad.MdTUr9zVztZjDEMwSoP7O9rdPU7obi1TezrMp1ZSBzov1; __Host-psifi.analyticsTrace=1d75acf47eb97ba25cecd0c2fe9d811320f0335f5dd46d4e6c2fa607f3a3564c; __Host-psifi.analyticsTraceV2=2f486cb229c40cf46dd834d2da9b556cdaf58d5ffa92c1b823e6578bd2951e8f9017ad867683eb922ac4b47397c7a8a23a8ba4afe90a1c465033651339ff7af4; ajs_user_id=28411178; ajs_anonymous_id=88bfc7c8-558e-4a27-8a22-df3fb000b7fa; __stripe_mid=6de4f532-7695-4447-9c00-ff6195b3b9a885896f; __stripe_sid=b7e40e6b-4062-4f7b-94c8-a0efb1fbea7d042c40; _ga_H93TGDH6MB=GS1.1.1709878031.1.1.1709878052.39.0.0; AWSALBAuthNonce=bShJlEJn5Ex5PBd6; _dd_s=rum=0&expire=1709880641775&logs=1&id=49832577-cf87-42b2-9bf5-5340bd28dbc7&created=1709879738255")); + headers.put("host", createList("https://epsilon.6sense.com")); + headers.put("orig-url", createList("/myservice/v3/company/details")); + + originalHttpRequest.setHeaders(headers); + + // TestConfigYamlParser parser = new TestConfigYamlParser(); + // TestConfig testConfig = parser.parseTemplate("OpenRedirect"); + OriginalHttpResponse originalHttpResponse = new OriginalHttpResponse(); + String message = "{\"method\":\"POST\",\"requestPayload\":\"[\\n {\\n \\\"id\\\": 0,\\n \\\"username\\\": \\\"string\\\",\\n \\\"firstName\\\": \\\"string\\\",\\n \\\"lastName\\\": \\\"string\\\",\\n \\\"email\\\": \\\"string\\\",\\n \\\"password\\\": \\\"string\\\",\\n \\\"phone\\\": \\\"string\\\",\\n \\\"userStatus\\\": 0\\n }\\n]\",\"responsePayload\":\"{\\\"code\\\":200,\\\"type\\\":\\\"unknown\\\",\\\"message\\\":{\\\"role\\\": \\\"admin\\\", \\\"param2\\\": \\\"ankush\\\"}}\",\"ip\":\"null\",\"source\":\"HAR\",\"type\":\"HTTP/2\",\"akto_vxlan_id\":\"1661807253\",\"path\":\"https://petstore.swagger.io/v2/user/createWithArray?user=1\",\"requestHeaders\":\"{\\\"Origin\\\":\\\"https://petstore.swagger.io\\\",\\\"Accept\\\":\\\"application/json\\\",\\\"User-Agent\\\":\\\"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0\\\",\\\"Referer\\\":\\\"https://petstore.swagger.io/\\\",\\\"Connection\\\":\\\"keep-alive\\\",\\\"Sec-Fetch-Dest\\\":\\\"empty\\\",\\\"Sec-Fetch-Site\\\":\\\"same-origin\\\",\\\"Host\\\":\\\"petstore.swagger.io\\\",\\\"Accept-Encoding\\\":\\\"gzip, deflate, br\\\",\\\"Sec-Fetch-Mode\\\":\\\"cors\\\",\\\"TE\\\":\\\"trailers\\\",\\\"Accept-Language\\\":\\\"en-US,en;q=0.5\\\",\\\"Content-Length\\\":\\\"195\\\",\\\"Content-Type\\\":\\\"application/json\\\"}\",\"responseHeaders\":\"{\\\"date\\\":\\\"Tue, 04 Jan 2022 20:14:27 GMT\\\",\\\"access-control-allow-origin\\\":\\\"*\\\",\\\"server\\\":\\\"Jetty(9.2.9.v20150224)\\\",\\\"access-control-allow-headers\\\":\\\"Content-Type, api_key, Authorization\\\",\\\"location\\\":\\\"oldHeaderVal\\\",\\\"content-type\\\":\\\"application/json\\\",\\\"access-control-allow-methods\\\":\\\"GET, POST, DELETE, PUT\\\"}\",\"time\":\"1641327267\",\"contentType\":\"application/json\",\"akto_account_id\":\"1000000\",\"statusCode\":\"200\",\"status\":\"OK\"}"; + originalHttpResponse.buildFromSampleMessage(message); + RawApi rawApi = new RawApi(originalHttpRequest, originalHttpResponse, null); + rawApi.getRequest().getHeaders().put("host", Collections.singletonList("http://xyz.com")); + return rawApi; + } + + public static java.util.List createList(String s) { + java.util.List ret = new ArrayList<>(); + ret.add(s); + return ret; + } + +} diff --git a/apps/testing/src/test/java/com/akto/testing/filter.yaml b/apps/testing/src/test/java/com/akto/testing/filter.yaml new file mode 100644 index 0000000000..463aeefb80 --- /dev/null +++ b/apps/testing/src/test/java/com/akto/testing/filter.yaml @@ -0,0 +1,289 @@ +happy_case: + response_code: + gte: 200 + lt: 300 + url: + extract: urlVar + +req_payload_key_val_extract: + response_code: + gte: 200 + lt: 300 + request_payload: + for_one: + key: + eq: id + extract: keyName + value: + extract: keyVal + +req_payload_val_key_extract: + response_code: + gte: 200 + lt: 300 + request_payload: + for_one: + value: + eq: Stud-101 + extract: keyVal + key: + extract: keyName + +req_payload_key_val_neq_extract: + response_code: + gte: 200 + lt: 300 + request_payload: + for_one: + key: + neq: id + extract: keyName + value: + extract: keyVal + +req_payload_val_gte_extract: + response_code: + gte: 200 + lt: 300 + request_payload: + for_one: + key: + eq: id + extract: keyName + value: + gte: 101 + extract: keyVal + +req_payload_val_gt_extract: + response_code: + gte: 200 + lt: 300 + request_payload: + for_one: + key: + eq: id + extract: keyName + value: + gte: 100 + extract: keyVal + +req_payload_val_lt_extract: + response_code: + gte: 200 + lt: 300 + request_payload: + for_one: + value: + lt: 102 + extract: keyVal + key: + extract: keyName + +req_payload_val_lte_extract: + response_code: + gte: 200 + lt: 300 + request_payload: + for_one: + value: + lte: 101 + extract: keyVal + key: + extract: keyName + +req_payload_val_gte_extract_invalid: + response_code: + gte: 200 + lt: 300 + request_payload: + for_one: + value: + gte: 102 + extract: keyVal + key: + extract: keyName + +contains_either_valid: + response_code: + gte: 200 + lt: 300 + request_payload: + for_one: + key: + contains_either: + - id + - xyz + - abc + +contains_either_invalid: + response_code: + gte: 200 + lt: 300 + request_payload: + for_one: + key: + contains_either: + - idd + - xyz + - abc + +contains_all_valid: + response_code: + gte: 200 + lt: 300 + request_payload: + contains_all: + - id + - name + - email + +contains_all_invalid: + response_code: + gte: 200 + lt: 300 + request_payload: + contains_all: + - id + - name + - xyz + +contains_either_valid_extract: + response_code: + gte: 200 + lt: 300 + request_payload: + for_one: + key: + contains_either: + - xyz + - course + extract: keyName + value: + extract: keyVal + +complex_and_condition_filter: + response_code: + gte: 200 + lt: 300 + and: + - request_payload: + for_one: + key: + contains_either: + - xyz + - course + - method: + neq: POST + - url: + contains_either: details + +complex_and_condition_filter_extract: + response_code: + gte: 200 + lt: 300 + and: + - request_payload: + for_one: + key: + contains_either: + - xyz + - course + extract: keyName + - method: + neq: POST + extract: methodName + - url: + contains_either: details + +complex_and_condition_filter_invalid: + response_code: + gte: 200 + lt: 300 + and: + - request_payload: + for_one: + key: + contains_either: + - xyz + - course + - method: + neq: PUT + - url: + contains_either: details + +complex_or_condition_filter: + response_code: + gte: 200 + lt: 300 + or: + - request_payload: + for_one: + key: + contains_either: + - xyz + - course + - method: + neq: PUT + - url: + contains_either: xyz + +complex_or_condition_filter_extract: + response_code: + gte: 200 + lt: 300 + or: + - request_payload: + for_one: + key: + contains_either: + - xyz + - course + extract: keyName + - method: + neq: PUT + extract: methodName + - url: + contains_either: xyz + +complex_or_condition_filter_invalid: + response_code: + gte: 200 + lt: 300 + or: + - request_payload: + for_one: + key: + contains_either: + - xyz + - abc + - method: + neq: PUT + - url: + contains_either: xyz + +contains_jwt: + request_headers: + for_one: + value: + contains_jwt: true + +regex_filter: + request_payload: + for_one: + key: + regex: .* + extract: keyName + +regex_filter_invalid: + request_payload: + for_one: + key: + regex: xyzabc + extract: keyName + +regex_filter_extract_multiple: + request_payload: + for_one: + key: + regex: .