From 9655c6c4388e78e85ff28daa03fa60aade59acb4 Mon Sep 17 00:00:00 2001
From: Ankush Jain <91221068+ankush-jain-akto@users.noreply.github.com>
Date: Tue, 7 Mar 2023 12:41:46 +0530
Subject: [PATCH 1/4] Create fintech.json
---
pii-types/fintech.json | 5 +++++
1 file changed, 5 insertions(+)
create mode 100644 pii-types/fintech.json
diff --git a/pii-types/fintech.json b/pii-types/fintech.json
new file mode 100644
index 0000000000..1b4f88b8cc
--- /dev/null
+++ b/pii-types/fintech.json
@@ -0,0 +1,5 @@
+{
+ "types": [
+ {"name": "PAN CARD", "regexPattern" : "[A-Z]{5}[0-9]{4}[A-Z]{1}", "sensitive":false, "onKey": false, "active" : false}
+ ]
+}
From 3309ce3c1ccaf54df45c0a30fb0d5c5e7a968b8d Mon Sep 17 00:00:00 2001
From: Ankush Jain <91221068+ankush-jain-akto@users.noreply.github.com>
Date: Tue, 7 Mar 2023 13:30:21 +0530
Subject: [PATCH 2/4] Update README.md
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index b2157c2151..248f5db9c9 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,4 @@
+
# Akto.io API Security
# What is Akto?
From 6d29ba7443b7da470e40383a9af22c4b1d48cb0c Mon Sep 17 00:00:00 2001
From: Ankush Jain <91221068+ankush-jain-akto@users.noreply.github.com>
Date: Tue, 7 Mar 2023 13:52:03 +0530
Subject: [PATCH 3/4] Update README.md
---
README.md | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 248f5db9c9..0f841c43b9 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,28 @@
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Akto.io API Security
# What is Akto?
From 638fa027627565cb1b7f8ef4779b724499484828 Mon Sep 17 00:00:00 2001
From: Avneesh Hota
Date: Fri, 10 Mar 2023 14:41:25 +0530
Subject: [PATCH 4/4] added try catch in custom subtype and validate sub type
before saving
---
.../src/main/java/com/akto/runtime/APICatalogSync.java | 4 ++++
apps/api-runtime/src/main/java/com/akto/runtime/Main.java | 5 +++--
.../main/java/com/akto/runtime/policies/AktoPolicy.java | 1 -
.../main/java/com/akto/action/CustomDataTypeAction.java | 7 +++++++
libs/dao/src/main/java/com/akto/dto/CustomDataType.java | 8 ++++++++
5 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/apps/api-runtime/src/main/java/com/akto/runtime/APICatalogSync.java b/apps/api-runtime/src/main/java/com/akto/runtime/APICatalogSync.java
index 3a1e5319fd..c112d7303e 100644
--- a/apps/api-runtime/src/main/java/com/akto/runtime/APICatalogSync.java
+++ b/apps/api-runtime/src/main/java/com/akto/runtime/APICatalogSync.java
@@ -1114,6 +1114,7 @@ public static URLTemplate createUrlTemplate(String url, Method method) {
private int lastMergeAsyncOutsideTs = 0;
public void buildFromDB(boolean calcDiff, boolean fetchAllSTI) {
+ loggerMaker.infoAndAddToDb("Started building from dB", LogDb.RUNTIME);
if (mergeAsyncOutside) {
if (Context.now() - lastMergeAsyncOutsideTs > 600) {
this.lastMergeAsyncOutsideTs = Context.now();
@@ -1130,7 +1131,10 @@ public void buildFromDB(boolean calcDiff, boolean fetchAllSTI) {
try {
List allCollections = ApiCollectionsDao.instance.getMetaAll();
for(ApiCollection apiCollection: allCollections) {
+ int start = Context.now();
+ loggerMaker.infoAndAddToDb("Started merging API collection " + apiCollection.getId(), LogDb.RUNTIME);
mergeUrlsAndSave(apiCollection.getId());
+ loggerMaker.infoAndAddToDb("Finished merging API collection " + apiCollection.getId() + " in " + (Context.now() - start) + " seconds", LogDb.RUNTIME);
}
} catch (Exception e) {
;
diff --git a/apps/api-runtime/src/main/java/com/akto/runtime/Main.java b/apps/api-runtime/src/main/java/com/akto/runtime/Main.java
