Skip to content

Commit

Permalink
Merge pull request #1355 from akto-api-security/hotfix/first_url_para…
Browse files Browse the repository at this point in the history 
…m_merging

fix first url param merging
  • Loading branch information
@avneesh-akto
avneesh-akto authored Aug 14, 2024
2 parents 1328e95 + 8e2f819 commit 80862ce
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 8 deletions.
6 changes: 2 additions & 4 deletions apps/api-runtime/src/main/java/com/akto/runtime/APICatalogSync.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -709,9 +709,7 @@ public static boolean isNumber(String val) {

public static URLTemplate tryParamteresingUrl(URLStatic newUrl){
String[] tokens = tokenize(newUrl.getUrl());
if(tokens.length < 2){
return null;
}
boolean tokensBelowThreshold = tokens.length < 2;
Pattern pattern = patternToSubType.get(SingleTypeInfo.UUID);
boolean allNull = true;
SuperType[] newTypes = new SuperType[tokens.length];
Expand All @@ -733,7 +731,7 @@ public static URLTemplate tryParamteresingUrl(URLStatic newUrl){

if(tokens[i] != null){
SubType tempSubType = KeyTypes.findSubType(tokens[i], ""+i, null,true);
if(isValidSubtype(tempSubType)){
if(!tokensBelowThreshold && isValidSubtype(tempSubType)){
newTypes[i] = SuperType.STRING;
tokens[i] = null;
}else if(isAlphanumericString(tempToken)){
Expand Down
28 changes: 28 additions & 0 deletions apps/api-runtime/src/test/java/com/akto/parsers/TestMergingNew.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,34 @@ public void testmultipleUUIDForceMerge(){
assertNotNull(singleTypeInfo2);
}

@Test
public void testFirstUrlParameterMerging(){
SingleTypeInfoDao.instance.getMCollection().drop();
ApiCollectionsDao.instance.getMCollection().drop();
HttpCallParser parser = new HttpCallParser("userIdentifier", 1, 1, 1, true);
List<HttpResponseParams> responseParams = new ArrayList<>();
List<String> urls = new ArrayList<>();
urls.add("/D654447FF7"); // merges to /STRING
urls.add("/c7e5e544-4040-4405-b2a7-22bf9c5286fb"); // merges to /STRING
urls.add("/3"); // merges to /INTEGER
urls.add(new ObjectId().toHexString()); // merges to /OBJECT_ID
urls.add("test@akto.io"); //this shouldn't get merge because tokensBelowThreshold and subtype match

int i = 0;
for (String c: urls) {
HttpResponseParams resp = createDifferentHttpResponseParams(i*100, c);
responseParams.add(resp);
i +=1;
}

parser.syncFunction(responseParams, false, true, null);
parser.apiCatalogSync.syncWithDB(false, true, SyncLimit.noLimit);
parser.apiCatalogSync.buildFromDB(false, true);
assertEquals(1, parser.apiCatalogSync.getDbState(123).getStrictURLToMethods().size());
assertEquals(3, parser.apiCatalogSync.getDbState(123).getTemplateURLToMethods().size());

}

@Test
public void testUUIDForceMerge() {
SingleTypeInfoDao.instance.getMCollection().drop();
Expand Down
6 changes: 2 additions & 4 deletions apps/mini-runtime/src/main/java/com/akto/hybrid_runtime/APICatalogSync.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -526,9 +526,7 @@ public static boolean isNumber(String val) {

public static URLTemplate tryParamteresingUrl(URLStatic newUrl){
String[] tokens = tokenize(newUrl.getUrl());
if(tokens.length < 2){
return null;
}
boolean tokensBelowThreshold = tokens.length < 2;
Pattern pattern = patternToSubType.get(SingleTypeInfo.UUID);
boolean allNull = true;
SuperType[] newTypes = new SuperType[tokens.length];
Expand All @@ -550,7 +548,7 @@ public static URLTemplate tryParamteresingUrl(URLStatic newUrl){

if(tokens[i] != null){
SubType tempSubType = KeyTypes.findSubType(tokens[i], ""+i, null,true);
if(isValidSubtype(tempSubType)){
if(!tokensBelowThreshold && isValidSubtype(tempSubType)){
newTypes[i] = SuperType.STRING;
tokens[i] = null;
}else if(isAlphanumericString(tempToken)){
Expand Down

0 comments on commit 80862ce

Please sign in to comment.