akto-api-security · TangoBeeAkto · Dec 11, 2024 · Dec 12, 2024
diff --git a/apps/dashboard/src/main/java/com/akto/action/TrafficAction.java b/apps/dashboard/src/main/java/com/akto/action/TrafficAction.java
@@ -67,6 +67,31 @@ public String fetchSampleData() {
         return Action.SUCCESS.toUpperCase();
     }
 
+    public String fetchSampleDataForTestEditor() {
+        fetchSampleData();
+        if(sampleDataList == null || sampleDataList.isEmpty() || sampleDataList.get(0).getSamples().isEmpty()) {
+            sampleDataList = new ArrayList<>();
+            ApiCollection randomActiveCollection = ApiCollectionsDao.instance.findOne(Filters.and(
+                    Filters.eq(ApiCollection._DEACTIVATED, false),
+                    Filters.not(
+                            Filters.size(ApiCollection.URLS_STRING, 0)
+                    )
+            ));
+
+            if(randomActiveCollection == null) {
+                return Action.SUCCESS.toUpperCase();
+            }
+
+            int activeCollectionId = randomActiveCollection.getId();
+
+            sampleDataList = SampleDataDao.instance.findAll(Filters.and(
+                    Filters.in(SingleTypeInfo._COLLECTION_IDS, activeCollectionId),
+                    Filters.not(Filters.size(SampleData.SAMPLES, 0))
+            ));
+        }
+        return Action.SUCCESS.toUpperCase();
+    }
+
     public String fetchAllSampleData() {
         sampleDataList = SampleDataDao.instance.findAll(Filters.eq(Constants.ID + "." + ApiInfoKey.API_COLLECTION_ID, apiCollectionId), skip, limit == 0 ? 50 : limit, null);
         return Action.SUCCESS.toUpperCase();

diff --git a/apps/dashboard/src/main/resources/struts.xml b/apps/dashboard/src/main/resources/struts.xml
@@ -2400,7 +2400,7 @@
                  <param name="includeProperties">^actionErrors.*</param>
             </result>
         </action>
-        
+
         <action name="api/fetchSampleData" class="com.akto.action.TrafficAction" method="fetchSampleData">
             <interceptor-ref name="json"/>
             <interceptor-ref name="defaultStack" />
@@ -2424,6 +2424,29 @@
                  <param name="includeProperties">^actionErrors.*</param>
             </result>
         </action>
+        <action name="api/fetchSampleDataForTestEditor" class="com.akto.action.TrafficAction" method="fetchSampleDataForTestEditor">
+            <interceptor-ref name="json"/>
+            <interceptor-ref name="defaultStack" />
+            <interceptor-ref name="roleAccessInterceptor">
+                <param name="featureLabel">SAMPLE_DATA</param>
+                <param name="accessType">READ</param>
+            </interceptor-ref>
+            <result name="FORBIDDEN" type="json">
+                <param name="statusCode">403</param>
+                <param name="ignoreHierarchy">false</param>
+                <param name="includeProperties">^actionErrors.*</param>
+            </result>
+            <interceptor-ref name="collectionInterceptor"/>
+            <result name="SUCCESS"  type="json"/>
+            <result name="ERROR" type="httpheader">
+                <param name="status">401</param>
+            </result>
+            <result name="UNAUTHORIZED" type="json">
+                <param name="statusCode">403</param>
+                <param name="ignoreHierarchy">false</param>
+                <param name="includeProperties">^actionErrors.*</param>
+            </result>
+        </action>
 
         <action name="api/deleteCollection" class="com.akto.action.ApiCollectionsAction" method="deleteCollection">
            <interceptor-ref name="json"/>

diff --git a/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/api.js b/apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/api.js
@@ -12,6 +12,17 @@ const testEditorRequests = {
             }
         })
     },
+    fetchSampleDataForTestEditor(collectionId, apiEndpointUrl, apiEndpointMethod) {
+        return request({
+            url: '/api/fetchSampleDataForTestEditor',
+            method: 'post',
+            data: {
+                apiCollectionId: collectionId, 
+                url: apiEndpointUrl, 
+                method: apiEndpointMethod
+            }
+        })
+    },
 
     fetchVulnerableRequests(skip, limit) {
         return request({

diff --git a/...shboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/SampleApi.jsx b/...shboard/web/polaris_web/web/src/apps/dashboard/pages/test_editor/components/SampleApi.jsx
@@ -40,21 +40,15 @@ const SampleApi = () => {
     const selectedSampleApi = PersistStore(state => state.selectedSampleApi)
     const setSelectedSampleApi = PersistStore(state => state.setSelectedSampleApi)
 
