Merge pull request #3710 from akto-api-security/feature/show_md_reports

Fixing full report

Author: Ark2307

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/vulnerability_report/Category.jsx

@@ -2,7 +2,7 @@ import { Badge, Box, HorizontalStack, Text, VerticalStack } from "@shopify/polar
 import func from "@/util/func"
 import Issue from "./Issue"
 
-function Category({ index, issue, subCategoryMap }) {
+function Category({ index, issue, subCategoryMap, viewMode = 'syntax' }) {
     const severity = func.getRunResultSeverity(issue.vulnerableTestingRunResults[0], subCategoryMap)
     return (
         <Box id={issue.testName}>
@@ -32,7 +32,7 @@ function Category({ index, issue, subCategoryMap }) {
 
                 {   
                     issue.vulnerableTestingRunResults.map((vulnerableTestingRunResult, index) => {
-                        return ( <Issue testResults={issue.testResults} vulnerableApi={vulnerableTestingRunResult} cwes={(issue?.cwe || [])}  compliance={issue?.compliance} references={(issue?.references || [])} /> )
+                        return ( <Issue testResults={issue.testResults} vulnerableApi={vulnerableTestingRunResult} cwes={(issue?.cwe || [])}  compliance={issue?.compliance} references={(issue?.references || [])} viewMode={viewMode} /> )
                     })
                 }
 

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/vulnerability_report/HttpRequestResponseViewer.jsx

@@ -1,11 +1,12 @@
-import React from 'react'
 import { Prism as SyntaxHighlighter } from 'react-syntax-highlighter';
 import { Box, LegacyCard, Text, VerticalStack } from '@shopify/polaris';
 import { coy } from 'react-syntax-highlighter/dist/esm/styles/prism';
 import func from '@/util/func';
 import transform from '../../../components/shared/customDiffEditor';
+import { MarkdownRenderer, markdownStyles } from '@/apps/dashboard/components/shared/MarkdownComponents';
 
-const HttpRequestResponseViewer = ({ data }) => {
+const HttpRequestResponseViewer = ({ data, viewMode = 'syntax' }) => {
+  
   const requestJsonObj = func.requestJson(data, [])
   const responseJsonObj = func.responseJson(data, [])
 
@@ -17,34 +18,56 @@ const HttpRequestResponseViewer = ({ data }) => {
   const truncateContent = (content) => {
     return content.length > MAX_CHARACTERS ? content.slice(0, MAX_CHARACTERS) + '...\n' : content
   }
-  
-  return (
-    <VerticalStack gap={3}>
-        <Box>
-            <LegacyCard>
-                <Box padding={3} borderRadius='2'>
-                    <Text>Request</Text>
-                    <Box style={{maxHeight: '4000px', overflowY: 'hidden'}} overflowY='hidden'>
-                      <SyntaxHighlighter lineProps={{style: {whiteSpace: 'pre-wrap', wordBreak: 'break-all', display: 'block'}}} wrapLongLines={true} showLineNumbers={true} language="http" style={coy}>
-                          {truncateContent(formattedRequest)}
-                      </SyntaxHighlighter>
-                    </Box>
-                </Box>
-            </LegacyCard>
-        </Box>
 
+  const formatAsMarkdownCodeBlock = (content) => {
+    return `\`\`\`http\n${truncateContent(content)}\n\`\`\``
+  }
+
+  const renderContent = (content, title) => {
+    if (viewMode === 'markdown') {
+      return (
         <Box>
-            <LegacyCard>
-                <Box padding={3} borderRadius='2'>
-                    <Text>Response</Text>
-                    <Box style={{maxHeight: '4000px', overflowY: 'hidden'}} overflowY='hidden'>
-                      <SyntaxHighlighter lineProps={{style: {whiteSpace: 'pre-wrap', wordBreak: 'break-all', display: 'block'}}} wrapLongLines={true} showLineNumbers={true} language="http" style={coy}>
-                          {truncateContent(formattedResponse)}
-                      </SyntaxHighlighter>
-                    </Box>
-                </Box>
-            </LegacyCard>
+          <LegacyCard>
+            <Box padding={3} borderRadius='2'>
+              <Text>{title}</Text>
+              <Box style={{maxHeight: '4000px', overflowY: 'auto'}}>
+                <div className="markdown-content">
+                  <MarkdownRenderer>
+                    {formatAsMarkdownCodeBlock(content)}
+                  </MarkdownRenderer>
+                </div>
+              </Box>
+            </Box>
+          </LegacyCard>
         </Box>
+      )
+    }
+
+    return (
+      <Box>
+        <LegacyCard>
+          <Box padding={3} borderRadius='2'>
+            <Text>{title}</Text>
+            <Box style={{maxHeight: '4000px', overflowY: 'hidden'}} overflowY='hidden'>
+              <SyntaxHighlighter lineProps={{style: {whiteSpace: 'pre-wrap', wordBreak: 'break-all', display: 'block'}}} wrapLongLines={true} showLineNumbers={true} language="http" style={coy}>
+                {truncateContent(content)}
+              </SyntaxHighlighter>
+            </Box>
+          </Box>
+        </LegacyCard>
+      </Box>
+    )
+  }
+  
+  return (
+    <VerticalStack gap={3}>
+      {renderContent(formattedRequest, 'Request')}
+      {renderContent(formattedResponse, 'Response')}
+      {viewMode === 'markdown' && (
+        <style jsx>{`
+          ${markdownStyles}
+        `}</style>
+      )}
     </VerticalStack>
   )
 }

