Merge pull request #2083 from akto-api-security/add_fill_custom_data_…

…logic add fill data type button
akto-api-security · Feb 11, 2025 · d4f934e · d4f934e
2 parents 72d580f + b7d4870
commit d4f934e
Show file tree

Hide file tree

Showing 5 changed files with 66 additions and 0 deletions.
diff --git a/apps/dashboard/src/main/java/com/akto/action/CustomDataTypeAction.java b/apps/dashboard/src/main/java/com/akto/action/CustomDataTypeAction.java
@@ -10,6 +10,7 @@
 import com.akto.dto.traffic.Key;
 import com.akto.dto.traffic.SampleData;
 import com.akto.dto.type.SingleTypeInfo;
+import com.akto.listener.InitializerListener;
 import com.akto.listener.RuntimeListener;
 import com.akto.log.LoggerMaker;
 import com.akto.log.LoggerMaker.LogDb;
@@ -124,6 +125,23 @@ public String fetchDataTypesForSettings() {
         return Action.SUCCESS.toUpperCase();
     }
 
+    public String fillSensitiveDataTypes() {
+        try {
+            InitializerListener.insertPiiSources();
+        } catch (Exception e) {
+            e.printStackTrace();
+            loggerMaker.errorAndAddToDb("error in insertPiiSources " + e.getMessage());
+        }
+        try {
+            InitializerListener.executePIISourceFetch();
+        } catch (Exception e) {
+            e.printStackTrace();
+            loggerMaker.errorAndAddToDb("error in executePIISourceFetch " + e.getMessage());
+        }
+
+        return Action.SUCCESS.toUpperCase();
+    }
+
     List<String> allDataTypes;
     public String fetchDataTypeNames() {
         this.allDataTypes = new ArrayList<>();

diff --git a/apps/dashboard/src/main/java/com/akto/listener/InitializerListener.java b/apps/dashboard/src/main/java/com/akto/listener/InitializerListener.java
@@ -554,6 +554,7 @@ private static String fetchPIIFile(PIISource piiSource){
             }
             return FileUtils.readFileToString(new File(fileUrl), StandardCharsets.UTF_8);
         } catch (Exception e){
+            e.printStackTrace();
             loggerMaker.errorAndAddToDb(e, String.format("failed to fetch PII file %s from github, trying locally", piiSource.getFileUrl()), LogDb.DASHBOARD);
             return loadPIIFileFromResources(piiSource.getFileUrl());
         }
@@ -562,8 +563,10 @@ private static String fetchPIIFile(PIISource piiSource){
     public static void executePIISourceFetch() {
         List<PIISource> piiSources = PIISourceDao.instance.findAll("active", true);
         Map<String, CustomDataType> customDataTypesMap = new HashMap<>();
+        loggerMaker.infoAndAddToDb("logging pii source size " + piiSources.size());
         for (PIISource piiSource : piiSources) {
             String id = piiSource.getId();
+            loggerMaker.infoAndAddToDb("pii source id " + id);
             Map<String, PIIType> currTypes = piiSource.getMapNameToPIIType();
             if (currTypes == null) {
                 currTypes = new HashMap<>();
@@ -584,6 +587,7 @@ public static void executePIISourceFetch() {
                     customDataTypesMap.put(customDataType.getName(), customDataType);
                 }
             }
+            loggerMaker.infoAndAddToDb("customDataTypesMap size " + customDataTypesMap.size());
 
             List<Bson> piiUpdates = new ArrayList<>();
 
@@ -615,6 +619,7 @@ public static void executePIISourceFetch() {
                 if (userHasChangedCondition || hasNotChangedCondition) {
                     continue;
                 } else {
+                    loggerMaker.infoAndAddToDb("found different " + piiType.getName());
                     Severity dtSeverity = null;
                     List<String> categoriesList = null;
                     categoriesList = (List<String>) dt.get(AktoDataType.TAGS_LIST);
@@ -644,8 +649,10 @@ public static void executePIISourceFetch() {
                     }
 
                     if (existingCDT == null) {
+                        loggerMaker.infoAndAddToDb("inserting different " + piiType.getName());
                         CustomDataTypeDao.instance.insertOne(newCDT);
                     } else {
+                        loggerMaker.infoAndAddToDb("updating different " + piiType.getName());
                         List<Bson> updates = getCustomDataTypeUpdates(existingCDT, newCDT);
                         if (!updates.isEmpty()) {
                             CustomDataTypeDao.instance.updateOne(

diff --git a/apps/dashboard/src/main/resources/struts.xml b/apps/dashboard/src/main/resources/struts.xml
@@ -2814,6 +2814,35 @@
             </result>
         </action>
 
+        <action name="api/fillSensitiveDataTypes" class="com.akto.action.CustomDataTypeAction" method="fillSensitiveDataTypes">
+            <interceptor-ref name="json"/>
+            <interceptor-ref name="defaultStack" />
+            <interceptor-ref name="roleAccessInterceptor">
+                <param name="featureLabel">SENSITIVE_DATA</param>
+                <param name="accessType">READ_WRITE</param>
+                <param name="actionDescription">User added/updated a sensitive data type</param>
+            </interceptor-ref>
+            <result name="FORBIDDEN" type="json">
+                <param name="statusCode">403</param>
+                <param name="ignoreHierarchy">false</param>
+                <param name="includeProperties">^actionErrors.*</param>
+            </result>
+            <interceptor-ref name="usageInterceptor">
+                <param name="featureLabel">CUSTOM_DATA_TYPES</param>
+            </interceptor-ref>
+            <result name="SUCCESS"  type="json"/>
+            <result name="ERROR" type="json">
+                <param name="statusCode">422</param>
+                <param name="ignoreHierarchy">false</param>
+                <param name="includeProperties">^actionErrors.*</param>
+            </result>
+            <result name="UNAUTHORIZED" type="json">
+                 <param name="statusCode">403</param>
+                 <param name="ignoreHierarchy">false</param>
+                 <param name="includeProperties">^actionErrors.*</param>
+            </result>
+        </action>
+
         <action name="api/fetchCountMapOfApis" class="com.akto.action.CustomDataTypeAction" method="getCountOfApiVsDataType">
             <interceptor-ref name="json"/>
             <interceptor-ref name="defaultStack" />

diff --git a/...eb/polaris_web/web/src/apps/dashboard/pages/observe/AllSensitiveData/AllSensitiveData.jsx b/...eb/polaris_web/web/src/apps/dashboard/pages/observe/AllSensitiveData/AllSensitiveData.jsx
@@ -309,10 +309,15 @@ function AllSensitiveData() {
         api.resetSampleData();
     }
 
+    function fillSensitiveDataTypes(){
+        api.fillSensitiveDataTypes();
+    }
+
     const secondaryActionsComp = (
         <HorizontalStack gap={"2"}>
             { (func.checkOnPrem() && window?.USER_NAME !== undefined && window.USER_NAME.includes("razorpay")) ? <Button onClick={resetSampleData}>Reset Sample Data</Button> : <></>}
             <Button onClick={displayGPT}>Ask AktoGPT</Button>
+            <Button onClick={fillSensitiveDataTypes}>Fill Data Types</Button>
         </HorizontalStack>
     )
 

diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/observe/api.js b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/observe/api.js
@@ -60,6 +60,13 @@ export default {
             data: {}
         })
     },
+    fillSensitiveDataTypes() {
+        return request({
+            url: '/api/fillSensitiveDataTypes',
+            method: 'post',
+            data: {}
+        })
+    },
     async fetchSampleData(url, apiCollectionId, method) {
         const resp = await request({
             url: '/api/fetchSampleData',