Critical Category added

.github/scripts/akto-cicd.sh

@@ -58,16 +58,18 @@ while true; do
 
   if [[ "$state" == "COMPLETED" ]]; then
     count=$(echo "$response" | jq -r '.testingRunResultSummaries[0].countIssues // empty')
+    critical=$(echo "$response" | jq -r '.testingRunResultSummaries[0].countIssues.CRITICAL // empty')
     high=$(echo "$response" | jq -r '.testingRunResultSummaries[0].countIssues.HIGH // empty')
     medium=$(echo "$response" | jq -r '.testingRunResultSummaries[0].countIssues.MEDIUM // empty')
     low=$(echo "$response" | jq -r '.testingRunResultSummaries[0].countIssues.LOW // empty')
 
     echo "[Results]($AKTO_DASHBOARD_URL/dashboard/testing/$AKTO_TEST_ID)" >> $GITHUB_STEP_SUMMARY
+    echo "CRITICAL: $critical" >> $GITHUB_STEP_SUMMARY
     echo "HIGH: $high" >> $GITHUB_STEP_SUMMARY
     echo "MEDIUM: $medium" >> $GITHUB_STEP_SUMMARY
     echo "LOW: $low"  >> $GITHUB_STEP_SUMMARY
 
-    if [ "$high" -gt 0 ] || [ "$medium" -gt 0 ] || [ "$low" -gt 0 ] ; then
+    if [ "$critical" -gt 0 ] || [ "$high" -gt 0 ] || [ "$medium" -gt 0 ] || [ "$low" -gt 0 ] ; then
         echo "Vulnerabilities found!!" >> $GITHUB_STEP_SUMMARY
         #exit 1
         exit 0

apps/dashboard/src/main/java/com/akto/listener/InitializerListener.java

@@ -1275,6 +1275,7 @@ public static void createRiskScoreGroups(BackwardCompatibility backwardCompatibi
             createRiskScoreApiGroup(111_111_148, "Low Risk APIs", RiskScoreTestingEndpoints.RiskScoreGroupType.LOW);
             createRiskScoreApiGroup(111_111_149, "Medium Risk APIs", RiskScoreTestingEndpoints.RiskScoreGroupType.MEDIUM);
             createRiskScoreApiGroup(111_111_150, "High Risk APIs", RiskScoreTestingEndpoints.RiskScoreGroupType.HIGH);
+            createRiskScoreApiGroup(111_111_151, "Critical Risk APIs", RiskScoreTestingEndpoints.RiskScoreGroupType.CRITICAL);
 
             BackwardCompatibilityDao.instance.updateOne(
                     Filters.eq("_id", backwardCompatibility.getId()),

apps/dashboard/src/main/java/com/akto/utils/RiskScoreTestingEndpointsUtils.java

@@ -24,13 +24,15 @@ public class RiskScoreTestingEndpointsUtils {
         put(RiskScoreTestingEndpoints.RiskScoreGroupType.LOW, new ArrayList<>());
         put(RiskScoreTestingEndpoints.RiskScoreGroupType.MEDIUM, new ArrayList<>());
         put(RiskScoreTestingEndpoints.RiskScoreGroupType.HIGH, new ArrayList<>());
+        put(RiskScoreTestingEndpoints.RiskScoreGroupType.CRITICAL, new ArrayList<>());
     }}; 
 
 
     private Map<RiskScoreTestingEndpoints.RiskScoreGroupType, List<ApiInfo>> addApisToRiskScoreGroupMap = new HashMap<RiskScoreTestingEndpoints.RiskScoreGroupType, List<ApiInfo>>() {{
         put(RiskScoreTestingEndpoints.RiskScoreGroupType.LOW, new ArrayList<>());
         put(RiskScoreTestingEndpoints.RiskScoreGroupType.MEDIUM, new ArrayList<>());
         put(RiskScoreTestingEndpoints.RiskScoreGroupType.HIGH, new ArrayList<>());
+        put(RiskScoreTestingEndpoints.RiskScoreGroupType.CRITICAL, new ArrayList<>());
     }}; 
 
     private static final ExecutorService executorService = Executors.newFixedThreadPool(1);

apps/dashboard/src/main/java/com/akto/utils/Utils.java

@@ -554,6 +554,10 @@ public static BasicDBObject extractJsonResponse(String message, boolean isReques
     public static float calculateRiskValueForSeverity(String severity){
         float riskScore = 0 ;
         switch (severity) {
+            case "CRITICAL":
+                riskScore += 300;
+                break;
+
             case "HIGH":
                 riskScore += 100;
                 break;