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/vulnerability_report/Issue.jsx

@@ -6,7 +6,7 @@ import HttpRequestResponseViewer from './HttpRequestResponseViewer'
 import func from '@/util/func'
 import transform from './transform';
 
-const Issue = ({ vulnerableApi, references, cwes, compliance }) => {
+const Issue = ({ vulnerableApi, references, cwes, compliance, viewMode = 'syntax' }) => {
     const [vulnerableApisState, setVulnerableApisState] = useState([])
     const [vulnerableResultSampleData, setVulnerableResultSampleData] = useState({})
 
@@ -69,10 +69,6 @@ const Issue = ({ vulnerableApi, references, cwes, compliance }) => {
         setParsedSampleDataMessage(tmpParsedSampleDataMessage)
     }, [vulnerableResultSampleData])
 
-    const sampleDataEditorComp = parsedSampleDataMessage == null ? (<></>) : (
-        <HttpRequestResponseViewer data={parsedSampleDataMessage} />
-    )
-
     return (
         <>
             <Box id='affected-api-table-container'>
@@ -95,7 +91,7 @@ const Issue = ({ vulnerableApi, references, cwes, compliance }) => {
                 <VerticalStack gap={1}>
                     <Text variant="headingSm">Evidence</Text>
                     <VerticalStack gap={2}>
-                        <HttpRequestResponseViewer data={parsedSampleDataMessage} />
+                        <HttpRequestResponseViewer data={parsedSampleDataMessage} viewMode={viewMode} />
                     </VerticalStack>
                 </VerticalStack>
             }

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/vulnerability_report/ReportFindings.jsx

@@ -50,6 +50,7 @@ const ReportFindings = ({ aktoFindingsTableData, categoryVsIssuesMap, organizati
     ])
 
     let issueNo = 0
+    const [totalIssues, setTotalIssues] = useState(0)
 
     useEffect(() => {
         const mediaQueryList = window.matchMedia('print')
@@ -81,6 +82,18 @@ const ReportFindings = ({ aktoFindingsTableData, categoryVsIssuesMap, organizati
         return () => mediaQueryList.removeEventListener('change', handlePrint)
     }, [])
 
+    const setCountApis = (aktoFindingsTableData) => {
+        let countApis = 0
+        aktoFindingsTableData.forEach(item => {
+            countApis += item.apisAffected
+        })
+        setTotalIssues(countApis)
+    }
+
+    useEffect(() => {
+        setCountApis(aktoFindingsTableData)
+    }, [aktoFindingsTableData])
+
 
     return (
         <Box id="findings-table" paddingBlockStart={6} paddingBlockEnd={6} paddingInlineStart={5} paddingInlineEnd={5}>
@@ -115,6 +128,7 @@ const ReportFindings = ({ aktoFindingsTableData, categoryVsIssuesMap, organizati
                                                 index={issueNo++}
                                                 issue={issue}
                                                 subCategoryMap={subCategoryMap}
+                                                viewMode={totalIssues > 100 ? 'markdown' : 'syntax'}
                                             />
                                             {index !== Object.keys(categoryVsIssuesMap).length - 1 || issueIndex !== issuesArr.length - 1 ? <Box paddingBlockStart={4} paddingBlockEnd={4}><Divider /></Box> : null}
                                         </Box>

apps/dashboard/web/polaris_web/web/src/apps/dashboard/pages/testing/vulnerability_report/VulnerabilityReport.jsx

