Merge pull request akto-api-security#1385 from akto-api-security/hotf…

…ix/dep_analyser_index_out_of_bounds fixed index out of bounds error for dep analyser
TangoBeee · Aug 21, 2024 · 233df68 · 233df68
2 parents ecc21d9 + 7922bfb
commit 233df68
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 22 deletions.
diff --git a/apps/api-runtime/src/main/java/com/akto/dependency/DependencyAnalyser.java b/apps/api-runtime/src/main/java/com/akto/dependency/DependencyAnalyser.java
@@ -148,18 +148,20 @@ public void analyse(String message, int finalApiCollectionId) {
  if (APICatalog.isTemplateUrl(url)) {
  String ogUrl = urlStatic.getUrl();
  String[] ogUrlSplit = ogUrl.split("/");
- URLTemplate urlTemplate = APICatalogSync.createUrlTemplate(url, URLMethods.Method.fromString(method));
- for (int i = 0; i < urlTemplate.getTypes().length; i++) {
- SingleTypeInfo.SuperType superType = urlTemplate.getTypes()[i];
- if (superType == null) continue;
- int idx = ogUrl.startsWith("http") ? i:i+1;
- Object s = ogUrlSplit[idx]; // because ogUrl=/api/books/123 while template url=api/books/INTEGER
- if (superType.equals(SingleTypeInfo.SuperType.INTEGER)) {
- s = Integer.parseInt(ogUrlSplit[idx]);
+ if (ogUrlSplit.length > 0) {
+ URLTemplate urlTemplate = APICatalogSync.createUrlTemplate(url, URLMethods.Method.fromString(method));
+ for (int i = 0; i < urlTemplate.getTypes().length; i++) {
+ SingleTypeInfo.SuperType superType = urlTemplate.getTypes()[i];
+ if (superType == null) continue;
+ int idx = ogUrl.startsWith("http") ? i:i+1;
+ Object s = ogUrlSplit[idx]; // because ogUrl=/api/books/123 while template url=api/books/INTEGER
+ if (superType.equals(SingleTypeInfo.SuperType.INTEGER)) {
+ s = Integer.parseInt(ogUrlSplit[idx]);
+ }
+ Set<Object> val = new HashSet<>();
+ val.add(s);
+ processRequestParam(i+"", val, combinedUrl, true, false, isHar);
  }
- Set<Object> val = new HashSet<>();
- val.add(s);
- processRequestParam(i+"", val, combinedUrl, true, false, isHar);
  }
  }
 

diff --git a/apps/mini-runtime/src/main/java/com/akto/hybrid_dependency/DependencyAnalyser.java b/apps/mini-runtime/src/main/java/com/akto/hybrid_dependency/DependencyAnalyser.java
@@ -147,18 +147,20 @@ public void analyse(String message, int finalApiCollectionId) {
  if (APICatalog.isTemplateUrl(url)) {
  String ogUrl = urlStatic.getUrl();
  String[] ogUrlSplit = ogUrl.split("/");
- URLTemplate urlTemplate = APICatalogSync.createUrlTemplate(url, URLMethods.Method.fromString(method));
- for (int i = 0; i < urlTemplate.getTypes().length; i++) {
- SingleTypeInfo.SuperType superType = urlTemplate.getTypes()[i];
- if (superType == null) continue;
- int idx = ogUrl.startsWith("http") ? i:i+1;
- Object s = ogUrlSplit[idx]; // because ogUrl=/api/books/123 while template url=api/books/INTEGER
- if (superType.equals(SingleTypeInfo.SuperType.INTEGER)) {
- s = Integer.parseInt(ogUrlSplit[idx]);
+ if (ogUrlSplit.length > 0) {
+ URLTemplate urlTemplate = APICatalogSync.createUrlTemplate(url, URLMethods.Method.fromString(method));
+ for (int i = 0; i < urlTemplate.getTypes().length; i++) {
+ SingleTypeInfo.SuperType superType = urlTemplate.getTypes()[i];
+ if (superType == null) continue;
+ int idx = ogUrl.startsWith("http") ? i:i+1;
+ Object s = ogUrlSplit[idx]; // because ogUrl=/api/books/123 while template url=api/books/INTEGER
+ if (superType.equals(SingleTypeInfo.SuperType.INTEGER)) {
+ s = Integer.parseInt(ogUrlSplit[idx]);
+ }
+ Set<Object> val = new HashSet<>();
+ val.add(s);
+ processRequestParam(i+"", val, combinedUrl, true, false);
  }
- Set<Object> val = new HashSet<>();
- val.add(s);
- processRequestParam(i+"", val, combinedUrl, true, false);
  }
  }