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/dashboard/HomeDashboard.jsx

@@ -145,6 +145,12 @@ function HomeDashboard() {
      )
 
     const riskScoreRanges = [
+        {
+            text: "Critical risk",
+            range: '5-6',
+            status: "very critical",
+            apiCollectionId: 111_111_151
+        },
         {
             text: "High risk",
             range: '4-5',

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/issues/IssuesPage/IssuesPage.jsx

@@ -94,6 +94,7 @@ let filtersOptions = [
         label: 'Severity',
         title: 'Severity',
         choices: [
+            { label: "Critical", value: "CRITICAL"},
             { label: "High", value: "HIGH" }, 
             { label: "Medium", value: "MEDIUM" },
             { label: "Low", value: "LOW" }

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/observe/transform.js

@@ -348,6 +348,7 @@ const transform = {
 
     getColor(key){
         switch(key.toUpperCase()){
+            case "CRITICAL" : return "very critical";
             case "HIGH" : return "critical";
             case "MEDIUM": return "attention";
             case "LOW": return "info";

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/onboarding/components/ResultsSummary.jsx

@@ -12,7 +12,7 @@ import LocalStore from '../../../../main/LocalStorageStore'
 
 function ResultsSummary() {
 
-    const severities = ['High' , 'Medium', 'Low']
+    const severities = ['Critical' ,'High' , 'Medium', 'Low']
 
     const selectedTestSuite = OnboardingStore(state => state.selectedTestSuite)
     const authObj = OnboardingStore(state => state.authObject)
@@ -27,6 +27,7 @@ function ResultsSummary() {
     const [fetchTests, setFetchTests] = useState(false)
     const [activeTab, setActiveTab] = useState("High")
     const [countIssues, setCountIssues] = useState({
+        "CRITICAL": 0,
         "HIGH": 0,
         "MEDIUM": 0,
         "LOW": 0,

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/onboarding/transform.js

@@ -20,6 +20,7 @@ const onFunc = {
             return groupedResults
         }
         return {
+            "Critical": [],
             "High": [],
             "Medium":[],
             "Low": [],

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/SampleApi.jsx

@@ -188,6 +188,7 @@ const SampleApi = () => {
                 let status = func.getRunResultSeverity(testResult.testingRunResult, testResult.subCategoryMap)
                 status = status.toUpperCase();
                 switch(status){
+                    case "CRITICAL" : return "bg-critical";
                     case "HIGH" : return "bg-critical";
                     case "MEDIUM": return "bg-caution";
                     case "LOW": return "bg-info";

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/ExportHtml/ExportHtml.jsx

@@ -16,13 +16,14 @@ function ExportHtml() {
 
     const [vulnerableResultsMap, setVulnerableResultsMap] = useState([]);
     const [dataToCurlObj, setDataToCurlObj] = useState({});
-    const [severitiesCount, setSeveritiesCount] = useState({ HIGH: 0, MEDIUM: 0, LOW: 0 });
+    const [severitiesCount, setSeveritiesCount] = useState({ CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0 });
     const collectionsMap = PersistStore(state => state.collectionsMap)
 
     const subCategoryMap = LocalStore(state => state.subCategoryMap)
 
     const createVulnerabilityMap = (testingRunResults) => {
         let categoryVsVulMap = {}
+        let critical = 0
         let high = 0
         let medium = 0
         let low = 0
@@ -35,6 +36,10 @@ function ExportHtml() {
             let severity = subCategory?.superCategory?.severity?._name
             let severityIndex = 0;
             switch (severity) {
+                case 'CRITICAL':
+                    ++critical
+                    severityIndex = 3
+                    break;                
                 case 'HIGH':
                     ++high
                     severityIndex = 2
@@ -64,7 +69,7 @@ function ExportHtml() {
             vulnerabilities['severityIndex'] = severityIndex
             categoryVsVulMap[subtype] = vulnerabilities
         })
-        setSeveritiesCount({ HIGH: high, MEDIUM: medium, LOW: low });
+        setSeveritiesCount({ CRITICAL: critical, HIGH: high, MEDIUM: medium, LOW: low });
         let localCopy = vulnerableResultsMap
         Object.keys(categoryVsVulMap).forEach((category) => {
             let obj = categoryVsVulMap[category]

