Skip to content

Commit

Permalink
Merge pull request #1482 from akto-api-security/feature_redirect_vuln…
Browse files Browse the repository at this point in the history
…server_url

redirect to new url
  • Loading branch information
ayushaga14 authored Sep 12, 2024
2 parents 71b1843 + 0d628bc commit adb38da
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ public static void addSampleData() {
}

try {
String mockServiceUrl = "http://sampl-aktol-1exannwybqov-67928726.ap-south-1.elb.amazonaws.com";
String mockServiceUrl = "https://vulnerable-server.akto.io";
String data = convertStreamToString(InitializerListener.class.getResourceAsStream("/SampleApiData.json"));
JSONArray dataobject = new JSONArray(data);
for (Object obj: dataobject) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@
import com.akto.log.LoggerMaker.LogDb;
import com.akto.rules.TestPlugin;
import com.akto.test_editor.Utils;
import com.akto.testing.TestExecutor;
import com.akto.util.Constants;
import com.akto.util.modifier.JWTPayloadReplacer;
import com.fasterxml.jackson.databind.ObjectMapper;
Expand Down Expand Up @@ -165,6 +164,16 @@ public YamlTestResult execute(ExecutorNode node, RawApi rawApi, Map<String, Obje
}
try {
// follow redirects = true for now
String url = testReq.getRequest().getUrl();
if (url.contains("sampl-aktol-1exannwybqov-67928726")) {
try {
URI uri = new URI(url);
String newUrl = "https://vulnerable-server.akto.io" + uri.getPath();
testReq.getRequest().setUrl(newUrl);
} catch (Exception e) {
// TODO: handle exception
}
}
testResponse = ApiExecutor.sendRequest(testReq.getRequest(), followRedirect, testingRunConfig, debug, testLogs, Utils.SKIP_SSRF_CHECK);
requestSent = true;
ExecutionResult attempt = new ExecutionResult(singleReq.getSuccess(), singleReq.getErrMsg(), testReq.getRequest(), testResponse);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.akto.testing.workflow_node_executor;

import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
Expand Down Expand Up @@ -145,6 +146,16 @@ public NodeResult processNode(Node node, Map<String, Object> varMap, Boolean all
int tsAfterReq = 0;
try {
tsBeforeReq = Context.nowInMillis();
String url = testReq.getRequest().getUrl();
if (url.contains("sampl-aktol-1exannwybqov-67928726")) {
try {
URI uri = new URI(url);
String newUrl = "https://vulnerable-server.akto.io" + uri.getPath();
testReq.getRequest().setUrl(newUrl);
} catch (Exception e) {
// TODO: handle exception
}
}
testResponse = ApiExecutor.sendRequest(testReq.getRequest(), followRedirect, testingRunConfig, debug, testLogs, com.akto.test_editor.Utils.SKIP_SSRF_CHECK);
if (apiInfoKey != null && memory != null) {
memory.fillResponse(testReq.getRequest(), testResponse, apiInfoKey.getApiCollectionId(), apiInfoKey.getUrl(), apiInfoKey.getMethod().name());
Expand Down

0 comments on commit adb38da

Please sign in to comment.