Example 1 with APIMThreatAnalyzerException
use of org.wso2.carbon.apimgt.ballerina.threatprotection.APIMThreatAnalyzerException in project carbon-apimgt by wso2.
the class Analyze method execute.
@Override
public BValue[] execute(Context context) {
String payloadType = getStringArgument(context, 0);
String payload = getStringArgument(context, 1);
String apiContext = getStringArgument(context, 2);
String policyId = getStringArgument(context, 3);
APIMThreatAnalyzer analyzer = AnalyzerHolder.getAnalyzer(payloadType, policyId);
if (analyzer == null) {
return getBValues(new BBoolean(false), new BString("Unknown Payload Type"));
}
boolean noThreatsDetected = true;
String errMessage = null;
try {
analyzer.analyze(payload, apiContext);
} catch (APIMThreatAnalyzerException e) {
noThreatsDetected = false;
errMessage = e.getMessage();
}
AnalyzerHolder.returnObject(analyzer);
return getBValues(new BBoolean(noThreatsDetected), new BString(errMessage));
}
Also used :
BString(org.ballerinalang.model.values.BString)
BBoolean(org.ballerinalang.model.values.BBoolean)
BString(org.ballerinalang.model.values.BString)
APIMThreatAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer)
Example 2 with APIMThreatAnalyzerException
use of org.wso2.carbon.apimgt.ballerina.threatprotection.APIMThreatAnalyzerException in project carbon-apimgt by wso2.
the class JSONAnalyzer method analyze.
/**
* @param payload json payload
* @throws APIMThreatAnalyzerException if defined limits for json payload exceeds
*/
@Override
public void analyze(String payload, String apiContext) throws APIMThreatAnalyzerException {
try (JsonParser parser = factory.createParser(new StringReader(payload))) {
int currentDepth = 0;
int currentFieldCount = 0;
JsonToken token;
while ((token = parser.nextToken()) != null) {
switch(token) {
case START_OBJECT:
currentDepth += 1;
try {
analyzeDepth(maxJsonDepth, currentDepth, apiContext);
} catch (APIMThreatAnalyzerException e) {
throw e;
}
break;
case END_OBJECT:
currentDepth -= 1;
break;
case FIELD_NAME:
currentFieldCount += 1;
String name = parser.getCurrentName();
try {
analyzeField(name, maxFieldCount, currentFieldCount, maxFieldLength, apiContext);
} catch (APIMThreatAnalyzerException e) {
throw e;
}
break;
case VALUE_STRING:
String value = parser.getText();
try {
analyzeString(value, maxStringLength, apiContext);
} catch (APIMThreatAnalyzerException e) {
throw e;
}
break;
case START_ARRAY:
try {
analyzeArray(parser, maxArrayElementCount, maxStringLength, apiContext);
} catch (APIMThreatAnalyzerException e) {
throw e;
}
break;
}
}
} catch (JsonParseException e) {
logger.error(JSON_THREAT_PROTECTION_MSG_PREFIX + apiContext + " - Payload parsing failed", e);
throw new APIMThreatAnalyzerException(JSON_THREAT_PROTECTION_MSG_PREFIX + apiContext + " - Payload parsing failed", e);
} catch (IOException e) {
logger.error(JSON_THREAT_PROTECTION_MSG_PREFIX + apiContext + " - Payload build failed", e);
throw new APIMThreatAnalyzerException(JSON_THREAT_PROTECTION_MSG_PREFIX + apiContext + " - Payload build failed", e);
}
}
Also used :
StringReader(java.io.StringReader)
JsonToken(com.fasterxml.jackson.core.JsonToken)
IOException(java.io.IOException)
JsonParseException(com.fasterxml.jackson.core.JsonParseException)
APIMThreatAnalyzerException(org.wso2.carbon.apimgt.ballerina.threatprotection.APIMThreatAnalyzerException)
JsonParser(com.fasterxml.jackson.core.JsonParser)
Example 3 with APIMThreatAnalyzerException
use of org.wso2.carbon.apimgt.ballerina.threatprotection.APIMThreatAnalyzerException in project carbon-apimgt by wso2.
the class XMLAnalyzer method analyze.
/**
* @param payload xml payload
* @throws APIMThreatAnalyzerException
*/
@Override
public void analyze(String payload, String apiContext) throws APIMThreatAnalyzerException {
Reader reader = null;
XMLStreamReader xmlStreamReader = null;
try {
reader = new StringReader(payload);
xmlStreamReader = factory.createXMLStreamReader(reader);
while (xmlStreamReader.hasNext()) {
int xmlStreamEvent = xmlStreamReader.next();
// So, we are manually checking attribute length and count
if (xmlStreamEvent == XMLStreamReader.START_ELEMENT) {
int currentAttributeCount = xmlStreamReader.getAttributeCount();
if (currentAttributeCount > config.getMaxAttributeCount()) {
throw new APIMThreatAnalyzerException(XML_THREAT_PROTECTION_MSG_PREFIX + apiContext + " - XML Validation Failed: Maximum attribute limit reached.");
}
for (int i = 0; i < currentAttributeCount; i++) {
String attributeValue = xmlStreamReader.getAttributeValue(i);
if (attributeValue.length() > config.getMaxAttributeLength()) {
throw new APIMThreatAnalyzerException(XML_THREAT_PROTECTION_MSG_PREFIX + apiContext + " - XML Validation Failed: Maximum attribute length reached.");
}
}
}
}
} catch (XMLStreamException e) {
log.error(XML_THREAT_PROTECTION_MSG_PREFIX + apiContext + " - XML Validation Failed: " + e.getMessage(), e);
throw new APIMThreatAnalyzerException(XML_THREAT_PROTECTION_MSG_PREFIX + apiContext + " - XML Validation Failed: " + e.getMessage(), e);
} finally {
try {
if (xmlStreamReader != null) {
xmlStreamReader.close();
}
if (reader != null) {
reader.close();
}
} catch (XMLStreamException e) {
log.warn(XML_THREAT_PROTECTION_MSG_PREFIX + apiContext + " - Failed to close XMLEventReader", e);
} catch (IOException e) {
log.warn(XML_THREAT_PROTECTION_MSG_PREFIX + apiContext + " - Failed to close payload StringReader", e);
}
}
}
Also used :
XMLStreamReader(javax.xml.stream.XMLStreamReader)
XMLStreamException(javax.xml.stream.XMLStreamException)
StringReader(java.io.StringReader)
Reader(java.io.Reader)
StringReader(java.io.StringReader)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
IOException(java.io.IOException)
APIMThreatAnalyzerException(org.wso2.carbon.apimgt.ballerina.threatprotection.APIMThreatAnalyzerException)
Aggregations
IOException (java.io.IOException)2
StringReader (java.io.StringReader)2
APIMThreatAnalyzerException (org.wso2.carbon.apimgt.ballerina.threatprotection.APIMThreatAnalyzerException)2
JsonParseException (com.fasterxml.jackson.core.JsonParseException)1
JsonParser (com.fasterxml.jackson.core.JsonParser)1
JsonToken (com.fasterxml.jackson.core.JsonToken)1
Reader (java.io.Reader)1
XMLStreamException (javax.xml.stream.XMLStreamException)1
XMLStreamReader (javax.xml.stream.XMLStreamReader)1
BBoolean (org.ballerinalang.model.values.BBoolean)1
BString (org.ballerinalang.model.values.BString)1
APIMThreatAnalyzer (org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer)1