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/SingleTestRunPage/TrendChart.jsx

@@ -72,6 +72,11 @@ function TrendChart(props) {
         })
 
         return [
+            {
+                data: retH,
+                color: "var(--p-color-bg-critical-strong)",
+                name: "CRITICAL"
+            },
             {
                 data: retH,
                 color: "var(--p-color-bg-critical-strong)",
@@ -145,8 +150,8 @@ function TrendChart(props) {
 
             let count = 0
             testingRunResultSummaries.forEach((ele)=>{
-                let obj = (ele?.countIssues && Object.keys(ele.countIssues).length > 0) ? ele.countIssues : {HIGH: 0, MEDIUM: 0, LOW: 0}
-                count += (obj.HIGH + obj.MEDIUM + obj.LOW)
+                let obj = (ele?.countIssues && Object.keys(ele.countIssues).length > 0) ? ele.countIssues : { CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0}
+                count += (obj.CRITICAL, obj.HIGH + obj.MEDIUM + obj.LOW)
             })
 
             setTotalVulnerabilites(count)

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/TestRunsPage/TestRunsPage.js

@@ -86,6 +86,7 @@ let filters = [
     label: 'Severity',
     title: 'Severity',
     choices: [
+      { label: "Critical", value: "CRITICAL"},
       { label: "High", value: "HIGH" }, 
       { label: "Medium", value: "MEDIUM" },
       { label: "Low", value: "LOW" }
@@ -132,6 +133,7 @@ const [countMap, setCountMap] = useState({});
 const [selected, setSelected] = useState(1);
 
 const [severityCountMap, setSeverityCountMap] = useState({
+  CRITICAL: {text : 0, color: func.getColorForCharts("CRITICAL")},
   HIGH: {text : 0, color: func.getColorForCharts("HIGH")},
   MEDIUM: {text : 0, color: func.getColorForCharts("MEDIUM")},
   LOW: {text : 0, color: func.getColorForCharts("LOW")},
@@ -271,7 +273,7 @@ function processData(testingRuns, latestTestingRunResultSummaries, cicd){
 
 const iconSource = collapsible ? ChevronUpMinor : ChevronDownMinor
 const SummaryCardComponent = () =>{
-  let totalVulnerabilities = severityCountMap?.HIGH?.text + severityCountMap?.MEDIUM?.text +  severityCountMap?.LOW?.text 
+  let totalVulnerabilities = severityCountMap?.CRITICAL?.text + severityCountMap?.HIGH?.text + severityCountMap?.MEDIUM?.text +  severityCountMap?.LOW?.text 
   return(
     <LegacyCard>
       <LegacyCard.Section title={<Text fontWeight="regular" variant="bodySm" color="subdued">Vulnerabilities</Text>}>

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/transform.js

@@ -92,15 +92,15 @@ function getTotalSeverity(countIssues) {
   if (countIssues == null) {
     return 0;
   }
-  ts = MAX_SEVERITY_THRESHOLD * (countIssues['High'] * MAX_SEVERITY_THRESHOLD + countIssues['Medium']) + countIssues['Low']
+  ts = MAX_SEVERITY_THRESHOLD * (countIssues['Critical'] * MAX_SEVERITY_THRESHOLD + countIssues['High'] * MAX_SEVERITY_THRESHOLD + countIssues['Medium']) + countIssues['Low']
   return ts;
 }
 
 function getTotalSeverityTestRunResult(severity) {
   if (severity == null || severity.length == 0) {
     return 0;
   }
-  let ts = MAX_SEVERITY_THRESHOLD * ((severity[0].includes("High")) * MAX_SEVERITY_THRESHOLD + (severity[0].includes('Medium'))) + (severity[0].includes('Low'))
+  let ts = MAX_SEVERITY_THRESHOLD * ((severity[0].includes("Critical")) * MAX_SEVERITY_THRESHOLD + (severity[0].includes("High")) * MAX_SEVERITY_THRESHOLD + (severity[0].includes('Medium'))) + (severity[0].includes('Low'))
   return ts;
 }
 