* + extractMultiple: keyName \ No newline at end of file diff --git a/apps/threat-detection/src/main/java/com/akto/threat/detection/tasks/MaliciousTrafficDetectorTask.java b/apps/threat-detection/src/main/java/com/akto/threat/detection/tasks/MaliciousTrafficDetectorTask.java index c684c13ab8..4d3e3a6e8c 100644 --- a/apps/threat-detection/src/main/java/com/akto/threat/detection/tasks/MaliciousTrafficDetectorTask.java +++ b/apps/threat-detection/src/main/java/com/akto/threat/detection/tasks/MaliciousTrafficDetectorTask.java @@ -68,6 +68,7 @@ public class MaliciousTrafficDetectorTask implements Task { private static final DataActor dataActor = DataActorFactory.fetchInstance(); private static final LoggerMaker logger = new LoggerMaker(MaliciousTrafficDetectorTask.class); + Map varMap = new HashMap<>(); private static final ObjectMapper objectMapper = new ObjectMapper(); @@ -147,16 +148,7 @@ private Map getFilters() { private boolean validateFilterForRequest( FilterConfig apiFilter, RawApi rawApi, ApiInfo.ApiInfoKey apiInfoKey, String message) { try { - Map varMap = apiFilter.resolveVarMap(); - VariableResolver.resolveWordList( - varMap, - new HashMap>() { - { - put(apiInfoKey, Collections.singletonList(message)); - } - }, - apiInfoKey); - + varMap.clear(); String filterExecutionLogId = UUID.randomUUID().toString(); ValidationResult res = TestPlugin.validateFilter( diff --git a/libs/dao/src/main/java/com/akto/dto/test_editor/DataOperandFilterRequest.java b/libs/dao/src/main/java/com/akto/dto/test_editor/DataOperandFilterRequest.java index 4f43c702ca..8e9dfbbb45 100644 --- a/libs/dao/src/main/java/com/akto/dto/test_editor/DataOperandFilterRequest.java +++ b/libs/dao/src/main/java/com/akto/dto/test_editor/DataOperandFilterRequest.java @@ -40,4 +40,11 @@ public void setOperand(String operand) { this.operand = operand; } + public DataOperandFilterRequest modify(Object data, Object queryset, String operand) { + this.data = data; + this.queryset = queryset; + this.operand = operand; + return this; + } + } diff --git a/libs/dao/src/main/java/com/akto/dto/test_editor/FilterActionRequest.java b/libs/dao/src/main/java/com/akto/dto/test_editor/FilterActionRequest.java index 4ef262c84d..3e92bb1c4e 100644 --- a/libs/dao/src/main/java/com/akto/dto/test_editor/FilterActionRequest.java +++ b/libs/dao/src/main/java/com/akto/dto/test_editor/FilterActionRequest.java @@ -42,6 +42,26 @@ public FilterActionRequest(Object querySet, RawApi rawApi, RawApi testRunRawApi, this.collectionProperty = collectionProperty; } + public FilterActionRequest modify(Object querySet, RawApi rawApi, RawApi testRunRawApi, ApiInfo.ApiInfoKey apiInfoKey, + String concernedProperty, String concernedSubProperty, List matchingKeySet, List contextEntities, + String operand, String context, Boolean keyValOperandSeen, String bodyOperand, String contextProperty, String collectionProperty) { + this.querySet = querySet; + this.rawApi = rawApi; + this.testRunRawApi = testRunRawApi; + this.apiInfoKey = apiInfoKey; + this.concernedProperty = concernedProperty; + this.concernedSubProperty = concernedSubProperty; + this.matchingKeySet = matchingKeySet; + this.contextEntities = contextEntities; + this.operand = operand; + this.context = context; + this.keyValOperandSeen = keyValOperandSeen; + this.bodyOperand = bodyOperand; + this.contextProperty = contextProperty; + this.collectionProperty = collectionProperty; + return this; + } + public FilterActionRequest() { } public Object getQuerySet() { diff --git a/libs/dao/src/main/java/com/akto/util/HttpRequestResponseUtils.java b/libs/dao/src/main/java/com/akto/util/HttpRequestResponseUtils.java index c724616358..29fd8c57dd 100644 --- a/libs/dao/src/main/java/com/akto/util/HttpRequestResponseUtils.java +++ b/libs/dao/src/main/java/com/akto/util/HttpRequestResponseUtils.java @@ -24,6 +24,8 @@ public class HttpRequestResponseUtils { public static final String FORM_URL_ENCODED_CONTENT_TYPE = "application/x-www-form-urlencoded"; public static final String GRPC_CONTENT_TYPE = "application/grpc"; + private static final List acceptableContentTypes = Arrays.asList(JSON_CONTENT_TYPE, FORM_URL_ENCODED_CONTENT_TYPE, GRPC_CONTENT_TYPE); + private static List contentTypeValues; public static List generateSTIsFromPayload(int apiCollectionId, String url, String method,String body, int responseCode) { int now = Context.now(); @@ -115,17 +117,13 @@ public static String convertGRPCEncodedToJson(String rawRequest) { } public static String getAcceptableContentType(Map> headers) { - List acceptableContentTypes = Arrays.asList(JSON_CONTENT_TYPE, FORM_URL_ENCODED_CONTENT_TYPE, GRPC_CONTENT_TYPE); - List contentTypeValues; if (headers == null) return null; - for (String k: headers.keySet()) { - if (k.equalsIgnoreCase("content-type")) { - contentTypeValues = headers.get(k); - for (String value: contentTypeValues) { - for (String acceptableContentType: acceptableContentTypes) { - if (value.contains(acceptableContentType)) { - return acceptableContentType; - } + contentTypeValues = headers.get("content-type"); + if (contentTypeValues != null) { + for (String value: contentTypeValues) { + for (String acceptableContentType: acceptableContentTypes) { + if (value.contains(acceptableContentType)) { + return acceptableContentType; } } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/Filter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/Filter.java index 5f55a37b69..2d5a800923 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/Filter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/Filter.java @@ -21,6 +21,12 @@ public class Filter { private FilterAction filterAction; private static final LoggerMaker loggerMaker = new LoggerMaker(Filter.class); + private static final DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(); + private static final Set s1 = new HashSet<>(); + private static final Set s2 = new HashSet<>(); + private static final List output = new ArrayList<>(); + private static final FilterActionRequest filterActionRequest = new FilterActionRequest(); + private static final Map childNodeVsValidationReason = new HashMap<>(); public Filter() { this.filterAction = new FilterAction(); @@ -40,14 +46,14 @@ public DataOperandsFilterResponse isEndpointValid(FilterNode node, RawApi rawApi if (node.getOperand().equalsIgnoreCase(TestEditorEnums.PredicateOperator.COMPARE_GREATER.toString())) { Object updatedQuerySet = filterAction.resolveQuerySetValues(null, node.fetchNodeValues(), varMap); List val = (List) updatedQuerySet; - DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(val.get(0), Arrays.asList(val.get(1)), "gt"); + dataOperandFilterRequest.modify(val.get(0), Arrays.asList(val.get(1)), "gt"); ValidationResult validationResult = filterAction.invokeFilter(dataOperandFilterRequest); return new DataOperandsFilterResponse(validationResult.getIsValid(), matchingKeySet, contextEntities, null, validationResult.getValidationReason()); } if (node.getOperand().equalsIgnoreCase(TestEditorEnums.PredicateOperator.SSRF_URL_HIT.toString())) { Object updatedQuerySet = filterAction.resolveQuerySetValues(null, node.fetchNodeValues(), varMap); List val = (List) updatedQuerySet; - DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(null, val, "ssrf_url_hit"); + dataOperandFilterRequest.modify(null, val, "ssrf_url_hit"); ValidationResult validationResult = filterAction.invokeFilter(dataOperandFilterRequest); return new DataOperandsFilterResponse(validationResult.getIsValid(), matchingKeySet, contextEntities, null, validationResult.getValidationReason()); } @@ -55,7 +61,7 @@ public DataOperandsFilterResponse isEndpointValid(FilterNode node, RawApi rawApi return new DataOperandsFilterResponse(false, null, null, null); } String operand = node.getOperand(); - FilterActionRequest filterActionRequest = new FilterActionRequest(node.getValues(), rawApi, testRawApi, apiInfoKey, node.getConcernedProperty(), node.getSubConcernedProperty(), matchingKeySet, contextEntities, operand, context, keyValOperandSeen, node.getBodyOperand(), node.getContextProperty(), node.getCollectionProperty()); + filterActionRequest.modify(node.getValues(), rawApi, testRawApi, apiInfoKey, node.getConcernedProperty(), node.getSubConcernedProperty(), matchingKeySet, contextEntities, operand, context, keyValOperandSeen, node.getBodyOperand(), node.getContextProperty(), node.getCollectionProperty()); Object updatedQuerySet = filterAction.resolveQuerySetValues(filterActionRequest, node.fetchNodeValues(), varMap); filterActionRequest.setQuerySet(updatedQuerySet); if (node.getOperand().equalsIgnoreCase(ExtractOperator.EXTRACT.toString()) || node.getOperand().equalsIgnoreCase(ExtractOperator.EXTRACTMULTIPLE.toString())) { @@ -94,7 +100,7 @@ public DataOperandsFilterResponse isEndpointValid(FilterNode node, RawApi rawApi FilterNode firstExtractNode = null; StringBuilder validationReason = new StringBuilder(); try { - Map childNodeVsValidationReason = new HashMap<>(); + childNodeVsValidationReason.clear(); for (int i = 0; i < childNodes.size(); i++) { FilterNode childNode = childNodes.get(i); boolean skipExecutingExtractNode = skipExtractExecution; @@ -152,28 +158,29 @@ public DataOperandsFilterResponse isEndpointValid(FilterNode node, RawApi rawApi } public List evaluateMatchingKeySet(List oldSet, List newMatches, String operand) { - Set s1 = new HashSet<>(); + s1.clear(); + s2.clear(); + if (newMatches == null) { return new ArrayList<>(); } + if (oldSet == null) { // doing this for initial step where oldset would be null, hence assigning initially with newmatches - s1 = new HashSet<>(newMatches); + s1.addAll(newMatches); } else { - s1 = new HashSet<>(oldSet); + s1.addAll(oldSet); } - Set s2 = new HashSet<>(newMatches); + s2.addAll(newMatches); - if (operand == "and") { + if (operand.equals("and")) { s1.retainAll(s2); } else { s1.addAll(s2); } List output = new ArrayList<>(); - for (String s: s1) { - output.add(s); - } + output.addAll(s1); return output; } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/FilterAction.java b/libs/utils/src/main/java/com/akto/test_editor/filter/FilterAction.java index daca4cfac8..da69e6f460 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/FilterAction.