use of org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer in project carbon-apimgt by wso2.
the class Analyze method execute.
@Override
public BValue[] execute(Context context) {
String payloadType = getStringArgument(context, 0);
String payload = getStringArgument(context, 1);
String apiContext = getStringArgument(context, 2);
String policyId = getStringArgument(context, 3);
APIMThreatAnalyzer analyzer = AnalyzerHolder.getAnalyzer(payloadType, policyId);
if (analyzer == null) {
return getBValues(new BBoolean(false), new BString("Unknown Payload Type"));
}
boolean noThreatsDetected = true;
String errMessage = null;
try {
analyzer.analyze(payload, apiContext);
} catch (APIMThreatAnalyzerException e) {
noThreatsDetected = false;
errMessage = e.getMessage();
}
AnalyzerHolder.returnObject(analyzer);
return getBValues(new BBoolean(noThreatsDetected), new BString(errMessage));
}
use of org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer in project carbon-apimgt by wso2.
the class AnalyzerHolder method getAnalyzer.
/**
* Borrows an object from pools (xml or json) for threat analysis
*
* @param contentType Content-Type of the payload
* @param policyId ID of the API
* @return Instance of APIMThreatAnalyzer based on content type
*/
public static APIMThreatAnalyzer getAnalyzer(String contentType, String policyId) {
APIMThreatAnalyzer analyzer = null;
if (T_TEXT_XML.equalsIgnoreCase(contentType) || T_APPLICATION_XML.equalsIgnoreCase(contentType)) {
try {
analyzer = xmlAnalyzerAnalyzerPool.borrowObject();
// configure per api
XMLConfig xmlConfig = ConfigurationHolder.getXmlConfig(policyId);
if (xmlConfig == null) {
xmlConfig = ConfigurationHolder.getXmlConfig("GLOBAL-XML");
}
if (xmlConfig == null) {
return null;
}
analyzer.configure(xmlConfig);
} catch (Exception e) {
logger.error("Threat Protection: Failed to create XMLAnalyzer, " + e.getMessage());
}
} else if (T_TEXT_JSON.equalsIgnoreCase(contentType) || T_APPLICATION_JSON.equalsIgnoreCase(contentType)) {
try {
analyzer = jsonAnalyzerAnalyzerPool.borrowObject();
// configure per api
JSONConfig jsonConfig = ConfigurationHolder.getJsonConfig(policyId);
if (jsonConfig == null) {
jsonConfig = ConfigurationHolder.getJsonConfig("GLOBAL-JSON");
}
if (jsonConfig == null) {
return null;
}
analyzer.configure(jsonConfig);
} catch (Exception e) {
logger.error("Threat Protection: Failed to create JSONAnalyzer, " + e.getMessage());
}
}
return analyzer;
}
Aggregations