akto-api-security
diff --git a/‎apps/dashboard/src/main/java/com/akto/action/testing/TestTemplatesAction.java
Lines changed: 53 additions & 0 deletions b/‎apps/dashboard/src/main/java/com/akto/action/testing/TestTemplatesAction.java
Lines changed: 53 additions & 0 deletions
diff --git a/‎apps/dashboard/src/main/java/com/akto/action/testing_issues/IssuesAction.java
Lines changed: 9 additions & 1 deletion b/‎apps/dashboard/src/main/java/com/akto/action/testing_issues/IssuesAction.java
Lines changed: 9 additions & 1 deletion
diff --git a/‎apps/dashboard/src/main/java/com/akto/listener/InitializerListener.java
Lines changed: 89 additions & 0 deletions b/‎apps/dashboard/src/main/java/com/akto/listener/InitializerListener.java
Lines changed: 89 additions & 0 deletions
diff --git a/‎apps/dashboard/src/main/resources/struts.xml
Lines changed: 20 additions & 0 deletions b/‎apps/dashboard/src/main/resources/struts.xml
Lines changed: 20 additions & 0 deletions
@@ -0,0 +1,53 @@
+package com.akto.action.testing;
+
+import org.apache.commons.lang3.StringUtils;
+
+import com.akto.action.UserAction;
+import com.akto.dao.testing.RemediationsDao;
+import com.akto.dto.testing.Remediation;
+import com.akto.util.Constants;
+
+public class TestTemplatesAction extends UserAction {
+
+    public String execute(){
+        throw new IllegalStateException("Not implemented");
+    }
+
+    String testId;
+    String remediation;
+    public String fetchRemediationInfo() {
+
+        if (StringUtils.isEmpty(testId)) {
+            addActionError("testId is empty");
+            return ERROR.toUpperCase();
+        }
+
+        Remediation remediationObj = RemediationsDao.instance.findOne(Constants.ID, testId);
+
+        if (remediationObj == null) {
+            this.remediation = ""; 
+        } else {
+            this.remediation = remediationObj.getRemediationText();
+        }
+        
+        return SUCCESS.toUpperCase();
+    }
+
+    public String getTestId() {
+        return this.testId;
+    }
+
+    public void setTestId(String testId) {
+        this.testId = testId;
+    }
+
+    public String getRemediation() {
+        return this.remediation;
+    }
+
+    public void setRemediation(String remediation) {
+        this.remediation = remediation;
+    }
+    
+    
+}
@@ -43,6 +43,7 @@
 import com.mongodb.client.result.InsertOneResult;
 import com.opensymphony.xwork2.Action;
 
+import org.apache.commons.lang3.StringUtils;
 import org.bson.Document;
 import org.bson.conversions.Bson;
 import org.bson.types.ObjectId;
@@ -490,6 +491,14 @@ public static BasicDBObject createSubcategoriesInfoObj(TestConfig testConfig) {
         infoObj.put("_name", testConfig.getId());
         infoObj.put("content", testConfig.getContent());
         infoObj.put("templateSource", testConfig.getTemplateSource());
+
+        String remediationContent = info.getRemediation();
+
+        if (!StringUtils.isEmpty(remediationContent)) {
+            infoObj.put("remediation", remediationContent);
+        }
+        
+        
         infoObj.put("updatedTs", testConfig.getUpdateTs());
         infoObj.put("author", testConfig.getAuthor());
 
@@ -546,7 +555,6 @@ public String fetchAllSubCategories() {
         return SUCCESS.toUpperCase();
     }
 
-
     public String updateIssueStatus () {
         if (issueId == null || statusToBeUpdated == null || ignoreReason == null) {
             throw new IllegalStateException();
 
@@ -3168,6 +3168,13 @@ public void run() {
                     return;
                 }
 
+                try {
+                    processRemedationFilesZip(testingTemplates);
+                } catch (Exception e) {
+                    e.printStackTrace();
+                    loggerMaker.infoAndAddToDb("Unable to import remediations", LogDb.DASHBOARD);
+                }
+
                 Map<String, byte[]> allYamlTemplates = TestTemplateUtils.getZipFromMultipleRepoAndBranch(getAktoDefaultTestLibs());
                 AccountTask.instance.executeTask((account) -> {
                     try {
@@ -3200,6 +3207,88 @@ public void run() {
         }, 0, 4, TimeUnit.HOURS);
     }
 