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/FilterAction.java @@ -48,6 +48,9 @@ import static com.akto.runtime.utils.Utils.parseKafkaMessage; public final class FilterAction { + + private static final DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(); + private static List listVal = new ArrayList<>(); public final Map filters = new HashMap() {{ put("contains_all", new ContainsAllFilter()); @@ -182,7 +185,7 @@ public DataOperandsFilterResponse applyFilterOnUrl(FilterActionRequest filterAct String url = filterActionRequest.getApiInfoKey().getUrl(); - DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(url, filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); + dataOperandFilterRequest.modify(url, filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); ValidationResult res = invokeFilter(dataOperandFilterRequest); return new DataOperandsFilterResponse(res.getIsValid(), null, null, null, res.getValidationReason()); } @@ -199,7 +202,7 @@ public void extractUrl(FilterActionRequest filterActionRequest, Map cookieList = headers.getOrDefault(key, new ArrayList<>()); Map cookieMap = parseCookie(cookieList); for (String cookieKey : cookieMap.keySet()) { - dataOperandFilterRequest = new DataOperandFilterRequest(cookieKey, filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); + dataOperandFilterRequest.modify(cookieKey, filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); validationResult = invokeFilter(dataOperandFilterRequest); res = validationResult.getIsValid(); if (res) { @@ -654,7 +657,7 @@ public DataOperandsFilterResponse applyFiltersOnHeaders(FilterActionRequest filt continue; } for (String val: headers.get(key)) { - DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(val, filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); + dataOperandFilterRequest.modify(val, filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); ValidationResult validationResult = invokeFilter(dataOperandFilterRequest); res = validationResult.getIsValid(); if (res) { @@ -669,7 +672,7 @@ public DataOperandsFilterResponse applyFiltersOnHeaders(FilterActionRequest filt List cookieList = headers.getOrDefault("cookie", new ArrayList<>()); Map cookieMap = parseCookie(cookieList); for (String cookieKey : cookieMap.keySet()) { - DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(cookieMap.get(cookieKey), filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); + dataOperandFilterRequest.modify(cookieMap.get(cookieKey), filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); ValidationResult validationResult = invokeFilter(dataOperandFilterRequest); res = validationResult.getIsValid(); if (res) { @@ -695,7 +698,7 @@ public DataOperandsFilterResponse applyFiltersOnHeaders(FilterActionRequest filt return new DataOperandsFilterResponse(result, matchingValueKeySet, null, null, validationErrorString.toString()); } else { String headerString = convertHeaders(headers); - DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(headerString, filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); + dataOperandFilterRequest.modify(headerString, filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); ValidationResult validationResult = invokeFilter(dataOperandFilterRequest); return new DataOperandsFilterResponse(validationResult.getIsValid(), null, null, null, validationResult.getValidationReason()); } @@ -725,7 +728,7 @@ public DataOperandsFilterResponse applyFilterOnQueryParams(FilterActionRequest f if (filterActionRequest.getConcernedSubProperty() != null && filterActionRequest.getConcernedSubProperty().toLowerCase().equals("key")) { for (String key: queryParamObj.keySet()) { - DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(key, filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); + dataOperandFilterRequest.modify(key, filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); ValidationResult validationResult = invokeFilter(dataOperandFilterRequest); res = validationResult.getIsValid(); result = Utils.evaluateResult(operation, result, res); @@ -746,7 +749,7 @@ public DataOperandsFilterResponse applyFilterOnQueryParams(FilterActionRequest f if (filterActionRequest.getKeyValOperandSeen() && matchingKeys != null && !matchingKeys.contains(key)) { continue; } - DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(queryParamObj.getString(key), filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); + dataOperandFilterRequest.modify(queryParamObj.getString(key), filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); ValidationResult validationResult = invokeFilter(dataOperandFilterRequest); res = validationResult.getIsValid(); result = Utils.evaluateResult(operation, result, res); @@ -763,7 +766,7 @@ public DataOperandsFilterResponse applyFilterOnQueryParams(FilterActionRequest f // } return new DataOperandsFilterResponse(result, matchingValueKeySet, null, null, validationErrorString.toString()); } else { - DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(queryParams, filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); + dataOperandFilterRequest.modify(queryParams, filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); ValidationResult validationResult = invokeFilter(dataOperandFilterRequest); res = validationResult.getIsValid(); return new DataOperandsFilterResponse(res, null, null, null, validationResult.getValidationReason()); @@ -825,7 +828,7 @@ public ValidationResult invokeFilter(DataOperandFilterRequest dataOperandFilterR DataOperandsImpl handler = this.filters.get(dataOperandFilterRequest.getOperand().toLowerCase()); if (handler == null) { - return new ValidationResult(false, "\noperand:" + dataOperandFilterRequest.getOperand().toLowerCase()+ " not found in filters"); + return ValidationResult.getInstance().resetValues(false, "\noperand:" + dataOperandFilterRequest.getOperand().toLowerCase()+ " not found in filters"); } return handler.isValid(dataOperandFilterRequest); } @@ -934,7 +937,7 @@ public boolean getMatchingKeysForPayload(Object obj, String parentKey, Object qu } else { if (!TestEditorEnums.DataOperands.VALUETYPE.toString().equals(operand)) { - DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(parentKey, querySet, operand); + dataOperandFilterRequest.modify(parentKey, querySet, operand); ValidationResult validationResult = invokeFilter(dataOperandFilterRequest); res = validationResult.getIsValid(); if (res) { @@ -968,7 +971,7 @@ public void valueExists(Object obj, String parentKey, Object querySet, String op if (keyOperandSeen && matchingKeys != null && !matchingKeys.contains(parentKey)) { return; } - DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(obj, querySet, operand); + dataOperandFilterRequest.modify(obj, querySet, operand); ValidationResult validationResult = invokeFilter(dataOperandFilterRequest); res = validationResult.getIsValid(); if (res) { @@ -1171,7 +1174,7 @@ public DataOperandsFilterResponse evaluatePrivateVariables(FilterActionRequest f return new DataOperandsFilterResponse(false, null, filterActionRequest.getContextEntities(), null); } else { for (BasicDBObject obj: filterActionRequest.getContextEntities()) { - DataOperandFilterRequest dataOperandFilterRequest = new DataOperandFilterRequest(obj.get("value"), filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); + dataOperandFilterRequest.modify(obj.get("value"), filterActionRequest.getQuerySet(), filterActionRequest.getOperand()); ValidationResult validationResult = invokeFilter(dataOperandFilterRequest); boolean res = validationResult.getIsValid(); if (res) { diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ApiCollectionFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ApiCollectionFilter.java