index 0cc12f1bd0..1002478b51 100644
--- a/apps/api-runtime/src/main/java/com/akto/runtime/Main.java
+++ b/apps/api-runtime/src/main/java/com/akto/runtime/Main.java
@@ -36,8 +36,8 @@ public class Main {
public static final String GROUP_NAME = "group_name";
public static final String VXLAN_ID = "vxlanId";
public static final String VPC_CIDR = "vpc_cidr";
- private static final Logger logger = LoggerFactory.getLogger(HttpCallParser.class);
- private static final LoggerMaker loggerMaker = new LoggerMaker(HttpCallParser.class);
+ private static final Logger logger = LoggerFactory.getLogger(Main.class);
+ private static final LoggerMaker loggerMaker = new LoggerMaker(Main.class);
// this sync threshold time is used for deleting sample data
public static final int sync_threshold_time = 120;
@@ -256,6 +256,7 @@ public void run() {
if ((Context.now() - accountInfo.lastEstimatedCountTime) > 60*60) {
accountInfo.lastEstimatedCountTime = Context.now();
accountInfo.estimatedCount = SingleTypeInfoDao.instance.getMCollection().estimatedDocumentCount();
+ loggerMaker.infoAndAddToDb("STI Estimated count: " + accountInfo.estimatedCount, LogDb.RUNTIME);
}
if (!isDashboardInstance && accountInfo.estimatedCount> 20_000_000) {
diff --git a/apps/api-runtime/src/main/java/com/akto/runtime/policies/AktoPolicy.java b/apps/api-runtime/src/main/java/com/akto/runtime/policies/AktoPolicy.java
index 8d98c9f42b..3c04a0264c 100644
--- a/apps/api-runtime/src/main/java/com/akto/runtime/policies/AktoPolicy.java
+++ b/apps/api-runtime/src/main/java/com/akto/runtime/policies/AktoPolicy.java
@@ -319,7 +319,6 @@ public static void main(String[] args) {
}
public void process(HttpResponseParams httpResponseParams) throws Exception {
- logger.info("processing....");
List customAuthTypes = SingleTypeInfo.activeCustomAuthTypes;
ApiInfo.ApiInfoKey apiInfoKey = ApiInfo.ApiInfoKey.generateFromHttpResponseParams(httpResponseParams);
PolicyCatalog policyCatalog = getApiInfoFromMap(apiInfoKey);
diff --git a/apps/dashboard/src/main/java/com/akto/action/CustomDataTypeAction.java b/apps/dashboard/src/main/java/com/akto/action/CustomDataTypeAction.java
index 8c0ba003be..abd191618d 100644
--- a/apps/dashboard/src/main/java/com/akto/action/CustomDataTypeAction.java
+++ b/apps/dashboard/src/main/java/com/akto/action/CustomDataTypeAction.java
@@ -136,6 +136,13 @@ public String execute() {
return ERROR.toUpperCase();
}
+ try {
+ customDataType.validateRaw("some_key", "some_value");
+ } catch (Exception e) {
+ addActionError("There is something wrong in the data type conditions");
+ return ERROR.toUpperCase();
+ }
+
if (this.createNew) {
CustomDataType customDataTypeFromDb = CustomDataTypeDao.instance.findOne(Filters.eq(CustomDataType.NAME, name));
if (customDataTypeFromDb != null) {
diff --git a/libs/dao/src/main/java/com/akto/dto/CustomDataType.java b/libs/dao/src/main/java/com/akto/dto/CustomDataType.java
index fd90e19802..739f0b1f70 100644
--- a/libs/dao/src/main/java/com/akto/dto/CustomDataType.java
+++ b/libs/dao/src/main/java/com/akto/dto/CustomDataType.java
@@ -55,6 +55,14 @@ public SingleTypeInfo.SubType toSubType() {
}
public boolean validate(Object value, Object key) {
+ try {
+ return this.validateRaw(value, key);
+ } catch (Exception e) {
+ return false;
+ }
+ }
+
+ public boolean validateRaw(Object value, Object key) throws Exception {
if (this.keyConditions == null && this.valueConditions==null) return false;
boolean keyResult = true;
if (this.keyConditions != null) {