+    public static void processRemedationFilesZip(byte[] zipFile) {
+        if (zipFile != null) {
+            try (ByteArrayInputStream inputStream = new ByteArrayInputStream(zipFile);
+                    ZipInputStream zipInputStream = new ZipInputStream(inputStream)) {
+
+                ZipEntry entry;
+                List<Remediation> remediations = RemediationsDao.instance.findAll(Filters.empty(), Projections.include(Remediation.TEST_ID, Remediation.HASH));
+                Map<String, List<Remediation>> mapRemediationIdToHash = remediations.stream().collect(Collectors.groupingBy(Remediation::getid));
+
+                int countUnchangedRemediations = 0;
+                int countTotalRemediations = 0;
+
+                while ((entry = zipInputStream.getNextEntry()) != null) {
+                    if (!entry.isDirectory()) {
+                        String entryName = entry.getName();
+
+                        boolean isRemediation = entryName.contains("remediation");
+                        if (!isRemediation) {
+                            loggerMaker.infoAndAddToDb(
+                                    String.format("%s not a remediation file, skipping", entryName),
+                                    LogDb.DASHBOARD);
+                            continue;
+                        }
+
+                        if (!entryName.endsWith(".md")) {
+                            loggerMaker.infoAndAddToDb(
+                                    String.format("%s not a md file, skipping", entryName),
+                                    LogDb.DASHBOARD);
+                            continue;
+                        }
+
+                        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+                        byte[] buffer = new byte[1024];
+                        int bytesRead;
+                        while ((bytesRead = zipInputStream.read(buffer)) != -1) {
+                            outputStream.write(buffer, 0, bytesRead);
+                        }
+
+                        String templateContent = new String(outputStream.toByteArray(), "UTF-8");
+
+                        List<Remediation> remediationsInDb = mapRemediationIdToHash.get(entryName);
+                        int remediationHashFromFile = templateContent.hashCode();
+
+                        countTotalRemediations++;
+                        if (remediationsInDb != null && remediationsInDb.size() >= 1) {
+                            int remediationHashInDb = remediationsInDb.get(0).getHash();
+
+                            if (remediationHashFromFile == remediationHashInDb) {
+                                countUnchangedRemediations++;
+                            } else {
+                                loggerMaker.infoAndAddToDb("Updating remediation content: " + entryName, LogDb.DASHBOARD);
+                                Bson updates = 
+                                    Updates.combine(
+                                        Updates.set(Remediation.REMEDIATION_TEXT, templateContent),
+                                        Updates.set(Remediation.HASH, remediationHashFromFile)
+                                    );
+                                        
+                                RemediationsDao.instance.updateOne(Remediation.TEST_ID, Remediation.REMEDIATION_TEXT, updates);
+                            }
+                        } else {
+                            loggerMaker.infoAndAddToDb("Inserting remediation content: " + entryName, LogDb.DASHBOARD);
+                            RemediationsDao.instance.insertOne(new Remediation(entryName, templateContent, remediationHashFromFile));
+                        }
+                    }
+
+                    zipInputStream.closeEntry();
+                }
+
+                if (countTotalRemediations != countUnchangedRemediations) {
+                    loggerMaker.infoAndAddToDb(countUnchangedRemediations + "/" + countTotalRemediations + "remediations unchanged", LogDb.DASHBOARD);
+                }
+        
+            } catch (Exception ex) {
+                cacheLoggerMaker.errorAndAddToDb(ex,
+                        String.format("Error while processing Test template files zip. Error %s", ex.getMessage()),
+                        LogDb.DASHBOARD);
+            }
+        } else {
+            loggerMaker.infoAndAddToDb("Received null zip file");
+        }        
+    }
+
     public static void processTemplateFilesZip(byte[] zipFile, String author, String source, String repositoryUrl) {
         if (zipFile != null) {
             try (ByteArrayInputStream inputStream = new ByteArrayInputStream(zipFile);
 
@@ -4026,6 +4026,26 @@
             </result>
         </action>
 
+        
+
+        <action name="api/fetchRemediationInfo" class="com.akto.action.testing.TestTemplatesAction" method="fetchRemediationInfo">
+            <interceptor-ref name="json"/>
+            <interceptor-ref name="defaultStack" />
+            <result name="FORBIDDEN" type="json">
+                <param name="statusCode">403</param>
+                <param name="ignoreHierarchy">false</param>
+                <param name="includeProperties">^actionErrors.*</param>
+            </result>
+            <result name="SUCCESS" type="json">
+                <param name="root">remediation</param>
+            </result>
+            <result name="ERROR" type="json">
+                <param name="statusCode">422</param>
+                <param name="ignoreHierarchy">false</param>
+                <param name="includeProperties">^actionErrors.*</param>
+            </result>
+        </action>
+
         <action name="api/getReportFilters" class="com.akto.action.testing_issues.IssuesAction" method="getReportFilters">
             <interceptor-ref name="json"/>
             <interceptor-ref name="defaultStack" />