index f8ac92469f..9f6643b5b2 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ApiCollectionFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ApiCollectionFilter.java @@ -26,7 +26,7 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques querySet = (List) dataOperandFilterRequest.getQueryset(); data = (String) dataOperandFilterRequest.getData(); } catch(Exception e) { - return new ValidationResult(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); + return ValidationResult.getInstance().resetValues(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); } Bson fQuery = Filters.or( @@ -57,8 +57,8 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques result = ApiInfoDao.instance.findOne(urlInCollectionQuery) != null; if (result) { - return new ValidationResult(result, ""); + return ValidationResult.getInstance().resetValues(result, ""); } - return new ValidationResult(result, "Could not find given urls: "+ data +", in list of API collections"); + return ValidationResult.getInstance().resetValues(result, "Could not find given urls: "+ data +", in list of API collections"); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsAllFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsAllFilter.java index 23633fe741..92d6251fd5 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsAllFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsAllFilter.java @@ -8,19 +8,24 @@ public class ContainsAllFilter extends DataOperandsImpl { + private static List querySet = new ArrayList<>(); + private static List notMatchedQuerySet = new ArrayList<>(); + private static Boolean result = true; + private static Boolean res; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - Boolean result = true; - Boolean res; - List querySet = new ArrayList<>(); - List notMatchedQuerySet = new ArrayList<>(); + querySet.clear(); + notMatchedQuerySet.clear(); + + result = true; String data; try { querySet = (List) dataOperandFilterRequest.getQueryset(); data = (String) dataOperandFilterRequest.getData(); } catch(Exception e) { - return new ValidationResult(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); + return ValidationResult.getInstance().resetValues(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); } for (String queryString: querySet) { try { @@ -35,9 +40,9 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques result = result && res; } if (result) { - return new ValidationResult(result, ""); + return ValidationResult.getInstance().resetValues(result, ""); } - return new ValidationResult(result, TestEditorEnums.DataOperands.CONTAINS_ALL.name().toLowerCase() + " failed due to '"+data+"' not matching with :" + notMatchedQuerySet); + return ValidationResult.getInstance().resetValues(result, TestEditorEnums.DataOperands.CONTAINS_ALL.name().toLowerCase() + " failed due to '"+data+"' not matching with :" + notMatchedQuerySet); } public Boolean evaluateOnListQuerySet(String data, List querySet) { diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsEitherFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsEitherFilter.java index 736a545992..19825b71a0 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsEitherFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsEitherFilter.java @@ -9,13 +9,17 @@ public class ContainsEitherFilter extends DataOperandsImpl { + private static List querySet = new ArrayList<>(); + private static List notMatchedQuerySet = new ArrayList<>(); + private static Boolean result = false; + private static Boolean res; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - Boolean result = false; - Boolean res; - List querySet = new ArrayList<>(); - List notMatchedQuerySet = new ArrayList<>(); + result = false; + querySet.clear(); + notMatchedQuerySet.clear(); String data; try { Object querysetObj = dataOperandFilterRequest.getQueryset(); @@ -23,12 +27,10 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques querySet = ((List) querysetObj).stream() .map(String::valueOf) .collect(Collectors.toList()); - } else { - querySet = new ArrayList<>(); } data = (String) dataOperandFilterRequest.getData(); } catch(Exception e) { - return new ValidationResult(false, ValidationResult.GET_QUERYSET_CATCH_ERROR); + return ValidationResult.getInstance().resetValues(false, ValidationResult.GET_QUERYSET_CATCH_ERROR); } for (String queryString: querySet) { try { @@ -42,9 +44,9 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques result = result || res; } if (result) { - return new ValidationResult(result, ""); + return ValidationResult.getInstance().resetValues(result, ""); } - return new ValidationResult(result, TestEditorEnums.DataOperands.CONTAINS_EITHER.name().toLowerCase() + " failed due to '"+data+"' not matching with :" + notMatchedQuerySet); + return ValidationResult.getInstance().resetValues(result, TestEditorEnums.DataOperands.CONTAINS_EITHER.name().toLowerCase() + " failed due to '"+data+"' not matching with :" + notMatchedQuerySet); } public Boolean evaluateOnListQuerySet(String data, List querySet) { diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsEitherIpFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsEitherIpFilter.java index 4f2a6ffb92..ac8b0cfa34 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsEitherIpFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsEitherIpFilter.java @@ -9,5 +9,5 @@ public Boolean evaluateOnStringQuerySet(String data, String query) { IpAddressMatcher ipAddressMatcher = new IpAddressMatcher(query); return ipAddressMatcher.matches(data); - } + } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsJwt.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsJwt.java index 93b0fbb503..4b4f1fcb7f 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsJwt.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ContainsJwt.java @@ -11,28 +11,33 @@ public class ContainsJwt extends DataOperandsImpl { + private static List querySet = new ArrayList<>(); + private static Boolean result = false; + private static Boolean queryVal; + private static String data; + private String[] splitValue; + String jwtKeyType; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - List querySet = new ArrayList<>(); - Boolean queryVal; - Boolean result = false; - String data; + result = false; + querySet.clear(); try { querySet = (List) dataOperandFilterRequest.getQueryset(); queryVal = (Boolean) querySet.get(0); data = (String) dataOperandFilterRequest.getData(); } catch(Exception e) { - return new ValidationResult(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); + return ValidationResult.getInstance().resetValues(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); } if (data == null || queryVal == null) { - return new ValidationResult(result, ""); + return ValidationResult.getInstance().resetValues(result, ""); } - String[] splitValue = data.toString().split(" "); - String jwtKeyType = null; + splitValue = data.toString().split(" "); + jwtKeyType = null; for (String x: splitValue) { if (KeyTypes.isJWT(x)) { result = true; @@ -41,13 +46,13 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques } } if (queryVal == result) { - return new ValidationResult(true, - queryVal? TestEditorEnums.DataOperands.CONTAINS_JWT.name().toLowerCase() + ": true passed because key:"+ jwtKeyType+" is jwt type": - TestEditorEnums.DataOperands.CONTAINS_JWT.name().toLowerCase() + ": false passed because no jwt type found"); + return ValidationResult.getInstance().resetValues(true, + queryVal? TestEditorEnums.DataOperands.CONTAINS_JWT.name().toLowerCase() + ": true passed because key:"+ jwtKeyType+" is jwt type": + TestEditorEnums.DataOperands.CONTAINS_JWT.name().toLowerCase() + ": false passed because no jwt type found"); } if (queryVal) { - return new ValidationResult(false, TestEditorEnums.DataOperands.CONTAINS_JWT.name().toLowerCase() + ": true failed because no jwt type found"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.CONTAINS_JWT.name().toLowerCase() + ": true failed because no jwt type found"); } - return new ValidationResult(false, TestEditorEnums.DataOperands.CONTAINS_JWT.name().toLowerCase() + ": false failed because key:"+ jwtKeyType+" is jwt type"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.CONTAINS_JWT.name().toLowerCase() + ": false failed because key:"+ jwtKeyType+" is jwt