+    const [isCustomAPI, setIsCustomAPI] = useState(Object.keys(selectedSampleApi)?.length > 0 || false)
+
     const tabs = [{ id: 'request', content: 'Request' }, { id: 'response', content: 'Response'}];
     const mapCollectionIdToName = func.mapCollectionIdToName(allCollections)
 
     useEffect(()=>{
         if(showEmptyLayout) return
         let testId = selectedTest.value
-        let sampleData = null
-        if(sampleDataList?.length > 0) {
-            sampleData = {
-                apiCollectionId: sampleDataList[0].id.apiCollectionId,
-                method: {_name: sampleDataList[0].id.method},
-                url: sampleDataList[0].id.url
-            }
-        }
-        let selectedUrl = sampleData ? sampleData : Object.keys(selectedSampleApi).length > 0 ? selectedSampleApi : vulnerableRequestsObj?.[testId]
+        let selectedUrl = Object.keys(selectedSampleApi).length > 0 ? selectedSampleApi : vulnerableRequestsObj?.[testId]
         setSelectedCollectionId(null)
         setCopyCollectionId(null)
         setTestResult(null)
@@ -123,8 +117,6 @@ const SampleApi = () => {
     useEffect(() => {
         if (selectedCollectionId && selectedApiEndpoint) {
             fetchSampleData(selectedCollectionId, func.toMethodUrlObject(selectedApiEndpoint).url, func.toMethodUrlObject(selectedApiEndpoint).method)
-        }else{
-            setEditorData({message: ''})
         }
         setTestResult(null)
     }, [selectedApiEndpoint])
@@ -162,6 +154,7 @@ const SampleApi = () => {
     })
 
     const fetchApiEndpoints = async (collectionId) => {
+        if(!collectionId) return
         const apiEndpointsResponse = await api.fetchCollectionWiseApiEndpoints(collectionId)
         if (apiEndpointsResponse) {
             setApiEndpoints(apiEndpointsResponse.listOfEndpointsInCollection)
@@ -179,7 +172,12 @@ const SampleApi = () => {
 
     const fetchSampleData = async (collectionId, apiEndpointUrl, apiEndpointMethod) => {
         setShowEmptyLayout(false)
-        const sampleDataResponse = await testEditorRequests.fetchSampleData(collectionId, apiEndpointUrl, apiEndpointMethod)
+        let sampleDataResponse
+        if(isCustomAPI) {
+            sampleDataResponse = await testEditorRequests.fetchSampleData(collectionId, apiEndpointUrl, apiEndpointMethod)
+        } else {
+            sampleDataResponse = await testEditorRequests.fetchSampleDataForTestEditor(collectionId, apiEndpointUrl, apiEndpointMethod)
+        }
         if (sampleDataResponse) {
             if (sampleDataResponse.sampleDataList.length > 0 && sampleDataResponse.sampleDataList[0].samples && sampleDataResponse.sampleDataList[0].samples.length > 0) {
                 const sampleDataJson = JSON.parse(sampleDataResponse.sampleDataList[0].samples[sampleDataResponse.sampleDataList[0].samples.length - 1])
@@ -206,6 +204,7 @@ const SampleApi = () => {
 
     const toggleSelectApiActive = () => setSelectApiActive(prev => !prev)
     const saveFunc = () =>{
+        setIsCustomAPI(true)
         setSelectedApiEndpoint(copySelectedApiEndpoint)
         const urlObj = func.toMethodUrlObject(copySelectedApiEndpoint)
         const sampleApi = {