Merge remote-tracking branch 'origin/master' into hotfix/showing_all_…

…issues_in_issuespage # Conflicts: # apps/dashboard/src/main/java/com/akto/action/DashboardAction.java # apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/issues/IssuesPage/CriticalFindingsGraph.jsx # apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/issues/IssuesPage/CriticalUnsecuredAPIsOverTimeGraph.jsx
akto-api-security · Feb 10, 2025 · 67e6233 · 67e6233
2 parents 258c3a4 + f7b6e0e
commit 67e6233
Show file tree

Hide file tree

Showing 83 changed files with 2,296 additions and 257 deletions.
diff --git a/apps/api-runtime/src/main/java/com/akto/runtime/APICatalogSync.java b/apps/api-runtime/src/main/java/com/akto/runtime/APICatalogSync.java
@@ -27,6 +27,7 @@
 import com.akto.dto.type.SingleTypeInfo.SuperType;
 import com.akto.dto.type.URLMethods.Method;
 import com.akto.dto.usage.MetricTypes;
+import com.akto.graphql.GraphQLUtils;
 import com.akto.log.LoggerMaker;
 import com.akto.log.LoggerMaker.LogDb;
 import com.akto.util.filter.DictionaryFilter;
@@ -739,6 +740,11 @@ public static URLTemplate tryParamteresingUrl(URLStatic newUrl){
         SuperType[] newTypes = new SuperType[tokens.length];
 
         int start = newUrl.getUrl().startsWith("http") ? 3 : 0;
+
+        if(HttpResponseParams.isGraphQLEndpoint(newUrl.getUrl())) {
+            return null; // Don't merge GraphQL endpoints
+        }
+
         for(int i = start; i < tokens.length; i ++) {
             String tempToken = tokens[i];
             if(DictionaryFilter.isEnglishWord(tempToken)) continue;
@@ -804,6 +810,11 @@ public static URLTemplate tryMergeUrls(URLStatic dbUrl, URLStatic newUrl) {
 
         SuperType[] newTypes = new SuperType[newTokens.length];
         int templatizedStrTokens = 0;
+
+        if(HttpResponseParams.isGraphQLEndpoint(dbUrl.getUrl()) || HttpResponseParams.isGraphQLEndpoint(newUrl.getUrl())) {
+            return null; // Don't merge GraphQL endpoints
+        }
+
         for(int i = 0; i < newTokens.length; i ++) {
             String tempToken = newTokens[i];
             String dbToken = dbTokens[i];

