feat: add n8n, langchain and copilot-studio connector functionality #3704
Conversation
![devsecopsbot[bot]](https://avatars.githubusercontent.com/in/963709?s=60&v=4){kind=small}
There was a problem hiding this comment.
🤖 AI Security analysis: "Security scan found no issues in the 4 changed files and no automated fixes. Continue manual review and runtime testing to catch logic, integration, or dependency risks not covered by static checks."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 0.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
There was a problem hiding this comment.
🤖 AI Security analysis: "Automated scanning reported no security findings for these changes. Residual risk remains because tools can miss logic errors, coverage gaps, or secrets; prioritize targeted manual review of security-critical areas and complementary dynamic and dependency scans in CI."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 10.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
There was a problem hiding this comment.
🤖 AI Security analysis: "Automated checks found no security issues in this change. Multiple files were modified, so tooling may miss context-dependent or subtle vulnerabilities; perform manual review and targeted testing before merging."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 0.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
There was a problem hiding this comment.
🤖 AI Security analysis: "Automated checks found no security issues in this change. Multiple files were modified, so tooling may miss context-dependent or subtle vulnerabilities; perform manual review and targeted testing before merging."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 0.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
There was a problem hiding this comment.
🤖 AI Security analysis: "Automated checks found no security issues in this change. Multiple files were modified, so tooling may miss context-dependent or subtle vulnerabilities; perform manual review and targeted testing before merging."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 0.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
There was a problem hiding this comment.
🤖 AI Security analysis: "Review found no security issues in the change. Residual risk remains from undetected vulnerabilities or dependency/configuration regressions; continue automated scanning and verify security-focused tests before merging."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 10.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
There was a problem hiding this comment.
🤖 AI Security analysis: "Automated security analysis found no issues in this code change; no vulnerabilities were flagged."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 5.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
There was a problem hiding this comment.
🤖 AI Security analysis: "Change set touches 14 files and automated analysis found no security issues. Absence of findings does not guarantee safety; logic flaws, dependency or configuration regressions and undetected vulnerabilities may remain."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 10.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
There was a problem hiding this comment.
🤖 AI Security analysis: "Automated analysis reported no findings, but the sizable change set increases risk of undetected vulnerabilities, misconfigurations, or logic regressions. Absence of flagged issues is not proof of safety; prioritize targeted review and testing of security-critical areas."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 0.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
abhijeet-akto
changed the title
There was a problem hiding this comment.
🤖 AI Security analysis: "Automated scan returned no findings, but absence of results doesn’t guarantee safety. Changes across many files can introduce logic errors, leaked secrets, or dependency issues that automated tools may miss. Conduct targeted verification before merging."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 5.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
There was a problem hiding this comment.
🤖 AI Security analysis: "Security scan of the recent change set reported no detected issues. However, absence of findings doesn't guarantee safety—changes across multiple files warrant targeted manual review of security-sensitive areas and running full automated scans prior to merge."
| Risk Level | AI Score |
|---|---|
| 🟢 NO RISK | 0.0/100 |
Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| — | — | No issues to display |
abhijeet-akto
changed the title
run-ai-agent-cron.sh
Outdated
| echo "Failed to build classpath!" | ||
| exit 1 | ||
| fi | ||
|
|
There was a problem hiding this comment.
see existing how existing crons are running.
InitializerListener...
we have 2 machines DashboardJobs where the Jobs are supposed to run.
If only DB access is needed then there is a machine called mergin-cyborg..there also you can run this.
There was a problem hiding this comment.
Updated the approach, followed Jobs implementation.
| // Getters and Setters | ||
| public String getAppInsightsAppId() { | ||
| return appInsightsAppId; | ||
| } |
There was a problem hiding this comment.
use lombok for getter setter
| loggerMaker.info("Data Ingestion Service URL: " + dataIngestionUrl, LogDb.DASHBOARD); | ||
|
|
||
| // Create the collection if it doesn't exist and set up indices | ||
| AIAgentConnectorInfoDao.instance.createIndicesIfAbsent(); |
There was a problem hiding this comment.
this should be in daoinit.createindices, remove from here
There was a problem hiding this comment.
This is not needed anymore.
| public String initiateLangchainImport() { | ||
| try { | ||
| loggerMaker.info("=== Langchain Import Request ===", LogDb.DASHBOARD); | ||
| loggerMaker.info("LangSmith URL: " + langsmithUrl, LogDb.DASHBOARD); |
| // Create AIAgentConnectorInfo object with default status CREATED and type LANGCHAIN | ||
| createdImportInfo = new AIAgentConnectorInfo( | ||
| AIAgentConnectorInfo.TYPE_LANGCHAIN, | ||
| config, |
There was a problem hiding this comment.
too much repetitive code, create a factory/strategy abstract class ?