@@ -26,7 +26,6 @@ const VulnerabilityReport = () => {
     const [categoryVsApisCountMap, setCategoryVsApisCountMap] = useState({})
     const [aktoFindingsTableData, setAktoFindingsTableData] = useState([])
     const [ aktoRecommendations, setAktoRecommendations ] = useState([])
-    const [graphData, setGraphData] = useState([])
     const [totalIssues, setTotalIssues] = useState(0)
     const [severityMap, setSeverityMap] = useState({})
     const [scanTime, setScanTime] = useState('')
@@ -36,8 +35,6 @@ const VulnerabilityReport = () => {
     const [topCategoriesChartData, setTopCategoriesChartData] = useState({})
     const [hostNameVsSeverityMap, setHostNameVsSeverityMap] = useState({})
 
-    const issuesLimit = 200
-
     const pdfRef = useRef()
     const params = useParams()
     const reportId = params.reportId
@@ -148,11 +145,6 @@ const VulnerabilityReport = () => {
                     testingRunCountsFromDB = resp.testingRunResults.length
                 })
                 resultsCount += 50
-                if(vulnerableTestingRunResults.length >= issuesLimit) {
-                    func.setToast(true, false, "Displaying the vulnerability report with only first " + issuesLimit + " issues. Apply filters to view more or export specific issues.")
-                    break
-                }
-
                 if (testingRunCountsFromDB < 50) {
                     //EOF: break as no further documents exists
                     break
@@ -186,23 +178,12 @@ const VulnerabilityReport = () => {
                     //sampleDataVsCurlMap = { ...sampleDataVsCurlMap, ...resp.sampleDataVsCurlMap }
                 })
                 resultsCount += 50
-                if(vulnerableTestingRunResults.length >= issuesLimit) {
-                    func.setToast(true, false, "Displaying the vulnerability report with only first " + issuesLimit + " issues. Apply filters to view more or export specific issues.")
-                    break
-                }
                 if (testingRunCountsFromDB < 50 || resultsCount >= 1000) {
                     //EOF: break as no further documents exists
                     break
                 }
             }
         }
-
-        if(vulnerableTestingRunResults.length > issuesLimit) {
-            while(vulnerableTestingRunResults.length !== issuesLimit) {
-                vulnerableTestingRunResults.pop()
-            }
-        }
-
         const localCategoryMap = LocalStore.getState().categoryMap
         const localSubCategoryMap = LocalStore.getState().subCategoryMap
         let shouldFetchSubcategoriesAndCategories = false

apps/dashboard/web/polaris_web/web/src/util/func.js

@@ -1115,6 +1115,7 @@ mergeApiInfoAndApiCollection(listEndpoints, apiInfoList, idToName,apiInfoSeverit
             discoveredTimestamp = x.startTs
           }
           let description = apiInfoMap[key] ? apiInfoMap[key]['description'] : ""
+          let lastSeenTs = Math.max(apiInfoMap[key] ? apiInfoMap[key]["lastSeen"] : x.startTs, x.startTs)
           ret[key] = {
               id: x.method + "###" + x.url + "###" + x.apiCollectionId + "###" + Math.random(),
               shadow: x.shadow ? x.shadow : false,
@@ -1127,8 +1128,8 @@ mergeApiInfoAndApiCollection(listEndpoints, apiInfoList, idToName,apiInfoSeverit
               method: x.method,
               color: x.sensitive && x.sensitive.size > 0 ? "#f44336" : "#00bfa5",
               apiCollectionId: x.apiCollectionId,
-              last_seen: apiInfoMap[key] ? (this.prettifyEpoch(apiInfoMap[key]["lastSeen"])) : this.prettifyEpoch(x.startTs),
-              lastSeenTs: apiInfoMap[key] ? apiInfoMap[key]["lastSeen"] : x.startTs,
+              last_seen: this.prettifyEpoch(lastSeenTs),
+              lastSeenTs: lastSeenTs,
               detectedTs: discoveredTimestamp === 0 ? x.startTs : discoveredTimestamp,
               changesCount: x.changesCount,
               changes: x.changesCount && x.changesCount > 0 ? (x.changesCount +" new parameter"+(x.changesCount > 1? "s": "")) : 'No new changes',