Search in sources :

Example 1 with APIMThreatAnalyzer

use of org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer in project carbon-apimgt by wso2.

the class Analyze method execute.

@Override
public BValue[] execute(Context context) {
    String payloadType = getStringArgument(context, 0);
    String payload = getStringArgument(context, 1);
    String apiContext = getStringArgument(context, 2);
    String policyId = getStringArgument(context, 3);
    APIMThreatAnalyzer analyzer = AnalyzerHolder.getAnalyzer(payloadType, policyId);
    if (analyzer == null) {
        return getBValues(new BBoolean(false), new BString("Unknown Payload Type"));
    }
    boolean noThreatsDetected = true;
    String errMessage = null;
    try {
        analyzer.analyze(payload, apiContext);
    } catch (APIMThreatAnalyzerException e) {
        noThreatsDetected = false;
        errMessage = e.getMessage();
    }
    AnalyzerHolder.returnObject(analyzer);
    return getBValues(new BBoolean(noThreatsDetected), new BString(errMessage));
}
Also used : BString(org.ballerinalang.model.values.BString) BBoolean(org.ballerinalang.model.values.BBoolean) BString(org.ballerinalang.model.values.BString) APIMThreatAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer)

Example 2 with APIMThreatAnalyzer

use of org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer in project carbon-apimgt by wso2.

the class AnalyzerHolder method getAnalyzer.

/**
 * Borrows an object from pools (xml or json) for threat analysis
 *
 * @param contentType Content-Type of the payload
 * @param policyId ID of the API
 * @return Instance of APIMThreatAnalyzer based on content type
 */
public static APIMThreatAnalyzer getAnalyzer(String contentType, String policyId) {
    APIMThreatAnalyzer analyzer = null;
    if (T_TEXT_XML.equalsIgnoreCase(contentType) || T_APPLICATION_XML.equalsIgnoreCase(contentType)) {
        try {
            analyzer = xmlAnalyzerAnalyzerPool.borrowObject();
            // configure per api
            XMLConfig xmlConfig = ConfigurationHolder.getXmlConfig(policyId);
            if (xmlConfig == null) {
                xmlConfig = ConfigurationHolder.getXmlConfig("GLOBAL-XML");
            }
            if (xmlConfig == null) {
                return null;
            }
            analyzer.configure(xmlConfig);
        } catch (Exception e) {
            logger.error("Threat Protection: Failed to create XMLAnalyzer, " + e.getMessage());
        }
    } else if (T_TEXT_JSON.equalsIgnoreCase(contentType) || T_APPLICATION_JSON.equalsIgnoreCase(contentType)) {
        try {
            analyzer = jsonAnalyzerAnalyzerPool.borrowObject();
            // configure per api
            JSONConfig jsonConfig = ConfigurationHolder.getJsonConfig(policyId);
            if (jsonConfig == null) {
                jsonConfig = ConfigurationHolder.getJsonConfig("GLOBAL-JSON");
            }
            if (jsonConfig == null) {
                return null;
            }
            analyzer.configure(jsonConfig);
        } catch (Exception e) {
            logger.error("Threat Protection: Failed to create JSONAnalyzer, " + e.getMessage());
        }
    }
    return analyzer;
}
Also used : XMLConfig(org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.XMLConfig) JSONConfig(org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig) APIMThreatAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer)

Aggregations

APIMThreatAnalyzer (org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer)2 BBoolean (org.ballerinalang.model.values.BBoolean)1 BString (org.ballerinalang.model.values.BString)1 JSONConfig (org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig)1 XMLConfig (org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.XMLConfig)1