…torSyncJobExecutor.java Co-authored-by: devsecopsbot[bot] <177726887+devsecopsbot[bot]@users.noreply.github.com>
…torSyncJobExecutor.java Co-authored-by: devsecopsbot[bot] <177726887+devsecopsbot[bot]@users.noreply.github.com>
…torSyncJobExecutor.java Co-authored-by: devsecopsbot[bot] <177726887+devsecopsbot[bot]@users.noreply.github.com>
…torSyncJobExecutor.java Co-authored-by: devsecopsbot[bot] <177726887+devsecopsbot[bot]@users.noreply.github.com>
…torSyncJobExecutor.java Co-authored-by: devsecopsbot[bot] <177726887+devsecopsbot[bot]@users.noreply.github.com>
…torSyncJobExecutor.java Co-authored-by: devsecopsbot[bot] <177726887+devsecopsbot[bot]@users.noreply.github.com>
…torSyncJobExecutor.java Co-authored-by: devsecopsbot[bot] <177726887+devsecopsbot[bot]@users.noreply.github.com>
…torSyncJobExecutor.java Co-authored-by: devsecopsbot[bot] <177726887+devsecopsbot[bot]@users.noreply.github.com>
…torSyncJobExecutor.java Co-authored-by: devsecopsbot[bot] <177726887+devsecopsbot[bot]@users.noreply.github.com>
…torSyncJobExecutor.java Co-authored-by: devsecopsbot[bot] <177726887+devsecopsbot[bot]@users.noreply.github.com>
…torSyncJobExecutor.java Co-authored-by: devsecopsbot[bot] <177726887+devsecopsbot[bot]@users.noreply.github.com>
…on-support fix: security valunerability
There was a problem hiding this comment.
🤖 AI Security analysis: "Code change introduces a critical OS command injection in AIAgentConnectorSyncJobExecutor and numerous medium-severity third-party vulnerabilities and license concerns in libs/utils (notably Jackson CVEs). This elevates risk of remote code execution, data disclosure, and supply-chain/license compliance issues."
| Risk Level | AI Score |
|---|---|
| 🟠 HIGH | 78.0/100 |
Top 11 security issues / 187 total (Critical: 1, High: 0, Medium: 186, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
 OS Command Injection |
libs/utils/src/main/java/com/akto/jobs/executors/AIAgentConnectorSyncJobExecutor.java:156 |
Use a hardcoded set of arguments that are to be passed to OS commands. If filenames are b… |
 CVE-2018-11307: jackson-databind: Potential information exfiltration with defau… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2018-14718: jackson-databind: arbitrary code execution in slf4j-ext class |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2018-14719: jackson-databind: arbitrary code execution in blaze-ds-opt and… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2025-49128: com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Di… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2025-52999: com.fasterxml.jackson.core/jackson-core: jackson-core Potential… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| com.azure:azure-storage-blob:MIT |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License MIT PkgName: notice Classification: com.azure:azure-… |
| com.google.api-client:google-api-client:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
| com.google.apis:google-api-services-drive:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
| com.google.apis:google-api-services-sheets:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
| com.google.oauth-client:google-oauth-client-jetty:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
libs/utils/src/main/java/com/akto/jobs/executors/AIAgentConnectorSyncJobExecutor.java
Show resolved
Hide resolved
There was a problem hiding this comment.
🤖 AI Security analysis: "Critical OS command injection in AIAgentConnectorSyncJobExecutor allows remote command execution; many medium-risk findings center on Jackson deserialization/DoS/memory flaws plus unreviewed dependency license concerns, raising supply-chain risk."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 85.0/100 |
Top 11 security issues / 187 total (Critical: 1, High: 0, Medium: 186, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| OS Command Injection |
libs/utils/src/main/java/com/akto/jobs/executors/AIAgentConnectorSyncJobExecutor.java:138 |
Use a hardcoded set of arguments that are to be passed to OS commands. If filenames are b… |
| CVE-2018-11307: jackson-databind: Potential information exfiltration with defau… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2018-14718: jackson-databind: arbitrary code execution in slf4j-ext class |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2018-14719: jackson-databind: arbitrary code execution in blaze-ds-opt and… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2025-49128: com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Di… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2025-52999: com.fasterxml.jackson.core/jackson-core: jackson-core Potential… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| com.azure:azure-storage-blob:MIT |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License MIT PkgName: notice Classification: com.azure:azure-… |
| com.google.api-client:google-api-client:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
| com.google.apis:google-api-services-drive:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
| com.google.apis:google-api-services-sheets:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
| com.google.oauth-client:google-oauth-client-jetty:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
libs/utils/src/main/java/com/akto/jobs/executors/AIAgentConnectorSyncJobExecutor.java
Show resolved
Hide resolved
There was a problem hiding this comment.
