akto icon indicating copy to clipboard operation
akto copied to clipboard

Published 20 hours ago verified publisher icon akto-api-security

⚡️ Support file upload while uploading a template

Open ayushaga14 opened this issue 1 year ago • 2 comments

💭 Introduction Akto supports addition of new tests via templates. Users can go to Testing Library section in Akto dashboard, and click on Add Test button for adding new test. Currently user has to specify github url for the nuclei template. A sample template for Path Traversal test - https://github.com/akto-api-security/tests-library/blob/master/BOLA/path_traversal/path_traversal_PayloadsAllTheThings.yaml This task involves adding support for adding tests via file upload, where user would now have an option to either specify a github url, or specify a template file. Note that for tests added using file upload, we should not show "Contribute In Github" Subtext

🎯 Requirements Vue.js Java

✅ Task summary:

  • [ ] Ask to be assigned to the issue.
  • [ ] Wait to be assigned. We will try to assign in less than 2 hours.
  • [ ] Make UI changes on add test dialog box, where user can toggle whether he wants to specify Github url or upload file.
  • [ ] Write a basic template validator which will validate test files being uploaded.
  • [ ] Save the nuclei template file inside mongo db. Currently we save only Github url of the template, which is used for fetching nuclei template later. You'll have to make changes in MarketPlaceAction.java. Check addCustomTest method for existing implementation.
  • [ ] While running tests, your code should check if the template is uploaded via file, or is hosted on Github, and fetch template accordingly.
  • [ ] Submit a pull request here.

✌🏻 Hints Check addCustomTest method inside MarketPlaceAction.java. It currently saves Github url and other details in mongo collection. Here before saving you would have to add a validator method, which for now will just validate whether necessary fields and details are present in the template file. For modifications in the testing part, you can check runNucleiTests, which has one of the input param's (FuzzingTest) which contains template url. 🙋🏼‍♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.

ayushaga14 avatar Mar 06 '23 20:03 ayushaga14

Hi @Ankita28g , I am interested in this issue, may I get assigned?

DiySane avatar Oct 14 '23 22:10 DiySane

Hey @Anikita28g, I can solve this issue and would love to work on it. Worked with Vue before and using SpringBoot now so have the necessary requisites.

atharvamalji avatar Oct 21 '23 19:10 atharvamalji