type"); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/CookieExpireFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/CookieExpireFilter.java index 145d49bcf3..cb327f03cf 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/CookieExpireFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/CookieExpireFilter.java @@ -17,6 +17,9 @@ public class CookieExpireFilter extends DataOperandsImpl { + private static List querySet = new ArrayList<>(); + private static Boolean queryVal; + public static int getMaxAgeFromCookie(Map cookieMap){ if (cookieMap.containsKey("Max-Age") || cookieMap.containsKey("max-age")) { int maxAge; @@ -53,23 +56,21 @@ public static int getMaxAgeFromCookie(Map cookieMap){ @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - List querySet = new ArrayList<>(); - Boolean queryVal; - String data; + querySet.clear(); try { querySet = (List) dataOperandFilterRequest.getQueryset(); queryVal = (Boolean) querySet.get(0); - data = (String) dataOperandFilterRequest.getData(); + dataStr = (String) dataOperandFilterRequest.getData(); } catch(Exception e) { - return new ValidationResult(false, ValidationResult.GET_QUERYSET_CATCH_ERROR); + return ValidationResult.getInstance().resetValues(false, ValidationResult.GET_QUERYSET_CATCH_ERROR); } - if (data == null || queryVal == null) { - return new ValidationResult(false, queryVal == null ? TestEditorEnums.DataOperands.COOKIE_EXPIRE_FILTER.name().toLowerCase() + " is not set true": "no data to be matched for validation"); + if (dataStr == null || queryVal == null) { + return ValidationResult.getInstance().resetValues(false, queryVal == null ? TestEditorEnums.DataOperands.COOKIE_EXPIRE_FILTER.name().toLowerCase() + " is not set true": "no data to be matched for validation"); } - Map cookieMap = parseCookie(Arrays.asList(data)); + Map cookieMap = parseCookie(Arrays.asList(dataStr)); boolean result = queryVal; boolean res = false; @@ -77,12 +78,12 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques int maxAgeOfCookieTs = getMaxAgeFromCookie(cookieMap); res = maxAgeOfCookieTs/(Constants.ONE_MONTH_TIMESTAMP) > 1; if (result == res) { - return new ValidationResult(true, result? TestEditorEnums.DataOperands.COOKIE_EXPIRE_FILTER.name().toLowerCase() + ": true passed because cookie:"+ data+" expired": - TestEditorEnums.DataOperands.COOKIE_EXPIRE_FILTER.name().toLowerCase() + ": false passed because cookie:"+ data+" not expired"); + return ValidationResult.getInstance().resetValues(true, result? TestEditorEnums.DataOperands.COOKIE_EXPIRE_FILTER.name().toLowerCase() + ": true passed because cookie:"+ dataStr+" expired": + TestEditorEnums.DataOperands.COOKIE_EXPIRE_FILTER.name().toLowerCase() + ": false passed because cookie:"+ dataStr+" not expired"); } if (result) { - return new ValidationResult(false, TestEditorEnums.DataOperands.COOKIE_EXPIRE_FILTER.name().toLowerCase() + ": true failed cookie:"+ data+" not expired"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.COOKIE_EXPIRE_FILTER.name().toLowerCase() + ": true failed cookie:"+ dataStr+" not expired"); } - return new ValidationResult(false, TestEditorEnums.DataOperands.COOKIE_EXPIRE_FILTER.name().toLowerCase() + ": false failed because cookie:"+ data+" expired"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.COOKIE_EXPIRE_FILTER.name().toLowerCase() + ": false failed because cookie:"+ dataStr+" expired"); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/DataOperandsImpl.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/DataOperandsImpl.java index 274d6710a0..0a793b60a8 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/DataOperandsImpl.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/DataOperandsImpl.java @@ -3,6 +3,17 @@ import com.akto.dto.test_editor.DataOperandFilterRequest; public abstract class DataOperandsImpl { + + public static Boolean result; + public static Object data; + public String validationReson; + public static Integer dataInt; + public static Boolean dataBool; + public static Boolean queryBool; + public static Object query; + public static String dataStr; + public static String validationString; + public abstract ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest); } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/DatatypeFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/DatatypeFilter.java index d1d2523268..5ec2b19ce8 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/DatatypeFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/DatatypeFilter.java @@ -12,24 +12,27 @@ public class DatatypeFilter extends DataOperandsImpl { + private static Object querySet; + private static List queryList; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - Object data = dataOperandFilterRequest.getData(); - Object querySet = dataOperandFilterRequest.getQueryset(); + data = dataOperandFilterRequest.getData(); + querySet = dataOperandFilterRequest.getQueryset(); try { - List queryList = (List) querySet; + queryList = (List) querySet; if (queryList == null || queryList.size() == 0) { - return new ValidationResult(false, TestEditorEnums.DataOperands.DATATYPE.name().toLowerCase() + " validation is passed without any query"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.DATATYPE.name().toLowerCase() + " validation is passed without any query"); } if (data instanceof String && queryList.get(0).equalsIgnoreCase("string")) { - return new ValidationResult(true, TestEditorEnums.DataOperands.DATATYPE.name().toLowerCase() + ": string validation is passed because: "+ data + " is string type"); + return ValidationResult.getInstance().resetValues(true, TestEditorEnums.DataOperands.DATATYPE.name().toLowerCase() + ": string validation is passed because: "+ data + " is string type"); } if (data instanceof Integer && queryList.get(0).equalsIgnoreCase("number")) { - return new ValidationResult(true, TestEditorEnums.DataOperands.DATATYPE.name().toLowerCase() + ": number validation is passed because: "+ data + " is number type"); + return ValidationResult.getInstance().resetValues(true, TestEditorEnums.DataOperands.DATATYPE.name().toLowerCase() + ": number validation is passed because: "+ data + " is number type"); } if (data instanceof Boolean && queryList.get(0).equalsIgnoreCase("boolean")) { - return new ValidationResult(true, TestEditorEnums.DataOperands.DATATYPE.name().toLowerCase() + ": boolean validation is passed"); + return ValidationResult.getInstance().resetValues(true, TestEditorEnums.DataOperands.DATATYPE.name().toLowerCase() + ": boolean validation is passed"); } int accountId = Context.accountId.get(); @@ -58,8 +61,8 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques break; } if (isValid) { - return new ValidationResult(true, TestEditorEnums.DataOperands.DATATYPE.name().toLowerCase() + ": " - + dataType + " validation is passed"); + return ValidationResult.getInstance().resetValues(true, TestEditorEnums.DataOperands.DATATYPE.name().toLowerCase() + ": " + + dataType + " validation is passed"); } } @@ -70,14 +73,14 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques SingleTypeInfo.SubType subType = KeyTypes.findSubType(data, null, null, true); isValid = subType.getName().equals(dataType); if (isValid) { - return new ValidationResult(true, TestEditorEnums.DataOperands.DATATYPE.name().toLowerCase() + ": " - + dataType + " validation is passed"); + return ValidationResult.getInstance().resetValues(true, TestEditorEnums.DataOperands.DATATYPE.name().toLowerCase() + ": " + + dataType + " validation is passed"); } } - return new ValidationResult(false, ValidationResult.GET_QUERYSET_CATCH_ERROR); + return ValidationResult.getInstance().resetValues(false, ValidationResult.GET_QUERYSET_CATCH_ERROR); } catch (Exception e) { - return new ValidationResult(false, ValidationResult.GET_QUERYSET_CATCH_ERROR); + return ValidationResult.getInstance().resetValues(false, ValidationResult.GET_QUERYSET_CATCH_ERROR); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/EqFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/EqFilter.java index 003e1de61a..c0b2c39853 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/EqFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/EqFilter.java @@ -7,35 +7,38 @@ public class EqFilter extends DataOperandsImpl { + private static Boolean result = false; + private static Object querySet; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - Boolean result = false; - Object data = dataOperandFilterRequest.getData(); - Object querySet = dataOperandFilterRequest.getQueryset(); + result = false; + data = dataOperandFilterRequest.getData(); + querySet = dataOperandFilterRequest.getQueryset(); try { if (data instanceof String) { List queryList = (List) querySet; if (queryList == null || queryList.size() == 0) { - return new ValidationResult(false, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because of empty query"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because of empty query"); } result = data.toString().trim().toLowerCase().equals(queryList.get(0).trim().toLowerCase()); if (result) { - return new ValidationResult(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation passed "); + return ValidationResult.getInstance().resetValues(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation passed "); } else { - return new ValidationResult(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because: string query do not match"); + return ValidationResult.getInstance().resetValues(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because: string query do not match"); } } if (data instanceof Integer) { List queryList = (List) querySet; if (queryList == null || queryList.size() == 0) { - new ValidationResult(false, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because of empty query"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because of empty query"); } - Integer dataInt = (Integer) data; + dataInt = (Integer) data; - Object query = queryList.get(0); + query = queryList.get(0); if (query instanceof String) { int queryInt = Integer.parseInt((String) query); result = (int) dataInt == queryInt; @@ -43,37 +46,37 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques result = ((int) dataInt == (int) queryList.get(0)); } if (result) { - return new ValidationResult(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation passed "); + return ValidationResult.getInstance().resetValues(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation passed "); } else { - return new ValidationResult(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because: "+ dataInt +" != " + query); + return ValidationResult.getInstance().resetValues(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because: "+ dataInt +" != " + query); } } if (data instanceof Boolean ) { List queryList = (List) querySet; if (queryList == null || queryList.size() == 0) { - new ValidationResult(false, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because of empty query"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because of empty query"); } - Boolean dataBool = (Boolean) data; + dataBool = (Boolean) data; - Object query = queryList.get(0); + query = queryList.get(0); if (query instanceof String) { - Boolean queryBool = Boolean.valueOf((String) query); + queryBool = Boolean.valueOf((String) query); result = (boolean) dataBool == queryBool; } else { result = ((boolean) dataBool == (boolean) queryList.get(0)); } if (result) { - return new ValidationResult(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation passed "); + return ValidationResult.getInstance().resetValues(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation passed "); } else { - return new ValidationResult(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because: boolean query do not match"); + return ValidationResult.getInstance().resetValues(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because: boolean query do not match"); } } } catch (Exception e) { - return new ValidationResult(false, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because of empty query"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because of empty query"); } - return new ValidationResult(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because of empty query"); + return ValidationResult.getInstance().resetValues(result, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation failed because of empty query"); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/EqFilterObj.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/EqFilterObj.java index 5a02aac89b..80be9836a2 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/EqFilterObj.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/EqFilterObj.java @@ -10,21 +10,23 @@ public class EqFilterObj extends DataOperandsImpl { + private static Object querySet; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { try { - Object data = dataOperandFilterRequest.getData(); - Object querySet = dataOperandFilterRequest.getQueryset(); + data = dataOperandFilterRequest.getData(); + querySet = dataOperandFilterRequest.getQueryset(); List queryList = (List) querySet; if (queryList == null || queryList.size() == 0) { - return new ValidationResult(false, TestEditorEnums.DataOperands.EQ_OBJ.name().toLowerCase() + " validation failed because of empty query"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.EQ_OBJ.name().toLowerCase() + " validation failed because of empty query"); } Double matchVal = compareWithOriginalResponse(data.toString(), queryList.get(0), new HashMap<>()); boolean res = (matchVal == 100.0); - return new ValidationResult(res, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation passed "); + return ValidationResult.getInstance().resetValues(res, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation passed "); } catch (Exception e) { - return new ValidationResult(false, TestEditorEnums.DataOperands.EQ_OBJ.name().toLowerCase() + " validation failed because of error " + e.getMessage()); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.EQ_OBJ.name().toLowerCase() + " validation failed because of error " + e.getMessage()); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/GreaterThanEqFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/GreaterThanEqFilter.java index bf7879c44b..80235b7087 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/GreaterThanEqFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/GreaterThanEqFilter.java @@ -5,22 +5,24 @@ import com.akto.test_editor.Utils; public class GreaterThanEqFilter extends DataOperandsImpl { - + + private static Object querySet; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - Boolean result = false; - Object data = dataOperandFilterRequest.getData(); - Object querySet = dataOperandFilterRequest.getQueryset(); + result = false; + data = dataOperandFilterRequest.getData(); + querySet = dataOperandFilterRequest.getQueryset(); result = Utils.applyIneqalityOperation(data, querySet, "gte"); - String validationReson = null; + validationReson = null; if (result) { validationReson = TestEditorEnums.DataOperands.GTE.name().toLowerCase() + " filter passed"; } else { validationReson = TestEditorEnums.DataOperands.GTE.name().toLowerCase() + " filter failed: '"+ data +"' < '" + querySet +"'"; } - return new ValidationResult(result, validationReson); + return ValidationResult.getInstance().resetValues(result, validationReson); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/GreaterThanFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/GreaterThanFilter.java index 32387a4100..a5ef6b38fd 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/GreaterThanFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/GreaterThanFilter.java @@ -5,13 +5,15 @@ import com.akto.test_editor.Utils; public class GreaterThanFilter extends DataOperandsImpl { - + + private static Object querySet; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - Boolean result = false; - Object data = dataOperandFilterRequest.getData(); - Object querySet = dataOperandFilterRequest.getQueryset(); + result = false; + data = dataOperandFilterRequest.getData(); + querySet = dataOperandFilterRequest.getQueryset(); result = Utils.applyIneqalityOperation(data, querySet, "gt"); String validationReson = null; if (result) { @@ -20,6 +22,6 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques validationReson = TestEditorEnums.DataOperands.GT.name().toLowerCase() + " filter failed: '"+ data +"' <= '" + querySet +"'"; } - return new ValidationResult(result, validationReson); + return ValidationResult.getInstance().resetValues(result, validationReson); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/LesserThanEqFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/LesserThanEqFilter.java index 6cde5614bb..1f319eee27 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/LesserThanEqFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/LesserThanEqFilter.java @@ -6,21 +6,23 @@ public class LesserThanEqFilter extends DataOperandsImpl { + private static Object querySet; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - Boolean result = false; - Object data = dataOperandFilterRequest.getData(); - Object querySet = dataOperandFilterRequest.getQueryset(); + result = false; + data = dataOperandFilterRequest.getData(); + querySet = dataOperandFilterRequest.getQueryset(); result = Utils.applyIneqalityOperation(data, querySet, "lte"); - String validationReson = null; + validationReson = null; if (result) { validationReson = TestEditorEnums.DataOperands.LTE.name().toLowerCase() + " filter passed"; } else { validationReson = TestEditorEnums.DataOperands.LTE.name().toLowerCase() + " filter failed: ''"+ data +"' > '" + querySet +"'"; } - return new ValidationResult(result, validationReson); + return ValidationResult.getInstance().resetValues(result, validationReson); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/LesserThanFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/LesserThanFilter.java index 26ef36c955..da3ccdd160 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/LesserThanFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/LesserThanFilter.java @@ -6,21 +6,23 @@ public class LesserThanFilter extends DataOperandsImpl { + private static Object querySet; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - Boolean result = false; - Object data = dataOperandFilterRequest.getData(); - Object querySet = dataOperandFilterRequest.getQueryset(); + result = false; + data = dataOperandFilterRequest.getData(); + querySet = dataOperandFilterRequest.getQueryset(); result = Utils.applyIneqalityOperation(data, querySet, "lt"); - String validationReson = null; + validationReson = null; if (result) { validationReson = TestEditorEnums.DataOperands.LT.name().toLowerCase() + " filter passed"; } else { validationReson = TestEditorEnums.DataOperands.LT.name().toLowerCase() + " filter failed: ''"+ data +"' >= '" + querySet +"'"; } - return new ValidationResult(result, validationReson); + return ValidationResult.getInstance().resetValues(result, validationReson); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NeqFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NeqFilter.java index 5b466fb68a..34f8c740aa 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NeqFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NeqFilter.java @@ -7,18 +7,20 @@ public class NeqFilter extends DataOperandsImpl { + private static Object querySet; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - Boolean result = false; - Object data = dataOperandFilterRequest.getData(); - Object querySet = dataOperandFilterRequest.getQueryset(); - String validationString = null; + result = false; + data = dataOperandFilterRequest.getData(); + querySet = dataOperandFilterRequest.getQueryset(); + validationString = null; try { if (data instanceof String) { List queryList = (List) querySet; if (queryList == null || queryList.size() == 0) { - return new ValidationResult(false, TestEditorEnums.DataOperands.NEQ.name().toLowerCase() + " filter failed because empty queryset"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.NEQ.name().toLowerCase() + " filter failed because empty queryset"); } result = !data.toString().toLowerCase().equals(queryList.get(0).toLowerCase()); if (result) { @@ -31,11 +33,11 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques if (data instanceof Integer) { List queryList = (List) querySet; if (queryList == null || queryList.size() == 0) { - return new ValidationResult(false, TestEditorEnums.DataOperands.NEQ.name().toLowerCase() + " filter failed because empty queryset"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.NEQ.name().toLowerCase() + " filter failed because empty queryset"); } Integer dataInt = (Integer) data; - Object query = queryList.get(0); + query = queryList.get(0); if (query instanceof String) { int queryInt = Integer.parseInt((String) query); result = (int) dataInt != queryInt; @@ -52,12 +54,12 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques if (data instanceof Boolean && querySet instanceof Boolean) { List queryList = (List) querySet; if (queryList == null || queryList.size() == 0) { - return new ValidationResult(false, TestEditorEnums.DataOperands.NEQ.name().toLowerCase() + " filter failed because empty queryset"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.NEQ.name().toLowerCase() + " filter failed because empty queryset"); } - Boolean dataBool = (Boolean) data; - Object query = queryList.get(0); + dataBool = (Boolean) data; + query = queryList.get(0); if (query instanceof String) { - Boolean queryBool = Boolean.valueOf((String) query); + queryBool = Boolean.valueOf((String) query); result = (boolean) dataBool != queryBool; } else { result = ((boolean) dataBool != (boolean) queryList.get(0)); @@ -70,11 +72,11 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques } } catch (Exception e) { - return new ValidationResult(false, ValidationResult.GET_QUERYSET_CATCH_ERROR); + return ValidationResult.getInstance().resetValues(false, ValidationResult.GET_QUERYSET_CATCH_ERROR); } - return new ValidationResult(result, validationString); + return ValidationResult.getInstance().resetValues(result, validationString); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NeqFilterObj.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NeqFilterObj.java index 275a791125..531b95cd76 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NeqFilterObj.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NeqFilterObj.java @@ -10,21 +10,25 @@ public class NeqFilterObj extends DataOperandsImpl { + Object querySet; + List queryList; + boolean res; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - + try { - Object data = dataOperandFilterRequest.getData(); - Object querySet = dataOperandFilterRequest.getQueryset(); - List queryList = (List) querySet; + data = dataOperandFilterRequest.getData(); + querySet = dataOperandFilterRequest.getQueryset(); + queryList = (List) querySet; if (queryList == null || queryList.size() == 0) { - return new ValidationResult(false, TestEditorEnums.DataOperands.EQ_OBJ.name().toLowerCase() + " validation failed because of empty query"); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.EQ_OBJ.name().toLowerCase() + " validation failed because of empty query"); } Double matchVal = compareWithOriginalResponse(data.toString(), queryList.get(0), new HashMap<>()); - boolean res = (matchVal < 100.0); - return new ValidationResult(res, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation passed "); + res = (matchVal < 100.0); + return ValidationResult.getInstance().resetValues(res, TestEditorEnums.DataOperands.EQ.name().toLowerCase() + " validation passed "); } catch (Exception e) { - return new ValidationResult(false, TestEditorEnums.DataOperands.EQ_OBJ.name().toLowerCase() + " validation failed because of error " + e.getMessage()); + return ValidationResult.getInstance().resetValues(false, TestEditorEnums.DataOperands.EQ_OBJ.name().toLowerCase() + " validation failed because of error " + e.getMessage()); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NotContainsEitherFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NotContainsEitherFilter.java index 6e1197cfc3..3101c20f20 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NotContainsEitherFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NotContainsEitherFilter.java @@ -8,19 +8,20 @@ public class NotContainsEitherFilter extends DataOperandsImpl { + Boolean res; + List querySet = new ArrayList<>(); + String data; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - Boolean result = false; - Boolean res; - List querySet = new ArrayList<>(); - String data; - String validationString = null; + result = false; + validationString = null; try { querySet = (List) dataOperandFilterRequest.getQueryset(); data = (String) dataOperandFilterRequest.getData(); } catch(Exception e) { - return new ValidationResult(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); + return ValidationResult.getInstance().resetValues(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); } @@ -35,7 +36,7 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques if (!result) { validationString = TestEditorEnums.DataOperands.NOT_CONTAINS_EITHER.name().toLowerCase() + " filter failed due to '"+ data + "' not matching