🤖 AI Security analysis: "A critical OS command injection in AIAgentConnectorSyncJobExecutor allows arbitrary command execution. Many medium-risk issues stem from vulnerable Jackson dependencies and license/policy flags in build files, creating supply-chain and compliance exposure. Immediate fixes are required to prevent remote code execution and dependency-based attacks."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 88.0/100 |
Top 11 security issues / 187 total (Critical: 1, High: 0, Medium: 186, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| OS Command Injection |
libs/utils/src/main/java/com/akto/jobs/executors/AIAgentConnectorSyncJobExecutor.java:143 |
Use a hardcoded set of arguments that are to be passed to OS commands. If filenames are b… |
| CVE-2018-11307: jackson-databind: Potential information exfiltration with defau… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2018-14718: jackson-databind: arbitrary code execution in slf4j-ext class |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2018-14719: jackson-databind: arbitrary code execution in blaze-ds-opt and… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2025-49128: com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Di… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2025-52999: com.fasterxml.jackson.core/jackson-core: jackson-core Potential… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| com.azure:azure-storage-blob:MIT |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License MIT PkgName: notice Classification: com.azure:azure-… |
| com.google.api-client:google-api-client:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
| com.google.apis:google-api-services-drive:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
| com.google.apis:google-api-services-sheets:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
| com.google.oauth-client:google-oauth-client-jetty:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
libs/utils/src/main/java/com/akto/jobs/executors/AIAgentConnectorSyncJobExecutor.java
Show resolved
Hide resolved
There was a problem hiding this comment.
🤖 AI Security analysis: "A critical OS command injection in AIAgentConnectorSyncJobExecutor allows arbitrary command execution. Many medium-risk issues stem from vulnerable Jackson dependencies and license/policy flags in build files, creating supply-chain and compliance exposure. Immediate fixes are required to prevent remote code execution and dependency-based attacks."
| Risk Level | AI Score |
|---|---|
| 🔴 CRITICAL | 88.0/100 |
Top 11 security issues / 187 total (Critical: 1, High: 0, Medium: 186, Low: 0)
| Title | Location | Recommendation |
|---|---|---|
| OS Command Injection |
libs/utils/src/main/java/com/akto/jobs/executors/AIAgentConnectorSyncJobExecutor.java:143 |
Use a hardcoded set of arguments that are to be passed to OS commands. If filenames are b… |
| CVE-2018-11307: jackson-databind: Potential information exfiltration with defau… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2018-14718: jackson-databind: arbitrary code execution in slf4j-ext class |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2018-14719: jackson-databind: arbitrary code execution in blaze-ds-opt and… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2025-49128: com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Di… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| CVE-2025-52999: com.fasterxml.jackson.core/jackson-core: jackson-core Potential… |
libs/utils/pom.xml:1 |
libs/utils/pom.xml: com.fasterxml.jackson.core:[email protected] |
| com.azure:azure-storage-blob:MIT |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License MIT PkgName: notice Classification: com.azure:azure-… |
| com.google.api-client:google-api-client:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
| com.google.apis:google-api-services-drive:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
| com.google.apis:google-api-services-sheets:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
| com.google.oauth-client:google-oauth-client-jetty:Apache-2.0 |
libs/utils/pom.xml:1 |
Artifact: libs/utils/pom.xml License Apache-2.0 PkgName: notice Classification: com.googl… |
| // Unmodifiable list ensures tokens cannot be altered and prevents shell interpretation | ||
| java.util.List<String> command = java.util.Collections.unmodifiableList( | ||
| java.util.Arrays.asList(execCanonical, "-once") | ||
| ); |
There was a problem hiding this comment.
| ); | |
| String binaryName = strategy.getBinaryName(); | |
| // Validate binary name strictly: it must not contain path separators or shell/meta characters and should be a simple filename token. | |
| if (binaryName == null || binaryName.isEmpty() || binaryName.contains(File.separator) || !binaryName.matches("^[a-zA-Z0-9._-]+$")) { | |
| throw new Exception("Invalid binary name from strategy: " + binaryName); | |
| } |
🔴 CRITICAL: OS Command Injection
Ensure the binary name cannot contain path separators or shell/meta characters and only consists of a safe whitelist of characters. This prevents attacker-controlled values from injecting into the executed command or causing path traversal to arbitrary binaries.
There was a problem hiding this comment.
Bot is hallucinating, repeating the same instructions now.
Implemented a comprehensive connector management system for AI agent imports, enabling users to configure and schedule data ingestion from N8N, Langchain (LangSmith), and Microsoft Copilot Studio (AppInsights) directly through the Akto dashboard.