Merge pull request #1997 from akto-api-security/hotfix/change_param_n…

…ame_in_queries Adding query params support via payload keys in configs
akto-api-security · Jan 20, 2025 · 973720b · 973720b
2 parents a785baf + f461d8d
commit 973720b
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 0 deletions.
diff --git a/libs/utils/src/main/java/com/akto/testing/ApiExecutor.java b/libs/utils/src/main/java/com/akto/testing/ApiExecutor.java
@@ -412,6 +412,13 @@ private static void calculateFinalRequestFromAdvancedSettings(OriginalHttpReques
             payloadConditions.getOrDefault(TestEditorEnums.NonTerminalExecutorDataOperands.ADD_BODY_PARAM.name(), emptyList),
             payloadConditions.getOrDefault(TestEditorEnums.TerminalExecutorDataOperands.DELETE_BODY_PARAM.name(), emptyList)
         );
+
+        // modify query params as well from payload conditions only, not handling query conditions separately for now
+        Utils.modifyQueryOperations(originalHttpRequest, 
+            payloadConditions.getOrDefault(TestEditorEnums.NonTerminalExecutorDataOperands.MODIFY_BODY_PARAM.name(), emptyList), 
+            emptyList,
+            payloadConditions.getOrDefault(TestEditorEnums.TerminalExecutorDataOperands.DELETE_BODY_PARAM.name(), emptyList)
+        );
     }
 
     private static OriginalHttpResponse sendWithRequestBody(OriginalHttpRequest request, Request.Builder builder, boolean followRedirects, boolean debug, List<TestingRunResult.TestLog> testLogs, boolean skipSSRFCheck, String requestProtocol) throws Exception {

diff --git a/libs/utils/src/main/java/com/akto/testing/Utils.java b/libs/utils/src/main/java/com/akto/testing/Utils.java
@@ -432,6 +432,45 @@ public static void modifyHeaderOperations(OriginalHttpRequest httpRequest, List<
 
     }
 
+    public static void modifyQueryOperations(OriginalHttpRequest httpRequest, List<ConditionsType> modifyOperations, List<ConditionsType> addOperations, List<ConditionsType> deleteOperations){
+
+        // since this is being used with payload conditions, we are not supporting any add operations, operations are done only on existing query keys
+
+        String query = httpRequest.getQueryParams();
+        if(query == null || query.isEmpty()){
+            return ;
+        }
+
+        BasicDBObject queryParamObj = RequestTemplate.getQueryJSON(httpRequest.getUrl() + "?" + query);
+
+        if(!modifyOperations.isEmpty()){
+            for(ConditionsType condition : modifyOperations){
+                if(queryParamObj.containsKey(condition.getKey())){
+                    queryParamObj.put(condition.getKey(), condition.getValue());
+                }
+            }
+        }
+
+
+        if(!deleteOperations.isEmpty()){
+            for(ConditionsType condition : deleteOperations){
+                if(queryParamObj.containsKey(condition.getKey())){
+                    queryParamObj.remove(condition.getKey());
+                }
+            }
+        } 
+
+        String queryParams = "";
+        for (String key: queryParamObj.keySet()) {
+            queryParams +=  (key + "=" + queryParamObj.get(key) + "&");
+        }
+        if (queryParams.length() > 0) {
+            queryParams = queryParams.substring(0, queryParams.length() - 1);
+        }
+
+        httpRequest.setQueryParams(queryParams);
+    }
+
     public static Map<String, Integer> finalCountIssuesMap(ObjectId testingRunResultSummaryId){
         Map<String, Integer> countIssuesMap = new HashMap<>();
         countIssuesMap.put(Severity.HIGH.toString(), 0);