diff --git a/apps/dashboard/Dockerfile b/apps/dashboard/Dockerfile
@@ -1,10 +1,17 @@
 FROM jetty:9.4-jre8
 USER root
 RUN apt-get update -y
-RUN apt-get install -y --no-install-recommends libpcap-dev
+RUN apt-get install -y --no-install-recommends libpcap-dev procps
 ADD ./target/dashboard.war /var/lib/jetty/webapps/root.war
 RUN echo "--module=http-forwarded" > /var/lib/jetty/start.d/http-forwarded.ini
 RUN echo "jetty.httpConfig.sendServerVersion=false" > /var/lib/jetty/start.d/server.ini
 RUN echo "org.slf4j.simpleLogger.log.org.eclipse.jetty.annotations.AnnotationParser=ERROR" >> /var/lib/jetty/start.d/server.ini
-ENV JAVA_OPTIONS="-XX:+ExitOnOutOfMemoryError"
+
+COPY set_xmx.sh /var/lib/jetty/set_xmx.sh
+RUN chmod +x /var/lib/jetty/set_xmx.sh
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
 EXPOSE 8080
diff --git a/apps/dashboard/entrypoint.sh b/apps/dashboard/entrypoint.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Run the memory calculation script to set JAVA_OPTIONS
+source /var/lib/jetty/set_xmx.sh
+
+# Start Jetty normally
+exec /docker-entrypoint.sh "$@"
diff --git a/apps/dashboard/set_xmx.sh b/apps/dashboard/set_xmx.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+echo "Running memory detection script..."
+
+# 1. Detect and read cgroup memory limits
+if [ -f /sys/fs/cgroup/memory.max ]; then
+    # cgroup v2
+    MEM_LIMIT_BYTES=$(cat /sys/fs/cgroup/memory.max)
+elif [ -f /sys/fs/cgroup/memory/memory.limit_in_bytes ]; then
+    # cgroup v1
+    MEM_LIMIT_BYTES=$(cat /sys/fs/cgroup/memory/memory.limit_in_bytes)
+else
+    # Fallback to free -b (bytes) if cgroup file not found
+    echo "Neither cgroup v2 nor v1 memory file found, defaulting to free -m"
+    MEM_LIMIT_BYTES=$(free -b | awk '/Mem:/ {print $2}')
+fi
+
+# 2. Handle edge cases: "max" means no strict limit or a very large limit
+if [ "$MEM_LIMIT_BYTES" = "max" ]; then
+    echo "Cgroup memory limit set to 'max', defaulting to free memory"
+    MEM_LIMIT_BYTES=$(free -b | awk '/Mem:/ {print $2}')
+fi
+
+# 3. Convert the memory limit from bytes to MB (integer division)
+MEM_LIMIT_MB=$((MEM_LIMIT_BYTES / 1024 / 1024))
+echo "Detected container memory limit: ${MEM_LIMIT_MB} MB"
+
+# 4. Calculate 80% of that limit for Xmx
+XMX_MEM=$((MEM_LIMIT_MB * 80 / 100))
+echo "Calculated -Xmx value: ${XMX_MEM} MB"
+
+# Export JAVA_OPTIONS so Jetty picks it up
+export JAVA_OPTIONS="-XX:+ExitOnOutOfMemoryError -Xmx${XMX_MEM}m"
+
+# Log the final JAVA_OPTIONS value
+echo "JAVA_OPTIONS set to: $JAVA_OPTIONS"
diff --git a/apps/dashboard/src/main/java/com/akto/action/AccountAction.java b/apps/dashboard/src/main/java/com/akto/action/AccountAction.java
@@ -329,10 +329,9 @@ public void run() {
                 AccountSettingsDao.instance.updateOnboardingFlag(true);
                 InitializerListener.insertPiiSources();
 
-                if (DashboardMode.isMetered()) {
-                    AccountSettings accountSettings = AccountSettingsDao.instance.findOne(AccountSettingsDao.generateFilter());
-                    InitializerListener.insertAktoTestLibraries(accountSettings);
-                }
+                AccountSettings accountSettings = AccountSettingsDao.instance.findOne(AccountSettingsDao.generateFilter());
+                InitializerListener.insertStateInAccountSettings(accountSettings);
+
                 try {
                     InitializerListener.executePIISourceFetch();
                 } catch (Exception e) {

diff --git a/apps/dashboard/src/main/java/com/akto/action/CustomDataTypeAction.java b/apps/dashboard/src/main/java/com/akto/action/CustomDataTypeAction.java
@@ -600,6 +600,11 @@ public String resetDataTypeRetro() {
             Bson sort = Sorts.ascending("_id.apiCollectionId", "_id.url", "_id.method");    
             List<HttpResponseParams> responses = new ArrayList<>();
             this.customSubTypeMatches = new ArrayList<>();
+
+            SensitiveSampleDataDao.instance.getMCollection().deleteMany(Filters.eq("_id.subType", name));
+            SingleTypeInfoDao.instance.updateMany(Filters.eq(SingleTypeInfo.SUB_TYPE, name),
+                    Updates.set(SingleTypeInfo.SUB_TYPE, SingleTypeInfo.GENERIC.getName()));
+
             do {
                 sampleDataList = SampleDataDao.instance.findAll(Filters.empty(), skip, LIMIT, sort);
                 skip += LIMIT;

diff --git a/apps/dashboard/src/main/java/com/akto/action/DashboardAction.java b/apps/dashboard/src/main/java/com/akto/action/DashboardAction.java
@@ -28,6 +28,8 @@
 import com.mongodb.client.MongoCursor;
 import com.opensymphony.xwork2.Action;
 