@@ -214,6 +214,7 @@ const transform = {
     },
     prepareCountIssues : (data) => {
       let obj={
+        'Critical': data['CRITICAL'] || 0,
         'High': data['HIGH'] || 0,
         'Medium': data['MEDIUM'] || 0,
         'Low': data['LOW'] || 0
@@ -299,7 +300,7 @@ const transform = {
         const prettifiedTest={
           ...obj,
           testName: transform.prettifyTestName(data.name || "Test", iconObj.icon,iconObj.color, iconObj.tooltipContent),
-          severity: observeFunc.getIssuesList(transform.filterObjectByValueGreaterThanZero(testingRunResultSummary.countIssues || {"HIGH" : 0, "MEDIUM": 0, "LOW": 0}))
+          severity: observeFunc.getIssuesList(transform.filterObjectByValueGreaterThanZero(testingRunResultSummary.countIssues || { "CRITICAL": 0, "HIGH" : 0, "MEDIUM": 0, "LOW": 0}))
         }
         return prettifiedTest
       }else{
@@ -615,7 +616,7 @@ const transform = {
       const date = new Date(obj.startTimestamp * 1000)
       return{
         ...obj,
-        prettifiedSeverities: observeFunc.getIssuesList(obj.countIssues || {"HIGH" : 0, "MEDIUM": 0, "LOW": 0}),
+        prettifiedSeverities: observeFunc.getIssuesList(obj.countIssues || {"CRITICAL": 0, "HIGH" : 0, "MEDIUM": 0, "LOW": 0}),
         startTime: date.toLocaleTimeString() + " on " +  date.toLocaleDateString(),
         id: obj.hexId
       }
@@ -673,6 +674,7 @@ getInfoSectionsHeaders(){
 convertSubIntoSubcategory(resp){
   let obj = {}
   let countObj = {
+    CRITICAL: 0,
     HIGH: 0,
     MEDIUM: 0,
     LOW: 0,

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/vulnerability_report/VulnerabilityReport.jsx

@@ -24,7 +24,7 @@ function VulnerabilityReport() {
     const [loading, setLoading] = useState(true)
     const [pdfDownloadEnabled, setPdfDownloadEnabled] = useState(false)
 
-    const [severitiesCount, setSeveritiesCount] = useState({ HIGH: 0, MEDIUM: 0, LOW: 0 });
+    const [severitiesCount, setSeveritiesCount] = useState({ CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0 });
     const [categoryVsIssuesMap, setCategoryVsIssuesMap] = useState({})
     const [categoryVsApisCountMap, setCategoryVsApisCountMap] = useState({})
     const [aktoFindingsTableData, setAktoFindingsTableData] = useState([])
@@ -42,6 +42,7 @@ function VulnerabilityReport() {
         let issueVsVulMap = {}
         let aktoFindingsTableData = []
         let aktoRecommendationsData = []
+        let critical = 0
         let high = 0
         let medium = 0
         let low = 0
@@ -55,6 +56,10 @@ function VulnerabilityReport() {
             let severity = testInfo?.superCategory?.severity?._name
             let severityIndex = 0;
             switch (severity) {
+                case 'CRITICAL':
+                    ++critical
+                    severityIndex = 3
+                    break;
                 case 'HIGH':
                     ++high
                     severityIndex = 2
@@ -84,7 +89,7 @@ function VulnerabilityReport() {
             vulnerabilities['severityIndex'] = severityIndex
             issueVsVulMap[testSubtype] = vulnerabilities
         })
-        setSeveritiesCount({ HIGH: high, MEDIUM: medium, LOW: low });
+        setSeveritiesCount({ CRITICAL: critical, HIGH: high, MEDIUM: medium, LOW: low });
 
         for (const [testSubType, issue] of Object.entries(issueVsVulMap)) {
             const categoryName = issue.superCategory.name
@@ -387,7 +392,12 @@ function VulnerabilityReport() {
             title: "Severity",
             data: (
                 <Box>
-                    <HorizontalGrid columns={3} gap={1}>
+                    <HorizontalGrid columns={4} gap={1}>
+                        <Box key="critical" borderInlineEndWidth={1} paddingBlockStart={1} paddingBlockEnd={1} borderColor="border-subdued">
+                            <div style={{ color: "#D72C0D" }}>
+                                <Text variant="headingLg">{severitiesCount?.CRITICAL} Critical</Text>
+                            </div>
+                        </Box>
                         <Box key="high" borderInlineEndWidth={1} paddingBlockStart={1} paddingBlockEnd={1} borderColor="border-subdued">
                             <div style={{ color: "#D72C0D" }}>
                                 <Text variant="headingLg">{severitiesCount?.HIGH} High</Text>