with : " + querySet; } - return new ValidationResult(result, validationString); + return ValidationResult.getInstance().resetValues(result, validationString); } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NotContainsFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NotContainsFilter.java index b832cb345f..3466212b2c 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NotContainsFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NotContainsFilter.java @@ -8,21 +8,23 @@ public class NotContainsFilter extends DataOperandsImpl { + Boolean res; + List querySet; + String data; + String failedQueryString; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - Boolean result = true; - Boolean res; - List querySet = new ArrayList<>(); - String data; - String validationString = null; + result = true; + validationString = null; try { querySet = (List) dataOperandFilterRequest.getQueryset(); data = (String) dataOperandFilterRequest.getData(); } catch(Exception e) { - return new ValidationResult(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); + return ValidationResult.getInstance().resetValues(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); } - String failedQueryString = null; + failedQueryString = null; for (String queryString: querySet) { try { res = evaluateOnStringQuerySet(data.trim(), queryString.trim()); @@ -39,7 +41,7 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques } else { validationString = TestEditorEnums.DataOperands.NOT_CONTAINS.name().toLowerCase() + " filter failed due to '" + data + "' not matching with: " + failedQueryString; } - return new ValidationResult(result, validationString); + return ValidationResult.getInstance().resetValues(result, validationString); } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NotContainsIpFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NotContainsIpFilter.java index 8e57795629..912b26e61b 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NotContainsIpFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/NotContainsIpFilter.java @@ -9,5 +9,5 @@ public Boolean evaluateOnStringQuerySet(String data, String query) { IpAddressMatcher ipAddressMatcher = new IpAddressMatcher(query); return !ipAddressMatcher.matches(data); - } + } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/RegexFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/RegexFilter.java index 3b0ba827df..9584d72cd0 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/RegexFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/RegexFilter.java @@ -9,18 +9,19 @@ public class RegexFilter extends DataOperandsImpl { + Boolean res; + @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - Boolean result = false; - Boolean res; + result = false; List querySet = new ArrayList<>(); String data; try { querySet = (List) dataOperandFilterRequest.getQueryset(); data = (String) dataOperandFilterRequest.getData(); } catch(Exception e) { - return new ValidationResult(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); + return ValidationResult.getInstance().resetValues(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); } for (String queryString: querySet) { try { @@ -30,13 +31,13 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques } result = result || res; } - String validationString = null; + validationString = null; if (result) { validationString = TestEditorEnums.DataOperands.REGEX.name().toLowerCase() + " filter passed"; } else { validationString = TestEditorEnums.DataOperands.REGEX.name().toLowerCase() + " filter failed due to '" + data + "' not matching for - " + querySet;; } - return new ValidationResult(result, validationString); + return ValidationResult.getInstance().resetValues(result, validationString); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/SsrfUrlHitFilter.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/SsrfUrlHitFilter.java index a231ec7cc4..955be2c20a 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/SsrfUrlHitFilter.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/SsrfUrlHitFilter.java @@ -9,17 +9,16 @@ public class SsrfUrlHitFilter extends DataOperandsImpl { + List querySet; @Override public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterRequest) { - Boolean result = false; - List querySet = new ArrayList<>(); - String data; + result = false; try { querySet = (List) dataOperandFilterRequest.getQueryset(); data = (String) dataOperandFilterRequest.getData(); } catch(Exception e) { - return new ValidationResult(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); + return ValidationResult.getInstance().resetValues(result, ValidationResult.GET_QUERYSET_CATCH_ERROR); } for (String queryString: querySet) { @@ -34,7 +33,7 @@ public ValidationResult isValid(DataOperandFilterRequest dataOperandFilterReques } else { validationString = TestEditorEnums.PredicateOperator.SSRF_URL_HIT.name().toLowerCase() + " filter failed due to - " + querySet;; } - return new ValidationResult(result, validationString); + return ValidationResult.getInstance().resetValues(result, validationString); } } diff --git a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ValidationResult.java b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ValidationResult.java index c2204827ef..97443deadc 100644 --- a/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ValidationResult.java +++ b/libs/utils/src/main/java/com/akto/test_editor/filter/data_operands_impl/ValidationResult.java @@ -1,10 +1,24 @@ package com.akto.test_editor.filter.data_operands_impl; public class ValidationResult { + + private static ValidationResult instance; + + public static ValidationResult getInstance(){ + if(instance == null){ + instance = new ValidationResult(); + } + return instance; + } + public static final String GET_QUERYSET_CATCH_ERROR = "Error while parsing data"; Boolean isValid; String validationReason; - public ValidationResult(Boolean isValid, String validationReason) { + + private ValidationResult() { + } + + private ValidationResult(Boolean isValid, String validationReason) { this.isValid = isValid; this.validationReason = validationReason; } @@ -16,4 +30,11 @@ public Boolean getIsValid() { public String getValidationReason() { return validationReason; } + + public ValidationResult resetValues(Boolean isValid, String validationReason) { + this.isValid = isValid; + this.validationReason = validationReason; + return this; + } + } diff --git a/libs/utils/src/main/java/com/akto/testing/Utils.java b/libs/utils/src/main/java/com/akto/testing/Utils.java index 30e703752f..2e78dba08e 100644 --- a/libs/utils/src/main/java/com/akto/testing/Utils.java +++ b/libs/utils/src/main/java/com/akto/testing/Utils.java @@ -72,6 +72,7 @@ public class Utils { private static final LoggerMaker loggerMaker = new LoggerMaker(Utils.class); + private static final Filter filter = new Filter(); public static void populateValuesMap(Map valuesMap, String payloadStr, String nodeId, Map> headers, boolean isRequest, String queryParams) { @@ -359,15 +360,14 @@ public static double compareWithOriginalResponse(String originalPayload, String } public static ValidationResult validateFilter(FilterNode filterNode, RawApi rawApi, ApiInfoKey apiInfoKey, Map varMap, String logId) { - if (filterNode == null) return new ValidationResult(true, ""); - if (rawApi == null) return new ValidationResult(true, "raw api is null"); + if (filterNode == null) return ValidationResult.getInstance().resetValues(true, "filterNode is null"); + if (rawApi == null) return ValidationResult.getInstance().resetValues(true, "raw api is null"); return validate(filterNode, rawApi, null, apiInfoKey,"filter", varMap, logId); } private static ValidationResult validate(FilterNode node, RawApi rawApi, RawApi testRawApi, ApiInfoKey apiInfoKey, String context, Map varMap, String logId) { - Filter filter = new Filter(); DataOperandsFilterResponse dataOperandsFilterResponse = filter.isEndpointValid(node, rawApi, testRawApi, apiInfoKey, null, null , false,context, varMap, logId, false); - return new ValidationResult(dataOperandsFilterResponse.getResult(), dataOperandsFilterResponse.getValidationReason()); + return ValidationResult.getInstance().resetValues(dataOperandsFilterResponse.getResult(), dataOperandsFilterResponse.getValidationReason()); } public static void modifyBodyOperations(OriginalHttpRequest httpRequest, List modifyOperations, List addOperations, List deleteOperations){