+import static com.akto.dto.test_run_findings.TestingRunIssues.KEY_SEVERITY;
+
 public class DashboardAction extends UserAction {
 
     private int startTimeStamp;
@@ -100,6 +102,7 @@ public String fetchHistoricalData() {
     }
 
     private List<String> severityToFetch;
+    private final Map<String, Map<Integer, Integer>> severityWiseTrendData= new HashMap<>();
     private final Map<Integer, Integer> trendData = new HashMap<>();
     public String fetchCriticalIssuesTrend(){
         if(endTimeStamp == 0) endTimeStamp = Context.now();
@@ -112,10 +115,10 @@ public String fetchCriticalIssuesTrend(){
 //
 //        ApiCollection juiceshopCollection = ApiCollectionsDao.instance.findByName("juice_shop_demo");
 //        if (juiceshopCollection != null) demoCollections.add(juiceshopCollection.getId());
-        
+
         List<GlobalEnums.TestRunIssueStatus> allowedStatus = Arrays.asList(GlobalEnums.TestRunIssueStatus.OPEN);
         Bson issuesFilter = Filters.and(
-                Filters.in(TestingRunIssues.KEY_SEVERITY, severityToFetch),
+                Filters.in(KEY_SEVERITY, severityToFetch),
                 Filters.gte(TestingRunIssues.CREATION_TIME, startTimeStamp),
                 Filters.lte(TestingRunIssues.CREATION_TIME, endTimeStamp),
                 Filters.in(TestingRunIssues.TEST_RUN_ISSUES_STATUS, allowedStatus),
@@ -135,14 +138,23 @@ public String fetchCriticalIssuesTrend(){
             }
         } catch(Exception e){
         }
-        pipeline.add(Aggregates.project(Projections.computed(dayOfYearFloat, new BasicDBObject("$divide", new Object[]{"$" + TestingRunIssues.CREATION_TIME, 86400}))));
-
-        pipeline.add(Aggregates.project(Projections.computed(dayOfYear, new BasicDBObject("$floor", new Object[]{"$" + dayOfYearFloat}))));
+        pipeline.add(Aggregates.project(
+                Projections.fields(
+                        Projections.computed(dayOfYearFloat, new BasicDBObject("$divide", new Object[]{"$" + TestingRunIssues.CREATION_TIME, 86400})),
+                        Projections.include(KEY_SEVERITY)
+                )));
+
+        pipeline.add(Aggregates.project(
+                Projections.fields(
+                        Projections.computed(dayOfYear, new BasicDBObject("$floor", new Object[]{"$" + dayOfYearFloat})),
+                        Projections.include(KEY_SEVERITY)
+                )));
 
         BasicDBObject groupedId = new BasicDBObject(dayOfYear, "$"+dayOfYear)
                                                     .append("url", "$_id.apiInfoKey.url")
                                                     .append("method", "$_id.apiInfoKey.method")
-                                                    .append("apiCollectionId", "$_id.apiInfoKey.apiCollectionId");
+                                                    .append("apiCollectionId", "$_id.apiInfoKey.apiCollectionId")
+                                                    .append(KEY_SEVERITY, "$" + KEY_SEVERITY);
         pipeline.add(Aggregates.group(groupedId, Accumulators.sum("count", 1)));
 
         MongoCursor<BasicDBObject> issuesCursor = TestingRunIssuesDao.instance.getMCollection().aggregate(pipeline, BasicDBObject.class).cursor();
@@ -151,9 +163,13 @@ public String fetchCriticalIssuesTrend(){
             BasicDBObject basicDBObject = issuesCursor.next();
             int val = (int) basicDBObject.values().toArray()[1];
             BasicDBObject o = (BasicDBObject) basicDBObject.get("_id");
+            String severity = o.getString(KEY_SEVERITY, GlobalEnums.Severity.LOW.name());
+            Map<Integer, Integer> trendData = severityWiseTrendData.computeIfAbsent(severity, k -> new HashMap<>());
             int date = o.getInt(dayOfYear);
             int count = trendData.getOrDefault(date,0);
-            trendData.put(date, count+val);
+            trendData.put(date, count+1);
+            count = this.trendData.getOrDefault(date,0);
+            this.trendData.put(date, count+1);
         }
 