apps/dashboard/web/polaris_web/web/src/util/func.js

@@ -1190,6 +1190,8 @@ mapCollectionIdToHostName(apiCollections){
   },
   getHexColorForSeverity(key){
     switch(key){
+      case "CRITICAL":
+        return "#D72C0D"
       case "HIGH":
         return "#D72C0D"
       case "MEDIUM":
@@ -1204,6 +1206,8 @@ mapCollectionIdToHostName(apiCollections){
 
   getColorForCharts(key){
     switch(key){
+      case "CRITICAL":
+        return tokens.color["color-icon-critical"]
       case "HIGH":
         return tokens.color["color-icon-critical"]
       case "MEDIUM":

apps/dashboard/web/src/apps/dashboard/views/issues/components/IssueBox.vue

@@ -143,6 +143,8 @@ export default {
         },
         getSeverityColor(severity) {
             switch (severity) {
+                case "CRITICAL":
+                    return "var(--hexColor4)";
                 case "HIGH":
                     return "var(--hexColor3)";
                 case "MEDIUM":
@@ -264,6 +266,9 @@ export default {
     border: 1px solid var(--hexColor21);
     border-radius: 6px;
 }
+.severity-critical {
+    border-left: 6px solid var(--hexColor3);
+}
 
 .severity-high {
     border-left: 6px solid var(--hexColor3);

apps/dashboard/web/src/apps/dashboard/views/testing/components/PDFExportHTML.vue

@@ -10,6 +10,10 @@
                     <th>Severity</th>
                     <th>Vulnerable APIs </th>
                 </tr>
+                <tr class="data-row">
+                    <td>Critical</td>
+                    <td>{{ critical }}</td>
+                </tr>
                 <tr class="data-row">
                     <td>High</td>
                     <td>{{ high }}</td>

apps/dashboard/web/src/util/func.js

@@ -837,6 +837,10 @@ export default {
         } else {
             let a = testSubType.superCategory["severity"]["_name"]
             switch(a){
+
+                case "CRITICAL":
+                    return {title: a, value: 4}
+
                 case "HIGH": 
                     return {title: a, value: 3}
 

apps/testing/src/main/java/com/akto/testing/Main.java

@@ -621,6 +621,7 @@ private static void raiseMixpanelEvent(ObjectId summaryId, TestingRun testingRun
 
         SlackAlerts apiTestStatusAlert = new APITestStatusAlert(
                 testingRun.getName(),
+                severityCount.getOrDefault(GlobalEnums.Severity.CRITICAL.name(), 0),
                 severityCount.getOrDefault(GlobalEnums.Severity.HIGH.name(), 0),
                 severityCount.getOrDefault(GlobalEnums.Severity.MEDIUM.name(), 0),
                 severityCount.getOrDefault(GlobalEnums.Severity.LOW.name(), 0),

apps/testing/src/main/java/com/akto/testing/TestExecutor.java

@@ -112,6 +112,7 @@ public void workflowInit (TestingRun testingRun, ObjectId summaryId, boolean deb
         }
 
         Map<String, Integer> totalCountIssues = new HashMap<>();
+        totalCountIssues.put("CRITICAL", 0);
         totalCountIssues.put("HIGH", 0);
         totalCountIssues.put("MEDIUM", 0);
         totalCountIssues.put("LOW", 0);

apps/testing/src/main/java/com/akto/testing_issues/TestingIssuesHandler.java

@@ -159,6 +159,7 @@ private void insertVulnerableTestsIntoIssuesCollection(List<WriteModel<TestingRu
             TestingRunResultSummariesDao.instance.updateOneNoUpsert(
                 Filters.eq("_id", summaryId),
                 Updates.combine(
+                    Updates.inc("countIssues.CRITICAL", countIssuesMap.get("CRITICAL")),
                     Updates.inc("countIssues.HIGH", countIssuesMap.get("HIGH")),
                     Updates.inc("countIssues.MEDIUM", countIssuesMap.get("MEDIUM")),
                     Updates.inc("countIssues.LOW", countIssuesMap.get("LOW"))