Search in sources :

Example 1 with JSONConfig

use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.JSONConfig in project carbon-apimgt by wso2.

the class AnalyzerHolder method getAnalyzer.

/**
 * Borrows an object from pools (xml or json) for threat analysis
 *
 * @param contentType Content-Type of the payload
 * @param policyId ID of the API
 * @return Instance of APIMThreatAnalyzer based on content type
 */
public static APIMThreatAnalyzer getAnalyzer(String contentType, String policyId) {
    APIMThreatAnalyzer analyzer = null;
    if (T_TEXT_XML.equalsIgnoreCase(contentType) || T_APPLICATION_XML.equalsIgnoreCase(contentType)) {
        try {
            analyzer = xmlAnalyzerAnalyzerPool.borrowObject();
            // configure per api
            XMLConfig xmlConfig = ConfigurationHolder.getXmlConfig(policyId);
            if (xmlConfig == null) {
                xmlConfig = ConfigurationHolder.getXmlConfig("GLOBAL-XML");
            }
            if (xmlConfig == null) {
                return null;
            }
            analyzer.configure(xmlConfig);
        } catch (Exception e) {
            logger.error("Threat Protection: Failed to create XMLAnalyzer, " + e.getMessage());
        }
    } else if (T_TEXT_JSON.equalsIgnoreCase(contentType) || T_APPLICATION_JSON.equalsIgnoreCase(contentType)) {
        try {
            analyzer = jsonAnalyzerAnalyzerPool.borrowObject();
            // configure per api
            JSONConfig jsonConfig = ConfigurationHolder.getJsonConfig(policyId);
            if (jsonConfig == null) {
                jsonConfig = ConfigurationHolder.getJsonConfig("GLOBAL-JSON");
            }
            if (jsonConfig == null) {
                return null;
            }
            analyzer.configure(jsonConfig);
        } catch (Exception e) {
            logger.error("Threat Protection: Failed to create JSONAnalyzer, " + e.getMessage());
        }
    }
    return analyzer;
}
Also used : XMLConfig(org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.XMLConfig) JSONConfig(org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig) APIMThreatAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer)

Example 2 with JSONConfig

use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.JSONConfig in project carbon-apimgt by wso2.

the class JSONAnalyzerTestCase method testCheckMaxStringLengthFail.

@Test(expectedExceptions = APIMThreatAnalyzerException.class)
public void testCheckMaxStringLengthFail() throws Exception {
    JSONConfig config = Mockito.mock(JSONConfig.class);
    Mockito.when(config.getMaxStringLength()).thenReturn(10);
    JSONAnalyzer analyzer = new JSONAnalyzer();
    analyzer.configure(config);
    String jsonString = "{\"a\": \"abcdef123456\"}";
    analyzer.analyze(jsonString, "/foo2");
}
Also used : JSONAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.JSONAnalyzer) JSONConfig(org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig) Test(org.testng.annotations.Test)

Example 3 with JSONConfig

use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.JSONConfig in project carbon-apimgt by wso2.

the class JSONAnalyzerTestCase method testMaxFieldCountPass.

@Test
public void testMaxFieldCountPass() throws Exception {
    JSONConfig config = Mockito.mock(JSONConfig.class);
    Mockito.when(config.getMaxPropertyCount()).thenReturn(5);
    JSONAnalyzer analyzer = new JSONAnalyzer();
    analyzer.configure(config);
    String jsonString = "{\"a\": [1, 2, 3, 4, 5, 6], \"b\": 1, \"c\": 2, \"d\": 3, \"e\": 5}";
    analyzer.analyze(jsonString, "/foo");
}
Also used : JSONAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.JSONAnalyzer) JSONConfig(org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig) Test(org.testng.annotations.Test)

Example 4 with JSONConfig

use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.JSONConfig in project carbon-apimgt by wso2.

the class JSONAnalyzerTestCase method testMaxFieldCountFail.

@Test(expectedExceptions = APIMThreatAnalyzerException.class)
public void testMaxFieldCountFail() throws Exception {
    JSONConfig config = Mockito.mock(JSONConfig.class);
    Mockito.when(config.getMaxPropertyCount()).thenReturn(3);
    JSONAnalyzer analyzer = new JSONAnalyzer();
    analyzer.configure(config);
    String jsonString = "{\"a\": [1, 2, 3, 4, 5, 6], \"b\": 1, \"c\": 2, \"d\": 3, \"e\": 5}";
    analyzer.analyze(jsonString, "/foo");
}
Also used : JSONAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.JSONAnalyzer) JSONConfig(org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig) Test(org.testng.annotations.Test)

Example 5 with JSONConfig

use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.JSONConfig in project carbon-apimgt by wso2.

the class JSONAnalyzerTestCase method testMaxArrayElementCountPass.

@Test
public void testMaxArrayElementCountPass() throws Exception {
    JSONConfig config = Mockito.mock(JSONConfig.class);
    Mockito.when(config.getMaxArrayElementCount()).thenReturn(5);
    JSONAnalyzer analyzer = new JSONAnalyzer();
    analyzer.configure(config);
    String jsonString = "{\"a\": [1, 2, 3, 4, 5]}";
    analyzer.analyze(jsonString, "/foo");
}
Also used : JSONAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.JSONAnalyzer) JSONConfig(org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig) Test(org.testng.annotations.Test)

Aggregations

JSONConfig (org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig)15 Test (org.testng.annotations.Test)13 JSONAnalyzer (org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.JSONAnalyzer)12 JSONConfig (org.wso2.carbon.apimgt.gateway.threatprotection.configuration.JSONConfig)4 IOException (java.io.IOException)3 InputStream (java.io.InputStream)3 Gson (com.google.gson.Gson)2 JsonObject (com.google.gson.JsonObject)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 Connection (java.sql.Connection)2 PreparedStatement (java.sql.PreparedStatement)2 ResultSet (java.sql.ResultSet)2 SQLException (java.sql.SQLException)2 APIMThreatAnalyzer (org.wso2.carbon.apimgt.gateway.threatprotection.analyzer.APIMThreatAnalyzer)2 Environment (org.wso2.carbon.apimgt.impl.gatewayartifactsynchronizer.environmentspecificproperty.Environment)2 BufferedInputStream (java.io.BufferedInputStream)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 XMLStreamException (javax.xml.stream.XMLStreamException)1 BBoolean (org.ballerinalang.model.values.BBoolean)1