         return SUCCESS.toUpperCase();
@@ -379,4 +395,8 @@ public String getOrganization() {
     public void setOrganization(String organization) {
         this.organization = organization;
     }
+
+    public Map<String, Map<Integer, Integer>> getSeverityWiseTrendData() {
+        return severityWiseTrendData;
+    }
 }
diff --git a/apps/dashboard/src/main/java/com/akto/action/HomeAction.java b/apps/dashboard/src/main/java/com/akto/action/HomeAction.java
@@ -1,6 +1,8 @@
 package com.akto.action;
 
+import com.akto.dao.SSOConfigsDao;
 import com.akto.dao.UsersDao;
+import com.akto.dto.Config;
 import com.akto.dto.User;
 import com.akto.listener.InitializerListener;
 import com.akto.utils.*;
@@ -21,7 +23,6 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.nio.charset.StandardCharsets;
-import java.util.Base64;
 import java.util.Map;
 
 import static com.akto.action.SignupAction.*;
@@ -50,15 +51,26 @@ public String verifyEmail(){
     public String execute() {
 
         servletRequest.setAttribute("isSaas", InitializerListener.isSaas);
-        if (GithubLogin.getClientId() != null) {
-            servletRequest.setAttribute("githubClientId", new String(Base64.getEncoder().encode(GithubLogin.getClientId().getBytes())));
-        }
-        if (GithubLogin.getGithubUrl() != null) {
-            servletRequest.setAttribute("githubUrl", GithubLogin.getGithubUrl());
-        }
-        if(DashboardMode.isOnPremDeployment() && OktaLogin.getAuthorisationUrl() != null){
-            servletRequest.setAttribute("oktaAuthUrl", new String(Base64.getEncoder().encode(OktaLogin.getAuthorisationUrl().getBytes())));
+        if(DashboardMode.isOnPremDeployment()){
+            if (GithubLogin.getGithubUrl() != null) {
+                servletRequest.setAttribute("githubAuthUrl", GithubLogin.getGithubUrl() + "/login/oauth/authorize?client_id=" + GithubLogin.getClientId() + "&scope=user&state=1000000");
+                servletRequest.setAttribute("activeSso", Config.ConfigType.GITHUB);
+            }
+
+            if (OktaLogin.getAuthorisationUrl() != null) {
+                servletRequest.setAttribute("oktaAuthUrl", OktaLogin.getAuthorisationUrl());
+                servletRequest.setAttribute("activeSso", Config.ConfigType.OKTA);
+            }
+
+            if (SSOConfigsDao.getSAMLConfigByAccountId(1000000, Config.ConfigType.AZURE) != null) {
+                servletRequest.setAttribute("activeSso", Config.ConfigType.AZURE);
+            }
+
+            if (SSOConfigsDao.getSAMLConfigByAccountId(1000000, Config.ConfigType.GOOGLE_SAML) != null) {
+                servletRequest.setAttribute("activeSso", Config.ConfigType.GOOGLE_SAML);
+            }
         }
+
         if (InitializerListener.aktoVersion != null && InitializerListener.aktoVersion.contains("akto-release-version")) {
             servletRequest.setAttribute("AktoVersionGlobal", "");
         } else {

diff --git a/apps/dashboard/src/main/java/com/akto/action/ProfileAction.java b/apps/dashboard/src/main/java/com/akto/action/ProfileAction.java
@@ -135,9 +135,7 @@ public static void executeMeta1(Utility utility, User user, HttpServletRequest r
         } catch (Exception e) {
         }
 
-        if (DashboardMode.isMetered()) {
-            InitializerListener.insertAktoTestLibraries(accountSettings);
-        }
+        InitializerListener.insertStateInAccountSettings(accountSettings);
 
         Organization organization = OrganizationsDao.instance.findOne(
                 Filters.in(Organization.ACCOUNTS, sessionAccId)